Skip to content

Commit

Permalink
Check whether the exploit worked by testing the remote port 22 (#148)
Browse files Browse the repository at this point in the history
  • Loading branch information
tedestar authored Sep 22, 2022
1 parent 315024b commit bac6514
Showing 1 changed file with 35 additions and 4 deletions.
39 changes: 35 additions & 4 deletions remote_command_execution_vulnerability.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import random
import hashlib
import platform
import socket

if platform.system() == "Windows":
sys.exit("Stopping: script can only be run on a Mac/Linux system")
Expand Down Expand Up @@ -131,7 +132,37 @@ def send_test_netspeed_request(router_ip_address, stok, port):
else: # Use remote github repository. port setted to 0.
send_test_netspeed_request(router_ip_address, stok, port=0)

print("done! Now you can connect to the router using several options: (user: root, password: root)")
print("* telnet {}".format(router_ip_address))
print("* ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@{}".format(router_ip_address))
print("* ftp: using a program like cyberduck")
retry = 3
delay = 1
timeout = 3
def isOpen(ip, port):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.settimeout(timeout)
try:
s.connect((ip, int(port)))
s.shutdown(socket.SHUT_RDWR)
return True
except:
return False
finally:
s.close()

def checkHost(ip, port):
ipup = False
for i in range(retry):
if isOpen(ip, port):
ipup = True
break
else:
time.sleep(delay)
return ipup

if checkHost(router_ip_address, 22):
print("done! Now you can connect to the router using several options: (user: root, password: root)")
print("* telnet {}".format(router_ip_address))
print("* ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c 3des-cbc -o UserKnownHostsFile=/dev/null root@{}".format(router_ip_address))
print("* ftp: using a program like cyberduck")
else:
print("Warning: the process has finished, but seems like ssh connection to the router is not working as expected.")
print("* Maybe your firmware version is not supported, please have a look at https://github.com/acecilia/OpenWRTInvasion/blob/master/README.md#unsupported-routers-and-firmware-versions")
print("* Anyway you can try it with: telnet {}".format(router_ip_address))

0 comments on commit bac6514

Please sign in to comment.