Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.
Path: blob/master/modules/auxiliary/admin/wemo/crockpot.rb
Views: 11784
##1# This module requires Metasploit: https://metasploit.com/download2# Current source: https://github.com/rapid7/metasploit-framework3##45class MetasploitModule < Msf::Auxiliary67include Msf::Exploit::Remote::HttpClient8prepend Msf::Exploit::Remote::AutoCheck910def initialize(info = {})11super(update_info(info,12'Name' => 'Belkin Wemo-Enabled Crock-Pot Remote Control',13'Description' => %q{14This module acts as a simple remote control for Belkin Wemo-enabled15Crock-Pots by implementing a subset of the functionality provided by the16Wemo App.1718No vulnerabilities are exploited by this Metasploit module in any way.19},20'Author' => 'wvu',21'References' => [22['URL', 'https://www.crock-pot.com/wemo-landing-page.html'],23['URL', 'https://www.belkin.com/us/support-article?articleNum=101177'],24['URL', 'http://www.wemo.com/']25],26'License' => MSF_LICENSE,27'Actions' => [28['Cook', 'Description' => 'Cook stuff'],29['Stop', 'Description' => 'Stop cooking']30],31'DefaultAction' => 'Cook',32'Notes' => {33'Stability' => [CRASH_SAFE],34'SideEffects' => [PHYSICAL_EFFECTS]35}36))3738register_options([39Opt::RPORT(49152),40OptEnum.new('TEMP', [true, 'Temperature', 'Off', modes.keys]),41OptInt.new('TIME', [true, 'Cook time in minutes', 0])42])4344register_advanced_options([45OptBool.new('DefangedMode', [true, 'Run in defanged mode', true])46])47end4849def check50res = send_request_cgi(51'method' => 'GET',52'uri' => '/setup.xml'53)5455if res && res.code == 200 && res.body.include?('urn:Belkin:device:')56if res.body.include?('urn:Belkin:device:crockpot:1')57vprint_good('Wemo-enabled Crock-Pot detected')58return Exploit::CheckCode::Appears59end6061vprint_status('Wemo device detected, but it is not a Crock-Pot')62return Exploit::CheckCode::Detected63end6465Exploit::CheckCode::Safe66end6768def run69if datastore['DefangedMode']70print_error('Running in defanged mode')71return72end7374case action.name75when 'Cook'76print_status("Cooking on #{datastore['TEMP']} for #{datastore['TIME']}m")77res = send_request_cook(datastore['TEMP'], datastore['TIME'])78when 'Stop'79print_status('Setting temperature to Off and cook time to 0m')80res = send_request_cook('Off', 0)81end8283unless res && res.code == 200 && (time = res.get_xml_document.at('//time'))84print_error("Failed to #{action.name.downcase}, aborting!")85return86end8788print_good("Cook time set to #{time.text}m")89end9091def send_request_cook(temp, time)92send_request_cgi(93'method' => 'POST',94'uri' => '/upnp/control/basicevent1',95'ctype' => 'text/xml',96'headers' => {97'SOAPACTION' => '"urn:Belkin:service:basicevent:1#SetCrockpotState"'98},99'data' => generate_soap_xml(temp, time)100)101end102103def generate_soap_xml(temp, time)104<<~EOF105<?xml version="1.0" encoding="utf-8"?>106<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">107<s:Body>108<u:SetCrockpotState xmlns:u="urn:Belkin:service:basicevent:1">109<mode>#{modes[temp]}</mode>110<time>#{time}</time>111</u:SetCrockpotState>112</s:Body>113</s:Envelope>114EOF115end116117def modes118{119'Off' => 0,120'Warm' => 50,121'Low' => 51,122'High' => 52123}124end125126end127128129