*# Copyright (c) 2009 Paul Gebheim...import sysimport socketimport array

1. *# Copyright (c) 2009 Paul Gebheim...
2. import sys
3. import socket
4. import array
5. from optparse import OptionParser
6. from Cryptodome.Cipher import Blowfish
7. from Cryptodome.Hash import MD5
8. TELNET_PORT = 23
9. # The version of Blowfish supplied for the telenetenable.c implementation
10. # assumes Big-Endian data, but the code does nothing to convert the
11. # little-endian stuff it's getting on intel to Big-Endian
12. #
13. # So, since Crypto.Cipher.Blowfish seems to assume native endianness, we need
14. # to byteswap our buffer before and after encrypting it
15. #
16. # This helper does the byteswapping on the string buffer
17. def ByteSwap(data):
18. a = array.array('i')
19. if(a.itemsize < 4):
20. a = array.array('L')
21.  
22. if(a.itemsize != 4):
23. print("Need a type that is 4 bytes on your platform so we can fix the data!")
24. exit(1)
25. a.fromstring(data)
26. a.byteswap()
27. return a.tostring()
28. def GeneratePayload(mac, username, password=""):
29. # Pad the input correctly
30. assert(len(mac) < 0x10)
31. just_mac = mac.ljust(0x10, "\x00")
32. assert(len(username) <= 0x10)
33. just_username = username.ljust(0x10, "\x00")
34.  
35. assert(len(password) <= 0x10)
36. just_password = password.ljust(0x10, "\x00")
37. cleartext = (just_mac + just_username + just_password).ljust(0x70, '\x00')
38. md5_key = MD5.new(cleartext).digest()
39. payload = ByteSwap((md5_key + cleartext).ljust(0x80, "\x00"))
40.  
41. secret_key = "AMBIT_TELNET_ENABLE+" + password
42. return ByteSwap(Blowfish.new(secret_key, 1).encrypt(payload))
43. def SendPayload(ip, payload):
44. for res in socket.getaddrinfo(ip, TELNET_PORT, socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_IP):
45. af, socktype, proto, canonname, sa = res
46. try:
47. s = socket.socket(af, socktype, proto)
48. except socket.error as msg:
49. s = None
50. continue
51. try:
52. s.connect(sa)
53. except socket.error as msg:
54. s.close()
55. s= None
56. continue
57. break
58. if s is None:
59. print ("Could not connect to '%s:%d'") % (ip, TELNET_PORT)
60. else:
61. s.send(payload)
62. s.close()
63. print ("Sent telnet enable payload to '%s:%d'") % (ip, TELNET_PORT)
64.  
65. def main():
66. args = sys.argv[1:]
67. if len(args) < 3 or len(args) > 4:
68. print ("usage: python telnetenable.py <ip> <mac> <username> [<password>]")
69. ip = args[0]
70. mac = args[1]
71. username = args[2]
72. password = ""
73. if len(args) == 4:
74. password = args[3]
75. payload = GeneratePayload(mac, username, password)
76. SendPayload(ip, payload)
77. main()*
78.  
79. md5_key = MD5.new(cleartext).digest()
80.  
81. is where I get the error:
82. Traceback (most recent call last):
83. File "telnetenable.py", line 113, in <module>
84. main()
85. File "telnetenable.py", line 110, in main
86. payload = GeneratePayload(mac, username, password)
87. File "telnetenable.py", line 64, in GeneratePayload
88. md5_key = MD5.new(cleartext).digest()
89. File "C:\Users\farme\AppData\Local\Programs\Python\Python36\lib\site-packages\Cryptodome\Hash\MD5.py", line 47, in __init__
90. self._h = _hash_new(*args)
91. TypeError: Unicode-objects must be encoded before hashing