_________ .__ .__ _________ __ \_ ___ \_____ | | | | / _____// |_____________ ____ ____ ___________ / \ \/\__ \ | | | | \_____ \ __\_ __ \__ \ / \ / ___\_/ __ \_ __ \ \ \____/ __ \| |_| |__/ \| | | | \// __ \| | \/ /_/ > ___/| | \/ \______ (____ /____/____/_______ /|__| |__| (____ /___| /\___ / \___ >__| \/ \/ \/ \/ \//_____/ \/ This script created by Yunus Çadırcı (https://twitter.com/yunuscadirci) to checkagainst CallStranger (CVE-2020-12695) vulnerability. An attacker can use this vulnerability for: * Bypassing DLP for exfiltrating data * Using millions of Internet-facing UPnP device as source of amplified reflected TCP DDoS / SYN Flood * Scanning internal ports from Internet facing UPnP devices You can find detailed information on https://www.callstranger.com Stranger Host: http://52.224.89.137 Stranger Port: 80 !Error in service definition http://192.168.1.24:2869 urn:dial-multiscreen-org:service:dial:1 10 devices found: Huawei Home Gateway http://192.168.1.1:37215 ( http://192.168.1.1:37215/upnpdev.xml ) 5 service(s) found for Huawei Home Gateway urn:schemas-upnp-org:service:Layer3Forwarding:1 --> http://192.168.1.1:37215/evt/Layer3Forwarding_1 urn:schemas-upnp-org:service:WANCommonInterfaceConfig:1 --> http://192.168.1.1:37215/evt/WANCommonInterfaceConfig_1 urn:schemas-upnp-org:service:WANPPPConnection:1 --> http://192.168.1.1:37215/evt/WANPPPConnection_1 urn:schemas-upnp-org:service:WANEthernetLinkConfig:1 --> http://192.168.1.1:37215/evt/WANEthernetLinkConfig_1 urn:schemas-upnp-org:service:LANHostConfigManagement:1 --> http://192.168.1.1:37215/evt/LANHostConfigManagement_1 OturmaTV http://192.168.1.22:2870 ( http://192.168.1.22:2870/dmr.xml ) 3 service(s) found for OturmaTV urn:schemas-upnp-org:service:RenderingControl:3 --> http://192.168.1.22:2870/event/RenderingControl urn:schemas-upnp-org:service:ConnectionManager:3 --> http://192.168.1.22:2870/event/ConnectionManager urn:schemas-upnp-org:service:AVTransport:3 --> http://192.168.1.22:2870/event/AVTransport ChromecastOturma4k http://192.168.1.21:8008 ( http://192.168.1.21:8008/ssdp/device-desc.xml ) 1 service(s) found for ChromecastOturma4k urn:dial-multiscreen-org:service:dial:1 --> http://192.168.1.21:8008/ssdp/notfound --skipping http://192.168.1.21:8008/ssdp/notfound because it contains dummy service keywords VESTEL TV http://192.168.1.40:2870 ( http://192.168.1.40:2870/dmr.xml ) 3 service(s) found for VESTEL TV urn:schemas-upnp-org:service:RenderingControl:1 --> http://192.168.1.40:2870/RenderingControl/event urn:schemas-upnp-org:service:ConnectionManager:1 --> http://192.168.1.40:2870/ConnectionManager/event urn:schemas-upnp-org:service:AVTransport:1 --> http://192.168.1.40:2870/AVTransport/event MutfakChromecast http://192.168.1.36:8008 ( http://192.168.1.36:8008/ssdp/device-desc.xml ) 1 service(s) found for MutfakChromecast urn:dial-multiscreen-org:service:dial:1 --> http://192.168.1.36:8008/ssdp/notfound --skipping http://192.168.1.36:8008/ssdp/notfound because it contains dummy service keywords VESTEL TV http://192.168.1.40:2870 ( http://192.168.1.40:2870/dmr.xml ) 3 service(s) found for VESTEL TV urn:schemas-upnp-org:service:RenderingControl:1 --> http://192.168.1.40:2870/RenderingControl/event urn:schemas-upnp-org:service:ConnectionManager:1 --> http://192.168.1.40:2870/ConnectionManager/event urn:schemas-upnp-org:service:AVTransport:1 --> http://192.168.1.40:2870/AVTransport/event DESKTOP-AEE3E5V http://192.168.1.31:2869 ( http://192.168.1.31:2869/upnphost/udhisapi.dll?content=uuid:7ea9d240-fbe4-4ad8-8001-5074901c3695 ) 1 service(s) found for DESKTOP-AEE3E5V urn:schemas-upnp-org:service:RenderingControl:1 --> http://192.168.1.31:2869/upnphost/udhisapi.dll?event=uuid:7ea9d240-fbe4-4ad8-8001-5074901c3695+urn:upnp-org:serviceId:RenderingControl OturmaTV http://192.168.1.22:49154 ( http://192.168.1.22:49154/nmsDescription-Wifi.xml ) 2 service(s) found for OturmaTV urn:schemas-upnp-org:service:ContentDirectory:3 --> http://192.168.1.22:49154/upnp/event/ContentDirectoryNmsO urn:schemas-upnp-org:service:ConnectionManager:2 --> http://192.168.1.22:49154/upnp/event/ConnectionManagerNmsO XboxOne http://192.168.1.24:2869 ( http://192.168.1.24:2869/upnphost/udhisapi.dll?content=uuid:e69c8b0b-8a9d-4811-839e-c94650077ee0 ) 0 service(s) found for XboxOne XboxOne http://192.168.1.24:2869 ( http://192.168.1.24:2869/upnphost/udhisapi.dll?content=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c ) 3 service(s) found for XboxOne urn:schemas-upnp-org:service:RenderingControl:1 --> http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:RenderingControl urn:schemas-upnp-org:service:AVTransport:1 --> http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:AVTransport urn:schemas-upnp-org:service:ConnectionManager:1 --> http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:ConnectionManager Total 20 service(s) found. do you want to continue to VERIFY if service(s) are vulnerable? Be careful: This operation needs Internet access and may transfer data about devices over network. Data encrypted on local and we cant see which services are vulnerable but ISPs and other elements may be able to inspect HTTP headers created by UPnP device. Because most of UPnPstack do not allow SSL conenction we couldnot use it. Do you want to continue? y/N y Successfully get session:r6orrclhtqfh0a93t3kfojnnei Symmetric random key for encryption. b'Go1wFTPGjWjQFL5IqaskAYlVxIKwkoBigh-fH1du5qA=' We do not send this value to server so we can not see which services are vulnerable. All confirmation process is done on client side Calling stranger for http://192.168.1.1:37215/evt/Layer3Forwarding_1 with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWV5XK2XFE44E3YnlJEvwOzmbjweURfXytOY5kixsyDnVv0v9RsKonB2_-4MWbxM_Hy-s0s3q_aF_mVk4LnKePcGo9YTjuqv5ycdO_pPeGAWckuo4rLgf6u-RDpaeE8uP_W&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.1:37215/evt/Layer3Forwarding_1 seems successfull {'Server': 'ATP UPnP Core', 'TIMEOUT': 'Second-1800', 'SID': 'uuid:07541427-8712-7236-3255-534778139122', 'Date': 'Mon, 08 Jun 2020 00:25:57 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.1:37215/evt/WANCommonInterfaceConfig_1 with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWVLshWWvRarU53ZwxoCFOsVKlzvxHYTuvTlFythcrikUmm-I-Bac84Efp4e0XmTnq6AYfNRF6fMfBRTTtB7c7e_AMezF8CxE5pByWIH-pjEY8hdZjkq243hUHnxojrSdBUfE2nooIG7XnGj_5CRcF2mQ==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.1:37215/evt/WANCommonInterfaceConfig_1 seems successfull {'Server': 'ATP UPnP Core', 'TIMEOUT': 'Second-1800', 'SID': 'uuid:75999631-3299-6264-5634-283337000299', 'Date': 'Mon, 08 Jun 2020 00:25:57 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.1:37215/evt/WANPPPConnection_1 with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWVMBZ32seTGnWULJeEAYtkkCLAZgoSnA4mDUQWA3HgtzLVUhte9ldC7L4Irp-bMZ2U-OSxJEPlgBIyG8AFbtDslccGnXLnpXOFnjxk5O8foL0yHFNC9aFyItpGQxyH2dJ1&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.1:37215/evt/WANPPPConnection_1 seems successfull {'Server': 'ATP UPnP Core', 'TIMEOUT': 'Second-1800', 'SID': 'uuid:15270507-7650-2562-8900-065631906156', 'Date': 'Mon, 08 Jun 2020 00:25:57 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.1:37215/evt/WANEthernetLinkConfig_1 with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWkGOlOYY7DPkD-wMLwlYEEQYiXBqb5Exqf8AYxPa0WwR939J8IRo7mBWhWyvcgJOUd0_Oq4gZe34c7WG4nkeSqyGK0eL5aiTbNloKD2hh9uI2f_1Up1aSyzeXvMqZNci1VUoPG6wJgohm-nmlyQ0Tuw==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.1:37215/evt/WANEthernetLinkConfig_1 seems successfull {'Server': 'ATP UPnP Core', 'TIMEOUT': 'Second-1800', 'SID': 'uuid:24355442-5570-5931-4343-194825614057', 'Date': 'Mon, 08 Jun 2020 00:25:57 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.1:37215/evt/LANHostConfigManagement_1 with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWj2p8LBMaEP_4DjAsu2kxJ6YFc6TZkwpcmsbeZwu2afDkmGAI25fTNRsM3QkULHjK5OHwGpoLn0b-vk_SPoN8we8y22VIH9d9n_xbz4PDvy-6CWk5g1704fqyZbezDx4dTuIQ7acB4So-VA0tINJyNw==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.1:37215/evt/LANHostConfigManagement_1 failed with status code:501 {'Server': 'ATP UPnP Core', 'Date': 'Mon, 08 Jun 2020 00:25:57 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.22:2870/event/RenderingControl with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWUzY8zZZNQa9rITEnhjF5odGZvNMjbOnrWDQyw2SqINUhgLPJ9cPWUbAiqVfhKm4WR1GMcSsUACUn4AUODJaQxQogGlnVHBpfFjUxdB6NJQ6iWOaXUgRI_GvaHwrSiNrg&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.22:2870/event/RenderingControl seems successfull {'DATE': 'Mon, 08 Jun 2020 00:25:57 GMT', 'SERVER': 'IPI/1.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13d360b0-a367-108f-91f2-f1edf2b0e95d', 'TIMEOUT': 'Second-300', 'CONTENT-LENGTH': '0', 'CONNECTION': 'Keep-Alive'} Calling stranger for http://192.168.1.22:2870/event/ConnectionManager with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWOQBg1sorO_142fdTj_sFnwj9PP4aApYtN1KsHnoqL0BcGSiltD1lIuAsL1ektaTCHpGgZhQ6c_VopLkjmOJLQKrlUJgXHXY6AdBrxy68rNtD4KZCntg0oCibT34VjTsnumrOWCr8sCkdG4QbnCR6Og==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.22:2870/event/ConnectionManager seems successfull {'DATE': 'Mon, 08 Jun 2020 00:25:57 GMT', 'SERVER': 'IPI/1.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13d79680-a367-108f-a110-c831563f5ca1', 'TIMEOUT': 'Second-300', 'CONTENT-LENGTH': '0', 'CONNECTION': 'Keep-Alive'} Calling stranger for http://192.168.1.22:2870/event/AVTransport with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWG6XmqZ9_JaVW8xPdlnQu9HQpnyYHI2ZbN6Y0c-nwXbkrlA7cSX0U5626d1tlFD7ych9aGIpOifL7_rtlgbboyvIvAO1seF5FuWR8frXo0GFBSHJBkdQ8t0OVvBTN7IWL&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.22:2870/event/AVTransport seems successfull {'DATE': 'Mon, 08 Jun 2020 00:25:57 GMT', 'SERVER': 'IPI/1.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13dad8ea-a367-108f-b03b-8c7873ef35d5', 'TIMEOUT': 'Second-300', 'CONTENT-LENGTH': '0', 'CONNECTION': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/RenderingControl/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWi6_kQRD9_BlTw5H_l8rJhxeLAvW7ATHiCA_ujFMqU2-dNvqvvNRUjSiQrg7iBs9ZdSZ7G6_MGiCegednsrliB8x4cDHWZzeEOMepYFwuYtfoHWPDTmxB8rBaiw3yJoMW&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/RenderingControl/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13ee21ca-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/ConnectionManager/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWXR_Gu_ezGeBcP647McEl1x-mNmdVzDcxNxLDxO08n_N4-9pBSV6nmDr_f1neKksBifRWmlN190xcSvn1U0nLBTDDKTQRgcUk1z8lugO219ot8bO0OlJ8JnzWu8SW2tchN5sa4gyZuWPXQqgI0Pp0pA==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/ConnectionManager/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13f19422-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/AVTransport/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWPiyMRzJ8aH74NalQzsCy_HKFJYBNMGvM4YXrLJI6KYm5h4C7euiyTOpDTBnEv5PVyT3xmaSDe-rf7MuHF7NODI_BtIuOp2GhYIvqVe5SkG2WOLmuFOJ-idh_iV5Tsgmm&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/AVTransport/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13f5d366-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/RenderingControl/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWfuQFrRxSbxmbzqOMmyd2pxXw_hpuUyfkXsc0NiKtwimoySNOYZTYva4QPHEOhX9hO-gOnlAhbUd0KychcNxH4Xh5nVzfviYoE7HevWrxcsBlnXB-QHhll2UOa5eur1JV&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/RenderingControl/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13f9edd4-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/ConnectionManager/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWjdQFgMHTJpFTapC3U9KUoliVYdFTwqUNo8-HEhkYSmly-3N_cjHVCzYzc2IFGnt_M4x3turFl7DjRdmCqzS99esrOwlpZG0EepN1JaS1FEZoeKfkF76Iz87FUv66toiajg2ZTtdK9CdifV-g3O8Mgg==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/ConnectionManager/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:13fde470-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.40:2870/AVTransport/event with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWmCSFApQW0EqwcjkTPG0ITz1iHTeJru5Jf7D0IXKCaCnFBo9ynh5QCDfSGuR7YpXd5OpBbAFqa58-QwNNlZaT0SMTViuiCGqszyjTdRrgiLYiMv8mJAVPBg07CrK3ILKx&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.40:2870/AVTransport/event seems successfull {'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Server': 'NFLC/3.0 UPnP/1.0 DLNADOC/1.50', 'SID': 'uuid:14021f2c-a368-108f-8000-980983715753', 'Timeout': 'Second-300', 'Content-Length': '0', 'Connection': 'Keep-Alive'} Calling stranger for http://192.168.1.31:2869/upnphost/udhisapi.dll?event=uuid:7ea9d240-fbe4-4ad8-8001-5074901c3695+urn:upnp-org:serviceId:RenderingControl with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWvDaVq8jWD6aBLJwpfWUZbKyyzJxiYd2BwqkoO8bUTDhTGBWvDC1pSDhqh46rM_Htk0AQ6-N47JEA8ljP-JF073U6TeQZoQsGlyto6Hj0AYVqZlGOpGmnL32pNgsWntKWJnHYjId5rMb2Bhm4EFTEwVen_CLBZLUmnjXJNFSHisu1PMrex1SrYhDbxj84t47QTEhnYct1MkYgs5TcajyWG1w7hhW7s0kjQQKCX7krC9lzP_vPSqQXh_9V9ngRmtgr&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.31:2869/upnphost/udhisapi.dll?event=uuid:7ea9d240-fbe4-4ad8-8001-5074901c3695+urn:upnp-org:serviceId:RenderingControl seems successfull {'Server': 'Microsoft-Windows/10.0 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0', 'Timeout': 'Second-300', 'SID': 'uuid:bb7fbaac-4bda-4ca8-aef2-3278083a6c32', 'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.22:49154/upnp/event/ContentDirectoryNmsO with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWW7Vqa-S6ucZXURWKW9dFu8rRTmbby-0cwPSz86jyknMPS34lhsqg7CrZ9C5ifHghlZMvKOv1OCad1ZS-_UPD5mhfSc8DFn2O6z-05QAViBac417YSyPrXCjiE0uo50gjOBtJoQt2NqgON0emOaEVIzg==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.22:49154/upnp/event/ContentDirectoryNmsO seems successfull {'DATE': 'Mon, 08 Jun 2020 00:25:57 GMT', 'SERVER': 'Linux2.6/0.0 UPnP/1.0 PhilipsIntelSDK/1.4 DLNADOC/1.50', 'SID': 'uuid:C0A80120-0000-0000-B469-000000000043', 'TIMEOUT': 'Second-300', 'Content-Length': '0'} Calling stranger for http://192.168.1.22:49154/upnp/event/ConnectionManagerNmsO with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWul-xu0Qd1axJ_sQlFp5CQbODxEVd-1ZkN73VUlyia5-7cPQZaXc-djWuEDAo2DrSYnMFxkGuQa1OUaEtckJDwRQLrQIY7ea210hZ7ZIktxx7caVR7nabCc1WPFuut19b5x6DslU2x3FOV4fpPtu_Yg==&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.22:49154/upnp/event/ConnectionManagerNmsO seems successfull {'DATE': 'Mon, 08 Jun 2020 00:25:57 GMT', 'SERVER': 'Linux2.6/0.0 UPnP/1.0 PhilipsIntelSDK/1.4 DLNADOC/1.50', 'SID': 'uuid:C0A80120-0000-0000-B469-000000000044', 'TIMEOUT': 'Second-300', 'Content-Length': '0'} Calling stranger for http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:RenderingControl with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWj0fPN5jBV5Xvu4Df9kpz0wPqHoLXAg6D459cZbfMi3ssKkAGFfX_6DR5G3rKTEu1Ha-71mBT4MOE93tF27hLYnEtaVsLRrMXhS0QcSMVHf4HrrzY4a_BWkRNKXpeBHne0A8i6gpY3z5zMEfzhw0x-QuaRNdVZlmNnxoxtmAynuYUc92OgEP4O6_C3V8quOXKlsmXPNAnCErboC3Pfruz2YIOccKN0eiN3mfUQFzPXTao1uIWMOU3qmk20cIRHGrH&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:RenderingControl seems successfull {'Server': 'Microsoft-Windows/10.0 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0', 'Timeout': 'Second-300', 'SID': 'uuid:077b00a1-79a4-4a1d-b9d0-798c1cc56f32', 'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:AVTransport with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWW0N606l74W9Rc-WiKLavtt1MWlisg3Vxhe0Qz4hs69Azcm0EDPwcoVvQNTJeg2dpz9i5kR3v9VV9afvpjNmA8s0SSqN3Y0oJjMHb09ylXH4eEcPNZvT8-GyZ_TDCp_zjX0JDN51n_zYa6J8WFGNLPZf_6q8pzDJnUSaXVuf0nhfGK3TR2qTQUMbj1oVer3q7IHIzLefzQEvKS9EK0JaWT9u9KhIeDaa7C0xNxweyvB_LmycISxconCeOLvL6D3njU&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:AVTransport seems successfull {'Server': 'Microsoft-Windows/10.0 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0', 'Timeout': 'Second-300', 'SID': 'uuid:431e2067-e641-4cbb-a587-654425869025', 'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Content-Length': '0'} Calling stranger for http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:ConnectionManager with http://52.224.89.137:80/CallStranger.php?c=addservice&service=gAAAAABe3YWWktGqL5I6ERYBx7j_bL4tt_08w4LL7oRcHkKbphMA-jD931ZynXLNds8NfZArVFiDG2S0V3FTywgSerRjgSn5Gq1ofXTT56LyHqmJvz0h2oqzTE_rpcIC7e8IYa2l4zyIx9rd1GKuOVMrF4ddRNbP1C0MiccNZ69heLYytjQtur2VXNVDKCsItcwJwRF5pACPvm9R8Qitfc485retzbaHLg4DsyUUKr-Av6ETORTr8CFRThbRUy7Ltt4WJXxbpRZb&token=r6orrclhtqfh0a93t3kfojnnei Subscribe to http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:ConnectionManager seems successfull {'Server': 'Microsoft-Windows/10.0 UPnP/1.0 UPnP-Device-Host/1.0 Microsoft-HTTPAPI/2.0', 'Timeout': 'Second-300', 'SID': 'uuid:82b2697c-f6af-4423-b21d-c6ebe09c7576', 'Date': 'Mon, 08 Jun 2020 00:25:58 GMT', 'Content-Length': '0'} Waiting 5 second for server processing Successfully get services from server: http://52.224.89.137:80/CallStranger.php?c=getservices&token=r6orrclhtqfh0a93t3kfojnnei Encrypted vulnerable services: gAAAAABe3YWWUzY8zZZNQa9rITEnhjF5odGZvNMjbOnrWDQyw2SqINUhgLPJ9cPWUbAiqVfhKm4WR1GMcSsUACUn4AUODJaQxQogGlnVHBpfFjUxdB6NJQ6iWOaXUgRI_GvaHwrSiNrg gAAAAABe3YWWOQBg1sorO_142fdTj_sFnwj9PP4aApYtN1KsHnoqL0BcGSiltD1lIuAsL1ektaTCHpGgZhQ6c_VopLkjmOJLQKrlUJgXHXY6AdBrxy68rNtD4KZCntg0oCibT34VjTsnumrOWCr8sCkdG4QbnCR6Og== gAAAAABe3YWWG6XmqZ9_JaVW8xPdlnQu9HQpnyYHI2ZbN6Y0c-nwXbkrlA7cSX0U5626d1tlFD7ych9aGIpOifL7_rtlgbboyvIvAO1seF5FuWR8frXo0GFBSHJBkdQ8t0OVvBTN7IWL gAAAAABe3YWWi6_kQRD9_BlTw5H_l8rJhxeLAvW7ATHiCA_ujFMqU2-dNvqvvNRUjSiQrg7iBs9ZdSZ7G6_MGiCegednsrliB8x4cDHWZzeEOMepYFwuYtfoHWPDTmxB8rBaiw3yJoMW gAAAAABe3YWV5XK2XFE44E3YnlJEvwOzmbjweURfXytOY5kixsyDnVv0v9RsKonB2_-4MWbxM_Hy-s0s3q_aF_mVk4LnKePcGo9YTjuqv5ycdO_pPeGAWckuo4rLgf6u-RDpaeE8uP_W gAAAAABe3YWWXR_Gu_ezGeBcP647McEl1x-mNmdVzDcxNxLDxO08n_N4-9pBSV6nmDr_f1neKksBifRWmlN190xcSvn1U0nLBTDDKTQRgcUk1z8lugO219ot8bO0OlJ8JnzWu8SW2tchN5sa4gyZuWPXQqgI0Pp0pA== gAAAAABe3YWWPiyMRzJ8aH74NalQzsCy_HKFJYBNMGvM4YXrLJI6KYm5h4C7euiyTOpDTBnEv5PVyT3xmaSDe-rf7MuHF7NODI_BtIuOp2GhYIvqVe5SkG2WOLmuFOJ-idh_iV5Tsgmm gAAAAABe3YWWfuQFrRxSbxmbzqOMmyd2pxXw_hpuUyfkXsc0NiKtwimoySNOYZTYva4QPHEOhX9hO-gOnlAhbUd0KychcNxH4Xh5nVzfviYoE7HevWrxcsBlnXB-QHhll2UOa5eur1JV gAAAAABe3YWWjdQFgMHTJpFTapC3U9KUoliVYdFTwqUNo8-HEhkYSmly-3N_cjHVCzYzc2IFGnt_M4x3turFl7DjRdmCqzS99esrOwlpZG0EepN1JaS1FEZoeKfkF76Iz87FUv66toiajg2ZTtdK9CdifV-g3O8Mgg== gAAAAABe3YWWmCSFApQW0EqwcjkTPG0ITz1iHTeJru5Jf7D0IXKCaCnFBo9ynh5QCDfSGuR7YpXd5OpBbAFqa58-QwNNlZaT0SMTViuiCGqszyjTdRrgiLYiMv8mJAVPBg07CrK3ILKx gAAAAABe3YWWvDaVq8jWD6aBLJwpfWUZbKyyzJxiYd2BwqkoO8bUTDhTGBWvDC1pSDhqh46rM_Htk0AQ6-N47JEA8ljP-JF073U6TeQZoQsGlyto6Hj0AYVqZlGOpGmnL32pNgsWntKWJnHYjId5rMb2Bhm4EFTEwVen_CLBZLUmnjXJNFSHisu1PMrex1SrYhDbxj84t47QTEhnYct1MkYgs5TcajyWG1w7hhW7s0kjQQKCX7krC9lzP_vPSqQXh_9V9ngRmtgr gAAAAABe3YWWj0fPN5jBV5Xvu4Df9kpz0wPqHoLXAg6D459cZbfMi3ssKkAGFfX_6DR5G3rKTEu1Ha-71mBT4MOE93tF27hLYnEtaVsLRrMXhS0QcSMVHf4HrrzY4a_BWkRNKXpeBHne0A8i6gpY3z5zMEfzhw0x-QuaRNdVZlmNnxoxtmAynuYUc92OgEP4O6_C3V8quOXKlsmXPNAnCErboC3Pfruz2YIOccKN0eiN3mfUQFzPXTao1uIWMOU3qmk20cIRHGrH gAAAAABe3YWW0N606l74W9Rc-WiKLavtt1MWlisg3Vxhe0Qz4hs69Azcm0EDPwcoVvQNTJeg2dpz9i5kR3v9VV9afvpjNmA8s0SSqN3Y0oJjMHb09ylXH4eEcPNZvT8-GyZ_TDCp_zjX0JDN51n_zYa6J8WFGNLPZf_6q8pzDJnUSaXVuf0nhfGK3TR2qTQUMbj1oVer3q7IHIzLefzQEvKS9EK0JaWT9u9KhIeDaa7C0xNxweyvB_LmycISxconCeOLvL6D3njU gAAAAABe3YWWktGqL5I6ERYBx7j_bL4tt_08w4LL7oRcHkKbphMA-jD931ZynXLNds8NfZArVFiDG2S0V3FTywgSerRjgSn5Gq1ofXTT56LyHqmJvz0h2oqzTE_rpcIC7e8IYa2l4zyIx9rd1GKuOVMrF4ddRNbP1C0MiccNZ69heLYytjQtur2VXNVDKCsItcwJwRF5pACPvm9R8Qitfc485retzbaHLg4DsyUUKr-Av6ETORTr8CFRThbRUy7Ltt4WJXxbpRZb gAAAAABe3YWVMBZ32seTGnWULJeEAYtkkCLAZgoSnA4mDUQWA3HgtzLVUhte9ldC7L4Irp-bMZ2U-OSxJEPlgBIyG8AFbtDslccGnXLnpXOFnjxk5O8foL0yHFNC9aFyItpGQxyH2dJ1 Decyripting vulnerable services with key: b'Go1wFTPGjWjQFL5IqaskAYlVxIKwkoBigh-fH1du5qA=' Verified vulnerable services: 1: http://192.168.1.22:2870/event/RenderingControl 2: http://192.168.1.22:2870/event/ConnectionManager 3: http://192.168.1.22:2870/event/AVTransport 4: http://192.168.1.40:2870/RenderingControl/event 5: http://192.168.1.1:37215/evt/Layer3Forwarding_1 6: http://192.168.1.40:2870/ConnectionManager/event 7: http://192.168.1.40:2870/AVTransport/event 8: http://192.168.1.40:2870/RenderingControl/event 9: http://192.168.1.40:2870/ConnectionManager/event 10: http://192.168.1.40:2870/AVTransport/event 11: http://192.168.1.31:2869/upnphost/udhisapi.dll?event=uuid:7ea9d240-fbe4-4ad8-8001-5074901c3695+urn:upnp-org:serviceId:RenderingControl 12: http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:RenderingControl 13: http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:AVTransport 14: http://192.168.1.24:2869/upnphost/udhisapi.dll?event=uuid:e4d56268-9801-43d2-b1cf-0dbf71d3c06c+urn:upnp-org:serviceId:ConnectionManager 15: http://192.168.1.1:37215/evt/WANPPPConnection_1 Unverified services: http://192.168.1.1:37215/evt/WANCommonInterfaceConfig_1 http://192.168.1.1:37215/evt/WANEthernetLinkConfig_1 http://192.168.1.1:37215/evt/LANHostConfigManagement_1 http://192.168.1.22:49154/upnp/event/ContentDirectoryNmsO http://192.168.1.22:49154/upnp/event/ConnectionManagerNmsO