Created
October 2, 2020 22:31
-
-
Save JoshuaCurry/e3f61916e98ff33d1c892927bcd9e865 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Quick and dirty python script to power on/off projector or set any other setting | |
# Use RS232 command list for commands | |
# run in a named screen if you're putting in crontab; pwntools requires ncurses to have $TERM | |
# screen -dmS myscreen /opt/this.py | |
from pwn import * | |
import hashlib | |
def sendCommand(command,ip='192.168.1.128',port=1024): | |
conn = remote(ip,port) | |
helo = conn.recvuntil(b'\x0d').rstrip(b"\r\n") | |
print("\r\r") | |
print("Received {"+str(helo)+"}") | |
helo = helo.decode().split(" ") | |
proto = helo[0] | |
prot = helo[1] | |
nonce = helo[2] | |
print("\rNonce= {"+str(nonce)+"}") | |
m = hashlib.md5() | |
export = ("admin1:panasonic:"+nonce).encode("utf-8") | |
m.update(export) | |
dig = m.hexdigest() | |
siz = m.digest_size | |
print("Received nonce {} and digested to {} ({})".format(export,dig,siz)) | |
toSend = str(dig)+"00"+str(command)+'\x0d' | |
conn.send(toSend) | |
print("Sent "+str(toSend)) | |
status = str(conn.recvuntil(b'\x0d')[:-1]) | |
print("Status response: {}".format(status)) | |
if command in status: | |
print("\rSUCCESS\r") | |
else: | |
print("YOU DUN FUCKED UP") | |
conn.close() | |
# Power off | |
sendCommand("POF") | |
# Power on | |
# sendCommand("PON") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment