Skip to content

Instantly share code, notes, and snippets.

@j-baines

j-baines/winbox-username-scan.py Secret

Created July 18, 2023 19:35
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save j-baines/c484fc2988123bc4626efea74c316615 to your computer and use it in GitHub Desktop.
Save j-baines/c484fc2988123bc4626efea74c316615 to your computer and use it in GitHub Desktop.
Download ZIP
Determine if the admin user is still configured
Raw
winbox-username-scan.py
import argparse
import csv
import sys
import socket
if __name__ == "__main__":
parser = argparse.ArgumentParser(description='winbox username scanner')
parser.add_argument('--csv', action="store", dest="csv_file", required=True, help="The ip list")
args = parser.parse_args()
with open(args.csv_file, newline='') as csvfile:
ip_reader = csv.reader(csvfile, delimiter=',')
for row in ip_reader:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
try:
s.settimeout(10)
s.connect((row[0], int(row[1])))
s.sendall(b"\x27\x06admin\x00\x44\x45\x38\xa2\x6b\x89\x49\x32\x1c\x74\xef\x0d\x9d\xf4\xae\x0b\x20\xb1\xd8\x55\x9d\x0c\x8a\x5e\x8a\xea\xd7\xa6\x0e\x01\x02\xc7\x00")
lengthByte = s.recv(1)
lengthInt = int.from_bytes(lengthByte, "big")
if lengthInt == 33:
print(f"{row[0]},{row[1]},bad user")
elif lengthInt == 49:
serverData = s.recv(lengthInt)
pkey = serverData[1:33]
salt = serverData[35:]
print(f"{row[0]},{row[1]},{salt}")
else:
print(f"{row[0]},{row[1]},invalid")
sys.stdout.flush()
except:
pass
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment