def handle_tcp_telnet(socket, dstport): socket = TextChannel(socket) try: socket.send("Linux-x86/2.4\nSamsung Smart TV\n\nlocalhost login: "******"Password: "******"\n\nSuccessfully logged in. Log in successful.\n") socket.send("Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n") socket.send("Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a)) process_commandline(socket, readline(socket, True, 10).strip()) interactive_shell(socket, ps1b, 10) except Exception as err: #print(traceback.format_exc()) pass try: print("-- TELNET TRANSPORT CLOSED --") socket.close() except: pass
def handle_tcp_telnet(socket, dstport): socket = TextChannel(socket) try: socket.send("Linux-x86/2.4\nSamsung Smart TV\n\nlocalhost login: "******"Password: "******"\n\nSuccessfully logged in. Log in successful.\n") socket.send( "Busybox v1.01 (2014.08.14-10:49+0000) Built-in shell (ash)\n") socket.send( "Enter 'help' for a list of built-in commands.\n\n{}".format(ps1a)) process_commandline(socket, readline(socket, True, 10).strip()) interactive_shell(socket, ps1b, 10) except Exception: print(traceback.format_exc()) pass try: print("-- TELNET TRANSPORT CLOSED --") socket.close() except: pass
def handle_udp_netis_backdoor(socket, data, srcpeername, dstport): tee_received_bin(data) if data == '\n': print("Netis backdoor scan received") socket.sendto(tee_sent_bin('\n\0\0\6\0\1\0\0\0\0\320\245Login:'******'AAAAAAAAnetcore\0'): print("Netis backdoor enable command received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\0\0Login successed!\r\n'), srcpeername) # sic elif data.startswith('AA\0\0AAAA?\0'): print("Netis backdoor version query received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0IGD MPT Interface daemon 1.0\0'), srcpeername) elif data.startswith('AA\0\0AAAA$GetVersion\0'): print("Netis backdoor $GetVersion command received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\0\0{}'.format(VERSION_TEXT)), srcpeername) elif data.startswith('AA\0\0AAAA$Help\0'): print("Netis backdoor $Help command received") socket.sendto(tee_sent_bin('AA\0\5ABAA\0\0\1\0{}'.format(HELP_TEXT)), srcpeername) elif data.startswith('AA\0\0AAAA'): print("\nNetis backdoor execute command received:") command = tee_received_text(data[8:].strip()) print("") outstream = StringIO.StringIO() outstream.send = outstream.write # HACK process_commandline(outstream, command) output = tee_sent_text(outstream.getvalue()) print("\nAssembled reply packets:") marker = 'B' while len(output) > 0: curr_block = output[:1991] output = output[1991:] socket.sendto(tee_sent_bin('AA\0\4A{}AA{}'.format(marker, curr_block)), srcpeername) marker = chr(1 + ord(marker)) socket.sendto(tee_sent_bin('AA\0\5A{}AA\0\0\0\0'.format(marker)), srcpeername) else: print("Unknown Netis backdoor command")