iiBYFzXY

· 8 years ago · Nov 16, 2017, 09:34 AM
1*# Copyright (c) 2009 Paul Gebheim...
2import sys
3import socket
4import array
5from optparse import OptionParser
6from Cryptodome.Cipher import Blowfish
7from Cryptodome.Hash import MD5
8TELNET_PORT = 23
9# The version of Blowfish supplied for the telenetenable.c implementation
10# assumes Big-Endian data, but the code does nothing to convert the
11# little-endian stuff it's getting on intel to Big-Endian
12#
13# So, since Crypto.Cipher.Blowfish seems to assume native endianness, we need
14# to byteswap our buffer before and after encrypting it
15#
16# This helper does the byteswapping on the string buffer
17def ByteSwap(data):
18  a = array.array('i')
19  if(a.itemsize < 4):
20    a = array.array('L')
21  
22  if(a.itemsize != 4):
23    print("Need a type that is 4 bytes on your platform so we can fix the data!")
24    exit(1)
25  a.fromstring(data)
26  a.byteswap()
27  return a.tostring()
28def GeneratePayload(mac, username, password=""):
29  # Pad the input correctly
30  assert(len(mac) < 0x10)
31  just_mac = mac.ljust(0x10, "\x00")
32  assert(len(username) <= 0x10)
33  just_username = username.ljust(0x10, "\x00")
34  
35  assert(len(password) <= 0x10)
36  just_password = password.ljust(0x10, "\x00")
37  cleartext = (just_mac + just_username + just_password).ljust(0x70, '\x00')
38  md5_key = MD5.new(cleartext).digest()
39  payload = ByteSwap((md5_key + cleartext).ljust(0x80, "\x00"))
40  
41  secret_key = "AMBIT_TELNET_ENABLE+" + password
42  return ByteSwap(Blowfish.new(secret_key, 1).encrypt(payload))
43def SendPayload(ip, payload):
44  for res in socket.getaddrinfo(ip, TELNET_PORT, socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_IP):
45    af, socktype, proto, canonname, sa = res
46    try:
47      s = socket.socket(af, socktype, proto)
48    except socket.error as msg:
49      s = None
50      continue
51    try:
52      s.connect(sa)
53    except socket.error as msg:
54      s.close()
55      s= None
56      continue
57    break
58  if s is None:
59    print ("Could not connect to '%s:%d'") % (ip, TELNET_PORT)
60  else:
61    s.send(payload)
62    s.close()
63    print ("Sent telnet enable payload to '%s:%d'") % (ip, TELNET_PORT)
64  
65def main():
66  args = sys.argv[1:]
67  if len(args) < 3 or len(args) > 4:
68    print ("usage: python telnetenable.py <ip> <mac> <username> [<password>]")
69  ip = args[0]
70  mac = args[1]
71  username = args[2]
72  password = ""
73  if len(args) == 4:
74    password = args[3]
75  payload = GeneratePayload(mac, username, password)
76  SendPayload(ip, payload)
77main()*
78
79md5_key = MD5.new(cleartext).digest()
80
81is where I get the error:
82Traceback (most recent call last):
83  File "telnetenable.py", line 113, in <module>
84    main()
85  File "telnetenable.py", line 110, in main
86    payload = GeneratePayload(mac, username, password)
87  File "telnetenable.py", line 64, in GeneratePayload
88    md5_key = MD5.new(cleartext).digest()
89  File "C:\Users\farme\AppData\Local\Programs\Python\Python36\lib\site-packages\Cryptodome\Hash\MD5.py", line 47, in __init__
90    self._h = _hash_new(*args)
91TypeError: Unicode-objects must be encoded before hashing