This Python-based tool is designed to exploit Remote Code Execution (RCE) vulnerabilities in Xiaomi routers. It automates the process of retrieving the session token (stok) from the router, sending malicious payloads, and receiving files back from the router for further analysis. This tool is ideal for security researchers and penetration testers focusing on identifying and exploiting vulnerabilities in Xiaomi routers.
- Automated Session Token Retrieval: Authenticates with Xiaomi routers using an IP address and password to fetch the session token (
stok) for executing commands on the router. - Multiple RCE Triggers: Supports different methods for triggering RCE vulnerabilities through crafted payloads.
- Payload Injection: Loads a list of exploit payloads from
payloads.txtfor automated testing. - File Retrieval: Includes a TCP server that receives files sent back from the router after a successful exploit.
- Logging and Monitoring: Tracks and logs HTTP requests and responses, providing insight into potential vulnerabilities.
- Graceful Error Handling: Manages errors gracefully, including invalid URLs or missing session tokens.
- Python 3.6+
- Requests Library: To make HTTP requests to the router.
- Dependencies: Install listed packages from
requirements.txtusingpip.
- Clone the Repository:
git clone https://github.com/alyaparan/xiaomi-rce-exploit.git cd xiaomi-rce-exploit
pip install -r requirements.txtRun the Exploit: File Server: The file server will start automatically to receive any files sent from the router.
python main.py The application is structured as follows:
xiaomi-rce-exploit/
│
├── main.py # Entry point of the application
├── rce_triggers.py # Contains multiple RCE triggering methods
├── stok_retriever.py # Module for authenticating and retrieving the stok
├── file_server.py # TCP server to receive files from the router
├── payloads.txt # Contains RCE payloads for automated testing
├── received/ # Directory to store received files from the router
│ └── (files will be saved here)
├── requirements.txt # Optional: A list of dependencies like `requests`
└── README.md # Documentation and instructions (optional)This tool is intended strictly for educational and research purposes. Ensure you have legal authorization to test and exploit any device or network. Unauthorized access or use of devices without explicit permission is illegal and punishable by law. The authors of this tool assume no responsibility for any illegal or unethical usage.
Use responsibly and within the boundaries of the law.
This format is suitable for a README.md file, providing detailed project information and usage instructions in Markdown syntax.