2021-05-31 14:13:01 +02:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
|
|
|
def generateTemplate(baseUrl):
|
|
|
|
template = """#!/usr/bin/env python
|
|
|
|
|
2021-06-11 12:44:35 +02:00
|
|
|
import sys
|
2021-05-31 14:13:01 +02:00
|
|
|
import json
|
2021-06-11 12:44:35 +02:00
|
|
|
import base64
|
|
|
|
import requests
|
2021-05-31 14:13:01 +02:00
|
|
|
from bs4 import BeautifulSoup
|
|
|
|
from hackingscripts import util, fileserver
|
2021-06-11 12:44:35 +02:00
|
|
|
|
2021-05-31 14:13:01 +02:00
|
|
|
from urllib3.exceptions import InsecureRequestWarning
|
|
|
|
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
|
|
|
|
2021-06-11 12:44:35 +02:00
|
|
|
BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
|
2021-06-30 20:44:38 +02:00
|
|
|
USERNAME = "admin"
|
|
|
|
PASSWORD = "password"
|
2021-05-31 14:13:01 +02:00
|
|
|
|
|
|
|
def login(username, password):
|
|
|
|
session = requests.Session()
|
|
|
|
post_data = { "username": username, "password": password }
|
2021-10-05 21:55:08 +02:00
|
|
|
res = session.post(f"{BASE_URL}/login", data=post_data, allow_redirects=False)
|
2021-05-31 14:13:01 +02:00
|
|
|
if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
|
|
|
|
print("Login failed")
|
|
|
|
exit()
|
|
|
|
return session
|
|
|
|
|
|
|
|
def exploit(session, payload):
|
|
|
|
# Template method to exploit an endpoint
|
|
|
|
pass
|
|
|
|
|
2021-06-11 12:44:35 +02:00
|
|
|
if __name__ == "__main__":
|
2021-06-30 20:44:38 +02:00
|
|
|
session = login(USERNAME, PASSWORD)
|
2021-06-11 12:44:35 +02:00
|
|
|
exploit(session, "id")
|
2021-05-31 14:13:01 +02:00
|
|
|
""" % baseUrl
|
|
|
|
|
|
|
|
return template
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
|
|
if len(sys.argv) < 2:
|
|
|
|
print("Usage: %s <URL>" % sys.argv[0])
|
|
|
|
exit()
|
|
|
|
|
|
|
|
url = sys.argv[1]
|
|
|
|
if "://" not in url:
|
|
|
|
url = "http://" + url
|
|
|
|
|
|
|
|
template = generateTemplate(url)
|
|
|
|
print(template)
|