Update

2021-10-25 17:25:49 +02:00
parent 2f555c5b9e
commit 718aaa6f6c
4 changed files with 23 additions and 18 deletions
--- a/template.py
+++ b/template.py
@@ -5,36 +5,34 @@ import sys
 def generateTemplate(baseUrl):
    template = """#!/usr/bin/env python

+import os
 import sys
 import json
 import base64
 import requests
+import subprocess
+import urllib.parse
 from bs4 import BeautifulSoup
-from hackingscripts import util, fileserver
+from hackingscripts import util, fileserver, genRevShell

 from urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

 BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
-USERNAME = "admin"
-PASSWORD = "password"

-def login(username, password):
-    session = requests.Session()
-    post_data = { "username": username, "password": password }
-    res = session.post(f"{BASE_URL}/login", data=post_data, allow_redirects=False)
-    if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
-        print("Login failed")
-        exit()
-    return session
+def request(method, uri, **kwargs):
+    if not uri.startswith("/") and uri != "":
+        uri = "/" + uri

-def exploit(session, payload):
-    # Template method to exploit an endpoint
-    pass
+    client = requests
+    if "session" in kwargs:
+        client = kwargs["session"]
+        del kwargs["session"]
+
+    return client.request(method, BASE_URL + uri, verify=False, allow_redirects=False, **kwargs)

 if __name__ == "__main__":
-    session = login(USERNAME, PASSWORD)
-    exploit(session, "id")
+    pass
 """ % baseUrl

    return template