|
@@ -5,36 +5,34 @@ import sys
|
|
|
def generateTemplate(baseUrl):
|
|
|
template = """#!/usr/bin/env python
|
|
|
|
|
|
+import os
|
|
|
import sys
|
|
|
import json
|
|
|
import base64
|
|
|
import requests
|
|
|
+import subprocess
|
|
|
+import urllib.parse
|
|
|
from bs4 import BeautifulSoup
|
|
|
-from hackingscripts import util, fileserver
|
|
|
+from hackingscripts import util, fileserver, genRevShell
|
|
|
|
|
|
from urllib3.exceptions import InsecureRequestWarning
|
|
|
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
|
|
|
|
|
|
BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337"
|
|
|
-USERNAME = "admin"
|
|
|
-PASSWORD = "password"
|
|
|
-
|
|
|
-def login(username, password):
|
|
|
- session = requests.Session()
|
|
|
- post_data = { "username": username, "password": password }
|
|
|
- res = session.post(f"{BASE_URL}/login", data=post_data, allow_redirects=False)
|
|
|
- if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home":
|
|
|
- print("Login failed")
|
|
|
- exit()
|
|
|
- return session
|
|
|
|
|
|
-def exploit(session, payload):
|
|
|
- # Template method to exploit an endpoint
|
|
|
- pass
|
|
|
+def request(method, uri, **kwargs):
|
|
|
+ if not uri.startswith("/") and uri != "":
|
|
|
+ uri = "/" + uri
|
|
|
+
|
|
|
+ client = requests
|
|
|
+ if "session" in kwargs:
|
|
|
+ client = kwargs["session"]
|
|
|
+ del kwargs["session"]
|
|
|
+
|
|
|
+ return client.request(method, BASE_URL + uri, verify=False, allow_redirects=False, **kwargs)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
- session = login(USERNAME, PASSWORD)
|
|
|
- exploit(session, "id")
|
|
|
+ pass
|
|
|
""" % baseUrl
|
|
|
|
|
|
return template
|