Advertisement
Guest User

Untitled

a guest
Jul 16th, 2019
109
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.61 KB | None | 0 0
  1. ''' #!/usr/bin/env python3'''
  2. import requests
  3. import urllib3
  4. from bs4 import BeautifulSoup as bs
  5. from getpass import getpass
  6. from base64 import b64encode, b64decode
  7. import sys
  8. import json
  9.  
  10. hosts = []
  11.  
  12. hosts.append("10.13.8.76")
  13. hosts.append("10.13.8.79")
  14. hosts.append("10.13.8.77")
  15. hosts.append("10.13.8.47")
  16. hosts.append("10.13.8.23")
  17. hosts.append("10.13.8.30")
  18.  
  19. # hosts.append("10.13.4.19")
  20. # hosts.append("10.13.4.91")
  21.  
  22. scripting_end_point = "/hac/console/scripting/execute"
  23. #cluster_end_point = "/hac/monitoring/cluster/ping"
  24.  
  25.  
  26. #scriptToExec = input("Groovy> ")
  27. scriptToExec = "'ifconfig'.execute().text"
  28.  
  29. headers = {
  30. 'user-agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36'
  31. }
  32.  
  33. proxies = {
  34. 'http': 'http://127.0.0.1:8080',
  35. 'https': 'https://127.0.0.1:8080',
  36. }
  37.  
  38. urllib3.disable_warnings()
  39. user_session = requests.Session()
  40. csrf_token = ""
  41.  
  42. def extractCsrf(host):
  43. try:
  44. response = user_session.get("https://" + host + ":9002/hac/login.jsp", verify=False,proxies=proxies, headers=headers)
  45. html_page = bs(response.text, "html.parser")
  46. csrf_token = html_page.select_one("input[name='_csrf']")['value']
  47. return csrf_token
  48. except Exception as e:
  49. print("[-] Error occured : " + str(e))
  50. exit(0)
  51.  
  52. def authenticate(host, username="eahmed", passowrd="F5&?PE!y?PjM9.vU"):
  53. if "X-CSRF-TOKEN" in headers:
  54. del(headers['X-CSRF-TOKEN'])
  55. # csrf_token = extractCsrf(host)
  56. try:
  57. response = user_session.post("https://"+host+":9002/hac/j_spring_security_check", data = {"j_username":username, "j_password":passowrd, "_csrf":csrf_token}, headers=headers, proxies=proxies, verify=False)
  58. if response.status_code == 200:
  59. print ("[+] ----------------------------------- "+ host +" ----------------------------------- ")
  60. else:
  61. raise Exception('Requests status code : ' + str(response.status_code))
  62. if "JSESSIONID" not in user_session.cookies.get_dict() :
  63. raise Exception("Can't extract cookies.")
  64.  
  65. except Exception as e:
  66. print("[-] Error occured : " + str(e))
  67. exit(0)
  68.  
  69. def runCmd(host, payload):
  70. # if "X-CSRF-TOKEN" in headers:
  71. # del(headers['X-CSRF-TOKEN'])
  72. headers['X-CSRF-TOKEN'] = extractCsrf(host)
  73. try:
  74. response = user_session.post("https://"+host+":9002"+scripting_end_point, data = {"script":payload, "scriptType":"groovy", "commit":"False"}, proxies=proxies, headers=headers, verify=False)
  75. if response.status_code == 200:
  76. print(response.json()["stacktraceText"])
  77. print(response.json()["outputText"])
  78. print(response.json()["executionResult"])
  79. else:
  80. raise Exception('Requests status code : ' + str(response.status_code))
  81. except Exception as e:
  82. print("[-] Error occured : " + str(e))
  83. exit(0)
  84.  
  85. # def getClusterInfo(host):
  86. # headers['X-CSRF-TOKEN'] = extractCsrf(host)
  87. # try:
  88. # response = user_session.post("https://"+host+":9002"+cluster_end_point, proxies=proxies, headers=headers, verify=False)
  89. # if response.status_code == 200:
  90. # print(json.dumps(response.json(),indent=4))
  91. # else:
  92. # raise Exception('Requests status code : ' + str(response.status_code))
  93. # except Exception as e:
  94. # print("[-] Error occured : " + str(e))
  95. # exit(0)
  96.  
  97.  
  98. for host in hosts:
  99. csrf_token = extractCsrf(host)
  100. authenticate(host)
  101. #runCmd(host, scriptToExec)
  102. getClusterInfo(host)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement