def main(): parser = ArgumentParser() parser.add_argument("--target", type=str, help="Target host to attack.", required=True) parser.add_argument("--command", type=str, help="Command to be executed in remote endpoint.", required=True) args = parse_args() exploit(args.target, args.command)
from setflag import set_flag from getflag import get_flag from benign import benign from exploit import exploit import random, string flag = "FLG" + "".join(random.choice(string.ascii_letters + string.digits) for i in xrange(20)) print flag x = set_flag('162.243.124.166', 12343, flag) print x y = get_flag('162.243.124.166', 12343, x['FLAG_ID'], x['TOKEN']) assert flag == y["FLAG"] print y benign('162.243.124.166', 12343) z = exploit('162.243.124.166', 12343, x['FLAG_ID']) assert flag == z["FLAG"] print z
from set_flag import set_flag from get_flag import get_flag from exploit import exploit from benign import benign flag = 'test' resp = set_flag('192.168.5.22', '8080', flag) legit_flag = get_flag('192.168.5.22', '8080', resp['FLAG_ID'], resp['TOKEN'])['FLAG'] if flag != legit_flag: raise Exception('Legit flag is wrong! flag: ' + flag + ' legit: ' + legit_flag) exploit_flag = exploit('192.168.5.22', '8080', resp['FLAG_ID'])['FLAG'] if flag != exploit_flag: raise Exception('Exploit flag is wrong! flag: ' + flag + ' exploit: ' + exploit_flag) benign('192.168.5.22', '8080')
from setflag import set_flag from getflag import get_flag from exploit import exploit from benign import benign flag = 'test' ip = '192.168.1.101' port = '20130' benign(ip, port) resp = set_flag(ip, port, flag) legit_flag = get_flag(ip, port, resp['FLAG_ID'], resp['TOKEN'])['FLAG'] if flag != legit_flag: raise Exception('Legit flag is wrong! flag: ' + flag + ' legit: ' + legit_flag) exploit_flag = exploit(ip, port, resp['FLAG_ID'])['FLAG'] print exploit_flag if flag != exploit_flag: raise Exception('Exploit flag is wrong! flag: ' + flag + ' exploit: ' + exploit_flag)
log.log(level) ctx = model.Context(target=args.target, query=args.query, vector=args.vector, session=http.Session(cookies=args.cookies)) if args.exploit == 'boolean': xargs = [cmp.Regex(args.true, args.false)] type = query.boolean elif args.exploit == 'time': type = query.time xargs = [args.threshold] else: raise ValueError() if args.data is None: fetch = http.get else: fetch = http.post results = exploit.exploit(ctx, search.binary, type, fetch, xargs, offset=args.offset, length=args.length, workers=args.workers) print ''.join(results)
print "----------------------GETFLAG----------------------" print "----------------------GETFLAG----------------------" print "----------------------GETFLAG----------------------" print "----------------------GETFLAG----------------------" print getflag.get_flag(ip, int(port), flag_id, token) print "----------------------xx----------------------" print "----------------------xx----------------------" time.sleep(2) print "----------------------EXPLOIT----------------------" print "----------------------EXPLOIT----------------------" print "----------------------EXPLOIT----------------------" print "----------------------EXPLOIT----------------------" print "----------------------EXPLOIT----------------------" print exploit.exploit(ip, port, flag_id) print "----------------------xx----------------------" print "----------------------xx----------------------" time.sleep(2) print "----------------------BENIGN----------------------" print "----------------------BENIGN----------------------" print "----------------------BENIGN----------------------" print "----------------------BENIGN----------------------" print "----------------------BENIGN----------------------" print benign.benign(ip, port) print "----------------------xx----------------------"
from setflag import set_flag from getflag import get_flag from benign import benign from exploit import exploit import random, string flag = "FLG" + "".join( random.choice(string.ascii_letters + string.digits) for i in xrange(20)) print flag x = set_flag('162.243.124.166', 12343, flag) print x y = get_flag('162.243.124.166', 12343, x['FLAG_ID'], x['TOKEN']) assert flag == y["FLAG"] print y benign('162.243.124.166', 12343) z = exploit('162.243.124.166', 12343, x['FLAG_ID']) assert flag == z["FLAG"] print z
from setflag import set_flag from getflag import get_flag from exploit import exploit from benign import benign flag = 'test' ip = 'localhost' port = '9800' benign(ip, port) resp = set_flag(ip, port, flag) legit_flag = get_flag(ip, port, resp['FLAG_ID'], resp['TOKEN'])['FLAG'] if flag != legit_flag: raise Exception('Legit flag is wrong! flag: ' + flag + ' legit: ' + legit_flag) exploit_flag = exploit(ip, port, resp['FLAG_ID'])['FLAG'] if flag != exploit_flag: raise Exception('Exploit flag is wrong! flag: ' + flag + ' exploit: ' + exploit_flag)
from set_flag import set_flag from get_flag import get_flag from exploit import exploit from benign import benign flag = 'test' resp = set_flag('192.168.5.22', '8080', flag) legit_flag = get_flag('192.168.5.22', '8080', resp['FLAG_ID'], resp['TOKEN'])['FLAG'] if flag != legit_flag: raise Exception('Legit flag is wrong! flag: '+flag+' legit: '+legit_flag) exploit_flag = exploit('192.168.5.22', '8080', resp['FLAG_ID'])['FLAG'] if flag != exploit_flag: raise Exception('Exploit flag is wrong! flag: '+flag+' exploit: '+exploit_flag) benign('192.168.5.22', '8080')