z0noxz / mando.me Goto Github PK
View Code? Open in Web Editor NEWWeb Command Injection Tool
Web Command Injection Tool
Just glanced over the code, nice job looks very good overall, though I was curious as to why you went with Python2 not Python3?
Hi!
I have just tested your script and I have found issues with other type on inputs than json.
Burp suite request snapshot:
POST /bWAPP/commandi.php HTTP/1.1
Host: <IP>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://<IP>/bWAPP/commandi.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
Connection: close
Cookie: security_level=1; PHPSESSID=2871ed8afbfcd800836a8111df1522da
Upgrade-Insecure-Requests: 1
target=www.nsa.gov&form=submit
command: ./mando.me.py --url "http://<IP>/bWAPP/commandi.php" --cookie "http://<IP>/bWAPP/commandi.php" --post "target=_INJECT_&form=submit"
Logs:
[*] Testing different injection techniques
[*] METHOD: Result based injection
[-] Something went wrong. Terminating program.
Traceback (most recent call last):
File "./mando.me.py", line 2339, in <module>
if __name__ == "__main__": main(sys.argv[1:])
File "./mando.me.py", line 2259, in main
CommandInjector.init()
File "./mando.me.py", line 1945, in init
CommandInjector.exploit()
File "./mando.me.py", line 2151, in exploit
if technique() and not _gs["url_stager"] == None:
File "./mando.me.py", line 2034, in technique_result_based
if _placeholder == interactor("echo " + _placeholder).strip():
File "./mando.me.py", line 2013, in interactor
request = urllib.request.Request(url, headers=urllib.parse.urlencode(json.loads(_gs["post"].replace("'", "\"").replace("_INJECT_", "\"" + special + command + "\""))))
File "/usr/lib/python3.7/json/__init__.py", line 348, in loads
return _default_decoder.decode(s)
File "/usr/lib/python3.7/json/decoder.py", line 337, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python3.7/json/decoder.py", line 355, in raw_decode
raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
None
Tested on: python 2.7.17 and 3.7.6
Please take a look of that, if you are still working with this tool :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.