Skip to content
This repository has been archived by the owner on Nov 21, 2019. It is now read-only.
/ XShell Public archive

Lightweight shell emulation to exploit XXE

0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

miaouPlop/XShell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

utils

utils

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

xshell.py

xshell.py

 
 

Repository files navigation

XShell

Lightweight shell emulation to exploit XXE

Goal

The goal of this tool is to ease the pentester's work by letting him concentrate only the important things: files to leak!

Usage

The script can be used as is or you can pass it a .ini file which will set some internal variables. To launch your first attack, you only need to set two variables:

  • leak_url which is the URL on which the attack will be carried out
  • payload which must be a valid Python dictionary (or a path to a file containing one) that contains all needed parameters that will be sent in the request (POST or GET)

TODO

  • use JSON instead of Python dict (I'm too lazy for now)
  • add base payloads (for OOB exploitation, or examples with some wrappers, get some inspiration from XXE Ceaht Sheet and XXEinjector)
  • add cookie usage
  • add GET option

Known problems

  • problems with ~ path
  • problems with path/file autocomplete
  • problems with differentiation between files and directories
  • all lines leaked by ls command are added to the autocomplete list (means the list can have a HUGE memory footprint)

About

Lightweight shell emulation to exploit XXE

Resources

Readme
Activity

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages