## https://sploitus.com/exploit?id=124DD3D8-0E2D-502C-B58F-F1D9904B14AD
# Target Exploitation Toolkit โ GitHub Actions
## Structure
```
โโโ .github/workflows/exploit.yml โ GitHub Actions workflow
โโโ exploit_toolkit.py โ Main exploit script
```
## Setup
### 1. Push to GitHub
```bash
cd ~
git init
git add .github/workflows/exploit.yml exploit_toolkit.py
git commit -m "Add exploit toolkit"
# Create repo on GitHub, then:
git remote add origin https://github.com/YOUR_USER/exploit.git
git push -u origin main
```
### 2. Add Telegram session (optional, for API probing)
```bash
base64 ~/.telegram-cli/default.session | pbcopy
# Add as GitHub secret: TG_SESSION
```
### 3. Run manually
Go to GitHub โ Actions โ **Target Exploitation** โ Run workflow
Or wait for the scheduled run (every 6 hours).
## What it does
| Mode | Description |
|---|---|
| `all` | Runs everything sequentially |
| `ispmgr` | Brute-forces ISPManager v3.6.0 on port 1500 (targeted wordlist, handles 20s lockout) |
| `phpfpm` | Tests CVE-2019-11043 PHP-FPM PATH_INFO injection |
| `lfi` | Tests PHP filter chain on sql.php/index.php/app.php with 10 LFI parameters |
| `port-scan` | nmap on all relevant ports |
## How ISPManager brute force works
- Tries ~50 passwords from a targeted wordlist (admin handles, hosting names, common root passwords)
- Handles the 20-second account lockout by pausing
- Each GitHub Actions run has a **different source IP** (different runner)
- Reports success via workflow output + artifact
## Results
After each run, download the **exploit-results** artifact containing `exploit_report.json`.