Advertisement
shor7cut

PhpMyadmin Scanner - shor7cut

Jul 21st, 2015
1,079
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CODE BY shor7cut - Kiddies selalu merubah :v
  2. Thank's : IndoXploit Coders Team & Bug7sec
  3.  
  4. //
  5.  
  6. Isi dalam list mengunakan pembatas | , jika ingin merubahnya silahkan
  7. jadi isi dalam list misal :
  8.  
  9. 127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1|127.0.0.1
  10. save : ikisme.txt
  11.  
  12. buka CMD ->
  13. cd /xampp/php
  14. php {nama file} {file list target} {output(HTML)}
  15. //
  16.  
  17. <?php
  18. error_reporting(0);
  19. if(!isset($argv[2])){
  20.     echo "[+] Format : php namefile.php {file list} {output.html}\r\n";
  21.     echo "[+] Contoh : php namafile.php target.txt sukses.html";
  22. }else if(!file_exists($argv[1])){
  23.   die('File Tidak ditemukan');
  24. }else {
  25.  
  26. $buka_file = fopen($argv[1], "r");
  27. $baca_file = fgets($buka_file);
  28. $target = explode("|", $baca_file);
  29. $no=1;
  30. $success=0;
  31. $fail=0;
  32. $names = $argv[2];
  33. $auth=0;
  34. $no_urut=1;
  35. if(file_exists($argv[2])){
  36.     $del = $argv[2];
  37.     unlink($del);
  38. }
  39.  
  40. echo "<------------{Scan}-------------->\r\n";
  41. echo "-> phpMyadmin Scanner - Shor7cut\r\n";
  42. echo "-> Target Count : ".count($target)."\r\n";
  43. echo "-> Save File : ".$names."\r\n";
  44. echo "<-------------------------------->\r\n\n";
  45. foreach ($target as $sites) {
  46.  
  47. echo "[$no/".count($target)."]-> $sites | PhpMyadmin : ";
  48. $url = "http://$sites/phpmyadmin/querywindow.php";
  49.  
  50. // xampp - patch lang.php\\
  51. $xamppcur2 = curl_init("$url");
  52. curl_setopt($xamppcur2, CURLOPT_FAILONERROR, true);
  53. curl_setopt($xamppcur2, CURLOPT_FOLLOWLOCATION, true);
  54. curl_setopt($xamppcur2, CURLOPT_RETURNTRANSFER, true);
  55. curl_setopt($xamppcur2, CURLOPT_CONNECTTIMEOUT ,0);
  56. curl_setopt($xamppcur2, CURLOPT_TIMEOUT, 30);
  57. $result2 = curl_exec($xamppcur2);
  58.  
  59. $re = "/<input type=\"hidden\" name=\"token\" value=\"(.*)\"/";
  60. if(preg_match($re, $result2, $matches)){
  61. if(preg_match_all("/pma_password/", $result2, $matx)){
  62. echo "ONO -> JALUK LOGIN\r\n\n";
  63. $fp = fopen("mintalogin-".$names, 'a');
  64. fwrite($fp, "$url\r\n");
  65. fclose($fp);
  66. $auth++;
  67. }else {
  68. echo "ONO -> Mantep iki\r\n\n";
  69. $fp = fopen($names, 'a');
  70. fwrite($fp, '['.$no_urut.'] <a href="'.$url.'" target=_blank>'.$url.'</a>'."<br>");
  71. fclose($fp);
  72. $success++;
  73. $no_urut++;
  74.  
  75.  
  76. }
  77.  
  78. }else {
  79.     echo "RA ONO COK\r\n\n";
  80.     $fail++;
  81. }
  82.  
  83.     flush();
  84.     ob_flush();
  85.     sleep(2);
  86.     $no++;
  87.     }
  88. echo "\r\n------------------------------------------\r\n";
  89. echo "-------------> LAPORAN AKHIR -------------\r\n";
  90. echo "-> Total Target : ".count($target)."\n";
  91. echo "-> Total PhpMyadmin (Auth) : ".$auth."\n";
  92. echo "-> Total PhpMyadmin (Non Auth) : ".$success."\n";
  93. echo "-> Total PhpMyadmin (Fail / Non Vuln) : ".$fail."\n";
  94. echo "\n\n------------------------------------------\n";
  95. }
  96.  
  97.  
  98.  
  99. ?>
Advertisement
RAW Paste Data Copied
Advertisement